44 #include "oops/constantPool.inline.hpp"
45 #include "oops/instanceKlass.hpp"
46 #include "oops/oop.inline.hpp"
47 #include "oops/typeArrayOop.hpp"
48 #include "runtime/fieldDescriptor.hpp"
49 #include "runtime/handles.inline.hpp"
50 #include "runtime/interfaceSupport.inline.hpp"
51 #include "runtime/javaCalls.hpp"
52 #include "runtime/jniHandles.inline.hpp"
53 #include "runtime/orderAccess.hpp"
54 #include "runtime/os.hpp"
55 #include "runtime/safepointVerifiers.hpp"
56 #include "runtime/thread.hpp"
57 #include "services/threadService.hpp"
58 #include "utilities/align.hpp"
59 #include "utilities/bytes.hpp"
60
61 #define NOFAILOVER_MAJOR_VERSION 51
62 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
63 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
64 #define MAX_ARRAY_DIMENSIONS 255
65
66 // Access to external entry for VerifyClassCodes - old byte code verifier
67
68 extern "C" {
69 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
70 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
71 }
72
73 static void* volatile _verify_byte_codes_fn = NULL;
74
75 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
76
77 static void* verify_byte_codes_fn() {
78 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
79 void *lib_handle = os::native_java_library();
80 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
81 OrderAccess::release_store(&_verify_byte_codes_fn, func);
82 if (func == NULL) {
83 _is_new_verify_byte_codes_fn = false;
238 }
239 kls = kls->super();
240 }
241 if (message_buffer != NULL) {
242 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
243 }
244 assert(exception_message != NULL, "");
245 THROW_MSG_(exception_name, exception_message, false);
246 }
247 }
248
249 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
250 Symbol* name = klass->name();
251 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
252
253 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
254
255 return (should_verify_for(klass->class_loader(), should_verify_class) &&
256 // return if the class is a bootstrapping class
257 // or defineClass specified not to verify by default (flags override passed arg)
258 // We need to skip the following four for bootstraping
259 name != vmSymbols::java_lang_Object() &&
260 name != vmSymbols::java_lang_Class() &&
261 name != vmSymbols::java_lang_String() &&
262 name != vmSymbols::java_lang_Throwable() &&
263
264 // Can not verify the bytecodes for shared classes because they have
265 // already been rewritten to contain constant pool cache indices,
266 // which the verifier can't understand.
267 // Shared classes shouldn't have stackmaps either.
268 !klass->is_shared() &&
269
270 // As of the fix for 4486457 we disable verification for all of the
271 // dynamically-generated bytecodes associated with the 1.4
272 // reflection implementation, not just those associated with
273 // jdk/internal/reflect/SerializationConstructorAccessor.
274 // NOTE: this is called too early in the bootstrapping process to be
275 // guarded by Universe::is_gte_jdk14x_version().
276 // Also for lambda generated code, gte jdk8
277 (!is_reflect));
278 }
469 ss->print("Local index %d is invalid", _type.index());
470 break;
471 case LOCALS_SIZE_MISMATCH:
472 ss->print("Current frame's local size doesn't match stackmap.");
473 break;
474 case STACK_SIZE_MISMATCH:
475 ss->print("Current frame's stack size doesn't match stackmap.");
476 break;
477 case STACK_OVERFLOW:
478 ss->print("Exceeded max stack size.");
479 break;
480 case STACK_UNDERFLOW:
481 ss->print("Attempt to pop empty stack.");
482 break;
483 case MISSING_STACKMAP:
484 ss->print("Expected stackmap frame at this location.");
485 break;
486 case BAD_STACKMAP:
487 ss->print("Invalid stackmap specification.");
488 break;
489 case UNKNOWN:
490 default:
491 ShouldNotReachHere();
492 ss->print_cr("Unknown");
493 }
494 ss->cr();
495 }
496
497 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
498 if (_bci != -1 && method != NULL) {
499 streamIndentor si(ss);
500 const char* bytecode_name = "<invalid>";
501 if (method->validate_bci(_bci) != -1) {
502 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
503 if (Bytecodes::is_defined(code)) {
504 bytecode_name = Bytecodes::name(code);
505 } else {
506 bytecode_name = "<illegal>";
507 }
508 }
563 stack_map_frame* sm_frame = sm_table->entries();
564 streamIndentor si2(ss);
565 int current_offset = -1;
566 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
567 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
568 ss->indent();
569 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
570 sm_frame->print_truncated(ss, current_offset);
571 return;
572 }
573 sm_frame->print_on(ss, current_offset);
574 ss->cr();
575 current_offset += sm_frame->offset_delta();
576 sm_frame = sm_frame->next();
577 }
578 }
579 }
580
581 // Methods in ClassVerifier
582
583 ClassVerifier::ClassVerifier(
584 InstanceKlass* klass, TRAPS)
585 : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
586 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
587 _this_type = VerificationType::reference_type(klass->name());
588 }
589
590 ClassVerifier::~ClassVerifier() {
591 // Decrement the reference count for any symbols created.
592 if (_symbols != NULL) {
593 for (int i = 0; i < _symbols->length(); i++) {
594 Symbol* s = _symbols->at(i);
595 s->decrement_refcount();
596 }
597 }
598 }
599
600 VerificationType ClassVerifier::object_type() const {
601 return VerificationType::reference_type(vmSymbols::java_lang_Object());
602 }
603
604 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
605 VerificationType vt = VerificationType::reference_type(
606 create_temporary_symbol(sig, (int)strlen(sig)));
607 return TypeOrigin::implicit(vt);
1012 case Bytecodes::_daload :
1013 type = current_frame.pop_stack(
1014 VerificationType::integer_type(), CHECK_VERIFY(this));
1015 atype = current_frame.pop_stack(
1016 VerificationType::reference_check(), CHECK_VERIFY(this));
1017 if (!atype.is_double_array()) {
1018 verify_error(ErrorContext::bad_type(bci,
1019 current_frame.stack_top_ctx(), ref_ctx("[D")),
1020 bad_type_msg, "daload");
1021 return;
1022 }
1023 current_frame.push_stack_2(
1024 VerificationType::double_type(),
1025 VerificationType::double2_type(), CHECK_VERIFY(this));
1026 no_control_flow = false; break;
1027 case Bytecodes::_aaload : {
1028 type = current_frame.pop_stack(
1029 VerificationType::integer_type(), CHECK_VERIFY(this));
1030 atype = current_frame.pop_stack(
1031 VerificationType::reference_check(), CHECK_VERIFY(this));
1032 if (!atype.is_reference_array()) {
1033 verify_error(ErrorContext::bad_type(bci,
1034 current_frame.stack_top_ctx(),
1035 TypeOrigin::implicit(VerificationType::reference_check())),
1036 bad_type_msg, "aaload");
1037 return;
1038 }
1039 if (atype.is_null()) {
1040 current_frame.push_stack(
1041 VerificationType::null_type(), CHECK_VERIFY(this));
1042 } else {
1043 VerificationType component =
1044 atype.get_component(this, CHECK_VERIFY(this));
1045 current_frame.push_stack(component, CHECK_VERIFY(this));
1046 }
1047 no_control_flow = false; break;
1048 }
1049 case Bytecodes::_istore :
1050 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1051 no_control_flow = false; break;
1052 case Bytecodes::_istore_0 :
1186 VerificationType::double2_type(),
1187 VerificationType::double_type(), CHECK_VERIFY(this));
1188 current_frame.pop_stack(
1189 VerificationType::integer_type(), CHECK_VERIFY(this));
1190 atype = current_frame.pop_stack(
1191 VerificationType::reference_check(), CHECK_VERIFY(this));
1192 if (!atype.is_double_array()) {
1193 verify_error(ErrorContext::bad_type(bci,
1194 current_frame.stack_top_ctx(), ref_ctx("[D")),
1195 bad_type_msg, "dastore");
1196 return;
1197 }
1198 no_control_flow = false; break;
1199 case Bytecodes::_aastore :
1200 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1201 type2 = current_frame.pop_stack(
1202 VerificationType::integer_type(), CHECK_VERIFY(this));
1203 atype = current_frame.pop_stack(
1204 VerificationType::reference_check(), CHECK_VERIFY(this));
1205 // more type-checking is done at runtime
1206 if (!atype.is_reference_array()) {
1207 verify_error(ErrorContext::bad_type(bci,
1208 current_frame.stack_top_ctx(),
1209 TypeOrigin::implicit(VerificationType::reference_check())),
1210 bad_type_msg, "aastore");
1211 return;
1212 }
1213 // 4938384: relaxed constraint in JVMS 3nd edition.
1214 no_control_flow = false; break;
1215 case Bytecodes::_pop :
1216 current_frame.pop_stack(
1217 VerificationType::category1_check(), CHECK_VERIFY(this));
1218 no_control_flow = false; break;
1219 case Bytecodes::_pop2 :
1220 type = current_frame.pop_stack(CHECK_VERIFY(this));
1221 if (type.is_category1()) {
1222 current_frame.pop_stack(
1223 VerificationType::category1_check(), CHECK_VERIFY(this));
1224 } else if (type.is_category2_2nd()) {
1225 current_frame.pop_stack(
1226 VerificationType::category2_check(), CHECK_VERIFY(this));
1586 case Bytecodes::_if_icmpgt:
1587 case Bytecodes::_if_icmple:
1588 current_frame.pop_stack(
1589 VerificationType::integer_type(), CHECK_VERIFY(this));
1590 // fall through
1591 case Bytecodes::_ifeq:
1592 case Bytecodes::_ifne:
1593 case Bytecodes::_iflt:
1594 case Bytecodes::_ifge:
1595 case Bytecodes::_ifgt:
1596 case Bytecodes::_ifle:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 target = bcs.dest();
1600 stackmap_table.check_jump_target(
1601 ¤t_frame, target, CHECK_VERIFY(this));
1602 no_control_flow = false; break;
1603 case Bytecodes::_if_acmpeq :
1604 case Bytecodes::_if_acmpne :
1605 current_frame.pop_stack(
1606 VerificationType::reference_check(), CHECK_VERIFY(this));
1607 // fall through
1608 case Bytecodes::_ifnull :
1609 case Bytecodes::_ifnonnull :
1610 current_frame.pop_stack(
1611 VerificationType::reference_check(), CHECK_VERIFY(this));
1612 target = bcs.dest();
1613 stackmap_table.check_jump_target
1614 (¤t_frame, target, CHECK_VERIFY(this));
1615 no_control_flow = false; break;
1616 case Bytecodes::_goto :
1617 target = bcs.dest();
1618 stackmap_table.check_jump_target(
1619 ¤t_frame, target, CHECK_VERIFY(this));
1620 no_control_flow = true; break;
1621 case Bytecodes::_goto_w :
1622 target = bcs.dest_w();
1623 stackmap_table.check_jump_target(
1624 ¤t_frame, target, CHECK_VERIFY(this));
1625 no_control_flow = true; break;
1626 case Bytecodes::_tableswitch :
1627 case Bytecodes::_lookupswitch :
1628 verify_switch(
1629 &bcs, code_length, code_data, ¤t_frame,
1630 &stackmap_table, CHECK_VERIFY(this));
1631 no_control_flow = true; break;
1642 VerificationType::long_type(), CHECK_VERIFY(this));
1643 verify_return_value(return_type, type, bci,
1644 ¤t_frame, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_freturn :
1647 type = current_frame.pop_stack(
1648 VerificationType::float_type(), CHECK_VERIFY(this));
1649 verify_return_value(return_type, type, bci,
1650 ¤t_frame, CHECK_VERIFY(this));
1651 no_control_flow = true; break;
1652 case Bytecodes::_dreturn :
1653 type2 = current_frame.pop_stack(
1654 VerificationType::double2_type(), CHECK_VERIFY(this));
1655 type = current_frame.pop_stack(
1656 VerificationType::double_type(), CHECK_VERIFY(this));
1657 verify_return_value(return_type, type, bci,
1658 ¤t_frame, CHECK_VERIFY(this));
1659 no_control_flow = true; break;
1660 case Bytecodes::_areturn :
1661 type = current_frame.pop_stack(
1662 VerificationType::reference_check(), CHECK_VERIFY(this));
1663 verify_return_value(return_type, type, bci,
1664 ¤t_frame, CHECK_VERIFY(this));
1665 no_control_flow = true; break;
1666 case Bytecodes::_return :
1667 if (return_type != VerificationType::bogus_type()) {
1668 verify_error(ErrorContext::bad_code(bci),
1669 "Method expects a return value");
1670 return;
1671 }
1672 // Make sure "this" has been initialized if current method is an
1673 // <init>.
1674 if (_method->name() == vmSymbols::object_initializer_name() &&
1675 current_frame.flag_this_uninit()) {
1676 verify_error(ErrorContext::bad_code(bci),
1677 "Constructor must call super() or this() "
1678 "before return");
1679 return;
1680 }
1681 no_control_flow = true; break;
1682 case Bytecodes::_getstatic :
1683 case Bytecodes::_putstatic :
1684 // pass TRUE, operand can be an array type for getstatic/putstatic.
1685 verify_field_instructions(
1686 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1687 no_control_flow = false; break;
1688 case Bytecodes::_getfield :
1689 case Bytecodes::_putfield :
1690 // pass FALSE, operand can't be an array type for getfield/putfield.
1691 verify_field_instructions(
1692 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1693 no_control_flow = false; break;
1694 case Bytecodes::_invokevirtual :
1695 case Bytecodes::_invokespecial :
1696 case Bytecodes::_invokestatic :
1697 verify_invoke_instructions(
1698 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1699 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1700 no_control_flow = false; break;
1701 case Bytecodes::_invokeinterface :
1702 case Bytecodes::_invokedynamic :
1703 verify_invoke_instructions(
1704 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1705 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1706 no_control_flow = false; break;
1707 case Bytecodes::_new :
1708 {
1709 index = bcs.get_index_u2();
1710 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1711 VerificationType new_class_type =
1712 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1713 if (!new_class_type.is_object()) {
1714 verify_error(ErrorContext::bad_type(bci,
1715 TypeOrigin::cp(index, new_class_type)),
1716 "Illegal new instruction");
1717 return;
1718 }
1719 type = VerificationType::uninitialized_type(bci);
1720 current_frame.push_stack(type, CHECK_VERIFY(this));
1721 no_control_flow = false; break;
1722 }
1723 case Bytecodes::_newarray :
1724 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1725 current_frame.pop_stack(
1726 VerificationType::integer_type(), CHECK_VERIFY(this));
1727 current_frame.push_stack(type, CHECK_VERIFY(this));
1728 no_control_flow = false; break;
1729 case Bytecodes::_anewarray :
1730 verify_anewarray(
1731 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 case Bytecodes::_arraylength :
1734 type = current_frame.pop_stack(
1735 VerificationType::reference_check(), CHECK_VERIFY(this));
1736 if (!(type.is_null() || type.is_array())) {
1737 verify_error(ErrorContext::bad_type(
1738 bci, current_frame.stack_top_ctx()),
1739 bad_type_msg, "arraylength");
1740 }
1741 current_frame.push_stack(
1742 VerificationType::integer_type(), CHECK_VERIFY(this));
1743 no_control_flow = false; break;
1744 case Bytecodes::_checkcast :
1745 {
1746 index = bcs.get_index_u2();
1747 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1748 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1749 VerificationType klass_type = cp_index_to_type(
1750 index, cp, CHECK_VERIFY(this));
1751 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1752 no_control_flow = false; break;
1753 }
1754 case Bytecodes::_instanceof : {
1755 index = bcs.get_index_u2();
1756 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758 current_frame.push_stack(
1759 VerificationType::integer_type(), CHECK_VERIFY(this));
1760 no_control_flow = false; break;
1761 }
1762 case Bytecodes::_monitorenter :
1763 case Bytecodes::_monitorexit :
1764 current_frame.pop_stack(
1765 VerificationType::reference_check(), CHECK_VERIFY(this));
1766 no_control_flow = false; break;
1767 case Bytecodes::_multianewarray :
1768 {
1769 index = bcs.get_index_u2();
1770 u2 dim = *(bcs.bcp()+3);
1771 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1772 VerificationType new_array_type =
1773 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1774 if (!new_array_type.is_array()) {
1775 verify_error(ErrorContext::bad_type(bci,
1776 TypeOrigin::cp(index, new_array_type)),
1777 "Illegal constant pool index in multianewarray instruction");
1778 return;
1779 }
1780 if (dim < 1 || new_array_type.dimensions() < dim) {
1781 verify_error(ErrorContext::bad_code(bci),
1782 "Illegal dimension in multianewarray instruction: %d", dim);
1783 return;
1784 }
1785 for (int i = 0; i < dim; i++) {
1786 current_frame.pop_stack(
2005 int nconstants = cp->length();
2006 if ((index <= 0) || (index >= nconstants)) {
2007 verify_error(ErrorContext::bad_cp_index(bci, index),
2008 "Illegal constant pool index %d in class %s",
2009 index, cp->pool_holder()->external_name());
2010 return;
2011 }
2012 }
2013
2014 void ClassVerifier::verify_cp_type(
2015 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2016
2017 // In some situations, bytecode rewriting may occur while we're verifying.
2018 // In this case, a constant pool cache exists and some indices refer to that
2019 // instead. Be sure we don't pick up such indices by accident.
2020 // We must check was_recursively_verified() before we get here.
2021 guarantee(cp->cache() == NULL, "not rewritten yet");
2022
2023 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2024 unsigned int tag = cp->tag_at(index).value();
2025 if ((types & (1 << tag)) == 0) {
2026 verify_error(ErrorContext::bad_cp_index(bci, index),
2027 "Illegal type at constant pool entry %d in class %s",
2028 index, cp->pool_holder()->external_name());
2029 return;
2030 }
2031 }
2032
2033 void ClassVerifier::verify_cp_class_type(
2034 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2035 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2036 constantTag tag = cp->tag_at(index);
2037 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2038 verify_error(ErrorContext::bad_cp_index(bci, index),
2039 "Illegal type at constant pool entry %d in class %s",
2040 index, cp->pool_holder()->external_name());
2041 return;
2042 }
2043 }
2044
2117 } else {
2118 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2119 if (member_klass != NULL && fd.is_protected()) {
2120 if (!this_class->is_same_class_package(member_klass)) {
2121 return true;
2122 }
2123 }
2124 }
2125 return false;
2126 }
2127
2128 void ClassVerifier::verify_ldc(
2129 int opcode, u2 index, StackMapFrame* current_frame,
2130 const constantPoolHandle& cp, u2 bci, TRAPS) {
2131 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2132 constantTag tag = cp->tag_at(index);
2133 unsigned int types = 0;
2134 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2135 if (!tag.is_unresolved_klass()) {
2136 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2137 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2138 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2139 | (1 << JVM_CONSTANT_Dynamic);
2140 // Note: The class file parser already verified the legality of
2141 // MethodHandle and MethodType constants.
2142 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2143 }
2144 } else {
2145 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2146 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2147 | (1 << JVM_CONSTANT_Dynamic);
2148 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2149 }
2150 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2151 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2152 } else if (tag.is_string()) {
2153 current_frame->push_stack(
2154 VerificationType::reference_type(
2155 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2156 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2157 current_frame->push_stack(
2293 StackMapFrame* current_frame,
2294 const constantPoolHandle& cp,
2295 bool allow_arrays,
2296 TRAPS) {
2297 u2 index = bcs->get_index_u2();
2298 verify_cp_type(bcs->bci(), index, cp,
2299 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2300
2301 // Get field name and signature
2302 Symbol* field_name = cp->name_ref_at(index);
2303 Symbol* field_sig = cp->signature_ref_at(index);
2304
2305 // Field signature was checked in ClassFileParser.
2306 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2307 "Invalid field signature");
2308
2309 // Get referenced class type
2310 VerificationType ref_class_type = cp_ref_index_to_type(
2311 index, cp, CHECK_VERIFY(this));
2312 if (!ref_class_type.is_object() &&
2313 (!allow_arrays || !ref_class_type.is_array())) {
2314 verify_error(ErrorContext::bad_type(bcs->bci(),
2315 TypeOrigin::cp(index, ref_class_type)),
2316 "Expecting reference to class in class %s at constant pool index %d",
2317 _klass->external_name(), index);
2318 return;
2319 }
2320 VerificationType target_class_type = ref_class_type;
2321
2322 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2323 "buffer type must match VerificationType size");
2324 uintptr_t field_type_buffer[2];
2325 VerificationType* field_type = (VerificationType*)field_type_buffer;
2326 // If we make a VerificationType[2] array directly, the compiler calls
2327 // to the c-runtime library to do the allocation instead of just
2328 // stack allocating it. Plus it would run constructors. This shows up
2329 // in performance profiles.
2330
2331 SignatureStream sig_stream(field_sig, false);
2332 VerificationType stack_object_type;
2333 int n = change_sig_to_verificationType(&sig_stream, field_type);
2334 u2 bci = bcs->bci();
2335 bool is_assignable;
2336 switch (bcs->raw_code()) {
2337 case Bytecodes::_getstatic: {
2338 for (int i = 0; i < n; i++) {
2339 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2340 }
2341 break;
2342 }
2343 case Bytecodes::_putstatic: {
2344 for (int i = n - 1; i >= 0; i--) {
2345 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2346 }
2347 break;
2348 }
2349 case Bytecodes::_getfield: {
2350 stack_object_type = current_frame->pop_stack(
2351 target_class_type, CHECK_VERIFY(this));
2352 for (int i = 0; i < n; i++) {
2353 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2354 }
2355 goto check_protected;
2356 }
2357 case Bytecodes::_putfield: {
2358 for (int i = n - 1; i >= 0; i--) {
2359 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2360 }
2361 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2362
2363 // The JVMS 2nd edition allows field initialization before the superclass
2364 // initializer, if the field is defined within the current class.
2365 fieldDescriptor fd;
2366 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2367 target_class_type.equals(current_type()) &&
2368 _klass->find_local_field(field_name, field_sig, &fd)) {
2737 bool ClassVerifier::is_same_or_direct_interface(
2738 InstanceKlass* klass,
2739 VerificationType klass_type,
2740 VerificationType ref_class_type) {
2741 if (ref_class_type.equals(klass_type)) return true;
2742 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2743 if (local_interfaces != NULL) {
2744 for (int x = 0; x < local_interfaces->length(); x++) {
2745 InstanceKlass* k = local_interfaces->at(x);
2746 assert (k != NULL && k->is_interface(), "invalid interface");
2747 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2748 return true;
2749 }
2750 }
2751 }
2752 return false;
2753 }
2754
2755 void ClassVerifier::verify_invoke_instructions(
2756 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2757 bool in_try_block, bool *this_uninit, VerificationType return_type,
2758 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2759 // Make sure the constant pool item is the right type
2760 u2 index = bcs->get_index_u2();
2761 Bytecodes::Code opcode = bcs->raw_code();
2762 unsigned int types = 0;
2763 switch (opcode) {
2764 case Bytecodes::_invokeinterface:
2765 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2766 break;
2767 case Bytecodes::_invokedynamic:
2768 types = 1 << JVM_CONSTANT_InvokeDynamic;
2769 break;
2770 case Bytecodes::_invokespecial:
2771 case Bytecodes::_invokestatic:
2772 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2773 (1 << JVM_CONSTANT_Methodref) :
2774 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2775 break;
2776 default:
2777 types = 1 << JVM_CONSTANT_Methodref;
2778 }
2779 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2780
2781 // Get method name and signature
2782 Symbol* method_name = cp->name_ref_at(index);
2783 Symbol* method_sig = cp->signature_ref_at(index);
2784
2785 // Method signature was checked in ClassFileParser.
2786 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2787 "Invalid method signature");
2788
2789 // Get referenced class type
2790 VerificationType ref_class_type;
2791 if (opcode == Bytecodes::_invokedynamic) {
2792 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2793 class_format_error(
2794 "invokedynamic instructions not supported by this class file version (%d), class %s",
2795 _klass->major_version(), _klass->external_name());
2796 return;
2797 }
2798 } else {
2799 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2800 }
2801
2802 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2803 "buffer type must match VerificationType size");
2804
2805 // Get the UTF8 index for this signature.
2806 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2807
2808 // Get the signature's verification types.
2809 sig_as_verification_types* mth_sig_verif_types;
2835 "Inconsistent args count operand in invokeinterface");
2836 return;
2837 }
2838 if (*(bcp+4) != 0) {
2839 verify_error(ErrorContext::bad_code(bci),
2840 "Fourth operand byte of invokeinterface must be zero");
2841 return;
2842 }
2843 }
2844
2845 if (opcode == Bytecodes::_invokedynamic) {
2846 address bcp = bcs->bcp();
2847 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2848 verify_error(ErrorContext::bad_code(bci),
2849 "Third and fourth operand bytes of invokedynamic must be zero");
2850 return;
2851 }
2852 }
2853
2854 if (method_name->char_at(0) == '<') {
2855 // Make sure <init> can only be invoked by invokespecial
2856 if (opcode != Bytecodes::_invokespecial ||
2857 method_name != vmSymbols::object_initializer_name()) {
2858 verify_error(ErrorContext::bad_code(bci),
2859 "Illegal call to internal method");
2860 return;
2861 }
2862 } else if (opcode == Bytecodes::_invokespecial
2863 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2864 && !ref_class_type.equals(VerificationType::reference_type(
2865 current_class()->super()->name()))) {
2866 bool subtype = false;
2867 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2868 if (!current_class()->is_unsafe_anonymous()) {
2869 subtype = ref_class_type.is_assignable_from(
2870 current_type(), this, false, CHECK_VERIFY(this));
2871 } else {
2872 VerificationType unsafe_anonymous_host_type =
2873 VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name());
2874 subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this));
2875
2876 // If invokespecial of IMR, need to recheck for same or
2877 // direct interface relative to the host class
2878 have_imr_indirect = (have_imr_indirect &&
2879 !is_same_or_direct_interface(
2880 current_class()->unsafe_anonymous_host(),
2881 unsafe_anonymous_host_type, ref_class_type));
2882 }
2883 if (!subtype) {
2884 verify_error(ErrorContext::bad_code(bci),
2885 "Bad invokespecial instruction: "
2886 "current class isn't assignable to reference class.");
2887 return;
2888 } else if (have_imr_indirect) {
2889 verify_error(ErrorContext::bad_code(bci),
2890 "Bad invokespecial instruction: "
2891 "interface method reference is in an indirect superinterface.");
2892 return;
2893 }
2894
2895 }
2896
2897 // Get the verification types for the method's arguments.
2898 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2899 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2900 // Match method descriptor with operand stack
2901 // The arguments are on the stack in descending order.
2902 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2903 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2904 }
2905
2906 // Check objectref on operand stack
2907 if (opcode != Bytecodes::_invokestatic &&
2908 opcode != Bytecodes::_invokedynamic) {
2909 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2910 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2911 code_length, in_try_block, this_uninit, cp, stackmap_table,
2912 CHECK_VERIFY(this));
2913 if (was_recursively_verified()) return;
2914 } else { // other methods
2915 // Ensures that target class is assignable to method class.
2916 if (opcode == Bytecodes::_invokespecial) {
2917 if (!current_class()->is_unsafe_anonymous()) {
2918 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2919 } else {
2920 // anonymous class invokespecial calls: check if the
2921 // objectref is a subtype of the unsafe_anonymous_host of the current class
2922 // to allow an anonymous class to reference methods in the unsafe_anonymous_host
2923 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2924 VerificationType hosttype =
2925 VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name());
2926 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2927 if (!subtype) {
2928 verify_error( ErrorContext::bad_type(current_frame->offset(),
2929 current_frame->stack_top_ctx(),
2930 TypeOrigin::implicit(top)),
2931 "Bad type on operand stack");
2932 return;
2933 }
2934 }
2935 } else if (opcode == Bytecodes::_invokevirtual) {
2936 VerificationType stack_object_type =
2937 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2938 if (current_type() != stack_object_type) {
2939 if (was_recursively_verified()) return;
2940 assert(cp->cache() == NULL, "not rewritten yet");
2941 Symbol* ref_class_name =
2942 cp->klass_name_at(cp->klass_ref_index_at(index));
2943 // See the comments in verify_field_instructions() for
2944 // the rationale behind this.
2945 if (name_in_supers(ref_class_name, current_class())) {
2946 Klass* ref_class = load_class(ref_class_name, CHECK);
2959 } else {
2960 verify_error(ErrorContext::bad_type(bci,
2961 current_frame->stack_top_ctx(),
2962 TypeOrigin::implicit(current_type())),
2963 "Bad access to protected data in invokevirtual");
2964 return;
2965 }
2966 }
2967 }
2968 }
2969 }
2970 } else {
2971 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2972 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2973 }
2974 }
2975 }
2976 // Push the result type.
2977 int sig_verif_types_len = sig_verif_types->length();
2978 if (sig_verif_types_len > nargs) { // There's a return type
2979 if (method_name == vmSymbols::object_initializer_name()) {
2980 // <init> method must have a void return type
2981 /* Unreachable? Class file parser verifies that methods with '<' have
2982 * void return */
2983 verify_error(ErrorContext::bad_code(bci),
2984 "Return type must be void in <init> method");
2985 return;
2986 }
2987
2988 assert(sig_verif_types_len <= nargs + 2,
2989 "Signature verification types array return type is bogus");
2990 for (int i = nargs; i < sig_verif_types_len; i++) {
2991 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2992 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2993 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2994 }
2995 }
2996 }
2997
2998 VerificationType ClassVerifier::get_newarray_type(
2999 u2 index, u2 bci, TRAPS) {
3000 const char* from_bt[] = {
3001 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3002 };
3003 if (index < T_BOOLEAN || index > T_LONG) {
3004 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3005 return VerificationType::bogus_type();
3006 }
3007
3008 // from_bt[index] contains the array signature which has a length of 2
3009 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3010 return VerificationType::reference_type(sig);
3011 }
3012
3013 void ClassVerifier::verify_anewarray(
3014 u2 bci, u2 index, const constantPoolHandle& cp,
3021 VerificationType component_type =
3022 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3023 int length;
3024 char* arr_sig_str;
3025 if (component_type.is_array()) { // it's an array
3026 const char* component_name = component_type.name()->as_utf8();
3027 // Check for more than MAX_ARRAY_DIMENSIONS
3028 length = (int)strlen(component_name);
3029 if (length > MAX_ARRAY_DIMENSIONS &&
3030 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3031 verify_error(ErrorContext::bad_code(bci),
3032 "Illegal anewarray instruction, array has more than 255 dimensions");
3033 }
3034 // add one dimension to component
3035 length++;
3036 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3037 int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name);
3038 assert(n == length, "Unexpected number of characters in string");
3039 } else { // it's an object or interface
3040 const char* component_name = component_type.name()->as_utf8();
3041 // add one dimension to component with 'L' prepended and ';' postpended.
3042 length = (int)strlen(component_name) + 3;
3043 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3044 int n = os::snprintf(arr_sig_str, length + 1, "[L%s;", component_name);
3045 assert(n == length, "Unexpected number of characters in string");
3046 }
3047 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3048 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3049 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3050 }
3051
3052 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3053 current_frame->get_local(
3054 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3055 current_frame->push_stack(
3056 VerificationType::integer_type(), CHECK_VERIFY(this));
3057 }
3058
3059 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3060 current_frame->get_local_2(
3061 index, VerificationType::long_type(),
3062 VerificationType::long2_type(), CHECK_VERIFY(this));
3063 current_frame->push_stack_2(
3064 VerificationType::long_type(),
3066 }
3067
3068 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3069 current_frame->get_local(
3070 index, VerificationType::float_type(), CHECK_VERIFY(this));
3071 current_frame->push_stack(
3072 VerificationType::float_type(), CHECK_VERIFY(this));
3073 }
3074
3075 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3076 current_frame->get_local_2(
3077 index, VerificationType::double_type(),
3078 VerificationType::double2_type(), CHECK_VERIFY(this));
3079 current_frame->push_stack_2(
3080 VerificationType::double_type(),
3081 VerificationType::double2_type(), CHECK_VERIFY(this));
3082 }
3083
3084 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3085 VerificationType type = current_frame->get_local(
3086 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3087 current_frame->push_stack(type, CHECK_VERIFY(this));
3088 }
3089
3090 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3091 current_frame->pop_stack(
3092 VerificationType::integer_type(), CHECK_VERIFY(this));
3093 current_frame->set_local(
3094 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3095 }
3096
3097 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3098 current_frame->pop_stack_2(
3099 VerificationType::long2_type(),
3100 VerificationType::long_type(), CHECK_VERIFY(this));
3101 current_frame->set_local_2(
3102 index, VerificationType::long_type(),
3103 VerificationType::long2_type(), CHECK_VERIFY(this));
3104 }
3105
3106 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3107 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3108 current_frame->set_local(
3109 index, VerificationType::float_type(), CHECK_VERIFY(this));
3110 }
3111
3112 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3113 current_frame->pop_stack_2(
3114 VerificationType::double2_type(),
3115 VerificationType::double_type(), CHECK_VERIFY(this));
3116 current_frame->set_local_2(
3117 index, VerificationType::double_type(),
3118 VerificationType::double2_type(), CHECK_VERIFY(this));
3119 }
3120
3121 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3122 VerificationType type = current_frame->pop_stack(
3123 VerificationType::reference_check(), CHECK_VERIFY(this));
3124 current_frame->set_local(index, type, CHECK_VERIFY(this));
3125 }
3126
3127 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3128 VerificationType type = current_frame->get_local(
3129 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3130 current_frame->set_local(index, type, CHECK_VERIFY(this));
3131 }
3132
3133 void ClassVerifier::verify_return_value(
3134 VerificationType return_type, VerificationType type, u2 bci,
3135 StackMapFrame* current_frame, TRAPS) {
3136 if (return_type == VerificationType::bogus_type()) {
3137 verify_error(ErrorContext::bad_type(bci,
3138 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3139 "Method expects a return value");
3140 return;
3141 }
3142 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3143 if (!match) {
|
44 #include "oops/constantPool.inline.hpp"
45 #include "oops/instanceKlass.hpp"
46 #include "oops/oop.inline.hpp"
47 #include "oops/typeArrayOop.hpp"
48 #include "runtime/fieldDescriptor.hpp"
49 #include "runtime/handles.inline.hpp"
50 #include "runtime/interfaceSupport.inline.hpp"
51 #include "runtime/javaCalls.hpp"
52 #include "runtime/jniHandles.inline.hpp"
53 #include "runtime/orderAccess.hpp"
54 #include "runtime/os.hpp"
55 #include "runtime/safepointVerifiers.hpp"
56 #include "runtime/thread.hpp"
57 #include "services/threadService.hpp"
58 #include "utilities/align.hpp"
59 #include "utilities/bytes.hpp"
60
61 #define NOFAILOVER_MAJOR_VERSION 51
62 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
63 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
64 #define VALUETYPE_MAJOR_VERSION 56
65 #define MAX_ARRAY_DIMENSIONS 255
66
67 // Access to external entry for VerifyClassCodes - old byte code verifier
68
69 extern "C" {
70 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
71 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
72 }
73
74 static void* volatile _verify_byte_codes_fn = NULL;
75
76 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
77
78 static void* verify_byte_codes_fn() {
79 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
80 void *lib_handle = os::native_java_library();
81 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
82 OrderAccess::release_store(&_verify_byte_codes_fn, func);
83 if (func == NULL) {
84 _is_new_verify_byte_codes_fn = false;
239 }
240 kls = kls->super();
241 }
242 if (message_buffer != NULL) {
243 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
244 }
245 assert(exception_message != NULL, "");
246 THROW_MSG_(exception_name, exception_message, false);
247 }
248 }
249
250 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
251 Symbol* name = klass->name();
252 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
253
254 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
255
256 return (should_verify_for(klass->class_loader(), should_verify_class) &&
257 // return if the class is a bootstrapping class
258 // or defineClass specified not to verify by default (flags override passed arg)
259 // We need to skip the following four for bootstrapping
260 name != vmSymbols::java_lang_Object() &&
261 name != vmSymbols::java_lang_Class() &&
262 name != vmSymbols::java_lang_String() &&
263 name != vmSymbols::java_lang_Throwable() &&
264
265 // Can not verify the bytecodes for shared classes because they have
266 // already been rewritten to contain constant pool cache indices,
267 // which the verifier can't understand.
268 // Shared classes shouldn't have stackmaps either.
269 !klass->is_shared() &&
270
271 // As of the fix for 4486457 we disable verification for all of the
272 // dynamically-generated bytecodes associated with the 1.4
273 // reflection implementation, not just those associated with
274 // jdk/internal/reflect/SerializationConstructorAccessor.
275 // NOTE: this is called too early in the bootstrapping process to be
276 // guarded by Universe::is_gte_jdk14x_version().
277 // Also for lambda generated code, gte jdk8
278 (!is_reflect));
279 }
470 ss->print("Local index %d is invalid", _type.index());
471 break;
472 case LOCALS_SIZE_MISMATCH:
473 ss->print("Current frame's local size doesn't match stackmap.");
474 break;
475 case STACK_SIZE_MISMATCH:
476 ss->print("Current frame's stack size doesn't match stackmap.");
477 break;
478 case STACK_OVERFLOW:
479 ss->print("Exceeded max stack size.");
480 break;
481 case STACK_UNDERFLOW:
482 ss->print("Attempt to pop empty stack.");
483 break;
484 case MISSING_STACKMAP:
485 ss->print("Expected stackmap frame at this location.");
486 break;
487 case BAD_STACKMAP:
488 ss->print("Invalid stackmap specification.");
489 break;
490 case WRONG_VALUE_TYPE:
491 ss->print("Type ");
492 _type.details(ss);
493 ss->print(" and type ");
494 _expected.details(ss);
495 ss->print(" must be identical inline types.");
496 break;
497 case UNKNOWN:
498 default:
499 ShouldNotReachHere();
500 ss->print_cr("Unknown");
501 }
502 ss->cr();
503 }
504
505 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
506 if (_bci != -1 && method != NULL) {
507 streamIndentor si(ss);
508 const char* bytecode_name = "<invalid>";
509 if (method->validate_bci(_bci) != -1) {
510 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
511 if (Bytecodes::is_defined(code)) {
512 bytecode_name = Bytecodes::name(code);
513 } else {
514 bytecode_name = "<illegal>";
515 }
516 }
571 stack_map_frame* sm_frame = sm_table->entries();
572 streamIndentor si2(ss);
573 int current_offset = -1;
574 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
575 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
576 ss->indent();
577 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
578 sm_frame->print_truncated(ss, current_offset);
579 return;
580 }
581 sm_frame->print_on(ss, current_offset);
582 ss->cr();
583 current_offset += sm_frame->offset_delta();
584 sm_frame = sm_frame->next();
585 }
586 }
587 }
588
589 // Methods in ClassVerifier
590
591 VerificationType reference_or_valuetype(InstanceKlass* klass) {
592 if (klass->is_value()) {
593 return VerificationType::valuetype_type(klass->name());
594 } else {
595 return VerificationType::reference_type(klass->name());
596 }
597 }
598
599 ClassVerifier::ClassVerifier(
600 InstanceKlass* klass, TRAPS)
601 : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
602 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
603 _this_type = reference_or_valuetype(klass);
604 }
605
606 ClassVerifier::~ClassVerifier() {
607 // Decrement the reference count for any symbols created.
608 if (_symbols != NULL) {
609 for (int i = 0; i < _symbols->length(); i++) {
610 Symbol* s = _symbols->at(i);
611 s->decrement_refcount();
612 }
613 }
614 }
615
616 VerificationType ClassVerifier::object_type() const {
617 return VerificationType::reference_type(vmSymbols::java_lang_Object());
618 }
619
620 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
621 VerificationType vt = VerificationType::reference_type(
622 create_temporary_symbol(sig, (int)strlen(sig)));
623 return TypeOrigin::implicit(vt);
1028 case Bytecodes::_daload :
1029 type = current_frame.pop_stack(
1030 VerificationType::integer_type(), CHECK_VERIFY(this));
1031 atype = current_frame.pop_stack(
1032 VerificationType::reference_check(), CHECK_VERIFY(this));
1033 if (!atype.is_double_array()) {
1034 verify_error(ErrorContext::bad_type(bci,
1035 current_frame.stack_top_ctx(), ref_ctx("[D")),
1036 bad_type_msg, "daload");
1037 return;
1038 }
1039 current_frame.push_stack_2(
1040 VerificationType::double_type(),
1041 VerificationType::double2_type(), CHECK_VERIFY(this));
1042 no_control_flow = false; break;
1043 case Bytecodes::_aaload : {
1044 type = current_frame.pop_stack(
1045 VerificationType::integer_type(), CHECK_VERIFY(this));
1046 atype = current_frame.pop_stack(
1047 VerificationType::reference_check(), CHECK_VERIFY(this));
1048 if (!atype.is_nonscalar_array()) {
1049 verify_error(ErrorContext::bad_type(bci,
1050 current_frame.stack_top_ctx(),
1051 TypeOrigin::implicit(VerificationType::reference_check())),
1052 bad_type_msg, "aaload");
1053 return;
1054 }
1055 if (atype.is_null()) {
1056 current_frame.push_stack(
1057 VerificationType::null_type(), CHECK_VERIFY(this));
1058 } else {
1059 VerificationType component =
1060 atype.get_component(this, CHECK_VERIFY(this));
1061 current_frame.push_stack(component, CHECK_VERIFY(this));
1062 }
1063 no_control_flow = false; break;
1064 }
1065 case Bytecodes::_istore :
1066 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_istore_0 :
1202 VerificationType::double2_type(),
1203 VerificationType::double_type(), CHECK_VERIFY(this));
1204 current_frame.pop_stack(
1205 VerificationType::integer_type(), CHECK_VERIFY(this));
1206 atype = current_frame.pop_stack(
1207 VerificationType::reference_check(), CHECK_VERIFY(this));
1208 if (!atype.is_double_array()) {
1209 verify_error(ErrorContext::bad_type(bci,
1210 current_frame.stack_top_ctx(), ref_ctx("[D")),
1211 bad_type_msg, "dastore");
1212 return;
1213 }
1214 no_control_flow = false; break;
1215 case Bytecodes::_aastore :
1216 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1217 type2 = current_frame.pop_stack(
1218 VerificationType::integer_type(), CHECK_VERIFY(this));
1219 atype = current_frame.pop_stack(
1220 VerificationType::reference_check(), CHECK_VERIFY(this));
1221 // more type-checking is done at runtime
1222 if (!atype.is_nonscalar_array()) {
1223 verify_error(ErrorContext::bad_type(bci,
1224 current_frame.stack_top_ctx(),
1225 TypeOrigin::implicit(VerificationType::reference_check())),
1226 bad_type_msg, "aastore");
1227 return;
1228 }
1229 // 4938384: relaxed constraint in JVMS 3nd edition.
1230 no_control_flow = false; break;
1231 case Bytecodes::_pop :
1232 current_frame.pop_stack(
1233 VerificationType::category1_check(), CHECK_VERIFY(this));
1234 no_control_flow = false; break;
1235 case Bytecodes::_pop2 :
1236 type = current_frame.pop_stack(CHECK_VERIFY(this));
1237 if (type.is_category1()) {
1238 current_frame.pop_stack(
1239 VerificationType::category1_check(), CHECK_VERIFY(this));
1240 } else if (type.is_category2_2nd()) {
1241 current_frame.pop_stack(
1242 VerificationType::category2_check(), CHECK_VERIFY(this));
1602 case Bytecodes::_if_icmpgt:
1603 case Bytecodes::_if_icmple:
1604 current_frame.pop_stack(
1605 VerificationType::integer_type(), CHECK_VERIFY(this));
1606 // fall through
1607 case Bytecodes::_ifeq:
1608 case Bytecodes::_ifne:
1609 case Bytecodes::_iflt:
1610 case Bytecodes::_ifge:
1611 case Bytecodes::_ifgt:
1612 case Bytecodes::_ifle:
1613 current_frame.pop_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 target = bcs.dest();
1616 stackmap_table.check_jump_target(
1617 ¤t_frame, target, CHECK_VERIFY(this));
1618 no_control_flow = false; break;
1619 case Bytecodes::_if_acmpeq :
1620 case Bytecodes::_if_acmpne :
1621 current_frame.pop_stack(
1622 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1623 // fall through
1624 case Bytecodes::_ifnull :
1625 case Bytecodes::_ifnonnull :
1626 current_frame.pop_stack(
1627 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1628 target = bcs.dest();
1629 stackmap_table.check_jump_target
1630 (¤t_frame, target, CHECK_VERIFY(this));
1631 no_control_flow = false; break;
1632 case Bytecodes::_goto :
1633 target = bcs.dest();
1634 stackmap_table.check_jump_target(
1635 ¤t_frame, target, CHECK_VERIFY(this));
1636 no_control_flow = true; break;
1637 case Bytecodes::_goto_w :
1638 target = bcs.dest_w();
1639 stackmap_table.check_jump_target(
1640 ¤t_frame, target, CHECK_VERIFY(this));
1641 no_control_flow = true; break;
1642 case Bytecodes::_tableswitch :
1643 case Bytecodes::_lookupswitch :
1644 verify_switch(
1645 &bcs, code_length, code_data, ¤t_frame,
1646 &stackmap_table, CHECK_VERIFY(this));
1647 no_control_flow = true; break;
1658 VerificationType::long_type(), CHECK_VERIFY(this));
1659 verify_return_value(return_type, type, bci,
1660 ¤t_frame, CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_freturn :
1663 type = current_frame.pop_stack(
1664 VerificationType::float_type(), CHECK_VERIFY(this));
1665 verify_return_value(return_type, type, bci,
1666 ¤t_frame, CHECK_VERIFY(this));
1667 no_control_flow = true; break;
1668 case Bytecodes::_dreturn :
1669 type2 = current_frame.pop_stack(
1670 VerificationType::double2_type(), CHECK_VERIFY(this));
1671 type = current_frame.pop_stack(
1672 VerificationType::double_type(), CHECK_VERIFY(this));
1673 verify_return_value(return_type, type, bci,
1674 ¤t_frame, CHECK_VERIFY(this));
1675 no_control_flow = true; break;
1676 case Bytecodes::_areturn :
1677 type = current_frame.pop_stack(
1678 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1679 verify_return_value(return_type, type, bci,
1680 ¤t_frame, CHECK_VERIFY(this));
1681 no_control_flow = true; break;
1682 case Bytecodes::_return :
1683 if (return_type != VerificationType::bogus_type()) {
1684 verify_error(ErrorContext::bad_code(bci),
1685 "Method expects a return value");
1686 return;
1687 }
1688 // Make sure "this" has been initialized if current method is an
1689 // <init>.
1690 if (_method->is_object_constructor() &&
1691 current_frame.flag_this_uninit()) {
1692 verify_error(ErrorContext::bad_code(bci),
1693 "Constructor must call super() or this() "
1694 "before return");
1695 return;
1696 }
1697 no_control_flow = true; break;
1698 case Bytecodes::_getstatic :
1699 case Bytecodes::_putstatic :
1700 // pass TRUE, operand can be an array type for getstatic/putstatic.
1701 verify_field_instructions(
1702 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1703 no_control_flow = false; break;
1704 case Bytecodes::_getfield :
1705 case Bytecodes::_putfield :
1706 // pass FALSE, operand can't be an array type for getfield/putfield.
1707 verify_field_instructions(
1708 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1709 no_control_flow = false; break;
1710 case Bytecodes::_withfield :
1711 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1712 class_format_error(
1713 "withfield not supported by this class file version (%d.%d), class %s",
1714 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1715 return;
1716 }
1717 // pass FALSE, operand can't be an array type for withfield.
1718 verify_field_instructions(
1719 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1720 no_control_flow = false; break;
1721 case Bytecodes::_invokevirtual :
1722 case Bytecodes::_invokespecial :
1723 case Bytecodes::_invokestatic :
1724 case Bytecodes::_invokeinterface :
1725 case Bytecodes::_invokedynamic :
1726 verify_invoke_instructions(
1727 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1728 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_new :
1731 {
1732 index = bcs.get_index_u2();
1733 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1734 VerificationType new_class_type =
1735 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1736 if (!new_class_type.is_object()) {
1737 verify_error(ErrorContext::bad_type(bci,
1738 TypeOrigin::cp(index, new_class_type)),
1739 "Illegal new instruction");
1740 return;
1741 }
1742 type = VerificationType::uninitialized_type(bci);
1743 current_frame.push_stack(type, CHECK_VERIFY(this));
1744 no_control_flow = false; break;
1745 }
1746 case Bytecodes::_defaultvalue :
1747 {
1748 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1749 class_format_error(
1750 "defaultvalue not supported by this class file version (%d.%d), class %s",
1751 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1752 return;
1753 }
1754 index = bcs.get_index_u2();
1755 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1756 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1757 if (!ref_type.is_object()) {
1758 verify_error(ErrorContext::bad_type(bci,
1759 TypeOrigin::cp(index, ref_type)),
1760 "Illegal defaultvalue instruction");
1761 return;
1762 }
1763 VerificationType value_type =
1764 VerificationType::change_ref_to_valuetype(ref_type);
1765 current_frame.push_stack(value_type, CHECK_VERIFY(this));
1766 no_control_flow = false; break;
1767 }
1768 case Bytecodes::_newarray :
1769 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1770 current_frame.pop_stack(
1771 VerificationType::integer_type(), CHECK_VERIFY(this));
1772 current_frame.push_stack(type, CHECK_VERIFY(this));
1773 no_control_flow = false; break;
1774 case Bytecodes::_anewarray :
1775 verify_anewarray(
1776 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1777 no_control_flow = false; break;
1778 case Bytecodes::_arraylength :
1779 type = current_frame.pop_stack(
1780 VerificationType::reference_check(), CHECK_VERIFY(this));
1781 if (!(type.is_null() || type.is_array())) {
1782 verify_error(ErrorContext::bad_type(
1783 bci, current_frame.stack_top_ctx()),
1784 bad_type_msg, "arraylength");
1785 }
1786 current_frame.push_stack(
1787 VerificationType::integer_type(), CHECK_VERIFY(this));
1788 no_control_flow = false; break;
1789 case Bytecodes::_checkcast :
1790 {
1791 index = bcs.get_index_u2();
1792 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1793 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1794 VerificationType klass_type = cp_index_to_type(
1795 index, cp, CHECK_VERIFY(this));
1796 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1797 no_control_flow = false; break;
1798 }
1799 case Bytecodes::_instanceof : {
1800 index = bcs.get_index_u2();
1801 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803 current_frame.push_stack(
1804 VerificationType::integer_type(), CHECK_VERIFY(this));
1805 no_control_flow = false; break;
1806 }
1807 case Bytecodes::_monitorenter :
1808 case Bytecodes::_monitorexit : {
1809 VerificationType ref = current_frame.pop_stack(
1810 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1811 no_control_flow = false; break;
1812 }
1813 case Bytecodes::_multianewarray :
1814 {
1815 index = bcs.get_index_u2();
1816 u2 dim = *(bcs.bcp()+3);
1817 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1818 VerificationType new_array_type =
1819 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1820 if (!new_array_type.is_array()) {
1821 verify_error(ErrorContext::bad_type(bci,
1822 TypeOrigin::cp(index, new_array_type)),
1823 "Illegal constant pool index in multianewarray instruction");
1824 return;
1825 }
1826 if (dim < 1 || new_array_type.dimensions() < dim) {
1827 verify_error(ErrorContext::bad_code(bci),
1828 "Illegal dimension in multianewarray instruction: %d", dim);
1829 return;
1830 }
1831 for (int i = 0; i < dim; i++) {
1832 current_frame.pop_stack(
2051 int nconstants = cp->length();
2052 if ((index <= 0) || (index >= nconstants)) {
2053 verify_error(ErrorContext::bad_cp_index(bci, index),
2054 "Illegal constant pool index %d in class %s",
2055 index, cp->pool_holder()->external_name());
2056 return;
2057 }
2058 }
2059
2060 void ClassVerifier::verify_cp_type(
2061 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2062
2063 // In some situations, bytecode rewriting may occur while we're verifying.
2064 // In this case, a constant pool cache exists and some indices refer to that
2065 // instead. Be sure we don't pick up such indices by accident.
2066 // We must check was_recursively_verified() before we get here.
2067 guarantee(cp->cache() == NULL, "not rewritten yet");
2068
2069 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2070 unsigned int tag = cp->tag_at(index).value();
2071
2072 if ((types & (1 << tag)) == 0) {
2073 verify_error(ErrorContext::bad_cp_index(bci, index),
2074 "Illegal type at constant pool entry %d in class %s",
2075 index, cp->pool_holder()->external_name());
2076 return;
2077 }
2078 }
2079
2080 void ClassVerifier::verify_cp_class_type(
2081 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2082 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2083 constantTag tag = cp->tag_at(index);
2084 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2085 verify_error(ErrorContext::bad_cp_index(bci, index),
2086 "Illegal type at constant pool entry %d in class %s",
2087 index, cp->pool_holder()->external_name());
2088 return;
2089 }
2090 }
2091
2164 } else {
2165 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2166 if (member_klass != NULL && fd.is_protected()) {
2167 if (!this_class->is_same_class_package(member_klass)) {
2168 return true;
2169 }
2170 }
2171 }
2172 return false;
2173 }
2174
2175 void ClassVerifier::verify_ldc(
2176 int opcode, u2 index, StackMapFrame* current_frame,
2177 const constantPoolHandle& cp, u2 bci, TRAPS) {
2178 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2179 constantTag tag = cp->tag_at(index);
2180 unsigned int types = 0;
2181 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2182 if (!tag.is_unresolved_klass()) {
2183 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2184 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2185 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2186 | (1 << JVM_CONSTANT_Dynamic);
2187 // Note: The class file parser already verified the legality of
2188 // MethodHandle and MethodType constants.
2189 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2190 }
2191 } else {
2192 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2193 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2194 | (1 << JVM_CONSTANT_Dynamic);
2195 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2196 }
2197 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2198 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2199 } else if (tag.is_string()) {
2200 current_frame->push_stack(
2201 VerificationType::reference_type(
2202 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2203 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2204 current_frame->push_stack(
2340 StackMapFrame* current_frame,
2341 const constantPoolHandle& cp,
2342 bool allow_arrays,
2343 TRAPS) {
2344 u2 index = bcs->get_index_u2();
2345 verify_cp_type(bcs->bci(), index, cp,
2346 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2347
2348 // Get field name and signature
2349 Symbol* field_name = cp->name_ref_at(index);
2350 Symbol* field_sig = cp->signature_ref_at(index);
2351
2352 // Field signature was checked in ClassFileParser.
2353 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2354 "Invalid field signature");
2355
2356 // Get referenced class type
2357 VerificationType ref_class_type = cp_ref_index_to_type(
2358 index, cp, CHECK_VERIFY(this));
2359 if (!ref_class_type.is_object() &&
2360 (!allow_arrays || !ref_class_type.is_array())) {
2361 verify_error(ErrorContext::bad_type(bcs->bci(),
2362 TypeOrigin::cp(index, ref_class_type)),
2363 "Expecting reference to class in class %s at constant pool index %d",
2364 _klass->external_name(), index);
2365 return;
2366 }
2367
2368 VerificationType target_class_type = ref_class_type;
2369
2370 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2371 "buffer type must match VerificationType size");
2372 uintptr_t field_type_buffer[2];
2373 VerificationType* field_type = (VerificationType*)field_type_buffer;
2374 // If we make a VerificationType[2] array directly, the compiler calls
2375 // to the c-runtime library to do the allocation instead of just
2376 // stack allocating it. Plus it would run constructors. This shows up
2377 // in performance profiles.
2378
2379 SignatureStream sig_stream(field_sig, false);
2380 VerificationType stack_object_type;
2381 int n = change_sig_to_verificationType(&sig_stream, field_type);
2382 u2 bci = bcs->bci();
2383 bool is_assignable;
2384 switch (bcs->raw_code()) {
2385 case Bytecodes::_getstatic: {
2386 for (int i = 0; i < n; i++) {
2387 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2388 }
2389 break;
2390 }
2391 case Bytecodes::_putstatic: {
2392 for (int i = n - 1; i >= 0; i--) {
2393 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2394 }
2395 break;
2396 }
2397 case Bytecodes::_withfield: {
2398 for (int i = n - 1; i >= 0; i--) {
2399 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2400 }
2401 // stack_object_type and target_class_type must be the same value type.
2402 stack_object_type =
2403 current_frame->pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this));
2404 VerificationType target_value_type =
2405 VerificationType::change_ref_to_valuetype(target_class_type);
2406 if (!stack_object_type.equals(target_value_type)) {
2407 verify_error(ErrorContext::bad_value_type(bci,
2408 current_frame->stack_top_ctx(),
2409 TypeOrigin::cp(index, target_class_type)),
2410 "Invalid type on operand stack in withfield instruction");
2411 return;
2412 }
2413 current_frame->push_stack(target_value_type, CHECK_VERIFY(this));
2414 break;
2415 }
2416 case Bytecodes::_getfield: {
2417 stack_object_type = current_frame->pop_stack(
2418 target_class_type, CHECK_VERIFY(this));
2419 for (int i = 0; i < n; i++) {
2420 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2421 }
2422 goto check_protected;
2423 }
2424 case Bytecodes::_putfield: {
2425 for (int i = n - 1; i >= 0; i--) {
2426 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2427 }
2428 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2429
2430 // The JVMS 2nd edition allows field initialization before the superclass
2431 // initializer, if the field is defined within the current class.
2432 fieldDescriptor fd;
2433 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2434 target_class_type.equals(current_type()) &&
2435 _klass->find_local_field(field_name, field_sig, &fd)) {
2804 bool ClassVerifier::is_same_or_direct_interface(
2805 InstanceKlass* klass,
2806 VerificationType klass_type,
2807 VerificationType ref_class_type) {
2808 if (ref_class_type.equals(klass_type)) return true;
2809 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2810 if (local_interfaces != NULL) {
2811 for (int x = 0; x < local_interfaces->length(); x++) {
2812 InstanceKlass* k = local_interfaces->at(x);
2813 assert (k != NULL && k->is_interface(), "invalid interface");
2814 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2815 return true;
2816 }
2817 }
2818 }
2819 return false;
2820 }
2821
2822 void ClassVerifier::verify_invoke_instructions(
2823 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2824 bool in_try_block, bool *this_uninit,
2825 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2826 // Make sure the constant pool item is the right type
2827 u2 index = bcs->get_index_u2();
2828 Bytecodes::Code opcode = bcs->raw_code();
2829 unsigned int types = 0;
2830 switch (opcode) {
2831 case Bytecodes::_invokeinterface:
2832 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2833 break;
2834 case Bytecodes::_invokedynamic:
2835 types = 1 << JVM_CONSTANT_InvokeDynamic;
2836 break;
2837 case Bytecodes::_invokespecial:
2838 case Bytecodes::_invokestatic:
2839 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2840 (1 << JVM_CONSTANT_Methodref) :
2841 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2842 break;
2843 default:
2844 types = 1 << JVM_CONSTANT_Methodref;
2845 }
2846 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2847
2848 // Get method name and signature
2849 Symbol* method_name = cp->name_ref_at(index);
2850 Symbol* method_sig = cp->signature_ref_at(index);
2851
2852 // Method signature was checked in ClassFileParser.
2853 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2854 "Invalid method signature");
2855
2856 // Get referenced class
2857 VerificationType ref_class_type;
2858 if (opcode == Bytecodes::_invokedynamic) {
2859 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2860 class_format_error(
2861 "invokedynamic instructions not supported by this class file version (%d), class %s",
2862 _klass->major_version(), _klass->external_name());
2863 return;
2864 }
2865 } else {
2866 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2867 }
2868
2869 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2870 "buffer type must match VerificationType size");
2871
2872 // Get the UTF8 index for this signature.
2873 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2874
2875 // Get the signature's verification types.
2876 sig_as_verification_types* mth_sig_verif_types;
2902 "Inconsistent args count operand in invokeinterface");
2903 return;
2904 }
2905 if (*(bcp+4) != 0) {
2906 verify_error(ErrorContext::bad_code(bci),
2907 "Fourth operand byte of invokeinterface must be zero");
2908 return;
2909 }
2910 }
2911
2912 if (opcode == Bytecodes::_invokedynamic) {
2913 address bcp = bcs->bcp();
2914 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2915 verify_error(ErrorContext::bad_code(bci),
2916 "Third and fourth operand bytes of invokedynamic must be zero");
2917 return;
2918 }
2919 }
2920
2921 if (method_name->char_at(0) == '<') {
2922 // Make sure <init> can only be invoked by invokespecial or invokestatic.
2923 // The allowed invocation mode of <init> depends on its signature.
2924 if ((opcode != Bytecodes::_invokespecial &&
2925 opcode != Bytecodes::_invokestatic) ||
2926 method_name != vmSymbols::object_initializer_name()) {
2927 verify_error(ErrorContext::bad_code(bci),
2928 "Illegal call to internal method");
2929 return;
2930 }
2931 } else if (opcode == Bytecodes::_invokespecial
2932 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2933 && !ref_class_type.equals(VerificationType::reference_type(
2934 current_class()->super()->name()))) { // super() can never be a value_type.
2935 bool subtype = false;
2936 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2937 if (!current_class()->is_unsafe_anonymous()) {
2938 subtype = ref_class_type.is_assignable_from(
2939 current_type(), this, false, CHECK_VERIFY(this));
2940 } else {
2941 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2942 VerificationType unsafe_anonymous_host_type = reference_or_valuetype(unsafe_host);
2943 subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this));
2944
2945 // If invokespecial of IMR, need to recheck for same or
2946 // direct interface relative to the host class
2947 have_imr_indirect = (have_imr_indirect &&
2948 !is_same_or_direct_interface(
2949 unsafe_host,
2950 unsafe_anonymous_host_type, ref_class_type));
2951 }
2952 if (!subtype) {
2953 verify_error(ErrorContext::bad_code(bci),
2954 "Bad invokespecial instruction: "
2955 "current class isn't assignable to reference class.");
2956 return;
2957 } else if (have_imr_indirect) {
2958 verify_error(ErrorContext::bad_code(bci),
2959 "Bad invokespecial instruction: "
2960 "interface method reference is in an indirect superinterface.");
2961 return;
2962 }
2963
2964 }
2965
2966 // Get the verification types for the method's arguments.
2967 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2968 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2969 // Match method descriptor with operand stack
2970 // The arguments are on the stack in descending order.
2971 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2972 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2973 }
2974
2975 // Check objectref on operand stack
2976 if (opcode != Bytecodes::_invokestatic &&
2977 opcode != Bytecodes::_invokedynamic) {
2978 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2979 // (use of <init> as a static factory is handled under invokestatic)
2980 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2981 code_length, in_try_block, this_uninit, cp, stackmap_table,
2982 CHECK_VERIFY(this));
2983 if (was_recursively_verified()) return;
2984 } else { // other methods
2985 // Ensures that target class is assignable to method class.
2986 if (opcode == Bytecodes::_invokespecial) {
2987 if (!current_class()->is_unsafe_anonymous()) {
2988 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2989 } else {
2990 // anonymous class invokespecial calls: check if the
2991 // objectref is a subtype of the unsafe_anonymous_host of the current class
2992 // to allow an anonymous class to reference methods in the unsafe_anonymous_host
2993 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2994
2995 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2996 VerificationType host_type = reference_or_valuetype(unsafe_host);
2997 bool subtype = host_type.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2998 if (!subtype) {
2999 verify_error( ErrorContext::bad_type(current_frame->offset(),
3000 current_frame->stack_top_ctx(),
3001 TypeOrigin::implicit(top)),
3002 "Bad type on operand stack");
3003 return;
3004 }
3005 }
3006 } else if (opcode == Bytecodes::_invokevirtual) {
3007 VerificationType stack_object_type =
3008 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3009 if (current_type() != stack_object_type) {
3010 if (was_recursively_verified()) return;
3011 assert(cp->cache() == NULL, "not rewritten yet");
3012 Symbol* ref_class_name =
3013 cp->klass_name_at(cp->klass_ref_index_at(index));
3014 // See the comments in verify_field_instructions() for
3015 // the rationale behind this.
3016 if (name_in_supers(ref_class_name, current_class())) {
3017 Klass* ref_class = load_class(ref_class_name, CHECK);
3030 } else {
3031 verify_error(ErrorContext::bad_type(bci,
3032 current_frame->stack_top_ctx(),
3033 TypeOrigin::implicit(current_type())),
3034 "Bad access to protected data in invokevirtual");
3035 return;
3036 }
3037 }
3038 }
3039 }
3040 }
3041 } else {
3042 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3043 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3044 }
3045 }
3046 }
3047 // Push the result type.
3048 int sig_verif_types_len = sig_verif_types->length();
3049 if (sig_verif_types_len > nargs) { // There's a return type
3050 if (method_name == vmSymbols::object_initializer_name() &&
3051 opcode != Bytecodes::_invokestatic) {
3052 // an <init> method must have a void return type, unless it's a static factory
3053 verify_error(ErrorContext::bad_code(bci),
3054 "Return type must be void in <init> method");
3055 return;
3056 }
3057
3058 assert(sig_verif_types_len <= nargs + 2,
3059 "Signature verification types array return type is bogus");
3060 for (int i = nargs; i < sig_verif_types_len; i++) {
3061 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3062 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3063 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3064 }
3065 } else {
3066 // an <init> method may not have a void return type, if it's a static factory
3067 if (method_name == vmSymbols::object_initializer_name() &&
3068 opcode != Bytecodes::_invokespecial) {
3069 verify_error(ErrorContext::bad_code(bci),
3070 "Return type must be non-void in <init> static factory method");
3071 return;
3072 }
3073 }
3074 }
3075
3076 VerificationType ClassVerifier::get_newarray_type(
3077 u2 index, u2 bci, TRAPS) {
3078 const char* from_bt[] = {
3079 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3080 };
3081 if (index < T_BOOLEAN || index > T_LONG) {
3082 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3083 return VerificationType::bogus_type();
3084 }
3085
3086 // from_bt[index] contains the array signature which has a length of 2
3087 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3088 return VerificationType::reference_type(sig);
3089 }
3090
3091 void ClassVerifier::verify_anewarray(
3092 u2 bci, u2 index, const constantPoolHandle& cp,
3099 VerificationType component_type =
3100 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3101 int length;
3102 char* arr_sig_str;
3103 if (component_type.is_array()) { // it's an array
3104 const char* component_name = component_type.name()->as_utf8();
3105 // Check for more than MAX_ARRAY_DIMENSIONS
3106 length = (int)strlen(component_name);
3107 if (length > MAX_ARRAY_DIMENSIONS &&
3108 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3109 verify_error(ErrorContext::bad_code(bci),
3110 "Illegal anewarray instruction, array has more than 255 dimensions");
3111 }
3112 // add one dimension to component
3113 length++;
3114 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3115 int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name);
3116 assert(n == length, "Unexpected number of characters in string");
3117 } else { // it's an object or interface
3118 const char* component_name = component_type.name()->as_utf8();
3119 char Q_or_L = component_type.is_valuetype() ? 'Q' : 'L';
3120 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3121 length = (int)strlen(component_name) + 3;
3122 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3123 int n = os::snprintf(arr_sig_str, length + 1, "[%c%s;", Q_or_L, component_name);
3124 assert(n == length, "Unexpected number of characters in string");
3125 }
3126 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3127 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3128 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3129 }
3130
3131 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3132 current_frame->get_local(
3133 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3134 current_frame->push_stack(
3135 VerificationType::integer_type(), CHECK_VERIFY(this));
3136 }
3137
3138 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3139 current_frame->get_local_2(
3140 index, VerificationType::long_type(),
3141 VerificationType::long2_type(), CHECK_VERIFY(this));
3142 current_frame->push_stack_2(
3143 VerificationType::long_type(),
3145 }
3146
3147 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3148 current_frame->get_local(
3149 index, VerificationType::float_type(), CHECK_VERIFY(this));
3150 current_frame->push_stack(
3151 VerificationType::float_type(), CHECK_VERIFY(this));
3152 }
3153
3154 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3155 current_frame->get_local_2(
3156 index, VerificationType::double_type(),
3157 VerificationType::double2_type(), CHECK_VERIFY(this));
3158 current_frame->push_stack_2(
3159 VerificationType::double_type(),
3160 VerificationType::double2_type(), CHECK_VERIFY(this));
3161 }
3162
3163 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3164 VerificationType type = current_frame->get_local(
3165 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3166 current_frame->push_stack(type, CHECK_VERIFY(this));
3167 }
3168
3169 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3170 current_frame->pop_stack(
3171 VerificationType::integer_type(), CHECK_VERIFY(this));
3172 current_frame->set_local(
3173 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3174 }
3175
3176 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3177 current_frame->pop_stack_2(
3178 VerificationType::long2_type(),
3179 VerificationType::long_type(), CHECK_VERIFY(this));
3180 current_frame->set_local_2(
3181 index, VerificationType::long_type(),
3182 VerificationType::long2_type(), CHECK_VERIFY(this));
3183 }
3184
3185 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3186 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3187 current_frame->set_local(
3188 index, VerificationType::float_type(), CHECK_VERIFY(this));
3189 }
3190
3191 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3192 current_frame->pop_stack_2(
3193 VerificationType::double2_type(),
3194 VerificationType::double_type(), CHECK_VERIFY(this));
3195 current_frame->set_local_2(
3196 index, VerificationType::double_type(),
3197 VerificationType::double2_type(), CHECK_VERIFY(this));
3198 }
3199
3200 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3201 VerificationType type = current_frame->pop_stack(
3202 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3203 current_frame->set_local(index, type, CHECK_VERIFY(this));
3204 }
3205
3206 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3207 VerificationType type = current_frame->get_local(
3208 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3209 current_frame->set_local(index, type, CHECK_VERIFY(this));
3210 }
3211
3212 void ClassVerifier::verify_return_value(
3213 VerificationType return_type, VerificationType type, u2 bci,
3214 StackMapFrame* current_frame, TRAPS) {
3215 if (return_type == VerificationType::bogus_type()) {
3216 verify_error(ErrorContext::bad_type(bci,
3217 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3218 "Method expects a return value");
3219 return;
3220 }
3221 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3222 if (!match) {
|