1 /* 2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/systemDictionary.hpp" 33 #include "classfile/verifier.hpp" 34 #include "classfile/vmSymbols.hpp" 35 #include "interpreter/bytecodes.hpp" 36 #include "interpreter/bytecodeStream.hpp" 37 #include "logging/log.hpp" 38 #include "logging/logStream.hpp" 39 #include "memory/oopFactory.hpp" 40 #include "memory/resourceArea.hpp" 41 #include "oops/constantPool.inline.hpp" 42 #include "oops/instanceKlass.hpp" 43 #include "oops/oop.inline.hpp" 44 #include "oops/typeArrayOop.hpp" 45 #include "runtime/fieldDescriptor.hpp" 46 #include "runtime/handles.inline.hpp" 47 #include "runtime/interfaceSupport.inline.hpp" 48 #include "runtime/javaCalls.hpp" 49 #include "runtime/jniHandles.inline.hpp" 50 #include "runtime/orderAccess.inline.hpp" 51 #include "runtime/os.hpp" 52 #include "runtime/safepointVerifiers.hpp" 53 #include "runtime/thread.hpp" 54 #include "services/threadService.hpp" 55 #include "utilities/align.hpp" 56 #include "utilities/bytes.hpp" 57 58 #define NOFAILOVER_MAJOR_VERSION 51 59 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 60 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 61 #define MAX_ARRAY_DIMENSIONS 255 62 63 // Access to external entry for VerifyClassCodes - old byte code verifier 64 65 extern "C" { 66 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 67 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 68 } 69 70 static void* volatile _verify_byte_codes_fn = NULL; 71 72 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 73 74 static void* verify_byte_codes_fn() { 75 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) { 76 void *lib_handle = os::native_java_library(); 77 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 78 OrderAccess::release_store(&_verify_byte_codes_fn, func); 79 if (func == NULL) { 80 _is_new_verify_byte_codes_fn = false; 81 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 82 OrderAccess::release_store(&_verify_byte_codes_fn, func); 83 } 84 } 85 return (void*)_verify_byte_codes_fn; 86 } 87 88 89 // Methods in Verifier 90 91 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 92 return (class_loader == NULL || !should_verify_class) ? 93 BytecodeVerificationLocal : BytecodeVerificationRemote; 94 } 95 96 bool Verifier::relax_access_for(oop loader) { 97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 98 bool need_verify = 99 // verifyAll 100 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 101 // verifyRemote 102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 103 return !need_verify; 104 } 105 106 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 107 assert(verify_class != NULL, "Unexpected null verify_class"); 108 ResourceMark rm; 109 Symbol* s = verify_class->source_file_name(); 110 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 111 const char* verify = verify_class->external_name(); 112 const char* resolve = resolve_class->external_name(); 113 // print in a single call to reduce interleaving between threads 114 if (source_file != NULL) { 115 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 116 } else { 117 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 118 } 119 } 120 121 // Prints the end-verification message to the appropriate output. 122 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 123 if (HAS_PENDING_EXCEPTION) { 124 st->print("Verification for %s has", klassName); 125 st->print_cr(" exception pending %s ", 126 PENDING_EXCEPTION->klass()->external_name()); 127 } else if (exception_name != NULL) { 128 st->print_cr("Verification for %s failed", klassName); 129 } 130 st->print_cr("End class verification for: %s", klassName); 131 } 132 133 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 134 HandleMark hm(THREAD); 135 ResourceMark rm(THREAD); 136 137 // Eagerly allocate the identity hash code for a klass. This is a fallout 138 // from 6320749 and 8059924: hash code generator is not supposed to be called 139 // during the safepoint, but it allows to sneak the hashcode in during 140 // verification. Without this eager hashcode generation, we may end up 141 // installing the hashcode during some other operation, which may be at 142 // safepoint -- blowing up the checks. It was previously done as the side 143 // effect (sic!) for external_name(), but instead of doing that, we opt to 144 // explicitly push the hashcode in here. This is signify the following block 145 // is IMPORTANT: 146 if (klass->java_mirror() != NULL) { 147 klass->java_mirror()->identity_hash(); 148 } 149 150 if (!is_eligible_for_verification(klass, should_verify_class)) { 151 return true; 152 } 153 154 // Timer includes any side effects of class verification (resolution, 155 // etc), but not recursive calls to Verifier::verify(). 156 JavaThread* jt = (JavaThread*)THREAD; 157 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 158 ClassLoader::perf_class_verify_selftime(), 159 ClassLoader::perf_classes_verified(), 160 jt->get_thread_stat()->perf_recursion_counts_addr(), 161 jt->get_thread_stat()->perf_timers_addr(), 162 PerfClassTraceTime::CLASS_VERIFY); 163 164 // If the class should be verified, first see if we can use the split 165 // verifier. If not, or if verification fails and FailOverToOldVerifier 166 // is set, then call the inference verifier. 167 168 Symbol* exception_name = NULL; 169 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 170 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 171 char* exception_message = message_buffer; 172 173 const char* klassName = klass->external_name(); 174 bool can_failover = FailOverToOldVerifier && 175 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 176 177 log_info(class, init)("Start class verification for: %s", klassName); 178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 179 ClassVerifier split_verifier(klass, THREAD); 180 split_verifier.verify_class(THREAD); 181 exception_name = split_verifier.result(); 182 if (can_failover && !HAS_PENDING_EXCEPTION && 183 (exception_name == vmSymbols::java_lang_VerifyError() || 184 exception_name == vmSymbols::java_lang_ClassFormatError())) { 185 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 186 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 187 exception_name = inference_verify( 188 klass, message_buffer, message_buffer_len, THREAD); 189 } 190 if (exception_name != NULL) { 191 exception_message = split_verifier.exception_message(); 192 } 193 } else { 194 exception_name = inference_verify( 195 klass, message_buffer, message_buffer_len, THREAD); 196 } 197 198 LogTarget(Info, class, init) lt1; 199 if (lt1.is_enabled()) { 200 LogStream ls(lt1); 201 log_end_verification(&ls, klassName, exception_name, THREAD); 202 } 203 LogTarget(Info, verification) lt2; 204 if (lt2.is_enabled()) { 205 LogStream ls(lt2); 206 log_end_verification(&ls, klassName, exception_name, THREAD); 207 } 208 209 if (HAS_PENDING_EXCEPTION) { 210 return false; // use the existing exception 211 } else if (exception_name == NULL) { 212 return true; // verifcation succeeded 213 } else { // VerifyError or ClassFormatError to be created and thrown 214 ResourceMark rm(THREAD); 215 Klass* kls = 216 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 217 if (log_is_enabled(Debug, class, resolve)) { 218 Verifier::trace_class_resolution(kls, klass); 219 } 220 221 while (kls != NULL) { 222 if (kls == klass) { 223 // If the class being verified is the exception we're creating 224 // or one of it's superclasses, we're in trouble and are going 225 // to infinitely recurse when we try to initialize the exception. 226 // So bail out here by throwing the preallocated VM error. 227 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 228 } 229 kls = kls->super(); 230 } 231 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 232 THROW_MSG_(exception_name, exception_message, false); 233 } 234 } 235 236 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 237 Symbol* name = klass->name(); 238 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 239 240 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 241 242 return (should_verify_for(klass->class_loader(), should_verify_class) && 243 // return if the class is a bootstrapping class 244 // or defineClass specified not to verify by default (flags override passed arg) 245 // We need to skip the following four for bootstraping 246 name != vmSymbols::java_lang_Object() && 247 name != vmSymbols::java_lang_Class() && 248 name != vmSymbols::java_lang_String() && 249 name != vmSymbols::java_lang_Throwable() && 250 251 // Can not verify the bytecodes for shared classes because they have 252 // already been rewritten to contain constant pool cache indices, 253 // which the verifier can't understand. 254 // Shared classes shouldn't have stackmaps either. 255 !klass->is_shared() && 256 257 // As of the fix for 4486457 we disable verification for all of the 258 // dynamically-generated bytecodes associated with the 1.4 259 // reflection implementation, not just those associated with 260 // jdk/internal/reflect/SerializationConstructorAccessor. 261 // NOTE: this is called too early in the bootstrapping process to be 262 // guarded by Universe::is_gte_jdk14x_version(). 263 // Also for lambda generated code, gte jdk8 264 (!is_reflect)); 265 } 266 267 Symbol* Verifier::inference_verify( 268 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 269 JavaThread* thread = (JavaThread*)THREAD; 270 JNIEnv *env = thread->jni_environment(); 271 272 void* verify_func = verify_byte_codes_fn(); 273 274 if (verify_func == NULL) { 275 jio_snprintf(message, message_len, "Could not link verifier"); 276 return vmSymbols::java_lang_VerifyError(); 277 } 278 279 ResourceMark rm(THREAD); 280 log_info(verification)("Verifying class %s with old format", klass->external_name()); 281 282 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 283 jint result; 284 285 { 286 HandleMark hm(thread); 287 ThreadToNativeFromVM ttn(thread); 288 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 289 // code knows that we have left the VM 290 291 if (_is_new_verify_byte_codes_fn) { 292 verify_byte_codes_fn_new_t func = 293 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 294 result = (*func)(env, cls, message, (int)message_len, 295 klass->major_version()); 296 } else { 297 verify_byte_codes_fn_t func = 298 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 299 result = (*func)(env, cls, message, (int)message_len); 300 } 301 } 302 303 JNIHandles::destroy_local(cls); 304 305 // These numbers are chosen so that VerifyClassCodes interface doesn't need 306 // to be changed (still return jboolean (unsigned char)), and result is 307 // 1 when verification is passed. 308 if (result == 0) { 309 return vmSymbols::java_lang_VerifyError(); 310 } else if (result == 1) { 311 return NULL; // verified. 312 } else if (result == 2) { 313 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 314 } else if (result == 3) { 315 return vmSymbols::java_lang_ClassFormatError(); 316 } else { 317 ShouldNotReachHere(); 318 return NULL; 319 } 320 } 321 322 TypeOrigin TypeOrigin::null() { 323 return TypeOrigin(); 324 } 325 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 326 assert(frame != NULL, "Must have a frame"); 327 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 328 frame->local_at(index)); 329 } 330 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 331 assert(frame != NULL, "Must have a frame"); 332 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 333 frame->stack_at(index)); 334 } 335 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 336 assert(frame != NULL, "Must have a frame"); 337 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 338 frame->local_at(index)); 339 } 340 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 341 assert(frame != NULL, "Must have a frame"); 342 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 343 frame->stack_at(index)); 344 } 345 TypeOrigin TypeOrigin::bad_index(u2 index) { 346 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 347 } 348 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 349 return TypeOrigin(CONST_POOL, index, NULL, vt); 350 } 351 TypeOrigin TypeOrigin::signature(VerificationType vt) { 352 return TypeOrigin(SIG, 0, NULL, vt); 353 } 354 TypeOrigin TypeOrigin::implicit(VerificationType t) { 355 return TypeOrigin(IMPLICIT, 0, NULL, t); 356 } 357 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 358 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 359 VerificationType::bogus_type()); 360 } 361 362 void TypeOrigin::reset_frame() { 363 if (_frame != NULL) { 364 _frame->restore(); 365 } 366 } 367 368 void TypeOrigin::details(outputStream* ss) const { 369 _type.print_on(ss); 370 switch (_origin) { 371 case CF_LOCALS: 372 ss->print(" (current frame, locals[%d])", _index); 373 break; 374 case CF_STACK: 375 ss->print(" (current frame, stack[%d])", _index); 376 break; 377 case SM_LOCALS: 378 ss->print(" (stack map, locals[%d])", _index); 379 break; 380 case SM_STACK: 381 ss->print(" (stack map, stack[%d])", _index); 382 break; 383 case CONST_POOL: 384 ss->print(" (constant pool %d)", _index); 385 break; 386 case SIG: 387 ss->print(" (from method signature)"); 388 break; 389 case IMPLICIT: 390 case FRAME_ONLY: 391 case NONE: 392 default: 393 ; 394 } 395 } 396 397 #ifdef ASSERT 398 void TypeOrigin::print_on(outputStream* str) const { 399 str->print("{%d,%d,%p:", _origin, _index, _frame); 400 if (_frame != NULL) { 401 _frame->print_on(str); 402 } else { 403 str->print("null"); 404 } 405 str->print(","); 406 _type.print_on(str); 407 str->print("}"); 408 } 409 #endif 410 411 void ErrorContext::details(outputStream* ss, const Method* method) const { 412 if (is_valid()) { 413 ss->cr(); 414 ss->print_cr("Exception Details:"); 415 location_details(ss, method); 416 reason_details(ss); 417 frame_details(ss); 418 bytecode_details(ss, method); 419 handler_details(ss, method); 420 stackmap_details(ss, method); 421 } 422 } 423 424 void ErrorContext::reason_details(outputStream* ss) const { 425 streamIndentor si(ss); 426 ss->indent().print_cr("Reason:"); 427 streamIndentor si2(ss); 428 ss->indent().print("%s", ""); 429 switch (_fault) { 430 case INVALID_BYTECODE: 431 ss->print("Error exists in the bytecode"); 432 break; 433 case WRONG_TYPE: 434 if (_expected.is_valid()) { 435 ss->print("Type "); 436 _type.details(ss); 437 ss->print(" is not assignable to "); 438 _expected.details(ss); 439 } else { 440 ss->print("Invalid type: "); 441 _type.details(ss); 442 } 443 break; 444 case FLAGS_MISMATCH: 445 if (_expected.is_valid()) { 446 ss->print("Current frame's flags are not assignable " 447 "to stack map frame's."); 448 } else { 449 ss->print("Current frame's flags are invalid in this context."); 450 } 451 break; 452 case BAD_CP_INDEX: 453 ss->print("Constant pool index %d is invalid", _type.index()); 454 break; 455 case BAD_LOCAL_INDEX: 456 ss->print("Local index %d is invalid", _type.index()); 457 break; 458 case LOCALS_SIZE_MISMATCH: 459 ss->print("Current frame's local size doesn't match stackmap."); 460 break; 461 case STACK_SIZE_MISMATCH: 462 ss->print("Current frame's stack size doesn't match stackmap."); 463 break; 464 case STACK_OVERFLOW: 465 ss->print("Exceeded max stack size."); 466 break; 467 case STACK_UNDERFLOW: 468 ss->print("Attempt to pop empty stack."); 469 break; 470 case MISSING_STACKMAP: 471 ss->print("Expected stackmap frame at this location."); 472 break; 473 case BAD_STACKMAP: 474 ss->print("Invalid stackmap specification."); 475 break; 476 case UNKNOWN: 477 default: 478 ShouldNotReachHere(); 479 ss->print_cr("Unknown"); 480 } 481 ss->cr(); 482 } 483 484 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 485 if (_bci != -1 && method != NULL) { 486 streamIndentor si(ss); 487 const char* bytecode_name = "<invalid>"; 488 if (method->validate_bci(_bci) != -1) { 489 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 490 if (Bytecodes::is_defined(code)) { 491 bytecode_name = Bytecodes::name(code); 492 } else { 493 bytecode_name = "<illegal>"; 494 } 495 } 496 InstanceKlass* ik = method->method_holder(); 497 ss->indent().print_cr("Location:"); 498 streamIndentor si2(ss); 499 ss->indent().print_cr("%s.%s%s @%d: %s", 500 ik->name()->as_C_string(), method->name()->as_C_string(), 501 method->signature()->as_C_string(), _bci, bytecode_name); 502 } 503 } 504 505 void ErrorContext::frame_details(outputStream* ss) const { 506 streamIndentor si(ss); 507 if (_type.is_valid() && _type.frame() != NULL) { 508 ss->indent().print_cr("Current Frame:"); 509 streamIndentor si2(ss); 510 _type.frame()->print_on(ss); 511 } 512 if (_expected.is_valid() && _expected.frame() != NULL) { 513 ss->indent().print_cr("Stackmap Frame:"); 514 streamIndentor si2(ss); 515 _expected.frame()->print_on(ss); 516 } 517 } 518 519 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 520 if (method != NULL) { 521 streamIndentor si(ss); 522 ss->indent().print_cr("Bytecode:"); 523 streamIndentor si2(ss); 524 ss->print_data(method->code_base(), method->code_size(), false); 525 } 526 } 527 528 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 529 if (method != NULL) { 530 streamIndentor si(ss); 531 ExceptionTable table(method); 532 if (table.length() > 0) { 533 ss->indent().print_cr("Exception Handler Table:"); 534 streamIndentor si2(ss); 535 for (int i = 0; i < table.length(); ++i) { 536 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 537 table.end_pc(i), table.handler_pc(i)); 538 } 539 } 540 } 541 } 542 543 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 544 if (method != NULL && method->has_stackmap_table()) { 545 streamIndentor si(ss); 546 ss->indent().print_cr("Stackmap Table:"); 547 Array<u1>* data = method->stackmap_data(); 548 stack_map_table* sm_table = 549 stack_map_table::at((address)data->adr_at(0)); 550 stack_map_frame* sm_frame = sm_table->entries(); 551 streamIndentor si2(ss); 552 int current_offset = -1; 553 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 554 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 555 ss->indent(); 556 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 557 sm_frame->print_truncated(ss, current_offset); 558 return; 559 } 560 sm_frame->print_on(ss, current_offset); 561 ss->cr(); 562 current_offset += sm_frame->offset_delta(); 563 sm_frame = sm_frame->next(); 564 } 565 } 566 } 567 568 // Methods in ClassVerifier 569 570 ClassVerifier::ClassVerifier( 571 InstanceKlass* klass, TRAPS) 572 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 573 _this_type = VerificationType::reference_type(klass->name()); 574 // Create list to hold symbols in reference area. 575 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 576 } 577 578 ClassVerifier::~ClassVerifier() { 579 // Decrement the reference count for any symbols created. 580 for (int i = 0; i < _symbols->length(); i++) { 581 Symbol* s = _symbols->at(i); 582 s->decrement_refcount(); 583 } 584 } 585 586 VerificationType ClassVerifier::object_type() const { 587 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 588 } 589 590 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 591 VerificationType vt = VerificationType::reference_type( 592 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 593 return TypeOrigin::implicit(vt); 594 } 595 596 void ClassVerifier::verify_class(TRAPS) { 597 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 598 599 Array<Method*>* methods = _klass->methods(); 600 int num_methods = methods->length(); 601 602 for (int index = 0; index < num_methods; index++) { 603 // Check for recursive re-verification before each method. 604 if (was_recursively_verified()) return; 605 606 Method* m = methods->at(index); 607 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 608 // If m is native or abstract, skip it. It is checked in class file 609 // parser that methods do not override a final method. Overpass methods 610 // are trusted since the VM generates them. 611 continue; 612 } 613 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 614 } 615 616 if (was_recursively_verified()){ 617 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 618 log_info(class, init)("Recursive verification detected for: %s", 619 _klass->external_name()); 620 } 621 } 622 623 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 624 HandleMark hm(THREAD); 625 _method = m; // initialize _method 626 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 627 628 // For clang, the only good constant format string is a literal constant format string. 629 #define bad_type_msg "Bad type on operand stack in %s" 630 631 int32_t max_stack = m->verifier_max_stack(); 632 int32_t max_locals = m->max_locals(); 633 constantPoolHandle cp(THREAD, m->constants()); 634 635 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 636 class_format_error("Invalid method signature"); 637 return; 638 } 639 640 // Initial stack map frame: offset is 0, stack is initially empty. 641 StackMapFrame current_frame(max_locals, max_stack, this); 642 // Set initial locals 643 VerificationType return_type = current_frame.set_locals_from_arg( 644 m, current_type(), CHECK_VERIFY(this)); 645 646 int32_t stackmap_index = 0; // index to the stackmap array 647 648 u4 code_length = m->code_size(); 649 650 // Scan the bytecode and map each instruction's start offset to a number. 651 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 652 653 int ex_min = code_length; 654 int ex_max = -1; 655 // Look through each item on the exception table. Each of the fields must refer 656 // to a legal instruction. 657 if (was_recursively_verified()) return; 658 verify_exception_handler_table( 659 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 660 661 // Look through each entry on the local variable table and make sure 662 // its range of code array offsets is valid. (4169817) 663 if (m->has_localvariable_table()) { 664 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 665 } 666 667 Array<u1>* stackmap_data = m->stackmap_data(); 668 StackMapStream stream(stackmap_data); 669 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 670 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 671 code_data, code_length, CHECK_VERIFY(this)); 672 673 LogTarget(Info, verification) lt; 674 if (lt.is_enabled()) { 675 ResourceMark rm(THREAD); 676 LogStream ls(lt); 677 stackmap_table.print_on(&ls); 678 } 679 680 RawBytecodeStream bcs(m); 681 682 // Scan the byte code linearly from the start to the end 683 bool no_control_flow = false; // Set to true when there is no direct control 684 // flow from current instruction to the next 685 // instruction in sequence 686 687 Bytecodes::Code opcode; 688 while (!bcs.is_last_bytecode()) { 689 // Check for recursive re-verification before each bytecode. 690 if (was_recursively_verified()) return; 691 692 opcode = bcs.raw_next(); 693 u2 bci = bcs.bci(); 694 695 // Set current frame's offset to bci 696 current_frame.set_offset(bci); 697 current_frame.set_mark(); 698 699 // Make sure every offset in stackmap table point to the beginning to 700 // an instruction. Match current_frame to stackmap_table entry with 701 // the same offset if exists. 702 stackmap_index = verify_stackmap_table( 703 stackmap_index, bci, ¤t_frame, &stackmap_table, 704 no_control_flow, CHECK_VERIFY(this)); 705 706 707 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 708 bool verified_exc_handlers = false; 709 710 // Merge with the next instruction 711 { 712 u2 index; 713 int target; 714 VerificationType type, type2; 715 VerificationType atype; 716 717 LogTarget(Info, verification) lt; 718 if (lt.is_enabled()) { 719 ResourceMark rm(THREAD); 720 LogStream ls(lt); 721 current_frame.print_on(&ls); 722 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 723 } 724 725 // Make sure wide instruction is in correct format 726 if (bcs.is_wide()) { 727 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 728 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 729 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 730 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 731 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 732 opcode != Bytecodes::_dstore) { 733 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 734 * if we encounter a wide instruction that modifies an invalid 735 * opcode (not one of the ones listed above) */ 736 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 737 return; 738 } 739 } 740 741 // Look for possible jump target in exception handlers and see if it 742 // matches current_frame. Do this check here for astore*, dstore*, 743 // fstore*, istore*, and lstore* opcodes because they can change the type 744 // state by adding a local. JVM Spec says that the incoming type state 745 // should be used for this check. So, do the check here before a possible 746 // local is added to the type state. 747 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 748 if (was_recursively_verified()) return; 749 verify_exception_handler_targets( 750 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 751 verified_exc_handlers = true; 752 } 753 754 if (was_recursively_verified()) return; 755 756 switch (opcode) { 757 case Bytecodes::_nop : 758 no_control_flow = false; break; 759 case Bytecodes::_aconst_null : 760 current_frame.push_stack( 761 VerificationType::null_type(), CHECK_VERIFY(this)); 762 no_control_flow = false; break; 763 case Bytecodes::_iconst_m1 : 764 case Bytecodes::_iconst_0 : 765 case Bytecodes::_iconst_1 : 766 case Bytecodes::_iconst_2 : 767 case Bytecodes::_iconst_3 : 768 case Bytecodes::_iconst_4 : 769 case Bytecodes::_iconst_5 : 770 current_frame.push_stack( 771 VerificationType::integer_type(), CHECK_VERIFY(this)); 772 no_control_flow = false; break; 773 case Bytecodes::_lconst_0 : 774 case Bytecodes::_lconst_1 : 775 current_frame.push_stack_2( 776 VerificationType::long_type(), 777 VerificationType::long2_type(), CHECK_VERIFY(this)); 778 no_control_flow = false; break; 779 case Bytecodes::_fconst_0 : 780 case Bytecodes::_fconst_1 : 781 case Bytecodes::_fconst_2 : 782 current_frame.push_stack( 783 VerificationType::float_type(), CHECK_VERIFY(this)); 784 no_control_flow = false; break; 785 case Bytecodes::_dconst_0 : 786 case Bytecodes::_dconst_1 : 787 current_frame.push_stack_2( 788 VerificationType::double_type(), 789 VerificationType::double2_type(), CHECK_VERIFY(this)); 790 no_control_flow = false; break; 791 case Bytecodes::_sipush : 792 case Bytecodes::_bipush : 793 current_frame.push_stack( 794 VerificationType::integer_type(), CHECK_VERIFY(this)); 795 no_control_flow = false; break; 796 case Bytecodes::_ldc : 797 verify_ldc( 798 opcode, bcs.get_index_u1(), ¤t_frame, 799 cp, bci, CHECK_VERIFY(this)); 800 no_control_flow = false; break; 801 case Bytecodes::_ldc_w : 802 case Bytecodes::_ldc2_w : 803 verify_ldc( 804 opcode, bcs.get_index_u2(), ¤t_frame, 805 cp, bci, CHECK_VERIFY(this)); 806 no_control_flow = false; break; 807 case Bytecodes::_iload : 808 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 809 no_control_flow = false; break; 810 case Bytecodes::_iload_0 : 811 case Bytecodes::_iload_1 : 812 case Bytecodes::_iload_2 : 813 case Bytecodes::_iload_3 : 814 index = opcode - Bytecodes::_iload_0; 815 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 816 no_control_flow = false; break; 817 case Bytecodes::_lload : 818 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 819 no_control_flow = false; break; 820 case Bytecodes::_lload_0 : 821 case Bytecodes::_lload_1 : 822 case Bytecodes::_lload_2 : 823 case Bytecodes::_lload_3 : 824 index = opcode - Bytecodes::_lload_0; 825 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 826 no_control_flow = false; break; 827 case Bytecodes::_fload : 828 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 829 no_control_flow = false; break; 830 case Bytecodes::_fload_0 : 831 case Bytecodes::_fload_1 : 832 case Bytecodes::_fload_2 : 833 case Bytecodes::_fload_3 : 834 index = opcode - Bytecodes::_fload_0; 835 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 836 no_control_flow = false; break; 837 case Bytecodes::_dload : 838 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 839 no_control_flow = false; break; 840 case Bytecodes::_dload_0 : 841 case Bytecodes::_dload_1 : 842 case Bytecodes::_dload_2 : 843 case Bytecodes::_dload_3 : 844 index = opcode - Bytecodes::_dload_0; 845 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 846 no_control_flow = false; break; 847 case Bytecodes::_aload : 848 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 849 no_control_flow = false; break; 850 case Bytecodes::_aload_0 : 851 case Bytecodes::_aload_1 : 852 case Bytecodes::_aload_2 : 853 case Bytecodes::_aload_3 : 854 index = opcode - Bytecodes::_aload_0; 855 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 856 no_control_flow = false; break; 857 case Bytecodes::_iaload : 858 type = current_frame.pop_stack( 859 VerificationType::integer_type(), CHECK_VERIFY(this)); 860 atype = current_frame.pop_stack( 861 VerificationType::reference_check(), CHECK_VERIFY(this)); 862 if (!atype.is_int_array()) { 863 verify_error(ErrorContext::bad_type(bci, 864 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 865 bad_type_msg, "iaload"); 866 return; 867 } 868 current_frame.push_stack( 869 VerificationType::integer_type(), CHECK_VERIFY(this)); 870 no_control_flow = false; break; 871 case Bytecodes::_baload : 872 type = current_frame.pop_stack( 873 VerificationType::integer_type(), CHECK_VERIFY(this)); 874 atype = current_frame.pop_stack( 875 VerificationType::reference_check(), CHECK_VERIFY(this)); 876 if (!atype.is_bool_array() && !atype.is_byte_array()) { 877 verify_error( 878 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 879 bad_type_msg, "baload"); 880 return; 881 } 882 current_frame.push_stack( 883 VerificationType::integer_type(), CHECK_VERIFY(this)); 884 no_control_flow = false; break; 885 case Bytecodes::_caload : 886 type = current_frame.pop_stack( 887 VerificationType::integer_type(), CHECK_VERIFY(this)); 888 atype = current_frame.pop_stack( 889 VerificationType::reference_check(), CHECK_VERIFY(this)); 890 if (!atype.is_char_array()) { 891 verify_error(ErrorContext::bad_type(bci, 892 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 893 bad_type_msg, "caload"); 894 return; 895 } 896 current_frame.push_stack( 897 VerificationType::integer_type(), CHECK_VERIFY(this)); 898 no_control_flow = false; break; 899 case Bytecodes::_saload : 900 type = current_frame.pop_stack( 901 VerificationType::integer_type(), CHECK_VERIFY(this)); 902 atype = current_frame.pop_stack( 903 VerificationType::reference_check(), CHECK_VERIFY(this)); 904 if (!atype.is_short_array()) { 905 verify_error(ErrorContext::bad_type(bci, 906 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 907 bad_type_msg, "saload"); 908 return; 909 } 910 current_frame.push_stack( 911 VerificationType::integer_type(), CHECK_VERIFY(this)); 912 no_control_flow = false; break; 913 case Bytecodes::_laload : 914 type = current_frame.pop_stack( 915 VerificationType::integer_type(), CHECK_VERIFY(this)); 916 atype = current_frame.pop_stack( 917 VerificationType::reference_check(), CHECK_VERIFY(this)); 918 if (!atype.is_long_array()) { 919 verify_error(ErrorContext::bad_type(bci, 920 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 921 bad_type_msg, "laload"); 922 return; 923 } 924 current_frame.push_stack_2( 925 VerificationType::long_type(), 926 VerificationType::long2_type(), CHECK_VERIFY(this)); 927 no_control_flow = false; break; 928 case Bytecodes::_faload : 929 type = current_frame.pop_stack( 930 VerificationType::integer_type(), CHECK_VERIFY(this)); 931 atype = current_frame.pop_stack( 932 VerificationType::reference_check(), CHECK_VERIFY(this)); 933 if (!atype.is_float_array()) { 934 verify_error(ErrorContext::bad_type(bci, 935 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 936 bad_type_msg, "faload"); 937 return; 938 } 939 current_frame.push_stack( 940 VerificationType::float_type(), CHECK_VERIFY(this)); 941 no_control_flow = false; break; 942 case Bytecodes::_daload : 943 type = current_frame.pop_stack( 944 VerificationType::integer_type(), CHECK_VERIFY(this)); 945 atype = current_frame.pop_stack( 946 VerificationType::reference_check(), CHECK_VERIFY(this)); 947 if (!atype.is_double_array()) { 948 verify_error(ErrorContext::bad_type(bci, 949 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 950 bad_type_msg, "daload"); 951 return; 952 } 953 current_frame.push_stack_2( 954 VerificationType::double_type(), 955 VerificationType::double2_type(), CHECK_VERIFY(this)); 956 no_control_flow = false; break; 957 case Bytecodes::_aaload : { 958 type = current_frame.pop_stack( 959 VerificationType::integer_type(), CHECK_VERIFY(this)); 960 atype = current_frame.pop_stack( 961 VerificationType::reference_check(), CHECK_VERIFY(this)); 962 if (!atype.is_reference_array()) { 963 verify_error(ErrorContext::bad_type(bci, 964 current_frame.stack_top_ctx(), 965 TypeOrigin::implicit(VerificationType::reference_check())), 966 bad_type_msg, "aaload"); 967 return; 968 } 969 if (atype.is_null()) { 970 current_frame.push_stack( 971 VerificationType::null_type(), CHECK_VERIFY(this)); 972 } else { 973 VerificationType component = 974 atype.get_component(this, CHECK_VERIFY(this)); 975 current_frame.push_stack(component, CHECK_VERIFY(this)); 976 } 977 no_control_flow = false; break; 978 } 979 case Bytecodes::_istore : 980 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 981 no_control_flow = false; break; 982 case Bytecodes::_istore_0 : 983 case Bytecodes::_istore_1 : 984 case Bytecodes::_istore_2 : 985 case Bytecodes::_istore_3 : 986 index = opcode - Bytecodes::_istore_0; 987 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 988 no_control_flow = false; break; 989 case Bytecodes::_lstore : 990 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 991 no_control_flow = false; break; 992 case Bytecodes::_lstore_0 : 993 case Bytecodes::_lstore_1 : 994 case Bytecodes::_lstore_2 : 995 case Bytecodes::_lstore_3 : 996 index = opcode - Bytecodes::_lstore_0; 997 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 998 no_control_flow = false; break; 999 case Bytecodes::_fstore : 1000 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1001 no_control_flow = false; break; 1002 case Bytecodes::_fstore_0 : 1003 case Bytecodes::_fstore_1 : 1004 case Bytecodes::_fstore_2 : 1005 case Bytecodes::_fstore_3 : 1006 index = opcode - Bytecodes::_fstore_0; 1007 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1008 no_control_flow = false; break; 1009 case Bytecodes::_dstore : 1010 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1011 no_control_flow = false; break; 1012 case Bytecodes::_dstore_0 : 1013 case Bytecodes::_dstore_1 : 1014 case Bytecodes::_dstore_2 : 1015 case Bytecodes::_dstore_3 : 1016 index = opcode - Bytecodes::_dstore_0; 1017 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1018 no_control_flow = false; break; 1019 case Bytecodes::_astore : 1020 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1021 no_control_flow = false; break; 1022 case Bytecodes::_astore_0 : 1023 case Bytecodes::_astore_1 : 1024 case Bytecodes::_astore_2 : 1025 case Bytecodes::_astore_3 : 1026 index = opcode - Bytecodes::_astore_0; 1027 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1028 no_control_flow = false; break; 1029 case Bytecodes::_iastore : 1030 type = current_frame.pop_stack( 1031 VerificationType::integer_type(), CHECK_VERIFY(this)); 1032 type2 = current_frame.pop_stack( 1033 VerificationType::integer_type(), CHECK_VERIFY(this)); 1034 atype = current_frame.pop_stack( 1035 VerificationType::reference_check(), CHECK_VERIFY(this)); 1036 if (!atype.is_int_array()) { 1037 verify_error(ErrorContext::bad_type(bci, 1038 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1039 bad_type_msg, "iastore"); 1040 return; 1041 } 1042 no_control_flow = false; break; 1043 case Bytecodes::_bastore : 1044 type = current_frame.pop_stack( 1045 VerificationType::integer_type(), CHECK_VERIFY(this)); 1046 type2 = current_frame.pop_stack( 1047 VerificationType::integer_type(), CHECK_VERIFY(this)); 1048 atype = current_frame.pop_stack( 1049 VerificationType::reference_check(), CHECK_VERIFY(this)); 1050 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1051 verify_error( 1052 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1053 bad_type_msg, "bastore"); 1054 return; 1055 } 1056 no_control_flow = false; break; 1057 case Bytecodes::_castore : 1058 current_frame.pop_stack( 1059 VerificationType::integer_type(), CHECK_VERIFY(this)); 1060 current_frame.pop_stack( 1061 VerificationType::integer_type(), CHECK_VERIFY(this)); 1062 atype = current_frame.pop_stack( 1063 VerificationType::reference_check(), CHECK_VERIFY(this)); 1064 if (!atype.is_char_array()) { 1065 verify_error(ErrorContext::bad_type(bci, 1066 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1067 bad_type_msg, "castore"); 1068 return; 1069 } 1070 no_control_flow = false; break; 1071 case Bytecodes::_sastore : 1072 current_frame.pop_stack( 1073 VerificationType::integer_type(), CHECK_VERIFY(this)); 1074 current_frame.pop_stack( 1075 VerificationType::integer_type(), CHECK_VERIFY(this)); 1076 atype = current_frame.pop_stack( 1077 VerificationType::reference_check(), CHECK_VERIFY(this)); 1078 if (!atype.is_short_array()) { 1079 verify_error(ErrorContext::bad_type(bci, 1080 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1081 bad_type_msg, "sastore"); 1082 return; 1083 } 1084 no_control_flow = false; break; 1085 case Bytecodes::_lastore : 1086 current_frame.pop_stack_2( 1087 VerificationType::long2_type(), 1088 VerificationType::long_type(), CHECK_VERIFY(this)); 1089 current_frame.pop_stack( 1090 VerificationType::integer_type(), CHECK_VERIFY(this)); 1091 atype = current_frame.pop_stack( 1092 VerificationType::reference_check(), CHECK_VERIFY(this)); 1093 if (!atype.is_long_array()) { 1094 verify_error(ErrorContext::bad_type(bci, 1095 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1096 bad_type_msg, "lastore"); 1097 return; 1098 } 1099 no_control_flow = false; break; 1100 case Bytecodes::_fastore : 1101 current_frame.pop_stack( 1102 VerificationType::float_type(), CHECK_VERIFY(this)); 1103 current_frame.pop_stack 1104 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1105 atype = current_frame.pop_stack( 1106 VerificationType::reference_check(), CHECK_VERIFY(this)); 1107 if (!atype.is_float_array()) { 1108 verify_error(ErrorContext::bad_type(bci, 1109 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1110 bad_type_msg, "fastore"); 1111 return; 1112 } 1113 no_control_flow = false; break; 1114 case Bytecodes::_dastore : 1115 current_frame.pop_stack_2( 1116 VerificationType::double2_type(), 1117 VerificationType::double_type(), CHECK_VERIFY(this)); 1118 current_frame.pop_stack( 1119 VerificationType::integer_type(), CHECK_VERIFY(this)); 1120 atype = current_frame.pop_stack( 1121 VerificationType::reference_check(), CHECK_VERIFY(this)); 1122 if (!atype.is_double_array()) { 1123 verify_error(ErrorContext::bad_type(bci, 1124 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1125 bad_type_msg, "dastore"); 1126 return; 1127 } 1128 no_control_flow = false; break; 1129 case Bytecodes::_aastore : 1130 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1131 type2 = current_frame.pop_stack( 1132 VerificationType::integer_type(), CHECK_VERIFY(this)); 1133 atype = current_frame.pop_stack( 1134 VerificationType::reference_check(), CHECK_VERIFY(this)); 1135 // more type-checking is done at runtime 1136 if (!atype.is_reference_array()) { 1137 verify_error(ErrorContext::bad_type(bci, 1138 current_frame.stack_top_ctx(), 1139 TypeOrigin::implicit(VerificationType::reference_check())), 1140 bad_type_msg, "aastore"); 1141 return; 1142 } 1143 // 4938384: relaxed constraint in JVMS 3nd edition. 1144 no_control_flow = false; break; 1145 case Bytecodes::_pop : 1146 current_frame.pop_stack( 1147 VerificationType::category1_check(), CHECK_VERIFY(this)); 1148 no_control_flow = false; break; 1149 case Bytecodes::_pop2 : 1150 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1151 if (type.is_category1()) { 1152 current_frame.pop_stack( 1153 VerificationType::category1_check(), CHECK_VERIFY(this)); 1154 } else if (type.is_category2_2nd()) { 1155 current_frame.pop_stack( 1156 VerificationType::category2_check(), CHECK_VERIFY(this)); 1157 } else { 1158 /* Unreachable? Would need a category2_1st on TOS 1159 * which does not appear possible. */ 1160 verify_error( 1161 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1162 bad_type_msg, "pop2"); 1163 return; 1164 } 1165 no_control_flow = false; break; 1166 case Bytecodes::_dup : 1167 type = current_frame.pop_stack( 1168 VerificationType::category1_check(), CHECK_VERIFY(this)); 1169 current_frame.push_stack(type, CHECK_VERIFY(this)); 1170 current_frame.push_stack(type, CHECK_VERIFY(this)); 1171 no_control_flow = false; break; 1172 case Bytecodes::_dup_x1 : 1173 type = current_frame.pop_stack( 1174 VerificationType::category1_check(), CHECK_VERIFY(this)); 1175 type2 = current_frame.pop_stack( 1176 VerificationType::category1_check(), CHECK_VERIFY(this)); 1177 current_frame.push_stack(type, CHECK_VERIFY(this)); 1178 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1179 current_frame.push_stack(type, CHECK_VERIFY(this)); 1180 no_control_flow = false; break; 1181 case Bytecodes::_dup_x2 : 1182 { 1183 VerificationType type3; 1184 type = current_frame.pop_stack( 1185 VerificationType::category1_check(), CHECK_VERIFY(this)); 1186 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1187 if (type2.is_category1()) { 1188 type3 = current_frame.pop_stack( 1189 VerificationType::category1_check(), CHECK_VERIFY(this)); 1190 } else if (type2.is_category2_2nd()) { 1191 type3 = current_frame.pop_stack( 1192 VerificationType::category2_check(), CHECK_VERIFY(this)); 1193 } else { 1194 /* Unreachable? Would need a category2_1st at stack depth 2 with 1195 * a category1 on TOS which does not appear possible. */ 1196 verify_error(ErrorContext::bad_type( 1197 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1198 return; 1199 } 1200 current_frame.push_stack(type, CHECK_VERIFY(this)); 1201 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1202 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1203 current_frame.push_stack(type, CHECK_VERIFY(this)); 1204 no_control_flow = false; break; 1205 } 1206 case Bytecodes::_dup2 : 1207 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1208 if (type.is_category1()) { 1209 type2 = current_frame.pop_stack( 1210 VerificationType::category1_check(), CHECK_VERIFY(this)); 1211 } else if (type.is_category2_2nd()) { 1212 type2 = current_frame.pop_stack( 1213 VerificationType::category2_check(), CHECK_VERIFY(this)); 1214 } else { 1215 /* Unreachable? Would need a category2_1st on TOS which does not 1216 * appear possible. */ 1217 verify_error( 1218 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1219 bad_type_msg, "dup2"); 1220 return; 1221 } 1222 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1223 current_frame.push_stack(type, CHECK_VERIFY(this)); 1224 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1225 current_frame.push_stack(type, CHECK_VERIFY(this)); 1226 no_control_flow = false; break; 1227 case Bytecodes::_dup2_x1 : 1228 { 1229 VerificationType type3; 1230 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1231 if (type.is_category1()) { 1232 type2 = current_frame.pop_stack( 1233 VerificationType::category1_check(), CHECK_VERIFY(this)); 1234 } else if (type.is_category2_2nd()) { 1235 type2 = current_frame.pop_stack( 1236 VerificationType::category2_check(), CHECK_VERIFY(this)); 1237 } else { 1238 /* Unreachable? Would need a category2_1st on TOS which does 1239 * not appear possible. */ 1240 verify_error( 1241 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1242 bad_type_msg, "dup2_x1"); 1243 return; 1244 } 1245 type3 = current_frame.pop_stack( 1246 VerificationType::category1_check(), CHECK_VERIFY(this)); 1247 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1248 current_frame.push_stack(type, CHECK_VERIFY(this)); 1249 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1250 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1251 current_frame.push_stack(type, CHECK_VERIFY(this)); 1252 no_control_flow = false; break; 1253 } 1254 case Bytecodes::_dup2_x2 : 1255 { 1256 VerificationType type3, type4; 1257 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1258 if (type.is_category1()) { 1259 type2 = current_frame.pop_stack( 1260 VerificationType::category1_check(), CHECK_VERIFY(this)); 1261 } else if (type.is_category2_2nd()) { 1262 type2 = current_frame.pop_stack( 1263 VerificationType::category2_check(), CHECK_VERIFY(this)); 1264 } else { 1265 /* Unreachable? Would need a category2_1st on TOS which does 1266 * not appear possible. */ 1267 verify_error( 1268 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1269 bad_type_msg, "dup2_x2"); 1270 return; 1271 } 1272 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1273 if (type3.is_category1()) { 1274 type4 = current_frame.pop_stack( 1275 VerificationType::category1_check(), CHECK_VERIFY(this)); 1276 } else if (type3.is_category2_2nd()) { 1277 type4 = current_frame.pop_stack( 1278 VerificationType::category2_check(), CHECK_VERIFY(this)); 1279 } else { 1280 /* Unreachable? Would need a category2_1st on TOS after popping 1281 * a long/double or two category 1's, which does not 1282 * appear possible. */ 1283 verify_error( 1284 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1285 bad_type_msg, "dup2_x2"); 1286 return; 1287 } 1288 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1289 current_frame.push_stack(type, CHECK_VERIFY(this)); 1290 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1291 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type, CHECK_VERIFY(this)); 1294 no_control_flow = false; break; 1295 } 1296 case Bytecodes::_swap : 1297 type = current_frame.pop_stack( 1298 VerificationType::category1_check(), CHECK_VERIFY(this)); 1299 type2 = current_frame.pop_stack( 1300 VerificationType::category1_check(), CHECK_VERIFY(this)); 1301 current_frame.push_stack(type, CHECK_VERIFY(this)); 1302 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1303 no_control_flow = false; break; 1304 case Bytecodes::_iadd : 1305 case Bytecodes::_isub : 1306 case Bytecodes::_imul : 1307 case Bytecodes::_idiv : 1308 case Bytecodes::_irem : 1309 case Bytecodes::_ishl : 1310 case Bytecodes::_ishr : 1311 case Bytecodes::_iushr : 1312 case Bytecodes::_ior : 1313 case Bytecodes::_ixor : 1314 case Bytecodes::_iand : 1315 current_frame.pop_stack( 1316 VerificationType::integer_type(), CHECK_VERIFY(this)); 1317 // fall through 1318 case Bytecodes::_ineg : 1319 current_frame.pop_stack( 1320 VerificationType::integer_type(), CHECK_VERIFY(this)); 1321 current_frame.push_stack( 1322 VerificationType::integer_type(), CHECK_VERIFY(this)); 1323 no_control_flow = false; break; 1324 case Bytecodes::_ladd : 1325 case Bytecodes::_lsub : 1326 case Bytecodes::_lmul : 1327 case Bytecodes::_ldiv : 1328 case Bytecodes::_lrem : 1329 case Bytecodes::_land : 1330 case Bytecodes::_lor : 1331 case Bytecodes::_lxor : 1332 current_frame.pop_stack_2( 1333 VerificationType::long2_type(), 1334 VerificationType::long_type(), CHECK_VERIFY(this)); 1335 // fall through 1336 case Bytecodes::_lneg : 1337 current_frame.pop_stack_2( 1338 VerificationType::long2_type(), 1339 VerificationType::long_type(), CHECK_VERIFY(this)); 1340 current_frame.push_stack_2( 1341 VerificationType::long_type(), 1342 VerificationType::long2_type(), CHECK_VERIFY(this)); 1343 no_control_flow = false; break; 1344 case Bytecodes::_lshl : 1345 case Bytecodes::_lshr : 1346 case Bytecodes::_lushr : 1347 current_frame.pop_stack( 1348 VerificationType::integer_type(), CHECK_VERIFY(this)); 1349 current_frame.pop_stack_2( 1350 VerificationType::long2_type(), 1351 VerificationType::long_type(), CHECK_VERIFY(this)); 1352 current_frame.push_stack_2( 1353 VerificationType::long_type(), 1354 VerificationType::long2_type(), CHECK_VERIFY(this)); 1355 no_control_flow = false; break; 1356 case Bytecodes::_fadd : 1357 case Bytecodes::_fsub : 1358 case Bytecodes::_fmul : 1359 case Bytecodes::_fdiv : 1360 case Bytecodes::_frem : 1361 current_frame.pop_stack( 1362 VerificationType::float_type(), CHECK_VERIFY(this)); 1363 // fall through 1364 case Bytecodes::_fneg : 1365 current_frame.pop_stack( 1366 VerificationType::float_type(), CHECK_VERIFY(this)); 1367 current_frame.push_stack( 1368 VerificationType::float_type(), CHECK_VERIFY(this)); 1369 no_control_flow = false; break; 1370 case Bytecodes::_dadd : 1371 case Bytecodes::_dsub : 1372 case Bytecodes::_dmul : 1373 case Bytecodes::_ddiv : 1374 case Bytecodes::_drem : 1375 current_frame.pop_stack_2( 1376 VerificationType::double2_type(), 1377 VerificationType::double_type(), CHECK_VERIFY(this)); 1378 // fall through 1379 case Bytecodes::_dneg : 1380 current_frame.pop_stack_2( 1381 VerificationType::double2_type(), 1382 VerificationType::double_type(), CHECK_VERIFY(this)); 1383 current_frame.push_stack_2( 1384 VerificationType::double_type(), 1385 VerificationType::double2_type(), CHECK_VERIFY(this)); 1386 no_control_flow = false; break; 1387 case Bytecodes::_iinc : 1388 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1389 no_control_flow = false; break; 1390 case Bytecodes::_i2l : 1391 type = current_frame.pop_stack( 1392 VerificationType::integer_type(), CHECK_VERIFY(this)); 1393 current_frame.push_stack_2( 1394 VerificationType::long_type(), 1395 VerificationType::long2_type(), CHECK_VERIFY(this)); 1396 no_control_flow = false; break; 1397 case Bytecodes::_l2i : 1398 current_frame.pop_stack_2( 1399 VerificationType::long2_type(), 1400 VerificationType::long_type(), CHECK_VERIFY(this)); 1401 current_frame.push_stack( 1402 VerificationType::integer_type(), CHECK_VERIFY(this)); 1403 no_control_flow = false; break; 1404 case Bytecodes::_i2f : 1405 current_frame.pop_stack( 1406 VerificationType::integer_type(), CHECK_VERIFY(this)); 1407 current_frame.push_stack( 1408 VerificationType::float_type(), CHECK_VERIFY(this)); 1409 no_control_flow = false; break; 1410 case Bytecodes::_i2d : 1411 current_frame.pop_stack( 1412 VerificationType::integer_type(), CHECK_VERIFY(this)); 1413 current_frame.push_stack_2( 1414 VerificationType::double_type(), 1415 VerificationType::double2_type(), CHECK_VERIFY(this)); 1416 no_control_flow = false; break; 1417 case Bytecodes::_l2f : 1418 current_frame.pop_stack_2( 1419 VerificationType::long2_type(), 1420 VerificationType::long_type(), CHECK_VERIFY(this)); 1421 current_frame.push_stack( 1422 VerificationType::float_type(), CHECK_VERIFY(this)); 1423 no_control_flow = false; break; 1424 case Bytecodes::_l2d : 1425 current_frame.pop_stack_2( 1426 VerificationType::long2_type(), 1427 VerificationType::long_type(), CHECK_VERIFY(this)); 1428 current_frame.push_stack_2( 1429 VerificationType::double_type(), 1430 VerificationType::double2_type(), CHECK_VERIFY(this)); 1431 no_control_flow = false; break; 1432 case Bytecodes::_f2i : 1433 current_frame.pop_stack( 1434 VerificationType::float_type(), CHECK_VERIFY(this)); 1435 current_frame.push_stack( 1436 VerificationType::integer_type(), CHECK_VERIFY(this)); 1437 no_control_flow = false; break; 1438 case Bytecodes::_f2l : 1439 current_frame.pop_stack( 1440 VerificationType::float_type(), CHECK_VERIFY(this)); 1441 current_frame.push_stack_2( 1442 VerificationType::long_type(), 1443 VerificationType::long2_type(), CHECK_VERIFY(this)); 1444 no_control_flow = false; break; 1445 case Bytecodes::_f2d : 1446 current_frame.pop_stack( 1447 VerificationType::float_type(), CHECK_VERIFY(this)); 1448 current_frame.push_stack_2( 1449 VerificationType::double_type(), 1450 VerificationType::double2_type(), CHECK_VERIFY(this)); 1451 no_control_flow = false; break; 1452 case Bytecodes::_d2i : 1453 current_frame.pop_stack_2( 1454 VerificationType::double2_type(), 1455 VerificationType::double_type(), CHECK_VERIFY(this)); 1456 current_frame.push_stack( 1457 VerificationType::integer_type(), CHECK_VERIFY(this)); 1458 no_control_flow = false; break; 1459 case Bytecodes::_d2l : 1460 current_frame.pop_stack_2( 1461 VerificationType::double2_type(), 1462 VerificationType::double_type(), CHECK_VERIFY(this)); 1463 current_frame.push_stack_2( 1464 VerificationType::long_type(), 1465 VerificationType::long2_type(), CHECK_VERIFY(this)); 1466 no_control_flow = false; break; 1467 case Bytecodes::_d2f : 1468 current_frame.pop_stack_2( 1469 VerificationType::double2_type(), 1470 VerificationType::double_type(), CHECK_VERIFY(this)); 1471 current_frame.push_stack( 1472 VerificationType::float_type(), CHECK_VERIFY(this)); 1473 no_control_flow = false; break; 1474 case Bytecodes::_i2b : 1475 case Bytecodes::_i2c : 1476 case Bytecodes::_i2s : 1477 current_frame.pop_stack( 1478 VerificationType::integer_type(), CHECK_VERIFY(this)); 1479 current_frame.push_stack( 1480 VerificationType::integer_type(), CHECK_VERIFY(this)); 1481 no_control_flow = false; break; 1482 case Bytecodes::_lcmp : 1483 current_frame.pop_stack_2( 1484 VerificationType::long2_type(), 1485 VerificationType::long_type(), CHECK_VERIFY(this)); 1486 current_frame.pop_stack_2( 1487 VerificationType::long2_type(), 1488 VerificationType::long_type(), CHECK_VERIFY(this)); 1489 current_frame.push_stack( 1490 VerificationType::integer_type(), CHECK_VERIFY(this)); 1491 no_control_flow = false; break; 1492 case Bytecodes::_fcmpl : 1493 case Bytecodes::_fcmpg : 1494 current_frame.pop_stack( 1495 VerificationType::float_type(), CHECK_VERIFY(this)); 1496 current_frame.pop_stack( 1497 VerificationType::float_type(), CHECK_VERIFY(this)); 1498 current_frame.push_stack( 1499 VerificationType::integer_type(), CHECK_VERIFY(this)); 1500 no_control_flow = false; break; 1501 case Bytecodes::_dcmpl : 1502 case Bytecodes::_dcmpg : 1503 current_frame.pop_stack_2( 1504 VerificationType::double2_type(), 1505 VerificationType::double_type(), CHECK_VERIFY(this)); 1506 current_frame.pop_stack_2( 1507 VerificationType::double2_type(), 1508 VerificationType::double_type(), CHECK_VERIFY(this)); 1509 current_frame.push_stack( 1510 VerificationType::integer_type(), CHECK_VERIFY(this)); 1511 no_control_flow = false; break; 1512 case Bytecodes::_if_icmpeq: 1513 case Bytecodes::_if_icmpne: 1514 case Bytecodes::_if_icmplt: 1515 case Bytecodes::_if_icmpge: 1516 case Bytecodes::_if_icmpgt: 1517 case Bytecodes::_if_icmple: 1518 current_frame.pop_stack( 1519 VerificationType::integer_type(), CHECK_VERIFY(this)); 1520 // fall through 1521 case Bytecodes::_ifeq: 1522 case Bytecodes::_ifne: 1523 case Bytecodes::_iflt: 1524 case Bytecodes::_ifge: 1525 case Bytecodes::_ifgt: 1526 case Bytecodes::_ifle: 1527 current_frame.pop_stack( 1528 VerificationType::integer_type(), CHECK_VERIFY(this)); 1529 target = bcs.dest(); 1530 stackmap_table.check_jump_target( 1531 ¤t_frame, target, CHECK_VERIFY(this)); 1532 no_control_flow = false; break; 1533 case Bytecodes::_if_acmpeq : 1534 case Bytecodes::_if_acmpne : 1535 current_frame.pop_stack( 1536 VerificationType::reference_check(), CHECK_VERIFY(this)); 1537 // fall through 1538 case Bytecodes::_ifnull : 1539 case Bytecodes::_ifnonnull : 1540 current_frame.pop_stack( 1541 VerificationType::reference_check(), CHECK_VERIFY(this)); 1542 target = bcs.dest(); 1543 stackmap_table.check_jump_target 1544 (¤t_frame, target, CHECK_VERIFY(this)); 1545 no_control_flow = false; break; 1546 case Bytecodes::_goto : 1547 target = bcs.dest(); 1548 stackmap_table.check_jump_target( 1549 ¤t_frame, target, CHECK_VERIFY(this)); 1550 no_control_flow = true; break; 1551 case Bytecodes::_goto_w : 1552 target = bcs.dest_w(); 1553 stackmap_table.check_jump_target( 1554 ¤t_frame, target, CHECK_VERIFY(this)); 1555 no_control_flow = true; break; 1556 case Bytecodes::_tableswitch : 1557 case Bytecodes::_lookupswitch : 1558 verify_switch( 1559 &bcs, code_length, code_data, ¤t_frame, 1560 &stackmap_table, CHECK_VERIFY(this)); 1561 no_control_flow = true; break; 1562 case Bytecodes::_ireturn : 1563 type = current_frame.pop_stack( 1564 VerificationType::integer_type(), CHECK_VERIFY(this)); 1565 verify_return_value(return_type, type, bci, 1566 ¤t_frame, CHECK_VERIFY(this)); 1567 no_control_flow = true; break; 1568 case Bytecodes::_lreturn : 1569 type2 = current_frame.pop_stack( 1570 VerificationType::long2_type(), CHECK_VERIFY(this)); 1571 type = current_frame.pop_stack( 1572 VerificationType::long_type(), CHECK_VERIFY(this)); 1573 verify_return_value(return_type, type, bci, 1574 ¤t_frame, CHECK_VERIFY(this)); 1575 no_control_flow = true; break; 1576 case Bytecodes::_freturn : 1577 type = current_frame.pop_stack( 1578 VerificationType::float_type(), CHECK_VERIFY(this)); 1579 verify_return_value(return_type, type, bci, 1580 ¤t_frame, CHECK_VERIFY(this)); 1581 no_control_flow = true; break; 1582 case Bytecodes::_dreturn : 1583 type2 = current_frame.pop_stack( 1584 VerificationType::double2_type(), CHECK_VERIFY(this)); 1585 type = current_frame.pop_stack( 1586 VerificationType::double_type(), CHECK_VERIFY(this)); 1587 verify_return_value(return_type, type, bci, 1588 ¤t_frame, CHECK_VERIFY(this)); 1589 no_control_flow = true; break; 1590 case Bytecodes::_areturn : 1591 type = current_frame.pop_stack( 1592 VerificationType::reference_check(), CHECK_VERIFY(this)); 1593 verify_return_value(return_type, type, bci, 1594 ¤t_frame, CHECK_VERIFY(this)); 1595 no_control_flow = true; break; 1596 case Bytecodes::_return : 1597 if (return_type != VerificationType::bogus_type()) { 1598 verify_error(ErrorContext::bad_code(bci), 1599 "Method expects a return value"); 1600 return; 1601 } 1602 // Make sure "this" has been initialized if current method is an 1603 // <init>. 1604 if (_method->name() == vmSymbols::object_initializer_name() && 1605 current_frame.flag_this_uninit()) { 1606 verify_error(ErrorContext::bad_code(bci), 1607 "Constructor must call super() or this() " 1608 "before return"); 1609 return; 1610 } 1611 no_control_flow = true; break; 1612 case Bytecodes::_getstatic : 1613 case Bytecodes::_putstatic : 1614 // pass TRUE, operand can be an array type for getstatic/putstatic. 1615 verify_field_instructions( 1616 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1617 no_control_flow = false; break; 1618 case Bytecodes::_getfield : 1619 case Bytecodes::_putfield : 1620 // pass FALSE, operand can't be an array type for getfield/putfield. 1621 verify_field_instructions( 1622 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1623 no_control_flow = false; break; 1624 case Bytecodes::_invokevirtual : 1625 case Bytecodes::_invokespecial : 1626 case Bytecodes::_invokestatic : 1627 verify_invoke_instructions( 1628 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1629 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1630 no_control_flow = false; break; 1631 case Bytecodes::_invokeinterface : 1632 case Bytecodes::_invokedynamic : 1633 verify_invoke_instructions( 1634 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1635 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1636 no_control_flow = false; break; 1637 case Bytecodes::_new : 1638 { 1639 index = bcs.get_index_u2(); 1640 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1641 VerificationType new_class_type = 1642 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1643 if (!new_class_type.is_object()) { 1644 verify_error(ErrorContext::bad_type(bci, 1645 TypeOrigin::cp(index, new_class_type)), 1646 "Illegal new instruction"); 1647 return; 1648 } 1649 type = VerificationType::uninitialized_type(bci); 1650 current_frame.push_stack(type, CHECK_VERIFY(this)); 1651 no_control_flow = false; break; 1652 } 1653 case Bytecodes::_newarray : 1654 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1655 current_frame.pop_stack( 1656 VerificationType::integer_type(), CHECK_VERIFY(this)); 1657 current_frame.push_stack(type, CHECK_VERIFY(this)); 1658 no_control_flow = false; break; 1659 case Bytecodes::_anewarray : 1660 verify_anewarray( 1661 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1662 no_control_flow = false; break; 1663 case Bytecodes::_arraylength : 1664 type = current_frame.pop_stack( 1665 VerificationType::reference_check(), CHECK_VERIFY(this)); 1666 if (!(type.is_null() || type.is_array())) { 1667 verify_error(ErrorContext::bad_type( 1668 bci, current_frame.stack_top_ctx()), 1669 bad_type_msg, "arraylength"); 1670 } 1671 current_frame.push_stack( 1672 VerificationType::integer_type(), CHECK_VERIFY(this)); 1673 no_control_flow = false; break; 1674 case Bytecodes::_checkcast : 1675 { 1676 index = bcs.get_index_u2(); 1677 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1678 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1679 VerificationType klass_type = cp_index_to_type( 1680 index, cp, CHECK_VERIFY(this)); 1681 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1682 no_control_flow = false; break; 1683 } 1684 case Bytecodes::_instanceof : { 1685 index = bcs.get_index_u2(); 1686 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1687 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1688 current_frame.push_stack( 1689 VerificationType::integer_type(), CHECK_VERIFY(this)); 1690 no_control_flow = false; break; 1691 } 1692 case Bytecodes::_monitorenter : 1693 case Bytecodes::_monitorexit : 1694 current_frame.pop_stack( 1695 VerificationType::reference_check(), CHECK_VERIFY(this)); 1696 no_control_flow = false; break; 1697 case Bytecodes::_multianewarray : 1698 { 1699 index = bcs.get_index_u2(); 1700 u2 dim = *(bcs.bcp()+3); 1701 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1702 VerificationType new_array_type = 1703 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1704 if (!new_array_type.is_array()) { 1705 verify_error(ErrorContext::bad_type(bci, 1706 TypeOrigin::cp(index, new_array_type)), 1707 "Illegal constant pool index in multianewarray instruction"); 1708 return; 1709 } 1710 if (dim < 1 || new_array_type.dimensions() < dim) { 1711 verify_error(ErrorContext::bad_code(bci), 1712 "Illegal dimension in multianewarray instruction: %d", dim); 1713 return; 1714 } 1715 for (int i = 0; i < dim; i++) { 1716 current_frame.pop_stack( 1717 VerificationType::integer_type(), CHECK_VERIFY(this)); 1718 } 1719 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1720 no_control_flow = false; break; 1721 } 1722 case Bytecodes::_athrow : 1723 type = VerificationType::reference_type( 1724 vmSymbols::java_lang_Throwable()); 1725 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1726 no_control_flow = true; break; 1727 default: 1728 // We only need to check the valid bytecodes in class file. 1729 // And jsr and ret are not in the new class file format in JDK1.5. 1730 verify_error(ErrorContext::bad_code(bci), 1731 "Bad instruction: %02x", opcode); 1732 no_control_flow = false; 1733 return; 1734 } // end switch 1735 } // end Merge with the next instruction 1736 1737 // Look for possible jump target in exception handlers and see if it matches 1738 // current_frame. Don't do this check if it has already been done (for 1739 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1740 // opcodes, such as invokespecial, may set the this_uninit flag. 1741 assert(!(verified_exc_handlers && this_uninit), 1742 "Exception handler targets got verified before this_uninit got set"); 1743 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1744 if (was_recursively_verified()) return; 1745 verify_exception_handler_targets( 1746 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1747 } 1748 } // end while 1749 1750 // Make sure that control flow does not fall through end of the method 1751 if (!no_control_flow) { 1752 verify_error(ErrorContext::bad_code(code_length), 1753 "Control flow falls through code end"); 1754 return; 1755 } 1756 } 1757 1758 #undef bad_type_message 1759 1760 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1761 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1762 memset(code_data, 0, sizeof(char) * code_length); 1763 RawBytecodeStream bcs(m); 1764 1765 while (!bcs.is_last_bytecode()) { 1766 if (bcs.raw_next() != Bytecodes::_illegal) { 1767 int bci = bcs.bci(); 1768 if (bcs.raw_code() == Bytecodes::_new) { 1769 code_data[bci] = NEW_OFFSET; 1770 } else { 1771 code_data[bci] = BYTECODE_OFFSET; 1772 } 1773 } else { 1774 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1775 return NULL; 1776 } 1777 } 1778 1779 return code_data; 1780 } 1781 1782 // Since this method references the constant pool, call was_recursively_verified() 1783 // before calling this method to make sure a prior class load did not cause the 1784 // current class to get verified. 1785 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1786 ExceptionTable exhandlers(_method()); 1787 int exlength = exhandlers.length(); 1788 constantPoolHandle cp (THREAD, _method->constants()); 1789 1790 for(int i = 0; i < exlength; i++) { 1791 u2 start_pc = exhandlers.start_pc(i); 1792 u2 end_pc = exhandlers.end_pc(i); 1793 u2 handler_pc = exhandlers.handler_pc(i); 1794 if (start_pc >= code_length || code_data[start_pc] == 0) { 1795 class_format_error("Illegal exception table start_pc %d", start_pc); 1796 return; 1797 } 1798 if (end_pc != code_length) { // special case: end_pc == code_length 1799 if (end_pc > code_length || code_data[end_pc] == 0) { 1800 class_format_error("Illegal exception table end_pc %d", end_pc); 1801 return; 1802 } 1803 } 1804 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1805 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1806 return; 1807 } 1808 int catch_type_index = exhandlers.catch_type_index(i); 1809 if (catch_type_index != 0) { 1810 VerificationType catch_type = cp_index_to_type( 1811 catch_type_index, cp, CHECK_VERIFY(this)); 1812 VerificationType throwable = 1813 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1814 bool is_subclass = throwable.is_assignable_from( 1815 catch_type, this, false, CHECK_VERIFY(this)); 1816 if (!is_subclass) { 1817 // 4286534: should throw VerifyError according to recent spec change 1818 verify_error(ErrorContext::bad_type(handler_pc, 1819 TypeOrigin::cp(catch_type_index, catch_type), 1820 TypeOrigin::implicit(throwable)), 1821 "Catch type is not a subclass " 1822 "of Throwable in exception handler %d", handler_pc); 1823 return; 1824 } 1825 } 1826 if (start_pc < min) min = start_pc; 1827 if (end_pc > max) max = end_pc; 1828 } 1829 } 1830 1831 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1832 int localvariable_table_length = _method->localvariable_table_length(); 1833 if (localvariable_table_length > 0) { 1834 LocalVariableTableElement* table = _method->localvariable_table_start(); 1835 for (int i = 0; i < localvariable_table_length; i++) { 1836 u2 start_bci = table[i].start_bci; 1837 u2 length = table[i].length; 1838 1839 if (start_bci >= code_length || code_data[start_bci] == 0) { 1840 class_format_error( 1841 "Illegal local variable table start_pc %d", start_bci); 1842 return; 1843 } 1844 u4 end_bci = (u4)(start_bci + length); 1845 if (end_bci != code_length) { 1846 if (end_bci >= code_length || code_data[end_bci] == 0) { 1847 class_format_error( "Illegal local variable table length %d", length); 1848 return; 1849 } 1850 } 1851 } 1852 } 1853 } 1854 1855 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1856 StackMapFrame* current_frame, 1857 StackMapTable* stackmap_table, 1858 bool no_control_flow, TRAPS) { 1859 if (stackmap_index < stackmap_table->get_frame_count()) { 1860 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1861 if (no_control_flow && this_offset > bci) { 1862 verify_error(ErrorContext::missing_stackmap(bci), 1863 "Expecting a stack map frame"); 1864 return 0; 1865 } 1866 if (this_offset == bci) { 1867 ErrorContext ctx; 1868 // See if current stack map can be assigned to the frame in table. 1869 // current_frame is the stackmap frame got from the last instruction. 1870 // If matched, current_frame will be updated by this method. 1871 bool matches = stackmap_table->match_stackmap( 1872 current_frame, this_offset, stackmap_index, 1873 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1874 if (!matches) { 1875 // report type error 1876 verify_error(ctx, "Instruction type does not match stack map"); 1877 return 0; 1878 } 1879 stackmap_index++; 1880 } else if (this_offset < bci) { 1881 // current_offset should have met this_offset. 1882 class_format_error("Bad stack map offset %d", this_offset); 1883 return 0; 1884 } 1885 } else if (no_control_flow) { 1886 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1887 return 0; 1888 } 1889 return stackmap_index; 1890 } 1891 1892 // Since this method references the constant pool, call was_recursively_verified() 1893 // before calling this method to make sure a prior class load did not cause the 1894 // current class to get verified. 1895 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1896 StackMapFrame* current_frame, 1897 StackMapTable* stackmap_table, TRAPS) { 1898 constantPoolHandle cp (THREAD, _method->constants()); 1899 ExceptionTable exhandlers(_method()); 1900 int exlength = exhandlers.length(); 1901 for(int i = 0; i < exlength; i++) { 1902 u2 start_pc = exhandlers.start_pc(i); 1903 u2 end_pc = exhandlers.end_pc(i); 1904 u2 handler_pc = exhandlers.handler_pc(i); 1905 int catch_type_index = exhandlers.catch_type_index(i); 1906 if(bci >= start_pc && bci < end_pc) { 1907 u1 flags = current_frame->flags(); 1908 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1909 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1910 if (catch_type_index != 0) { 1911 if (was_recursively_verified()) return; 1912 // We know that this index refers to a subclass of Throwable 1913 VerificationType catch_type = cp_index_to_type( 1914 catch_type_index, cp, CHECK_VERIFY(this)); 1915 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1916 } else { 1917 VerificationType throwable = 1918 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1919 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1920 } 1921 ErrorContext ctx; 1922 bool matches = stackmap_table->match_stackmap( 1923 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1924 if (!matches) { 1925 verify_error(ctx, "Stack map does not match the one at " 1926 "exception handler %d", handler_pc); 1927 return; 1928 } 1929 } 1930 } 1931 } 1932 1933 void ClassVerifier::verify_cp_index( 1934 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 1935 int nconstants = cp->length(); 1936 if ((index <= 0) || (index >= nconstants)) { 1937 verify_error(ErrorContext::bad_cp_index(bci, index), 1938 "Illegal constant pool index %d in class %s", 1939 index, cp->pool_holder()->external_name()); 1940 return; 1941 } 1942 } 1943 1944 void ClassVerifier::verify_cp_type( 1945 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 1946 1947 // In some situations, bytecode rewriting may occur while we're verifying. 1948 // In this case, a constant pool cache exists and some indices refer to that 1949 // instead. Be sure we don't pick up such indices by accident. 1950 // We must check was_recursively_verified() before we get here. 1951 guarantee(cp->cache() == NULL, "not rewritten yet"); 1952 1953 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1954 unsigned int tag = cp->tag_at(index).value(); 1955 if ((types & (1 << tag)) == 0) { 1956 verify_error(ErrorContext::bad_cp_index(bci, index), 1957 "Illegal type at constant pool entry %d in class %s", 1958 index, cp->pool_holder()->external_name()); 1959 return; 1960 } 1961 } 1962 1963 void ClassVerifier::verify_cp_class_type( 1964 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 1965 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1966 constantTag tag = cp->tag_at(index); 1967 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1968 verify_error(ErrorContext::bad_cp_index(bci, index), 1969 "Illegal type at constant pool entry %d in class %s", 1970 index, cp->pool_holder()->external_name()); 1971 return; 1972 } 1973 } 1974 1975 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1976 stringStream ss; 1977 1978 ctx.reset_frames(); 1979 _exception_type = vmSymbols::java_lang_VerifyError(); 1980 _error_context = ctx; 1981 va_list va; 1982 va_start(va, msg); 1983 ss.vprint(msg, va); 1984 va_end(va); 1985 _message = ss.as_string(); 1986 #ifdef ASSERT 1987 ResourceMark rm; 1988 const char* exception_name = _exception_type->as_C_string(); 1989 Exceptions::debug_check_abort(exception_name, NULL); 1990 #endif // ndef ASSERT 1991 } 1992 1993 void ClassVerifier::class_format_error(const char* msg, ...) { 1994 stringStream ss; 1995 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1996 va_list va; 1997 va_start(va, msg); 1998 ss.vprint(msg, va); 1999 va_end(va); 2000 if (!_method.is_null()) { 2001 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2002 } 2003 _message = ss.as_string(); 2004 } 2005 2006 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2007 HandleMark hm(THREAD); 2008 // Get current loader and protection domain first. 2009 oop loader = current_class()->class_loader(); 2010 oop protection_domain = current_class()->protection_domain(); 2011 2012 Klass* kls = SystemDictionary::resolve_or_fail( 2013 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2014 true, THREAD); 2015 2016 if (kls != NULL) { 2017 current_class()->class_loader_data()->record_dependency(kls); 2018 if (log_is_enabled(Debug, class, resolve)) { 2019 InstanceKlass* cur_class = InstanceKlass::cast(current_class()); 2020 Verifier::trace_class_resolution(kls, cur_class); 2021 } 2022 } 2023 return kls; 2024 } 2025 2026 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2027 Klass* target_class, 2028 Symbol* field_name, 2029 Symbol* field_sig, 2030 bool is_method) { 2031 NoSafepointVerifier nosafepoint; 2032 2033 // If target class isn't a super class of this class, we don't worry about this case 2034 if (!this_class->is_subclass_of(target_class)) { 2035 return false; 2036 } 2037 // Check if the specified method or field is protected 2038 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2039 fieldDescriptor fd; 2040 if (is_method) { 2041 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2042 if (m != NULL && m->is_protected()) { 2043 if (!this_class->is_same_class_package(m->method_holder())) { 2044 return true; 2045 } 2046 } 2047 } else { 2048 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2049 if (member_klass != NULL && fd.is_protected()) { 2050 if (!this_class->is_same_class_package(member_klass)) { 2051 return true; 2052 } 2053 } 2054 } 2055 return false; 2056 } 2057 2058 void ClassVerifier::verify_ldc( 2059 int opcode, u2 index, StackMapFrame* current_frame, 2060 const constantPoolHandle& cp, u2 bci, TRAPS) { 2061 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2062 constantTag tag = cp->tag_at(index); 2063 unsigned int types = 0; 2064 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2065 if (!tag.is_unresolved_klass()) { 2066 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2067 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2068 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2069 | (1 << JVM_CONSTANT_Dynamic); 2070 // Note: The class file parser already verified the legality of 2071 // MethodHandle and MethodType constants. 2072 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2073 } 2074 } else { 2075 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2076 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2077 | (1 << JVM_CONSTANT_Dynamic); 2078 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2079 } 2080 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2081 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2082 } else if (tag.is_string()) { 2083 current_frame->push_stack( 2084 VerificationType::reference_type( 2085 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2086 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2087 current_frame->push_stack( 2088 VerificationType::reference_type( 2089 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2090 } else if (tag.is_int()) { 2091 current_frame->push_stack( 2092 VerificationType::integer_type(), CHECK_VERIFY(this)); 2093 } else if (tag.is_float()) { 2094 current_frame->push_stack( 2095 VerificationType::float_type(), CHECK_VERIFY(this)); 2096 } else if (tag.is_double()) { 2097 current_frame->push_stack_2( 2098 VerificationType::double_type(), 2099 VerificationType::double2_type(), CHECK_VERIFY(this)); 2100 } else if (tag.is_long()) { 2101 current_frame->push_stack_2( 2102 VerificationType::long_type(), 2103 VerificationType::long2_type(), CHECK_VERIFY(this)); 2104 } else if (tag.is_method_handle()) { 2105 current_frame->push_stack( 2106 VerificationType::reference_type( 2107 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2108 } else if (tag.is_method_type()) { 2109 current_frame->push_stack( 2110 VerificationType::reference_type( 2111 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2112 } else if (tag.is_dynamic_constant()) { 2113 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2114 if (!SignatureVerifier::is_valid_type_signature(constant_type)) { 2115 class_format_error( 2116 "Invalid type for dynamic constant in class %s referenced " 2117 "from constant pool index %d", _klass->external_name(), index); 2118 return; 2119 } 2120 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2121 "buffer type must match VerificationType size"); 2122 uintptr_t constant_type_buffer[2]; 2123 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2124 SignatureStream sig_stream(constant_type, false); 2125 int n = change_sig_to_verificationType( 2126 &sig_stream, v_constant_type, CHECK_VERIFY(this)); 2127 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2128 if (n != opcode_n) { 2129 // wrong kind of ldc; reverify against updated type mask 2130 types &= ~(1 << JVM_CONSTANT_Dynamic); 2131 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2132 } 2133 for (int i = 0; i < n; i++) { 2134 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2135 } 2136 } else { 2137 /* Unreachable? verify_cp_type has already validated the cp type. */ 2138 verify_error( 2139 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2140 return; 2141 } 2142 } 2143 2144 void ClassVerifier::verify_switch( 2145 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2146 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2147 int bci = bcs->bci(); 2148 address bcp = bcs->bcp(); 2149 address aligned_bcp = align_up(bcp + 1, jintSize); 2150 2151 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2152 // 4639449 & 4647081: padding bytes must be 0 2153 u2 padding_offset = 1; 2154 while ((bcp + padding_offset) < aligned_bcp) { 2155 if(*(bcp + padding_offset) != 0) { 2156 verify_error(ErrorContext::bad_code(bci), 2157 "Nonzero padding byte in lookupswitch or tableswitch"); 2158 return; 2159 } 2160 padding_offset++; 2161 } 2162 } 2163 2164 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2165 int keys, delta; 2166 current_frame->pop_stack( 2167 VerificationType::integer_type(), CHECK_VERIFY(this)); 2168 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2169 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2170 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2171 if (low > high) { 2172 verify_error(ErrorContext::bad_code(bci), 2173 "low must be less than or equal to high in tableswitch"); 2174 return; 2175 } 2176 keys = high - low + 1; 2177 if (keys < 0) { 2178 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2179 return; 2180 } 2181 delta = 1; 2182 } else { 2183 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2184 if (keys < 0) { 2185 verify_error(ErrorContext::bad_code(bci), 2186 "number of keys in lookupswitch less than 0"); 2187 return; 2188 } 2189 delta = 2; 2190 // Make sure that the lookupswitch items are sorted 2191 for (int i = 0; i < (keys - 1); i++) { 2192 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2193 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2194 if (this_key >= next_key) { 2195 verify_error(ErrorContext::bad_code(bci), 2196 "Bad lookupswitch instruction"); 2197 return; 2198 } 2199 } 2200 } 2201 int target = bci + default_offset; 2202 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2203 for (int i = 0; i < keys; i++) { 2204 // Because check_jump_target() may safepoint, the bytecode could have 2205 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2206 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2207 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2208 stackmap_table->check_jump_target( 2209 current_frame, target, CHECK_VERIFY(this)); 2210 } 2211 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2212 } 2213 2214 bool ClassVerifier::name_in_supers( 2215 Symbol* ref_name, InstanceKlass* current) { 2216 Klass* super = current->super(); 2217 while (super != NULL) { 2218 if (super->name() == ref_name) { 2219 return true; 2220 } 2221 super = super->super(); 2222 } 2223 return false; 2224 } 2225 2226 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2227 StackMapFrame* current_frame, 2228 const constantPoolHandle& cp, 2229 bool allow_arrays, 2230 TRAPS) { 2231 u2 index = bcs->get_index_u2(); 2232 verify_cp_type(bcs->bci(), index, cp, 2233 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2234 2235 // Get field name and signature 2236 Symbol* field_name = cp->name_ref_at(index); 2237 Symbol* field_sig = cp->signature_ref_at(index); 2238 2239 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2240 class_format_error( 2241 "Invalid signature for field in class %s referenced " 2242 "from constant pool index %d", _klass->external_name(), index); 2243 return; 2244 } 2245 2246 // Get referenced class type 2247 VerificationType ref_class_type = cp_ref_index_to_type( 2248 index, cp, CHECK_VERIFY(this)); 2249 if (!ref_class_type.is_object() && 2250 (!allow_arrays || !ref_class_type.is_array())) { 2251 verify_error(ErrorContext::bad_type(bcs->bci(), 2252 TypeOrigin::cp(index, ref_class_type)), 2253 "Expecting reference to class in class %s at constant pool index %d", 2254 _klass->external_name(), index); 2255 return; 2256 } 2257 VerificationType target_class_type = ref_class_type; 2258 2259 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2260 "buffer type must match VerificationType size"); 2261 uintptr_t field_type_buffer[2]; 2262 VerificationType* field_type = (VerificationType*)field_type_buffer; 2263 // If we make a VerificationType[2] array directly, the compiler calls 2264 // to the c-runtime library to do the allocation instead of just 2265 // stack allocating it. Plus it would run constructors. This shows up 2266 // in performance profiles. 2267 2268 SignatureStream sig_stream(field_sig, false); 2269 VerificationType stack_object_type; 2270 int n = change_sig_to_verificationType( 2271 &sig_stream, field_type, CHECK_VERIFY(this)); 2272 u2 bci = bcs->bci(); 2273 bool is_assignable; 2274 switch (bcs->raw_code()) { 2275 case Bytecodes::_getstatic: { 2276 for (int i = 0; i < n; i++) { 2277 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2278 } 2279 break; 2280 } 2281 case Bytecodes::_putstatic: { 2282 for (int i = n - 1; i >= 0; i--) { 2283 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2284 } 2285 break; 2286 } 2287 case Bytecodes::_getfield: { 2288 stack_object_type = current_frame->pop_stack( 2289 target_class_type, CHECK_VERIFY(this)); 2290 for (int i = 0; i < n; i++) { 2291 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2292 } 2293 goto check_protected; 2294 } 2295 case Bytecodes::_putfield: { 2296 for (int i = n - 1; i >= 0; i--) { 2297 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2298 } 2299 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2300 2301 // The JVMS 2nd edition allows field initialization before the superclass 2302 // initializer, if the field is defined within the current class. 2303 fieldDescriptor fd; 2304 if (stack_object_type == VerificationType::uninitialized_this_type() && 2305 target_class_type.equals(current_type()) && 2306 _klass->find_local_field(field_name, field_sig, &fd)) { 2307 stack_object_type = current_type(); 2308 } 2309 is_assignable = target_class_type.is_assignable_from( 2310 stack_object_type, this, false, CHECK_VERIFY(this)); 2311 if (!is_assignable) { 2312 verify_error(ErrorContext::bad_type(bci, 2313 current_frame->stack_top_ctx(), 2314 TypeOrigin::cp(index, target_class_type)), 2315 "Bad type on operand stack in putfield"); 2316 return; 2317 } 2318 } 2319 check_protected: { 2320 if (_this_type == stack_object_type) 2321 break; // stack_object_type must be assignable to _current_class_type 2322 if (was_recursively_verified()) return; 2323 Symbol* ref_class_name = 2324 cp->klass_name_at(cp->klass_ref_index_at(index)); 2325 if (!name_in_supers(ref_class_name, current_class())) 2326 // stack_object_type must be assignable to _current_class_type since: 2327 // 1. stack_object_type must be assignable to ref_class. 2328 // 2. ref_class must be _current_class or a subclass of it. It can't 2329 // be a superclass of it. See revised JVMS 5.4.4. 2330 break; 2331 2332 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2333 if (is_protected_access(current_class(), ref_class_oop, field_name, 2334 field_sig, false)) { 2335 // It's protected access, check if stack object is assignable to 2336 // current class. 2337 is_assignable = current_type().is_assignable_from( 2338 stack_object_type, this, true, CHECK_VERIFY(this)); 2339 if (!is_assignable) { 2340 verify_error(ErrorContext::bad_type(bci, 2341 current_frame->stack_top_ctx(), 2342 TypeOrigin::implicit(current_type())), 2343 "Bad access to protected data in getfield"); 2344 return; 2345 } 2346 } 2347 break; 2348 } 2349 default: ShouldNotReachHere(); 2350 } 2351 } 2352 2353 // Look at the method's handlers. If the bci is in the handler's try block 2354 // then check if the handler_pc is already on the stack. If not, push it 2355 // unless the handler has already been scanned. 2356 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2357 GrowableArray<u4>* handler_list, 2358 GrowableArray<u4>* handler_stack, 2359 u4 bci) { 2360 int exlength = exhandlers->length(); 2361 for(int x = 0; x < exlength; x++) { 2362 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2363 u4 exhandler_pc = exhandlers->handler_pc(x); 2364 if (!handler_list->contains(exhandler_pc)) { 2365 handler_stack->append_if_missing(exhandler_pc); 2366 handler_list->append(exhandler_pc); 2367 } 2368 } 2369 } 2370 } 2371 2372 // Return TRUE if all code paths starting with start_bc_offset end in 2373 // bytecode athrow or loop. 2374 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2375 ResourceMark rm; 2376 // Create bytecode stream. 2377 RawBytecodeStream bcs(method()); 2378 u4 code_length = method()->code_size(); 2379 bcs.set_start(start_bc_offset); 2380 u4 target; 2381 // Create stack for storing bytecode start offsets for if* and *switch. 2382 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2383 // Create stack for handlers for try blocks containing this handler. 2384 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2385 // Create list of handlers that have been pushed onto the handler_stack 2386 // so that handlers embedded inside of their own TRY blocks only get 2387 // scanned once. 2388 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2389 // Create list of visited branch opcodes (goto* and if*). 2390 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2391 ExceptionTable exhandlers(_method()); 2392 2393 while (true) { 2394 if (bcs.is_last_bytecode()) { 2395 // if no more starting offsets to parse or if at the end of the 2396 // method then return false. 2397 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2398 return false; 2399 // Pop a bytecode starting offset and scan from there. 2400 bcs.set_start(bci_stack->pop()); 2401 } 2402 Bytecodes::Code opcode = bcs.raw_next(); 2403 u4 bci = bcs.bci(); 2404 2405 // If the bytecode is in a TRY block, push its handlers so they 2406 // will get parsed. 2407 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2408 2409 switch (opcode) { 2410 case Bytecodes::_if_icmpeq: 2411 case Bytecodes::_if_icmpne: 2412 case Bytecodes::_if_icmplt: 2413 case Bytecodes::_if_icmpge: 2414 case Bytecodes::_if_icmpgt: 2415 case Bytecodes::_if_icmple: 2416 case Bytecodes::_ifeq: 2417 case Bytecodes::_ifne: 2418 case Bytecodes::_iflt: 2419 case Bytecodes::_ifge: 2420 case Bytecodes::_ifgt: 2421 case Bytecodes::_ifle: 2422 case Bytecodes::_if_acmpeq: 2423 case Bytecodes::_if_acmpne: 2424 case Bytecodes::_ifnull: 2425 case Bytecodes::_ifnonnull: 2426 target = bcs.dest(); 2427 if (visited_branches->contains(bci)) { 2428 if (bci_stack->is_empty()) { 2429 if (handler_stack->is_empty()) { 2430 return true; 2431 } else { 2432 // Parse the catch handlers for try blocks containing athrow. 2433 bcs.set_start(handler_stack->pop()); 2434 } 2435 } else { 2436 // Pop a bytecode starting offset and scan from there. 2437 bcs.set_start(bci_stack->pop()); 2438 } 2439 } else { 2440 if (target > bci) { // forward branch 2441 if (target >= code_length) return false; 2442 // Push the branch target onto the stack. 2443 bci_stack->push(target); 2444 // then, scan bytecodes starting with next. 2445 bcs.set_start(bcs.next_bci()); 2446 } else { // backward branch 2447 // Push bytecode offset following backward branch onto the stack. 2448 bci_stack->push(bcs.next_bci()); 2449 // Check bytecodes starting with branch target. 2450 bcs.set_start(target); 2451 } 2452 // Record target so we don't branch here again. 2453 visited_branches->append(bci); 2454 } 2455 break; 2456 2457 case Bytecodes::_goto: 2458 case Bytecodes::_goto_w: 2459 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2460 if (visited_branches->contains(bci)) { 2461 if (bci_stack->is_empty()) { 2462 if (handler_stack->is_empty()) { 2463 return true; 2464 } else { 2465 // Parse the catch handlers for try blocks containing athrow. 2466 bcs.set_start(handler_stack->pop()); 2467 } 2468 } else { 2469 // Been here before, pop new starting offset from stack. 2470 bcs.set_start(bci_stack->pop()); 2471 } 2472 } else { 2473 if (target >= code_length) return false; 2474 // Continue scanning from the target onward. 2475 bcs.set_start(target); 2476 // Record target so we don't branch here again. 2477 visited_branches->append(bci); 2478 } 2479 break; 2480 2481 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2482 // is difficult to determine where each switch alternative ends, parse 2483 // each switch alternative until either hit a 'return', 'athrow', or reach 2484 // the end of the method's bytecodes. This is gross but should be okay 2485 // because: 2486 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2487 // constructor invocations should be rare. 2488 // 2. if each switch alternative ends in an athrow then the parsing should be 2489 // short. If there is no athrow then it is bogus code, anyway. 2490 case Bytecodes::_lookupswitch: 2491 case Bytecodes::_tableswitch: 2492 { 2493 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2494 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2495 int keys, delta; 2496 if (opcode == Bytecodes::_tableswitch) { 2497 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2498 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2499 // This is invalid, but let the regular bytecode verifier 2500 // report this because the user will get a better error message. 2501 if (low > high) return true; 2502 keys = high - low + 1; 2503 delta = 1; 2504 } else { 2505 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2506 delta = 2; 2507 } 2508 // Invalid, let the regular bytecode verifier deal with it. 2509 if (keys < 0) return true; 2510 2511 // Push the offset of the next bytecode onto the stack. 2512 bci_stack->push(bcs.next_bci()); 2513 2514 // Push the switch alternatives onto the stack. 2515 for (int i = 0; i < keys; i++) { 2516 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2517 if (target > code_length) return false; 2518 bci_stack->push(target); 2519 } 2520 2521 // Start bytecode parsing for the switch at the default alternative. 2522 if (default_offset > code_length) return false; 2523 bcs.set_start(default_offset); 2524 break; 2525 } 2526 2527 case Bytecodes::_return: 2528 return false; 2529 2530 case Bytecodes::_athrow: 2531 { 2532 if (bci_stack->is_empty()) { 2533 if (handler_stack->is_empty()) { 2534 return true; 2535 } else { 2536 // Parse the catch handlers for try blocks containing athrow. 2537 bcs.set_start(handler_stack->pop()); 2538 } 2539 } else { 2540 // Pop a bytecode offset and starting scanning from there. 2541 bcs.set_start(bci_stack->pop()); 2542 } 2543 } 2544 break; 2545 2546 default: 2547 ; 2548 } // end switch 2549 } // end while loop 2550 2551 return false; 2552 } 2553 2554 void ClassVerifier::verify_invoke_init( 2555 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2556 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2557 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2558 TRAPS) { 2559 u2 bci = bcs->bci(); 2560 VerificationType type = current_frame->pop_stack( 2561 VerificationType::reference_check(), CHECK_VERIFY(this)); 2562 if (type == VerificationType::uninitialized_this_type()) { 2563 // The method must be an <init> method of this class or its superclass 2564 Klass* superk = current_class()->super(); 2565 if (ref_class_type.name() != current_class()->name() && 2566 ref_class_type.name() != superk->name()) { 2567 verify_error(ErrorContext::bad_type(bci, 2568 TypeOrigin::implicit(ref_class_type), 2569 TypeOrigin::implicit(current_type())), 2570 "Bad <init> method call"); 2571 return; 2572 } 2573 2574 // If this invokespecial call is done from inside of a TRY block then make 2575 // sure that all catch clause paths end in a throw. Otherwise, this can 2576 // result in returning an incomplete object. 2577 if (in_try_block) { 2578 ExceptionTable exhandlers(_method()); 2579 int exlength = exhandlers.length(); 2580 for(int i = 0; i < exlength; i++) { 2581 u2 start_pc = exhandlers.start_pc(i); 2582 u2 end_pc = exhandlers.end_pc(i); 2583 2584 if (bci >= start_pc && bci < end_pc) { 2585 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2586 verify_error(ErrorContext::bad_code(bci), 2587 "Bad <init> method call from after the start of a try block"); 2588 return; 2589 } else if (log_is_enabled(Info, verification)) { 2590 ResourceMark rm(THREAD); 2591 log_info(verification)("Survived call to ends_in_athrow(): %s", 2592 current_class()->name()->as_C_string()); 2593 } 2594 } 2595 } 2596 2597 // Check the exception handler target stackmaps with the locals from the 2598 // incoming stackmap (before initialize_object() changes them to outgoing 2599 // state). 2600 if (was_recursively_verified()) return; 2601 verify_exception_handler_targets(bci, true, current_frame, 2602 stackmap_table, CHECK_VERIFY(this)); 2603 } // in_try_block 2604 2605 current_frame->initialize_object(type, current_type()); 2606 *this_uninit = true; 2607 } else if (type.is_uninitialized()) { 2608 u2 new_offset = type.bci(); 2609 address new_bcp = bcs->bcp() - bci + new_offset; 2610 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2611 /* Unreachable? Stack map parsing ensures valid type and new 2612 * instructions have a valid BCI. */ 2613 verify_error(ErrorContext::bad_code(new_offset), 2614 "Expecting new instruction"); 2615 return; 2616 } 2617 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2618 if (was_recursively_verified()) return; 2619 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2620 2621 // The method must be an <init> method of the indicated class 2622 VerificationType new_class_type = cp_index_to_type( 2623 new_class_index, cp, CHECK_VERIFY(this)); 2624 if (!new_class_type.equals(ref_class_type)) { 2625 verify_error(ErrorContext::bad_type(bci, 2626 TypeOrigin::cp(new_class_index, new_class_type), 2627 TypeOrigin::cp(ref_class_index, ref_class_type)), 2628 "Call to wrong <init> method"); 2629 return; 2630 } 2631 // According to the VM spec, if the referent class is a superclass of the 2632 // current class, and is in a different runtime package, and the method is 2633 // protected, then the objectref must be the current class or a subclass 2634 // of the current class. 2635 VerificationType objectref_type = new_class_type; 2636 if (name_in_supers(ref_class_type.name(), current_class())) { 2637 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2638 if (was_recursively_verified()) return; 2639 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2640 vmSymbols::object_initializer_name(), 2641 cp->signature_ref_at(bcs->get_index_u2()), 2642 Klass::find_overpass); 2643 // Do nothing if method is not found. Let resolution detect the error. 2644 if (m != NULL) { 2645 InstanceKlass* mh = m->method_holder(); 2646 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2647 bool assignable = current_type().is_assignable_from( 2648 objectref_type, this, true, CHECK_VERIFY(this)); 2649 if (!assignable) { 2650 verify_error(ErrorContext::bad_type(bci, 2651 TypeOrigin::cp(new_class_index, objectref_type), 2652 TypeOrigin::implicit(current_type())), 2653 "Bad access to protected <init> method"); 2654 return; 2655 } 2656 } 2657 } 2658 } 2659 // Check the exception handler target stackmaps with the locals from the 2660 // incoming stackmap (before initialize_object() changes them to outgoing 2661 // state). 2662 if (in_try_block) { 2663 if (was_recursively_verified()) return; 2664 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2665 stackmap_table, CHECK_VERIFY(this)); 2666 } 2667 current_frame->initialize_object(type, new_class_type); 2668 } else { 2669 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2670 "Bad operand type when invoking <init>"); 2671 return; 2672 } 2673 } 2674 2675 bool ClassVerifier::is_same_or_direct_interface( 2676 InstanceKlass* klass, 2677 VerificationType klass_type, 2678 VerificationType ref_class_type) { 2679 if (ref_class_type.equals(klass_type)) return true; 2680 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2681 if (local_interfaces != NULL) { 2682 for (int x = 0; x < local_interfaces->length(); x++) { 2683 Klass* k = local_interfaces->at(x); 2684 assert (k != NULL && k->is_interface(), "invalid interface"); 2685 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2686 return true; 2687 } 2688 } 2689 } 2690 return false; 2691 } 2692 2693 void ClassVerifier::verify_invoke_instructions( 2694 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2695 bool in_try_block, bool *this_uninit, VerificationType return_type, 2696 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2697 // Make sure the constant pool item is the right type 2698 u2 index = bcs->get_index_u2(); 2699 Bytecodes::Code opcode = bcs->raw_code(); 2700 unsigned int types = 0; 2701 switch (opcode) { 2702 case Bytecodes::_invokeinterface: 2703 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2704 break; 2705 case Bytecodes::_invokedynamic: 2706 types = 1 << JVM_CONSTANT_InvokeDynamic; 2707 break; 2708 case Bytecodes::_invokespecial: 2709 case Bytecodes::_invokestatic: 2710 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2711 (1 << JVM_CONSTANT_Methodref) : 2712 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2713 break; 2714 default: 2715 types = 1 << JVM_CONSTANT_Methodref; 2716 } 2717 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2718 2719 // Get method name and signature 2720 Symbol* method_name = cp->name_ref_at(index); 2721 Symbol* method_sig = cp->signature_ref_at(index); 2722 2723 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2724 class_format_error( 2725 "Invalid method signature in class %s referenced " 2726 "from constant pool index %d", _klass->external_name(), index); 2727 return; 2728 } 2729 2730 // Get referenced class type 2731 VerificationType ref_class_type; 2732 if (opcode == Bytecodes::_invokedynamic) { 2733 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2734 class_format_error( 2735 "invokedynamic instructions not supported by this class file version (%d), class %s", 2736 _klass->major_version(), _klass->external_name()); 2737 return; 2738 } 2739 } else { 2740 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2741 } 2742 2743 // For a small signature length, we just allocate 128 bytes instead 2744 // of parsing the signature once to find its size. 2745 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2746 // longs/doubles to be consertive. 2747 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2748 "buffer type must match VerificationType size"); 2749 uintptr_t on_stack_sig_types_buffer[128]; 2750 // If we make a VerificationType[128] array directly, the compiler calls 2751 // to the c-runtime library to do the allocation instead of just 2752 // stack allocating it. Plus it would run constructors. This shows up 2753 // in performance profiles. 2754 2755 VerificationType* sig_types; 2756 int size = (method_sig->utf8_length() - 3) * 2; 2757 if (size > 128) { 2758 // Long and double occupies two slots here. 2759 ArgumentSizeComputer size_it(method_sig); 2760 size = size_it.size(); 2761 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2762 } else{ 2763 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2764 } 2765 SignatureStream sig_stream(method_sig); 2766 int sig_i = 0; 2767 while (!sig_stream.at_return_type()) { 2768 sig_i += change_sig_to_verificationType( 2769 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2770 sig_stream.next(); 2771 } 2772 int nargs = sig_i; 2773 2774 #ifdef ASSERT 2775 { 2776 ArgumentSizeComputer size_it(method_sig); 2777 assert(nargs == size_it.size(), "Argument sizes do not match"); 2778 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2779 } 2780 #endif 2781 2782 // Check instruction operands 2783 u2 bci = bcs->bci(); 2784 if (opcode == Bytecodes::_invokeinterface) { 2785 address bcp = bcs->bcp(); 2786 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2787 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2788 // the difference between the size of the operand stack before and after the instruction 2789 // executes. 2790 if (*(bcp+3) != (nargs+1)) { 2791 verify_error(ErrorContext::bad_code(bci), 2792 "Inconsistent args count operand in invokeinterface"); 2793 return; 2794 } 2795 if (*(bcp+4) != 0) { 2796 verify_error(ErrorContext::bad_code(bci), 2797 "Fourth operand byte of invokeinterface must be zero"); 2798 return; 2799 } 2800 } 2801 2802 if (opcode == Bytecodes::_invokedynamic) { 2803 address bcp = bcs->bcp(); 2804 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2805 verify_error(ErrorContext::bad_code(bci), 2806 "Third and fourth operand bytes of invokedynamic must be zero"); 2807 return; 2808 } 2809 } 2810 2811 if (method_name->byte_at(0) == '<') { 2812 // Make sure <init> can only be invoked by invokespecial 2813 if (opcode != Bytecodes::_invokespecial || 2814 method_name != vmSymbols::object_initializer_name()) { 2815 verify_error(ErrorContext::bad_code(bci), 2816 "Illegal call to internal method"); 2817 return; 2818 } 2819 } else if (opcode == Bytecodes::_invokespecial 2820 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2821 && !ref_class_type.equals(VerificationType::reference_type( 2822 current_class()->super()->name()))) { 2823 bool subtype = false; 2824 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2825 if (!current_class()->is_anonymous()) { 2826 subtype = ref_class_type.is_assignable_from( 2827 current_type(), this, false, CHECK_VERIFY(this)); 2828 } else { 2829 VerificationType host_klass_type = 2830 VerificationType::reference_type(current_class()->host_klass()->name()); 2831 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2832 2833 // If invokespecial of IMR, need to recheck for same or 2834 // direct interface relative to the host class 2835 have_imr_indirect = (have_imr_indirect && 2836 !is_same_or_direct_interface( 2837 current_class()->host_klass(), 2838 host_klass_type, ref_class_type)); 2839 } 2840 if (!subtype) { 2841 verify_error(ErrorContext::bad_code(bci), 2842 "Bad invokespecial instruction: " 2843 "current class isn't assignable to reference class."); 2844 return; 2845 } else if (have_imr_indirect) { 2846 verify_error(ErrorContext::bad_code(bci), 2847 "Bad invokespecial instruction: " 2848 "interface method reference is in an indirect superinterface."); 2849 return; 2850 } 2851 2852 } 2853 // Match method descriptor with operand stack 2854 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2855 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2856 } 2857 // Check objectref on operand stack 2858 if (opcode != Bytecodes::_invokestatic && 2859 opcode != Bytecodes::_invokedynamic) { 2860 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2861 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2862 code_length, in_try_block, this_uninit, cp, stackmap_table, 2863 CHECK_VERIFY(this)); 2864 if (was_recursively_verified()) return; 2865 } else { // other methods 2866 // Ensures that target class is assignable to method class. 2867 if (opcode == Bytecodes::_invokespecial) { 2868 if (!current_class()->is_anonymous()) { 2869 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2870 } else { 2871 // anonymous class invokespecial calls: check if the 2872 // objectref is a subtype of the host_klass of the current class 2873 // to allow an anonymous class to reference methods in the host_klass 2874 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2875 VerificationType hosttype = 2876 VerificationType::reference_type(current_class()->host_klass()->name()); 2877 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2878 if (!subtype) { 2879 verify_error( ErrorContext::bad_type(current_frame->offset(), 2880 current_frame->stack_top_ctx(), 2881 TypeOrigin::implicit(top)), 2882 "Bad type on operand stack"); 2883 return; 2884 } 2885 } 2886 } else if (opcode == Bytecodes::_invokevirtual) { 2887 VerificationType stack_object_type = 2888 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2889 if (current_type() != stack_object_type) { 2890 if (was_recursively_verified()) return; 2891 assert(cp->cache() == NULL, "not rewritten yet"); 2892 Symbol* ref_class_name = 2893 cp->klass_name_at(cp->klass_ref_index_at(index)); 2894 // See the comments in verify_field_instructions() for 2895 // the rationale behind this. 2896 if (name_in_supers(ref_class_name, current_class())) { 2897 Klass* ref_class = load_class(ref_class_name, CHECK); 2898 if (is_protected_access( 2899 _klass, ref_class, method_name, method_sig, true)) { 2900 // It's protected access, check if stack object is 2901 // assignable to current class. 2902 bool is_assignable = current_type().is_assignable_from( 2903 stack_object_type, this, true, CHECK_VERIFY(this)); 2904 if (!is_assignable) { 2905 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2906 && stack_object_type.is_array() 2907 && method_name == vmSymbols::clone_name()) { 2908 // Special case: arrays pretend to implement public Object 2909 // clone(). 2910 } else { 2911 verify_error(ErrorContext::bad_type(bci, 2912 current_frame->stack_top_ctx(), 2913 TypeOrigin::implicit(current_type())), 2914 "Bad access to protected data in invokevirtual"); 2915 return; 2916 } 2917 } 2918 } 2919 } 2920 } 2921 } else { 2922 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2923 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2924 } 2925 } 2926 } 2927 // Push the result type. 2928 if (sig_stream.type() != T_VOID) { 2929 if (method_name == vmSymbols::object_initializer_name()) { 2930 // <init> method must have a void return type 2931 /* Unreachable? Class file parser verifies that methods with '<' have 2932 * void return */ 2933 verify_error(ErrorContext::bad_code(bci), 2934 "Return type must be void in <init> method"); 2935 return; 2936 } 2937 VerificationType return_type[2]; 2938 int n = change_sig_to_verificationType( 2939 &sig_stream, return_type, CHECK_VERIFY(this)); 2940 for (int i = 0; i < n; i++) { 2941 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2942 } 2943 } 2944 } 2945 2946 VerificationType ClassVerifier::get_newarray_type( 2947 u2 index, u2 bci, TRAPS) { 2948 const char* from_bt[] = { 2949 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2950 }; 2951 if (index < T_BOOLEAN || index > T_LONG) { 2952 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2953 return VerificationType::bogus_type(); 2954 } 2955 2956 // from_bt[index] contains the array signature which has a length of 2 2957 Symbol* sig = create_temporary_symbol( 2958 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2959 return VerificationType::reference_type(sig); 2960 } 2961 2962 void ClassVerifier::verify_anewarray( 2963 u2 bci, u2 index, const constantPoolHandle& cp, 2964 StackMapFrame* current_frame, TRAPS) { 2965 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2966 current_frame->pop_stack( 2967 VerificationType::integer_type(), CHECK_VERIFY(this)); 2968 2969 if (was_recursively_verified()) return; 2970 VerificationType component_type = 2971 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2972 int length; 2973 char* arr_sig_str; 2974 if (component_type.is_array()) { // it's an array 2975 const char* component_name = component_type.name()->as_utf8(); 2976 // Check for more than MAX_ARRAY_DIMENSIONS 2977 length = (int)strlen(component_name); 2978 if (length > MAX_ARRAY_DIMENSIONS && 2979 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 2980 verify_error(ErrorContext::bad_code(bci), 2981 "Illegal anewarray instruction, array has more than 255 dimensions"); 2982 } 2983 // add one dimension to component 2984 length++; 2985 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2986 arr_sig_str[0] = '['; 2987 strncpy(&arr_sig_str[1], component_name, length - 1); 2988 } else { // it's an object or interface 2989 const char* component_name = component_type.name()->as_utf8(); 2990 // add one dimension to component with 'L' prepended and ';' postpended. 2991 length = (int)strlen(component_name) + 3; 2992 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2993 arr_sig_str[0] = '['; 2994 arr_sig_str[1] = 'L'; 2995 strncpy(&arr_sig_str[2], component_name, length - 2); 2996 arr_sig_str[length - 1] = ';'; 2997 } 2998 Symbol* arr_sig = create_temporary_symbol( 2999 arr_sig_str, length, CHECK_VERIFY(this)); 3000 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3001 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3002 } 3003 3004 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3005 current_frame->get_local( 3006 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3007 current_frame->push_stack( 3008 VerificationType::integer_type(), CHECK_VERIFY(this)); 3009 } 3010 3011 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3012 current_frame->get_local_2( 3013 index, VerificationType::long_type(), 3014 VerificationType::long2_type(), CHECK_VERIFY(this)); 3015 current_frame->push_stack_2( 3016 VerificationType::long_type(), 3017 VerificationType::long2_type(), CHECK_VERIFY(this)); 3018 } 3019 3020 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3021 current_frame->get_local( 3022 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3023 current_frame->push_stack( 3024 VerificationType::float_type(), CHECK_VERIFY(this)); 3025 } 3026 3027 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3028 current_frame->get_local_2( 3029 index, VerificationType::double_type(), 3030 VerificationType::double2_type(), CHECK_VERIFY(this)); 3031 current_frame->push_stack_2( 3032 VerificationType::double_type(), 3033 VerificationType::double2_type(), CHECK_VERIFY(this)); 3034 } 3035 3036 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3037 VerificationType type = current_frame->get_local( 3038 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3039 current_frame->push_stack(type, CHECK_VERIFY(this)); 3040 } 3041 3042 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3043 current_frame->pop_stack( 3044 VerificationType::integer_type(), CHECK_VERIFY(this)); 3045 current_frame->set_local( 3046 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3047 } 3048 3049 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3050 current_frame->pop_stack_2( 3051 VerificationType::long2_type(), 3052 VerificationType::long_type(), CHECK_VERIFY(this)); 3053 current_frame->set_local_2( 3054 index, VerificationType::long_type(), 3055 VerificationType::long2_type(), CHECK_VERIFY(this)); 3056 } 3057 3058 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3059 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3060 current_frame->set_local( 3061 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3062 } 3063 3064 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3065 current_frame->pop_stack_2( 3066 VerificationType::double2_type(), 3067 VerificationType::double_type(), CHECK_VERIFY(this)); 3068 current_frame->set_local_2( 3069 index, VerificationType::double_type(), 3070 VerificationType::double2_type(), CHECK_VERIFY(this)); 3071 } 3072 3073 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3074 VerificationType type = current_frame->pop_stack( 3075 VerificationType::reference_check(), CHECK_VERIFY(this)); 3076 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3077 } 3078 3079 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3080 VerificationType type = current_frame->get_local( 3081 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3082 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3083 } 3084 3085 void ClassVerifier::verify_return_value( 3086 VerificationType return_type, VerificationType type, u2 bci, 3087 StackMapFrame* current_frame, TRAPS) { 3088 if (return_type == VerificationType::bogus_type()) { 3089 verify_error(ErrorContext::bad_type(bci, 3090 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3091 "Method expects a return value"); 3092 return; 3093 } 3094 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3095 if (!match) { 3096 verify_error(ErrorContext::bad_type(bci, 3097 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3098 "Bad return type"); 3099 return; 3100 } 3101 } 3102 3103 // The verifier creates symbols which are substrings of Symbols. 3104 // These are stored in the verifier until the end of verification so that 3105 // they can be reference counted. 3106 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3107 int end, TRAPS) { 3108 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3109 _symbols->push(sym); 3110 return sym; 3111 } 3112 3113 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3114 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3115 _symbols->push(sym); 3116 return sym; 3117 }