119 // verifier. If not, or if verification fails and FailOverToOldVerifier
120 // is set, then call the inference verifier.
121
122 Symbol* exception_name = NULL;
123 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
124 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
125 char* exception_message = message_buffer;
126
127 const char* klassName = klass->external_name();
128 bool can_failover = FailOverToOldVerifier &&
129 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
130
131 if (TraceClassInitialization) {
132 tty->print_cr("Start class verification for: %s", klassName);
133 }
134 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
135 ClassVerifier split_verifier(klass, THREAD);
136 split_verifier.verify_class(THREAD);
137 exception_name = split_verifier.result();
138 if (can_failover && !HAS_PENDING_EXCEPTION &&
139 (exception_name == vmSymbols::java_lang_VerifyError() ||
140 exception_name == vmSymbols::java_lang_ClassFormatError())) {
141 if (TraceClassInitialization || VerboseVerification) {
142 tty->print_cr(
143 "Fail over class verification to old verifier for: %s", klassName);
144 }
145 exception_name = inference_verify(
146 klass, message_buffer, message_buffer_len, THREAD);
147 }
148 if (exception_name != NULL) {
149 exception_message = split_verifier.exception_message();
150 }
151 } else {
152 exception_name = inference_verify(
153 klass, message_buffer, message_buffer_len, THREAD);
154 }
155
156 if (TraceClassInitialization || VerboseVerification) {
157 if (HAS_PENDING_EXCEPTION) {
158 tty->print("Verification for %s has", klassName);
159 tty->print_cr(" exception pending %s ",
160 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
180 // So bail out here by throwing the preallocated VM error.
181 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
182 }
183 kls = kls->super();
184 }
185 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
186 THROW_MSG_(exception_name, exception_message, false);
187 }
188 }
189
190 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
191 Symbol* name = klass->name();
192 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
193
194 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
195
196 return (should_verify_for(klass->class_loader(), should_verify_class) &&
197 // return if the class is a bootstrapping class
198 // or defineClass specified not to verify by default (flags override passed arg)
199 // We need to skip the following four for bootstraping
200 name != vmSymbols::java_lang_Object() &&
201 name != vmSymbols::java_lang_Class() &&
202 name != vmSymbols::java_lang_String() &&
203 name != vmSymbols::java_lang_Throwable() &&
204
205 // Can not verify the bytecodes for shared classes because they have
206 // already been rewritten to contain constant pool cache indices,
207 // which the verifier can't understand.
208 // Shared classes shouldn't have stackmaps either.
209 !klass()->is_shared() &&
210
211 // As of the fix for 4486457 we disable verification for all of the
212 // dynamically-generated bytecodes associated with the 1.4
213 // reflection implementation, not just those associated with
214 // sun/reflect/SerializationConstructorAccessor.
215 // NOTE: this is called too early in the bootstrapping process to be
216 // guarded by Universe::is_gte_jdk14x_version().
217 // Also for lambda generated code, gte jdk8
218 (!is_reflect));
219 }
220
221 Symbol* Verifier::inference_verify(
222 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
223 JavaThread* thread = (JavaThread*)THREAD;
1532 VerificationType::double2_type(), CHECK_VERIFY(this));
1533 type = current_frame.pop_stack(
1534 VerificationType::double_type(), CHECK_VERIFY(this));
1535 verify_return_value(return_type, type, bci,
1536 ¤t_frame, CHECK_VERIFY(this));
1537 no_control_flow = true; break;
1538 case Bytecodes::_areturn :
1539 type = current_frame.pop_stack(
1540 VerificationType::reference_check(), CHECK_VERIFY(this));
1541 verify_return_value(return_type, type, bci,
1542 ¤t_frame, CHECK_VERIFY(this));
1543 no_control_flow = true; break;
1544 case Bytecodes::_return :
1545 if (return_type != VerificationType::bogus_type()) {
1546 verify_error(ErrorContext::bad_code(bci),
1547 "Method expects a return value");
1548 return;
1549 }
1550 // Make sure "this" has been initialized if current method is an
1551 // <init>
1552 if (_method->name() == vmSymbols::object_initializer_name() &&
1553 current_frame.flag_this_uninit()) {
1554 verify_error(ErrorContext::bad_code(bci),
1555 "Constructor must call super() or this() "
1556 "before return");
1557 return;
1558 }
1559 no_control_flow = true; break;
1560 case Bytecodes::_getstatic :
1561 case Bytecodes::_putstatic :
1562 // pass TRUE, operand can be an array type for getstatic/putstatic.
1563 verify_field_instructions(
1564 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1565 no_control_flow = false; break;
1566 case Bytecodes::_getfield :
1567 case Bytecodes::_putfield :
1568 // pass FALSE, operand can't be an array type for getfield/putfield.
1569 verify_field_instructions(
1570 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_invokevirtual :
2101 }
2102 }
2103 }
2104 int target = bci + default_offset;
2105 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2106 for (int i = 0; i < keys; i++) {
2107 // Because check_jump_target() may safepoint, the bytecode could have
2108 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2109 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2110 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2111 stackmap_table->check_jump_target(
2112 current_frame, target, CHECK_VERIFY(this));
2113 }
2114 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2115 }
2116
2117 bool ClassVerifier::name_in_supers(
2118 Symbol* ref_name, instanceKlassHandle current) {
2119 Klass* super = current->super();
2120 while (super != NULL) {
2121 if (super->name() == ref_name) {
2122 return true;
2123 }
2124 super = super->super();
2125 }
2126 return false;
2127 }
2128
2129 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2130 StackMapFrame* current_frame,
2131 constantPoolHandle cp,
2132 bool allow_arrays,
2133 TRAPS) {
2134 u2 index = bcs->get_index_u2();
2135 verify_cp_type(bcs->bci(), index, cp,
2136 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2137
2138 // Get field name and signature
2139 Symbol* field_name = cp->name_ref_at(index);
2140 Symbol* field_sig = cp->signature_ref_at(index);
2141
2431
2432 default:
2433 ;
2434 } // end switch
2435 } // end while loop
2436
2437 return false;
2438 }
2439
2440 void ClassVerifier::verify_invoke_init(
2441 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2442 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2443 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2444 TRAPS) {
2445 u2 bci = bcs->bci();
2446 VerificationType type = current_frame->pop_stack(
2447 VerificationType::reference_check(), CHECK_VERIFY(this));
2448 if (type == VerificationType::uninitialized_this_type()) {
2449 // The method must be an <init> method of this class or its superclass
2450 Klass* superk = current_class()->super();
2451 if (ref_class_type.name() != current_class()->name() &&
2452 ref_class_type.name() != superk->name()) {
2453 verify_error(ErrorContext::bad_type(bci,
2454 TypeOrigin::implicit(ref_class_type),
2455 TypeOrigin::implicit(current_type())),
2456 "Bad <init> method call");
2457 return;
2458 }
2459
2460 // If this invokespecial call is done from inside of a TRY block then make
2461 // sure that all catch clause paths end in a throw. Otherwise, this can
2462 // result in returning an incomplete object.
2463 if (in_try_block) {
2464 ExceptionTable exhandlers(_method());
2465 int exlength = exhandlers.length();
2466 for(int i = 0; i < exlength; i++) {
2467 u2 start_pc = exhandlers.start_pc(i);
2468 u2 end_pc = exhandlers.end_pc(i);
2469
2470 if (bci >= start_pc && bci < end_pc) {
2471 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2472 verify_error(ErrorContext::bad_code(bci),
2677 }
2678 if (*(bcp+4) != 0) {
2679 verify_error(ErrorContext::bad_code(bci),
2680 "Fourth operand byte of invokeinterface must be zero");
2681 return;
2682 }
2683 }
2684
2685 if (opcode == Bytecodes::_invokedynamic) {
2686 address bcp = bcs->bcp();
2687 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2688 verify_error(ErrorContext::bad_code(bci),
2689 "Third and fourth operand bytes of invokedynamic must be zero");
2690 return;
2691 }
2692 }
2693
2694 if (method_name->byte_at(0) == '<') {
2695 // Make sure <init> can only be invoked by invokespecial
2696 if (opcode != Bytecodes::_invokespecial ||
2697 method_name != vmSymbols::object_initializer_name()) {
2698 verify_error(ErrorContext::bad_code(bci),
2699 "Illegal call to internal method");
2700 return;
2701 }
2702 } else if (opcode == Bytecodes::_invokespecial
2703 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2704 && !ref_class_type.equals(VerificationType::reference_type(
2705 current_class()->super()->name()))) {
2706 bool subtype = false;
2707 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2708 if (!current_class()->is_anonymous()) {
2709 subtype = ref_class_type.is_assignable_from(
2710 current_type(), this, false, CHECK_VERIFY(this));
2711 } else {
2712 VerificationType host_klass_type =
2713 VerificationType::reference_type(current_class()->host_klass()->name());
2714 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2715
2716 // If invokespecial of IMR, need to recheck for same or
2717 // direct interface relative to the host class
2723 if (!subtype) {
2724 verify_error(ErrorContext::bad_code(bci),
2725 "Bad invokespecial instruction: "
2726 "current class isn't assignable to reference class.");
2727 return;
2728 } else if (have_imr_indirect) {
2729 verify_error(ErrorContext::bad_code(bci),
2730 "Bad invokespecial instruction: "
2731 "interface method reference is in an indirect superinterface.");
2732 return;
2733 }
2734
2735 }
2736 // Match method descriptor with operand stack
2737 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2738 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2739 }
2740 // Check objectref on operand stack
2741 if (opcode != Bytecodes::_invokestatic &&
2742 opcode != Bytecodes::_invokedynamic) {
2743 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2744 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2745 code_length, in_try_block, this_uninit, cp, stackmap_table,
2746 CHECK_VERIFY(this));
2747 } else { // other methods
2748 // Ensures that target class is assignable to method class.
2749 if (opcode == Bytecodes::_invokespecial) {
2750 if (!current_class()->is_anonymous()) {
2751 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2752 } else {
2753 // anonymous class invokespecial calls: check if the
2754 // objectref is a subtype of the host_klass of the current class
2755 // to allow an anonymous class to reference methods in the host_klass
2756 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2757 VerificationType hosttype =
2758 VerificationType::reference_type(current_class()->host_klass()->name());
2759 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2760 if (!subtype) {
2761 verify_error( ErrorContext::bad_type(current_frame->offset(),
2762 current_frame->stack_top_ctx(),
2763 TypeOrigin::implicit(top)),
2766 }
2767 }
2768 } else if (opcode == Bytecodes::_invokevirtual) {
2769 VerificationType stack_object_type =
2770 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2771 if (current_type() != stack_object_type) {
2772 assert(cp->cache() == NULL, "not rewritten yet");
2773 Symbol* ref_class_name =
2774 cp->klass_name_at(cp->klass_ref_index_at(index));
2775 // See the comments in verify_field_instructions() for
2776 // the rationale behind this.
2777 if (name_in_supers(ref_class_name, current_class())) {
2778 Klass* ref_class = load_class(ref_class_name, CHECK);
2779 if (is_protected_access(
2780 _klass, ref_class, method_name, method_sig, true)) {
2781 // It's protected access, check if stack object is
2782 // assignable to current class.
2783 bool is_assignable = current_type().is_assignable_from(
2784 stack_object_type, this, true, CHECK_VERIFY(this));
2785 if (!is_assignable) {
2786 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2787 && stack_object_type.is_array()
2788 && method_name == vmSymbols::clone_name()) {
2789 // Special case: arrays pretend to implement public Object
2790 // clone().
2791 } else {
2792 verify_error(ErrorContext::bad_type(bci,
2793 current_frame->stack_top_ctx(),
2794 TypeOrigin::implicit(current_type())),
2795 "Bad access to protected data in invokevirtual");
2796 return;
2797 }
2798 }
2799 }
2800 }
2801 }
2802 } else {
2803 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2804 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2805 }
2806 }
2807 }
2808 // Push the result type.
2809 if (sig_stream.type() != T_VOID) {
2810 if (method_name == vmSymbols::object_initializer_name()) {
2811 // <init> method must have a void return type
2812 /* Unreachable? Class file parser verifies that methods with '<' have
2813 * void return */
2814 verify_error(ErrorContext::bad_code(bci),
2815 "Return type must be void in <init> method");
2816 return;
2817 }
2818 VerificationType return_type[2];
2819 int n = change_sig_to_verificationType(
2820 &sig_stream, return_type, CHECK_VERIFY(this));
2821 for (int i = 0; i < n; i++) {
2822 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2823 }
2824 }
2825 }
2826
2827 VerificationType ClassVerifier::get_newarray_type(
2828 u2 index, u2 bci, TRAPS) {
2829 const char* from_bt[] = {
2830 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2959 VerificationType return_type, VerificationType type, u2 bci,
2960 StackMapFrame* current_frame, TRAPS) {
2961 if (return_type == VerificationType::bogus_type()) {
2962 verify_error(ErrorContext::bad_type(bci,
2963 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2964 "Method expects a return value");
2965 return;
2966 }
2967 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2968 if (!match) {
2969 verify_error(ErrorContext::bad_type(bci,
2970 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2971 "Bad return type");
2972 return;
2973 }
2974 }
2975
2976 // The verifier creates symbols which are substrings of Symbols.
2977 // These are stored in the verifier until the end of verification so that
2978 // they can be reference counted.
2979 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
2980 int end, TRAPS) {
2981 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2982 _symbols->push(sym);
2983 return sym;
2984 }
2985
2986 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2987 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2988 _symbols->push(sym);
2989 return sym;
2990 }
|
119 // verifier. If not, or if verification fails and FailOverToOldVerifier
120 // is set, then call the inference verifier.
121
122 Symbol* exception_name = NULL;
123 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
124 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
125 char* exception_message = message_buffer;
126
127 const char* klassName = klass->external_name();
128 bool can_failover = FailOverToOldVerifier &&
129 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
130
131 if (TraceClassInitialization) {
132 tty->print_cr("Start class verification for: %s", klassName);
133 }
134 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
135 ClassVerifier split_verifier(klass, THREAD);
136 split_verifier.verify_class(THREAD);
137 exception_name = split_verifier.result();
138 if (can_failover && !HAS_PENDING_EXCEPTION &&
139 (exception_name->equals(vmSymbols::java_lang_VerifyError()) ||
140 exception_name->equals(vmSymbols::java_lang_ClassFormatError()))) {
141 if (TraceClassInitialization || VerboseVerification) {
142 tty->print_cr(
143 "Fail over class verification to old verifier for: %s", klassName);
144 }
145 exception_name = inference_verify(
146 klass, message_buffer, message_buffer_len, THREAD);
147 }
148 if (exception_name != NULL) {
149 exception_message = split_verifier.exception_message();
150 }
151 } else {
152 exception_name = inference_verify(
153 klass, message_buffer, message_buffer_len, THREAD);
154 }
155
156 if (TraceClassInitialization || VerboseVerification) {
157 if (HAS_PENDING_EXCEPTION) {
158 tty->print("Verification for %s has", klassName);
159 tty->print_cr(" exception pending %s ",
160 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
180 // So bail out here by throwing the preallocated VM error.
181 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
182 }
183 kls = kls->super();
184 }
185 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
186 THROW_MSG_(exception_name, exception_message, false);
187 }
188 }
189
190 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
191 Symbol* name = klass->name();
192 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
193
194 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
195
196 return (should_verify_for(klass->class_loader(), should_verify_class) &&
197 // return if the class is a bootstrapping class
198 // or defineClass specified not to verify by default (flags override passed arg)
199 // We need to skip the following four for bootstraping
200 name->not_equals(vmSymbols::java_lang_Object()) &&
201 name->not_equals(vmSymbols::java_lang_Class()) &&
202 name->not_equals(vmSymbols::java_lang_String()) &&
203 name->not_equals(vmSymbols::java_lang_Throwable()) &&
204
205 // Can not verify the bytecodes for shared classes because they have
206 // already been rewritten to contain constant pool cache indices,
207 // which the verifier can't understand.
208 // Shared classes shouldn't have stackmaps either.
209 !klass()->is_shared() &&
210
211 // As of the fix for 4486457 we disable verification for all of the
212 // dynamically-generated bytecodes associated with the 1.4
213 // reflection implementation, not just those associated with
214 // sun/reflect/SerializationConstructorAccessor.
215 // NOTE: this is called too early in the bootstrapping process to be
216 // guarded by Universe::is_gte_jdk14x_version().
217 // Also for lambda generated code, gte jdk8
218 (!is_reflect));
219 }
220
221 Symbol* Verifier::inference_verify(
222 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
223 JavaThread* thread = (JavaThread*)THREAD;
1532 VerificationType::double2_type(), CHECK_VERIFY(this));
1533 type = current_frame.pop_stack(
1534 VerificationType::double_type(), CHECK_VERIFY(this));
1535 verify_return_value(return_type, type, bci,
1536 ¤t_frame, CHECK_VERIFY(this));
1537 no_control_flow = true; break;
1538 case Bytecodes::_areturn :
1539 type = current_frame.pop_stack(
1540 VerificationType::reference_check(), CHECK_VERIFY(this));
1541 verify_return_value(return_type, type, bci,
1542 ¤t_frame, CHECK_VERIFY(this));
1543 no_control_flow = true; break;
1544 case Bytecodes::_return :
1545 if (return_type != VerificationType::bogus_type()) {
1546 verify_error(ErrorContext::bad_code(bci),
1547 "Method expects a return value");
1548 return;
1549 }
1550 // Make sure "this" has been initialized if current method is an
1551 // <init>
1552 if (_method->name()->equals(vmSymbols::object_initializer_name()) &&
1553 current_frame.flag_this_uninit()) {
1554 verify_error(ErrorContext::bad_code(bci),
1555 "Constructor must call super() or this() "
1556 "before return");
1557 return;
1558 }
1559 no_control_flow = true; break;
1560 case Bytecodes::_getstatic :
1561 case Bytecodes::_putstatic :
1562 // pass TRUE, operand can be an array type for getstatic/putstatic.
1563 verify_field_instructions(
1564 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1565 no_control_flow = false; break;
1566 case Bytecodes::_getfield :
1567 case Bytecodes::_putfield :
1568 // pass FALSE, operand can't be an array type for getfield/putfield.
1569 verify_field_instructions(
1570 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_invokevirtual :
2101 }
2102 }
2103 }
2104 int target = bci + default_offset;
2105 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2106 for (int i = 0; i < keys; i++) {
2107 // Because check_jump_target() may safepoint, the bytecode could have
2108 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2109 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2110 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2111 stackmap_table->check_jump_target(
2112 current_frame, target, CHECK_VERIFY(this));
2113 }
2114 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2115 }
2116
2117 bool ClassVerifier::name_in_supers(
2118 Symbol* ref_name, instanceKlassHandle current) {
2119 Klass* super = current->super();
2120 while (super != NULL) {
2121 if (super->name()->equals(ref_name)) {
2122 return true;
2123 }
2124 super = super->super();
2125 }
2126 return false;
2127 }
2128
2129 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2130 StackMapFrame* current_frame,
2131 constantPoolHandle cp,
2132 bool allow_arrays,
2133 TRAPS) {
2134 u2 index = bcs->get_index_u2();
2135 verify_cp_type(bcs->bci(), index, cp,
2136 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2137
2138 // Get field name and signature
2139 Symbol* field_name = cp->name_ref_at(index);
2140 Symbol* field_sig = cp->signature_ref_at(index);
2141
2431
2432 default:
2433 ;
2434 } // end switch
2435 } // end while loop
2436
2437 return false;
2438 }
2439
2440 void ClassVerifier::verify_invoke_init(
2441 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2442 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2443 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2444 TRAPS) {
2445 u2 bci = bcs->bci();
2446 VerificationType type = current_frame->pop_stack(
2447 VerificationType::reference_check(), CHECK_VERIFY(this));
2448 if (type == VerificationType::uninitialized_this_type()) {
2449 // The method must be an <init> method of this class or its superclass
2450 Klass* superk = current_class()->super();
2451 if (ref_class_type.name()->not_equals(current_class()->name()) &&
2452 ref_class_type.name()->not_equals(superk->name())) {
2453 verify_error(ErrorContext::bad_type(bci,
2454 TypeOrigin::implicit(ref_class_type),
2455 TypeOrigin::implicit(current_type())),
2456 "Bad <init> method call");
2457 return;
2458 }
2459
2460 // If this invokespecial call is done from inside of a TRY block then make
2461 // sure that all catch clause paths end in a throw. Otherwise, this can
2462 // result in returning an incomplete object.
2463 if (in_try_block) {
2464 ExceptionTable exhandlers(_method());
2465 int exlength = exhandlers.length();
2466 for(int i = 0; i < exlength; i++) {
2467 u2 start_pc = exhandlers.start_pc(i);
2468 u2 end_pc = exhandlers.end_pc(i);
2469
2470 if (bci >= start_pc && bci < end_pc) {
2471 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2472 verify_error(ErrorContext::bad_code(bci),
2677 }
2678 if (*(bcp+4) != 0) {
2679 verify_error(ErrorContext::bad_code(bci),
2680 "Fourth operand byte of invokeinterface must be zero");
2681 return;
2682 }
2683 }
2684
2685 if (opcode == Bytecodes::_invokedynamic) {
2686 address bcp = bcs->bcp();
2687 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2688 verify_error(ErrorContext::bad_code(bci),
2689 "Third and fourth operand bytes of invokedynamic must be zero");
2690 return;
2691 }
2692 }
2693
2694 if (method_name->byte_at(0) == '<') {
2695 // Make sure <init> can only be invoked by invokespecial
2696 if (opcode != Bytecodes::_invokespecial ||
2697 method_name->not_equals(vmSymbols::object_initializer_name())) {
2698 verify_error(ErrorContext::bad_code(bci),
2699 "Illegal call to internal method");
2700 return;
2701 }
2702 } else if (opcode == Bytecodes::_invokespecial
2703 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2704 && !ref_class_type.equals(VerificationType::reference_type(
2705 current_class()->super()->name()))) {
2706 bool subtype = false;
2707 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2708 if (!current_class()->is_anonymous()) {
2709 subtype = ref_class_type.is_assignable_from(
2710 current_type(), this, false, CHECK_VERIFY(this));
2711 } else {
2712 VerificationType host_klass_type =
2713 VerificationType::reference_type(current_class()->host_klass()->name());
2714 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2715
2716 // If invokespecial of IMR, need to recheck for same or
2717 // direct interface relative to the host class
2723 if (!subtype) {
2724 verify_error(ErrorContext::bad_code(bci),
2725 "Bad invokespecial instruction: "
2726 "current class isn't assignable to reference class.");
2727 return;
2728 } else if (have_imr_indirect) {
2729 verify_error(ErrorContext::bad_code(bci),
2730 "Bad invokespecial instruction: "
2731 "interface method reference is in an indirect superinterface.");
2732 return;
2733 }
2734
2735 }
2736 // Match method descriptor with operand stack
2737 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2738 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2739 }
2740 // Check objectref on operand stack
2741 if (opcode != Bytecodes::_invokestatic &&
2742 opcode != Bytecodes::_invokedynamic) {
2743 if (method_name->equals(vmSymbols::object_initializer_name())) { // <init> method
2744 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2745 code_length, in_try_block, this_uninit, cp, stackmap_table,
2746 CHECK_VERIFY(this));
2747 } else { // other methods
2748 // Ensures that target class is assignable to method class.
2749 if (opcode == Bytecodes::_invokespecial) {
2750 if (!current_class()->is_anonymous()) {
2751 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2752 } else {
2753 // anonymous class invokespecial calls: check if the
2754 // objectref is a subtype of the host_klass of the current class
2755 // to allow an anonymous class to reference methods in the host_klass
2756 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2757 VerificationType hosttype =
2758 VerificationType::reference_type(current_class()->host_klass()->name());
2759 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2760 if (!subtype) {
2761 verify_error( ErrorContext::bad_type(current_frame->offset(),
2762 current_frame->stack_top_ctx(),
2763 TypeOrigin::implicit(top)),
2766 }
2767 }
2768 } else if (opcode == Bytecodes::_invokevirtual) {
2769 VerificationType stack_object_type =
2770 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2771 if (current_type() != stack_object_type) {
2772 assert(cp->cache() == NULL, "not rewritten yet");
2773 Symbol* ref_class_name =
2774 cp->klass_name_at(cp->klass_ref_index_at(index));
2775 // See the comments in verify_field_instructions() for
2776 // the rationale behind this.
2777 if (name_in_supers(ref_class_name, current_class())) {
2778 Klass* ref_class = load_class(ref_class_name, CHECK);
2779 if (is_protected_access(
2780 _klass, ref_class, method_name, method_sig, true)) {
2781 // It's protected access, check if stack object is
2782 // assignable to current class.
2783 bool is_assignable = current_type().is_assignable_from(
2784 stack_object_type, this, true, CHECK_VERIFY(this));
2785 if (!is_assignable) {
2786 if (ref_class_type.name()->equals(vmSymbols::java_lang_Object())
2787 && stack_object_type.is_array()
2788 && method_name->equals(vmSymbols::clone_name())) {
2789 // Special case: arrays pretend to implement public Object
2790 // clone().
2791 } else {
2792 verify_error(ErrorContext::bad_type(bci,
2793 current_frame->stack_top_ctx(),
2794 TypeOrigin::implicit(current_type())),
2795 "Bad access to protected data in invokevirtual");
2796 return;
2797 }
2798 }
2799 }
2800 }
2801 }
2802 } else {
2803 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2804 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2805 }
2806 }
2807 }
2808 // Push the result type.
2809 if (sig_stream.type() != T_VOID) {
2810 if (method_name->equals(vmSymbols::object_initializer_name())) {
2811 // <init> method must have a void return type
2812 /* Unreachable? Class file parser verifies that methods with '<' have
2813 * void return */
2814 verify_error(ErrorContext::bad_code(bci),
2815 "Return type must be void in <init> method");
2816 return;
2817 }
2818 VerificationType return_type[2];
2819 int n = change_sig_to_verificationType(
2820 &sig_stream, return_type, CHECK_VERIFY(this));
2821 for (int i = 0; i < n; i++) {
2822 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2823 }
2824 }
2825 }
2826
2827 VerificationType ClassVerifier::get_newarray_type(
2828 u2 index, u2 bci, TRAPS) {
2829 const char* from_bt[] = {
2830 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2959 VerificationType return_type, VerificationType type, u2 bci,
2960 StackMapFrame* current_frame, TRAPS) {
2961 if (return_type == VerificationType::bogus_type()) {
2962 verify_error(ErrorContext::bad_type(bci,
2963 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2964 "Method expects a return value");
2965 return;
2966 }
2967 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2968 if (!match) {
2969 verify_error(ErrorContext::bad_type(bci,
2970 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2971 "Bad return type");
2972 return;
2973 }
2974 }
2975
2976 // The verifier creates symbols which are substrings of Symbols.
2977 // These are stored in the verifier until the end of verification so that
2978 // they can be reference counted.
2979 Symbol* ClassVerifier::create_temporary_symbol(const Symbol* s, int begin,
2980 int end, TRAPS) {
2981 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2982 _symbols->push(sym);
2983 return sym;
2984 }
2985
2986 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2987 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2988 _symbols->push(sym);
2989 return sym;
2990 }
|