46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define MAX_ARRAY_DIMENSIONS 255
67
68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
69
70 extern "C" {
71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
72 }
73
74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
75
76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
77
78 if (_verify_byte_codes_fn != NULL)
79 return _verify_byte_codes_fn;
80
81 MutexLocker locker(Verify_lock);
82
83 if (_verify_byte_codes_fn != NULL)
84 return _verify_byte_codes_fn;
85
258 }
259 kls = kls->super();
260 }
261 if (message_buffer != NULL) {
262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
263 }
264 assert(exception_message != NULL, "");
265 THROW_MSG_(exception_name, exception_message, false);
266 }
267 }
268
269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
270 Symbol* name = klass->name();
271 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
272
273 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
274
275 return (should_verify_for(klass->class_loader(), should_verify_class) &&
276 // return if the class is a bootstrapping class
277 // or defineClass specified not to verify by default (flags override passed arg)
278 // We need to skip the following four for bootstraping
279 name != vmSymbols::java_lang_Object() &&
280 name != vmSymbols::java_lang_Class() &&
281 name != vmSymbols::java_lang_String() &&
282 name != vmSymbols::java_lang_Throwable() &&
283
284 // Can not verify the bytecodes for shared classes because they have
285 // already been rewritten to contain constant pool cache indices,
286 // which the verifier can't understand.
287 // Shared classes shouldn't have stackmaps either.
288 // However, bytecodes for shared old classes can be verified because
289 // they have not been rewritten.
290 !(klass->is_shared() && klass->is_rewritten()) &&
291
292 // As of the fix for 4486457 we disable verification for all of the
293 // dynamically-generated bytecodes associated with the 1.4
294 // reflection implementation, not just those associated with
295 // jdk/internal/reflect/SerializationConstructorAccessor.
296 // NOTE: this is called too early in the bootstrapping process to be
297 // guarded by Universe::is_gte_jdk14x_version().
298 // Also for lambda generated code, gte jdk8
481 ss->print("Local index %d is invalid", _type.index());
482 break;
483 case LOCALS_SIZE_MISMATCH:
484 ss->print("Current frame's local size doesn't match stackmap.");
485 break;
486 case STACK_SIZE_MISMATCH:
487 ss->print("Current frame's stack size doesn't match stackmap.");
488 break;
489 case STACK_OVERFLOW:
490 ss->print("Exceeded max stack size.");
491 break;
492 case STACK_UNDERFLOW:
493 ss->print("Attempt to pop empty stack.");
494 break;
495 case MISSING_STACKMAP:
496 ss->print("Expected stackmap frame at this location.");
497 break;
498 case BAD_STACKMAP:
499 ss->print("Invalid stackmap specification.");
500 break;
501 case UNKNOWN:
502 default:
503 ShouldNotReachHere();
504 ss->print_cr("Unknown");
505 }
506 ss->cr();
507 }
508
509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
510 if (_bci != -1 && method != NULL) {
511 streamIndentor si(ss);
512 const char* bytecode_name = "<invalid>";
513 if (method->validate_bci(_bci) != -1) {
514 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
515 if (Bytecodes::is_defined(code)) {
516 bytecode_name = Bytecodes::name(code);
517 } else {
518 bytecode_name = "<illegal>";
519 }
520 }
575 stack_map_frame* sm_frame = sm_table->entries();
576 streamIndentor si2(ss);
577 int current_offset = -1;
578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
580 ss->indent();
581 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
582 sm_frame->print_truncated(ss, current_offset);
583 return;
584 }
585 sm_frame->print_on(ss, current_offset);
586 ss->cr();
587 current_offset += sm_frame->offset_delta();
588 sm_frame = sm_frame->next();
589 }
590 }
591 }
592
593 // Methods in ClassVerifier
594
595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
596 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
597 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
598 _this_type = VerificationType::reference_type(klass->name());
599 }
600
601 ClassVerifier::~ClassVerifier() {
602 // Decrement the reference count for any symbols created.
603 if (_symbols != NULL) {
604 for (int i = 0; i < _symbols->length(); i++) {
605 Symbol* s = _symbols->at(i);
606 s->decrement_refcount();
607 }
608 }
609 }
610
611 VerificationType ClassVerifier::object_type() const {
612 return VerificationType::reference_type(vmSymbols::java_lang_Object());
613 }
614
615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
616 VerificationType vt = VerificationType::reference_type(
617 create_temporary_symbol(sig, (int)strlen(sig)));
618 return TypeOrigin::implicit(vt);
1022 case Bytecodes::_daload :
1023 type = current_frame.pop_stack(
1024 VerificationType::integer_type(), CHECK_VERIFY(this));
1025 atype = current_frame.pop_stack(
1026 VerificationType::reference_check(), CHECK_VERIFY(this));
1027 if (!atype.is_double_array()) {
1028 verify_error(ErrorContext::bad_type(bci,
1029 current_frame.stack_top_ctx(), ref_ctx("[D")),
1030 bad_type_msg, "daload");
1031 return;
1032 }
1033 current_frame.push_stack_2(
1034 VerificationType::double_type(),
1035 VerificationType::double2_type(), CHECK_VERIFY(this));
1036 no_control_flow = false; break;
1037 case Bytecodes::_aaload : {
1038 type = current_frame.pop_stack(
1039 VerificationType::integer_type(), CHECK_VERIFY(this));
1040 atype = current_frame.pop_stack(
1041 VerificationType::reference_check(), CHECK_VERIFY(this));
1042 if (!atype.is_reference_array()) {
1043 verify_error(ErrorContext::bad_type(bci,
1044 current_frame.stack_top_ctx(),
1045 TypeOrigin::implicit(VerificationType::reference_check())),
1046 bad_type_msg, "aaload");
1047 return;
1048 }
1049 if (atype.is_null()) {
1050 current_frame.push_stack(
1051 VerificationType::null_type(), CHECK_VERIFY(this));
1052 } else {
1053 VerificationType component = atype.get_component(this);
1054 current_frame.push_stack(component, CHECK_VERIFY(this));
1055 }
1056 no_control_flow = false; break;
1057 }
1058 case Bytecodes::_istore :
1059 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1060 no_control_flow = false; break;
1061 case Bytecodes::_istore_0 :
1062 case Bytecodes::_istore_1 :
1195 VerificationType::double2_type(),
1196 VerificationType::double_type(), CHECK_VERIFY(this));
1197 current_frame.pop_stack(
1198 VerificationType::integer_type(), CHECK_VERIFY(this));
1199 atype = current_frame.pop_stack(
1200 VerificationType::reference_check(), CHECK_VERIFY(this));
1201 if (!atype.is_double_array()) {
1202 verify_error(ErrorContext::bad_type(bci,
1203 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204 bad_type_msg, "dastore");
1205 return;
1206 }
1207 no_control_flow = false; break;
1208 case Bytecodes::_aastore :
1209 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210 type2 = current_frame.pop_stack(
1211 VerificationType::integer_type(), CHECK_VERIFY(this));
1212 atype = current_frame.pop_stack(
1213 VerificationType::reference_check(), CHECK_VERIFY(this));
1214 // more type-checking is done at runtime
1215 if (!atype.is_reference_array()) {
1216 verify_error(ErrorContext::bad_type(bci,
1217 current_frame.stack_top_ctx(),
1218 TypeOrigin::implicit(VerificationType::reference_check())),
1219 bad_type_msg, "aastore");
1220 return;
1221 }
1222 // 4938384: relaxed constraint in JVMS 3nd edition.
1223 no_control_flow = false; break;
1224 case Bytecodes::_pop :
1225 current_frame.pop_stack(
1226 VerificationType::category1_check(), CHECK_VERIFY(this));
1227 no_control_flow = false; break;
1228 case Bytecodes::_pop2 :
1229 type = current_frame.pop_stack(CHECK_VERIFY(this));
1230 if (type.is_category1()) {
1231 current_frame.pop_stack(
1232 VerificationType::category1_check(), CHECK_VERIFY(this));
1233 } else if (type.is_category2_2nd()) {
1234 current_frame.pop_stack(
1235 VerificationType::category2_check(), CHECK_VERIFY(this));
1595 case Bytecodes::_if_icmpgt:
1596 case Bytecodes::_if_icmple:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 // fall through
1600 case Bytecodes::_ifeq:
1601 case Bytecodes::_ifne:
1602 case Bytecodes::_iflt:
1603 case Bytecodes::_ifge:
1604 case Bytecodes::_ifgt:
1605 case Bytecodes::_ifle:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 target = bcs.dest();
1609 stackmap_table.check_jump_target(
1610 ¤t_frame, target, CHECK_VERIFY(this));
1611 no_control_flow = false; break;
1612 case Bytecodes::_if_acmpeq :
1613 case Bytecodes::_if_acmpne :
1614 current_frame.pop_stack(
1615 VerificationType::reference_check(), CHECK_VERIFY(this));
1616 // fall through
1617 case Bytecodes::_ifnull :
1618 case Bytecodes::_ifnonnull :
1619 current_frame.pop_stack(
1620 VerificationType::reference_check(), CHECK_VERIFY(this));
1621 target = bcs.dest();
1622 stackmap_table.check_jump_target
1623 (¤t_frame, target, CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_goto :
1626 target = bcs.dest();
1627 stackmap_table.check_jump_target(
1628 ¤t_frame, target, CHECK_VERIFY(this));
1629 no_control_flow = true; break;
1630 case Bytecodes::_goto_w :
1631 target = bcs.dest_w();
1632 stackmap_table.check_jump_target(
1633 ¤t_frame, target, CHECK_VERIFY(this));
1634 no_control_flow = true; break;
1635 case Bytecodes::_tableswitch :
1636 case Bytecodes::_lookupswitch :
1637 verify_switch(
1638 &bcs, code_length, code_data, ¤t_frame,
1639 &stackmap_table, CHECK_VERIFY(this));
1640 no_control_flow = true; break;
1651 VerificationType::long_type(), CHECK_VERIFY(this));
1652 verify_return_value(return_type, type, bci,
1653 ¤t_frame, CHECK_VERIFY(this));
1654 no_control_flow = true; break;
1655 case Bytecodes::_freturn :
1656 type = current_frame.pop_stack(
1657 VerificationType::float_type(), CHECK_VERIFY(this));
1658 verify_return_value(return_type, type, bci,
1659 ¤t_frame, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_dreturn :
1662 type2 = current_frame.pop_stack(
1663 VerificationType::double2_type(), CHECK_VERIFY(this));
1664 type = current_frame.pop_stack(
1665 VerificationType::double_type(), CHECK_VERIFY(this));
1666 verify_return_value(return_type, type, bci,
1667 ¤t_frame, CHECK_VERIFY(this));
1668 no_control_flow = true; break;
1669 case Bytecodes::_areturn :
1670 type = current_frame.pop_stack(
1671 VerificationType::reference_check(), CHECK_VERIFY(this));
1672 verify_return_value(return_type, type, bci,
1673 ¤t_frame, CHECK_VERIFY(this));
1674 no_control_flow = true; break;
1675 case Bytecodes::_return :
1676 if (return_type != VerificationType::bogus_type()) {
1677 verify_error(ErrorContext::bad_code(bci),
1678 "Method expects a return value");
1679 return;
1680 }
1681 // Make sure "this" has been initialized if current method is an
1682 // <init>.
1683 if (_method->name() == vmSymbols::object_initializer_name() &&
1684 current_frame.flag_this_uninit()) {
1685 verify_error(ErrorContext::bad_code(bci),
1686 "Constructor must call super() or this() "
1687 "before return");
1688 return;
1689 }
1690 no_control_flow = true; break;
1691 case Bytecodes::_getstatic :
1692 case Bytecodes::_putstatic :
1693 // pass TRUE, operand can be an array type for getstatic/putstatic.
1694 verify_field_instructions(
1695 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1696 no_control_flow = false; break;
1697 case Bytecodes::_getfield :
1698 case Bytecodes::_putfield :
1699 // pass FALSE, operand can't be an array type for getfield/putfield.
1700 verify_field_instructions(
1701 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1702 no_control_flow = false; break;
1703 case Bytecodes::_invokevirtual :
1704 case Bytecodes::_invokespecial :
1705 case Bytecodes::_invokestatic :
1706 verify_invoke_instructions(
1707 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1708 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709 no_control_flow = false; break;
1710 case Bytecodes::_invokeinterface :
1711 case Bytecodes::_invokedynamic :
1712 verify_invoke_instructions(
1713 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1714 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715 no_control_flow = false; break;
1716 case Bytecodes::_new :
1717 {
1718 index = bcs.get_index_u2();
1719 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720 VerificationType new_class_type =
1721 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722 if (!new_class_type.is_object()) {
1723 verify_error(ErrorContext::bad_type(bci,
1724 TypeOrigin::cp(index, new_class_type)),
1725 "Illegal new instruction");
1726 return;
1727 }
1728 type = VerificationType::uninitialized_type(bci);
1729 current_frame.push_stack(type, CHECK_VERIFY(this));
1730 no_control_flow = false; break;
1731 }
1732 case Bytecodes::_newarray :
1733 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734 current_frame.pop_stack(
1735 VerificationType::integer_type(), CHECK_VERIFY(this));
1736 current_frame.push_stack(type, CHECK_VERIFY(this));
1737 no_control_flow = false; break;
1738 case Bytecodes::_anewarray :
1739 verify_anewarray(
1740 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1741 no_control_flow = false; break;
1742 case Bytecodes::_arraylength :
1743 type = current_frame.pop_stack(
1744 VerificationType::reference_check(), CHECK_VERIFY(this));
1745 if (!(type.is_null() || type.is_array())) {
1746 verify_error(ErrorContext::bad_type(
1747 bci, current_frame.stack_top_ctx()),
1748 bad_type_msg, "arraylength");
1749 }
1750 current_frame.push_stack(
1751 VerificationType::integer_type(), CHECK_VERIFY(this));
1752 no_control_flow = false; break;
1753 case Bytecodes::_checkcast :
1754 {
1755 index = bcs.get_index_u2();
1756 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758 VerificationType klass_type = cp_index_to_type(
1759 index, cp, CHECK_VERIFY(this));
1760 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 }
1763 case Bytecodes::_instanceof : {
1764 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 current_frame.push_stack(
1768 VerificationType::integer_type(), CHECK_VERIFY(this));
1769 no_control_flow = false; break;
1770 }
1771 case Bytecodes::_monitorenter :
1772 case Bytecodes::_monitorexit :
1773 current_frame.pop_stack(
1774 VerificationType::reference_check(), CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 case Bytecodes::_multianewarray :
1777 {
1778 index = bcs.get_index_u2();
1779 u2 dim = *(bcs.bcp()+3);
1780 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781 VerificationType new_array_type =
1782 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783 if (!new_array_type.is_array()) {
1784 verify_error(ErrorContext::bad_type(bci,
1785 TypeOrigin::cp(index, new_array_type)),
1786 "Illegal constant pool index in multianewarray instruction");
1787 return;
1788 }
1789 if (dim < 1 || new_array_type.dimensions() < dim) {
1790 verify_error(ErrorContext::bad_code(bci),
1791 "Illegal dimension in multianewarray instruction: %d", dim);
1792 return;
1793 }
1794 for (int i = 0; i < dim; i++) {
1795 current_frame.pop_stack(
2020 int nconstants = cp->length();
2021 if ((index <= 0) || (index >= nconstants)) {
2022 verify_error(ErrorContext::bad_cp_index(bci, index),
2023 "Illegal constant pool index %d in class %s",
2024 index, cp->pool_holder()->external_name());
2025 return;
2026 }
2027 }
2028
2029 void ClassVerifier::verify_cp_type(
2030 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031
2032 // In some situations, bytecode rewriting may occur while we're verifying.
2033 // In this case, a constant pool cache exists and some indices refer to that
2034 // instead. Be sure we don't pick up such indices by accident.
2035 // We must check was_recursively_verified() before we get here.
2036 guarantee(cp->cache() == NULL, "not rewritten yet");
2037
2038 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039 unsigned int tag = cp->tag_at(index).value();
2040 if ((types & (1 << tag)) == 0) {
2041 verify_error(ErrorContext::bad_cp_index(bci, index),
2042 "Illegal type at constant pool entry %d in class %s",
2043 index, cp->pool_holder()->external_name());
2044 return;
2045 }
2046 }
2047
2048 void ClassVerifier::verify_cp_class_type(
2049 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2050 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051 constantTag tag = cp->tag_at(index);
2052 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053 verify_error(ErrorContext::bad_cp_index(bci, index),
2054 "Illegal type at constant pool entry %d in class %s",
2055 index, cp->pool_holder()->external_name());
2056 return;
2057 }
2058 }
2059
2134 } else {
2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136 if (member_klass != NULL && fd.is_protected()) {
2137 if (!this_class->is_same_class_package(member_klass)) {
2138 return true;
2139 }
2140 }
2141 }
2142 return false;
2143 }
2144
2145 void ClassVerifier::verify_ldc(
2146 int opcode, u2 index, StackMapFrame* current_frame,
2147 const constantPoolHandle& cp, u2 bci, TRAPS) {
2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149 constantTag tag = cp->tag_at(index);
2150 unsigned int types = 0;
2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152 if (!tag.is_unresolved_klass()) {
2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156 | (1 << JVM_CONSTANT_Dynamic);
2157 // Note: The class file parser already verified the legality of
2158 // MethodHandle and MethodType constants.
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 } else {
2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164 | (1 << JVM_CONSTANT_Dynamic);
2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166 }
2167 if (tag.is_string()) {
2168 current_frame->push_stack(
2169 VerificationType::reference_type(
2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172 current_frame->push_stack(
2173 VerificationType::reference_type(
2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2309 const constantPoolHandle& cp,
2310 bool allow_arrays,
2311 TRAPS) {
2312 u2 index = bcs->get_index_u2();
2313 verify_cp_type(bcs->bci(), index, cp,
2314 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2315
2316 // Get field name and signature
2317 Symbol* field_name = cp->name_ref_at(index);
2318 Symbol* field_sig = cp->signature_ref_at(index);
2319 bool is_getfield = false;
2320
2321 // Field signature was checked in ClassFileParser.
2322 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2323 "Invalid field signature");
2324
2325 // Get referenced class type
2326 VerificationType ref_class_type = cp_ref_index_to_type(
2327 index, cp, CHECK_VERIFY(this));
2328 if (!ref_class_type.is_object() &&
2329 (!allow_arrays || !ref_class_type.is_array())) {
2330 verify_error(ErrorContext::bad_type(bcs->bci(),
2331 TypeOrigin::cp(index, ref_class_type)),
2332 "Expecting reference to class in class %s at constant pool index %d",
2333 _klass->external_name(), index);
2334 return;
2335 }
2336 VerificationType target_class_type = ref_class_type;
2337
2338 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2339 "buffer type must match VerificationType size");
2340 uintptr_t field_type_buffer[2];
2341 VerificationType* field_type = (VerificationType*)field_type_buffer;
2342 // If we make a VerificationType[2] array directly, the compiler calls
2343 // to the c-runtime library to do the allocation instead of just
2344 // stack allocating it. Plus it would run constructors. This shows up
2345 // in performance profiles.
2346
2347 SignatureStream sig_stream(field_sig, false);
2348 VerificationType stack_object_type;
2349 int n = change_sig_to_verificationType(&sig_stream, field_type);
2350 u2 bci = bcs->bci();
2351 bool is_assignable;
2352 switch (bcs->raw_code()) {
2353 case Bytecodes::_getstatic: {
2354 for (int i = 0; i < n; i++) {
2355 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2356 }
2357 break;
2358 }
2359 case Bytecodes::_putstatic: {
2360 for (int i = n - 1; i >= 0; i--) {
2361 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2362 }
2363 break;
2364 }
2365 case Bytecodes::_getfield: {
2366 is_getfield = true;
2367 stack_object_type = current_frame->pop_stack(
2368 target_class_type, CHECK_VERIFY(this));
2369 goto check_protected;
2370 }
2371 case Bytecodes::_putfield: {
2372 for (int i = n - 1; i >= 0; i--) {
2373 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2374 }
2375 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2376
2377 // The JVMS 2nd edition allows field initialization before the superclass
2378 // initializer, if the field is defined within the current class.
2379 fieldDescriptor fd;
2380 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2381 target_class_type.equals(current_type()) &&
2382 _klass->find_local_field(field_name, field_sig, &fd)) {
2383 stack_object_type = current_type();
2384 }
2766 bool ClassVerifier::is_same_or_direct_interface(
2767 InstanceKlass* klass,
2768 VerificationType klass_type,
2769 VerificationType ref_class_type) {
2770 if (ref_class_type.equals(klass_type)) return true;
2771 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2772 if (local_interfaces != NULL) {
2773 for (int x = 0; x < local_interfaces->length(); x++) {
2774 InstanceKlass* k = local_interfaces->at(x);
2775 assert (k != NULL && k->is_interface(), "invalid interface");
2776 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2777 return true;
2778 }
2779 }
2780 }
2781 return false;
2782 }
2783
2784 void ClassVerifier::verify_invoke_instructions(
2785 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2786 bool in_try_block, bool *this_uninit, VerificationType return_type,
2787 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2788 // Make sure the constant pool item is the right type
2789 u2 index = bcs->get_index_u2();
2790 Bytecodes::Code opcode = bcs->raw_code();
2791 unsigned int types = 0;
2792 switch (opcode) {
2793 case Bytecodes::_invokeinterface:
2794 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2795 break;
2796 case Bytecodes::_invokedynamic:
2797 types = 1 << JVM_CONSTANT_InvokeDynamic;
2798 break;
2799 case Bytecodes::_invokespecial:
2800 case Bytecodes::_invokestatic:
2801 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2802 (1 << JVM_CONSTANT_Methodref) :
2803 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2804 break;
2805 default:
2806 types = 1 << JVM_CONSTANT_Methodref;
2807 }
2808 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2809
2810 // Get method name and signature
2811 Symbol* method_name = cp->name_ref_at(index);
2812 Symbol* method_sig = cp->signature_ref_at(index);
2813
2814 // Method signature was checked in ClassFileParser.
2815 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2816 "Invalid method signature");
2817
2818 // Get referenced class type
2819 VerificationType ref_class_type;
2820 if (opcode == Bytecodes::_invokedynamic) {
2821 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2822 class_format_error(
2823 "invokedynamic instructions not supported by this class file version (%d), class %s",
2824 _klass->major_version(), _klass->external_name());
2825 return;
2826 }
2827 } else {
2828 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2829 }
2830
2831 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2832 "buffer type must match VerificationType size");
2833
2834 // Get the UTF8 index for this signature.
2835 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2836
2837 // Get the signature's verification types.
2838 sig_as_verification_types* mth_sig_verif_types;
2864 "Inconsistent args count operand in invokeinterface");
2865 return;
2866 }
2867 if (*(bcp+4) != 0) {
2868 verify_error(ErrorContext::bad_code(bci),
2869 "Fourth operand byte of invokeinterface must be zero");
2870 return;
2871 }
2872 }
2873
2874 if (opcode == Bytecodes::_invokedynamic) {
2875 address bcp = bcs->bcp();
2876 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2877 verify_error(ErrorContext::bad_code(bci),
2878 "Third and fourth operand bytes of invokedynamic must be zero");
2879 return;
2880 }
2881 }
2882
2883 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2884 // Make sure <init> can only be invoked by invokespecial
2885 if (opcode != Bytecodes::_invokespecial ||
2886 method_name != vmSymbols::object_initializer_name()) {
2887 verify_error(ErrorContext::bad_code(bci),
2888 "Illegal call to internal method");
2889 return;
2890 }
2891 } else if (opcode == Bytecodes::_invokespecial
2892 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2893 && !ref_class_type.equals(VerificationType::reference_type(
2894 current_class()->super()->name()))) {
2895 bool subtype = false;
2896 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2897 subtype = ref_class_type.is_assignable_from(
2898 current_type(), this, false, CHECK_VERIFY(this));
2899 if (!subtype) {
2900 verify_error(ErrorContext::bad_code(bci),
2901 "Bad invokespecial instruction: "
2902 "current class isn't assignable to reference class.");
2903 return;
2904 } else if (have_imr_indirect) {
2905 verify_error(ErrorContext::bad_code(bci),
2906 "Bad invokespecial instruction: "
2907 "interface method reference is in an indirect superinterface.");
2908 return;
2909 }
2910
2911 }
2912
2913 // Get the verification types for the method's arguments.
2914 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2915 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2916 // Match method descriptor with operand stack
2917 // The arguments are on the stack in descending order.
2918 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2919 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2920 }
2921
2922 // Check objectref on operand stack
2923 if (opcode != Bytecodes::_invokestatic &&
2924 opcode != Bytecodes::_invokedynamic) {
2925 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2926 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2927 code_length, in_try_block, this_uninit, cp, stackmap_table,
2928 CHECK_VERIFY(this));
2929 if (was_recursively_verified()) return;
2930 } else { // other methods
2931 // Ensures that target class is assignable to method class.
2932 if (opcode == Bytecodes::_invokespecial) {
2933 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2934 } else if (opcode == Bytecodes::_invokevirtual) {
2935 VerificationType stack_object_type =
2936 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2937 if (current_type() != stack_object_type) {
2938 if (was_recursively_verified()) return;
2939 assert(cp->cache() == NULL, "not rewritten yet");
2940 Symbol* ref_class_name =
2941 cp->klass_name_at(cp->klass_ref_index_at(index));
2942 // See the comments in verify_field_instructions() for
2943 // the rationale behind this.
2944 if (name_in_supers(ref_class_name, current_class())) {
2945 Klass* ref_class = load_class(ref_class_name, CHECK);
2958 } else {
2959 verify_error(ErrorContext::bad_type(bci,
2960 current_frame->stack_top_ctx(),
2961 TypeOrigin::implicit(current_type())),
2962 "Bad access to protected data in invokevirtual");
2963 return;
2964 }
2965 }
2966 }
2967 }
2968 }
2969 } else {
2970 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2971 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2972 }
2973 }
2974 }
2975 // Push the result type.
2976 int sig_verif_types_len = sig_verif_types->length();
2977 if (sig_verif_types_len > nargs) { // There's a return type
2978 if (method_name == vmSymbols::object_initializer_name()) {
2979 // <init> method must have a void return type
2980 /* Unreachable? Class file parser verifies that methods with '<' have
2981 * void return */
2982 verify_error(ErrorContext::bad_code(bci),
2983 "Return type must be void in <init> method");
2984 return;
2985 }
2986
2987 assert(sig_verif_types_len <= nargs + 2,
2988 "Signature verification types array return type is bogus");
2989 for (int i = nargs; i < sig_verif_types_len; i++) {
2990 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2991 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2992 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2993 }
2994 }
2995 }
2996
2997 VerificationType ClassVerifier::get_newarray_type(
2998 u2 index, u2 bci, TRAPS) {
2999 const char* from_bt[] = {
3000 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3001 };
3002 if (index < T_BOOLEAN || index > T_LONG) {
3003 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3004 return VerificationType::bogus_type();
3005 }
3006
3007 // from_bt[index] contains the array signature which has a length of 2
3008 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3009 return VerificationType::reference_type(sig);
3010 }
3011
3012 void ClassVerifier::verify_anewarray(
3013 u2 bci, u2 index, const constantPoolHandle& cp,
3021 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3022 int length;
3023 char* arr_sig_str;
3024 if (component_type.is_array()) { // it's an array
3025 const char* component_name = component_type.name()->as_utf8();
3026 // Check for more than MAX_ARRAY_DIMENSIONS
3027 length = (int)strlen(component_name);
3028 if (length > MAX_ARRAY_DIMENSIONS &&
3029 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3030 verify_error(ErrorContext::bad_code(bci),
3031 "Illegal anewarray instruction, array has more than 255 dimensions");
3032 }
3033 // add one dimension to component
3034 length++;
3035 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3036 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3037 JVM_SIGNATURE_ARRAY, component_name);
3038 assert(n == length, "Unexpected number of characters in string");
3039 } else { // it's an object or interface
3040 const char* component_name = component_type.name()->as_utf8();
3041 // add one dimension to component with 'L' prepended and ';' postpended.
3042 length = (int)strlen(component_name) + 3;
3043 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3044 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3045 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3046 assert(n == length, "Unexpected number of characters in string");
3047 }
3048 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3049 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3050 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3051 }
3052
3053 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3054 current_frame->get_local(
3055 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3056 current_frame->push_stack(
3057 VerificationType::integer_type(), CHECK_VERIFY(this));
3058 }
3059
3060 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3061 current_frame->get_local_2(
3062 index, VerificationType::long_type(),
3063 VerificationType::long2_type(), CHECK_VERIFY(this));
3064 current_frame->push_stack_2(
3065 VerificationType::long_type(),
3067 }
3068
3069 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3070 current_frame->get_local(
3071 index, VerificationType::float_type(), CHECK_VERIFY(this));
3072 current_frame->push_stack(
3073 VerificationType::float_type(), CHECK_VERIFY(this));
3074 }
3075
3076 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3077 current_frame->get_local_2(
3078 index, VerificationType::double_type(),
3079 VerificationType::double2_type(), CHECK_VERIFY(this));
3080 current_frame->push_stack_2(
3081 VerificationType::double_type(),
3082 VerificationType::double2_type(), CHECK_VERIFY(this));
3083 }
3084
3085 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3086 VerificationType type = current_frame->get_local(
3087 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3088 current_frame->push_stack(type, CHECK_VERIFY(this));
3089 }
3090
3091 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3092 current_frame->pop_stack(
3093 VerificationType::integer_type(), CHECK_VERIFY(this));
3094 current_frame->set_local(
3095 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3096 }
3097
3098 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3099 current_frame->pop_stack_2(
3100 VerificationType::long2_type(),
3101 VerificationType::long_type(), CHECK_VERIFY(this));
3102 current_frame->set_local_2(
3103 index, VerificationType::long_type(),
3104 VerificationType::long2_type(), CHECK_VERIFY(this));
3105 }
3106
3107 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3108 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3109 current_frame->set_local(
3110 index, VerificationType::float_type(), CHECK_VERIFY(this));
3111 }
3112
3113 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3114 current_frame->pop_stack_2(
3115 VerificationType::double2_type(),
3116 VerificationType::double_type(), CHECK_VERIFY(this));
3117 current_frame->set_local_2(
3118 index, VerificationType::double_type(),
3119 VerificationType::double2_type(), CHECK_VERIFY(this));
3120 }
3121
3122 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3123 VerificationType type = current_frame->pop_stack(
3124 VerificationType::reference_check(), CHECK_VERIFY(this));
3125 current_frame->set_local(index, type, CHECK_VERIFY(this));
3126 }
3127
3128 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3129 VerificationType type = current_frame->get_local(
3130 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3131 current_frame->set_local(index, type, CHECK_VERIFY(this));
3132 }
3133
3134 void ClassVerifier::verify_return_value(
3135 VerificationType return_type, VerificationType type, u2 bci,
3136 StackMapFrame* current_frame, TRAPS) {
3137 if (return_type == VerificationType::bogus_type()) {
3138 verify_error(ErrorContext::bad_type(bci,
3139 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3140 "Method does not expect a return value");
3141 return;
3142 }
3143 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3144 if (!match) {
|
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define INLINE_TYPE_MAJOR_VERSION 56
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != NULL)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != NULL)
85 return _verify_byte_codes_fn;
86
259 }
260 kls = kls->super();
261 }
262 if (message_buffer != NULL) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != NULL, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
273
274 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
275
276 return (should_verify_for(klass->class_loader(), should_verify_class) &&
277 // return if the class is a bootstrapping class
278 // or defineClass specified not to verify by default (flags override passed arg)
279 // We need to skip the following four for bootstrapping
280 name != vmSymbols::java_lang_Object() &&
281 name != vmSymbols::java_lang_Class() &&
282 name != vmSymbols::java_lang_String() &&
283 name != vmSymbols::java_lang_Throwable() &&
284
285 // Can not verify the bytecodes for shared classes because they have
286 // already been rewritten to contain constant pool cache indices,
287 // which the verifier can't understand.
288 // Shared classes shouldn't have stackmaps either.
289 // However, bytecodes for shared old classes can be verified because
290 // they have not been rewritten.
291 !(klass->is_shared() && klass->is_rewritten()) &&
292
293 // As of the fix for 4486457 we disable verification for all of the
294 // dynamically-generated bytecodes associated with the 1.4
295 // reflection implementation, not just those associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 // NOTE: this is called too early in the bootstrapping process to be
298 // guarded by Universe::is_gte_jdk14x_version().
299 // Also for lambda generated code, gte jdk8
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STACK_OVERFLOW:
491 ss->print("Exceeded max stack size.");
492 break;
493 case STACK_UNDERFLOW:
494 ss->print("Attempt to pop empty stack.");
495 break;
496 case MISSING_STACKMAP:
497 ss->print("Expected stackmap frame at this location.");
498 break;
499 case BAD_STACKMAP:
500 ss->print("Invalid stackmap specification.");
501 break;
502 case WRONG_INLINE_TYPE:
503 ss->print("Type ");
504 _type.details(ss);
505 ss->print(" and type ");
506 _expected.details(ss);
507 ss->print(" must be identical inline types.");
508 break;
509 case UNKNOWN:
510 default:
511 ShouldNotReachHere();
512 ss->print_cr("Unknown");
513 }
514 ss->cr();
515 }
516
517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
518 if (_bci != -1 && method != NULL) {
519 streamIndentor si(ss);
520 const char* bytecode_name = "<invalid>";
521 if (method->validate_bci(_bci) != -1) {
522 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
523 if (Bytecodes::is_defined(code)) {
524 bytecode_name = Bytecodes::name(code);
525 } else {
526 bytecode_name = "<illegal>";
527 }
528 }
583 stack_map_frame* sm_frame = sm_table->entries();
584 streamIndentor si2(ss);
585 int current_offset = -1;
586 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
587 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
588 ss->indent();
589 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
590 sm_frame->print_truncated(ss, current_offset);
591 return;
592 }
593 sm_frame->print_on(ss, current_offset);
594 ss->cr();
595 current_offset += sm_frame->offset_delta();
596 sm_frame = sm_frame->next();
597 }
598 }
599 }
600
601 // Methods in ClassVerifier
602
603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
604 if (klass->is_inline_klass()) {
605 return VerificationType::inline_type(klass->name());
606 } else {
607 return VerificationType::reference_type(klass->name());
608 }
609 }
610
611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
612 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
613 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
614 _this_type = reference_or_inline_type(klass);
615 }
616
617 ClassVerifier::~ClassVerifier() {
618 // Decrement the reference count for any symbols created.
619 if (_symbols != NULL) {
620 for (int i = 0; i < _symbols->length(); i++) {
621 Symbol* s = _symbols->at(i);
622 s->decrement_refcount();
623 }
624 }
625 }
626
627 VerificationType ClassVerifier::object_type() const {
628 return VerificationType::reference_type(vmSymbols::java_lang_Object());
629 }
630
631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
632 VerificationType vt = VerificationType::reference_type(
633 create_temporary_symbol(sig, (int)strlen(sig)));
634 return TypeOrigin::implicit(vt);
1038 case Bytecodes::_daload :
1039 type = current_frame.pop_stack(
1040 VerificationType::integer_type(), CHECK_VERIFY(this));
1041 atype = current_frame.pop_stack(
1042 VerificationType::reference_check(), CHECK_VERIFY(this));
1043 if (!atype.is_double_array()) {
1044 verify_error(ErrorContext::bad_type(bci,
1045 current_frame.stack_top_ctx(), ref_ctx("[D")),
1046 bad_type_msg, "daload");
1047 return;
1048 }
1049 current_frame.push_stack_2(
1050 VerificationType::double_type(),
1051 VerificationType::double2_type(), CHECK_VERIFY(this));
1052 no_control_flow = false; break;
1053 case Bytecodes::_aaload : {
1054 type = current_frame.pop_stack(
1055 VerificationType::integer_type(), CHECK_VERIFY(this));
1056 atype = current_frame.pop_stack(
1057 VerificationType::reference_check(), CHECK_VERIFY(this));
1058 if (!atype.is_nonscalar_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(),
1061 TypeOrigin::implicit(VerificationType::reference_check())),
1062 bad_type_msg, "aaload");
1063 return;
1064 }
1065 if (atype.is_null()) {
1066 current_frame.push_stack(
1067 VerificationType::null_type(), CHECK_VERIFY(this));
1068 } else {
1069 VerificationType component = atype.get_component(this);
1070 current_frame.push_stack(component, CHECK_VERIFY(this));
1071 }
1072 no_control_flow = false; break;
1073 }
1074 case Bytecodes::_istore :
1075 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_istore_0 :
1078 case Bytecodes::_istore_1 :
1211 VerificationType::double2_type(),
1212 VerificationType::double_type(), CHECK_VERIFY(this));
1213 current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 if (!atype.is_double_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220 bad_type_msg, "dastore");
1221 return;
1222 }
1223 no_control_flow = false; break;
1224 case Bytecodes::_aastore :
1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226 type2 = current_frame.pop_stack(
1227 VerificationType::integer_type(), CHECK_VERIFY(this));
1228 atype = current_frame.pop_stack(
1229 VerificationType::reference_check(), CHECK_VERIFY(this));
1230 // more type-checking is done at runtime
1231 if (!atype.is_nonscalar_array()) {
1232 verify_error(ErrorContext::bad_type(bci,
1233 current_frame.stack_top_ctx(),
1234 TypeOrigin::implicit(VerificationType::reference_check())),
1235 bad_type_msg, "aastore");
1236 return;
1237 }
1238 // 4938384: relaxed constraint in JVMS 3nd edition.
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop :
1241 current_frame.pop_stack(
1242 VerificationType::category1_check(), CHECK_VERIFY(this));
1243 no_control_flow = false; break;
1244 case Bytecodes::_pop2 :
1245 type = current_frame.pop_stack(CHECK_VERIFY(this));
1246 if (type.is_category1()) {
1247 current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 } else if (type.is_category2_2nd()) {
1250 current_frame.pop_stack(
1251 VerificationType::category2_check(), CHECK_VERIFY(this));
1611 case Bytecodes::_if_icmpgt:
1612 case Bytecodes::_if_icmple:
1613 current_frame.pop_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifeq:
1617 case Bytecodes::_ifne:
1618 case Bytecodes::_iflt:
1619 case Bytecodes::_ifge:
1620 case Bytecodes::_ifgt:
1621 case Bytecodes::_ifle:
1622 current_frame.pop_stack(
1623 VerificationType::integer_type(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target(
1626 ¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_if_acmpeq :
1629 case Bytecodes::_if_acmpne :
1630 current_frame.pop_stack(
1631 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1632 // fall through
1633 case Bytecodes::_ifnull :
1634 case Bytecodes::_ifnonnull :
1635 current_frame.pop_stack(
1636 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1637 target = bcs.dest();
1638 stackmap_table.check_jump_target
1639 (¤t_frame, target, CHECK_VERIFY(this));
1640 no_control_flow = false; break;
1641 case Bytecodes::_goto :
1642 target = bcs.dest();
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, target, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_goto_w :
1647 target = bcs.dest_w();
1648 stackmap_table.check_jump_target(
1649 ¤t_frame, target, CHECK_VERIFY(this));
1650 no_control_flow = true; break;
1651 case Bytecodes::_tableswitch :
1652 case Bytecodes::_lookupswitch :
1653 verify_switch(
1654 &bcs, code_length, code_data, ¤t_frame,
1655 &stackmap_table, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1667 VerificationType::long_type(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_freturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::float_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_dreturn :
1678 type2 = current_frame.pop_stack(
1679 VerificationType::double2_type(), CHECK_VERIFY(this));
1680 type = current_frame.pop_stack(
1681 VerificationType::double_type(), CHECK_VERIFY(this));
1682 verify_return_value(return_type, type, bci,
1683 ¤t_frame, CHECK_VERIFY(this));
1684 no_control_flow = true; break;
1685 case Bytecodes::_areturn :
1686 type = current_frame.pop_stack(
1687 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_return :
1692 if (return_type != VerificationType::bogus_type()) {
1693 verify_error(ErrorContext::bad_code(bci),
1694 "Method expects a return value");
1695 return;
1696 }
1697 // Make sure "this" has been initialized if current method is an
1698 // <init>.
1699 if (_method->is_object_constructor() &&
1700 current_frame.flag_this_uninit()) {
1701 verify_error(ErrorContext::bad_code(bci),
1702 "Constructor must call super() or this() "
1703 "before return");
1704 return;
1705 }
1706 no_control_flow = true; break;
1707 case Bytecodes::_getstatic :
1708 case Bytecodes::_putstatic :
1709 // pass TRUE, operand can be an array type for getstatic/putstatic.
1710 verify_field_instructions(
1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_getfield :
1714 case Bytecodes::_putfield :
1715 // pass FALSE, operand can't be an array type for getfield/putfield.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_withfield :
1720 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1721 class_format_error(
1722 "withfield not supported by this class file version (%d.%d), class %s",
1723 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1724 return;
1725 }
1726 // pass FALSE, operand can't be an array type for withfield.
1727 verify_field_instructions(
1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_invokevirtual :
1731 case Bytecodes::_invokespecial :
1732 case Bytecodes::_invokestatic :
1733 case Bytecodes::_invokeinterface :
1734 case Bytecodes::_invokedynamic :
1735 verify_invoke_instructions(
1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_new :
1740 {
1741 index = bcs.get_index_u2();
1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743 VerificationType new_class_type =
1744 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745 if (!new_class_type.is_object()) {
1746 verify_error(ErrorContext::bad_type(bci,
1747 TypeOrigin::cp(index, new_class_type)),
1748 "Illegal new instruction");
1749 return;
1750 }
1751 type = VerificationType::uninitialized_type(bci);
1752 current_frame.push_stack(type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_aconst_init :
1756 {
1757 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1758 class_format_error(
1759 "aconst_init not supported by this class file version (%d.%d), class %s",
1760 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1761 return;
1762 }
1763 index = bcs.get_index_u2();
1764 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1765 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1766 if (!ref_type.is_object()) {
1767 verify_error(ErrorContext::bad_type(bci,
1768 TypeOrigin::cp(index, ref_type)),
1769 "Illegal aconst_init instruction");
1770 return;
1771 }
1772 VerificationType inline_type =
1773 VerificationType::change_ref_to_inline_type(ref_type);
1774 current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 }
1777 case Bytecodes::_newarray :
1778 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1779 current_frame.pop_stack(
1780 VerificationType::integer_type(), CHECK_VERIFY(this));
1781 current_frame.push_stack(type, CHECK_VERIFY(this));
1782 no_control_flow = false; break;
1783 case Bytecodes::_anewarray :
1784 verify_anewarray(
1785 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1786 no_control_flow = false; break;
1787 case Bytecodes::_arraylength :
1788 type = current_frame.pop_stack(
1789 VerificationType::reference_check(), CHECK_VERIFY(this));
1790 if (!(type.is_null() || type.is_array())) {
1791 verify_error(ErrorContext::bad_type(
1792 bci, current_frame.stack_top_ctx()),
1793 bad_type_msg, "arraylength");
1794 }
1795 current_frame.push_stack(
1796 VerificationType::integer_type(), CHECK_VERIFY(this));
1797 no_control_flow = false; break;
1798 case Bytecodes::_checkcast :
1799 {
1800 index = bcs.get_index_u2();
1801 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803 VerificationType klass_type = cp_index_to_type(
1804 index, cp, CHECK_VERIFY(this));
1805 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1806 no_control_flow = false; break;
1807 }
1808 case Bytecodes::_instanceof : {
1809 index = bcs.get_index_u2();
1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812 current_frame.push_stack(
1813 VerificationType::integer_type(), CHECK_VERIFY(this));
1814 no_control_flow = false; break;
1815 }
1816 case Bytecodes::_monitorenter :
1817 case Bytecodes::_monitorexit : {
1818 VerificationType ref = current_frame.pop_stack(
1819 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1820 no_control_flow = false; break;
1821 }
1822 case Bytecodes::_multianewarray :
1823 {
1824 index = bcs.get_index_u2();
1825 u2 dim = *(bcs.bcp()+3);
1826 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1827 VerificationType new_array_type =
1828 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1829 if (!new_array_type.is_array()) {
1830 verify_error(ErrorContext::bad_type(bci,
1831 TypeOrigin::cp(index, new_array_type)),
1832 "Illegal constant pool index in multianewarray instruction");
1833 return;
1834 }
1835 if (dim < 1 || new_array_type.dimensions() < dim) {
1836 verify_error(ErrorContext::bad_code(bci),
1837 "Illegal dimension in multianewarray instruction: %d", dim);
1838 return;
1839 }
1840 for (int i = 0; i < dim; i++) {
1841 current_frame.pop_stack(
2066 int nconstants = cp->length();
2067 if ((index <= 0) || (index >= nconstants)) {
2068 verify_error(ErrorContext::bad_cp_index(bci, index),
2069 "Illegal constant pool index %d in class %s",
2070 index, cp->pool_holder()->external_name());
2071 return;
2072 }
2073 }
2074
2075 void ClassVerifier::verify_cp_type(
2076 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2077
2078 // In some situations, bytecode rewriting may occur while we're verifying.
2079 // In this case, a constant pool cache exists and some indices refer to that
2080 // instead. Be sure we don't pick up such indices by accident.
2081 // We must check was_recursively_verified() before we get here.
2082 guarantee(cp->cache() == NULL, "not rewritten yet");
2083
2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085 unsigned int tag = cp->tag_at(index).value();
2086
2087 if ((types & (1 << tag)) == 0) {
2088 verify_error(ErrorContext::bad_cp_index(bci, index),
2089 "Illegal type at constant pool entry %d in class %s",
2090 index, cp->pool_holder()->external_name());
2091 return;
2092 }
2093 }
2094
2095 void ClassVerifier::verify_cp_class_type(
2096 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2097 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2098 constantTag tag = cp->tag_at(index);
2099 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2100 verify_error(ErrorContext::bad_cp_index(bci, index),
2101 "Illegal type at constant pool entry %d in class %s",
2102 index, cp->pool_holder()->external_name());
2103 return;
2104 }
2105 }
2106
2181 } else {
2182 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2183 if (member_klass != NULL && fd.is_protected()) {
2184 if (!this_class->is_same_class_package(member_klass)) {
2185 return true;
2186 }
2187 }
2188 }
2189 return false;
2190 }
2191
2192 void ClassVerifier::verify_ldc(
2193 int opcode, u2 index, StackMapFrame* current_frame,
2194 const constantPoolHandle& cp, u2 bci, TRAPS) {
2195 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2196 constantTag tag = cp->tag_at(index);
2197 unsigned int types = 0;
2198 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2199 if (!tag.is_unresolved_klass()) {
2200 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2201 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2202 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2203 | (1 << JVM_CONSTANT_Dynamic);
2204 // Note: The class file parser already verified the legality of
2205 // MethodHandle and MethodType constants.
2206 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207 }
2208 } else {
2209 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2210 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2211 | (1 << JVM_CONSTANT_Dynamic);
2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213 }
2214 if (tag.is_string()) {
2215 current_frame->push_stack(
2216 VerificationType::reference_type(
2217 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2218 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2219 current_frame->push_stack(
2220 VerificationType::reference_type(
2221 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2356 const constantPoolHandle& cp,
2357 bool allow_arrays,
2358 TRAPS) {
2359 u2 index = bcs->get_index_u2();
2360 verify_cp_type(bcs->bci(), index, cp,
2361 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2362
2363 // Get field name and signature
2364 Symbol* field_name = cp->name_ref_at(index);
2365 Symbol* field_sig = cp->signature_ref_at(index);
2366 bool is_getfield = false;
2367
2368 // Field signature was checked in ClassFileParser.
2369 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2370 "Invalid field signature");
2371
2372 // Get referenced class type
2373 VerificationType ref_class_type = cp_ref_index_to_type(
2374 index, cp, CHECK_VERIFY(this));
2375 if (!ref_class_type.is_object() &&
2376 (!allow_arrays || !ref_class_type.is_array())) {
2377 verify_error(ErrorContext::bad_type(bcs->bci(),
2378 TypeOrigin::cp(index, ref_class_type)),
2379 "Expecting reference to class in class %s at constant pool index %d",
2380 _klass->external_name(), index);
2381 return;
2382 }
2383
2384 VerificationType target_class_type = ref_class_type;
2385
2386 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2387 "buffer type must match VerificationType size");
2388 uintptr_t field_type_buffer[2];
2389 VerificationType* field_type = (VerificationType*)field_type_buffer;
2390 // If we make a VerificationType[2] array directly, the compiler calls
2391 // to the c-runtime library to do the allocation instead of just
2392 // stack allocating it. Plus it would run constructors. This shows up
2393 // in performance profiles.
2394
2395 SignatureStream sig_stream(field_sig, false);
2396 VerificationType stack_object_type;
2397 int n = change_sig_to_verificationType(&sig_stream, field_type);
2398 u2 bci = bcs->bci();
2399 bool is_assignable;
2400 switch (bcs->raw_code()) {
2401 case Bytecodes::_getstatic: {
2402 for (int i = 0; i < n; i++) {
2403 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404 }
2405 break;
2406 }
2407 case Bytecodes::_putstatic: {
2408 for (int i = n - 1; i >= 0; i--) {
2409 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2410 }
2411 break;
2412 }
2413 case Bytecodes::_withfield: {
2414 for (int i = n - 1; i >= 0; i--) {
2415 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2416 }
2417 // Check that the receiver is a subtype of the referenced class.
2418 current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2419 VerificationType target_inline_type =
2420 VerificationType::change_ref_to_inline_type(target_class_type);
2421 current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2422 break;
2423 }
2424 case Bytecodes::_getfield: {
2425 is_getfield = true;
2426 stack_object_type = current_frame->pop_stack(
2427 target_class_type, CHECK_VERIFY(this));
2428 goto check_protected;
2429 }
2430 case Bytecodes::_putfield: {
2431 for (int i = n - 1; i >= 0; i--) {
2432 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2433 }
2434 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2435
2436 // The JVMS 2nd edition allows field initialization before the superclass
2437 // initializer, if the field is defined within the current class.
2438 fieldDescriptor fd;
2439 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2440 target_class_type.equals(current_type()) &&
2441 _klass->find_local_field(field_name, field_sig, &fd)) {
2442 stack_object_type = current_type();
2443 }
2825 bool ClassVerifier::is_same_or_direct_interface(
2826 InstanceKlass* klass,
2827 VerificationType klass_type,
2828 VerificationType ref_class_type) {
2829 if (ref_class_type.equals(klass_type)) return true;
2830 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2831 if (local_interfaces != NULL) {
2832 for (int x = 0; x < local_interfaces->length(); x++) {
2833 InstanceKlass* k = local_interfaces->at(x);
2834 assert (k != NULL && k->is_interface(), "invalid interface");
2835 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2836 return true;
2837 }
2838 }
2839 }
2840 return false;
2841 }
2842
2843 void ClassVerifier::verify_invoke_instructions(
2844 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2845 bool in_try_block, bool *this_uninit,
2846 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2847 // Make sure the constant pool item is the right type
2848 u2 index = bcs->get_index_u2();
2849 Bytecodes::Code opcode = bcs->raw_code();
2850 unsigned int types = 0;
2851 switch (opcode) {
2852 case Bytecodes::_invokeinterface:
2853 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2854 break;
2855 case Bytecodes::_invokedynamic:
2856 types = 1 << JVM_CONSTANT_InvokeDynamic;
2857 break;
2858 case Bytecodes::_invokespecial:
2859 case Bytecodes::_invokestatic:
2860 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2861 (1 << JVM_CONSTANT_Methodref) :
2862 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2863 break;
2864 default:
2865 types = 1 << JVM_CONSTANT_Methodref;
2866 }
2867 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2868
2869 // Get method name and signature
2870 Symbol* method_name = cp->name_ref_at(index);
2871 Symbol* method_sig = cp->signature_ref_at(index);
2872
2873 // Method signature was checked in ClassFileParser.
2874 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2875 "Invalid method signature");
2876
2877 // Get referenced class
2878 VerificationType ref_class_type;
2879 if (opcode == Bytecodes::_invokedynamic) {
2880 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2881 class_format_error(
2882 "invokedynamic instructions not supported by this class file version (%d), class %s",
2883 _klass->major_version(), _klass->external_name());
2884 return;
2885 }
2886 } else {
2887 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2888 }
2889
2890 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2891 "buffer type must match VerificationType size");
2892
2893 // Get the UTF8 index for this signature.
2894 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2895
2896 // Get the signature's verification types.
2897 sig_as_verification_types* mth_sig_verif_types;
2923 "Inconsistent args count operand in invokeinterface");
2924 return;
2925 }
2926 if (*(bcp+4) != 0) {
2927 verify_error(ErrorContext::bad_code(bci),
2928 "Fourth operand byte of invokeinterface must be zero");
2929 return;
2930 }
2931 }
2932
2933 if (opcode == Bytecodes::_invokedynamic) {
2934 address bcp = bcs->bcp();
2935 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2936 verify_error(ErrorContext::bad_code(bci),
2937 "Third and fourth operand bytes of invokedynamic must be zero");
2938 return;
2939 }
2940 }
2941
2942 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2943 // Make sure <init> can only be invoked by invokespecial or invokestatic.
2944 // The allowed invocation mode of <init> depends on its signature.
2945 if ((opcode != Bytecodes::_invokespecial &&
2946 opcode != Bytecodes::_invokestatic) ||
2947 method_name != vmSymbols::object_initializer_name()) {
2948 verify_error(ErrorContext::bad_code(bci),
2949 "Illegal call to internal method");
2950 return;
2951 }
2952 } else if (opcode == Bytecodes::_invokespecial
2953 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2954 && !ref_class_type.equals(VerificationType::reference_type(
2955 current_class()->super()->name()))) { // super() can never be an inline_type.
2956 bool subtype = false;
2957 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2958 subtype = ref_class_type.is_assignable_from(
2959 current_type(), this, false, CHECK_VERIFY(this));
2960 if (!subtype) {
2961 verify_error(ErrorContext::bad_code(bci),
2962 "Bad invokespecial instruction: "
2963 "current class isn't assignable to reference class.");
2964 return;
2965 } else if (have_imr_indirect) {
2966 verify_error(ErrorContext::bad_code(bci),
2967 "Bad invokespecial instruction: "
2968 "interface method reference is in an indirect superinterface.");
2969 return;
2970 }
2971
2972 }
2973
2974 // Get the verification types for the method's arguments.
2975 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2976 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2977 // Match method descriptor with operand stack
2978 // The arguments are on the stack in descending order.
2979 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2980 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2981 }
2982
2983 // Check objectref on operand stack
2984 if (opcode != Bytecodes::_invokestatic &&
2985 opcode != Bytecodes::_invokedynamic) {
2986 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2987 // (use of <init> as a static factory is handled under invokestatic)
2988 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2989 code_length, in_try_block, this_uninit, cp, stackmap_table,
2990 CHECK_VERIFY(this));
2991 if (was_recursively_verified()) return;
2992 } else { // other methods
2993 // Ensures that target class is assignable to method class.
2994 if (opcode == Bytecodes::_invokespecial) {
2995 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2996 } else if (opcode == Bytecodes::_invokevirtual) {
2997 VerificationType stack_object_type =
2998 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2999 if (current_type() != stack_object_type) {
3000 if (was_recursively_verified()) return;
3001 assert(cp->cache() == NULL, "not rewritten yet");
3002 Symbol* ref_class_name =
3003 cp->klass_name_at(cp->klass_ref_index_at(index));
3004 // See the comments in verify_field_instructions() for
3005 // the rationale behind this.
3006 if (name_in_supers(ref_class_name, current_class())) {
3007 Klass* ref_class = load_class(ref_class_name, CHECK);
3020 } else {
3021 verify_error(ErrorContext::bad_type(bci,
3022 current_frame->stack_top_ctx(),
3023 TypeOrigin::implicit(current_type())),
3024 "Bad access to protected data in invokevirtual");
3025 return;
3026 }
3027 }
3028 }
3029 }
3030 }
3031 } else {
3032 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3033 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3034 }
3035 }
3036 }
3037 // Push the result type.
3038 int sig_verif_types_len = sig_verif_types->length();
3039 if (sig_verif_types_len > nargs) { // There's a return type
3040 if (method_name == vmSymbols::object_initializer_name() &&
3041 opcode != Bytecodes::_invokestatic) {
3042 // an <init> method must have a void return type, unless it's a static factory
3043 verify_error(ErrorContext::bad_code(bci),
3044 "Return type must be void in <init> method");
3045 return;
3046 }
3047
3048 assert(sig_verif_types_len <= nargs + 2,
3049 "Signature verification types array return type is bogus");
3050 for (int i = nargs; i < sig_verif_types_len; i++) {
3051 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3052 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3053 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3054 }
3055 } else {
3056 // an <init> method may not have a void return type, if it's a static factory
3057 if (method_name == vmSymbols::object_initializer_name() &&
3058 opcode != Bytecodes::_invokespecial) {
3059 verify_error(ErrorContext::bad_code(bci),
3060 "Return type must be non-void in <init> static factory method");
3061 return;
3062 }
3063 }
3064 }
3065
3066 VerificationType ClassVerifier::get_newarray_type(
3067 u2 index, u2 bci, TRAPS) {
3068 const char* from_bt[] = {
3069 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3070 };
3071 if (index < T_BOOLEAN || index > T_LONG) {
3072 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3073 return VerificationType::bogus_type();
3074 }
3075
3076 // from_bt[index] contains the array signature which has a length of 2
3077 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3078 return VerificationType::reference_type(sig);
3079 }
3080
3081 void ClassVerifier::verify_anewarray(
3082 u2 bci, u2 index, const constantPoolHandle& cp,
3090 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3091 int length;
3092 char* arr_sig_str;
3093 if (component_type.is_array()) { // it's an array
3094 const char* component_name = component_type.name()->as_utf8();
3095 // Check for more than MAX_ARRAY_DIMENSIONS
3096 length = (int)strlen(component_name);
3097 if (length > MAX_ARRAY_DIMENSIONS &&
3098 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3099 verify_error(ErrorContext::bad_code(bci),
3100 "Illegal anewarray instruction, array has more than 255 dimensions");
3101 }
3102 // add one dimension to component
3103 length++;
3104 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3105 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3106 JVM_SIGNATURE_ARRAY, component_name);
3107 assert(n == length, "Unexpected number of characters in string");
3108 } else { // it's an object or interface
3109 const char* component_name = component_type.name()->as_utf8();
3110 char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3111 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3112 length = (int)strlen(component_name) + 3;
3113 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3114 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3115 JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3116 assert(n == length, "Unexpected number of characters in string");
3117 }
3118 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3119 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3120 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3121 }
3122
3123 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3124 current_frame->get_local(
3125 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3126 current_frame->push_stack(
3127 VerificationType::integer_type(), CHECK_VERIFY(this));
3128 }
3129
3130 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3131 current_frame->get_local_2(
3132 index, VerificationType::long_type(),
3133 VerificationType::long2_type(), CHECK_VERIFY(this));
3134 current_frame->push_stack_2(
3135 VerificationType::long_type(),
3137 }
3138
3139 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3140 current_frame->get_local(
3141 index, VerificationType::float_type(), CHECK_VERIFY(this));
3142 current_frame->push_stack(
3143 VerificationType::float_type(), CHECK_VERIFY(this));
3144 }
3145
3146 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3147 current_frame->get_local_2(
3148 index, VerificationType::double_type(),
3149 VerificationType::double2_type(), CHECK_VERIFY(this));
3150 current_frame->push_stack_2(
3151 VerificationType::double_type(),
3152 VerificationType::double2_type(), CHECK_VERIFY(this));
3153 }
3154
3155 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3156 VerificationType type = current_frame->get_local(
3157 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3158 current_frame->push_stack(type, CHECK_VERIFY(this));
3159 }
3160
3161 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3162 current_frame->pop_stack(
3163 VerificationType::integer_type(), CHECK_VERIFY(this));
3164 current_frame->set_local(
3165 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3166 }
3167
3168 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3169 current_frame->pop_stack_2(
3170 VerificationType::long2_type(),
3171 VerificationType::long_type(), CHECK_VERIFY(this));
3172 current_frame->set_local_2(
3173 index, VerificationType::long_type(),
3174 VerificationType::long2_type(), CHECK_VERIFY(this));
3175 }
3176
3177 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3178 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3179 current_frame->set_local(
3180 index, VerificationType::float_type(), CHECK_VERIFY(this));
3181 }
3182
3183 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3184 current_frame->pop_stack_2(
3185 VerificationType::double2_type(),
3186 VerificationType::double_type(), CHECK_VERIFY(this));
3187 current_frame->set_local_2(
3188 index, VerificationType::double_type(),
3189 VerificationType::double2_type(), CHECK_VERIFY(this));
3190 }
3191
3192 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3193 VerificationType type = current_frame->pop_stack(
3194 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3195 current_frame->set_local(index, type, CHECK_VERIFY(this));
3196 }
3197
3198 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3199 VerificationType type = current_frame->get_local(
3200 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3201 current_frame->set_local(index, type, CHECK_VERIFY(this));
3202 }
3203
3204 void ClassVerifier::verify_return_value(
3205 VerificationType return_type, VerificationType type, u2 bci,
3206 StackMapFrame* current_frame, TRAPS) {
3207 if (return_type == VerificationType::bogus_type()) {
3208 verify_error(ErrorContext::bad_type(bci,
3209 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3210 "Method does not expect a return value");
3211 return;
3212 }
3213 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3214 if (!match) {
|