< prev index next >

src/hotspot/share/classfile/verifier.cpp

Print this page




  44 #include "oops/constantPool.inline.hpp"
  45 #include "oops/instanceKlass.hpp"
  46 #include "oops/oop.inline.hpp"
  47 #include "oops/typeArrayOop.hpp"
  48 #include "runtime/fieldDescriptor.hpp"
  49 #include "runtime/handles.inline.hpp"
  50 #include "runtime/interfaceSupport.inline.hpp"
  51 #include "runtime/javaCalls.hpp"
  52 #include "runtime/jniHandles.inline.hpp"
  53 #include "runtime/orderAccess.hpp"
  54 #include "runtime/os.hpp"
  55 #include "runtime/safepointVerifiers.hpp"
  56 #include "runtime/thread.hpp"
  57 #include "services/threadService.hpp"
  58 #include "utilities/align.hpp"
  59 #include "utilities/bytes.hpp"
  60 
  61 #define NOFAILOVER_MAJOR_VERSION                       51
  62 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  63 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52

  64 #define MAX_ARRAY_DIMENSIONS 255
  65 
  66 // Access to external entry for VerifyClassCodes - old byte code verifier
  67 
  68 extern "C" {
  69   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
  70   typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
  71 }
  72 
  73 static void* volatile _verify_byte_codes_fn = NULL;
  74 
  75 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
  76 
  77 static void* verify_byte_codes_fn() {
  78   if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
  79     void *lib_handle = os::native_java_library();
  80     void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
  81     OrderAccess::release_store(&_verify_byte_codes_fn, func);
  82     if (func == NULL) {
  83       _is_new_verify_byte_codes_fn = false;


 238       }
 239       kls = kls->super();
 240     }
 241     if (message_buffer != NULL) {
 242       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 243     }
 244     assert(exception_message != NULL, "");
 245     THROW_MSG_(exception_name, exception_message, false);
 246   }
 247 }
 248 
 249 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 250   Symbol* name = klass->name();
 251   Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
 252 
 253   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 254 
 255   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 256     // return if the class is a bootstrapping class
 257     // or defineClass specified not to verify by default (flags override passed arg)
 258     // We need to skip the following four for bootstraping
 259     name != vmSymbols::java_lang_Object() &&
 260     name != vmSymbols::java_lang_Class() &&
 261     name != vmSymbols::java_lang_String() &&
 262     name != vmSymbols::java_lang_Throwable() &&
 263 
 264     // Can not verify the bytecodes for shared classes because they have
 265     // already been rewritten to contain constant pool cache indices,
 266     // which the verifier can't understand.
 267     // Shared classes shouldn't have stackmaps either.
 268     !klass->is_shared() &&
 269 
 270     // As of the fix for 4486457 we disable verification for all of the
 271     // dynamically-generated bytecodes associated with the 1.4
 272     // reflection implementation, not just those associated with
 273     // jdk/internal/reflect/SerializationConstructorAccessor.
 274     // NOTE: this is called too early in the bootstrapping process to be
 275     // guarded by Universe::is_gte_jdk14x_version().
 276     // Also for lambda generated code, gte jdk8
 277     (!is_reflect));
 278 }


 469       ss->print("Local index %d is invalid", _type.index());
 470       break;
 471     case LOCALS_SIZE_MISMATCH:
 472       ss->print("Current frame's local size doesn't match stackmap.");
 473       break;
 474     case STACK_SIZE_MISMATCH:
 475       ss->print("Current frame's stack size doesn't match stackmap.");
 476       break;
 477     case STACK_OVERFLOW:
 478       ss->print("Exceeded max stack size.");
 479       break;
 480     case STACK_UNDERFLOW:
 481       ss->print("Attempt to pop empty stack.");
 482       break;
 483     case MISSING_STACKMAP:
 484       ss->print("Expected stackmap frame at this location.");
 485       break;
 486     case BAD_STACKMAP:
 487       ss->print("Invalid stackmap specification.");
 488       break;







 489     case UNKNOWN:
 490     default:
 491       ShouldNotReachHere();
 492       ss->print_cr("Unknown");
 493   }
 494   ss->cr();
 495 }
 496 
 497 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 498   if (_bci != -1 && method != NULL) {
 499     streamIndentor si(ss);
 500     const char* bytecode_name = "<invalid>";
 501     if (method->validate_bci(_bci) != -1) {
 502       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 503       if (Bytecodes::is_defined(code)) {
 504           bytecode_name = Bytecodes::name(code);
 505       } else {
 506           bytecode_name = "<illegal>";
 507       }
 508     }


 563     stack_map_frame* sm_frame = sm_table->entries();
 564     streamIndentor si2(ss);
 565     int current_offset = -1;
 566     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 567     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 568       ss->indent();
 569       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 570         sm_frame->print_truncated(ss, current_offset);
 571         return;
 572       }
 573       sm_frame->print_on(ss, current_offset);
 574       ss->cr();
 575       current_offset += sm_frame->offset_delta();
 576       sm_frame = sm_frame->next();
 577     }
 578   }
 579 }
 580 
 581 // Methods in ClassVerifier
 582 








 583 ClassVerifier::ClassVerifier(
 584     InstanceKlass* klass, TRAPS)
 585     : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 586       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 587   _this_type = VerificationType::reference_type(klass->name());
 588 }
 589 
 590 ClassVerifier::~ClassVerifier() {
 591   // Decrement the reference count for any symbols created.
 592   if (_symbols != NULL) {
 593     for (int i = 0; i < _symbols->length(); i++) {
 594       Symbol* s = _symbols->at(i);
 595       s->decrement_refcount();
 596     }
 597   }
 598 }
 599 
 600 VerificationType ClassVerifier::object_type() const {
 601   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 602 }
 603 
 604 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 605   VerificationType vt = VerificationType::reference_type(
 606                          create_temporary_symbol(sig, (int)strlen(sig)));
 607   return TypeOrigin::implicit(vt);


1012         case Bytecodes::_daload :
1013           type = current_frame.pop_stack(
1014             VerificationType::integer_type(), CHECK_VERIFY(this));
1015           atype = current_frame.pop_stack(
1016             VerificationType::reference_check(), CHECK_VERIFY(this));
1017           if (!atype.is_double_array()) {
1018             verify_error(ErrorContext::bad_type(bci,
1019                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1020                 bad_type_msg, "daload");
1021             return;
1022           }
1023           current_frame.push_stack_2(
1024             VerificationType::double_type(),
1025             VerificationType::double2_type(), CHECK_VERIFY(this));
1026           no_control_flow = false; break;
1027         case Bytecodes::_aaload : {
1028           type = current_frame.pop_stack(
1029             VerificationType::integer_type(), CHECK_VERIFY(this));
1030           atype = current_frame.pop_stack(
1031             VerificationType::reference_check(), CHECK_VERIFY(this));
1032           if (!atype.is_reference_array()) {
1033             verify_error(ErrorContext::bad_type(bci,
1034                 current_frame.stack_top_ctx(),
1035                 TypeOrigin::implicit(VerificationType::reference_check())),
1036                 bad_type_msg, "aaload");
1037             return;
1038           }
1039           if (atype.is_null()) {
1040             current_frame.push_stack(
1041               VerificationType::null_type(), CHECK_VERIFY(this));
1042           } else {
1043             VerificationType component =
1044               atype.get_component(this, CHECK_VERIFY(this));
1045             current_frame.push_stack(component, CHECK_VERIFY(this));
1046           }
1047           no_control_flow = false; break;
1048         }
1049         case Bytecodes::_istore :
1050           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1051           no_control_flow = false; break;
1052         case Bytecodes::_istore_0 :


1186             VerificationType::double2_type(),
1187             VerificationType::double_type(), CHECK_VERIFY(this));
1188           current_frame.pop_stack(
1189             VerificationType::integer_type(), CHECK_VERIFY(this));
1190           atype = current_frame.pop_stack(
1191             VerificationType::reference_check(), CHECK_VERIFY(this));
1192           if (!atype.is_double_array()) {
1193             verify_error(ErrorContext::bad_type(bci,
1194                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1195                 bad_type_msg, "dastore");
1196             return;
1197           }
1198           no_control_flow = false; break;
1199         case Bytecodes::_aastore :
1200           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1201           type2 = current_frame.pop_stack(
1202             VerificationType::integer_type(), CHECK_VERIFY(this));
1203           atype = current_frame.pop_stack(
1204             VerificationType::reference_check(), CHECK_VERIFY(this));
1205           // more type-checking is done at runtime
1206           if (!atype.is_reference_array()) {
1207             verify_error(ErrorContext::bad_type(bci,
1208                 current_frame.stack_top_ctx(),
1209                 TypeOrigin::implicit(VerificationType::reference_check())),
1210                 bad_type_msg, "aastore");
1211             return;
1212           }
1213           // 4938384: relaxed constraint in JVMS 3nd edition.
1214           no_control_flow = false; break;
1215         case Bytecodes::_pop :
1216           current_frame.pop_stack(
1217             VerificationType::category1_check(), CHECK_VERIFY(this));
1218           no_control_flow = false; break;
1219         case Bytecodes::_pop2 :
1220           type = current_frame.pop_stack(CHECK_VERIFY(this));
1221           if (type.is_category1()) {
1222             current_frame.pop_stack(
1223               VerificationType::category1_check(), CHECK_VERIFY(this));
1224           } else if (type.is_category2_2nd()) {
1225             current_frame.pop_stack(
1226               VerificationType::category2_check(), CHECK_VERIFY(this));


1586         case Bytecodes::_if_icmpgt:
1587         case Bytecodes::_if_icmple:
1588           current_frame.pop_stack(
1589             VerificationType::integer_type(), CHECK_VERIFY(this));
1590           // fall through
1591         case Bytecodes::_ifeq:
1592         case Bytecodes::_ifne:
1593         case Bytecodes::_iflt:
1594         case Bytecodes::_ifge:
1595         case Bytecodes::_ifgt:
1596         case Bytecodes::_ifle:
1597           current_frame.pop_stack(
1598             VerificationType::integer_type(), CHECK_VERIFY(this));
1599           target = bcs.dest();
1600           stackmap_table.check_jump_target(
1601             &current_frame, target, CHECK_VERIFY(this));
1602           no_control_flow = false; break;
1603         case Bytecodes::_if_acmpeq :
1604         case Bytecodes::_if_acmpne :
1605           current_frame.pop_stack(
1606             VerificationType::reference_check(), CHECK_VERIFY(this));
1607           // fall through
1608         case Bytecodes::_ifnull :
1609         case Bytecodes::_ifnonnull :
1610           current_frame.pop_stack(
1611             VerificationType::reference_check(), CHECK_VERIFY(this));
1612           target = bcs.dest();
1613           stackmap_table.check_jump_target
1614             (&current_frame, target, CHECK_VERIFY(this));
1615           no_control_flow = false; break;
1616         case Bytecodes::_goto :
1617           target = bcs.dest();
1618           stackmap_table.check_jump_target(
1619             &current_frame, target, CHECK_VERIFY(this));
1620           no_control_flow = true; break;
1621         case Bytecodes::_goto_w :
1622           target = bcs.dest_w();
1623           stackmap_table.check_jump_target(
1624             &current_frame, target, CHECK_VERIFY(this));
1625           no_control_flow = true; break;
1626         case Bytecodes::_tableswitch :
1627         case Bytecodes::_lookupswitch :
1628           verify_switch(
1629             &bcs, code_length, code_data, &current_frame,
1630             &stackmap_table, CHECK_VERIFY(this));
1631           no_control_flow = true; break;


1642             VerificationType::long_type(), CHECK_VERIFY(this));
1643           verify_return_value(return_type, type, bci,
1644                               &current_frame, CHECK_VERIFY(this));
1645           no_control_flow = true; break;
1646         case Bytecodes::_freturn :
1647           type = current_frame.pop_stack(
1648             VerificationType::float_type(), CHECK_VERIFY(this));
1649           verify_return_value(return_type, type, bci,
1650                               &current_frame, CHECK_VERIFY(this));
1651           no_control_flow = true; break;
1652         case Bytecodes::_dreturn :
1653           type2 = current_frame.pop_stack(
1654             VerificationType::double2_type(),  CHECK_VERIFY(this));
1655           type = current_frame.pop_stack(
1656             VerificationType::double_type(), CHECK_VERIFY(this));
1657           verify_return_value(return_type, type, bci,
1658                               &current_frame, CHECK_VERIFY(this));
1659           no_control_flow = true; break;
1660         case Bytecodes::_areturn :
1661           type = current_frame.pop_stack(
1662             VerificationType::reference_check(), CHECK_VERIFY(this));
1663           verify_return_value(return_type, type, bci,
1664                               &current_frame, CHECK_VERIFY(this));
1665           no_control_flow = true; break;
1666         case Bytecodes::_return :
1667           if (return_type != VerificationType::bogus_type()) {
1668             verify_error(ErrorContext::bad_code(bci),
1669                          "Method expects a return value");
1670             return;
1671           }
1672           // Make sure "this" has been initialized if current method is an
1673           // <init>.
1674           if (_method->name() == vmSymbols::object_initializer_name() &&
1675               current_frame.flag_this_uninit()) {
1676             verify_error(ErrorContext::bad_code(bci),
1677                          "Constructor must call super() or this() "
1678                          "before return");
1679             return;
1680           }
1681           no_control_flow = true; break;
1682         case Bytecodes::_getstatic :
1683         case Bytecodes::_putstatic :
1684           // pass TRUE, operand can be an array type for getstatic/putstatic.
1685           verify_field_instructions(
1686             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1687           no_control_flow = false; break;
1688         case Bytecodes::_getfield :
1689         case Bytecodes::_putfield :
1690           // pass FALSE, operand can't be an array type for getfield/putfield.
1691           verify_field_instructions(
1692             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1693           no_control_flow = false; break;











1694         case Bytecodes::_invokevirtual :
1695         case Bytecodes::_invokespecial :
1696         case Bytecodes::_invokestatic :
1697           verify_invoke_instructions(
1698             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1699             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1700           no_control_flow = false; break;
1701         case Bytecodes::_invokeinterface :
1702         case Bytecodes::_invokedynamic :
1703           verify_invoke_instructions(
1704             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1705             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1706           no_control_flow = false; break;
1707         case Bytecodes::_new :
1708         {
1709           index = bcs.get_index_u2();
1710           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1711           VerificationType new_class_type =
1712             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1713           if (!new_class_type.is_object()) {
1714             verify_error(ErrorContext::bad_type(bci,
1715                 TypeOrigin::cp(index, new_class_type)),
1716                 "Illegal new instruction");
1717             return;
1718           }
1719           type = VerificationType::uninitialized_type(bci);
1720           current_frame.push_stack(type, CHECK_VERIFY(this));
1721           no_control_flow = false; break;
1722         }






















1723         case Bytecodes::_newarray :
1724           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1725           current_frame.pop_stack(
1726             VerificationType::integer_type(),  CHECK_VERIFY(this));
1727           current_frame.push_stack(type, CHECK_VERIFY(this));
1728           no_control_flow = false; break;
1729         case Bytecodes::_anewarray :
1730           verify_anewarray(
1731             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1732           no_control_flow = false; break;
1733         case Bytecodes::_arraylength :
1734           type = current_frame.pop_stack(
1735             VerificationType::reference_check(), CHECK_VERIFY(this));
1736           if (!(type.is_null() || type.is_array())) {
1737             verify_error(ErrorContext::bad_type(
1738                 bci, current_frame.stack_top_ctx()),
1739                 bad_type_msg, "arraylength");
1740           }
1741           current_frame.push_stack(
1742             VerificationType::integer_type(), CHECK_VERIFY(this));
1743           no_control_flow = false; break;
1744         case Bytecodes::_checkcast :
1745         {
1746           index = bcs.get_index_u2();
1747           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1748           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1749           VerificationType klass_type = cp_index_to_type(
1750             index, cp, CHECK_VERIFY(this));
1751           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1752           no_control_flow = false; break;
1753         }
1754         case Bytecodes::_instanceof : {
1755           index = bcs.get_index_u2();
1756           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758           current_frame.push_stack(
1759             VerificationType::integer_type(), CHECK_VERIFY(this));
1760           no_control_flow = false; break;
1761         }
1762         case Bytecodes::_monitorenter :
1763         case Bytecodes::_monitorexit :
1764           current_frame.pop_stack(
1765             VerificationType::reference_check(), CHECK_VERIFY(this));
1766           no_control_flow = false; break;

1767         case Bytecodes::_multianewarray :
1768         {
1769           index = bcs.get_index_u2();
1770           u2 dim = *(bcs.bcp()+3);
1771           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1772           VerificationType new_array_type =
1773             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1774           if (!new_array_type.is_array()) {
1775             verify_error(ErrorContext::bad_type(bci,
1776                 TypeOrigin::cp(index, new_array_type)),
1777                 "Illegal constant pool index in multianewarray instruction");
1778             return;
1779           }
1780           if (dim < 1 || new_array_type.dimensions() < dim) {
1781             verify_error(ErrorContext::bad_code(bci),
1782                 "Illegal dimension in multianewarray instruction: %d", dim);
1783             return;
1784           }
1785           for (int i = 0; i < dim; i++) {
1786             current_frame.pop_stack(


2005   int nconstants = cp->length();
2006   if ((index <= 0) || (index >= nconstants)) {
2007     verify_error(ErrorContext::bad_cp_index(bci, index),
2008         "Illegal constant pool index %d in class %s",
2009         index, cp->pool_holder()->external_name());
2010     return;
2011   }
2012 }
2013 
2014 void ClassVerifier::verify_cp_type(
2015     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2016 
2017   // In some situations, bytecode rewriting may occur while we're verifying.
2018   // In this case, a constant pool cache exists and some indices refer to that
2019   // instead.  Be sure we don't pick up such indices by accident.
2020   // We must check was_recursively_verified() before we get here.
2021   guarantee(cp->cache() == NULL, "not rewritten yet");
2022 
2023   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2024   unsigned int tag = cp->tag_at(index).value();

2025   if ((types & (1 << tag)) == 0) {
2026     verify_error(ErrorContext::bad_cp_index(bci, index),
2027       "Illegal type at constant pool entry %d in class %s",
2028       index, cp->pool_holder()->external_name());
2029     return;
2030   }
2031 }
2032 
2033 void ClassVerifier::verify_cp_class_type(
2034     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2035   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2036   constantTag tag = cp->tag_at(index);
2037   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2038     verify_error(ErrorContext::bad_cp_index(bci, index),
2039         "Illegal type at constant pool entry %d in class %s",
2040         index, cp->pool_holder()->external_name());
2041     return;
2042   }
2043 }
2044 


2117   } else {
2118     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2119     if (member_klass != NULL && fd.is_protected()) {
2120       if (!this_class->is_same_class_package(member_klass)) {
2121         return true;
2122       }
2123     }
2124   }
2125   return false;
2126 }
2127 
2128 void ClassVerifier::verify_ldc(
2129     int opcode, u2 index, StackMapFrame* current_frame,
2130     const constantPoolHandle& cp, u2 bci, TRAPS) {
2131   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2132   constantTag tag = cp->tag_at(index);
2133   unsigned int types = 0;
2134   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2135     if (!tag.is_unresolved_klass()) {
2136       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2137             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2138             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2139             | (1 << JVM_CONSTANT_Dynamic);
2140       // Note:  The class file parser already verified the legality of
2141       // MethodHandle and MethodType constants.
2142       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2143     }
2144   } else {
2145     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2146     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2147           | (1 << JVM_CONSTANT_Dynamic);
2148     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2149   }
2150   if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2151     current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2152   } else if (tag.is_string()) {
2153     current_frame->push_stack(
2154       VerificationType::reference_type(
2155         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2156   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2157     current_frame->push_stack(


2293                                               StackMapFrame* current_frame,
2294                                               const constantPoolHandle& cp,
2295                                               bool allow_arrays,
2296                                               TRAPS) {
2297   u2 index = bcs->get_index_u2();
2298   verify_cp_type(bcs->bci(), index, cp,
2299       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2300 
2301   // Get field name and signature
2302   Symbol* field_name = cp->name_ref_at(index);
2303   Symbol* field_sig = cp->signature_ref_at(index);
2304 
2305   // Field signature was checked in ClassFileParser.
2306   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2307          "Invalid field signature");
2308 
2309   // Get referenced class type
2310   VerificationType ref_class_type = cp_ref_index_to_type(
2311     index, cp, CHECK_VERIFY(this));
2312   if (!ref_class_type.is_object() &&
2313     (!allow_arrays || !ref_class_type.is_array())) {
2314     verify_error(ErrorContext::bad_type(bcs->bci(),
2315         TypeOrigin::cp(index, ref_class_type)),
2316         "Expecting reference to class in class %s at constant pool index %d",
2317         _klass->external_name(), index);
2318     return;
2319   }

2320   VerificationType target_class_type = ref_class_type;
2321 
2322   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2323         "buffer type must match VerificationType size");
2324   uintptr_t field_type_buffer[2];
2325   VerificationType* field_type = (VerificationType*)field_type_buffer;
2326   // If we make a VerificationType[2] array directly, the compiler calls
2327   // to the c-runtime library to do the allocation instead of just
2328   // stack allocating it.  Plus it would run constructors.  This shows up
2329   // in performance profiles.
2330 
2331   SignatureStream sig_stream(field_sig, false);
2332   VerificationType stack_object_type;
2333   int n = change_sig_to_verificationType(&sig_stream, field_type);
2334   u2 bci = bcs->bci();
2335   bool is_assignable;
2336   switch (bcs->raw_code()) {
2337     case Bytecodes::_getstatic: {
2338       for (int i = 0; i < n; i++) {
2339         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2340       }
2341       break;
2342     }
2343     case Bytecodes::_putstatic: {
2344       for (int i = n - 1; i >= 0; i--) {
2345         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2346       }
2347       break;
2348     }



















2349     case Bytecodes::_getfield: {
2350       stack_object_type = current_frame->pop_stack(
2351         target_class_type, CHECK_VERIFY(this));
2352       for (int i = 0; i < n; i++) {
2353         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2354       }
2355       goto check_protected;
2356     }
2357     case Bytecodes::_putfield: {
2358       for (int i = n - 1; i >= 0; i--) {
2359         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2360       }
2361       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2362 
2363       // The JVMS 2nd edition allows field initialization before the superclass
2364       // initializer, if the field is defined within the current class.
2365       fieldDescriptor fd;
2366       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2367           target_class_type.equals(current_type()) &&
2368           _klass->find_local_field(field_name, field_sig, &fd)) {


2737 bool ClassVerifier::is_same_or_direct_interface(
2738     InstanceKlass* klass,
2739     VerificationType klass_type,
2740     VerificationType ref_class_type) {
2741   if (ref_class_type.equals(klass_type)) return true;
2742   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2743   if (local_interfaces != NULL) {
2744     for (int x = 0; x < local_interfaces->length(); x++) {
2745       InstanceKlass* k = local_interfaces->at(x);
2746       assert (k != NULL && k->is_interface(), "invalid interface");
2747       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2748         return true;
2749       }
2750     }
2751   }
2752   return false;
2753 }
2754 
2755 void ClassVerifier::verify_invoke_instructions(
2756     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2757     bool in_try_block, bool *this_uninit, VerificationType return_type,
2758     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2759   // Make sure the constant pool item is the right type
2760   u2 index = bcs->get_index_u2();
2761   Bytecodes::Code opcode = bcs->raw_code();
2762   unsigned int types = 0;
2763   switch (opcode) {
2764     case Bytecodes::_invokeinterface:
2765       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2766       break;
2767     case Bytecodes::_invokedynamic:
2768       types = 1 << JVM_CONSTANT_InvokeDynamic;
2769       break;
2770     case Bytecodes::_invokespecial:
2771     case Bytecodes::_invokestatic:
2772       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2773         (1 << JVM_CONSTANT_Methodref) :
2774         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2775       break;
2776     default:
2777       types = 1 << JVM_CONSTANT_Methodref;
2778   }
2779   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2780 
2781   // Get method name and signature
2782   Symbol* method_name = cp->name_ref_at(index);
2783   Symbol* method_sig = cp->signature_ref_at(index);
2784 
2785   // Method signature was checked in ClassFileParser.
2786   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2787          "Invalid method signature");
2788 
2789   // Get referenced class type
2790   VerificationType ref_class_type;
2791   if (opcode == Bytecodes::_invokedynamic) {
2792     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2793       class_format_error(
2794         "invokedynamic instructions not supported by this class file version (%d), class %s",
2795         _klass->major_version(), _klass->external_name());
2796       return;
2797     }
2798   } else {
2799     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2800   }
2801 
2802   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2803         "buffer type must match VerificationType size");
2804 
2805   // Get the UTF8 index for this signature.
2806   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2807 
2808   // Get the signature's verification types.
2809   sig_as_verification_types* mth_sig_verif_types;


2835           "Inconsistent args count operand in invokeinterface");
2836       return;
2837     }
2838     if (*(bcp+4) != 0) {
2839       verify_error(ErrorContext::bad_code(bci),
2840           "Fourth operand byte of invokeinterface must be zero");
2841       return;
2842     }
2843   }
2844 
2845   if (opcode == Bytecodes::_invokedynamic) {
2846     address bcp = bcs->bcp();
2847     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2848       verify_error(ErrorContext::bad_code(bci),
2849           "Third and fourth operand bytes of invokedynamic must be zero");
2850       return;
2851     }
2852   }
2853 
2854   if (method_name->char_at(0) == '<') {
2855     // Make sure <init> can only be invoked by invokespecial
2856     if (opcode != Bytecodes::_invokespecial ||


2857         method_name != vmSymbols::object_initializer_name()) {
2858       verify_error(ErrorContext::bad_code(bci),
2859           "Illegal call to internal method");
2860       return;
2861     }
2862   } else if (opcode == Bytecodes::_invokespecial
2863              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2864              && !ref_class_type.equals(VerificationType::reference_type(
2865                   current_class()->super()->name()))) {
2866     bool subtype = false;
2867     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2868     if (!current_class()->is_unsafe_anonymous()) {
2869       subtype = ref_class_type.is_assignable_from(
2870                  current_type(), this, false, CHECK_VERIFY(this));
2871     } else {
2872       VerificationType unsafe_anonymous_host_type =
2873                         VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name());
2874       subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this));
2875 
2876       // If invokespecial of IMR, need to recheck for same or
2877       // direct interface relative to the host class
2878       have_imr_indirect = (have_imr_indirect &&
2879                            !is_same_or_direct_interface(
2880                              current_class()->unsafe_anonymous_host(),
2881                              unsafe_anonymous_host_type, ref_class_type));
2882     }
2883     if (!subtype) {
2884       verify_error(ErrorContext::bad_code(bci),
2885           "Bad invokespecial instruction: "
2886           "current class isn't assignable to reference class.");
2887        return;
2888     } else if (have_imr_indirect) {
2889       verify_error(ErrorContext::bad_code(bci),
2890           "Bad invokespecial instruction: "
2891           "interface method reference is in an indirect superinterface.");
2892       return;
2893     }
2894 
2895   }
2896 
2897   // Get the verification types for the method's arguments.
2898   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2899   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2900   // Match method descriptor with operand stack
2901   // The arguments are on the stack in descending order.
2902   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2903     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2904   }
2905 
2906   // Check objectref on operand stack
2907   if (opcode != Bytecodes::_invokestatic &&
2908       opcode != Bytecodes::_invokedynamic) {
2909     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method

2910       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2911         code_length, in_try_block, this_uninit, cp, stackmap_table,
2912         CHECK_VERIFY(this));
2913       if (was_recursively_verified()) return;
2914     } else {   // other methods
2915       // Ensures that target class is assignable to method class.
2916       if (opcode == Bytecodes::_invokespecial) {
2917         if (!current_class()->is_unsafe_anonymous()) {
2918           current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2919         } else {
2920           // anonymous class invokespecial calls: check if the
2921           // objectref is a subtype of the unsafe_anonymous_host of the current class
2922           // to allow an anonymous class to reference methods in the unsafe_anonymous_host
2923           VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2924           VerificationType hosttype =
2925             VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name());
2926           bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));

2927           if (!subtype) {
2928             verify_error( ErrorContext::bad_type(current_frame->offset(),
2929               current_frame->stack_top_ctx(),
2930               TypeOrigin::implicit(top)),
2931               "Bad type on operand stack");
2932             return;
2933           }
2934         }
2935       } else if (opcode == Bytecodes::_invokevirtual) {
2936         VerificationType stack_object_type =
2937           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2938         if (current_type() != stack_object_type) {
2939           if (was_recursively_verified()) return;
2940           assert(cp->cache() == NULL, "not rewritten yet");
2941           Symbol* ref_class_name =
2942             cp->klass_name_at(cp->klass_ref_index_at(index));
2943           // See the comments in verify_field_instructions() for
2944           // the rationale behind this.
2945           if (name_in_supers(ref_class_name, current_class())) {
2946             Klass* ref_class = load_class(ref_class_name, CHECK);


2959                 } else {
2960                   verify_error(ErrorContext::bad_type(bci,
2961                       current_frame->stack_top_ctx(),
2962                       TypeOrigin::implicit(current_type())),
2963                       "Bad access to protected data in invokevirtual");
2964                   return;
2965                 }
2966               }
2967             }
2968           }
2969         }
2970       } else {
2971         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2972         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2973       }
2974     }
2975   }
2976   // Push the result type.
2977   int sig_verif_types_len = sig_verif_types->length();
2978   if (sig_verif_types_len > nargs) {  // There's a return type
2979     if (method_name == vmSymbols::object_initializer_name()) {
2980       // <init> method must have a void return type
2981       /* Unreachable?  Class file parser verifies that methods with '<' have
2982        * void return */
2983       verify_error(ErrorContext::bad_code(bci),
2984           "Return type must be void in <init> method");
2985       return;
2986     }
2987 
2988     assert(sig_verif_types_len <= nargs + 2,
2989            "Signature verification types array return type is bogus");
2990     for (int i = nargs; i < sig_verif_types_len; i++) {
2991       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2992              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2993       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2994     }








2995   }
2996 }
2997 
2998 VerificationType ClassVerifier::get_newarray_type(
2999     u2 index, u2 bci, TRAPS) {
3000   const char* from_bt[] = {
3001     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3002   };
3003   if (index < T_BOOLEAN || index > T_LONG) {
3004     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3005     return VerificationType::bogus_type();
3006   }
3007 
3008   // from_bt[index] contains the array signature which has a length of 2
3009   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3010   return VerificationType::reference_type(sig);
3011 }
3012 
3013 void ClassVerifier::verify_anewarray(
3014     u2 bci, u2 index, const constantPoolHandle& cp,


3021   VerificationType component_type =
3022     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3023   int length;
3024   char* arr_sig_str;
3025   if (component_type.is_array()) {     // it's an array
3026     const char* component_name = component_type.name()->as_utf8();
3027     // Check for more than MAX_ARRAY_DIMENSIONS
3028     length = (int)strlen(component_name);
3029     if (length > MAX_ARRAY_DIMENSIONS &&
3030         component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3031       verify_error(ErrorContext::bad_code(bci),
3032         "Illegal anewarray instruction, array has more than 255 dimensions");
3033     }
3034     // add one dimension to component
3035     length++;
3036     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3037     int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name);
3038     assert(n == length, "Unexpected number of characters in string");
3039   } else {         // it's an object or interface
3040     const char* component_name = component_type.name()->as_utf8();
3041     // add one dimension to component with 'L' prepended and ';' postpended.

3042     length = (int)strlen(component_name) + 3;
3043     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3044     int n = os::snprintf(arr_sig_str, length + 1, "[L%s;", component_name);
3045     assert(n == length, "Unexpected number of characters in string");
3046   }
3047   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3048   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3049   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3050 }
3051 
3052 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3053   current_frame->get_local(
3054     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3055   current_frame->push_stack(
3056     VerificationType::integer_type(), CHECK_VERIFY(this));
3057 }
3058 
3059 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3060   current_frame->get_local_2(
3061     index, VerificationType::long_type(),
3062     VerificationType::long2_type(), CHECK_VERIFY(this));
3063   current_frame->push_stack_2(
3064     VerificationType::long_type(),


3066 }
3067 
3068 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3069   current_frame->get_local(
3070     index, VerificationType::float_type(), CHECK_VERIFY(this));
3071   current_frame->push_stack(
3072     VerificationType::float_type(), CHECK_VERIFY(this));
3073 }
3074 
3075 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3076   current_frame->get_local_2(
3077     index, VerificationType::double_type(),
3078     VerificationType::double2_type(), CHECK_VERIFY(this));
3079   current_frame->push_stack_2(
3080     VerificationType::double_type(),
3081     VerificationType::double2_type(), CHECK_VERIFY(this));
3082 }
3083 
3084 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3085   VerificationType type = current_frame->get_local(
3086     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3087   current_frame->push_stack(type, CHECK_VERIFY(this));
3088 }
3089 
3090 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3091   current_frame->pop_stack(
3092     VerificationType::integer_type(), CHECK_VERIFY(this));
3093   current_frame->set_local(
3094     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3095 }
3096 
3097 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3098   current_frame->pop_stack_2(
3099     VerificationType::long2_type(),
3100     VerificationType::long_type(), CHECK_VERIFY(this));
3101   current_frame->set_local_2(
3102     index, VerificationType::long_type(),
3103     VerificationType::long2_type(), CHECK_VERIFY(this));
3104 }
3105 
3106 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3107   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3108   current_frame->set_local(
3109     index, VerificationType::float_type(), CHECK_VERIFY(this));
3110 }
3111 
3112 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3113   current_frame->pop_stack_2(
3114     VerificationType::double2_type(),
3115     VerificationType::double_type(), CHECK_VERIFY(this));
3116   current_frame->set_local_2(
3117     index, VerificationType::double_type(),
3118     VerificationType::double2_type(), CHECK_VERIFY(this));
3119 }
3120 
3121 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3122   VerificationType type = current_frame->pop_stack(
3123     VerificationType::reference_check(), CHECK_VERIFY(this));
3124   current_frame->set_local(index, type, CHECK_VERIFY(this));
3125 }
3126 
3127 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3128   VerificationType type = current_frame->get_local(
3129     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3130   current_frame->set_local(index, type, CHECK_VERIFY(this));
3131 }
3132 
3133 void ClassVerifier::verify_return_value(
3134     VerificationType return_type, VerificationType type, u2 bci,
3135     StackMapFrame* current_frame, TRAPS) {
3136   if (return_type == VerificationType::bogus_type()) {
3137     verify_error(ErrorContext::bad_type(bci,
3138         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3139         "Method expects a return value");
3140     return;
3141   }
3142   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3143   if (!match) {




  44 #include "oops/constantPool.inline.hpp"
  45 #include "oops/instanceKlass.hpp"
  46 #include "oops/oop.inline.hpp"
  47 #include "oops/typeArrayOop.hpp"
  48 #include "runtime/fieldDescriptor.hpp"
  49 #include "runtime/handles.inline.hpp"
  50 #include "runtime/interfaceSupport.inline.hpp"
  51 #include "runtime/javaCalls.hpp"
  52 #include "runtime/jniHandles.inline.hpp"
  53 #include "runtime/orderAccess.hpp"
  54 #include "runtime/os.hpp"
  55 #include "runtime/safepointVerifiers.hpp"
  56 #include "runtime/thread.hpp"
  57 #include "services/threadService.hpp"
  58 #include "utilities/align.hpp"
  59 #include "utilities/bytes.hpp"
  60 
  61 #define NOFAILOVER_MAJOR_VERSION                       51
  62 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  63 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  64 #define VALUETYPE_MAJOR_VERSION                        56
  65 #define MAX_ARRAY_DIMENSIONS 255
  66 
  67 // Access to external entry for VerifyClassCodes - old byte code verifier
  68 
  69 extern "C" {
  70   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
  71   typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static void* volatile _verify_byte_codes_fn = NULL;
  75 
  76 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
  77 
  78 static void* verify_byte_codes_fn() {
  79   if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
  80     void *lib_handle = os::native_java_library();
  81     void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
  82     OrderAccess::release_store(&_verify_byte_codes_fn, func);
  83     if (func == NULL) {
  84       _is_new_verify_byte_codes_fn = false;


 239       }
 240       kls = kls->super();
 241     }
 242     if (message_buffer != NULL) {
 243       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 244     }
 245     assert(exception_message != NULL, "");
 246     THROW_MSG_(exception_name, exception_message, false);
 247   }
 248 }
 249 
 250 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 251   Symbol* name = klass->name();
 252   Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
 253 
 254   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 255 
 256   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 257     // return if the class is a bootstrapping class
 258     // or defineClass specified not to verify by default (flags override passed arg)
 259     // We need to skip the following four for bootstrapping
 260     name != vmSymbols::java_lang_Object() &&
 261     name != vmSymbols::java_lang_Class() &&
 262     name != vmSymbols::java_lang_String() &&
 263     name != vmSymbols::java_lang_Throwable() &&
 264 
 265     // Can not verify the bytecodes for shared classes because they have
 266     // already been rewritten to contain constant pool cache indices,
 267     // which the verifier can't understand.
 268     // Shared classes shouldn't have stackmaps either.
 269     !klass->is_shared() &&
 270 
 271     // As of the fix for 4486457 we disable verification for all of the
 272     // dynamically-generated bytecodes associated with the 1.4
 273     // reflection implementation, not just those associated with
 274     // jdk/internal/reflect/SerializationConstructorAccessor.
 275     // NOTE: this is called too early in the bootstrapping process to be
 276     // guarded by Universe::is_gte_jdk14x_version().
 277     // Also for lambda generated code, gte jdk8
 278     (!is_reflect));
 279 }


 470       ss->print("Local index %d is invalid", _type.index());
 471       break;
 472     case LOCALS_SIZE_MISMATCH:
 473       ss->print("Current frame's local size doesn't match stackmap.");
 474       break;
 475     case STACK_SIZE_MISMATCH:
 476       ss->print("Current frame's stack size doesn't match stackmap.");
 477       break;
 478     case STACK_OVERFLOW:
 479       ss->print("Exceeded max stack size.");
 480       break;
 481     case STACK_UNDERFLOW:
 482       ss->print("Attempt to pop empty stack.");
 483       break;
 484     case MISSING_STACKMAP:
 485       ss->print("Expected stackmap frame at this location.");
 486       break;
 487     case BAD_STACKMAP:
 488       ss->print("Invalid stackmap specification.");
 489       break;
 490     case WRONG_VALUE_TYPE:
 491       ss->print("Type ");
 492       _type.details(ss);
 493       ss->print(" and type ");
 494       _expected.details(ss);
 495       ss->print(" must be identical inline types.");
 496       break;
 497     case UNKNOWN:
 498     default:
 499       ShouldNotReachHere();
 500       ss->print_cr("Unknown");
 501   }
 502   ss->cr();
 503 }
 504 
 505 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 506   if (_bci != -1 && method != NULL) {
 507     streamIndentor si(ss);
 508     const char* bytecode_name = "<invalid>";
 509     if (method->validate_bci(_bci) != -1) {
 510       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 511       if (Bytecodes::is_defined(code)) {
 512           bytecode_name = Bytecodes::name(code);
 513       } else {
 514           bytecode_name = "<illegal>";
 515       }
 516     }


 571     stack_map_frame* sm_frame = sm_table->entries();
 572     streamIndentor si2(ss);
 573     int current_offset = -1;
 574     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 575     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 576       ss->indent();
 577       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 578         sm_frame->print_truncated(ss, current_offset);
 579         return;
 580       }
 581       sm_frame->print_on(ss, current_offset);
 582       ss->cr();
 583       current_offset += sm_frame->offset_delta();
 584       sm_frame = sm_frame->next();
 585     }
 586   }
 587 }
 588 
 589 // Methods in ClassVerifier
 590 
 591 VerificationType reference_or_valuetype(InstanceKlass* klass) {
 592   if (klass->is_value()) {
 593     return VerificationType::valuetype_type(klass->name());
 594   } else {
 595     return VerificationType::reference_type(klass->name());
 596   }
 597 }
 598 
 599 ClassVerifier::ClassVerifier(
 600     InstanceKlass* klass, TRAPS)
 601     : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 602       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 603   _this_type = reference_or_valuetype(klass);
 604 }
 605 
 606 ClassVerifier::~ClassVerifier() {
 607   // Decrement the reference count for any symbols created.
 608   if (_symbols != NULL) {
 609     for (int i = 0; i < _symbols->length(); i++) {
 610       Symbol* s = _symbols->at(i);
 611       s->decrement_refcount();
 612     }
 613   }
 614 }
 615 
 616 VerificationType ClassVerifier::object_type() const {
 617   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 618 }
 619 
 620 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 621   VerificationType vt = VerificationType::reference_type(
 622                          create_temporary_symbol(sig, (int)strlen(sig)));
 623   return TypeOrigin::implicit(vt);


1028         case Bytecodes::_daload :
1029           type = current_frame.pop_stack(
1030             VerificationType::integer_type(), CHECK_VERIFY(this));
1031           atype = current_frame.pop_stack(
1032             VerificationType::reference_check(), CHECK_VERIFY(this));
1033           if (!atype.is_double_array()) {
1034             verify_error(ErrorContext::bad_type(bci,
1035                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1036                 bad_type_msg, "daload");
1037             return;
1038           }
1039           current_frame.push_stack_2(
1040             VerificationType::double_type(),
1041             VerificationType::double2_type(), CHECK_VERIFY(this));
1042           no_control_flow = false; break;
1043         case Bytecodes::_aaload : {
1044           type = current_frame.pop_stack(
1045             VerificationType::integer_type(), CHECK_VERIFY(this));
1046           atype = current_frame.pop_stack(
1047             VerificationType::reference_check(), CHECK_VERIFY(this));
1048           if (!atype.is_nonscalar_array()) {
1049             verify_error(ErrorContext::bad_type(bci,
1050                 current_frame.stack_top_ctx(),
1051                 TypeOrigin::implicit(VerificationType::reference_check())),
1052                 bad_type_msg, "aaload");
1053             return;
1054           }
1055           if (atype.is_null()) {
1056             current_frame.push_stack(
1057               VerificationType::null_type(), CHECK_VERIFY(this));
1058           } else {
1059             VerificationType component =
1060               atype.get_component(this, CHECK_VERIFY(this));
1061             current_frame.push_stack(component, CHECK_VERIFY(this));
1062           }
1063           no_control_flow = false; break;
1064         }
1065         case Bytecodes::_istore :
1066           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1067           no_control_flow = false; break;
1068         case Bytecodes::_istore_0 :


1202             VerificationType::double2_type(),
1203             VerificationType::double_type(), CHECK_VERIFY(this));
1204           current_frame.pop_stack(
1205             VerificationType::integer_type(), CHECK_VERIFY(this));
1206           atype = current_frame.pop_stack(
1207             VerificationType::reference_check(), CHECK_VERIFY(this));
1208           if (!atype.is_double_array()) {
1209             verify_error(ErrorContext::bad_type(bci,
1210                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1211                 bad_type_msg, "dastore");
1212             return;
1213           }
1214           no_control_flow = false; break;
1215         case Bytecodes::_aastore :
1216           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1217           type2 = current_frame.pop_stack(
1218             VerificationType::integer_type(), CHECK_VERIFY(this));
1219           atype = current_frame.pop_stack(
1220             VerificationType::reference_check(), CHECK_VERIFY(this));
1221           // more type-checking is done at runtime
1222           if (!atype.is_nonscalar_array()) {
1223             verify_error(ErrorContext::bad_type(bci,
1224                 current_frame.stack_top_ctx(),
1225                 TypeOrigin::implicit(VerificationType::reference_check())),
1226                 bad_type_msg, "aastore");
1227             return;
1228           }
1229           // 4938384: relaxed constraint in JVMS 3nd edition.
1230           no_control_flow = false; break;
1231         case Bytecodes::_pop :
1232           current_frame.pop_stack(
1233             VerificationType::category1_check(), CHECK_VERIFY(this));
1234           no_control_flow = false; break;
1235         case Bytecodes::_pop2 :
1236           type = current_frame.pop_stack(CHECK_VERIFY(this));
1237           if (type.is_category1()) {
1238             current_frame.pop_stack(
1239               VerificationType::category1_check(), CHECK_VERIFY(this));
1240           } else if (type.is_category2_2nd()) {
1241             current_frame.pop_stack(
1242               VerificationType::category2_check(), CHECK_VERIFY(this));


1602         case Bytecodes::_if_icmpgt:
1603         case Bytecodes::_if_icmple:
1604           current_frame.pop_stack(
1605             VerificationType::integer_type(), CHECK_VERIFY(this));
1606           // fall through
1607         case Bytecodes::_ifeq:
1608         case Bytecodes::_ifne:
1609         case Bytecodes::_iflt:
1610         case Bytecodes::_ifge:
1611         case Bytecodes::_ifgt:
1612         case Bytecodes::_ifle:
1613           current_frame.pop_stack(
1614             VerificationType::integer_type(), CHECK_VERIFY(this));
1615           target = bcs.dest();
1616           stackmap_table.check_jump_target(
1617             &current_frame, target, CHECK_VERIFY(this));
1618           no_control_flow = false; break;
1619         case Bytecodes::_if_acmpeq :
1620         case Bytecodes::_if_acmpne :
1621           current_frame.pop_stack(
1622             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1623           // fall through
1624         case Bytecodes::_ifnull :
1625         case Bytecodes::_ifnonnull :
1626           current_frame.pop_stack(
1627             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1628           target = bcs.dest();
1629           stackmap_table.check_jump_target
1630             (&current_frame, target, CHECK_VERIFY(this));
1631           no_control_flow = false; break;
1632         case Bytecodes::_goto :
1633           target = bcs.dest();
1634           stackmap_table.check_jump_target(
1635             &current_frame, target, CHECK_VERIFY(this));
1636           no_control_flow = true; break;
1637         case Bytecodes::_goto_w :
1638           target = bcs.dest_w();
1639           stackmap_table.check_jump_target(
1640             &current_frame, target, CHECK_VERIFY(this));
1641           no_control_flow = true; break;
1642         case Bytecodes::_tableswitch :
1643         case Bytecodes::_lookupswitch :
1644           verify_switch(
1645             &bcs, code_length, code_data, &current_frame,
1646             &stackmap_table, CHECK_VERIFY(this));
1647           no_control_flow = true; break;


1658             VerificationType::long_type(), CHECK_VERIFY(this));
1659           verify_return_value(return_type, type, bci,
1660                               &current_frame, CHECK_VERIFY(this));
1661           no_control_flow = true; break;
1662         case Bytecodes::_freturn :
1663           type = current_frame.pop_stack(
1664             VerificationType::float_type(), CHECK_VERIFY(this));
1665           verify_return_value(return_type, type, bci,
1666                               &current_frame, CHECK_VERIFY(this));
1667           no_control_flow = true; break;
1668         case Bytecodes::_dreturn :
1669           type2 = current_frame.pop_stack(
1670             VerificationType::double2_type(),  CHECK_VERIFY(this));
1671           type = current_frame.pop_stack(
1672             VerificationType::double_type(), CHECK_VERIFY(this));
1673           verify_return_value(return_type, type, bci,
1674                               &current_frame, CHECK_VERIFY(this));
1675           no_control_flow = true; break;
1676         case Bytecodes::_areturn :
1677           type = current_frame.pop_stack(
1678             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1679           verify_return_value(return_type, type, bci,
1680                               &current_frame, CHECK_VERIFY(this));
1681           no_control_flow = true; break;
1682         case Bytecodes::_return :
1683           if (return_type != VerificationType::bogus_type()) {
1684             verify_error(ErrorContext::bad_code(bci),
1685                          "Method expects a return value");
1686             return;
1687           }
1688           // Make sure "this" has been initialized if current method is an
1689           // <init>.
1690           if (_method->is_object_constructor() &&
1691               current_frame.flag_this_uninit()) {
1692             verify_error(ErrorContext::bad_code(bci),
1693                          "Constructor must call super() or this() "
1694                          "before return");
1695             return;
1696           }
1697           no_control_flow = true; break;
1698         case Bytecodes::_getstatic :
1699         case Bytecodes::_putstatic :
1700           // pass TRUE, operand can be an array type for getstatic/putstatic.
1701           verify_field_instructions(
1702             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1703           no_control_flow = false; break;
1704         case Bytecodes::_getfield :
1705         case Bytecodes::_putfield :
1706           // pass FALSE, operand can't be an array type for getfield/putfield.
1707           verify_field_instructions(
1708             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1709           no_control_flow = false; break;
1710         case Bytecodes::_withfield :
1711           if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1712             class_format_error(
1713               "withfield not supported by this class file version (%d.%d), class %s",
1714               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1715             return;
1716           }
1717           // pass FALSE, operand can't be an array type for withfield.
1718           verify_field_instructions(
1719             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1720           no_control_flow = false; break;
1721         case Bytecodes::_invokevirtual :
1722         case Bytecodes::_invokespecial :
1723         case Bytecodes::_invokestatic :




1724         case Bytecodes::_invokeinterface :
1725         case Bytecodes::_invokedynamic :
1726           verify_invoke_instructions(
1727             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1728             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1729           no_control_flow = false; break;
1730         case Bytecodes::_new :
1731         {
1732           index = bcs.get_index_u2();
1733           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1734           VerificationType new_class_type =
1735             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1736           if (!new_class_type.is_object()) {
1737             verify_error(ErrorContext::bad_type(bci,
1738                 TypeOrigin::cp(index, new_class_type)),
1739                 "Illegal new instruction");
1740             return;
1741           }
1742           type = VerificationType::uninitialized_type(bci);
1743           current_frame.push_stack(type, CHECK_VERIFY(this));
1744           no_control_flow = false; break;
1745         }
1746         case Bytecodes::_defaultvalue :
1747         {
1748           if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1749             class_format_error(
1750               "defaultvalue not supported by this class file version (%d.%d), class %s",
1751               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1752             return;
1753           }
1754           index = bcs.get_index_u2();
1755           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1756           VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1757           if (!ref_type.is_object()) {
1758             verify_error(ErrorContext::bad_type(bci,
1759                 TypeOrigin::cp(index, ref_type)),
1760                 "Illegal defaultvalue instruction");
1761             return;
1762           }
1763           VerificationType value_type =
1764             VerificationType::change_ref_to_valuetype(ref_type);
1765           current_frame.push_stack(value_type, CHECK_VERIFY(this));
1766           no_control_flow = false; break;
1767         }
1768         case Bytecodes::_newarray :
1769           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1770           current_frame.pop_stack(
1771             VerificationType::integer_type(),  CHECK_VERIFY(this));
1772           current_frame.push_stack(type, CHECK_VERIFY(this));
1773           no_control_flow = false; break;
1774         case Bytecodes::_anewarray :
1775           verify_anewarray(
1776             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1777           no_control_flow = false; break;
1778         case Bytecodes::_arraylength :
1779           type = current_frame.pop_stack(
1780             VerificationType::reference_check(), CHECK_VERIFY(this));
1781           if (!(type.is_null() || type.is_array())) {
1782             verify_error(ErrorContext::bad_type(
1783                 bci, current_frame.stack_top_ctx()),
1784                 bad_type_msg, "arraylength");
1785           }
1786           current_frame.push_stack(
1787             VerificationType::integer_type(), CHECK_VERIFY(this));
1788           no_control_flow = false; break;
1789         case Bytecodes::_checkcast :
1790         {
1791           index = bcs.get_index_u2();
1792           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1793           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1794           VerificationType klass_type = cp_index_to_type(
1795             index, cp, CHECK_VERIFY(this));
1796           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1797           no_control_flow = false; break;
1798         }
1799         case Bytecodes::_instanceof : {
1800           index = bcs.get_index_u2();
1801           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803           current_frame.push_stack(
1804             VerificationType::integer_type(), CHECK_VERIFY(this));
1805           no_control_flow = false; break;
1806         }
1807         case Bytecodes::_monitorenter :
1808         case Bytecodes::_monitorexit : {
1809           VerificationType ref = current_frame.pop_stack(
1810             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1811           no_control_flow = false; break;
1812         }
1813         case Bytecodes::_multianewarray :
1814         {
1815           index = bcs.get_index_u2();
1816           u2 dim = *(bcs.bcp()+3);
1817           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1818           VerificationType new_array_type =
1819             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1820           if (!new_array_type.is_array()) {
1821             verify_error(ErrorContext::bad_type(bci,
1822                 TypeOrigin::cp(index, new_array_type)),
1823                 "Illegal constant pool index in multianewarray instruction");
1824             return;
1825           }
1826           if (dim < 1 || new_array_type.dimensions() < dim) {
1827             verify_error(ErrorContext::bad_code(bci),
1828                 "Illegal dimension in multianewarray instruction: %d", dim);
1829             return;
1830           }
1831           for (int i = 0; i < dim; i++) {
1832             current_frame.pop_stack(


2051   int nconstants = cp->length();
2052   if ((index <= 0) || (index >= nconstants)) {
2053     verify_error(ErrorContext::bad_cp_index(bci, index),
2054         "Illegal constant pool index %d in class %s",
2055         index, cp->pool_holder()->external_name());
2056     return;
2057   }
2058 }
2059 
2060 void ClassVerifier::verify_cp_type(
2061     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2062 
2063   // In some situations, bytecode rewriting may occur while we're verifying.
2064   // In this case, a constant pool cache exists and some indices refer to that
2065   // instead.  Be sure we don't pick up such indices by accident.
2066   // We must check was_recursively_verified() before we get here.
2067   guarantee(cp->cache() == NULL, "not rewritten yet");
2068 
2069   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2070   unsigned int tag = cp->tag_at(index).value();
2071 
2072   if ((types & (1 << tag)) == 0) {
2073     verify_error(ErrorContext::bad_cp_index(bci, index),
2074       "Illegal type at constant pool entry %d in class %s",
2075       index, cp->pool_holder()->external_name());
2076     return;
2077   }
2078 }
2079 
2080 void ClassVerifier::verify_cp_class_type(
2081     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2082   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2083   constantTag tag = cp->tag_at(index);
2084   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2085     verify_error(ErrorContext::bad_cp_index(bci, index),
2086         "Illegal type at constant pool entry %d in class %s",
2087         index, cp->pool_holder()->external_name());
2088     return;
2089   }
2090 }
2091 


2164   } else {
2165     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2166     if (member_klass != NULL && fd.is_protected()) {
2167       if (!this_class->is_same_class_package(member_klass)) {
2168         return true;
2169       }
2170     }
2171   }
2172   return false;
2173 }
2174 
2175 void ClassVerifier::verify_ldc(
2176     int opcode, u2 index, StackMapFrame* current_frame,
2177     const constantPoolHandle& cp, u2 bci, TRAPS) {
2178   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2179   constantTag tag = cp->tag_at(index);
2180   unsigned int types = 0;
2181   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2182     if (!tag.is_unresolved_klass()) {
2183       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2184             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2185             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2186             | (1 << JVM_CONSTANT_Dynamic);
2187       // Note:  The class file parser already verified the legality of
2188       // MethodHandle and MethodType constants.
2189       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2190     }
2191   } else {
2192     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2193     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2194           | (1 << JVM_CONSTANT_Dynamic);
2195     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2196   }
2197   if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2198     current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2199   } else if (tag.is_string()) {
2200     current_frame->push_stack(
2201       VerificationType::reference_type(
2202         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2203   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2204     current_frame->push_stack(


2340                                               StackMapFrame* current_frame,
2341                                               const constantPoolHandle& cp,
2342                                               bool allow_arrays,
2343                                               TRAPS) {
2344   u2 index = bcs->get_index_u2();
2345   verify_cp_type(bcs->bci(), index, cp,
2346       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2347 
2348   // Get field name and signature
2349   Symbol* field_name = cp->name_ref_at(index);
2350   Symbol* field_sig = cp->signature_ref_at(index);
2351 
2352   // Field signature was checked in ClassFileParser.
2353   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2354          "Invalid field signature");
2355 
2356   // Get referenced class type
2357   VerificationType ref_class_type = cp_ref_index_to_type(
2358     index, cp, CHECK_VERIFY(this));
2359   if (!ref_class_type.is_object() &&
2360       (!allow_arrays || !ref_class_type.is_array())) {
2361     verify_error(ErrorContext::bad_type(bcs->bci(),
2362         TypeOrigin::cp(index, ref_class_type)),
2363         "Expecting reference to class in class %s at constant pool index %d",
2364         _klass->external_name(), index);
2365     return;
2366   }
2367 
2368   VerificationType target_class_type = ref_class_type;
2369 
2370   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2371         "buffer type must match VerificationType size");
2372   uintptr_t field_type_buffer[2];
2373   VerificationType* field_type = (VerificationType*)field_type_buffer;
2374   // If we make a VerificationType[2] array directly, the compiler calls
2375   // to the c-runtime library to do the allocation instead of just
2376   // stack allocating it.  Plus it would run constructors.  This shows up
2377   // in performance profiles.
2378 
2379   SignatureStream sig_stream(field_sig, false);
2380   VerificationType stack_object_type;
2381   int n = change_sig_to_verificationType(&sig_stream, field_type);
2382   u2 bci = bcs->bci();
2383   bool is_assignable;
2384   switch (bcs->raw_code()) {
2385     case Bytecodes::_getstatic: {
2386       for (int i = 0; i < n; i++) {
2387         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2388       }
2389       break;
2390     }
2391     case Bytecodes::_putstatic: {
2392       for (int i = n - 1; i >= 0; i--) {
2393         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2394       }
2395       break;
2396     }
2397     case Bytecodes::_withfield: {
2398       for (int i = n - 1; i >= 0; i--) {
2399         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2400       }
2401       // stack_object_type and target_class_type must be the same value type.
2402       stack_object_type =
2403         current_frame->pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this));
2404       VerificationType target_value_type =
2405         VerificationType::change_ref_to_valuetype(target_class_type);
2406       if (!stack_object_type.equals(target_value_type)) {
2407         verify_error(ErrorContext::bad_value_type(bci,
2408             current_frame->stack_top_ctx(),
2409             TypeOrigin::cp(index, target_class_type)),
2410             "Invalid type on operand stack in withfield instruction");
2411         return;
2412       }
2413       current_frame->push_stack(target_value_type, CHECK_VERIFY(this));
2414       break;
2415     }
2416     case Bytecodes::_getfield: {
2417       stack_object_type = current_frame->pop_stack(
2418         target_class_type, CHECK_VERIFY(this));
2419       for (int i = 0; i < n; i++) {
2420         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2421       }
2422       goto check_protected;
2423     }
2424     case Bytecodes::_putfield: {
2425       for (int i = n - 1; i >= 0; i--) {
2426         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2427       }
2428       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2429 
2430       // The JVMS 2nd edition allows field initialization before the superclass
2431       // initializer, if the field is defined within the current class.
2432       fieldDescriptor fd;
2433       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2434           target_class_type.equals(current_type()) &&
2435           _klass->find_local_field(field_name, field_sig, &fd)) {


2804 bool ClassVerifier::is_same_or_direct_interface(
2805     InstanceKlass* klass,
2806     VerificationType klass_type,
2807     VerificationType ref_class_type) {
2808   if (ref_class_type.equals(klass_type)) return true;
2809   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2810   if (local_interfaces != NULL) {
2811     for (int x = 0; x < local_interfaces->length(); x++) {
2812       InstanceKlass* k = local_interfaces->at(x);
2813       assert (k != NULL && k->is_interface(), "invalid interface");
2814       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2815         return true;
2816       }
2817     }
2818   }
2819   return false;
2820 }
2821 
2822 void ClassVerifier::verify_invoke_instructions(
2823     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2824     bool in_try_block, bool *this_uninit,
2825     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2826   // Make sure the constant pool item is the right type
2827   u2 index = bcs->get_index_u2();
2828   Bytecodes::Code opcode = bcs->raw_code();
2829   unsigned int types = 0;
2830   switch (opcode) {
2831     case Bytecodes::_invokeinterface:
2832       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2833       break;
2834     case Bytecodes::_invokedynamic:
2835       types = 1 << JVM_CONSTANT_InvokeDynamic;
2836       break;
2837     case Bytecodes::_invokespecial:
2838     case Bytecodes::_invokestatic:
2839       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2840         (1 << JVM_CONSTANT_Methodref) :
2841         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2842       break;
2843     default:
2844       types = 1 << JVM_CONSTANT_Methodref;
2845   }
2846   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2847 
2848   // Get method name and signature
2849   Symbol* method_name = cp->name_ref_at(index);
2850   Symbol* method_sig = cp->signature_ref_at(index);
2851 
2852   // Method signature was checked in ClassFileParser.
2853   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2854          "Invalid method signature");
2855 
2856   // Get referenced class
2857   VerificationType ref_class_type;
2858   if (opcode == Bytecodes::_invokedynamic) {
2859     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2860       class_format_error(
2861         "invokedynamic instructions not supported by this class file version (%d), class %s",
2862         _klass->major_version(), _klass->external_name());
2863       return;
2864     }
2865   } else {
2866     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2867   }
2868 
2869   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2870         "buffer type must match VerificationType size");
2871 
2872   // Get the UTF8 index for this signature.
2873   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2874 
2875   // Get the signature's verification types.
2876   sig_as_verification_types* mth_sig_verif_types;


2902           "Inconsistent args count operand in invokeinterface");
2903       return;
2904     }
2905     if (*(bcp+4) != 0) {
2906       verify_error(ErrorContext::bad_code(bci),
2907           "Fourth operand byte of invokeinterface must be zero");
2908       return;
2909     }
2910   }
2911 
2912   if (opcode == Bytecodes::_invokedynamic) {
2913     address bcp = bcs->bcp();
2914     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2915       verify_error(ErrorContext::bad_code(bci),
2916           "Third and fourth operand bytes of invokedynamic must be zero");
2917       return;
2918     }
2919   }
2920 
2921   if (method_name->char_at(0) == '<') {
2922     // Make sure <init> can only be invoked by invokespecial or invokestatic.
2923     // The allowed invocation mode of <init> depends on its signature.
2924     if ((opcode != Bytecodes::_invokespecial &&
2925          opcode != Bytecodes::_invokestatic) ||
2926         method_name != vmSymbols::object_initializer_name()) {
2927       verify_error(ErrorContext::bad_code(bci),
2928           "Illegal call to internal method");
2929       return;
2930     }
2931   } else if (opcode == Bytecodes::_invokespecial
2932              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2933              && !ref_class_type.equals(VerificationType::reference_type(
2934                   current_class()->super()->name()))) { // super() can never be a value_type.
2935     bool subtype = false;
2936     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2937     if (!current_class()->is_unsafe_anonymous()) {
2938       subtype = ref_class_type.is_assignable_from(
2939                  current_type(), this, false, CHECK_VERIFY(this));
2940     } else {
2941       InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2942       VerificationType unsafe_anonymous_host_type = reference_or_valuetype(unsafe_host);
2943       subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this));
2944 
2945       // If invokespecial of IMR, need to recheck for same or
2946       // direct interface relative to the host class
2947       have_imr_indirect = (have_imr_indirect &&
2948                            !is_same_or_direct_interface(
2949                              unsafe_host,
2950                              unsafe_anonymous_host_type, ref_class_type));
2951     }
2952     if (!subtype) {
2953       verify_error(ErrorContext::bad_code(bci),
2954           "Bad invokespecial instruction: "
2955           "current class isn't assignable to reference class.");
2956        return;
2957     } else if (have_imr_indirect) {
2958       verify_error(ErrorContext::bad_code(bci),
2959           "Bad invokespecial instruction: "
2960           "interface method reference is in an indirect superinterface.");
2961       return;
2962     }
2963 
2964   }
2965 
2966   // Get the verification types for the method's arguments.
2967   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2968   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2969   // Match method descriptor with operand stack
2970   // The arguments are on the stack in descending order.
2971   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2972     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2973   }
2974 
2975   // Check objectref on operand stack
2976   if (opcode != Bytecodes::_invokestatic &&
2977       opcode != Bytecodes::_invokedynamic) {
2978     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2979       // (use of <init> as a static factory is handled under invokestatic)
2980       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2981         code_length, in_try_block, this_uninit, cp, stackmap_table,
2982         CHECK_VERIFY(this));
2983       if (was_recursively_verified()) return;
2984     } else {   // other methods
2985       // Ensures that target class is assignable to method class.
2986       if (opcode == Bytecodes::_invokespecial) {
2987         if (!current_class()->is_unsafe_anonymous()) {
2988           current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2989         } else {
2990           // anonymous class invokespecial calls: check if the
2991           // objectref is a subtype of the unsafe_anonymous_host of the current class
2992           // to allow an anonymous class to reference methods in the unsafe_anonymous_host
2993           VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2994 
2995           InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2996           VerificationType host_type = reference_or_valuetype(unsafe_host);
2997           bool subtype = host_type.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2998           if (!subtype) {
2999             verify_error( ErrorContext::bad_type(current_frame->offset(),
3000               current_frame->stack_top_ctx(),
3001               TypeOrigin::implicit(top)),
3002               "Bad type on operand stack");
3003             return;
3004           }
3005         }
3006       } else if (opcode == Bytecodes::_invokevirtual) {
3007         VerificationType stack_object_type =
3008           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3009         if (current_type() != stack_object_type) {
3010           if (was_recursively_verified()) return;
3011           assert(cp->cache() == NULL, "not rewritten yet");
3012           Symbol* ref_class_name =
3013             cp->klass_name_at(cp->klass_ref_index_at(index));
3014           // See the comments in verify_field_instructions() for
3015           // the rationale behind this.
3016           if (name_in_supers(ref_class_name, current_class())) {
3017             Klass* ref_class = load_class(ref_class_name, CHECK);


3030                 } else {
3031                   verify_error(ErrorContext::bad_type(bci,
3032                       current_frame->stack_top_ctx(),
3033                       TypeOrigin::implicit(current_type())),
3034                       "Bad access to protected data in invokevirtual");
3035                   return;
3036                 }
3037               }
3038             }
3039           }
3040         }
3041       } else {
3042         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3043         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3044       }
3045     }
3046   }
3047   // Push the result type.
3048   int sig_verif_types_len = sig_verif_types->length();
3049   if (sig_verif_types_len > nargs) {  // There's a return type
3050     if (method_name == vmSymbols::object_initializer_name() &&
3051         opcode != Bytecodes::_invokestatic) {
3052       // an <init> method must have a void return type, unless it's a static factory

3053       verify_error(ErrorContext::bad_code(bci),
3054           "Return type must be void in <init> method");
3055       return;
3056     }
3057 
3058     assert(sig_verif_types_len <= nargs + 2,
3059            "Signature verification types array return type is bogus");
3060     for (int i = nargs; i < sig_verif_types_len; i++) {
3061       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3062              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3063       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3064     }
3065   } else {
3066     // an <init> method may not have a void return type, if it's a static factory
3067     if (method_name == vmSymbols::object_initializer_name() &&
3068         opcode != Bytecodes::_invokespecial) {
3069       verify_error(ErrorContext::bad_code(bci),
3070           "Return type must be non-void in <init> static factory method");
3071       return;
3072     }
3073   }
3074 }
3075 
3076 VerificationType ClassVerifier::get_newarray_type(
3077     u2 index, u2 bci, TRAPS) {
3078   const char* from_bt[] = {
3079     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3080   };
3081   if (index < T_BOOLEAN || index > T_LONG) {
3082     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3083     return VerificationType::bogus_type();
3084   }
3085 
3086   // from_bt[index] contains the array signature which has a length of 2
3087   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3088   return VerificationType::reference_type(sig);
3089 }
3090 
3091 void ClassVerifier::verify_anewarray(
3092     u2 bci, u2 index, const constantPoolHandle& cp,


3099   VerificationType component_type =
3100     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3101   int length;
3102   char* arr_sig_str;
3103   if (component_type.is_array()) {     // it's an array
3104     const char* component_name = component_type.name()->as_utf8();
3105     // Check for more than MAX_ARRAY_DIMENSIONS
3106     length = (int)strlen(component_name);
3107     if (length > MAX_ARRAY_DIMENSIONS &&
3108         component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3109       verify_error(ErrorContext::bad_code(bci),
3110         "Illegal anewarray instruction, array has more than 255 dimensions");
3111     }
3112     // add one dimension to component
3113     length++;
3114     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3115     int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name);
3116     assert(n == length, "Unexpected number of characters in string");
3117   } else {         // it's an object or interface
3118     const char* component_name = component_type.name()->as_utf8();
3119     char Q_or_L = component_type.is_valuetype() ? 'Q' : 'L';
3120     // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3121     length = (int)strlen(component_name) + 3;
3122     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3123     int n = os::snprintf(arr_sig_str, length + 1, "[%c%s;", Q_or_L, component_name);
3124     assert(n == length, "Unexpected number of characters in string");
3125   }
3126   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3127   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3128   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3129 }
3130 
3131 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3132   current_frame->get_local(
3133     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3134   current_frame->push_stack(
3135     VerificationType::integer_type(), CHECK_VERIFY(this));
3136 }
3137 
3138 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3139   current_frame->get_local_2(
3140     index, VerificationType::long_type(),
3141     VerificationType::long2_type(), CHECK_VERIFY(this));
3142   current_frame->push_stack_2(
3143     VerificationType::long_type(),


3145 }
3146 
3147 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3148   current_frame->get_local(
3149     index, VerificationType::float_type(), CHECK_VERIFY(this));
3150   current_frame->push_stack(
3151     VerificationType::float_type(), CHECK_VERIFY(this));
3152 }
3153 
3154 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3155   current_frame->get_local_2(
3156     index, VerificationType::double_type(),
3157     VerificationType::double2_type(), CHECK_VERIFY(this));
3158   current_frame->push_stack_2(
3159     VerificationType::double_type(),
3160     VerificationType::double2_type(), CHECK_VERIFY(this));
3161 }
3162 
3163 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3164   VerificationType type = current_frame->get_local(
3165     index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3166   current_frame->push_stack(type, CHECK_VERIFY(this));
3167 }
3168 
3169 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3170   current_frame->pop_stack(
3171     VerificationType::integer_type(), CHECK_VERIFY(this));
3172   current_frame->set_local(
3173     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3174 }
3175 
3176 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3177   current_frame->pop_stack_2(
3178     VerificationType::long2_type(),
3179     VerificationType::long_type(), CHECK_VERIFY(this));
3180   current_frame->set_local_2(
3181     index, VerificationType::long_type(),
3182     VerificationType::long2_type(), CHECK_VERIFY(this));
3183 }
3184 
3185 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3186   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3187   current_frame->set_local(
3188     index, VerificationType::float_type(), CHECK_VERIFY(this));
3189 }
3190 
3191 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3192   current_frame->pop_stack_2(
3193     VerificationType::double2_type(),
3194     VerificationType::double_type(), CHECK_VERIFY(this));
3195   current_frame->set_local_2(
3196     index, VerificationType::double_type(),
3197     VerificationType::double2_type(), CHECK_VERIFY(this));
3198 }
3199 
3200 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3201   VerificationType type = current_frame->pop_stack(
3202     VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3203   current_frame->set_local(index, type, CHECK_VERIFY(this));
3204 }
3205 
3206 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3207   VerificationType type = current_frame->get_local(
3208     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3209   current_frame->set_local(index, type, CHECK_VERIFY(this));
3210 }
3211 
3212 void ClassVerifier::verify_return_value(
3213     VerificationType return_type, VerificationType type, u2 bci,
3214     StackMapFrame* current_frame, TRAPS) {
3215   if (return_type == VerificationType::bogus_type()) {
3216     verify_error(ErrorContext::bad_type(bci,
3217         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3218         "Method expects a return value");
3219     return;
3220   }
3221   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3222   if (!match) {


< prev index next >