1 /*
2 * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTableFormat.hpp"
31 #include "classfile/systemDictionary.hpp"
32 #include "classfile/verifier.hpp"
33 #include "classfile/vmSymbols.hpp"
34 #include "interpreter/bytecodes.hpp"
35 #include "interpreter/bytecodeStream.hpp"
36 #include "logging/log.hpp"
37 #include "logging/logStream.hpp"
38 #include "memory/oopFactory.hpp"
39 #include "memory/resourceArea.hpp"
40 #include "oops/instanceKlass.hpp"
41 #include "oops/oop.inline.hpp"
42 #include "oops/typeArrayOop.hpp"
43 #include "prims/jvm.h"
44 #include "runtime/fieldDescriptor.hpp"
45 #include "runtime/handles.inline.hpp"
46 #include "runtime/interfaceSupport.hpp"
47 #include "runtime/javaCalls.hpp"
48 #include "runtime/orderAccess.inline.hpp"
49 #include "runtime/os.hpp"
50 #include "runtime/thread.hpp"
51 #include "services/threadService.hpp"
52 #include "utilities/align.hpp"
53 #include "utilities/bytes.hpp"
54
55 #define NOFAILOVER_MAJOR_VERSION 51
56 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
57 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
58 #define MAX_ARRAY_DIMENSIONS 255
59
60 // Access to external entry for VerifyClassCodes - old byte code verifier
61
62 extern "C" {
63 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
64 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
65 }
66
67 static void* volatile _verify_byte_codes_fn = NULL;
68
69 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
70
71 static void* verify_byte_codes_fn() {
72 if (OrderAccess::load_ptr_acquire(&_verify_byte_codes_fn) == NULL) {
73 void *lib_handle = os::native_java_library();
74 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
75 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
76 if (func == NULL) {
77 _is_new_verify_byte_codes_fn = false;
78 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
79 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
80 }
81 }
82 return (void*)_verify_byte_codes_fn;
83 }
84
85
86 // Methods in Verifier
87
88 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
89 return (class_loader == NULL || !should_verify_class) ?
90 BytecodeVerificationLocal : BytecodeVerificationRemote;
91 }
92
93 bool Verifier::relax_access_for(oop loader) {
94 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
95 bool need_verify =
96 // verifyAll
97 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
98 // verifyRemote
99 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
100 return !need_verify;
101 }
102
103 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
104 assert(verify_class != NULL, "Unexpected null verify_class");
105 ResourceMark rm;
106 Symbol* s = verify_class->source_file_name();
107 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
108 const char* verify = verify_class->external_name();
109 const char* resolve = resolve_class->external_name();
110 // print in a single call to reduce interleaving between threads
111 if (source_file != NULL) {
112 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
113 } else {
114 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
115 }
116 }
117
118 // Prints the end-verification message to the appropriate output.
119 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) {
120 if (HAS_PENDING_EXCEPTION) {
121 st->print("Verification for %s has", klassName);
122 st->print_cr(" exception pending %s ",
123 PENDING_EXCEPTION->klass()->external_name());
124 } else if (exception_name != NULL) {
125 st->print_cr("Verification for %s failed", klassName);
126 }
127 st->print_cr("End class verification for: %s", klassName);
128 }
129
130 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
131 HandleMark hm(THREAD);
132 ResourceMark rm(THREAD);
133
134 // Eagerly allocate the identity hash code for a klass. This is a fallout
135 // from 6320749 and 8059924: hash code generator is not supposed to be called
136 // during the safepoint, but it allows to sneak the hashcode in during
137 // verification. Without this eager hashcode generation, we may end up
138 // installing the hashcode during some other operation, which may be at
139 // safepoint -- blowing up the checks. It was previously done as the side
140 // effect (sic!) for external_name(), but instead of doing that, we opt to
141 // explicitly push the hashcode in here. This is signify the following block
142 // is IMPORTANT:
143 if (klass->java_mirror() != NULL) {
144 klass->java_mirror()->identity_hash();
145 }
146
147 if (!is_eligible_for_verification(klass, should_verify_class)) {
148 return true;
149 }
150
151 // Timer includes any side effects of class verification (resolution,
152 // etc), but not recursive calls to Verifier::verify().
153 JavaThread* jt = (JavaThread*)THREAD;
154 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
155 ClassLoader::perf_class_verify_selftime(),
156 ClassLoader::perf_classes_verified(),
157 jt->get_thread_stat()->perf_recursion_counts_addr(),
158 jt->get_thread_stat()->perf_timers_addr(),
159 PerfClassTraceTime::CLASS_VERIFY);
160
161 // If the class should be verified, first see if we can use the split
162 // verifier. If not, or if verification fails and FailOverToOldVerifier
163 // is set, then call the inference verifier.
164
165 Symbol* exception_name = NULL;
166 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
167 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
168 char* exception_message = message_buffer;
169
170 const char* klassName = klass->external_name();
171 bool can_failover = FailOverToOldVerifier &&
172 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
173
174 log_info(class, init)("Start class verification for: %s", klassName);
175 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
176 ClassVerifier split_verifier(klass, THREAD);
177 split_verifier.verify_class(THREAD);
178 exception_name = split_verifier.result();
179 if (can_failover && !HAS_PENDING_EXCEPTION &&
180 (exception_name == vmSymbols::java_lang_VerifyError() ||
181 exception_name == vmSymbols::java_lang_ClassFormatError())) {
182 log_info(verification)("Fail over class verification to old verifier for: %s", klassName);
183 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName);
184 exception_name = inference_verify(
185 klass, message_buffer, message_buffer_len, THREAD);
186 }
187 if (exception_name != NULL) {
188 exception_message = split_verifier.exception_message();
189 }
190 } else {
191 exception_name = inference_verify(
192 klass, message_buffer, message_buffer_len, THREAD);
193 }
194
195 LogTarget(Info, class, init) lt1;
196 if (lt1.is_enabled()) {
197 LogStream ls(lt1);
198 log_end_verification(&ls, klassName, exception_name, THREAD);
199 }
200 LogTarget(Info, verification) lt2;
201 if (lt2.is_enabled()) {
202 LogStream ls(lt2);
203 log_end_verification(&ls, klassName, exception_name, THREAD);
204 }
205
206 if (HAS_PENDING_EXCEPTION) {
207 return false; // use the existing exception
208 } else if (exception_name == NULL) {
209 return true; // verifcation succeeded
210 } else { // VerifyError or ClassFormatError to be created and thrown
211 ResourceMark rm(THREAD);
212 Klass* kls =
213 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
214 if (log_is_enabled(Debug, class, resolve)) {
215 Verifier::trace_class_resolution(kls, klass);
216 }
217
218 while (kls != NULL) {
219 if (kls == klass) {
220 // If the class being verified is the exception we're creating
221 // or one of it's superclasses, we're in trouble and are going
222 // to infinitely recurse when we try to initialize the exception.
223 // So bail out here by throwing the preallocated VM error.
224 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
225 }
226 kls = kls->super();
227 }
228 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
229 THROW_MSG_(exception_name, exception_message, false);
230 }
231 }
232
233 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
234 Symbol* name = klass->name();
235 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
236
237 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
238
239 return (should_verify_for(klass->class_loader(), should_verify_class) &&
240 // return if the class is a bootstrapping class
241 // or defineClass specified not to verify by default (flags override passed arg)
242 // We need to skip the following few for bootstrapping
243 name != vmSymbols::java_lang_Object() &&
244 name != vmSymbols::java_lang____Value() &&
245 name != vmSymbols::java_lang_Class() &&
246 name != vmSymbols::java_lang_String() &&
247 name != vmSymbols::java_lang_Throwable() &&
248
249 // Can not verify the bytecodes for shared classes because they have
250 // already been rewritten to contain constant pool cache indices,
251 // which the verifier can't understand.
252 // Shared classes shouldn't have stackmaps either.
253 !klass->is_shared() &&
254
255 // A MVT derived value type contains no code atrribute - no private static
256 // methods, no instance methods, no <clinit>, no <init>. So while format
257 // checking is performed on it, verification is not.
258 (!((EnableMVT || EnableValhalla) && klass->access_flags().is_value_type())) &&
259
260 // As of the fix for 4486457 we disable verification for all of the
261 // dynamically-generated bytecodes associated with the 1.4
262 // reflection implementation, not just those associated with
263 // jdk/internal/reflect/SerializationConstructorAccessor.
264 // NOTE: this is called too early in the bootstrapping process to be
265 // guarded by Universe::is_gte_jdk14x_version().
266 // Also for lambda generated code, gte jdk8
267 (!is_reflect));
268 }
269
270 Symbol* Verifier::inference_verify(
271 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
272 JavaThread* thread = (JavaThread*)THREAD;
273 JNIEnv *env = thread->jni_environment();
274
275 void* verify_func = verify_byte_codes_fn();
276
277 if (verify_func == NULL) {
278 jio_snprintf(message, message_len, "Could not link verifier");
279 return vmSymbols::java_lang_VerifyError();
280 }
281
282 ResourceMark rm(THREAD);
283 log_info(verification)("Verifying class %s with old format", klass->external_name());
284
285 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
286 jint result;
287
288 {
289 HandleMark hm(thread);
290 ThreadToNativeFromVM ttn(thread);
291 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
292 // code knows that we have left the VM
293
294 if (_is_new_verify_byte_codes_fn) {
295 verify_byte_codes_fn_new_t func =
296 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
297 result = (*func)(env, cls, message, (int)message_len,
298 klass->major_version());
299 } else {
300 verify_byte_codes_fn_t func =
301 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
302 result = (*func)(env, cls, message, (int)message_len);
303 }
304 }
305
306 JNIHandles::destroy_local(cls);
307
308 // These numbers are chosen so that VerifyClassCodes interface doesn't need
309 // to be changed (still return jboolean (unsigned char)), and result is
310 // 1 when verification is passed.
311 if (result == 0) {
312 return vmSymbols::java_lang_VerifyError();
313 } else if (result == 1) {
314 return NULL; // verified.
315 } else if (result == 2) {
316 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
317 } else if (result == 3) {
318 return vmSymbols::java_lang_ClassFormatError();
319 } else {
320 ShouldNotReachHere();
321 return NULL;
322 }
323 }
324
325 TypeOrigin TypeOrigin::null() {
326 return TypeOrigin();
327 }
328 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
329 assert(frame != NULL, "Must have a frame");
330 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
331 frame->local_at(index));
332 }
333 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
334 assert(frame != NULL, "Must have a frame");
335 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
336 frame->stack_at(index));
337 }
338 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
339 assert(frame != NULL, "Must have a frame");
340 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
341 frame->local_at(index));
342 }
343 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
344 assert(frame != NULL, "Must have a frame");
345 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
346 frame->stack_at(index));
347 }
348 TypeOrigin TypeOrigin::bad_index(u2 index) {
349 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
350 }
351 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
352 return TypeOrigin(CONST_POOL, index, NULL, vt);
353 }
354 TypeOrigin TypeOrigin::signature(VerificationType vt) {
355 return TypeOrigin(SIG, 0, NULL, vt);
356 }
357 TypeOrigin TypeOrigin::implicit(VerificationType t) {
358 return TypeOrigin(IMPLICIT, 0, NULL, t);
359 }
360 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
361 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
362 VerificationType::bogus_type());
363 }
364
365 void TypeOrigin::reset_frame() {
366 if (_frame != NULL) {
367 _frame->restore();
368 }
369 }
370
371 void TypeOrigin::details(outputStream* ss) const {
372 _type.print_on(ss);
373 switch (_origin) {
374 case CF_LOCALS:
375 ss->print(" (current frame, locals[%d])", _index);
376 break;
377 case CF_STACK:
378 ss->print(" (current frame, stack[%d])", _index);
379 break;
380 case SM_LOCALS:
381 ss->print(" (stack map, locals[%d])", _index);
382 break;
383 case SM_STACK:
384 ss->print(" (stack map, stack[%d])", _index);
385 break;
386 case CONST_POOL:
387 ss->print(" (constant pool %d)", _index);
388 break;
389 case SIG:
390 ss->print(" (from method signature)");
391 break;
392 case IMPLICIT:
393 case FRAME_ONLY:
394 case NONE:
395 default:
396 ;
397 }
398 }
399
400 #ifdef ASSERT
401 void TypeOrigin::print_on(outputStream* str) const {
402 str->print("{%d,%d,%p:", _origin, _index, _frame);
403 if (_frame != NULL) {
404 _frame->print_on(str);
405 } else {
406 str->print("null");
407 }
408 str->print(",");
409 _type.print_on(str);
410 str->print("}");
411 }
412 #endif
413
414 void ErrorContext::details(outputStream* ss, const Method* method) const {
415 if (is_valid()) {
416 ss->cr();
417 ss->print_cr("Exception Details:");
418 location_details(ss, method);
419 reason_details(ss);
420 frame_details(ss);
421 bytecode_details(ss, method);
422 handler_details(ss, method);
423 stackmap_details(ss, method);
424 }
425 }
426
427 void ErrorContext::reason_details(outputStream* ss) const {
428 streamIndentor si(ss);
429 ss->indent().print_cr("Reason:");
430 streamIndentor si2(ss);
431 ss->indent().print("%s", "");
432 switch (_fault) {
433 case INVALID_BYTECODE:
434 ss->print("Error exists in the bytecode");
435 break;
436 case WRONG_TYPE:
437 if (_expected.is_valid()) {
438 ss->print("Type ");
439 _type.details(ss);
440 ss->print(" is not assignable to ");
441 _expected.details(ss);
442 } else {
443 ss->print("Invalid type: ");
444 _type.details(ss);
445 }
446 break;
447 case FLAGS_MISMATCH:
448 if (_expected.is_valid()) {
449 ss->print("Current frame's flags are not assignable "
450 "to stack map frame's.");
451 } else {
452 ss->print("Current frame's flags are invalid in this context.");
453 }
454 break;
455 case BAD_CP_INDEX:
456 ss->print("Constant pool index %d is invalid", _type.index());
457 break;
458 case BAD_LOCAL_INDEX:
459 ss->print("Local index %d is invalid", _type.index());
460 break;
461 case LOCALS_SIZE_MISMATCH:
462 ss->print("Current frame's local size doesn't match stackmap.");
463 break;
464 case STACK_SIZE_MISMATCH:
465 ss->print("Current frame's stack size doesn't match stackmap.");
466 break;
467 case STACK_OVERFLOW:
468 ss->print("Exceeded max stack size.");
469 break;
470 case STACK_UNDERFLOW:
471 ss->print("Attempt to pop empty stack.");
472 break;
473 case MISSING_STACKMAP:
474 ss->print("Expected stackmap frame at this location.");
475 break;
476 case BAD_STACKMAP:
477 ss->print("Invalid stackmap specification.");
478 break;
479 case UNKNOWN:
480 default:
481 ShouldNotReachHere();
482 ss->print_cr("Unknown");
483 }
484 ss->cr();
485 }
486
487 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
488 if (_bci != -1 && method != NULL) {
489 streamIndentor si(ss);
490 const char* bytecode_name = "<invalid>";
491 if (method->validate_bci(_bci) != -1) {
492 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
493 if (Bytecodes::is_defined(code)) {
494 bytecode_name = Bytecodes::name(code);
495 } else {
496 bytecode_name = "<illegal>";
497 }
498 }
499 InstanceKlass* ik = method->method_holder();
500 ss->indent().print_cr("Location:");
501 streamIndentor si2(ss);
502 ss->indent().print_cr("%s.%s%s @%d: %s",
503 ik->name()->as_C_string(), method->name()->as_C_string(),
504 method->signature()->as_C_string(), _bci, bytecode_name);
505 }
506 }
507
508 void ErrorContext::frame_details(outputStream* ss) const {
509 streamIndentor si(ss);
510 if (_type.is_valid() && _type.frame() != NULL) {
511 ss->indent().print_cr("Current Frame:");
512 streamIndentor si2(ss);
513 _type.frame()->print_on(ss);
514 }
515 if (_expected.is_valid() && _expected.frame() != NULL) {
516 ss->indent().print_cr("Stackmap Frame:");
517 streamIndentor si2(ss);
518 _expected.frame()->print_on(ss);
519 }
520 }
521
522 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
523 if (method != NULL) {
524 streamIndentor si(ss);
525 ss->indent().print_cr("Bytecode:");
526 streamIndentor si2(ss);
527 ss->print_data(method->code_base(), method->code_size(), false);
528 }
529 }
530
531 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
532 if (method != NULL) {
533 streamIndentor si(ss);
534 ExceptionTable table(method);
535 if (table.length() > 0) {
536 ss->indent().print_cr("Exception Handler Table:");
537 streamIndentor si2(ss);
538 for (int i = 0; i < table.length(); ++i) {
539 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
540 table.end_pc(i), table.handler_pc(i));
541 }
542 }
543 }
544 }
545
546 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
547 if (method != NULL && method->has_stackmap_table()) {
548 streamIndentor si(ss);
549 ss->indent().print_cr("Stackmap Table:");
550 Array<u1>* data = method->stackmap_data();
551 stack_map_table* sm_table =
552 stack_map_table::at((address)data->adr_at(0));
553 stack_map_frame* sm_frame = sm_table->entries();
554 streamIndentor si2(ss);
555 int current_offset = -1;
556 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
557 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
558 ss->indent();
559 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
560 sm_frame->print_truncated(ss, current_offset);
561 return;
562 }
563 sm_frame->print_on(ss, current_offset);
564 ss->cr();
565 current_offset += sm_frame->offset_delta();
566 sm_frame = sm_frame->next();
567 }
568 }
569 }
570
571 // Methods in ClassVerifier
572
573 ClassVerifier::ClassVerifier(
574 InstanceKlass* klass, TRAPS)
575 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
576 _this_type = VerificationType::reference_type(klass->name());
577 // Create list to hold symbols in reference area.
578 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
579 }
580
581 ClassVerifier::~ClassVerifier() {
582 // Decrement the reference count for any symbols created.
583 for (int i = 0; i < _symbols->length(); i++) {
584 Symbol* s = _symbols->at(i);
585 s->decrement_refcount();
586 }
587 }
588
589 VerificationType ClassVerifier::object_type() const {
590 return VerificationType::reference_type(vmSymbols::java_lang_Object());
591 }
592
593 VerificationType ClassVerifier::__value_type() const {
594 return VerificationType::valuetype_type(vmSymbols::java_lang____Value());
595 }
596
597 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
598 VerificationType vt = VerificationType::reference_type(
599 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
600 return TypeOrigin::implicit(vt);
601 }
602
603 TypeOrigin ClassVerifier::valuetype_ctx(const char* sig, TRAPS) {
604 VerificationType vt = VerificationType::valuetype_type(
605 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
606 return TypeOrigin::implicit(vt);
607 }
608
609 void ClassVerifier::verify_class(TRAPS) {
610 log_info(verification)("Verifying class %s with new format", _klass->external_name());
611
612 Array<Method*>* methods = _klass->methods();
613 int num_methods = methods->length();
614
615 for (int index = 0; index < num_methods; index++) {
616 // Check for recursive re-verification before each method.
617 if (was_recursively_verified()) return;
618
619 Method* m = methods->at(index);
620 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
621 // If m is native or abstract, skip it. It is checked in class file
622 // parser that methods do not override a final method. Overpass methods
623 // are trusted since the VM generates them.
624 continue;
625 }
626 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
627 }
628
629 if (was_recursively_verified()){
630 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
631 log_info(class, init)("Recursive verification detected for: %s",
632 _klass->external_name());
633 }
634 }
635
636 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
637 HandleMark hm(THREAD);
638 _method = m; // initialize _method
639 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
640
641 // For clang, the only good constant format string is a literal constant format string.
642 #define bad_type_msg "Bad type on operand stack in %s"
643
644 int32_t max_stack = m->verifier_max_stack();
645 int32_t max_locals = m->max_locals();
646 constantPoolHandle cp(THREAD, m->constants());
647
648 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
649 class_format_error("Invalid method signature");
650 return;
651 }
652
653 // Verify value type bytecodes if enabled and class file version supports them.
654 // Commented check out for now until class file version 54.1 is generated.
655 bool vbytecodes_allowed = (EnableMVT || EnableValhalla);
656 //_klass->major_version() >= Verifier::VALUETYPE_MAJOR_VERSION &&
657 //_klass->minor_version() >= Verifier::VALUETYPE_MINOR_VERSION);
658
659 // Initial stack map frame: offset is 0, stack is initially empty.
660 StackMapFrame current_frame(max_locals, max_stack, this);
661 // Set initial locals
662 VerificationType return_type = current_frame.set_locals_from_arg(
663 m, current_type(), CHECK_VERIFY(this));
664
665 int32_t stackmap_index = 0; // index to the stackmap array
666
667 u4 code_length = m->code_size();
668
669 // Scan the bytecode and map each instruction's start offset to a number.
670 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
671
672 int ex_min = code_length;
673 int ex_max = -1;
674 // Look through each item on the exception table. Each of the fields must refer
675 // to a legal instruction.
676 if (was_recursively_verified()) return;
677 verify_exception_handler_table(
678 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
679
680 // Look through each entry on the local variable table and make sure
681 // its range of code array offsets is valid. (4169817)
682 if (m->has_localvariable_table()) {
683 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
684 }
685
686 Array<u1>* stackmap_data = m->stackmap_data();
687 StackMapStream stream(stackmap_data);
688 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
689 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
690 code_data, code_length, CHECK_VERIFY(this));
691
692 LogTarget(Info, verification) lt;
693 if (lt.is_enabled()) {
694 ResourceMark rm(THREAD);
695 LogStream ls(lt);
696 stackmap_table.print_on(&ls);
697 }
698
699 RawBytecodeStream bcs(m);
700
701 // Scan the byte code linearly from the start to the end
702 bool no_control_flow = false; // Set to true when there is no direct control
703 // flow from current instruction to the next
704 // instruction in sequence
705
706 Bytecodes::Code opcode;
707 while (!bcs.is_last_bytecode()) {
708 // Check for recursive re-verification before each bytecode.
709 if (was_recursively_verified()) return;
710
711 opcode = bcs.raw_next();
712 u2 bci = bcs.bci();
713
714 // Set current frame's offset to bci
715 current_frame.set_offset(bci);
716 current_frame.set_mark();
717
718 // Make sure every offset in stackmap table point to the beginning to
719 // an instruction. Match current_frame to stackmap_table entry with
720 // the same offset if exists.
721 stackmap_index = verify_stackmap_table(
722 stackmap_index, bci, ¤t_frame, &stackmap_table,
723 no_control_flow, CHECK_VERIFY(this));
724
725
726 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
727 bool verified_exc_handlers = false;
728
729 // Merge with the next instruction
730 {
731 u2 index;
732 int target;
733 VerificationType type, type2;
734 VerificationType atype;
735
736 LogTarget(Info, verification) lt;
737 if (lt.is_enabled()) {
738 ResourceMark rm(THREAD);
739 LogStream ls(lt);
740 current_frame.print_on(&ls);
741 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
742 }
743
744 // Make sure wide instruction is in correct format
745 if (bcs.is_wide()) {
746 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
747 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
748 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
749 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
750 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
751 opcode != Bytecodes::_dstore && opcode != Bytecodes::_vstore &&
752 opcode != Bytecodes::_vload) {
753 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
754 * if we encounter a wide instruction that modifies an invalid
755 * opcode (not one of the ones listed above) */
756 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
757 return;
758 }
759 }
760
761 // Look for possible jump target in exception handlers and see if it
762 // matches current_frame. Do this check here for astore*, dstore*,
763 // fstore*, istore*, and lstore* opcodes because they can change the type
764 // state by adding a local. JVM Spec says that the incoming type state
765 // should be used for this check. So, do the check here before a possible
766 // local is added to the type state.
767 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
768 if (was_recursively_verified()) return;
769 verify_exception_handler_targets(
770 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
771 verified_exc_handlers = true;
772 }
773
774 if (was_recursively_verified()) return;
775
776 switch (opcode) {
777 case Bytecodes::_nop :
778 no_control_flow = false; break;
779 case Bytecodes::_aconst_null :
780 current_frame.push_stack(
781 VerificationType::null_type(), CHECK_VERIFY(this));
782 no_control_flow = false; break;
783 case Bytecodes::_iconst_m1 :
784 case Bytecodes::_iconst_0 :
785 case Bytecodes::_iconst_1 :
786 case Bytecodes::_iconst_2 :
787 case Bytecodes::_iconst_3 :
788 case Bytecodes::_iconst_4 :
789 case Bytecodes::_iconst_5 :
790 current_frame.push_stack(
791 VerificationType::integer_type(), CHECK_VERIFY(this));
792 no_control_flow = false; break;
793 case Bytecodes::_lconst_0 :
794 case Bytecodes::_lconst_1 :
795 current_frame.push_stack_2(
796 VerificationType::long_type(),
797 VerificationType::long2_type(), CHECK_VERIFY(this));
798 no_control_flow = false; break;
799 case Bytecodes::_fconst_0 :
800 case Bytecodes::_fconst_1 :
801 case Bytecodes::_fconst_2 :
802 current_frame.push_stack(
803 VerificationType::float_type(), CHECK_VERIFY(this));
804 no_control_flow = false; break;
805 case Bytecodes::_dconst_0 :
806 case Bytecodes::_dconst_1 :
807 current_frame.push_stack_2(
808 VerificationType::double_type(),
809 VerificationType::double2_type(), CHECK_VERIFY(this));
810 no_control_flow = false; break;
811 case Bytecodes::_sipush :
812 case Bytecodes::_bipush :
813 current_frame.push_stack(
814 VerificationType::integer_type(), CHECK_VERIFY(this));
815 no_control_flow = false; break;
816 case Bytecodes::_ldc :
817 verify_ldc(
818 opcode, bcs.get_index_u1(), ¤t_frame,
819 cp, bci, CHECK_VERIFY(this));
820 no_control_flow = false; break;
821 case Bytecodes::_ldc_w :
822 case Bytecodes::_ldc2_w :
823 verify_ldc(
824 opcode, bcs.get_index_u2(), ¤t_frame,
825 cp, bci, CHECK_VERIFY(this));
826 no_control_flow = false; break;
827 case Bytecodes::_iload :
828 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
829 no_control_flow = false; break;
830 case Bytecodes::_iload_0 :
831 case Bytecodes::_iload_1 :
832 case Bytecodes::_iload_2 :
833 case Bytecodes::_iload_3 :
834 index = opcode - Bytecodes::_iload_0;
835 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
836 no_control_flow = false; break;
837 case Bytecodes::_lload :
838 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
839 no_control_flow = false; break;
840 case Bytecodes::_lload_0 :
841 case Bytecodes::_lload_1 :
842 case Bytecodes::_lload_2 :
843 case Bytecodes::_lload_3 :
844 index = opcode - Bytecodes::_lload_0;
845 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
846 no_control_flow = false; break;
847 case Bytecodes::_fload :
848 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
849 no_control_flow = false; break;
850 case Bytecodes::_fload_0 :
851 case Bytecodes::_fload_1 :
852 case Bytecodes::_fload_2 :
853 case Bytecodes::_fload_3 :
854 index = opcode - Bytecodes::_fload_0;
855 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
856 no_control_flow = false; break;
857 case Bytecodes::_dload :
858 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
859 no_control_flow = false; break;
860 case Bytecodes::_dload_0 :
861 case Bytecodes::_dload_1 :
862 case Bytecodes::_dload_2 :
863 case Bytecodes::_dload_3 :
864 index = opcode - Bytecodes::_dload_0;
865 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
866 no_control_flow = false; break;
867 case Bytecodes::_vload :
868 if (!vbytecodes_allowed) {
869 class_format_error(
870 "vload not supported by this class file version (%d.%d), class %s",
871 _klass->major_version(), _klass->minor_version(), _klass->external_name());
872 return;
873 }
874 verify_vload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
875 no_control_flow = false; break;
876 case Bytecodes::_aload :
877 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_aload_0 :
880 case Bytecodes::_aload_1 :
881 case Bytecodes::_aload_2 :
882 case Bytecodes::_aload_3 :
883 index = opcode - Bytecodes::_aload_0;
884 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
885 no_control_flow = false; break;
886 case Bytecodes::_iaload :
887 type = current_frame.pop_stack(
888 VerificationType::integer_type(), CHECK_VERIFY(this));
889 atype = current_frame.pop_stack(
890 VerificationType::reference_check(), CHECK_VERIFY(this));
891 if (!atype.is_int_array()) {
892 verify_error(ErrorContext::bad_type(bci,
893 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
894 bad_type_msg, "iaload");
895 return;
896 }
897 current_frame.push_stack(
898 VerificationType::integer_type(), CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_baload :
901 type = current_frame.pop_stack(
902 VerificationType::integer_type(), CHECK_VERIFY(this));
903 atype = current_frame.pop_stack(
904 VerificationType::reference_check(), CHECK_VERIFY(this));
905 if (!atype.is_bool_array() && !atype.is_byte_array()) {
906 verify_error(
907 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
908 bad_type_msg, "baload");
909 return;
910 }
911 current_frame.push_stack(
912 VerificationType::integer_type(), CHECK_VERIFY(this));
913 no_control_flow = false; break;
914 case Bytecodes::_caload :
915 type = current_frame.pop_stack(
916 VerificationType::integer_type(), CHECK_VERIFY(this));
917 atype = current_frame.pop_stack(
918 VerificationType::reference_check(), CHECK_VERIFY(this));
919 if (!atype.is_char_array()) {
920 verify_error(ErrorContext::bad_type(bci,
921 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
922 bad_type_msg, "caload");
923 return;
924 }
925 current_frame.push_stack(
926 VerificationType::integer_type(), CHECK_VERIFY(this));
927 no_control_flow = false; break;
928 case Bytecodes::_saload :
929 type = current_frame.pop_stack(
930 VerificationType::integer_type(), CHECK_VERIFY(this));
931 atype = current_frame.pop_stack(
932 VerificationType::reference_check(), CHECK_VERIFY(this));
933 if (!atype.is_short_array()) {
934 verify_error(ErrorContext::bad_type(bci,
935 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
936 bad_type_msg, "saload");
937 return;
938 }
939 current_frame.push_stack(
940 VerificationType::integer_type(), CHECK_VERIFY(this));
941 no_control_flow = false; break;
942 case Bytecodes::_laload :
943 type = current_frame.pop_stack(
944 VerificationType::integer_type(), CHECK_VERIFY(this));
945 atype = current_frame.pop_stack(
946 VerificationType::reference_check(), CHECK_VERIFY(this));
947 if (!atype.is_long_array()) {
948 verify_error(ErrorContext::bad_type(bci,
949 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
950 bad_type_msg, "laload");
951 return;
952 }
953 current_frame.push_stack_2(
954 VerificationType::long_type(),
955 VerificationType::long2_type(), CHECK_VERIFY(this));
956 no_control_flow = false; break;
957 case Bytecodes::_faload :
958 type = current_frame.pop_stack(
959 VerificationType::integer_type(), CHECK_VERIFY(this));
960 atype = current_frame.pop_stack(
961 VerificationType::reference_check(), CHECK_VERIFY(this));
962 if (!atype.is_float_array()) {
963 verify_error(ErrorContext::bad_type(bci,
964 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
965 bad_type_msg, "faload");
966 return;
967 }
968 current_frame.push_stack(
969 VerificationType::float_type(), CHECK_VERIFY(this));
970 no_control_flow = false; break;
971 case Bytecodes::_daload :
972 type = current_frame.pop_stack(
973 VerificationType::integer_type(), CHECK_VERIFY(this));
974 atype = current_frame.pop_stack(
975 VerificationType::reference_check(), CHECK_VERIFY(this));
976 if (!atype.is_double_array()) {
977 verify_error(ErrorContext::bad_type(bci,
978 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
979 bad_type_msg, "daload");
980 return;
981 }
982 current_frame.push_stack_2(
983 VerificationType::double_type(),
984 VerificationType::double2_type(), CHECK_VERIFY(this));
985 no_control_flow = false; break;
986 case Bytecodes::_aaload : {
987 type = current_frame.pop_stack(
988 VerificationType::integer_type(), CHECK_VERIFY(this));
989 atype = current_frame.pop_stack(
990 VerificationType::reference_check(), CHECK_VERIFY(this));
991 if (!atype.is_reference_array()) {
992 verify_error(ErrorContext::bad_type(bci,
993 current_frame.stack_top_ctx(),
994 TypeOrigin::implicit(VerificationType::reference_check())),
995 bad_type_msg, "aaload");
996 return;
997 }
998 if (atype.is_null()) {
999 current_frame.push_stack(
1000 VerificationType::null_type(), CHECK_VERIFY(this));
1001 } else {
1002 VerificationType component =
1003 atype.get_component(this, CHECK_VERIFY(this));
1004 current_frame.push_stack(component, CHECK_VERIFY(this));
1005 }
1006 no_control_flow = false; break;
1007 }
1008 case Bytecodes::_vaload : {
1009 if (!vbytecodes_allowed) {
1010 class_format_error(
1011 "vaload not supported by this class file version (%d.%d), class %s",
1012 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1013 return;
1014 }
1015 type = current_frame.pop_stack(
1016 VerificationType::integer_type(), CHECK_VERIFY(this));
1017 atype = current_frame.pop_stack(
1018 VerificationType::reference_check(), CHECK_VERIFY(this));
1019 // The null check is strictly not be necessary, left in for future proofing.
1020 // Will be reconsidered if type indexes are removed.
1021 if (atype.is_null() || !atype.is_value_array()) {
1022 verify_error(ErrorContext::bad_type(bci,
1023 current_frame.stack_top_ctx(),
1024 TypeOrigin::implicit(VerificationType::reference_check())),
1025 bad_type_msg, "vaload");
1026 return;
1027 }
1028 VerificationType component = atype.get_component(this, CHECK_VERIFY(this));
1029 if (!component.is_valuetype()) {
1030 verify_error(ErrorContext::bad_type(bci,
1031 current_frame.stack_top_ctx(),
1032 TypeOrigin::implicit(VerificationType::valuetype_check())),
1033 bad_type_msg, "vaload");
1034 return;
1035 }
1036 current_frame.push_stack(component, CHECK_VERIFY(this));
1037 no_control_flow = false; break;
1038 }
1039 case Bytecodes::_istore :
1040 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1041 no_control_flow = false; break;
1042 case Bytecodes::_istore_0 :
1043 case Bytecodes::_istore_1 :
1044 case Bytecodes::_istore_2 :
1045 case Bytecodes::_istore_3 :
1046 index = opcode - Bytecodes::_istore_0;
1047 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1048 no_control_flow = false; break;
1049 case Bytecodes::_lstore :
1050 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1051 no_control_flow = false; break;
1052 case Bytecodes::_lstore_0 :
1053 case Bytecodes::_lstore_1 :
1054 case Bytecodes::_lstore_2 :
1055 case Bytecodes::_lstore_3 :
1056 index = opcode - Bytecodes::_lstore_0;
1057 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1058 no_control_flow = false; break;
1059 case Bytecodes::_fstore :
1060 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1061 no_control_flow = false; break;
1062 case Bytecodes::_fstore_0 :
1063 case Bytecodes::_fstore_1 :
1064 case Bytecodes::_fstore_2 :
1065 case Bytecodes::_fstore_3 :
1066 index = opcode - Bytecodes::_fstore_0;
1067 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1068 no_control_flow = false; break;
1069 case Bytecodes::_dstore :
1070 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1071 no_control_flow = false; break;
1072 case Bytecodes::_dstore_0 :
1073 case Bytecodes::_dstore_1 :
1074 case Bytecodes::_dstore_2 :
1075 case Bytecodes::_dstore_3 :
1076 index = opcode - Bytecodes::_dstore_0;
1077 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1078 no_control_flow = false; break;
1079 case Bytecodes::_vstore :
1080 if (!vbytecodes_allowed) {
1081 class_format_error(
1082 "vstore not supported by this class file version (%d.%d), class %s",
1083 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1084 return;
1085 }
1086 verify_vstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1087 no_control_flow = false; break;
1088 case Bytecodes::_astore :
1089 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1090 no_control_flow = false; break;
1091 case Bytecodes::_astore_0 :
1092 case Bytecodes::_astore_1 :
1093 case Bytecodes::_astore_2 :
1094 case Bytecodes::_astore_3 :
1095 index = opcode - Bytecodes::_astore_0;
1096 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 case Bytecodes::_iastore :
1099 type = current_frame.pop_stack(
1100 VerificationType::integer_type(), CHECK_VERIFY(this));
1101 type2 = current_frame.pop_stack(
1102 VerificationType::integer_type(), CHECK_VERIFY(this));
1103 atype = current_frame.pop_stack(
1104 VerificationType::reference_check(), CHECK_VERIFY(this));
1105 if (!atype.is_int_array()) {
1106 verify_error(ErrorContext::bad_type(bci,
1107 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
1108 bad_type_msg, "iastore");
1109 return;
1110 }
1111 no_control_flow = false; break;
1112 case Bytecodes::_bastore :
1113 type = current_frame.pop_stack(
1114 VerificationType::integer_type(), CHECK_VERIFY(this));
1115 type2 = current_frame.pop_stack(
1116 VerificationType::integer_type(), CHECK_VERIFY(this));
1117 atype = current_frame.pop_stack(
1118 VerificationType::reference_check(), CHECK_VERIFY(this));
1119 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1120 verify_error(
1121 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1122 bad_type_msg, "bastore");
1123 return;
1124 }
1125 no_control_flow = false; break;
1126 case Bytecodes::_castore :
1127 current_frame.pop_stack(
1128 VerificationType::integer_type(), CHECK_VERIFY(this));
1129 current_frame.pop_stack(
1130 VerificationType::integer_type(), CHECK_VERIFY(this));
1131 atype = current_frame.pop_stack(
1132 VerificationType::reference_check(), CHECK_VERIFY(this));
1133 if (!atype.is_char_array()) {
1134 verify_error(ErrorContext::bad_type(bci,
1135 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1136 bad_type_msg, "castore");
1137 return;
1138 }
1139 no_control_flow = false; break;
1140 case Bytecodes::_sastore :
1141 current_frame.pop_stack(
1142 VerificationType::integer_type(), CHECK_VERIFY(this));
1143 current_frame.pop_stack(
1144 VerificationType::integer_type(), CHECK_VERIFY(this));
1145 atype = current_frame.pop_stack(
1146 VerificationType::reference_check(), CHECK_VERIFY(this));
1147 if (!atype.is_short_array()) {
1148 verify_error(ErrorContext::bad_type(bci,
1149 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1150 bad_type_msg, "sastore");
1151 return;
1152 }
1153 no_control_flow = false; break;
1154 case Bytecodes::_lastore :
1155 current_frame.pop_stack_2(
1156 VerificationType::long2_type(),
1157 VerificationType::long_type(), CHECK_VERIFY(this));
1158 current_frame.pop_stack(
1159 VerificationType::integer_type(), CHECK_VERIFY(this));
1160 atype = current_frame.pop_stack(
1161 VerificationType::reference_check(), CHECK_VERIFY(this));
1162 if (!atype.is_long_array()) {
1163 verify_error(ErrorContext::bad_type(bci,
1164 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1165 bad_type_msg, "lastore");
1166 return;
1167 }
1168 no_control_flow = false; break;
1169 case Bytecodes::_fastore :
1170 current_frame.pop_stack(
1171 VerificationType::float_type(), CHECK_VERIFY(this));
1172 current_frame.pop_stack
1173 (VerificationType::integer_type(), CHECK_VERIFY(this));
1174 atype = current_frame.pop_stack(
1175 VerificationType::reference_check(), CHECK_VERIFY(this));
1176 if (!atype.is_float_array()) {
1177 verify_error(ErrorContext::bad_type(bci,
1178 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1179 bad_type_msg, "fastore");
1180 return;
1181 }
1182 no_control_flow = false; break;
1183 case Bytecodes::_dastore :
1184 current_frame.pop_stack_2(
1185 VerificationType::double2_type(),
1186 VerificationType::double_type(), CHECK_VERIFY(this));
1187 current_frame.pop_stack(
1188 VerificationType::integer_type(), CHECK_VERIFY(this));
1189 atype = current_frame.pop_stack(
1190 VerificationType::reference_check(), CHECK_VERIFY(this));
1191 if (!atype.is_double_array()) {
1192 verify_error(ErrorContext::bad_type(bci,
1193 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1194 bad_type_msg, "dastore");
1195 return;
1196 }
1197 no_control_flow = false; break;
1198 case Bytecodes::_aastore :
1199 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1200 type2 = current_frame.pop_stack(
1201 VerificationType::integer_type(), CHECK_VERIFY(this));
1202 atype = current_frame.pop_stack(
1203 VerificationType::reference_check(), CHECK_VERIFY(this));
1204 // more type-checking is done at runtime
1205 if (!atype.is_reference_array()) {
1206 verify_error(ErrorContext::bad_type(bci,
1207 current_frame.stack_top_ctx(),
1208 TypeOrigin::implicit(VerificationType::reference_check())),
1209 bad_type_msg, "aastore");
1210 return;
1211 }
1212 // 4938384: relaxed constraint in JVMS 3nd edition.
1213 no_control_flow = false; break;
1214 case Bytecodes::_vastore :
1215 if (!vbytecodes_allowed) {
1216 class_format_error(
1217 "vastore not supported by this class file version (%d.%d), class %s",
1218 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1219 return;
1220 }
1221 type = current_frame.pop_stack(__value_type(), CHECK_VERIFY(this));
1222 type2 = current_frame.pop_stack(
1223 VerificationType::integer_type(), CHECK_VERIFY(this));
1224 atype = current_frame.pop_stack(
1225 VerificationType::reference_check(), CHECK_VERIFY(this));
1226 // The null check is strictly not be necessary, left in for future proofing.
1227 // Will be reconsidered if type indexes are removed.
1228 if (atype.is_null() || !atype.is_value_array()) {
1229 verify_error(ErrorContext::bad_type(bci,
1230 current_frame.stack_top_ctx(),
1231 TypeOrigin::implicit(VerificationType::reference_check())),
1232 bad_type_msg, "vastore");
1233 return;
1234 }
1235 no_control_flow = false; break;
1236 case Bytecodes::_pop :
1237 current_frame.pop_stack(
1238 VerificationType::category1_check(), CHECK_VERIFY(this));
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop2 :
1241 type = current_frame.pop_stack(CHECK_VERIFY(this));
1242 if (type.is_category1()) {
1243 current_frame.pop_stack(
1244 VerificationType::category1_check(), CHECK_VERIFY(this));
1245 } else if (type.is_category2_2nd()) {
1246 current_frame.pop_stack(
1247 VerificationType::category2_check(), CHECK_VERIFY(this));
1248 } else {
1249 /* Unreachable? Would need a category2_1st on TOS
1250 * which does not appear possible. */
1251 verify_error(
1252 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1253 bad_type_msg, "pop2");
1254 return;
1255 }
1256 no_control_flow = false; break;
1257 case Bytecodes::_dup :
1258 type = current_frame.pop_stack(
1259 VerificationType::category1_check(), CHECK_VERIFY(this));
1260 current_frame.push_stack(type, CHECK_VERIFY(this));
1261 current_frame.push_stack(type, CHECK_VERIFY(this));
1262 no_control_flow = false; break;
1263 case Bytecodes::_dup_x1 :
1264 type = current_frame.pop_stack(
1265 VerificationType::category1_check(), CHECK_VERIFY(this));
1266 type2 = current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 current_frame.push_stack(type, CHECK_VERIFY(this));
1269 current_frame.push_stack(type2, CHECK_VERIFY(this));
1270 current_frame.push_stack(type, CHECK_VERIFY(this));
1271 no_control_flow = false; break;
1272 case Bytecodes::_dup_x2 :
1273 {
1274 VerificationType type3;
1275 type = current_frame.pop_stack(
1276 VerificationType::category1_check(), CHECK_VERIFY(this));
1277 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1278 if (type2.is_category1()) {
1279 type3 = current_frame.pop_stack(
1280 VerificationType::category1_check(), CHECK_VERIFY(this));
1281 } else if (type2.is_category2_2nd()) {
1282 type3 = current_frame.pop_stack(
1283 VerificationType::category2_check(), CHECK_VERIFY(this));
1284 } else {
1285 /* Unreachable? Would need a category2_1st at stack depth 2 with
1286 * a category1 on TOS which does not appear possible. */
1287 verify_error(ErrorContext::bad_type(
1288 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1289 return;
1290 }
1291 current_frame.push_stack(type, CHECK_VERIFY(this));
1292 current_frame.push_stack(type3, CHECK_VERIFY(this));
1293 current_frame.push_stack(type2, CHECK_VERIFY(this));
1294 current_frame.push_stack(type, CHECK_VERIFY(this));
1295 no_control_flow = false; break;
1296 }
1297 case Bytecodes::_dup2 :
1298 type = current_frame.pop_stack(CHECK_VERIFY(this));
1299 if (type.is_category1()) {
1300 type2 = current_frame.pop_stack(
1301 VerificationType::category1_check(), CHECK_VERIFY(this));
1302 } else if (type.is_category2_2nd()) {
1303 type2 = current_frame.pop_stack(
1304 VerificationType::category2_check(), CHECK_VERIFY(this));
1305 } else {
1306 /* Unreachable? Would need a category2_1st on TOS which does not
1307 * appear possible. */
1308 verify_error(
1309 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1310 bad_type_msg, "dup2");
1311 return;
1312 }
1313 current_frame.push_stack(type2, CHECK_VERIFY(this));
1314 current_frame.push_stack(type, CHECK_VERIFY(this));
1315 current_frame.push_stack(type2, CHECK_VERIFY(this));
1316 current_frame.push_stack(type, CHECK_VERIFY(this));
1317 no_control_flow = false; break;
1318 case Bytecodes::_dup2_x1 :
1319 {
1320 VerificationType type3;
1321 type = current_frame.pop_stack(CHECK_VERIFY(this));
1322 if (type.is_category1()) {
1323 type2 = current_frame.pop_stack(
1324 VerificationType::category1_check(), CHECK_VERIFY(this));
1325 } else if (type.is_category2_2nd()) {
1326 type2 = current_frame.pop_stack(
1327 VerificationType::category2_check(), CHECK_VERIFY(this));
1328 } else {
1329 /* Unreachable? Would need a category2_1st on TOS which does
1330 * not appear possible. */
1331 verify_error(
1332 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1333 bad_type_msg, "dup2_x1");
1334 return;
1335 }
1336 type3 = current_frame.pop_stack(
1337 VerificationType::category1_check(), CHECK_VERIFY(this));
1338 current_frame.push_stack(type2, CHECK_VERIFY(this));
1339 current_frame.push_stack(type, CHECK_VERIFY(this));
1340 current_frame.push_stack(type3, CHECK_VERIFY(this));
1341 current_frame.push_stack(type2, CHECK_VERIFY(this));
1342 current_frame.push_stack(type, CHECK_VERIFY(this));
1343 no_control_flow = false; break;
1344 }
1345 case Bytecodes::_dup2_x2 :
1346 {
1347 VerificationType type3, type4;
1348 type = current_frame.pop_stack(CHECK_VERIFY(this));
1349 if (type.is_category1()) {
1350 type2 = current_frame.pop_stack(
1351 VerificationType::category1_check(), CHECK_VERIFY(this));
1352 } else if (type.is_category2_2nd()) {
1353 type2 = current_frame.pop_stack(
1354 VerificationType::category2_check(), CHECK_VERIFY(this));
1355 } else {
1356 /* Unreachable? Would need a category2_1st on TOS which does
1357 * not appear possible. */
1358 verify_error(
1359 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1360 bad_type_msg, "dup2_x2");
1361 return;
1362 }
1363 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1364 if (type3.is_category1()) {
1365 type4 = current_frame.pop_stack(
1366 VerificationType::category1_check(), CHECK_VERIFY(this));
1367 } else if (type3.is_category2_2nd()) {
1368 type4 = current_frame.pop_stack(
1369 VerificationType::category2_check(), CHECK_VERIFY(this));
1370 } else {
1371 /* Unreachable? Would need a category2_1st on TOS after popping
1372 * a long/double or two category 1's, which does not
1373 * appear possible. */
1374 verify_error(
1375 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1376 bad_type_msg, "dup2_x2");
1377 return;
1378 }
1379 current_frame.push_stack(type2, CHECK_VERIFY(this));
1380 current_frame.push_stack(type, CHECK_VERIFY(this));
1381 current_frame.push_stack(type4, CHECK_VERIFY(this));
1382 current_frame.push_stack(type3, CHECK_VERIFY(this));
1383 current_frame.push_stack(type2, CHECK_VERIFY(this));
1384 current_frame.push_stack(type, CHECK_VERIFY(this));
1385 no_control_flow = false; break;
1386 }
1387 case Bytecodes::_swap :
1388 type = current_frame.pop_stack(
1389 VerificationType::category1_check(), CHECK_VERIFY(this));
1390 type2 = current_frame.pop_stack(
1391 VerificationType::category1_check(), CHECK_VERIFY(this));
1392 current_frame.push_stack(type, CHECK_VERIFY(this));
1393 current_frame.push_stack(type2, CHECK_VERIFY(this));
1394 no_control_flow = false; break;
1395 case Bytecodes::_iadd :
1396 case Bytecodes::_isub :
1397 case Bytecodes::_imul :
1398 case Bytecodes::_idiv :
1399 case Bytecodes::_irem :
1400 case Bytecodes::_ishl :
1401 case Bytecodes::_ishr :
1402 case Bytecodes::_iushr :
1403 case Bytecodes::_ior :
1404 case Bytecodes::_ixor :
1405 case Bytecodes::_iand :
1406 current_frame.pop_stack(
1407 VerificationType::integer_type(), CHECK_VERIFY(this));
1408 // fall through
1409 case Bytecodes::_ineg :
1410 current_frame.pop_stack(
1411 VerificationType::integer_type(), CHECK_VERIFY(this));
1412 current_frame.push_stack(
1413 VerificationType::integer_type(), CHECK_VERIFY(this));
1414 no_control_flow = false; break;
1415 case Bytecodes::_ladd :
1416 case Bytecodes::_lsub :
1417 case Bytecodes::_lmul :
1418 case Bytecodes::_ldiv :
1419 case Bytecodes::_lrem :
1420 case Bytecodes::_land :
1421 case Bytecodes::_lor :
1422 case Bytecodes::_lxor :
1423 current_frame.pop_stack_2(
1424 VerificationType::long2_type(),
1425 VerificationType::long_type(), CHECK_VERIFY(this));
1426 // fall through
1427 case Bytecodes::_lneg :
1428 current_frame.pop_stack_2(
1429 VerificationType::long2_type(),
1430 VerificationType::long_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack_2(
1432 VerificationType::long_type(),
1433 VerificationType::long2_type(), CHECK_VERIFY(this));
1434 no_control_flow = false; break;
1435 case Bytecodes::_lshl :
1436 case Bytecodes::_lshr :
1437 case Bytecodes::_lushr :
1438 current_frame.pop_stack(
1439 VerificationType::integer_type(), CHECK_VERIFY(this));
1440 current_frame.pop_stack_2(
1441 VerificationType::long2_type(),
1442 VerificationType::long_type(), CHECK_VERIFY(this));
1443 current_frame.push_stack_2(
1444 VerificationType::long_type(),
1445 VerificationType::long2_type(), CHECK_VERIFY(this));
1446 no_control_flow = false; break;
1447 case Bytecodes::_fadd :
1448 case Bytecodes::_fsub :
1449 case Bytecodes::_fmul :
1450 case Bytecodes::_fdiv :
1451 case Bytecodes::_frem :
1452 current_frame.pop_stack(
1453 VerificationType::float_type(), CHECK_VERIFY(this));
1454 // fall through
1455 case Bytecodes::_fneg :
1456 current_frame.pop_stack(
1457 VerificationType::float_type(), CHECK_VERIFY(this));
1458 current_frame.push_stack(
1459 VerificationType::float_type(), CHECK_VERIFY(this));
1460 no_control_flow = false; break;
1461 case Bytecodes::_dadd :
1462 case Bytecodes::_dsub :
1463 case Bytecodes::_dmul :
1464 case Bytecodes::_ddiv :
1465 case Bytecodes::_drem :
1466 current_frame.pop_stack_2(
1467 VerificationType::double2_type(),
1468 VerificationType::double_type(), CHECK_VERIFY(this));
1469 // fall through
1470 case Bytecodes::_dneg :
1471 current_frame.pop_stack_2(
1472 VerificationType::double2_type(),
1473 VerificationType::double_type(), CHECK_VERIFY(this));
1474 current_frame.push_stack_2(
1475 VerificationType::double_type(),
1476 VerificationType::double2_type(), CHECK_VERIFY(this));
1477 no_control_flow = false; break;
1478 case Bytecodes::_iinc :
1479 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1480 no_control_flow = false; break;
1481 case Bytecodes::_i2l :
1482 type = current_frame.pop_stack(
1483 VerificationType::integer_type(), CHECK_VERIFY(this));
1484 current_frame.push_stack_2(
1485 VerificationType::long_type(),
1486 VerificationType::long2_type(), CHECK_VERIFY(this));
1487 no_control_flow = false; break;
1488 case Bytecodes::_l2i :
1489 current_frame.pop_stack_2(
1490 VerificationType::long2_type(),
1491 VerificationType::long_type(), CHECK_VERIFY(this));
1492 current_frame.push_stack(
1493 VerificationType::integer_type(), CHECK_VERIFY(this));
1494 no_control_flow = false; break;
1495 case Bytecodes::_i2f :
1496 current_frame.pop_stack(
1497 VerificationType::integer_type(), CHECK_VERIFY(this));
1498 current_frame.push_stack(
1499 VerificationType::float_type(), CHECK_VERIFY(this));
1500 no_control_flow = false; break;
1501 case Bytecodes::_i2d :
1502 current_frame.pop_stack(
1503 VerificationType::integer_type(), CHECK_VERIFY(this));
1504 current_frame.push_stack_2(
1505 VerificationType::double_type(),
1506 VerificationType::double2_type(), CHECK_VERIFY(this));
1507 no_control_flow = false; break;
1508 case Bytecodes::_l2f :
1509 current_frame.pop_stack_2(
1510 VerificationType::long2_type(),
1511 VerificationType::long_type(), CHECK_VERIFY(this));
1512 current_frame.push_stack(
1513 VerificationType::float_type(), CHECK_VERIFY(this));
1514 no_control_flow = false; break;
1515 case Bytecodes::_l2d :
1516 current_frame.pop_stack_2(
1517 VerificationType::long2_type(),
1518 VerificationType::long_type(), CHECK_VERIFY(this));
1519 current_frame.push_stack_2(
1520 VerificationType::double_type(),
1521 VerificationType::double2_type(), CHECK_VERIFY(this));
1522 no_control_flow = false; break;
1523 case Bytecodes::_f2i :
1524 current_frame.pop_stack(
1525 VerificationType::float_type(), CHECK_VERIFY(this));
1526 current_frame.push_stack(
1527 VerificationType::integer_type(), CHECK_VERIFY(this));
1528 no_control_flow = false; break;
1529 case Bytecodes::_f2l :
1530 current_frame.pop_stack(
1531 VerificationType::float_type(), CHECK_VERIFY(this));
1532 current_frame.push_stack_2(
1533 VerificationType::long_type(),
1534 VerificationType::long2_type(), CHECK_VERIFY(this));
1535 no_control_flow = false; break;
1536 case Bytecodes::_f2d :
1537 current_frame.pop_stack(
1538 VerificationType::float_type(), CHECK_VERIFY(this));
1539 current_frame.push_stack_2(
1540 VerificationType::double_type(),
1541 VerificationType::double2_type(), CHECK_VERIFY(this));
1542 no_control_flow = false; break;
1543 case Bytecodes::_d2i :
1544 current_frame.pop_stack_2(
1545 VerificationType::double2_type(),
1546 VerificationType::double_type(), CHECK_VERIFY(this));
1547 current_frame.push_stack(
1548 VerificationType::integer_type(), CHECK_VERIFY(this));
1549 no_control_flow = false; break;
1550 case Bytecodes::_d2l :
1551 current_frame.pop_stack_2(
1552 VerificationType::double2_type(),
1553 VerificationType::double_type(), CHECK_VERIFY(this));
1554 current_frame.push_stack_2(
1555 VerificationType::long_type(),
1556 VerificationType::long2_type(), CHECK_VERIFY(this));
1557 no_control_flow = false; break;
1558 case Bytecodes::_d2f :
1559 current_frame.pop_stack_2(
1560 VerificationType::double2_type(),
1561 VerificationType::double_type(), CHECK_VERIFY(this));
1562 current_frame.push_stack(
1563 VerificationType::float_type(), CHECK_VERIFY(this));
1564 no_control_flow = false; break;
1565 case Bytecodes::_i2b :
1566 case Bytecodes::_i2c :
1567 case Bytecodes::_i2s :
1568 current_frame.pop_stack(
1569 VerificationType::integer_type(), CHECK_VERIFY(this));
1570 current_frame.push_stack(
1571 VerificationType::integer_type(), CHECK_VERIFY(this));
1572 no_control_flow = false; break;
1573 case Bytecodes::_lcmp :
1574 current_frame.pop_stack_2(
1575 VerificationType::long2_type(),
1576 VerificationType::long_type(), CHECK_VERIFY(this));
1577 current_frame.pop_stack_2(
1578 VerificationType::long2_type(),
1579 VerificationType::long_type(), CHECK_VERIFY(this));
1580 current_frame.push_stack(
1581 VerificationType::integer_type(), CHECK_VERIFY(this));
1582 no_control_flow = false; break;
1583 case Bytecodes::_fcmpl :
1584 case Bytecodes::_fcmpg :
1585 current_frame.pop_stack(
1586 VerificationType::float_type(), CHECK_VERIFY(this));
1587 current_frame.pop_stack(
1588 VerificationType::float_type(), CHECK_VERIFY(this));
1589 current_frame.push_stack(
1590 VerificationType::integer_type(), CHECK_VERIFY(this));
1591 no_control_flow = false; break;
1592 case Bytecodes::_dcmpl :
1593 case Bytecodes::_dcmpg :
1594 current_frame.pop_stack_2(
1595 VerificationType::double2_type(),
1596 VerificationType::double_type(), CHECK_VERIFY(this));
1597 current_frame.pop_stack_2(
1598 VerificationType::double2_type(),
1599 VerificationType::double_type(), CHECK_VERIFY(this));
1600 current_frame.push_stack(
1601 VerificationType::integer_type(), CHECK_VERIFY(this));
1602 no_control_flow = false; break;
1603 case Bytecodes::_if_icmpeq:
1604 case Bytecodes::_if_icmpne:
1605 case Bytecodes::_if_icmplt:
1606 case Bytecodes::_if_icmpge:
1607 case Bytecodes::_if_icmpgt:
1608 case Bytecodes::_if_icmple:
1609 current_frame.pop_stack(
1610 VerificationType::integer_type(), CHECK_VERIFY(this));
1611 // fall through
1612 case Bytecodes::_ifeq:
1613 case Bytecodes::_ifne:
1614 case Bytecodes::_iflt:
1615 case Bytecodes::_ifge:
1616 case Bytecodes::_ifgt:
1617 case Bytecodes::_ifle:
1618 current_frame.pop_stack(
1619 VerificationType::integer_type(), CHECK_VERIFY(this));
1620 target = bcs.dest();
1621 stackmap_table.check_jump_target(
1622 ¤t_frame, target, CHECK_VERIFY(this));
1623 no_control_flow = false; break;
1624 case Bytecodes::_if_acmpeq :
1625 case Bytecodes::_if_acmpne :
1626 current_frame.pop_stack(
1627 VerificationType::reference_check(), CHECK_VERIFY(this));
1628 // fall through
1629 case Bytecodes::_ifnull :
1630 case Bytecodes::_ifnonnull :
1631 current_frame.pop_stack(
1632 VerificationType::reference_check(), CHECK_VERIFY(this));
1633 target = bcs.dest();
1634 stackmap_table.check_jump_target
1635 (¤t_frame, target, CHECK_VERIFY(this));
1636 no_control_flow = false; break;
1637 case Bytecodes::_goto :
1638 target = bcs.dest();
1639 stackmap_table.check_jump_target(
1640 ¤t_frame, target, CHECK_VERIFY(this));
1641 no_control_flow = true; break;
1642 case Bytecodes::_goto_w :
1643 target = bcs.dest_w();
1644 stackmap_table.check_jump_target(
1645 ¤t_frame, target, CHECK_VERIFY(this));
1646 no_control_flow = true; break;
1647 case Bytecodes::_tableswitch :
1648 case Bytecodes::_lookupswitch :
1649 verify_switch(
1650 &bcs, code_length, code_data, ¤t_frame,
1651 &stackmap_table, CHECK_VERIFY(this));
1652 no_control_flow = true; break;
1653 case Bytecodes::_ireturn :
1654 type = current_frame.pop_stack(
1655 VerificationType::integer_type(), CHECK_VERIFY(this));
1656 verify_return_value(return_type, type, bci,
1657 ¤t_frame, CHECK_VERIFY(this));
1658 no_control_flow = true; break;
1659 case Bytecodes::_lreturn :
1660 type2 = current_frame.pop_stack(
1661 VerificationType::long2_type(), CHECK_VERIFY(this));
1662 type = current_frame.pop_stack(
1663 VerificationType::long_type(), CHECK_VERIFY(this));
1664 verify_return_value(return_type, type, bci,
1665 ¤t_frame, CHECK_VERIFY(this));
1666 no_control_flow = true; break;
1667 case Bytecodes::_freturn :
1668 type = current_frame.pop_stack(
1669 VerificationType::float_type(), CHECK_VERIFY(this));
1670 verify_return_value(return_type, type, bci,
1671 ¤t_frame, CHECK_VERIFY(this));
1672 no_control_flow = true; break;
1673 case Bytecodes::_dreturn :
1674 type2 = current_frame.pop_stack(
1675 VerificationType::double2_type(), CHECK_VERIFY(this));
1676 type = current_frame.pop_stack(
1677 VerificationType::double_type(), CHECK_VERIFY(this));
1678 verify_return_value(return_type, type, bci,
1679 ¤t_frame, CHECK_VERIFY(this));
1680 no_control_flow = true; break;
1681 case Bytecodes::_areturn :
1682 type = current_frame.pop_stack(
1683 VerificationType::reference_check(), CHECK_VERIFY(this));
1684 verify_return_value(return_type, type, bci,
1685 ¤t_frame, CHECK_VERIFY(this));
1686 no_control_flow = true; break;
1687 case Bytecodes::_vreturn :
1688 if (!vbytecodes_allowed) {
1689 class_format_error(
1690 "vreturn not supported by this class file version (%d.%d), class %s",
1691 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1692 return;
1693 }
1694 type = current_frame.pop_stack(
1695 VerificationType::valuetype_check(), CHECK_VERIFY(this));
1696 verify_return_value(return_type, type, bci,
1697 ¤t_frame, CHECK_VERIFY(this));
1698 no_control_flow = true; break;
1699 case Bytecodes::_return :
1700 if (return_type != VerificationType::bogus_type()) {
1701 verify_error(ErrorContext::bad_code(bci),
1702 "Method expects a return value");
1703 return;
1704 }
1705 // Make sure "this" has been initialized if current method is an
1706 // <init>.
1707 if (_method->name() == vmSymbols::object_initializer_name() &&
1708 current_frame.flag_this_uninit()) {
1709 verify_error(ErrorContext::bad_code(bci),
1710 "Constructor must call super() or this() "
1711 "before return");
1712 return;
1713 }
1714 no_control_flow = true; break;
1715 case Bytecodes::_getstatic :
1716 case Bytecodes::_putstatic :
1717 // pass TRUE, operand can be an array type for getstatic/putstatic.
1718 verify_field_instructions(
1719 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1720 no_control_flow = false; break;
1721 case Bytecodes::_getfield :
1722 case Bytecodes::_putfield :
1723 // pass FALSE, operand can't be an array type for getfield/putfield.
1724 verify_field_instructions(
1725 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1726 no_control_flow = false; break;
1727 case Bytecodes::_vwithfield :
1728 if (!vbytecodes_allowed) {
1729 class_format_error(
1730 "vwithfield not supported by this class file version (%d.%d), class %s",
1731 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1732 return;
1733 }
1734 verify_vwithfield(&bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1735 no_control_flow = false; break;
1736 case Bytecodes::_invokevirtual :
1737 case Bytecodes::_invokespecial :
1738 case Bytecodes::_invokestatic :
1739 verify_invoke_instructions(
1740 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1741 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1742 no_control_flow = false; break;
1743 case Bytecodes::_invokeinterface :
1744 case Bytecodes::_invokedynamic :
1745 verify_invoke_instructions(
1746 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1747 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1748 no_control_flow = false; break;
1749 case Bytecodes::_new :
1750 {
1751 index = bcs.get_index_u2();
1752 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1753 VerificationType new_class_type =
1754 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
1755 if (!new_class_type.is_object()) {
1756 verify_error(ErrorContext::bad_type(bci,
1757 TypeOrigin::cp(index, new_class_type)),
1758 "Illegal new instruction");
1759 return;
1760 }
1761 type = VerificationType::uninitialized_type(bci);
1762 current_frame.push_stack(type, CHECK_VERIFY(this));
1763 no_control_flow = false; break;
1764 }
1765 case Bytecodes::_vdefault :
1766 {
1767 if (!vbytecodes_allowed) {
1768 class_format_error(
1769 "vdefault not supported by this class file version (%d.%d), class %s",
1770 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1771 return;
1772 }
1773 index = bcs.get_index_u2();
1774 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this));
1775 VerificationType new_value_type =
1776 cp_index_to_valuetype(index, cp, CHECK_VERIFY(this));
1777 if (!new_value_type.is_valuetype()) {
1778 verify_error(ErrorContext::bad_type(bci,
1779 TypeOrigin::cp(index, new_value_type)),
1780 "Illegal vdefault instruction");
1781 return;
1782 }
1783 current_frame.push_stack(new_value_type, CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 }
1786 case Bytecodes::_newarray :
1787 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1788 current_frame.pop_stack(
1789 VerificationType::integer_type(), CHECK_VERIFY(this));
1790 current_frame.push_stack(type, CHECK_VERIFY(this));
1791 no_control_flow = false; break;
1792 case Bytecodes::_anewarray :
1793 verify_anewarray(
1794 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1795 no_control_flow = false; break;
1796 case Bytecodes::_arraylength :
1797 type = current_frame.pop_stack(
1798 VerificationType::reference_check(), CHECK_VERIFY(this));
1799 if (!(type.is_null() || type.is_array())) {
1800 verify_error(ErrorContext::bad_type(
1801 bci, current_frame.stack_top_ctx()),
1802 bad_type_msg, "arraylength");
1803 }
1804 current_frame.push_stack(
1805 VerificationType::integer_type(), CHECK_VERIFY(this));
1806 no_control_flow = false; break;
1807 case Bytecodes::_checkcast :
1808 {
1809 index = bcs.get_index_u2();
1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812 VerificationType klass_type = cp_index_to_reference_type(
1813 index, cp, CHECK_VERIFY(this));
1814 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1815 no_control_flow = false; break;
1816 }
1817 case Bytecodes::_instanceof : {
1818 index = bcs.get_index_u2();
1819 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1820 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1821 current_frame.push_stack(
1822 VerificationType::integer_type(), CHECK_VERIFY(this));
1823 no_control_flow = false; break;
1824 }
1825 case Bytecodes::_vbox : {
1826 if (!EnableMVT || !vbytecodes_allowed) {
1827 class_format_error(
1828 "vbox not supported by this class file version (%d.%d), class %s",
1829 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1830 return;
1831 }
1832 index = bcs.get_index_u2();
1833 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1834 current_frame.pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this));
1835 VerificationType klass_type = cp_index_to_reference_type(
1836 index, cp, CHECK_VERIFY(this));
1837 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1838 no_control_flow = false; break;
1839 }
1840 case Bytecodes::_vunbox : {
1841 if (!EnableMVT || !vbytecodes_allowed) {
1842 class_format_error(
1843 "vunbox not supported by this class file version (%d.%d), class %s",
1844 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1845 return;
1846 }
1847 index = bcs.get_index_u2();
1848 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this));
1849 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1850 VerificationType value_type = cp_index_to_valuetype(
1851 index, cp, CHECK_VERIFY(this));
1852 current_frame.push_stack(value_type, CHECK_VERIFY(this));
1853 no_control_flow = false; break;
1854 }
1855 case Bytecodes::_monitorenter :
1856 case Bytecodes::_monitorexit :
1857 current_frame.pop_stack(
1858 VerificationType::reference_check(), CHECK_VERIFY(this));
1859 no_control_flow = false; break;
1860 case Bytecodes::_multianewarray :
1861 {
1862 index = bcs.get_index_u2();
1863 u2 dim = *(bcs.bcp()+3);
1864 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this));
1865 VerificationType new_array_type =
1866 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
1867 if (!new_array_type.is_array()) {
1868 verify_error(ErrorContext::bad_type(bci,
1869 TypeOrigin::cp(index, new_array_type)),
1870 "Illegal constant pool index in multianewarray instruction");
1871 return;
1872 }
1873 if (dim < 1 || new_array_type.dimensions() < dim) {
1874 verify_error(ErrorContext::bad_code(bci),
1875 "Illegal dimension in multianewarray instruction: %d", dim);
1876 return;
1877 }
1878 for (int i = 0; i < dim; i++) {
1879 current_frame.pop_stack(
1880 VerificationType::integer_type(), CHECK_VERIFY(this));
1881 }
1882 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1883 no_control_flow = false; break;
1884 }
1885 case Bytecodes::_athrow :
1886 type = VerificationType::reference_type(
1887 vmSymbols::java_lang_Throwable());
1888 current_frame.pop_stack(type, CHECK_VERIFY(this));
1889 no_control_flow = true; break;
1890 default:
1891 // We only need to check the valid bytecodes in class file.
1892 // And jsr and ret are not in the new class file format in JDK1.5.
1893 verify_error(ErrorContext::bad_code(bci),
1894 "Bad instruction: %02x", opcode);
1895 no_control_flow = false;
1896 return;
1897 } // end switch
1898 } // end Merge with the next instruction
1899
1900 // Look for possible jump target in exception handlers and see if it matches
1901 // current_frame. Don't do this check if it has already been done (for
1902 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1903 // opcodes, such as invokespecial, may set the this_uninit flag.
1904 assert(!(verified_exc_handlers && this_uninit),
1905 "Exception handler targets got verified before this_uninit got set");
1906 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1907 if (was_recursively_verified()) return;
1908 verify_exception_handler_targets(
1909 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1910 }
1911 } // end while
1912
1913 // Make sure that control flow does not fall through end of the method
1914 if (!no_control_flow) {
1915 verify_error(ErrorContext::bad_code(code_length),
1916 "Control flow falls through code end");
1917 return;
1918 }
1919 }
1920
1921 #undef bad_type_message
1922
1923 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1924 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1925 memset(code_data, 0, sizeof(char) * code_length);
1926 RawBytecodeStream bcs(m);
1927
1928 while (!bcs.is_last_bytecode()) {
1929 if (bcs.raw_next() != Bytecodes::_illegal) {
1930 int bci = bcs.bci();
1931 if (bcs.raw_code() == Bytecodes::_new) {
1932 code_data[bci] = NEW_OFFSET;
1933 } else {
1934 code_data[bci] = BYTECODE_OFFSET;
1935 }
1936 } else {
1937 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1938 return NULL;
1939 }
1940 }
1941
1942 return code_data;
1943 }
1944
1945 // Since this method references the constant pool, call was_recursively_verified()
1946 // before calling this method to make sure a prior class load did not cause the
1947 // current class to get verified.
1948 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1949 ExceptionTable exhandlers(_method());
1950 int exlength = exhandlers.length();
1951 constantPoolHandle cp (THREAD, _method->constants());
1952
1953 for(int i = 0; i < exlength; i++) {
1954 u2 start_pc = exhandlers.start_pc(i);
1955 u2 end_pc = exhandlers.end_pc(i);
1956 u2 handler_pc = exhandlers.handler_pc(i);
1957 if (start_pc >= code_length || code_data[start_pc] == 0) {
1958 class_format_error("Illegal exception table start_pc %d", start_pc);
1959 return;
1960 }
1961 if (end_pc != code_length) { // special case: end_pc == code_length
1962 if (end_pc > code_length || code_data[end_pc] == 0) {
1963 class_format_error("Illegal exception table end_pc %d", end_pc);
1964 return;
1965 }
1966 }
1967 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1968 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1969 return;
1970 }
1971 int catch_type_index = exhandlers.catch_type_index(i);
1972 if (catch_type_index != 0) {
1973 VerificationType catch_type = cp_index_to_reference_type(
1974 catch_type_index, cp, CHECK_VERIFY(this));
1975 VerificationType throwable =
1976 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1977 bool is_subclass = throwable.is_assignable_from(
1978 catch_type, this, false, CHECK_VERIFY(this));
1979 if (!is_subclass) {
1980 // 4286534: should throw VerifyError according to recent spec change
1981 verify_error(ErrorContext::bad_type(handler_pc,
1982 TypeOrigin::cp(catch_type_index, catch_type),
1983 TypeOrigin::implicit(throwable)),
1984 "Catch type is not a subclass "
1985 "of Throwable in exception handler %d", handler_pc);
1986 return;
1987 }
1988 }
1989 if (start_pc < min) min = start_pc;
1990 if (end_pc > max) max = end_pc;
1991 }
1992 }
1993
1994 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1995 int localvariable_table_length = _method->localvariable_table_length();
1996 if (localvariable_table_length > 0) {
1997 LocalVariableTableElement* table = _method->localvariable_table_start();
1998 for (int i = 0; i < localvariable_table_length; i++) {
1999 u2 start_bci = table[i].start_bci;
2000 u2 length = table[i].length;
2001
2002 if (start_bci >= code_length || code_data[start_bci] == 0) {
2003 class_format_error(
2004 "Illegal local variable table start_pc %d", start_bci);
2005 return;
2006 }
2007 u4 end_bci = (u4)(start_bci + length);
2008 if (end_bci != code_length) {
2009 if (end_bci >= code_length || code_data[end_bci] == 0) {
2010 class_format_error( "Illegal local variable table length %d", length);
2011 return;
2012 }
2013 }
2014 }
2015 }
2016 }
2017
2018 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
2019 StackMapFrame* current_frame,
2020 StackMapTable* stackmap_table,
2021 bool no_control_flow, TRAPS) {
2022 if (stackmap_index < stackmap_table->get_frame_count()) {
2023 u2 this_offset = stackmap_table->get_offset(stackmap_index);
2024 if (no_control_flow && this_offset > bci) {
2025 verify_error(ErrorContext::missing_stackmap(bci),
2026 "Expecting a stack map frame");
2027 return 0;
2028 }
2029 if (this_offset == bci) {
2030 ErrorContext ctx;
2031 // See if current stack map can be assigned to the frame in table.
2032 // current_frame is the stackmap frame got from the last instruction.
2033 // If matched, current_frame will be updated by this method.
2034 bool matches = stackmap_table->match_stackmap(
2035 current_frame, this_offset, stackmap_index,
2036 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
2037 if (!matches) {
2038 // report type error
2039 verify_error(ctx, "Instruction type does not match stack map");
2040 return 0;
2041 }
2042 stackmap_index++;
2043 } else if (this_offset < bci) {
2044 // current_offset should have met this_offset.
2045 class_format_error("Bad stack map offset %d", this_offset);
2046 return 0;
2047 }
2048 } else if (no_control_flow) {
2049 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2050 return 0;
2051 }
2052 return stackmap_index;
2053 }
2054
2055 // Since this method references the constant pool, call was_recursively_verified()
2056 // before calling this method to make sure a prior class load did not cause the
2057 // current class to get verified.
2058 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2059 StackMapFrame* current_frame,
2060 StackMapTable* stackmap_table, TRAPS) {
2061 constantPoolHandle cp (THREAD, _method->constants());
2062 ExceptionTable exhandlers(_method());
2063 int exlength = exhandlers.length();
2064 for(int i = 0; i < exlength; i++) {
2065 u2 start_pc = exhandlers.start_pc(i);
2066 u2 end_pc = exhandlers.end_pc(i);
2067 u2 handler_pc = exhandlers.handler_pc(i);
2068 int catch_type_index = exhandlers.catch_type_index(i);
2069 if(bci >= start_pc && bci < end_pc) {
2070 u1 flags = current_frame->flags();
2071 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2072 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2073 if (catch_type_index != 0) {
2074 if (was_recursively_verified()) return;
2075 // We know that this index refers to a subclass of Throwable
2076 VerificationType catch_type = cp_index_to_reference_type(
2077 catch_type_index, cp, CHECK_VERIFY(this));
2078 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2079 } else {
2080 VerificationType throwable =
2081 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2082 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2083 }
2084 ErrorContext ctx;
2085 bool matches = stackmap_table->match_stackmap(
2086 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2087 if (!matches) {
2088 verify_error(ctx, "Stack map does not match the one at "
2089 "exception handler %d", handler_pc);
2090 return;
2091 }
2092 }
2093 }
2094 }
2095
2096 void ClassVerifier::verify_cp_index(
2097 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2098 int nconstants = cp->length();
2099 if ((index <= 0) || (index >= nconstants)) {
2100 verify_error(ErrorContext::bad_cp_index(bci, index),
2101 "Illegal constant pool index %d in class %s",
2102 index, cp->pool_holder()->external_name());
2103 return;
2104 }
2105 }
2106
2107 void ClassVerifier::verify_cp_type(
2108 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2109
2110 // In some situations, bytecode rewriting may occur while we're verifying.
2111 // In this case, a constant pool cache exists and some indices refer to that
2112 // instead. Be sure we don't pick up such indices by accident.
2113 // We must check was_recursively_verified() before we get here.
2114 guarantee(cp->cache() == NULL, "not rewritten yet");
2115
2116 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2117 unsigned int tag = cp->tag_at(index).value();
2118
2119 if (tag == JVM_CONSTANT_Value) {
2120 tag = SAFE_JVM_CONSTANT_Value; //avoid overflow
2121 }
2122
2123 if ((types & (1 << tag)) == 0) {
2124 verify_error(ErrorContext::bad_cp_index(bci, index),
2125 "Illegal type at constant pool entry %d in class %s",
2126 index, cp->pool_holder()->external_name());
2127 return;
2128 }
2129 }
2130
2131 void ClassVerifier::verify_cp_class_type(
2132 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2133 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2134 constantTag tag = cp->tag_at(index);
2135 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2136 verify_error(ErrorContext::bad_cp_index(bci, index),
2137 "Illegal type at constant pool entry %d in class %s",
2138 index, cp->pool_holder()->external_name());
2139 return;
2140 }
2141 }
2142
2143 void ClassVerifier::verify_cp_value_type(
2144 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2145 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2146 constantTag tag = cp->tag_at(index);
2147 if (!tag.is_value_type() && !tag.is_unresolved_value_type()) {
2148 verify_error(ErrorContext::bad_cp_index(bci, index),
2149 "Illegal type at constant pool entry %d in class %s",
2150 index, cp->pool_holder()->external_name());
2151 return;
2152 }
2153 }
2154
2155 // Used for MVT value type overloaded bytecodes (anewarray, getfield, multianewarray)
2156 void ClassVerifier::verify_cp_class_or_value_type(
2157 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2158 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2159 constantTag tag = cp->tag_at(index);
2160 if (!tag.is_klass() && !tag.is_unresolved_klass() &&
2161 !tag.is_value_type() && !tag.is_unresolved_value_type()) {
2162 verify_error(ErrorContext::bad_cp_index(bci, index),
2163 "Illegal type at constant pool entry %d in class %s",
2164 index, cp->pool_holder()->external_name());
2165 return;
2166 }
2167 }
2168
2169 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2170 stringStream ss;
2171
2172 ctx.reset_frames();
2173 _exception_type = vmSymbols::java_lang_VerifyError();
2174 _error_context = ctx;
2175 va_list va;
2176 va_start(va, msg);
2177 ss.vprint(msg, va);
2178 va_end(va);
2179 _message = ss.as_string();
2180 #ifdef ASSERT
2181 ResourceMark rm;
2182 const char* exception_name = _exception_type->as_C_string();
2183 Exceptions::debug_check_abort(exception_name, NULL);
2184 #endif // ndef ASSERT
2185 }
2186
2187 void ClassVerifier::class_format_error(const char* msg, ...) {
2188 stringStream ss;
2189 _exception_type = vmSymbols::java_lang_ClassFormatError();
2190 va_list va;
2191 va_start(va, msg);
2192 ss.vprint(msg, va);
2193 va_end(va);
2194 if (!_method.is_null()) {
2195 ss.print(" in method %s", _method->name_and_sig_as_C_string());
2196 }
2197 _message = ss.as_string();
2198 }
2199
2200 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2201 HandleMark hm(THREAD);
2202 // Get current loader and protection domain first.
2203 oop loader = current_class()->class_loader();
2204 oop protection_domain = current_class()->protection_domain();
2205
2206 Klass* kls = SystemDictionary::resolve_or_fail(
2207 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2208 true, THREAD);
2209
2210 if (log_is_enabled(Debug, class, resolve)) {
2211 InstanceKlass* cur_class = InstanceKlass::cast(current_class());
2212 Verifier::trace_class_resolution(kls, cur_class);
2213 }
2214 return kls;
2215 }
2216
2217 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2218 Klass* target_class,
2219 Symbol* field_name,
2220 Symbol* field_sig,
2221 bool is_method) {
2222 NoSafepointVerifier nosafepoint;
2223
2224 // If target class isn't a super class of this class, we don't worry about this case
2225 if (!this_class->is_subclass_of(target_class)) {
2226 return false;
2227 }
2228 // Check if the specified method or field is protected
2229 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2230 fieldDescriptor fd;
2231 if (is_method) {
2232 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
2233 if (m != NULL && m->is_protected()) {
2234 if (!this_class->is_same_class_package(m->method_holder())) {
2235 return true;
2236 }
2237 }
2238 } else {
2239 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2240 if (member_klass != NULL && fd.is_protected()) {
2241 if (!this_class->is_same_class_package(member_klass)) {
2242 return true;
2243 }
2244 }
2245 }
2246 return false;
2247 }
2248
2249 void ClassVerifier::verify_ldc(
2250 int opcode, u2 index, StackMapFrame* current_frame,
2251 const constantPoolHandle& cp, u2 bci, TRAPS) {
2252 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2253 constantTag tag = cp->tag_at(index);
2254 unsigned int types;
2255 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2256 if (!tag.is_unresolved_klass() && !tag.is_unresolved_value_type()) {
2257 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2258 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2259 | (1 << SAFE_JVM_CONSTANT_Value)
2260 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
2261 // Note: The class file parser already verified the legality of
2262 // MethodHandle and MethodType constants.
2263 // Note: SAFE_JVM_CONSTANT_Value is used instead of JVM_CONSTANT_Value
2264 // since JVM_CONSTANT_Value is an internally defined CP tag that is
2265 // defined with a large value. When shifting left JVM_CONSTANT_Value
2266 // would overrun the width of types.
2267 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2268 }
2269 } else {
2270 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2271 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
2272 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2273 }
2274 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2275 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2276 } else if (tag.is_string()) {
2277 current_frame->push_stack(
2278 VerificationType::reference_type(
2279 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2280 } else if (tag.is_klass() || tag.is_unresolved_klass() ||
2281 tag.is_value_type() || tag.is_unresolved_value_type()) {
2282 current_frame->push_stack(
2283 VerificationType::reference_type(
2284 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2285 } else if (tag.is_int()) {
2286 current_frame->push_stack(
2287 VerificationType::integer_type(), CHECK_VERIFY(this));
2288 } else if (tag.is_float()) {
2289 current_frame->push_stack(
2290 VerificationType::float_type(), CHECK_VERIFY(this));
2291 } else if (tag.is_double()) {
2292 current_frame->push_stack_2(
2293 VerificationType::double_type(),
2294 VerificationType::double2_type(), CHECK_VERIFY(this));
2295 } else if (tag.is_long()) {
2296 current_frame->push_stack_2(
2297 VerificationType::long_type(),
2298 VerificationType::long2_type(), CHECK_VERIFY(this));
2299 } else if (tag.is_method_handle()) {
2300 current_frame->push_stack(
2301 VerificationType::reference_type(
2302 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2303 } else if (tag.is_method_type()) {
2304 current_frame->push_stack(
2305 VerificationType::reference_type(
2306 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2307 } else {
2308 /* Unreachable? verify_cp_type has already validated the cp type. */
2309 verify_error(
2310 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2311 return;
2312 }
2313 }
2314
2315 void ClassVerifier::verify_switch(
2316 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2317 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2318 int bci = bcs->bci();
2319 address bcp = bcs->bcp();
2320 address aligned_bcp = align_up(bcp + 1, jintSize);
2321
2322 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2323 // 4639449 & 4647081: padding bytes must be 0
2324 u2 padding_offset = 1;
2325 while ((bcp + padding_offset) < aligned_bcp) {
2326 if(*(bcp + padding_offset) != 0) {
2327 verify_error(ErrorContext::bad_code(bci),
2328 "Nonzero padding byte in lookupswitch or tableswitch");
2329 return;
2330 }
2331 padding_offset++;
2332 }
2333 }
2334
2335 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2336 int keys, delta;
2337 current_frame->pop_stack(
2338 VerificationType::integer_type(), CHECK_VERIFY(this));
2339 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2340 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2341 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2342 if (low > high) {
2343 verify_error(ErrorContext::bad_code(bci),
2344 "low must be less than or equal to high in tableswitch");
2345 return;
2346 }
2347 keys = high - low + 1;
2348 if (keys < 0) {
2349 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2350 return;
2351 }
2352 delta = 1;
2353 } else {
2354 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2355 if (keys < 0) {
2356 verify_error(ErrorContext::bad_code(bci),
2357 "number of keys in lookupswitch less than 0");
2358 return;
2359 }
2360 delta = 2;
2361 // Make sure that the lookupswitch items are sorted
2362 for (int i = 0; i < (keys - 1); i++) {
2363 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2364 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2365 if (this_key >= next_key) {
2366 verify_error(ErrorContext::bad_code(bci),
2367 "Bad lookupswitch instruction");
2368 return;
2369 }
2370 }
2371 }
2372 int target = bci + default_offset;
2373 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2374 for (int i = 0; i < keys; i++) {
2375 // Because check_jump_target() may safepoint, the bytecode could have
2376 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2377 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2378 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2379 stackmap_table->check_jump_target(
2380 current_frame, target, CHECK_VERIFY(this));
2381 }
2382 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2383 }
2384
2385 bool ClassVerifier::name_in_supers(
2386 Symbol* ref_name, InstanceKlass* current) {
2387 Klass* super = current->super();
2388 while (super != NULL) {
2389 if (super->name() == ref_name) {
2390 return true;
2391 }
2392 super = super->super();
2393 }
2394 return false;
2395 }
2396
2397 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2398 StackMapFrame* current_frame,
2399 const constantPoolHandle& cp,
2400 bool allow_arrays,
2401 TRAPS) {
2402 u2 index = bcs->get_index_u2();
2403 verify_cp_type(bcs->bci(), index, cp,
2404 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2405
2406 // Get field name and signature
2407 Symbol* field_name = cp->name_ref_at(index);
2408 Symbol* field_sig = cp->signature_ref_at(index);
2409
2410 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2411 class_format_error(
2412 "Invalid signature for field in class %s referenced "
2413 "from constant pool index %d", _klass->external_name(), index);
2414 return;
2415 }
2416
2417 // Get referenced class or value type
2418 constantTag field_class_tag = cp->tag_at(cp->klass_ref_index_at(index));
2419 VerificationType ref_class_type;
2420
2421 // getfield is overloaded to allow for either a reference or value type
2422 if (bcs->raw_code() == Bytecodes::_getfield &&
2423 (EnableMVT || EnableValhalla) &&
2424 (field_class_tag.is_value_type() || field_class_tag.is_unresolved_value_type())) {
2425 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this));
2426 if (!ref_class_type.is_valuetype()) {
2427 verify_error(ErrorContext::bad_type(bcs->bci(),
2428 TypeOrigin::cp(index, ref_class_type)),
2429 "Expecting reference to value type in class %s at constant pool index %d",
2430 _klass->external_name(), index);
2431 return;
2432 }
2433 } else {
2434 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2435 if (!ref_class_type.is_object() &&
2436 (!allow_arrays || !ref_class_type.is_array())) {
2437 verify_error(ErrorContext::bad_type(bcs->bci(),
2438 TypeOrigin::cp(index, ref_class_type)),
2439 "Expecting reference to class in class %s at constant pool index %d",
2440 _klass->external_name(), index);
2441 return;
2442 }
2443 }
2444
2445 VerificationType target_class_type = ref_class_type;
2446
2447 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2448 "buffer type must match VerificationType size");
2449 uintptr_t field_type_buffer[2];
2450 VerificationType* field_type = (VerificationType*)field_type_buffer;
2451 // If we make a VerificationType[2] array directly, the compiler calls
2452 // to the c-runtime library to do the allocation instead of just
2453 // stack allocating it. Plus it would run constructors. This shows up
2454 // in performance profiles.
2455
2456 SignatureStream sig_stream(field_sig, false);
2457 VerificationType stack_object_type;
2458 int n = change_sig_to_verificationType(
2459 &sig_stream, field_type, CHECK_VERIFY(this));
2460 u2 bci = bcs->bci();
2461 bool is_assignable;
2462 switch (bcs->raw_code()) {
2463 case Bytecodes::_getstatic: {
2464 for (int i = 0; i < n; i++) {
2465 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2466 }
2467 break;
2468 }
2469 case Bytecodes::_putstatic: {
2470 for (int i = n - 1; i >= 0; i--) {
2471 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2472 }
2473 break;
2474 }
2475 case Bytecodes::_getfield: {
2476 stack_object_type = current_frame->pop_stack(
2477 target_class_type, CHECK_VERIFY(this));
2478 for (int i = 0; i < n; i++) {
2479 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2480 }
2481 goto check_protected;
2482 }
2483 case Bytecodes::_putfield: {
2484 for (int i = n - 1; i >= 0; i--) {
2485 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2486 }
2487 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2488
2489 // The JVMS 2nd edition allows field initialization before the superclass
2490 // initializer, if the field is defined within the current class.
2491 fieldDescriptor fd;
2492 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2493 target_class_type.equals(current_type()) &&
2494 _klass->find_local_field(field_name, field_sig, &fd)) {
2495 stack_object_type = current_type();
2496 }
2497 is_assignable = target_class_type.is_assignable_from(
2498 stack_object_type, this, false, CHECK_VERIFY(this));
2499 if (!is_assignable) {
2500 verify_error(ErrorContext::bad_type(bci,
2501 current_frame->stack_top_ctx(),
2502 TypeOrigin::cp(index, target_class_type)),
2503 "Bad type on operand stack in putfield");
2504 return;
2505 }
2506 }
2507 check_protected: {
2508 if (_this_type == stack_object_type)
2509 break; // stack_object_type must be assignable to _current_class_type
2510 if (was_recursively_verified()) return;
2511 Symbol* ref_class_name =
2512 cp->klass_name_at(cp->klass_ref_index_at(index));
2513 if (!name_in_supers(ref_class_name, current_class()))
2514 // stack_object_type must be assignable to _current_class_type since:
2515 // 1. stack_object_type must be assignable to ref_class.
2516 // 2. ref_class must be _current_class or a subclass of it. It can't
2517 // be a superclass of it. See revised JVMS 5.4.4.
2518 break;
2519
2520 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2521 if (is_protected_access(current_class(), ref_class_oop, field_name,
2522 field_sig, false)) {
2523 // It's protected access, check if stack object is assignable to
2524 // current class.
2525 is_assignable = current_type().is_assignable_from(
2526 stack_object_type, this, true, CHECK_VERIFY(this));
2527 if (!is_assignable) {
2528 verify_error(ErrorContext::bad_type(bci,
2529 current_frame->stack_top_ctx(),
2530 TypeOrigin::implicit(current_type())),
2531 "Bad access to protected data in getfield");
2532 return;
2533 }
2534 }
2535 break;
2536 }
2537 default: ShouldNotReachHere();
2538 }
2539 }
2540
2541 void ClassVerifier::verify_vwithfield(RawBytecodeStream* bcs,
2542 StackMapFrame* current_frame,
2543 const constantPoolHandle& cp,
2544 TRAPS) {
2545 u2 index = bcs->get_index_u2();
2546 verify_cp_type(bcs->bci(), index, cp,
2547 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2548
2549 // Get field name and signature
2550 Symbol* field_name = cp->name_ref_at(index);
2551 Symbol* field_sig = cp->signature_ref_at(index);
2552
2553 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2554 class_format_error(
2555 "Invalid signature for field in value type %s referenced "
2556 "from constant pool index %d", _klass->external_name(), index);
2557 return;
2558 }
2559
2560 // Check referenced value type
2561 VerificationType ref_value_type = cp_value_index_to_type(
2562 index, cp, CHECK_VERIFY(this));
2563 if (!ref_value_type.is_valuetype()) {
2564 verify_error(ErrorContext::bad_type(bcs->bci(),
2565 TypeOrigin::cp(index, ref_value_type)),
2566 "Expecting reference to value type in class %s at constant pool index %d",
2567 _klass->external_name(), index);
2568 return;
2569 }
2570 VerificationType target_value_type = ref_value_type;
2571
2572 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2573 "buffer type must match VerificationType size");
2574 uintptr_t field_type_buffer[2];
2575 VerificationType* field_type = (VerificationType*)field_type_buffer;
2576 // If we make a VerificationType[2] array directly, the compiler calls
2577 // to the c-runtime library to do the allocation instead of just
2578 // stack allocating it. Plus it would run constructors. This shows up
2579 // in performance profiles.
2580
2581 SignatureStream sig_stream(field_sig, false);
2582 int n = change_sig_to_verificationType(
2583 &sig_stream, field_type, CHECK_VERIFY(this));
2584 u2 bci = bcs->bci();
2585
2586 // The type of value2 must be compatible with the descriptor of the referenced field.
2587 // n could be 2 if it is a double or long.
2588 for (int i = n - 1; i >= 0; i--) {
2589 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2590 }
2591
2592 // The type of value1 must be the direct value class type appearing in the field reference.
2593 VerificationType stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2594
2595 bool is_assignable = target_value_type.is_assignable_from(
2596 stack_object_type, this, false, CHECK_VERIFY(this));
2597 if (!is_assignable) {
2598 verify_error(ErrorContext::bad_type(bci,
2599 current_frame->stack_top_ctx(),
2600 TypeOrigin::cp(index, target_value_type)),
2601 "Bad type on operand stack in vwithfield");
2602 return;
2603 }
2604
2605 // The derived value class instance from another, modifying a field
2606 current_frame->push_stack(stack_object_type, CHECK_VERIFY(this));
2607 }
2608
2609 // Look at the method's handlers. If the bci is in the handler's try block
2610 // then check if the handler_pc is already on the stack. If not, push it
2611 // unless the handler has already been scanned.
2612 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2613 GrowableArray<u4>* handler_list,
2614 GrowableArray<u4>* handler_stack,
2615 u4 bci) {
2616 int exlength = exhandlers->length();
2617 for(int x = 0; x < exlength; x++) {
2618 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2619 u4 exhandler_pc = exhandlers->handler_pc(x);
2620 if (!handler_list->contains(exhandler_pc)) {
2621 handler_stack->append_if_missing(exhandler_pc);
2622 handler_list->append(exhandler_pc);
2623 }
2624 }
2625 }
2626 }
2627
2628 // Return TRUE if all code paths starting with start_bc_offset end in
2629 // bytecode athrow or loop.
2630 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2631 ResourceMark rm;
2632 // Create bytecode stream.
2633 RawBytecodeStream bcs(method());
2634 u4 code_length = method()->code_size();
2635 bcs.set_start(start_bc_offset);
2636 u4 target;
2637 // Create stack for storing bytecode start offsets for if* and *switch.
2638 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2639 // Create stack for handlers for try blocks containing this handler.
2640 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2641 // Create list of handlers that have been pushed onto the handler_stack
2642 // so that handlers embedded inside of their own TRY blocks only get
2643 // scanned once.
2644 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2645 // Create list of visited branch opcodes (goto* and if*).
2646 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2647 ExceptionTable exhandlers(_method());
2648
2649 while (true) {
2650 if (bcs.is_last_bytecode()) {
2651 // if no more starting offsets to parse or if at the end of the
2652 // method then return false.
2653 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2654 return false;
2655 // Pop a bytecode starting offset and scan from there.
2656 bcs.set_start(bci_stack->pop());
2657 }
2658 Bytecodes::Code opcode = bcs.raw_next();
2659 u4 bci = bcs.bci();
2660
2661 // If the bytecode is in a TRY block, push its handlers so they
2662 // will get parsed.
2663 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2664
2665 switch (opcode) {
2666 case Bytecodes::_if_icmpeq:
2667 case Bytecodes::_if_icmpne:
2668 case Bytecodes::_if_icmplt:
2669 case Bytecodes::_if_icmpge:
2670 case Bytecodes::_if_icmpgt:
2671 case Bytecodes::_if_icmple:
2672 case Bytecodes::_ifeq:
2673 case Bytecodes::_ifne:
2674 case Bytecodes::_iflt:
2675 case Bytecodes::_ifge:
2676 case Bytecodes::_ifgt:
2677 case Bytecodes::_ifle:
2678 case Bytecodes::_if_acmpeq:
2679 case Bytecodes::_if_acmpne:
2680 case Bytecodes::_ifnull:
2681 case Bytecodes::_ifnonnull:
2682 target = bcs.dest();
2683 if (visited_branches->contains(bci)) {
2684 if (bci_stack->is_empty()) {
2685 if (handler_stack->is_empty()) {
2686 return true;
2687 } else {
2688 // Parse the catch handlers for try blocks containing athrow.
2689 bcs.set_start(handler_stack->pop());
2690 }
2691 } else {
2692 // Pop a bytecode starting offset and scan from there.
2693 bcs.set_start(bci_stack->pop());
2694 }
2695 } else {
2696 if (target > bci) { // forward branch
2697 if (target >= code_length) return false;
2698 // Push the branch target onto the stack.
2699 bci_stack->push(target);
2700 // then, scan bytecodes starting with next.
2701 bcs.set_start(bcs.next_bci());
2702 } else { // backward branch
2703 // Push bytecode offset following backward branch onto the stack.
2704 bci_stack->push(bcs.next_bci());
2705 // Check bytecodes starting with branch target.
2706 bcs.set_start(target);
2707 }
2708 // Record target so we don't branch here again.
2709 visited_branches->append(bci);
2710 }
2711 break;
2712
2713 case Bytecodes::_goto:
2714 case Bytecodes::_goto_w:
2715 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2716 if (visited_branches->contains(bci)) {
2717 if (bci_stack->is_empty()) {
2718 if (handler_stack->is_empty()) {
2719 return true;
2720 } else {
2721 // Parse the catch handlers for try blocks containing athrow.
2722 bcs.set_start(handler_stack->pop());
2723 }
2724 } else {
2725 // Been here before, pop new starting offset from stack.
2726 bcs.set_start(bci_stack->pop());
2727 }
2728 } else {
2729 if (target >= code_length) return false;
2730 // Continue scanning from the target onward.
2731 bcs.set_start(target);
2732 // Record target so we don't branch here again.
2733 visited_branches->append(bci);
2734 }
2735 break;
2736
2737 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2738 // is difficult to determine where each switch alternative ends, parse
2739 // each switch alternative until either hit a 'return', 'athrow', or reach
2740 // the end of the method's bytecodes. This is gross but should be okay
2741 // because:
2742 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2743 // constructor invocations should be rare.
2744 // 2. if each switch alternative ends in an athrow then the parsing should be
2745 // short. If there is no athrow then it is bogus code, anyway.
2746 case Bytecodes::_lookupswitch:
2747 case Bytecodes::_tableswitch:
2748 {
2749 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2750 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2751 int keys, delta;
2752 if (opcode == Bytecodes::_tableswitch) {
2753 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2754 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2755 // This is invalid, but let the regular bytecode verifier
2756 // report this because the user will get a better error message.
2757 if (low > high) return true;
2758 keys = high - low + 1;
2759 delta = 1;
2760 } else {
2761 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2762 delta = 2;
2763 }
2764 // Invalid, let the regular bytecode verifier deal with it.
2765 if (keys < 0) return true;
2766
2767 // Push the offset of the next bytecode onto the stack.
2768 bci_stack->push(bcs.next_bci());
2769
2770 // Push the switch alternatives onto the stack.
2771 for (int i = 0; i < keys; i++) {
2772 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2773 if (target > code_length) return false;
2774 bci_stack->push(target);
2775 }
2776
2777 // Start bytecode parsing for the switch at the default alternative.
2778 if (default_offset > code_length) return false;
2779 bcs.set_start(default_offset);
2780 break;
2781 }
2782
2783 case Bytecodes::_return:
2784 return false;
2785
2786 case Bytecodes::_athrow:
2787 {
2788 if (bci_stack->is_empty()) {
2789 if (handler_stack->is_empty()) {
2790 return true;
2791 } else {
2792 // Parse the catch handlers for try blocks containing athrow.
2793 bcs.set_start(handler_stack->pop());
2794 }
2795 } else {
2796 // Pop a bytecode offset and starting scanning from there.
2797 bcs.set_start(bci_stack->pop());
2798 }
2799 }
2800 break;
2801
2802 default:
2803 ;
2804 } // end switch
2805 } // end while loop
2806
2807 return false;
2808 }
2809
2810 void ClassVerifier::verify_invoke_init(
2811 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2812 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2813 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2814 TRAPS) {
2815 u2 bci = bcs->bci();
2816 VerificationType type = current_frame->pop_stack(
2817 VerificationType::reference_check(), CHECK_VERIFY(this));
2818 if (type == VerificationType::uninitialized_this_type()) {
2819 // The method must be an <init> method of this class or its superclass
2820 Klass* superk = current_class()->super();
2821 if (ref_class_type.name() != current_class()->name() &&
2822 ref_class_type.name() != superk->name()) {
2823 verify_error(ErrorContext::bad_type(bci,
2824 TypeOrigin::implicit(ref_class_type),
2825 TypeOrigin::implicit(current_type())),
2826 "Bad <init> method call");
2827 return;
2828 }
2829
2830 // If this invokespecial call is done from inside of a TRY block then make
2831 // sure that all catch clause paths end in a throw. Otherwise, this can
2832 // result in returning an incomplete object.
2833 if (in_try_block) {
2834 ExceptionTable exhandlers(_method());
2835 int exlength = exhandlers.length();
2836 for(int i = 0; i < exlength; i++) {
2837 u2 start_pc = exhandlers.start_pc(i);
2838 u2 end_pc = exhandlers.end_pc(i);
2839
2840 if (bci >= start_pc && bci < end_pc) {
2841 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2842 verify_error(ErrorContext::bad_code(bci),
2843 "Bad <init> method call from after the start of a try block");
2844 return;
2845 } else if (log_is_enabled(Info, verification)) {
2846 ResourceMark rm(THREAD);
2847 log_info(verification)("Survived call to ends_in_athrow(): %s",
2848 current_class()->name()->as_C_string());
2849 }
2850 }
2851 }
2852
2853 // Check the exception handler target stackmaps with the locals from the
2854 // incoming stackmap (before initialize_object() changes them to outgoing
2855 // state).
2856 if (was_recursively_verified()) return;
2857 verify_exception_handler_targets(bci, true, current_frame,
2858 stackmap_table, CHECK_VERIFY(this));
2859 } // in_try_block
2860
2861 current_frame->initialize_object(type, current_type());
2862 *this_uninit = true;
2863 } else if (type.is_uninitialized()) {
2864 u2 new_offset = type.bci();
2865 address new_bcp = bcs->bcp() - bci + new_offset;
2866 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2867 /* Unreachable? Stack map parsing ensures valid type and new
2868 * instructions have a valid BCI. */
2869 verify_error(ErrorContext::bad_code(new_offset),
2870 "Expecting new instruction");
2871 return;
2872 }
2873 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2874 if (was_recursively_verified()) return;
2875 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2876
2877 // The method must be an <init> method of the indicated class
2878 VerificationType new_class_type = cp_index_to_reference_type(
2879 new_class_index, cp, CHECK_VERIFY(this));
2880 if (!new_class_type.equals(ref_class_type)) {
2881 verify_error(ErrorContext::bad_type(bci,
2882 TypeOrigin::cp(new_class_index, new_class_type),
2883 TypeOrigin::cp(ref_class_index, ref_class_type)),
2884 "Call to wrong <init> method");
2885 return;
2886 }
2887 // According to the VM spec, if the referent class is a superclass of the
2888 // current class, and is in a different runtime package, and the method is
2889 // protected, then the objectref must be the current class or a subclass
2890 // of the current class.
2891 VerificationType objectref_type = new_class_type;
2892 if (name_in_supers(ref_class_type.name(), current_class())) {
2893 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2894 if (was_recursively_verified()) return;
2895 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2896 vmSymbols::object_initializer_name(),
2897 cp->signature_ref_at(bcs->get_index_u2()),
2898 Klass::find_overpass);
2899 // Do nothing if method is not found. Let resolution detect the error.
2900 if (m != NULL) {
2901 InstanceKlass* mh = m->method_holder();
2902 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2903 bool assignable = current_type().is_assignable_from(
2904 objectref_type, this, true, CHECK_VERIFY(this));
2905 if (!assignable) {
2906 verify_error(ErrorContext::bad_type(bci,
2907 TypeOrigin::cp(new_class_index, objectref_type),
2908 TypeOrigin::implicit(current_type())),
2909 "Bad access to protected <init> method");
2910 return;
2911 }
2912 }
2913 }
2914 }
2915 // Check the exception handler target stackmaps with the locals from the
2916 // incoming stackmap (before initialize_object() changes them to outgoing
2917 // state).
2918 if (in_try_block) {
2919 if (was_recursively_verified()) return;
2920 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2921 stackmap_table, CHECK_VERIFY(this));
2922 }
2923 current_frame->initialize_object(type, new_class_type);
2924 } else {
2925 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2926 "Bad operand type when invoking <init>");
2927 return;
2928 }
2929 }
2930
2931 bool ClassVerifier::is_same_or_direct_interface(
2932 InstanceKlass* klass,
2933 VerificationType klass_type,
2934 VerificationType ref_class_type) {
2935 if (ref_class_type.equals(klass_type)) return true;
2936 Array<Klass*>* local_interfaces = klass->local_interfaces();
2937 if (local_interfaces != NULL) {
2938 for (int x = 0; x < local_interfaces->length(); x++) {
2939 Klass* k = local_interfaces->at(x);
2940 assert (k != NULL && k->is_interface(), "invalid interface");
2941 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2942 return true;
2943 }
2944 }
2945 }
2946 return false;
2947 }
2948
2949 void ClassVerifier::verify_invoke_instructions(
2950 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2951 bool in_try_block, bool *this_uninit, VerificationType return_type,
2952 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2953 // Make sure the constant pool item is the right type
2954 u2 index = bcs->get_index_u2();
2955 Bytecodes::Code opcode = bcs->raw_code();
2956 unsigned int types;
2957 switch (opcode) {
2958 case Bytecodes::_invokeinterface:
2959 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2960 break;
2961 case Bytecodes::_invokedynamic:
2962 types = 1 << JVM_CONSTANT_InvokeDynamic;
2963 break;
2964 case Bytecodes::_invokespecial:
2965 case Bytecodes::_invokestatic:
2966 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2967 (1 << JVM_CONSTANT_Methodref) :
2968 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2969 break;
2970 default:
2971 types = 1 << JVM_CONSTANT_Methodref;
2972 }
2973 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2974
2975 // Get method name and signature
2976 Symbol* method_name = cp->name_ref_at(index);
2977 Symbol* method_sig = cp->signature_ref_at(index);
2978
2979 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2980 class_format_error(
2981 "Invalid method signature in class %s referenced "
2982 "from constant pool index %d", _klass->external_name(), index);
2983 return;
2984 }
2985
2986 // Get referenced class or value type
2987 VerificationType ref_class_type;
2988 if (opcode == Bytecodes::_invokedynamic) {
2989 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2990 class_format_error(
2991 "invokedynamic instructions not supported by this class file version (%d), class %s",
2992 _klass->major_version(), _klass->external_name());
2993 return;
2994 }
2995 } else {
2996 constantTag method_class_tag = cp->tag_at(cp->klass_ref_index_at(index));
2997 if (EnableValhalla &&
2998 opcode == Bytecodes::_invokevirtual &&
2999 (method_class_tag.is_value_type() || method_class_tag.is_unresolved_value_type())) {
3000 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this));
3001 } else {
3002 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
3003 }
3004 }
3005
3006 // For a small signature length, we just allocate 128 bytes instead
3007 // of parsing the signature once to find its size.
3008 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
3009 // longs/doubles to be consertive.
3010 assert(sizeof(VerificationType) == sizeof(uintptr_t),
3011 "buffer type must match VerificationType size");
3012 uintptr_t on_stack_sig_types_buffer[128];
3013 // If we make a VerificationType[128] array directly, the compiler calls
3014 // to the c-runtime library to do the allocation instead of just
3015 // stack allocating it. Plus it would run constructors. This shows up
3016 // in performance profiles.
3017
3018 VerificationType* sig_types;
3019 int size = (method_sig->utf8_length() - 3) * 2;
3020 if (size > 128) {
3021 // Long and double occupies two slots here.
3022 ArgumentSizeComputer size_it(method_sig);
3023 size = size_it.size();
3024 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
3025 } else{
3026 sig_types = (VerificationType*)on_stack_sig_types_buffer;
3027 }
3028 SignatureStream sig_stream(method_sig);
3029 int sig_i = 0;
3030 while (!sig_stream.at_return_type()) {
3031 sig_i += change_sig_to_verificationType(
3032 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
3033 sig_stream.next();
3034 }
3035 int nargs = sig_i;
3036
3037 #ifdef ASSERT
3038 {
3039 ArgumentSizeComputer size_it(method_sig);
3040 assert(nargs == size_it.size(), "Argument sizes do not match");
3041 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
3042 }
3043 #endif
3044
3045 // Check instruction operands
3046 u2 bci = bcs->bci();
3047 if (opcode == Bytecodes::_invokeinterface) {
3048 address bcp = bcs->bcp();
3049 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
3050 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
3051 // the difference between the size of the operand stack before and after the instruction
3052 // executes.
3053 if (*(bcp+3) != (nargs+1)) {
3054 verify_error(ErrorContext::bad_code(bci),
3055 "Inconsistent args count operand in invokeinterface");
3056 return;
3057 }
3058 if (*(bcp+4) != 0) {
3059 verify_error(ErrorContext::bad_code(bci),
3060 "Fourth operand byte of invokeinterface must be zero");
3061 return;
3062 }
3063 }
3064
3065 if (opcode == Bytecodes::_invokedynamic) {
3066 address bcp = bcs->bcp();
3067 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
3068 verify_error(ErrorContext::bad_code(bci),
3069 "Third and fourth operand bytes of invokedynamic must be zero");
3070 return;
3071 }
3072 }
3073
3074 if (method_name->byte_at(0) == '<') {
3075 // Make sure <init> can only be invoked by invokespecial
3076 if (opcode != Bytecodes::_invokespecial ||
3077 method_name != vmSymbols::object_initializer_name()) {
3078 verify_error(ErrorContext::bad_code(bci),
3079 "Illegal call to internal method");
3080 return;
3081 }
3082 } else if (opcode == Bytecodes::_invokespecial
3083 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
3084 && !ref_class_type.equals(VerificationType::reference_type(
3085 current_class()->super()->name()))) {
3086 bool subtype = false;
3087 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
3088 if (!current_class()->is_anonymous()) {
3089 subtype = ref_class_type.is_assignable_from(
3090 current_type(), this, false, CHECK_VERIFY(this));
3091 } else {
3092 VerificationType host_klass_type =
3093 VerificationType::reference_type(current_class()->host_klass()->name());
3094 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
3095
3096 // If invokespecial of IMR, need to recheck for same or
3097 // direct interface relative to the host class
3098 have_imr_indirect = (have_imr_indirect &&
3099 !is_same_or_direct_interface(
3100 current_class()->host_klass(),
3101 host_klass_type, ref_class_type));
3102 }
3103 if (!subtype) {
3104 verify_error(ErrorContext::bad_code(bci),
3105 "Bad invokespecial instruction: "
3106 "current class isn't assignable to reference class.");
3107 return;
3108 } else if (have_imr_indirect) {
3109 verify_error(ErrorContext::bad_code(bci),
3110 "Bad invokespecial instruction: "
3111 "interface method reference is in an indirect superinterface.");
3112 return;
3113 }
3114
3115 }
3116 // Match method descriptor with operand stack
3117 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
3118 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
3119 }
3120 // Check objectref on operand stack
3121 if (opcode != Bytecodes::_invokestatic &&
3122 opcode != Bytecodes::_invokedynamic) {
3123 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
3124 verify_invoke_init(bcs, index, ref_class_type, current_frame,
3125 code_length, in_try_block, this_uninit, cp, stackmap_table,
3126 CHECK_VERIFY(this));
3127 if (was_recursively_verified()) return;
3128 } else { // other methods
3129 // Ensures that target class is assignable to method class.
3130 if (opcode == Bytecodes::_invokespecial) {
3131 if (!current_class()->is_anonymous()) {
3132 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
3133 } else {
3134 // anonymous class invokespecial calls: check if the
3135 // objectref is a subtype of the host_klass of the current class
3136 // to allow an anonymous class to reference methods in the host_klass
3137 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
3138 VerificationType hosttype =
3139 VerificationType::reference_type(current_class()->host_klass()->name());
3140 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
3141 if (!subtype) {
3142 verify_error( ErrorContext::bad_type(current_frame->offset(),
3143 current_frame->stack_top_ctx(),
3144 TypeOrigin::implicit(top)),
3145 "Bad type on operand stack");
3146 return;
3147 }
3148 }
3149 } else if (opcode == Bytecodes::_invokevirtual) {
3150 VerificationType stack_object_type =
3151 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3152 if (current_type() != stack_object_type) {
3153 if (was_recursively_verified()) return;
3154 assert(cp->cache() == NULL, "not rewritten yet");
3155 Symbol* ref_class_name =
3156 cp->klass_name_at(cp->klass_ref_index_at(index));
3157 // See the comments in verify_field_instructions() for
3158 // the rationale behind this.
3159 if (name_in_supers(ref_class_name, current_class())) {
3160 Klass* ref_class = load_class(ref_class_name, CHECK);
3161 if (is_protected_access(
3162 _klass, ref_class, method_name, method_sig, true)) {
3163 // It's protected access, check if stack object is
3164 // assignable to current class.
3165 bool is_assignable = current_type().is_assignable_from(
3166 stack_object_type, this, true, CHECK_VERIFY(this));
3167 if (!is_assignable) {
3168 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3169 && stack_object_type.is_array()
3170 && method_name == vmSymbols::clone_name()) {
3171 // Special case: arrays pretend to implement public Object
3172 // clone().
3173 } else {
3174 verify_error(ErrorContext::bad_type(bci,
3175 current_frame->stack_top_ctx(),
3176 TypeOrigin::implicit(current_type())),
3177 "Bad access to protected data in invokevirtual");
3178 return;
3179 }
3180 }
3181 }
3182 }
3183 }
3184 } else {
3185 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3186 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3187 }
3188 }
3189 }
3190 // Push the result type.
3191 if (sig_stream.type() != T_VOID) {
3192 if (method_name == vmSymbols::object_initializer_name()) {
3193 // <init> method must have a void return type
3194 /* Unreachable? Class file parser verifies that methods with '<' have
3195 * void return */
3196 verify_error(ErrorContext::bad_code(bci),
3197 "Return type must be void in <init> method");
3198 return;
3199 }
3200 VerificationType return_type[2];
3201 int n = change_sig_to_verificationType(
3202 &sig_stream, return_type, CHECK_VERIFY(this));
3203 for (int i = 0; i < n; i++) {
3204 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
3205 }
3206 }
3207 }
3208
3209 VerificationType ClassVerifier::get_newarray_type(
3210 u2 index, u2 bci, TRAPS) {
3211 const char* from_bt[] = {
3212 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3213 };
3214 if (index < T_BOOLEAN || index > T_LONG) {
3215 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3216 return VerificationType::bogus_type();
3217 }
3218
3219 // from_bt[index] contains the array signature which has a length of 2
3220 Symbol* sig = create_temporary_symbol(
3221 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
3222 return VerificationType::reference_type(sig);
3223 }
3224
3225 void ClassVerifier::verify_anewarray(
3226 u2 bci, u2 index, const constantPoolHandle& cp,
3227 StackMapFrame* current_frame, TRAPS) {
3228 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this));
3229 current_frame->pop_stack(
3230 VerificationType::integer_type(), CHECK_VERIFY(this));
3231
3232 if (was_recursively_verified()) return;
3233 constantTag class_tag = cp->tag_at(index);
3234 VerificationType component_type;
3235 if (class_tag.is_value_type() || class_tag.is_unresolved_value_type()) {
3236 component_type = cp_index_to_valuetype(index, cp, CHECK_VERIFY(this));
3237 } else {
3238 component_type = cp_index_to_reference_type(index, cp, CHECK_VERIFY(this));
3239 }
3240 int length;
3241 char* arr_sig_str;
3242 if (component_type.is_array()) { // it's an array
3243 const char* component_name = component_type.name()->as_utf8();
3244 // Check for more than MAX_ARRAY_DIMENSIONS
3245 length = (int)strlen(component_name);
3246 if (length > MAX_ARRAY_DIMENSIONS &&
3247 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3248 verify_error(ErrorContext::bad_code(bci),
3249 "Illegal anewarray instruction, array has more than 255 dimensions");
3250 }
3251 // add one dimension to component
3252 length++;
3253 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
3254 arr_sig_str[0] = '[';
3255 strncpy(&arr_sig_str[1], component_name, length - 1);
3256 } else { // it's an object or interface
3257 const char* component_name = component_type.name()->as_utf8();
3258 // add one dimension to component with 'L' or 'Q' (value type) prepended and ';' appended.
3259 length = (int)strlen(component_name) + 3;
3260 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
3261 arr_sig_str[0] = '[';
3262 arr_sig_str[1] = component_type.is_reference() ? 'L' : 'Q';
3263 strncpy(&arr_sig_str[2], component_name, length - 2);
3264 arr_sig_str[length - 1] = ';';
3265 }
3266 Symbol* arr_sig = create_temporary_symbol(
3267 arr_sig_str, length, CHECK_VERIFY(this));
3268 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3269 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3270 }
3271
3272 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3273 current_frame->get_local(
3274 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3275 current_frame->push_stack(
3276 VerificationType::integer_type(), CHECK_VERIFY(this));
3277 }
3278
3279 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3280 current_frame->get_local_2(
3281 index, VerificationType::long_type(),
3282 VerificationType::long2_type(), CHECK_VERIFY(this));
3283 current_frame->push_stack_2(
3284 VerificationType::long_type(),
3285 VerificationType::long2_type(), CHECK_VERIFY(this));
3286 }
3287
3288 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3289 current_frame->get_local(
3290 index, VerificationType::float_type(), CHECK_VERIFY(this));
3291 current_frame->push_stack(
3292 VerificationType::float_type(), CHECK_VERIFY(this));
3293 }
3294
3295 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3296 current_frame->get_local_2(
3297 index, VerificationType::double_type(),
3298 VerificationType::double2_type(), CHECK_VERIFY(this));
3299 current_frame->push_stack_2(
3300 VerificationType::double_type(),
3301 VerificationType::double2_type(), CHECK_VERIFY(this));
3302 }
3303
3304 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3305 VerificationType type = current_frame->get_local(
3306 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3307 current_frame->push_stack(type, CHECK_VERIFY(this));
3308 }
3309
3310 void ClassVerifier::verify_vload(u2 index, StackMapFrame* current_frame, TRAPS) {
3311 VerificationType type = current_frame->get_local(
3312 index, VerificationType::valuetype_check(), CHECK_VERIFY(this));
3313 current_frame->push_stack(type, CHECK_VERIFY(this));
3314 }
3315
3316 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3317 current_frame->pop_stack(
3318 VerificationType::integer_type(), CHECK_VERIFY(this));
3319 current_frame->set_local(
3320 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3321 }
3322
3323 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3324 current_frame->pop_stack_2(
3325 VerificationType::long2_type(),
3326 VerificationType::long_type(), CHECK_VERIFY(this));
3327 current_frame->set_local_2(
3328 index, VerificationType::long_type(),
3329 VerificationType::long2_type(), CHECK_VERIFY(this));
3330 }
3331
3332 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3333 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3334 current_frame->set_local(
3335 index, VerificationType::float_type(), CHECK_VERIFY(this));
3336 }
3337
3338 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3339 current_frame->pop_stack_2(
3340 VerificationType::double2_type(),
3341 VerificationType::double_type(), CHECK_VERIFY(this));
3342 current_frame->set_local_2(
3343 index, VerificationType::double_type(),
3344 VerificationType::double2_type(), CHECK_VERIFY(this));
3345 }
3346
3347 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3348 VerificationType type = current_frame->pop_stack(
3349 VerificationType::reference_check(), CHECK_VERIFY(this));
3350 current_frame->set_local(index, type, CHECK_VERIFY(this));
3351 }
3352
3353 void ClassVerifier::verify_vstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3354 VerificationType type = current_frame->pop_stack(
3355 VerificationType::valuetype_check(), CHECK_VERIFY(this));
3356 current_frame->set_local(index, type, CHECK_VERIFY(this));
3357 }
3358
3359 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3360 VerificationType type = current_frame->get_local(
3361 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3362 current_frame->set_local(index, type, CHECK_VERIFY(this));
3363 }
3364
3365 void ClassVerifier::verify_return_value(
3366 VerificationType return_type, VerificationType type, u2 bci,
3367 StackMapFrame* current_frame, TRAPS) {
3368 if (return_type == VerificationType::bogus_type()) {
3369 verify_error(ErrorContext::bad_type(bci,
3370 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3371 "Method expects a return value");
3372 return;
3373 }
3374 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3375 if (!match) {
3376 verify_error(ErrorContext::bad_type(bci,
3377 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3378 "Bad return type");
3379 return;
3380 }
3381 }
3382
3383 // The verifier creates symbols which are substrings of Symbols.
3384 // These are stored in the verifier until the end of verification so that
3385 // they can be reference counted.
3386 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3387 int end, TRAPS) {
3388 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3389 _symbols->push(sym);
3390 return sym;
3391 }
3392
3393 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3394 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3395 _symbols->push(sym);
3396 return sym;
3397 }