2759 verify_error(ErrorContext::bad_code(bci), 2760 "Inconsistent args count operand in invokeinterface"); 2761 return; 2762 } 2763 if (*(bcp+4) != 0) { 2764 verify_error(ErrorContext::bad_code(bci), 2765 "Fourth operand byte of invokeinterface must be zero"); 2766 return; 2767 } 2768 } 2769 2770 if (opcode == Bytecodes::_invokedynamic) { 2771 address bcp = bcs->bcp(); 2772 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2773 verify_error(ErrorContext::bad_code(bci), 2774 "Third and fourth operand bytes of invokedynamic must be zero"); 2775 return; 2776 } 2777 } 2778 2779 // need to track if invokespecial is related to a nestmate access 2780 bool nestmate_access = false; 2781 bool nestmates_checked = false; 2782 2783 if (method_name->byte_at(0) == '<') { 2784 // Make sure <init> can only be invoked by invokespecial 2785 if (opcode != Bytecodes::_invokespecial || 2786 method_name != vmSymbols::object_initializer_name()) { 2787 verify_error(ErrorContext::bad_code(bci), 2788 "Illegal call to internal method"); 2789 return; 2790 } 2791 } else if (UseNewCode && opcode == Bytecodes::_invokespecial) { 2792 bool same_or_direct_interface = is_same_or_direct_interface(current_class(), current_type(), ref_class_type); 2793 bool is_super_class = ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name())); 2794 2795 // We can pass these initial set of verification checks when dealing with nestmates that are 2796 // in the same type hierarchy, only to fail later when we finally apply the 4.9.2 check that 2797 // the objectref on the operand stack is assignable to the current class. So we need to perform 2798 // that check early and if it would fail then do a nestmate check. Then below we skip the 2799 // operand check when we pop the stack. Unfortunately in the failing case we perform the check 2800 // a second time to trigger the failure. This also means that we are forced to do the nestmate 2801 // access check early, instead of using it is a last resort when all other checks have failed. 2802 2803 // If we don't skip anonymous classes here things break very badly 2804 if (!current_class()->is_anonymous()) { 2805 VerificationType top = current_frame->stack_at(current_frame->stack_size() - nargs - 1); 2806 bool is_assignable = current_type().is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2807 if (!is_assignable) { 2808 nestmate_access = ref_class_type.is_nestmate_of(current_class(), CHECK_VERIFY(this)); 2809 nestmates_checked = true; 2810 } 2811 } 2812 2813 if (!same_or_direct_interface && !is_super_class) { 2814 bool subtype = false; 2815 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2816 if (!current_class()->is_anonymous()) { 2817 subtype = ref_class_type.is_assignable_from(current_type(), this, false, CHECK_VERIFY(this)); 2818 } else { 2819 VerificationType host_klass_type = 2820 VerificationType::reference_type(current_class()->host_klass()->name()); 2821 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2822 2823 // If invokespecial of IMR, need to recheck for same or 2824 // direct interface relative to the host class 2825 have_imr_indirect = (have_imr_indirect && 2826 !is_same_or_direct_interface(current_class()->host_klass(), 2827 host_klass_type, ref_class_type)); 2828 } 2829 2830 if ((!subtype || have_imr_indirect) && !nestmates_checked) { 2831 // invokespecial may still be legitimate if current class and reference class 2832 // are nestmates. But in that case we also have to check that the method being 2833 // invoked is defined in the reference class. However that is deferred to runtime 2834 // as we don't have the information available here. 2835 nestmate_access = ref_class_type.is_nestmate_of(current_class(), CHECK_VERIFY(this)); 2836 nestmates_checked = true; 2837 } 2838 2839 // report any definite verification failures 2840 if (!nestmate_access) { 2841 if (!subtype) { 2842 verify_error(ErrorContext::bad_code(bci), 2843 "Bad invokespecial instruction: " 2844 "current class isn't assignable to reference class."); 2845 return; 2846 } else if (have_imr_indirect) { 2847 verify_error(ErrorContext::bad_code(bci), 2848 "Bad invokespecial instruction: " 2849 "interface method reference is in an indirect superinterface."); 2850 return; 2851 } 2852 } 2853 } 2854 } else if (opcode == Bytecodes::_invokespecial 2855 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2856 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { 2857 bool subtype = false; 2858 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2859 if (!current_class()->is_anonymous()) { 2860 subtype = ref_class_type.is_assignable_from(current_type(), this, false, CHECK_VERIFY(this)); 2861 } else { 2862 VerificationType host_klass_type = 2863 VerificationType::reference_type(current_class()->host_klass()->name()); 2864 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2865 2866 // If invokespecial of IMR, need to recheck for same or 2867 // direct interface relative to the host class 2868 have_imr_indirect = (have_imr_indirect && 2869 !is_same_or_direct_interface(current_class()->host_klass(), 2870 host_klass_type, ref_class_type)); 2871 } 2872 if (!subtype) { 2873 verify_error(ErrorContext::bad_code(bci), 2878 verify_error(ErrorContext::bad_code(bci), 2879 "Bad invokespecial instruction: " 2880 "interface method reference is in an indirect superinterface."); 2881 return; 2882 } 2883 } 2884 2885 // Match method descriptor with operand stack 2886 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2887 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2888 } 2889 // Check objectref on operand stack 2890 if (opcode != Bytecodes::_invokestatic && 2891 opcode != Bytecodes::_invokedynamic) { 2892 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2893 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2894 code_length, in_try_block, this_uninit, cp, stackmap_table, 2895 CHECK_VERIFY(this)); 2896 if (was_recursively_verified()) return; 2897 } else { // other methods 2898 // Ensures that target class is assignable to current class (4.9.2), 2899 // unless performing a nestmate access 2900 if (opcode == Bytecodes::_invokespecial) { 2901 if (UseNewCode && nestmate_access) { 2902 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2903 } 2904 else if (!current_class()->is_anonymous()) { 2905 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2906 } else { 2907 // anonymous class invokespecial calls: check if the 2908 // objectref is a subtype of the host_klass of the current class 2909 // to allow an anonymous class to reference methods in the host_klass 2910 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2911 VerificationType hosttype = 2912 VerificationType::reference_type(current_class()->host_klass()->name()); 2913 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2914 if (!subtype) { 2915 verify_error( ErrorContext::bad_type(current_frame->offset(), 2916 current_frame->stack_top_ctx(), 2917 TypeOrigin::implicit(top)), 2918 "Bad type on operand stack"); 2919 return; 2920 } 2921 } 2922 } else if (opcode == Bytecodes::_invokevirtual) { 2923 VerificationType stack_object_type = 2924 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2925 if (current_type() != stack_object_type) { 2926 if (was_recursively_verified()) return; 2927 assert(cp->cache() == NULL, "not rewritten yet"); 2928 Symbol* ref_class_name = 2929 cp->klass_name_at(cp->klass_ref_index_at(index)); 2930 // See the comments in verify_field_instructions() for 2931 // the rationale behind this. 2932 if (name_in_supers(ref_class_name, current_class())) { 2933 Klass* ref_class = load_class(ref_class_name, CHECK); 2934 if (is_protected_access( 2935 _klass, ref_class, method_name, method_sig, true)) { | 2759 verify_error(ErrorContext::bad_code(bci), 2760 "Inconsistent args count operand in invokeinterface"); 2761 return; 2762 } 2763 if (*(bcp+4) != 0) { 2764 verify_error(ErrorContext::bad_code(bci), 2765 "Fourth operand byte of invokeinterface must be zero"); 2766 return; 2767 } 2768 } 2769 2770 if (opcode == Bytecodes::_invokedynamic) { 2771 address bcp = bcs->bcp(); 2772 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2773 verify_error(ErrorContext::bad_code(bci), 2774 "Third and fourth operand bytes of invokedynamic must be zero"); 2775 return; 2776 } 2777 } 2778 2779 if (method_name->byte_at(0) == '<') { 2780 // Make sure <init> can only be invoked by invokespecial 2781 if (opcode != Bytecodes::_invokespecial || 2782 method_name != vmSymbols::object_initializer_name()) { 2783 verify_error(ErrorContext::bad_code(bci), 2784 "Illegal call to internal method"); 2785 return; 2786 } 2787 } else if (opcode == Bytecodes::_invokespecial 2788 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2789 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { 2790 bool subtype = false; 2791 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2792 if (!current_class()->is_anonymous()) { 2793 subtype = ref_class_type.is_assignable_from(current_type(), this, false, CHECK_VERIFY(this)); 2794 } else { 2795 VerificationType host_klass_type = 2796 VerificationType::reference_type(current_class()->host_klass()->name()); 2797 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2798 2799 // If invokespecial of IMR, need to recheck for same or 2800 // direct interface relative to the host class 2801 have_imr_indirect = (have_imr_indirect && 2802 !is_same_or_direct_interface(current_class()->host_klass(), 2803 host_klass_type, ref_class_type)); 2804 } 2805 if (!subtype) { 2806 verify_error(ErrorContext::bad_code(bci), 2811 verify_error(ErrorContext::bad_code(bci), 2812 "Bad invokespecial instruction: " 2813 "interface method reference is in an indirect superinterface."); 2814 return; 2815 } 2816 } 2817 2818 // Match method descriptor with operand stack 2819 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2820 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2821 } 2822 // Check objectref on operand stack 2823 if (opcode != Bytecodes::_invokestatic && 2824 opcode != Bytecodes::_invokedynamic) { 2825 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2826 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2827 code_length, in_try_block, this_uninit, cp, stackmap_table, 2828 CHECK_VERIFY(this)); 2829 if (was_recursively_verified()) return; 2830 } else { // other methods 2831 // Ensures that target class is assignable to current class (4.9.2) 2832 if (opcode == Bytecodes::_invokespecial) { 2833 if (!current_class()->is_anonymous()) { 2834 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2835 } else { 2836 // anonymous class invokespecial calls: check if the 2837 // objectref is a subtype of the host_klass of the current class 2838 // to allow an anonymous class to reference methods in the host_klass 2839 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2840 VerificationType hosttype = 2841 VerificationType::reference_type(current_class()->host_klass()->name()); 2842 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2843 if (!subtype) { 2844 verify_error(ErrorContext::bad_type(current_frame->offset(), 2845 current_frame->stack_top_ctx(), 2846 TypeOrigin::implicit(top)), 2847 "Bad type on operand stack"); 2848 return; 2849 } 2850 } 2851 } else if (opcode == Bytecodes::_invokevirtual) { 2852 VerificationType stack_object_type = 2853 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2854 if (current_type() != stack_object_type) { 2855 if (was_recursively_verified()) return; 2856 assert(cp->cache() == NULL, "not rewritten yet"); 2857 Symbol* ref_class_name = 2858 cp->klass_name_at(cp->klass_ref_index_at(index)); 2859 // See the comments in verify_field_instructions() for 2860 // the rationale behind this. 2861 if (name_in_supers(ref_class_name, current_class())) { 2862 Klass* ref_class = load_class(ref_class_name, CHECK); 2863 if (is_protected_access( 2864 _klass, ref_class, method_name, method_sig, true)) { |