1 /* 2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/systemDictionary.hpp" 33 #include "classfile/verifier.hpp" 34 #include "classfile/vmSymbols.hpp" 35 #include "interpreter/bytecodes.hpp" 36 #include "interpreter/bytecodeStream.hpp" 37 #include "logging/log.hpp" 38 #include "logging/logStream.hpp" 39 #include "memory/oopFactory.hpp" 40 #include "memory/resourceArea.hpp" 41 #include "oops/constantPool.inline.hpp" 42 #include "oops/instanceKlass.hpp" 43 #include "oops/oop.inline.hpp" 44 #include "oops/typeArrayOop.hpp" 45 #include "runtime/fieldDescriptor.hpp" 46 #include "runtime/handles.inline.hpp" 47 #include "runtime/interfaceSupport.inline.hpp" 48 #include "runtime/javaCalls.hpp" 49 #include "runtime/jniHandles.inline.hpp" 50 #include "runtime/orderAccess.inline.hpp" 51 #include "runtime/os.hpp" 52 #include "runtime/thread.hpp" 53 #include "services/threadService.hpp" 54 #include "utilities/align.hpp" 55 #include "utilities/bytes.hpp" 56 57 #define NOFAILOVER_MAJOR_VERSION 51 58 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 59 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 60 #define MAX_ARRAY_DIMENSIONS 255 61 62 // Access to external entry for VerifyClassCodes - old byte code verifier 63 64 extern "C" { 65 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 66 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 67 } 68 69 static void* volatile _verify_byte_codes_fn = NULL; 70 71 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 72 73 static void* verify_byte_codes_fn() { 74 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) { 75 void *lib_handle = os::native_java_library(); 76 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 77 OrderAccess::release_store(&_verify_byte_codes_fn, func); 78 if (func == NULL) { 79 _is_new_verify_byte_codes_fn = false; 80 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 81 OrderAccess::release_store(&_verify_byte_codes_fn, func); 82 } 83 } 84 return (void*)_verify_byte_codes_fn; 85 } 86 87 88 // Methods in Verifier 89 90 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 91 return (class_loader == NULL || !should_verify_class) ? 92 BytecodeVerificationLocal : BytecodeVerificationRemote; 93 } 94 95 bool Verifier::relax_access_for(oop loader) { 96 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 97 bool need_verify = 98 // verifyAll 99 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 100 // verifyRemote 101 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 102 return !need_verify; 103 } 104 105 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 106 assert(verify_class != NULL, "Unexpected null verify_class"); 107 ResourceMark rm; 108 Symbol* s = verify_class->source_file_name(); 109 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 110 const char* verify = verify_class->external_name(); 111 const char* resolve = resolve_class->external_name(); 112 // print in a single call to reduce interleaving between threads 113 if (source_file != NULL) { 114 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 115 } else { 116 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 117 } 118 } 119 120 // Prints the end-verification message to the appropriate output. 121 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 122 if (HAS_PENDING_EXCEPTION) { 123 st->print("Verification for %s has", klassName); 124 st->print_cr(" exception pending %s ", 125 PENDING_EXCEPTION->klass()->external_name()); 126 } else if (exception_name != NULL) { 127 st->print_cr("Verification for %s failed", klassName); 128 } 129 st->print_cr("End class verification for: %s", klassName); 130 } 131 132 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 133 HandleMark hm(THREAD); 134 ResourceMark rm(THREAD); 135 136 // Eagerly allocate the identity hash code for a klass. This is a fallout 137 // from 6320749 and 8059924: hash code generator is not supposed to be called 138 // during the safepoint, but it allows to sneak the hashcode in during 139 // verification. Without this eager hashcode generation, we may end up 140 // installing the hashcode during some other operation, which may be at 141 // safepoint -- blowing up the checks. It was previously done as the side 142 // effect (sic!) for external_name(), but instead of doing that, we opt to 143 // explicitly push the hashcode in here. This is signify the following block 144 // is IMPORTANT: 145 if (klass->java_mirror() != NULL) { 146 klass->java_mirror()->identity_hash(); 147 } 148 149 if (!is_eligible_for_verification(klass, should_verify_class)) { 150 return true; 151 } 152 153 // Timer includes any side effects of class verification (resolution, 154 // etc), but not recursive calls to Verifier::verify(). 155 JavaThread* jt = (JavaThread*)THREAD; 156 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 157 ClassLoader::perf_class_verify_selftime(), 158 ClassLoader::perf_classes_verified(), 159 jt->get_thread_stat()->perf_recursion_counts_addr(), 160 jt->get_thread_stat()->perf_timers_addr(), 161 PerfClassTraceTime::CLASS_VERIFY); 162 163 // If the class should be verified, first see if we can use the split 164 // verifier. If not, or if verification fails and FailOverToOldVerifier 165 // is set, then call the inference verifier. 166 167 Symbol* exception_name = NULL; 168 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 169 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 170 char* exception_message = message_buffer; 171 172 const char* klassName = klass->external_name(); 173 bool can_failover = FailOverToOldVerifier && 174 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 175 176 log_info(class, init)("Start class verification for: %s", klassName); 177 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 178 ClassVerifier split_verifier(klass, THREAD); 179 split_verifier.verify_class(THREAD); 180 exception_name = split_verifier.result(); 181 if (can_failover && !HAS_PENDING_EXCEPTION && 182 (exception_name == vmSymbols::java_lang_VerifyError() || 183 exception_name == vmSymbols::java_lang_ClassFormatError())) { 184 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 185 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 186 exception_name = inference_verify( 187 klass, message_buffer, message_buffer_len, THREAD); 188 } 189 if (exception_name != NULL) { 190 exception_message = split_verifier.exception_message(); 191 } 192 } else { 193 exception_name = inference_verify( 194 klass, message_buffer, message_buffer_len, THREAD); 195 } 196 197 LogTarget(Info, class, init) lt1; 198 if (lt1.is_enabled()) { 199 LogStream ls(lt1); 200 log_end_verification(&ls, klassName, exception_name, THREAD); 201 } 202 LogTarget(Info, verification) lt2; 203 if (lt2.is_enabled()) { 204 LogStream ls(lt2); 205 log_end_verification(&ls, klassName, exception_name, THREAD); 206 } 207 208 if (HAS_PENDING_EXCEPTION) { 209 return false; // use the existing exception 210 } else if (exception_name == NULL) { 211 return true; // verifcation succeeded 212 } else { // VerifyError or ClassFormatError to be created and thrown 213 ResourceMark rm(THREAD); 214 Klass* kls = 215 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 216 if (log_is_enabled(Debug, class, resolve)) { 217 Verifier::trace_class_resolution(kls, klass); 218 } 219 220 while (kls != NULL) { 221 if (kls == klass) { 222 // If the class being verified is the exception we're creating 223 // or one of it's superclasses, we're in trouble and are going 224 // to infinitely recurse when we try to initialize the exception. 225 // So bail out here by throwing the preallocated VM error. 226 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 227 } 228 kls = kls->super(); 229 } 230 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 231 THROW_MSG_(exception_name, exception_message, false); 232 } 233 } 234 235 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 236 Symbol* name = klass->name(); 237 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 238 239 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 240 241 return (should_verify_for(klass->class_loader(), should_verify_class) && 242 // return if the class is a bootstrapping class 243 // or defineClass specified not to verify by default (flags override passed arg) 244 // We need to skip the following four for bootstraping 245 name != vmSymbols::java_lang_Object() && 246 name != vmSymbols::java_lang_Class() && 247 name != vmSymbols::java_lang_String() && 248 name != vmSymbols::java_lang_Throwable() && 249 250 // Can not verify the bytecodes for shared classes because they have 251 // already been rewritten to contain constant pool cache indices, 252 // which the verifier can't understand. 253 // Shared classes shouldn't have stackmaps either. 254 !klass->is_shared() && 255 256 // As of the fix for 4486457 we disable verification for all of the 257 // dynamically-generated bytecodes associated with the 1.4 258 // reflection implementation, not just those associated with 259 // jdk/internal/reflect/SerializationConstructorAccessor. 260 // NOTE: this is called too early in the bootstrapping process to be 261 // guarded by Universe::is_gte_jdk14x_version(). 262 // Also for lambda generated code, gte jdk8 263 (!is_reflect)); 264 } 265 266 Symbol* Verifier::inference_verify( 267 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 268 JavaThread* thread = (JavaThread*)THREAD; 269 JNIEnv *env = thread->jni_environment(); 270 271 void* verify_func = verify_byte_codes_fn(); 272 273 if (verify_func == NULL) { 274 jio_snprintf(message, message_len, "Could not link verifier"); 275 return vmSymbols::java_lang_VerifyError(); 276 } 277 278 ResourceMark rm(THREAD); 279 log_info(verification)("Verifying class %s with old format", klass->external_name()); 280 281 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 282 jint result; 283 284 { 285 HandleMark hm(thread); 286 ThreadToNativeFromVM ttn(thread); 287 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 288 // code knows that we have left the VM 289 290 if (_is_new_verify_byte_codes_fn) { 291 verify_byte_codes_fn_new_t func = 292 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 293 result = (*func)(env, cls, message, (int)message_len, 294 klass->major_version()); 295 } else { 296 verify_byte_codes_fn_t func = 297 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 298 result = (*func)(env, cls, message, (int)message_len); 299 } 300 } 301 302 JNIHandles::destroy_local(cls); 303 304 // These numbers are chosen so that VerifyClassCodes interface doesn't need 305 // to be changed (still return jboolean (unsigned char)), and result is 306 // 1 when verification is passed. 307 if (result == 0) { 308 return vmSymbols::java_lang_VerifyError(); 309 } else if (result == 1) { 310 return NULL; // verified. 311 } else if (result == 2) { 312 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 313 } else if (result == 3) { 314 return vmSymbols::java_lang_ClassFormatError(); 315 } else { 316 ShouldNotReachHere(); 317 return NULL; 318 } 319 } 320 321 TypeOrigin TypeOrigin::null() { 322 return TypeOrigin(); 323 } 324 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 325 assert(frame != NULL, "Must have a frame"); 326 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 327 frame->local_at(index)); 328 } 329 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 330 assert(frame != NULL, "Must have a frame"); 331 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 332 frame->stack_at(index)); 333 } 334 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 335 assert(frame != NULL, "Must have a frame"); 336 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 337 frame->local_at(index)); 338 } 339 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 340 assert(frame != NULL, "Must have a frame"); 341 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 342 frame->stack_at(index)); 343 } 344 TypeOrigin TypeOrigin::bad_index(u2 index) { 345 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 346 } 347 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 348 return TypeOrigin(CONST_POOL, index, NULL, vt); 349 } 350 TypeOrigin TypeOrigin::signature(VerificationType vt) { 351 return TypeOrigin(SIG, 0, NULL, vt); 352 } 353 TypeOrigin TypeOrigin::implicit(VerificationType t) { 354 return TypeOrigin(IMPLICIT, 0, NULL, t); 355 } 356 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 357 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 358 VerificationType::bogus_type()); 359 } 360 361 void TypeOrigin::reset_frame() { 362 if (_frame != NULL) { 363 _frame->restore(); 364 } 365 } 366 367 void TypeOrigin::details(outputStream* ss) const { 368 _type.print_on(ss); 369 switch (_origin) { 370 case CF_LOCALS: 371 ss->print(" (current frame, locals[%d])", _index); 372 break; 373 case CF_STACK: 374 ss->print(" (current frame, stack[%d])", _index); 375 break; 376 case SM_LOCALS: 377 ss->print(" (stack map, locals[%d])", _index); 378 break; 379 case SM_STACK: 380 ss->print(" (stack map, stack[%d])", _index); 381 break; 382 case CONST_POOL: 383 ss->print(" (constant pool %d)", _index); 384 break; 385 case SIG: 386 ss->print(" (from method signature)"); 387 break; 388 case IMPLICIT: 389 case FRAME_ONLY: 390 case NONE: 391 default: 392 ; 393 } 394 } 395 396 #ifdef ASSERT 397 void TypeOrigin::print_on(outputStream* str) const { 398 str->print("{%d,%d,%p:", _origin, _index, _frame); 399 if (_frame != NULL) { 400 _frame->print_on(str); 401 } else { 402 str->print("null"); 403 } 404 str->print(","); 405 _type.print_on(str); 406 str->print("}"); 407 } 408 #endif 409 410 void ErrorContext::details(outputStream* ss, const Method* method) const { 411 if (is_valid()) { 412 ss->cr(); 413 ss->print_cr("Exception Details:"); 414 location_details(ss, method); 415 reason_details(ss); 416 frame_details(ss); 417 bytecode_details(ss, method); 418 handler_details(ss, method); 419 stackmap_details(ss, method); 420 } 421 } 422 423 void ErrorContext::reason_details(outputStream* ss) const { 424 streamIndentor si(ss); 425 ss->indent().print_cr("Reason:"); 426 streamIndentor si2(ss); 427 ss->indent().print("%s", ""); 428 switch (_fault) { 429 case INVALID_BYTECODE: 430 ss->print("Error exists in the bytecode"); 431 break; 432 case WRONG_TYPE: 433 if (_expected.is_valid()) { 434 ss->print("Type "); 435 _type.details(ss); 436 ss->print(" is not assignable to "); 437 _expected.details(ss); 438 } else { 439 ss->print("Invalid type: "); 440 _type.details(ss); 441 } 442 break; 443 case FLAGS_MISMATCH: 444 if (_expected.is_valid()) { 445 ss->print("Current frame's flags are not assignable " 446 "to stack map frame's."); 447 } else { 448 ss->print("Current frame's flags are invalid in this context."); 449 } 450 break; 451 case BAD_CP_INDEX: 452 ss->print("Constant pool index %d is invalid", _type.index()); 453 break; 454 case BAD_LOCAL_INDEX: 455 ss->print("Local index %d is invalid", _type.index()); 456 break; 457 case LOCALS_SIZE_MISMATCH: 458 ss->print("Current frame's local size doesn't match stackmap."); 459 break; 460 case STACK_SIZE_MISMATCH: 461 ss->print("Current frame's stack size doesn't match stackmap."); 462 break; 463 case STACK_OVERFLOW: 464 ss->print("Exceeded max stack size."); 465 break; 466 case STACK_UNDERFLOW: 467 ss->print("Attempt to pop empty stack."); 468 break; 469 case MISSING_STACKMAP: 470 ss->print("Expected stackmap frame at this location."); 471 break; 472 case BAD_STACKMAP: 473 ss->print("Invalid stackmap specification."); 474 break; 475 case UNKNOWN: 476 default: 477 ShouldNotReachHere(); 478 ss->print_cr("Unknown"); 479 } 480 ss->cr(); 481 } 482 483 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 484 if (_bci != -1 && method != NULL) { 485 streamIndentor si(ss); 486 const char* bytecode_name = "<invalid>"; 487 if (method->validate_bci(_bci) != -1) { 488 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 489 if (Bytecodes::is_defined(code)) { 490 bytecode_name = Bytecodes::name(code); 491 } else { 492 bytecode_name = "<illegal>"; 493 } 494 } 495 InstanceKlass* ik = method->method_holder(); 496 ss->indent().print_cr("Location:"); 497 streamIndentor si2(ss); 498 ss->indent().print_cr("%s.%s%s @%d: %s", 499 ik->name()->as_C_string(), method->name()->as_C_string(), 500 method->signature()->as_C_string(), _bci, bytecode_name); 501 } 502 } 503 504 void ErrorContext::frame_details(outputStream* ss) const { 505 streamIndentor si(ss); 506 if (_type.is_valid() && _type.frame() != NULL) { 507 ss->indent().print_cr("Current Frame:"); 508 streamIndentor si2(ss); 509 _type.frame()->print_on(ss); 510 } 511 if (_expected.is_valid() && _expected.frame() != NULL) { 512 ss->indent().print_cr("Stackmap Frame:"); 513 streamIndentor si2(ss); 514 _expected.frame()->print_on(ss); 515 } 516 } 517 518 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 519 if (method != NULL) { 520 streamIndentor si(ss); 521 ss->indent().print_cr("Bytecode:"); 522 streamIndentor si2(ss); 523 ss->print_data(method->code_base(), method->code_size(), false); 524 } 525 } 526 527 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 528 if (method != NULL) { 529 streamIndentor si(ss); 530 ExceptionTable table(method); 531 if (table.length() > 0) { 532 ss->indent().print_cr("Exception Handler Table:"); 533 streamIndentor si2(ss); 534 for (int i = 0; i < table.length(); ++i) { 535 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 536 table.end_pc(i), table.handler_pc(i)); 537 } 538 } 539 } 540 } 541 542 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 543 if (method != NULL && method->has_stackmap_table()) { 544 streamIndentor si(ss); 545 ss->indent().print_cr("Stackmap Table:"); 546 Array<u1>* data = method->stackmap_data(); 547 stack_map_table* sm_table = 548 stack_map_table::at((address)data->adr_at(0)); 549 stack_map_frame* sm_frame = sm_table->entries(); 550 streamIndentor si2(ss); 551 int current_offset = -1; 552 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 553 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 554 ss->indent(); 555 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 556 sm_frame->print_truncated(ss, current_offset); 557 return; 558 } 559 sm_frame->print_on(ss, current_offset); 560 ss->cr(); 561 current_offset += sm_frame->offset_delta(); 562 sm_frame = sm_frame->next(); 563 } 564 } 565 } 566 567 // Methods in ClassVerifier 568 569 ClassVerifier::ClassVerifier( 570 InstanceKlass* klass, TRAPS) 571 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 572 _this_type = VerificationType::reference_type(klass->name()); 573 // Create list to hold symbols in reference area. 574 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 575 } 576 577 ClassVerifier::~ClassVerifier() { 578 // Decrement the reference count for any symbols created. 579 for (int i = 0; i < _symbols->length(); i++) { 580 Symbol* s = _symbols->at(i); 581 s->decrement_refcount(); 582 } 583 } 584 585 VerificationType ClassVerifier::object_type() const { 586 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 587 } 588 589 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 590 VerificationType vt = VerificationType::reference_type( 591 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 592 return TypeOrigin::implicit(vt); 593 } 594 595 void ClassVerifier::verify_class(TRAPS) { 596 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 597 598 Array<Method*>* methods = _klass->methods(); 599 int num_methods = methods->length(); 600 601 for (int index = 0; index < num_methods; index++) { 602 // Check for recursive re-verification before each method. 603 if (was_recursively_verified()) return; 604 605 Method* m = methods->at(index); 606 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 607 // If m is native or abstract, skip it. It is checked in class file 608 // parser that methods do not override a final method. Overpass methods 609 // are trusted since the VM generates them. 610 continue; 611 } 612 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 613 } 614 615 if (was_recursively_verified()){ 616 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 617 log_info(class, init)("Recursive verification detected for: %s", 618 _klass->external_name()); 619 } 620 } 621 622 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 623 HandleMark hm(THREAD); 624 _method = m; // initialize _method 625 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 626 627 // For clang, the only good constant format string is a literal constant format string. 628 #define bad_type_msg "Bad type on operand stack in %s" 629 630 int32_t max_stack = m->verifier_max_stack(); 631 int32_t max_locals = m->max_locals(); 632 constantPoolHandle cp(THREAD, m->constants()); 633 634 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 635 class_format_error("Invalid method signature"); 636 return; 637 } 638 639 // Initial stack map frame: offset is 0, stack is initially empty. 640 StackMapFrame current_frame(max_locals, max_stack, this); 641 // Set initial locals 642 VerificationType return_type = current_frame.set_locals_from_arg( 643 m, current_type(), CHECK_VERIFY(this)); 644 645 int32_t stackmap_index = 0; // index to the stackmap array 646 647 u4 code_length = m->code_size(); 648 649 // Scan the bytecode and map each instruction's start offset to a number. 650 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 651 652 int ex_min = code_length; 653 int ex_max = -1; 654 // Look through each item on the exception table. Each of the fields must refer 655 // to a legal instruction. 656 if (was_recursively_verified()) return; 657 verify_exception_handler_table( 658 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 659 660 // Look through each entry on the local variable table and make sure 661 // its range of code array offsets is valid. (4169817) 662 if (m->has_localvariable_table()) { 663 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 664 } 665 666 Array<u1>* stackmap_data = m->stackmap_data(); 667 StackMapStream stream(stackmap_data); 668 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 669 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 670 code_data, code_length, CHECK_VERIFY(this)); 671 672 LogTarget(Info, verification) lt; 673 if (lt.is_enabled()) { 674 ResourceMark rm(THREAD); 675 LogStream ls(lt); 676 stackmap_table.print_on(&ls); 677 } 678 679 RawBytecodeStream bcs(m); 680 681 // Scan the byte code linearly from the start to the end 682 bool no_control_flow = false; // Set to true when there is no direct control 683 // flow from current instruction to the next 684 // instruction in sequence 685 686 Bytecodes::Code opcode; 687 while (!bcs.is_last_bytecode()) { 688 // Check for recursive re-verification before each bytecode. 689 if (was_recursively_verified()) return; 690 691 opcode = bcs.raw_next(); 692 u2 bci = bcs.bci(); 693 694 // Set current frame's offset to bci 695 current_frame.set_offset(bci); 696 current_frame.set_mark(); 697 698 // Make sure every offset in stackmap table point to the beginning to 699 // an instruction. Match current_frame to stackmap_table entry with 700 // the same offset if exists. 701 stackmap_index = verify_stackmap_table( 702 stackmap_index, bci, ¤t_frame, &stackmap_table, 703 no_control_flow, CHECK_VERIFY(this)); 704 705 706 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 707 bool verified_exc_handlers = false; 708 709 // Merge with the next instruction 710 { 711 u2 index; 712 int target; 713 VerificationType type, type2; 714 VerificationType atype; 715 716 LogTarget(Info, verification) lt; 717 if (lt.is_enabled()) { 718 ResourceMark rm(THREAD); 719 LogStream ls(lt); 720 current_frame.print_on(&ls); 721 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 722 } 723 724 // Make sure wide instruction is in correct format 725 if (bcs.is_wide()) { 726 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 727 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 728 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 729 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 730 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 731 opcode != Bytecodes::_dstore) { 732 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 733 * if we encounter a wide instruction that modifies an invalid 734 * opcode (not one of the ones listed above) */ 735 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 736 return; 737 } 738 } 739 740 // Look for possible jump target in exception handlers and see if it 741 // matches current_frame. Do this check here for astore*, dstore*, 742 // fstore*, istore*, and lstore* opcodes because they can change the type 743 // state by adding a local. JVM Spec says that the incoming type state 744 // should be used for this check. So, do the check here before a possible 745 // local is added to the type state. 746 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 747 if (was_recursively_verified()) return; 748 verify_exception_handler_targets( 749 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 750 verified_exc_handlers = true; 751 } 752 753 if (was_recursively_verified()) return; 754 755 switch (opcode) { 756 case Bytecodes::_nop : 757 no_control_flow = false; break; 758 case Bytecodes::_aconst_null : 759 current_frame.push_stack( 760 VerificationType::null_type(), CHECK_VERIFY(this)); 761 no_control_flow = false; break; 762 case Bytecodes::_iconst_m1 : 763 case Bytecodes::_iconst_0 : 764 case Bytecodes::_iconst_1 : 765 case Bytecodes::_iconst_2 : 766 case Bytecodes::_iconst_3 : 767 case Bytecodes::_iconst_4 : 768 case Bytecodes::_iconst_5 : 769 current_frame.push_stack( 770 VerificationType::integer_type(), CHECK_VERIFY(this)); 771 no_control_flow = false; break; 772 case Bytecodes::_lconst_0 : 773 case Bytecodes::_lconst_1 : 774 current_frame.push_stack_2( 775 VerificationType::long_type(), 776 VerificationType::long2_type(), CHECK_VERIFY(this)); 777 no_control_flow = false; break; 778 case Bytecodes::_fconst_0 : 779 case Bytecodes::_fconst_1 : 780 case Bytecodes::_fconst_2 : 781 current_frame.push_stack( 782 VerificationType::float_type(), CHECK_VERIFY(this)); 783 no_control_flow = false; break; 784 case Bytecodes::_dconst_0 : 785 case Bytecodes::_dconst_1 : 786 current_frame.push_stack_2( 787 VerificationType::double_type(), 788 VerificationType::double2_type(), CHECK_VERIFY(this)); 789 no_control_flow = false; break; 790 case Bytecodes::_sipush : 791 case Bytecodes::_bipush : 792 current_frame.push_stack( 793 VerificationType::integer_type(), CHECK_VERIFY(this)); 794 no_control_flow = false; break; 795 case Bytecodes::_ldc : 796 verify_ldc( 797 opcode, bcs.get_index_u1(), ¤t_frame, 798 cp, bci, CHECK_VERIFY(this)); 799 no_control_flow = false; break; 800 case Bytecodes::_ldc_w : 801 case Bytecodes::_ldc2_w : 802 verify_ldc( 803 opcode, bcs.get_index_u2(), ¤t_frame, 804 cp, bci, CHECK_VERIFY(this)); 805 no_control_flow = false; break; 806 case Bytecodes::_iload : 807 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 808 no_control_flow = false; break; 809 case Bytecodes::_iload_0 : 810 case Bytecodes::_iload_1 : 811 case Bytecodes::_iload_2 : 812 case Bytecodes::_iload_3 : 813 index = opcode - Bytecodes::_iload_0; 814 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 815 no_control_flow = false; break; 816 case Bytecodes::_lload : 817 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 818 no_control_flow = false; break; 819 case Bytecodes::_lload_0 : 820 case Bytecodes::_lload_1 : 821 case Bytecodes::_lload_2 : 822 case Bytecodes::_lload_3 : 823 index = opcode - Bytecodes::_lload_0; 824 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 825 no_control_flow = false; break; 826 case Bytecodes::_fload : 827 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 828 no_control_flow = false; break; 829 case Bytecodes::_fload_0 : 830 case Bytecodes::_fload_1 : 831 case Bytecodes::_fload_2 : 832 case Bytecodes::_fload_3 : 833 index = opcode - Bytecodes::_fload_0; 834 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 835 no_control_flow = false; break; 836 case Bytecodes::_dload : 837 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 838 no_control_flow = false; break; 839 case Bytecodes::_dload_0 : 840 case Bytecodes::_dload_1 : 841 case Bytecodes::_dload_2 : 842 case Bytecodes::_dload_3 : 843 index = opcode - Bytecodes::_dload_0; 844 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 845 no_control_flow = false; break; 846 case Bytecodes::_aload : 847 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 848 no_control_flow = false; break; 849 case Bytecodes::_aload_0 : 850 case Bytecodes::_aload_1 : 851 case Bytecodes::_aload_2 : 852 case Bytecodes::_aload_3 : 853 index = opcode - Bytecodes::_aload_0; 854 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 855 no_control_flow = false; break; 856 case Bytecodes::_iaload : 857 type = current_frame.pop_stack( 858 VerificationType::integer_type(), CHECK_VERIFY(this)); 859 atype = current_frame.pop_stack( 860 VerificationType::reference_check(), CHECK_VERIFY(this)); 861 if (!atype.is_int_array()) { 862 verify_error(ErrorContext::bad_type(bci, 863 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 864 bad_type_msg, "iaload"); 865 return; 866 } 867 current_frame.push_stack( 868 VerificationType::integer_type(), CHECK_VERIFY(this)); 869 no_control_flow = false; break; 870 case Bytecodes::_baload : 871 type = current_frame.pop_stack( 872 VerificationType::integer_type(), CHECK_VERIFY(this)); 873 atype = current_frame.pop_stack( 874 VerificationType::reference_check(), CHECK_VERIFY(this)); 875 if (!atype.is_bool_array() && !atype.is_byte_array()) { 876 verify_error( 877 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 878 bad_type_msg, "baload"); 879 return; 880 } 881 current_frame.push_stack( 882 VerificationType::integer_type(), CHECK_VERIFY(this)); 883 no_control_flow = false; break; 884 case Bytecodes::_caload : 885 type = current_frame.pop_stack( 886 VerificationType::integer_type(), CHECK_VERIFY(this)); 887 atype = current_frame.pop_stack( 888 VerificationType::reference_check(), CHECK_VERIFY(this)); 889 if (!atype.is_char_array()) { 890 verify_error(ErrorContext::bad_type(bci, 891 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 892 bad_type_msg, "caload"); 893 return; 894 } 895 current_frame.push_stack( 896 VerificationType::integer_type(), CHECK_VERIFY(this)); 897 no_control_flow = false; break; 898 case Bytecodes::_saload : 899 type = current_frame.pop_stack( 900 VerificationType::integer_type(), CHECK_VERIFY(this)); 901 atype = current_frame.pop_stack( 902 VerificationType::reference_check(), CHECK_VERIFY(this)); 903 if (!atype.is_short_array()) { 904 verify_error(ErrorContext::bad_type(bci, 905 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 906 bad_type_msg, "saload"); 907 return; 908 } 909 current_frame.push_stack( 910 VerificationType::integer_type(), CHECK_VERIFY(this)); 911 no_control_flow = false; break; 912 case Bytecodes::_laload : 913 type = current_frame.pop_stack( 914 VerificationType::integer_type(), CHECK_VERIFY(this)); 915 atype = current_frame.pop_stack( 916 VerificationType::reference_check(), CHECK_VERIFY(this)); 917 if (!atype.is_long_array()) { 918 verify_error(ErrorContext::bad_type(bci, 919 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 920 bad_type_msg, "laload"); 921 return; 922 } 923 current_frame.push_stack_2( 924 VerificationType::long_type(), 925 VerificationType::long2_type(), CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_faload : 928 type = current_frame.pop_stack( 929 VerificationType::integer_type(), CHECK_VERIFY(this)); 930 atype = current_frame.pop_stack( 931 VerificationType::reference_check(), CHECK_VERIFY(this)); 932 if (!atype.is_float_array()) { 933 verify_error(ErrorContext::bad_type(bci, 934 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 935 bad_type_msg, "faload"); 936 return; 937 } 938 current_frame.push_stack( 939 VerificationType::float_type(), CHECK_VERIFY(this)); 940 no_control_flow = false; break; 941 case Bytecodes::_daload : 942 type = current_frame.pop_stack( 943 VerificationType::integer_type(), CHECK_VERIFY(this)); 944 atype = current_frame.pop_stack( 945 VerificationType::reference_check(), CHECK_VERIFY(this)); 946 if (!atype.is_double_array()) { 947 verify_error(ErrorContext::bad_type(bci, 948 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 949 bad_type_msg, "daload"); 950 return; 951 } 952 current_frame.push_stack_2( 953 VerificationType::double_type(), 954 VerificationType::double2_type(), CHECK_VERIFY(this)); 955 no_control_flow = false; break; 956 case Bytecodes::_aaload : { 957 type = current_frame.pop_stack( 958 VerificationType::integer_type(), CHECK_VERIFY(this)); 959 atype = current_frame.pop_stack( 960 VerificationType::reference_check(), CHECK_VERIFY(this)); 961 if (!atype.is_reference_array()) { 962 verify_error(ErrorContext::bad_type(bci, 963 current_frame.stack_top_ctx(), 964 TypeOrigin::implicit(VerificationType::reference_check())), 965 bad_type_msg, "aaload"); 966 return; 967 } 968 if (atype.is_null()) { 969 current_frame.push_stack( 970 VerificationType::null_type(), CHECK_VERIFY(this)); 971 } else { 972 VerificationType component = 973 atype.get_component(this, CHECK_VERIFY(this)); 974 current_frame.push_stack(component, CHECK_VERIFY(this)); 975 } 976 no_control_flow = false; break; 977 } 978 case Bytecodes::_istore : 979 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 980 no_control_flow = false; break; 981 case Bytecodes::_istore_0 : 982 case Bytecodes::_istore_1 : 983 case Bytecodes::_istore_2 : 984 case Bytecodes::_istore_3 : 985 index = opcode - Bytecodes::_istore_0; 986 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 987 no_control_flow = false; break; 988 case Bytecodes::_lstore : 989 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 990 no_control_flow = false; break; 991 case Bytecodes::_lstore_0 : 992 case Bytecodes::_lstore_1 : 993 case Bytecodes::_lstore_2 : 994 case Bytecodes::_lstore_3 : 995 index = opcode - Bytecodes::_lstore_0; 996 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 997 no_control_flow = false; break; 998 case Bytecodes::_fstore : 999 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1000 no_control_flow = false; break; 1001 case Bytecodes::_fstore_0 : 1002 case Bytecodes::_fstore_1 : 1003 case Bytecodes::_fstore_2 : 1004 case Bytecodes::_fstore_3 : 1005 index = opcode - Bytecodes::_fstore_0; 1006 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1007 no_control_flow = false; break; 1008 case Bytecodes::_dstore : 1009 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1010 no_control_flow = false; break; 1011 case Bytecodes::_dstore_0 : 1012 case Bytecodes::_dstore_1 : 1013 case Bytecodes::_dstore_2 : 1014 case Bytecodes::_dstore_3 : 1015 index = opcode - Bytecodes::_dstore_0; 1016 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1017 no_control_flow = false; break; 1018 case Bytecodes::_astore : 1019 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1020 no_control_flow = false; break; 1021 case Bytecodes::_astore_0 : 1022 case Bytecodes::_astore_1 : 1023 case Bytecodes::_astore_2 : 1024 case Bytecodes::_astore_3 : 1025 index = opcode - Bytecodes::_astore_0; 1026 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1027 no_control_flow = false; break; 1028 case Bytecodes::_iastore : 1029 type = current_frame.pop_stack( 1030 VerificationType::integer_type(), CHECK_VERIFY(this)); 1031 type2 = current_frame.pop_stack( 1032 VerificationType::integer_type(), CHECK_VERIFY(this)); 1033 atype = current_frame.pop_stack( 1034 VerificationType::reference_check(), CHECK_VERIFY(this)); 1035 if (!atype.is_int_array()) { 1036 verify_error(ErrorContext::bad_type(bci, 1037 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1038 bad_type_msg, "iastore"); 1039 return; 1040 } 1041 no_control_flow = false; break; 1042 case Bytecodes::_bastore : 1043 type = current_frame.pop_stack( 1044 VerificationType::integer_type(), CHECK_VERIFY(this)); 1045 type2 = current_frame.pop_stack( 1046 VerificationType::integer_type(), CHECK_VERIFY(this)); 1047 atype = current_frame.pop_stack( 1048 VerificationType::reference_check(), CHECK_VERIFY(this)); 1049 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1050 verify_error( 1051 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1052 bad_type_msg, "bastore"); 1053 return; 1054 } 1055 no_control_flow = false; break; 1056 case Bytecodes::_castore : 1057 current_frame.pop_stack( 1058 VerificationType::integer_type(), CHECK_VERIFY(this)); 1059 current_frame.pop_stack( 1060 VerificationType::integer_type(), CHECK_VERIFY(this)); 1061 atype = current_frame.pop_stack( 1062 VerificationType::reference_check(), CHECK_VERIFY(this)); 1063 if (!atype.is_char_array()) { 1064 verify_error(ErrorContext::bad_type(bci, 1065 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1066 bad_type_msg, "castore"); 1067 return; 1068 } 1069 no_control_flow = false; break; 1070 case Bytecodes::_sastore : 1071 current_frame.pop_stack( 1072 VerificationType::integer_type(), CHECK_VERIFY(this)); 1073 current_frame.pop_stack( 1074 VerificationType::integer_type(), CHECK_VERIFY(this)); 1075 atype = current_frame.pop_stack( 1076 VerificationType::reference_check(), CHECK_VERIFY(this)); 1077 if (!atype.is_short_array()) { 1078 verify_error(ErrorContext::bad_type(bci, 1079 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1080 bad_type_msg, "sastore"); 1081 return; 1082 } 1083 no_control_flow = false; break; 1084 case Bytecodes::_lastore : 1085 current_frame.pop_stack_2( 1086 VerificationType::long2_type(), 1087 VerificationType::long_type(), CHECK_VERIFY(this)); 1088 current_frame.pop_stack( 1089 VerificationType::integer_type(), CHECK_VERIFY(this)); 1090 atype = current_frame.pop_stack( 1091 VerificationType::reference_check(), CHECK_VERIFY(this)); 1092 if (!atype.is_long_array()) { 1093 verify_error(ErrorContext::bad_type(bci, 1094 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1095 bad_type_msg, "lastore"); 1096 return; 1097 } 1098 no_control_flow = false; break; 1099 case Bytecodes::_fastore : 1100 current_frame.pop_stack( 1101 VerificationType::float_type(), CHECK_VERIFY(this)); 1102 current_frame.pop_stack 1103 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1104 atype = current_frame.pop_stack( 1105 VerificationType::reference_check(), CHECK_VERIFY(this)); 1106 if (!atype.is_float_array()) { 1107 verify_error(ErrorContext::bad_type(bci, 1108 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1109 bad_type_msg, "fastore"); 1110 return; 1111 } 1112 no_control_flow = false; break; 1113 case Bytecodes::_dastore : 1114 current_frame.pop_stack_2( 1115 VerificationType::double2_type(), 1116 VerificationType::double_type(), CHECK_VERIFY(this)); 1117 current_frame.pop_stack( 1118 VerificationType::integer_type(), CHECK_VERIFY(this)); 1119 atype = current_frame.pop_stack( 1120 VerificationType::reference_check(), CHECK_VERIFY(this)); 1121 if (!atype.is_double_array()) { 1122 verify_error(ErrorContext::bad_type(bci, 1123 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1124 bad_type_msg, "dastore"); 1125 return; 1126 } 1127 no_control_flow = false; break; 1128 case Bytecodes::_aastore : 1129 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1130 type2 = current_frame.pop_stack( 1131 VerificationType::integer_type(), CHECK_VERIFY(this)); 1132 atype = current_frame.pop_stack( 1133 VerificationType::reference_check(), CHECK_VERIFY(this)); 1134 // more type-checking is done at runtime 1135 if (!atype.is_reference_array()) { 1136 verify_error(ErrorContext::bad_type(bci, 1137 current_frame.stack_top_ctx(), 1138 TypeOrigin::implicit(VerificationType::reference_check())), 1139 bad_type_msg, "aastore"); 1140 return; 1141 } 1142 // 4938384: relaxed constraint in JVMS 3nd edition. 1143 no_control_flow = false; break; 1144 case Bytecodes::_pop : 1145 current_frame.pop_stack( 1146 VerificationType::category1_check(), CHECK_VERIFY(this)); 1147 no_control_flow = false; break; 1148 case Bytecodes::_pop2 : 1149 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1150 if (type.is_category1()) { 1151 current_frame.pop_stack( 1152 VerificationType::category1_check(), CHECK_VERIFY(this)); 1153 } else if (type.is_category2_2nd()) { 1154 current_frame.pop_stack( 1155 VerificationType::category2_check(), CHECK_VERIFY(this)); 1156 } else { 1157 /* Unreachable? Would need a category2_1st on TOS 1158 * which does not appear possible. */ 1159 verify_error( 1160 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1161 bad_type_msg, "pop2"); 1162 return; 1163 } 1164 no_control_flow = false; break; 1165 case Bytecodes::_dup : 1166 type = current_frame.pop_stack( 1167 VerificationType::category1_check(), CHECK_VERIFY(this)); 1168 current_frame.push_stack(type, CHECK_VERIFY(this)); 1169 current_frame.push_stack(type, CHECK_VERIFY(this)); 1170 no_control_flow = false; break; 1171 case Bytecodes::_dup_x1 : 1172 type = current_frame.pop_stack( 1173 VerificationType::category1_check(), CHECK_VERIFY(this)); 1174 type2 = current_frame.pop_stack( 1175 VerificationType::category1_check(), CHECK_VERIFY(this)); 1176 current_frame.push_stack(type, CHECK_VERIFY(this)); 1177 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1178 current_frame.push_stack(type, CHECK_VERIFY(this)); 1179 no_control_flow = false; break; 1180 case Bytecodes::_dup_x2 : 1181 { 1182 VerificationType type3; 1183 type = current_frame.pop_stack( 1184 VerificationType::category1_check(), CHECK_VERIFY(this)); 1185 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1186 if (type2.is_category1()) { 1187 type3 = current_frame.pop_stack( 1188 VerificationType::category1_check(), CHECK_VERIFY(this)); 1189 } else if (type2.is_category2_2nd()) { 1190 type3 = current_frame.pop_stack( 1191 VerificationType::category2_check(), CHECK_VERIFY(this)); 1192 } else { 1193 /* Unreachable? Would need a category2_1st at stack depth 2 with 1194 * a category1 on TOS which does not appear possible. */ 1195 verify_error(ErrorContext::bad_type( 1196 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1197 return; 1198 } 1199 current_frame.push_stack(type, CHECK_VERIFY(this)); 1200 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1201 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1202 current_frame.push_stack(type, CHECK_VERIFY(this)); 1203 no_control_flow = false; break; 1204 } 1205 case Bytecodes::_dup2 : 1206 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1207 if (type.is_category1()) { 1208 type2 = current_frame.pop_stack( 1209 VerificationType::category1_check(), CHECK_VERIFY(this)); 1210 } else if (type.is_category2_2nd()) { 1211 type2 = current_frame.pop_stack( 1212 VerificationType::category2_check(), CHECK_VERIFY(this)); 1213 } else { 1214 /* Unreachable? Would need a category2_1st on TOS which does not 1215 * appear possible. */ 1216 verify_error( 1217 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1218 bad_type_msg, "dup2"); 1219 return; 1220 } 1221 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1222 current_frame.push_stack(type, CHECK_VERIFY(this)); 1223 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1224 current_frame.push_stack(type, CHECK_VERIFY(this)); 1225 no_control_flow = false; break; 1226 case Bytecodes::_dup2_x1 : 1227 { 1228 VerificationType type3; 1229 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1230 if (type.is_category1()) { 1231 type2 = current_frame.pop_stack( 1232 VerificationType::category1_check(), CHECK_VERIFY(this)); 1233 } else if (type.is_category2_2nd()) { 1234 type2 = current_frame.pop_stack( 1235 VerificationType::category2_check(), CHECK_VERIFY(this)); 1236 } else { 1237 /* Unreachable? Would need a category2_1st on TOS which does 1238 * not appear possible. */ 1239 verify_error( 1240 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1241 bad_type_msg, "dup2_x1"); 1242 return; 1243 } 1244 type3 = current_frame.pop_stack( 1245 VerificationType::category1_check(), CHECK_VERIFY(this)); 1246 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1247 current_frame.push_stack(type, CHECK_VERIFY(this)); 1248 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1249 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1250 current_frame.push_stack(type, CHECK_VERIFY(this)); 1251 no_control_flow = false; break; 1252 } 1253 case Bytecodes::_dup2_x2 : 1254 { 1255 VerificationType type3, type4; 1256 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1257 if (type.is_category1()) { 1258 type2 = current_frame.pop_stack( 1259 VerificationType::category1_check(), CHECK_VERIFY(this)); 1260 } else if (type.is_category2_2nd()) { 1261 type2 = current_frame.pop_stack( 1262 VerificationType::category2_check(), CHECK_VERIFY(this)); 1263 } else { 1264 /* Unreachable? Would need a category2_1st on TOS which does 1265 * not appear possible. */ 1266 verify_error( 1267 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1268 bad_type_msg, "dup2_x2"); 1269 return; 1270 } 1271 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1272 if (type3.is_category1()) { 1273 type4 = current_frame.pop_stack( 1274 VerificationType::category1_check(), CHECK_VERIFY(this)); 1275 } else if (type3.is_category2_2nd()) { 1276 type4 = current_frame.pop_stack( 1277 VerificationType::category2_check(), CHECK_VERIFY(this)); 1278 } else { 1279 /* Unreachable? Would need a category2_1st on TOS after popping 1280 * a long/double or two category 1's, which does not 1281 * appear possible. */ 1282 verify_error( 1283 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1284 bad_type_msg, "dup2_x2"); 1285 return; 1286 } 1287 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1288 current_frame.push_stack(type, CHECK_VERIFY(this)); 1289 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1290 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1291 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type, CHECK_VERIFY(this)); 1293 no_control_flow = false; break; 1294 } 1295 case Bytecodes::_swap : 1296 type = current_frame.pop_stack( 1297 VerificationType::category1_check(), CHECK_VERIFY(this)); 1298 type2 = current_frame.pop_stack( 1299 VerificationType::category1_check(), CHECK_VERIFY(this)); 1300 current_frame.push_stack(type, CHECK_VERIFY(this)); 1301 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1302 no_control_flow = false; break; 1303 case Bytecodes::_iadd : 1304 case Bytecodes::_isub : 1305 case Bytecodes::_imul : 1306 case Bytecodes::_idiv : 1307 case Bytecodes::_irem : 1308 case Bytecodes::_ishl : 1309 case Bytecodes::_ishr : 1310 case Bytecodes::_iushr : 1311 case Bytecodes::_ior : 1312 case Bytecodes::_ixor : 1313 case Bytecodes::_iand : 1314 current_frame.pop_stack( 1315 VerificationType::integer_type(), CHECK_VERIFY(this)); 1316 // fall through 1317 case Bytecodes::_ineg : 1318 current_frame.pop_stack( 1319 VerificationType::integer_type(), CHECK_VERIFY(this)); 1320 current_frame.push_stack( 1321 VerificationType::integer_type(), CHECK_VERIFY(this)); 1322 no_control_flow = false; break; 1323 case Bytecodes::_ladd : 1324 case Bytecodes::_lsub : 1325 case Bytecodes::_lmul : 1326 case Bytecodes::_ldiv : 1327 case Bytecodes::_lrem : 1328 case Bytecodes::_land : 1329 case Bytecodes::_lor : 1330 case Bytecodes::_lxor : 1331 current_frame.pop_stack_2( 1332 VerificationType::long2_type(), 1333 VerificationType::long_type(), CHECK_VERIFY(this)); 1334 // fall through 1335 case Bytecodes::_lneg : 1336 current_frame.pop_stack_2( 1337 VerificationType::long2_type(), 1338 VerificationType::long_type(), CHECK_VERIFY(this)); 1339 current_frame.push_stack_2( 1340 VerificationType::long_type(), 1341 VerificationType::long2_type(), CHECK_VERIFY(this)); 1342 no_control_flow = false; break; 1343 case Bytecodes::_lshl : 1344 case Bytecodes::_lshr : 1345 case Bytecodes::_lushr : 1346 current_frame.pop_stack( 1347 VerificationType::integer_type(), CHECK_VERIFY(this)); 1348 current_frame.pop_stack_2( 1349 VerificationType::long2_type(), 1350 VerificationType::long_type(), CHECK_VERIFY(this)); 1351 current_frame.push_stack_2( 1352 VerificationType::long_type(), 1353 VerificationType::long2_type(), CHECK_VERIFY(this)); 1354 no_control_flow = false; break; 1355 case Bytecodes::_fadd : 1356 case Bytecodes::_fsub : 1357 case Bytecodes::_fmul : 1358 case Bytecodes::_fdiv : 1359 case Bytecodes::_frem : 1360 current_frame.pop_stack( 1361 VerificationType::float_type(), CHECK_VERIFY(this)); 1362 // fall through 1363 case Bytecodes::_fneg : 1364 current_frame.pop_stack( 1365 VerificationType::float_type(), CHECK_VERIFY(this)); 1366 current_frame.push_stack( 1367 VerificationType::float_type(), CHECK_VERIFY(this)); 1368 no_control_flow = false; break; 1369 case Bytecodes::_dadd : 1370 case Bytecodes::_dsub : 1371 case Bytecodes::_dmul : 1372 case Bytecodes::_ddiv : 1373 case Bytecodes::_drem : 1374 current_frame.pop_stack_2( 1375 VerificationType::double2_type(), 1376 VerificationType::double_type(), CHECK_VERIFY(this)); 1377 // fall through 1378 case Bytecodes::_dneg : 1379 current_frame.pop_stack_2( 1380 VerificationType::double2_type(), 1381 VerificationType::double_type(), CHECK_VERIFY(this)); 1382 current_frame.push_stack_2( 1383 VerificationType::double_type(), 1384 VerificationType::double2_type(), CHECK_VERIFY(this)); 1385 no_control_flow = false; break; 1386 case Bytecodes::_iinc : 1387 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1388 no_control_flow = false; break; 1389 case Bytecodes::_i2l : 1390 type = current_frame.pop_stack( 1391 VerificationType::integer_type(), CHECK_VERIFY(this)); 1392 current_frame.push_stack_2( 1393 VerificationType::long_type(), 1394 VerificationType::long2_type(), CHECK_VERIFY(this)); 1395 no_control_flow = false; break; 1396 case Bytecodes::_l2i : 1397 current_frame.pop_stack_2( 1398 VerificationType::long2_type(), 1399 VerificationType::long_type(), CHECK_VERIFY(this)); 1400 current_frame.push_stack( 1401 VerificationType::integer_type(), CHECK_VERIFY(this)); 1402 no_control_flow = false; break; 1403 case Bytecodes::_i2f : 1404 current_frame.pop_stack( 1405 VerificationType::integer_type(), CHECK_VERIFY(this)); 1406 current_frame.push_stack( 1407 VerificationType::float_type(), CHECK_VERIFY(this)); 1408 no_control_flow = false; break; 1409 case Bytecodes::_i2d : 1410 current_frame.pop_stack( 1411 VerificationType::integer_type(), CHECK_VERIFY(this)); 1412 current_frame.push_stack_2( 1413 VerificationType::double_type(), 1414 VerificationType::double2_type(), CHECK_VERIFY(this)); 1415 no_control_flow = false; break; 1416 case Bytecodes::_l2f : 1417 current_frame.pop_stack_2( 1418 VerificationType::long2_type(), 1419 VerificationType::long_type(), CHECK_VERIFY(this)); 1420 current_frame.push_stack( 1421 VerificationType::float_type(), CHECK_VERIFY(this)); 1422 no_control_flow = false; break; 1423 case Bytecodes::_l2d : 1424 current_frame.pop_stack_2( 1425 VerificationType::long2_type(), 1426 VerificationType::long_type(), CHECK_VERIFY(this)); 1427 current_frame.push_stack_2( 1428 VerificationType::double_type(), 1429 VerificationType::double2_type(), CHECK_VERIFY(this)); 1430 no_control_flow = false; break; 1431 case Bytecodes::_f2i : 1432 current_frame.pop_stack( 1433 VerificationType::float_type(), CHECK_VERIFY(this)); 1434 current_frame.push_stack( 1435 VerificationType::integer_type(), CHECK_VERIFY(this)); 1436 no_control_flow = false; break; 1437 case Bytecodes::_f2l : 1438 current_frame.pop_stack( 1439 VerificationType::float_type(), CHECK_VERIFY(this)); 1440 current_frame.push_stack_2( 1441 VerificationType::long_type(), 1442 VerificationType::long2_type(), CHECK_VERIFY(this)); 1443 no_control_flow = false; break; 1444 case Bytecodes::_f2d : 1445 current_frame.pop_stack( 1446 VerificationType::float_type(), CHECK_VERIFY(this)); 1447 current_frame.push_stack_2( 1448 VerificationType::double_type(), 1449 VerificationType::double2_type(), CHECK_VERIFY(this)); 1450 no_control_flow = false; break; 1451 case Bytecodes::_d2i : 1452 current_frame.pop_stack_2( 1453 VerificationType::double2_type(), 1454 VerificationType::double_type(), CHECK_VERIFY(this)); 1455 current_frame.push_stack( 1456 VerificationType::integer_type(), CHECK_VERIFY(this)); 1457 no_control_flow = false; break; 1458 case Bytecodes::_d2l : 1459 current_frame.pop_stack_2( 1460 VerificationType::double2_type(), 1461 VerificationType::double_type(), CHECK_VERIFY(this)); 1462 current_frame.push_stack_2( 1463 VerificationType::long_type(), 1464 VerificationType::long2_type(), CHECK_VERIFY(this)); 1465 no_control_flow = false; break; 1466 case Bytecodes::_d2f : 1467 current_frame.pop_stack_2( 1468 VerificationType::double2_type(), 1469 VerificationType::double_type(), CHECK_VERIFY(this)); 1470 current_frame.push_stack( 1471 VerificationType::float_type(), CHECK_VERIFY(this)); 1472 no_control_flow = false; break; 1473 case Bytecodes::_i2b : 1474 case Bytecodes::_i2c : 1475 case Bytecodes::_i2s : 1476 current_frame.pop_stack( 1477 VerificationType::integer_type(), CHECK_VERIFY(this)); 1478 current_frame.push_stack( 1479 VerificationType::integer_type(), CHECK_VERIFY(this)); 1480 no_control_flow = false; break; 1481 case Bytecodes::_lcmp : 1482 current_frame.pop_stack_2( 1483 VerificationType::long2_type(), 1484 VerificationType::long_type(), CHECK_VERIFY(this)); 1485 current_frame.pop_stack_2( 1486 VerificationType::long2_type(), 1487 VerificationType::long_type(), CHECK_VERIFY(this)); 1488 current_frame.push_stack( 1489 VerificationType::integer_type(), CHECK_VERIFY(this)); 1490 no_control_flow = false; break; 1491 case Bytecodes::_fcmpl : 1492 case Bytecodes::_fcmpg : 1493 current_frame.pop_stack( 1494 VerificationType::float_type(), CHECK_VERIFY(this)); 1495 current_frame.pop_stack( 1496 VerificationType::float_type(), CHECK_VERIFY(this)); 1497 current_frame.push_stack( 1498 VerificationType::integer_type(), CHECK_VERIFY(this)); 1499 no_control_flow = false; break; 1500 case Bytecodes::_dcmpl : 1501 case Bytecodes::_dcmpg : 1502 current_frame.pop_stack_2( 1503 VerificationType::double2_type(), 1504 VerificationType::double_type(), CHECK_VERIFY(this)); 1505 current_frame.pop_stack_2( 1506 VerificationType::double2_type(), 1507 VerificationType::double_type(), CHECK_VERIFY(this)); 1508 current_frame.push_stack( 1509 VerificationType::integer_type(), CHECK_VERIFY(this)); 1510 no_control_flow = false; break; 1511 case Bytecodes::_if_icmpeq: 1512 case Bytecodes::_if_icmpne: 1513 case Bytecodes::_if_icmplt: 1514 case Bytecodes::_if_icmpge: 1515 case Bytecodes::_if_icmpgt: 1516 case Bytecodes::_if_icmple: 1517 current_frame.pop_stack( 1518 VerificationType::integer_type(), CHECK_VERIFY(this)); 1519 // fall through 1520 case Bytecodes::_ifeq: 1521 case Bytecodes::_ifne: 1522 case Bytecodes::_iflt: 1523 case Bytecodes::_ifge: 1524 case Bytecodes::_ifgt: 1525 case Bytecodes::_ifle: 1526 current_frame.pop_stack( 1527 VerificationType::integer_type(), CHECK_VERIFY(this)); 1528 target = bcs.dest(); 1529 stackmap_table.check_jump_target( 1530 ¤t_frame, target, CHECK_VERIFY(this)); 1531 no_control_flow = false; break; 1532 case Bytecodes::_if_acmpeq : 1533 case Bytecodes::_if_acmpne : 1534 current_frame.pop_stack( 1535 VerificationType::reference_check(), CHECK_VERIFY(this)); 1536 // fall through 1537 case Bytecodes::_ifnull : 1538 case Bytecodes::_ifnonnull : 1539 current_frame.pop_stack( 1540 VerificationType::reference_check(), CHECK_VERIFY(this)); 1541 target = bcs.dest(); 1542 stackmap_table.check_jump_target 1543 (¤t_frame, target, CHECK_VERIFY(this)); 1544 no_control_flow = false; break; 1545 case Bytecodes::_goto : 1546 target = bcs.dest(); 1547 stackmap_table.check_jump_target( 1548 ¤t_frame, target, CHECK_VERIFY(this)); 1549 no_control_flow = true; break; 1550 case Bytecodes::_goto_w : 1551 target = bcs.dest_w(); 1552 stackmap_table.check_jump_target( 1553 ¤t_frame, target, CHECK_VERIFY(this)); 1554 no_control_flow = true; break; 1555 case Bytecodes::_tableswitch : 1556 case Bytecodes::_lookupswitch : 1557 verify_switch( 1558 &bcs, code_length, code_data, ¤t_frame, 1559 &stackmap_table, CHECK_VERIFY(this)); 1560 no_control_flow = true; break; 1561 case Bytecodes::_ireturn : 1562 type = current_frame.pop_stack( 1563 VerificationType::integer_type(), CHECK_VERIFY(this)); 1564 verify_return_value(return_type, type, bci, 1565 ¤t_frame, CHECK_VERIFY(this)); 1566 no_control_flow = true; break; 1567 case Bytecodes::_lreturn : 1568 type2 = current_frame.pop_stack( 1569 VerificationType::long2_type(), CHECK_VERIFY(this)); 1570 type = current_frame.pop_stack( 1571 VerificationType::long_type(), CHECK_VERIFY(this)); 1572 verify_return_value(return_type, type, bci, 1573 ¤t_frame, CHECK_VERIFY(this)); 1574 no_control_flow = true; break; 1575 case Bytecodes::_freturn : 1576 type = current_frame.pop_stack( 1577 VerificationType::float_type(), CHECK_VERIFY(this)); 1578 verify_return_value(return_type, type, bci, 1579 ¤t_frame, CHECK_VERIFY(this)); 1580 no_control_flow = true; break; 1581 case Bytecodes::_dreturn : 1582 type2 = current_frame.pop_stack( 1583 VerificationType::double2_type(), CHECK_VERIFY(this)); 1584 type = current_frame.pop_stack( 1585 VerificationType::double_type(), CHECK_VERIFY(this)); 1586 verify_return_value(return_type, type, bci, 1587 ¤t_frame, CHECK_VERIFY(this)); 1588 no_control_flow = true; break; 1589 case Bytecodes::_areturn : 1590 type = current_frame.pop_stack( 1591 VerificationType::reference_check(), CHECK_VERIFY(this)); 1592 verify_return_value(return_type, type, bci, 1593 ¤t_frame, CHECK_VERIFY(this)); 1594 no_control_flow = true; break; 1595 case Bytecodes::_return : 1596 if (return_type != VerificationType::bogus_type()) { 1597 verify_error(ErrorContext::bad_code(bci), 1598 "Method expects a return value"); 1599 return; 1600 } 1601 // Make sure "this" has been initialized if current method is an 1602 // <init>. 1603 if (_method->name() == vmSymbols::object_initializer_name() && 1604 current_frame.flag_this_uninit()) { 1605 verify_error(ErrorContext::bad_code(bci), 1606 "Constructor must call super() or this() " 1607 "before return"); 1608 return; 1609 } 1610 no_control_flow = true; break; 1611 case Bytecodes::_getstatic : 1612 case Bytecodes::_putstatic : 1613 // pass TRUE, operand can be an array type for getstatic/putstatic. 1614 verify_field_instructions( 1615 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1616 no_control_flow = false; break; 1617 case Bytecodes::_getfield : 1618 case Bytecodes::_putfield : 1619 // pass FALSE, operand can't be an array type for getfield/putfield. 1620 verify_field_instructions( 1621 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1622 no_control_flow = false; break; 1623 case Bytecodes::_invokevirtual : 1624 case Bytecodes::_invokespecial : 1625 case Bytecodes::_invokestatic : 1626 verify_invoke_instructions( 1627 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1628 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1629 no_control_flow = false; break; 1630 case Bytecodes::_invokeinterface : 1631 case Bytecodes::_invokedynamic : 1632 verify_invoke_instructions( 1633 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1634 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1635 no_control_flow = false; break; 1636 case Bytecodes::_new : 1637 { 1638 index = bcs.get_index_u2(); 1639 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1640 VerificationType new_class_type = 1641 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1642 if (!new_class_type.is_object()) { 1643 verify_error(ErrorContext::bad_type(bci, 1644 TypeOrigin::cp(index, new_class_type)), 1645 "Illegal new instruction"); 1646 return; 1647 } 1648 type = VerificationType::uninitialized_type(bci); 1649 current_frame.push_stack(type, CHECK_VERIFY(this)); 1650 no_control_flow = false; break; 1651 } 1652 case Bytecodes::_newarray : 1653 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1654 current_frame.pop_stack( 1655 VerificationType::integer_type(), CHECK_VERIFY(this)); 1656 current_frame.push_stack(type, CHECK_VERIFY(this)); 1657 no_control_flow = false; break; 1658 case Bytecodes::_anewarray : 1659 verify_anewarray( 1660 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1661 no_control_flow = false; break; 1662 case Bytecodes::_arraylength : 1663 type = current_frame.pop_stack( 1664 VerificationType::reference_check(), CHECK_VERIFY(this)); 1665 if (!(type.is_null() || type.is_array())) { 1666 verify_error(ErrorContext::bad_type( 1667 bci, current_frame.stack_top_ctx()), 1668 bad_type_msg, "arraylength"); 1669 } 1670 current_frame.push_stack( 1671 VerificationType::integer_type(), CHECK_VERIFY(this)); 1672 no_control_flow = false; break; 1673 case Bytecodes::_checkcast : 1674 { 1675 index = bcs.get_index_u2(); 1676 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1677 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1678 VerificationType klass_type = cp_index_to_type( 1679 index, cp, CHECK_VERIFY(this)); 1680 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1681 no_control_flow = false; break; 1682 } 1683 case Bytecodes::_instanceof : { 1684 index = bcs.get_index_u2(); 1685 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1686 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1687 current_frame.push_stack( 1688 VerificationType::integer_type(), CHECK_VERIFY(this)); 1689 no_control_flow = false; break; 1690 } 1691 case Bytecodes::_monitorenter : 1692 case Bytecodes::_monitorexit : 1693 current_frame.pop_stack( 1694 VerificationType::reference_check(), CHECK_VERIFY(this)); 1695 no_control_flow = false; break; 1696 case Bytecodes::_multianewarray : 1697 { 1698 index = bcs.get_index_u2(); 1699 u2 dim = *(bcs.bcp()+3); 1700 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1701 VerificationType new_array_type = 1702 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1703 if (!new_array_type.is_array()) { 1704 verify_error(ErrorContext::bad_type(bci, 1705 TypeOrigin::cp(index, new_array_type)), 1706 "Illegal constant pool index in multianewarray instruction"); 1707 return; 1708 } 1709 if (dim < 1 || new_array_type.dimensions() < dim) { 1710 verify_error(ErrorContext::bad_code(bci), 1711 "Illegal dimension in multianewarray instruction: %d", dim); 1712 return; 1713 } 1714 for (int i = 0; i < dim; i++) { 1715 current_frame.pop_stack( 1716 VerificationType::integer_type(), CHECK_VERIFY(this)); 1717 } 1718 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1719 no_control_flow = false; break; 1720 } 1721 case Bytecodes::_athrow : 1722 type = VerificationType::reference_type( 1723 vmSymbols::java_lang_Throwable()); 1724 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1725 no_control_flow = true; break; 1726 default: 1727 // We only need to check the valid bytecodes in class file. 1728 // And jsr and ret are not in the new class file format in JDK1.5. 1729 verify_error(ErrorContext::bad_code(bci), 1730 "Bad instruction: %02x", opcode); 1731 no_control_flow = false; 1732 return; 1733 } // end switch 1734 } // end Merge with the next instruction 1735 1736 // Look for possible jump target in exception handlers and see if it matches 1737 // current_frame. Don't do this check if it has already been done (for 1738 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1739 // opcodes, such as invokespecial, may set the this_uninit flag. 1740 assert(!(verified_exc_handlers && this_uninit), 1741 "Exception handler targets got verified before this_uninit got set"); 1742 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1743 if (was_recursively_verified()) return; 1744 verify_exception_handler_targets( 1745 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1746 } 1747 } // end while 1748 1749 // Make sure that control flow does not fall through end of the method 1750 if (!no_control_flow) { 1751 verify_error(ErrorContext::bad_code(code_length), 1752 "Control flow falls through code end"); 1753 return; 1754 } 1755 } 1756 1757 #undef bad_type_message 1758 1759 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1760 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1761 memset(code_data, 0, sizeof(char) * code_length); 1762 RawBytecodeStream bcs(m); 1763 1764 while (!bcs.is_last_bytecode()) { 1765 if (bcs.raw_next() != Bytecodes::_illegal) { 1766 int bci = bcs.bci(); 1767 if (bcs.raw_code() == Bytecodes::_new) { 1768 code_data[bci] = NEW_OFFSET; 1769 } else { 1770 code_data[bci] = BYTECODE_OFFSET; 1771 } 1772 } else { 1773 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1774 return NULL; 1775 } 1776 } 1777 1778 return code_data; 1779 } 1780 1781 // Since this method references the constant pool, call was_recursively_verified() 1782 // before calling this method to make sure a prior class load did not cause the 1783 // current class to get verified. 1784 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1785 ExceptionTable exhandlers(_method()); 1786 int exlength = exhandlers.length(); 1787 constantPoolHandle cp (THREAD, _method->constants()); 1788 1789 for(int i = 0; i < exlength; i++) { 1790 u2 start_pc = exhandlers.start_pc(i); 1791 u2 end_pc = exhandlers.end_pc(i); 1792 u2 handler_pc = exhandlers.handler_pc(i); 1793 if (start_pc >= code_length || code_data[start_pc] == 0) { 1794 class_format_error("Illegal exception table start_pc %d", start_pc); 1795 return; 1796 } 1797 if (end_pc != code_length) { // special case: end_pc == code_length 1798 if (end_pc > code_length || code_data[end_pc] == 0) { 1799 class_format_error("Illegal exception table end_pc %d", end_pc); 1800 return; 1801 } 1802 } 1803 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1804 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1805 return; 1806 } 1807 int catch_type_index = exhandlers.catch_type_index(i); 1808 if (catch_type_index != 0) { 1809 VerificationType catch_type = cp_index_to_type( 1810 catch_type_index, cp, CHECK_VERIFY(this)); 1811 VerificationType throwable = 1812 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1813 bool is_subclass = throwable.is_assignable_from( 1814 catch_type, this, false, CHECK_VERIFY(this)); 1815 if (!is_subclass) { 1816 // 4286534: should throw VerifyError according to recent spec change 1817 verify_error(ErrorContext::bad_type(handler_pc, 1818 TypeOrigin::cp(catch_type_index, catch_type), 1819 TypeOrigin::implicit(throwable)), 1820 "Catch type is not a subclass " 1821 "of Throwable in exception handler %d", handler_pc); 1822 return; 1823 } 1824 } 1825 if (start_pc < min) min = start_pc; 1826 if (end_pc > max) max = end_pc; 1827 } 1828 } 1829 1830 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1831 int localvariable_table_length = _method->localvariable_table_length(); 1832 if (localvariable_table_length > 0) { 1833 LocalVariableTableElement* table = _method->localvariable_table_start(); 1834 for (int i = 0; i < localvariable_table_length; i++) { 1835 u2 start_bci = table[i].start_bci; 1836 u2 length = table[i].length; 1837 1838 if (start_bci >= code_length || code_data[start_bci] == 0) { 1839 class_format_error( 1840 "Illegal local variable table start_pc %d", start_bci); 1841 return; 1842 } 1843 u4 end_bci = (u4)(start_bci + length); 1844 if (end_bci != code_length) { 1845 if (end_bci >= code_length || code_data[end_bci] == 0) { 1846 class_format_error( "Illegal local variable table length %d", length); 1847 return; 1848 } 1849 } 1850 } 1851 } 1852 } 1853 1854 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1855 StackMapFrame* current_frame, 1856 StackMapTable* stackmap_table, 1857 bool no_control_flow, TRAPS) { 1858 if (stackmap_index < stackmap_table->get_frame_count()) { 1859 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1860 if (no_control_flow && this_offset > bci) { 1861 verify_error(ErrorContext::missing_stackmap(bci), 1862 "Expecting a stack map frame"); 1863 return 0; 1864 } 1865 if (this_offset == bci) { 1866 ErrorContext ctx; 1867 // See if current stack map can be assigned to the frame in table. 1868 // current_frame is the stackmap frame got from the last instruction. 1869 // If matched, current_frame will be updated by this method. 1870 bool matches = stackmap_table->match_stackmap( 1871 current_frame, this_offset, stackmap_index, 1872 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1873 if (!matches) { 1874 // report type error 1875 verify_error(ctx, "Instruction type does not match stack map"); 1876 return 0; 1877 } 1878 stackmap_index++; 1879 } else if (this_offset < bci) { 1880 // current_offset should have met this_offset. 1881 class_format_error("Bad stack map offset %d", this_offset); 1882 return 0; 1883 } 1884 } else if (no_control_flow) { 1885 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1886 return 0; 1887 } 1888 return stackmap_index; 1889 } 1890 1891 // Since this method references the constant pool, call was_recursively_verified() 1892 // before calling this method to make sure a prior class load did not cause the 1893 // current class to get verified. 1894 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1895 StackMapFrame* current_frame, 1896 StackMapTable* stackmap_table, TRAPS) { 1897 constantPoolHandle cp (THREAD, _method->constants()); 1898 ExceptionTable exhandlers(_method()); 1899 int exlength = exhandlers.length(); 1900 for(int i = 0; i < exlength; i++) { 1901 u2 start_pc = exhandlers.start_pc(i); 1902 u2 end_pc = exhandlers.end_pc(i); 1903 u2 handler_pc = exhandlers.handler_pc(i); 1904 int catch_type_index = exhandlers.catch_type_index(i); 1905 if(bci >= start_pc && bci < end_pc) { 1906 u1 flags = current_frame->flags(); 1907 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1908 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1909 if (catch_type_index != 0) { 1910 if (was_recursively_verified()) return; 1911 // We know that this index refers to a subclass of Throwable 1912 VerificationType catch_type = cp_index_to_type( 1913 catch_type_index, cp, CHECK_VERIFY(this)); 1914 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1915 } else { 1916 VerificationType throwable = 1917 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1918 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1919 } 1920 ErrorContext ctx; 1921 bool matches = stackmap_table->match_stackmap( 1922 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1923 if (!matches) { 1924 verify_error(ctx, "Stack map does not match the one at " 1925 "exception handler %d", handler_pc); 1926 return; 1927 } 1928 } 1929 } 1930 } 1931 1932 void ClassVerifier::verify_cp_index( 1933 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 1934 int nconstants = cp->length(); 1935 if ((index <= 0) || (index >= nconstants)) { 1936 verify_error(ErrorContext::bad_cp_index(bci, index), 1937 "Illegal constant pool index %d in class %s", 1938 index, cp->pool_holder()->external_name()); 1939 return; 1940 } 1941 } 1942 1943 void ClassVerifier::verify_cp_type( 1944 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 1945 1946 // In some situations, bytecode rewriting may occur while we're verifying. 1947 // In this case, a constant pool cache exists and some indices refer to that 1948 // instead. Be sure we don't pick up such indices by accident. 1949 // We must check was_recursively_verified() before we get here. 1950 guarantee(cp->cache() == NULL, "not rewritten yet"); 1951 1952 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1953 unsigned int tag = cp->tag_at(index).value(); 1954 if ((types & (1 << tag)) == 0) { 1955 verify_error(ErrorContext::bad_cp_index(bci, index), 1956 "Illegal type at constant pool entry %d in class %s", 1957 index, cp->pool_holder()->external_name()); 1958 return; 1959 } 1960 } 1961 1962 void ClassVerifier::verify_cp_class_type( 1963 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 1964 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1965 constantTag tag = cp->tag_at(index); 1966 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1967 verify_error(ErrorContext::bad_cp_index(bci, index), 1968 "Illegal type at constant pool entry %d in class %s", 1969 index, cp->pool_holder()->external_name()); 1970 return; 1971 } 1972 } 1973 1974 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1975 stringStream ss; 1976 1977 ctx.reset_frames(); 1978 _exception_type = vmSymbols::java_lang_VerifyError(); 1979 _error_context = ctx; 1980 va_list va; 1981 va_start(va, msg); 1982 ss.vprint(msg, va); 1983 va_end(va); 1984 _message = ss.as_string(); 1985 #ifdef ASSERT 1986 ResourceMark rm; 1987 const char* exception_name = _exception_type->as_C_string(); 1988 Exceptions::debug_check_abort(exception_name, NULL); 1989 #endif // ndef ASSERT 1990 } 1991 1992 void ClassVerifier::class_format_error(const char* msg, ...) { 1993 stringStream ss; 1994 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1995 va_list va; 1996 va_start(va, msg); 1997 ss.vprint(msg, va); 1998 va_end(va); 1999 if (!_method.is_null()) { 2000 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2001 } 2002 _message = ss.as_string(); 2003 } 2004 2005 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2006 HandleMark hm(THREAD); 2007 // Get current loader and protection domain first. 2008 oop loader = current_class()->class_loader(); 2009 oop protection_domain = current_class()->protection_domain(); 2010 2011 Klass* kls = SystemDictionary::resolve_or_fail( 2012 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2013 true, THREAD); 2014 2015 if (log_is_enabled(Debug, class, resolve)) { 2016 InstanceKlass* cur_class = InstanceKlass::cast(current_class()); 2017 Verifier::trace_class_resolution(kls, cur_class); 2018 } 2019 return kls; 2020 } 2021 2022 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2023 Klass* target_class, 2024 Symbol* field_name, 2025 Symbol* field_sig, 2026 bool is_method) { 2027 NoSafepointVerifier nosafepoint; 2028 2029 // If target class isn't a super class of this class, we don't worry about this case 2030 if (!this_class->is_subclass_of(target_class)) { 2031 return false; 2032 } 2033 // Check if the specified method or field is protected 2034 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2035 fieldDescriptor fd; 2036 if (is_method) { 2037 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2038 if (m != NULL && m->is_protected()) { 2039 if (!this_class->is_same_class_package(m->method_holder())) { 2040 return true; 2041 } 2042 } 2043 } else { 2044 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2045 if (member_klass != NULL && fd.is_protected()) { 2046 if (!this_class->is_same_class_package(member_klass)) { 2047 return true; 2048 } 2049 } 2050 } 2051 return false; 2052 } 2053 2054 void ClassVerifier::verify_ldc( 2055 int opcode, u2 index, StackMapFrame* current_frame, 2056 const constantPoolHandle& cp, u2 bci, TRAPS) { 2057 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2058 constantTag tag = cp->tag_at(index); 2059 unsigned int types = 0; 2060 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2061 if (!tag.is_unresolved_klass()) { 2062 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2063 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2064 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2065 | (1 << JVM_CONSTANT_Dynamic); 2066 // Note: The class file parser already verified the legality of 2067 // MethodHandle and MethodType constants. 2068 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2069 } 2070 } else { 2071 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2072 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2073 | (1 << JVM_CONSTANT_Dynamic); 2074 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2075 } 2076 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2077 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2078 } else if (tag.is_string()) { 2079 current_frame->push_stack( 2080 VerificationType::reference_type( 2081 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2082 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2083 current_frame->push_stack( 2084 VerificationType::reference_type( 2085 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2086 } else if (tag.is_int()) { 2087 current_frame->push_stack( 2088 VerificationType::integer_type(), CHECK_VERIFY(this)); 2089 } else if (tag.is_float()) { 2090 current_frame->push_stack( 2091 VerificationType::float_type(), CHECK_VERIFY(this)); 2092 } else if (tag.is_double()) { 2093 current_frame->push_stack_2( 2094 VerificationType::double_type(), 2095 VerificationType::double2_type(), CHECK_VERIFY(this)); 2096 } else if (tag.is_long()) { 2097 current_frame->push_stack_2( 2098 VerificationType::long_type(), 2099 VerificationType::long2_type(), CHECK_VERIFY(this)); 2100 } else if (tag.is_method_handle()) { 2101 current_frame->push_stack( 2102 VerificationType::reference_type( 2103 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2104 } else if (tag.is_method_type()) { 2105 current_frame->push_stack( 2106 VerificationType::reference_type( 2107 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2108 } else if (tag.is_dynamic_constant()) { 2109 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2110 if (!SignatureVerifier::is_valid_type_signature(constant_type)) { 2111 class_format_error( 2112 "Invalid type for dynamic constant in class %s referenced " 2113 "from constant pool index %d", _klass->external_name(), index); 2114 return; 2115 } 2116 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2117 "buffer type must match VerificationType size"); 2118 uintptr_t constant_type_buffer[2]; 2119 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2120 SignatureStream sig_stream(constant_type, false); 2121 int n = change_sig_to_verificationType( 2122 &sig_stream, v_constant_type, CHECK_VERIFY(this)); 2123 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2124 if (n != opcode_n) { 2125 // wrong kind of ldc; reverify against updated type mask 2126 types &= ~(1 << JVM_CONSTANT_Dynamic); 2127 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2128 } 2129 for (int i = 0; i < n; i++) { 2130 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2131 } 2132 } else { 2133 /* Unreachable? verify_cp_type has already validated the cp type. */ 2134 verify_error( 2135 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2136 return; 2137 } 2138 } 2139 2140 void ClassVerifier::verify_switch( 2141 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2142 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2143 int bci = bcs->bci(); 2144 address bcp = bcs->bcp(); 2145 address aligned_bcp = align_up(bcp + 1, jintSize); 2146 2147 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2148 // 4639449 & 4647081: padding bytes must be 0 2149 u2 padding_offset = 1; 2150 while ((bcp + padding_offset) < aligned_bcp) { 2151 if(*(bcp + padding_offset) != 0) { 2152 verify_error(ErrorContext::bad_code(bci), 2153 "Nonzero padding byte in lookupswitch or tableswitch"); 2154 return; 2155 } 2156 padding_offset++; 2157 } 2158 } 2159 2160 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2161 int keys, delta; 2162 current_frame->pop_stack( 2163 VerificationType::integer_type(), CHECK_VERIFY(this)); 2164 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2165 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2166 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2167 if (low > high) { 2168 verify_error(ErrorContext::bad_code(bci), 2169 "low must be less than or equal to high in tableswitch"); 2170 return; 2171 } 2172 keys = high - low + 1; 2173 if (keys < 0) { 2174 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2175 return; 2176 } 2177 delta = 1; 2178 } else { 2179 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2180 if (keys < 0) { 2181 verify_error(ErrorContext::bad_code(bci), 2182 "number of keys in lookupswitch less than 0"); 2183 return; 2184 } 2185 delta = 2; 2186 // Make sure that the lookupswitch items are sorted 2187 for (int i = 0; i < (keys - 1); i++) { 2188 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2189 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2190 if (this_key >= next_key) { 2191 verify_error(ErrorContext::bad_code(bci), 2192 "Bad lookupswitch instruction"); 2193 return; 2194 } 2195 } 2196 } 2197 int target = bci + default_offset; 2198 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2199 for (int i = 0; i < keys; i++) { 2200 // Because check_jump_target() may safepoint, the bytecode could have 2201 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2202 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2203 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2204 stackmap_table->check_jump_target( 2205 current_frame, target, CHECK_VERIFY(this)); 2206 } 2207 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2208 } 2209 2210 bool ClassVerifier::name_in_supers( 2211 Symbol* ref_name, InstanceKlass* current) { 2212 Klass* super = current->super(); 2213 while (super != NULL) { 2214 if (super->name() == ref_name) { 2215 return true; 2216 } 2217 super = super->super(); 2218 } 2219 return false; 2220 } 2221 2222 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2223 StackMapFrame* current_frame, 2224 const constantPoolHandle& cp, 2225 bool allow_arrays, 2226 TRAPS) { 2227 u2 index = bcs->get_index_u2(); 2228 verify_cp_type(bcs->bci(), index, cp, 2229 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2230 2231 // Get field name and signature 2232 Symbol* field_name = cp->name_ref_at(index); 2233 Symbol* field_sig = cp->signature_ref_at(index); 2234 2235 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2236 class_format_error( 2237 "Invalid signature for field in class %s referenced " 2238 "from constant pool index %d", _klass->external_name(), index); 2239 return; 2240 } 2241 2242 // Get referenced class type 2243 VerificationType ref_class_type = cp_ref_index_to_type( 2244 index, cp, CHECK_VERIFY(this)); 2245 if (!ref_class_type.is_object() && 2246 (!allow_arrays || !ref_class_type.is_array())) { 2247 verify_error(ErrorContext::bad_type(bcs->bci(), 2248 TypeOrigin::cp(index, ref_class_type)), 2249 "Expecting reference to class in class %s at constant pool index %d", 2250 _klass->external_name(), index); 2251 return; 2252 } 2253 VerificationType target_class_type = ref_class_type; 2254 2255 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2256 "buffer type must match VerificationType size"); 2257 uintptr_t field_type_buffer[2]; 2258 VerificationType* field_type = (VerificationType*)field_type_buffer; 2259 // If we make a VerificationType[2] array directly, the compiler calls 2260 // to the c-runtime library to do the allocation instead of just 2261 // stack allocating it. Plus it would run constructors. This shows up 2262 // in performance profiles. 2263 2264 SignatureStream sig_stream(field_sig, false); 2265 VerificationType stack_object_type; 2266 int n = change_sig_to_verificationType( 2267 &sig_stream, field_type, CHECK_VERIFY(this)); 2268 u2 bci = bcs->bci(); 2269 bool is_assignable; 2270 switch (bcs->raw_code()) { 2271 case Bytecodes::_getstatic: { 2272 for (int i = 0; i < n; i++) { 2273 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2274 } 2275 break; 2276 } 2277 case Bytecodes::_putstatic: { 2278 for (int i = n - 1; i >= 0; i--) { 2279 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2280 } 2281 break; 2282 } 2283 case Bytecodes::_getfield: { 2284 stack_object_type = current_frame->pop_stack( 2285 target_class_type, CHECK_VERIFY(this)); 2286 for (int i = 0; i < n; i++) { 2287 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2288 } 2289 goto check_protected; 2290 } 2291 case Bytecodes::_putfield: { 2292 for (int i = n - 1; i >= 0; i--) { 2293 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2294 } 2295 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2296 2297 // The JVMS 2nd edition allows field initialization before the superclass 2298 // initializer, if the field is defined within the current class. 2299 fieldDescriptor fd; 2300 if (stack_object_type == VerificationType::uninitialized_this_type() && 2301 target_class_type.equals(current_type()) && 2302 _klass->find_local_field(field_name, field_sig, &fd)) { 2303 stack_object_type = current_type(); 2304 } 2305 is_assignable = target_class_type.is_assignable_from( 2306 stack_object_type, this, false, CHECK_VERIFY(this)); 2307 if (!is_assignable) { 2308 verify_error(ErrorContext::bad_type(bci, 2309 current_frame->stack_top_ctx(), 2310 TypeOrigin::cp(index, target_class_type)), 2311 "Bad type on operand stack in putfield"); 2312 return; 2313 } 2314 } 2315 check_protected: { 2316 if (_this_type == stack_object_type) 2317 break; // stack_object_type must be assignable to _current_class_type 2318 if (was_recursively_verified()) return; 2319 Symbol* ref_class_name = 2320 cp->klass_name_at(cp->klass_ref_index_at(index)); 2321 if (!name_in_supers(ref_class_name, current_class())) 2322 // stack_object_type must be assignable to _current_class_type since: 2323 // 1. stack_object_type must be assignable to ref_class. 2324 // 2. ref_class must be _current_class or a subclass of it. It can't 2325 // be a superclass of it. See revised JVMS 5.4.4. 2326 break; 2327 2328 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2329 if (is_protected_access(current_class(), ref_class_oop, field_name, 2330 field_sig, false)) { 2331 // It's protected access, check if stack object is assignable to 2332 // current class. 2333 is_assignable = current_type().is_assignable_from( 2334 stack_object_type, this, true, CHECK_VERIFY(this)); 2335 if (!is_assignable) { 2336 verify_error(ErrorContext::bad_type(bci, 2337 current_frame->stack_top_ctx(), 2338 TypeOrigin::implicit(current_type())), 2339 "Bad access to protected data in getfield"); 2340 return; 2341 } 2342 } 2343 break; 2344 } 2345 default: ShouldNotReachHere(); 2346 } 2347 } 2348 2349 // Look at the method's handlers. If the bci is in the handler's try block 2350 // then check if the handler_pc is already on the stack. If not, push it 2351 // unless the handler has already been scanned. 2352 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2353 GrowableArray<u4>* handler_list, 2354 GrowableArray<u4>* handler_stack, 2355 u4 bci) { 2356 int exlength = exhandlers->length(); 2357 for(int x = 0; x < exlength; x++) { 2358 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2359 u4 exhandler_pc = exhandlers->handler_pc(x); 2360 if (!handler_list->contains(exhandler_pc)) { 2361 handler_stack->append_if_missing(exhandler_pc); 2362 handler_list->append(exhandler_pc); 2363 } 2364 } 2365 } 2366 } 2367 2368 // Return TRUE if all code paths starting with start_bc_offset end in 2369 // bytecode athrow or loop. 2370 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2371 ResourceMark rm; 2372 // Create bytecode stream. 2373 RawBytecodeStream bcs(method()); 2374 u4 code_length = method()->code_size(); 2375 bcs.set_start(start_bc_offset); 2376 u4 target; 2377 // Create stack for storing bytecode start offsets for if* and *switch. 2378 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2379 // Create stack for handlers for try blocks containing this handler. 2380 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2381 // Create list of handlers that have been pushed onto the handler_stack 2382 // so that handlers embedded inside of their own TRY blocks only get 2383 // scanned once. 2384 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2385 // Create list of visited branch opcodes (goto* and if*). 2386 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2387 ExceptionTable exhandlers(_method()); 2388 2389 while (true) { 2390 if (bcs.is_last_bytecode()) { 2391 // if no more starting offsets to parse or if at the end of the 2392 // method then return false. 2393 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2394 return false; 2395 // Pop a bytecode starting offset and scan from there. 2396 bcs.set_start(bci_stack->pop()); 2397 } 2398 Bytecodes::Code opcode = bcs.raw_next(); 2399 u4 bci = bcs.bci(); 2400 2401 // If the bytecode is in a TRY block, push its handlers so they 2402 // will get parsed. 2403 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2404 2405 switch (opcode) { 2406 case Bytecodes::_if_icmpeq: 2407 case Bytecodes::_if_icmpne: 2408 case Bytecodes::_if_icmplt: 2409 case Bytecodes::_if_icmpge: 2410 case Bytecodes::_if_icmpgt: 2411 case Bytecodes::_if_icmple: 2412 case Bytecodes::_ifeq: 2413 case Bytecodes::_ifne: 2414 case Bytecodes::_iflt: 2415 case Bytecodes::_ifge: 2416 case Bytecodes::_ifgt: 2417 case Bytecodes::_ifle: 2418 case Bytecodes::_if_acmpeq: 2419 case Bytecodes::_if_acmpne: 2420 case Bytecodes::_ifnull: 2421 case Bytecodes::_ifnonnull: 2422 target = bcs.dest(); 2423 if (visited_branches->contains(bci)) { 2424 if (bci_stack->is_empty()) { 2425 if (handler_stack->is_empty()) { 2426 return true; 2427 } else { 2428 // Parse the catch handlers for try blocks containing athrow. 2429 bcs.set_start(handler_stack->pop()); 2430 } 2431 } else { 2432 // Pop a bytecode starting offset and scan from there. 2433 bcs.set_start(bci_stack->pop()); 2434 } 2435 } else { 2436 if (target > bci) { // forward branch 2437 if (target >= code_length) return false; 2438 // Push the branch target onto the stack. 2439 bci_stack->push(target); 2440 // then, scan bytecodes starting with next. 2441 bcs.set_start(bcs.next_bci()); 2442 } else { // backward branch 2443 // Push bytecode offset following backward branch onto the stack. 2444 bci_stack->push(bcs.next_bci()); 2445 // Check bytecodes starting with branch target. 2446 bcs.set_start(target); 2447 } 2448 // Record target so we don't branch here again. 2449 visited_branches->append(bci); 2450 } 2451 break; 2452 2453 case Bytecodes::_goto: 2454 case Bytecodes::_goto_w: 2455 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2456 if (visited_branches->contains(bci)) { 2457 if (bci_stack->is_empty()) { 2458 if (handler_stack->is_empty()) { 2459 return true; 2460 } else { 2461 // Parse the catch handlers for try blocks containing athrow. 2462 bcs.set_start(handler_stack->pop()); 2463 } 2464 } else { 2465 // Been here before, pop new starting offset from stack. 2466 bcs.set_start(bci_stack->pop()); 2467 } 2468 } else { 2469 if (target >= code_length) return false; 2470 // Continue scanning from the target onward. 2471 bcs.set_start(target); 2472 // Record target so we don't branch here again. 2473 visited_branches->append(bci); 2474 } 2475 break; 2476 2477 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2478 // is difficult to determine where each switch alternative ends, parse 2479 // each switch alternative until either hit a 'return', 'athrow', or reach 2480 // the end of the method's bytecodes. This is gross but should be okay 2481 // because: 2482 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2483 // constructor invocations should be rare. 2484 // 2. if each switch alternative ends in an athrow then the parsing should be 2485 // short. If there is no athrow then it is bogus code, anyway. 2486 case Bytecodes::_lookupswitch: 2487 case Bytecodes::_tableswitch: 2488 { 2489 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2490 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2491 int keys, delta; 2492 if (opcode == Bytecodes::_tableswitch) { 2493 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2494 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2495 // This is invalid, but let the regular bytecode verifier 2496 // report this because the user will get a better error message. 2497 if (low > high) return true; 2498 keys = high - low + 1; 2499 delta = 1; 2500 } else { 2501 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2502 delta = 2; 2503 } 2504 // Invalid, let the regular bytecode verifier deal with it. 2505 if (keys < 0) return true; 2506 2507 // Push the offset of the next bytecode onto the stack. 2508 bci_stack->push(bcs.next_bci()); 2509 2510 // Push the switch alternatives onto the stack. 2511 for (int i = 0; i < keys; i++) { 2512 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2513 if (target > code_length) return false; 2514 bci_stack->push(target); 2515 } 2516 2517 // Start bytecode parsing for the switch at the default alternative. 2518 if (default_offset > code_length) return false; 2519 bcs.set_start(default_offset); 2520 break; 2521 } 2522 2523 case Bytecodes::_return: 2524 return false; 2525 2526 case Bytecodes::_athrow: 2527 { 2528 if (bci_stack->is_empty()) { 2529 if (handler_stack->is_empty()) { 2530 return true; 2531 } else { 2532 // Parse the catch handlers for try blocks containing athrow. 2533 bcs.set_start(handler_stack->pop()); 2534 } 2535 } else { 2536 // Pop a bytecode offset and starting scanning from there. 2537 bcs.set_start(bci_stack->pop()); 2538 } 2539 } 2540 break; 2541 2542 default: 2543 ; 2544 } // end switch 2545 } // end while loop 2546 2547 return false; 2548 } 2549 2550 void ClassVerifier::verify_invoke_init( 2551 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2552 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2553 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2554 TRAPS) { 2555 u2 bci = bcs->bci(); 2556 VerificationType type = current_frame->pop_stack( 2557 VerificationType::reference_check(), CHECK_VERIFY(this)); 2558 if (type == VerificationType::uninitialized_this_type()) { 2559 // The method must be an <init> method of this class or its superclass 2560 Klass* superk = current_class()->super(); 2561 if (ref_class_type.name() != current_class()->name() && 2562 ref_class_type.name() != superk->name()) { 2563 verify_error(ErrorContext::bad_type(bci, 2564 TypeOrigin::implicit(ref_class_type), 2565 TypeOrigin::implicit(current_type())), 2566 "Bad <init> method call"); 2567 return; 2568 } 2569 2570 // If this invokespecial call is done from inside of a TRY block then make 2571 // sure that all catch clause paths end in a throw. Otherwise, this can 2572 // result in returning an incomplete object. 2573 if (in_try_block) { 2574 ExceptionTable exhandlers(_method()); 2575 int exlength = exhandlers.length(); 2576 for(int i = 0; i < exlength; i++) { 2577 u2 start_pc = exhandlers.start_pc(i); 2578 u2 end_pc = exhandlers.end_pc(i); 2579 2580 if (bci >= start_pc && bci < end_pc) { 2581 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2582 verify_error(ErrorContext::bad_code(bci), 2583 "Bad <init> method call from after the start of a try block"); 2584 return; 2585 } else if (log_is_enabled(Info, verification)) { 2586 ResourceMark rm(THREAD); 2587 log_info(verification)("Survived call to ends_in_athrow(): %s", 2588 current_class()->name()->as_C_string()); 2589 } 2590 } 2591 } 2592 2593 // Check the exception handler target stackmaps with the locals from the 2594 // incoming stackmap (before initialize_object() changes them to outgoing 2595 // state). 2596 if (was_recursively_verified()) return; 2597 verify_exception_handler_targets(bci, true, current_frame, 2598 stackmap_table, CHECK_VERIFY(this)); 2599 } // in_try_block 2600 2601 current_frame->initialize_object(type, current_type()); 2602 *this_uninit = true; 2603 } else if (type.is_uninitialized()) { 2604 u2 new_offset = type.bci(); 2605 address new_bcp = bcs->bcp() - bci + new_offset; 2606 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2607 /* Unreachable? Stack map parsing ensures valid type and new 2608 * instructions have a valid BCI. */ 2609 verify_error(ErrorContext::bad_code(new_offset), 2610 "Expecting new instruction"); 2611 return; 2612 } 2613 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2614 if (was_recursively_verified()) return; 2615 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2616 2617 // The method must be an <init> method of the indicated class 2618 VerificationType new_class_type = cp_index_to_type( 2619 new_class_index, cp, CHECK_VERIFY(this)); 2620 if (!new_class_type.equals(ref_class_type)) { 2621 verify_error(ErrorContext::bad_type(bci, 2622 TypeOrigin::cp(new_class_index, new_class_type), 2623 TypeOrigin::cp(ref_class_index, ref_class_type)), 2624 "Call to wrong <init> method"); 2625 return; 2626 } 2627 // According to the VM spec, if the referent class is a superclass of the 2628 // current class, and is in a different runtime package, and the method is 2629 // protected, then the objectref must be the current class or a subclass 2630 // of the current class. 2631 VerificationType objectref_type = new_class_type; 2632 if (name_in_supers(ref_class_type.name(), current_class())) { 2633 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2634 if (was_recursively_verified()) return; 2635 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2636 vmSymbols::object_initializer_name(), 2637 cp->signature_ref_at(bcs->get_index_u2()), 2638 Klass::find_overpass); 2639 // Do nothing if method is not found. Let resolution detect the error. 2640 if (m != NULL) { 2641 InstanceKlass* mh = m->method_holder(); 2642 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2643 bool assignable = current_type().is_assignable_from( 2644 objectref_type, this, true, CHECK_VERIFY(this)); 2645 if (!assignable) { 2646 verify_error(ErrorContext::bad_type(bci, 2647 TypeOrigin::cp(new_class_index, objectref_type), 2648 TypeOrigin::implicit(current_type())), 2649 "Bad access to protected <init> method"); 2650 return; 2651 } 2652 } 2653 } 2654 } 2655 // Check the exception handler target stackmaps with the locals from the 2656 // incoming stackmap (before initialize_object() changes them to outgoing 2657 // state). 2658 if (in_try_block) { 2659 if (was_recursively_verified()) return; 2660 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2661 stackmap_table, CHECK_VERIFY(this)); 2662 } 2663 current_frame->initialize_object(type, new_class_type); 2664 } else { 2665 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2666 "Bad operand type when invoking <init>"); 2667 return; 2668 } 2669 } 2670 2671 bool ClassVerifier::is_same_or_direct_interface( 2672 InstanceKlass* klass, 2673 VerificationType klass_type, 2674 VerificationType ref_class_type) { 2675 if (ref_class_type.equals(klass_type)) return true; 2676 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2677 if (local_interfaces != NULL) { 2678 for (int x = 0; x < local_interfaces->length(); x++) { 2679 Klass* k = local_interfaces->at(x); 2680 assert (k != NULL && k->is_interface(), "invalid interface"); 2681 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2682 return true; 2683 } 2684 } 2685 } 2686 return false; 2687 } 2688 2689 void ClassVerifier::verify_invoke_instructions( 2690 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2691 bool in_try_block, bool *this_uninit, VerificationType return_type, 2692 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2693 // Make sure the constant pool item is the right type 2694 u2 index = bcs->get_index_u2(); 2695 Bytecodes::Code opcode = bcs->raw_code(); 2696 unsigned int types = 0; 2697 switch (opcode) { 2698 case Bytecodes::_invokeinterface: 2699 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2700 break; 2701 case Bytecodes::_invokedynamic: 2702 types = 1 << JVM_CONSTANT_InvokeDynamic; 2703 break; 2704 case Bytecodes::_invokespecial: 2705 case Bytecodes::_invokestatic: 2706 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2707 (1 << JVM_CONSTANT_Methodref) : 2708 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2709 break; 2710 default: 2711 types = 1 << JVM_CONSTANT_Methodref; 2712 } 2713 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2714 2715 // Get method name and signature 2716 Symbol* method_name = cp->name_ref_at(index); 2717 Symbol* method_sig = cp->signature_ref_at(index); 2718 2719 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2720 class_format_error( 2721 "Invalid method signature in class %s referenced " 2722 "from constant pool index %d", _klass->external_name(), index); 2723 return; 2724 } 2725 2726 // Get referenced class type 2727 VerificationType ref_class_type; 2728 if (opcode == Bytecodes::_invokedynamic) { 2729 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2730 class_format_error( 2731 "invokedynamic instructions not supported by this class file version (%d), class %s", 2732 _klass->major_version(), _klass->external_name()); 2733 return; 2734 } 2735 } else { 2736 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2737 } 2738 2739 // For a small signature length, we just allocate 128 bytes instead 2740 // of parsing the signature once to find its size. 2741 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2742 // longs/doubles to be consertive. 2743 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2744 "buffer type must match VerificationType size"); 2745 uintptr_t on_stack_sig_types_buffer[128]; 2746 // If we make a VerificationType[128] array directly, the compiler calls 2747 // to the c-runtime library to do the allocation instead of just 2748 // stack allocating it. Plus it would run constructors. This shows up 2749 // in performance profiles. 2750 2751 VerificationType* sig_types; 2752 int size = (method_sig->utf8_length() - 3) * 2; 2753 if (size > 128) { 2754 // Long and double occupies two slots here. 2755 ArgumentSizeComputer size_it(method_sig); 2756 size = size_it.size(); 2757 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2758 } else{ 2759 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2760 } 2761 SignatureStream sig_stream(method_sig); 2762 int sig_i = 0; 2763 while (!sig_stream.at_return_type()) { 2764 sig_i += change_sig_to_verificationType( 2765 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2766 sig_stream.next(); 2767 } 2768 int nargs = sig_i; 2769 2770 #ifdef ASSERT 2771 { 2772 ArgumentSizeComputer size_it(method_sig); 2773 assert(nargs == size_it.size(), "Argument sizes do not match"); 2774 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2775 } 2776 #endif 2777 2778 // Check instruction operands 2779 u2 bci = bcs->bci(); 2780 if (opcode == Bytecodes::_invokeinterface) { 2781 address bcp = bcs->bcp(); 2782 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2783 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2784 // the difference between the size of the operand stack before and after the instruction 2785 // executes. 2786 if (*(bcp+3) != (nargs+1)) { 2787 verify_error(ErrorContext::bad_code(bci), 2788 "Inconsistent args count operand in invokeinterface"); 2789 return; 2790 } 2791 if (*(bcp+4) != 0) { 2792 verify_error(ErrorContext::bad_code(bci), 2793 "Fourth operand byte of invokeinterface must be zero"); 2794 return; 2795 } 2796 } 2797 2798 if (opcode == Bytecodes::_invokedynamic) { 2799 address bcp = bcs->bcp(); 2800 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2801 verify_error(ErrorContext::bad_code(bci), 2802 "Third and fourth operand bytes of invokedynamic must be zero"); 2803 return; 2804 } 2805 } 2806 2807 if (method_name->byte_at(0) == '<') { 2808 // Make sure <init> can only be invoked by invokespecial 2809 if (opcode != Bytecodes::_invokespecial || 2810 method_name != vmSymbols::object_initializer_name()) { 2811 verify_error(ErrorContext::bad_code(bci), 2812 "Illegal call to internal method"); 2813 return; 2814 } 2815 } else if (opcode == Bytecodes::_invokespecial 2816 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2817 && !ref_class_type.equals(VerificationType::reference_type( 2818 current_class()->super()->name()))) { 2819 bool subtype = false; 2820 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2821 if (!current_class()->is_anonymous()) { 2822 subtype = ref_class_type.is_assignable_from( 2823 current_type(), this, false, CHECK_VERIFY(this)); 2824 } else { 2825 VerificationType host_klass_type = 2826 VerificationType::reference_type(current_class()->host_klass()->name()); 2827 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2828 2829 // If invokespecial of IMR, need to recheck for same or 2830 // direct interface relative to the host class 2831 have_imr_indirect = (have_imr_indirect && 2832 !is_same_or_direct_interface( 2833 current_class()->host_klass(), 2834 host_klass_type, ref_class_type)); 2835 } 2836 if (!subtype) { 2837 verify_error(ErrorContext::bad_code(bci), 2838 "Bad invokespecial instruction: " 2839 "current class isn't assignable to reference class."); 2840 return; 2841 } else if (have_imr_indirect) { 2842 verify_error(ErrorContext::bad_code(bci), 2843 "Bad invokespecial instruction: " 2844 "interface method reference is in an indirect superinterface."); 2845 return; 2846 } 2847 2848 } 2849 // Match method descriptor with operand stack 2850 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2851 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2852 } 2853 // Check objectref on operand stack 2854 if (opcode != Bytecodes::_invokestatic && 2855 opcode != Bytecodes::_invokedynamic) { 2856 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2857 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2858 code_length, in_try_block, this_uninit, cp, stackmap_table, 2859 CHECK_VERIFY(this)); 2860 if (was_recursively_verified()) return; 2861 } else { // other methods 2862 // Ensures that target class is assignable to method class. 2863 if (opcode == Bytecodes::_invokespecial) { 2864 if (!current_class()->is_anonymous()) { 2865 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2866 } else { 2867 // anonymous class invokespecial calls: check if the 2868 // objectref is a subtype of the host_klass of the current class 2869 // to allow an anonymous class to reference methods in the host_klass 2870 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2871 VerificationType hosttype = 2872 VerificationType::reference_type(current_class()->host_klass()->name()); 2873 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2874 if (!subtype) { 2875 verify_error( ErrorContext::bad_type(current_frame->offset(), 2876 current_frame->stack_top_ctx(), 2877 TypeOrigin::implicit(top)), 2878 "Bad type on operand stack"); 2879 return; 2880 } 2881 } 2882 } else if (opcode == Bytecodes::_invokevirtual) { 2883 VerificationType stack_object_type = 2884 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2885 if (current_type() != stack_object_type) { 2886 if (was_recursively_verified()) return; 2887 assert(cp->cache() == NULL, "not rewritten yet"); 2888 Symbol* ref_class_name = 2889 cp->klass_name_at(cp->klass_ref_index_at(index)); 2890 // See the comments in verify_field_instructions() for 2891 // the rationale behind this. 2892 if (name_in_supers(ref_class_name, current_class())) { 2893 Klass* ref_class = load_class(ref_class_name, CHECK); 2894 if (is_protected_access( 2895 _klass, ref_class, method_name, method_sig, true)) { 2896 // It's protected access, check if stack object is 2897 // assignable to current class. 2898 bool is_assignable = current_type().is_assignable_from( 2899 stack_object_type, this, true, CHECK_VERIFY(this)); 2900 if (!is_assignable) { 2901 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2902 && stack_object_type.is_array() 2903 && method_name == vmSymbols::clone_name()) { 2904 // Special case: arrays pretend to implement public Object 2905 // clone(). 2906 } else { 2907 verify_error(ErrorContext::bad_type(bci, 2908 current_frame->stack_top_ctx(), 2909 TypeOrigin::implicit(current_type())), 2910 "Bad access to protected data in invokevirtual"); 2911 return; 2912 } 2913 } 2914 } 2915 } 2916 } 2917 } else { 2918 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2919 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2920 } 2921 } 2922 } 2923 // Push the result type. 2924 if (sig_stream.type() != T_VOID) { 2925 if (method_name == vmSymbols::object_initializer_name()) { 2926 // <init> method must have a void return type 2927 /* Unreachable? Class file parser verifies that methods with '<' have 2928 * void return */ 2929 verify_error(ErrorContext::bad_code(bci), 2930 "Return type must be void in <init> method"); 2931 return; 2932 } 2933 VerificationType return_type[2]; 2934 int n = change_sig_to_verificationType( 2935 &sig_stream, return_type, CHECK_VERIFY(this)); 2936 for (int i = 0; i < n; i++) { 2937 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2938 } 2939 } 2940 } 2941 2942 VerificationType ClassVerifier::get_newarray_type( 2943 u2 index, u2 bci, TRAPS) { 2944 const char* from_bt[] = { 2945 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2946 }; 2947 if (index < T_BOOLEAN || index > T_LONG) { 2948 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2949 return VerificationType::bogus_type(); 2950 } 2951 2952 // from_bt[index] contains the array signature which has a length of 2 2953 Symbol* sig = create_temporary_symbol( 2954 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2955 return VerificationType::reference_type(sig); 2956 } 2957 2958 void ClassVerifier::verify_anewarray( 2959 u2 bci, u2 index, const constantPoolHandle& cp, 2960 StackMapFrame* current_frame, TRAPS) { 2961 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2962 current_frame->pop_stack( 2963 VerificationType::integer_type(), CHECK_VERIFY(this)); 2964 2965 if (was_recursively_verified()) return; 2966 VerificationType component_type = 2967 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2968 int length; 2969 char* arr_sig_str; 2970 if (component_type.is_array()) { // it's an array 2971 const char* component_name = component_type.name()->as_utf8(); 2972 // Check for more than MAX_ARRAY_DIMENSIONS 2973 length = (int)strlen(component_name); 2974 if (length > MAX_ARRAY_DIMENSIONS && 2975 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 2976 verify_error(ErrorContext::bad_code(bci), 2977 "Illegal anewarray instruction, array has more than 255 dimensions"); 2978 } 2979 // add one dimension to component 2980 length++; 2981 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2982 arr_sig_str[0] = '['; 2983 strncpy(&arr_sig_str[1], component_name, length - 1); 2984 } else { // it's an object or interface 2985 const char* component_name = component_type.name()->as_utf8(); 2986 // add one dimension to component with 'L' prepended and ';' postpended. 2987 length = (int)strlen(component_name) + 3; 2988 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2989 arr_sig_str[0] = '['; 2990 arr_sig_str[1] = 'L'; 2991 strncpy(&arr_sig_str[2], component_name, length - 2); 2992 arr_sig_str[length - 1] = ';'; 2993 } 2994 Symbol* arr_sig = create_temporary_symbol( 2995 arr_sig_str, length, CHECK_VERIFY(this)); 2996 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2997 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2998 } 2999 3000 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3001 current_frame->get_local( 3002 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3003 current_frame->push_stack( 3004 VerificationType::integer_type(), CHECK_VERIFY(this)); 3005 } 3006 3007 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3008 current_frame->get_local_2( 3009 index, VerificationType::long_type(), 3010 VerificationType::long2_type(), CHECK_VERIFY(this)); 3011 current_frame->push_stack_2( 3012 VerificationType::long_type(), 3013 VerificationType::long2_type(), CHECK_VERIFY(this)); 3014 } 3015 3016 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3017 current_frame->get_local( 3018 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3019 current_frame->push_stack( 3020 VerificationType::float_type(), CHECK_VERIFY(this)); 3021 } 3022 3023 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3024 current_frame->get_local_2( 3025 index, VerificationType::double_type(), 3026 VerificationType::double2_type(), CHECK_VERIFY(this)); 3027 current_frame->push_stack_2( 3028 VerificationType::double_type(), 3029 VerificationType::double2_type(), CHECK_VERIFY(this)); 3030 } 3031 3032 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3033 VerificationType type = current_frame->get_local( 3034 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3035 current_frame->push_stack(type, CHECK_VERIFY(this)); 3036 } 3037 3038 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3039 current_frame->pop_stack( 3040 VerificationType::integer_type(), CHECK_VERIFY(this)); 3041 current_frame->set_local( 3042 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3043 } 3044 3045 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3046 current_frame->pop_stack_2( 3047 VerificationType::long2_type(), 3048 VerificationType::long_type(), CHECK_VERIFY(this)); 3049 current_frame->set_local_2( 3050 index, VerificationType::long_type(), 3051 VerificationType::long2_type(), CHECK_VERIFY(this)); 3052 } 3053 3054 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3055 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3056 current_frame->set_local( 3057 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3058 } 3059 3060 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3061 current_frame->pop_stack_2( 3062 VerificationType::double2_type(), 3063 VerificationType::double_type(), CHECK_VERIFY(this)); 3064 current_frame->set_local_2( 3065 index, VerificationType::double_type(), 3066 VerificationType::double2_type(), CHECK_VERIFY(this)); 3067 } 3068 3069 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3070 VerificationType type = current_frame->pop_stack( 3071 VerificationType::reference_check(), CHECK_VERIFY(this)); 3072 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3073 } 3074 3075 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3076 VerificationType type = current_frame->get_local( 3077 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3078 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3079 } 3080 3081 void ClassVerifier::verify_return_value( 3082 VerificationType return_type, VerificationType type, u2 bci, 3083 StackMapFrame* current_frame, TRAPS) { 3084 if (return_type == VerificationType::bogus_type()) { 3085 verify_error(ErrorContext::bad_type(bci, 3086 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3087 "Method expects a return value"); 3088 return; 3089 } 3090 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3091 if (!match) { 3092 verify_error(ErrorContext::bad_type(bci, 3093 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3094 "Bad return type"); 3095 return; 3096 } 3097 } 3098 3099 // The verifier creates symbols which are substrings of Symbols. 3100 // These are stored in the verifier until the end of verification so that 3101 // they can be reference counted. 3102 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3103 int end, TRAPS) { 3104 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3105 _symbols->push(sym); 3106 return sym; 3107 } 3108 3109 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3110 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3111 _symbols->push(sym); 3112 return sym; 3113 }