1 /* 2 * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/javaClasses.hpp" 28 #include "classfile/stackMapTable.hpp" 29 #include "classfile/stackMapFrame.hpp" 30 #include "classfile/stackMapTableFormat.hpp" 31 #include "classfile/systemDictionary.hpp" 32 #include "classfile/verifier.hpp" 33 #include "classfile/vmSymbols.hpp" 34 #include "interpreter/bytecodes.hpp" 35 #include "interpreter/bytecodeStream.hpp" 36 #include "logging/log.hpp" 37 #include "logging/logStream.hpp" 38 #include "memory/oopFactory.hpp" 39 #include "memory/resourceArea.hpp" 40 #include "oops/instanceKlass.hpp" 41 #include "oops/oop.inline.hpp" 42 #include "oops/typeArrayOop.hpp" 43 #include "prims/jvm.h" 44 #include "runtime/fieldDescriptor.hpp" 45 #include "runtime/handles.inline.hpp" 46 #include "runtime/interfaceSupport.hpp" 47 #include "runtime/javaCalls.hpp" 48 #include "runtime/orderAccess.inline.hpp" 49 #include "runtime/os.hpp" 50 #include "runtime/thread.hpp" 51 #include "services/threadService.hpp" 52 #include "utilities/align.hpp" 53 #include "utilities/bytes.hpp" 54 55 #define NOFAILOVER_MAJOR_VERSION 51 56 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 57 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 58 #define MAX_ARRAY_DIMENSIONS 255 59 60 // Access to external entry for VerifyClassCodes - old byte code verifier 61 62 extern "C" { 63 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 64 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 65 } 66 67 static void* volatile _verify_byte_codes_fn = NULL; 68 69 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 70 71 static void* verify_byte_codes_fn() { 72 if (OrderAccess::load_ptr_acquire(&_verify_byte_codes_fn) == NULL) { 73 void *lib_handle = os::native_java_library(); 74 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 75 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 76 if (func == NULL) { 77 _is_new_verify_byte_codes_fn = false; 78 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 79 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 80 } 81 } 82 return (void*)_verify_byte_codes_fn; 83 } 84 85 86 // Methods in Verifier 87 88 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 89 return (class_loader == NULL || !should_verify_class) ? 90 BytecodeVerificationLocal : BytecodeVerificationRemote; 91 } 92 93 bool Verifier::relax_access_for(oop loader) { 94 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 95 bool need_verify = 96 // verifyAll 97 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 98 // verifyRemote 99 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 100 return !need_verify; 101 } 102 103 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 104 assert(verify_class != NULL, "Unexpected null verify_class"); 105 ResourceMark rm; 106 Symbol* s = verify_class->source_file_name(); 107 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 108 const char* verify = verify_class->external_name(); 109 const char* resolve = resolve_class->external_name(); 110 // print in a single call to reduce interleaving between threads 111 if (source_file != NULL) { 112 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 113 } else { 114 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 115 } 116 } 117 118 // Prints the end-verification message to the appropriate output. 119 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 120 if (HAS_PENDING_EXCEPTION) { 121 st->print("Verification for %s has", klassName); 122 st->print_cr(" exception pending %s ", 123 PENDING_EXCEPTION->klass()->external_name()); 124 } else if (exception_name != NULL) { 125 st->print_cr("Verification for %s failed", klassName); 126 } 127 st->print_cr("End class verification for: %s", klassName); 128 } 129 130 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 131 HandleMark hm(THREAD); 132 ResourceMark rm(THREAD); 133 134 // Eagerly allocate the identity hash code for a klass. This is a fallout 135 // from 6320749 and 8059924: hash code generator is not supposed to be called 136 // during the safepoint, but it allows to sneak the hashcode in during 137 // verification. Without this eager hashcode generation, we may end up 138 // installing the hashcode during some other operation, which may be at 139 // safepoint -- blowing up the checks. It was previously done as the side 140 // effect (sic!) for external_name(), but instead of doing that, we opt to 141 // explicitly push the hashcode in here. This is signify the following block 142 // is IMPORTANT: 143 if (klass->java_mirror() != NULL) { 144 klass->java_mirror()->identity_hash(); 145 } 146 147 if (!is_eligible_for_verification(klass, should_verify_class)) { 148 return true; 149 } 150 151 // Timer includes any side effects of class verification (resolution, 152 // etc), but not recursive calls to Verifier::verify(). 153 JavaThread* jt = (JavaThread*)THREAD; 154 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 155 ClassLoader::perf_class_verify_selftime(), 156 ClassLoader::perf_classes_verified(), 157 jt->get_thread_stat()->perf_recursion_counts_addr(), 158 jt->get_thread_stat()->perf_timers_addr(), 159 PerfClassTraceTime::CLASS_VERIFY); 160 161 // If the class should be verified, first see if we can use the split 162 // verifier. If not, or if verification fails and FailOverToOldVerifier 163 // is set, then call the inference verifier. 164 165 Symbol* exception_name = NULL; 166 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 167 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 168 char* exception_message = message_buffer; 169 170 const char* klassName = klass->external_name(); 171 bool can_failover = FailOverToOldVerifier && 172 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 173 174 log_info(class, init)("Start class verification for: %s", klassName); 175 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 176 ClassVerifier split_verifier(klass, THREAD); 177 split_verifier.verify_class(THREAD); 178 exception_name = split_verifier.result(); 179 if (can_failover && !HAS_PENDING_EXCEPTION && 180 (exception_name == vmSymbols::java_lang_VerifyError() || 181 exception_name == vmSymbols::java_lang_ClassFormatError())) { 182 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 183 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 184 exception_name = inference_verify( 185 klass, message_buffer, message_buffer_len, THREAD); 186 } 187 if (exception_name != NULL) { 188 exception_message = split_verifier.exception_message(); 189 } 190 } else { 191 exception_name = inference_verify( 192 klass, message_buffer, message_buffer_len, THREAD); 193 } 194 195 LogTarget(Info, class, init) lt1; 196 if (lt1.is_enabled()) { 197 LogStream ls(lt1); 198 log_end_verification(&ls, klassName, exception_name, THREAD); 199 } 200 LogTarget(Info, verification) lt2; 201 if (lt2.is_enabled()) { 202 LogStream ls(lt2); 203 log_end_verification(&ls, klassName, exception_name, THREAD); 204 } 205 206 if (HAS_PENDING_EXCEPTION) { 207 return false; // use the existing exception 208 } else if (exception_name == NULL) { 209 return true; // verifcation succeeded 210 } else { // VerifyError or ClassFormatError to be created and thrown 211 ResourceMark rm(THREAD); 212 Klass* kls = 213 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 214 if (log_is_enabled(Debug, class, resolve)) { 215 Verifier::trace_class_resolution(kls, klass); 216 } 217 218 while (kls != NULL) { 219 if (kls == klass) { 220 // If the class being verified is the exception we're creating 221 // or one of it's superclasses, we're in trouble and are going 222 // to infinitely recurse when we try to initialize the exception. 223 // So bail out here by throwing the preallocated VM error. 224 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 225 } 226 kls = kls->super(); 227 } 228 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 229 THROW_MSG_(exception_name, exception_message, false); 230 } 231 } 232 233 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 234 Symbol* name = klass->name(); 235 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 236 237 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 238 239 return (should_verify_for(klass->class_loader(), should_verify_class) && 240 // return if the class is a bootstrapping class 241 // or defineClass specified not to verify by default (flags override passed arg) 242 // We need to skip the following few for bootstrapping 243 name != vmSymbols::java_lang_Object() && 244 name != vmSymbols::java_lang____Value() && 245 name != vmSymbols::java_lang_Class() && 246 name != vmSymbols::java_lang_String() && 247 name != vmSymbols::java_lang_Throwable() && 248 249 // Can not verify the bytecodes for shared classes because they have 250 // already been rewritten to contain constant pool cache indices, 251 // which the verifier can't understand. 252 // Shared classes shouldn't have stackmaps either. 253 !klass->is_shared() && 254 255 // A MVT derived value type contains no code atrribute - no private static 256 // methods, no instance methods, no <clinit>, no <init>. So while format 257 // checking is performed on it, verification is not. 258 (!((EnableMVT || EnableValhalla) && klass->access_flags().is_value_type())) && 259 260 // As of the fix for 4486457 we disable verification for all of the 261 // dynamically-generated bytecodes associated with the 1.4 262 // reflection implementation, not just those associated with 263 // jdk/internal/reflect/SerializationConstructorAccessor. 264 // NOTE: this is called too early in the bootstrapping process to be 265 // guarded by Universe::is_gte_jdk14x_version(). 266 // Also for lambda generated code, gte jdk8 267 (!is_reflect)); 268 } 269 270 Symbol* Verifier::inference_verify( 271 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 272 JavaThread* thread = (JavaThread*)THREAD; 273 JNIEnv *env = thread->jni_environment(); 274 275 void* verify_func = verify_byte_codes_fn(); 276 277 if (verify_func == NULL) { 278 jio_snprintf(message, message_len, "Could not link verifier"); 279 return vmSymbols::java_lang_VerifyError(); 280 } 281 282 ResourceMark rm(THREAD); 283 log_info(verification)("Verifying class %s with old format", klass->external_name()); 284 285 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 286 jint result; 287 288 { 289 HandleMark hm(thread); 290 ThreadToNativeFromVM ttn(thread); 291 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 292 // code knows that we have left the VM 293 294 if (_is_new_verify_byte_codes_fn) { 295 verify_byte_codes_fn_new_t func = 296 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 297 result = (*func)(env, cls, message, (int)message_len, 298 klass->major_version()); 299 } else { 300 verify_byte_codes_fn_t func = 301 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 302 result = (*func)(env, cls, message, (int)message_len); 303 } 304 } 305 306 JNIHandles::destroy_local(cls); 307 308 // These numbers are chosen so that VerifyClassCodes interface doesn't need 309 // to be changed (still return jboolean (unsigned char)), and result is 310 // 1 when verification is passed. 311 if (result == 0) { 312 return vmSymbols::java_lang_VerifyError(); 313 } else if (result == 1) { 314 return NULL; // verified. 315 } else if (result == 2) { 316 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 317 } else if (result == 3) { 318 return vmSymbols::java_lang_ClassFormatError(); 319 } else { 320 ShouldNotReachHere(); 321 return NULL; 322 } 323 } 324 325 TypeOrigin TypeOrigin::null() { 326 return TypeOrigin(); 327 } 328 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 329 assert(frame != NULL, "Must have a frame"); 330 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 331 frame->local_at(index)); 332 } 333 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 334 assert(frame != NULL, "Must have a frame"); 335 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 336 frame->stack_at(index)); 337 } 338 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 339 assert(frame != NULL, "Must have a frame"); 340 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 341 frame->local_at(index)); 342 } 343 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 344 assert(frame != NULL, "Must have a frame"); 345 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 346 frame->stack_at(index)); 347 } 348 TypeOrigin TypeOrigin::bad_index(u2 index) { 349 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 350 } 351 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 352 return TypeOrigin(CONST_POOL, index, NULL, vt); 353 } 354 TypeOrigin TypeOrigin::signature(VerificationType vt) { 355 return TypeOrigin(SIG, 0, NULL, vt); 356 } 357 TypeOrigin TypeOrigin::implicit(VerificationType t) { 358 return TypeOrigin(IMPLICIT, 0, NULL, t); 359 } 360 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 361 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 362 VerificationType::bogus_type()); 363 } 364 365 void TypeOrigin::reset_frame() { 366 if (_frame != NULL) { 367 _frame->restore(); 368 } 369 } 370 371 void TypeOrigin::details(outputStream* ss) const { 372 _type.print_on(ss); 373 switch (_origin) { 374 case CF_LOCALS: 375 ss->print(" (current frame, locals[%d])", _index); 376 break; 377 case CF_STACK: 378 ss->print(" (current frame, stack[%d])", _index); 379 break; 380 case SM_LOCALS: 381 ss->print(" (stack map, locals[%d])", _index); 382 break; 383 case SM_STACK: 384 ss->print(" (stack map, stack[%d])", _index); 385 break; 386 case CONST_POOL: 387 ss->print(" (constant pool %d)", _index); 388 break; 389 case SIG: 390 ss->print(" (from method signature)"); 391 break; 392 case IMPLICIT: 393 case FRAME_ONLY: 394 case NONE: 395 default: 396 ; 397 } 398 } 399 400 #ifdef ASSERT 401 void TypeOrigin::print_on(outputStream* str) const { 402 str->print("{%d,%d,%p:", _origin, _index, _frame); 403 if (_frame != NULL) { 404 _frame->print_on(str); 405 } else { 406 str->print("null"); 407 } 408 str->print(","); 409 _type.print_on(str); 410 str->print("}"); 411 } 412 #endif 413 414 void ErrorContext::details(outputStream* ss, const Method* method) const { 415 if (is_valid()) { 416 ss->cr(); 417 ss->print_cr("Exception Details:"); 418 location_details(ss, method); 419 reason_details(ss); 420 frame_details(ss); 421 bytecode_details(ss, method); 422 handler_details(ss, method); 423 stackmap_details(ss, method); 424 } 425 } 426 427 void ErrorContext::reason_details(outputStream* ss) const { 428 streamIndentor si(ss); 429 ss->indent().print_cr("Reason:"); 430 streamIndentor si2(ss); 431 ss->indent().print("%s", ""); 432 switch (_fault) { 433 case INVALID_BYTECODE: 434 ss->print("Error exists in the bytecode"); 435 break; 436 case WRONG_TYPE: 437 if (_expected.is_valid()) { 438 ss->print("Type "); 439 _type.details(ss); 440 ss->print(" is not assignable to "); 441 _expected.details(ss); 442 } else { 443 ss->print("Invalid type: "); 444 _type.details(ss); 445 } 446 break; 447 case FLAGS_MISMATCH: 448 if (_expected.is_valid()) { 449 ss->print("Current frame's flags are not assignable " 450 "to stack map frame's."); 451 } else { 452 ss->print("Current frame's flags are invalid in this context."); 453 } 454 break; 455 case BAD_CP_INDEX: 456 ss->print("Constant pool index %d is invalid", _type.index()); 457 break; 458 case BAD_LOCAL_INDEX: 459 ss->print("Local index %d is invalid", _type.index()); 460 break; 461 case LOCALS_SIZE_MISMATCH: 462 ss->print("Current frame's local size doesn't match stackmap."); 463 break; 464 case STACK_SIZE_MISMATCH: 465 ss->print("Current frame's stack size doesn't match stackmap."); 466 break; 467 case STACK_OVERFLOW: 468 ss->print("Exceeded max stack size."); 469 break; 470 case STACK_UNDERFLOW: 471 ss->print("Attempt to pop empty stack."); 472 break; 473 case MISSING_STACKMAP: 474 ss->print("Expected stackmap frame at this location."); 475 break; 476 case BAD_STACKMAP: 477 ss->print("Invalid stackmap specification."); 478 break; 479 case UNKNOWN: 480 default: 481 ShouldNotReachHere(); 482 ss->print_cr("Unknown"); 483 } 484 ss->cr(); 485 } 486 487 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 488 if (_bci != -1 && method != NULL) { 489 streamIndentor si(ss); 490 const char* bytecode_name = "<invalid>"; 491 if (method->validate_bci(_bci) != -1) { 492 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 493 if (Bytecodes::is_defined(code)) { 494 bytecode_name = Bytecodes::name(code); 495 } else { 496 bytecode_name = "<illegal>"; 497 } 498 } 499 InstanceKlass* ik = method->method_holder(); 500 ss->indent().print_cr("Location:"); 501 streamIndentor si2(ss); 502 ss->indent().print_cr("%s.%s%s @%d: %s", 503 ik->name()->as_C_string(), method->name()->as_C_string(), 504 method->signature()->as_C_string(), _bci, bytecode_name); 505 } 506 } 507 508 void ErrorContext::frame_details(outputStream* ss) const { 509 streamIndentor si(ss); 510 if (_type.is_valid() && _type.frame() != NULL) { 511 ss->indent().print_cr("Current Frame:"); 512 streamIndentor si2(ss); 513 _type.frame()->print_on(ss); 514 } 515 if (_expected.is_valid() && _expected.frame() != NULL) { 516 ss->indent().print_cr("Stackmap Frame:"); 517 streamIndentor si2(ss); 518 _expected.frame()->print_on(ss); 519 } 520 } 521 522 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 523 if (method != NULL) { 524 streamIndentor si(ss); 525 ss->indent().print_cr("Bytecode:"); 526 streamIndentor si2(ss); 527 ss->print_data(method->code_base(), method->code_size(), false); 528 } 529 } 530 531 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 532 if (method != NULL) { 533 streamIndentor si(ss); 534 ExceptionTable table(method); 535 if (table.length() > 0) { 536 ss->indent().print_cr("Exception Handler Table:"); 537 streamIndentor si2(ss); 538 for (int i = 0; i < table.length(); ++i) { 539 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 540 table.end_pc(i), table.handler_pc(i)); 541 } 542 } 543 } 544 } 545 546 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 547 if (method != NULL && method->has_stackmap_table()) { 548 streamIndentor si(ss); 549 ss->indent().print_cr("Stackmap Table:"); 550 Array<u1>* data = method->stackmap_data(); 551 stack_map_table* sm_table = 552 stack_map_table::at((address)data->adr_at(0)); 553 stack_map_frame* sm_frame = sm_table->entries(); 554 streamIndentor si2(ss); 555 int current_offset = -1; 556 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 557 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 558 ss->indent(); 559 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 560 sm_frame->print_truncated(ss, current_offset); 561 return; 562 } 563 sm_frame->print_on(ss, current_offset); 564 ss->cr(); 565 current_offset += sm_frame->offset_delta(); 566 sm_frame = sm_frame->next(); 567 } 568 } 569 } 570 571 // Methods in ClassVerifier 572 573 ClassVerifier::ClassVerifier( 574 InstanceKlass* klass, TRAPS) 575 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 576 _this_type = VerificationType::reference_type(klass->name()); 577 // Create list to hold symbols in reference area. 578 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 579 } 580 581 ClassVerifier::~ClassVerifier() { 582 // Decrement the reference count for any symbols created. 583 for (int i = 0; i < _symbols->length(); i++) { 584 Symbol* s = _symbols->at(i); 585 s->decrement_refcount(); 586 } 587 } 588 589 VerificationType ClassVerifier::object_type() const { 590 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 591 } 592 593 VerificationType ClassVerifier::__value_type() const { 594 return VerificationType::valuetype_type(vmSymbols::java_lang____Value()); 595 } 596 597 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 598 VerificationType vt = VerificationType::reference_type( 599 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 600 return TypeOrigin::implicit(vt); 601 } 602 603 TypeOrigin ClassVerifier::valuetype_ctx(const char* sig, TRAPS) { 604 VerificationType vt = VerificationType::valuetype_type( 605 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 606 return TypeOrigin::implicit(vt); 607 } 608 609 void ClassVerifier::verify_class(TRAPS) { 610 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 611 612 Array<Method*>* methods = _klass->methods(); 613 int num_methods = methods->length(); 614 615 for (int index = 0; index < num_methods; index++) { 616 // Check for recursive re-verification before each method. 617 if (was_recursively_verified()) return; 618 619 Method* m = methods->at(index); 620 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 621 // If m is native or abstract, skip it. It is checked in class file 622 // parser that methods do not override a final method. Overpass methods 623 // are trusted since the VM generates them. 624 continue; 625 } 626 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 627 } 628 629 if (was_recursively_verified()){ 630 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 631 log_info(class, init)("Recursive verification detected for: %s", 632 _klass->external_name()); 633 } 634 } 635 636 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 637 HandleMark hm(THREAD); 638 _method = m; // initialize _method 639 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 640 641 // For clang, the only good constant format string is a literal constant format string. 642 #define bad_type_msg "Bad type on operand stack in %s" 643 644 int32_t max_stack = m->verifier_max_stack(); 645 int32_t max_locals = m->max_locals(); 646 constantPoolHandle cp(THREAD, m->constants()); 647 648 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 649 class_format_error("Invalid method signature"); 650 return; 651 } 652 653 // Verify value type bytecodes if enabled and class file version supports them. 654 // Commented check out for now until class file version 54.1 is generated. 655 bool vbytecodes_allowed = (EnableMVT || EnableValhalla); 656 //_klass->major_version() >= Verifier::VALUETYPE_MAJOR_VERSION && 657 //_klass->minor_version() >= Verifier::VALUETYPE_MINOR_VERSION); 658 659 // Initial stack map frame: offset is 0, stack is initially empty. 660 StackMapFrame current_frame(max_locals, max_stack, this); 661 // Set initial locals 662 VerificationType return_type = current_frame.set_locals_from_arg( 663 m, current_type(), CHECK_VERIFY(this)); 664 665 int32_t stackmap_index = 0; // index to the stackmap array 666 667 u4 code_length = m->code_size(); 668 669 // Scan the bytecode and map each instruction's start offset to a number. 670 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 671 672 int ex_min = code_length; 673 int ex_max = -1; 674 // Look through each item on the exception table. Each of the fields must refer 675 // to a legal instruction. 676 if (was_recursively_verified()) return; 677 verify_exception_handler_table( 678 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 679 680 // Look through each entry on the local variable table and make sure 681 // its range of code array offsets is valid. (4169817) 682 if (m->has_localvariable_table()) { 683 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 684 } 685 686 Array<u1>* stackmap_data = m->stackmap_data(); 687 StackMapStream stream(stackmap_data); 688 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 689 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 690 code_data, code_length, CHECK_VERIFY(this)); 691 692 LogTarget(Info, verification) lt; 693 if (lt.is_enabled()) { 694 ResourceMark rm(THREAD); 695 LogStream ls(lt); 696 stackmap_table.print_on(&ls); 697 } 698 699 RawBytecodeStream bcs(m); 700 701 // Scan the byte code linearly from the start to the end 702 bool no_control_flow = false; // Set to true when there is no direct control 703 // flow from current instruction to the next 704 // instruction in sequence 705 706 Bytecodes::Code opcode; 707 while (!bcs.is_last_bytecode()) { 708 // Check for recursive re-verification before each bytecode. 709 if (was_recursively_verified()) return; 710 711 opcode = bcs.raw_next(); 712 u2 bci = bcs.bci(); 713 714 // Set current frame's offset to bci 715 current_frame.set_offset(bci); 716 current_frame.set_mark(); 717 718 // Make sure every offset in stackmap table point to the beginning to 719 // an instruction. Match current_frame to stackmap_table entry with 720 // the same offset if exists. 721 stackmap_index = verify_stackmap_table( 722 stackmap_index, bci, ¤t_frame, &stackmap_table, 723 no_control_flow, CHECK_VERIFY(this)); 724 725 726 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 727 bool verified_exc_handlers = false; 728 729 // Merge with the next instruction 730 { 731 u2 index; 732 int target; 733 VerificationType type, type2; 734 VerificationType atype; 735 736 LogTarget(Info, verification) lt; 737 if (lt.is_enabled()) { 738 ResourceMark rm(THREAD); 739 LogStream ls(lt); 740 current_frame.print_on(&ls); 741 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 742 } 743 744 // Make sure wide instruction is in correct format 745 if (bcs.is_wide()) { 746 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 747 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 748 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 749 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 750 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 751 opcode != Bytecodes::_dstore) { 752 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 753 * if we encounter a wide instruction that modifies an invalid 754 * opcode (not one of the ones listed above) */ 755 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 756 return; 757 } 758 } 759 760 // Look for possible jump target in exception handlers and see if it 761 // matches current_frame. Do this check here for astore*, dstore*, 762 // fstore*, istore*, and lstore* opcodes because they can change the type 763 // state by adding a local. JVM Spec says that the incoming type state 764 // should be used for this check. So, do the check here before a possible 765 // local is added to the type state. 766 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 767 if (was_recursively_verified()) return; 768 verify_exception_handler_targets( 769 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 770 verified_exc_handlers = true; 771 } 772 773 if (was_recursively_verified()) return; 774 775 switch (opcode) { 776 case Bytecodes::_nop : 777 no_control_flow = false; break; 778 case Bytecodes::_aconst_null : 779 current_frame.push_stack( 780 VerificationType::null_type(), CHECK_VERIFY(this)); 781 no_control_flow = false; break; 782 case Bytecodes::_iconst_m1 : 783 case Bytecodes::_iconst_0 : 784 case Bytecodes::_iconst_1 : 785 case Bytecodes::_iconst_2 : 786 case Bytecodes::_iconst_3 : 787 case Bytecodes::_iconst_4 : 788 case Bytecodes::_iconst_5 : 789 current_frame.push_stack( 790 VerificationType::integer_type(), CHECK_VERIFY(this)); 791 no_control_flow = false; break; 792 case Bytecodes::_lconst_0 : 793 case Bytecodes::_lconst_1 : 794 current_frame.push_stack_2( 795 VerificationType::long_type(), 796 VerificationType::long2_type(), CHECK_VERIFY(this)); 797 no_control_flow = false; break; 798 case Bytecodes::_fconst_0 : 799 case Bytecodes::_fconst_1 : 800 case Bytecodes::_fconst_2 : 801 current_frame.push_stack( 802 VerificationType::float_type(), CHECK_VERIFY(this)); 803 no_control_flow = false; break; 804 case Bytecodes::_dconst_0 : 805 case Bytecodes::_dconst_1 : 806 current_frame.push_stack_2( 807 VerificationType::double_type(), 808 VerificationType::double2_type(), CHECK_VERIFY(this)); 809 no_control_flow = false; break; 810 case Bytecodes::_sipush : 811 case Bytecodes::_bipush : 812 current_frame.push_stack( 813 VerificationType::integer_type(), CHECK_VERIFY(this)); 814 no_control_flow = false; break; 815 case Bytecodes::_ldc : 816 verify_ldc( 817 opcode, bcs.get_index_u1(), ¤t_frame, 818 cp, bci, CHECK_VERIFY(this)); 819 no_control_flow = false; break; 820 case Bytecodes::_ldc_w : 821 case Bytecodes::_ldc2_w : 822 verify_ldc( 823 opcode, bcs.get_index_u2(), ¤t_frame, 824 cp, bci, CHECK_VERIFY(this)); 825 no_control_flow = false; break; 826 case Bytecodes::_iload : 827 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 828 no_control_flow = false; break; 829 case Bytecodes::_iload_0 : 830 case Bytecodes::_iload_1 : 831 case Bytecodes::_iload_2 : 832 case Bytecodes::_iload_3 : 833 index = opcode - Bytecodes::_iload_0; 834 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 835 no_control_flow = false; break; 836 case Bytecodes::_lload : 837 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 838 no_control_flow = false; break; 839 case Bytecodes::_lload_0 : 840 case Bytecodes::_lload_1 : 841 case Bytecodes::_lload_2 : 842 case Bytecodes::_lload_3 : 843 index = opcode - Bytecodes::_lload_0; 844 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 845 no_control_flow = false; break; 846 case Bytecodes::_fload : 847 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 848 no_control_flow = false; break; 849 case Bytecodes::_fload_0 : 850 case Bytecodes::_fload_1 : 851 case Bytecodes::_fload_2 : 852 case Bytecodes::_fload_3 : 853 index = opcode - Bytecodes::_fload_0; 854 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 855 no_control_flow = false; break; 856 case Bytecodes::_dload : 857 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 858 no_control_flow = false; break; 859 case Bytecodes::_dload_0 : 860 case Bytecodes::_dload_1 : 861 case Bytecodes::_dload_2 : 862 case Bytecodes::_dload_3 : 863 index = opcode - Bytecodes::_dload_0; 864 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 865 no_control_flow = false; break; 866 case Bytecodes::_vload : 867 if (!vbytecodes_allowed) { 868 class_format_error( 869 "vload not supported by this class file version (%d.%d), class %s", 870 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 871 return; 872 } 873 verify_vload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 874 no_control_flow = false; break; 875 case Bytecodes::_aload : 876 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 877 no_control_flow = false; break; 878 case Bytecodes::_aload_0 : 879 case Bytecodes::_aload_1 : 880 case Bytecodes::_aload_2 : 881 case Bytecodes::_aload_3 : 882 index = opcode - Bytecodes::_aload_0; 883 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 884 no_control_flow = false; break; 885 case Bytecodes::_iaload : 886 type = current_frame.pop_stack( 887 VerificationType::integer_type(), CHECK_VERIFY(this)); 888 atype = current_frame.pop_stack( 889 VerificationType::reference_check(), CHECK_VERIFY(this)); 890 if (!atype.is_int_array()) { 891 verify_error(ErrorContext::bad_type(bci, 892 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 893 bad_type_msg, "iaload"); 894 return; 895 } 896 current_frame.push_stack( 897 VerificationType::integer_type(), CHECK_VERIFY(this)); 898 no_control_flow = false; break; 899 case Bytecodes::_baload : 900 type = current_frame.pop_stack( 901 VerificationType::integer_type(), CHECK_VERIFY(this)); 902 atype = current_frame.pop_stack( 903 VerificationType::reference_check(), CHECK_VERIFY(this)); 904 if (!atype.is_bool_array() && !atype.is_byte_array()) { 905 verify_error( 906 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 907 bad_type_msg, "baload"); 908 return; 909 } 910 current_frame.push_stack( 911 VerificationType::integer_type(), CHECK_VERIFY(this)); 912 no_control_flow = false; break; 913 case Bytecodes::_caload : 914 type = current_frame.pop_stack( 915 VerificationType::integer_type(), CHECK_VERIFY(this)); 916 atype = current_frame.pop_stack( 917 VerificationType::reference_check(), CHECK_VERIFY(this)); 918 if (!atype.is_char_array()) { 919 verify_error(ErrorContext::bad_type(bci, 920 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 921 bad_type_msg, "caload"); 922 return; 923 } 924 current_frame.push_stack( 925 VerificationType::integer_type(), CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_saload : 928 type = current_frame.pop_stack( 929 VerificationType::integer_type(), CHECK_VERIFY(this)); 930 atype = current_frame.pop_stack( 931 VerificationType::reference_check(), CHECK_VERIFY(this)); 932 if (!atype.is_short_array()) { 933 verify_error(ErrorContext::bad_type(bci, 934 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 935 bad_type_msg, "saload"); 936 return; 937 } 938 current_frame.push_stack( 939 VerificationType::integer_type(), CHECK_VERIFY(this)); 940 no_control_flow = false; break; 941 case Bytecodes::_laload : 942 type = current_frame.pop_stack( 943 VerificationType::integer_type(), CHECK_VERIFY(this)); 944 atype = current_frame.pop_stack( 945 VerificationType::reference_check(), CHECK_VERIFY(this)); 946 if (!atype.is_long_array()) { 947 verify_error(ErrorContext::bad_type(bci, 948 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 949 bad_type_msg, "laload"); 950 return; 951 } 952 current_frame.push_stack_2( 953 VerificationType::long_type(), 954 VerificationType::long2_type(), CHECK_VERIFY(this)); 955 no_control_flow = false; break; 956 case Bytecodes::_faload : 957 type = current_frame.pop_stack( 958 VerificationType::integer_type(), CHECK_VERIFY(this)); 959 atype = current_frame.pop_stack( 960 VerificationType::reference_check(), CHECK_VERIFY(this)); 961 if (!atype.is_float_array()) { 962 verify_error(ErrorContext::bad_type(bci, 963 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 964 bad_type_msg, "faload"); 965 return; 966 } 967 current_frame.push_stack( 968 VerificationType::float_type(), CHECK_VERIFY(this)); 969 no_control_flow = false; break; 970 case Bytecodes::_daload : 971 type = current_frame.pop_stack( 972 VerificationType::integer_type(), CHECK_VERIFY(this)); 973 atype = current_frame.pop_stack( 974 VerificationType::reference_check(), CHECK_VERIFY(this)); 975 if (!atype.is_double_array()) { 976 verify_error(ErrorContext::bad_type(bci, 977 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 978 bad_type_msg, "daload"); 979 return; 980 } 981 current_frame.push_stack_2( 982 VerificationType::double_type(), 983 VerificationType::double2_type(), CHECK_VERIFY(this)); 984 no_control_flow = false; break; 985 case Bytecodes::_aaload : { 986 type = current_frame.pop_stack( 987 VerificationType::integer_type(), CHECK_VERIFY(this)); 988 atype = current_frame.pop_stack( 989 VerificationType::reference_check(), CHECK_VERIFY(this)); 990 if (!atype.is_reference_array()) { 991 verify_error(ErrorContext::bad_type(bci, 992 current_frame.stack_top_ctx(), 993 TypeOrigin::implicit(VerificationType::reference_check())), 994 bad_type_msg, "aaload"); 995 return; 996 } 997 if (atype.is_null()) { 998 current_frame.push_stack( 999 VerificationType::null_type(), CHECK_VERIFY(this)); 1000 } else { 1001 VerificationType component = 1002 atype.get_component(this, CHECK_VERIFY(this)); 1003 current_frame.push_stack(component, CHECK_VERIFY(this)); 1004 } 1005 no_control_flow = false; break; 1006 } 1007 case Bytecodes::_vaload : { 1008 if (!vbytecodes_allowed) { 1009 class_format_error( 1010 "vaload not supported by this class file version (%d.%d), class %s", 1011 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1012 return; 1013 } 1014 type = current_frame.pop_stack( 1015 VerificationType::integer_type(), CHECK_VERIFY(this)); 1016 atype = current_frame.pop_stack( 1017 VerificationType::reference_check(), CHECK_VERIFY(this)); 1018 // The null check is strictly not be necessary, left in for future proofing. 1019 // Will be reconsidered if type indexes are removed. 1020 if (atype.is_null() || !atype.is_value_array()) { 1021 verify_error(ErrorContext::bad_type(bci, 1022 current_frame.stack_top_ctx(), 1023 TypeOrigin::implicit(VerificationType::reference_check())), 1024 bad_type_msg, "vaload"); 1025 return; 1026 } 1027 VerificationType component = atype.get_component(this, CHECK_VERIFY(this)); 1028 if (!component.is_valuetype()) { 1029 verify_error(ErrorContext::bad_type(bci, 1030 current_frame.stack_top_ctx(), 1031 TypeOrigin::implicit(VerificationType::valuetype_check())), 1032 bad_type_msg, "vaload"); 1033 return; 1034 } 1035 current_frame.push_stack(component, CHECK_VERIFY(this)); 1036 no_control_flow = false; break; 1037 } 1038 case Bytecodes::_istore : 1039 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1040 no_control_flow = false; break; 1041 case Bytecodes::_istore_0 : 1042 case Bytecodes::_istore_1 : 1043 case Bytecodes::_istore_2 : 1044 case Bytecodes::_istore_3 : 1045 index = opcode - Bytecodes::_istore_0; 1046 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1047 no_control_flow = false; break; 1048 case Bytecodes::_lstore : 1049 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1050 no_control_flow = false; break; 1051 case Bytecodes::_lstore_0 : 1052 case Bytecodes::_lstore_1 : 1053 case Bytecodes::_lstore_2 : 1054 case Bytecodes::_lstore_3 : 1055 index = opcode - Bytecodes::_lstore_0; 1056 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1057 no_control_flow = false; break; 1058 case Bytecodes::_fstore : 1059 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1060 no_control_flow = false; break; 1061 case Bytecodes::_fstore_0 : 1062 case Bytecodes::_fstore_1 : 1063 case Bytecodes::_fstore_2 : 1064 case Bytecodes::_fstore_3 : 1065 index = opcode - Bytecodes::_fstore_0; 1066 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1067 no_control_flow = false; break; 1068 case Bytecodes::_dstore : 1069 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1070 no_control_flow = false; break; 1071 case Bytecodes::_dstore_0 : 1072 case Bytecodes::_dstore_1 : 1073 case Bytecodes::_dstore_2 : 1074 case Bytecodes::_dstore_3 : 1075 index = opcode - Bytecodes::_dstore_0; 1076 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1077 no_control_flow = false; break; 1078 case Bytecodes::_vstore : 1079 if (!vbytecodes_allowed) { 1080 class_format_error( 1081 "vstore not supported by this class file version (%d.%d), class %s", 1082 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1083 return; 1084 } 1085 verify_vstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 case Bytecodes::_astore : 1088 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1089 no_control_flow = false; break; 1090 case Bytecodes::_astore_0 : 1091 case Bytecodes::_astore_1 : 1092 case Bytecodes::_astore_2 : 1093 case Bytecodes::_astore_3 : 1094 index = opcode - Bytecodes::_astore_0; 1095 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1096 no_control_flow = false; break; 1097 case Bytecodes::_iastore : 1098 type = current_frame.pop_stack( 1099 VerificationType::integer_type(), CHECK_VERIFY(this)); 1100 type2 = current_frame.pop_stack( 1101 VerificationType::integer_type(), CHECK_VERIFY(this)); 1102 atype = current_frame.pop_stack( 1103 VerificationType::reference_check(), CHECK_VERIFY(this)); 1104 if (!atype.is_int_array()) { 1105 verify_error(ErrorContext::bad_type(bci, 1106 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1107 bad_type_msg, "iastore"); 1108 return; 1109 } 1110 no_control_flow = false; break; 1111 case Bytecodes::_bastore : 1112 type = current_frame.pop_stack( 1113 VerificationType::integer_type(), CHECK_VERIFY(this)); 1114 type2 = current_frame.pop_stack( 1115 VerificationType::integer_type(), CHECK_VERIFY(this)); 1116 atype = current_frame.pop_stack( 1117 VerificationType::reference_check(), CHECK_VERIFY(this)); 1118 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1119 verify_error( 1120 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1121 bad_type_msg, "bastore"); 1122 return; 1123 } 1124 no_control_flow = false; break; 1125 case Bytecodes::_castore : 1126 current_frame.pop_stack( 1127 VerificationType::integer_type(), CHECK_VERIFY(this)); 1128 current_frame.pop_stack( 1129 VerificationType::integer_type(), CHECK_VERIFY(this)); 1130 atype = current_frame.pop_stack( 1131 VerificationType::reference_check(), CHECK_VERIFY(this)); 1132 if (!atype.is_char_array()) { 1133 verify_error(ErrorContext::bad_type(bci, 1134 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1135 bad_type_msg, "castore"); 1136 return; 1137 } 1138 no_control_flow = false; break; 1139 case Bytecodes::_sastore : 1140 current_frame.pop_stack( 1141 VerificationType::integer_type(), CHECK_VERIFY(this)); 1142 current_frame.pop_stack( 1143 VerificationType::integer_type(), CHECK_VERIFY(this)); 1144 atype = current_frame.pop_stack( 1145 VerificationType::reference_check(), CHECK_VERIFY(this)); 1146 if (!atype.is_short_array()) { 1147 verify_error(ErrorContext::bad_type(bci, 1148 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1149 bad_type_msg, "sastore"); 1150 return; 1151 } 1152 no_control_flow = false; break; 1153 case Bytecodes::_lastore : 1154 current_frame.pop_stack_2( 1155 VerificationType::long2_type(), 1156 VerificationType::long_type(), CHECK_VERIFY(this)); 1157 current_frame.pop_stack( 1158 VerificationType::integer_type(), CHECK_VERIFY(this)); 1159 atype = current_frame.pop_stack( 1160 VerificationType::reference_check(), CHECK_VERIFY(this)); 1161 if (!atype.is_long_array()) { 1162 verify_error(ErrorContext::bad_type(bci, 1163 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1164 bad_type_msg, "lastore"); 1165 return; 1166 } 1167 no_control_flow = false; break; 1168 case Bytecodes::_fastore : 1169 current_frame.pop_stack( 1170 VerificationType::float_type(), CHECK_VERIFY(this)); 1171 current_frame.pop_stack 1172 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1173 atype = current_frame.pop_stack( 1174 VerificationType::reference_check(), CHECK_VERIFY(this)); 1175 if (!atype.is_float_array()) { 1176 verify_error(ErrorContext::bad_type(bci, 1177 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1178 bad_type_msg, "fastore"); 1179 return; 1180 } 1181 no_control_flow = false; break; 1182 case Bytecodes::_dastore : 1183 current_frame.pop_stack_2( 1184 VerificationType::double2_type(), 1185 VerificationType::double_type(), CHECK_VERIFY(this)); 1186 current_frame.pop_stack( 1187 VerificationType::integer_type(), CHECK_VERIFY(this)); 1188 atype = current_frame.pop_stack( 1189 VerificationType::reference_check(), CHECK_VERIFY(this)); 1190 if (!atype.is_double_array()) { 1191 verify_error(ErrorContext::bad_type(bci, 1192 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1193 bad_type_msg, "dastore"); 1194 return; 1195 } 1196 no_control_flow = false; break; 1197 case Bytecodes::_aastore : 1198 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1199 type2 = current_frame.pop_stack( 1200 VerificationType::integer_type(), CHECK_VERIFY(this)); 1201 atype = current_frame.pop_stack( 1202 VerificationType::reference_check(), CHECK_VERIFY(this)); 1203 // more type-checking is done at runtime 1204 if (!atype.is_reference_array()) { 1205 verify_error(ErrorContext::bad_type(bci, 1206 current_frame.stack_top_ctx(), 1207 TypeOrigin::implicit(VerificationType::reference_check())), 1208 bad_type_msg, "aastore"); 1209 return; 1210 } 1211 // 4938384: relaxed constraint in JVMS 3nd edition. 1212 no_control_flow = false; break; 1213 case Bytecodes::_vastore : 1214 if (!vbytecodes_allowed) { 1215 class_format_error( 1216 "vastore not supported by this class file version (%d.%d), class %s", 1217 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1218 return; 1219 } 1220 type = current_frame.pop_stack(__value_type(), CHECK_VERIFY(this)); 1221 type2 = current_frame.pop_stack( 1222 VerificationType::integer_type(), CHECK_VERIFY(this)); 1223 atype = current_frame.pop_stack( 1224 VerificationType::reference_check(), CHECK_VERIFY(this)); 1225 // The null check is strictly not be necessary, left in for future proofing. 1226 // Will be reconsidered if type indexes are removed. 1227 if (atype.is_null() || !atype.is_value_array()) { 1228 verify_error(ErrorContext::bad_type(bci, 1229 current_frame.stack_top_ctx(), 1230 TypeOrigin::implicit(VerificationType::reference_check())), 1231 bad_type_msg, "vastore"); 1232 return; 1233 } 1234 no_control_flow = false; break; 1235 case Bytecodes::_pop : 1236 current_frame.pop_stack( 1237 VerificationType::category1_check(), CHECK_VERIFY(this)); 1238 no_control_flow = false; break; 1239 case Bytecodes::_pop2 : 1240 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1241 if (type.is_category1()) { 1242 current_frame.pop_stack( 1243 VerificationType::category1_check(), CHECK_VERIFY(this)); 1244 } else if (type.is_category2_2nd()) { 1245 current_frame.pop_stack( 1246 VerificationType::category2_check(), CHECK_VERIFY(this)); 1247 } else { 1248 /* Unreachable? Would need a category2_1st on TOS 1249 * which does not appear possible. */ 1250 verify_error( 1251 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1252 bad_type_msg, "pop2"); 1253 return; 1254 } 1255 no_control_flow = false; break; 1256 case Bytecodes::_dup : 1257 type = current_frame.pop_stack( 1258 VerificationType::category1_check(), CHECK_VERIFY(this)); 1259 current_frame.push_stack(type, CHECK_VERIFY(this)); 1260 current_frame.push_stack(type, CHECK_VERIFY(this)); 1261 no_control_flow = false; break; 1262 case Bytecodes::_dup_x1 : 1263 type = current_frame.pop_stack( 1264 VerificationType::category1_check(), CHECK_VERIFY(this)); 1265 type2 = current_frame.pop_stack( 1266 VerificationType::category1_check(), CHECK_VERIFY(this)); 1267 current_frame.push_stack(type, CHECK_VERIFY(this)); 1268 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1269 current_frame.push_stack(type, CHECK_VERIFY(this)); 1270 no_control_flow = false; break; 1271 case Bytecodes::_dup_x2 : 1272 { 1273 VerificationType type3; 1274 type = current_frame.pop_stack( 1275 VerificationType::category1_check(), CHECK_VERIFY(this)); 1276 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1277 if (type2.is_category1()) { 1278 type3 = current_frame.pop_stack( 1279 VerificationType::category1_check(), CHECK_VERIFY(this)); 1280 } else if (type2.is_category2_2nd()) { 1281 type3 = current_frame.pop_stack( 1282 VerificationType::category2_check(), CHECK_VERIFY(this)); 1283 } else { 1284 /* Unreachable? Would need a category2_1st at stack depth 2 with 1285 * a category1 on TOS which does not appear possible. */ 1286 verify_error(ErrorContext::bad_type( 1287 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1288 return; 1289 } 1290 current_frame.push_stack(type, CHECK_VERIFY(this)); 1291 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type, CHECK_VERIFY(this)); 1294 no_control_flow = false; break; 1295 } 1296 case Bytecodes::_dup2 : 1297 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1298 if (type.is_category1()) { 1299 type2 = current_frame.pop_stack( 1300 VerificationType::category1_check(), CHECK_VERIFY(this)); 1301 } else if (type.is_category2_2nd()) { 1302 type2 = current_frame.pop_stack( 1303 VerificationType::category2_check(), CHECK_VERIFY(this)); 1304 } else { 1305 /* Unreachable? Would need a category2_1st on TOS which does not 1306 * appear possible. */ 1307 verify_error( 1308 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1309 bad_type_msg, "dup2"); 1310 return; 1311 } 1312 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1313 current_frame.push_stack(type, CHECK_VERIFY(this)); 1314 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1315 current_frame.push_stack(type, CHECK_VERIFY(this)); 1316 no_control_flow = false; break; 1317 case Bytecodes::_dup2_x1 : 1318 { 1319 VerificationType type3; 1320 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1321 if (type.is_category1()) { 1322 type2 = current_frame.pop_stack( 1323 VerificationType::category1_check(), CHECK_VERIFY(this)); 1324 } else if (type.is_category2_2nd()) { 1325 type2 = current_frame.pop_stack( 1326 VerificationType::category2_check(), CHECK_VERIFY(this)); 1327 } else { 1328 /* Unreachable? Would need a category2_1st on TOS which does 1329 * not appear possible. */ 1330 verify_error( 1331 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1332 bad_type_msg, "dup2_x1"); 1333 return; 1334 } 1335 type3 = current_frame.pop_stack( 1336 VerificationType::category1_check(), CHECK_VERIFY(this)); 1337 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1338 current_frame.push_stack(type, CHECK_VERIFY(this)); 1339 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1340 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1341 current_frame.push_stack(type, CHECK_VERIFY(this)); 1342 no_control_flow = false; break; 1343 } 1344 case Bytecodes::_dup2_x2 : 1345 { 1346 VerificationType type3, type4; 1347 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1348 if (type.is_category1()) { 1349 type2 = current_frame.pop_stack( 1350 VerificationType::category1_check(), CHECK_VERIFY(this)); 1351 } else if (type.is_category2_2nd()) { 1352 type2 = current_frame.pop_stack( 1353 VerificationType::category2_check(), CHECK_VERIFY(this)); 1354 } else { 1355 /* Unreachable? Would need a category2_1st on TOS which does 1356 * not appear possible. */ 1357 verify_error( 1358 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1359 bad_type_msg, "dup2_x2"); 1360 return; 1361 } 1362 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1363 if (type3.is_category1()) { 1364 type4 = current_frame.pop_stack( 1365 VerificationType::category1_check(), CHECK_VERIFY(this)); 1366 } else if (type3.is_category2_2nd()) { 1367 type4 = current_frame.pop_stack( 1368 VerificationType::category2_check(), CHECK_VERIFY(this)); 1369 } else { 1370 /* Unreachable? Would need a category2_1st on TOS after popping 1371 * a long/double or two category 1's, which does not 1372 * appear possible. */ 1373 verify_error( 1374 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1375 bad_type_msg, "dup2_x2"); 1376 return; 1377 } 1378 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1379 current_frame.push_stack(type, CHECK_VERIFY(this)); 1380 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1381 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1382 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1383 current_frame.push_stack(type, CHECK_VERIFY(this)); 1384 no_control_flow = false; break; 1385 } 1386 case Bytecodes::_swap : 1387 type = current_frame.pop_stack( 1388 VerificationType::category1_check(), CHECK_VERIFY(this)); 1389 type2 = current_frame.pop_stack( 1390 VerificationType::category1_check(), CHECK_VERIFY(this)); 1391 current_frame.push_stack(type, CHECK_VERIFY(this)); 1392 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1393 no_control_flow = false; break; 1394 case Bytecodes::_iadd : 1395 case Bytecodes::_isub : 1396 case Bytecodes::_imul : 1397 case Bytecodes::_idiv : 1398 case Bytecodes::_irem : 1399 case Bytecodes::_ishl : 1400 case Bytecodes::_ishr : 1401 case Bytecodes::_iushr : 1402 case Bytecodes::_ior : 1403 case Bytecodes::_ixor : 1404 case Bytecodes::_iand : 1405 current_frame.pop_stack( 1406 VerificationType::integer_type(), CHECK_VERIFY(this)); 1407 // fall through 1408 case Bytecodes::_ineg : 1409 current_frame.pop_stack( 1410 VerificationType::integer_type(), CHECK_VERIFY(this)); 1411 current_frame.push_stack( 1412 VerificationType::integer_type(), CHECK_VERIFY(this)); 1413 no_control_flow = false; break; 1414 case Bytecodes::_ladd : 1415 case Bytecodes::_lsub : 1416 case Bytecodes::_lmul : 1417 case Bytecodes::_ldiv : 1418 case Bytecodes::_lrem : 1419 case Bytecodes::_land : 1420 case Bytecodes::_lor : 1421 case Bytecodes::_lxor : 1422 current_frame.pop_stack_2( 1423 VerificationType::long2_type(), 1424 VerificationType::long_type(), CHECK_VERIFY(this)); 1425 // fall through 1426 case Bytecodes::_lneg : 1427 current_frame.pop_stack_2( 1428 VerificationType::long2_type(), 1429 VerificationType::long_type(), CHECK_VERIFY(this)); 1430 current_frame.push_stack_2( 1431 VerificationType::long_type(), 1432 VerificationType::long2_type(), CHECK_VERIFY(this)); 1433 no_control_flow = false; break; 1434 case Bytecodes::_lshl : 1435 case Bytecodes::_lshr : 1436 case Bytecodes::_lushr : 1437 current_frame.pop_stack( 1438 VerificationType::integer_type(), CHECK_VERIFY(this)); 1439 current_frame.pop_stack_2( 1440 VerificationType::long2_type(), 1441 VerificationType::long_type(), CHECK_VERIFY(this)); 1442 current_frame.push_stack_2( 1443 VerificationType::long_type(), 1444 VerificationType::long2_type(), CHECK_VERIFY(this)); 1445 no_control_flow = false; break; 1446 case Bytecodes::_fadd : 1447 case Bytecodes::_fsub : 1448 case Bytecodes::_fmul : 1449 case Bytecodes::_fdiv : 1450 case Bytecodes::_frem : 1451 current_frame.pop_stack( 1452 VerificationType::float_type(), CHECK_VERIFY(this)); 1453 // fall through 1454 case Bytecodes::_fneg : 1455 current_frame.pop_stack( 1456 VerificationType::float_type(), CHECK_VERIFY(this)); 1457 current_frame.push_stack( 1458 VerificationType::float_type(), CHECK_VERIFY(this)); 1459 no_control_flow = false; break; 1460 case Bytecodes::_dadd : 1461 case Bytecodes::_dsub : 1462 case Bytecodes::_dmul : 1463 case Bytecodes::_ddiv : 1464 case Bytecodes::_drem : 1465 current_frame.pop_stack_2( 1466 VerificationType::double2_type(), 1467 VerificationType::double_type(), CHECK_VERIFY(this)); 1468 // fall through 1469 case Bytecodes::_dneg : 1470 current_frame.pop_stack_2( 1471 VerificationType::double2_type(), 1472 VerificationType::double_type(), CHECK_VERIFY(this)); 1473 current_frame.push_stack_2( 1474 VerificationType::double_type(), 1475 VerificationType::double2_type(), CHECK_VERIFY(this)); 1476 no_control_flow = false; break; 1477 case Bytecodes::_iinc : 1478 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1479 no_control_flow = false; break; 1480 case Bytecodes::_i2l : 1481 type = current_frame.pop_stack( 1482 VerificationType::integer_type(), CHECK_VERIFY(this)); 1483 current_frame.push_stack_2( 1484 VerificationType::long_type(), 1485 VerificationType::long2_type(), CHECK_VERIFY(this)); 1486 no_control_flow = false; break; 1487 case Bytecodes::_l2i : 1488 current_frame.pop_stack_2( 1489 VerificationType::long2_type(), 1490 VerificationType::long_type(), CHECK_VERIFY(this)); 1491 current_frame.push_stack( 1492 VerificationType::integer_type(), CHECK_VERIFY(this)); 1493 no_control_flow = false; break; 1494 case Bytecodes::_i2f : 1495 current_frame.pop_stack( 1496 VerificationType::integer_type(), CHECK_VERIFY(this)); 1497 current_frame.push_stack( 1498 VerificationType::float_type(), CHECK_VERIFY(this)); 1499 no_control_flow = false; break; 1500 case Bytecodes::_i2d : 1501 current_frame.pop_stack( 1502 VerificationType::integer_type(), CHECK_VERIFY(this)); 1503 current_frame.push_stack_2( 1504 VerificationType::double_type(), 1505 VerificationType::double2_type(), CHECK_VERIFY(this)); 1506 no_control_flow = false; break; 1507 case Bytecodes::_l2f : 1508 current_frame.pop_stack_2( 1509 VerificationType::long2_type(), 1510 VerificationType::long_type(), CHECK_VERIFY(this)); 1511 current_frame.push_stack( 1512 VerificationType::float_type(), CHECK_VERIFY(this)); 1513 no_control_flow = false; break; 1514 case Bytecodes::_l2d : 1515 current_frame.pop_stack_2( 1516 VerificationType::long2_type(), 1517 VerificationType::long_type(), CHECK_VERIFY(this)); 1518 current_frame.push_stack_2( 1519 VerificationType::double_type(), 1520 VerificationType::double2_type(), CHECK_VERIFY(this)); 1521 no_control_flow = false; break; 1522 case Bytecodes::_f2i : 1523 current_frame.pop_stack( 1524 VerificationType::float_type(), CHECK_VERIFY(this)); 1525 current_frame.push_stack( 1526 VerificationType::integer_type(), CHECK_VERIFY(this)); 1527 no_control_flow = false; break; 1528 case Bytecodes::_f2l : 1529 current_frame.pop_stack( 1530 VerificationType::float_type(), CHECK_VERIFY(this)); 1531 current_frame.push_stack_2( 1532 VerificationType::long_type(), 1533 VerificationType::long2_type(), CHECK_VERIFY(this)); 1534 no_control_flow = false; break; 1535 case Bytecodes::_f2d : 1536 current_frame.pop_stack( 1537 VerificationType::float_type(), CHECK_VERIFY(this)); 1538 current_frame.push_stack_2( 1539 VerificationType::double_type(), 1540 VerificationType::double2_type(), CHECK_VERIFY(this)); 1541 no_control_flow = false; break; 1542 case Bytecodes::_d2i : 1543 current_frame.pop_stack_2( 1544 VerificationType::double2_type(), 1545 VerificationType::double_type(), CHECK_VERIFY(this)); 1546 current_frame.push_stack( 1547 VerificationType::integer_type(), CHECK_VERIFY(this)); 1548 no_control_flow = false; break; 1549 case Bytecodes::_d2l : 1550 current_frame.pop_stack_2( 1551 VerificationType::double2_type(), 1552 VerificationType::double_type(), CHECK_VERIFY(this)); 1553 current_frame.push_stack_2( 1554 VerificationType::long_type(), 1555 VerificationType::long2_type(), CHECK_VERIFY(this)); 1556 no_control_flow = false; break; 1557 case Bytecodes::_d2f : 1558 current_frame.pop_stack_2( 1559 VerificationType::double2_type(), 1560 VerificationType::double_type(), CHECK_VERIFY(this)); 1561 current_frame.push_stack( 1562 VerificationType::float_type(), CHECK_VERIFY(this)); 1563 no_control_flow = false; break; 1564 case Bytecodes::_i2b : 1565 case Bytecodes::_i2c : 1566 case Bytecodes::_i2s : 1567 current_frame.pop_stack( 1568 VerificationType::integer_type(), CHECK_VERIFY(this)); 1569 current_frame.push_stack( 1570 VerificationType::integer_type(), CHECK_VERIFY(this)); 1571 no_control_flow = false; break; 1572 case Bytecodes::_lcmp : 1573 current_frame.pop_stack_2( 1574 VerificationType::long2_type(), 1575 VerificationType::long_type(), CHECK_VERIFY(this)); 1576 current_frame.pop_stack_2( 1577 VerificationType::long2_type(), 1578 VerificationType::long_type(), CHECK_VERIFY(this)); 1579 current_frame.push_stack( 1580 VerificationType::integer_type(), CHECK_VERIFY(this)); 1581 no_control_flow = false; break; 1582 case Bytecodes::_fcmpl : 1583 case Bytecodes::_fcmpg : 1584 current_frame.pop_stack( 1585 VerificationType::float_type(), CHECK_VERIFY(this)); 1586 current_frame.pop_stack( 1587 VerificationType::float_type(), CHECK_VERIFY(this)); 1588 current_frame.push_stack( 1589 VerificationType::integer_type(), CHECK_VERIFY(this)); 1590 no_control_flow = false; break; 1591 case Bytecodes::_dcmpl : 1592 case Bytecodes::_dcmpg : 1593 current_frame.pop_stack_2( 1594 VerificationType::double2_type(), 1595 VerificationType::double_type(), CHECK_VERIFY(this)); 1596 current_frame.pop_stack_2( 1597 VerificationType::double2_type(), 1598 VerificationType::double_type(), CHECK_VERIFY(this)); 1599 current_frame.push_stack( 1600 VerificationType::integer_type(), CHECK_VERIFY(this)); 1601 no_control_flow = false; break; 1602 case Bytecodes::_if_icmpeq: 1603 case Bytecodes::_if_icmpne: 1604 case Bytecodes::_if_icmplt: 1605 case Bytecodes::_if_icmpge: 1606 case Bytecodes::_if_icmpgt: 1607 case Bytecodes::_if_icmple: 1608 current_frame.pop_stack( 1609 VerificationType::integer_type(), CHECK_VERIFY(this)); 1610 // fall through 1611 case Bytecodes::_ifeq: 1612 case Bytecodes::_ifne: 1613 case Bytecodes::_iflt: 1614 case Bytecodes::_ifge: 1615 case Bytecodes::_ifgt: 1616 case Bytecodes::_ifle: 1617 current_frame.pop_stack( 1618 VerificationType::integer_type(), CHECK_VERIFY(this)); 1619 target = bcs.dest(); 1620 stackmap_table.check_jump_target( 1621 ¤t_frame, target, CHECK_VERIFY(this)); 1622 no_control_flow = false; break; 1623 case Bytecodes::_if_acmpeq : 1624 case Bytecodes::_if_acmpne : 1625 current_frame.pop_stack( 1626 VerificationType::reference_check(), CHECK_VERIFY(this)); 1627 // fall through 1628 case Bytecodes::_ifnull : 1629 case Bytecodes::_ifnonnull : 1630 current_frame.pop_stack( 1631 VerificationType::reference_check(), CHECK_VERIFY(this)); 1632 target = bcs.dest(); 1633 stackmap_table.check_jump_target 1634 (¤t_frame, target, CHECK_VERIFY(this)); 1635 no_control_flow = false; break; 1636 case Bytecodes::_goto : 1637 target = bcs.dest(); 1638 stackmap_table.check_jump_target( 1639 ¤t_frame, target, CHECK_VERIFY(this)); 1640 no_control_flow = true; break; 1641 case Bytecodes::_goto_w : 1642 target = bcs.dest_w(); 1643 stackmap_table.check_jump_target( 1644 ¤t_frame, target, CHECK_VERIFY(this)); 1645 no_control_flow = true; break; 1646 case Bytecodes::_tableswitch : 1647 case Bytecodes::_lookupswitch : 1648 verify_switch( 1649 &bcs, code_length, code_data, ¤t_frame, 1650 &stackmap_table, CHECK_VERIFY(this)); 1651 no_control_flow = true; break; 1652 case Bytecodes::_ireturn : 1653 type = current_frame.pop_stack( 1654 VerificationType::integer_type(), CHECK_VERIFY(this)); 1655 verify_return_value(return_type, type, bci, 1656 ¤t_frame, CHECK_VERIFY(this)); 1657 no_control_flow = true; break; 1658 case Bytecodes::_lreturn : 1659 type2 = current_frame.pop_stack( 1660 VerificationType::long2_type(), CHECK_VERIFY(this)); 1661 type = current_frame.pop_stack( 1662 VerificationType::long_type(), CHECK_VERIFY(this)); 1663 verify_return_value(return_type, type, bci, 1664 ¤t_frame, CHECK_VERIFY(this)); 1665 no_control_flow = true; break; 1666 case Bytecodes::_freturn : 1667 type = current_frame.pop_stack( 1668 VerificationType::float_type(), CHECK_VERIFY(this)); 1669 verify_return_value(return_type, type, bci, 1670 ¤t_frame, CHECK_VERIFY(this)); 1671 no_control_flow = true; break; 1672 case Bytecodes::_dreturn : 1673 type2 = current_frame.pop_stack( 1674 VerificationType::double2_type(), CHECK_VERIFY(this)); 1675 type = current_frame.pop_stack( 1676 VerificationType::double_type(), CHECK_VERIFY(this)); 1677 verify_return_value(return_type, type, bci, 1678 ¤t_frame, CHECK_VERIFY(this)); 1679 no_control_flow = true; break; 1680 case Bytecodes::_areturn : 1681 type = current_frame.pop_stack( 1682 VerificationType::reference_check(), CHECK_VERIFY(this)); 1683 verify_return_value(return_type, type, bci, 1684 ¤t_frame, CHECK_VERIFY(this)); 1685 no_control_flow = true; break; 1686 case Bytecodes::_vreturn : 1687 if (!vbytecodes_allowed) { 1688 class_format_error( 1689 "vreturn not supported by this class file version (%d.%d), class %s", 1690 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1691 return; 1692 } 1693 type = current_frame.pop_stack( 1694 VerificationType::valuetype_check(), CHECK_VERIFY(this)); 1695 verify_return_value(return_type, type, bci, 1696 ¤t_frame, CHECK_VERIFY(this)); 1697 no_control_flow = true; break; 1698 case Bytecodes::_return : 1699 if (return_type != VerificationType::bogus_type()) { 1700 verify_error(ErrorContext::bad_code(bci), 1701 "Method expects a return value"); 1702 return; 1703 } 1704 // Make sure "this" has been initialized if current method is an 1705 // <init>. 1706 if (_method->name() == vmSymbols::object_initializer_name() && 1707 current_frame.flag_this_uninit()) { 1708 verify_error(ErrorContext::bad_code(bci), 1709 "Constructor must call super() or this() " 1710 "before return"); 1711 return; 1712 } 1713 no_control_flow = true; break; 1714 case Bytecodes::_getstatic : 1715 case Bytecodes::_putstatic : 1716 // pass TRUE, operand can be an array type for getstatic/putstatic. 1717 verify_field_instructions( 1718 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1719 no_control_flow = false; break; 1720 case Bytecodes::_getfield : 1721 case Bytecodes::_putfield : 1722 // pass FALSE, operand can't be an array type for getfield/putfield. 1723 verify_field_instructions( 1724 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1725 no_control_flow = false; break; 1726 case Bytecodes::_vwithfield : 1727 if (!vbytecodes_allowed) { 1728 class_format_error( 1729 "vwithfield not supported by this class file version (%d.%d), class %s", 1730 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1731 return; 1732 } 1733 verify_vwithfield(&bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1734 no_control_flow = false; break; 1735 case Bytecodes::_invokevirtual : 1736 case Bytecodes::_invokespecial : 1737 case Bytecodes::_invokestatic : 1738 verify_invoke_instructions( 1739 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1740 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1741 no_control_flow = false; break; 1742 case Bytecodes::_invokeinterface : 1743 case Bytecodes::_invokedynamic : 1744 verify_invoke_instructions( 1745 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1746 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1747 no_control_flow = false; break; 1748 case Bytecodes::_new : 1749 { 1750 index = bcs.get_index_u2(); 1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1752 VerificationType new_class_type = 1753 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 1754 if (!new_class_type.is_object()) { 1755 verify_error(ErrorContext::bad_type(bci, 1756 TypeOrigin::cp(index, new_class_type)), 1757 "Illegal new instruction"); 1758 return; 1759 } 1760 type = VerificationType::uninitialized_type(bci); 1761 current_frame.push_stack(type, CHECK_VERIFY(this)); 1762 no_control_flow = false; break; 1763 } 1764 case Bytecodes::_vdefault : 1765 { 1766 if (!vbytecodes_allowed) { 1767 class_format_error( 1768 "vdefault not supported by this class file version (%d.%d), class %s", 1769 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1770 return; 1771 } 1772 index = bcs.get_index_u2(); 1773 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this)); 1774 VerificationType new_value_type = 1775 cp_index_to_valuetype(index, cp, CHECK_VERIFY(this)); 1776 if (!new_value_type.is_valuetype()) { 1777 verify_error(ErrorContext::bad_type(bci, 1778 TypeOrigin::cp(index, new_value_type)), 1779 "Illegal vdefault instruction"); 1780 return; 1781 } 1782 current_frame.push_stack(new_value_type, CHECK_VERIFY(this)); 1783 no_control_flow = false; break; 1784 } 1785 case Bytecodes::_newarray : 1786 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1787 current_frame.pop_stack( 1788 VerificationType::integer_type(), CHECK_VERIFY(this)); 1789 current_frame.push_stack(type, CHECK_VERIFY(this)); 1790 no_control_flow = false; break; 1791 case Bytecodes::_anewarray : 1792 verify_anewarray( 1793 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1794 no_control_flow = false; break; 1795 case Bytecodes::_arraylength : 1796 type = current_frame.pop_stack( 1797 VerificationType::reference_check(), CHECK_VERIFY(this)); 1798 if (!(type.is_null() || type.is_array())) { 1799 verify_error(ErrorContext::bad_type( 1800 bci, current_frame.stack_top_ctx()), 1801 bad_type_msg, "arraylength"); 1802 } 1803 current_frame.push_stack( 1804 VerificationType::integer_type(), CHECK_VERIFY(this)); 1805 no_control_flow = false; break; 1806 case Bytecodes::_checkcast : 1807 { 1808 index = bcs.get_index_u2(); 1809 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1810 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1811 VerificationType klass_type = cp_index_to_reference_type( 1812 index, cp, CHECK_VERIFY(this)); 1813 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1814 no_control_flow = false; break; 1815 } 1816 case Bytecodes::_instanceof : { 1817 index = bcs.get_index_u2(); 1818 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1819 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1820 current_frame.push_stack( 1821 VerificationType::integer_type(), CHECK_VERIFY(this)); 1822 no_control_flow = false; break; 1823 } 1824 case Bytecodes::_vbox : { 1825 if (!EnableMVT || !vbytecodes_allowed) { 1826 class_format_error( 1827 "vbox not supported by this class file version (%d.%d), class %s", 1828 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1829 return; 1830 } 1831 index = bcs.get_index_u2(); 1832 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1833 current_frame.pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this)); 1834 VerificationType klass_type = cp_index_to_reference_type( 1835 index, cp, CHECK_VERIFY(this)); 1836 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1837 no_control_flow = false; break; 1838 } 1839 case Bytecodes::_vunbox : { 1840 if (!EnableMVT || !vbytecodes_allowed) { 1841 class_format_error( 1842 "vunbox not supported by this class file version (%d.%d), class %s", 1843 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1844 return; 1845 } 1846 index = bcs.get_index_u2(); 1847 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this)); 1848 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1849 VerificationType value_type = cp_index_to_valuetype( 1850 index, cp, CHECK_VERIFY(this)); 1851 current_frame.push_stack(value_type, CHECK_VERIFY(this)); 1852 no_control_flow = false; break; 1853 } 1854 case Bytecodes::_monitorenter : 1855 case Bytecodes::_monitorexit : 1856 current_frame.pop_stack( 1857 VerificationType::reference_check(), CHECK_VERIFY(this)); 1858 no_control_flow = false; break; 1859 case Bytecodes::_multianewarray : 1860 { 1861 index = bcs.get_index_u2(); 1862 u2 dim = *(bcs.bcp()+3); 1863 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this)); 1864 VerificationType new_array_type = 1865 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 1866 if (!new_array_type.is_array()) { 1867 verify_error(ErrorContext::bad_type(bci, 1868 TypeOrigin::cp(index, new_array_type)), 1869 "Illegal constant pool index in multianewarray instruction"); 1870 return; 1871 } 1872 if (dim < 1 || new_array_type.dimensions() < dim) { 1873 verify_error(ErrorContext::bad_code(bci), 1874 "Illegal dimension in multianewarray instruction: %d", dim); 1875 return; 1876 } 1877 for (int i = 0; i < dim; i++) { 1878 current_frame.pop_stack( 1879 VerificationType::integer_type(), CHECK_VERIFY(this)); 1880 } 1881 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1882 no_control_flow = false; break; 1883 } 1884 case Bytecodes::_athrow : 1885 type = VerificationType::reference_type( 1886 vmSymbols::java_lang_Throwable()); 1887 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1888 no_control_flow = true; break; 1889 default: 1890 // We only need to check the valid bytecodes in class file. 1891 // And jsr and ret are not in the new class file format in JDK1.5. 1892 verify_error(ErrorContext::bad_code(bci), 1893 "Bad instruction: %02x", opcode); 1894 no_control_flow = false; 1895 return; 1896 } // end switch 1897 } // end Merge with the next instruction 1898 1899 // Look for possible jump target in exception handlers and see if it matches 1900 // current_frame. Don't do this check if it has already been done (for 1901 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1902 // opcodes, such as invokespecial, may set the this_uninit flag. 1903 assert(!(verified_exc_handlers && this_uninit), 1904 "Exception handler targets got verified before this_uninit got set"); 1905 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1906 if (was_recursively_verified()) return; 1907 verify_exception_handler_targets( 1908 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1909 } 1910 } // end while 1911 1912 // Make sure that control flow does not fall through end of the method 1913 if (!no_control_flow) { 1914 verify_error(ErrorContext::bad_code(code_length), 1915 "Control flow falls through code end"); 1916 return; 1917 } 1918 } 1919 1920 #undef bad_type_message 1921 1922 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1923 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1924 memset(code_data, 0, sizeof(char) * code_length); 1925 RawBytecodeStream bcs(m); 1926 1927 while (!bcs.is_last_bytecode()) { 1928 if (bcs.raw_next() != Bytecodes::_illegal) { 1929 int bci = bcs.bci(); 1930 if (bcs.raw_code() == Bytecodes::_new) { 1931 code_data[bci] = NEW_OFFSET; 1932 } else { 1933 code_data[bci] = BYTECODE_OFFSET; 1934 } 1935 } else { 1936 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1937 return NULL; 1938 } 1939 } 1940 1941 return code_data; 1942 } 1943 1944 // Since this method references the constant pool, call was_recursively_verified() 1945 // before calling this method to make sure a prior class load did not cause the 1946 // current class to get verified. 1947 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1948 ExceptionTable exhandlers(_method()); 1949 int exlength = exhandlers.length(); 1950 constantPoolHandle cp (THREAD, _method->constants()); 1951 1952 for(int i = 0; i < exlength; i++) { 1953 u2 start_pc = exhandlers.start_pc(i); 1954 u2 end_pc = exhandlers.end_pc(i); 1955 u2 handler_pc = exhandlers.handler_pc(i); 1956 if (start_pc >= code_length || code_data[start_pc] == 0) { 1957 class_format_error("Illegal exception table start_pc %d", start_pc); 1958 return; 1959 } 1960 if (end_pc != code_length) { // special case: end_pc == code_length 1961 if (end_pc > code_length || code_data[end_pc] == 0) { 1962 class_format_error("Illegal exception table end_pc %d", end_pc); 1963 return; 1964 } 1965 } 1966 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1967 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1968 return; 1969 } 1970 int catch_type_index = exhandlers.catch_type_index(i); 1971 if (catch_type_index != 0) { 1972 VerificationType catch_type = cp_index_to_reference_type( 1973 catch_type_index, cp, CHECK_VERIFY(this)); 1974 VerificationType throwable = 1975 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1976 bool is_subclass = throwable.is_assignable_from( 1977 catch_type, this, false, CHECK_VERIFY(this)); 1978 if (!is_subclass) { 1979 // 4286534: should throw VerifyError according to recent spec change 1980 verify_error(ErrorContext::bad_type(handler_pc, 1981 TypeOrigin::cp(catch_type_index, catch_type), 1982 TypeOrigin::implicit(throwable)), 1983 "Catch type is not a subclass " 1984 "of Throwable in exception handler %d", handler_pc); 1985 return; 1986 } 1987 } 1988 if (start_pc < min) min = start_pc; 1989 if (end_pc > max) max = end_pc; 1990 } 1991 } 1992 1993 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1994 int localvariable_table_length = _method->localvariable_table_length(); 1995 if (localvariable_table_length > 0) { 1996 LocalVariableTableElement* table = _method->localvariable_table_start(); 1997 for (int i = 0; i < localvariable_table_length; i++) { 1998 u2 start_bci = table[i].start_bci; 1999 u2 length = table[i].length; 2000 2001 if (start_bci >= code_length || code_data[start_bci] == 0) { 2002 class_format_error( 2003 "Illegal local variable table start_pc %d", start_bci); 2004 return; 2005 } 2006 u4 end_bci = (u4)(start_bci + length); 2007 if (end_bci != code_length) { 2008 if (end_bci >= code_length || code_data[end_bci] == 0) { 2009 class_format_error( "Illegal local variable table length %d", length); 2010 return; 2011 } 2012 } 2013 } 2014 } 2015 } 2016 2017 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 2018 StackMapFrame* current_frame, 2019 StackMapTable* stackmap_table, 2020 bool no_control_flow, TRAPS) { 2021 if (stackmap_index < stackmap_table->get_frame_count()) { 2022 u2 this_offset = stackmap_table->get_offset(stackmap_index); 2023 if (no_control_flow && this_offset > bci) { 2024 verify_error(ErrorContext::missing_stackmap(bci), 2025 "Expecting a stack map frame"); 2026 return 0; 2027 } 2028 if (this_offset == bci) { 2029 ErrorContext ctx; 2030 // See if current stack map can be assigned to the frame in table. 2031 // current_frame is the stackmap frame got from the last instruction. 2032 // If matched, current_frame will be updated by this method. 2033 bool matches = stackmap_table->match_stackmap( 2034 current_frame, this_offset, stackmap_index, 2035 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 2036 if (!matches) { 2037 // report type error 2038 verify_error(ctx, "Instruction type does not match stack map"); 2039 return 0; 2040 } 2041 stackmap_index++; 2042 } else if (this_offset < bci) { 2043 // current_offset should have met this_offset. 2044 class_format_error("Bad stack map offset %d", this_offset); 2045 return 0; 2046 } 2047 } else if (no_control_flow) { 2048 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 2049 return 0; 2050 } 2051 return stackmap_index; 2052 } 2053 2054 // Since this method references the constant pool, call was_recursively_verified() 2055 // before calling this method to make sure a prior class load did not cause the 2056 // current class to get verified. 2057 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 2058 StackMapFrame* current_frame, 2059 StackMapTable* stackmap_table, TRAPS) { 2060 constantPoolHandle cp (THREAD, _method->constants()); 2061 ExceptionTable exhandlers(_method()); 2062 int exlength = exhandlers.length(); 2063 for(int i = 0; i < exlength; i++) { 2064 u2 start_pc = exhandlers.start_pc(i); 2065 u2 end_pc = exhandlers.end_pc(i); 2066 u2 handler_pc = exhandlers.handler_pc(i); 2067 int catch_type_index = exhandlers.catch_type_index(i); 2068 if(bci >= start_pc && bci < end_pc) { 2069 u1 flags = current_frame->flags(); 2070 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2071 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2072 if (catch_type_index != 0) { 2073 if (was_recursively_verified()) return; 2074 // We know that this index refers to a subclass of Throwable 2075 VerificationType catch_type = cp_index_to_reference_type( 2076 catch_type_index, cp, CHECK_VERIFY(this)); 2077 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2078 } else { 2079 VerificationType throwable = 2080 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2081 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2082 } 2083 ErrorContext ctx; 2084 bool matches = stackmap_table->match_stackmap( 2085 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2086 if (!matches) { 2087 verify_error(ctx, "Stack map does not match the one at " 2088 "exception handler %d", handler_pc); 2089 return; 2090 } 2091 } 2092 } 2093 } 2094 2095 void ClassVerifier::verify_cp_index( 2096 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2097 int nconstants = cp->length(); 2098 if ((index <= 0) || (index >= nconstants)) { 2099 verify_error(ErrorContext::bad_cp_index(bci, index), 2100 "Illegal constant pool index %d in class %s", 2101 index, cp->pool_holder()->external_name()); 2102 return; 2103 } 2104 } 2105 2106 void ClassVerifier::verify_cp_type( 2107 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2108 2109 // In some situations, bytecode rewriting may occur while we're verifying. 2110 // In this case, a constant pool cache exists and some indices refer to that 2111 // instead. Be sure we don't pick up such indices by accident. 2112 // We must check was_recursively_verified() before we get here. 2113 guarantee(cp->cache() == NULL, "not rewritten yet"); 2114 2115 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2116 unsigned int tag = cp->tag_at(index).value(); 2117 2118 if (tag == JVM_CONSTANT_Value) { 2119 tag = SAFE_JVM_CONSTANT_Value; //avoid overflow 2120 } 2121 2122 if ((types & (1 << tag)) == 0) { 2123 verify_error(ErrorContext::bad_cp_index(bci, index), 2124 "Illegal type at constant pool entry %d in class %s", 2125 index, cp->pool_holder()->external_name()); 2126 return; 2127 } 2128 } 2129 2130 void ClassVerifier::verify_cp_class_type( 2131 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2132 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2133 constantTag tag = cp->tag_at(index); 2134 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2135 verify_error(ErrorContext::bad_cp_index(bci, index), 2136 "Illegal type at constant pool entry %d in class %s", 2137 index, cp->pool_holder()->external_name()); 2138 return; 2139 } 2140 } 2141 2142 void ClassVerifier::verify_cp_value_type( 2143 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2144 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2145 constantTag tag = cp->tag_at(index); 2146 if (!tag.is_value_type() && !tag.is_unresolved_value_type()) { 2147 verify_error(ErrorContext::bad_cp_index(bci, index), 2148 "Illegal type at constant pool entry %d in class %s", 2149 index, cp->pool_holder()->external_name()); 2150 return; 2151 } 2152 } 2153 2154 // Used for MVT value type overloaded bytecodes (anewarray, getfield, multianewarray) 2155 void ClassVerifier::verify_cp_class_or_value_type( 2156 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2157 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2158 constantTag tag = cp->tag_at(index); 2159 if (!tag.is_klass() && !tag.is_unresolved_klass() && 2160 !tag.is_value_type() && !tag.is_unresolved_value_type()) { 2161 verify_error(ErrorContext::bad_cp_index(bci, index), 2162 "Illegal type at constant pool entry %d in class %s", 2163 index, cp->pool_holder()->external_name()); 2164 return; 2165 } 2166 } 2167 2168 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2169 stringStream ss; 2170 2171 ctx.reset_frames(); 2172 _exception_type = vmSymbols::java_lang_VerifyError(); 2173 _error_context = ctx; 2174 va_list va; 2175 va_start(va, msg); 2176 ss.vprint(msg, va); 2177 va_end(va); 2178 _message = ss.as_string(); 2179 #ifdef ASSERT 2180 ResourceMark rm; 2181 const char* exception_name = _exception_type->as_C_string(); 2182 Exceptions::debug_check_abort(exception_name, NULL); 2183 #endif // ndef ASSERT 2184 } 2185 2186 void ClassVerifier::class_format_error(const char* msg, ...) { 2187 stringStream ss; 2188 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2189 va_list va; 2190 va_start(va, msg); 2191 ss.vprint(msg, va); 2192 va_end(va); 2193 if (!_method.is_null()) { 2194 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2195 } 2196 _message = ss.as_string(); 2197 } 2198 2199 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2200 HandleMark hm(THREAD); 2201 // Get current loader and protection domain first. 2202 oop loader = current_class()->class_loader(); 2203 oop protection_domain = current_class()->protection_domain(); 2204 2205 Klass* kls = SystemDictionary::resolve_or_fail( 2206 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2207 true, THREAD); 2208 2209 if (log_is_enabled(Debug, class, resolve)) { 2210 InstanceKlass* cur_class = InstanceKlass::cast(current_class()); 2211 Verifier::trace_class_resolution(kls, cur_class); 2212 } 2213 return kls; 2214 } 2215 2216 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2217 Klass* target_class, 2218 Symbol* field_name, 2219 Symbol* field_sig, 2220 bool is_method) { 2221 NoSafepointVerifier nosafepoint; 2222 2223 // If target class isn't a super class of this class, we don't worry about this case 2224 if (!this_class->is_subclass_of(target_class)) { 2225 return false; 2226 } 2227 // Check if the specified method or field is protected 2228 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2229 fieldDescriptor fd; 2230 if (is_method) { 2231 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2232 if (m != NULL && m->is_protected()) { 2233 if (!this_class->is_same_class_package(m->method_holder())) { 2234 return true; 2235 } 2236 } 2237 } else { 2238 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2239 if (member_klass != NULL && fd.is_protected()) { 2240 if (!this_class->is_same_class_package(member_klass)) { 2241 return true; 2242 } 2243 } 2244 } 2245 return false; 2246 } 2247 2248 void ClassVerifier::verify_ldc( 2249 int opcode, u2 index, StackMapFrame* current_frame, 2250 const constantPoolHandle& cp, u2 bci, TRAPS) { 2251 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2252 constantTag tag = cp->tag_at(index); 2253 unsigned int types; 2254 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2255 if (!tag.is_unresolved_klass() && !tag.is_unresolved_value_type()) { 2256 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2257 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2258 | (1 << SAFE_JVM_CONSTANT_Value) 2259 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType); 2260 // Note: The class file parser already verified the legality of 2261 // MethodHandle and MethodType constants. 2262 // Note: SAFE_JVM_CONSTANT_Value is used instead of JVM_CONSTANT_Value 2263 // since JVM_CONSTANT_Value is an internally defined CP tag that is 2264 // defined with a large value. When shifting left JVM_CONSTANT_Value 2265 // would overrun the width of types. 2266 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2267 } 2268 } else { 2269 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2270 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 2271 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2272 } 2273 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2274 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2275 } else if (tag.is_string()) { 2276 current_frame->push_stack( 2277 VerificationType::reference_type( 2278 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2279 } else if (tag.is_klass() || tag.is_unresolved_klass() || 2280 tag.is_value_type() || tag.is_unresolved_value_type()) { 2281 current_frame->push_stack( 2282 VerificationType::reference_type( 2283 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2284 } else if (tag.is_int()) { 2285 current_frame->push_stack( 2286 VerificationType::integer_type(), CHECK_VERIFY(this)); 2287 } else if (tag.is_float()) { 2288 current_frame->push_stack( 2289 VerificationType::float_type(), CHECK_VERIFY(this)); 2290 } else if (tag.is_double()) { 2291 current_frame->push_stack_2( 2292 VerificationType::double_type(), 2293 VerificationType::double2_type(), CHECK_VERIFY(this)); 2294 } else if (tag.is_long()) { 2295 current_frame->push_stack_2( 2296 VerificationType::long_type(), 2297 VerificationType::long2_type(), CHECK_VERIFY(this)); 2298 } else if (tag.is_method_handle()) { 2299 current_frame->push_stack( 2300 VerificationType::reference_type( 2301 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2302 } else if (tag.is_method_type()) { 2303 current_frame->push_stack( 2304 VerificationType::reference_type( 2305 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2306 } else { 2307 /* Unreachable? verify_cp_type has already validated the cp type. */ 2308 verify_error( 2309 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2310 return; 2311 } 2312 } 2313 2314 void ClassVerifier::verify_switch( 2315 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2316 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2317 int bci = bcs->bci(); 2318 address bcp = bcs->bcp(); 2319 address aligned_bcp = align_up(bcp + 1, jintSize); 2320 2321 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2322 // 4639449 & 4647081: padding bytes must be 0 2323 u2 padding_offset = 1; 2324 while ((bcp + padding_offset) < aligned_bcp) { 2325 if(*(bcp + padding_offset) != 0) { 2326 verify_error(ErrorContext::bad_code(bci), 2327 "Nonzero padding byte in lookupswitch or tableswitch"); 2328 return; 2329 } 2330 padding_offset++; 2331 } 2332 } 2333 2334 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2335 int keys, delta; 2336 current_frame->pop_stack( 2337 VerificationType::integer_type(), CHECK_VERIFY(this)); 2338 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2339 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2340 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2341 if (low > high) { 2342 verify_error(ErrorContext::bad_code(bci), 2343 "low must be less than or equal to high in tableswitch"); 2344 return; 2345 } 2346 keys = high - low + 1; 2347 if (keys < 0) { 2348 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2349 return; 2350 } 2351 delta = 1; 2352 } else { 2353 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2354 if (keys < 0) { 2355 verify_error(ErrorContext::bad_code(bci), 2356 "number of keys in lookupswitch less than 0"); 2357 return; 2358 } 2359 delta = 2; 2360 // Make sure that the lookupswitch items are sorted 2361 for (int i = 0; i < (keys - 1); i++) { 2362 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2363 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2364 if (this_key >= next_key) { 2365 verify_error(ErrorContext::bad_code(bci), 2366 "Bad lookupswitch instruction"); 2367 return; 2368 } 2369 } 2370 } 2371 int target = bci + default_offset; 2372 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2373 for (int i = 0; i < keys; i++) { 2374 // Because check_jump_target() may safepoint, the bytecode could have 2375 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2376 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2377 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2378 stackmap_table->check_jump_target( 2379 current_frame, target, CHECK_VERIFY(this)); 2380 } 2381 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2382 } 2383 2384 bool ClassVerifier::name_in_supers( 2385 Symbol* ref_name, InstanceKlass* current) { 2386 Klass* super = current->super(); 2387 while (super != NULL) { 2388 if (super->name() == ref_name) { 2389 return true; 2390 } 2391 super = super->super(); 2392 } 2393 return false; 2394 } 2395 2396 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2397 StackMapFrame* current_frame, 2398 const constantPoolHandle& cp, 2399 bool allow_arrays, 2400 TRAPS) { 2401 u2 index = bcs->get_index_u2(); 2402 verify_cp_type(bcs->bci(), index, cp, 2403 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2404 2405 // Get field name and signature 2406 Symbol* field_name = cp->name_ref_at(index); 2407 Symbol* field_sig = cp->signature_ref_at(index); 2408 2409 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2410 class_format_error( 2411 "Invalid signature for field in class %s referenced " 2412 "from constant pool index %d", _klass->external_name(), index); 2413 return; 2414 } 2415 2416 // Get referenced class or value type 2417 constantTag field_class_tag = cp->tag_at(cp->klass_ref_index_at(index)); 2418 VerificationType ref_class_type; 2419 2420 // getfield is overloaded to allow for either a reference or value type 2421 if (bcs->raw_code() == Bytecodes::_getfield && 2422 (EnableMVT || EnableValhalla) && 2423 (field_class_tag.is_value_type() || field_class_tag.is_unresolved_value_type())) { 2424 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this)); 2425 if (!ref_class_type.is_valuetype()) { 2426 verify_error(ErrorContext::bad_type(bcs->bci(), 2427 TypeOrigin::cp(index, ref_class_type)), 2428 "Expecting reference to value type in class %s at constant pool index %d", 2429 _klass->external_name(), index); 2430 return; 2431 } 2432 } else { 2433 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2434 if (!ref_class_type.is_object() && 2435 (!allow_arrays || !ref_class_type.is_array())) { 2436 verify_error(ErrorContext::bad_type(bcs->bci(), 2437 TypeOrigin::cp(index, ref_class_type)), 2438 "Expecting reference to class in class %s at constant pool index %d", 2439 _klass->external_name(), index); 2440 return; 2441 } 2442 } 2443 2444 VerificationType target_class_type = ref_class_type; 2445 2446 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2447 "buffer type must match VerificationType size"); 2448 uintptr_t field_type_buffer[2]; 2449 VerificationType* field_type = (VerificationType*)field_type_buffer; 2450 // If we make a VerificationType[2] array directly, the compiler calls 2451 // to the c-runtime library to do the allocation instead of just 2452 // stack allocating it. Plus it would run constructors. This shows up 2453 // in performance profiles. 2454 2455 SignatureStream sig_stream(field_sig, false); 2456 VerificationType stack_object_type; 2457 int n = change_sig_to_verificationType( 2458 &sig_stream, field_type, CHECK_VERIFY(this)); 2459 u2 bci = bcs->bci(); 2460 bool is_assignable; 2461 switch (bcs->raw_code()) { 2462 case Bytecodes::_getstatic: { 2463 for (int i = 0; i < n; i++) { 2464 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2465 } 2466 break; 2467 } 2468 case Bytecodes::_putstatic: { 2469 for (int i = n - 1; i >= 0; i--) { 2470 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2471 } 2472 break; 2473 } 2474 case Bytecodes::_getfield: { 2475 stack_object_type = current_frame->pop_stack( 2476 target_class_type, CHECK_VERIFY(this)); 2477 for (int i = 0; i < n; i++) { 2478 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2479 } 2480 goto check_protected; 2481 } 2482 case Bytecodes::_putfield: { 2483 for (int i = n - 1; i >= 0; i--) { 2484 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2485 } 2486 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2487 2488 // The JVMS 2nd edition allows field initialization before the superclass 2489 // initializer, if the field is defined within the current class. 2490 fieldDescriptor fd; 2491 if (stack_object_type == VerificationType::uninitialized_this_type() && 2492 target_class_type.equals(current_type()) && 2493 _klass->find_local_field(field_name, field_sig, &fd)) { 2494 stack_object_type = current_type(); 2495 } 2496 is_assignable = target_class_type.is_assignable_from( 2497 stack_object_type, this, false, CHECK_VERIFY(this)); 2498 if (!is_assignable) { 2499 verify_error(ErrorContext::bad_type(bci, 2500 current_frame->stack_top_ctx(), 2501 TypeOrigin::cp(index, target_class_type)), 2502 "Bad type on operand stack in putfield"); 2503 return; 2504 } 2505 } 2506 check_protected: { 2507 if (_this_type == stack_object_type) 2508 break; // stack_object_type must be assignable to _current_class_type 2509 if (was_recursively_verified()) return; 2510 Symbol* ref_class_name = 2511 cp->klass_name_at(cp->klass_ref_index_at(index)); 2512 if (!name_in_supers(ref_class_name, current_class())) 2513 // stack_object_type must be assignable to _current_class_type since: 2514 // 1. stack_object_type must be assignable to ref_class. 2515 // 2. ref_class must be _current_class or a subclass of it. It can't 2516 // be a superclass of it. See revised JVMS 5.4.4. 2517 break; 2518 2519 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2520 if (is_protected_access(current_class(), ref_class_oop, field_name, 2521 field_sig, false)) { 2522 // It's protected access, check if stack object is assignable to 2523 // current class. 2524 is_assignable = current_type().is_assignable_from( 2525 stack_object_type, this, true, CHECK_VERIFY(this)); 2526 if (!is_assignable) { 2527 verify_error(ErrorContext::bad_type(bci, 2528 current_frame->stack_top_ctx(), 2529 TypeOrigin::implicit(current_type())), 2530 "Bad access to protected data in getfield"); 2531 return; 2532 } 2533 } 2534 break; 2535 } 2536 default: ShouldNotReachHere(); 2537 } 2538 } 2539 2540 void ClassVerifier::verify_vwithfield(RawBytecodeStream* bcs, 2541 StackMapFrame* current_frame, 2542 const constantPoolHandle& cp, 2543 TRAPS) { 2544 u2 index = bcs->get_index_u2(); 2545 verify_cp_type(bcs->bci(), index, cp, 2546 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2547 2548 // Get field name and signature 2549 Symbol* field_name = cp->name_ref_at(index); 2550 Symbol* field_sig = cp->signature_ref_at(index); 2551 2552 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2553 class_format_error( 2554 "Invalid signature for field in value type %s referenced " 2555 "from constant pool index %d", _klass->external_name(), index); 2556 return; 2557 } 2558 2559 // Check referenced value type 2560 VerificationType ref_value_type = cp_value_index_to_type( 2561 index, cp, CHECK_VERIFY(this)); 2562 if (!ref_value_type.is_valuetype()) { 2563 verify_error(ErrorContext::bad_type(bcs->bci(), 2564 TypeOrigin::cp(index, ref_value_type)), 2565 "Expecting reference to value type in class %s at constant pool index %d", 2566 _klass->external_name(), index); 2567 return; 2568 } 2569 VerificationType target_value_type = ref_value_type; 2570 2571 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2572 "buffer type must match VerificationType size"); 2573 uintptr_t field_type_buffer[2]; 2574 VerificationType* field_type = (VerificationType*)field_type_buffer; 2575 // If we make a VerificationType[2] array directly, the compiler calls 2576 // to the c-runtime library to do the allocation instead of just 2577 // stack allocating it. Plus it would run constructors. This shows up 2578 // in performance profiles. 2579 2580 SignatureStream sig_stream(field_sig, false); 2581 int n = change_sig_to_verificationType( 2582 &sig_stream, field_type, CHECK_VERIFY(this)); 2583 u2 bci = bcs->bci(); 2584 2585 // The type of value2 must be compatible with the descriptor of the referenced field. 2586 // n could be 2 if it is a double or long. 2587 for (int i = n - 1; i >= 0; i--) { 2588 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2589 } 2590 2591 // The type of value1 must be the direct value class type appearing in the field reference. 2592 VerificationType stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2593 2594 bool is_assignable = target_value_type.is_assignable_from( 2595 stack_object_type, this, false, CHECK_VERIFY(this)); 2596 if (!is_assignable) { 2597 verify_error(ErrorContext::bad_type(bci, 2598 current_frame->stack_top_ctx(), 2599 TypeOrigin::cp(index, target_value_type)), 2600 "Bad type on operand stack in vwithfield"); 2601 return; 2602 } 2603 2604 // The derived value class instance from another, modifying a field 2605 current_frame->push_stack(stack_object_type, CHECK_VERIFY(this)); 2606 } 2607 2608 // Look at the method's handlers. If the bci is in the handler's try block 2609 // then check if the handler_pc is already on the stack. If not, push it 2610 // unless the handler has already been scanned. 2611 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2612 GrowableArray<u4>* handler_list, 2613 GrowableArray<u4>* handler_stack, 2614 u4 bci) { 2615 int exlength = exhandlers->length(); 2616 for(int x = 0; x < exlength; x++) { 2617 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2618 u4 exhandler_pc = exhandlers->handler_pc(x); 2619 if (!handler_list->contains(exhandler_pc)) { 2620 handler_stack->append_if_missing(exhandler_pc); 2621 handler_list->append(exhandler_pc); 2622 } 2623 } 2624 } 2625 } 2626 2627 // Return TRUE if all code paths starting with start_bc_offset end in 2628 // bytecode athrow or loop. 2629 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2630 ResourceMark rm; 2631 // Create bytecode stream. 2632 RawBytecodeStream bcs(method()); 2633 u4 code_length = method()->code_size(); 2634 bcs.set_start(start_bc_offset); 2635 u4 target; 2636 // Create stack for storing bytecode start offsets for if* and *switch. 2637 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2638 // Create stack for handlers for try blocks containing this handler. 2639 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2640 // Create list of handlers that have been pushed onto the handler_stack 2641 // so that handlers embedded inside of their own TRY blocks only get 2642 // scanned once. 2643 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2644 // Create list of visited branch opcodes (goto* and if*). 2645 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2646 ExceptionTable exhandlers(_method()); 2647 2648 while (true) { 2649 if (bcs.is_last_bytecode()) { 2650 // if no more starting offsets to parse or if at the end of the 2651 // method then return false. 2652 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2653 return false; 2654 // Pop a bytecode starting offset and scan from there. 2655 bcs.set_start(bci_stack->pop()); 2656 } 2657 Bytecodes::Code opcode = bcs.raw_next(); 2658 u4 bci = bcs.bci(); 2659 2660 // If the bytecode is in a TRY block, push its handlers so they 2661 // will get parsed. 2662 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2663 2664 switch (opcode) { 2665 case Bytecodes::_if_icmpeq: 2666 case Bytecodes::_if_icmpne: 2667 case Bytecodes::_if_icmplt: 2668 case Bytecodes::_if_icmpge: 2669 case Bytecodes::_if_icmpgt: 2670 case Bytecodes::_if_icmple: 2671 case Bytecodes::_ifeq: 2672 case Bytecodes::_ifne: 2673 case Bytecodes::_iflt: 2674 case Bytecodes::_ifge: 2675 case Bytecodes::_ifgt: 2676 case Bytecodes::_ifle: 2677 case Bytecodes::_if_acmpeq: 2678 case Bytecodes::_if_acmpne: 2679 case Bytecodes::_ifnull: 2680 case Bytecodes::_ifnonnull: 2681 target = bcs.dest(); 2682 if (visited_branches->contains(bci)) { 2683 if (bci_stack->is_empty()) { 2684 if (handler_stack->is_empty()) { 2685 return true; 2686 } else { 2687 // Parse the catch handlers for try blocks containing athrow. 2688 bcs.set_start(handler_stack->pop()); 2689 } 2690 } else { 2691 // Pop a bytecode starting offset and scan from there. 2692 bcs.set_start(bci_stack->pop()); 2693 } 2694 } else { 2695 if (target > bci) { // forward branch 2696 if (target >= code_length) return false; 2697 // Push the branch target onto the stack. 2698 bci_stack->push(target); 2699 // then, scan bytecodes starting with next. 2700 bcs.set_start(bcs.next_bci()); 2701 } else { // backward branch 2702 // Push bytecode offset following backward branch onto the stack. 2703 bci_stack->push(bcs.next_bci()); 2704 // Check bytecodes starting with branch target. 2705 bcs.set_start(target); 2706 } 2707 // Record target so we don't branch here again. 2708 visited_branches->append(bci); 2709 } 2710 break; 2711 2712 case Bytecodes::_goto: 2713 case Bytecodes::_goto_w: 2714 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2715 if (visited_branches->contains(bci)) { 2716 if (bci_stack->is_empty()) { 2717 if (handler_stack->is_empty()) { 2718 return true; 2719 } else { 2720 // Parse the catch handlers for try blocks containing athrow. 2721 bcs.set_start(handler_stack->pop()); 2722 } 2723 } else { 2724 // Been here before, pop new starting offset from stack. 2725 bcs.set_start(bci_stack->pop()); 2726 } 2727 } else { 2728 if (target >= code_length) return false; 2729 // Continue scanning from the target onward. 2730 bcs.set_start(target); 2731 // Record target so we don't branch here again. 2732 visited_branches->append(bci); 2733 } 2734 break; 2735 2736 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2737 // is difficult to determine where each switch alternative ends, parse 2738 // each switch alternative until either hit a 'return', 'athrow', or reach 2739 // the end of the method's bytecodes. This is gross but should be okay 2740 // because: 2741 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2742 // constructor invocations should be rare. 2743 // 2. if each switch alternative ends in an athrow then the parsing should be 2744 // short. If there is no athrow then it is bogus code, anyway. 2745 case Bytecodes::_lookupswitch: 2746 case Bytecodes::_tableswitch: 2747 { 2748 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2749 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2750 int keys, delta; 2751 if (opcode == Bytecodes::_tableswitch) { 2752 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2753 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2754 // This is invalid, but let the regular bytecode verifier 2755 // report this because the user will get a better error message. 2756 if (low > high) return true; 2757 keys = high - low + 1; 2758 delta = 1; 2759 } else { 2760 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2761 delta = 2; 2762 } 2763 // Invalid, let the regular bytecode verifier deal with it. 2764 if (keys < 0) return true; 2765 2766 // Push the offset of the next bytecode onto the stack. 2767 bci_stack->push(bcs.next_bci()); 2768 2769 // Push the switch alternatives onto the stack. 2770 for (int i = 0; i < keys; i++) { 2771 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2772 if (target > code_length) return false; 2773 bci_stack->push(target); 2774 } 2775 2776 // Start bytecode parsing for the switch at the default alternative. 2777 if (default_offset > code_length) return false; 2778 bcs.set_start(default_offset); 2779 break; 2780 } 2781 2782 case Bytecodes::_return: 2783 return false; 2784 2785 case Bytecodes::_athrow: 2786 { 2787 if (bci_stack->is_empty()) { 2788 if (handler_stack->is_empty()) { 2789 return true; 2790 } else { 2791 // Parse the catch handlers for try blocks containing athrow. 2792 bcs.set_start(handler_stack->pop()); 2793 } 2794 } else { 2795 // Pop a bytecode offset and starting scanning from there. 2796 bcs.set_start(bci_stack->pop()); 2797 } 2798 } 2799 break; 2800 2801 default: 2802 ; 2803 } // end switch 2804 } // end while loop 2805 2806 return false; 2807 } 2808 2809 void ClassVerifier::verify_invoke_init( 2810 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2811 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2812 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2813 TRAPS) { 2814 u2 bci = bcs->bci(); 2815 VerificationType type = current_frame->pop_stack( 2816 VerificationType::reference_check(), CHECK_VERIFY(this)); 2817 if (type == VerificationType::uninitialized_this_type()) { 2818 // The method must be an <init> method of this class or its superclass 2819 Klass* superk = current_class()->super(); 2820 if (ref_class_type.name() != current_class()->name() && 2821 ref_class_type.name() != superk->name()) { 2822 verify_error(ErrorContext::bad_type(bci, 2823 TypeOrigin::implicit(ref_class_type), 2824 TypeOrigin::implicit(current_type())), 2825 "Bad <init> method call"); 2826 return; 2827 } 2828 2829 // If this invokespecial call is done from inside of a TRY block then make 2830 // sure that all catch clause paths end in a throw. Otherwise, this can 2831 // result in returning an incomplete object. 2832 if (in_try_block) { 2833 ExceptionTable exhandlers(_method()); 2834 int exlength = exhandlers.length(); 2835 for(int i = 0; i < exlength; i++) { 2836 u2 start_pc = exhandlers.start_pc(i); 2837 u2 end_pc = exhandlers.end_pc(i); 2838 2839 if (bci >= start_pc && bci < end_pc) { 2840 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2841 verify_error(ErrorContext::bad_code(bci), 2842 "Bad <init> method call from after the start of a try block"); 2843 return; 2844 } else if (log_is_enabled(Info, verification)) { 2845 ResourceMark rm(THREAD); 2846 log_info(verification)("Survived call to ends_in_athrow(): %s", 2847 current_class()->name()->as_C_string()); 2848 } 2849 } 2850 } 2851 2852 // Check the exception handler target stackmaps with the locals from the 2853 // incoming stackmap (before initialize_object() changes them to outgoing 2854 // state). 2855 if (was_recursively_verified()) return; 2856 verify_exception_handler_targets(bci, true, current_frame, 2857 stackmap_table, CHECK_VERIFY(this)); 2858 } // in_try_block 2859 2860 current_frame->initialize_object(type, current_type()); 2861 *this_uninit = true; 2862 } else if (type.is_uninitialized()) { 2863 u2 new_offset = type.bci(); 2864 address new_bcp = bcs->bcp() - bci + new_offset; 2865 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2866 /* Unreachable? Stack map parsing ensures valid type and new 2867 * instructions have a valid BCI. */ 2868 verify_error(ErrorContext::bad_code(new_offset), 2869 "Expecting new instruction"); 2870 return; 2871 } 2872 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2873 if (was_recursively_verified()) return; 2874 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2875 2876 // The method must be an <init> method of the indicated class 2877 VerificationType new_class_type = cp_index_to_reference_type( 2878 new_class_index, cp, CHECK_VERIFY(this)); 2879 if (!new_class_type.equals(ref_class_type)) { 2880 verify_error(ErrorContext::bad_type(bci, 2881 TypeOrigin::cp(new_class_index, new_class_type), 2882 TypeOrigin::cp(ref_class_index, ref_class_type)), 2883 "Call to wrong <init> method"); 2884 return; 2885 } 2886 // According to the VM spec, if the referent class is a superclass of the 2887 // current class, and is in a different runtime package, and the method is 2888 // protected, then the objectref must be the current class or a subclass 2889 // of the current class. 2890 VerificationType objectref_type = new_class_type; 2891 if (name_in_supers(ref_class_type.name(), current_class())) { 2892 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2893 if (was_recursively_verified()) return; 2894 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2895 vmSymbols::object_initializer_name(), 2896 cp->signature_ref_at(bcs->get_index_u2()), 2897 Klass::find_overpass); 2898 // Do nothing if method is not found. Let resolution detect the error. 2899 if (m != NULL) { 2900 InstanceKlass* mh = m->method_holder(); 2901 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2902 bool assignable = current_type().is_assignable_from( 2903 objectref_type, this, true, CHECK_VERIFY(this)); 2904 if (!assignable) { 2905 verify_error(ErrorContext::bad_type(bci, 2906 TypeOrigin::cp(new_class_index, objectref_type), 2907 TypeOrigin::implicit(current_type())), 2908 "Bad access to protected <init> method"); 2909 return; 2910 } 2911 } 2912 } 2913 } 2914 // Check the exception handler target stackmaps with the locals from the 2915 // incoming stackmap (before initialize_object() changes them to outgoing 2916 // state). 2917 if (in_try_block) { 2918 if (was_recursively_verified()) return; 2919 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2920 stackmap_table, CHECK_VERIFY(this)); 2921 } 2922 current_frame->initialize_object(type, new_class_type); 2923 } else { 2924 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2925 "Bad operand type when invoking <init>"); 2926 return; 2927 } 2928 } 2929 2930 bool ClassVerifier::is_same_or_direct_interface( 2931 InstanceKlass* klass, 2932 VerificationType klass_type, 2933 VerificationType ref_class_type) { 2934 if (ref_class_type.equals(klass_type)) return true; 2935 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2936 if (local_interfaces != NULL) { 2937 for (int x = 0; x < local_interfaces->length(); x++) { 2938 Klass* k = local_interfaces->at(x); 2939 assert (k != NULL && k->is_interface(), "invalid interface"); 2940 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2941 return true; 2942 } 2943 } 2944 } 2945 return false; 2946 } 2947 2948 void ClassVerifier::verify_invoke_instructions( 2949 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2950 bool in_try_block, bool *this_uninit, VerificationType return_type, 2951 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2952 // Make sure the constant pool item is the right type 2953 u2 index = bcs->get_index_u2(); 2954 Bytecodes::Code opcode = bcs->raw_code(); 2955 unsigned int types; 2956 switch (opcode) { 2957 case Bytecodes::_invokeinterface: 2958 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2959 break; 2960 case Bytecodes::_invokedynamic: 2961 types = 1 << JVM_CONSTANT_InvokeDynamic; 2962 break; 2963 case Bytecodes::_invokespecial: 2964 case Bytecodes::_invokestatic: 2965 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2966 (1 << JVM_CONSTANT_Methodref) : 2967 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2968 break; 2969 default: 2970 types = 1 << JVM_CONSTANT_Methodref; 2971 } 2972 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2973 2974 // Get method name and signature 2975 Symbol* method_name = cp->name_ref_at(index); 2976 Symbol* method_sig = cp->signature_ref_at(index); 2977 2978 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2979 class_format_error( 2980 "Invalid method signature in class %s referenced " 2981 "from constant pool index %d", _klass->external_name(), index); 2982 return; 2983 } 2984 2985 // Get referenced class or value type 2986 VerificationType ref_class_type; 2987 if (opcode == Bytecodes::_invokedynamic) { 2988 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2989 class_format_error( 2990 "invokedynamic instructions not supported by this class file version (%d), class %s", 2991 _klass->major_version(), _klass->external_name()); 2992 return; 2993 } 2994 } else { 2995 constantTag method_class_tag = cp->tag_at(cp->klass_ref_index_at(index)); 2996 if (EnableValhalla && 2997 opcode == Bytecodes::_invokevirtual && 2998 (method_class_tag.is_value_type() || method_class_tag.is_unresolved_value_type())) { 2999 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this)); 3000 } else { 3001 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 3002 } 3003 } 3004 3005 // For a small signature length, we just allocate 128 bytes instead 3006 // of parsing the signature once to find its size. 3007 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 3008 // longs/doubles to be consertive. 3009 assert(sizeof(VerificationType) == sizeof(uintptr_t), 3010 "buffer type must match VerificationType size"); 3011 uintptr_t on_stack_sig_types_buffer[128]; 3012 // If we make a VerificationType[128] array directly, the compiler calls 3013 // to the c-runtime library to do the allocation instead of just 3014 // stack allocating it. Plus it would run constructors. This shows up 3015 // in performance profiles. 3016 3017 VerificationType* sig_types; 3018 int size = (method_sig->utf8_length() - 3) * 2; 3019 if (size > 128) { 3020 // Long and double occupies two slots here. 3021 ArgumentSizeComputer size_it(method_sig); 3022 size = size_it.size(); 3023 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 3024 } else{ 3025 sig_types = (VerificationType*)on_stack_sig_types_buffer; 3026 } 3027 SignatureStream sig_stream(method_sig); 3028 int sig_i = 0; 3029 while (!sig_stream.at_return_type()) { 3030 sig_i += change_sig_to_verificationType( 3031 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 3032 sig_stream.next(); 3033 } 3034 int nargs = sig_i; 3035 3036 #ifdef ASSERT 3037 { 3038 ArgumentSizeComputer size_it(method_sig); 3039 assert(nargs == size_it.size(), "Argument sizes do not match"); 3040 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 3041 } 3042 #endif 3043 3044 // Check instruction operands 3045 u2 bci = bcs->bci(); 3046 if (opcode == Bytecodes::_invokeinterface) { 3047 address bcp = bcs->bcp(); 3048 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 3049 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 3050 // the difference between the size of the operand stack before and after the instruction 3051 // executes. 3052 if (*(bcp+3) != (nargs+1)) { 3053 verify_error(ErrorContext::bad_code(bci), 3054 "Inconsistent args count operand in invokeinterface"); 3055 return; 3056 } 3057 if (*(bcp+4) != 0) { 3058 verify_error(ErrorContext::bad_code(bci), 3059 "Fourth operand byte of invokeinterface must be zero"); 3060 return; 3061 } 3062 } 3063 3064 if (opcode == Bytecodes::_invokedynamic) { 3065 address bcp = bcs->bcp(); 3066 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 3067 verify_error(ErrorContext::bad_code(bci), 3068 "Third and fourth operand bytes of invokedynamic must be zero"); 3069 return; 3070 } 3071 } 3072 3073 if (method_name->byte_at(0) == '<') { 3074 // Make sure <init> can only be invoked by invokespecial 3075 if (opcode != Bytecodes::_invokespecial || 3076 method_name != vmSymbols::object_initializer_name()) { 3077 verify_error(ErrorContext::bad_code(bci), 3078 "Illegal call to internal method"); 3079 return; 3080 } 3081 } else if (opcode == Bytecodes::_invokespecial 3082 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 3083 && !ref_class_type.equals(VerificationType::reference_type( 3084 current_class()->super()->name()))) { 3085 bool subtype = false; 3086 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 3087 if (!current_class()->is_anonymous()) { 3088 subtype = ref_class_type.is_assignable_from( 3089 current_type(), this, false, CHECK_VERIFY(this)); 3090 } else { 3091 VerificationType host_klass_type = 3092 VerificationType::reference_type(current_class()->host_klass()->name()); 3093 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 3094 3095 // If invokespecial of IMR, need to recheck for same or 3096 // direct interface relative to the host class 3097 have_imr_indirect = (have_imr_indirect && 3098 !is_same_or_direct_interface( 3099 current_class()->host_klass(), 3100 host_klass_type, ref_class_type)); 3101 } 3102 if (!subtype) { 3103 verify_error(ErrorContext::bad_code(bci), 3104 "Bad invokespecial instruction: " 3105 "current class isn't assignable to reference class."); 3106 return; 3107 } else if (have_imr_indirect) { 3108 verify_error(ErrorContext::bad_code(bci), 3109 "Bad invokespecial instruction: " 3110 "interface method reference is in an indirect superinterface."); 3111 return; 3112 } 3113 3114 } 3115 // Match method descriptor with operand stack 3116 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 3117 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 3118 } 3119 // Check objectref on operand stack 3120 if (opcode != Bytecodes::_invokestatic && 3121 opcode != Bytecodes::_invokedynamic) { 3122 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 3123 verify_invoke_init(bcs, index, ref_class_type, current_frame, 3124 code_length, in_try_block, this_uninit, cp, stackmap_table, 3125 CHECK_VERIFY(this)); 3126 if (was_recursively_verified()) return; 3127 } else { // other methods 3128 // Ensures that target class is assignable to method class. 3129 if (opcode == Bytecodes::_invokespecial) { 3130 if (!current_class()->is_anonymous()) { 3131 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 3132 } else { 3133 // anonymous class invokespecial calls: check if the 3134 // objectref is a subtype of the host_klass of the current class 3135 // to allow an anonymous class to reference methods in the host_klass 3136 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 3137 VerificationType hosttype = 3138 VerificationType::reference_type(current_class()->host_klass()->name()); 3139 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 3140 if (!subtype) { 3141 verify_error( ErrorContext::bad_type(current_frame->offset(), 3142 current_frame->stack_top_ctx(), 3143 TypeOrigin::implicit(top)), 3144 "Bad type on operand stack"); 3145 return; 3146 } 3147 } 3148 } else if (opcode == Bytecodes::_invokevirtual) { 3149 VerificationType stack_object_type = 3150 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3151 if (current_type() != stack_object_type) { 3152 if (was_recursively_verified()) return; 3153 assert(cp->cache() == NULL, "not rewritten yet"); 3154 Symbol* ref_class_name = 3155 cp->klass_name_at(cp->klass_ref_index_at(index)); 3156 // See the comments in verify_field_instructions() for 3157 // the rationale behind this. 3158 if (name_in_supers(ref_class_name, current_class())) { 3159 Klass* ref_class = load_class(ref_class_name, CHECK); 3160 if (is_protected_access( 3161 _klass, ref_class, method_name, method_sig, true)) { 3162 // It's protected access, check if stack object is 3163 // assignable to current class. 3164 bool is_assignable = current_type().is_assignable_from( 3165 stack_object_type, this, true, CHECK_VERIFY(this)); 3166 if (!is_assignable) { 3167 if (ref_class_type.name() == vmSymbols::java_lang_Object() 3168 && stack_object_type.is_array() 3169 && method_name == vmSymbols::clone_name()) { 3170 // Special case: arrays pretend to implement public Object 3171 // clone(). 3172 } else { 3173 verify_error(ErrorContext::bad_type(bci, 3174 current_frame->stack_top_ctx(), 3175 TypeOrigin::implicit(current_type())), 3176 "Bad access to protected data in invokevirtual"); 3177 return; 3178 } 3179 } 3180 } 3181 } 3182 } 3183 } else { 3184 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3185 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3186 } 3187 } 3188 } 3189 // Push the result type. 3190 if (sig_stream.type() != T_VOID) { 3191 if (method_name == vmSymbols::object_initializer_name()) { 3192 // <init> method must have a void return type 3193 /* Unreachable? Class file parser verifies that methods with '<' have 3194 * void return */ 3195 verify_error(ErrorContext::bad_code(bci), 3196 "Return type must be void in <init> method"); 3197 return; 3198 } 3199 VerificationType return_type[2]; 3200 int n = change_sig_to_verificationType( 3201 &sig_stream, return_type, CHECK_VERIFY(this)); 3202 for (int i = 0; i < n; i++) { 3203 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 3204 } 3205 } 3206 } 3207 3208 VerificationType ClassVerifier::get_newarray_type( 3209 u2 index, u2 bci, TRAPS) { 3210 const char* from_bt[] = { 3211 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3212 }; 3213 if (index < T_BOOLEAN || index > T_LONG) { 3214 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3215 return VerificationType::bogus_type(); 3216 } 3217 3218 // from_bt[index] contains the array signature which has a length of 2 3219 Symbol* sig = create_temporary_symbol( 3220 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 3221 return VerificationType::reference_type(sig); 3222 } 3223 3224 void ClassVerifier::verify_anewarray( 3225 u2 bci, u2 index, const constantPoolHandle& cp, 3226 StackMapFrame* current_frame, TRAPS) { 3227 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this)); 3228 current_frame->pop_stack( 3229 VerificationType::integer_type(), CHECK_VERIFY(this)); 3230 3231 if (was_recursively_verified()) return; 3232 constantTag class_tag = cp->tag_at(index); 3233 VerificationType component_type; 3234 if (class_tag.is_value_type() || class_tag.is_unresolved_value_type()) { 3235 component_type = cp_index_to_valuetype(index, cp, CHECK_VERIFY(this)); 3236 } else { 3237 component_type = cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 3238 } 3239 int length; 3240 char* arr_sig_str; 3241 if (component_type.is_array()) { // it's an array 3242 const char* component_name = component_type.name()->as_utf8(); 3243 // Check for more than MAX_ARRAY_DIMENSIONS 3244 length = (int)strlen(component_name); 3245 if (length > MAX_ARRAY_DIMENSIONS && 3246 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 3247 verify_error(ErrorContext::bad_code(bci), 3248 "Illegal anewarray instruction, array has more than 255 dimensions"); 3249 } 3250 // add one dimension to component 3251 length++; 3252 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 3253 arr_sig_str[0] = '['; 3254 strncpy(&arr_sig_str[1], component_name, length - 1); 3255 } else { // it's an object or interface 3256 const char* component_name = component_type.name()->as_utf8(); 3257 // add one dimension to component with 'L' or 'Q' (value type) prepended and ';' appended. 3258 length = (int)strlen(component_name) + 3; 3259 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 3260 arr_sig_str[0] = '['; 3261 arr_sig_str[1] = component_type.is_reference() ? 'L' : 'Q'; 3262 strncpy(&arr_sig_str[2], component_name, length - 2); 3263 arr_sig_str[length - 1] = ';'; 3264 } 3265 Symbol* arr_sig = create_temporary_symbol( 3266 arr_sig_str, length, CHECK_VERIFY(this)); 3267 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3268 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3269 } 3270 3271 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3272 current_frame->get_local( 3273 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3274 current_frame->push_stack( 3275 VerificationType::integer_type(), CHECK_VERIFY(this)); 3276 } 3277 3278 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3279 current_frame->get_local_2( 3280 index, VerificationType::long_type(), 3281 VerificationType::long2_type(), CHECK_VERIFY(this)); 3282 current_frame->push_stack_2( 3283 VerificationType::long_type(), 3284 VerificationType::long2_type(), CHECK_VERIFY(this)); 3285 } 3286 3287 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3288 current_frame->get_local( 3289 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3290 current_frame->push_stack( 3291 VerificationType::float_type(), CHECK_VERIFY(this)); 3292 } 3293 3294 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3295 current_frame->get_local_2( 3296 index, VerificationType::double_type(), 3297 VerificationType::double2_type(), CHECK_VERIFY(this)); 3298 current_frame->push_stack_2( 3299 VerificationType::double_type(), 3300 VerificationType::double2_type(), CHECK_VERIFY(this)); 3301 } 3302 3303 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3304 VerificationType type = current_frame->get_local( 3305 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3306 current_frame->push_stack(type, CHECK_VERIFY(this)); 3307 } 3308 3309 void ClassVerifier::verify_vload(u2 index, StackMapFrame* current_frame, TRAPS) { 3310 VerificationType type = current_frame->get_local( 3311 index, VerificationType::valuetype_check(), CHECK_VERIFY(this)); 3312 current_frame->push_stack(type, CHECK_VERIFY(this)); 3313 } 3314 3315 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3316 current_frame->pop_stack( 3317 VerificationType::integer_type(), CHECK_VERIFY(this)); 3318 current_frame->set_local( 3319 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3320 } 3321 3322 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3323 current_frame->pop_stack_2( 3324 VerificationType::long2_type(), 3325 VerificationType::long_type(), CHECK_VERIFY(this)); 3326 current_frame->set_local_2( 3327 index, VerificationType::long_type(), 3328 VerificationType::long2_type(), CHECK_VERIFY(this)); 3329 } 3330 3331 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3332 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3333 current_frame->set_local( 3334 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3335 } 3336 3337 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3338 current_frame->pop_stack_2( 3339 VerificationType::double2_type(), 3340 VerificationType::double_type(), CHECK_VERIFY(this)); 3341 current_frame->set_local_2( 3342 index, VerificationType::double_type(), 3343 VerificationType::double2_type(), CHECK_VERIFY(this)); 3344 } 3345 3346 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3347 VerificationType type = current_frame->pop_stack( 3348 VerificationType::reference_check(), CHECK_VERIFY(this)); 3349 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3350 } 3351 3352 void ClassVerifier::verify_vstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3353 VerificationType type = current_frame->pop_stack( 3354 VerificationType::valuetype_check(), CHECK_VERIFY(this)); 3355 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3356 } 3357 3358 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3359 VerificationType type = current_frame->get_local( 3360 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3361 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3362 } 3363 3364 void ClassVerifier::verify_return_value( 3365 VerificationType return_type, VerificationType type, u2 bci, 3366 StackMapFrame* current_frame, TRAPS) { 3367 if (return_type == VerificationType::bogus_type()) { 3368 verify_error(ErrorContext::bad_type(bci, 3369 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3370 "Method expects a return value"); 3371 return; 3372 } 3373 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3374 if (!match) { 3375 verify_error(ErrorContext::bad_type(bci, 3376 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3377 "Bad return type"); 3378 return; 3379 } 3380 } 3381 3382 // The verifier creates symbols which are substrings of Symbols. 3383 // These are stored in the verifier until the end of verification so that 3384 // they can be reference counted. 3385 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3386 int end, TRAPS) { 3387 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3388 _symbols->push(sym); 3389 return sym; 3390 } 3391 3392 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3393 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3394 _symbols->push(sym); 3395 return sym; 3396 }