1 /*
2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #ifndef SHARE_CLASSFILE_VERIFIER_HPP
26 #define SHARE_CLASSFILE_VERIFIER_HPP
27
28 #include "classfile/verificationType.hpp"
29 #include "oops/klass.hpp"
30 #include "oops/method.hpp"
31 #include "runtime/handles.hpp"
32 #include "utilities/exceptions.hpp"
33 #include "utilities/growableArray.hpp"
34 #include "utilities/resourceHash.hpp"
35
36 // The verifier class
37 class Verifier : AllStatic {
38 public:
39 enum {
40 STACKMAP_ATTRIBUTE_MAJOR_VERSION = 50,
41 INVOKEDYNAMIC_MAJOR_VERSION = 51,
42 NO_RELAX_ACCESS_CTRL_CHECK_VERSION = 52,
43 DYNAMICCONSTANT_MAJOR_VERSION = 55,
44 VALUE_TYPES_MAJOR_VERSION = 67,
45 JAVA_PREVIEW_MINOR_VERSION = 65535,
46 };
47
48 // Verify the bytecodes for a class.
49 static bool verify(InstanceKlass* klass, bool should_verify_class, TRAPS);
50
51 static void log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name,
52 oop pending_exception);
53
54 // Return false if the class is loaded by the bootstrap loader,
55 // or if defineClass was called requesting skipping verification
56 // -Xverify:all overrides this value
57 static bool should_verify_for(oop class_loader, bool should_verify_class);
58
59 // Relax certain access checks to enable some broken 1.1 apps to run on 1.2.
60 static bool relax_access_for(oop class_loader);
61
62 // Print output for class+resolve
63 static void trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class);
64
65 private:
66 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class);
67 static Symbol* inference_verify(
68 InstanceKlass* klass, char* msg, size_t msg_len, TRAPS);
69 };
70
71 class RawBytecodeStream;
72 class StackMapFrame;
73 class StackMapTable;
74
75 // Summary of verifier's memory usage:
76 // StackMapTable is stack allocated.
77 // StackMapFrame are resource allocated. There is only one ResourceMark
78 // for each class verification, which is created at the top level.
79 // There is one mutable StackMapFrame (current_frame) which is updated
80 // by abstract bytecode interpretation. frame_in_exception_handler() returns
81 // a frame that has a mutable one-item stack (ready for pushing the
82 // catch type exception object). All the other StackMapFrame's
83 // are immutable (including their locals and stack arrays) after
84 // their constructions.
85 // locals/stack arrays in StackMapFrame are resource allocated.
86 // locals/stack arrays can be shared between StackMapFrame's, except
87 // the mutable StackMapFrame (current_frame).
88
89 // These macros are used similarly to CHECK macros but also check
90 // the status of the verifier and return if that has an error.
91 #define CHECK_VERIFY(verifier) \
92 CHECK); if ((verifier)->has_error()) return; ((void)0
93 #define CHECK_VERIFY_(verifier, result) \
94 CHECK_(result)); if ((verifier)->has_error()) return (result); ((void)0
95
96 class TypeOrigin {
97 private:
98 typedef enum {
99 CF_LOCALS, // Comes from the current frame locals
100 CF_STACK, // Comes from the current frame expression stack
101 SM_LOCALS, // Comes from stackmap locals
102 SM_STACK, // Comes from stackmap expression stack
103 CONST_POOL, // Comes from the constant pool
104 SIG, // Comes from method signature
105 IMPLICIT, // Comes implicitly from code or context
106 BAD_INDEX, // No type, but the index is bad
107 FRAME_ONLY, // No type, context just contains the frame
108 NONE
109 } Origin;
110
111 Origin _origin;
112 int _index; // local, stack, or constant pool index
113 StackMapFrame* _frame; // source frame if CF or SM
114 VerificationType _type; // The actual type
115
116 TypeOrigin(
117 Origin origin, int index, StackMapFrame* frame, VerificationType type)
118 : _origin(origin), _index(index), _frame(frame), _type(type) {}
119
120 public:
121 TypeOrigin() : _origin(NONE), _index(0), _frame(nullptr) {}
122
123 static TypeOrigin null();
124 static TypeOrigin local(int index, StackMapFrame* frame);
125 static TypeOrigin stack(int index, StackMapFrame* frame);
126 static TypeOrigin sm_local(int index, StackMapFrame* frame);
127 static TypeOrigin sm_stack(int index, StackMapFrame* frame);
128 static TypeOrigin cp(int index, VerificationType vt);
129 static TypeOrigin signature(VerificationType vt);
130 static TypeOrigin bad_index(int index);
131 static TypeOrigin implicit(VerificationType t);
132 static TypeOrigin frame(StackMapFrame* frame);
133
134 void reset_frame();
135 void details(outputStream* ss) const;
136 void print_frame(outputStream* ss) const;
137 const StackMapFrame* frame() const { return _frame; }
138 bool is_valid() const { return _origin != NONE; }
139 int index() const { return _index; }
140
141 #ifdef ASSERT
142 void print_on(outputStream* str) const;
143 #endif
144 };
145
146 class ErrorContext {
147 private:
148 typedef enum {
149 INVALID_BYTECODE, // There was a problem with the bytecode
150 WRONG_TYPE, // Type value was not as expected
151 FLAGS_MISMATCH, // Frame flags are not assignable
152 BAD_CP_INDEX, // Invalid constant pool index
153 BAD_LOCAL_INDEX, // Invalid local index
154 LOCALS_SIZE_MISMATCH, // Frames have differing local counts
155 STACK_SIZE_MISMATCH, // Frames have different stack sizes
156 STACK_OVERFLOW, // Attempt to push onto a full expression stack
157 STACK_UNDERFLOW, // Attempt to pop and empty expression stack
158 MISSING_STACKMAP, // No stackmap for this location and there should be
159 BAD_STACKMAP, // Format error in stackmap
160 WRONG_INLINE_TYPE, // Mismatched inline type
161 NO_FAULT, // No error
162 UNKNOWN
163 } FaultType;
164
165 int _bci;
166 FaultType _fault;
167 TypeOrigin _type;
168 TypeOrigin _expected;
169
170 ErrorContext(int bci, FaultType fault) :
171 _bci(bci), _fault(fault) {}
172 ErrorContext(int bci, FaultType fault, TypeOrigin type) :
173 _bci(bci), _fault(fault), _type(type) {}
174 ErrorContext(int bci, FaultType fault, TypeOrigin type, TypeOrigin exp) :
175 _bci(bci), _fault(fault), _type(type), _expected(exp) {}
176
177 public:
178 ErrorContext() : _bci(-1), _fault(NO_FAULT) {}
179
180 static ErrorContext bad_code(int bci) {
181 return ErrorContext(bci, INVALID_BYTECODE);
182 }
183 static ErrorContext bad_type(int bci, TypeOrigin type) {
184 return ErrorContext(bci, WRONG_TYPE, type);
185 }
186 static ErrorContext bad_type(int bci, TypeOrigin type, TypeOrigin exp) {
187 return ErrorContext(bci, WRONG_TYPE, type, exp);
188 }
189 static ErrorContext bad_flags(int bci, StackMapFrame* frame) {
190 return ErrorContext(bci, FLAGS_MISMATCH, TypeOrigin::frame(frame));
191 }
192 static ErrorContext bad_flags(int bci, StackMapFrame* cur, StackMapFrame* sm) {
193 return ErrorContext(bci, FLAGS_MISMATCH,
194 TypeOrigin::frame(cur), TypeOrigin::frame(sm));
195 }
196 static ErrorContext bad_cp_index(int bci, int index) {
197 return ErrorContext(bci, BAD_CP_INDEX, TypeOrigin::bad_index(index));
198 }
199 static ErrorContext bad_local_index(int bci, int index) {
200 return ErrorContext(bci, BAD_LOCAL_INDEX, TypeOrigin::bad_index(index));
201 }
202 static ErrorContext locals_size_mismatch(
203 int bci, StackMapFrame* frame0, StackMapFrame* frame1) {
204 return ErrorContext(bci, LOCALS_SIZE_MISMATCH,
205 TypeOrigin::frame(frame0), TypeOrigin::frame(frame1));
206 }
207 static ErrorContext stack_size_mismatch(
208 int bci, StackMapFrame* frame0, StackMapFrame* frame1) {
209 return ErrorContext(bci, STACK_SIZE_MISMATCH,
210 TypeOrigin::frame(frame0), TypeOrigin::frame(frame1));
211 }
212 static ErrorContext stack_overflow(int bci, StackMapFrame* frame) {
213 return ErrorContext(bci, STACK_OVERFLOW, TypeOrigin::frame(frame));
214 }
215 static ErrorContext stack_underflow(int bci, StackMapFrame* frame) {
216 return ErrorContext(bci, STACK_UNDERFLOW, TypeOrigin::frame(frame));
217 }
218 static ErrorContext missing_stackmap(int bci) {
219 return ErrorContext(bci, MISSING_STACKMAP);
220 }
221 static ErrorContext bad_stackmap(int index, StackMapFrame* frame) {
222 return ErrorContext(0, BAD_STACKMAP, TypeOrigin::frame(frame));
223 }
224 static ErrorContext bad_inline_type(int bci, TypeOrigin type, TypeOrigin exp) {
225 return ErrorContext(bci, WRONG_INLINE_TYPE, type, exp);
226 }
227
228 bool is_valid() const { return _fault != NO_FAULT; }
229 int bci() const { return _bci; }
230
231 void reset_frames() {
232 _type.reset_frame();
233 _expected.reset_frame();
234 }
235
236 void details(outputStream* ss, const Method* method) const;
237
238 #ifdef ASSERT
239 void print_on(outputStream* str) const {
240 str->print("error_context(%d, %d,", _bci, _fault);
241 _type.print_on(str);
242 str->print(",");
243 _expected.print_on(str);
244 str->print(")");
245 }
246 #endif
247
248 private:
249 void location_details(outputStream* ss, const Method* method) const;
250 void reason_details(outputStream* ss) const;
251 void frame_details(outputStream* ss) const;
252 void bytecode_details(outputStream* ss, const Method* method) const;
253 void handler_details(outputStream* ss, const Method* method) const;
254 void stackmap_details(outputStream* ss, const Method* method) const;
255 };
256
257 class sig_as_verification_types : public ResourceObj {
258 private:
259 int _num_args; // Number of arguments, not including return type.
260 GrowableArray<VerificationType>* _sig_verif_types;
261
262 public:
263
264 sig_as_verification_types(GrowableArray<VerificationType>* sig_verif_types) :
265 _num_args(0), _sig_verif_types(sig_verif_types) {
266 }
267
268 int num_args() const { return _num_args; }
269 void set_num_args(int num_args) { _num_args = num_args; }
270
271 GrowableArray<VerificationType>* sig_verif_types() { return _sig_verif_types; }
272 void set_sig_verif_types(GrowableArray<VerificationType>* sig_verif_types) {
273 _sig_verif_types = sig_verif_types;
274 }
275
276 };
277
278 // This hashtable is indexed by the Utf8 constant pool indexes pointed to
279 // by constant pool (Interface)Method_refs' NameAndType signature entries.
280 typedef ResourceHashtable<int, sig_as_verification_types*, 1007>
281 method_signatures_table_type;
282
283 // A new instance of this class is created for each class being verified
284 class ClassVerifier : public StackObj {
285 private:
286 Thread* _thread;
287
288 Symbol* _previous_symbol; // cache of the previously looked up symbol
289 GrowableArray<Symbol*>* _symbols; // keep a list of symbols created
290
291 Symbol* _exception_type;
292 char* _message;
293
294 method_signatures_table_type _method_signatures_table;
295
296 ErrorContext _error_context; // contains information about an error
297
298 void verify_method(const methodHandle& method, TRAPS);
299 char* generate_code_data(const methodHandle& m, u4 code_length, TRAPS);
300 void verify_exception_handler_table(u4 code_length, char* code_data,
301 int& min, int& max, TRAPS);
302 void verify_local_variable_table(u4 code_length, char* code_data, TRAPS);
303
304 VerificationType cp_ref_index_to_type(
305 int index, const constantPoolHandle& cp, TRAPS) {
306 return cp_index_to_type(cp->uncached_klass_ref_index_at(index), cp, THREAD);
307 }
308
309 bool is_protected_access(
310 InstanceKlass* this_class, Klass* target_class,
311 Symbol* field_name, Symbol* field_sig, bool is_method);
312
313 void verify_cp_index(int bci, const constantPoolHandle& cp, u2 index, TRAPS);
314 void verify_cp_type(int bci, u2 index, const constantPoolHandle& cp,
315 unsigned int types, TRAPS);
316 void verify_cp_class_type(int bci, u2 index, const constantPoolHandle& cp, TRAPS);
317
318 u2 verify_stackmap_table(
319 u2 stackmap_index, int bci, StackMapFrame* current_frame,
320 StackMapTable* stackmap_table, bool no_control_flow, TRAPS);
321
322 void verify_exception_handler_targets(
323 int bci, bool this_uninit, StackMapFrame* current_frame,
324 StackMapTable* stackmap_table, TRAPS);
325
326 void verify_ldc(
327 int opcode, u2 index, StackMapFrame *current_frame,
328 const constantPoolHandle& cp, int bci, TRAPS);
329
330 void verify_switch(
331 RawBytecodeStream* bcs, u4 code_length, char* code_data,
332 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS);
333
334 void verify_field_instructions(
335 RawBytecodeStream* bcs, StackMapFrame* current_frame,
336 const constantPoolHandle& cp, bool allow_arrays, TRAPS);
337
338 void verify_invoke_init(
339 RawBytecodeStream* bcs, u2 ref_index, VerificationType ref_class_type,
340 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
341 bool* this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
342 TRAPS);
343
344 // Used by ends_in_athrow() to push all handlers that contain bci onto the
345 // handler_stack, if the handler has not already been pushed on the stack.
346 void push_handlers(ExceptionTable* exhandlers,
347 GrowableArray<u4>* handler_list,
348 GrowableArray<u4>* handler_stack,
349 u4 bci);
350
351 // Returns true if all paths starting with start_bc_offset end in athrow
352 // bytecode or loop.
353 bool ends_in_athrow(u4 start_bc_offset);
354
355 void verify_invoke_instructions(
356 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
357 bool in_try_block, bool* this_uninit,
358 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS);
359
360 VerificationType get_newarray_type(u2 index, int bci, TRAPS);
361 void verify_anewarray(int bci, u2 index, const constantPoolHandle& cp,
362 StackMapFrame* current_frame, TRAPS);
363 void verify_return_value(
364 VerificationType return_type, VerificationType type, int bci,
365 StackMapFrame* current_frame, TRAPS);
366
367 void verify_iload (int index, StackMapFrame* current_frame, TRAPS);
368 void verify_lload (int index, StackMapFrame* current_frame, TRAPS);
369 void verify_fload (int index, StackMapFrame* current_frame, TRAPS);
370 void verify_dload (int index, StackMapFrame* current_frame, TRAPS);
371 void verify_aload (int index, StackMapFrame* current_frame, TRAPS);
372 void verify_istore(int index, StackMapFrame* current_frame, TRAPS);
373 void verify_lstore(int index, StackMapFrame* current_frame, TRAPS);
374 void verify_fstore(int index, StackMapFrame* current_frame, TRAPS);
375 void verify_dstore(int index, StackMapFrame* current_frame, TRAPS);
376 void verify_astore(int index, StackMapFrame* current_frame, TRAPS);
377 void verify_iinc (int index, StackMapFrame* current_frame, TRAPS);
378
379 bool name_in_supers(Symbol* ref_name, InstanceKlass* current);
380
381 VerificationType object_type() const;
382
383 InstanceKlass* _klass; // the class being verified
384 methodHandle _method; // current method being verified
385 VerificationType _this_type; // the verification type of the current class
386
387 // Some recursive calls from the verifier to the name resolver
388 // can cause the current class to be re-verified and rewritten.
389 // If this happens, the original verification should not continue,
390 // because constant pool indexes will have changed.
391 // The rewriter is preceded by the verifier. If the verifier throws
392 // an error, rewriting is prevented. Also, rewriting always precedes
393 // bytecode execution or compilation. Thus, is_rewritten implies
394 // that a class has been verified and prepared for execution.
395 bool was_recursively_verified() { return _klass->is_rewritten(); }
396
397 bool is_same_or_direct_interface(InstanceKlass* klass,
398 VerificationType klass_type, VerificationType ref_class_type);
399
400 public:
401 enum {
402 BYTECODE_OFFSET = 1,
403 NEW_OFFSET = 2
404 };
405
406 // constructor
407 ClassVerifier(JavaThread* current, InstanceKlass* klass);
408
409 // destructor
410 ~ClassVerifier();
411
412 Thread* thread() { return _thread; }
413 const methodHandle& method() { return _method; }
414 InstanceKlass* current_class() const { return _klass; }
415 VerificationType current_type() const { return _this_type; }
416
417 // Verifies the class. If a verify or class file format error occurs,
418 // the '_exception_name' symbols will set to the exception name and
419 // the message_buffer will be filled in with the exception message.
420 void verify_class(TRAPS);
421
422 // Translates method signature entries into verificationTypes and saves them
423 // in the growable array.
424 void translate_signature(Symbol* const method_sig, sig_as_verification_types* sig_verif_types);
425
426 // Initializes a sig_as_verification_types entry and puts it in the hash table.
427 void create_method_sig_entry(sig_as_verification_types* sig_verif_types, int sig_index);
428
429 // Return status modes
430 Symbol* result() const { return _exception_type; }
431 bool has_error() const { return result() != nullptr; }
432 char* exception_message() {
433 stringStream ss;
434 ss.print("%s", _message);
435 _error_context.details(&ss, _method());
436 return ss.as_string();
437 }
438
439 // Called when verify or class format errors are encountered.
440 // May throw an exception based upon the mode.
441 void verify_error(ErrorContext ctx, const char* fmt, ...) ATTRIBUTE_PRINTF(3, 4);
442 void class_format_error(const char* fmt, ...) ATTRIBUTE_PRINTF(2, 3);
443
444 Klass* load_class(Symbol* name, TRAPS);
445
446 method_signatures_table_type* method_signatures_table() {
447 return &_method_signatures_table;
448 }
449
450 int change_sig_to_verificationType(
451 SignatureStream* sig_type, VerificationType* inference_type);
452
453 VerificationType cp_index_to_type(int index, const constantPoolHandle& cp, TRAPS) {
454 Symbol* name = cp->klass_name_at(index);
455 return VerificationType::reference_type(name);
456 }
457
458 // Keep a list of temporary symbols created during verification because
459 // their reference counts need to be decremented when the verifier object
460 // goes out of scope. Since these symbols escape the scope in which they're
461 // created, we can't use a TempNewSymbol.
462 Symbol* create_temporary_symbol(const char *s, int length);
463 Symbol* create_temporary_symbol(Symbol* s) {
464 if (s == _previous_symbol) {
465 return s;
466 }
467 if (!s->is_permanent()) {
468 s->increment_refcount();
469 if (_symbols == nullptr) {
470 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
471 }
472 _symbols->push(s);
473 }
474 _previous_symbol = s;
475 return s;
476 }
477
478 TypeOrigin ref_ctx(const char* str);
479
480 };
481
482 inline int ClassVerifier::change_sig_to_verificationType(
483 SignatureStream* sig_type, VerificationType* inference_type) {
484 BasicType bt = sig_type->type();
485 switch (bt) {
486 case T_OBJECT:
487 case T_ARRAY:
488 {
489 Symbol* name = sig_type->as_symbol();
490 // Create another symbol to save as signature stream unreferences this symbol.
491 Symbol* name_copy = create_temporary_symbol(name);
492 assert(name_copy == name, "symbols don't match");
493 *inference_type = VerificationType::reference_type(name_copy);
494 return 1;
495 }
496 case T_LONG:
497 *inference_type = VerificationType::long_type();
498 *++inference_type = VerificationType::long2_type();
499 return 2;
500 case T_DOUBLE:
501 *inference_type = VerificationType::double_type();
502 *++inference_type = VerificationType::double2_type();
503 return 2;
504 case T_INT:
505 case T_BOOLEAN:
506 case T_BYTE:
507 case T_CHAR:
508 case T_SHORT:
509 *inference_type = VerificationType::integer_type();
510 return 1;
511 case T_FLOAT:
512 *inference_type = VerificationType::float_type();
513 return 1;
514 default:
515 ShouldNotReachHere();
516 return 1;
517 }
518 }
519
520 #endif // SHARE_CLASSFILE_VERIFIER_HPP