1 #ifdef USE_PRAGMA_IDENT_SRC 2 #pragma ident "@(#)verifier.cpp 1.113 07/05/23 10:53:19 JVM" 3 #endif 4 /* 5 * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved. 6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 7 * 8 * This code is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License version 2 only, as 10 * published by the Free Software Foundation. 11 * 12 * This code is distributed in the hope that it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 * version 2 for more details (a copy is included in the LICENSE file that 16 * accompanied this code). 17 * 18 * You should have received a copy of the GNU General Public License version 19 * 2 along with this work; if not, write to the Free Software Foundation, 20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 * 22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 23 * CA 95054 USA or visit www.sun.com if you need additional information or 24 * have any questions. 25 * 26 */ 27 28 # include "incls/_precompiled.incl" 29 # include "incls/_verifier.cpp.incl" 30 31 // Access to external entry for VerifyClassCodes - old byte code verifier 32 33 extern "C" { 34 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 35 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 36 } 37 38 static void* volatile _verify_byte_codes_fn = NULL; 39 40 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 41 42 static void* verify_byte_codes_fn() { 43 if (_verify_byte_codes_fn == NULL) { 44 void *lib_handle = os::native_java_library(); 45 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 46 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 47 if (func == NULL) { 48 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 49 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes"); 50 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 51 } 52 } 53 return (void*)_verify_byte_codes_fn; 54 } 55 56 57 // Methods in Verifier 58 59 bool Verifier::should_verify_for(oop class_loader) { 60 return class_loader == NULL ? 61 BytecodeVerificationLocal : BytecodeVerificationRemote; 62 } 63 64 bool Verifier::relax_verify_for(oop loader) { 65 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 66 bool need_verify = 67 // verifyAll 68 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 69 // verifyRemote 70 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 71 return !need_verify; 72 } 73 74 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, TRAPS) { 75 ResourceMark rm(THREAD); 76 HandleMark hm; 77 78 symbolHandle exception_name; 79 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 80 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 81 82 const char* klassName = klass->external_name(); 83 84 // If the class should be verified, first see if we can use the split 85 // verifier. If not, or if verification fails and FailOverToOldVerifier 86 // is set, then call the inference verifier. 87 if (is_eligible_for_verification(klass)) { 88 if (TraceClassInitialization) { 89 tty->print_cr("Start class verification for: %s", klassName); 90 } 91 if (UseSplitVerifier && 92 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 93 ClassVerifier split_verifier( 94 klass, message_buffer, message_buffer_len, THREAD); 95 split_verifier.verify_class(THREAD); 96 exception_name = split_verifier.result(); 97 if (FailOverToOldVerifier && !HAS_PENDING_EXCEPTION && 98 (exception_name == vmSymbols::java_lang_VerifyError() || 99 exception_name == vmSymbols::java_lang_ClassFormatError())) { 100 if (TraceClassInitialization) { 101 tty->print_cr( 102 "Fail over class verification to old verifier for: %s", klassName); 103 } 104 exception_name = inference_verify( 105 klass, message_buffer, message_buffer_len, THREAD); 106 } 107 } else { 108 exception_name = inference_verify( 109 klass, message_buffer, message_buffer_len, THREAD); 110 } 111 112 if (TraceClassInitialization) { 113 if (HAS_PENDING_EXCEPTION) { 114 tty->print("Verification for %s has", klassName); 115 tty->print_cr(" exception pending %s ", 116 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 117 } else if (!exception_name.is_null()) { 118 tty->print_cr("Verification for %s failed", klassName); 119 } 120 tty->print_cr("End class verification for: %s", klassName); 121 } 122 } 123 124 if (HAS_PENDING_EXCEPTION) { 125 return false; // use the existing exception 126 } else if (exception_name.is_null()) { 127 return true; // verifcation succeeded 128 } else { // VerifyError or ClassFormatError to be created and thrown 129 ResourceMark rm(THREAD); 130 instanceKlassHandle kls = 131 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 132 while (!kls.is_null()) { 133 if (kls == klass) { 134 // If the class being verified is the exception we're creating 135 // or one of it's superclasses, we're in trouble and are going 136 // to infinitely recurse when we try to initialize the exception. 137 // So bail out here by throwing the preallocated VM error. 138 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 139 } 140 kls = kls->super(); 141 } 142 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 143 THROW_MSG_(exception_name, message_buffer, false); 144 } 145 } 146 147 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass) { 148 symbolOop name = klass->name(); 149 klassOop refl_magic_klass = SystemDictionary::reflect_magic_klass(); 150 151 return (should_verify_for(klass->class_loader()) && 152 // return if the class is a bootstrapping class 153 // We need to skip the following four for bootstraping 154 name != vmSymbols::java_lang_Object() && 155 name != vmSymbols::java_lang_Class() && 156 name != vmSymbols::java_lang_String() && 157 name != vmSymbols::java_lang_Throwable() && 158 159 // Can not verify the bytecodes for shared classes because they have 160 // already been rewritten to contain constant pool cache indices, 161 // which the verifier can't understand. 162 // Shared classes shouldn't have stackmaps either. 163 !klass()->is_shared() && 164 165 // As of the fix for 4486457 we disable verification for all of the 166 // dynamically-generated bytecodes associated with the 1.4 167 // reflection implementation, not just those associated with 168 // sun/reflect/SerializationConstructorAccessor. 169 // NOTE: this is called too early in the bootstrapping process to be 170 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection. 171 (refl_magic_klass == NULL || 172 !klass->is_subtype_of(refl_magic_klass) || 173 VerifyReflectionBytecodes) 174 ); 175 } 176 177 symbolHandle Verifier::inference_verify( 178 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 179 JavaThread* thread = (JavaThread*)THREAD; 180 JNIEnv *env = thread->jni_environment(); 181 182 void* verify_func = verify_byte_codes_fn(); 183 184 if (verify_func == NULL) { 185 jio_snprintf(message, message_len, "Could not link verifier"); 186 return vmSymbols::java_lang_VerifyError(); 187 } 188 189 ResourceMark rm(THREAD); 190 if (ClassVerifier::_verify_verbose) { 191 tty->print_cr("Verifying class %s with old format", klass->external_name()); 192 } 193 194 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 195 jint result; 196 197 { 198 HandleMark hm(thread); 199 ThreadToNativeFromVM ttn(thread); 200 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 201 // code knows that we have left the VM 202 203 if (_is_new_verify_byte_codes_fn) { 204 verify_byte_codes_fn_new_t func = 205 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 206 result = (*func)(env, cls, message, (int)message_len, 207 klass->major_version()); 208 } else { 209 verify_byte_codes_fn_t func = 210 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 211 result = (*func)(env, cls, message, (int)message_len); 212 } 213 } 214 215 JNIHandles::destroy_local(cls); 216 217 // These numbers are chosen so that VerifyClassCodes interface doesn't need 218 // to be changed (still return jboolean (unsigned char)), and result is 219 // 1 when verification is passed. 220 symbolHandle nh(NULL); 221 if (result == 0) { 222 return vmSymbols::java_lang_VerifyError(); 223 } else if (result == 1) { 224 return nh; // verified. 225 } else if (result == 2) { 226 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh); 227 } else if (result == 3) { 228 return vmSymbols::java_lang_ClassFormatError(); 229 } else { 230 ShouldNotReachHere(); 231 return nh; 232 } 233 } 234 235 // Methods in ClassVerifier 236 237 bool ClassVerifier::_verify_verbose = false; 238 239 ClassVerifier::ClassVerifier( 240 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS) 241 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg), 242 _message_buffer_len(msg_len), _klass(klass) { 243 _this_type = VerificationType::reference_type(klass->name()); 244 } 245 246 ClassVerifier::~ClassVerifier() { 247 } 248 249 void ClassVerifier::verify_class(TRAPS) { 250 if (_verify_verbose) { 251 tty->print_cr("Verifying class %s with new format", 252 _klass->external_name()); 253 } 254 255 objArrayHandle methods(THREAD, _klass->methods()); 256 int num_methods = methods->length(); 257 258 for (int index = 0; index < num_methods; index++) { 259 methodOop m = (methodOop)methods->obj_at(index); 260 if (m->is_native() || m->is_abstract()) { 261 // If m is native or abstract, skip it. It is checked in class file 262 // parser that methods do not override a final method. 263 continue; 264 } 265 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 266 } 267 } 268 269 void ClassVerifier::verify_method(methodHandle m, TRAPS) { 270 ResourceMark rm(THREAD); 271 _method = m; // initialize _method 272 if (_verify_verbose) { 273 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 274 } 275 276 const char* bad_type_msg = "Bad type on operand stack in %s"; 277 278 int32_t max_stack = m->max_stack(); 279 int32_t max_locals = m->max_locals(); 280 constantPoolHandle cp(THREAD, m->constants()); 281 282 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 283 class_format_error("Invalid method signature"); 284 return; 285 } 286 287 // Initial stack map frame: offset is 0, stack is initially empty. 288 StackMapFrame current_frame(max_locals, max_stack, this); 289 // Set initial locals 290 VerificationType return_type = current_frame.set_locals_from_arg( 291 m, current_type(), CHECK_VERIFY(this)); 292 293 int32_t stackmap_index = 0; // index to the stackmap array 294 295 u4 code_length = m->code_size(); 296 297 // Scan the bytecode and map each instruction's start offset to a number. 298 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 299 300 int ex_min = code_length; 301 int ex_max = -1; 302 // Look through each item on the exception table. Each of the fields must refer 303 // to a legal instruction. 304 verify_exception_handler_table( 305 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 306 307 // Look through each entry on the local variable table and make sure 308 // its range of code array offsets is valid. (4169817) 309 if (m->has_localvariable_table()) { 310 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 311 } 312 313 typeArrayHandle stackmap_data(THREAD, m->stackmap_data()); 314 StackMapStream stream(stackmap_data); 315 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 316 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 317 code_data, code_length, CHECK_VERIFY(this)); 318 319 if (_verify_verbose) { 320 stackmap_table.print(); 321 } 322 323 RawBytecodeStream bcs(m); 324 325 // Scan the byte code linearly from the start to the end 326 bool no_control_flow = false; // Set to true when there is no direct control 327 // flow from current instruction to the next 328 // instruction in sequence 329 Bytecodes::Code opcode; 330 while (!bcs.is_last_bytecode()) { 331 opcode = bcs.raw_next(); 332 u2 bci = bcs.bci(); 333 334 // Set current frame's offset to bci 335 current_frame.set_offset(bci); 336 337 // Make sure every offset in stackmap table point to the beginning to 338 // an instruction. Match current_frame to stackmap_table entry with 339 // the same offset if exists. 340 stackmap_index = verify_stackmap_table( 341 stackmap_index, bci, ¤t_frame, &stackmap_table, 342 no_control_flow, CHECK_VERIFY(this)); 343 344 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 345 346 // Merge with the next instruction 347 { 348 u2 index; 349 int target; 350 VerificationType type, type2; 351 VerificationType atype; 352 353 #ifndef PRODUCT 354 if (_verify_verbose) { 355 current_frame.print(); 356 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 357 } 358 #endif 359 360 // Make sure wide instruction is in correct format 361 if (bcs.is_wide()) { 362 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 363 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 364 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 365 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 366 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 367 opcode != Bytecodes::_dstore) { 368 verify_error(bci, "Bad wide instruction"); 369 return; 370 } 371 } 372 373 switch (opcode) { 374 case Bytecodes::_nop : 375 no_control_flow = false; break; 376 case Bytecodes::_aconst_null : 377 current_frame.push_stack( 378 VerificationType::null_type(), CHECK_VERIFY(this)); 379 no_control_flow = false; break; 380 case Bytecodes::_iconst_m1 : 381 case Bytecodes::_iconst_0 : 382 case Bytecodes::_iconst_1 : 383 case Bytecodes::_iconst_2 : 384 case Bytecodes::_iconst_3 : 385 case Bytecodes::_iconst_4 : 386 case Bytecodes::_iconst_5 : 387 current_frame.push_stack( 388 VerificationType::integer_type(), CHECK_VERIFY(this)); 389 no_control_flow = false; break; 390 case Bytecodes::_lconst_0 : 391 case Bytecodes::_lconst_1 : 392 current_frame.push_stack_2( 393 VerificationType::long_type(), 394 VerificationType::long2_type(), CHECK_VERIFY(this)); 395 no_control_flow = false; break; 396 case Bytecodes::_fconst_0 : 397 case Bytecodes::_fconst_1 : 398 case Bytecodes::_fconst_2 : 399 current_frame.push_stack( 400 VerificationType::float_type(), CHECK_VERIFY(this)); 401 no_control_flow = false; break; 402 case Bytecodes::_dconst_0 : 403 case Bytecodes::_dconst_1 : 404 current_frame.push_stack_2( 405 VerificationType::double_type(), 406 VerificationType::double2_type(), CHECK_VERIFY(this)); 407 no_control_flow = false; break; 408 case Bytecodes::_sipush : 409 case Bytecodes::_bipush : 410 current_frame.push_stack( 411 VerificationType::integer_type(), CHECK_VERIFY(this)); 412 no_control_flow = false; break; 413 case Bytecodes::_ldc : 414 verify_ldc( 415 opcode, bcs.get_index(), ¤t_frame, 416 cp, bci, CHECK_VERIFY(this)); 417 no_control_flow = false; break; 418 case Bytecodes::_ldc_w : 419 case Bytecodes::_ldc2_w : 420 verify_ldc( 421 opcode, bcs.get_index_big(), ¤t_frame, 422 cp, bci, CHECK_VERIFY(this)); 423 no_control_flow = false; break; 424 case Bytecodes::_iload : 425 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 426 no_control_flow = false; break; 427 case Bytecodes::_iload_0 : 428 case Bytecodes::_iload_1 : 429 case Bytecodes::_iload_2 : 430 case Bytecodes::_iload_3 : 431 index = opcode - Bytecodes::_iload_0; 432 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 433 no_control_flow = false; break; 434 case Bytecodes::_lload : 435 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 436 no_control_flow = false; break; 437 case Bytecodes::_lload_0 : 438 case Bytecodes::_lload_1 : 439 case Bytecodes::_lload_2 : 440 case Bytecodes::_lload_3 : 441 index = opcode - Bytecodes::_lload_0; 442 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 443 no_control_flow = false; break; 444 case Bytecodes::_fload : 445 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 446 no_control_flow = false; break; 447 case Bytecodes::_fload_0 : 448 case Bytecodes::_fload_1 : 449 case Bytecodes::_fload_2 : 450 case Bytecodes::_fload_3 : 451 index = opcode - Bytecodes::_fload_0; 452 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 453 no_control_flow = false; break; 454 case Bytecodes::_dload : 455 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 456 no_control_flow = false; break; 457 case Bytecodes::_dload_0 : 458 case Bytecodes::_dload_1 : 459 case Bytecodes::_dload_2 : 460 case Bytecodes::_dload_3 : 461 index = opcode - Bytecodes::_dload_0; 462 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 463 no_control_flow = false; break; 464 case Bytecodes::_aload : 465 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 466 no_control_flow = false; break; 467 case Bytecodes::_aload_0 : 468 case Bytecodes::_aload_1 : 469 case Bytecodes::_aload_2 : 470 case Bytecodes::_aload_3 : 471 index = opcode - Bytecodes::_aload_0; 472 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 473 no_control_flow = false; break; 474 case Bytecodes::_iaload : 475 type = current_frame.pop_stack( 476 VerificationType::integer_type(), CHECK_VERIFY(this)); 477 atype = current_frame.pop_stack( 478 VerificationType::reference_check(), CHECK_VERIFY(this)); 479 if (!atype.is_int_array()) { 480 verify_error(bci, bad_type_msg, "iaload"); 481 return; 482 } 483 current_frame.push_stack( 484 VerificationType::integer_type(), CHECK_VERIFY(this)); 485 no_control_flow = false; break; 486 case Bytecodes::_baload : 487 type = current_frame.pop_stack( 488 VerificationType::integer_type(), CHECK_VERIFY(this)); 489 atype = current_frame.pop_stack( 490 VerificationType::reference_check(), CHECK_VERIFY(this)); 491 if (!atype.is_bool_array() && !atype.is_byte_array()) { 492 verify_error(bci, bad_type_msg, "baload"); 493 return; 494 } 495 current_frame.push_stack( 496 VerificationType::integer_type(), CHECK_VERIFY(this)); 497 no_control_flow = false; break; 498 case Bytecodes::_caload : 499 type = current_frame.pop_stack( 500 VerificationType::integer_type(), CHECK_VERIFY(this)); 501 atype = current_frame.pop_stack( 502 VerificationType::reference_check(), CHECK_VERIFY(this)); 503 if (!atype.is_char_array()) { 504 verify_error(bci, bad_type_msg, "caload"); 505 return; 506 } 507 current_frame.push_stack( 508 VerificationType::integer_type(), CHECK_VERIFY(this)); 509 no_control_flow = false; break; 510 case Bytecodes::_saload : 511 type = current_frame.pop_stack( 512 VerificationType::integer_type(), CHECK_VERIFY(this)); 513 atype = current_frame.pop_stack( 514 VerificationType::reference_check(), CHECK_VERIFY(this)); 515 if (!atype.is_short_array()) { 516 verify_error(bci, bad_type_msg, "saload"); 517 return; 518 } 519 current_frame.push_stack( 520 VerificationType::integer_type(), CHECK_VERIFY(this)); 521 no_control_flow = false; break; 522 case Bytecodes::_laload : 523 type = current_frame.pop_stack( 524 VerificationType::integer_type(), CHECK_VERIFY(this)); 525 atype = current_frame.pop_stack( 526 VerificationType::reference_check(), CHECK_VERIFY(this)); 527 if (!atype.is_long_array()) { 528 verify_error(bci, bad_type_msg, "laload"); 529 return; 530 } 531 current_frame.push_stack_2( 532 VerificationType::long_type(), 533 VerificationType::long2_type(), CHECK_VERIFY(this)); 534 no_control_flow = false; break; 535 case Bytecodes::_faload : 536 type = current_frame.pop_stack( 537 VerificationType::integer_type(), CHECK_VERIFY(this)); 538 atype = current_frame.pop_stack( 539 VerificationType::reference_check(), CHECK_VERIFY(this)); 540 if (!atype.is_float_array()) { 541 verify_error(bci, bad_type_msg, "faload"); 542 return; 543 } 544 current_frame.push_stack( 545 VerificationType::float_type(), CHECK_VERIFY(this)); 546 no_control_flow = false; break; 547 case Bytecodes::_daload : 548 type = current_frame.pop_stack( 549 VerificationType::integer_type(), CHECK_VERIFY(this)); 550 atype = current_frame.pop_stack( 551 VerificationType::reference_check(), CHECK_VERIFY(this)); 552 if (!atype.is_double_array()) { 553 verify_error(bci, bad_type_msg, "daload"); 554 return; 555 } 556 current_frame.push_stack_2( 557 VerificationType::double_type(), 558 VerificationType::double2_type(), CHECK_VERIFY(this)); 559 no_control_flow = false; break; 560 case Bytecodes::_aaload : { 561 type = current_frame.pop_stack( 562 VerificationType::integer_type(), CHECK_VERIFY(this)); 563 atype = current_frame.pop_stack( 564 VerificationType::reference_check(), CHECK_VERIFY(this)); 565 if (!atype.is_reference_array()) { 566 verify_error(bci, bad_type_msg, "aaload"); 567 return; 568 } 569 if (atype.is_null()) { 570 current_frame.push_stack( 571 VerificationType::null_type(), CHECK_VERIFY(this)); 572 } else { 573 VerificationType component = 574 atype.get_component(CHECK_VERIFY(this)); 575 current_frame.push_stack(component, CHECK_VERIFY(this)); 576 } 577 no_control_flow = false; break; 578 } 579 case Bytecodes::_istore : 580 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 581 no_control_flow = false; break; 582 case Bytecodes::_istore_0 : 583 case Bytecodes::_istore_1 : 584 case Bytecodes::_istore_2 : 585 case Bytecodes::_istore_3 : 586 index = opcode - Bytecodes::_istore_0; 587 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 588 no_control_flow = false; break; 589 case Bytecodes::_lstore : 590 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 591 no_control_flow = false; break; 592 case Bytecodes::_lstore_0 : 593 case Bytecodes::_lstore_1 : 594 case Bytecodes::_lstore_2 : 595 case Bytecodes::_lstore_3 : 596 index = opcode - Bytecodes::_lstore_0; 597 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 598 no_control_flow = false; break; 599 case Bytecodes::_fstore : 600 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 601 no_control_flow = false; break; 602 case Bytecodes::_fstore_0 : 603 case Bytecodes::_fstore_1 : 604 case Bytecodes::_fstore_2 : 605 case Bytecodes::_fstore_3 : 606 index = opcode - Bytecodes::_fstore_0; 607 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 608 no_control_flow = false; break; 609 case Bytecodes::_dstore : 610 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 611 no_control_flow = false; break; 612 case Bytecodes::_dstore_0 : 613 case Bytecodes::_dstore_1 : 614 case Bytecodes::_dstore_2 : 615 case Bytecodes::_dstore_3 : 616 index = opcode - Bytecodes::_dstore_0; 617 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 618 no_control_flow = false; break; 619 case Bytecodes::_astore : 620 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 621 no_control_flow = false; break; 622 case Bytecodes::_astore_0 : 623 case Bytecodes::_astore_1 : 624 case Bytecodes::_astore_2 : 625 case Bytecodes::_astore_3 : 626 index = opcode - Bytecodes::_astore_0; 627 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 628 no_control_flow = false; break; 629 case Bytecodes::_iastore : 630 type = current_frame.pop_stack( 631 VerificationType::integer_type(), CHECK_VERIFY(this)); 632 type2 = current_frame.pop_stack( 633 VerificationType::integer_type(), CHECK_VERIFY(this)); 634 atype = current_frame.pop_stack( 635 VerificationType::reference_check(), CHECK_VERIFY(this)); 636 if (!atype.is_int_array()) { 637 verify_error(bci, bad_type_msg, "iastore"); 638 return; 639 } 640 no_control_flow = false; break; 641 case Bytecodes::_bastore : 642 type = current_frame.pop_stack( 643 VerificationType::integer_type(), CHECK_VERIFY(this)); 644 type2 = current_frame.pop_stack( 645 VerificationType::integer_type(), CHECK_VERIFY(this)); 646 atype = current_frame.pop_stack( 647 VerificationType::reference_check(), CHECK_VERIFY(this)); 648 if (!atype.is_bool_array() && !atype.is_byte_array()) { 649 verify_error(bci, bad_type_msg, "bastore"); 650 return; 651 } 652 no_control_flow = false; break; 653 case Bytecodes::_castore : 654 current_frame.pop_stack( 655 VerificationType::integer_type(), CHECK_VERIFY(this)); 656 current_frame.pop_stack( 657 VerificationType::integer_type(), CHECK_VERIFY(this)); 658 atype = current_frame.pop_stack( 659 VerificationType::reference_check(), CHECK_VERIFY(this)); 660 if (!atype.is_char_array()) { 661 verify_error(bci, bad_type_msg, "castore"); 662 return; 663 } 664 no_control_flow = false; break; 665 case Bytecodes::_sastore : 666 current_frame.pop_stack( 667 VerificationType::integer_type(), CHECK_VERIFY(this)); 668 current_frame.pop_stack( 669 VerificationType::integer_type(), CHECK_VERIFY(this)); 670 atype = current_frame.pop_stack( 671 VerificationType::reference_check(), CHECK_VERIFY(this)); 672 if (!atype.is_short_array()) { 673 verify_error(bci, bad_type_msg, "sastore"); 674 return; 675 } 676 no_control_flow = false; break; 677 case Bytecodes::_lastore : 678 current_frame.pop_stack_2( 679 VerificationType::long2_type(), 680 VerificationType::long_type(), CHECK_VERIFY(this)); 681 current_frame.pop_stack( 682 VerificationType::integer_type(), CHECK_VERIFY(this)); 683 atype = current_frame.pop_stack( 684 VerificationType::reference_check(), CHECK_VERIFY(this)); 685 if (!atype.is_long_array()) { 686 verify_error(bci, bad_type_msg, "lastore"); 687 return; 688 } 689 no_control_flow = false; break; 690 case Bytecodes::_fastore : 691 current_frame.pop_stack( 692 VerificationType::float_type(), CHECK_VERIFY(this)); 693 current_frame.pop_stack 694 (VerificationType::integer_type(), CHECK_VERIFY(this)); 695 atype = current_frame.pop_stack( 696 VerificationType::reference_check(), CHECK_VERIFY(this)); 697 if (!atype.is_float_array()) { 698 verify_error(bci, bad_type_msg, "fastore"); 699 return; 700 } 701 no_control_flow = false; break; 702 case Bytecodes::_dastore : 703 current_frame.pop_stack_2( 704 VerificationType::double2_type(), 705 VerificationType::double_type(), CHECK_VERIFY(this)); 706 current_frame.pop_stack( 707 VerificationType::integer_type(), CHECK_VERIFY(this)); 708 atype = current_frame.pop_stack( 709 VerificationType::reference_check(), CHECK_VERIFY(this)); 710 if (!atype.is_double_array()) { 711 verify_error(bci, bad_type_msg, "dastore"); 712 return; 713 } 714 no_control_flow = false; break; 715 case Bytecodes::_aastore : 716 type = current_frame.pop_stack( 717 VerificationType::reference_check(), CHECK_VERIFY(this)); 718 type2 = current_frame.pop_stack( 719 VerificationType::integer_type(), CHECK_VERIFY(this)); 720 atype = current_frame.pop_stack( 721 VerificationType::reference_check(), CHECK_VERIFY(this)); 722 // more type-checking is done at runtime 723 if (!atype.is_reference_array()) { 724 verify_error(bci, bad_type_msg, "aastore"); 725 return; 726 } 727 // 4938384: relaxed constraint in JVMS 3nd edition. 728 no_control_flow = false; break; 729 case Bytecodes::_pop : 730 current_frame.pop_stack( 731 VerificationType::category1_check(), CHECK_VERIFY(this)); 732 no_control_flow = false; break; 733 case Bytecodes::_pop2 : 734 type = current_frame.pop_stack(CHECK_VERIFY(this)); 735 if (type.is_category1()) { 736 current_frame.pop_stack( 737 VerificationType::category1_check(), CHECK_VERIFY(this)); 738 } else if (type.is_category2_2nd()) { 739 current_frame.pop_stack( 740 VerificationType::category2_check(), CHECK_VERIFY(this)); 741 } else { 742 verify_error(bci, bad_type_msg, "pop2"); 743 return; 744 } 745 no_control_flow = false; break; 746 case Bytecodes::_dup : 747 type = current_frame.pop_stack( 748 VerificationType::category1_check(), CHECK_VERIFY(this)); 749 current_frame.push_stack(type, CHECK_VERIFY(this)); 750 current_frame.push_stack(type, CHECK_VERIFY(this)); 751 no_control_flow = false; break; 752 case Bytecodes::_dup_x1 : 753 type = current_frame.pop_stack( 754 VerificationType::category1_check(), CHECK_VERIFY(this)); 755 type2 = current_frame.pop_stack( 756 VerificationType::category1_check(), CHECK_VERIFY(this)); 757 current_frame.push_stack(type, CHECK_VERIFY(this)); 758 current_frame.push_stack(type2, CHECK_VERIFY(this)); 759 current_frame.push_stack(type, CHECK_VERIFY(this)); 760 no_control_flow = false; break; 761 case Bytecodes::_dup_x2 : 762 { 763 VerificationType type3; 764 type = current_frame.pop_stack( 765 VerificationType::category1_check(), CHECK_VERIFY(this)); 766 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 767 if (type2.is_category1()) { 768 type3 = current_frame.pop_stack( 769 VerificationType::category1_check(), CHECK_VERIFY(this)); 770 } else if (type2.is_category2_2nd()) { 771 type3 = current_frame.pop_stack( 772 VerificationType::category2_check(), CHECK_VERIFY(this)); 773 } else { 774 verify_error(bci, bad_type_msg, "dup_x2"); 775 return; 776 } 777 current_frame.push_stack(type, CHECK_VERIFY(this)); 778 current_frame.push_stack(type3, CHECK_VERIFY(this)); 779 current_frame.push_stack(type2, CHECK_VERIFY(this)); 780 current_frame.push_stack(type, CHECK_VERIFY(this)); 781 no_control_flow = false; break; 782 } 783 case Bytecodes::_dup2 : 784 type = current_frame.pop_stack(CHECK_VERIFY(this)); 785 if (type.is_category1()) { 786 type2 = current_frame.pop_stack( 787 VerificationType::category1_check(), CHECK_VERIFY(this)); 788 } else if (type.is_category2_2nd()) { 789 type2 = current_frame.pop_stack( 790 VerificationType::category2_check(), CHECK_VERIFY(this)); 791 } else { 792 verify_error(bci, bad_type_msg, "dup2"); 793 return; 794 } 795 current_frame.push_stack(type2, CHECK_VERIFY(this)); 796 current_frame.push_stack(type, CHECK_VERIFY(this)); 797 current_frame.push_stack(type2, CHECK_VERIFY(this)); 798 current_frame.push_stack(type, CHECK_VERIFY(this)); 799 no_control_flow = false; break; 800 case Bytecodes::_dup2_x1 : 801 { 802 VerificationType type3; 803 type = current_frame.pop_stack(CHECK_VERIFY(this)); 804 if (type.is_category1()) { 805 type2 = current_frame.pop_stack( 806 VerificationType::category1_check(), CHECK_VERIFY(this)); 807 } else if(type.is_category2_2nd()) { 808 type2 = current_frame.pop_stack 809 (VerificationType::category2_check(), CHECK_VERIFY(this)); 810 } else { 811 verify_error(bci, bad_type_msg, "dup2_x1"); 812 return; 813 } 814 type3 = current_frame.pop_stack( 815 VerificationType::category1_check(), CHECK_VERIFY(this)); 816 current_frame.push_stack(type2, CHECK_VERIFY(this)); 817 current_frame.push_stack(type, CHECK_VERIFY(this)); 818 current_frame.push_stack(type3, CHECK_VERIFY(this)); 819 current_frame.push_stack(type2, CHECK_VERIFY(this)); 820 current_frame.push_stack(type, CHECK_VERIFY(this)); 821 no_control_flow = false; break; 822 } 823 case Bytecodes::_dup2_x2 : 824 { 825 VerificationType type3, type4; 826 type = current_frame.pop_stack(CHECK_VERIFY(this)); 827 if (type.is_category1()) { 828 type2 = current_frame.pop_stack( 829 VerificationType::category1_check(), CHECK_VERIFY(this)); 830 } else if (type.is_category2_2nd()) { 831 type2 = current_frame.pop_stack( 832 VerificationType::category2_check(), CHECK_VERIFY(this)); 833 } else { 834 verify_error(bci, bad_type_msg, "dup2_x2"); 835 return; 836 } 837 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 838 if (type3.is_category1()) { 839 type4 = current_frame.pop_stack( 840 VerificationType::category1_check(), CHECK_VERIFY(this)); 841 } else if (type3.is_category2_2nd()) { 842 type4 = current_frame.pop_stack( 843 VerificationType::category2_check(), CHECK_VERIFY(this)); 844 } else { 845 verify_error(bci, bad_type_msg, "dup2_x2"); 846 return; 847 } 848 current_frame.push_stack(type2, CHECK_VERIFY(this)); 849 current_frame.push_stack(type, CHECK_VERIFY(this)); 850 current_frame.push_stack(type4, CHECK_VERIFY(this)); 851 current_frame.push_stack(type3, CHECK_VERIFY(this)); 852 current_frame.push_stack(type2, CHECK_VERIFY(this)); 853 current_frame.push_stack(type, CHECK_VERIFY(this)); 854 no_control_flow = false; break; 855 } 856 case Bytecodes::_swap : 857 type = current_frame.pop_stack( 858 VerificationType::category1_check(), CHECK_VERIFY(this)); 859 type2 = current_frame.pop_stack( 860 VerificationType::category1_check(), CHECK_VERIFY(this)); 861 current_frame.push_stack(type, CHECK_VERIFY(this)); 862 current_frame.push_stack(type2, CHECK_VERIFY(this)); 863 no_control_flow = false; break; 864 case Bytecodes::_iadd : 865 case Bytecodes::_isub : 866 case Bytecodes::_imul : 867 case Bytecodes::_idiv : 868 case Bytecodes::_irem : 869 case Bytecodes::_ishl : 870 case Bytecodes::_ishr : 871 case Bytecodes::_iushr : 872 case Bytecodes::_ior : 873 case Bytecodes::_ixor : 874 case Bytecodes::_iand : 875 current_frame.pop_stack( 876 VerificationType::integer_type(), CHECK_VERIFY(this)); 877 // fall through 878 case Bytecodes::_ineg : 879 current_frame.pop_stack( 880 VerificationType::integer_type(), CHECK_VERIFY(this)); 881 current_frame.push_stack( 882 VerificationType::integer_type(), CHECK_VERIFY(this)); 883 no_control_flow = false; break; 884 case Bytecodes::_ladd : 885 case Bytecodes::_lsub : 886 case Bytecodes::_lmul : 887 case Bytecodes::_ldiv : 888 case Bytecodes::_lrem : 889 case Bytecodes::_land : 890 case Bytecodes::_lor : 891 case Bytecodes::_lxor : 892 current_frame.pop_stack_2( 893 VerificationType::long2_type(), 894 VerificationType::long_type(), CHECK_VERIFY(this)); 895 // fall through 896 case Bytecodes::_lneg : 897 current_frame.pop_stack_2( 898 VerificationType::long2_type(), 899 VerificationType::long_type(), CHECK_VERIFY(this)); 900 current_frame.push_stack_2( 901 VerificationType::long_type(), 902 VerificationType::long2_type(), CHECK_VERIFY(this)); 903 no_control_flow = false; break; 904 case Bytecodes::_lshl : 905 case Bytecodes::_lshr : 906 case Bytecodes::_lushr : 907 current_frame.pop_stack( 908 VerificationType::integer_type(), CHECK_VERIFY(this)); 909 current_frame.pop_stack_2( 910 VerificationType::long2_type(), 911 VerificationType::long_type(), CHECK_VERIFY(this)); 912 current_frame.push_stack_2( 913 VerificationType::long_type(), 914 VerificationType::long2_type(), CHECK_VERIFY(this)); 915 no_control_flow = false; break; 916 case Bytecodes::_fadd : 917 case Bytecodes::_fsub : 918 case Bytecodes::_fmul : 919 case Bytecodes::_fdiv : 920 case Bytecodes::_frem : 921 current_frame.pop_stack( 922 VerificationType::float_type(), CHECK_VERIFY(this)); 923 // fall through 924 case Bytecodes::_fneg : 925 current_frame.pop_stack( 926 VerificationType::float_type(), CHECK_VERIFY(this)); 927 current_frame.push_stack( 928 VerificationType::float_type(), CHECK_VERIFY(this)); 929 no_control_flow = false; break; 930 case Bytecodes::_dadd : 931 case Bytecodes::_dsub : 932 case Bytecodes::_dmul : 933 case Bytecodes::_ddiv : 934 case Bytecodes::_drem : 935 current_frame.pop_stack_2( 936 VerificationType::double2_type(), 937 VerificationType::double_type(), CHECK_VERIFY(this)); 938 // fall through 939 case Bytecodes::_dneg : 940 current_frame.pop_stack_2( 941 VerificationType::double2_type(), 942 VerificationType::double_type(), CHECK_VERIFY(this)); 943 current_frame.push_stack_2( 944 VerificationType::double_type(), 945 VerificationType::double2_type(), CHECK_VERIFY(this)); 946 no_control_flow = false; break; 947 case Bytecodes::_iinc : 948 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 949 no_control_flow = false; break; 950 case Bytecodes::_i2l : 951 type = current_frame.pop_stack( 952 VerificationType::integer_type(), CHECK_VERIFY(this)); 953 current_frame.push_stack_2( 954 VerificationType::long_type(), 955 VerificationType::long2_type(), CHECK_VERIFY(this)); 956 no_control_flow = false; break; 957 case Bytecodes::_l2i : 958 current_frame.pop_stack_2( 959 VerificationType::long2_type(), 960 VerificationType::long_type(), CHECK_VERIFY(this)); 961 current_frame.push_stack( 962 VerificationType::integer_type(), CHECK_VERIFY(this)); 963 no_control_flow = false; break; 964 case Bytecodes::_i2f : 965 current_frame.pop_stack( 966 VerificationType::integer_type(), CHECK_VERIFY(this)); 967 current_frame.push_stack( 968 VerificationType::float_type(), CHECK_VERIFY(this)); 969 no_control_flow = false; break; 970 case Bytecodes::_i2d : 971 current_frame.pop_stack( 972 VerificationType::integer_type(), CHECK_VERIFY(this)); 973 current_frame.push_stack_2( 974 VerificationType::double_type(), 975 VerificationType::double2_type(), CHECK_VERIFY(this)); 976 no_control_flow = false; break; 977 case Bytecodes::_l2f : 978 current_frame.pop_stack_2( 979 VerificationType::long2_type(), 980 VerificationType::long_type(), CHECK_VERIFY(this)); 981 current_frame.push_stack( 982 VerificationType::float_type(), CHECK_VERIFY(this)); 983 no_control_flow = false; break; 984 case Bytecodes::_l2d : 985 current_frame.pop_stack_2( 986 VerificationType::long2_type(), 987 VerificationType::long_type(), CHECK_VERIFY(this)); 988 current_frame.push_stack_2( 989 VerificationType::double_type(), 990 VerificationType::double2_type(), CHECK_VERIFY(this)); 991 no_control_flow = false; break; 992 case Bytecodes::_f2i : 993 current_frame.pop_stack( 994 VerificationType::float_type(), CHECK_VERIFY(this)); 995 current_frame.push_stack( 996 VerificationType::integer_type(), CHECK_VERIFY(this)); 997 no_control_flow = false; break; 998 case Bytecodes::_f2l : 999 current_frame.pop_stack( 1000 VerificationType::float_type(), CHECK_VERIFY(this)); 1001 current_frame.push_stack_2( 1002 VerificationType::long_type(), 1003 VerificationType::long2_type(), CHECK_VERIFY(this)); 1004 no_control_flow = false; break; 1005 case Bytecodes::_f2d : 1006 current_frame.pop_stack( 1007 VerificationType::float_type(), CHECK_VERIFY(this)); 1008 current_frame.push_stack_2( 1009 VerificationType::double_type(), 1010 VerificationType::double2_type(), CHECK_VERIFY(this)); 1011 no_control_flow = false; break; 1012 case Bytecodes::_d2i : 1013 current_frame.pop_stack_2( 1014 VerificationType::double2_type(), 1015 VerificationType::double_type(), CHECK_VERIFY(this)); 1016 current_frame.push_stack( 1017 VerificationType::integer_type(), CHECK_VERIFY(this)); 1018 no_control_flow = false; break; 1019 case Bytecodes::_d2l : 1020 current_frame.pop_stack_2( 1021 VerificationType::double2_type(), 1022 VerificationType::double_type(), CHECK_VERIFY(this)); 1023 current_frame.push_stack_2( 1024 VerificationType::long_type(), 1025 VerificationType::long2_type(), CHECK_VERIFY(this)); 1026 no_control_flow = false; break; 1027 case Bytecodes::_d2f : 1028 current_frame.pop_stack_2( 1029 VerificationType::double2_type(), 1030 VerificationType::double_type(), CHECK_VERIFY(this)); 1031 current_frame.push_stack( 1032 VerificationType::float_type(), CHECK_VERIFY(this)); 1033 no_control_flow = false; break; 1034 case Bytecodes::_i2b : 1035 case Bytecodes::_i2c : 1036 case Bytecodes::_i2s : 1037 current_frame.pop_stack( 1038 VerificationType::integer_type(), CHECK_VERIFY(this)); 1039 current_frame.push_stack( 1040 VerificationType::integer_type(), CHECK_VERIFY(this)); 1041 no_control_flow = false; break; 1042 case Bytecodes::_lcmp : 1043 current_frame.pop_stack_2( 1044 VerificationType::long2_type(), 1045 VerificationType::long_type(), CHECK_VERIFY(this)); 1046 current_frame.pop_stack_2( 1047 VerificationType::long2_type(), 1048 VerificationType::long_type(), CHECK_VERIFY(this)); 1049 current_frame.push_stack( 1050 VerificationType::integer_type(), CHECK_VERIFY(this)); 1051 no_control_flow = false; break; 1052 case Bytecodes::_fcmpl : 1053 case Bytecodes::_fcmpg : 1054 current_frame.pop_stack( 1055 VerificationType::float_type(), CHECK_VERIFY(this)); 1056 current_frame.pop_stack( 1057 VerificationType::float_type(), CHECK_VERIFY(this)); 1058 current_frame.push_stack( 1059 VerificationType::integer_type(), CHECK_VERIFY(this)); 1060 no_control_flow = false; break; 1061 case Bytecodes::_dcmpl : 1062 case Bytecodes::_dcmpg : 1063 current_frame.pop_stack_2( 1064 VerificationType::double2_type(), 1065 VerificationType::double_type(), CHECK_VERIFY(this)); 1066 current_frame.pop_stack_2( 1067 VerificationType::double2_type(), 1068 VerificationType::double_type(), CHECK_VERIFY(this)); 1069 current_frame.push_stack( 1070 VerificationType::integer_type(), CHECK_VERIFY(this)); 1071 no_control_flow = false; break; 1072 case Bytecodes::_if_icmpeq: 1073 case Bytecodes::_if_icmpne: 1074 case Bytecodes::_if_icmplt: 1075 case Bytecodes::_if_icmpge: 1076 case Bytecodes::_if_icmpgt: 1077 case Bytecodes::_if_icmple: 1078 current_frame.pop_stack( 1079 VerificationType::integer_type(), CHECK_VERIFY(this)); 1080 // fall through 1081 case Bytecodes::_ifeq: 1082 case Bytecodes::_ifne: 1083 case Bytecodes::_iflt: 1084 case Bytecodes::_ifge: 1085 case Bytecodes::_ifgt: 1086 case Bytecodes::_ifle: 1087 current_frame.pop_stack( 1088 VerificationType::integer_type(), CHECK_VERIFY(this)); 1089 target = bcs.dest(); 1090 stackmap_table.check_jump_target( 1091 ¤t_frame, target, CHECK_VERIFY(this)); 1092 no_control_flow = false; break; 1093 case Bytecodes::_if_acmpeq : 1094 case Bytecodes::_if_acmpne : 1095 current_frame.pop_stack( 1096 VerificationType::reference_check(), CHECK_VERIFY(this)); 1097 // fall through 1098 case Bytecodes::_ifnull : 1099 case Bytecodes::_ifnonnull : 1100 current_frame.pop_stack( 1101 VerificationType::reference_check(), CHECK_VERIFY(this)); 1102 target = bcs.dest(); 1103 stackmap_table.check_jump_target 1104 (¤t_frame, target, CHECK_VERIFY(this)); 1105 no_control_flow = false; break; 1106 case Bytecodes::_goto : 1107 target = bcs.dest(); 1108 stackmap_table.check_jump_target( 1109 ¤t_frame, target, CHECK_VERIFY(this)); 1110 no_control_flow = true; break; 1111 case Bytecodes::_goto_w : 1112 target = bcs.dest_w(); 1113 stackmap_table.check_jump_target( 1114 ¤t_frame, target, CHECK_VERIFY(this)); 1115 no_control_flow = true; break; 1116 case Bytecodes::_tableswitch : 1117 case Bytecodes::_lookupswitch : 1118 verify_switch( 1119 &bcs, code_length, code_data, ¤t_frame, 1120 &stackmap_table, CHECK_VERIFY(this)); 1121 no_control_flow = true; break; 1122 case Bytecodes::_ireturn : 1123 type = current_frame.pop_stack( 1124 VerificationType::integer_type(), CHECK_VERIFY(this)); 1125 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1126 no_control_flow = true; break; 1127 case Bytecodes::_lreturn : 1128 type2 = current_frame.pop_stack( 1129 VerificationType::long2_type(), CHECK_VERIFY(this)); 1130 type = current_frame.pop_stack( 1131 VerificationType::long_type(), CHECK_VERIFY(this)); 1132 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1133 no_control_flow = true; break; 1134 case Bytecodes::_freturn : 1135 type = current_frame.pop_stack( 1136 VerificationType::float_type(), CHECK_VERIFY(this)); 1137 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1138 no_control_flow = true; break; 1139 case Bytecodes::_dreturn : 1140 type2 = current_frame.pop_stack( 1141 VerificationType::double2_type(), CHECK_VERIFY(this)); 1142 type = current_frame.pop_stack( 1143 VerificationType::double_type(), CHECK_VERIFY(this)); 1144 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1145 no_control_flow = true; break; 1146 case Bytecodes::_areturn : 1147 type = current_frame.pop_stack( 1148 VerificationType::reference_check(), CHECK_VERIFY(this)); 1149 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1150 no_control_flow = true; break; 1151 case Bytecodes::_return : 1152 if (return_type != VerificationType::bogus_type()) { 1153 verify_error(bci, "Method expects no return value"); 1154 return; 1155 } 1156 // Make sure "this" has been initialized if current method is an 1157 // <init> 1158 if (_method->name() == vmSymbols::object_initializer_name() && 1159 current_frame.flag_this_uninit()) { 1160 verify_error(bci, 1161 "Constructor must call super() or this() before return"); 1162 return; 1163 } 1164 no_control_flow = true; break; 1165 case Bytecodes::_getstatic : 1166 case Bytecodes::_putstatic : 1167 case Bytecodes::_getfield : 1168 case Bytecodes::_putfield : 1169 verify_field_instructions( 1170 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1171 no_control_flow = false; break; 1172 case Bytecodes::_invokevirtual : 1173 case Bytecodes::_invokespecial : 1174 case Bytecodes::_invokestatic : 1175 verify_invoke_instructions( 1176 &bcs, code_length, ¤t_frame, 1177 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1178 no_control_flow = false; break; 1179 case Bytecodes::_invokeinterface : 1180 verify_invoke_instructions( 1181 &bcs, code_length, ¤t_frame, 1182 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1183 no_control_flow = false; break; 1184 case Bytecodes::_new : 1185 { 1186 index = bcs.get_index_big(); 1187 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1188 VerificationType new_class_type = 1189 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1190 if (!new_class_type.is_object()) { 1191 verify_error(bci, "Illegal new instruction"); 1192 return; 1193 } 1194 type = VerificationType::uninitialized_type(bci); 1195 current_frame.push_stack(type, CHECK_VERIFY(this)); 1196 no_control_flow = false; break; 1197 } 1198 case Bytecodes::_newarray : 1199 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1200 current_frame.pop_stack( 1201 VerificationType::integer_type(), CHECK_VERIFY(this)); 1202 current_frame.push_stack(type, CHECK_VERIFY(this)); 1203 no_control_flow = false; break; 1204 case Bytecodes::_anewarray : 1205 verify_anewarray( 1206 bcs.get_index_big(), cp, ¤t_frame, CHECK_VERIFY(this)); 1207 no_control_flow = false; break; 1208 case Bytecodes::_arraylength : 1209 type = current_frame.pop_stack( 1210 VerificationType::reference_check(), CHECK_VERIFY(this)); 1211 if (!type.is_array()) { 1212 verify_error(bci, bad_type_msg, "arraylength"); 1213 } 1214 current_frame.push_stack( 1215 VerificationType::integer_type(), CHECK_VERIFY(this)); 1216 no_control_flow = false; break; 1217 case Bytecodes::_checkcast : 1218 { 1219 index = bcs.get_index_big(); 1220 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1221 current_frame.pop_stack( 1222 VerificationType::reference_check(), CHECK_VERIFY(this)); 1223 VerificationType klass_type = cp_index_to_type( 1224 index, cp, CHECK_VERIFY(this)); 1225 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1226 no_control_flow = false; break; 1227 } 1228 case Bytecodes::_instanceof : { 1229 index = bcs.get_index_big(); 1230 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1231 current_frame.pop_stack( 1232 VerificationType::reference_check(), CHECK_VERIFY(this)); 1233 current_frame.push_stack( 1234 VerificationType::integer_type(), CHECK_VERIFY(this)); 1235 no_control_flow = false; break; 1236 } 1237 case Bytecodes::_monitorenter : 1238 case Bytecodes::_monitorexit : 1239 current_frame.pop_stack( 1240 VerificationType::reference_check(), CHECK_VERIFY(this)); 1241 no_control_flow = false; break; 1242 case Bytecodes::_multianewarray : 1243 { 1244 index = bcs.get_index_big(); 1245 u2 dim = *(bcs.bcp()+3); 1246 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1247 VerificationType new_array_type = 1248 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1249 if (!new_array_type.is_array()) { 1250 verify_error(bci, 1251 "Illegal constant pool index in multianewarray instruction"); 1252 return; 1253 } 1254 if (dim < 1 || new_array_type.dimensions() < dim) { 1255 verify_error(bci, 1256 "Illegal dimension in multianewarray instruction"); 1257 return; 1258 } 1259 for (int i = 0; i < dim; i++) { 1260 current_frame.pop_stack( 1261 VerificationType::integer_type(), CHECK_VERIFY(this)); 1262 } 1263 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1264 no_control_flow = false; break; 1265 } 1266 case Bytecodes::_athrow : 1267 type = VerificationType::reference_type( 1268 vmSymbols::java_lang_Throwable()); 1269 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1270 no_control_flow = true; break; 1271 default: 1272 // We only need to check the valid bytecodes in class file. 1273 // And jsr and ret are not in the new class file format in JDK1.5. 1274 verify_error(bci, "Bad instruction"); 1275 no_control_flow = false; 1276 return; 1277 } // end switch 1278 } // end Merge with the next instruction 1279 1280 // Look for possible jump target in exception handlers and see if it 1281 // matches current_frame 1282 if (bci >= ex_min && bci < ex_max) { 1283 verify_exception_handler_targets( 1284 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1285 } 1286 } // end while 1287 1288 // Make sure that control flow does not fall through end of the method 1289 if (!no_control_flow) { 1290 verify_error(code_length, "Control flow falls through code end"); 1291 return; 1292 } 1293 } 1294 1295 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1296 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1297 memset(code_data, 0, sizeof(char) * code_length); 1298 RawBytecodeStream bcs(m); 1299 1300 while (!bcs.is_last_bytecode()) { 1301 if (bcs.raw_next() != Bytecodes::_illegal) { 1302 int bci = bcs.bci(); 1303 if (bcs.code() == Bytecodes::_new) { 1304 code_data[bci] = NEW_OFFSET; 1305 } else { 1306 code_data[bci] = BYTECODE_OFFSET; 1307 } 1308 } else { 1309 verify_error(bcs.bci(), "Bad instruction"); 1310 return NULL; 1311 } 1312 } 1313 1314 return code_data; 1315 } 1316 1317 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1318 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1319 constantPoolHandle cp (THREAD, _method->constants()); 1320 1321 if (exhandlers() != NULL) { 1322 for(int i = 0; i < exhandlers->length();) { 1323 u2 start_pc = exhandlers->int_at(i++); 1324 u2 end_pc = exhandlers->int_at(i++); 1325 u2 handler_pc = exhandlers->int_at(i++); 1326 if (start_pc >= code_length || code_data[start_pc] == 0) { 1327 class_format_error("Illegal exception table start_pc %d", start_pc); 1328 return; 1329 } 1330 if (end_pc != code_length) { // special case: end_pc == code_length 1331 if (end_pc > code_length || code_data[end_pc] == 0) { 1332 class_format_error("Illegal exception table end_pc %d", end_pc); 1333 return; 1334 } 1335 } 1336 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1337 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1338 return; 1339 } 1340 int catch_type_index = exhandlers->int_at(i++); 1341 if (catch_type_index != 0) { 1342 VerificationType catch_type = cp_index_to_type( 1343 catch_type_index, cp, CHECK_VERIFY(this)); 1344 VerificationType throwable = 1345 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1346 bool is_subclass = throwable.is_assignable_from( 1347 catch_type, current_class(), CHECK_VERIFY(this)); 1348 if (!is_subclass) { 1349 // 4286534: should throw VerifyError according to recent spec change 1350 verify_error( 1351 "Catch type is not a subclass of Throwable in handler %d", 1352 handler_pc); 1353 return; 1354 } 1355 } 1356 if (start_pc < min) min = start_pc; 1357 if (end_pc > max) max = end_pc; 1358 } 1359 } 1360 } 1361 1362 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1363 int localvariable_table_length = _method()->localvariable_table_length(); 1364 if (localvariable_table_length > 0) { 1365 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1366 for (int i = 0; i < localvariable_table_length; i++) { 1367 u2 start_bci = table[i].start_bci; 1368 u2 length = table[i].length; 1369 1370 if (start_bci >= code_length || code_data[start_bci] == 0) { 1371 class_format_error( 1372 "Illegal local variable table start_pc %d", start_bci); 1373 return; 1374 } 1375 u4 end_bci = (u4)(start_bci + length); 1376 if (end_bci != code_length) { 1377 if (end_bci >= code_length || code_data[end_bci] == 0) { 1378 class_format_error( "Illegal local variable table length %d", length); 1379 return; 1380 } 1381 } 1382 } 1383 } 1384 } 1385 1386 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1387 StackMapFrame* current_frame, 1388 StackMapTable* stackmap_table, 1389 bool no_control_flow, TRAPS) { 1390 if (stackmap_index < stackmap_table->get_frame_count()) { 1391 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1392 if (no_control_flow && this_offset > bci) { 1393 verify_error(bci, "Expecting a stack map frame"); 1394 return 0; 1395 } 1396 if (this_offset == bci) { 1397 // See if current stack map can be assigned to the frame in table. 1398 // current_frame is the stackmap frame got from the last instruction. 1399 // If matched, current_frame will be updated by this method. 1400 bool match = stackmap_table->match_stackmap( 1401 current_frame, this_offset, stackmap_index, 1402 !no_control_flow, true, CHECK_VERIFY_(this, 0)); 1403 if (!match) { 1404 // report type error 1405 verify_error(bci, "Instruction type does not match stack map"); 1406 return 0; 1407 } 1408 stackmap_index++; 1409 } else if (this_offset < bci) { 1410 // current_offset should have met this_offset. 1411 class_format_error("Bad stack map offset %d", this_offset); 1412 return 0; 1413 } 1414 } else if (no_control_flow) { 1415 verify_error(bci, "Expecting a stack map frame"); 1416 return 0; 1417 } 1418 return stackmap_index; 1419 } 1420 1421 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1422 StackMapTable* stackmap_table, TRAPS) { 1423 constantPoolHandle cp (THREAD, _method->constants()); 1424 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1425 if (exhandlers() != NULL) { 1426 for(int i = 0; i < exhandlers->length();) { 1427 u2 start_pc = exhandlers->int_at(i++); 1428 u2 end_pc = exhandlers->int_at(i++); 1429 u2 handler_pc = exhandlers->int_at(i++); 1430 int catch_type_index = exhandlers->int_at(i++); 1431 if(bci >= start_pc && bci < end_pc) { 1432 u1 flags = current_frame->flags(); 1433 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1434 1435 ResourceMark rm(THREAD); 1436 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1437 if (catch_type_index != 0) { 1438 // We know that this index refers to a subclass of Throwable 1439 VerificationType catch_type = cp_index_to_type( 1440 catch_type_index, cp, CHECK_VERIFY(this)); 1441 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1442 } else { 1443 VerificationType throwable = 1444 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1445 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1446 } 1447 bool match = stackmap_table->match_stackmap( 1448 new_frame, handler_pc, true, false, CHECK_VERIFY(this)); 1449 if (!match) { 1450 verify_error(bci, 1451 "Stack map does not match the one at exception handler %d", 1452 handler_pc); 1453 return; 1454 } 1455 } 1456 } 1457 } 1458 } 1459 1460 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) { 1461 int nconstants = cp->length(); 1462 if ((index <= 0) || (index >= nconstants)) { 1463 verify_error("Illegal constant pool index %d in class %s", 1464 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1465 return; 1466 } 1467 } 1468 1469 void ClassVerifier::verify_cp_type( 1470 int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1471 1472 // In some situations, bytecode rewriting may occur while we're verifying. 1473 // In this case, a constant pool cache exists and some indices refer to that 1474 // instead. Get the original index for the tag check 1475 constantPoolCacheOop cache = cp->cache(); 1476 if (cache != NULL && 1477 ((types == (1 << JVM_CONSTANT_InterfaceMethodref)) || 1478 (types == (1 << JVM_CONSTANT_Methodref)) || 1479 (types == (1 << JVM_CONSTANT_Fieldref)))) { 1480 int native_index = index; 1481 if (Bytes::is_Java_byte_ordering_different()) { 1482 native_index = Bytes::swap_u2(index); 1483 } 1484 assert((native_index >= 0) && (native_index < cache->length()), 1485 "Must be a legal index into the cp cache"); 1486 index = cache->entry_at(native_index)->constant_pool_index(); 1487 } 1488 1489 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1490 unsigned int tag = cp->tag_at(index).value(); 1491 if ((types & (1 << tag)) == 0) { 1492 verify_error( 1493 "Illegal type at constant pool entry %d in class %s", 1494 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1495 return; 1496 } 1497 } 1498 1499 void ClassVerifier::verify_cp_class_type( 1500 int index, constantPoolHandle cp, TRAPS) { 1501 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1502 constantTag tag = cp->tag_at(index); 1503 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1504 verify_error("Illegal type at constant pool entry %d in class %s", 1505 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1506 return; 1507 } 1508 } 1509 1510 void ClassVerifier::format_error_message( 1511 const char* fmt, int offset, va_list va) { 1512 ResourceMark rm(_thread); 1513 stringStream message(_message, _message_buffer_len); 1514 message.vprint(fmt, va); 1515 if (!_method.is_null()) { 1516 message.print(" in method %s", _method->name_and_sig_as_C_string()); 1517 } 1518 if (offset != -1) { 1519 message.print(" at offset %d", offset); 1520 } 1521 } 1522 1523 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) { 1524 _exception_type = vmSymbols::java_lang_VerifyError(); 1525 va_list va; 1526 va_start(va, fmt); 1527 format_error_message(fmt, offset, va); 1528 va_end(va); 1529 } 1530 1531 void ClassVerifier::verify_error(const char* fmt, ...) { 1532 _exception_type = vmSymbols::java_lang_VerifyError(); 1533 va_list va; 1534 va_start(va, fmt); 1535 format_error_message(fmt, -1, va); 1536 va_end(va); 1537 } 1538 1539 void ClassVerifier::class_format_error(const char* msg, ...) { 1540 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1541 va_list va; 1542 va_start(va, msg); 1543 format_error_message(msg, -1, va); 1544 va_end(va); 1545 } 1546 1547 klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) { 1548 // Get current loader and protection domain first. 1549 oop loader = current_class()->class_loader(); 1550 oop protection_domain = current_class()->protection_domain(); 1551 1552 return SystemDictionary::resolve_or_fail( 1553 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1554 true, CHECK_NULL); 1555 } 1556 1557 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1558 klassOop target_class, 1559 symbolOop field_name, 1560 symbolOop field_sig, 1561 bool is_method) { 1562 No_Safepoint_Verifier nosafepoint; 1563 1564 // If target class isn't a super class of this class, we don't worry about this case 1565 if (!this_class->is_subclass_of(target_class)) { 1566 return false; 1567 } 1568 // Check if the specified method or field is protected 1569 instanceKlass* target_instance = instanceKlass::cast(target_class); 1570 fieldDescriptor fd; 1571 if (is_method) { 1572 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig); 1573 if (m != NULL && m->is_protected()) { 1574 if (!this_class->is_same_class_package(m->method_holder())) { 1575 return true; 1576 } 1577 } 1578 } else { 1579 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd); 1580 if(member_klass != NULL && fd.is_protected()) { 1581 if (!this_class->is_same_class_package(member_klass)) { 1582 return true; 1583 } 1584 } 1585 } 1586 return false; 1587 } 1588 1589 void ClassVerifier::verify_ldc( 1590 int opcode, u2 index, StackMapFrame *current_frame, 1591 constantPoolHandle cp, u2 bci, TRAPS) { 1592 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1593 constantTag tag = cp->tag_at(index); 1594 unsigned int types; 1595 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1596 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) { 1597 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1598 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class); 1599 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1600 } 1601 } else { 1602 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 1603 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 1604 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1605 } 1606 if (tag.is_string() || tag.is_unresolved_string()) { 1607 current_frame->push_stack( 1608 VerificationType::reference_type( 1609 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 1610 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 1611 current_frame->push_stack( 1612 VerificationType::reference_type( 1613 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 1614 } else if (tag.is_int()) { 1615 current_frame->push_stack( 1616 VerificationType::integer_type(), CHECK_VERIFY(this)); 1617 } else if (tag.is_float()) { 1618 current_frame->push_stack( 1619 VerificationType::float_type(), CHECK_VERIFY(this)); 1620 } else if (tag.is_double()) { 1621 current_frame->push_stack_2( 1622 VerificationType::double_type(), 1623 VerificationType::double2_type(), CHECK_VERIFY(this)); 1624 } else if (tag.is_long()) { 1625 current_frame->push_stack_2( 1626 VerificationType::long_type(), 1627 VerificationType::long2_type(), CHECK_VERIFY(this)); 1628 } else { 1629 verify_error(bci, "Invalid index in ldc"); 1630 return; 1631 } 1632 } 1633 1634 void ClassVerifier::verify_switch( 1635 RawBytecodeStream* bcs, u4 code_length, char* code_data, 1636 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 1637 int bci = bcs->bci(); 1638 address bcp = bcs->bcp(); 1639 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 1640 1641 // 4639449 & 4647081: padding bytes must be 0 1642 u2 padding_offset = 1; 1643 while ((bcp + padding_offset) < aligned_bcp) { 1644 if(*(bcp + padding_offset) != 0) { 1645 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch"); 1646 return; 1647 } 1648 padding_offset++; 1649 } 1650 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 1651 int keys, delta; 1652 current_frame->pop_stack( 1653 VerificationType::integer_type(), CHECK_VERIFY(this)); 1654 if (bcs->code() == Bytecodes::_tableswitch) { 1655 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 1656 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 1657 if (low > high) { 1658 verify_error(bci, 1659 "low must be less than or equal to high in tableswitch"); 1660 return; 1661 } 1662 keys = high - low + 1; 1663 if (keys < 0) { 1664 verify_error(bci, "too many keys in tableswitch"); 1665 return; 1666 } 1667 delta = 1; 1668 } else { 1669 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 1670 if (keys < 0) { 1671 verify_error(bci, "number of keys in lookupswitch less than 0"); 1672 return; 1673 } 1674 delta = 2; 1675 // Make sure that the lookupswitch items are sorted 1676 for (int i = 0; i < (keys - 1); i++) { 1677 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 1678 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 1679 if (this_key >= next_key) { 1680 verify_error(bci, "Bad lookupswitch instruction"); 1681 return; 1682 } 1683 } 1684 } 1685 int target = bci + default_offset; 1686 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 1687 for (int i = 0; i < keys; i++) { 1688 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 1689 stackmap_table->check_jump_target( 1690 current_frame, target, CHECK_VERIFY(this)); 1691 } 1692 } 1693 1694 bool ClassVerifier::name_in_supers( 1695 symbolOop ref_name, instanceKlassHandle current) { 1696 klassOop super = current->super(); 1697 while (super != NULL) { 1698 if (super->klass_part()->name() == ref_name) { 1699 return true; 1700 } 1701 super = super->klass_part()->super(); 1702 } 1703 return false; 1704 } 1705 1706 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 1707 StackMapFrame* current_frame, 1708 constantPoolHandle cp, 1709 TRAPS) { 1710 u2 index = bcs->get_index_big(); 1711 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 1712 1713 // Get field name and signature 1714 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index)); 1715 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index)); 1716 1717 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 1718 class_format_error( 1719 "Invalid signature for field in class %s referenced " 1720 "from constant pool index %d", _klass->external_name(), index); 1721 return; 1722 } 1723 1724 // Get referenced class type 1725 VerificationType ref_class_type = cp_ref_index_to_type( 1726 index, cp, CHECK_VERIFY(this)); 1727 if (!ref_class_type.is_object()) { 1728 verify_error( 1729 "Expecting reference to class in class %s at constant pool index %d", 1730 _klass->external_name(), index); 1731 return; 1732 } 1733 VerificationType target_class_type = ref_class_type; 1734 1735 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1736 "buffer type must match VerificationType size"); 1737 uintptr_t field_type_buffer[2]; 1738 VerificationType* field_type = (VerificationType*)field_type_buffer; 1739 // If we make a VerificationType[2] array directly, the compiler calls 1740 // to the c-runtime library to do the allocation instead of just 1741 // stack allocating it. Plus it would run constructors. This shows up 1742 // in performance profiles. 1743 1744 SignatureStream sig_stream(field_sig, false); 1745 VerificationType stack_object_type; 1746 int n = change_sig_to_verificationType( 1747 &sig_stream, field_type, CHECK_VERIFY(this)); 1748 u2 bci = bcs->bci(); 1749 bool is_assignable; 1750 switch (bcs->code()) { 1751 case Bytecodes::_getstatic: { 1752 for (int i = 0; i < n; i++) { 1753 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1754 } 1755 break; 1756 } 1757 case Bytecodes::_putstatic: { 1758 for (int i = n - 1; i >= 0; i--) { 1759 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1760 } 1761 break; 1762 } 1763 case Bytecodes::_getfield: { 1764 stack_object_type = current_frame->pop_stack( 1765 target_class_type, CHECK_VERIFY(this)); 1766 for (int i = 0; i < n; i++) { 1767 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1768 } 1769 goto check_protected; 1770 } 1771 case Bytecodes::_putfield: { 1772 for (int i = n - 1; i >= 0; i--) { 1773 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1774 } 1775 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 1776 1777 // The JVMS 2nd edition allows field initialization before the superclass 1778 // initializer, if the field is defined within the current class. 1779 fieldDescriptor fd; 1780 if (stack_object_type == VerificationType::uninitialized_this_type() && 1781 target_class_type.equals(current_type()) && 1782 _klass->find_local_field(field_name(), field_sig(), &fd)) { 1783 stack_object_type = current_type(); 1784 } 1785 is_assignable = target_class_type.is_assignable_from( 1786 stack_object_type, current_class(), CHECK_VERIFY(this)); 1787 if (!is_assignable) { 1788 verify_error(bci, "Bad type on operand stack in putfield"); 1789 return; 1790 } 1791 } 1792 check_protected: { 1793 if (_this_type == stack_object_type) 1794 break; // stack_object_type must be assignable to _current_class_type 1795 symbolHandle ref_class_name = symbolHandle(THREAD, 1796 cp->klass_name_at(cp->klass_ref_index_at(index))); 1797 if (!name_in_supers(ref_class_name(), current_class())) 1798 // stack_object_type must be assignable to _current_class_type since: 1799 // 1. stack_object_type must be assignable to ref_class. 1800 // 2. ref_class must be _current_class or a subclass of it. It can't 1801 // be a superclass of it. See revised JVMS 5.4.4. 1802 break; 1803 1804 klassOop ref_class_oop = load_class(ref_class_name, CHECK); 1805 if (is_protected_access(current_class(), ref_class_oop, field_name(), 1806 field_sig(), false)) { 1807 // It's protected access, check if stack object is assignable to 1808 // current class. 1809 is_assignable = current_type().is_assignable_from( 1810 stack_object_type, current_class(), CHECK_VERIFY(this)); 1811 if (!is_assignable) { 1812 verify_error(bci, "Bad access to protected data in getfield"); 1813 return; 1814 } 1815 } 1816 break; 1817 } 1818 default: ShouldNotReachHere(); 1819 } 1820 } 1821 1822 void ClassVerifier::verify_invoke_init( 1823 RawBytecodeStream* bcs, VerificationType ref_class_type, 1824 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 1825 constantPoolHandle cp, TRAPS) { 1826 u2 bci = bcs->bci(); 1827 VerificationType type = current_frame->pop_stack( 1828 VerificationType::reference_check(), CHECK_VERIFY(this)); 1829 if (type == VerificationType::uninitialized_this_type()) { 1830 // The method must be an <init> method of either this class, or one of its 1831 // superclasses 1832 klassOop oop = current_class()(); 1833 Klass* klass = oop->klass_part(); 1834 while (klass != NULL && ref_class_type.name() != klass->name()) { 1835 klass = klass->super()->klass_part(); 1836 } 1837 if (klass == NULL) { 1838 verify_error(bci, "Bad <init> method call"); 1839 return; 1840 } 1841 current_frame->initialize_object(type, current_type()); 1842 *this_uninit = true; 1843 } else if (type.is_uninitialized()) { 1844 u2 new_offset = type.bci(); 1845 address new_bcp = bcs->bcp() - bci + new_offset; 1846 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 1847 verify_error(new_offset, "Expecting new instruction"); 1848 return; 1849 } 1850 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 1851 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this)); 1852 1853 // The method must be an <init> method of the indicated class 1854 VerificationType new_class_type = cp_index_to_type( 1855 new_class_index, cp, CHECK_VERIFY(this)); 1856 if (!new_class_type.equals(ref_class_type)) { 1857 verify_error(bci, "Call to wrong <init> method"); 1858 return; 1859 } 1860 // According to the VM spec, if the referent class is a superclass of the 1861 // current class, and is in a different runtime package, and the method is 1862 // protected, then the objectref must be the current class or a subclass 1863 // of the current class. 1864 VerificationType objectref_type = new_class_type; 1865 if (name_in_supers(ref_class_type.name(), current_class())) { 1866 klassOop ref_klass = load_class( 1867 ref_class_type.name(), CHECK_VERIFY(this)); 1868 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method( 1869 vmSymbols::object_initializer_name(), 1870 cp->signature_ref_at(bcs->get_index_big())); 1871 instanceKlassHandle mh(THREAD, m->method_holder()); 1872 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 1873 bool assignable = current_type().is_assignable_from( 1874 objectref_type, current_class(), CHECK_VERIFY(this)); 1875 if (!assignable) { 1876 verify_error(bci, "Bad access to protected <init> method"); 1877 return; 1878 } 1879 } 1880 } 1881 current_frame->initialize_object(type, new_class_type); 1882 } else { 1883 verify_error(bci, "Bad operand type when invoking <init>"); 1884 return; 1885 } 1886 } 1887 1888 void ClassVerifier::verify_invoke_instructions( 1889 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 1890 bool *this_uninit, VerificationType return_type, 1891 constantPoolHandle cp, TRAPS) { 1892 // Make sure the constant pool item is the right type 1893 u2 index = bcs->get_index_big(); 1894 Bytecodes::Code opcode = bcs->code(); 1895 unsigned int types = (opcode == Bytecodes::_invokeinterface 1896 ? 1 << JVM_CONSTANT_InterfaceMethodref 1897 : 1 << JVM_CONSTANT_Methodref); 1898 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1899 1900 // Get method name and signature 1901 symbolHandle method_name(THREAD, cp->name_ref_at(index)); 1902 symbolHandle method_sig(THREAD, cp->signature_ref_at(index)); 1903 1904 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 1905 class_format_error( 1906 "Invalid method signature in class %s referenced " 1907 "from constant pool index %d", _klass->external_name(), index); 1908 return; 1909 } 1910 1911 // Get referenced class type 1912 VerificationType ref_class_type = cp_ref_index_to_type( 1913 index, cp, CHECK_VERIFY(this)); 1914 1915 // For a small signature length, we just allocate 128 bytes instead 1916 // of parsing the signature once to find its size. 1917 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 1918 // longs/doubles to be consertive. 1919 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1920 "buffer type must match VerificationType size"); 1921 uintptr_t on_stack_sig_types_buffer[128]; 1922 // If we make a VerificationType[128] array directly, the compiler calls 1923 // to the c-runtime library to do the allocation instead of just 1924 // stack allocating it. Plus it would run constructors. This shows up 1925 // in performance profiles. 1926 1927 VerificationType* sig_types; 1928 int size = (method_sig->utf8_length() - 3) * 2; 1929 if (size > 128) { 1930 // Long and double occupies two slots here. 1931 ArgumentSizeComputer size_it(method_sig); 1932 size = size_it.size(); 1933 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 1934 } else{ 1935 sig_types = (VerificationType*)on_stack_sig_types_buffer; 1936 } 1937 SignatureStream sig_stream(method_sig); 1938 int sig_i = 0; 1939 while (!sig_stream.at_return_type()) { 1940 sig_i += change_sig_to_verificationType( 1941 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 1942 sig_stream.next(); 1943 } 1944 int nargs = sig_i; 1945 1946 #ifdef ASSERT 1947 { 1948 ArgumentSizeComputer size_it(method_sig); 1949 assert(nargs == size_it.size(), "Argument sizes do not match"); 1950 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 1951 } 1952 #endif 1953 1954 // Check instruction operands 1955 u2 bci = bcs->bci(); 1956 if (opcode == Bytecodes::_invokeinterface) { 1957 address bcp = bcs->bcp(); 1958 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 1959 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 1960 // the difference between the size of the operand stack before and after the instruction 1961 // executes. 1962 if (*(bcp+3) != (nargs+1)) { 1963 verify_error(bci, "Inconsistent args count operand in invokeinterface"); 1964 return; 1965 } 1966 if (*(bcp+4) != 0) { 1967 verify_error(bci, "Fourth operand byte of invokeinterface must be zero"); 1968 return; 1969 } 1970 } 1971 1972 if (method_name->byte_at(0) == '<') { 1973 // Make sure <init> can only be invoked by invokespecial 1974 if (opcode != Bytecodes::_invokespecial || 1975 method_name() != vmSymbols::object_initializer_name()) { 1976 verify_error(bci, "Illegal call to internal method"); 1977 return; 1978 } 1979 } else if (opcode == Bytecodes::_invokespecial 1980 && !ref_class_type.equals(current_type()) 1981 && !ref_class_type.equals(VerificationType::reference_type( 1982 current_class()->super()->klass_part()->name()))) { 1983 bool subtype = ref_class_type.is_assignable_from( 1984 current_type(), current_class(), CHECK_VERIFY(this)); 1985 if (!subtype) { 1986 verify_error(bci, "Bad invokespecial instruction: " 1987 "current class isn't assignable to reference class."); 1988 return; 1989 } 1990 } 1991 // Match method descriptor with operand stack 1992 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 1993 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 1994 } 1995 // Check objectref on operand stack 1996 if (opcode != Bytecodes::_invokestatic) { 1997 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method 1998 verify_invoke_init(bcs, ref_class_type, current_frame, 1999 code_length, this_uninit, cp, CHECK_VERIFY(this)); 2000 } else { // other methods 2001 // Ensures that target class is assignable to method class. 2002 if (opcode == Bytecodes::_invokespecial) { 2003 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2004 } else if (opcode == Bytecodes::_invokevirtual) { 2005 VerificationType stack_object_type = 2006 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2007 if (current_type() != stack_object_type) { 2008 assert(cp->cache() == NULL, "not rewritten yet"); 2009 symbolHandle ref_class_name = symbolHandle(THREAD, 2010 cp->klass_name_at(cp->klass_ref_index_at(index))); 2011 // See the comments in verify_field_instructions() for 2012 // the rationale behind this. 2013 if (name_in_supers(ref_class_name(), current_class())) { 2014 klassOop ref_class = load_class(ref_class_name, CHECK); 2015 if (is_protected_access( 2016 _klass, ref_class, method_name(), method_sig(), true)) { 2017 // It's protected access, check if stack object is 2018 // assignable to current class. 2019 bool is_assignable = current_type().is_assignable_from( 2020 stack_object_type, current_class(), CHECK_VERIFY(this)); 2021 if (!is_assignable) { 2022 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2023 && stack_object_type.is_array() 2024 && method_name() == vmSymbols::clone_name()) { 2025 // Special case: arrays pretend to implement public Object 2026 // clone(). 2027 } else { 2028 verify_error(bci, 2029 "Bad access to protected data in invokevirtual"); 2030 return; 2031 } 2032 } 2033 } 2034 } 2035 } 2036 } else { 2037 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2038 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2039 } 2040 } 2041 } 2042 // Push the result type. 2043 if (sig_stream.type() != T_VOID) { 2044 if (method_name() == vmSymbols::object_initializer_name()) { 2045 // <init> method must have a void return type 2046 verify_error(bci, "Return type must be void in <init> method"); 2047 return; 2048 } 2049 VerificationType return_type[2]; 2050 int n = change_sig_to_verificationType( 2051 &sig_stream, return_type, CHECK_VERIFY(this)); 2052 for (int i = 0; i < n; i++) { 2053 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2054 } 2055 } 2056 } 2057 2058 VerificationType ClassVerifier::get_newarray_type( 2059 u2 index, u2 bci, TRAPS) { 2060 const char* from_bt[] = { 2061 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2062 }; 2063 if (index < T_BOOLEAN || index > T_LONG) { 2064 verify_error(bci, "Illegal newarray instruction"); 2065 return VerificationType::bogus_type(); 2066 } 2067 2068 // from_bt[index] contains the array signature which has a length of 2 2069 symbolHandle sig = oopFactory::new_symbol_handle( 2070 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2071 return VerificationType::reference_type(sig); 2072 } 2073 2074 void ClassVerifier::verify_anewarray( 2075 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) { 2076 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 2077 current_frame->pop_stack( 2078 VerificationType::integer_type(), CHECK_VERIFY(this)); 2079 2080 VerificationType component_type = 2081 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2082 ResourceMark rm(THREAD); 2083 int length; 2084 char* arr_sig_str; 2085 if (component_type.is_array()) { // it's an array 2086 const char* component_name = component_type.name()->as_utf8(); 2087 // add one dimension to component 2088 length = (int)strlen(component_name) + 1; 2089 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2090 arr_sig_str[0] = '['; 2091 strncpy(&arr_sig_str[1], component_name, length - 1); 2092 } else { // it's an object or interface 2093 const char* component_name = component_type.name()->as_utf8(); 2094 // add one dimension to component with 'L' prepended and ';' postpended. 2095 length = (int)strlen(component_name) + 3; 2096 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2097 arr_sig_str[0] = '['; 2098 arr_sig_str[1] = 'L'; 2099 strncpy(&arr_sig_str[2], component_name, length - 2); 2100 arr_sig_str[length - 1] = ';'; 2101 } 2102 symbolHandle arr_sig = oopFactory::new_symbol_handle( 2103 arr_sig_str, length, CHECK_VERIFY(this)); 2104 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2105 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2106 } 2107 2108 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2109 current_frame->get_local( 2110 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2111 current_frame->push_stack( 2112 VerificationType::integer_type(), CHECK_VERIFY(this)); 2113 } 2114 2115 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2116 current_frame->get_local_2( 2117 index, VerificationType::long_type(), 2118 VerificationType::long2_type(), CHECK_VERIFY(this)); 2119 current_frame->push_stack_2( 2120 VerificationType::long_type(), 2121 VerificationType::long2_type(), CHECK_VERIFY(this)); 2122 } 2123 2124 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2125 current_frame->get_local( 2126 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2127 current_frame->push_stack( 2128 VerificationType::float_type(), CHECK_VERIFY(this)); 2129 } 2130 2131 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2132 current_frame->get_local_2( 2133 index, VerificationType::double_type(), 2134 VerificationType::double2_type(), CHECK_VERIFY(this)); 2135 current_frame->push_stack_2( 2136 VerificationType::double_type(), 2137 VerificationType::double2_type(), CHECK_VERIFY(this)); 2138 } 2139 2140 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2141 VerificationType type = current_frame->get_local( 2142 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2143 current_frame->push_stack(type, CHECK_VERIFY(this)); 2144 } 2145 2146 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2147 current_frame->pop_stack( 2148 VerificationType::integer_type(), CHECK_VERIFY(this)); 2149 current_frame->set_local( 2150 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2151 } 2152 2153 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2154 current_frame->pop_stack_2( 2155 VerificationType::long2_type(), 2156 VerificationType::long_type(), CHECK_VERIFY(this)); 2157 current_frame->set_local_2( 2158 index, VerificationType::long_type(), 2159 VerificationType::long2_type(), CHECK_VERIFY(this)); 2160 } 2161 2162 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2163 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2164 current_frame->set_local( 2165 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2166 } 2167 2168 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2169 current_frame->pop_stack_2( 2170 VerificationType::double2_type(), 2171 VerificationType::double_type(), CHECK_VERIFY(this)); 2172 current_frame->set_local_2( 2173 index, VerificationType::double_type(), 2174 VerificationType::double2_type(), CHECK_VERIFY(this)); 2175 } 2176 2177 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2178 VerificationType type = current_frame->pop_stack( 2179 VerificationType::reference_check(), CHECK_VERIFY(this)); 2180 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2181 } 2182 2183 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2184 VerificationType type = current_frame->get_local( 2185 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2186 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2187 } 2188 2189 void ClassVerifier::verify_return_value( 2190 VerificationType return_type, VerificationType type, u2 bci, TRAPS) { 2191 if (return_type == VerificationType::bogus_type()) { 2192 verify_error(bci, "Method expects a return value"); 2193 return; 2194 } 2195 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this)); 2196 if (!match) { 2197 verify_error(bci, "Bad return type"); 2198 return; 2199 } 2200 }