1 /*
2 * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/systemDictionary.hpp"
30 #include "classfile/verifier.hpp"
31 #include "classfile/vmSymbols.hpp"
32 #include "interpreter/bytecodeStream.hpp"
33 #include "memory/oopFactory.hpp"
34 #include "memory/resourceArea.hpp"
35 #include "oops/instanceKlass.hpp"
36 #include "oops/oop.inline.hpp"
37 #include "oops/typeArrayOop.hpp"
38 #include "prims/jvm.h"
39 #include "runtime/fieldDescriptor.hpp"
40 #include "runtime/handles.inline.hpp"
41 #include "runtime/interfaceSupport.hpp"
42 #include "runtime/javaCalls.hpp"
43 #include "runtime/orderAccess.hpp"
44 #include "runtime/os.hpp"
45 #ifdef TARGET_ARCH_x86
46 # include "bytes_x86.hpp"
47 #endif
48 #ifdef TARGET_ARCH_sparc
49 # include "bytes_sparc.hpp"
50 #endif
51 #ifdef TARGET_ARCH_zero
93 BytecodeVerificationLocal : BytecodeVerificationRemote;
94 }
95
96 bool Verifier::relax_verify_for(oop loader) {
97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
98 bool need_verify =
99 // verifyAll
100 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
101 // verifyRemote
102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
103 return !need_verify;
104 }
105
106 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
107 HandleMark hm;
108 ResourceMark rm(THREAD);
109
110 Symbol* exception_name = NULL;
111 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
112 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
113
114 const char* klassName = klass->external_name();
115
116 // If the class should be verified, first see if we can use the split
117 // verifier. If not, or if verification fails and FailOverToOldVerifier
118 // is set, then call the inference verifier.
119 if (is_eligible_for_verification(klass, should_verify_class)) {
120 if (TraceClassInitialization) {
121 tty->print_cr("Start class verification for: %s", klassName);
122 }
123 if (UseSplitVerifier &&
124 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
125 ClassVerifier split_verifier(
126 klass, message_buffer, message_buffer_len, THREAD);
127 split_verifier.verify_class(THREAD);
128 exception_name = split_verifier.result();
129 if (klass->major_version() < NOFAILOVER_MAJOR_VERSION &&
130 FailOverToOldVerifier && !HAS_PENDING_EXCEPTION &&
131 (exception_name == vmSymbols::java_lang_VerifyError() ||
132 exception_name == vmSymbols::java_lang_ClassFormatError())) {
133 if (TraceClassInitialization) {
134 tty->print_cr(
135 "Fail over class verification to old verifier for: %s", klassName);
136 }
137 exception_name = inference_verify(
138 klass, message_buffer, message_buffer_len, THREAD);
139 }
140 } else {
141 exception_name = inference_verify(
142 klass, message_buffer, message_buffer_len, THREAD);
143 }
144
145 if (TraceClassInitialization) {
146 if (HAS_PENDING_EXCEPTION) {
147 tty->print("Verification for %s has", klassName);
148 tty->print_cr(" exception pending %s ",
149 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
150 } else if (exception_name != NULL) {
151 tty->print_cr("Verification for %s failed", klassName);
152 }
153 tty->print_cr("End class verification for: %s", klassName);
154 }
155 }
156
157 if (HAS_PENDING_EXCEPTION) {
158 return false; // use the existing exception
159 } else if (exception_name == NULL) {
160 return true; // verifcation succeeded
161 } else { // VerifyError or ClassFormatError to be created and thrown
162 ResourceMark rm(THREAD);
163 instanceKlassHandle kls =
164 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
165 while (!kls.is_null()) {
166 if (kls == klass) {
167 // If the class being verified is the exception we're creating
168 // or one of it's superclasses, we're in trouble and are going
169 // to infinitely recurse when we try to initialize the exception.
170 // So bail out here by throwing the preallocated VM error.
171 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
172 }
173 kls = kls->super();
174 }
175 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
176 THROW_MSG_(exception_name, message_buffer, false);
177 }
178 }
179
180 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
181 Symbol* name = klass->name();
182 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
183
184 return (should_verify_for(klass->class_loader(), should_verify_class) &&
185 // return if the class is a bootstrapping class
186 // or defineClass specified not to verify by default (flags override passed arg)
187 // We need to skip the following four for bootstraping
188 name != vmSymbols::java_lang_Object() &&
189 name != vmSymbols::java_lang_Class() &&
190 name != vmSymbols::java_lang_String() &&
191 name != vmSymbols::java_lang_Throwable() &&
192
193 // Can not verify the bytecodes for shared classes because they have
194 // already been rewritten to contain constant pool cache indices,
195 // which the verifier can't understand.
196 // Shared classes shouldn't have stackmaps either.
204 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
205 (refl_magic_klass == NULL ||
206 !klass->is_subtype_of(refl_magic_klass) ||
207 VerifyReflectionBytecodes)
208 );
209 }
210
211 Symbol* Verifier::inference_verify(
212 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
213 JavaThread* thread = (JavaThread*)THREAD;
214 JNIEnv *env = thread->jni_environment();
215
216 void* verify_func = verify_byte_codes_fn();
217
218 if (verify_func == NULL) {
219 jio_snprintf(message, message_len, "Could not link verifier");
220 return vmSymbols::java_lang_VerifyError();
221 }
222
223 ResourceMark rm(THREAD);
224 if (ClassVerifier::_verify_verbose) {
225 tty->print_cr("Verifying class %s with old format", klass->external_name());
226 }
227
228 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
229 jint result;
230
231 {
232 HandleMark hm(thread);
233 ThreadToNativeFromVM ttn(thread);
234 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
235 // code knows that we have left the VM
236
237 if (_is_new_verify_byte_codes_fn) {
238 verify_byte_codes_fn_new_t func =
239 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
240 result = (*func)(env, cls, message, (int)message_len,
241 klass->major_version());
242 } else {
243 verify_byte_codes_fn_t func =
244 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
248
249 JNIHandles::destroy_local(cls);
250
251 // These numbers are chosen so that VerifyClassCodes interface doesn't need
252 // to be changed (still return jboolean (unsigned char)), and result is
253 // 1 when verification is passed.
254 if (result == 0) {
255 return vmSymbols::java_lang_VerifyError();
256 } else if (result == 1) {
257 return NULL; // verified.
258 } else if (result == 2) {
259 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
260 } else if (result == 3) {
261 return vmSymbols::java_lang_ClassFormatError();
262 } else {
263 ShouldNotReachHere();
264 return NULL;
265 }
266 }
267
268 // Methods in ClassVerifier
269
270 bool ClassVerifier::_verify_verbose = false;
271
272 ClassVerifier::ClassVerifier(
273 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS)
274 : _thread(THREAD), _exception_type(NULL), _message(msg),
275 _message_buffer_len(msg_len), _klass(klass) {
276 _this_type = VerificationType::reference_type(klass->name());
277 // Create list to hold symbols in reference area.
278 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
279 }
280
281 ClassVerifier::~ClassVerifier() {
282 // Decrement the reference count for any symbols created.
283 for (int i = 0; i < _symbols->length(); i++) {
284 Symbol* s = _symbols->at(i);
285 s->decrement_refcount();
286 }
287 }
288
289 VerificationType ClassVerifier::object_type() const {
290 return VerificationType::reference_type(vmSymbols::java_lang_Object());
291 }
292
293 void ClassVerifier::verify_class(TRAPS) {
294 if (_verify_verbose) {
295 tty->print_cr("Verifying class %s with new format",
296 _klass->external_name());
297 }
298
299 objArrayHandle methods(THREAD, _klass->methods());
300 int num_methods = methods->length();
301
302 for (int index = 0; index < num_methods; index++) {
303 // Check for recursive re-verification before each method.
304 if (was_recursively_verified()) return;
305
306 methodOop m = (methodOop)methods->obj_at(index);
307 if (m->is_native() || m->is_abstract()) {
308 // If m is native or abstract, skip it. It is checked in class file
309 // parser that methods do not override a final method.
310 continue;
311 }
312 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
313 }
314
315 if (_verify_verbose || TraceClassInitialization) {
316 if (was_recursively_verified())
317 tty->print_cr("Recursive verification detected for: %s",
318 _klass->external_name());
319 }
320 }
321
322 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
323 _method = m; // initialize _method
324 if (_verify_verbose) {
325 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
326 }
327
328 const char* bad_type_msg = "Bad type on operand stack in %s";
329
330 int32_t max_stack = m->max_stack();
331 int32_t max_locals = m->max_locals();
332 constantPoolHandle cp(THREAD, m->constants());
333
334 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
335 class_format_error("Invalid method signature");
336 return;
337 }
338
339 // Initial stack map frame: offset is 0, stack is initially empty.
340 StackMapFrame current_frame(max_locals, max_stack, this);
341 // Set initial locals
342 VerificationType return_type = current_frame.set_locals_from_arg(
343 m, current_type(), CHECK_VERIFY(this));
344
351
352 int ex_min = code_length;
353 int ex_max = -1;
354 // Look through each item on the exception table. Each of the fields must refer
355 // to a legal instruction.
356 verify_exception_handler_table(
357 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
358
359 // Look through each entry on the local variable table and make sure
360 // its range of code array offsets is valid. (4169817)
361 if (m->has_localvariable_table()) {
362 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
363 }
364
365 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
366 StackMapStream stream(stackmap_data);
367 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
368 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
369 code_data, code_length, CHECK_VERIFY(this));
370
371 if (_verify_verbose) {
372 stackmap_table.print();
373 }
374
375 RawBytecodeStream bcs(m);
376
377 // Scan the byte code linearly from the start to the end
378 bool no_control_flow = false; // Set to true when there is no direct control
379 // flow from current instruction to the next
380 // instruction in sequence
381
382 Bytecodes::Code opcode;
383 while (!bcs.is_last_bytecode()) {
384 // Check for recursive re-verification before each bytecode.
385 if (was_recursively_verified()) return;
386
387 opcode = bcs.raw_next();
388 u2 bci = bcs.bci();
389
390 // Set current frame's offset to bci
391 current_frame.set_offset(bci);
392
393 // Make sure every offset in stackmap table point to the beginning to
394 // an instruction. Match current_frame to stackmap_table entry with
395 // the same offset if exists.
396 stackmap_index = verify_stackmap_table(
397 stackmap_index, bci, ¤t_frame, &stackmap_table,
398 no_control_flow, CHECK_VERIFY(this));
399
400 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
401
402 // Merge with the next instruction
403 {
404 u2 index;
405 int target;
406 VerificationType type, type2;
407 VerificationType atype;
408
409 #ifndef PRODUCT
410 if (_verify_verbose) {
411 current_frame.print();
412 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
413 }
414 #endif
415
416 // Make sure wide instruction is in correct format
417 if (bcs.is_wide()) {
418 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
419 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
420 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
421 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
422 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
423 opcode != Bytecodes::_dstore) {
424 verify_error(bci, "Bad wide instruction");
425 return;
426 }
427 }
428
429 switch (opcode) {
430 case Bytecodes::_nop :
431 no_control_flow = false; break;
432 case Bytecodes::_aconst_null :
433 current_frame.push_stack(
434 VerificationType::null_type(), CHECK_VERIFY(this));
435 no_control_flow = false; break;
436 case Bytecodes::_iconst_m1 :
437 case Bytecodes::_iconst_0 :
438 case Bytecodes::_iconst_1 :
439 case Bytecodes::_iconst_2 :
440 case Bytecodes::_iconst_3 :
441 case Bytecodes::_iconst_4 :
442 case Bytecodes::_iconst_5 :
443 current_frame.push_stack(
444 VerificationType::integer_type(), CHECK_VERIFY(this));
516 case Bytecodes::_dload_3 :
517 index = opcode - Bytecodes::_dload_0;
518 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
519 no_control_flow = false; break;
520 case Bytecodes::_aload :
521 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
522 no_control_flow = false; break;
523 case Bytecodes::_aload_0 :
524 case Bytecodes::_aload_1 :
525 case Bytecodes::_aload_2 :
526 case Bytecodes::_aload_3 :
527 index = opcode - Bytecodes::_aload_0;
528 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
529 no_control_flow = false; break;
530 case Bytecodes::_iaload :
531 type = current_frame.pop_stack(
532 VerificationType::integer_type(), CHECK_VERIFY(this));
533 atype = current_frame.pop_stack(
534 VerificationType::reference_check(), CHECK_VERIFY(this));
535 if (!atype.is_int_array()) {
536 verify_error(bci, bad_type_msg, "iaload");
537 return;
538 }
539 current_frame.push_stack(
540 VerificationType::integer_type(), CHECK_VERIFY(this));
541 no_control_flow = false; break;
542 case Bytecodes::_baload :
543 type = current_frame.pop_stack(
544 VerificationType::integer_type(), CHECK_VERIFY(this));
545 atype = current_frame.pop_stack(
546 VerificationType::reference_check(), CHECK_VERIFY(this));
547 if (!atype.is_bool_array() && !atype.is_byte_array()) {
548 verify_error(bci, bad_type_msg, "baload");
549 return;
550 }
551 current_frame.push_stack(
552 VerificationType::integer_type(), CHECK_VERIFY(this));
553 no_control_flow = false; break;
554 case Bytecodes::_caload :
555 type = current_frame.pop_stack(
556 VerificationType::integer_type(), CHECK_VERIFY(this));
557 atype = current_frame.pop_stack(
558 VerificationType::reference_check(), CHECK_VERIFY(this));
559 if (!atype.is_char_array()) {
560 verify_error(bci, bad_type_msg, "caload");
561 return;
562 }
563 current_frame.push_stack(
564 VerificationType::integer_type(), CHECK_VERIFY(this));
565 no_control_flow = false; break;
566 case Bytecodes::_saload :
567 type = current_frame.pop_stack(
568 VerificationType::integer_type(), CHECK_VERIFY(this));
569 atype = current_frame.pop_stack(
570 VerificationType::reference_check(), CHECK_VERIFY(this));
571 if (!atype.is_short_array()) {
572 verify_error(bci, bad_type_msg, "saload");
573 return;
574 }
575 current_frame.push_stack(
576 VerificationType::integer_type(), CHECK_VERIFY(this));
577 no_control_flow = false; break;
578 case Bytecodes::_laload :
579 type = current_frame.pop_stack(
580 VerificationType::integer_type(), CHECK_VERIFY(this));
581 atype = current_frame.pop_stack(
582 VerificationType::reference_check(), CHECK_VERIFY(this));
583 if (!atype.is_long_array()) {
584 verify_error(bci, bad_type_msg, "laload");
585 return;
586 }
587 current_frame.push_stack_2(
588 VerificationType::long_type(),
589 VerificationType::long2_type(), CHECK_VERIFY(this));
590 no_control_flow = false; break;
591 case Bytecodes::_faload :
592 type = current_frame.pop_stack(
593 VerificationType::integer_type(), CHECK_VERIFY(this));
594 atype = current_frame.pop_stack(
595 VerificationType::reference_check(), CHECK_VERIFY(this));
596 if (!atype.is_float_array()) {
597 verify_error(bci, bad_type_msg, "faload");
598 return;
599 }
600 current_frame.push_stack(
601 VerificationType::float_type(), CHECK_VERIFY(this));
602 no_control_flow = false; break;
603 case Bytecodes::_daload :
604 type = current_frame.pop_stack(
605 VerificationType::integer_type(), CHECK_VERIFY(this));
606 atype = current_frame.pop_stack(
607 VerificationType::reference_check(), CHECK_VERIFY(this));
608 if (!atype.is_double_array()) {
609 verify_error(bci, bad_type_msg, "daload");
610 return;
611 }
612 current_frame.push_stack_2(
613 VerificationType::double_type(),
614 VerificationType::double2_type(), CHECK_VERIFY(this));
615 no_control_flow = false; break;
616 case Bytecodes::_aaload : {
617 type = current_frame.pop_stack(
618 VerificationType::integer_type(), CHECK_VERIFY(this));
619 atype = current_frame.pop_stack(
620 VerificationType::reference_check(), CHECK_VERIFY(this));
621 if (!atype.is_reference_array()) {
622 verify_error(bci, bad_type_msg, "aaload");
623 return;
624 }
625 if (atype.is_null()) {
626 current_frame.push_stack(
627 VerificationType::null_type(), CHECK_VERIFY(this));
628 } else {
629 VerificationType component =
630 atype.get_component(this, CHECK_VERIFY(this));
631 current_frame.push_stack(component, CHECK_VERIFY(this));
632 }
633 no_control_flow = false; break;
634 }
635 case Bytecodes::_istore :
636 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
637 no_control_flow = false; break;
638 case Bytecodes::_istore_0 :
639 case Bytecodes::_istore_1 :
640 case Bytecodes::_istore_2 :
641 case Bytecodes::_istore_3 :
642 index = opcode - Bytecodes::_istore_0;
673 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
674 no_control_flow = false; break;
675 case Bytecodes::_astore :
676 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
677 no_control_flow = false; break;
678 case Bytecodes::_astore_0 :
679 case Bytecodes::_astore_1 :
680 case Bytecodes::_astore_2 :
681 case Bytecodes::_astore_3 :
682 index = opcode - Bytecodes::_astore_0;
683 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
684 no_control_flow = false; break;
685 case Bytecodes::_iastore :
686 type = current_frame.pop_stack(
687 VerificationType::integer_type(), CHECK_VERIFY(this));
688 type2 = current_frame.pop_stack(
689 VerificationType::integer_type(), CHECK_VERIFY(this));
690 atype = current_frame.pop_stack(
691 VerificationType::reference_check(), CHECK_VERIFY(this));
692 if (!atype.is_int_array()) {
693 verify_error(bci, bad_type_msg, "iastore");
694 return;
695 }
696 no_control_flow = false; break;
697 case Bytecodes::_bastore :
698 type = current_frame.pop_stack(
699 VerificationType::integer_type(), CHECK_VERIFY(this));
700 type2 = current_frame.pop_stack(
701 VerificationType::integer_type(), CHECK_VERIFY(this));
702 atype = current_frame.pop_stack(
703 VerificationType::reference_check(), CHECK_VERIFY(this));
704 if (!atype.is_bool_array() && !atype.is_byte_array()) {
705 verify_error(bci, bad_type_msg, "bastore");
706 return;
707 }
708 no_control_flow = false; break;
709 case Bytecodes::_castore :
710 current_frame.pop_stack(
711 VerificationType::integer_type(), CHECK_VERIFY(this));
712 current_frame.pop_stack(
713 VerificationType::integer_type(), CHECK_VERIFY(this));
714 atype = current_frame.pop_stack(
715 VerificationType::reference_check(), CHECK_VERIFY(this));
716 if (!atype.is_char_array()) {
717 verify_error(bci, bad_type_msg, "castore");
718 return;
719 }
720 no_control_flow = false; break;
721 case Bytecodes::_sastore :
722 current_frame.pop_stack(
723 VerificationType::integer_type(), CHECK_VERIFY(this));
724 current_frame.pop_stack(
725 VerificationType::integer_type(), CHECK_VERIFY(this));
726 atype = current_frame.pop_stack(
727 VerificationType::reference_check(), CHECK_VERIFY(this));
728 if (!atype.is_short_array()) {
729 verify_error(bci, bad_type_msg, "sastore");
730 return;
731 }
732 no_control_flow = false; break;
733 case Bytecodes::_lastore :
734 current_frame.pop_stack_2(
735 VerificationType::long2_type(),
736 VerificationType::long_type(), CHECK_VERIFY(this));
737 current_frame.pop_stack(
738 VerificationType::integer_type(), CHECK_VERIFY(this));
739 atype = current_frame.pop_stack(
740 VerificationType::reference_check(), CHECK_VERIFY(this));
741 if (!atype.is_long_array()) {
742 verify_error(bci, bad_type_msg, "lastore");
743 return;
744 }
745 no_control_flow = false; break;
746 case Bytecodes::_fastore :
747 current_frame.pop_stack(
748 VerificationType::float_type(), CHECK_VERIFY(this));
749 current_frame.pop_stack
750 (VerificationType::integer_type(), CHECK_VERIFY(this));
751 atype = current_frame.pop_stack(
752 VerificationType::reference_check(), CHECK_VERIFY(this));
753 if (!atype.is_float_array()) {
754 verify_error(bci, bad_type_msg, "fastore");
755 return;
756 }
757 no_control_flow = false; break;
758 case Bytecodes::_dastore :
759 current_frame.pop_stack_2(
760 VerificationType::double2_type(),
761 VerificationType::double_type(), CHECK_VERIFY(this));
762 current_frame.pop_stack(
763 VerificationType::integer_type(), CHECK_VERIFY(this));
764 atype = current_frame.pop_stack(
765 VerificationType::reference_check(), CHECK_VERIFY(this));
766 if (!atype.is_double_array()) {
767 verify_error(bci, bad_type_msg, "dastore");
768 return;
769 }
770 no_control_flow = false; break;
771 case Bytecodes::_aastore :
772 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
773 type2 = current_frame.pop_stack(
774 VerificationType::integer_type(), CHECK_VERIFY(this));
775 atype = current_frame.pop_stack(
776 VerificationType::reference_check(), CHECK_VERIFY(this));
777 // more type-checking is done at runtime
778 if (!atype.is_reference_array()) {
779 verify_error(bci, bad_type_msg, "aastore");
780 return;
781 }
782 // 4938384: relaxed constraint in JVMS 3nd edition.
783 no_control_flow = false; break;
784 case Bytecodes::_pop :
785 current_frame.pop_stack(
786 VerificationType::category1_check(), CHECK_VERIFY(this));
787 no_control_flow = false; break;
788 case Bytecodes::_pop2 :
789 type = current_frame.pop_stack(CHECK_VERIFY(this));
790 if (type.is_category1()) {
791 current_frame.pop_stack(
792 VerificationType::category1_check(), CHECK_VERIFY(this));
793 } else if (type.is_category2_2nd()) {
794 current_frame.pop_stack(
795 VerificationType::category2_check(), CHECK_VERIFY(this));
796 } else {
797 verify_error(bci, bad_type_msg, "pop2");
798 return;
799 }
800 no_control_flow = false; break;
801 case Bytecodes::_dup :
802 type = current_frame.pop_stack(
803 VerificationType::category1_check(), CHECK_VERIFY(this));
804 current_frame.push_stack(type, CHECK_VERIFY(this));
805 current_frame.push_stack(type, CHECK_VERIFY(this));
806 no_control_flow = false; break;
807 case Bytecodes::_dup_x1 :
808 type = current_frame.pop_stack(
809 VerificationType::category1_check(), CHECK_VERIFY(this));
810 type2 = current_frame.pop_stack(
811 VerificationType::category1_check(), CHECK_VERIFY(this));
812 current_frame.push_stack(type, CHECK_VERIFY(this));
813 current_frame.push_stack(type2, CHECK_VERIFY(this));
814 current_frame.push_stack(type, CHECK_VERIFY(this));
815 no_control_flow = false; break;
816 case Bytecodes::_dup_x2 :
817 {
818 VerificationType type3;
819 type = current_frame.pop_stack(
820 VerificationType::category1_check(), CHECK_VERIFY(this));
821 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
822 if (type2.is_category1()) {
823 type3 = current_frame.pop_stack(
824 VerificationType::category1_check(), CHECK_VERIFY(this));
825 } else if (type2.is_category2_2nd()) {
826 type3 = current_frame.pop_stack(
827 VerificationType::category2_check(), CHECK_VERIFY(this));
828 } else {
829 verify_error(bci, bad_type_msg, "dup_x2");
830 return;
831 }
832 current_frame.push_stack(type, CHECK_VERIFY(this));
833 current_frame.push_stack(type3, CHECK_VERIFY(this));
834 current_frame.push_stack(type2, CHECK_VERIFY(this));
835 current_frame.push_stack(type, CHECK_VERIFY(this));
836 no_control_flow = false; break;
837 }
838 case Bytecodes::_dup2 :
839 type = current_frame.pop_stack(CHECK_VERIFY(this));
840 if (type.is_category1()) {
841 type2 = current_frame.pop_stack(
842 VerificationType::category1_check(), CHECK_VERIFY(this));
843 } else if (type.is_category2_2nd()) {
844 type2 = current_frame.pop_stack(
845 VerificationType::category2_check(), CHECK_VERIFY(this));
846 } else {
847 verify_error(bci, bad_type_msg, "dup2");
848 return;
849 }
850 current_frame.push_stack(type2, CHECK_VERIFY(this));
851 current_frame.push_stack(type, CHECK_VERIFY(this));
852 current_frame.push_stack(type2, CHECK_VERIFY(this));
853 current_frame.push_stack(type, CHECK_VERIFY(this));
854 no_control_flow = false; break;
855 case Bytecodes::_dup2_x1 :
856 {
857 VerificationType type3;
858 type = current_frame.pop_stack(CHECK_VERIFY(this));
859 if (type.is_category1()) {
860 type2 = current_frame.pop_stack(
861 VerificationType::category1_check(), CHECK_VERIFY(this));
862 } else if(type.is_category2_2nd()) {
863 type2 = current_frame.pop_stack
864 (VerificationType::category2_check(), CHECK_VERIFY(this));
865 } else {
866 verify_error(bci, bad_type_msg, "dup2_x1");
867 return;
868 }
869 type3 = current_frame.pop_stack(
870 VerificationType::category1_check(), CHECK_VERIFY(this));
871 current_frame.push_stack(type2, CHECK_VERIFY(this));
872 current_frame.push_stack(type, CHECK_VERIFY(this));
873 current_frame.push_stack(type3, CHECK_VERIFY(this));
874 current_frame.push_stack(type2, CHECK_VERIFY(this));
875 current_frame.push_stack(type, CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 }
878 case Bytecodes::_dup2_x2 :
879 {
880 VerificationType type3, type4;
881 type = current_frame.pop_stack(CHECK_VERIFY(this));
882 if (type.is_category1()) {
883 type2 = current_frame.pop_stack(
884 VerificationType::category1_check(), CHECK_VERIFY(this));
885 } else if (type.is_category2_2nd()) {
886 type2 = current_frame.pop_stack(
887 VerificationType::category2_check(), CHECK_VERIFY(this));
888 } else {
889 verify_error(bci, bad_type_msg, "dup2_x2");
890 return;
891 }
892 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
893 if (type3.is_category1()) {
894 type4 = current_frame.pop_stack(
895 VerificationType::category1_check(), CHECK_VERIFY(this));
896 } else if (type3.is_category2_2nd()) {
897 type4 = current_frame.pop_stack(
898 VerificationType::category2_check(), CHECK_VERIFY(this));
899 } else {
900 verify_error(bci, bad_type_msg, "dup2_x2");
901 return;
902 }
903 current_frame.push_stack(type2, CHECK_VERIFY(this));
904 current_frame.push_stack(type, CHECK_VERIFY(this));
905 current_frame.push_stack(type4, CHECK_VERIFY(this));
906 current_frame.push_stack(type3, CHECK_VERIFY(this));
907 current_frame.push_stack(type2, CHECK_VERIFY(this));
908 current_frame.push_stack(type, CHECK_VERIFY(this));
909 no_control_flow = false; break;
910 }
911 case Bytecodes::_swap :
912 type = current_frame.pop_stack(
913 VerificationType::category1_check(), CHECK_VERIFY(this));
914 type2 = current_frame.pop_stack(
915 VerificationType::category1_check(), CHECK_VERIFY(this));
916 current_frame.push_stack(type, CHECK_VERIFY(this));
917 current_frame.push_stack(type2, CHECK_VERIFY(this));
918 no_control_flow = false; break;
919 case Bytecodes::_iadd :
920 case Bytecodes::_isub :
1160 no_control_flow = false; break;
1161 case Bytecodes::_goto :
1162 target = bcs.dest();
1163 stackmap_table.check_jump_target(
1164 ¤t_frame, target, CHECK_VERIFY(this));
1165 no_control_flow = true; break;
1166 case Bytecodes::_goto_w :
1167 target = bcs.dest_w();
1168 stackmap_table.check_jump_target(
1169 ¤t_frame, target, CHECK_VERIFY(this));
1170 no_control_flow = true; break;
1171 case Bytecodes::_tableswitch :
1172 case Bytecodes::_lookupswitch :
1173 verify_switch(
1174 &bcs, code_length, code_data, ¤t_frame,
1175 &stackmap_table, CHECK_VERIFY(this));
1176 no_control_flow = true; break;
1177 case Bytecodes::_ireturn :
1178 type = current_frame.pop_stack(
1179 VerificationType::integer_type(), CHECK_VERIFY(this));
1180 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1181 no_control_flow = true; break;
1182 case Bytecodes::_lreturn :
1183 type2 = current_frame.pop_stack(
1184 VerificationType::long2_type(), CHECK_VERIFY(this));
1185 type = current_frame.pop_stack(
1186 VerificationType::long_type(), CHECK_VERIFY(this));
1187 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1188 no_control_flow = true; break;
1189 case Bytecodes::_freturn :
1190 type = current_frame.pop_stack(
1191 VerificationType::float_type(), CHECK_VERIFY(this));
1192 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1193 no_control_flow = true; break;
1194 case Bytecodes::_dreturn :
1195 type2 = current_frame.pop_stack(
1196 VerificationType::double2_type(), CHECK_VERIFY(this));
1197 type = current_frame.pop_stack(
1198 VerificationType::double_type(), CHECK_VERIFY(this));
1199 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1200 no_control_flow = true; break;
1201 case Bytecodes::_areturn :
1202 type = current_frame.pop_stack(
1203 VerificationType::reference_check(), CHECK_VERIFY(this));
1204 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1205 no_control_flow = true; break;
1206 case Bytecodes::_return :
1207 if (return_type != VerificationType::bogus_type()) {
1208 verify_error(bci, "Method expects no return value");
1209 return;
1210 }
1211 // Make sure "this" has been initialized if current method is an
1212 // <init>
1213 if (_method->name() == vmSymbols::object_initializer_name() &&
1214 current_frame.flag_this_uninit()) {
1215 verify_error(bci,
1216 "Constructor must call super() or this() before return");
1217 return;
1218 }
1219 no_control_flow = true; break;
1220 case Bytecodes::_getstatic :
1221 case Bytecodes::_putstatic :
1222 case Bytecodes::_getfield :
1223 case Bytecodes::_putfield :
1224 verify_field_instructions(
1225 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1226 no_control_flow = false; break;
1227 case Bytecodes::_invokevirtual :
1228 case Bytecodes::_invokespecial :
1229 case Bytecodes::_invokestatic :
1230 verify_invoke_instructions(
1231 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1232 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1233 no_control_flow = false; break;
1234 case Bytecodes::_invokeinterface :
1235 case Bytecodes::_invokedynamic :
1236 verify_invoke_instructions(
1237 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1238 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1239 no_control_flow = false; break;
1240 case Bytecodes::_new :
1241 {
1242 index = bcs.get_index_u2();
1243 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1244 VerificationType new_class_type =
1245 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1246 if (!new_class_type.is_object()) {
1247 verify_error(bci, "Illegal new instruction");
1248 return;
1249 }
1250 type = VerificationType::uninitialized_type(bci);
1251 current_frame.push_stack(type, CHECK_VERIFY(this));
1252 no_control_flow = false; break;
1253 }
1254 case Bytecodes::_newarray :
1255 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1256 current_frame.pop_stack(
1257 VerificationType::integer_type(), CHECK_VERIFY(this));
1258 current_frame.push_stack(type, CHECK_VERIFY(this));
1259 no_control_flow = false; break;
1260 case Bytecodes::_anewarray :
1261 verify_anewarray(
1262 bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1263 no_control_flow = false; break;
1264 case Bytecodes::_arraylength :
1265 type = current_frame.pop_stack(
1266 VerificationType::reference_check(), CHECK_VERIFY(this));
1267 if (!(type.is_null() || type.is_array())) {
1268 verify_error(bci, bad_type_msg, "arraylength");
1269 }
1270 current_frame.push_stack(
1271 VerificationType::integer_type(), CHECK_VERIFY(this));
1272 no_control_flow = false; break;
1273 case Bytecodes::_checkcast :
1274 {
1275 index = bcs.get_index_u2();
1276 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1277 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1278 VerificationType klass_type = cp_index_to_type(
1279 index, cp, CHECK_VERIFY(this));
1280 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1281 no_control_flow = false; break;
1282 }
1283 case Bytecodes::_instanceof : {
1284 index = bcs.get_index_u2();
1285 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1286 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1287 current_frame.push_stack(
1288 VerificationType::integer_type(), CHECK_VERIFY(this));
1289 no_control_flow = false; break;
1290 }
1291 case Bytecodes::_monitorenter :
1292 case Bytecodes::_monitorexit :
1293 current_frame.pop_stack(
1294 VerificationType::reference_check(), CHECK_VERIFY(this));
1295 no_control_flow = false; break;
1296 case Bytecodes::_multianewarray :
1297 {
1298 index = bcs.get_index_u2();
1299 u2 dim = *(bcs.bcp()+3);
1300 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1301 VerificationType new_array_type =
1302 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1303 if (!new_array_type.is_array()) {
1304 verify_error(bci,
1305 "Illegal constant pool index in multianewarray instruction");
1306 return;
1307 }
1308 if (dim < 1 || new_array_type.dimensions() < dim) {
1309 verify_error(bci,
1310 "Illegal dimension in multianewarray instruction");
1311 return;
1312 }
1313 for (int i = 0; i < dim; i++) {
1314 current_frame.pop_stack(
1315 VerificationType::integer_type(), CHECK_VERIFY(this));
1316 }
1317 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1318 no_control_flow = false; break;
1319 }
1320 case Bytecodes::_athrow :
1321 type = VerificationType::reference_type(
1322 vmSymbols::java_lang_Throwable());
1323 current_frame.pop_stack(type, CHECK_VERIFY(this));
1324 no_control_flow = true; break;
1325 default:
1326 // We only need to check the valid bytecodes in class file.
1327 // And jsr and ret are not in the new class file format in JDK1.5.
1328 verify_error(bci, "Bad instruction");
1329 no_control_flow = false;
1330 return;
1331 } // end switch
1332 } // end Merge with the next instruction
1333
1334 // Look for possible jump target in exception handlers and see if it
1335 // matches current_frame
1336 if (bci >= ex_min && bci < ex_max) {
1337 verify_exception_handler_targets(
1338 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1339 }
1340 } // end while
1341
1342 // Make sure that control flow does not fall through end of the method
1343 if (!no_control_flow) {
1344 verify_error(code_length, "Control flow falls through code end");
1345 return;
1346 }
1347 }
1348
1349 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1350 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1351 memset(code_data, 0, sizeof(char) * code_length);
1352 RawBytecodeStream bcs(m);
1353
1354 while (!bcs.is_last_bytecode()) {
1355 if (bcs.raw_next() != Bytecodes::_illegal) {
1356 int bci = bcs.bci();
1357 if (bcs.raw_code() == Bytecodes::_new) {
1358 code_data[bci] = NEW_OFFSET;
1359 } else {
1360 code_data[bci] = BYTECODE_OFFSET;
1361 }
1362 } else {
1363 verify_error(bcs.bci(), "Bad instruction");
1364 return NULL;
1365 }
1366 }
1367
1368 return code_data;
1369 }
1370
1371 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1372 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1373 constantPoolHandle cp (THREAD, _method->constants());
1374
1375 if (exhandlers() != NULL) {
1376 for(int i = 0; i < exhandlers->length();) {
1377 u2 start_pc = exhandlers->int_at(i++);
1378 u2 end_pc = exhandlers->int_at(i++);
1379 u2 handler_pc = exhandlers->int_at(i++);
1380 if (start_pc >= code_length || code_data[start_pc] == 0) {
1381 class_format_error("Illegal exception table start_pc %d", start_pc);
1382 return;
1383 }
1384 if (end_pc != code_length) { // special case: end_pc == code_length
1385 if (end_pc > code_length || code_data[end_pc] == 0) {
1386 class_format_error("Illegal exception table end_pc %d", end_pc);
1387 return;
1388 }
1389 }
1390 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1391 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1392 return;
1393 }
1394 int catch_type_index = exhandlers->int_at(i++);
1395 if (catch_type_index != 0) {
1396 VerificationType catch_type = cp_index_to_type(
1397 catch_type_index, cp, CHECK_VERIFY(this));
1398 VerificationType throwable =
1399 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1400 bool is_subclass = throwable.is_assignable_from(
1401 catch_type, this, CHECK_VERIFY(this));
1402 if (!is_subclass) {
1403 // 4286534: should throw VerifyError according to recent spec change
1404 verify_error(
1405 "Catch type is not a subclass of Throwable in handler %d",
1406 handler_pc);
1407 return;
1408 }
1409 }
1410 if (start_pc < min) min = start_pc;
1411 if (end_pc > max) max = end_pc;
1412 }
1413 }
1414 }
1415
1416 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1417 int localvariable_table_length = _method()->localvariable_table_length();
1418 if (localvariable_table_length > 0) {
1419 LocalVariableTableElement* table = _method()->localvariable_table_start();
1420 for (int i = 0; i < localvariable_table_length; i++) {
1421 u2 start_bci = table[i].start_bci;
1422 u2 length = table[i].length;
1423
1424 if (start_bci >= code_length || code_data[start_bci] == 0) {
1425 class_format_error(
1426 "Illegal local variable table start_pc %d", start_bci);
1427 return;
1428 }
1429 u4 end_bci = (u4)(start_bci + length);
1430 if (end_bci != code_length) {
1431 if (end_bci >= code_length || code_data[end_bci] == 0) {
1432 class_format_error( "Illegal local variable table length %d", length);
1433 return;
1434 }
1435 }
1436 }
1437 }
1438 }
1439
1440 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1441 StackMapFrame* current_frame,
1442 StackMapTable* stackmap_table,
1443 bool no_control_flow, TRAPS) {
1444 if (stackmap_index < stackmap_table->get_frame_count()) {
1445 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1446 if (no_control_flow && this_offset > bci) {
1447 verify_error(bci, "Expecting a stack map frame");
1448 return 0;
1449 }
1450 if (this_offset == bci) {
1451 // See if current stack map can be assigned to the frame in table.
1452 // current_frame is the stackmap frame got from the last instruction.
1453 // If matched, current_frame will be updated by this method.
1454 bool match = stackmap_table->match_stackmap(
1455 current_frame, this_offset, stackmap_index,
1456 !no_control_flow, true, false, CHECK_VERIFY_(this, 0));
1457 if (!match) {
1458 // report type error
1459 verify_error(bci, "Instruction type does not match stack map");
1460 return 0;
1461 }
1462 stackmap_index++;
1463 } else if (this_offset < bci) {
1464 // current_offset should have met this_offset.
1465 class_format_error("Bad stack map offset %d", this_offset);
1466 return 0;
1467 }
1468 } else if (no_control_flow) {
1469 verify_error(bci, "Expecting a stack map frame");
1470 return 0;
1471 }
1472 return stackmap_index;
1473 }
1474
1475 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1476 StackMapTable* stackmap_table, TRAPS) {
1477 constantPoolHandle cp (THREAD, _method->constants());
1478 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1479 if (exhandlers() != NULL) {
1480 for(int i = 0; i < exhandlers->length();) {
1481 u2 start_pc = exhandlers->int_at(i++);
1482 u2 end_pc = exhandlers->int_at(i++);
1483 u2 handler_pc = exhandlers->int_at(i++);
1484 int catch_type_index = exhandlers->int_at(i++);
1485 if(bci >= start_pc && bci < end_pc) {
1486 u1 flags = current_frame->flags();
1487 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1488 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1489 if (catch_type_index != 0) {
1490 // We know that this index refers to a subclass of Throwable
1491 VerificationType catch_type = cp_index_to_type(
1492 catch_type_index, cp, CHECK_VERIFY(this));
1493 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1494 } else {
1495 VerificationType throwable =
1496 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1497 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1498 }
1499 bool match = stackmap_table->match_stackmap(
1500 new_frame, handler_pc, true, false, true, CHECK_VERIFY(this));
1501 if (!match) {
1502 verify_error(bci,
1503 "Stack map does not match the one at exception handler %d",
1504 handler_pc);
1505 return;
1506 }
1507 }
1508 }
1509 }
1510 }
1511
1512 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) {
1513 int nconstants = cp->length();
1514 if ((index <= 0) || (index >= nconstants)) {
1515 verify_error("Illegal constant pool index %d in class %s",
1516 index, instanceKlass::cast(cp->pool_holder())->external_name());
1517 return;
1518 }
1519 }
1520
1521 void ClassVerifier::verify_cp_type(
1522 int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1523
1524 // In some situations, bytecode rewriting may occur while we're verifying.
1525 // In this case, a constant pool cache exists and some indices refer to that
1526 // instead. Be sure we don't pick up such indices by accident.
1527 // We must check was_recursively_verified() before we get here.
1528 guarantee(cp->cache() == NULL, "not rewritten yet");
1529
1530 verify_cp_index(cp, index, CHECK_VERIFY(this));
1531 unsigned int tag = cp->tag_at(index).value();
1532 if ((types & (1 << tag)) == 0) {
1533 verify_error(
1534 "Illegal type at constant pool entry %d in class %s",
1535 index, instanceKlass::cast(cp->pool_holder())->external_name());
1536 return;
1537 }
1538 }
1539
1540 void ClassVerifier::verify_cp_class_type(
1541 int index, constantPoolHandle cp, TRAPS) {
1542 verify_cp_index(cp, index, CHECK_VERIFY(this));
1543 constantTag tag = cp->tag_at(index);
1544 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1545 verify_error("Illegal type at constant pool entry %d in class %s",
1546 index, instanceKlass::cast(cp->pool_holder())->external_name());
1547 return;
1548 }
1549 }
1550
1551 void ClassVerifier::format_error_message(
1552 const char* fmt, int offset, va_list va) {
1553 ResourceMark rm(_thread);
1554 stringStream message(_message, _message_buffer_len);
1555 message.vprint(fmt, va);
1556 if (!_method.is_null()) {
1557 message.print(" in method %s", _method->name_and_sig_as_C_string());
1558 }
1559 if (offset != -1) {
1560 message.print(" at offset %d", offset);
1561 }
1562 }
1563
1564 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) {
1565 _exception_type = vmSymbols::java_lang_VerifyError();
1566 va_list va;
1567 va_start(va, fmt);
1568 format_error_message(fmt, offset, va);
1569 va_end(va);
1570 }
1571
1572 void ClassVerifier::verify_error(const char* fmt, ...) {
1573 _exception_type = vmSymbols::java_lang_VerifyError();
1574 va_list va;
1575 va_start(va, fmt);
1576 format_error_message(fmt, -1, va);
1577 va_end(va);
1578 }
1579
1580 void ClassVerifier::class_format_error(const char* msg, ...) {
1581 _exception_type = vmSymbols::java_lang_ClassFormatError();
1582 va_list va;
1583 va_start(va, msg);
1584 format_error_message(msg, -1, va);
1585 va_end(va);
1586 }
1587
1588 klassOop ClassVerifier::load_class(Symbol* name, TRAPS) {
1589 // Get current loader and protection domain first.
1590 oop loader = current_class()->class_loader();
1591 oop protection_domain = current_class()->protection_domain();
1592
1593 return SystemDictionary::resolve_or_fail(
1594 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1595 true, CHECK_NULL);
1596 }
1597
1598 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1599 klassOop target_class,
1600 Symbol* field_name,
1601 Symbol* field_sig,
1602 bool is_method) {
1603 No_Safepoint_Verifier nosafepoint;
1604
1605 // If target class isn't a super class of this class, we don't worry about this case
1606 if (!this_class->is_subclass_of(target_class)) {
1607 return false;
1608 }
1609 // Check if the specified method or field is protected
1610 instanceKlass* target_instance = instanceKlass::cast(target_class);
1611 fieldDescriptor fd;
1612 if (is_method) {
1613 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1614 if (m != NULL && m->is_protected()) {
1615 if (!this_class->is_same_class_package(m->method_holder())) {
1616 return true;
1617 }
1618 }
1619 } else {
1620 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1621 if(member_klass != NULL && fd.is_protected()) {
1622 if (!this_class->is_same_class_package(member_klass)) {
1623 return true;
1624 }
1625 }
1626 }
1627 return false;
1628 }
1629
1630 void ClassVerifier::verify_ldc(
1631 int opcode, u2 index, StackMapFrame *current_frame,
1632 constantPoolHandle cp, u2 bci, TRAPS) {
1633 verify_cp_index(cp, index, CHECK_VERIFY(this));
1634 constantTag tag = cp->tag_at(index);
1635 unsigned int types;
1636 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1637 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1638 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1639 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1640 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1641 // Note: The class file parser already verified the legality of
1642 // MethodHandle and MethodType constants.
1643 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1644 }
1645 } else {
1646 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1647 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1648 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1649 }
1650 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1651 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
1652 } else if (tag.is_string() || tag.is_unresolved_string()) {
1653 current_frame->push_stack(
1654 VerificationType::reference_type(
1655 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1656 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1657 current_frame->push_stack(
1658 VerificationType::reference_type(
1659 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1660 } else if (tag.is_int()) {
1661 current_frame->push_stack(
1662 VerificationType::integer_type(), CHECK_VERIFY(this));
1663 } else if (tag.is_float()) {
1664 current_frame->push_stack(
1665 VerificationType::float_type(), CHECK_VERIFY(this));
1666 } else if (tag.is_double()) {
1667 current_frame->push_stack_2(
1668 VerificationType::double_type(),
1669 VerificationType::double2_type(), CHECK_VERIFY(this));
1670 } else if (tag.is_long()) {
1671 current_frame->push_stack_2(
1672 VerificationType::long_type(),
1673 VerificationType::long2_type(), CHECK_VERIFY(this));
1674 } else if (tag.is_method_handle()) {
1675 current_frame->push_stack(
1676 VerificationType::reference_type(
1677 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
1678 } else if (tag.is_method_type()) {
1679 current_frame->push_stack(
1680 VerificationType::reference_type(
1681 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
1682 } else {
1683 verify_error(bci, "Invalid index in ldc");
1684 return;
1685 }
1686 }
1687
1688 void ClassVerifier::verify_switch(
1689 RawBytecodeStream* bcs, u4 code_length, char* code_data,
1690 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
1691 int bci = bcs->bci();
1692 address bcp = bcs->bcp();
1693 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
1694
1695 // 4639449 & 4647081: padding bytes must be 0
1696 u2 padding_offset = 1;
1697 while ((bcp + padding_offset) < aligned_bcp) {
1698 if(*(bcp + padding_offset) != 0) {
1699 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch");
1700 return;
1701 }
1702 padding_offset++;
1703 }
1704 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
1705 int keys, delta;
1706 current_frame->pop_stack(
1707 VerificationType::integer_type(), CHECK_VERIFY(this));
1708 if (bcs->raw_code() == Bytecodes::_tableswitch) {
1709 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
1710 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
1711 if (low > high) {
1712 verify_error(bci,
1713 "low must be less than or equal to high in tableswitch");
1714 return;
1715 }
1716 keys = high - low + 1;
1717 if (keys < 0) {
1718 verify_error(bci, "too many keys in tableswitch");
1719 return;
1720 }
1721 delta = 1;
1722 } else {
1723 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
1724 if (keys < 0) {
1725 verify_error(bci, "number of keys in lookupswitch less than 0");
1726 return;
1727 }
1728 delta = 2;
1729 // Make sure that the lookupswitch items are sorted
1730 for (int i = 0; i < (keys - 1); i++) {
1731 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
1732 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
1733 if (this_key >= next_key) {
1734 verify_error(bci, "Bad lookupswitch instruction");
1735 return;
1736 }
1737 }
1738 }
1739 int target = bci + default_offset;
1740 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
1741 for (int i = 0; i < keys; i++) {
1742 // Because check_jump_target() may safepoint, the bytecode could have
1743 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
1744 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
1745 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
1746 stackmap_table->check_jump_target(
1747 current_frame, target, CHECK_VERIFY(this));
1748 }
1749 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
1750 }
1751
1752 bool ClassVerifier::name_in_supers(
1753 Symbol* ref_name, instanceKlassHandle current) {
1754 klassOop super = current->super();
1755 while (super != NULL) {
1756 if (super->klass_part()->name() == ref_name) {
1757 return true;
1758 }
1759 super = super->klass_part()->super();
1760 }
1761 return false;
1762 }
1763
1764 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
1765 StackMapFrame* current_frame,
1766 constantPoolHandle cp,
1767 TRAPS) {
1768 u2 index = bcs->get_index_u2();
1769 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
1770
1771 // Get field name and signature
1772 Symbol* field_name = cp->name_ref_at(index);
1773 Symbol* field_sig = cp->signature_ref_at(index);
1774
1775 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
1776 class_format_error(
1777 "Invalid signature for field in class %s referenced "
1778 "from constant pool index %d", _klass->external_name(), index);
1779 return;
1780 }
1781
1782 // Get referenced class type
1783 VerificationType ref_class_type = cp_ref_index_to_type(
1784 index, cp, CHECK_VERIFY(this));
1785 if (!ref_class_type.is_object()) {
1786 verify_error(
1787 "Expecting reference to class in class %s at constant pool index %d",
1788 _klass->external_name(), index);
1789 return;
1790 }
1791 VerificationType target_class_type = ref_class_type;
1792
1793 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1794 "buffer type must match VerificationType size");
1795 uintptr_t field_type_buffer[2];
1796 VerificationType* field_type = (VerificationType*)field_type_buffer;
1797 // If we make a VerificationType[2] array directly, the compiler calls
1798 // to the c-runtime library to do the allocation instead of just
1799 // stack allocating it. Plus it would run constructors. This shows up
1800 // in performance profiles.
1801
1802 SignatureStream sig_stream(field_sig, false);
1803 VerificationType stack_object_type;
1804 int n = change_sig_to_verificationType(
1805 &sig_stream, field_type, CHECK_VERIFY(this));
1806 u2 bci = bcs->bci();
1826 }
1827 goto check_protected;
1828 }
1829 case Bytecodes::_putfield: {
1830 for (int i = n - 1; i >= 0; i--) {
1831 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1832 }
1833 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
1834
1835 // The JVMS 2nd edition allows field initialization before the superclass
1836 // initializer, if the field is defined within the current class.
1837 fieldDescriptor fd;
1838 if (stack_object_type == VerificationType::uninitialized_this_type() &&
1839 target_class_type.equals(current_type()) &&
1840 _klass->find_local_field(field_name, field_sig, &fd)) {
1841 stack_object_type = current_type();
1842 }
1843 is_assignable = target_class_type.is_assignable_from(
1844 stack_object_type, this, CHECK_VERIFY(this));
1845 if (!is_assignable) {
1846 verify_error(bci, "Bad type on operand stack in putfield");
1847 return;
1848 }
1849 }
1850 check_protected: {
1851 if (_this_type == stack_object_type)
1852 break; // stack_object_type must be assignable to _current_class_type
1853 Symbol* ref_class_name =
1854 cp->klass_name_at(cp->klass_ref_index_at(index));
1855 if (!name_in_supers(ref_class_name, current_class()))
1856 // stack_object_type must be assignable to _current_class_type since:
1857 // 1. stack_object_type must be assignable to ref_class.
1858 // 2. ref_class must be _current_class or a subclass of it. It can't
1859 // be a superclass of it. See revised JVMS 5.4.4.
1860 break;
1861
1862 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
1863 if (is_protected_access(current_class(), ref_class_oop, field_name,
1864 field_sig, false)) {
1865 // It's protected access, check if stack object is assignable to
1866 // current class.
1867 is_assignable = current_type().is_assignable_from(
1868 stack_object_type, this, CHECK_VERIFY(this));
1869 if (!is_assignable) {
1870 verify_error(bci, "Bad access to protected data in getfield");
1871 return;
1872 }
1873 }
1874 break;
1875 }
1876 default: ShouldNotReachHere();
1877 }
1878 }
1879
1880 // Look at the method's handlers. If the bci is in the handler's try block
1881 // then check if the handler_pc is already on the stack. If not, push it.
1882 void ClassVerifier::push_handlers(typeArrayHandle exhandlers,
1883 GrowableArray<u4>* handler_stack,
1884 u4 bci) {
1885 int exlength = exhandlers->length();
1886 for(int x = 0; x < exlength; x++) {
1887 u2 start_pc = exhandlers->int_at(x++);
1888 u2 end_pc = exhandlers->int_at(x++);
1889 u2 handler_pc = exhandlers->int_at(x++);
1890
1891 if (bci >= start_pc && bci < end_pc) {
1892 handler_stack->append_if_missing(handler_pc);
1893 }
1894 }
1895 }
1896
1897 // Return TRUE if all code paths starting with start_bc_offset end in
1898 // bytecode athrow or loop.
1899 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset, TRAPS) {
1900 ResourceMark rm;
1901 // Create bytecode stream.
1902 RawBytecodeStream bcs(method());
1903 u4 code_length = method()->code_size();
1904 bcs.set_start(start_bc_offset);
1905 u4 target;
1906 // Create stack for storing bytecode start offsets for if* and *switch.
1907 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
1908 // Create stack for handlers for try blocks containing this handler.
1909 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
1910 // Create list of visited branch opcodes (goto* and if*).
1911 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
1912 typeArrayHandle exhandlers(THREAD, _method->exception_table());
1913
1914 while (true) {
1915 if (bcs.is_last_bytecode()) {
1916 // if no more starting offsets to parse or if at the end of the
1917 // method then return false.
1918 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
1919 return false;
1920 // Pop a bytecode starting offset and scan from there.
1921 bcs.set_start(bci_stack->pop());
1922 }
1923 Bytecodes::Code opcode = bcs.raw_next();
1924 u4 bci = bcs.bci();
1925
1926 // If the bytecode is in a TRY block, push its handlers so they
1927 // will get parsed.
1928 push_handlers(exhandlers, handler_stack, bci);
1929
1930 switch (opcode) {
1931 case Bytecodes::_if_icmpeq:
1932 case Bytecodes::_if_icmpne:
1933 case Bytecodes::_if_icmplt:
1934 case Bytecodes::_if_icmpge:
1935 case Bytecodes::_if_icmpgt:
1936 case Bytecodes::_if_icmple:
1937 case Bytecodes::_ifeq:
1938 case Bytecodes::_ifne:
1939 case Bytecodes::_iflt:
1940 case Bytecodes::_ifge:
1941 case Bytecodes::_ifgt:
1942 case Bytecodes::_ifle:
1943 case Bytecodes::_if_acmpeq:
1944 case Bytecodes::_if_acmpne:
1945 case Bytecodes::_ifnull:
1946 case Bytecodes::_ifnonnull:
1947 target = bcs.dest();
1948 if (visited_branches->contains(bci)) {
2056 } else {
2057 // Parse the catch handlers for try blocks containing athrow.
2058 bcs.set_start(handler_stack->pop());
2059 }
2060 } else {
2061 // Pop a bytecode offset and starting scanning from there.
2062 bcs.set_start(bci_stack->pop());
2063 }
2064 }
2065 break;
2066
2067 default:
2068 ;
2069 } // end switch
2070 } // end while loop
2071
2072 return false;
2073 }
2074
2075 void ClassVerifier::verify_invoke_init(
2076 RawBytecodeStream* bcs, VerificationType ref_class_type,
2077 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2078 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2079 TRAPS) {
2080 u2 bci = bcs->bci();
2081 VerificationType type = current_frame->pop_stack(
2082 VerificationType::reference_check(), CHECK_VERIFY(this));
2083 if (type == VerificationType::uninitialized_this_type()) {
2084 // The method must be an <init> method of this class or its superclass
2085 klassOop superk = current_class()->super();
2086 if (ref_class_type.name() != current_class()->name() &&
2087 ref_class_type.name() != superk->klass_part()->name()) {
2088 verify_error(bci, "Bad <init> method call");
2089 return;
2090 }
2091
2092 // If this invokespecial call is done from inside of a TRY block then make
2093 // sure that all catch clause paths end in a throw. Otherwise, this can
2094 // result in returning an incomplete object.
2095 if (in_try_block) {
2096 typeArrayHandle exhandlers (THREAD, _method->exception_table());
2097 int exlength = exhandlers->length();
2098 for(int i = 0; i < exlength; i++) {
2099 /*
2100 * Skip reading catch_type_index.
2101 * Looks like this if you need all of them:
2102 * u2 start_pc = exhandlers->int_at(i++);
2103 * u2 end_pc = exhandlers->int_at(i++);
2104 * u2 handler_pc = exhandlers->int_at(i++);
2105 * int catch_type_index = exhandlers->int_at(i++);
2106 */
2107 // Reacquire the table in case a GC happened
2108 typeArrayHandle exhandlers (THREAD, _method->exception_table());
2109 u2 start_pc = exhandlers->int_at(i++);
2110 u2 end_pc = exhandlers->int_at(i++);
2111 u2 handler_pc = exhandlers->int_at(i++);
2112
2113 if (bci >= start_pc && bci < end_pc) {
2114 bool athrow_check = ends_in_athrow(handler_pc, CHECK_VERIFY(this));
2115 if (!athrow_check) {
2116 verify_error(
2117 "Bad <init> method call from after the start of a try block");
2118 return;
2119 }
2120 }
2121 }
2122
2123 // Check the exception handler target stackmaps with the locals from the
2124 // incoming stackmap (before initialize_object() changes them to outgoing
2125 // state).
2126 verify_exception_handler_targets(bci, true, current_frame,
2127 stackmap_table, CHECK_VERIFY(this));
2128 } // in_try_block
2129
2130 current_frame->initialize_object(type, current_type());
2131 *this_uninit = true;
2132 } else if (type.is_uninitialized()) {
2133 u2 new_offset = type.bci();
2134 address new_bcp = bcs->bcp() - bci + new_offset;
2135 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2136 verify_error(new_offset, "Expecting new instruction");
2137 return;
2138 }
2139 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2140 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this));
2141
2142 // The method must be an <init> method of the indicated class
2143 VerificationType new_class_type = cp_index_to_type(
2144 new_class_index, cp, CHECK_VERIFY(this));
2145 if (!new_class_type.equals(ref_class_type)) {
2146 verify_error(bci, "Call to wrong <init> method");
2147 return;
2148 }
2149 // According to the VM spec, if the referent class is a superclass of the
2150 // current class, and is in a different runtime package, and the method is
2151 // protected, then the objectref must be the current class or a subclass
2152 // of the current class.
2153 VerificationType objectref_type = new_class_type;
2154 if (name_in_supers(ref_class_type.name(), current_class())) {
2155 klassOop ref_klass = load_class(
2156 ref_class_type.name(), CHECK_VERIFY(this));
2157 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
2158 vmSymbols::object_initializer_name(),
2159 cp->signature_ref_at(bcs->get_index_u2()));
2160 if (m == NULL) {
2161 verify_error(bci,
2162 "Call to missing <init> method");
2163 return;
2164 }
2165 instanceKlassHandle mh(THREAD, m->method_holder());
2166 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
2167 bool assignable = current_type().is_assignable_from(
2168 objectref_type, this, CHECK_VERIFY(this));
2169 if (!assignable) {
2170 verify_error(bci, "Bad access to protected <init> method");
2171 return;
2172 }
2173 }
2174 }
2175 // Check the exception handler target stackmaps with the locals from the
2176 // incoming stackmap (before initialize_object() changes them to outgoing
2177 // state).
2178 if (in_try_block) {
2179 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2180 stackmap_table, CHECK_VERIFY(this));
2181 }
2182 current_frame->initialize_object(type, new_class_type);
2183 } else {
2184 verify_error(bci, "Bad operand type when invoking <init>");
2185 return;
2186 }
2187 }
2188
2189 void ClassVerifier::verify_invoke_instructions(
2190 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2191 bool in_try_block, bool *this_uninit, VerificationType return_type,
2192 constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) {
2193 // Make sure the constant pool item is the right type
2194 u2 index = bcs->get_index_u2();
2195 Bytecodes::Code opcode = bcs->raw_code();
2196 unsigned int types = (opcode == Bytecodes::_invokeinterface
2197 ? 1 << JVM_CONSTANT_InterfaceMethodref
2198 : opcode == Bytecodes::_invokedynamic
2199 ? 1 << JVM_CONSTANT_InvokeDynamic
2200 : 1 << JVM_CONSTANT_Methodref);
2201 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
2202
2203 // Get method name and signature
2204 Symbol* method_name = cp->name_ref_at(index);
2205 Symbol* method_sig = cp->signature_ref_at(index);
2206
2207 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2208 class_format_error(
2209 "Invalid method signature in class %s referenced "
2210 "from constant pool index %d", _klass->external_name(), index);
2211 return;
2212 }
2213
2214 // Get referenced class type
2215 VerificationType ref_class_type;
2216 if (opcode == Bytecodes::_invokedynamic) {
2217 if (!EnableInvokeDynamic ||
2218 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2219 class_format_error(
2220 (!EnableInvokeDynamic ?
2221 "invokedynamic instructions not enabled in this JVM" :
2258 }
2259 int nargs = sig_i;
2260
2261 #ifdef ASSERT
2262 {
2263 ArgumentSizeComputer size_it(method_sig);
2264 assert(nargs == size_it.size(), "Argument sizes do not match");
2265 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2266 }
2267 #endif
2268
2269 // Check instruction operands
2270 u2 bci = bcs->bci();
2271 if (opcode == Bytecodes::_invokeinterface) {
2272 address bcp = bcs->bcp();
2273 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2274 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2275 // the difference between the size of the operand stack before and after the instruction
2276 // executes.
2277 if (*(bcp+3) != (nargs+1)) {
2278 verify_error(bci, "Inconsistent args count operand in invokeinterface");
2279 return;
2280 }
2281 if (*(bcp+4) != 0) {
2282 verify_error(bci, "Fourth operand byte of invokeinterface must be zero");
2283 return;
2284 }
2285 }
2286
2287 if (opcode == Bytecodes::_invokedynamic) {
2288 address bcp = bcs->bcp();
2289 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2290 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero");
2291 return;
2292 }
2293 }
2294
2295 if (method_name->byte_at(0) == '<') {
2296 // Make sure <init> can only be invoked by invokespecial
2297 if (opcode != Bytecodes::_invokespecial ||
2298 method_name != vmSymbols::object_initializer_name()) {
2299 verify_error(bci, "Illegal call to internal method");
2300 return;
2301 }
2302 } else if (opcode == Bytecodes::_invokespecial
2303 && !ref_class_type.equals(current_type())
2304 && !ref_class_type.equals(VerificationType::reference_type(
2305 current_class()->super()->klass_part()->name()))) {
2306 bool subtype = ref_class_type.is_assignable_from(
2307 current_type(), this, CHECK_VERIFY(this));
2308 if (!subtype) {
2309 verify_error(bci, "Bad invokespecial instruction: "
2310 "current class isn't assignable to reference class.");
2311 return;
2312 }
2313 }
2314 // Match method descriptor with operand stack
2315 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2316 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2317 }
2318 // Check objectref on operand stack
2319 if (opcode != Bytecodes::_invokestatic &&
2320 opcode != Bytecodes::_invokedynamic) {
2321 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2322 verify_invoke_init(bcs, ref_class_type, current_frame,
2323 code_length, in_try_block, this_uninit, cp, stackmap_table,
2324 CHECK_VERIFY(this));
2325 } else { // other methods
2326 // Ensures that target class is assignable to method class.
2327 if (opcode == Bytecodes::_invokespecial) {
2328 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2329 } else if (opcode == Bytecodes::_invokevirtual) {
2330 VerificationType stack_object_type =
2331 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2332 if (current_type() != stack_object_type) {
2333 assert(cp->cache() == NULL, "not rewritten yet");
2334 Symbol* ref_class_name =
2335 cp->klass_name_at(cp->klass_ref_index_at(index));
2336 // See the comments in verify_field_instructions() for
2337 // the rationale behind this.
2338 if (name_in_supers(ref_class_name, current_class())) {
2339 klassOop ref_class = load_class(ref_class_name, CHECK);
2340 if (is_protected_access(
2341 _klass, ref_class, method_name, method_sig, true)) {
2342 // It's protected access, check if stack object is
2343 // assignable to current class.
2344 bool is_assignable = current_type().is_assignable_from(
2345 stack_object_type, this, CHECK_VERIFY(this));
2346 if (!is_assignable) {
2347 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2348 && stack_object_type.is_array()
2349 && method_name == vmSymbols::clone_name()) {
2350 // Special case: arrays pretend to implement public Object
2351 // clone().
2352 } else {
2353 verify_error(bci,
2354 "Bad access to protected data in invokevirtual");
2355 return;
2356 }
2357 }
2358 }
2359 }
2360 }
2361 } else {
2362 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2363 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2364 }
2365 }
2366 }
2367 // Push the result type.
2368 if (sig_stream.type() != T_VOID) {
2369 if (method_name == vmSymbols::object_initializer_name()) {
2370 // <init> method must have a void return type
2371 verify_error(bci, "Return type must be void in <init> method");
2372 return;
2373 }
2374 VerificationType return_type[2];
2375 int n = change_sig_to_verificationType(
2376 &sig_stream, return_type, CHECK_VERIFY(this));
2377 for (int i = 0; i < n; i++) {
2378 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2379 }
2380 }
2381 }
2382
2383 VerificationType ClassVerifier::get_newarray_type(
2384 u2 index, u2 bci, TRAPS) {
2385 const char* from_bt[] = {
2386 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2387 };
2388 if (index < T_BOOLEAN || index > T_LONG) {
2389 verify_error(bci, "Illegal newarray instruction");
2390 return VerificationType::bogus_type();
2391 }
2392
2393 // from_bt[index] contains the array signature which has a length of 2
2394 Symbol* sig = create_temporary_symbol(
2395 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2396 return VerificationType::reference_type(sig);
2397 }
2398
2399 void ClassVerifier::verify_anewarray(
2400 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) {
2401 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
2402 current_frame->pop_stack(
2403 VerificationType::integer_type(), CHECK_VERIFY(this));
2404
2405 VerificationType component_type =
2406 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2407 int length;
2408 char* arr_sig_str;
2409 if (component_type.is_array()) { // it's an array
2410 const char* component_name = component_type.name()->as_utf8();
2411 // add one dimension to component
2412 length = (int)strlen(component_name) + 1;
2413 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2414 arr_sig_str[0] = '[';
2415 strncpy(&arr_sig_str[1], component_name, length - 1);
2416 } else { // it's an object or interface
2417 const char* component_name = component_type.name()->as_utf8();
2418 // add one dimension to component with 'L' prepended and ';' postpended.
2419 length = (int)strlen(component_name) + 3;
2420 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2421 arr_sig_str[0] = '[';
2494 VerificationType::double2_type(),
2495 VerificationType::double_type(), CHECK_VERIFY(this));
2496 current_frame->set_local_2(
2497 index, VerificationType::double_type(),
2498 VerificationType::double2_type(), CHECK_VERIFY(this));
2499 }
2500
2501 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2502 VerificationType type = current_frame->pop_stack(
2503 VerificationType::reference_check(), CHECK_VERIFY(this));
2504 current_frame->set_local(index, type, CHECK_VERIFY(this));
2505 }
2506
2507 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2508 VerificationType type = current_frame->get_local(
2509 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2510 current_frame->set_local(index, type, CHECK_VERIFY(this));
2511 }
2512
2513 void ClassVerifier::verify_return_value(
2514 VerificationType return_type, VerificationType type, u2 bci, TRAPS) {
2515 if (return_type == VerificationType::bogus_type()) {
2516 verify_error(bci, "Method expects a return value");
2517 return;
2518 }
2519 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
2520 if (!match) {
2521 verify_error(bci, "Bad return type");
2522 return;
2523 }
2524 }
2525
2526 // The verifier creates symbols which are substrings of Symbols.
2527 // These are stored in the verifier until the end of verification so that
2528 // they can be reference counted.
2529 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
2530 int end, TRAPS) {
2531 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2532 _symbols->push(sym);
2533 return sym;
2534 }
2535
2536 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2537 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2538 _symbols->push(sym);
2539 return sym;
2540 }
|
1 /*
2 * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTableFormat.hpp"
31 #include "classfile/systemDictionary.hpp"
32 #include "classfile/verifier.hpp"
33 #include "classfile/vmSymbols.hpp"
34 #include "interpreter/bytecodes.hpp"
35 #include "interpreter/bytecodeStream.hpp"
36 #include "memory/oopFactory.hpp"
37 #include "memory/resourceArea.hpp"
38 #include "oops/instanceKlass.hpp"
39 #include "oops/oop.inline.hpp"
40 #include "oops/typeArrayOop.hpp"
41 #include "prims/jvm.h"
42 #include "runtime/fieldDescriptor.hpp"
43 #include "runtime/handles.inline.hpp"
44 #include "runtime/interfaceSupport.hpp"
45 #include "runtime/javaCalls.hpp"
46 #include "runtime/orderAccess.hpp"
47 #include "runtime/os.hpp"
48 #ifdef TARGET_ARCH_x86
49 # include "bytes_x86.hpp"
50 #endif
51 #ifdef TARGET_ARCH_sparc
52 # include "bytes_sparc.hpp"
53 #endif
54 #ifdef TARGET_ARCH_zero
96 BytecodeVerificationLocal : BytecodeVerificationRemote;
97 }
98
99 bool Verifier::relax_verify_for(oop loader) {
100 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
101 bool need_verify =
102 // verifyAll
103 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
104 // verifyRemote
105 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
106 return !need_verify;
107 }
108
109 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
110 HandleMark hm;
111 ResourceMark rm(THREAD);
112
113 Symbol* exception_name = NULL;
114 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
115 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
116 char* exception_message = message_buffer;
117
118 const char* klassName = klass->external_name();
119 bool can_failover = FailOverToOldVerifier &&
120 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
121
122 // If the class should be verified, first see if we can use the split
123 // verifier. If not, or if verification fails and FailOverToOldVerifier
124 // is set, then call the inference verifier.
125 if (is_eligible_for_verification(klass, should_verify_class)) {
126 if (TraceClassInitialization) {
127 tty->print_cr("Start class verification for: %s", klassName);
128 }
129 if (UseSplitVerifier &&
130 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
131 ClassVerifier split_verifier(klass, THREAD);
132 split_verifier.verify_class(THREAD);
133 exception_name = split_verifier.result();
134 if (can_failover && !HAS_PENDING_EXCEPTION &&
135 (exception_name == vmSymbols::java_lang_VerifyError() ||
136 exception_name == vmSymbols::java_lang_ClassFormatError())) {
137 if (TraceClassInitialization || VerboseVerification) {
138 tty->print_cr(
139 "Fail over class verification to old verifier for: %s", klassName);
140 }
141 exception_name = inference_verify(
142 klass, message_buffer, message_buffer_len, THREAD);
143 }
144 if (exception_name != NULL) {
145 exception_message = split_verifier.exception_message();
146 }
147 } else {
148 exception_name = inference_verify(
149 klass, message_buffer, message_buffer_len, THREAD);
150 }
151
152 if (TraceClassInitialization || VerboseVerification) {
153 if (HAS_PENDING_EXCEPTION) {
154 tty->print("Verification for %s has", klassName);
155 tty->print_cr(" exception pending %s ",
156 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
157 } else if (exception_name != NULL) {
158 tty->print_cr("Verification for %s failed", klassName);
159 }
160 tty->print_cr("End class verification for: %s", klassName);
161 }
162 }
163
164 if (HAS_PENDING_EXCEPTION) {
165 return false; // use the existing exception
166 } else if (exception_name == NULL) {
167 return true; // verifcation succeeded
168 } else { // VerifyError or ClassFormatError to be created and thrown
169 ResourceMark rm(THREAD);
170 instanceKlassHandle kls =
171 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
172 while (!kls.is_null()) {
173 if (kls == klass) {
174 // If the class being verified is the exception we're creating
175 // or one of it's superclasses, we're in trouble and are going
176 // to infinitely recurse when we try to initialize the exception.
177 // So bail out here by throwing the preallocated VM error.
178 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
179 }
180 kls = kls->super();
181 }
182 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
183 THROW_MSG_(exception_name, exception_message, false);
184 }
185 }
186
187 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
188 Symbol* name = klass->name();
189 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
190
191 return (should_verify_for(klass->class_loader(), should_verify_class) &&
192 // return if the class is a bootstrapping class
193 // or defineClass specified not to verify by default (flags override passed arg)
194 // We need to skip the following four for bootstraping
195 name != vmSymbols::java_lang_Object() &&
196 name != vmSymbols::java_lang_Class() &&
197 name != vmSymbols::java_lang_String() &&
198 name != vmSymbols::java_lang_Throwable() &&
199
200 // Can not verify the bytecodes for shared classes because they have
201 // already been rewritten to contain constant pool cache indices,
202 // which the verifier can't understand.
203 // Shared classes shouldn't have stackmaps either.
211 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
212 (refl_magic_klass == NULL ||
213 !klass->is_subtype_of(refl_magic_klass) ||
214 VerifyReflectionBytecodes)
215 );
216 }
217
218 Symbol* Verifier::inference_verify(
219 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
220 JavaThread* thread = (JavaThread*)THREAD;
221 JNIEnv *env = thread->jni_environment();
222
223 void* verify_func = verify_byte_codes_fn();
224
225 if (verify_func == NULL) {
226 jio_snprintf(message, message_len, "Could not link verifier");
227 return vmSymbols::java_lang_VerifyError();
228 }
229
230 ResourceMark rm(THREAD);
231 if (VerboseVerification) {
232 tty->print_cr("Verifying class %s with old format", klass->external_name());
233 }
234
235 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
236 jint result;
237
238 {
239 HandleMark hm(thread);
240 ThreadToNativeFromVM ttn(thread);
241 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
242 // code knows that we have left the VM
243
244 if (_is_new_verify_byte_codes_fn) {
245 verify_byte_codes_fn_new_t func =
246 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
247 result = (*func)(env, cls, message, (int)message_len,
248 klass->major_version());
249 } else {
250 verify_byte_codes_fn_t func =
251 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
255
256 JNIHandles::destroy_local(cls);
257
258 // These numbers are chosen so that VerifyClassCodes interface doesn't need
259 // to be changed (still return jboolean (unsigned char)), and result is
260 // 1 when verification is passed.
261 if (result == 0) {
262 return vmSymbols::java_lang_VerifyError();
263 } else if (result == 1) {
264 return NULL; // verified.
265 } else if (result == 2) {
266 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
267 } else if (result == 3) {
268 return vmSymbols::java_lang_ClassFormatError();
269 } else {
270 ShouldNotReachHere();
271 return NULL;
272 }
273 }
274
275 TypeOrigin TypeOrigin::null() {
276 return TypeOrigin();
277 }
278 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
279 assert(frame != NULL, "Must have a frame");
280 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
281 frame->local_at(index));
282 }
283 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
284 assert(frame != NULL, "Must have a frame");
285 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
286 frame->stack_at(index));
287 }
288 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
289 assert(frame != NULL, "Must have a frame");
290 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
291 frame->local_at(index));
292 }
293 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
294 assert(frame != NULL, "Must have a frame");
295 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
296 frame->stack_at(index));
297 }
298 TypeOrigin TypeOrigin::bad_index(u2 index) {
299 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
300 }
301 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
302 return TypeOrigin(CONST_POOL, index, NULL, vt);
303 }
304 TypeOrigin TypeOrigin::signature(VerificationType vt) {
305 return TypeOrigin(SIG, 0, NULL, vt);
306 }
307 TypeOrigin TypeOrigin::implicit(VerificationType t) {
308 return TypeOrigin(IMPLICIT, 0, NULL, t);
309 }
310 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
311 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
312 VerificationType::bogus_type());
313 }
314
315 void TypeOrigin::reset_frame() {
316 if (_frame != NULL) {
317 _frame->restore();
318 }
319 }
320
321 void TypeOrigin::details(outputStream* ss) const {
322 _type.print_on(ss);
323 switch (_origin) {
324 case CF_LOCALS:
325 ss->print(" (current frame, locals[%d])", _index);
326 break;
327 case CF_STACK:
328 ss->print(" (current frame, stack[%d])", _index);
329 break;
330 case SM_LOCALS:
331 ss->print(" (stack map, locals[%d])", _index);
332 break;
333 case SM_STACK:
334 ss->print(" (stack map, stack[%d])", _index);
335 break;
336 case CONST_POOL:
337 ss->print(" (constant pool %d)", _index);
338 break;
339 case SIG:
340 ss->print(" (from method signature)");
341 break;
342 case IMPLICIT:
343 case FRAME_ONLY:
344 case NONE:
345 default:
346 ;
347 }
348 }
349
350 #ifdef ASSERT
351 void TypeOrigin::print_on(outputStream* str) const {
352 str->print("{%d,%d,%p:", _origin, _index, _frame);
353 if (_frame != NULL) {
354 _frame->print_on(str);
355 } else {
356 str->print("null");
357 }
358 str->print(",");
359 _type.print_on(str);
360 str->print("}");
361 }
362 #endif
363
364 void ErrorContext::details(outputStream* ss, methodOop method) const {
365 if (is_valid()) {
366 ss->print_cr("");
367 ss->print_cr("Exception Details:");
368 location_details(ss, method);
369 reason_details(ss);
370 frame_details(ss);
371 bytecode_details(ss, method);
372 handler_details(ss, method);
373 stackmap_details(ss, method);
374 }
375 }
376
377 void ErrorContext::reason_details(outputStream* ss) const {
378 streamIndentor si(ss);
379 ss->indent().print_cr("Reason:");
380 streamIndentor si2(ss);
381 ss->indent().print("");
382 switch (_fault) {
383 case INVALID_BYTECODE:
384 ss->print("Error exists in the bytecode");
385 break;
386 case WRONG_TYPE:
387 if (_expected.is_valid()) {
388 ss->print("Type ");
389 _type.details(ss);
390 ss->print(" is not assignable to ");
391 _expected.details(ss);
392 } else {
393 ss->print("Invalid type: ");
394 _type.details(ss);
395 }
396 break;
397 case FLAGS_MISMATCH:
398 if (_expected.is_valid()) {
399 ss->print("Current frame's flags are not assignable "
400 "to stack map frame's.");
401 } else {
402 ss->print("Current frame's flags are invalid in this context.");
403 }
404 break;
405 case BAD_CP_INDEX:
406 ss->print("Constant pool index %d is invalid", _type.index());
407 break;
408 case BAD_LOCAL_INDEX:
409 ss->print("Local index %d is invalid", _type.index());
410 break;
411 case LOCALS_SIZE_MISMATCH:
412 ss->print("Current frame's local size doesn't match stackmap.");
413 break;
414 case STACK_SIZE_MISMATCH:
415 ss->print("Current frame's stack size doesn't match stackmap.");
416 break;
417 case STACK_OVERFLOW:
418 ss->print("Exceeded max stack size.");
419 break;
420 case STACK_UNDERFLOW:
421 ss->print("Attempt to pop empty stack.");
422 break;
423 case MISSING_STACKMAP:
424 ss->print("Expected stackmap frame at this location.");
425 break;
426 case BAD_STACKMAP:
427 ss->print("Invalid stackmap specification.");
428 break;
429 case UNKNOWN:
430 default:
431 ShouldNotReachHere();
432 ss->print_cr("Unknown");
433 }
434 ss->print_cr("");
435 }
436
437 void ErrorContext::location_details(outputStream* ss, methodOop method) const {
438 if (_bci != -1 && method != NULL) {
439 streamIndentor si(ss);
440 const char* bytecode_name = "<invalid>";
441 if (method->validate_bci_from_bcx(_bci) != -1) {
442 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
443 if (Bytecodes::is_defined(code)) {
444 bytecode_name = Bytecodes::name(code);
445 } else {
446 bytecode_name = "<illegal>";
447 }
448 }
449 instanceKlass* ik = instanceKlass::cast(method->method_holder());
450 ss->indent().print_cr("Location:");
451 streamIndentor si2(ss);
452 ss->indent().print_cr("%s.%s%s @%d: %s",
453 ik->name()->as_C_string(), method->name()->as_C_string(),
454 method->signature()->as_C_string(), _bci, bytecode_name);
455 }
456 }
457
458 void ErrorContext::frame_details(outputStream* ss) const {
459 streamIndentor si(ss);
460 if (_type.is_valid() && _type.frame() != NULL) {
461 ss->indent().print_cr("Current Frame:");
462 streamIndentor si2(ss);
463 _type.frame()->print_on(ss);
464 }
465 if (_expected.is_valid() && _expected.frame() != NULL) {
466 ss->indent().print_cr("Stackmap Frame:");
467 streamIndentor si2(ss);
468 _expected.frame()->print_on(ss);
469 }
470 }
471
472 void ErrorContext::bytecode_details(outputStream* ss, methodOop method) const {
473 if (method != NULL) {
474 streamIndentor si(ss);
475 ss->indent().print_cr("Bytecode:");
476 streamIndentor si2(ss);
477 ss->print_data(method->code_base(), method->code_size(), false);
478 }
479 }
480
481 void ErrorContext::handler_details(outputStream* ss, methodOop method) const {
482 if (method != NULL) {
483 streamIndentor si(ss);
484 ExceptionTable table(method);
485 if (table.length() > 0) {
486 ss->indent().print_cr("Exception Handler Table:");
487 streamIndentor si2(ss);
488 for (int i = 0; i < table.length(); ++i) {
489 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
490 table.end_pc(i), table.handler_pc(i));
491 }
492 }
493 }
494 }
495
496 void ErrorContext::stackmap_details(outputStream* ss, methodOop method) const {
497 if (method != NULL && method->has_stackmap_table()) {
498 streamIndentor si(ss);
499 ss->indent().print_cr("Stackmap Table:");
500 typeArrayOop data = method->stackmap_data();
501 stack_map_table* sm_table =
502 stack_map_table::at((address)data->byte_at_addr(0));
503 stack_map_frame* sm_frame = sm_table->entries();
504 streamIndentor si2(ss);
505 int current_offset = -1;
506 // Subtract two from StackMapAttribute length because the length includes
507 // two bytes for number of table entries.
508 size_t sm_table_space = method->stackmap_data()->length() - 2;
509 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
510 ss->indent();
511 size_t sm_frame_size = sm_frame->size();
512 // If the size of the next stackmap exceeds the length of the entire
513 // stackmap table then print a truncated message and return.
514 if (sm_frame_size > sm_table_space) {
515 sm_frame->print_truncated(ss, current_offset);
516 return;
517 }
518 sm_table_space -= sm_frame_size;
519 sm_frame->print_on(ss, current_offset);
520 ss->print_cr("");
521 current_offset += sm_frame->offset_delta();
522 sm_frame = sm_frame->next();
523 }
524 }
525 }
526
527 // Methods in ClassVerifier
528
529 ClassVerifier::ClassVerifier(
530 instanceKlassHandle klass, TRAPS)
531 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
532 _this_type = VerificationType::reference_type(klass->name());
533 // Create list to hold symbols in reference area.
534 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
535 }
536
537 ClassVerifier::~ClassVerifier() {
538 // Decrement the reference count for any symbols created.
539 for (int i = 0; i < _symbols->length(); i++) {
540 Symbol* s = _symbols->at(i);
541 s->decrement_refcount();
542 }
543 }
544
545 VerificationType ClassVerifier::object_type() const {
546 return VerificationType::reference_type(vmSymbols::java_lang_Object());
547 }
548
549 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
550 VerificationType vt = VerificationType::reference_type(
551 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
552 return TypeOrigin::implicit(vt);
553 }
554
555 void ClassVerifier::verify_class(TRAPS) {
556 if (VerboseVerification) {
557 tty->print_cr("Verifying class %s with new format",
558 _klass->external_name());
559 }
560
561 objArrayHandle methods(THREAD, _klass->methods());
562 int num_methods = methods->length();
563
564 for (int index = 0; index < num_methods; index++) {
565 // Check for recursive re-verification before each method.
566 if (was_recursively_verified()) return;
567
568 methodOop m = (methodOop)methods->obj_at(index);
569 if (m->is_native() || m->is_abstract()) {
570 // If m is native or abstract, skip it. It is checked in class file
571 // parser that methods do not override a final method.
572 continue;
573 }
574 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
575 }
576
577 if (VerboseVerification || TraceClassInitialization) {
578 if (was_recursively_verified())
579 tty->print_cr("Recursive verification detected for: %s",
580 _klass->external_name());
581 }
582 }
583
584 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
585 _method = m; // initialize _method
586 if (VerboseVerification) {
587 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
588 }
589
590 const char* bad_type_msg = "Bad type on operand stack in %s";
591
592 int32_t max_stack = m->max_stack();
593 int32_t max_locals = m->max_locals();
594 constantPoolHandle cp(THREAD, m->constants());
595
596 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
597 class_format_error("Invalid method signature");
598 return;
599 }
600
601 // Initial stack map frame: offset is 0, stack is initially empty.
602 StackMapFrame current_frame(max_locals, max_stack, this);
603 // Set initial locals
604 VerificationType return_type = current_frame.set_locals_from_arg(
605 m, current_type(), CHECK_VERIFY(this));
606
613
614 int ex_min = code_length;
615 int ex_max = -1;
616 // Look through each item on the exception table. Each of the fields must refer
617 // to a legal instruction.
618 verify_exception_handler_table(
619 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
620
621 // Look through each entry on the local variable table and make sure
622 // its range of code array offsets is valid. (4169817)
623 if (m->has_localvariable_table()) {
624 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
625 }
626
627 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
628 StackMapStream stream(stackmap_data);
629 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
630 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
631 code_data, code_length, CHECK_VERIFY(this));
632
633 if (VerboseVerification) {
634 stackmap_table.print_on(tty);
635 }
636
637 RawBytecodeStream bcs(m);
638
639 // Scan the byte code linearly from the start to the end
640 bool no_control_flow = false; // Set to true when there is no direct control
641 // flow from current instruction to the next
642 // instruction in sequence
643
644 Bytecodes::Code opcode;
645 while (!bcs.is_last_bytecode()) {
646 // Check for recursive re-verification before each bytecode.
647 if (was_recursively_verified()) return;
648
649 opcode = bcs.raw_next();
650 u2 bci = bcs.bci();
651
652 // Set current frame's offset to bci
653 current_frame.set_offset(bci);
654 current_frame.set_mark();
655
656 // Make sure every offset in stackmap table point to the beginning to
657 // an instruction. Match current_frame to stackmap_table entry with
658 // the same offset if exists.
659 stackmap_index = verify_stackmap_table(
660 stackmap_index, bci, ¤t_frame, &stackmap_table,
661 no_control_flow, CHECK_VERIFY(this));
662
663
664 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
665
666 // Merge with the next instruction
667 {
668 u2 index;
669 int target;
670 VerificationType type, type2;
671 VerificationType atype;
672
673 #ifndef PRODUCT
674 if (VerboseVerification) {
675 current_frame.print_on(tty);
676 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
677 }
678 #endif
679
680 // Make sure wide instruction is in correct format
681 if (bcs.is_wide()) {
682 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
683 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
684 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
685 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
686 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
687 opcode != Bytecodes::_dstore) {
688 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
689 * if we encounter a wide instruction that modifies an invalid
690 * opcode (not one of the ones listed above) */
691 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
692 return;
693 }
694 }
695
696 switch (opcode) {
697 case Bytecodes::_nop :
698 no_control_flow = false; break;
699 case Bytecodes::_aconst_null :
700 current_frame.push_stack(
701 VerificationType::null_type(), CHECK_VERIFY(this));
702 no_control_flow = false; break;
703 case Bytecodes::_iconst_m1 :
704 case Bytecodes::_iconst_0 :
705 case Bytecodes::_iconst_1 :
706 case Bytecodes::_iconst_2 :
707 case Bytecodes::_iconst_3 :
708 case Bytecodes::_iconst_4 :
709 case Bytecodes::_iconst_5 :
710 current_frame.push_stack(
711 VerificationType::integer_type(), CHECK_VERIFY(this));
783 case Bytecodes::_dload_3 :
784 index = opcode - Bytecodes::_dload_0;
785 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
786 no_control_flow = false; break;
787 case Bytecodes::_aload :
788 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
789 no_control_flow = false; break;
790 case Bytecodes::_aload_0 :
791 case Bytecodes::_aload_1 :
792 case Bytecodes::_aload_2 :
793 case Bytecodes::_aload_3 :
794 index = opcode - Bytecodes::_aload_0;
795 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
796 no_control_flow = false; break;
797 case Bytecodes::_iaload :
798 type = current_frame.pop_stack(
799 VerificationType::integer_type(), CHECK_VERIFY(this));
800 atype = current_frame.pop_stack(
801 VerificationType::reference_check(), CHECK_VERIFY(this));
802 if (!atype.is_int_array()) {
803 verify_error(ErrorContext::bad_type(bci,
804 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
805 bad_type_msg, "iaload");
806 return;
807 }
808 current_frame.push_stack(
809 VerificationType::integer_type(), CHECK_VERIFY(this));
810 no_control_flow = false; break;
811 case Bytecodes::_baload :
812 type = current_frame.pop_stack(
813 VerificationType::integer_type(), CHECK_VERIFY(this));
814 atype = current_frame.pop_stack(
815 VerificationType::reference_check(), CHECK_VERIFY(this));
816 if (!atype.is_bool_array() && !atype.is_byte_array()) {
817 verify_error(
818 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
819 bad_type_msg, "baload");
820 return;
821 }
822 current_frame.push_stack(
823 VerificationType::integer_type(), CHECK_VERIFY(this));
824 no_control_flow = false; break;
825 case Bytecodes::_caload :
826 type = current_frame.pop_stack(
827 VerificationType::integer_type(), CHECK_VERIFY(this));
828 atype = current_frame.pop_stack(
829 VerificationType::reference_check(), CHECK_VERIFY(this));
830 if (!atype.is_char_array()) {
831 verify_error(ErrorContext::bad_type(bci,
832 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
833 bad_type_msg, "caload");
834 return;
835 }
836 current_frame.push_stack(
837 VerificationType::integer_type(), CHECK_VERIFY(this));
838 no_control_flow = false; break;
839 case Bytecodes::_saload :
840 type = current_frame.pop_stack(
841 VerificationType::integer_type(), CHECK_VERIFY(this));
842 atype = current_frame.pop_stack(
843 VerificationType::reference_check(), CHECK_VERIFY(this));
844 if (!atype.is_short_array()) {
845 verify_error(ErrorContext::bad_type(bci,
846 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
847 bad_type_msg, "saload");
848 return;
849 }
850 current_frame.push_stack(
851 VerificationType::integer_type(), CHECK_VERIFY(this));
852 no_control_flow = false; break;
853 case Bytecodes::_laload :
854 type = current_frame.pop_stack(
855 VerificationType::integer_type(), CHECK_VERIFY(this));
856 atype = current_frame.pop_stack(
857 VerificationType::reference_check(), CHECK_VERIFY(this));
858 if (!atype.is_long_array()) {
859 verify_error(ErrorContext::bad_type(bci,
860 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
861 bad_type_msg, "laload");
862 return;
863 }
864 current_frame.push_stack_2(
865 VerificationType::long_type(),
866 VerificationType::long2_type(), CHECK_VERIFY(this));
867 no_control_flow = false; break;
868 case Bytecodes::_faload :
869 type = current_frame.pop_stack(
870 VerificationType::integer_type(), CHECK_VERIFY(this));
871 atype = current_frame.pop_stack(
872 VerificationType::reference_check(), CHECK_VERIFY(this));
873 if (!atype.is_float_array()) {
874 verify_error(ErrorContext::bad_type(bci,
875 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
876 bad_type_msg, "faload");
877 return;
878 }
879 current_frame.push_stack(
880 VerificationType::float_type(), CHECK_VERIFY(this));
881 no_control_flow = false; break;
882 case Bytecodes::_daload :
883 type = current_frame.pop_stack(
884 VerificationType::integer_type(), CHECK_VERIFY(this));
885 atype = current_frame.pop_stack(
886 VerificationType::reference_check(), CHECK_VERIFY(this));
887 if (!atype.is_double_array()) {
888 verify_error(ErrorContext::bad_type(bci,
889 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
890 bad_type_msg, "daload");
891 return;
892 }
893 current_frame.push_stack_2(
894 VerificationType::double_type(),
895 VerificationType::double2_type(), CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_aaload : {
898 type = current_frame.pop_stack(
899 VerificationType::integer_type(), CHECK_VERIFY(this));
900 atype = current_frame.pop_stack(
901 VerificationType::reference_check(), CHECK_VERIFY(this));
902 if (!atype.is_reference_array()) {
903 verify_error(ErrorContext::bad_type(bci,
904 current_frame.stack_top_ctx(),
905 TypeOrigin::implicit(VerificationType::reference_check())),
906 bad_type_msg, "aaload");
907 return;
908 }
909 if (atype.is_null()) {
910 current_frame.push_stack(
911 VerificationType::null_type(), CHECK_VERIFY(this));
912 } else {
913 VerificationType component =
914 atype.get_component(this, CHECK_VERIFY(this));
915 current_frame.push_stack(component, CHECK_VERIFY(this));
916 }
917 no_control_flow = false; break;
918 }
919 case Bytecodes::_istore :
920 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 case Bytecodes::_istore_0 :
923 case Bytecodes::_istore_1 :
924 case Bytecodes::_istore_2 :
925 case Bytecodes::_istore_3 :
926 index = opcode - Bytecodes::_istore_0;
957 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
958 no_control_flow = false; break;
959 case Bytecodes::_astore :
960 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
961 no_control_flow = false; break;
962 case Bytecodes::_astore_0 :
963 case Bytecodes::_astore_1 :
964 case Bytecodes::_astore_2 :
965 case Bytecodes::_astore_3 :
966 index = opcode - Bytecodes::_astore_0;
967 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
968 no_control_flow = false; break;
969 case Bytecodes::_iastore :
970 type = current_frame.pop_stack(
971 VerificationType::integer_type(), CHECK_VERIFY(this));
972 type2 = current_frame.pop_stack(
973 VerificationType::integer_type(), CHECK_VERIFY(this));
974 atype = current_frame.pop_stack(
975 VerificationType::reference_check(), CHECK_VERIFY(this));
976 if (!atype.is_int_array()) {
977 verify_error(ErrorContext::bad_type(bci,
978 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
979 bad_type_msg, "iastore");
980 return;
981 }
982 no_control_flow = false; break;
983 case Bytecodes::_bastore :
984 type = current_frame.pop_stack(
985 VerificationType::integer_type(), CHECK_VERIFY(this));
986 type2 = current_frame.pop_stack(
987 VerificationType::integer_type(), CHECK_VERIFY(this));
988 atype = current_frame.pop_stack(
989 VerificationType::reference_check(), CHECK_VERIFY(this));
990 if (!atype.is_bool_array() && !atype.is_byte_array()) {
991 verify_error(
992 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
993 bad_type_msg, "bastore");
994 return;
995 }
996 no_control_flow = false; break;
997 case Bytecodes::_castore :
998 current_frame.pop_stack(
999 VerificationType::integer_type(), CHECK_VERIFY(this));
1000 current_frame.pop_stack(
1001 VerificationType::integer_type(), CHECK_VERIFY(this));
1002 atype = current_frame.pop_stack(
1003 VerificationType::reference_check(), CHECK_VERIFY(this));
1004 if (!atype.is_char_array()) {
1005 verify_error(ErrorContext::bad_type(bci,
1006 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1007 bad_type_msg, "castore");
1008 return;
1009 }
1010 no_control_flow = false; break;
1011 case Bytecodes::_sastore :
1012 current_frame.pop_stack(
1013 VerificationType::integer_type(), CHECK_VERIFY(this));
1014 current_frame.pop_stack(
1015 VerificationType::integer_type(), CHECK_VERIFY(this));
1016 atype = current_frame.pop_stack(
1017 VerificationType::reference_check(), CHECK_VERIFY(this));
1018 if (!atype.is_short_array()) {
1019 verify_error(ErrorContext::bad_type(bci,
1020 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1021 bad_type_msg, "sastore");
1022 return;
1023 }
1024 no_control_flow = false; break;
1025 case Bytecodes::_lastore :
1026 current_frame.pop_stack_2(
1027 VerificationType::long2_type(),
1028 VerificationType::long_type(), CHECK_VERIFY(this));
1029 current_frame.pop_stack(
1030 VerificationType::integer_type(), CHECK_VERIFY(this));
1031 atype = current_frame.pop_stack(
1032 VerificationType::reference_check(), CHECK_VERIFY(this));
1033 if (!atype.is_long_array()) {
1034 verify_error(ErrorContext::bad_type(bci,
1035 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1036 bad_type_msg, "lastore");
1037 return;
1038 }
1039 no_control_flow = false; break;
1040 case Bytecodes::_fastore :
1041 current_frame.pop_stack(
1042 VerificationType::float_type(), CHECK_VERIFY(this));
1043 current_frame.pop_stack
1044 (VerificationType::integer_type(), CHECK_VERIFY(this));
1045 atype = current_frame.pop_stack(
1046 VerificationType::reference_check(), CHECK_VERIFY(this));
1047 if (!atype.is_float_array()) {
1048 verify_error(ErrorContext::bad_type(bci,
1049 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1050 bad_type_msg, "fastore");
1051 return;
1052 }
1053 no_control_flow = false; break;
1054 case Bytecodes::_dastore :
1055 current_frame.pop_stack_2(
1056 VerificationType::double2_type(),
1057 VerificationType::double_type(), CHECK_VERIFY(this));
1058 current_frame.pop_stack(
1059 VerificationType::integer_type(), CHECK_VERIFY(this));
1060 atype = current_frame.pop_stack(
1061 VerificationType::reference_check(), CHECK_VERIFY(this));
1062 if (!atype.is_double_array()) {
1063 verify_error(ErrorContext::bad_type(bci,
1064 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1065 bad_type_msg, "dastore");
1066 return;
1067 }
1068 no_control_flow = false; break;
1069 case Bytecodes::_aastore :
1070 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1071 type2 = current_frame.pop_stack(
1072 VerificationType::integer_type(), CHECK_VERIFY(this));
1073 atype = current_frame.pop_stack(
1074 VerificationType::reference_check(), CHECK_VERIFY(this));
1075 // more type-checking is done at runtime
1076 if (!atype.is_reference_array()) {
1077 verify_error(ErrorContext::bad_type(bci,
1078 current_frame.stack_top_ctx(),
1079 TypeOrigin::implicit(VerificationType::reference_check())),
1080 bad_type_msg, "aastore");
1081 return;
1082 }
1083 // 4938384: relaxed constraint in JVMS 3nd edition.
1084 no_control_flow = false; break;
1085 case Bytecodes::_pop :
1086 current_frame.pop_stack(
1087 VerificationType::category1_check(), CHECK_VERIFY(this));
1088 no_control_flow = false; break;
1089 case Bytecodes::_pop2 :
1090 type = current_frame.pop_stack(CHECK_VERIFY(this));
1091 if (type.is_category1()) {
1092 current_frame.pop_stack(
1093 VerificationType::category1_check(), CHECK_VERIFY(this));
1094 } else if (type.is_category2_2nd()) {
1095 current_frame.pop_stack(
1096 VerificationType::category2_check(), CHECK_VERIFY(this));
1097 } else {
1098 /* Unreachable? Would need a category2_1st on TOS
1099 * which does not appear possible. */
1100 verify_error(
1101 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1102 bad_type_msg, "pop2");
1103 return;
1104 }
1105 no_control_flow = false; break;
1106 case Bytecodes::_dup :
1107 type = current_frame.pop_stack(
1108 VerificationType::category1_check(), CHECK_VERIFY(this));
1109 current_frame.push_stack(type, CHECK_VERIFY(this));
1110 current_frame.push_stack(type, CHECK_VERIFY(this));
1111 no_control_flow = false; break;
1112 case Bytecodes::_dup_x1 :
1113 type = current_frame.pop_stack(
1114 VerificationType::category1_check(), CHECK_VERIFY(this));
1115 type2 = current_frame.pop_stack(
1116 VerificationType::category1_check(), CHECK_VERIFY(this));
1117 current_frame.push_stack(type, CHECK_VERIFY(this));
1118 current_frame.push_stack(type2, CHECK_VERIFY(this));
1119 current_frame.push_stack(type, CHECK_VERIFY(this));
1120 no_control_flow = false; break;
1121 case Bytecodes::_dup_x2 :
1122 {
1123 VerificationType type3;
1124 type = current_frame.pop_stack(
1125 VerificationType::category1_check(), CHECK_VERIFY(this));
1126 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1127 if (type2.is_category1()) {
1128 type3 = current_frame.pop_stack(
1129 VerificationType::category1_check(), CHECK_VERIFY(this));
1130 } else if (type2.is_category2_2nd()) {
1131 type3 = current_frame.pop_stack(
1132 VerificationType::category2_check(), CHECK_VERIFY(this));
1133 } else {
1134 /* Unreachable? Would need a category2_1st at stack depth 2 with
1135 * a category1 on TOS which does not appear possible. */
1136 verify_error(ErrorContext::bad_type(
1137 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1138 return;
1139 }
1140 current_frame.push_stack(type, CHECK_VERIFY(this));
1141 current_frame.push_stack(type3, CHECK_VERIFY(this));
1142 current_frame.push_stack(type2, CHECK_VERIFY(this));
1143 current_frame.push_stack(type, CHECK_VERIFY(this));
1144 no_control_flow = false; break;
1145 }
1146 case Bytecodes::_dup2 :
1147 type = current_frame.pop_stack(CHECK_VERIFY(this));
1148 if (type.is_category1()) {
1149 type2 = current_frame.pop_stack(
1150 VerificationType::category1_check(), CHECK_VERIFY(this));
1151 } else if (type.is_category2_2nd()) {
1152 type2 = current_frame.pop_stack(
1153 VerificationType::category2_check(), CHECK_VERIFY(this));
1154 } else {
1155 /* Unreachable? Would need a category2_1st on TOS which does not
1156 * appear possible. */
1157 verify_error(
1158 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1159 bad_type_msg, "dup2");
1160 return;
1161 }
1162 current_frame.push_stack(type2, CHECK_VERIFY(this));
1163 current_frame.push_stack(type, CHECK_VERIFY(this));
1164 current_frame.push_stack(type2, CHECK_VERIFY(this));
1165 current_frame.push_stack(type, CHECK_VERIFY(this));
1166 no_control_flow = false; break;
1167 case Bytecodes::_dup2_x1 :
1168 {
1169 VerificationType type3;
1170 type = current_frame.pop_stack(CHECK_VERIFY(this));
1171 if (type.is_category1()) {
1172 type2 = current_frame.pop_stack(
1173 VerificationType::category1_check(), CHECK_VERIFY(this));
1174 } else if (type.is_category2_2nd()) {
1175 type2 = current_frame.pop_stack(
1176 VerificationType::category2_check(), CHECK_VERIFY(this));
1177 } else {
1178 /* Unreachable? Would need a category2_1st on TOS which does
1179 * not appear possible. */
1180 verify_error(
1181 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1182 bad_type_msg, "dup2_x1");
1183 return;
1184 }
1185 type3 = current_frame.pop_stack(
1186 VerificationType::category1_check(), CHECK_VERIFY(this));
1187 current_frame.push_stack(type2, CHECK_VERIFY(this));
1188 current_frame.push_stack(type, CHECK_VERIFY(this));
1189 current_frame.push_stack(type3, CHECK_VERIFY(this));
1190 current_frame.push_stack(type2, CHECK_VERIFY(this));
1191 current_frame.push_stack(type, CHECK_VERIFY(this));
1192 no_control_flow = false; break;
1193 }
1194 case Bytecodes::_dup2_x2 :
1195 {
1196 VerificationType type3, type4;
1197 type = current_frame.pop_stack(CHECK_VERIFY(this));
1198 if (type.is_category1()) {
1199 type2 = current_frame.pop_stack(
1200 VerificationType::category1_check(), CHECK_VERIFY(this));
1201 } else if (type.is_category2_2nd()) {
1202 type2 = current_frame.pop_stack(
1203 VerificationType::category2_check(), CHECK_VERIFY(this));
1204 } else {
1205 /* Unreachable? Would need a category2_1st on TOS which does
1206 * not appear possible. */
1207 verify_error(
1208 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1209 bad_type_msg, "dup2_x2");
1210 return;
1211 }
1212 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1213 if (type3.is_category1()) {
1214 type4 = current_frame.pop_stack(
1215 VerificationType::category1_check(), CHECK_VERIFY(this));
1216 } else if (type3.is_category2_2nd()) {
1217 type4 = current_frame.pop_stack(
1218 VerificationType::category2_check(), CHECK_VERIFY(this));
1219 } else {
1220 /* Unreachable? Would need a category2_1st on TOS after popping
1221 * a long/double or two category 1's, which does not
1222 * appear possible. */
1223 verify_error(
1224 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1225 bad_type_msg, "dup2_x2");
1226 return;
1227 }
1228 current_frame.push_stack(type2, CHECK_VERIFY(this));
1229 current_frame.push_stack(type, CHECK_VERIFY(this));
1230 current_frame.push_stack(type4, CHECK_VERIFY(this));
1231 current_frame.push_stack(type3, CHECK_VERIFY(this));
1232 current_frame.push_stack(type2, CHECK_VERIFY(this));
1233 current_frame.push_stack(type, CHECK_VERIFY(this));
1234 no_control_flow = false; break;
1235 }
1236 case Bytecodes::_swap :
1237 type = current_frame.pop_stack(
1238 VerificationType::category1_check(), CHECK_VERIFY(this));
1239 type2 = current_frame.pop_stack(
1240 VerificationType::category1_check(), CHECK_VERIFY(this));
1241 current_frame.push_stack(type, CHECK_VERIFY(this));
1242 current_frame.push_stack(type2, CHECK_VERIFY(this));
1243 no_control_flow = false; break;
1244 case Bytecodes::_iadd :
1245 case Bytecodes::_isub :
1485 no_control_flow = false; break;
1486 case Bytecodes::_goto :
1487 target = bcs.dest();
1488 stackmap_table.check_jump_target(
1489 ¤t_frame, target, CHECK_VERIFY(this));
1490 no_control_flow = true; break;
1491 case Bytecodes::_goto_w :
1492 target = bcs.dest_w();
1493 stackmap_table.check_jump_target(
1494 ¤t_frame, target, CHECK_VERIFY(this));
1495 no_control_flow = true; break;
1496 case Bytecodes::_tableswitch :
1497 case Bytecodes::_lookupswitch :
1498 verify_switch(
1499 &bcs, code_length, code_data, ¤t_frame,
1500 &stackmap_table, CHECK_VERIFY(this));
1501 no_control_flow = true; break;
1502 case Bytecodes::_ireturn :
1503 type = current_frame.pop_stack(
1504 VerificationType::integer_type(), CHECK_VERIFY(this));
1505 verify_return_value(return_type, type, bci,
1506 ¤t_frame, CHECK_VERIFY(this));
1507 no_control_flow = true; break;
1508 case Bytecodes::_lreturn :
1509 type2 = current_frame.pop_stack(
1510 VerificationType::long2_type(), CHECK_VERIFY(this));
1511 type = current_frame.pop_stack(
1512 VerificationType::long_type(), CHECK_VERIFY(this));
1513 verify_return_value(return_type, type, bci,
1514 ¤t_frame, CHECK_VERIFY(this));
1515 no_control_flow = true; break;
1516 case Bytecodes::_freturn :
1517 type = current_frame.pop_stack(
1518 VerificationType::float_type(), CHECK_VERIFY(this));
1519 verify_return_value(return_type, type, bci,
1520 ¤t_frame, CHECK_VERIFY(this));
1521 no_control_flow = true; break;
1522 case Bytecodes::_dreturn :
1523 type2 = current_frame.pop_stack(
1524 VerificationType::double2_type(), CHECK_VERIFY(this));
1525 type = current_frame.pop_stack(
1526 VerificationType::double_type(), CHECK_VERIFY(this));
1527 verify_return_value(return_type, type, bci,
1528 ¤t_frame, CHECK_VERIFY(this));
1529 no_control_flow = true; break;
1530 case Bytecodes::_areturn :
1531 type = current_frame.pop_stack(
1532 VerificationType::reference_check(), CHECK_VERIFY(this));
1533 verify_return_value(return_type, type, bci,
1534 ¤t_frame, CHECK_VERIFY(this));
1535 no_control_flow = true; break;
1536 case Bytecodes::_return :
1537 if (return_type != VerificationType::bogus_type()) {
1538 verify_error(ErrorContext::bad_code(bci),
1539 "Method expects a return value");
1540 return;
1541 }
1542 // Make sure "this" has been initialized if current method is an
1543 // <init>
1544 if (_method->name() == vmSymbols::object_initializer_name() &&
1545 current_frame.flag_this_uninit()) {
1546 verify_error(ErrorContext::bad_code(bci),
1547 "Constructor must call super() or this() "
1548 "before return");
1549 return;
1550 }
1551 no_control_flow = true; break;
1552 case Bytecodes::_getstatic :
1553 case Bytecodes::_putstatic :
1554 case Bytecodes::_getfield :
1555 case Bytecodes::_putfield :
1556 verify_field_instructions(
1557 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1558 no_control_flow = false; break;
1559 case Bytecodes::_invokevirtual :
1560 case Bytecodes::_invokespecial :
1561 case Bytecodes::_invokestatic :
1562 verify_invoke_instructions(
1563 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1564 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1565 no_control_flow = false; break;
1566 case Bytecodes::_invokeinterface :
1567 case Bytecodes::_invokedynamic :
1568 verify_invoke_instructions(
1569 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1570 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_new :
1573 {
1574 index = bcs.get_index_u2();
1575 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1576 VerificationType new_class_type =
1577 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1578 if (!new_class_type.is_object()) {
1579 verify_error(ErrorContext::bad_type(bci,
1580 TypeOrigin::cp(index, new_class_type)),
1581 "Illegal new instruction");
1582 return;
1583 }
1584 type = VerificationType::uninitialized_type(bci);
1585 current_frame.push_stack(type, CHECK_VERIFY(this));
1586 no_control_flow = false; break;
1587 }
1588 case Bytecodes::_newarray :
1589 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1590 current_frame.pop_stack(
1591 VerificationType::integer_type(), CHECK_VERIFY(this));
1592 current_frame.push_stack(type, CHECK_VERIFY(this));
1593 no_control_flow = false; break;
1594 case Bytecodes::_anewarray :
1595 verify_anewarray(
1596 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1597 no_control_flow = false; break;
1598 case Bytecodes::_arraylength :
1599 type = current_frame.pop_stack(
1600 VerificationType::reference_check(), CHECK_VERIFY(this));
1601 if (!(type.is_null() || type.is_array())) {
1602 verify_error(ErrorContext::bad_type(
1603 bci, current_frame.stack_top_ctx()),
1604 bad_type_msg, "arraylength");
1605 }
1606 current_frame.push_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 no_control_flow = false; break;
1609 case Bytecodes::_checkcast :
1610 {
1611 index = bcs.get_index_u2();
1612 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1613 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1614 VerificationType klass_type = cp_index_to_type(
1615 index, cp, CHECK_VERIFY(this));
1616 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1617 no_control_flow = false; break;
1618 }
1619 case Bytecodes::_instanceof : {
1620 index = bcs.get_index_u2();
1621 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1622 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1623 current_frame.push_stack(
1624 VerificationType::integer_type(), CHECK_VERIFY(this));
1625 no_control_flow = false; break;
1626 }
1627 case Bytecodes::_monitorenter :
1628 case Bytecodes::_monitorexit :
1629 current_frame.pop_stack(
1630 VerificationType::reference_check(), CHECK_VERIFY(this));
1631 no_control_flow = false; break;
1632 case Bytecodes::_multianewarray :
1633 {
1634 index = bcs.get_index_u2();
1635 u2 dim = *(bcs.bcp()+3);
1636 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1637 VerificationType new_array_type =
1638 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1639 if (!new_array_type.is_array()) {
1640 verify_error(ErrorContext::bad_type(bci,
1641 TypeOrigin::cp(index, new_array_type)),
1642 "Illegal constant pool index in multianewarray instruction");
1643 return;
1644 }
1645 if (dim < 1 || new_array_type.dimensions() < dim) {
1646 verify_error(ErrorContext::bad_code(bci),
1647 "Illegal dimension in multianewarray instruction: %d", dim);
1648 return;
1649 }
1650 for (int i = 0; i < dim; i++) {
1651 current_frame.pop_stack(
1652 VerificationType::integer_type(), CHECK_VERIFY(this));
1653 }
1654 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1655 no_control_flow = false; break;
1656 }
1657 case Bytecodes::_athrow :
1658 type = VerificationType::reference_type(
1659 vmSymbols::java_lang_Throwable());
1660 current_frame.pop_stack(type, CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 default:
1663 // We only need to check the valid bytecodes in class file.
1664 // And jsr and ret are not in the new class file format in JDK1.5.
1665 verify_error(ErrorContext::bad_code(bci),
1666 "Bad instruction: %02x", opcode);
1667 no_control_flow = false;
1668 return;
1669 } // end switch
1670 } // end Merge with the next instruction
1671
1672 // Look for possible jump target in exception handlers and see if it
1673 // matches current_frame
1674 if (bci >= ex_min && bci < ex_max) {
1675 verify_exception_handler_targets(
1676 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1677 }
1678 } // end while
1679
1680 // Make sure that control flow does not fall through end of the method
1681 if (!no_control_flow) {
1682 verify_error(ErrorContext::bad_code(code_length),
1683 "Control flow falls through code end");
1684 return;
1685 }
1686 }
1687
1688 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1689 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1690 memset(code_data, 0, sizeof(char) * code_length);
1691 RawBytecodeStream bcs(m);
1692
1693 while (!bcs.is_last_bytecode()) {
1694 if (bcs.raw_next() != Bytecodes::_illegal) {
1695 int bci = bcs.bci();
1696 if (bcs.raw_code() == Bytecodes::_new) {
1697 code_data[bci] = NEW_OFFSET;
1698 } else {
1699 code_data[bci] = BYTECODE_OFFSET;
1700 }
1701 } else {
1702 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1703 return NULL;
1704 }
1705 }
1706
1707 return code_data;
1708 }
1709
1710 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1711 ExceptionTable exhandlers(_method());
1712 int exlength = exhandlers.length();
1713 constantPoolHandle cp (THREAD, _method->constants());
1714
1715 for(int i = 0; i < exlength; i++) {
1716 //reacquire the table in case a GC happened
1717 ExceptionTable exhandlers(_method());
1718 u2 start_pc = exhandlers.start_pc(i);
1719 u2 end_pc = exhandlers.end_pc(i);
1720 u2 handler_pc = exhandlers.handler_pc(i);
1721 if (start_pc >= code_length || code_data[start_pc] == 0) {
1722 class_format_error("Illegal exception table start_pc %d", start_pc);
1723 return;
1724 }
1725 if (end_pc != code_length) { // special case: end_pc == code_length
1726 if (end_pc > code_length || code_data[end_pc] == 0) {
1727 class_format_error("Illegal exception table end_pc %d", end_pc);
1728 return;
1729 }
1730 }
1731 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1732 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1733 return;
1734 }
1735 int catch_type_index = exhandlers.catch_type_index(i);
1736 if (catch_type_index != 0) {
1737 VerificationType catch_type = cp_index_to_type(
1738 catch_type_index, cp, CHECK_VERIFY(this));
1739 VerificationType throwable =
1740 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1741 bool is_subclass = throwable.is_assignable_from(
1742 catch_type, this, CHECK_VERIFY(this));
1743 if (!is_subclass) {
1744 // 4286534: should throw VerifyError according to recent spec change
1745 verify_error(ErrorContext::bad_type(handler_pc,
1746 TypeOrigin::cp(catch_type_index, catch_type),
1747 TypeOrigin::implicit(throwable)),
1748 "Catch type is not a subclass "
1749 "of Throwable in exception handler %d", handler_pc);
1750 return;
1751 }
1752 }
1753 if (start_pc < min) min = start_pc;
1754 if (end_pc > max) max = end_pc;
1755 }
1756 }
1757
1758 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1759 int localvariable_table_length = _method()->localvariable_table_length();
1760 if (localvariable_table_length > 0) {
1761 LocalVariableTableElement* table = _method()->localvariable_table_start();
1762 for (int i = 0; i < localvariable_table_length; i++) {
1763 u2 start_bci = table[i].start_bci;
1764 u2 length = table[i].length;
1765
1766 if (start_bci >= code_length || code_data[start_bci] == 0) {
1767 class_format_error(
1768 "Illegal local variable table start_pc %d", start_bci);
1769 return;
1770 }
1771 u4 end_bci = (u4)(start_bci + length);
1772 if (end_bci != code_length) {
1773 if (end_bci >= code_length || code_data[end_bci] == 0) {
1774 class_format_error( "Illegal local variable table length %d", length);
1775 return;
1776 }
1777 }
1778 }
1779 }
1780 }
1781
1782 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1783 StackMapFrame* current_frame,
1784 StackMapTable* stackmap_table,
1785 bool no_control_flow, TRAPS) {
1786 if (stackmap_index < stackmap_table->get_frame_count()) {
1787 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1788 if (no_control_flow && this_offset > bci) {
1789 verify_error(ErrorContext::missing_stackmap(bci),
1790 "Expecting a stack map frame");
1791 return 0;
1792 }
1793 if (this_offset == bci) {
1794 ErrorContext ctx;
1795 // See if current stack map can be assigned to the frame in table.
1796 // current_frame is the stackmap frame got from the last instruction.
1797 // If matched, current_frame will be updated by this method.
1798 bool matches = stackmap_table->match_stackmap(
1799 current_frame, this_offset, stackmap_index,
1800 !no_control_flow, true, false, &ctx, CHECK_VERIFY_(this, 0));
1801 if (!matches) {
1802 // report type error
1803 verify_error(ctx, "Instruction type does not match stack map");
1804 return 0;
1805 }
1806 stackmap_index++;
1807 } else if (this_offset < bci) {
1808 // current_offset should have met this_offset.
1809 class_format_error("Bad stack map offset %d", this_offset);
1810 return 0;
1811 }
1812 } else if (no_control_flow) {
1813 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1814 return 0;
1815 }
1816 return stackmap_index;
1817 }
1818
1819 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1820 StackMapTable* stackmap_table, TRAPS) {
1821 constantPoolHandle cp (THREAD, _method->constants());
1822 ExceptionTable exhandlers(_method());
1823 int exlength = exhandlers.length();
1824 for(int i = 0; i < exlength; i++) {
1825 //reacquire the table in case a GC happened
1826 ExceptionTable exhandlers(_method());
1827 u2 start_pc = exhandlers.start_pc(i);
1828 u2 end_pc = exhandlers.end_pc(i);
1829 u2 handler_pc = exhandlers.handler_pc(i);
1830 int catch_type_index = exhandlers.catch_type_index(i);
1831 if(bci >= start_pc && bci < end_pc) {
1832 u1 flags = current_frame->flags();
1833 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1834 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1835 if (catch_type_index != 0) {
1836 // We know that this index refers to a subclass of Throwable
1837 VerificationType catch_type = cp_index_to_type(
1838 catch_type_index, cp, CHECK_VERIFY(this));
1839 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1840 } else {
1841 VerificationType throwable =
1842 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1843 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1844 }
1845 ErrorContext ctx;
1846 bool matches = stackmap_table->match_stackmap(
1847 new_frame, handler_pc, true, false, true, &ctx, CHECK_VERIFY(this));
1848 if (!matches) {
1849 verify_error(ctx, "Stack map does not match the one at "
1850 "exception handler %d", handler_pc);
1851 return;
1852 }
1853 }
1854 }
1855 }
1856
1857 void ClassVerifier::verify_cp_index(
1858 u2 bci, constantPoolHandle cp, int index, TRAPS) {
1859 int nconstants = cp->length();
1860 if ((index <= 0) || (index >= nconstants)) {
1861 verify_error(ErrorContext::bad_cp_index(bci, index),
1862 "Illegal constant pool index %d in class %s",
1863 index, instanceKlass::cast(cp->pool_holder())->external_name());
1864 return;
1865 }
1866 }
1867
1868 void ClassVerifier::verify_cp_type(
1869 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1870
1871 // In some situations, bytecode rewriting may occur while we're verifying.
1872 // In this case, a constant pool cache exists and some indices refer to that
1873 // instead. Be sure we don't pick up such indices by accident.
1874 // We must check was_recursively_verified() before we get here.
1875 guarantee(cp->cache() == NULL, "not rewritten yet");
1876
1877 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1878 unsigned int tag = cp->tag_at(index).value();
1879 if ((types & (1 << tag)) == 0) {
1880 verify_error(ErrorContext::bad_cp_index(bci, index),
1881 "Illegal type at constant pool entry %d in class %s",
1882 index, instanceKlass::cast(cp->pool_holder())->external_name());
1883 return;
1884 }
1885 }
1886
1887 void ClassVerifier::verify_cp_class_type(
1888 u2 bci, int index, constantPoolHandle cp, TRAPS) {
1889 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1890 constantTag tag = cp->tag_at(index);
1891 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1892 verify_error(ErrorContext::bad_cp_index(bci, index),
1893 "Illegal type at constant pool entry %d in class %s",
1894 index, instanceKlass::cast(cp->pool_holder())->external_name());
1895 return;
1896 }
1897 }
1898
1899 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1900 stringStream ss;
1901
1902 ctx.reset_frames();
1903 _exception_type = vmSymbols::java_lang_VerifyError();
1904 _error_context = ctx;
1905 va_list va;
1906 va_start(va, msg);
1907 ss.vprint(msg, va);
1908 va_end(va);
1909 _message = ss.as_string();
1910 #ifdef ASSERT
1911 ResourceMark rm;
1912 const char* exception_name = _exception_type->as_C_string();
1913 Exceptions::debug_check_abort(exception_name, NULL);
1914 #endif // ndef ASSERT
1915 }
1916
1917 void ClassVerifier::class_format_error(const char* msg, ...) {
1918 stringStream ss;
1919 _exception_type = vmSymbols::java_lang_ClassFormatError();
1920 va_list va;
1921 va_start(va, msg);
1922 ss.vprint(msg, va);
1923 va_end(va);
1924 if (!_method.is_null()) {
1925 ss.print(" in method %s", _method->name_and_sig_as_C_string());
1926 }
1927 _message = ss.as_string();
1928 }
1929
1930 klassOop ClassVerifier::load_class(Symbol* name, TRAPS) {
1931 // Get current loader and protection domain first.
1932 oop loader = current_class()->class_loader();
1933 oop protection_domain = current_class()->protection_domain();
1934
1935 return SystemDictionary::resolve_or_fail(
1936 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1937 true, CHECK_NULL);
1938 }
1939
1940 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1941 klassOop target_class,
1942 Symbol* field_name,
1943 Symbol* field_sig,
1944 bool is_method) {
1945 No_Safepoint_Verifier nosafepoint;
1946
1947 // If target class isn't a super class of this class, we don't worry about this case
1948 if (!this_class->is_subclass_of(target_class)) {
1949 return false;
1950 }
1951 // Check if the specified method or field is protected
1952 instanceKlass* target_instance = instanceKlass::cast(target_class);
1953 fieldDescriptor fd;
1954 if (is_method) {
1955 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1956 if (m != NULL && m->is_protected()) {
1957 if (!this_class->is_same_class_package(m->method_holder())) {
1958 return true;
1959 }
1960 }
1961 } else {
1962 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1963 if (member_klass != NULL && fd.is_protected()) {
1964 if (!this_class->is_same_class_package(member_klass)) {
1965 return true;
1966 }
1967 }
1968 }
1969 return false;
1970 }
1971
1972 void ClassVerifier::verify_ldc(
1973 int opcode, u2 index, StackMapFrame* current_frame,
1974 constantPoolHandle cp, u2 bci, TRAPS) {
1975 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1976 constantTag tag = cp->tag_at(index);
1977 unsigned int types;
1978 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1979 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1980 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1981 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1982 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1983 // Note: The class file parser already verified the legality of
1984 // MethodHandle and MethodType constants.
1985 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
1986 }
1987 } else {
1988 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1989 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1990 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
1991 }
1992 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1993 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
1994 } else if (tag.is_string() || tag.is_unresolved_string()) {
1995 current_frame->push_stack(
1996 VerificationType::reference_type(
1997 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1998 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1999 current_frame->push_stack(
2000 VerificationType::reference_type(
2001 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2002 } else if (tag.is_int()) {
2003 current_frame->push_stack(
2004 VerificationType::integer_type(), CHECK_VERIFY(this));
2005 } else if (tag.is_float()) {
2006 current_frame->push_stack(
2007 VerificationType::float_type(), CHECK_VERIFY(this));
2008 } else if (tag.is_double()) {
2009 current_frame->push_stack_2(
2010 VerificationType::double_type(),
2011 VerificationType::double2_type(), CHECK_VERIFY(this));
2012 } else if (tag.is_long()) {
2013 current_frame->push_stack_2(
2014 VerificationType::long_type(),
2015 VerificationType::long2_type(), CHECK_VERIFY(this));
2016 } else if (tag.is_method_handle()) {
2017 current_frame->push_stack(
2018 VerificationType::reference_type(
2019 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2020 } else if (tag.is_method_type()) {
2021 current_frame->push_stack(
2022 VerificationType::reference_type(
2023 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2024 } else {
2025 /* Unreachable? verify_cp_type has already validated the cp type. */
2026 verify_error(
2027 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2028 return;
2029 }
2030 }
2031
2032 void ClassVerifier::verify_switch(
2033 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2034 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2035 int bci = bcs->bci();
2036 address bcp = bcs->bcp();
2037 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
2038
2039 // 4639449 & 4647081: padding bytes must be 0
2040 u2 padding_offset = 1;
2041 while ((bcp + padding_offset) < aligned_bcp) {
2042 if(*(bcp + padding_offset) != 0) {
2043 verify_error(ErrorContext::bad_code(bci),
2044 "Nonzero padding byte in lookswitch or tableswitch");
2045 return;
2046 }
2047 padding_offset++;
2048 }
2049 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2050 int keys, delta;
2051 current_frame->pop_stack(
2052 VerificationType::integer_type(), CHECK_VERIFY(this));
2053 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2054 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2055 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2056 if (low > high) {
2057 verify_error(ErrorContext::bad_code(bci),
2058 "low must be less than or equal to high in tableswitch");
2059 return;
2060 }
2061 keys = high - low + 1;
2062 if (keys < 0) {
2063 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2064 return;
2065 }
2066 delta = 1;
2067 } else {
2068 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2069 if (keys < 0) {
2070 verify_error(ErrorContext::bad_code(bci),
2071 "number of keys in lookupswitch less than 0");
2072 return;
2073 }
2074 delta = 2;
2075 // Make sure that the lookupswitch items are sorted
2076 for (int i = 0; i < (keys - 1); i++) {
2077 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2078 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2079 if (this_key >= next_key) {
2080 verify_error(ErrorContext::bad_code(bci),
2081 "Bad lookupswitch instruction");
2082 return;
2083 }
2084 }
2085 }
2086 int target = bci + default_offset;
2087 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2088 for (int i = 0; i < keys; i++) {
2089 // Because check_jump_target() may safepoint, the bytecode could have
2090 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2091 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2092 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2093 stackmap_table->check_jump_target(
2094 current_frame, target, CHECK_VERIFY(this));
2095 }
2096 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2097 }
2098
2099 bool ClassVerifier::name_in_supers(
2100 Symbol* ref_name, instanceKlassHandle current) {
2101 klassOop super = current->super();
2102 while (super != NULL) {
2103 if (super->klass_part()->name() == ref_name) {
2104 return true;
2105 }
2106 super = super->klass_part()->super();
2107 }
2108 return false;
2109 }
2110
2111 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2112 StackMapFrame* current_frame,
2113 constantPoolHandle cp,
2114 TRAPS) {
2115 u2 index = bcs->get_index_u2();
2116 verify_cp_type(bcs->bci(), index, cp,
2117 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2118
2119 // Get field name and signature
2120 Symbol* field_name = cp->name_ref_at(index);
2121 Symbol* field_sig = cp->signature_ref_at(index);
2122
2123 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2124 class_format_error(
2125 "Invalid signature for field in class %s referenced "
2126 "from constant pool index %d", _klass->external_name(), index);
2127 return;
2128 }
2129
2130 // Get referenced class type
2131 VerificationType ref_class_type = cp_ref_index_to_type(
2132 index, cp, CHECK_VERIFY(this));
2133 if (!ref_class_type.is_object()) {
2134 /* Unreachable? Class file parser verifies Fieldref contents */
2135 verify_error(ErrorContext::bad_type(bcs->bci(),
2136 TypeOrigin::cp(index, ref_class_type)),
2137 "Expecting reference to class in class %s at constant pool index %d",
2138 _klass->external_name(), index);
2139 return;
2140 }
2141 VerificationType target_class_type = ref_class_type;
2142
2143 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2144 "buffer type must match VerificationType size");
2145 uintptr_t field_type_buffer[2];
2146 VerificationType* field_type = (VerificationType*)field_type_buffer;
2147 // If we make a VerificationType[2] array directly, the compiler calls
2148 // to the c-runtime library to do the allocation instead of just
2149 // stack allocating it. Plus it would run constructors. This shows up
2150 // in performance profiles.
2151
2152 SignatureStream sig_stream(field_sig, false);
2153 VerificationType stack_object_type;
2154 int n = change_sig_to_verificationType(
2155 &sig_stream, field_type, CHECK_VERIFY(this));
2156 u2 bci = bcs->bci();
2176 }
2177 goto check_protected;
2178 }
2179 case Bytecodes::_putfield: {
2180 for (int i = n - 1; i >= 0; i--) {
2181 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2182 }
2183 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2184
2185 // The JVMS 2nd edition allows field initialization before the superclass
2186 // initializer, if the field is defined within the current class.
2187 fieldDescriptor fd;
2188 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2189 target_class_type.equals(current_type()) &&
2190 _klass->find_local_field(field_name, field_sig, &fd)) {
2191 stack_object_type = current_type();
2192 }
2193 is_assignable = target_class_type.is_assignable_from(
2194 stack_object_type, this, CHECK_VERIFY(this));
2195 if (!is_assignable) {
2196 verify_error(ErrorContext::bad_type(bci,
2197 current_frame->stack_top_ctx(),
2198 TypeOrigin::cp(index, target_class_type)),
2199 "Bad type on operand stack in putfield");
2200 return;
2201 }
2202 }
2203 check_protected: {
2204 if (_this_type == stack_object_type)
2205 break; // stack_object_type must be assignable to _current_class_type
2206 Symbol* ref_class_name =
2207 cp->klass_name_at(cp->klass_ref_index_at(index));
2208 if (!name_in_supers(ref_class_name, current_class()))
2209 // stack_object_type must be assignable to _current_class_type since:
2210 // 1. stack_object_type must be assignable to ref_class.
2211 // 2. ref_class must be _current_class or a subclass of it. It can't
2212 // be a superclass of it. See revised JVMS 5.4.4.
2213 break;
2214
2215 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
2216 if (is_protected_access(current_class(), ref_class_oop, field_name,
2217 field_sig, false)) {
2218 // It's protected access, check if stack object is assignable to
2219 // current class.
2220 is_assignable = current_type().is_assignable_from(
2221 stack_object_type, this, CHECK_VERIFY(this));
2222 if (!is_assignable) {
2223 verify_error(ErrorContext::bad_type(bci,
2224 current_frame->stack_top_ctx(),
2225 TypeOrigin::implicit(current_type())),
2226 "Bad access to protected data in getfield");
2227 return;
2228 }
2229 }
2230 break;
2231 }
2232 default: ShouldNotReachHere();
2233 }
2234 }
2235
2236 // Look at the method's handlers. If the bci is in the handler's try block
2237 // then check if the handler_pc is already on the stack. If not, push it.
2238 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2239 GrowableArray<u4>* handler_stack,
2240 u4 bci) {
2241 int exlength = exhandlers->length();
2242 for(int x = 0; x < exlength; x++) {
2243 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2244 handler_stack->append_if_missing(exhandlers->handler_pc(x));
2245 }
2246 }
2247 }
2248
2249 // Return TRUE if all code paths starting with start_bc_offset end in
2250 // bytecode athrow or loop.
2251 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2252 ResourceMark rm;
2253 // Create bytecode stream.
2254 RawBytecodeStream bcs(method());
2255 u4 code_length = method()->code_size();
2256 bcs.set_start(start_bc_offset);
2257 u4 target;
2258 // Create stack for storing bytecode start offsets for if* and *switch.
2259 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2260 // Create stack for handlers for try blocks containing this handler.
2261 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2262 // Create list of visited branch opcodes (goto* and if*).
2263 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2264 ExceptionTable exhandlers(_method());
2265
2266 while (true) {
2267 if (bcs.is_last_bytecode()) {
2268 // if no more starting offsets to parse or if at the end of the
2269 // method then return false.
2270 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2271 return false;
2272 // Pop a bytecode starting offset and scan from there.
2273 bcs.set_start(bci_stack->pop());
2274 }
2275 Bytecodes::Code opcode = bcs.raw_next();
2276 u4 bci = bcs.bci();
2277
2278 // If the bytecode is in a TRY block, push its handlers so they
2279 // will get parsed.
2280 push_handlers(&exhandlers, handler_stack, bci);
2281
2282 switch (opcode) {
2283 case Bytecodes::_if_icmpeq:
2284 case Bytecodes::_if_icmpne:
2285 case Bytecodes::_if_icmplt:
2286 case Bytecodes::_if_icmpge:
2287 case Bytecodes::_if_icmpgt:
2288 case Bytecodes::_if_icmple:
2289 case Bytecodes::_ifeq:
2290 case Bytecodes::_ifne:
2291 case Bytecodes::_iflt:
2292 case Bytecodes::_ifge:
2293 case Bytecodes::_ifgt:
2294 case Bytecodes::_ifle:
2295 case Bytecodes::_if_acmpeq:
2296 case Bytecodes::_if_acmpne:
2297 case Bytecodes::_ifnull:
2298 case Bytecodes::_ifnonnull:
2299 target = bcs.dest();
2300 if (visited_branches->contains(bci)) {
2408 } else {
2409 // Parse the catch handlers for try blocks containing athrow.
2410 bcs.set_start(handler_stack->pop());
2411 }
2412 } else {
2413 // Pop a bytecode offset and starting scanning from there.
2414 bcs.set_start(bci_stack->pop());
2415 }
2416 }
2417 break;
2418
2419 default:
2420 ;
2421 } // end switch
2422 } // end while loop
2423
2424 return false;
2425 }
2426
2427 void ClassVerifier::verify_invoke_init(
2428 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2429 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2430 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2431 TRAPS) {
2432 u2 bci = bcs->bci();
2433 VerificationType type = current_frame->pop_stack(
2434 VerificationType::reference_check(), CHECK_VERIFY(this));
2435 if (type == VerificationType::uninitialized_this_type()) {
2436 // The method must be an <init> method of this class or its superclass
2437 klassOop superk = current_class()->super();
2438 if (ref_class_type.name() != current_class()->name() &&
2439 ref_class_type.name() != superk->klass_part()->name()) {
2440 verify_error(ErrorContext::bad_type(bci,
2441 TypeOrigin::implicit(ref_class_type),
2442 TypeOrigin::implicit(current_type())),
2443 "Bad <init> method call");
2444 return;
2445 }
2446
2447 // If this invokespecial call is done from inside of a TRY block then make
2448 // sure that all catch clause paths end in a throw. Otherwise, this can
2449 // result in returning an incomplete object.
2450 if (in_try_block) {
2451 ExceptionTable exhandlers(_method());
2452 int exlength = exhandlers.length();
2453 for(int i = 0; i < exlength; i++) {
2454 // Reacquire the table in case a GC happened
2455 ExceptionTable exhandlers(_method());
2456 u2 start_pc = exhandlers.start_pc(i);
2457 u2 end_pc = exhandlers.end_pc(i);
2458
2459 if (bci >= start_pc && bci < end_pc) {
2460 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2461 verify_error(ErrorContext::bad_code(bci),
2462 "Bad <init> method call from after the start of a try block");
2463 return;
2464 } else if (VerboseVerification) {
2465 ResourceMark rm;
2466 tty->print_cr(
2467 "Survived call to ends_in_athrow(): %s",
2468 current_class()->name()->as_C_string());
2469 }
2470 }
2471 }
2472
2473 // Check the exception handler target stackmaps with the locals from the
2474 // incoming stackmap (before initialize_object() changes them to outgoing
2475 // state).
2476 verify_exception_handler_targets(bci, true, current_frame,
2477 stackmap_table, CHECK_VERIFY(this));
2478 } // in_try_block
2479
2480 current_frame->initialize_object(type, current_type());
2481 *this_uninit = true;
2482 } else if (type.is_uninitialized()) {
2483 u2 new_offset = type.bci();
2484 address new_bcp = bcs->bcp() - bci + new_offset;
2485 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2486 /* Unreachable? Stack map parsing ensures valid type and new
2487 * instructions have a valid BCI. */
2488 verify_error(ErrorContext::bad_code(new_offset),
2489 "Expecting new instruction");
2490 return;
2491 }
2492 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2493 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2494
2495 // The method must be an <init> method of the indicated class
2496 VerificationType new_class_type = cp_index_to_type(
2497 new_class_index, cp, CHECK_VERIFY(this));
2498 if (!new_class_type.equals(ref_class_type)) {
2499 verify_error(ErrorContext::bad_type(bci,
2500 TypeOrigin::cp(new_class_index, new_class_type),
2501 TypeOrigin::cp(ref_class_index, ref_class_type)),
2502 "Call to wrong <init> method");
2503 return;
2504 }
2505 // According to the VM spec, if the referent class is a superclass of the
2506 // current class, and is in a different runtime package, and the method is
2507 // protected, then the objectref must be the current class or a subclass
2508 // of the current class.
2509 VerificationType objectref_type = new_class_type;
2510 if (name_in_supers(ref_class_type.name(), current_class())) {
2511 klassOop ref_klass = load_class(
2512 ref_class_type.name(), CHECK_VERIFY(this));
2513 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
2514 vmSymbols::object_initializer_name(),
2515 cp->signature_ref_at(bcs->get_index_u2()));
2516 if (m == NULL) {
2517 verify_error(ErrorContext::bad_code(bci),
2518 "Call to missing <init> method");
2519 return;
2520 }
2521 instanceKlassHandle mh(THREAD, m->method_holder());
2522 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
2523 bool assignable = current_type().is_assignable_from(
2524 objectref_type, this, CHECK_VERIFY(this));
2525 if (!assignable) {
2526 verify_error(ErrorContext::bad_type(bci,
2527 TypeOrigin::cp(new_class_index, objectref_type),
2528 TypeOrigin::implicit(current_type())),
2529 "Bad access to protected <init> method");
2530 return;
2531 }
2532 }
2533 }
2534 // Check the exception handler target stackmaps with the locals from the
2535 // incoming stackmap (before initialize_object() changes them to outgoing
2536 // state).
2537 if (in_try_block) {
2538 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2539 stackmap_table, CHECK_VERIFY(this));
2540 }
2541 current_frame->initialize_object(type, new_class_type);
2542 } else {
2543 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2544 "Bad operand type when invoking <init>");
2545 return;
2546 }
2547 }
2548
2549 void ClassVerifier::verify_invoke_instructions(
2550 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2551 bool in_try_block, bool *this_uninit, VerificationType return_type,
2552 constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) {
2553 // Make sure the constant pool item is the right type
2554 u2 index = bcs->get_index_u2();
2555 Bytecodes::Code opcode = bcs->raw_code();
2556 unsigned int types = (opcode == Bytecodes::_invokeinterface
2557 ? 1 << JVM_CONSTANT_InterfaceMethodref
2558 : opcode == Bytecodes::_invokedynamic
2559 ? 1 << JVM_CONSTANT_InvokeDynamic
2560 : 1 << JVM_CONSTANT_Methodref);
2561 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2562
2563 // Get method name and signature
2564 Symbol* method_name = cp->name_ref_at(index);
2565 Symbol* method_sig = cp->signature_ref_at(index);
2566
2567 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2568 class_format_error(
2569 "Invalid method signature in class %s referenced "
2570 "from constant pool index %d", _klass->external_name(), index);
2571 return;
2572 }
2573
2574 // Get referenced class type
2575 VerificationType ref_class_type;
2576 if (opcode == Bytecodes::_invokedynamic) {
2577 if (!EnableInvokeDynamic ||
2578 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2579 class_format_error(
2580 (!EnableInvokeDynamic ?
2581 "invokedynamic instructions not enabled in this JVM" :
2618 }
2619 int nargs = sig_i;
2620
2621 #ifdef ASSERT
2622 {
2623 ArgumentSizeComputer size_it(method_sig);
2624 assert(nargs == size_it.size(), "Argument sizes do not match");
2625 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2626 }
2627 #endif
2628
2629 // Check instruction operands
2630 u2 bci = bcs->bci();
2631 if (opcode == Bytecodes::_invokeinterface) {
2632 address bcp = bcs->bcp();
2633 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2634 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2635 // the difference between the size of the operand stack before and after the instruction
2636 // executes.
2637 if (*(bcp+3) != (nargs+1)) {
2638 verify_error(ErrorContext::bad_code(bci),
2639 "Inconsistent args count operand in invokeinterface");
2640 return;
2641 }
2642 if (*(bcp+4) != 0) {
2643 verify_error(ErrorContext::bad_code(bci),
2644 "Fourth operand byte of invokeinterface must be zero");
2645 return;
2646 }
2647 }
2648
2649 if (opcode == Bytecodes::_invokedynamic) {
2650 address bcp = bcs->bcp();
2651 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2652 verify_error(ErrorContext::bad_code(bci),
2653 "Third and fourth operand bytes of invokedynamic must be zero");
2654 return;
2655 }
2656 }
2657
2658 if (method_name->byte_at(0) == '<') {
2659 // Make sure <init> can only be invoked by invokespecial
2660 if (opcode != Bytecodes::_invokespecial ||
2661 method_name != vmSymbols::object_initializer_name()) {
2662 verify_error(ErrorContext::bad_code(bci),
2663 "Illegal call to internal method");
2664 return;
2665 }
2666 } else if (opcode == Bytecodes::_invokespecial
2667 && !ref_class_type.equals(current_type())
2668 && !ref_class_type.equals(VerificationType::reference_type(
2669 current_class()->super()->klass_part()->name()))) {
2670 bool subtype = ref_class_type.is_assignable_from(
2671 current_type(), this, CHECK_VERIFY(this));
2672 if (!subtype) {
2673 verify_error(ErrorContext::bad_code(bci),
2674 "Bad invokespecial instruction: "
2675 "current class isn't assignable to reference class.");
2676 return;
2677 }
2678 }
2679 // Match method descriptor with operand stack
2680 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2681 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2682 }
2683 // Check objectref on operand stack
2684 if (opcode != Bytecodes::_invokestatic &&
2685 opcode != Bytecodes::_invokedynamic) {
2686 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2687 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2688 code_length, in_try_block, this_uninit, cp, stackmap_table,
2689 CHECK_VERIFY(this));
2690 } else { // other methods
2691 // Ensures that target class is assignable to method class.
2692 if (opcode == Bytecodes::_invokespecial) {
2693 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2694 } else if (opcode == Bytecodes::_invokevirtual) {
2695 VerificationType stack_object_type =
2696 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2697 if (current_type() != stack_object_type) {
2698 assert(cp->cache() == NULL, "not rewritten yet");
2699 Symbol* ref_class_name =
2700 cp->klass_name_at(cp->klass_ref_index_at(index));
2701 // See the comments in verify_field_instructions() for
2702 // the rationale behind this.
2703 if (name_in_supers(ref_class_name, current_class())) {
2704 klassOop ref_class = load_class(ref_class_name, CHECK);
2705 if (is_protected_access(
2706 _klass, ref_class, method_name, method_sig, true)) {
2707 // It's protected access, check if stack object is
2708 // assignable to current class.
2709 bool is_assignable = current_type().is_assignable_from(
2710 stack_object_type, this, CHECK_VERIFY(this));
2711 if (!is_assignable) {
2712 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2713 && stack_object_type.is_array()
2714 && method_name == vmSymbols::clone_name()) {
2715 // Special case: arrays pretend to implement public Object
2716 // clone().
2717 } else {
2718 verify_error(ErrorContext::bad_type(bci,
2719 current_frame->stack_top_ctx(),
2720 TypeOrigin::implicit(current_type())),
2721 "Bad access to protected data in invokevirtual");
2722 return;
2723 }
2724 }
2725 }
2726 }
2727 }
2728 } else {
2729 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2730 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2731 }
2732 }
2733 }
2734 // Push the result type.
2735 if (sig_stream.type() != T_VOID) {
2736 if (method_name == vmSymbols::object_initializer_name()) {
2737 // <init> method must have a void return type
2738 /* Unreachable? Class file parser verifies that methods with '<' have
2739 * void return */
2740 verify_error(ErrorContext::bad_code(bci),
2741 "Return type must be void in <init> method");
2742 return;
2743 }
2744 VerificationType return_type[2];
2745 int n = change_sig_to_verificationType(
2746 &sig_stream, return_type, CHECK_VERIFY(this));
2747 for (int i = 0; i < n; i++) {
2748 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2749 }
2750 }
2751 }
2752
2753 VerificationType ClassVerifier::get_newarray_type(
2754 u2 index, u2 bci, TRAPS) {
2755 const char* from_bt[] = {
2756 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2757 };
2758 if (index < T_BOOLEAN || index > T_LONG) {
2759 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2760 return VerificationType::bogus_type();
2761 }
2762
2763 // from_bt[index] contains the array signature which has a length of 2
2764 Symbol* sig = create_temporary_symbol(
2765 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2766 return VerificationType::reference_type(sig);
2767 }
2768
2769 void ClassVerifier::verify_anewarray(
2770 u2 bci, u2 index, constantPoolHandle cp,
2771 StackMapFrame* current_frame, TRAPS) {
2772 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2773 current_frame->pop_stack(
2774 VerificationType::integer_type(), CHECK_VERIFY(this));
2775
2776 VerificationType component_type =
2777 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2778 int length;
2779 char* arr_sig_str;
2780 if (component_type.is_array()) { // it's an array
2781 const char* component_name = component_type.name()->as_utf8();
2782 // add one dimension to component
2783 length = (int)strlen(component_name) + 1;
2784 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2785 arr_sig_str[0] = '[';
2786 strncpy(&arr_sig_str[1], component_name, length - 1);
2787 } else { // it's an object or interface
2788 const char* component_name = component_type.name()->as_utf8();
2789 // add one dimension to component with 'L' prepended and ';' postpended.
2790 length = (int)strlen(component_name) + 3;
2791 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2792 arr_sig_str[0] = '[';
2865 VerificationType::double2_type(),
2866 VerificationType::double_type(), CHECK_VERIFY(this));
2867 current_frame->set_local_2(
2868 index, VerificationType::double_type(),
2869 VerificationType::double2_type(), CHECK_VERIFY(this));
2870 }
2871
2872 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2873 VerificationType type = current_frame->pop_stack(
2874 VerificationType::reference_check(), CHECK_VERIFY(this));
2875 current_frame->set_local(index, type, CHECK_VERIFY(this));
2876 }
2877
2878 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2879 VerificationType type = current_frame->get_local(
2880 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2881 current_frame->set_local(index, type, CHECK_VERIFY(this));
2882 }
2883
2884 void ClassVerifier::verify_return_value(
2885 VerificationType return_type, VerificationType type, u2 bci,
2886 StackMapFrame* current_frame, TRAPS) {
2887 if (return_type == VerificationType::bogus_type()) {
2888 verify_error(ErrorContext::bad_type(bci,
2889 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2890 "Method expects a return value");
2891 return;
2892 }
2893 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
2894 if (!match) {
2895 verify_error(ErrorContext::bad_type(bci,
2896 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2897 "Bad return type");
2898 return;
2899 }
2900 }
2901
2902 // The verifier creates symbols which are substrings of Symbols.
2903 // These are stored in the verifier until the end of verification so that
2904 // they can be reference counted.
2905 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
2906 int end, TRAPS) {
2907 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2908 _symbols->push(sym);
2909 return sym;
2910 }
2911
2912 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2913 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2914 _symbols->push(sym);
2915 return sym;
2916 }
|