1 /*
2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "jvm.h"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/systemDictionary.hpp"
33 #include "classfile/verifier.hpp"
34 #include "classfile/vmSymbols.hpp"
35 #include "interpreter/bytecodes.hpp"
36 #include "interpreter/bytecodeStream.hpp"
37 #include "logging/log.hpp"
38 #include "logging/logStream.hpp"
39 #include "memory/oopFactory.hpp"
40 #include "memory/resourceArea.hpp"
41 #include "oops/constantPool.inline.hpp"
42 #include "oops/instanceKlass.hpp"
43 #include "oops/oop.inline.hpp"
44 #include "oops/typeArrayOop.hpp"
45 #include "runtime/fieldDescriptor.hpp"
46 #include "runtime/handles.inline.hpp"
47 #include "runtime/interfaceSupport.inline.hpp"
48 #include "runtime/javaCalls.hpp"
49 #include "runtime/jniHandles.inline.hpp"
50 #include "runtime/orderAccess.inline.hpp"
51 #include "runtime/os.hpp"
52 #include "runtime/thread.hpp"
53 #include "services/threadService.hpp"
54 #include "utilities/align.hpp"
55 #include "utilities/bytes.hpp"
56
57 #define NOFAILOVER_MAJOR_VERSION 51
58 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
59 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
60 #define MAX_ARRAY_DIMENSIONS 255
61
62 // Access to external entry for VerifyClassCodes - old byte code verifier
63
64 extern "C" {
65 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
66 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
67 }
68
69 static void* volatile _verify_byte_codes_fn = NULL;
70
71 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
72
73 static void* verify_byte_codes_fn() {
74 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
75 void *lib_handle = os::native_java_library();
76 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
77 OrderAccess::release_store(&_verify_byte_codes_fn, func);
78 if (func == NULL) {
79 _is_new_verify_byte_codes_fn = false;
80 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
81 OrderAccess::release_store(&_verify_byte_codes_fn, func);
82 }
83 }
84 return (void*)_verify_byte_codes_fn;
85 }
86
87
88 // Methods in Verifier
89
90 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
91 return (class_loader == NULL || !should_verify_class) ?
92 BytecodeVerificationLocal : BytecodeVerificationRemote;
93 }
94
95 bool Verifier::relax_access_for(oop loader) {
96 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
97 bool need_verify =
98 // verifyAll
99 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
100 // verifyRemote
101 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
102 return !need_verify;
103 }
104
105 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
106 assert(verify_class != NULL, "Unexpected null verify_class");
107 ResourceMark rm;
108 Symbol* s = verify_class->source_file_name();
109 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
110 const char* verify = verify_class->external_name();
111 const char* resolve = resolve_class->external_name();
112 // print in a single call to reduce interleaving between threads
113 if (source_file != NULL) {
114 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
115 } else {
116 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
117 }
118 }
119
120 // Prints the end-verification message to the appropriate output.
121 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) {
122 if (HAS_PENDING_EXCEPTION) {
123 st->print("Verification for %s has", klassName);
124 st->print_cr(" exception pending %s ",
125 PENDING_EXCEPTION->klass()->external_name());
126 } else if (exception_name != NULL) {
127 st->print_cr("Verification for %s failed", klassName);
128 }
129 st->print_cr("End class verification for: %s", klassName);
130 }
131
132 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
133 HandleMark hm(THREAD);
134 ResourceMark rm(THREAD);
135
136 // Eagerly allocate the identity hash code for a klass. This is a fallout
137 // from 6320749 and 8059924: hash code generator is not supposed to be called
138 // during the safepoint, but it allows to sneak the hashcode in during
139 // verification. Without this eager hashcode generation, we may end up
140 // installing the hashcode during some other operation, which may be at
141 // safepoint -- blowing up the checks. It was previously done as the side
142 // effect (sic!) for external_name(), but instead of doing that, we opt to
143 // explicitly push the hashcode in here. This is signify the following block
144 // is IMPORTANT:
145 if (klass->java_mirror() != NULL) {
146 klass->java_mirror()->identity_hash();
147 }
148
149 if (!is_eligible_for_verification(klass, should_verify_class)) {
150 return true;
151 }
152
153 // Timer includes any side effects of class verification (resolution,
154 // etc), but not recursive calls to Verifier::verify().
155 JavaThread* jt = (JavaThread*)THREAD;
156 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
157 ClassLoader::perf_class_verify_selftime(),
158 ClassLoader::perf_classes_verified(),
159 jt->get_thread_stat()->perf_recursion_counts_addr(),
160 jt->get_thread_stat()->perf_timers_addr(),
161 PerfClassTraceTime::CLASS_VERIFY);
162
163 // If the class should be verified, first see if we can use the split
164 // verifier. If not, or if verification fails and FailOverToOldVerifier
165 // is set, then call the inference verifier.
166
167 Symbol* exception_name = NULL;
168 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
169 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
170 char* exception_message = message_buffer;
171
172 const char* klassName = klass->external_name();
173 bool can_failover = FailOverToOldVerifier &&
174 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
175
176 log_info(class, init)("Start class verification for: %s", klassName);
177 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
178 ClassVerifier split_verifier(klass, THREAD);
179 split_verifier.verify_class(THREAD);
180 exception_name = split_verifier.result();
181 if (can_failover && !HAS_PENDING_EXCEPTION &&
182 (exception_name == vmSymbols::java_lang_VerifyError() ||
183 exception_name == vmSymbols::java_lang_ClassFormatError())) {
184 log_info(verification)("Fail over class verification to old verifier for: %s", klassName);
185 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName);
186 exception_name = inference_verify(
187 klass, message_buffer, message_buffer_len, THREAD);
188 }
189 if (exception_name != NULL) {
190 exception_message = split_verifier.exception_message();
191 }
192 } else {
193 exception_name = inference_verify(
194 klass, message_buffer, message_buffer_len, THREAD);
195 }
196
197 LogTarget(Info, class, init) lt1;
198 if (lt1.is_enabled()) {
199 LogStream ls(lt1);
200 log_end_verification(&ls, klassName, exception_name, THREAD);
201 }
202 LogTarget(Info, verification) lt2;
203 if (lt2.is_enabled()) {
204 LogStream ls(lt2);
205 log_end_verification(&ls, klassName, exception_name, THREAD);
206 }
207
208 if (HAS_PENDING_EXCEPTION) {
209 return false; // use the existing exception
210 } else if (exception_name == NULL) {
211 return true; // verifcation succeeded
212 } else { // VerifyError or ClassFormatError to be created and thrown
213 ResourceMark rm(THREAD);
214 Klass* kls =
215 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
216 if (log_is_enabled(Debug, class, resolve)) {
217 Verifier::trace_class_resolution(kls, klass);
218 }
219
220 while (kls != NULL) {
221 if (kls == klass) {
222 // If the class being verified is the exception we're creating
223 // or one of it's superclasses, we're in trouble and are going
224 // to infinitely recurse when we try to initialize the exception.
225 // So bail out here by throwing the preallocated VM error.
226 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
227 }
228 kls = kls->super();
229 }
230 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
231 THROW_MSG_(exception_name, exception_message, false);
232 }
233 }
234
235 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
236 Symbol* name = klass->name();
237 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
238
239 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
240
241 return (should_verify_for(klass->class_loader(), should_verify_class) &&
242 // return if the class is a bootstrapping class
243 // or defineClass specified not to verify by default (flags override passed arg)
244 // We need to skip the following four for bootstraping
245 name != vmSymbols::java_lang_Object() &&
246 name != vmSymbols::java_lang_Class() &&
247 name != vmSymbols::java_lang_String() &&
248 name != vmSymbols::java_lang_Throwable() &&
249
250 // Can not verify the bytecodes for shared classes because they have
251 // already been rewritten to contain constant pool cache indices,
252 // which the verifier can't understand.
253 // Shared classes shouldn't have stackmaps either.
254 !klass->is_shared() &&
255
256 // As of the fix for 4486457 we disable verification for all of the
257 // dynamically-generated bytecodes associated with the 1.4
258 // reflection implementation, not just those associated with
259 // jdk/internal/reflect/SerializationConstructorAccessor.
260 // NOTE: this is called too early in the bootstrapping process to be
261 // guarded by Universe::is_gte_jdk14x_version().
262 // Also for lambda generated code, gte jdk8
263 (!is_reflect));
264 }
265
266 Symbol* Verifier::inference_verify(
267 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
268 JavaThread* thread = (JavaThread*)THREAD;
269 JNIEnv *env = thread->jni_environment();
270
271 void* verify_func = verify_byte_codes_fn();
272
273 if (verify_func == NULL) {
274 jio_snprintf(message, message_len, "Could not link verifier");
275 return vmSymbols::java_lang_VerifyError();
276 }
277
278 ResourceMark rm(THREAD);
279 log_info(verification)("Verifying class %s with old format", klass->external_name());
280
281 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
282 jint result;
283
284 {
285 HandleMark hm(thread);
286 ThreadToNativeFromVM ttn(thread);
287 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
288 // code knows that we have left the VM
289
290 if (_is_new_verify_byte_codes_fn) {
291 verify_byte_codes_fn_new_t func =
292 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
293 result = (*func)(env, cls, message, (int)message_len,
294 klass->major_version());
295 } else {
296 verify_byte_codes_fn_t func =
297 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
298 result = (*func)(env, cls, message, (int)message_len);
299 }
300 }
301
302 JNIHandles::destroy_local(cls);
303
304 // These numbers are chosen so that VerifyClassCodes interface doesn't need
305 // to be changed (still return jboolean (unsigned char)), and result is
306 // 1 when verification is passed.
307 if (result == 0) {
308 return vmSymbols::java_lang_VerifyError();
309 } else if (result == 1) {
310 return NULL; // verified.
311 } else if (result == 2) {
312 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
313 } else if (result == 3) {
314 return vmSymbols::java_lang_ClassFormatError();
315 } else {
316 ShouldNotReachHere();
317 return NULL;
318 }
319 }
320
321 TypeOrigin TypeOrigin::null() {
322 return TypeOrigin();
323 }
324 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
325 assert(frame != NULL, "Must have a frame");
326 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
327 frame->local_at(index));
328 }
329 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
330 assert(frame != NULL, "Must have a frame");
331 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
332 frame->stack_at(index));
333 }
334 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
335 assert(frame != NULL, "Must have a frame");
336 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
337 frame->local_at(index));
338 }
339 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
340 assert(frame != NULL, "Must have a frame");
341 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
342 frame->stack_at(index));
343 }
344 TypeOrigin TypeOrigin::bad_index(u2 index) {
345 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
346 }
347 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
348 return TypeOrigin(CONST_POOL, index, NULL, vt);
349 }
350 TypeOrigin TypeOrigin::signature(VerificationType vt) {
351 return TypeOrigin(SIG, 0, NULL, vt);
352 }
353 TypeOrigin TypeOrigin::implicit(VerificationType t) {
354 return TypeOrigin(IMPLICIT, 0, NULL, t);
355 }
356 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
357 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
358 VerificationType::bogus_type());
359 }
360
361 void TypeOrigin::reset_frame() {
362 if (_frame != NULL) {
363 _frame->restore();
364 }
365 }
366
367 void TypeOrigin::details(outputStream* ss) const {
368 _type.print_on(ss);
369 switch (_origin) {
370 case CF_LOCALS:
371 ss->print(" (current frame, locals[%d])", _index);
372 break;
373 case CF_STACK:
374 ss->print(" (current frame, stack[%d])", _index);
375 break;
376 case SM_LOCALS:
377 ss->print(" (stack map, locals[%d])", _index);
378 break;
379 case SM_STACK:
380 ss->print(" (stack map, stack[%d])", _index);
381 break;
382 case CONST_POOL:
383 ss->print(" (constant pool %d)", _index);
384 break;
385 case SIG:
386 ss->print(" (from method signature)");
387 break;
388 case IMPLICIT:
389 case FRAME_ONLY:
390 case NONE:
391 default:
392 ;
393 }
394 }
395
396 #ifdef ASSERT
397 void TypeOrigin::print_on(outputStream* str) const {
398 str->print("{%d,%d,%p:", _origin, _index, _frame);
399 if (_frame != NULL) {
400 _frame->print_on(str);
401 } else {
402 str->print("null");
403 }
404 str->print(",");
405 _type.print_on(str);
406 str->print("}");
407 }
408 #endif
409
410 void ErrorContext::details(outputStream* ss, const Method* method) const {
411 if (is_valid()) {
412 ss->cr();
413 ss->print_cr("Exception Details:");
414 location_details(ss, method);
415 reason_details(ss);
416 frame_details(ss);
417 bytecode_details(ss, method);
418 handler_details(ss, method);
419 stackmap_details(ss, method);
420 }
421 }
422
423 void ErrorContext::reason_details(outputStream* ss) const {
424 streamIndentor si(ss);
425 ss->indent().print_cr("Reason:");
426 streamIndentor si2(ss);
427 ss->indent().print("%s", "");
428 switch (_fault) {
429 case INVALID_BYTECODE:
430 ss->print("Error exists in the bytecode");
431 break;
432 case WRONG_TYPE:
433 if (_expected.is_valid()) {
434 ss->print("Type ");
435 _type.details(ss);
436 ss->print(" is not assignable to ");
437 _expected.details(ss);
438 } else {
439 ss->print("Invalid type: ");
440 _type.details(ss);
441 }
442 break;
443 case FLAGS_MISMATCH:
444 if (_expected.is_valid()) {
445 ss->print("Current frame's flags are not assignable "
446 "to stack map frame's.");
447 } else {
448 ss->print("Current frame's flags are invalid in this context.");
449 }
450 break;
451 case BAD_CP_INDEX:
452 ss->print("Constant pool index %d is invalid", _type.index());
453 break;
454 case BAD_LOCAL_INDEX:
455 ss->print("Local index %d is invalid", _type.index());
456 break;
457 case LOCALS_SIZE_MISMATCH:
458 ss->print("Current frame's local size doesn't match stackmap.");
459 break;
460 case STACK_SIZE_MISMATCH:
461 ss->print("Current frame's stack size doesn't match stackmap.");
462 break;
463 case STACK_OVERFLOW:
464 ss->print("Exceeded max stack size.");
465 break;
466 case STACK_UNDERFLOW:
467 ss->print("Attempt to pop empty stack.");
468 break;
469 case MISSING_STACKMAP:
470 ss->print("Expected stackmap frame at this location.");
471 break;
472 case BAD_STACKMAP:
473 ss->print("Invalid stackmap specification.");
474 break;
475 case UNKNOWN:
476 default:
477 ShouldNotReachHere();
478 ss->print_cr("Unknown");
479 }
480 ss->cr();
481 }
482
483 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
484 if (_bci != -1 && method != NULL) {
485 streamIndentor si(ss);
486 const char* bytecode_name = "<invalid>";
487 if (method->validate_bci(_bci) != -1) {
488 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
489 if (Bytecodes::is_defined(code)) {
490 bytecode_name = Bytecodes::name(code);
491 } else {
492 bytecode_name = "<illegal>";
493 }
494 }
495 InstanceKlass* ik = method->method_holder();
496 ss->indent().print_cr("Location:");
497 streamIndentor si2(ss);
498 ss->indent().print_cr("%s.%s%s @%d: %s",
499 ik->name()->as_C_string(), method->name()->as_C_string(),
500 method->signature()->as_C_string(), _bci, bytecode_name);
501 }
502 }
503
504 void ErrorContext::frame_details(outputStream* ss) const {
505 streamIndentor si(ss);
506 if (_type.is_valid() && _type.frame() != NULL) {
507 ss->indent().print_cr("Current Frame:");
508 streamIndentor si2(ss);
509 _type.frame()->print_on(ss);
510 }
511 if (_expected.is_valid() && _expected.frame() != NULL) {
512 ss->indent().print_cr("Stackmap Frame:");
513 streamIndentor si2(ss);
514 _expected.frame()->print_on(ss);
515 }
516 }
517
518 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
519 if (method != NULL) {
520 streamIndentor si(ss);
521 ss->indent().print_cr("Bytecode:");
522 streamIndentor si2(ss);
523 ss->print_data(method->code_base(), method->code_size(), false);
524 }
525 }
526
527 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
528 if (method != NULL) {
529 streamIndentor si(ss);
530 ExceptionTable table(method);
531 if (table.length() > 0) {
532 ss->indent().print_cr("Exception Handler Table:");
533 streamIndentor si2(ss);
534 for (int i = 0; i < table.length(); ++i) {
535 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
536 table.end_pc(i), table.handler_pc(i));
537 }
538 }
539 }
540 }
541
542 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
543 if (method != NULL && method->has_stackmap_table()) {
544 streamIndentor si(ss);
545 ss->indent().print_cr("Stackmap Table:");
546 Array<u1>* data = method->stackmap_data();
547 stack_map_table* sm_table =
548 stack_map_table::at((address)data->adr_at(0));
549 stack_map_frame* sm_frame = sm_table->entries();
550 streamIndentor si2(ss);
551 int current_offset = -1;
552 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
553 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
554 ss->indent();
555 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
556 sm_frame->print_truncated(ss, current_offset);
557 return;
558 }
559 sm_frame->print_on(ss, current_offset);
560 ss->cr();
561 current_offset += sm_frame->offset_delta();
562 sm_frame = sm_frame->next();
563 }
564 }
565 }
566
567 // Methods in ClassVerifier
568
569 ClassVerifier::ClassVerifier(
570 InstanceKlass* klass, TRAPS)
571 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
572 _this_type = VerificationType::reference_type(klass->name());
573 // Create list to hold symbols in reference area.
574 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
575 }
576
577 ClassVerifier::~ClassVerifier() {
578 // Decrement the reference count for any symbols created.
579 for (int i = 0; i < _symbols->length(); i++) {
580 Symbol* s = _symbols->at(i);
581 s->decrement_refcount();
582 }
583 }
584
585 VerificationType ClassVerifier::object_type() const {
586 return VerificationType::reference_type(vmSymbols::java_lang_Object());
587 }
588
589 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
590 VerificationType vt = VerificationType::reference_type(
591 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
592 return TypeOrigin::implicit(vt);
593 }
594
595 void ClassVerifier::verify_class(TRAPS) {
596 log_info(verification)("Verifying class %s with new format", _klass->external_name());
597
598 Array<Method*>* methods = _klass->methods();
599 int num_methods = methods->length();
600
601 for (int index = 0; index < num_methods; index++) {
602 // Check for recursive re-verification before each method.
603 if (was_recursively_verified()) return;
604
605 Method* m = methods->at(index);
606 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
607 // If m is native or abstract, skip it. It is checked in class file
608 // parser that methods do not override a final method. Overpass methods
609 // are trusted since the VM generates them.
610 continue;
611 }
612 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
613 }
614
615 if (was_recursively_verified()){
616 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
617 log_info(class, init)("Recursive verification detected for: %s",
618 _klass->external_name());
619 }
620 }
621
622 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
623 HandleMark hm(THREAD);
624 _method = m; // initialize _method
625 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
626
627 // For clang, the only good constant format string is a literal constant format string.
628 #define bad_type_msg "Bad type on operand stack in %s"
629
630 int32_t max_stack = m->verifier_max_stack();
631 int32_t max_locals = m->max_locals();
632 constantPoolHandle cp(THREAD, m->constants());
633
634 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
635 class_format_error("Invalid method signature");
636 return;
637 }
638
639 // Initial stack map frame: offset is 0, stack is initially empty.
640 StackMapFrame current_frame(max_locals, max_stack, this);
641 // Set initial locals
642 VerificationType return_type = current_frame.set_locals_from_arg(
643 m, current_type(), CHECK_VERIFY(this));
644
645 int32_t stackmap_index = 0; // index to the stackmap array
646
647 u4 code_length = m->code_size();
648
649 // Scan the bytecode and map each instruction's start offset to a number.
650 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
651
652 int ex_min = code_length;
653 int ex_max = -1;
654 // Look through each item on the exception table. Each of the fields must refer
655 // to a legal instruction.
656 if (was_recursively_verified()) return;
657 verify_exception_handler_table(
658 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
659
660 // Look through each entry on the local variable table and make sure
661 // its range of code array offsets is valid. (4169817)
662 if (m->has_localvariable_table()) {
663 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
664 }
665
666 Array<u1>* stackmap_data = m->stackmap_data();
667 StackMapStream stream(stackmap_data);
668 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
669 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
670 code_data, code_length, CHECK_VERIFY(this));
671
672 LogTarget(Info, verification) lt;
673 if (lt.is_enabled()) {
674 ResourceMark rm(THREAD);
675 LogStream ls(lt);
676 stackmap_table.print_on(&ls);
677 }
678
679 RawBytecodeStream bcs(m);
680
681 // Scan the byte code linearly from the start to the end
682 bool no_control_flow = false; // Set to true when there is no direct control
683 // flow from current instruction to the next
684 // instruction in sequence
685
686 Bytecodes::Code opcode;
687 while (!bcs.is_last_bytecode()) {
688 // Check for recursive re-verification before each bytecode.
689 if (was_recursively_verified()) return;
690
691 opcode = bcs.raw_next();
692 u2 bci = bcs.bci();
693
694 // Set current frame's offset to bci
695 current_frame.set_offset(bci);
696 current_frame.set_mark();
697
698 // Make sure every offset in stackmap table point to the beginning to
699 // an instruction. Match current_frame to stackmap_table entry with
700 // the same offset if exists.
701 stackmap_index = verify_stackmap_table(
702 stackmap_index, bci, ¤t_frame, &stackmap_table,
703 no_control_flow, CHECK_VERIFY(this));
704
705
706 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
707 bool verified_exc_handlers = false;
708
709 // Merge with the next instruction
710 {
711 u2 index;
712 int target;
713 VerificationType type, type2;
714 VerificationType atype;
715
716 LogTarget(Info, verification) lt;
717 if (lt.is_enabled()) {
718 ResourceMark rm(THREAD);
719 LogStream ls(lt);
720 current_frame.print_on(&ls);
721 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
722 }
723
724 // Make sure wide instruction is in correct format
725 if (bcs.is_wide()) {
726 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
727 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
728 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
729 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
730 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
731 opcode != Bytecodes::_dstore) {
732 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
733 * if we encounter a wide instruction that modifies an invalid
734 * opcode (not one of the ones listed above) */
735 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
736 return;
737 }
738 }
739
740 // Look for possible jump target in exception handlers and see if it
741 // matches current_frame. Do this check here for astore*, dstore*,
742 // fstore*, istore*, and lstore* opcodes because they can change the type
743 // state by adding a local. JVM Spec says that the incoming type state
744 // should be used for this check. So, do the check here before a possible
745 // local is added to the type state.
746 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
747 if (was_recursively_verified()) return;
748 verify_exception_handler_targets(
749 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
750 verified_exc_handlers = true;
751 }
752
753 if (was_recursively_verified()) return;
754
755 switch (opcode) {
756 case Bytecodes::_nop :
757 no_control_flow = false; break;
758 case Bytecodes::_aconst_null :
759 current_frame.push_stack(
760 VerificationType::null_type(), CHECK_VERIFY(this));
761 no_control_flow = false; break;
762 case Bytecodes::_iconst_m1 :
763 case Bytecodes::_iconst_0 :
764 case Bytecodes::_iconst_1 :
765 case Bytecodes::_iconst_2 :
766 case Bytecodes::_iconst_3 :
767 case Bytecodes::_iconst_4 :
768 case Bytecodes::_iconst_5 :
769 current_frame.push_stack(
770 VerificationType::integer_type(), CHECK_VERIFY(this));
771 no_control_flow = false; break;
772 case Bytecodes::_lconst_0 :
773 case Bytecodes::_lconst_1 :
774 current_frame.push_stack_2(
775 VerificationType::long_type(),
776 VerificationType::long2_type(), CHECK_VERIFY(this));
777 no_control_flow = false; break;
778 case Bytecodes::_fconst_0 :
779 case Bytecodes::_fconst_1 :
780 case Bytecodes::_fconst_2 :
781 current_frame.push_stack(
782 VerificationType::float_type(), CHECK_VERIFY(this));
783 no_control_flow = false; break;
784 case Bytecodes::_dconst_0 :
785 case Bytecodes::_dconst_1 :
786 current_frame.push_stack_2(
787 VerificationType::double_type(),
788 VerificationType::double2_type(), CHECK_VERIFY(this));
789 no_control_flow = false; break;
790 case Bytecodes::_sipush :
791 case Bytecodes::_bipush :
792 current_frame.push_stack(
793 VerificationType::integer_type(), CHECK_VERIFY(this));
794 no_control_flow = false; break;
795 case Bytecodes::_ldc :
796 verify_ldc(
797 opcode, bcs.get_index_u1(), ¤t_frame,
798 cp, bci, CHECK_VERIFY(this));
799 no_control_flow = false; break;
800 case Bytecodes::_ldc_w :
801 case Bytecodes::_ldc2_w :
802 verify_ldc(
803 opcode, bcs.get_index_u2(), ¤t_frame,
804 cp, bci, CHECK_VERIFY(this));
805 no_control_flow = false; break;
806 case Bytecodes::_iload :
807 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
808 no_control_flow = false; break;
809 case Bytecodes::_iload_0 :
810 case Bytecodes::_iload_1 :
811 case Bytecodes::_iload_2 :
812 case Bytecodes::_iload_3 :
813 index = opcode - Bytecodes::_iload_0;
814 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
815 no_control_flow = false; break;
816 case Bytecodes::_lload :
817 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
818 no_control_flow = false; break;
819 case Bytecodes::_lload_0 :
820 case Bytecodes::_lload_1 :
821 case Bytecodes::_lload_2 :
822 case Bytecodes::_lload_3 :
823 index = opcode - Bytecodes::_lload_0;
824 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
825 no_control_flow = false; break;
826 case Bytecodes::_fload :
827 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
828 no_control_flow = false; break;
829 case Bytecodes::_fload_0 :
830 case Bytecodes::_fload_1 :
831 case Bytecodes::_fload_2 :
832 case Bytecodes::_fload_3 :
833 index = opcode - Bytecodes::_fload_0;
834 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
835 no_control_flow = false; break;
836 case Bytecodes::_dload :
837 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
838 no_control_flow = false; break;
839 case Bytecodes::_dload_0 :
840 case Bytecodes::_dload_1 :
841 case Bytecodes::_dload_2 :
842 case Bytecodes::_dload_3 :
843 index = opcode - Bytecodes::_dload_0;
844 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
845 no_control_flow = false; break;
846 case Bytecodes::_aload :
847 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
848 no_control_flow = false; break;
849 case Bytecodes::_aload_0 :
850 case Bytecodes::_aload_1 :
851 case Bytecodes::_aload_2 :
852 case Bytecodes::_aload_3 :
853 index = opcode - Bytecodes::_aload_0;
854 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
855 no_control_flow = false; break;
856 case Bytecodes::_iaload :
857 type = current_frame.pop_stack(
858 VerificationType::integer_type(), CHECK_VERIFY(this));
859 atype = current_frame.pop_stack(
860 VerificationType::reference_check(), CHECK_VERIFY(this));
861 if (!atype.is_int_array()) {
862 verify_error(ErrorContext::bad_type(bci,
863 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
864 bad_type_msg, "iaload");
865 return;
866 }
867 current_frame.push_stack(
868 VerificationType::integer_type(), CHECK_VERIFY(this));
869 no_control_flow = false; break;
870 case Bytecodes::_baload :
871 type = current_frame.pop_stack(
872 VerificationType::integer_type(), CHECK_VERIFY(this));
873 atype = current_frame.pop_stack(
874 VerificationType::reference_check(), CHECK_VERIFY(this));
875 if (!atype.is_bool_array() && !atype.is_byte_array()) {
876 verify_error(
877 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
878 bad_type_msg, "baload");
879 return;
880 }
881 current_frame.push_stack(
882 VerificationType::integer_type(), CHECK_VERIFY(this));
883 no_control_flow = false; break;
884 case Bytecodes::_caload :
885 type = current_frame.pop_stack(
886 VerificationType::integer_type(), CHECK_VERIFY(this));
887 atype = current_frame.pop_stack(
888 VerificationType::reference_check(), CHECK_VERIFY(this));
889 if (!atype.is_char_array()) {
890 verify_error(ErrorContext::bad_type(bci,
891 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
892 bad_type_msg, "caload");
893 return;
894 }
895 current_frame.push_stack(
896 VerificationType::integer_type(), CHECK_VERIFY(this));
897 no_control_flow = false; break;
898 case Bytecodes::_saload :
899 type = current_frame.pop_stack(
900 VerificationType::integer_type(), CHECK_VERIFY(this));
901 atype = current_frame.pop_stack(
902 VerificationType::reference_check(), CHECK_VERIFY(this));
903 if (!atype.is_short_array()) {
904 verify_error(ErrorContext::bad_type(bci,
905 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
906 bad_type_msg, "saload");
907 return;
908 }
909 current_frame.push_stack(
910 VerificationType::integer_type(), CHECK_VERIFY(this));
911 no_control_flow = false; break;
912 case Bytecodes::_laload :
913 type = current_frame.pop_stack(
914 VerificationType::integer_type(), CHECK_VERIFY(this));
915 atype = current_frame.pop_stack(
916 VerificationType::reference_check(), CHECK_VERIFY(this));
917 if (!atype.is_long_array()) {
918 verify_error(ErrorContext::bad_type(bci,
919 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
920 bad_type_msg, "laload");
921 return;
922 }
923 current_frame.push_stack_2(
924 VerificationType::long_type(),
925 VerificationType::long2_type(), CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_faload :
928 type = current_frame.pop_stack(
929 VerificationType::integer_type(), CHECK_VERIFY(this));
930 atype = current_frame.pop_stack(
931 VerificationType::reference_check(), CHECK_VERIFY(this));
932 if (!atype.is_float_array()) {
933 verify_error(ErrorContext::bad_type(bci,
934 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
935 bad_type_msg, "faload");
936 return;
937 }
938 current_frame.push_stack(
939 VerificationType::float_type(), CHECK_VERIFY(this));
940 no_control_flow = false; break;
941 case Bytecodes::_daload :
942 type = current_frame.pop_stack(
943 VerificationType::integer_type(), CHECK_VERIFY(this));
944 atype = current_frame.pop_stack(
945 VerificationType::reference_check(), CHECK_VERIFY(this));
946 if (!atype.is_double_array()) {
947 verify_error(ErrorContext::bad_type(bci,
948 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
949 bad_type_msg, "daload");
950 return;
951 }
952 current_frame.push_stack_2(
953 VerificationType::double_type(),
954 VerificationType::double2_type(), CHECK_VERIFY(this));
955 no_control_flow = false; break;
956 case Bytecodes::_aaload : {
957 type = current_frame.pop_stack(
958 VerificationType::integer_type(), CHECK_VERIFY(this));
959 atype = current_frame.pop_stack(
960 VerificationType::reference_check(), CHECK_VERIFY(this));
961 if (!atype.is_reference_array()) {
962 verify_error(ErrorContext::bad_type(bci,
963 current_frame.stack_top_ctx(),
964 TypeOrigin::implicit(VerificationType::reference_check())),
965 bad_type_msg, "aaload");
966 return;
967 }
968 if (atype.is_null()) {
969 current_frame.push_stack(
970 VerificationType::null_type(), CHECK_VERIFY(this));
971 } else {
972 VerificationType component =
973 atype.get_component(this, CHECK_VERIFY(this));
974 current_frame.push_stack(component, CHECK_VERIFY(this));
975 }
976 no_control_flow = false; break;
977 }
978 case Bytecodes::_istore :
979 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
980 no_control_flow = false; break;
981 case Bytecodes::_istore_0 :
982 case Bytecodes::_istore_1 :
983 case Bytecodes::_istore_2 :
984 case Bytecodes::_istore_3 :
985 index = opcode - Bytecodes::_istore_0;
986 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
987 no_control_flow = false; break;
988 case Bytecodes::_lstore :
989 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
990 no_control_flow = false; break;
991 case Bytecodes::_lstore_0 :
992 case Bytecodes::_lstore_1 :
993 case Bytecodes::_lstore_2 :
994 case Bytecodes::_lstore_3 :
995 index = opcode - Bytecodes::_lstore_0;
996 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
997 no_control_flow = false; break;
998 case Bytecodes::_fstore :
999 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1000 no_control_flow = false; break;
1001 case Bytecodes::_fstore_0 :
1002 case Bytecodes::_fstore_1 :
1003 case Bytecodes::_fstore_2 :
1004 case Bytecodes::_fstore_3 :
1005 index = opcode - Bytecodes::_fstore_0;
1006 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1007 no_control_flow = false; break;
1008 case Bytecodes::_dstore :
1009 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1010 no_control_flow = false; break;
1011 case Bytecodes::_dstore_0 :
1012 case Bytecodes::_dstore_1 :
1013 case Bytecodes::_dstore_2 :
1014 case Bytecodes::_dstore_3 :
1015 index = opcode - Bytecodes::_dstore_0;
1016 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1017 no_control_flow = false; break;
1018 case Bytecodes::_astore :
1019 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1020 no_control_flow = false; break;
1021 case Bytecodes::_astore_0 :
1022 case Bytecodes::_astore_1 :
1023 case Bytecodes::_astore_2 :
1024 case Bytecodes::_astore_3 :
1025 index = opcode - Bytecodes::_astore_0;
1026 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1027 no_control_flow = false; break;
1028 case Bytecodes::_iastore :
1029 type = current_frame.pop_stack(
1030 VerificationType::integer_type(), CHECK_VERIFY(this));
1031 type2 = current_frame.pop_stack(
1032 VerificationType::integer_type(), CHECK_VERIFY(this));
1033 atype = current_frame.pop_stack(
1034 VerificationType::reference_check(), CHECK_VERIFY(this));
1035 if (!atype.is_int_array()) {
1036 verify_error(ErrorContext::bad_type(bci,
1037 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
1038 bad_type_msg, "iastore");
1039 return;
1040 }
1041 no_control_flow = false; break;
1042 case Bytecodes::_bastore :
1043 type = current_frame.pop_stack(
1044 VerificationType::integer_type(), CHECK_VERIFY(this));
1045 type2 = current_frame.pop_stack(
1046 VerificationType::integer_type(), CHECK_VERIFY(this));
1047 atype = current_frame.pop_stack(
1048 VerificationType::reference_check(), CHECK_VERIFY(this));
1049 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1050 verify_error(
1051 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1052 bad_type_msg, "bastore");
1053 return;
1054 }
1055 no_control_flow = false; break;
1056 case Bytecodes::_castore :
1057 current_frame.pop_stack(
1058 VerificationType::integer_type(), CHECK_VERIFY(this));
1059 current_frame.pop_stack(
1060 VerificationType::integer_type(), CHECK_VERIFY(this));
1061 atype = current_frame.pop_stack(
1062 VerificationType::reference_check(), CHECK_VERIFY(this));
1063 if (!atype.is_char_array()) {
1064 verify_error(ErrorContext::bad_type(bci,
1065 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1066 bad_type_msg, "castore");
1067 return;
1068 }
1069 no_control_flow = false; break;
1070 case Bytecodes::_sastore :
1071 current_frame.pop_stack(
1072 VerificationType::integer_type(), CHECK_VERIFY(this));
1073 current_frame.pop_stack(
1074 VerificationType::integer_type(), CHECK_VERIFY(this));
1075 atype = current_frame.pop_stack(
1076 VerificationType::reference_check(), CHECK_VERIFY(this));
1077 if (!atype.is_short_array()) {
1078 verify_error(ErrorContext::bad_type(bci,
1079 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1080 bad_type_msg, "sastore");
1081 return;
1082 }
1083 no_control_flow = false; break;
1084 case Bytecodes::_lastore :
1085 current_frame.pop_stack_2(
1086 VerificationType::long2_type(),
1087 VerificationType::long_type(), CHECK_VERIFY(this));
1088 current_frame.pop_stack(
1089 VerificationType::integer_type(), CHECK_VERIFY(this));
1090 atype = current_frame.pop_stack(
1091 VerificationType::reference_check(), CHECK_VERIFY(this));
1092 if (!atype.is_long_array()) {
1093 verify_error(ErrorContext::bad_type(bci,
1094 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1095 bad_type_msg, "lastore");
1096 return;
1097 }
1098 no_control_flow = false; break;
1099 case Bytecodes::_fastore :
1100 current_frame.pop_stack(
1101 VerificationType::float_type(), CHECK_VERIFY(this));
1102 current_frame.pop_stack
1103 (VerificationType::integer_type(), CHECK_VERIFY(this));
1104 atype = current_frame.pop_stack(
1105 VerificationType::reference_check(), CHECK_VERIFY(this));
1106 if (!atype.is_float_array()) {
1107 verify_error(ErrorContext::bad_type(bci,
1108 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1109 bad_type_msg, "fastore");
1110 return;
1111 }
1112 no_control_flow = false; break;
1113 case Bytecodes::_dastore :
1114 current_frame.pop_stack_2(
1115 VerificationType::double2_type(),
1116 VerificationType::double_type(), CHECK_VERIFY(this));
1117 current_frame.pop_stack(
1118 VerificationType::integer_type(), CHECK_VERIFY(this));
1119 atype = current_frame.pop_stack(
1120 VerificationType::reference_check(), CHECK_VERIFY(this));
1121 if (!atype.is_double_array()) {
1122 verify_error(ErrorContext::bad_type(bci,
1123 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1124 bad_type_msg, "dastore");
1125 return;
1126 }
1127 no_control_flow = false; break;
1128 case Bytecodes::_aastore :
1129 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1130 type2 = current_frame.pop_stack(
1131 VerificationType::integer_type(), CHECK_VERIFY(this));
1132 atype = current_frame.pop_stack(
1133 VerificationType::reference_check(), CHECK_VERIFY(this));
1134 // more type-checking is done at runtime
1135 if (!atype.is_reference_array()) {
1136 verify_error(ErrorContext::bad_type(bci,
1137 current_frame.stack_top_ctx(),
1138 TypeOrigin::implicit(VerificationType::reference_check())),
1139 bad_type_msg, "aastore");
1140 return;
1141 }
1142 // 4938384: relaxed constraint in JVMS 3nd edition.
1143 no_control_flow = false; break;
1144 case Bytecodes::_pop :
1145 current_frame.pop_stack(
1146 VerificationType::category1_check(), CHECK_VERIFY(this));
1147 no_control_flow = false; break;
1148 case Bytecodes::_pop2 :
1149 type = current_frame.pop_stack(CHECK_VERIFY(this));
1150 if (type.is_category1()) {
1151 current_frame.pop_stack(
1152 VerificationType::category1_check(), CHECK_VERIFY(this));
1153 } else if (type.is_category2_2nd()) {
1154 current_frame.pop_stack(
1155 VerificationType::category2_check(), CHECK_VERIFY(this));
1156 } else {
1157 /* Unreachable? Would need a category2_1st on TOS
1158 * which does not appear possible. */
1159 verify_error(
1160 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1161 bad_type_msg, "pop2");
1162 return;
1163 }
1164 no_control_flow = false; break;
1165 case Bytecodes::_dup :
1166 type = current_frame.pop_stack(
1167 VerificationType::category1_check(), CHECK_VERIFY(this));
1168 current_frame.push_stack(type, CHECK_VERIFY(this));
1169 current_frame.push_stack(type, CHECK_VERIFY(this));
1170 no_control_flow = false; break;
1171 case Bytecodes::_dup_x1 :
1172 type = current_frame.pop_stack(
1173 VerificationType::category1_check(), CHECK_VERIFY(this));
1174 type2 = current_frame.pop_stack(
1175 VerificationType::category1_check(), CHECK_VERIFY(this));
1176 current_frame.push_stack(type, CHECK_VERIFY(this));
1177 current_frame.push_stack(type2, CHECK_VERIFY(this));
1178 current_frame.push_stack(type, CHECK_VERIFY(this));
1179 no_control_flow = false; break;
1180 case Bytecodes::_dup_x2 :
1181 {
1182 VerificationType type3;
1183 type = current_frame.pop_stack(
1184 VerificationType::category1_check(), CHECK_VERIFY(this));
1185 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1186 if (type2.is_category1()) {
1187 type3 = current_frame.pop_stack(
1188 VerificationType::category1_check(), CHECK_VERIFY(this));
1189 } else if (type2.is_category2_2nd()) {
1190 type3 = current_frame.pop_stack(
1191 VerificationType::category2_check(), CHECK_VERIFY(this));
1192 } else {
1193 /* Unreachable? Would need a category2_1st at stack depth 2 with
1194 * a category1 on TOS which does not appear possible. */
1195 verify_error(ErrorContext::bad_type(
1196 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1197 return;
1198 }
1199 current_frame.push_stack(type, CHECK_VERIFY(this));
1200 current_frame.push_stack(type3, CHECK_VERIFY(this));
1201 current_frame.push_stack(type2, CHECK_VERIFY(this));
1202 current_frame.push_stack(type, CHECK_VERIFY(this));
1203 no_control_flow = false; break;
1204 }
1205 case Bytecodes::_dup2 :
1206 type = current_frame.pop_stack(CHECK_VERIFY(this));
1207 if (type.is_category1()) {
1208 type2 = current_frame.pop_stack(
1209 VerificationType::category1_check(), CHECK_VERIFY(this));
1210 } else if (type.is_category2_2nd()) {
1211 type2 = current_frame.pop_stack(
1212 VerificationType::category2_check(), CHECK_VERIFY(this));
1213 } else {
1214 /* Unreachable? Would need a category2_1st on TOS which does not
1215 * appear possible. */
1216 verify_error(
1217 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1218 bad_type_msg, "dup2");
1219 return;
1220 }
1221 current_frame.push_stack(type2, CHECK_VERIFY(this));
1222 current_frame.push_stack(type, CHECK_VERIFY(this));
1223 current_frame.push_stack(type2, CHECK_VERIFY(this));
1224 current_frame.push_stack(type, CHECK_VERIFY(this));
1225 no_control_flow = false; break;
1226 case Bytecodes::_dup2_x1 :
1227 {
1228 VerificationType type3;
1229 type = current_frame.pop_stack(CHECK_VERIFY(this));
1230 if (type.is_category1()) {
1231 type2 = current_frame.pop_stack(
1232 VerificationType::category1_check(), CHECK_VERIFY(this));
1233 } else if (type.is_category2_2nd()) {
1234 type2 = current_frame.pop_stack(
1235 VerificationType::category2_check(), CHECK_VERIFY(this));
1236 } else {
1237 /* Unreachable? Would need a category2_1st on TOS which does
1238 * not appear possible. */
1239 verify_error(
1240 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1241 bad_type_msg, "dup2_x1");
1242 return;
1243 }
1244 type3 = current_frame.pop_stack(
1245 VerificationType::category1_check(), CHECK_VERIFY(this));
1246 current_frame.push_stack(type2, CHECK_VERIFY(this));
1247 current_frame.push_stack(type, CHECK_VERIFY(this));
1248 current_frame.push_stack(type3, CHECK_VERIFY(this));
1249 current_frame.push_stack(type2, CHECK_VERIFY(this));
1250 current_frame.push_stack(type, CHECK_VERIFY(this));
1251 no_control_flow = false; break;
1252 }
1253 case Bytecodes::_dup2_x2 :
1254 {
1255 VerificationType type3, type4;
1256 type = current_frame.pop_stack(CHECK_VERIFY(this));
1257 if (type.is_category1()) {
1258 type2 = current_frame.pop_stack(
1259 VerificationType::category1_check(), CHECK_VERIFY(this));
1260 } else if (type.is_category2_2nd()) {
1261 type2 = current_frame.pop_stack(
1262 VerificationType::category2_check(), CHECK_VERIFY(this));
1263 } else {
1264 /* Unreachable? Would need a category2_1st on TOS which does
1265 * not appear possible. */
1266 verify_error(
1267 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1268 bad_type_msg, "dup2_x2");
1269 return;
1270 }
1271 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1272 if (type3.is_category1()) {
1273 type4 = current_frame.pop_stack(
1274 VerificationType::category1_check(), CHECK_VERIFY(this));
1275 } else if (type3.is_category2_2nd()) {
1276 type4 = current_frame.pop_stack(
1277 VerificationType::category2_check(), CHECK_VERIFY(this));
1278 } else {
1279 /* Unreachable? Would need a category2_1st on TOS after popping
1280 * a long/double or two category 1's, which does not
1281 * appear possible. */
1282 verify_error(
1283 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1284 bad_type_msg, "dup2_x2");
1285 return;
1286 }
1287 current_frame.push_stack(type2, CHECK_VERIFY(this));
1288 current_frame.push_stack(type, CHECK_VERIFY(this));
1289 current_frame.push_stack(type4, CHECK_VERIFY(this));
1290 current_frame.push_stack(type3, CHECK_VERIFY(this));
1291 current_frame.push_stack(type2, CHECK_VERIFY(this));
1292 current_frame.push_stack(type, CHECK_VERIFY(this));
1293 no_control_flow = false; break;
1294 }
1295 case Bytecodes::_swap :
1296 type = current_frame.pop_stack(
1297 VerificationType::category1_check(), CHECK_VERIFY(this));
1298 type2 = current_frame.pop_stack(
1299 VerificationType::category1_check(), CHECK_VERIFY(this));
1300 current_frame.push_stack(type, CHECK_VERIFY(this));
1301 current_frame.push_stack(type2, CHECK_VERIFY(this));
1302 no_control_flow = false; break;
1303 case Bytecodes::_iadd :
1304 case Bytecodes::_isub :
1305 case Bytecodes::_imul :
1306 case Bytecodes::_idiv :
1307 case Bytecodes::_irem :
1308 case Bytecodes::_ishl :
1309 case Bytecodes::_ishr :
1310 case Bytecodes::_iushr :
1311 case Bytecodes::_ior :
1312 case Bytecodes::_ixor :
1313 case Bytecodes::_iand :
1314 current_frame.pop_stack(
1315 VerificationType::integer_type(), CHECK_VERIFY(this));
1316 // fall through
1317 case Bytecodes::_ineg :
1318 current_frame.pop_stack(
1319 VerificationType::integer_type(), CHECK_VERIFY(this));
1320 current_frame.push_stack(
1321 VerificationType::integer_type(), CHECK_VERIFY(this));
1322 no_control_flow = false; break;
1323 case Bytecodes::_ladd :
1324 case Bytecodes::_lsub :
1325 case Bytecodes::_lmul :
1326 case Bytecodes::_ldiv :
1327 case Bytecodes::_lrem :
1328 case Bytecodes::_land :
1329 case Bytecodes::_lor :
1330 case Bytecodes::_lxor :
1331 current_frame.pop_stack_2(
1332 VerificationType::long2_type(),
1333 VerificationType::long_type(), CHECK_VERIFY(this));
1334 // fall through
1335 case Bytecodes::_lneg :
1336 current_frame.pop_stack_2(
1337 VerificationType::long2_type(),
1338 VerificationType::long_type(), CHECK_VERIFY(this));
1339 current_frame.push_stack_2(
1340 VerificationType::long_type(),
1341 VerificationType::long2_type(), CHECK_VERIFY(this));
1342 no_control_flow = false; break;
1343 case Bytecodes::_lshl :
1344 case Bytecodes::_lshr :
1345 case Bytecodes::_lushr :
1346 current_frame.pop_stack(
1347 VerificationType::integer_type(), CHECK_VERIFY(this));
1348 current_frame.pop_stack_2(
1349 VerificationType::long2_type(),
1350 VerificationType::long_type(), CHECK_VERIFY(this));
1351 current_frame.push_stack_2(
1352 VerificationType::long_type(),
1353 VerificationType::long2_type(), CHECK_VERIFY(this));
1354 no_control_flow = false; break;
1355 case Bytecodes::_fadd :
1356 case Bytecodes::_fsub :
1357 case Bytecodes::_fmul :
1358 case Bytecodes::_fdiv :
1359 case Bytecodes::_frem :
1360 current_frame.pop_stack(
1361 VerificationType::float_type(), CHECK_VERIFY(this));
1362 // fall through
1363 case Bytecodes::_fneg :
1364 current_frame.pop_stack(
1365 VerificationType::float_type(), CHECK_VERIFY(this));
1366 current_frame.push_stack(
1367 VerificationType::float_type(), CHECK_VERIFY(this));
1368 no_control_flow = false; break;
1369 case Bytecodes::_dadd :
1370 case Bytecodes::_dsub :
1371 case Bytecodes::_dmul :
1372 case Bytecodes::_ddiv :
1373 case Bytecodes::_drem :
1374 current_frame.pop_stack_2(
1375 VerificationType::double2_type(),
1376 VerificationType::double_type(), CHECK_VERIFY(this));
1377 // fall through
1378 case Bytecodes::_dneg :
1379 current_frame.pop_stack_2(
1380 VerificationType::double2_type(),
1381 VerificationType::double_type(), CHECK_VERIFY(this));
1382 current_frame.push_stack_2(
1383 VerificationType::double_type(),
1384 VerificationType::double2_type(), CHECK_VERIFY(this));
1385 no_control_flow = false; break;
1386 case Bytecodes::_iinc :
1387 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1388 no_control_flow = false; break;
1389 case Bytecodes::_i2l :
1390 type = current_frame.pop_stack(
1391 VerificationType::integer_type(), CHECK_VERIFY(this));
1392 current_frame.push_stack_2(
1393 VerificationType::long_type(),
1394 VerificationType::long2_type(), CHECK_VERIFY(this));
1395 no_control_flow = false; break;
1396 case Bytecodes::_l2i :
1397 current_frame.pop_stack_2(
1398 VerificationType::long2_type(),
1399 VerificationType::long_type(), CHECK_VERIFY(this));
1400 current_frame.push_stack(
1401 VerificationType::integer_type(), CHECK_VERIFY(this));
1402 no_control_flow = false; break;
1403 case Bytecodes::_i2f :
1404 current_frame.pop_stack(
1405 VerificationType::integer_type(), CHECK_VERIFY(this));
1406 current_frame.push_stack(
1407 VerificationType::float_type(), CHECK_VERIFY(this));
1408 no_control_flow = false; break;
1409 case Bytecodes::_i2d :
1410 current_frame.pop_stack(
1411 VerificationType::integer_type(), CHECK_VERIFY(this));
1412 current_frame.push_stack_2(
1413 VerificationType::double_type(),
1414 VerificationType::double2_type(), CHECK_VERIFY(this));
1415 no_control_flow = false; break;
1416 case Bytecodes::_l2f :
1417 current_frame.pop_stack_2(
1418 VerificationType::long2_type(),
1419 VerificationType::long_type(), CHECK_VERIFY(this));
1420 current_frame.push_stack(
1421 VerificationType::float_type(), CHECK_VERIFY(this));
1422 no_control_flow = false; break;
1423 case Bytecodes::_l2d :
1424 current_frame.pop_stack_2(
1425 VerificationType::long2_type(),
1426 VerificationType::long_type(), CHECK_VERIFY(this));
1427 current_frame.push_stack_2(
1428 VerificationType::double_type(),
1429 VerificationType::double2_type(), CHECK_VERIFY(this));
1430 no_control_flow = false; break;
1431 case Bytecodes::_f2i :
1432 current_frame.pop_stack(
1433 VerificationType::float_type(), CHECK_VERIFY(this));
1434 current_frame.push_stack(
1435 VerificationType::integer_type(), CHECK_VERIFY(this));
1436 no_control_flow = false; break;
1437 case Bytecodes::_f2l :
1438 current_frame.pop_stack(
1439 VerificationType::float_type(), CHECK_VERIFY(this));
1440 current_frame.push_stack_2(
1441 VerificationType::long_type(),
1442 VerificationType::long2_type(), CHECK_VERIFY(this));
1443 no_control_flow = false; break;
1444 case Bytecodes::_f2d :
1445 current_frame.pop_stack(
1446 VerificationType::float_type(), CHECK_VERIFY(this));
1447 current_frame.push_stack_2(
1448 VerificationType::double_type(),
1449 VerificationType::double2_type(), CHECK_VERIFY(this));
1450 no_control_flow = false; break;
1451 case Bytecodes::_d2i :
1452 current_frame.pop_stack_2(
1453 VerificationType::double2_type(),
1454 VerificationType::double_type(), CHECK_VERIFY(this));
1455 current_frame.push_stack(
1456 VerificationType::integer_type(), CHECK_VERIFY(this));
1457 no_control_flow = false; break;
1458 case Bytecodes::_d2l :
1459 current_frame.pop_stack_2(
1460 VerificationType::double2_type(),
1461 VerificationType::double_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack_2(
1463 VerificationType::long_type(),
1464 VerificationType::long2_type(), CHECK_VERIFY(this));
1465 no_control_flow = false; break;
1466 case Bytecodes::_d2f :
1467 current_frame.pop_stack_2(
1468 VerificationType::double2_type(),
1469 VerificationType::double_type(), CHECK_VERIFY(this));
1470 current_frame.push_stack(
1471 VerificationType::float_type(), CHECK_VERIFY(this));
1472 no_control_flow = false; break;
1473 case Bytecodes::_i2b :
1474 case Bytecodes::_i2c :
1475 case Bytecodes::_i2s :
1476 current_frame.pop_stack(
1477 VerificationType::integer_type(), CHECK_VERIFY(this));
1478 current_frame.push_stack(
1479 VerificationType::integer_type(), CHECK_VERIFY(this));
1480 no_control_flow = false; break;
1481 case Bytecodes::_lcmp :
1482 current_frame.pop_stack_2(
1483 VerificationType::long2_type(),
1484 VerificationType::long_type(), CHECK_VERIFY(this));
1485 current_frame.pop_stack_2(
1486 VerificationType::long2_type(),
1487 VerificationType::long_type(), CHECK_VERIFY(this));
1488 current_frame.push_stack(
1489 VerificationType::integer_type(), CHECK_VERIFY(this));
1490 no_control_flow = false; break;
1491 case Bytecodes::_fcmpl :
1492 case Bytecodes::_fcmpg :
1493 current_frame.pop_stack(
1494 VerificationType::float_type(), CHECK_VERIFY(this));
1495 current_frame.pop_stack(
1496 VerificationType::float_type(), CHECK_VERIFY(this));
1497 current_frame.push_stack(
1498 VerificationType::integer_type(), CHECK_VERIFY(this));
1499 no_control_flow = false; break;
1500 case Bytecodes::_dcmpl :
1501 case Bytecodes::_dcmpg :
1502 current_frame.pop_stack_2(
1503 VerificationType::double2_type(),
1504 VerificationType::double_type(), CHECK_VERIFY(this));
1505 current_frame.pop_stack_2(
1506 VerificationType::double2_type(),
1507 VerificationType::double_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack(
1509 VerificationType::integer_type(), CHECK_VERIFY(this));
1510 no_control_flow = false; break;
1511 case Bytecodes::_if_icmpeq:
1512 case Bytecodes::_if_icmpne:
1513 case Bytecodes::_if_icmplt:
1514 case Bytecodes::_if_icmpge:
1515 case Bytecodes::_if_icmpgt:
1516 case Bytecodes::_if_icmple:
1517 current_frame.pop_stack(
1518 VerificationType::integer_type(), CHECK_VERIFY(this));
1519 // fall through
1520 case Bytecodes::_ifeq:
1521 case Bytecodes::_ifne:
1522 case Bytecodes::_iflt:
1523 case Bytecodes::_ifge:
1524 case Bytecodes::_ifgt:
1525 case Bytecodes::_ifle:
1526 current_frame.pop_stack(
1527 VerificationType::integer_type(), CHECK_VERIFY(this));
1528 target = bcs.dest();
1529 stackmap_table.check_jump_target(
1530 ¤t_frame, target, CHECK_VERIFY(this));
1531 no_control_flow = false; break;
1532 case Bytecodes::_if_acmpeq :
1533 case Bytecodes::_if_acmpne :
1534 current_frame.pop_stack(
1535 VerificationType::reference_check(), CHECK_VERIFY(this));
1536 // fall through
1537 case Bytecodes::_ifnull :
1538 case Bytecodes::_ifnonnull :
1539 current_frame.pop_stack(
1540 VerificationType::reference_check(), CHECK_VERIFY(this));
1541 target = bcs.dest();
1542 stackmap_table.check_jump_target
1543 (¤t_frame, target, CHECK_VERIFY(this));
1544 no_control_flow = false; break;
1545 case Bytecodes::_goto :
1546 target = bcs.dest();
1547 stackmap_table.check_jump_target(
1548 ¤t_frame, target, CHECK_VERIFY(this));
1549 no_control_flow = true; break;
1550 case Bytecodes::_goto_w :
1551 target = bcs.dest_w();
1552 stackmap_table.check_jump_target(
1553 ¤t_frame, target, CHECK_VERIFY(this));
1554 no_control_flow = true; break;
1555 case Bytecodes::_tableswitch :
1556 case Bytecodes::_lookupswitch :
1557 verify_switch(
1558 &bcs, code_length, code_data, ¤t_frame,
1559 &stackmap_table, CHECK_VERIFY(this));
1560 no_control_flow = true; break;
1561 case Bytecodes::_ireturn :
1562 type = current_frame.pop_stack(
1563 VerificationType::integer_type(), CHECK_VERIFY(this));
1564 verify_return_value(return_type, type, bci,
1565 ¤t_frame, CHECK_VERIFY(this));
1566 no_control_flow = true; break;
1567 case Bytecodes::_lreturn :
1568 type2 = current_frame.pop_stack(
1569 VerificationType::long2_type(), CHECK_VERIFY(this));
1570 type = current_frame.pop_stack(
1571 VerificationType::long_type(), CHECK_VERIFY(this));
1572 verify_return_value(return_type, type, bci,
1573 ¤t_frame, CHECK_VERIFY(this));
1574 no_control_flow = true; break;
1575 case Bytecodes::_freturn :
1576 type = current_frame.pop_stack(
1577 VerificationType::float_type(), CHECK_VERIFY(this));
1578 verify_return_value(return_type, type, bci,
1579 ¤t_frame, CHECK_VERIFY(this));
1580 no_control_flow = true; break;
1581 case Bytecodes::_dreturn :
1582 type2 = current_frame.pop_stack(
1583 VerificationType::double2_type(), CHECK_VERIFY(this));
1584 type = current_frame.pop_stack(
1585 VerificationType::double_type(), CHECK_VERIFY(this));
1586 verify_return_value(return_type, type, bci,
1587 ¤t_frame, CHECK_VERIFY(this));
1588 no_control_flow = true; break;
1589 case Bytecodes::_areturn :
1590 type = current_frame.pop_stack(
1591 VerificationType::reference_check(), CHECK_VERIFY(this));
1592 verify_return_value(return_type, type, bci,
1593 ¤t_frame, CHECK_VERIFY(this));
1594 no_control_flow = true; break;
1595 case Bytecodes::_return :
1596 if (return_type != VerificationType::bogus_type()) {
1597 verify_error(ErrorContext::bad_code(bci),
1598 "Method expects a return value");
1599 return;
1600 }
1601 // Make sure "this" has been initialized if current method is an
1602 // <init>.
1603 if (_method->name() == vmSymbols::object_initializer_name() &&
1604 current_frame.flag_this_uninit()) {
1605 verify_error(ErrorContext::bad_code(bci),
1606 "Constructor must call super() or this() "
1607 "before return");
1608 return;
1609 }
1610 no_control_flow = true; break;
1611 case Bytecodes::_getstatic :
1612 case Bytecodes::_putstatic :
1613 // pass TRUE, operand can be an array type for getstatic/putstatic.
1614 verify_field_instructions(
1615 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1616 no_control_flow = false; break;
1617 case Bytecodes::_getfield :
1618 case Bytecodes::_putfield :
1619 // pass FALSE, operand can't be an array type for getfield/putfield.
1620 verify_field_instructions(
1621 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1622 no_control_flow = false; break;
1623 case Bytecodes::_invokevirtual :
1624 case Bytecodes::_invokespecial :
1625 case Bytecodes::_invokestatic :
1626 verify_invoke_instructions(
1627 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1628 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1629 no_control_flow = false; break;
1630 case Bytecodes::_invokeinterface :
1631 case Bytecodes::_invokedynamic :
1632 verify_invoke_instructions(
1633 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1634 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1635 no_control_flow = false; break;
1636 case Bytecodes::_new :
1637 {
1638 index = bcs.get_index_u2();
1639 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1640 VerificationType new_class_type =
1641 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1642 if (!new_class_type.is_object()) {
1643 verify_error(ErrorContext::bad_type(bci,
1644 TypeOrigin::cp(index, new_class_type)),
1645 "Illegal new instruction");
1646 return;
1647 }
1648 type = VerificationType::uninitialized_type(bci);
1649 current_frame.push_stack(type, CHECK_VERIFY(this));
1650 no_control_flow = false; break;
1651 }
1652 case Bytecodes::_newarray :
1653 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1654 current_frame.pop_stack(
1655 VerificationType::integer_type(), CHECK_VERIFY(this));
1656 current_frame.push_stack(type, CHECK_VERIFY(this));
1657 no_control_flow = false; break;
1658 case Bytecodes::_anewarray :
1659 verify_anewarray(
1660 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1661 no_control_flow = false; break;
1662 case Bytecodes::_arraylength :
1663 type = current_frame.pop_stack(
1664 VerificationType::reference_check(), CHECK_VERIFY(this));
1665 if (!(type.is_null() || type.is_array())) {
1666 verify_error(ErrorContext::bad_type(
1667 bci, current_frame.stack_top_ctx()),
1668 bad_type_msg, "arraylength");
1669 }
1670 current_frame.push_stack(
1671 VerificationType::integer_type(), CHECK_VERIFY(this));
1672 no_control_flow = false; break;
1673 case Bytecodes::_checkcast :
1674 {
1675 index = bcs.get_index_u2();
1676 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1677 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1678 VerificationType klass_type = cp_index_to_type(
1679 index, cp, CHECK_VERIFY(this));
1680 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1681 no_control_flow = false; break;
1682 }
1683 case Bytecodes::_instanceof : {
1684 index = bcs.get_index_u2();
1685 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1686 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1687 current_frame.push_stack(
1688 VerificationType::integer_type(), CHECK_VERIFY(this));
1689 no_control_flow = false; break;
1690 }
1691 case Bytecodes::_monitorenter :
1692 case Bytecodes::_monitorexit :
1693 current_frame.pop_stack(
1694 VerificationType::reference_check(), CHECK_VERIFY(this));
1695 no_control_flow = false; break;
1696 case Bytecodes::_multianewarray :
1697 {
1698 index = bcs.get_index_u2();
1699 u2 dim = *(bcs.bcp()+3);
1700 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1701 VerificationType new_array_type =
1702 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1703 if (!new_array_type.is_array()) {
1704 verify_error(ErrorContext::bad_type(bci,
1705 TypeOrigin::cp(index, new_array_type)),
1706 "Illegal constant pool index in multianewarray instruction");
1707 return;
1708 }
1709 if (dim < 1 || new_array_type.dimensions() < dim) {
1710 verify_error(ErrorContext::bad_code(bci),
1711 "Illegal dimension in multianewarray instruction: %d", dim);
1712 return;
1713 }
1714 for (int i = 0; i < dim; i++) {
1715 current_frame.pop_stack(
1716 VerificationType::integer_type(), CHECK_VERIFY(this));
1717 }
1718 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1719 no_control_flow = false; break;
1720 }
1721 case Bytecodes::_athrow :
1722 type = VerificationType::reference_type(
1723 vmSymbols::java_lang_Throwable());
1724 current_frame.pop_stack(type, CHECK_VERIFY(this));
1725 no_control_flow = true; break;
1726 default:
1727 // We only need to check the valid bytecodes in class file.
1728 // And jsr and ret are not in the new class file format in JDK1.5.
1729 verify_error(ErrorContext::bad_code(bci),
1730 "Bad instruction: %02x", opcode);
1731 no_control_flow = false;
1732 return;
1733 } // end switch
1734 } // end Merge with the next instruction
1735
1736 // Look for possible jump target in exception handlers and see if it matches
1737 // current_frame. Don't do this check if it has already been done (for
1738 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1739 // opcodes, such as invokespecial, may set the this_uninit flag.
1740 assert(!(verified_exc_handlers && this_uninit),
1741 "Exception handler targets got verified before this_uninit got set");
1742 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1743 if (was_recursively_verified()) return;
1744 verify_exception_handler_targets(
1745 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1746 }
1747 } // end while
1748
1749 // Make sure that control flow does not fall through end of the method
1750 if (!no_control_flow) {
1751 verify_error(ErrorContext::bad_code(code_length),
1752 "Control flow falls through code end");
1753 return;
1754 }
1755 }
1756
1757 #undef bad_type_message
1758
1759 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1760 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1761 memset(code_data, 0, sizeof(char) * code_length);
1762 RawBytecodeStream bcs(m);
1763
1764 while (!bcs.is_last_bytecode()) {
1765 if (bcs.raw_next() != Bytecodes::_illegal) {
1766 int bci = bcs.bci();
1767 if (bcs.raw_code() == Bytecodes::_new) {
1768 code_data[bci] = NEW_OFFSET;
1769 } else {
1770 code_data[bci] = BYTECODE_OFFSET;
1771 }
1772 } else {
1773 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1774 return NULL;
1775 }
1776 }
1777
1778 return code_data;
1779 }
1780
1781 // Since this method references the constant pool, call was_recursively_verified()
1782 // before calling this method to make sure a prior class load did not cause the
1783 // current class to get verified.
1784 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1785 ExceptionTable exhandlers(_method());
1786 int exlength = exhandlers.length();
1787 constantPoolHandle cp (THREAD, _method->constants());
1788
1789 for(int i = 0; i < exlength; i++) {
1790 u2 start_pc = exhandlers.start_pc(i);
1791 u2 end_pc = exhandlers.end_pc(i);
1792 u2 handler_pc = exhandlers.handler_pc(i);
1793 if (start_pc >= code_length || code_data[start_pc] == 0) {
1794 class_format_error("Illegal exception table start_pc %d", start_pc);
1795 return;
1796 }
1797 if (end_pc != code_length) { // special case: end_pc == code_length
1798 if (end_pc > code_length || code_data[end_pc] == 0) {
1799 class_format_error("Illegal exception table end_pc %d", end_pc);
1800 return;
1801 }
1802 }
1803 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1804 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1805 return;
1806 }
1807 int catch_type_index = exhandlers.catch_type_index(i);
1808 if (catch_type_index != 0) {
1809 VerificationType catch_type = cp_index_to_type(
1810 catch_type_index, cp, CHECK_VERIFY(this));
1811 VerificationType throwable =
1812 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1813 bool is_subclass = throwable.is_assignable_from(
1814 catch_type, this, false, CHECK_VERIFY(this));
1815 if (!is_subclass) {
1816 // 4286534: should throw VerifyError according to recent spec change
1817 verify_error(ErrorContext::bad_type(handler_pc,
1818 TypeOrigin::cp(catch_type_index, catch_type),
1819 TypeOrigin::implicit(throwable)),
1820 "Catch type is not a subclass "
1821 "of Throwable in exception handler %d", handler_pc);
1822 return;
1823 }
1824 }
1825 if (start_pc < min) min = start_pc;
1826 if (end_pc > max) max = end_pc;
1827 }
1828 }
1829
1830 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1831 int localvariable_table_length = _method->localvariable_table_length();
1832 if (localvariable_table_length > 0) {
1833 LocalVariableTableElement* table = _method->localvariable_table_start();
1834 for (int i = 0; i < localvariable_table_length; i++) {
1835 u2 start_bci = table[i].start_bci;
1836 u2 length = table[i].length;
1837
1838 if (start_bci >= code_length || code_data[start_bci] == 0) {
1839 class_format_error(
1840 "Illegal local variable table start_pc %d", start_bci);
1841 return;
1842 }
1843 u4 end_bci = (u4)(start_bci + length);
1844 if (end_bci != code_length) {
1845 if (end_bci >= code_length || code_data[end_bci] == 0) {
1846 class_format_error( "Illegal local variable table length %d", length);
1847 return;
1848 }
1849 }
1850 }
1851 }
1852 }
1853
1854 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1855 StackMapFrame* current_frame,
1856 StackMapTable* stackmap_table,
1857 bool no_control_flow, TRAPS) {
1858 if (stackmap_index < stackmap_table->get_frame_count()) {
1859 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1860 if (no_control_flow && this_offset > bci) {
1861 verify_error(ErrorContext::missing_stackmap(bci),
1862 "Expecting a stack map frame");
1863 return 0;
1864 }
1865 if (this_offset == bci) {
1866 ErrorContext ctx;
1867 // See if current stack map can be assigned to the frame in table.
1868 // current_frame is the stackmap frame got from the last instruction.
1869 // If matched, current_frame will be updated by this method.
1870 bool matches = stackmap_table->match_stackmap(
1871 current_frame, this_offset, stackmap_index,
1872 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1873 if (!matches) {
1874 // report type error
1875 verify_error(ctx, "Instruction type does not match stack map");
1876 return 0;
1877 }
1878 stackmap_index++;
1879 } else if (this_offset < bci) {
1880 // current_offset should have met this_offset.
1881 class_format_error("Bad stack map offset %d", this_offset);
1882 return 0;
1883 }
1884 } else if (no_control_flow) {
1885 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1886 return 0;
1887 }
1888 return stackmap_index;
1889 }
1890
1891 // Since this method references the constant pool, call was_recursively_verified()
1892 // before calling this method to make sure a prior class load did not cause the
1893 // current class to get verified.
1894 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
1895 StackMapFrame* current_frame,
1896 StackMapTable* stackmap_table, TRAPS) {
1897 constantPoolHandle cp (THREAD, _method->constants());
1898 ExceptionTable exhandlers(_method());
1899 int exlength = exhandlers.length();
1900 for(int i = 0; i < exlength; i++) {
1901 u2 start_pc = exhandlers.start_pc(i);
1902 u2 end_pc = exhandlers.end_pc(i);
1903 u2 handler_pc = exhandlers.handler_pc(i);
1904 int catch_type_index = exhandlers.catch_type_index(i);
1905 if(bci >= start_pc && bci < end_pc) {
1906 u1 flags = current_frame->flags();
1907 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1908 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1909 if (catch_type_index != 0) {
1910 if (was_recursively_verified()) return;
1911 // We know that this index refers to a subclass of Throwable
1912 VerificationType catch_type = cp_index_to_type(
1913 catch_type_index, cp, CHECK_VERIFY(this));
1914 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1915 } else {
1916 VerificationType throwable =
1917 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1918 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1919 }
1920 ErrorContext ctx;
1921 bool matches = stackmap_table->match_stackmap(
1922 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
1923 if (!matches) {
1924 verify_error(ctx, "Stack map does not match the one at "
1925 "exception handler %d", handler_pc);
1926 return;
1927 }
1928 }
1929 }
1930 }
1931
1932 void ClassVerifier::verify_cp_index(
1933 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
1934 int nconstants = cp->length();
1935 if ((index <= 0) || (index >= nconstants)) {
1936 verify_error(ErrorContext::bad_cp_index(bci, index),
1937 "Illegal constant pool index %d in class %s",
1938 index, cp->pool_holder()->external_name());
1939 return;
1940 }
1941 }
1942
1943 void ClassVerifier::verify_cp_type(
1944 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
1945
1946 // In some situations, bytecode rewriting may occur while we're verifying.
1947 // In this case, a constant pool cache exists and some indices refer to that
1948 // instead. Be sure we don't pick up such indices by accident.
1949 // We must check was_recursively_verified() before we get here.
1950 guarantee(cp->cache() == NULL, "not rewritten yet");
1951
1952 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1953 unsigned int tag = cp->tag_at(index).value();
1954 if ((types & (1 << tag)) == 0) {
1955 verify_error(ErrorContext::bad_cp_index(bci, index),
1956 "Illegal type at constant pool entry %d in class %s",
1957 index, cp->pool_holder()->external_name());
1958 return;
1959 }
1960 }
1961
1962 void ClassVerifier::verify_cp_class_type(
1963 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
1964 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1965 constantTag tag = cp->tag_at(index);
1966 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1967 verify_error(ErrorContext::bad_cp_index(bci, index),
1968 "Illegal type at constant pool entry %d in class %s",
1969 index, cp->pool_holder()->external_name());
1970 return;
1971 }
1972 }
1973
1974 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1975 stringStream ss;
1976
1977 ctx.reset_frames();
1978 _exception_type = vmSymbols::java_lang_VerifyError();
1979 _error_context = ctx;
1980 va_list va;
1981 va_start(va, msg);
1982 ss.vprint(msg, va);
1983 va_end(va);
1984 _message = ss.as_string();
1985 #ifdef ASSERT
1986 ResourceMark rm;
1987 const char* exception_name = _exception_type->as_C_string();
1988 Exceptions::debug_check_abort(exception_name, NULL);
1989 #endif // ndef ASSERT
1990 }
1991
1992 void ClassVerifier::class_format_error(const char* msg, ...) {
1993 stringStream ss;
1994 _exception_type = vmSymbols::java_lang_ClassFormatError();
1995 va_list va;
1996 va_start(va, msg);
1997 ss.vprint(msg, va);
1998 va_end(va);
1999 if (!_method.is_null()) {
2000 ss.print(" in method %s", _method->name_and_sig_as_C_string());
2001 }
2002 _message = ss.as_string();
2003 }
2004
2005 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2006 HandleMark hm(THREAD);
2007 // Get current loader and protection domain first.
2008 oop loader = current_class()->class_loader();
2009 oop protection_domain = current_class()->protection_domain();
2010
2011 Klass* kls = SystemDictionary::resolve_or_fail(
2012 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2013 true, THREAD);
2014
2015 if (log_is_enabled(Debug, class, resolve)) {
2016 InstanceKlass* cur_class = InstanceKlass::cast(current_class());
2017 Verifier::trace_class_resolution(kls, cur_class);
2018 }
2019 return kls;
2020 }
2021
2022 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2023 Klass* target_class,
2024 Symbol* field_name,
2025 Symbol* field_sig,
2026 bool is_method) {
2027 NoSafepointVerifier nosafepoint;
2028
2029 // If target class isn't a super class of this class, we don't worry about this case
2030 if (!this_class->is_subclass_of(target_class)) {
2031 return false;
2032 }
2033 // Check if the specified method or field is protected
2034 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2035 fieldDescriptor fd;
2036 if (is_method) {
2037 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
2038 if (m != NULL && m->is_protected()) {
2039 if (!this_class->is_same_class_package(m->method_holder())) {
2040 return true;
2041 }
2042 }
2043 } else {
2044 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2045 if (member_klass != NULL && fd.is_protected()) {
2046 if (!this_class->is_same_class_package(member_klass)) {
2047 return true;
2048 }
2049 }
2050 }
2051 return false;
2052 }
2053
2054 void ClassVerifier::verify_ldc(
2055 int opcode, u2 index, StackMapFrame* current_frame,
2056 const constantPoolHandle& cp, u2 bci, TRAPS) {
2057 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2058 constantTag tag = cp->tag_at(index);
2059 unsigned int types = 0;
2060 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2061 if (!tag.is_unresolved_klass()) {
2062 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2063 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2064 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2065 | (1 << JVM_CONSTANT_Dynamic);
2066 // Note: The class file parser already verified the legality of
2067 // MethodHandle and MethodType constants.
2068 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2069 }
2070 } else {
2071 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2072 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2073 | (1 << JVM_CONSTANT_Dynamic);
2074 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2075 }
2076 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2077 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2078 } else if (tag.is_string()) {
2079 current_frame->push_stack(
2080 VerificationType::reference_type(
2081 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2082 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2083 current_frame->push_stack(
2084 VerificationType::reference_type(
2085 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2086 } else if (tag.is_int()) {
2087 current_frame->push_stack(
2088 VerificationType::integer_type(), CHECK_VERIFY(this));
2089 } else if (tag.is_float()) {
2090 current_frame->push_stack(
2091 VerificationType::float_type(), CHECK_VERIFY(this));
2092 } else if (tag.is_double()) {
2093 current_frame->push_stack_2(
2094 VerificationType::double_type(),
2095 VerificationType::double2_type(), CHECK_VERIFY(this));
2096 } else if (tag.is_long()) {
2097 current_frame->push_stack_2(
2098 VerificationType::long_type(),
2099 VerificationType::long2_type(), CHECK_VERIFY(this));
2100 } else if (tag.is_method_handle()) {
2101 current_frame->push_stack(
2102 VerificationType::reference_type(
2103 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2104 } else if (tag.is_method_type()) {
2105 current_frame->push_stack(
2106 VerificationType::reference_type(
2107 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2108 } else if (tag.is_dynamic_constant()) {
2109 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2110 if (!SignatureVerifier::is_valid_type_signature(constant_type)) {
2111 class_format_error(
2112 "Invalid type for dynamic constant in class %s referenced "
2113 "from constant pool index %d", _klass->external_name(), index);
2114 return;
2115 }
2116 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2117 "buffer type must match VerificationType size");
2118 uintptr_t constant_type_buffer[2];
2119 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2120 SignatureStream sig_stream(constant_type, false);
2121 int n = change_sig_to_verificationType(
2122 &sig_stream, v_constant_type, CHECK_VERIFY(this));
2123 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2124 if (n != opcode_n) {
2125 // wrong kind of ldc; reverify against updated type mask
2126 types &= ~(1 << JVM_CONSTANT_Dynamic);
2127 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2128 }
2129 for (int i = 0; i < n; i++) {
2130 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2131 }
2132 } else {
2133 /* Unreachable? verify_cp_type has already validated the cp type. */
2134 verify_error(
2135 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2136 return;
2137 }
2138 }
2139
2140 void ClassVerifier::verify_switch(
2141 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2142 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2143 int bci = bcs->bci();
2144 address bcp = bcs->bcp();
2145 address aligned_bcp = align_up(bcp + 1, jintSize);
2146
2147 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2148 // 4639449 & 4647081: padding bytes must be 0
2149 u2 padding_offset = 1;
2150 while ((bcp + padding_offset) < aligned_bcp) {
2151 if(*(bcp + padding_offset) != 0) {
2152 verify_error(ErrorContext::bad_code(bci),
2153 "Nonzero padding byte in lookupswitch or tableswitch");
2154 return;
2155 }
2156 padding_offset++;
2157 }
2158 }
2159
2160 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2161 int keys, delta;
2162 current_frame->pop_stack(
2163 VerificationType::integer_type(), CHECK_VERIFY(this));
2164 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2165 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2166 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2167 if (low > high) {
2168 verify_error(ErrorContext::bad_code(bci),
2169 "low must be less than or equal to high in tableswitch");
2170 return;
2171 }
2172 keys = high - low + 1;
2173 if (keys < 0) {
2174 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2175 return;
2176 }
2177 delta = 1;
2178 } else {
2179 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2180 if (keys < 0) {
2181 verify_error(ErrorContext::bad_code(bci),
2182 "number of keys in lookupswitch less than 0");
2183 return;
2184 }
2185 delta = 2;
2186 // Make sure that the lookupswitch items are sorted
2187 for (int i = 0; i < (keys - 1); i++) {
2188 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2189 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2190 if (this_key >= next_key) {
2191 verify_error(ErrorContext::bad_code(bci),
2192 "Bad lookupswitch instruction");
2193 return;
2194 }
2195 }
2196 }
2197 int target = bci + default_offset;
2198 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2199 for (int i = 0; i < keys; i++) {
2200 // Because check_jump_target() may safepoint, the bytecode could have
2201 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2202 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2203 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2204 stackmap_table->check_jump_target(
2205 current_frame, target, CHECK_VERIFY(this));
2206 }
2207 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2208 }
2209
2210 bool ClassVerifier::name_in_supers(
2211 Symbol* ref_name, InstanceKlass* current) {
2212 Klass* super = current->super();
2213 while (super != NULL) {
2214 if (super->name() == ref_name) {
2215 return true;
2216 }
2217 super = super->super();
2218 }
2219 return false;
2220 }
2221
2222 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2223 StackMapFrame* current_frame,
2224 const constantPoolHandle& cp,
2225 bool allow_arrays,
2226 TRAPS) {
2227 u2 index = bcs->get_index_u2();
2228 verify_cp_type(bcs->bci(), index, cp,
2229 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2230
2231 // Get field name and signature
2232 Symbol* field_name = cp->name_ref_at(index);
2233 Symbol* field_sig = cp->signature_ref_at(index);
2234
2235 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2236 class_format_error(
2237 "Invalid signature for field in class %s referenced "
2238 "from constant pool index %d", _klass->external_name(), index);
2239 return;
2240 }
2241
2242 // Get referenced class type
2243 VerificationType ref_class_type = cp_ref_index_to_type(
2244 index, cp, CHECK_VERIFY(this));
2245 if (!ref_class_type.is_object() &&
2246 (!allow_arrays || !ref_class_type.is_array())) {
2247 verify_error(ErrorContext::bad_type(bcs->bci(),
2248 TypeOrigin::cp(index, ref_class_type)),
2249 "Expecting reference to class in class %s at constant pool index %d",
2250 _klass->external_name(), index);
2251 return;
2252 }
2253 VerificationType target_class_type = ref_class_type;
2254
2255 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2256 "buffer type must match VerificationType size");
2257 uintptr_t field_type_buffer[2];
2258 VerificationType* field_type = (VerificationType*)field_type_buffer;
2259 // If we make a VerificationType[2] array directly, the compiler calls
2260 // to the c-runtime library to do the allocation instead of just
2261 // stack allocating it. Plus it would run constructors. This shows up
2262 // in performance profiles.
2263
2264 SignatureStream sig_stream(field_sig, false);
2265 VerificationType stack_object_type;
2266 int n = change_sig_to_verificationType(
2267 &sig_stream, field_type, CHECK_VERIFY(this));
2268 u2 bci = bcs->bci();
2269 bool is_assignable;
2270 switch (bcs->raw_code()) {
2271 case Bytecodes::_getstatic: {
2272 for (int i = 0; i < n; i++) {
2273 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2274 }
2275 break;
2276 }
2277 case Bytecodes::_putstatic: {
2278 for (int i = n - 1; i >= 0; i--) {
2279 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2280 }
2281 break;
2282 }
2283 case Bytecodes::_getfield: {
2284 stack_object_type = current_frame->pop_stack(
2285 target_class_type, CHECK_VERIFY(this));
2286 for (int i = 0; i < n; i++) {
2287 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2288 }
2289 goto check_protected;
2290 }
2291 case Bytecodes::_putfield: {
2292 for (int i = n - 1; i >= 0; i--) {
2293 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2294 }
2295 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2296
2297 // The JVMS 2nd edition allows field initialization before the superclass
2298 // initializer, if the field is defined within the current class.
2299 fieldDescriptor fd;
2300 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2301 target_class_type.equals(current_type()) &&
2302 _klass->find_local_field(field_name, field_sig, &fd)) {
2303 stack_object_type = current_type();
2304 }
2305 is_assignable = target_class_type.is_assignable_from(
2306 stack_object_type, this, false, CHECK_VERIFY(this));
2307 if (!is_assignable) {
2308 verify_error(ErrorContext::bad_type(bci,
2309 current_frame->stack_top_ctx(),
2310 TypeOrigin::cp(index, target_class_type)),
2311 "Bad type on operand stack in putfield");
2312 return;
2313 }
2314 }
2315 check_protected: {
2316 if (_this_type == stack_object_type)
2317 break; // stack_object_type must be assignable to _current_class_type
2318 if (was_recursively_verified()) return;
2319 Symbol* ref_class_name =
2320 cp->klass_name_at(cp->klass_ref_index_at(index));
2321 if (!name_in_supers(ref_class_name, current_class()))
2322 // stack_object_type must be assignable to _current_class_type since:
2323 // 1. stack_object_type must be assignable to ref_class.
2324 // 2. ref_class must be _current_class or a subclass of it. It can't
2325 // be a superclass of it. See revised JVMS 5.4.4.
2326 break;
2327
2328 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2329 if (is_protected_access(current_class(), ref_class_oop, field_name,
2330 field_sig, false)) {
2331 // It's protected access, check if stack object is assignable to
2332 // current class.
2333 is_assignable = current_type().is_assignable_from(
2334 stack_object_type, this, true, CHECK_VERIFY(this));
2335 if (!is_assignable) {
2336 verify_error(ErrorContext::bad_type(bci,
2337 current_frame->stack_top_ctx(),
2338 TypeOrigin::implicit(current_type())),
2339 "Bad access to protected data in getfield");
2340 return;
2341 }
2342 }
2343 break;
2344 }
2345 default: ShouldNotReachHere();
2346 }
2347 }
2348
2349 // Look at the method's handlers. If the bci is in the handler's try block
2350 // then check if the handler_pc is already on the stack. If not, push it
2351 // unless the handler has already been scanned.
2352 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2353 GrowableArray<u4>* handler_list,
2354 GrowableArray<u4>* handler_stack,
2355 u4 bci) {
2356 int exlength = exhandlers->length();
2357 for(int x = 0; x < exlength; x++) {
2358 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2359 u4 exhandler_pc = exhandlers->handler_pc(x);
2360 if (!handler_list->contains(exhandler_pc)) {
2361 handler_stack->append_if_missing(exhandler_pc);
2362 handler_list->append(exhandler_pc);
2363 }
2364 }
2365 }
2366 }
2367
2368 // Return TRUE if all code paths starting with start_bc_offset end in
2369 // bytecode athrow or loop.
2370 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2371 ResourceMark rm;
2372 // Create bytecode stream.
2373 RawBytecodeStream bcs(method());
2374 u4 code_length = method()->code_size();
2375 bcs.set_start(start_bc_offset);
2376 u4 target;
2377 // Create stack for storing bytecode start offsets for if* and *switch.
2378 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2379 // Create stack for handlers for try blocks containing this handler.
2380 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2381 // Create list of handlers that have been pushed onto the handler_stack
2382 // so that handlers embedded inside of their own TRY blocks only get
2383 // scanned once.
2384 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2385 // Create list of visited branch opcodes (goto* and if*).
2386 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2387 ExceptionTable exhandlers(_method());
2388
2389 while (true) {
2390 if (bcs.is_last_bytecode()) {
2391 // if no more starting offsets to parse or if at the end of the
2392 // method then return false.
2393 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2394 return false;
2395 // Pop a bytecode starting offset and scan from there.
2396 bcs.set_start(bci_stack->pop());
2397 }
2398 Bytecodes::Code opcode = bcs.raw_next();
2399 u4 bci = bcs.bci();
2400
2401 // If the bytecode is in a TRY block, push its handlers so they
2402 // will get parsed.
2403 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2404
2405 switch (opcode) {
2406 case Bytecodes::_if_icmpeq:
2407 case Bytecodes::_if_icmpne:
2408 case Bytecodes::_if_icmplt:
2409 case Bytecodes::_if_icmpge:
2410 case Bytecodes::_if_icmpgt:
2411 case Bytecodes::_if_icmple:
2412 case Bytecodes::_ifeq:
2413 case Bytecodes::_ifne:
2414 case Bytecodes::_iflt:
2415 case Bytecodes::_ifge:
2416 case Bytecodes::_ifgt:
2417 case Bytecodes::_ifle:
2418 case Bytecodes::_if_acmpeq:
2419 case Bytecodes::_if_acmpne:
2420 case Bytecodes::_ifnull:
2421 case Bytecodes::_ifnonnull:
2422 target = bcs.dest();
2423 if (visited_branches->contains(bci)) {
2424 if (bci_stack->is_empty()) {
2425 if (handler_stack->is_empty()) {
2426 return true;
2427 } else {
2428 // Parse the catch handlers for try blocks containing athrow.
2429 bcs.set_start(handler_stack->pop());
2430 }
2431 } else {
2432 // Pop a bytecode starting offset and scan from there.
2433 bcs.set_start(bci_stack->pop());
2434 }
2435 } else {
2436 if (target > bci) { // forward branch
2437 if (target >= code_length) return false;
2438 // Push the branch target onto the stack.
2439 bci_stack->push(target);
2440 // then, scan bytecodes starting with next.
2441 bcs.set_start(bcs.next_bci());
2442 } else { // backward branch
2443 // Push bytecode offset following backward branch onto the stack.
2444 bci_stack->push(bcs.next_bci());
2445 // Check bytecodes starting with branch target.
2446 bcs.set_start(target);
2447 }
2448 // Record target so we don't branch here again.
2449 visited_branches->append(bci);
2450 }
2451 break;
2452
2453 case Bytecodes::_goto:
2454 case Bytecodes::_goto_w:
2455 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2456 if (visited_branches->contains(bci)) {
2457 if (bci_stack->is_empty()) {
2458 if (handler_stack->is_empty()) {
2459 return true;
2460 } else {
2461 // Parse the catch handlers for try blocks containing athrow.
2462 bcs.set_start(handler_stack->pop());
2463 }
2464 } else {
2465 // Been here before, pop new starting offset from stack.
2466 bcs.set_start(bci_stack->pop());
2467 }
2468 } else {
2469 if (target >= code_length) return false;
2470 // Continue scanning from the target onward.
2471 bcs.set_start(target);
2472 // Record target so we don't branch here again.
2473 visited_branches->append(bci);
2474 }
2475 break;
2476
2477 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2478 // is difficult to determine where each switch alternative ends, parse
2479 // each switch alternative until either hit a 'return', 'athrow', or reach
2480 // the end of the method's bytecodes. This is gross but should be okay
2481 // because:
2482 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2483 // constructor invocations should be rare.
2484 // 2. if each switch alternative ends in an athrow then the parsing should be
2485 // short. If there is no athrow then it is bogus code, anyway.
2486 case Bytecodes::_lookupswitch:
2487 case Bytecodes::_tableswitch:
2488 {
2489 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2490 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2491 int keys, delta;
2492 if (opcode == Bytecodes::_tableswitch) {
2493 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2494 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2495 // This is invalid, but let the regular bytecode verifier
2496 // report this because the user will get a better error message.
2497 if (low > high) return true;
2498 keys = high - low + 1;
2499 delta = 1;
2500 } else {
2501 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2502 delta = 2;
2503 }
2504 // Invalid, let the regular bytecode verifier deal with it.
2505 if (keys < 0) return true;
2506
2507 // Push the offset of the next bytecode onto the stack.
2508 bci_stack->push(bcs.next_bci());
2509
2510 // Push the switch alternatives onto the stack.
2511 for (int i = 0; i < keys; i++) {
2512 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2513 if (target > code_length) return false;
2514 bci_stack->push(target);
2515 }
2516
2517 // Start bytecode parsing for the switch at the default alternative.
2518 if (default_offset > code_length) return false;
2519 bcs.set_start(default_offset);
2520 break;
2521 }
2522
2523 case Bytecodes::_return:
2524 return false;
2525
2526 case Bytecodes::_athrow:
2527 {
2528 if (bci_stack->is_empty()) {
2529 if (handler_stack->is_empty()) {
2530 return true;
2531 } else {
2532 // Parse the catch handlers for try blocks containing athrow.
2533 bcs.set_start(handler_stack->pop());
2534 }
2535 } else {
2536 // Pop a bytecode offset and starting scanning from there.
2537 bcs.set_start(bci_stack->pop());
2538 }
2539 }
2540 break;
2541
2542 default:
2543 ;
2544 } // end switch
2545 } // end while loop
2546
2547 return false;
2548 }
2549
2550 void ClassVerifier::verify_invoke_init(
2551 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2552 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2553 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2554 TRAPS) {
2555 u2 bci = bcs->bci();
2556 VerificationType type = current_frame->pop_stack(
2557 VerificationType::reference_check(), CHECK_VERIFY(this));
2558 if (type == VerificationType::uninitialized_this_type()) {
2559 // The method must be an <init> method of this class or its superclass
2560 Klass* superk = current_class()->super();
2561 if (ref_class_type.name() != current_class()->name() &&
2562 ref_class_type.name() != superk->name()) {
2563 verify_error(ErrorContext::bad_type(bci,
2564 TypeOrigin::implicit(ref_class_type),
2565 TypeOrigin::implicit(current_type())),
2566 "Bad <init> method call");
2567 return;
2568 }
2569
2570 // If this invokespecial call is done from inside of a TRY block then make
2571 // sure that all catch clause paths end in a throw. Otherwise, this can
2572 // result in returning an incomplete object.
2573 if (in_try_block) {
2574 ExceptionTable exhandlers(_method());
2575 int exlength = exhandlers.length();
2576 for(int i = 0; i < exlength; i++) {
2577 u2 start_pc = exhandlers.start_pc(i);
2578 u2 end_pc = exhandlers.end_pc(i);
2579
2580 if (bci >= start_pc && bci < end_pc) {
2581 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2582 verify_error(ErrorContext::bad_code(bci),
2583 "Bad <init> method call from after the start of a try block");
2584 return;
2585 } else if (log_is_enabled(Info, verification)) {
2586 ResourceMark rm(THREAD);
2587 log_info(verification)("Survived call to ends_in_athrow(): %s",
2588 current_class()->name()->as_C_string());
2589 }
2590 }
2591 }
2592
2593 // Check the exception handler target stackmaps with the locals from the
2594 // incoming stackmap (before initialize_object() changes them to outgoing
2595 // state).
2596 if (was_recursively_verified()) return;
2597 verify_exception_handler_targets(bci, true, current_frame,
2598 stackmap_table, CHECK_VERIFY(this));
2599 } // in_try_block
2600
2601 current_frame->initialize_object(type, current_type());
2602 *this_uninit = true;
2603 } else if (type.is_uninitialized()) {
2604 u2 new_offset = type.bci();
2605 address new_bcp = bcs->bcp() - bci + new_offset;
2606 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2607 /* Unreachable? Stack map parsing ensures valid type and new
2608 * instructions have a valid BCI. */
2609 verify_error(ErrorContext::bad_code(new_offset),
2610 "Expecting new instruction");
2611 return;
2612 }
2613 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2614 if (was_recursively_verified()) return;
2615 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2616
2617 // The method must be an <init> method of the indicated class
2618 VerificationType new_class_type = cp_index_to_type(
2619 new_class_index, cp, CHECK_VERIFY(this));
2620 if (!new_class_type.equals(ref_class_type)) {
2621 verify_error(ErrorContext::bad_type(bci,
2622 TypeOrigin::cp(new_class_index, new_class_type),
2623 TypeOrigin::cp(ref_class_index, ref_class_type)),
2624 "Call to wrong <init> method");
2625 return;
2626 }
2627 // According to the VM spec, if the referent class is a superclass of the
2628 // current class, and is in a different runtime package, and the method is
2629 // protected, then the objectref must be the current class or a subclass
2630 // of the current class.
2631 VerificationType objectref_type = new_class_type;
2632 if (name_in_supers(ref_class_type.name(), current_class())) {
2633 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2634 if (was_recursively_verified()) return;
2635 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2636 vmSymbols::object_initializer_name(),
2637 cp->signature_ref_at(bcs->get_index_u2()),
2638 Klass::find_overpass);
2639 // Do nothing if method is not found. Let resolution detect the error.
2640 if (m != NULL) {
2641 InstanceKlass* mh = m->method_holder();
2642 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2643 bool assignable = current_type().is_assignable_from(
2644 objectref_type, this, true, CHECK_VERIFY(this));
2645 if (!assignable) {
2646 verify_error(ErrorContext::bad_type(bci,
2647 TypeOrigin::cp(new_class_index, objectref_type),
2648 TypeOrigin::implicit(current_type())),
2649 "Bad access to protected <init> method");
2650 return;
2651 }
2652 }
2653 }
2654 }
2655 // Check the exception handler target stackmaps with the locals from the
2656 // incoming stackmap (before initialize_object() changes them to outgoing
2657 // state).
2658 if (in_try_block) {
2659 if (was_recursively_verified()) return;
2660 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2661 stackmap_table, CHECK_VERIFY(this));
2662 }
2663 current_frame->initialize_object(type, new_class_type);
2664 } else {
2665 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2666 "Bad operand type when invoking <init>");
2667 return;
2668 }
2669 }
2670
2671 bool ClassVerifier::is_same_or_direct_interface(
2672 InstanceKlass* klass,
2673 VerificationType klass_type,
2674 VerificationType ref_class_type) {
2675 if (ref_class_type.equals(klass_type)) return true;
2676 Array<Klass*>* local_interfaces = klass->local_interfaces();
2677 if (local_interfaces != NULL) {
2678 for (int x = 0; x < local_interfaces->length(); x++) {
2679 Klass* k = local_interfaces->at(x);
2680 assert (k != NULL && k->is_interface(), "invalid interface");
2681 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2682 return true;
2683 }
2684 }
2685 }
2686 return false;
2687 }
2688
2689 void ClassVerifier::verify_invoke_instructions(
2690 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2691 bool in_try_block, bool *this_uninit, VerificationType return_type,
2692 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2693 // Make sure the constant pool item is the right type
2694 u2 index = bcs->get_index_u2();
2695 Bytecodes::Code opcode = bcs->raw_code();
2696 unsigned int types = 0;
2697 switch (opcode) {
2698 case Bytecodes::_invokeinterface:
2699 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2700 break;
2701 case Bytecodes::_invokedynamic:
2702 types = 1 << JVM_CONSTANT_InvokeDynamic;
2703 break;
2704 case Bytecodes::_invokespecial:
2705 case Bytecodes::_invokestatic:
2706 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2707 (1 << JVM_CONSTANT_Methodref) :
2708 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2709 break;
2710 default:
2711 types = 1 << JVM_CONSTANT_Methodref;
2712 }
2713 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2714
2715 // Get method name and signature
2716 Symbol* method_name = cp->name_ref_at(index);
2717 Symbol* method_sig = cp->signature_ref_at(index);
2718
2719 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2720 class_format_error(
2721 "Invalid method signature in class %s referenced "
2722 "from constant pool index %d", _klass->external_name(), index);
2723 return;
2724 }
2725
2726 // Get referenced class type
2727 VerificationType ref_class_type;
2728 if (opcode == Bytecodes::_invokedynamic) {
2729 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2730 class_format_error(
2731 "invokedynamic instructions not supported by this class file version (%d), class %s",
2732 _klass->major_version(), _klass->external_name());
2733 return;
2734 }
2735 } else {
2736 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2737 }
2738
2739 // For a small signature length, we just allocate 128 bytes instead
2740 // of parsing the signature once to find its size.
2741 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
2742 // longs/doubles to be consertive.
2743 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2744 "buffer type must match VerificationType size");
2745 uintptr_t on_stack_sig_types_buffer[128];
2746 // If we make a VerificationType[128] array directly, the compiler calls
2747 // to the c-runtime library to do the allocation instead of just
2748 // stack allocating it. Plus it would run constructors. This shows up
2749 // in performance profiles.
2750
2751 VerificationType* sig_types;
2752 int size = (method_sig->utf8_length() - 3) * 2;
2753 if (size > 128) {
2754 // Long and double occupies two slots here.
2755 ArgumentSizeComputer size_it(method_sig);
2756 size = size_it.size();
2757 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
2758 } else{
2759 sig_types = (VerificationType*)on_stack_sig_types_buffer;
2760 }
2761 SignatureStream sig_stream(method_sig);
2762 int sig_i = 0;
2763 while (!sig_stream.at_return_type()) {
2764 sig_i += change_sig_to_verificationType(
2765 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
2766 sig_stream.next();
2767 }
2768 int nargs = sig_i;
2769
2770 #ifdef ASSERT
2771 {
2772 ArgumentSizeComputer size_it(method_sig);
2773 assert(nargs == size_it.size(), "Argument sizes do not match");
2774 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2775 }
2776 #endif
2777
2778 // Check instruction operands
2779 u2 bci = bcs->bci();
2780 if (opcode == Bytecodes::_invokeinterface) {
2781 address bcp = bcs->bcp();
2782 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2783 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2784 // the difference between the size of the operand stack before and after the instruction
2785 // executes.
2786 if (*(bcp+3) != (nargs+1)) {
2787 verify_error(ErrorContext::bad_code(bci),
2788 "Inconsistent args count operand in invokeinterface");
2789 return;
2790 }
2791 if (*(bcp+4) != 0) {
2792 verify_error(ErrorContext::bad_code(bci),
2793 "Fourth operand byte of invokeinterface must be zero");
2794 return;
2795 }
2796 }
2797
2798 if (opcode == Bytecodes::_invokedynamic) {
2799 address bcp = bcs->bcp();
2800 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2801 verify_error(ErrorContext::bad_code(bci),
2802 "Third and fourth operand bytes of invokedynamic must be zero");
2803 return;
2804 }
2805 }
2806
2807 if (method_name->byte_at(0) == '<') {
2808 // Make sure <init> can only be invoked by invokespecial
2809 if (opcode != Bytecodes::_invokespecial ||
2810 method_name != vmSymbols::object_initializer_name()) {
2811 verify_error(ErrorContext::bad_code(bci),
2812 "Illegal call to internal method");
2813 return;
2814 }
2815 } else if (opcode == Bytecodes::_invokespecial
2816 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2817 && !ref_class_type.equals(VerificationType::reference_type(
2818 current_class()->super()->name()))) {
2819 bool subtype = false;
2820 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2821 if (!current_class()->is_anonymous()) {
2822 subtype = ref_class_type.is_assignable_from(
2823 current_type(), this, false, CHECK_VERIFY(this));
2824 } else {
2825 VerificationType host_klass_type =
2826 VerificationType::reference_type(current_class()->host_klass()->name());
2827 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2828
2829 // If invokespecial of IMR, need to recheck for same or
2830 // direct interface relative to the host class
2831 have_imr_indirect = (have_imr_indirect &&
2832 !is_same_or_direct_interface(
2833 current_class()->host_klass(),
2834 host_klass_type, ref_class_type));
2835 }
2836 if (!subtype) {
2837 verify_error(ErrorContext::bad_code(bci),
2838 "Bad invokespecial instruction: "
2839 "current class isn't assignable to reference class.");
2840 return;
2841 } else if (have_imr_indirect) {
2842 verify_error(ErrorContext::bad_code(bci),
2843 "Bad invokespecial instruction: "
2844 "interface method reference is in an indirect superinterface.");
2845 return;
2846 }
2847
2848 }
2849 // Match method descriptor with operand stack
2850 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2851 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2852 }
2853 // Check objectref on operand stack
2854 if (opcode != Bytecodes::_invokestatic &&
2855 opcode != Bytecodes::_invokedynamic) {
2856 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2857 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2858 code_length, in_try_block, this_uninit, cp, stackmap_table,
2859 CHECK_VERIFY(this));
2860 if (was_recursively_verified()) return;
2861 } else { // other methods
2862 // Ensures that target class is assignable to method class.
2863 if (opcode == Bytecodes::_invokespecial) {
2864 if (!current_class()->is_anonymous()) {
2865 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2866 } else {
2867 // anonymous class invokespecial calls: check if the
2868 // objectref is a subtype of the host_klass of the current class
2869 // to allow an anonymous class to reference methods in the host_klass
2870 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2871 VerificationType hosttype =
2872 VerificationType::reference_type(current_class()->host_klass()->name());
2873 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2874 if (!subtype) {
2875 verify_error( ErrorContext::bad_type(current_frame->offset(),
2876 current_frame->stack_top_ctx(),
2877 TypeOrigin::implicit(top)),
2878 "Bad type on operand stack");
2879 return;
2880 }
2881 }
2882 } else if (opcode == Bytecodes::_invokevirtual) {
2883 VerificationType stack_object_type =
2884 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2885 if (current_type() != stack_object_type) {
2886 if (was_recursively_verified()) return;
2887 assert(cp->cache() == NULL, "not rewritten yet");
2888 Symbol* ref_class_name =
2889 cp->klass_name_at(cp->klass_ref_index_at(index));
2890 // See the comments in verify_field_instructions() for
2891 // the rationale behind this.
2892 if (name_in_supers(ref_class_name, current_class())) {
2893 Klass* ref_class = load_class(ref_class_name, CHECK);
2894 if (is_protected_access(
2895 _klass, ref_class, method_name, method_sig, true)) {
2896 // It's protected access, check if stack object is
2897 // assignable to current class.
2898 bool is_assignable = current_type().is_assignable_from(
2899 stack_object_type, this, true, CHECK_VERIFY(this));
2900 if (!is_assignable) {
2901 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2902 && stack_object_type.is_array()
2903 && method_name == vmSymbols::clone_name()) {
2904 // Special case: arrays pretend to implement public Object
2905 // clone().
2906 } else {
2907 verify_error(ErrorContext::bad_type(bci,
2908 current_frame->stack_top_ctx(),
2909 TypeOrigin::implicit(current_type())),
2910 "Bad access to protected data in invokevirtual");
2911 return;
2912 }
2913 }
2914 }
2915 }
2916 }
2917 } else {
2918 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2919 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2920 }
2921 }
2922 }
2923 // Push the result type.
2924 if (sig_stream.type() != T_VOID) {
2925 if (method_name == vmSymbols::object_initializer_name()) {
2926 // <init> method must have a void return type
2927 /* Unreachable? Class file parser verifies that methods with '<' have
2928 * void return */
2929 verify_error(ErrorContext::bad_code(bci),
2930 "Return type must be void in <init> method");
2931 return;
2932 }
2933 VerificationType return_type[2];
2934 int n = change_sig_to_verificationType(
2935 &sig_stream, return_type, CHECK_VERIFY(this));
2936 for (int i = 0; i < n; i++) {
2937 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2938 }
2939 }
2940 }
2941
2942 VerificationType ClassVerifier::get_newarray_type(
2943 u2 index, u2 bci, TRAPS) {
2944 const char* from_bt[] = {
2945 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2946 };
2947 if (index < T_BOOLEAN || index > T_LONG) {
2948 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2949 return VerificationType::bogus_type();
2950 }
2951
2952 // from_bt[index] contains the array signature which has a length of 2
2953 Symbol* sig = create_temporary_symbol(
2954 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2955 return VerificationType::reference_type(sig);
2956 }
2957
2958 void ClassVerifier::verify_anewarray(
2959 u2 bci, u2 index, const constantPoolHandle& cp,
2960 StackMapFrame* current_frame, TRAPS) {
2961 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2962 current_frame->pop_stack(
2963 VerificationType::integer_type(), CHECK_VERIFY(this));
2964
2965 if (was_recursively_verified()) return;
2966 VerificationType component_type =
2967 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2968 int length;
2969 char* arr_sig_str;
2970 if (component_type.is_array()) { // it's an array
2971 const char* component_name = component_type.name()->as_utf8();
2972 // Check for more than MAX_ARRAY_DIMENSIONS
2973 length = (int)strlen(component_name);
2974 if (length > MAX_ARRAY_DIMENSIONS &&
2975 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
2976 verify_error(ErrorContext::bad_code(bci),
2977 "Illegal anewarray instruction, array has more than 255 dimensions");
2978 }
2979 // add one dimension to component
2980 length++;
2981 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2982 arr_sig_str[0] = '[';
2983 strncpy(&arr_sig_str[1], component_name, length - 1);
2984 } else { // it's an object or interface
2985 const char* component_name = component_type.name()->as_utf8();
2986 // add one dimension to component with 'L' prepended and ';' postpended.
2987 length = (int)strlen(component_name) + 3;
2988 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2989 arr_sig_str[0] = '[';
2990 arr_sig_str[1] = 'L';
2991 strncpy(&arr_sig_str[2], component_name, length - 2);
2992 arr_sig_str[length - 1] = ';';
2993 }
2994 Symbol* arr_sig = create_temporary_symbol(
2995 arr_sig_str, length, CHECK_VERIFY(this));
2996 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2997 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2998 }
2999
3000 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3001 current_frame->get_local(
3002 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3003 current_frame->push_stack(
3004 VerificationType::integer_type(), CHECK_VERIFY(this));
3005 }
3006
3007 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3008 current_frame->get_local_2(
3009 index, VerificationType::long_type(),
3010 VerificationType::long2_type(), CHECK_VERIFY(this));
3011 current_frame->push_stack_2(
3012 VerificationType::long_type(),
3013 VerificationType::long2_type(), CHECK_VERIFY(this));
3014 }
3015
3016 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3017 current_frame->get_local(
3018 index, VerificationType::float_type(), CHECK_VERIFY(this));
3019 current_frame->push_stack(
3020 VerificationType::float_type(), CHECK_VERIFY(this));
3021 }
3022
3023 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3024 current_frame->get_local_2(
3025 index, VerificationType::double_type(),
3026 VerificationType::double2_type(), CHECK_VERIFY(this));
3027 current_frame->push_stack_2(
3028 VerificationType::double_type(),
3029 VerificationType::double2_type(), CHECK_VERIFY(this));
3030 }
3031
3032 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3033 VerificationType type = current_frame->get_local(
3034 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3035 current_frame->push_stack(type, CHECK_VERIFY(this));
3036 }
3037
3038 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3039 current_frame->pop_stack(
3040 VerificationType::integer_type(), CHECK_VERIFY(this));
3041 current_frame->set_local(
3042 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3043 }
3044
3045 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3046 current_frame->pop_stack_2(
3047 VerificationType::long2_type(),
3048 VerificationType::long_type(), CHECK_VERIFY(this));
3049 current_frame->set_local_2(
3050 index, VerificationType::long_type(),
3051 VerificationType::long2_type(), CHECK_VERIFY(this));
3052 }
3053
3054 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3055 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3056 current_frame->set_local(
3057 index, VerificationType::float_type(), CHECK_VERIFY(this));
3058 }
3059
3060 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3061 current_frame->pop_stack_2(
3062 VerificationType::double2_type(),
3063 VerificationType::double_type(), CHECK_VERIFY(this));
3064 current_frame->set_local_2(
3065 index, VerificationType::double_type(),
3066 VerificationType::double2_type(), CHECK_VERIFY(this));
3067 }
3068
3069 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3070 VerificationType type = current_frame->pop_stack(
3071 VerificationType::reference_check(), CHECK_VERIFY(this));
3072 current_frame->set_local(index, type, CHECK_VERIFY(this));
3073 }
3074
3075 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3076 VerificationType type = current_frame->get_local(
3077 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3078 current_frame->set_local(index, type, CHECK_VERIFY(this));
3079 }
3080
3081 void ClassVerifier::verify_return_value(
3082 VerificationType return_type, VerificationType type, u2 bci,
3083 StackMapFrame* current_frame, TRAPS) {
3084 if (return_type == VerificationType::bogus_type()) {
3085 verify_error(ErrorContext::bad_type(bci,
3086 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3087 "Method expects a return value");
3088 return;
3089 }
3090 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3091 if (!match) {
3092 verify_error(ErrorContext::bad_type(bci,
3093 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3094 "Bad return type");
3095 return;
3096 }
3097 }
3098
3099 // The verifier creates symbols which are substrings of Symbols.
3100 // These are stored in the verifier until the end of verification so that
3101 // they can be reference counted.
3102 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3103 int end, TRAPS) {
3104 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3105 _symbols->push(sym);
3106 return sym;
3107 }
3108
3109 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3110 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3111 _symbols->push(sym);
3112 return sym;
3113 }