1 /*
2 * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTableFormat.hpp"
31 #include "classfile/systemDictionary.hpp"
32 #include "classfile/verifier.hpp"
33 #include "classfile/vmSymbols.hpp"
34 #include "interpreter/bytecodes.hpp"
35 #include "interpreter/bytecodeStream.hpp"
36 #include "logging/log.hpp"
37 #include "logging/logStream.hpp"
38 #include "memory/oopFactory.hpp"
39 #include "memory/resourceArea.hpp"
40 #include "oops/instanceKlass.hpp"
41 #include "oops/oop.inline.hpp"
42 #include "oops/typeArrayOop.hpp"
43 #include "prims/jvm.h"
44 #include "runtime/fieldDescriptor.hpp"
45 #include "runtime/handles.inline.hpp"
46 #include "runtime/interfaceSupport.hpp"
47 #include "runtime/javaCalls.hpp"
48 #include "runtime/orderAccess.inline.hpp"
49 #include "runtime/os.hpp"
50 #include "runtime/thread.hpp"
51 #include "services/threadService.hpp"
52 #include "utilities/align.hpp"
53 #include "utilities/bytes.hpp"
54
55 #define NOFAILOVER_MAJOR_VERSION 51
56 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
57 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
58 #define MAX_ARRAY_DIMENSIONS 255
59
60 // Access to external entry for VerifyClassCodes - old byte code verifier
61
62 extern "C" {
63 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
64 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
65 }
66
67 static void* volatile _verify_byte_codes_fn = NULL;
68
69 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
70
71 static void* verify_byte_codes_fn() {
72 if (OrderAccess::load_ptr_acquire(&_verify_byte_codes_fn) == NULL) {
73 void *lib_handle = os::native_java_library();
74 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
75 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
76 if (func == NULL) {
77 _is_new_verify_byte_codes_fn = false;
78 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
79 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
80 }
81 }
82 return (void*)_verify_byte_codes_fn;
83 }
84
85
86 // Methods in Verifier
87
88 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
89 return (class_loader == NULL || !should_verify_class) ?
90 BytecodeVerificationLocal : BytecodeVerificationRemote;
91 }
92
93 bool Verifier::relax_access_for(oop loader) {
94 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
95 bool need_verify =
96 // verifyAll
97 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
98 // verifyRemote
99 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
100 return !need_verify;
101 }
102
103 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
104 assert(verify_class != NULL, "Unexpected null verify_class");
105 ResourceMark rm;
106 Symbol* s = verify_class->source_file_name();
107 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
108 const char* verify = verify_class->external_name();
109 const char* resolve = resolve_class->external_name();
110 // print in a single call to reduce interleaving between threads
111 if (source_file != NULL) {
112 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
113 } else {
114 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
115 }
116 }
117
118 // Prints the end-verification message to the appropriate output.
119 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) {
120 if (HAS_PENDING_EXCEPTION) {
121 st->print("Verification for %s has", klassName);
122 st->print_cr(" exception pending %s ",
123 PENDING_EXCEPTION->klass()->external_name());
124 } else if (exception_name != NULL) {
125 st->print_cr("Verification for %s failed", klassName);
126 }
127 st->print_cr("End class verification for: %s", klassName);
128 }
129
130 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
131 HandleMark hm(THREAD);
132 ResourceMark rm(THREAD);
133
134 // Eagerly allocate the identity hash code for a klass. This is a fallout
135 // from 6320749 and 8059924: hash code generator is not supposed to be called
136 // during the safepoint, but it allows to sneak the hashcode in during
137 // verification. Without this eager hashcode generation, we may end up
138 // installing the hashcode during some other operation, which may be at
139 // safepoint -- blowing up the checks. It was previously done as the side
140 // effect (sic!) for external_name(), but instead of doing that, we opt to
141 // explicitly push the hashcode in here. This is signify the following block
142 // is IMPORTANT:
143 if (klass->java_mirror() != NULL) {
144 klass->java_mirror()->identity_hash();
145 }
146
147 if (!is_eligible_for_verification(klass, should_verify_class)) {
148 return true;
149 }
150
151 // Timer includes any side effects of class verification (resolution,
152 // etc), but not recursive calls to Verifier::verify().
153 JavaThread* jt = (JavaThread*)THREAD;
154 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
155 ClassLoader::perf_class_verify_selftime(),
156 ClassLoader::perf_classes_verified(),
157 jt->get_thread_stat()->perf_recursion_counts_addr(),
158 jt->get_thread_stat()->perf_timers_addr(),
159 PerfClassTraceTime::CLASS_VERIFY);
160
161 // If the class should be verified, first see if we can use the split
162 // verifier. If not, or if verification fails and FailOverToOldVerifier
163 // is set, then call the inference verifier.
164
165 Symbol* exception_name = NULL;
166 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
167 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
168 char* exception_message = message_buffer;
169
170 const char* klassName = klass->external_name();
171 bool can_failover = FailOverToOldVerifier &&
172 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
173
174 log_info(class, init)("Start class verification for: %s", klassName);
175 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
176 ClassVerifier split_verifier(klass, THREAD);
177 split_verifier.verify_class(THREAD);
178 exception_name = split_verifier.result();
179 if (can_failover && !HAS_PENDING_EXCEPTION &&
180 (exception_name == vmSymbols::java_lang_VerifyError() ||
181 exception_name == vmSymbols::java_lang_ClassFormatError())) {
182 log_info(verification)("Fail over class verification to old verifier for: %s", klassName);
183 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName);
184 exception_name = inference_verify(
185 klass, message_buffer, message_buffer_len, THREAD);
186 }
187 if (exception_name != NULL) {
188 exception_message = split_verifier.exception_message();
189 }
190 } else {
191 exception_name = inference_verify(
192 klass, message_buffer, message_buffer_len, THREAD);
193 }
194
195 LogTarget(Info, class, init) lt1;
196 if (lt1.is_enabled()) {
197 LogStream ls(lt1);
198 log_end_verification(&ls, klassName, exception_name, THREAD);
199 }
200 LogTarget(Info, verification) lt2;
201 if (lt2.is_enabled()) {
202 LogStream ls(lt2);
203 log_end_verification(&ls, klassName, exception_name, THREAD);
204 }
205
206 if (HAS_PENDING_EXCEPTION) {
207 return false; // use the existing exception
208 } else if (exception_name == NULL) {
209 return true; // verifcation succeeded
210 } else { // VerifyError or ClassFormatError to be created and thrown
211 ResourceMark rm(THREAD);
212 Klass* kls =
213 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
214 if (log_is_enabled(Debug, class, resolve)) {
215 Verifier::trace_class_resolution(kls, klass);
216 }
217
218 while (kls != NULL) {
219 if (kls == klass) {
220 // If the class being verified is the exception we're creating
221 // or one of it's superclasses, we're in trouble and are going
222 // to infinitely recurse when we try to initialize the exception.
223 // So bail out here by throwing the preallocated VM error.
224 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
225 }
226 kls = kls->super();
227 }
228 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
229 THROW_MSG_(exception_name, exception_message, false);
230 }
231 }
232
233 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
234 Symbol* name = klass->name();
235 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
236
237 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
238
239 return (should_verify_for(klass->class_loader(), should_verify_class) &&
240 // return if the class is a bootstrapping class
241 // or defineClass specified not to verify by default (flags override passed arg)
242 // We need to skip the following few for bootstrapping
243 name != vmSymbols::java_lang_Object() &&
244 name != vmSymbols::java_lang____Value() &&
245 name != vmSymbols::java_lang_Class() &&
246 name != vmSymbols::java_lang_String() &&
247 name != vmSymbols::java_lang_Throwable() &&
248
249 // Can not verify the bytecodes for shared classes because they have
250 // already been rewritten to contain constant pool cache indices,
251 // which the verifier can't understand.
252 // Shared classes shouldn't have stackmaps either.
253 !klass->is_shared() &&
254
255 // A MVT derived value type contains no code atrribute - no private static
256 // methods, no instance methods, no <clinit>, no <init>. So while format
257 // checking is performed on it, verification is not.
258 (!((EnableMVT || EnableValhalla) && klass->access_flags().is_value_type())) &&
259
260 // As of the fix for 4486457 we disable verification for all of the
261 // dynamically-generated bytecodes associated with the 1.4
262 // reflection implementation, not just those associated with
263 // jdk/internal/reflect/SerializationConstructorAccessor.
264 // NOTE: this is called too early in the bootstrapping process to be
265 // guarded by Universe::is_gte_jdk14x_version().
266 // Also for lambda generated code, gte jdk8
267 (!is_reflect));
268 }
269
270 Symbol* Verifier::inference_verify(
271 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
272 JavaThread* thread = (JavaThread*)THREAD;
273 JNIEnv *env = thread->jni_environment();
274
275 void* verify_func = verify_byte_codes_fn();
276
277 if (verify_func == NULL) {
278 jio_snprintf(message, message_len, "Could not link verifier");
279 return vmSymbols::java_lang_VerifyError();
280 }
281
282 ResourceMark rm(THREAD);
283 log_info(verification)("Verifying class %s with old format", klass->external_name());
284
285 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
286 jint result;
287
288 {
289 HandleMark hm(thread);
290 ThreadToNativeFromVM ttn(thread);
291 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
292 // code knows that we have left the VM
293
294 if (_is_new_verify_byte_codes_fn) {
295 verify_byte_codes_fn_new_t func =
296 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
297 result = (*func)(env, cls, message, (int)message_len,
298 klass->major_version());
299 } else {
300 verify_byte_codes_fn_t func =
301 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
302 result = (*func)(env, cls, message, (int)message_len);
303 }
304 }
305
306 JNIHandles::destroy_local(cls);
307
308 // These numbers are chosen so that VerifyClassCodes interface doesn't need
309 // to be changed (still return jboolean (unsigned char)), and result is
310 // 1 when verification is passed.
311 if (result == 0) {
312 return vmSymbols::java_lang_VerifyError();
313 } else if (result == 1) {
314 return NULL; // verified.
315 } else if (result == 2) {
316 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
317 } else if (result == 3) {
318 return vmSymbols::java_lang_ClassFormatError();
319 } else {
320 ShouldNotReachHere();
321 return NULL;
322 }
323 }
324
325 TypeOrigin TypeOrigin::null() {
326 return TypeOrigin();
327 }
328 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
329 assert(frame != NULL, "Must have a frame");
330 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
331 frame->local_at(index));
332 }
333 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
334 assert(frame != NULL, "Must have a frame");
335 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
336 frame->stack_at(index));
337 }
338 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
339 assert(frame != NULL, "Must have a frame");
340 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
341 frame->local_at(index));
342 }
343 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
344 assert(frame != NULL, "Must have a frame");
345 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
346 frame->stack_at(index));
347 }
348 TypeOrigin TypeOrigin::bad_index(u2 index) {
349 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
350 }
351 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
352 return TypeOrigin(CONST_POOL, index, NULL, vt);
353 }
354 TypeOrigin TypeOrigin::signature(VerificationType vt) {
355 return TypeOrigin(SIG, 0, NULL, vt);
356 }
357 TypeOrigin TypeOrigin::implicit(VerificationType t) {
358 return TypeOrigin(IMPLICIT, 0, NULL, t);
359 }
360 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
361 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
362 VerificationType::bogus_type());
363 }
364
365 void TypeOrigin::reset_frame() {
366 if (_frame != NULL) {
367 _frame->restore();
368 }
369 }
370
371 void TypeOrigin::details(outputStream* ss) const {
372 _type.print_on(ss);
373 switch (_origin) {
374 case CF_LOCALS:
375 ss->print(" (current frame, locals[%d])", _index);
376 break;
377 case CF_STACK:
378 ss->print(" (current frame, stack[%d])", _index);
379 break;
380 case SM_LOCALS:
381 ss->print(" (stack map, locals[%d])", _index);
382 break;
383 case SM_STACK:
384 ss->print(" (stack map, stack[%d])", _index);
385 break;
386 case CONST_POOL:
387 ss->print(" (constant pool %d)", _index);
388 break;
389 case SIG:
390 ss->print(" (from method signature)");
391 break;
392 case IMPLICIT:
393 case FRAME_ONLY:
394 case NONE:
395 default:
396 ;
397 }
398 }
399
400 #ifdef ASSERT
401 void TypeOrigin::print_on(outputStream* str) const {
402 str->print("{%d,%d,%p:", _origin, _index, _frame);
403 if (_frame != NULL) {
404 _frame->print_on(str);
405 } else {
406 str->print("null");
407 }
408 str->print(",");
409 _type.print_on(str);
410 str->print("}");
411 }
412 #endif
413
414 void ErrorContext::details(outputStream* ss, const Method* method) const {
415 if (is_valid()) {
416 ss->cr();
417 ss->print_cr("Exception Details:");
418 location_details(ss, method);
419 reason_details(ss);
420 frame_details(ss);
421 bytecode_details(ss, method);
422 handler_details(ss, method);
423 stackmap_details(ss, method);
424 }
425 }
426
427 void ErrorContext::reason_details(outputStream* ss) const {
428 streamIndentor si(ss);
429 ss->indent().print_cr("Reason:");
430 streamIndentor si2(ss);
431 ss->indent().print("%s", "");
432 switch (_fault) {
433 case INVALID_BYTECODE:
434 ss->print("Error exists in the bytecode");
435 break;
436 case WRONG_TYPE:
437 if (_expected.is_valid()) {
438 ss->print("Type ");
439 _type.details(ss);
440 ss->print(" is not assignable to ");
441 _expected.details(ss);
442 } else {
443 ss->print("Invalid type: ");
444 _type.details(ss);
445 }
446 break;
447 case FLAGS_MISMATCH:
448 if (_expected.is_valid()) {
449 ss->print("Current frame's flags are not assignable "
450 "to stack map frame's.");
451 } else {
452 ss->print("Current frame's flags are invalid in this context.");
453 }
454 break;
455 case BAD_CP_INDEX:
456 ss->print("Constant pool index %d is invalid", _type.index());
457 break;
458 case BAD_LOCAL_INDEX:
459 ss->print("Local index %d is invalid", _type.index());
460 break;
461 case LOCALS_SIZE_MISMATCH:
462 ss->print("Current frame's local size doesn't match stackmap.");
463 break;
464 case STACK_SIZE_MISMATCH:
465 ss->print("Current frame's stack size doesn't match stackmap.");
466 break;
467 case STACK_OVERFLOW:
468 ss->print("Exceeded max stack size.");
469 break;
470 case STACK_UNDERFLOW:
471 ss->print("Attempt to pop empty stack.");
472 break;
473 case MISSING_STACKMAP:
474 ss->print("Expected stackmap frame at this location.");
475 break;
476 case BAD_STACKMAP:
477 ss->print("Invalid stackmap specification.");
478 break;
479 case UNKNOWN:
480 default:
481 ShouldNotReachHere();
482 ss->print_cr("Unknown");
483 }
484 ss->cr();
485 }
486
487 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
488 if (_bci != -1 && method != NULL) {
489 streamIndentor si(ss);
490 const char* bytecode_name = "<invalid>";
491 if (method->validate_bci(_bci) != -1) {
492 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
493 if (Bytecodes::is_defined(code)) {
494 bytecode_name = Bytecodes::name(code);
495 } else {
496 bytecode_name = "<illegal>";
497 }
498 }
499 InstanceKlass* ik = method->method_holder();
500 ss->indent().print_cr("Location:");
501 streamIndentor si2(ss);
502 ss->indent().print_cr("%s.%s%s @%d: %s",
503 ik->name()->as_C_string(), method->name()->as_C_string(),
504 method->signature()->as_C_string(), _bci, bytecode_name);
505 }
506 }
507
508 void ErrorContext::frame_details(outputStream* ss) const {
509 streamIndentor si(ss);
510 if (_type.is_valid() && _type.frame() != NULL) {
511 ss->indent().print_cr("Current Frame:");
512 streamIndentor si2(ss);
513 _type.frame()->print_on(ss);
514 }
515 if (_expected.is_valid() && _expected.frame() != NULL) {
516 ss->indent().print_cr("Stackmap Frame:");
517 streamIndentor si2(ss);
518 _expected.frame()->print_on(ss);
519 }
520 }
521
522 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
523 if (method != NULL) {
524 streamIndentor si(ss);
525 ss->indent().print_cr("Bytecode:");
526 streamIndentor si2(ss);
527 ss->print_data(method->code_base(), method->code_size(), false);
528 }
529 }
530
531 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
532 if (method != NULL) {
533 streamIndentor si(ss);
534 ExceptionTable table(method);
535 if (table.length() > 0) {
536 ss->indent().print_cr("Exception Handler Table:");
537 streamIndentor si2(ss);
538 for (int i = 0; i < table.length(); ++i) {
539 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
540 table.end_pc(i), table.handler_pc(i));
541 }
542 }
543 }
544 }
545
546 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
547 if (method != NULL && method->has_stackmap_table()) {
548 streamIndentor si(ss);
549 ss->indent().print_cr("Stackmap Table:");
550 Array<u1>* data = method->stackmap_data();
551 stack_map_table* sm_table =
552 stack_map_table::at((address)data->adr_at(0));
553 stack_map_frame* sm_frame = sm_table->entries();
554 streamIndentor si2(ss);
555 int current_offset = -1;
556 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
557 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
558 ss->indent();
559 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
560 sm_frame->print_truncated(ss, current_offset);
561 return;
562 }
563 sm_frame->print_on(ss, current_offset);
564 ss->cr();
565 current_offset += sm_frame->offset_delta();
566 sm_frame = sm_frame->next();
567 }
568 }
569 }
570
571 // Methods in ClassVerifier
572
573 ClassVerifier::ClassVerifier(
574 InstanceKlass* klass, TRAPS)
575 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
576 _this_type = VerificationType::reference_type(klass->name());
577 // Create list to hold symbols in reference area.
578 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
579 }
580
581 ClassVerifier::~ClassVerifier() {
582 // Decrement the reference count for any symbols created.
583 for (int i = 0; i < _symbols->length(); i++) {
584 Symbol* s = _symbols->at(i);
585 s->decrement_refcount();
586 }
587 }
588
589 VerificationType ClassVerifier::object_type() const {
590 return VerificationType::reference_type(vmSymbols::java_lang_Object());
591 }
592
593 VerificationType ClassVerifier::__value_type() const {
594 return VerificationType::valuetype_type(vmSymbols::java_lang____Value());
595 }
596
597 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
598 VerificationType vt = VerificationType::reference_type(
599 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
600 return TypeOrigin::implicit(vt);
601 }
602
603 TypeOrigin ClassVerifier::valuetype_ctx(const char* sig, TRAPS) {
604 VerificationType vt = VerificationType::valuetype_type(
605 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
606 return TypeOrigin::implicit(vt);
607 }
608
609 void ClassVerifier::verify_class(TRAPS) {
610 log_info(verification)("Verifying class %s with new format", _klass->external_name());
611
612 Array<Method*>* methods = _klass->methods();
613 int num_methods = methods->length();
614
615 for (int index = 0; index < num_methods; index++) {
616 // Check for recursive re-verification before each method.
617 if (was_recursively_verified()) return;
618
619 Method* m = methods->at(index);
620 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
621 // If m is native or abstract, skip it. It is checked in class file
622 // parser that methods do not override a final method. Overpass methods
623 // are trusted since the VM generates them.
624 continue;
625 }
626 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
627 }
628
629 if (was_recursively_verified()){
630 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
631 log_info(class, init)("Recursive verification detected for: %s",
632 _klass->external_name());
633 }
634 }
635
636 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
637 HandleMark hm(THREAD);
638 _method = m; // initialize _method
639 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
640
641 // For clang, the only good constant format string is a literal constant format string.
642 #define bad_type_msg "Bad type on operand stack in %s"
643
644 int32_t max_stack = m->verifier_max_stack();
645 int32_t max_locals = m->max_locals();
646 constantPoolHandle cp(THREAD, m->constants());
647
648 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
649 class_format_error("Invalid method signature");
650 return;
651 }
652
653 // Verify value type bytecodes if enabled and class file version supports them.
654 // Commented check out for now until class file version 54.1 is generated.
655 bool vbytecodes_allowed = (EnableMVT || EnableValhalla);
656 //_klass->major_version() >= Verifier::VALUETYPE_MAJOR_VERSION &&
657 //_klass->minor_version() >= Verifier::VALUETYPE_MINOR_VERSION);
658
659 // Initial stack map frame: offset is 0, stack is initially empty.
660 StackMapFrame current_frame(max_locals, max_stack, this);
661 // Set initial locals
662 VerificationType return_type = current_frame.set_locals_from_arg(
663 m, current_type(), CHECK_VERIFY(this));
664
665 int32_t stackmap_index = 0; // index to the stackmap array
666
667 u4 code_length = m->code_size();
668
669 // Scan the bytecode and map each instruction's start offset to a number.
670 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
671
672 int ex_min = code_length;
673 int ex_max = -1;
674 // Look through each item on the exception table. Each of the fields must refer
675 // to a legal instruction.
676 if (was_recursively_verified()) return;
677 verify_exception_handler_table(
678 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
679
680 // Look through each entry on the local variable table and make sure
681 // its range of code array offsets is valid. (4169817)
682 if (m->has_localvariable_table()) {
683 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
684 }
685
686 Array<u1>* stackmap_data = m->stackmap_data();
687 StackMapStream stream(stackmap_data);
688 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
689 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
690 code_data, code_length, CHECK_VERIFY(this));
691
692 LogTarget(Info, verification) lt;
693 if (lt.is_enabled()) {
694 ResourceMark rm(THREAD);
695 LogStream ls(lt);
696 stackmap_table.print_on(&ls);
697 }
698
699 RawBytecodeStream bcs(m);
700
701 // Scan the byte code linearly from the start to the end
702 bool no_control_flow = false; // Set to true when there is no direct control
703 // flow from current instruction to the next
704 // instruction in sequence
705
706 Bytecodes::Code opcode;
707 while (!bcs.is_last_bytecode()) {
708 // Check for recursive re-verification before each bytecode.
709 if (was_recursively_verified()) return;
710
711 opcode = bcs.raw_next();
712 u2 bci = bcs.bci();
713
714 // Set current frame's offset to bci
715 current_frame.set_offset(bci);
716 current_frame.set_mark();
717
718 // Make sure every offset in stackmap table point to the beginning to
719 // an instruction. Match current_frame to stackmap_table entry with
720 // the same offset if exists.
721 stackmap_index = verify_stackmap_table(
722 stackmap_index, bci, ¤t_frame, &stackmap_table,
723 no_control_flow, CHECK_VERIFY(this));
724
725
726 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
727 bool verified_exc_handlers = false;
728
729 // Merge with the next instruction
730 {
731 u2 index;
732 int target;
733 VerificationType type, type2;
734 VerificationType atype;
735
736 LogTarget(Info, verification) lt;
737 if (lt.is_enabled()) {
738 ResourceMark rm(THREAD);
739 LogStream ls(lt);
740 current_frame.print_on(&ls);
741 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
742 }
743
744 // Make sure wide instruction is in correct format
745 if (bcs.is_wide()) {
746 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
747 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
748 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
749 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
750 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
751 opcode != Bytecodes::_dstore) {
752 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
753 * if we encounter a wide instruction that modifies an invalid
754 * opcode (not one of the ones listed above) */
755 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
756 return;
757 }
758 }
759
760 // Look for possible jump target in exception handlers and see if it
761 // matches current_frame. Do this check here for astore*, dstore*,
762 // fstore*, istore*, and lstore* opcodes because they can change the type
763 // state by adding a local. JVM Spec says that the incoming type state
764 // should be used for this check. So, do the check here before a possible
765 // local is added to the type state.
766 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
767 if (was_recursively_verified()) return;
768 verify_exception_handler_targets(
769 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
770 verified_exc_handlers = true;
771 }
772
773 if (was_recursively_verified()) return;
774
775 switch (opcode) {
776 case Bytecodes::_nop :
777 no_control_flow = false; break;
778 case Bytecodes::_aconst_null :
779 current_frame.push_stack(
780 VerificationType::null_type(), CHECK_VERIFY(this));
781 no_control_flow = false; break;
782 case Bytecodes::_iconst_m1 :
783 case Bytecodes::_iconst_0 :
784 case Bytecodes::_iconst_1 :
785 case Bytecodes::_iconst_2 :
786 case Bytecodes::_iconst_3 :
787 case Bytecodes::_iconst_4 :
788 case Bytecodes::_iconst_5 :
789 current_frame.push_stack(
790 VerificationType::integer_type(), CHECK_VERIFY(this));
791 no_control_flow = false; break;
792 case Bytecodes::_lconst_0 :
793 case Bytecodes::_lconst_1 :
794 current_frame.push_stack_2(
795 VerificationType::long_type(),
796 VerificationType::long2_type(), CHECK_VERIFY(this));
797 no_control_flow = false; break;
798 case Bytecodes::_fconst_0 :
799 case Bytecodes::_fconst_1 :
800 case Bytecodes::_fconst_2 :
801 current_frame.push_stack(
802 VerificationType::float_type(), CHECK_VERIFY(this));
803 no_control_flow = false; break;
804 case Bytecodes::_dconst_0 :
805 case Bytecodes::_dconst_1 :
806 current_frame.push_stack_2(
807 VerificationType::double_type(),
808 VerificationType::double2_type(), CHECK_VERIFY(this));
809 no_control_flow = false; break;
810 case Bytecodes::_sipush :
811 case Bytecodes::_bipush :
812 current_frame.push_stack(
813 VerificationType::integer_type(), CHECK_VERIFY(this));
814 no_control_flow = false; break;
815 case Bytecodes::_ldc :
816 verify_ldc(
817 opcode, bcs.get_index_u1(), ¤t_frame,
818 cp, bci, CHECK_VERIFY(this));
819 no_control_flow = false; break;
820 case Bytecodes::_ldc_w :
821 case Bytecodes::_ldc2_w :
822 verify_ldc(
823 opcode, bcs.get_index_u2(), ¤t_frame,
824 cp, bci, CHECK_VERIFY(this));
825 no_control_flow = false; break;
826 case Bytecodes::_iload :
827 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
828 no_control_flow = false; break;
829 case Bytecodes::_iload_0 :
830 case Bytecodes::_iload_1 :
831 case Bytecodes::_iload_2 :
832 case Bytecodes::_iload_3 :
833 index = opcode - Bytecodes::_iload_0;
834 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
835 no_control_flow = false; break;
836 case Bytecodes::_lload :
837 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
838 no_control_flow = false; break;
839 case Bytecodes::_lload_0 :
840 case Bytecodes::_lload_1 :
841 case Bytecodes::_lload_2 :
842 case Bytecodes::_lload_3 :
843 index = opcode - Bytecodes::_lload_0;
844 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
845 no_control_flow = false; break;
846 case Bytecodes::_fload :
847 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
848 no_control_flow = false; break;
849 case Bytecodes::_fload_0 :
850 case Bytecodes::_fload_1 :
851 case Bytecodes::_fload_2 :
852 case Bytecodes::_fload_3 :
853 index = opcode - Bytecodes::_fload_0;
854 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
855 no_control_flow = false; break;
856 case Bytecodes::_dload :
857 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
858 no_control_flow = false; break;
859 case Bytecodes::_dload_0 :
860 case Bytecodes::_dload_1 :
861 case Bytecodes::_dload_2 :
862 case Bytecodes::_dload_3 :
863 index = opcode - Bytecodes::_dload_0;
864 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
865 no_control_flow = false; break;
866 case Bytecodes::_vload :
867 if (!vbytecodes_allowed) {
868 class_format_error(
869 "vload not supported by this class file version (%d.%d), class %s",
870 _klass->major_version(), _klass->minor_version(), _klass->external_name());
871 return;
872 }
873 verify_vload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
874 no_control_flow = false; break;
875 case Bytecodes::_aload :
876 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
877 no_control_flow = false; break;
878 case Bytecodes::_aload_0 :
879 case Bytecodes::_aload_1 :
880 case Bytecodes::_aload_2 :
881 case Bytecodes::_aload_3 :
882 index = opcode - Bytecodes::_aload_0;
883 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
884 no_control_flow = false; break;
885 case Bytecodes::_iaload :
886 type = current_frame.pop_stack(
887 VerificationType::integer_type(), CHECK_VERIFY(this));
888 atype = current_frame.pop_stack(
889 VerificationType::reference_check(), CHECK_VERIFY(this));
890 if (!atype.is_int_array()) {
891 verify_error(ErrorContext::bad_type(bci,
892 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
893 bad_type_msg, "iaload");
894 return;
895 }
896 current_frame.push_stack(
897 VerificationType::integer_type(), CHECK_VERIFY(this));
898 no_control_flow = false; break;
899 case Bytecodes::_baload :
900 type = current_frame.pop_stack(
901 VerificationType::integer_type(), CHECK_VERIFY(this));
902 atype = current_frame.pop_stack(
903 VerificationType::reference_check(), CHECK_VERIFY(this));
904 if (!atype.is_bool_array() && !atype.is_byte_array()) {
905 verify_error(
906 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
907 bad_type_msg, "baload");
908 return;
909 }
910 current_frame.push_stack(
911 VerificationType::integer_type(), CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_caload :
914 type = current_frame.pop_stack(
915 VerificationType::integer_type(), CHECK_VERIFY(this));
916 atype = current_frame.pop_stack(
917 VerificationType::reference_check(), CHECK_VERIFY(this));
918 if (!atype.is_char_array()) {
919 verify_error(ErrorContext::bad_type(bci,
920 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
921 bad_type_msg, "caload");
922 return;
923 }
924 current_frame.push_stack(
925 VerificationType::integer_type(), CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_saload :
928 type = current_frame.pop_stack(
929 VerificationType::integer_type(), CHECK_VERIFY(this));
930 atype = current_frame.pop_stack(
931 VerificationType::reference_check(), CHECK_VERIFY(this));
932 if (!atype.is_short_array()) {
933 verify_error(ErrorContext::bad_type(bci,
934 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
935 bad_type_msg, "saload");
936 return;
937 }
938 current_frame.push_stack(
939 VerificationType::integer_type(), CHECK_VERIFY(this));
940 no_control_flow = false; break;
941 case Bytecodes::_laload :
942 type = current_frame.pop_stack(
943 VerificationType::integer_type(), CHECK_VERIFY(this));
944 atype = current_frame.pop_stack(
945 VerificationType::reference_check(), CHECK_VERIFY(this));
946 if (!atype.is_long_array()) {
947 verify_error(ErrorContext::bad_type(bci,
948 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
949 bad_type_msg, "laload");
950 return;
951 }
952 current_frame.push_stack_2(
953 VerificationType::long_type(),
954 VerificationType::long2_type(), CHECK_VERIFY(this));
955 no_control_flow = false; break;
956 case Bytecodes::_faload :
957 type = current_frame.pop_stack(
958 VerificationType::integer_type(), CHECK_VERIFY(this));
959 atype = current_frame.pop_stack(
960 VerificationType::reference_check(), CHECK_VERIFY(this));
961 if (!atype.is_float_array()) {
962 verify_error(ErrorContext::bad_type(bci,
963 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
964 bad_type_msg, "faload");
965 return;
966 }
967 current_frame.push_stack(
968 VerificationType::float_type(), CHECK_VERIFY(this));
969 no_control_flow = false; break;
970 case Bytecodes::_daload :
971 type = current_frame.pop_stack(
972 VerificationType::integer_type(), CHECK_VERIFY(this));
973 atype = current_frame.pop_stack(
974 VerificationType::reference_check(), CHECK_VERIFY(this));
975 if (!atype.is_double_array()) {
976 verify_error(ErrorContext::bad_type(bci,
977 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
978 bad_type_msg, "daload");
979 return;
980 }
981 current_frame.push_stack_2(
982 VerificationType::double_type(),
983 VerificationType::double2_type(), CHECK_VERIFY(this));
984 no_control_flow = false; break;
985 case Bytecodes::_aaload : {
986 type = current_frame.pop_stack(
987 VerificationType::integer_type(), CHECK_VERIFY(this));
988 atype = current_frame.pop_stack(
989 VerificationType::reference_check(), CHECK_VERIFY(this));
990 if (!atype.is_reference_array()) {
991 verify_error(ErrorContext::bad_type(bci,
992 current_frame.stack_top_ctx(),
993 TypeOrigin::implicit(VerificationType::reference_check())),
994 bad_type_msg, "aaload");
995 return;
996 }
997 if (atype.is_null()) {
998 current_frame.push_stack(
999 VerificationType::null_type(), CHECK_VERIFY(this));
1000 } else {
1001 VerificationType component =
1002 atype.get_component(this, CHECK_VERIFY(this));
1003 current_frame.push_stack(component, CHECK_VERIFY(this));
1004 }
1005 no_control_flow = false; break;
1006 }
1007 case Bytecodes::_vaload : {
1008 if (!vbytecodes_allowed) {
1009 class_format_error(
1010 "vaload not supported by this class file version (%d.%d), class %s",
1011 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1012 return;
1013 }
1014 type = current_frame.pop_stack(
1015 VerificationType::integer_type(), CHECK_VERIFY(this));
1016 atype = current_frame.pop_stack(
1017 VerificationType::reference_check(), CHECK_VERIFY(this));
1018 // The null check is strictly not be necessary, left in for future proofing.
1019 // Will be reconsidered if type indexes are removed.
1020 if (atype.is_null() || !atype.is_value_array()) {
1021 verify_error(ErrorContext::bad_type(bci,
1022 current_frame.stack_top_ctx(),
1023 TypeOrigin::implicit(VerificationType::reference_check())),
1024 bad_type_msg, "vaload");
1025 return;
1026 }
1027 VerificationType component = atype.get_component(this, CHECK_VERIFY(this));
1028 if (!component.is_valuetype()) {
1029 verify_error(ErrorContext::bad_type(bci,
1030 current_frame.stack_top_ctx(),
1031 TypeOrigin::implicit(VerificationType::valuetype_check())),
1032 bad_type_msg, "vaload");
1033 return;
1034 }
1035 current_frame.push_stack(component, CHECK_VERIFY(this));
1036 no_control_flow = false; break;
1037 }
1038 case Bytecodes::_istore :
1039 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1040 no_control_flow = false; break;
1041 case Bytecodes::_istore_0 :
1042 case Bytecodes::_istore_1 :
1043 case Bytecodes::_istore_2 :
1044 case Bytecodes::_istore_3 :
1045 index = opcode - Bytecodes::_istore_0;
1046 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1047 no_control_flow = false; break;
1048 case Bytecodes::_lstore :
1049 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1050 no_control_flow = false; break;
1051 case Bytecodes::_lstore_0 :
1052 case Bytecodes::_lstore_1 :
1053 case Bytecodes::_lstore_2 :
1054 case Bytecodes::_lstore_3 :
1055 index = opcode - Bytecodes::_lstore_0;
1056 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1057 no_control_flow = false; break;
1058 case Bytecodes::_fstore :
1059 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1060 no_control_flow = false; break;
1061 case Bytecodes::_fstore_0 :
1062 case Bytecodes::_fstore_1 :
1063 case Bytecodes::_fstore_2 :
1064 case Bytecodes::_fstore_3 :
1065 index = opcode - Bytecodes::_fstore_0;
1066 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_dstore :
1069 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1070 no_control_flow = false; break;
1071 case Bytecodes::_dstore_0 :
1072 case Bytecodes::_dstore_1 :
1073 case Bytecodes::_dstore_2 :
1074 case Bytecodes::_dstore_3 :
1075 index = opcode - Bytecodes::_dstore_0;
1076 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1077 no_control_flow = false; break;
1078 case Bytecodes::_vstore :
1079 if (!vbytecodes_allowed) {
1080 class_format_error(
1081 "vstore not supported by this class file version (%d.%d), class %s",
1082 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1083 return;
1084 }
1085 verify_vstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 case Bytecodes::_astore :
1088 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_astore_0 :
1091 case Bytecodes::_astore_1 :
1092 case Bytecodes::_astore_2 :
1093 case Bytecodes::_astore_3 :
1094 index = opcode - Bytecodes::_astore_0;
1095 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1096 no_control_flow = false; break;
1097 case Bytecodes::_iastore :
1098 type = current_frame.pop_stack(
1099 VerificationType::integer_type(), CHECK_VERIFY(this));
1100 type2 = current_frame.pop_stack(
1101 VerificationType::integer_type(), CHECK_VERIFY(this));
1102 atype = current_frame.pop_stack(
1103 VerificationType::reference_check(), CHECK_VERIFY(this));
1104 if (!atype.is_int_array()) {
1105 verify_error(ErrorContext::bad_type(bci,
1106 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
1107 bad_type_msg, "iastore");
1108 return;
1109 }
1110 no_control_flow = false; break;
1111 case Bytecodes::_bastore :
1112 type = current_frame.pop_stack(
1113 VerificationType::integer_type(), CHECK_VERIFY(this));
1114 type2 = current_frame.pop_stack(
1115 VerificationType::integer_type(), CHECK_VERIFY(this));
1116 atype = current_frame.pop_stack(
1117 VerificationType::reference_check(), CHECK_VERIFY(this));
1118 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1119 verify_error(
1120 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1121 bad_type_msg, "bastore");
1122 return;
1123 }
1124 no_control_flow = false; break;
1125 case Bytecodes::_castore :
1126 current_frame.pop_stack(
1127 VerificationType::integer_type(), CHECK_VERIFY(this));
1128 current_frame.pop_stack(
1129 VerificationType::integer_type(), CHECK_VERIFY(this));
1130 atype = current_frame.pop_stack(
1131 VerificationType::reference_check(), CHECK_VERIFY(this));
1132 if (!atype.is_char_array()) {
1133 verify_error(ErrorContext::bad_type(bci,
1134 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1135 bad_type_msg, "castore");
1136 return;
1137 }
1138 no_control_flow = false; break;
1139 case Bytecodes::_sastore :
1140 current_frame.pop_stack(
1141 VerificationType::integer_type(), CHECK_VERIFY(this));
1142 current_frame.pop_stack(
1143 VerificationType::integer_type(), CHECK_VERIFY(this));
1144 atype = current_frame.pop_stack(
1145 VerificationType::reference_check(), CHECK_VERIFY(this));
1146 if (!atype.is_short_array()) {
1147 verify_error(ErrorContext::bad_type(bci,
1148 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1149 bad_type_msg, "sastore");
1150 return;
1151 }
1152 no_control_flow = false; break;
1153 case Bytecodes::_lastore :
1154 current_frame.pop_stack_2(
1155 VerificationType::long2_type(),
1156 VerificationType::long_type(), CHECK_VERIFY(this));
1157 current_frame.pop_stack(
1158 VerificationType::integer_type(), CHECK_VERIFY(this));
1159 atype = current_frame.pop_stack(
1160 VerificationType::reference_check(), CHECK_VERIFY(this));
1161 if (!atype.is_long_array()) {
1162 verify_error(ErrorContext::bad_type(bci,
1163 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1164 bad_type_msg, "lastore");
1165 return;
1166 }
1167 no_control_flow = false; break;
1168 case Bytecodes::_fastore :
1169 current_frame.pop_stack(
1170 VerificationType::float_type(), CHECK_VERIFY(this));
1171 current_frame.pop_stack
1172 (VerificationType::integer_type(), CHECK_VERIFY(this));
1173 atype = current_frame.pop_stack(
1174 VerificationType::reference_check(), CHECK_VERIFY(this));
1175 if (!atype.is_float_array()) {
1176 verify_error(ErrorContext::bad_type(bci,
1177 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1178 bad_type_msg, "fastore");
1179 return;
1180 }
1181 no_control_flow = false; break;
1182 case Bytecodes::_dastore :
1183 current_frame.pop_stack_2(
1184 VerificationType::double2_type(),
1185 VerificationType::double_type(), CHECK_VERIFY(this));
1186 current_frame.pop_stack(
1187 VerificationType::integer_type(), CHECK_VERIFY(this));
1188 atype = current_frame.pop_stack(
1189 VerificationType::reference_check(), CHECK_VERIFY(this));
1190 if (!atype.is_double_array()) {
1191 verify_error(ErrorContext::bad_type(bci,
1192 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1193 bad_type_msg, "dastore");
1194 return;
1195 }
1196 no_control_flow = false; break;
1197 case Bytecodes::_aastore :
1198 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1199 type2 = current_frame.pop_stack(
1200 VerificationType::integer_type(), CHECK_VERIFY(this));
1201 atype = current_frame.pop_stack(
1202 VerificationType::reference_check(), CHECK_VERIFY(this));
1203 // more type-checking is done at runtime
1204 if (!atype.is_reference_array()) {
1205 verify_error(ErrorContext::bad_type(bci,
1206 current_frame.stack_top_ctx(),
1207 TypeOrigin::implicit(VerificationType::reference_check())),
1208 bad_type_msg, "aastore");
1209 return;
1210 }
1211 // 4938384: relaxed constraint in JVMS 3nd edition.
1212 no_control_flow = false; break;
1213 case Bytecodes::_vastore :
1214 if (!vbytecodes_allowed) {
1215 class_format_error(
1216 "vastore not supported by this class file version (%d.%d), class %s",
1217 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1218 return;
1219 }
1220 type = current_frame.pop_stack(__value_type(), CHECK_VERIFY(this));
1221 type2 = current_frame.pop_stack(
1222 VerificationType::integer_type(), CHECK_VERIFY(this));
1223 atype = current_frame.pop_stack(
1224 VerificationType::reference_check(), CHECK_VERIFY(this));
1225 // The null check is strictly not be necessary, left in for future proofing.
1226 // Will be reconsidered if type indexes are removed.
1227 if (atype.is_null() || !atype.is_value_array()) {
1228 verify_error(ErrorContext::bad_type(bci,
1229 current_frame.stack_top_ctx(),
1230 TypeOrigin::implicit(VerificationType::reference_check())),
1231 bad_type_msg, "vastore");
1232 return;
1233 }
1234 no_control_flow = false; break;
1235 case Bytecodes::_pop :
1236 current_frame.pop_stack(
1237 VerificationType::category1_check(), CHECK_VERIFY(this));
1238 no_control_flow = false; break;
1239 case Bytecodes::_pop2 :
1240 type = current_frame.pop_stack(CHECK_VERIFY(this));
1241 if (type.is_category1()) {
1242 current_frame.pop_stack(
1243 VerificationType::category1_check(), CHECK_VERIFY(this));
1244 } else if (type.is_category2_2nd()) {
1245 current_frame.pop_stack(
1246 VerificationType::category2_check(), CHECK_VERIFY(this));
1247 } else {
1248 /* Unreachable? Would need a category2_1st on TOS
1249 * which does not appear possible. */
1250 verify_error(
1251 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1252 bad_type_msg, "pop2");
1253 return;
1254 }
1255 no_control_flow = false; break;
1256 case Bytecodes::_dup :
1257 type = current_frame.pop_stack(
1258 VerificationType::category1_check(), CHECK_VERIFY(this));
1259 current_frame.push_stack(type, CHECK_VERIFY(this));
1260 current_frame.push_stack(type, CHECK_VERIFY(this));
1261 no_control_flow = false; break;
1262 case Bytecodes::_dup_x1 :
1263 type = current_frame.pop_stack(
1264 VerificationType::category1_check(), CHECK_VERIFY(this));
1265 type2 = current_frame.pop_stack(
1266 VerificationType::category1_check(), CHECK_VERIFY(this));
1267 current_frame.push_stack(type, CHECK_VERIFY(this));
1268 current_frame.push_stack(type2, CHECK_VERIFY(this));
1269 current_frame.push_stack(type, CHECK_VERIFY(this));
1270 no_control_flow = false; break;
1271 case Bytecodes::_dup_x2 :
1272 {
1273 VerificationType type3;
1274 type = current_frame.pop_stack(
1275 VerificationType::category1_check(), CHECK_VERIFY(this));
1276 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1277 if (type2.is_category1()) {
1278 type3 = current_frame.pop_stack(
1279 VerificationType::category1_check(), CHECK_VERIFY(this));
1280 } else if (type2.is_category2_2nd()) {
1281 type3 = current_frame.pop_stack(
1282 VerificationType::category2_check(), CHECK_VERIFY(this));
1283 } else {
1284 /* Unreachable? Would need a category2_1st at stack depth 2 with
1285 * a category1 on TOS which does not appear possible. */
1286 verify_error(ErrorContext::bad_type(
1287 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1288 return;
1289 }
1290 current_frame.push_stack(type, CHECK_VERIFY(this));
1291 current_frame.push_stack(type3, CHECK_VERIFY(this));
1292 current_frame.push_stack(type2, CHECK_VERIFY(this));
1293 current_frame.push_stack(type, CHECK_VERIFY(this));
1294 no_control_flow = false; break;
1295 }
1296 case Bytecodes::_dup2 :
1297 type = current_frame.pop_stack(CHECK_VERIFY(this));
1298 if (type.is_category1()) {
1299 type2 = current_frame.pop_stack(
1300 VerificationType::category1_check(), CHECK_VERIFY(this));
1301 } else if (type.is_category2_2nd()) {
1302 type2 = current_frame.pop_stack(
1303 VerificationType::category2_check(), CHECK_VERIFY(this));
1304 } else {
1305 /* Unreachable? Would need a category2_1st on TOS which does not
1306 * appear possible. */
1307 verify_error(
1308 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1309 bad_type_msg, "dup2");
1310 return;
1311 }
1312 current_frame.push_stack(type2, CHECK_VERIFY(this));
1313 current_frame.push_stack(type, CHECK_VERIFY(this));
1314 current_frame.push_stack(type2, CHECK_VERIFY(this));
1315 current_frame.push_stack(type, CHECK_VERIFY(this));
1316 no_control_flow = false; break;
1317 case Bytecodes::_dup2_x1 :
1318 {
1319 VerificationType type3;
1320 type = current_frame.pop_stack(CHECK_VERIFY(this));
1321 if (type.is_category1()) {
1322 type2 = current_frame.pop_stack(
1323 VerificationType::category1_check(), CHECK_VERIFY(this));
1324 } else if (type.is_category2_2nd()) {
1325 type2 = current_frame.pop_stack(
1326 VerificationType::category2_check(), CHECK_VERIFY(this));
1327 } else {
1328 /* Unreachable? Would need a category2_1st on TOS which does
1329 * not appear possible. */
1330 verify_error(
1331 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1332 bad_type_msg, "dup2_x1");
1333 return;
1334 }
1335 type3 = current_frame.pop_stack(
1336 VerificationType::category1_check(), CHECK_VERIFY(this));
1337 current_frame.push_stack(type2, CHECK_VERIFY(this));
1338 current_frame.push_stack(type, CHECK_VERIFY(this));
1339 current_frame.push_stack(type3, CHECK_VERIFY(this));
1340 current_frame.push_stack(type2, CHECK_VERIFY(this));
1341 current_frame.push_stack(type, CHECK_VERIFY(this));
1342 no_control_flow = false; break;
1343 }
1344 case Bytecodes::_dup2_x2 :
1345 {
1346 VerificationType type3, type4;
1347 type = current_frame.pop_stack(CHECK_VERIFY(this));
1348 if (type.is_category1()) {
1349 type2 = current_frame.pop_stack(
1350 VerificationType::category1_check(), CHECK_VERIFY(this));
1351 } else if (type.is_category2_2nd()) {
1352 type2 = current_frame.pop_stack(
1353 VerificationType::category2_check(), CHECK_VERIFY(this));
1354 } else {
1355 /* Unreachable? Would need a category2_1st on TOS which does
1356 * not appear possible. */
1357 verify_error(
1358 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1359 bad_type_msg, "dup2_x2");
1360 return;
1361 }
1362 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1363 if (type3.is_category1()) {
1364 type4 = current_frame.pop_stack(
1365 VerificationType::category1_check(), CHECK_VERIFY(this));
1366 } else if (type3.is_category2_2nd()) {
1367 type4 = current_frame.pop_stack(
1368 VerificationType::category2_check(), CHECK_VERIFY(this));
1369 } else {
1370 /* Unreachable? Would need a category2_1st on TOS after popping
1371 * a long/double or two category 1's, which does not
1372 * appear possible. */
1373 verify_error(
1374 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1375 bad_type_msg, "dup2_x2");
1376 return;
1377 }
1378 current_frame.push_stack(type2, CHECK_VERIFY(this));
1379 current_frame.push_stack(type, CHECK_VERIFY(this));
1380 current_frame.push_stack(type4, CHECK_VERIFY(this));
1381 current_frame.push_stack(type3, CHECK_VERIFY(this));
1382 current_frame.push_stack(type2, CHECK_VERIFY(this));
1383 current_frame.push_stack(type, CHECK_VERIFY(this));
1384 no_control_flow = false; break;
1385 }
1386 case Bytecodes::_swap :
1387 type = current_frame.pop_stack(
1388 VerificationType::category1_check(), CHECK_VERIFY(this));
1389 type2 = current_frame.pop_stack(
1390 VerificationType::category1_check(), CHECK_VERIFY(this));
1391 current_frame.push_stack(type, CHECK_VERIFY(this));
1392 current_frame.push_stack(type2, CHECK_VERIFY(this));
1393 no_control_flow = false; break;
1394 case Bytecodes::_iadd :
1395 case Bytecodes::_isub :
1396 case Bytecodes::_imul :
1397 case Bytecodes::_idiv :
1398 case Bytecodes::_irem :
1399 case Bytecodes::_ishl :
1400 case Bytecodes::_ishr :
1401 case Bytecodes::_iushr :
1402 case Bytecodes::_ior :
1403 case Bytecodes::_ixor :
1404 case Bytecodes::_iand :
1405 current_frame.pop_stack(
1406 VerificationType::integer_type(), CHECK_VERIFY(this));
1407 // fall through
1408 case Bytecodes::_ineg :
1409 current_frame.pop_stack(
1410 VerificationType::integer_type(), CHECK_VERIFY(this));
1411 current_frame.push_stack(
1412 VerificationType::integer_type(), CHECK_VERIFY(this));
1413 no_control_flow = false; break;
1414 case Bytecodes::_ladd :
1415 case Bytecodes::_lsub :
1416 case Bytecodes::_lmul :
1417 case Bytecodes::_ldiv :
1418 case Bytecodes::_lrem :
1419 case Bytecodes::_land :
1420 case Bytecodes::_lor :
1421 case Bytecodes::_lxor :
1422 current_frame.pop_stack_2(
1423 VerificationType::long2_type(),
1424 VerificationType::long_type(), CHECK_VERIFY(this));
1425 // fall through
1426 case Bytecodes::_lneg :
1427 current_frame.pop_stack_2(
1428 VerificationType::long2_type(),
1429 VerificationType::long_type(), CHECK_VERIFY(this));
1430 current_frame.push_stack_2(
1431 VerificationType::long_type(),
1432 VerificationType::long2_type(), CHECK_VERIFY(this));
1433 no_control_flow = false; break;
1434 case Bytecodes::_lshl :
1435 case Bytecodes::_lshr :
1436 case Bytecodes::_lushr :
1437 current_frame.pop_stack(
1438 VerificationType::integer_type(), CHECK_VERIFY(this));
1439 current_frame.pop_stack_2(
1440 VerificationType::long2_type(),
1441 VerificationType::long_type(), CHECK_VERIFY(this));
1442 current_frame.push_stack_2(
1443 VerificationType::long_type(),
1444 VerificationType::long2_type(), CHECK_VERIFY(this));
1445 no_control_flow = false; break;
1446 case Bytecodes::_fadd :
1447 case Bytecodes::_fsub :
1448 case Bytecodes::_fmul :
1449 case Bytecodes::_fdiv :
1450 case Bytecodes::_frem :
1451 current_frame.pop_stack(
1452 VerificationType::float_type(), CHECK_VERIFY(this));
1453 // fall through
1454 case Bytecodes::_fneg :
1455 current_frame.pop_stack(
1456 VerificationType::float_type(), CHECK_VERIFY(this));
1457 current_frame.push_stack(
1458 VerificationType::float_type(), CHECK_VERIFY(this));
1459 no_control_flow = false; break;
1460 case Bytecodes::_dadd :
1461 case Bytecodes::_dsub :
1462 case Bytecodes::_dmul :
1463 case Bytecodes::_ddiv :
1464 case Bytecodes::_drem :
1465 current_frame.pop_stack_2(
1466 VerificationType::double2_type(),
1467 VerificationType::double_type(), CHECK_VERIFY(this));
1468 // fall through
1469 case Bytecodes::_dneg :
1470 current_frame.pop_stack_2(
1471 VerificationType::double2_type(),
1472 VerificationType::double_type(), CHECK_VERIFY(this));
1473 current_frame.push_stack_2(
1474 VerificationType::double_type(),
1475 VerificationType::double2_type(), CHECK_VERIFY(this));
1476 no_control_flow = false; break;
1477 case Bytecodes::_iinc :
1478 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1479 no_control_flow = false; break;
1480 case Bytecodes::_i2l :
1481 type = current_frame.pop_stack(
1482 VerificationType::integer_type(), CHECK_VERIFY(this));
1483 current_frame.push_stack_2(
1484 VerificationType::long_type(),
1485 VerificationType::long2_type(), CHECK_VERIFY(this));
1486 no_control_flow = false; break;
1487 case Bytecodes::_l2i :
1488 current_frame.pop_stack_2(
1489 VerificationType::long2_type(),
1490 VerificationType::long_type(), CHECK_VERIFY(this));
1491 current_frame.push_stack(
1492 VerificationType::integer_type(), CHECK_VERIFY(this));
1493 no_control_flow = false; break;
1494 case Bytecodes::_i2f :
1495 current_frame.pop_stack(
1496 VerificationType::integer_type(), CHECK_VERIFY(this));
1497 current_frame.push_stack(
1498 VerificationType::float_type(), CHECK_VERIFY(this));
1499 no_control_flow = false; break;
1500 case Bytecodes::_i2d :
1501 current_frame.pop_stack(
1502 VerificationType::integer_type(), CHECK_VERIFY(this));
1503 current_frame.push_stack_2(
1504 VerificationType::double_type(),
1505 VerificationType::double2_type(), CHECK_VERIFY(this));
1506 no_control_flow = false; break;
1507 case Bytecodes::_l2f :
1508 current_frame.pop_stack_2(
1509 VerificationType::long2_type(),
1510 VerificationType::long_type(), CHECK_VERIFY(this));
1511 current_frame.push_stack(
1512 VerificationType::float_type(), CHECK_VERIFY(this));
1513 no_control_flow = false; break;
1514 case Bytecodes::_l2d :
1515 current_frame.pop_stack_2(
1516 VerificationType::long2_type(),
1517 VerificationType::long_type(), CHECK_VERIFY(this));
1518 current_frame.push_stack_2(
1519 VerificationType::double_type(),
1520 VerificationType::double2_type(), CHECK_VERIFY(this));
1521 no_control_flow = false; break;
1522 case Bytecodes::_f2i :
1523 current_frame.pop_stack(
1524 VerificationType::float_type(), CHECK_VERIFY(this));
1525 current_frame.push_stack(
1526 VerificationType::integer_type(), CHECK_VERIFY(this));
1527 no_control_flow = false; break;
1528 case Bytecodes::_f2l :
1529 current_frame.pop_stack(
1530 VerificationType::float_type(), CHECK_VERIFY(this));
1531 current_frame.push_stack_2(
1532 VerificationType::long_type(),
1533 VerificationType::long2_type(), CHECK_VERIFY(this));
1534 no_control_flow = false; break;
1535 case Bytecodes::_f2d :
1536 current_frame.pop_stack(
1537 VerificationType::float_type(), CHECK_VERIFY(this));
1538 current_frame.push_stack_2(
1539 VerificationType::double_type(),
1540 VerificationType::double2_type(), CHECK_VERIFY(this));
1541 no_control_flow = false; break;
1542 case Bytecodes::_d2i :
1543 current_frame.pop_stack_2(
1544 VerificationType::double2_type(),
1545 VerificationType::double_type(), CHECK_VERIFY(this));
1546 current_frame.push_stack(
1547 VerificationType::integer_type(), CHECK_VERIFY(this));
1548 no_control_flow = false; break;
1549 case Bytecodes::_d2l :
1550 current_frame.pop_stack_2(
1551 VerificationType::double2_type(),
1552 VerificationType::double_type(), CHECK_VERIFY(this));
1553 current_frame.push_stack_2(
1554 VerificationType::long_type(),
1555 VerificationType::long2_type(), CHECK_VERIFY(this));
1556 no_control_flow = false; break;
1557 case Bytecodes::_d2f :
1558 current_frame.pop_stack_2(
1559 VerificationType::double2_type(),
1560 VerificationType::double_type(), CHECK_VERIFY(this));
1561 current_frame.push_stack(
1562 VerificationType::float_type(), CHECK_VERIFY(this));
1563 no_control_flow = false; break;
1564 case Bytecodes::_i2b :
1565 case Bytecodes::_i2c :
1566 case Bytecodes::_i2s :
1567 current_frame.pop_stack(
1568 VerificationType::integer_type(), CHECK_VERIFY(this));
1569 current_frame.push_stack(
1570 VerificationType::integer_type(), CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_lcmp :
1573 current_frame.pop_stack_2(
1574 VerificationType::long2_type(),
1575 VerificationType::long_type(), CHECK_VERIFY(this));
1576 current_frame.pop_stack_2(
1577 VerificationType::long2_type(),
1578 VerificationType::long_type(), CHECK_VERIFY(this));
1579 current_frame.push_stack(
1580 VerificationType::integer_type(), CHECK_VERIFY(this));
1581 no_control_flow = false; break;
1582 case Bytecodes::_fcmpl :
1583 case Bytecodes::_fcmpg :
1584 current_frame.pop_stack(
1585 VerificationType::float_type(), CHECK_VERIFY(this));
1586 current_frame.pop_stack(
1587 VerificationType::float_type(), CHECK_VERIFY(this));
1588 current_frame.push_stack(
1589 VerificationType::integer_type(), CHECK_VERIFY(this));
1590 no_control_flow = false; break;
1591 case Bytecodes::_dcmpl :
1592 case Bytecodes::_dcmpg :
1593 current_frame.pop_stack_2(
1594 VerificationType::double2_type(),
1595 VerificationType::double_type(), CHECK_VERIFY(this));
1596 current_frame.pop_stack_2(
1597 VerificationType::double2_type(),
1598 VerificationType::double_type(), CHECK_VERIFY(this));
1599 current_frame.push_stack(
1600 VerificationType::integer_type(), CHECK_VERIFY(this));
1601 no_control_flow = false; break;
1602 case Bytecodes::_if_icmpeq:
1603 case Bytecodes::_if_icmpne:
1604 case Bytecodes::_if_icmplt:
1605 case Bytecodes::_if_icmpge:
1606 case Bytecodes::_if_icmpgt:
1607 case Bytecodes::_if_icmple:
1608 current_frame.pop_stack(
1609 VerificationType::integer_type(), CHECK_VERIFY(this));
1610 // fall through
1611 case Bytecodes::_ifeq:
1612 case Bytecodes::_ifne:
1613 case Bytecodes::_iflt:
1614 case Bytecodes::_ifge:
1615 case Bytecodes::_ifgt:
1616 case Bytecodes::_ifle:
1617 current_frame.pop_stack(
1618 VerificationType::integer_type(), CHECK_VERIFY(this));
1619 target = bcs.dest();
1620 stackmap_table.check_jump_target(
1621 ¤t_frame, target, CHECK_VERIFY(this));
1622 no_control_flow = false; break;
1623 case Bytecodes::_if_acmpeq :
1624 case Bytecodes::_if_acmpne :
1625 current_frame.pop_stack(
1626 VerificationType::reference_check(), CHECK_VERIFY(this));
1627 // fall through
1628 case Bytecodes::_ifnull :
1629 case Bytecodes::_ifnonnull :
1630 current_frame.pop_stack(
1631 VerificationType::reference_check(), CHECK_VERIFY(this));
1632 target = bcs.dest();
1633 stackmap_table.check_jump_target
1634 (¤t_frame, target, CHECK_VERIFY(this));
1635 no_control_flow = false; break;
1636 case Bytecodes::_goto :
1637 target = bcs.dest();
1638 stackmap_table.check_jump_target(
1639 ¤t_frame, target, CHECK_VERIFY(this));
1640 no_control_flow = true; break;
1641 case Bytecodes::_goto_w :
1642 target = bcs.dest_w();
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, target, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_tableswitch :
1647 case Bytecodes::_lookupswitch :
1648 verify_switch(
1649 &bcs, code_length, code_data, ¤t_frame,
1650 &stackmap_table, CHECK_VERIFY(this));
1651 no_control_flow = true; break;
1652 case Bytecodes::_ireturn :
1653 type = current_frame.pop_stack(
1654 VerificationType::integer_type(), CHECK_VERIFY(this));
1655 verify_return_value(return_type, type, bci,
1656 ¤t_frame, CHECK_VERIFY(this));
1657 no_control_flow = true; break;
1658 case Bytecodes::_lreturn :
1659 type2 = current_frame.pop_stack(
1660 VerificationType::long2_type(), CHECK_VERIFY(this));
1661 type = current_frame.pop_stack(
1662 VerificationType::long_type(), CHECK_VERIFY(this));
1663 verify_return_value(return_type, type, bci,
1664 ¤t_frame, CHECK_VERIFY(this));
1665 no_control_flow = true; break;
1666 case Bytecodes::_freturn :
1667 type = current_frame.pop_stack(
1668 VerificationType::float_type(), CHECK_VERIFY(this));
1669 verify_return_value(return_type, type, bci,
1670 ¤t_frame, CHECK_VERIFY(this));
1671 no_control_flow = true; break;
1672 case Bytecodes::_dreturn :
1673 type2 = current_frame.pop_stack(
1674 VerificationType::double2_type(), CHECK_VERIFY(this));
1675 type = current_frame.pop_stack(
1676 VerificationType::double_type(), CHECK_VERIFY(this));
1677 verify_return_value(return_type, type, bci,
1678 ¤t_frame, CHECK_VERIFY(this));
1679 no_control_flow = true; break;
1680 case Bytecodes::_areturn :
1681 type = current_frame.pop_stack(
1682 VerificationType::reference_check(), CHECK_VERIFY(this));
1683 verify_return_value(return_type, type, bci,
1684 ¤t_frame, CHECK_VERIFY(this));
1685 no_control_flow = true; break;
1686 case Bytecodes::_vreturn :
1687 if (!vbytecodes_allowed) {
1688 class_format_error(
1689 "vreturn not supported by this class file version (%d.%d), class %s",
1690 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1691 return;
1692 }
1693 type = current_frame.pop_stack(
1694 VerificationType::valuetype_check(), CHECK_VERIFY(this));
1695 verify_return_value(return_type, type, bci,
1696 ¤t_frame, CHECK_VERIFY(this));
1697 no_control_flow = true; break;
1698 case Bytecodes::_return :
1699 if (return_type != VerificationType::bogus_type()) {
1700 verify_error(ErrorContext::bad_code(bci),
1701 "Method expects a return value");
1702 return;
1703 }
1704 // Make sure "this" has been initialized if current method is an
1705 // <init>.
1706 if (_method->name() == vmSymbols::object_initializer_name() &&
1707 current_frame.flag_this_uninit()) {
1708 verify_error(ErrorContext::bad_code(bci),
1709 "Constructor must call super() or this() "
1710 "before return");
1711 return;
1712 }
1713 no_control_flow = true; break;
1714 case Bytecodes::_getstatic :
1715 case Bytecodes::_putstatic :
1716 // pass TRUE, operand can be an array type for getstatic/putstatic.
1717 verify_field_instructions(
1718 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1719 no_control_flow = false; break;
1720 case Bytecodes::_getfield :
1721 case Bytecodes::_putfield :
1722 // pass FALSE, operand can't be an array type for getfield/putfield.
1723 verify_field_instructions(
1724 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1725 no_control_flow = false; break;
1726 case Bytecodes::_vwithfield :
1727 if (!vbytecodes_allowed) {
1728 class_format_error(
1729 "vwithfield not supported by this class file version (%d.%d), class %s",
1730 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1731 return;
1732 }
1733 verify_vwithfield(&bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1734 no_control_flow = false; break;
1735 case Bytecodes::_invokevirtual :
1736 case Bytecodes::_invokespecial :
1737 case Bytecodes::_invokestatic :
1738 verify_invoke_instructions(
1739 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1740 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1741 no_control_flow = false; break;
1742 case Bytecodes::_invokeinterface :
1743 case Bytecodes::_invokedynamic :
1744 verify_invoke_instructions(
1745 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1746 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1747 no_control_flow = false; break;
1748 case Bytecodes::_new :
1749 {
1750 index = bcs.get_index_u2();
1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752 VerificationType new_class_type =
1753 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
1754 if (!new_class_type.is_object()) {
1755 verify_error(ErrorContext::bad_type(bci,
1756 TypeOrigin::cp(index, new_class_type)),
1757 "Illegal new instruction");
1758 return;
1759 }
1760 type = VerificationType::uninitialized_type(bci);
1761 current_frame.push_stack(type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_vdefault :
1765 {
1766 if (!vbytecodes_allowed) {
1767 class_format_error(
1768 "vdefault not supported by this class file version (%d.%d), class %s",
1769 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1770 return;
1771 }
1772 index = bcs.get_index_u2();
1773 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this));
1774 VerificationType new_value_type =
1775 cp_index_to_valuetype(index, cp, CHECK_VERIFY(this));
1776 if (!new_value_type.is_valuetype()) {
1777 verify_error(ErrorContext::bad_type(bci,
1778 TypeOrigin::cp(index, new_value_type)),
1779 "Illegal vdefault instruction");
1780 return;
1781 }
1782 current_frame.push_stack(new_value_type, CHECK_VERIFY(this));
1783 no_control_flow = false; break;
1784 }
1785 case Bytecodes::_newarray :
1786 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1787 current_frame.pop_stack(
1788 VerificationType::integer_type(), CHECK_VERIFY(this));
1789 current_frame.push_stack(type, CHECK_VERIFY(this));
1790 no_control_flow = false; break;
1791 case Bytecodes::_anewarray :
1792 verify_anewarray(
1793 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1794 no_control_flow = false; break;
1795 case Bytecodes::_arraylength :
1796 type = current_frame.pop_stack(
1797 VerificationType::reference_check(), CHECK_VERIFY(this));
1798 if (!(type.is_null() || type.is_array())) {
1799 verify_error(ErrorContext::bad_type(
1800 bci, current_frame.stack_top_ctx()),
1801 bad_type_msg, "arraylength");
1802 }
1803 current_frame.push_stack(
1804 VerificationType::integer_type(), CHECK_VERIFY(this));
1805 no_control_flow = false; break;
1806 case Bytecodes::_checkcast :
1807 {
1808 index = bcs.get_index_u2();
1809 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1810 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1811 VerificationType klass_type = cp_index_to_reference_type(
1812 index, cp, CHECK_VERIFY(this));
1813 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1814 no_control_flow = false; break;
1815 }
1816 case Bytecodes::_instanceof : {
1817 index = bcs.get_index_u2();
1818 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1819 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1820 current_frame.push_stack(
1821 VerificationType::integer_type(), CHECK_VERIFY(this));
1822 no_control_flow = false; break;
1823 }
1824 case Bytecodes::_vbox : {
1825 if (!EnableMVT || !vbytecodes_allowed) {
1826 class_format_error(
1827 "vbox not supported by this class file version (%d.%d), class %s",
1828 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1829 return;
1830 }
1831 index = bcs.get_index_u2();
1832 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1833 current_frame.pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this));
1834 VerificationType klass_type = cp_index_to_reference_type(
1835 index, cp, CHECK_VERIFY(this));
1836 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1837 no_control_flow = false; break;
1838 }
1839 case Bytecodes::_vunbox : {
1840 if (!EnableMVT || !vbytecodes_allowed) {
1841 class_format_error(
1842 "vunbox not supported by this class file version (%d.%d), class %s",
1843 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1844 return;
1845 }
1846 index = bcs.get_index_u2();
1847 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this));
1848 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1849 VerificationType value_type = cp_index_to_valuetype(
1850 index, cp, CHECK_VERIFY(this));
1851 current_frame.push_stack(value_type, CHECK_VERIFY(this));
1852 no_control_flow = false; break;
1853 }
1854 case Bytecodes::_monitorenter :
1855 case Bytecodes::_monitorexit :
1856 current_frame.pop_stack(
1857 VerificationType::reference_check(), CHECK_VERIFY(this));
1858 no_control_flow = false; break;
1859 case Bytecodes::_multianewarray :
1860 {
1861 index = bcs.get_index_u2();
1862 u2 dim = *(bcs.bcp()+3);
1863 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this));
1864 VerificationType new_array_type =
1865 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
1866 if (!new_array_type.is_array()) {
1867 verify_error(ErrorContext::bad_type(bci,
1868 TypeOrigin::cp(index, new_array_type)),
1869 "Illegal constant pool index in multianewarray instruction");
1870 return;
1871 }
1872 if (dim < 1 || new_array_type.dimensions() < dim) {
1873 verify_error(ErrorContext::bad_code(bci),
1874 "Illegal dimension in multianewarray instruction: %d", dim);
1875 return;
1876 }
1877 for (int i = 0; i < dim; i++) {
1878 current_frame.pop_stack(
1879 VerificationType::integer_type(), CHECK_VERIFY(this));
1880 }
1881 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1882 no_control_flow = false; break;
1883 }
1884 case Bytecodes::_athrow :
1885 type = VerificationType::reference_type(
1886 vmSymbols::java_lang_Throwable());
1887 current_frame.pop_stack(type, CHECK_VERIFY(this));
1888 no_control_flow = true; break;
1889 default:
1890 // We only need to check the valid bytecodes in class file.
1891 // And jsr and ret are not in the new class file format in JDK1.5.
1892 verify_error(ErrorContext::bad_code(bci),
1893 "Bad instruction: %02x", opcode);
1894 no_control_flow = false;
1895 return;
1896 } // end switch
1897 } // end Merge with the next instruction
1898
1899 // Look for possible jump target in exception handlers and see if it matches
1900 // current_frame. Don't do this check if it has already been done (for
1901 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1902 // opcodes, such as invokespecial, may set the this_uninit flag.
1903 assert(!(verified_exc_handlers && this_uninit),
1904 "Exception handler targets got verified before this_uninit got set");
1905 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1906 if (was_recursively_verified()) return;
1907 verify_exception_handler_targets(
1908 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1909 }
1910 } // end while
1911
1912 // Make sure that control flow does not fall through end of the method
1913 if (!no_control_flow) {
1914 verify_error(ErrorContext::bad_code(code_length),
1915 "Control flow falls through code end");
1916 return;
1917 }
1918 }
1919
1920 #undef bad_type_message
1921
1922 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1923 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1924 memset(code_data, 0, sizeof(char) * code_length);
1925 RawBytecodeStream bcs(m);
1926
1927 while (!bcs.is_last_bytecode()) {
1928 if (bcs.raw_next() != Bytecodes::_illegal) {
1929 int bci = bcs.bci();
1930 if (bcs.raw_code() == Bytecodes::_new) {
1931 code_data[bci] = NEW_OFFSET;
1932 } else {
1933 code_data[bci] = BYTECODE_OFFSET;
1934 }
1935 } else {
1936 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1937 return NULL;
1938 }
1939 }
1940
1941 return code_data;
1942 }
1943
1944 // Since this method references the constant pool, call was_recursively_verified()
1945 // before calling this method to make sure a prior class load did not cause the
1946 // current class to get verified.
1947 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1948 ExceptionTable exhandlers(_method());
1949 int exlength = exhandlers.length();
1950 constantPoolHandle cp (THREAD, _method->constants());
1951
1952 for(int i = 0; i < exlength; i++) {
1953 u2 start_pc = exhandlers.start_pc(i);
1954 u2 end_pc = exhandlers.end_pc(i);
1955 u2 handler_pc = exhandlers.handler_pc(i);
1956 if (start_pc >= code_length || code_data[start_pc] == 0) {
1957 class_format_error("Illegal exception table start_pc %d", start_pc);
1958 return;
1959 }
1960 if (end_pc != code_length) { // special case: end_pc == code_length
1961 if (end_pc > code_length || code_data[end_pc] == 0) {
1962 class_format_error("Illegal exception table end_pc %d", end_pc);
1963 return;
1964 }
1965 }
1966 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1967 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1968 return;
1969 }
1970 int catch_type_index = exhandlers.catch_type_index(i);
1971 if (catch_type_index != 0) {
1972 VerificationType catch_type = cp_index_to_reference_type(
1973 catch_type_index, cp, CHECK_VERIFY(this));
1974 VerificationType throwable =
1975 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1976 bool is_subclass = throwable.is_assignable_from(
1977 catch_type, this, false, CHECK_VERIFY(this));
1978 if (!is_subclass) {
1979 // 4286534: should throw VerifyError according to recent spec change
1980 verify_error(ErrorContext::bad_type(handler_pc,
1981 TypeOrigin::cp(catch_type_index, catch_type),
1982 TypeOrigin::implicit(throwable)),
1983 "Catch type is not a subclass "
1984 "of Throwable in exception handler %d", handler_pc);
1985 return;
1986 }
1987 }
1988 if (start_pc < min) min = start_pc;
1989 if (end_pc > max) max = end_pc;
1990 }
1991 }
1992
1993 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1994 int localvariable_table_length = _method->localvariable_table_length();
1995 if (localvariable_table_length > 0) {
1996 LocalVariableTableElement* table = _method->localvariable_table_start();
1997 for (int i = 0; i < localvariable_table_length; i++) {
1998 u2 start_bci = table[i].start_bci;
1999 u2 length = table[i].length;
2000
2001 if (start_bci >= code_length || code_data[start_bci] == 0) {
2002 class_format_error(
2003 "Illegal local variable table start_pc %d", start_bci);
2004 return;
2005 }
2006 u4 end_bci = (u4)(start_bci + length);
2007 if (end_bci != code_length) {
2008 if (end_bci >= code_length || code_data[end_bci] == 0) {
2009 class_format_error( "Illegal local variable table length %d", length);
2010 return;
2011 }
2012 }
2013 }
2014 }
2015 }
2016
2017 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
2018 StackMapFrame* current_frame,
2019 StackMapTable* stackmap_table,
2020 bool no_control_flow, TRAPS) {
2021 if (stackmap_index < stackmap_table->get_frame_count()) {
2022 u2 this_offset = stackmap_table->get_offset(stackmap_index);
2023 if (no_control_flow && this_offset > bci) {
2024 verify_error(ErrorContext::missing_stackmap(bci),
2025 "Expecting a stack map frame");
2026 return 0;
2027 }
2028 if (this_offset == bci) {
2029 ErrorContext ctx;
2030 // See if current stack map can be assigned to the frame in table.
2031 // current_frame is the stackmap frame got from the last instruction.
2032 // If matched, current_frame will be updated by this method.
2033 bool matches = stackmap_table->match_stackmap(
2034 current_frame, this_offset, stackmap_index,
2035 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
2036 if (!matches) {
2037 // report type error
2038 verify_error(ctx, "Instruction type does not match stack map");
2039 return 0;
2040 }
2041 stackmap_index++;
2042 } else if (this_offset < bci) {
2043 // current_offset should have met this_offset.
2044 class_format_error("Bad stack map offset %d", this_offset);
2045 return 0;
2046 }
2047 } else if (no_control_flow) {
2048 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2049 return 0;
2050 }
2051 return stackmap_index;
2052 }
2053
2054 // Since this method references the constant pool, call was_recursively_verified()
2055 // before calling this method to make sure a prior class load did not cause the
2056 // current class to get verified.
2057 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2058 StackMapFrame* current_frame,
2059 StackMapTable* stackmap_table, TRAPS) {
2060 constantPoolHandle cp (THREAD, _method->constants());
2061 ExceptionTable exhandlers(_method());
2062 int exlength = exhandlers.length();
2063 for(int i = 0; i < exlength; i++) {
2064 u2 start_pc = exhandlers.start_pc(i);
2065 u2 end_pc = exhandlers.end_pc(i);
2066 u2 handler_pc = exhandlers.handler_pc(i);
2067 int catch_type_index = exhandlers.catch_type_index(i);
2068 if(bci >= start_pc && bci < end_pc) {
2069 u1 flags = current_frame->flags();
2070 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2071 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2072 if (catch_type_index != 0) {
2073 if (was_recursively_verified()) return;
2074 // We know that this index refers to a subclass of Throwable
2075 VerificationType catch_type = cp_index_to_reference_type(
2076 catch_type_index, cp, CHECK_VERIFY(this));
2077 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2078 } else {
2079 VerificationType throwable =
2080 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2081 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2082 }
2083 ErrorContext ctx;
2084 bool matches = stackmap_table->match_stackmap(
2085 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2086 if (!matches) {
2087 verify_error(ctx, "Stack map does not match the one at "
2088 "exception handler %d", handler_pc);
2089 return;
2090 }
2091 }
2092 }
2093 }
2094
2095 void ClassVerifier::verify_cp_index(
2096 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2097 int nconstants = cp->length();
2098 if ((index <= 0) || (index >= nconstants)) {
2099 verify_error(ErrorContext::bad_cp_index(bci, index),
2100 "Illegal constant pool index %d in class %s",
2101 index, cp->pool_holder()->external_name());
2102 return;
2103 }
2104 }
2105
2106 void ClassVerifier::verify_cp_type(
2107 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2108
2109 // In some situations, bytecode rewriting may occur while we're verifying.
2110 // In this case, a constant pool cache exists and some indices refer to that
2111 // instead. Be sure we don't pick up such indices by accident.
2112 // We must check was_recursively_verified() before we get here.
2113 guarantee(cp->cache() == NULL, "not rewritten yet");
2114
2115 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2116 unsigned int tag = cp->tag_at(index).value();
2117
2118 if (tag == JVM_CONSTANT_Value) {
2119 tag = SAFE_JVM_CONSTANT_Value; //avoid overflow
2120 }
2121
2122 if ((types & (1 << tag)) == 0) {
2123 verify_error(ErrorContext::bad_cp_index(bci, index),
2124 "Illegal type at constant pool entry %d in class %s",
2125 index, cp->pool_holder()->external_name());
2126 return;
2127 }
2128 }
2129
2130 void ClassVerifier::verify_cp_class_type(
2131 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2132 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2133 constantTag tag = cp->tag_at(index);
2134 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2135 verify_error(ErrorContext::bad_cp_index(bci, index),
2136 "Illegal type at constant pool entry %d in class %s",
2137 index, cp->pool_holder()->external_name());
2138 return;
2139 }
2140 }
2141
2142 void ClassVerifier::verify_cp_value_type(
2143 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2144 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2145 constantTag tag = cp->tag_at(index);
2146 if (!tag.is_value_type() && !tag.is_unresolved_value_type()) {
2147 verify_error(ErrorContext::bad_cp_index(bci, index),
2148 "Illegal type at constant pool entry %d in class %s",
2149 index, cp->pool_holder()->external_name());
2150 return;
2151 }
2152 }
2153
2154 // Used for MVT value type overloaded bytecodes (anewarray, getfield, multianewarray)
2155 void ClassVerifier::verify_cp_class_or_value_type(
2156 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2157 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2158 constantTag tag = cp->tag_at(index);
2159 if (!tag.is_klass() && !tag.is_unresolved_klass() &&
2160 !tag.is_value_type() && !tag.is_unresolved_value_type()) {
2161 verify_error(ErrorContext::bad_cp_index(bci, index),
2162 "Illegal type at constant pool entry %d in class %s",
2163 index, cp->pool_holder()->external_name());
2164 return;
2165 }
2166 }
2167
2168 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2169 stringStream ss;
2170
2171 ctx.reset_frames();
2172 _exception_type = vmSymbols::java_lang_VerifyError();
2173 _error_context = ctx;
2174 va_list va;
2175 va_start(va, msg);
2176 ss.vprint(msg, va);
2177 va_end(va);
2178 _message = ss.as_string();
2179 #ifdef ASSERT
2180 ResourceMark rm;
2181 const char* exception_name = _exception_type->as_C_string();
2182 Exceptions::debug_check_abort(exception_name, NULL);
2183 #endif // ndef ASSERT
2184 }
2185
2186 void ClassVerifier::class_format_error(const char* msg, ...) {
2187 stringStream ss;
2188 _exception_type = vmSymbols::java_lang_ClassFormatError();
2189 va_list va;
2190 va_start(va, msg);
2191 ss.vprint(msg, va);
2192 va_end(va);
2193 if (!_method.is_null()) {
2194 ss.print(" in method %s", _method->name_and_sig_as_C_string());
2195 }
2196 _message = ss.as_string();
2197 }
2198
2199 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2200 HandleMark hm(THREAD);
2201 // Get current loader and protection domain first.
2202 oop loader = current_class()->class_loader();
2203 oop protection_domain = current_class()->protection_domain();
2204
2205 Klass* kls = SystemDictionary::resolve_or_fail(
2206 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2207 true, THREAD);
2208
2209 if (log_is_enabled(Debug, class, resolve)) {
2210 InstanceKlass* cur_class = InstanceKlass::cast(current_class());
2211 Verifier::trace_class_resolution(kls, cur_class);
2212 }
2213 return kls;
2214 }
2215
2216 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2217 Klass* target_class,
2218 Symbol* field_name,
2219 Symbol* field_sig,
2220 bool is_method) {
2221 NoSafepointVerifier nosafepoint;
2222
2223 // If target class isn't a super class of this class, we don't worry about this case
2224 if (!this_class->is_subclass_of(target_class)) {
2225 return false;
2226 }
2227 // Check if the specified method or field is protected
2228 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2229 fieldDescriptor fd;
2230 if (is_method) {
2231 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
2232 if (m != NULL && m->is_protected()) {
2233 if (!this_class->is_same_class_package(m->method_holder())) {
2234 return true;
2235 }
2236 }
2237 } else {
2238 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2239 if (member_klass != NULL && fd.is_protected()) {
2240 if (!this_class->is_same_class_package(member_klass)) {
2241 return true;
2242 }
2243 }
2244 }
2245 return false;
2246 }
2247
2248 void ClassVerifier::verify_ldc(
2249 int opcode, u2 index, StackMapFrame* current_frame,
2250 const constantPoolHandle& cp, u2 bci, TRAPS) {
2251 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2252 constantTag tag = cp->tag_at(index);
2253 unsigned int types;
2254 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2255 if (!tag.is_unresolved_klass() && !tag.is_unresolved_value_type()) {
2256 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2257 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2258 | (1 << SAFE_JVM_CONSTANT_Value)
2259 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
2260 // Note: The class file parser already verified the legality of
2261 // MethodHandle and MethodType constants.
2262 // Note: SAFE_JVM_CONSTANT_Value is used instead of JVM_CONSTANT_Value
2263 // since JVM_CONSTANT_Value is an internally defined CP tag that is
2264 // defined with a large value. When shifting left JVM_CONSTANT_Value
2265 // would overrun the width of types.
2266 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2267 }
2268 } else {
2269 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2270 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
2271 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2272 }
2273 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2274 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2275 } else if (tag.is_string()) {
2276 current_frame->push_stack(
2277 VerificationType::reference_type(
2278 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2279 } else if (tag.is_klass() || tag.is_unresolved_klass() ||
2280 tag.is_value_type() || tag.is_unresolved_value_type()) {
2281 current_frame->push_stack(
2282 VerificationType::reference_type(
2283 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2284 } else if (tag.is_int()) {
2285 current_frame->push_stack(
2286 VerificationType::integer_type(), CHECK_VERIFY(this));
2287 } else if (tag.is_float()) {
2288 current_frame->push_stack(
2289 VerificationType::float_type(), CHECK_VERIFY(this));
2290 } else if (tag.is_double()) {
2291 current_frame->push_stack_2(
2292 VerificationType::double_type(),
2293 VerificationType::double2_type(), CHECK_VERIFY(this));
2294 } else if (tag.is_long()) {
2295 current_frame->push_stack_2(
2296 VerificationType::long_type(),
2297 VerificationType::long2_type(), CHECK_VERIFY(this));
2298 } else if (tag.is_method_handle()) {
2299 current_frame->push_stack(
2300 VerificationType::reference_type(
2301 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2302 } else if (tag.is_method_type()) {
2303 current_frame->push_stack(
2304 VerificationType::reference_type(
2305 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2306 } else {
2307 /* Unreachable? verify_cp_type has already validated the cp type. */
2308 verify_error(
2309 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2310 return;
2311 }
2312 }
2313
2314 void ClassVerifier::verify_switch(
2315 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2316 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2317 int bci = bcs->bci();
2318 address bcp = bcs->bcp();
2319 address aligned_bcp = align_up(bcp + 1, jintSize);
2320
2321 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2322 // 4639449 & 4647081: padding bytes must be 0
2323 u2 padding_offset = 1;
2324 while ((bcp + padding_offset) < aligned_bcp) {
2325 if(*(bcp + padding_offset) != 0) {
2326 verify_error(ErrorContext::bad_code(bci),
2327 "Nonzero padding byte in lookupswitch or tableswitch");
2328 return;
2329 }
2330 padding_offset++;
2331 }
2332 }
2333
2334 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2335 int keys, delta;
2336 current_frame->pop_stack(
2337 VerificationType::integer_type(), CHECK_VERIFY(this));
2338 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2339 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2340 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2341 if (low > high) {
2342 verify_error(ErrorContext::bad_code(bci),
2343 "low must be less than or equal to high in tableswitch");
2344 return;
2345 }
2346 keys = high - low + 1;
2347 if (keys < 0) {
2348 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2349 return;
2350 }
2351 delta = 1;
2352 } else {
2353 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2354 if (keys < 0) {
2355 verify_error(ErrorContext::bad_code(bci),
2356 "number of keys in lookupswitch less than 0");
2357 return;
2358 }
2359 delta = 2;
2360 // Make sure that the lookupswitch items are sorted
2361 for (int i = 0; i < (keys - 1); i++) {
2362 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2363 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2364 if (this_key >= next_key) {
2365 verify_error(ErrorContext::bad_code(bci),
2366 "Bad lookupswitch instruction");
2367 return;
2368 }
2369 }
2370 }
2371 int target = bci + default_offset;
2372 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2373 for (int i = 0; i < keys; i++) {
2374 // Because check_jump_target() may safepoint, the bytecode could have
2375 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2376 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2377 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2378 stackmap_table->check_jump_target(
2379 current_frame, target, CHECK_VERIFY(this));
2380 }
2381 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2382 }
2383
2384 bool ClassVerifier::name_in_supers(
2385 Symbol* ref_name, InstanceKlass* current) {
2386 Klass* super = current->super();
2387 while (super != NULL) {
2388 if (super->name() == ref_name) {
2389 return true;
2390 }
2391 super = super->super();
2392 }
2393 return false;
2394 }
2395
2396 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2397 StackMapFrame* current_frame,
2398 const constantPoolHandle& cp,
2399 bool allow_arrays,
2400 TRAPS) {
2401 u2 index = bcs->get_index_u2();
2402 verify_cp_type(bcs->bci(), index, cp,
2403 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2404
2405 // Get field name and signature
2406 Symbol* field_name = cp->name_ref_at(index);
2407 Symbol* field_sig = cp->signature_ref_at(index);
2408
2409 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2410 class_format_error(
2411 "Invalid signature for field in class %s referenced "
2412 "from constant pool index %d", _klass->external_name(), index);
2413 return;
2414 }
2415
2416 // Get referenced class or value type
2417 constantTag field_class_tag = cp->tag_at(cp->klass_ref_index_at(index));
2418 VerificationType ref_class_type;
2419
2420 // getfield is overloaded to allow for either a reference or value type
2421 if (bcs->raw_code() == Bytecodes::_getfield &&
2422 (EnableMVT || EnableValhalla) &&
2423 (field_class_tag.is_value_type() || field_class_tag.is_unresolved_value_type())) {
2424 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this));
2425 if (!ref_class_type.is_valuetype()) {
2426 verify_error(ErrorContext::bad_type(bcs->bci(),
2427 TypeOrigin::cp(index, ref_class_type)),
2428 "Expecting reference to value type in class %s at constant pool index %d",
2429 _klass->external_name(), index);
2430 return;
2431 }
2432 } else {
2433 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2434 if (!ref_class_type.is_object() &&
2435 (!allow_arrays || !ref_class_type.is_array())) {
2436 verify_error(ErrorContext::bad_type(bcs->bci(),
2437 TypeOrigin::cp(index, ref_class_type)),
2438 "Expecting reference to class in class %s at constant pool index %d",
2439 _klass->external_name(), index);
2440 return;
2441 }
2442 }
2443
2444 VerificationType target_class_type = ref_class_type;
2445
2446 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2447 "buffer type must match VerificationType size");
2448 uintptr_t field_type_buffer[2];
2449 VerificationType* field_type = (VerificationType*)field_type_buffer;
2450 // If we make a VerificationType[2] array directly, the compiler calls
2451 // to the c-runtime library to do the allocation instead of just
2452 // stack allocating it. Plus it would run constructors. This shows up
2453 // in performance profiles.
2454
2455 SignatureStream sig_stream(field_sig, false);
2456 VerificationType stack_object_type;
2457 int n = change_sig_to_verificationType(
2458 &sig_stream, field_type, CHECK_VERIFY(this));
2459 u2 bci = bcs->bci();
2460 bool is_assignable;
2461 switch (bcs->raw_code()) {
2462 case Bytecodes::_getstatic: {
2463 for (int i = 0; i < n; i++) {
2464 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2465 }
2466 break;
2467 }
2468 case Bytecodes::_putstatic: {
2469 for (int i = n - 1; i >= 0; i--) {
2470 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2471 }
2472 break;
2473 }
2474 case Bytecodes::_getfield: {
2475 stack_object_type = current_frame->pop_stack(
2476 target_class_type, CHECK_VERIFY(this));
2477 for (int i = 0; i < n; i++) {
2478 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2479 }
2480 goto check_protected;
2481 }
2482 case Bytecodes::_putfield: {
2483 for (int i = n - 1; i >= 0; i--) {
2484 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2485 }
2486 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2487
2488 // The JVMS 2nd edition allows field initialization before the superclass
2489 // initializer, if the field is defined within the current class.
2490 fieldDescriptor fd;
2491 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2492 target_class_type.equals(current_type()) &&
2493 _klass->find_local_field(field_name, field_sig, &fd)) {
2494 stack_object_type = current_type();
2495 }
2496 is_assignable = target_class_type.is_assignable_from(
2497 stack_object_type, this, false, CHECK_VERIFY(this));
2498 if (!is_assignable) {
2499 verify_error(ErrorContext::bad_type(bci,
2500 current_frame->stack_top_ctx(),
2501 TypeOrigin::cp(index, target_class_type)),
2502 "Bad type on operand stack in putfield");
2503 return;
2504 }
2505 }
2506 check_protected: {
2507 if (_this_type == stack_object_type)
2508 break; // stack_object_type must be assignable to _current_class_type
2509 if (was_recursively_verified()) return;
2510 Symbol* ref_class_name =
2511 cp->klass_name_at(cp->klass_ref_index_at(index));
2512 if (!name_in_supers(ref_class_name, current_class()))
2513 // stack_object_type must be assignable to _current_class_type since:
2514 // 1. stack_object_type must be assignable to ref_class.
2515 // 2. ref_class must be _current_class or a subclass of it. It can't
2516 // be a superclass of it. See revised JVMS 5.4.4.
2517 break;
2518
2519 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2520 if (is_protected_access(current_class(), ref_class_oop, field_name,
2521 field_sig, false)) {
2522 // It's protected access, check if stack object is assignable to
2523 // current class.
2524 is_assignable = current_type().is_assignable_from(
2525 stack_object_type, this, true, CHECK_VERIFY(this));
2526 if (!is_assignable) {
2527 verify_error(ErrorContext::bad_type(bci,
2528 current_frame->stack_top_ctx(),
2529 TypeOrigin::implicit(current_type())),
2530 "Bad access to protected data in getfield");
2531 return;
2532 }
2533 }
2534 break;
2535 }
2536 default: ShouldNotReachHere();
2537 }
2538 }
2539
2540 void ClassVerifier::verify_vwithfield(RawBytecodeStream* bcs,
2541 StackMapFrame* current_frame,
2542 const constantPoolHandle& cp,
2543 TRAPS) {
2544 u2 index = bcs->get_index_u2();
2545 verify_cp_type(bcs->bci(), index, cp,
2546 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2547
2548 // Get field name and signature
2549 Symbol* field_name = cp->name_ref_at(index);
2550 Symbol* field_sig = cp->signature_ref_at(index);
2551
2552 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2553 class_format_error(
2554 "Invalid signature for field in value type %s referenced "
2555 "from constant pool index %d", _klass->external_name(), index);
2556 return;
2557 }
2558
2559 // Check referenced value type
2560 VerificationType ref_value_type = cp_value_index_to_type(
2561 index, cp, CHECK_VERIFY(this));
2562 if (!ref_value_type.is_valuetype()) {
2563 verify_error(ErrorContext::bad_type(bcs->bci(),
2564 TypeOrigin::cp(index, ref_value_type)),
2565 "Expecting reference to value type in class %s at constant pool index %d",
2566 _klass->external_name(), index);
2567 return;
2568 }
2569 VerificationType target_value_type = ref_value_type;
2570
2571 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2572 "buffer type must match VerificationType size");
2573 uintptr_t field_type_buffer[2];
2574 VerificationType* field_type = (VerificationType*)field_type_buffer;
2575 // If we make a VerificationType[2] array directly, the compiler calls
2576 // to the c-runtime library to do the allocation instead of just
2577 // stack allocating it. Plus it would run constructors. This shows up
2578 // in performance profiles.
2579
2580 SignatureStream sig_stream(field_sig, false);
2581 int n = change_sig_to_verificationType(
2582 &sig_stream, field_type, CHECK_VERIFY(this));
2583 u2 bci = bcs->bci();
2584
2585 // The type of value2 must be compatible with the descriptor of the referenced field.
2586 // n could be 2 if it is a double or long.
2587 for (int i = n - 1; i >= 0; i--) {
2588 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2589 }
2590
2591 // The type of value1 must be the direct value class type appearing in the field reference.
2592 VerificationType stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2593
2594 bool is_assignable = target_value_type.is_assignable_from(
2595 stack_object_type, this, false, CHECK_VERIFY(this));
2596 if (!is_assignable) {
2597 verify_error(ErrorContext::bad_type(bci,
2598 current_frame->stack_top_ctx(),
2599 TypeOrigin::cp(index, target_value_type)),
2600 "Bad type on operand stack in vwithfield");
2601 return;
2602 }
2603
2604 // The derived value class instance from another, modifying a field
2605 current_frame->push_stack(stack_object_type, CHECK_VERIFY(this));
2606 }
2607
2608 // Look at the method's handlers. If the bci is in the handler's try block
2609 // then check if the handler_pc is already on the stack. If not, push it
2610 // unless the handler has already been scanned.
2611 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2612 GrowableArray<u4>* handler_list,
2613 GrowableArray<u4>* handler_stack,
2614 u4 bci) {
2615 int exlength = exhandlers->length();
2616 for(int x = 0; x < exlength; x++) {
2617 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2618 u4 exhandler_pc = exhandlers->handler_pc(x);
2619 if (!handler_list->contains(exhandler_pc)) {
2620 handler_stack->append_if_missing(exhandler_pc);
2621 handler_list->append(exhandler_pc);
2622 }
2623 }
2624 }
2625 }
2626
2627 // Return TRUE if all code paths starting with start_bc_offset end in
2628 // bytecode athrow or loop.
2629 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2630 ResourceMark rm;
2631 // Create bytecode stream.
2632 RawBytecodeStream bcs(method());
2633 u4 code_length = method()->code_size();
2634 bcs.set_start(start_bc_offset);
2635 u4 target;
2636 // Create stack for storing bytecode start offsets for if* and *switch.
2637 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2638 // Create stack for handlers for try blocks containing this handler.
2639 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2640 // Create list of handlers that have been pushed onto the handler_stack
2641 // so that handlers embedded inside of their own TRY blocks only get
2642 // scanned once.
2643 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2644 // Create list of visited branch opcodes (goto* and if*).
2645 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2646 ExceptionTable exhandlers(_method());
2647
2648 while (true) {
2649 if (bcs.is_last_bytecode()) {
2650 // if no more starting offsets to parse or if at the end of the
2651 // method then return false.
2652 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2653 return false;
2654 // Pop a bytecode starting offset and scan from there.
2655 bcs.set_start(bci_stack->pop());
2656 }
2657 Bytecodes::Code opcode = bcs.raw_next();
2658 u4 bci = bcs.bci();
2659
2660 // If the bytecode is in a TRY block, push its handlers so they
2661 // will get parsed.
2662 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2663
2664 switch (opcode) {
2665 case Bytecodes::_if_icmpeq:
2666 case Bytecodes::_if_icmpne:
2667 case Bytecodes::_if_icmplt:
2668 case Bytecodes::_if_icmpge:
2669 case Bytecodes::_if_icmpgt:
2670 case Bytecodes::_if_icmple:
2671 case Bytecodes::_ifeq:
2672 case Bytecodes::_ifne:
2673 case Bytecodes::_iflt:
2674 case Bytecodes::_ifge:
2675 case Bytecodes::_ifgt:
2676 case Bytecodes::_ifle:
2677 case Bytecodes::_if_acmpeq:
2678 case Bytecodes::_if_acmpne:
2679 case Bytecodes::_ifnull:
2680 case Bytecodes::_ifnonnull:
2681 target = bcs.dest();
2682 if (visited_branches->contains(bci)) {
2683 if (bci_stack->is_empty()) {
2684 if (handler_stack->is_empty()) {
2685 return true;
2686 } else {
2687 // Parse the catch handlers for try blocks containing athrow.
2688 bcs.set_start(handler_stack->pop());
2689 }
2690 } else {
2691 // Pop a bytecode starting offset and scan from there.
2692 bcs.set_start(bci_stack->pop());
2693 }
2694 } else {
2695 if (target > bci) { // forward branch
2696 if (target >= code_length) return false;
2697 // Push the branch target onto the stack.
2698 bci_stack->push(target);
2699 // then, scan bytecodes starting with next.
2700 bcs.set_start(bcs.next_bci());
2701 } else { // backward branch
2702 // Push bytecode offset following backward branch onto the stack.
2703 bci_stack->push(bcs.next_bci());
2704 // Check bytecodes starting with branch target.
2705 bcs.set_start(target);
2706 }
2707 // Record target so we don't branch here again.
2708 visited_branches->append(bci);
2709 }
2710 break;
2711
2712 case Bytecodes::_goto:
2713 case Bytecodes::_goto_w:
2714 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2715 if (visited_branches->contains(bci)) {
2716 if (bci_stack->is_empty()) {
2717 if (handler_stack->is_empty()) {
2718 return true;
2719 } else {
2720 // Parse the catch handlers for try blocks containing athrow.
2721 bcs.set_start(handler_stack->pop());
2722 }
2723 } else {
2724 // Been here before, pop new starting offset from stack.
2725 bcs.set_start(bci_stack->pop());
2726 }
2727 } else {
2728 if (target >= code_length) return false;
2729 // Continue scanning from the target onward.
2730 bcs.set_start(target);
2731 // Record target so we don't branch here again.
2732 visited_branches->append(bci);
2733 }
2734 break;
2735
2736 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2737 // is difficult to determine where each switch alternative ends, parse
2738 // each switch alternative until either hit a 'return', 'athrow', or reach
2739 // the end of the method's bytecodes. This is gross but should be okay
2740 // because:
2741 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2742 // constructor invocations should be rare.
2743 // 2. if each switch alternative ends in an athrow then the parsing should be
2744 // short. If there is no athrow then it is bogus code, anyway.
2745 case Bytecodes::_lookupswitch:
2746 case Bytecodes::_tableswitch:
2747 {
2748 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2749 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2750 int keys, delta;
2751 if (opcode == Bytecodes::_tableswitch) {
2752 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2753 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2754 // This is invalid, but let the regular bytecode verifier
2755 // report this because the user will get a better error message.
2756 if (low > high) return true;
2757 keys = high - low + 1;
2758 delta = 1;
2759 } else {
2760 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2761 delta = 2;
2762 }
2763 // Invalid, let the regular bytecode verifier deal with it.
2764 if (keys < 0) return true;
2765
2766 // Push the offset of the next bytecode onto the stack.
2767 bci_stack->push(bcs.next_bci());
2768
2769 // Push the switch alternatives onto the stack.
2770 for (int i = 0; i < keys; i++) {
2771 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2772 if (target > code_length) return false;
2773 bci_stack->push(target);
2774 }
2775
2776 // Start bytecode parsing for the switch at the default alternative.
2777 if (default_offset > code_length) return false;
2778 bcs.set_start(default_offset);
2779 break;
2780 }
2781
2782 case Bytecodes::_return:
2783 return false;
2784
2785 case Bytecodes::_athrow:
2786 {
2787 if (bci_stack->is_empty()) {
2788 if (handler_stack->is_empty()) {
2789 return true;
2790 } else {
2791 // Parse the catch handlers for try blocks containing athrow.
2792 bcs.set_start(handler_stack->pop());
2793 }
2794 } else {
2795 // Pop a bytecode offset and starting scanning from there.
2796 bcs.set_start(bci_stack->pop());
2797 }
2798 }
2799 break;
2800
2801 default:
2802 ;
2803 } // end switch
2804 } // end while loop
2805
2806 return false;
2807 }
2808
2809 void ClassVerifier::verify_invoke_init(
2810 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2811 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2812 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2813 TRAPS) {
2814 u2 bci = bcs->bci();
2815 VerificationType type = current_frame->pop_stack(
2816 VerificationType::reference_check(), CHECK_VERIFY(this));
2817 if (type == VerificationType::uninitialized_this_type()) {
2818 // The method must be an <init> method of this class or its superclass
2819 Klass* superk = current_class()->super();
2820 if (ref_class_type.name() != current_class()->name() &&
2821 ref_class_type.name() != superk->name()) {
2822 verify_error(ErrorContext::bad_type(bci,
2823 TypeOrigin::implicit(ref_class_type),
2824 TypeOrigin::implicit(current_type())),
2825 "Bad <init> method call");
2826 return;
2827 }
2828
2829 // If this invokespecial call is done from inside of a TRY block then make
2830 // sure that all catch clause paths end in a throw. Otherwise, this can
2831 // result in returning an incomplete object.
2832 if (in_try_block) {
2833 ExceptionTable exhandlers(_method());
2834 int exlength = exhandlers.length();
2835 for(int i = 0; i < exlength; i++) {
2836 u2 start_pc = exhandlers.start_pc(i);
2837 u2 end_pc = exhandlers.end_pc(i);
2838
2839 if (bci >= start_pc && bci < end_pc) {
2840 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2841 verify_error(ErrorContext::bad_code(bci),
2842 "Bad <init> method call from after the start of a try block");
2843 return;
2844 } else if (log_is_enabled(Info, verification)) {
2845 ResourceMark rm(THREAD);
2846 log_info(verification)("Survived call to ends_in_athrow(): %s",
2847 current_class()->name()->as_C_string());
2848 }
2849 }
2850 }
2851
2852 // Check the exception handler target stackmaps with the locals from the
2853 // incoming stackmap (before initialize_object() changes them to outgoing
2854 // state).
2855 if (was_recursively_verified()) return;
2856 verify_exception_handler_targets(bci, true, current_frame,
2857 stackmap_table, CHECK_VERIFY(this));
2858 } // in_try_block
2859
2860 current_frame->initialize_object(type, current_type());
2861 *this_uninit = true;
2862 } else if (type.is_uninitialized()) {
2863 u2 new_offset = type.bci();
2864 address new_bcp = bcs->bcp() - bci + new_offset;
2865 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2866 /* Unreachable? Stack map parsing ensures valid type and new
2867 * instructions have a valid BCI. */
2868 verify_error(ErrorContext::bad_code(new_offset),
2869 "Expecting new instruction");
2870 return;
2871 }
2872 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2873 if (was_recursively_verified()) return;
2874 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2875
2876 // The method must be an <init> method of the indicated class
2877 VerificationType new_class_type = cp_index_to_reference_type(
2878 new_class_index, cp, CHECK_VERIFY(this));
2879 if (!new_class_type.equals(ref_class_type)) {
2880 verify_error(ErrorContext::bad_type(bci,
2881 TypeOrigin::cp(new_class_index, new_class_type),
2882 TypeOrigin::cp(ref_class_index, ref_class_type)),
2883 "Call to wrong <init> method");
2884 return;
2885 }
2886 // According to the VM spec, if the referent class is a superclass of the
2887 // current class, and is in a different runtime package, and the method is
2888 // protected, then the objectref must be the current class or a subclass
2889 // of the current class.
2890 VerificationType objectref_type = new_class_type;
2891 if (name_in_supers(ref_class_type.name(), current_class())) {
2892 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2893 if (was_recursively_verified()) return;
2894 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2895 vmSymbols::object_initializer_name(),
2896 cp->signature_ref_at(bcs->get_index_u2()),
2897 Klass::find_overpass);
2898 // Do nothing if method is not found. Let resolution detect the error.
2899 if (m != NULL) {
2900 InstanceKlass* mh = m->method_holder();
2901 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2902 bool assignable = current_type().is_assignable_from(
2903 objectref_type, this, true, CHECK_VERIFY(this));
2904 if (!assignable) {
2905 verify_error(ErrorContext::bad_type(bci,
2906 TypeOrigin::cp(new_class_index, objectref_type),
2907 TypeOrigin::implicit(current_type())),
2908 "Bad access to protected <init> method");
2909 return;
2910 }
2911 }
2912 }
2913 }
2914 // Check the exception handler target stackmaps with the locals from the
2915 // incoming stackmap (before initialize_object() changes them to outgoing
2916 // state).
2917 if (in_try_block) {
2918 if (was_recursively_verified()) return;
2919 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2920 stackmap_table, CHECK_VERIFY(this));
2921 }
2922 current_frame->initialize_object(type, new_class_type);
2923 } else {
2924 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2925 "Bad operand type when invoking <init>");
2926 return;
2927 }
2928 }
2929
2930 bool ClassVerifier::is_same_or_direct_interface(
2931 InstanceKlass* klass,
2932 VerificationType klass_type,
2933 VerificationType ref_class_type) {
2934 if (ref_class_type.equals(klass_type)) return true;
2935 Array<Klass*>* local_interfaces = klass->local_interfaces();
2936 if (local_interfaces != NULL) {
2937 for (int x = 0; x < local_interfaces->length(); x++) {
2938 Klass* k = local_interfaces->at(x);
2939 assert (k != NULL && k->is_interface(), "invalid interface");
2940 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2941 return true;
2942 }
2943 }
2944 }
2945 return false;
2946 }
2947
2948 void ClassVerifier::verify_invoke_instructions(
2949 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2950 bool in_try_block, bool *this_uninit, VerificationType return_type,
2951 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2952 // Make sure the constant pool item is the right type
2953 u2 index = bcs->get_index_u2();
2954 Bytecodes::Code opcode = bcs->raw_code();
2955 unsigned int types;
2956 switch (opcode) {
2957 case Bytecodes::_invokeinterface:
2958 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2959 break;
2960 case Bytecodes::_invokedynamic:
2961 types = 1 << JVM_CONSTANT_InvokeDynamic;
2962 break;
2963 case Bytecodes::_invokespecial:
2964 case Bytecodes::_invokestatic:
2965 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2966 (1 << JVM_CONSTANT_Methodref) :
2967 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2968 break;
2969 default:
2970 types = 1 << JVM_CONSTANT_Methodref;
2971 }
2972 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2973
2974 // Get method name and signature
2975 Symbol* method_name = cp->name_ref_at(index);
2976 Symbol* method_sig = cp->signature_ref_at(index);
2977
2978 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2979 class_format_error(
2980 "Invalid method signature in class %s referenced "
2981 "from constant pool index %d", _klass->external_name(), index);
2982 return;
2983 }
2984
2985 // Get referenced class or value type
2986 VerificationType ref_class_type;
2987 if (opcode == Bytecodes::_invokedynamic) {
2988 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2989 class_format_error(
2990 "invokedynamic instructions not supported by this class file version (%d), class %s",
2991 _klass->major_version(), _klass->external_name());
2992 return;
2993 }
2994 } else {
2995 constantTag method_class_tag = cp->tag_at(cp->klass_ref_index_at(index));
2996 if (EnableValhalla &&
2997 opcode == Bytecodes::_invokevirtual &&
2998 (method_class_tag.is_value_type() || method_class_tag.is_unresolved_value_type())) {
2999 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this));
3000 } else {
3001 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
3002 }
3003 }
3004
3005 // For a small signature length, we just allocate 128 bytes instead
3006 // of parsing the signature once to find its size.
3007 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
3008 // longs/doubles to be consertive.
3009 assert(sizeof(VerificationType) == sizeof(uintptr_t),
3010 "buffer type must match VerificationType size");
3011 uintptr_t on_stack_sig_types_buffer[128];
3012 // If we make a VerificationType[128] array directly, the compiler calls
3013 // to the c-runtime library to do the allocation instead of just
3014 // stack allocating it. Plus it would run constructors. This shows up
3015 // in performance profiles.
3016
3017 VerificationType* sig_types;
3018 int size = (method_sig->utf8_length() - 3) * 2;
3019 if (size > 128) {
3020 // Long and double occupies two slots here.
3021 ArgumentSizeComputer size_it(method_sig);
3022 size = size_it.size();
3023 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
3024 } else{
3025 sig_types = (VerificationType*)on_stack_sig_types_buffer;
3026 }
3027 SignatureStream sig_stream(method_sig);
3028 int sig_i = 0;
3029 while (!sig_stream.at_return_type()) {
3030 sig_i += change_sig_to_verificationType(
3031 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
3032 sig_stream.next();
3033 }
3034 int nargs = sig_i;
3035
3036 #ifdef ASSERT
3037 {
3038 ArgumentSizeComputer size_it(method_sig);
3039 assert(nargs == size_it.size(), "Argument sizes do not match");
3040 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
3041 }
3042 #endif
3043
3044 // Check instruction operands
3045 u2 bci = bcs->bci();
3046 if (opcode == Bytecodes::_invokeinterface) {
3047 address bcp = bcs->bcp();
3048 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
3049 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
3050 // the difference between the size of the operand stack before and after the instruction
3051 // executes.
3052 if (*(bcp+3) != (nargs+1)) {
3053 verify_error(ErrorContext::bad_code(bci),
3054 "Inconsistent args count operand in invokeinterface");
3055 return;
3056 }
3057 if (*(bcp+4) != 0) {
3058 verify_error(ErrorContext::bad_code(bci),
3059 "Fourth operand byte of invokeinterface must be zero");
3060 return;
3061 }
3062 }
3063
3064 if (opcode == Bytecodes::_invokedynamic) {
3065 address bcp = bcs->bcp();
3066 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
3067 verify_error(ErrorContext::bad_code(bci),
3068 "Third and fourth operand bytes of invokedynamic must be zero");
3069 return;
3070 }
3071 }
3072
3073 if (method_name->byte_at(0) == '<') {
3074 // Make sure <init> can only be invoked by invokespecial
3075 if (opcode != Bytecodes::_invokespecial ||
3076 method_name != vmSymbols::object_initializer_name()) {
3077 verify_error(ErrorContext::bad_code(bci),
3078 "Illegal call to internal method");
3079 return;
3080 }
3081 } else if (opcode == Bytecodes::_invokespecial
3082 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
3083 && !ref_class_type.equals(VerificationType::reference_type(
3084 current_class()->super()->name()))) {
3085 bool subtype = false;
3086 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
3087 if (!current_class()->is_anonymous()) {
3088 subtype = ref_class_type.is_assignable_from(
3089 current_type(), this, false, CHECK_VERIFY(this));
3090 } else {
3091 VerificationType host_klass_type =
3092 VerificationType::reference_type(current_class()->host_klass()->name());
3093 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
3094
3095 // If invokespecial of IMR, need to recheck for same or
3096 // direct interface relative to the host class
3097 have_imr_indirect = (have_imr_indirect &&
3098 !is_same_or_direct_interface(
3099 current_class()->host_klass(),
3100 host_klass_type, ref_class_type));
3101 }
3102 if (!subtype) {
3103 verify_error(ErrorContext::bad_code(bci),
3104 "Bad invokespecial instruction: "
3105 "current class isn't assignable to reference class.");
3106 return;
3107 } else if (have_imr_indirect) {
3108 verify_error(ErrorContext::bad_code(bci),
3109 "Bad invokespecial instruction: "
3110 "interface method reference is in an indirect superinterface.");
3111 return;
3112 }
3113
3114 }
3115 // Match method descriptor with operand stack
3116 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
3117 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
3118 }
3119 // Check objectref on operand stack
3120 if (opcode != Bytecodes::_invokestatic &&
3121 opcode != Bytecodes::_invokedynamic) {
3122 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
3123 verify_invoke_init(bcs, index, ref_class_type, current_frame,
3124 code_length, in_try_block, this_uninit, cp, stackmap_table,
3125 CHECK_VERIFY(this));
3126 if (was_recursively_verified()) return;
3127 } else { // other methods
3128 // Ensures that target class is assignable to method class.
3129 if (opcode == Bytecodes::_invokespecial) {
3130 if (!current_class()->is_anonymous()) {
3131 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
3132 } else {
3133 // anonymous class invokespecial calls: check if the
3134 // objectref is a subtype of the host_klass of the current class
3135 // to allow an anonymous class to reference methods in the host_klass
3136 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
3137 VerificationType hosttype =
3138 VerificationType::reference_type(current_class()->host_klass()->name());
3139 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
3140 if (!subtype) {
3141 verify_error( ErrorContext::bad_type(current_frame->offset(),
3142 current_frame->stack_top_ctx(),
3143 TypeOrigin::implicit(top)),
3144 "Bad type on operand stack");
3145 return;
3146 }
3147 }
3148 } else if (opcode == Bytecodes::_invokevirtual) {
3149 VerificationType stack_object_type =
3150 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3151 if (current_type() != stack_object_type) {
3152 if (was_recursively_verified()) return;
3153 assert(cp->cache() == NULL, "not rewritten yet");
3154 Symbol* ref_class_name =
3155 cp->klass_name_at(cp->klass_ref_index_at(index));
3156 // See the comments in verify_field_instructions() for
3157 // the rationale behind this.
3158 if (name_in_supers(ref_class_name, current_class())) {
3159 Klass* ref_class = load_class(ref_class_name, CHECK);
3160 if (is_protected_access(
3161 _klass, ref_class, method_name, method_sig, true)) {
3162 // It's protected access, check if stack object is
3163 // assignable to current class.
3164 bool is_assignable = current_type().is_assignable_from(
3165 stack_object_type, this, true, CHECK_VERIFY(this));
3166 if (!is_assignable) {
3167 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3168 && stack_object_type.is_array()
3169 && method_name == vmSymbols::clone_name()) {
3170 // Special case: arrays pretend to implement public Object
3171 // clone().
3172 } else {
3173 verify_error(ErrorContext::bad_type(bci,
3174 current_frame->stack_top_ctx(),
3175 TypeOrigin::implicit(current_type())),
3176 "Bad access to protected data in invokevirtual");
3177 return;
3178 }
3179 }
3180 }
3181 }
3182 }
3183 } else {
3184 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3185 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3186 }
3187 }
3188 }
3189 // Push the result type.
3190 if (sig_stream.type() != T_VOID) {
3191 if (method_name == vmSymbols::object_initializer_name()) {
3192 // <init> method must have a void return type
3193 /* Unreachable? Class file parser verifies that methods with '<' have
3194 * void return */
3195 verify_error(ErrorContext::bad_code(bci),
3196 "Return type must be void in <init> method");
3197 return;
3198 }
3199 VerificationType return_type[2];
3200 int n = change_sig_to_verificationType(
3201 &sig_stream, return_type, CHECK_VERIFY(this));
3202 for (int i = 0; i < n; i++) {
3203 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
3204 }
3205 }
3206 }
3207
3208 VerificationType ClassVerifier::get_newarray_type(
3209 u2 index, u2 bci, TRAPS) {
3210 const char* from_bt[] = {
3211 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3212 };
3213 if (index < T_BOOLEAN || index > T_LONG) {
3214 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3215 return VerificationType::bogus_type();
3216 }
3217
3218 // from_bt[index] contains the array signature which has a length of 2
3219 Symbol* sig = create_temporary_symbol(
3220 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
3221 return VerificationType::reference_type(sig);
3222 }
3223
3224 void ClassVerifier::verify_anewarray(
3225 u2 bci, u2 index, const constantPoolHandle& cp,
3226 StackMapFrame* current_frame, TRAPS) {
3227 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this));
3228 current_frame->pop_stack(
3229 VerificationType::integer_type(), CHECK_VERIFY(this));
3230
3231 if (was_recursively_verified()) return;
3232 constantTag class_tag = cp->tag_at(index);
3233 VerificationType component_type;
3234 if (class_tag.is_value_type() || class_tag.is_unresolved_value_type()) {
3235 component_type = cp_index_to_valuetype(index, cp, CHECK_VERIFY(this));
3236 } else {
3237 component_type = cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
3238 }
3239 int length;
3240 char* arr_sig_str;
3241 if (component_type.is_array()) { // it's an array
3242 const char* component_name = component_type.name()->as_utf8();
3243 // Check for more than MAX_ARRAY_DIMENSIONS
3244 length = (int)strlen(component_name);
3245 if (length > MAX_ARRAY_DIMENSIONS &&
3246 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3247 verify_error(ErrorContext::bad_code(bci),
3248 "Illegal anewarray instruction, array has more than 255 dimensions");
3249 }
3250 // add one dimension to component
3251 length++;
3252 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
3253 arr_sig_str[0] = '[';
3254 strncpy(&arr_sig_str[1], component_name, length - 1);
3255 } else { // it's an object or interface
3256 const char* component_name = component_type.name()->as_utf8();
3257 // add one dimension to component with 'L' or 'Q' (value type) prepended and ';' appended.
3258 length = (int)strlen(component_name) + 3;
3259 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
3260 arr_sig_str[0] = '[';
3261 arr_sig_str[1] = component_type.is_reference() ? 'L' : 'Q';
3262 strncpy(&arr_sig_str[2], component_name, length - 2);
3263 arr_sig_str[length - 1] = ';';
3264 }
3265 Symbol* arr_sig = create_temporary_symbol(
3266 arr_sig_str, length, CHECK_VERIFY(this));
3267 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3268 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3269 }
3270
3271 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3272 current_frame->get_local(
3273 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3274 current_frame->push_stack(
3275 VerificationType::integer_type(), CHECK_VERIFY(this));
3276 }
3277
3278 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3279 current_frame->get_local_2(
3280 index, VerificationType::long_type(),
3281 VerificationType::long2_type(), CHECK_VERIFY(this));
3282 current_frame->push_stack_2(
3283 VerificationType::long_type(),
3284 VerificationType::long2_type(), CHECK_VERIFY(this));
3285 }
3286
3287 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3288 current_frame->get_local(
3289 index, VerificationType::float_type(), CHECK_VERIFY(this));
3290 current_frame->push_stack(
3291 VerificationType::float_type(), CHECK_VERIFY(this));
3292 }
3293
3294 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3295 current_frame->get_local_2(
3296 index, VerificationType::double_type(),
3297 VerificationType::double2_type(), CHECK_VERIFY(this));
3298 current_frame->push_stack_2(
3299 VerificationType::double_type(),
3300 VerificationType::double2_type(), CHECK_VERIFY(this));
3301 }
3302
3303 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3304 VerificationType type = current_frame->get_local(
3305 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3306 current_frame->push_stack(type, CHECK_VERIFY(this));
3307 }
3308
3309 void ClassVerifier::verify_vload(u2 index, StackMapFrame* current_frame, TRAPS) {
3310 VerificationType type = current_frame->get_local(
3311 index, VerificationType::valuetype_check(), CHECK_VERIFY(this));
3312 current_frame->push_stack(type, CHECK_VERIFY(this));
3313 }
3314
3315 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3316 current_frame->pop_stack(
3317 VerificationType::integer_type(), CHECK_VERIFY(this));
3318 current_frame->set_local(
3319 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3320 }
3321
3322 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3323 current_frame->pop_stack_2(
3324 VerificationType::long2_type(),
3325 VerificationType::long_type(), CHECK_VERIFY(this));
3326 current_frame->set_local_2(
3327 index, VerificationType::long_type(),
3328 VerificationType::long2_type(), CHECK_VERIFY(this));
3329 }
3330
3331 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3332 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3333 current_frame->set_local(
3334 index, VerificationType::float_type(), CHECK_VERIFY(this));
3335 }
3336
3337 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3338 current_frame->pop_stack_2(
3339 VerificationType::double2_type(),
3340 VerificationType::double_type(), CHECK_VERIFY(this));
3341 current_frame->set_local_2(
3342 index, VerificationType::double_type(),
3343 VerificationType::double2_type(), CHECK_VERIFY(this));
3344 }
3345
3346 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3347 VerificationType type = current_frame->pop_stack(
3348 VerificationType::reference_check(), CHECK_VERIFY(this));
3349 current_frame->set_local(index, type, CHECK_VERIFY(this));
3350 }
3351
3352 void ClassVerifier::verify_vstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3353 VerificationType type = current_frame->pop_stack(
3354 VerificationType::valuetype_check(), CHECK_VERIFY(this));
3355 current_frame->set_local(index, type, CHECK_VERIFY(this));
3356 }
3357
3358 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3359 VerificationType type = current_frame->get_local(
3360 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3361 current_frame->set_local(index, type, CHECK_VERIFY(this));
3362 }
3363
3364 void ClassVerifier::verify_return_value(
3365 VerificationType return_type, VerificationType type, u2 bci,
3366 StackMapFrame* current_frame, TRAPS) {
3367 if (return_type == VerificationType::bogus_type()) {
3368 verify_error(ErrorContext::bad_type(bci,
3369 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3370 "Method expects a return value");
3371 return;
3372 }
3373 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3374 if (!match) {
3375 verify_error(ErrorContext::bad_type(bci,
3376 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3377 "Bad return type");
3378 return;
3379 }
3380 }
3381
3382 // The verifier creates symbols which are substrings of Symbols.
3383 // These are stored in the verifier until the end of verification so that
3384 // they can be reference counted.
3385 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3386 int end, TRAPS) {
3387 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3388 _symbols->push(sym);
3389 return sym;
3390 }
3391
3392 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3393 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3394 _symbols->push(sym);
3395 return sym;
3396 }