1 /* 2 * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/javaClasses.hpp" 28 #include "classfile/stackMapTable.hpp" 29 #include "classfile/stackMapFrame.hpp" 30 #include "classfile/stackMapTableFormat.hpp" 31 #include "classfile/systemDictionary.hpp" 32 #include "classfile/verifier.hpp" 33 #include "classfile/vmSymbols.hpp" 34 #include "interpreter/bytecodes.hpp" 35 #include "interpreter/bytecodeStream.hpp" 36 #include "logging/log.hpp" 37 #include "logging/logStream.hpp" 38 #include "memory/oopFactory.hpp" 39 #include "memory/resourceArea.hpp" 40 #include "oops/instanceKlass.hpp" 41 #include "oops/oop.inline.hpp" 42 #include "oops/typeArrayOop.hpp" 43 #include "prims/jvm.h" 44 #include "runtime/fieldDescriptor.hpp" 45 #include "runtime/handles.inline.hpp" 46 #include "runtime/interfaceSupport.hpp" 47 #include "runtime/javaCalls.hpp" 48 #include "runtime/orderAccess.inline.hpp" 49 #include "runtime/os.hpp" 50 #include "runtime/thread.hpp" 51 #include "services/threadService.hpp" 52 #include "utilities/align.hpp" 53 #include "utilities/bytes.hpp" 54 55 #define NOFAILOVER_MAJOR_VERSION 51 56 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 57 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 58 #define MAX_ARRAY_DIMENSIONS 255 59 60 // Access to external entry for VerifyClassCodes - old byte code verifier 61 62 extern "C" { 63 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 64 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 65 } 66 67 static void* volatile _verify_byte_codes_fn = NULL; 68 69 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 70 71 static void* verify_byte_codes_fn() { 72 if (OrderAccess::load_ptr_acquire(&_verify_byte_codes_fn) == NULL) { 73 void *lib_handle = os::native_java_library(); 74 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 75 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 76 if (func == NULL) { 77 _is_new_verify_byte_codes_fn = false; 78 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 79 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 80 } 81 } 82 return (void*)_verify_byte_codes_fn; 83 } 84 85 86 // Methods in Verifier 87 88 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 89 return (class_loader == NULL || !should_verify_class) ? 90 BytecodeVerificationLocal : BytecodeVerificationRemote; 91 } 92 93 bool Verifier::relax_access_for(oop loader) { 94 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 95 bool need_verify = 96 // verifyAll 97 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 98 // verifyRemote 99 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 100 return !need_verify; 101 } 102 103 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 104 assert(verify_class != NULL, "Unexpected null verify_class"); 105 ResourceMark rm; 106 Symbol* s = verify_class->source_file_name(); 107 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 108 const char* verify = verify_class->external_name(); 109 const char* resolve = resolve_class->external_name(); 110 // print in a single call to reduce interleaving between threads 111 if (source_file != NULL) { 112 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 113 } else { 114 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 115 } 116 } 117 118 // Prints the end-verification message to the appropriate output. 119 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 120 if (HAS_PENDING_EXCEPTION) { 121 st->print("Verification for %s has", klassName); 122 st->print_cr(" exception pending %s ", 123 PENDING_EXCEPTION->klass()->external_name()); 124 } else if (exception_name != NULL) { 125 st->print_cr("Verification for %s failed", klassName); 126 } 127 st->print_cr("End class verification for: %s", klassName); 128 } 129 130 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 131 HandleMark hm(THREAD); 132 ResourceMark rm(THREAD); 133 134 // Eagerly allocate the identity hash code for a klass. This is a fallout 135 // from 6320749 and 8059924: hash code generator is not supposed to be called 136 // during the safepoint, but it allows to sneak the hashcode in during 137 // verification. Without this eager hashcode generation, we may end up 138 // installing the hashcode during some other operation, which may be at 139 // safepoint -- blowing up the checks. It was previously done as the side 140 // effect (sic!) for external_name(), but instead of doing that, we opt to 141 // explicitly push the hashcode in here. This is signify the following block 142 // is IMPORTANT: 143 if (klass->java_mirror() != NULL) { 144 klass->java_mirror()->identity_hash(); 145 } 146 147 if (!is_eligible_for_verification(klass, should_verify_class)) { 148 return true; 149 } 150 151 // Timer includes any side effects of class verification (resolution, 152 // etc), but not recursive calls to Verifier::verify(). 153 JavaThread* jt = (JavaThread*)THREAD; 154 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 155 ClassLoader::perf_class_verify_selftime(), 156 ClassLoader::perf_classes_verified(), 157 jt->get_thread_stat()->perf_recursion_counts_addr(), 158 jt->get_thread_stat()->perf_timers_addr(), 159 PerfClassTraceTime::CLASS_VERIFY); 160 161 // If the class should be verified, first see if we can use the split 162 // verifier. If not, or if verification fails and FailOverToOldVerifier 163 // is set, then call the inference verifier. 164 165 Symbol* exception_name = NULL; 166 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 167 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 168 char* exception_message = message_buffer; 169 170 const char* klassName = klass->external_name(); 171 bool can_failover = FailOverToOldVerifier && 172 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 173 174 log_info(class, init)("Start class verification for: %s", klassName); 175 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 176 ClassVerifier split_verifier(klass, THREAD); 177 split_verifier.verify_class(THREAD); 178 exception_name = split_verifier.result(); 179 if (can_failover && !HAS_PENDING_EXCEPTION && 180 (exception_name == vmSymbols::java_lang_VerifyError() || 181 exception_name == vmSymbols::java_lang_ClassFormatError())) { 182 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 183 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 184 exception_name = inference_verify( 185 klass, message_buffer, message_buffer_len, THREAD); 186 } 187 if (exception_name != NULL) { 188 exception_message = split_verifier.exception_message(); 189 } 190 } else { 191 exception_name = inference_verify( 192 klass, message_buffer, message_buffer_len, THREAD); 193 } 194 195 LogTarget(Info, class, init) lt1; 196 if (lt1.is_enabled()) { 197 LogStream ls(lt1); 198 log_end_verification(&ls, klassName, exception_name, THREAD); 199 } 200 LogTarget(Info, verification) lt2; 201 if (lt2.is_enabled()) { 202 LogStream ls(lt2); 203 log_end_verification(&ls, klassName, exception_name, THREAD); 204 } 205 206 if (HAS_PENDING_EXCEPTION) { 207 return false; // use the existing exception 208 } else if (exception_name == NULL) { 209 return true; // verifcation succeeded 210 } else { // VerifyError or ClassFormatError to be created and thrown 211 ResourceMark rm(THREAD); 212 Klass* kls = 213 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 214 if (log_is_enabled(Debug, class, resolve)) { 215 Verifier::trace_class_resolution(kls, klass); 216 } 217 218 while (kls != NULL) { 219 if (kls == klass) { 220 // If the class being verified is the exception we're creating 221 // or one of it's superclasses, we're in trouble and are going 222 // to infinitely recurse when we try to initialize the exception. 223 // So bail out here by throwing the preallocated VM error. 224 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 225 } 226 kls = kls->super(); 227 } 228 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 229 THROW_MSG_(exception_name, exception_message, false); 230 } 231 } 232 233 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 234 Symbol* name = klass->name(); 235 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 236 237 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 238 239 return (should_verify_for(klass->class_loader(), should_verify_class) && 240 // return if the class is a bootstrapping class 241 // or defineClass specified not to verify by default (flags override passed arg) 242 // We need to skip the following few for bootstrapping 243 name != vmSymbols::java_lang_Object() && 244 name != vmSymbols::java_lang____Value() && 245 name != vmSymbols::java_lang_Class() && 246 name != vmSymbols::java_lang_String() && 247 name != vmSymbols::java_lang_Throwable() && 248 249 // Can not verify the bytecodes for shared classes because they have 250 // already been rewritten to contain constant pool cache indices, 251 // which the verifier can't understand. 252 // Shared classes shouldn't have stackmaps either. 253 !klass->is_shared() && 254 255 // A MVT derived value type contains no code atrribute - no private static 256 // methods, no instance methods, no <clinit>, no <init>. So while format 257 // checking is performed on it, verification is not. 258 (!((EnableMVT || EnableValhalla) && klass->access_flags().is_value_type())) && 259 260 // As of the fix for 4486457 we disable verification for all of the 261 // dynamically-generated bytecodes associated with the 1.4 262 // reflection implementation, not just those associated with 263 // jdk/internal/reflect/SerializationConstructorAccessor. 264 // NOTE: this is called too early in the bootstrapping process to be 265 // guarded by Universe::is_gte_jdk14x_version(). 266 // Also for lambda generated code, gte jdk8 267 (!is_reflect)); 268 } 269 270 Symbol* Verifier::inference_verify( 271 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 272 JavaThread* thread = (JavaThread*)THREAD; 273 JNIEnv *env = thread->jni_environment(); 274 275 void* verify_func = verify_byte_codes_fn(); 276 277 if (verify_func == NULL) { 278 jio_snprintf(message, message_len, "Could not link verifier"); 279 return vmSymbols::java_lang_VerifyError(); 280 } 281 282 ResourceMark rm(THREAD); 283 log_info(verification)("Verifying class %s with old format", klass->external_name()); 284 285 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 286 jint result; 287 288 { 289 HandleMark hm(thread); 290 ThreadToNativeFromVM ttn(thread); 291 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 292 // code knows that we have left the VM 293 294 if (_is_new_verify_byte_codes_fn) { 295 verify_byte_codes_fn_new_t func = 296 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 297 result = (*func)(env, cls, message, (int)message_len, 298 klass->major_version()); 299 } else { 300 verify_byte_codes_fn_t func = 301 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 302 result = (*func)(env, cls, message, (int)message_len); 303 } 304 } 305 306 JNIHandles::destroy_local(cls); 307 308 // These numbers are chosen so that VerifyClassCodes interface doesn't need 309 // to be changed (still return jboolean (unsigned char)), and result is 310 // 1 when verification is passed. 311 if (result == 0) { 312 return vmSymbols::java_lang_VerifyError(); 313 } else if (result == 1) { 314 return NULL; // verified. 315 } else if (result == 2) { 316 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 317 } else if (result == 3) { 318 return vmSymbols::java_lang_ClassFormatError(); 319 } else { 320 ShouldNotReachHere(); 321 return NULL; 322 } 323 } 324 325 TypeOrigin TypeOrigin::null() { 326 return TypeOrigin(); 327 } 328 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 329 assert(frame != NULL, "Must have a frame"); 330 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 331 frame->local_at(index)); 332 } 333 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 334 assert(frame != NULL, "Must have a frame"); 335 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 336 frame->stack_at(index)); 337 } 338 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 339 assert(frame != NULL, "Must have a frame"); 340 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 341 frame->local_at(index)); 342 } 343 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 344 assert(frame != NULL, "Must have a frame"); 345 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 346 frame->stack_at(index)); 347 } 348 TypeOrigin TypeOrigin::bad_index(u2 index) { 349 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 350 } 351 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 352 return TypeOrigin(CONST_POOL, index, NULL, vt); 353 } 354 TypeOrigin TypeOrigin::signature(VerificationType vt) { 355 return TypeOrigin(SIG, 0, NULL, vt); 356 } 357 TypeOrigin TypeOrigin::implicit(VerificationType t) { 358 return TypeOrigin(IMPLICIT, 0, NULL, t); 359 } 360 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 361 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 362 VerificationType::bogus_type()); 363 } 364 365 void TypeOrigin::reset_frame() { 366 if (_frame != NULL) { 367 _frame->restore(); 368 } 369 } 370 371 void TypeOrigin::details(outputStream* ss) const { 372 _type.print_on(ss); 373 switch (_origin) { 374 case CF_LOCALS: 375 ss->print(" (current frame, locals[%d])", _index); 376 break; 377 case CF_STACK: 378 ss->print(" (current frame, stack[%d])", _index); 379 break; 380 case SM_LOCALS: 381 ss->print(" (stack map, locals[%d])", _index); 382 break; 383 case SM_STACK: 384 ss->print(" (stack map, stack[%d])", _index); 385 break; 386 case CONST_POOL: 387 ss->print(" (constant pool %d)", _index); 388 break; 389 case SIG: 390 ss->print(" (from method signature)"); 391 break; 392 case IMPLICIT: 393 case FRAME_ONLY: 394 case NONE: 395 default: 396 ; 397 } 398 } 399 400 #ifdef ASSERT 401 void TypeOrigin::print_on(outputStream* str) const { 402 str->print("{%d,%d,%p:", _origin, _index, _frame); 403 if (_frame != NULL) { 404 _frame->print_on(str); 405 } else { 406 str->print("null"); 407 } 408 str->print(","); 409 _type.print_on(str); 410 str->print("}"); 411 } 412 #endif 413 414 void ErrorContext::details(outputStream* ss, const Method* method) const { 415 if (is_valid()) { 416 ss->cr(); 417 ss->print_cr("Exception Details:"); 418 location_details(ss, method); 419 reason_details(ss); 420 frame_details(ss); 421 bytecode_details(ss, method); 422 handler_details(ss, method); 423 stackmap_details(ss, method); 424 } 425 } 426 427 void ErrorContext::reason_details(outputStream* ss) const { 428 streamIndentor si(ss); 429 ss->indent().print_cr("Reason:"); 430 streamIndentor si2(ss); 431 ss->indent().print("%s", ""); 432 switch (_fault) { 433 case INVALID_BYTECODE: 434 ss->print("Error exists in the bytecode"); 435 break; 436 case WRONG_TYPE: 437 if (_expected.is_valid()) { 438 ss->print("Type "); 439 _type.details(ss); 440 ss->print(" is not assignable to "); 441 _expected.details(ss); 442 } else { 443 ss->print("Invalid type: "); 444 _type.details(ss); 445 } 446 break; 447 case FLAGS_MISMATCH: 448 if (_expected.is_valid()) { 449 ss->print("Current frame's flags are not assignable " 450 "to stack map frame's."); 451 } else { 452 ss->print("Current frame's flags are invalid in this context."); 453 } 454 break; 455 case BAD_CP_INDEX: 456 ss->print("Constant pool index %d is invalid", _type.index()); 457 break; 458 case BAD_LOCAL_INDEX: 459 ss->print("Local index %d is invalid", _type.index()); 460 break; 461 case LOCALS_SIZE_MISMATCH: 462 ss->print("Current frame's local size doesn't match stackmap."); 463 break; 464 case STACK_SIZE_MISMATCH: 465 ss->print("Current frame's stack size doesn't match stackmap."); 466 break; 467 case STACK_OVERFLOW: 468 ss->print("Exceeded max stack size."); 469 break; 470 case STACK_UNDERFLOW: 471 ss->print("Attempt to pop empty stack."); 472 break; 473 case MISSING_STACKMAP: 474 ss->print("Expected stackmap frame at this location."); 475 break; 476 case BAD_STACKMAP: 477 ss->print("Invalid stackmap specification."); 478 break; 479 case UNKNOWN: 480 default: 481 ShouldNotReachHere(); 482 ss->print_cr("Unknown"); 483 } 484 ss->cr(); 485 } 486 487 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 488 if (_bci != -1 && method != NULL) { 489 streamIndentor si(ss); 490 const char* bytecode_name = "<invalid>"; 491 if (method->validate_bci(_bci) != -1) { 492 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 493 if (Bytecodes::is_defined(code)) { 494 bytecode_name = Bytecodes::name(code); 495 } else { 496 bytecode_name = "<illegal>"; 497 } 498 } 499 InstanceKlass* ik = method->method_holder(); 500 ss->indent().print_cr("Location:"); 501 streamIndentor si2(ss); 502 ss->indent().print_cr("%s.%s%s @%d: %s", 503 ik->name()->as_C_string(), method->name()->as_C_string(), 504 method->signature()->as_C_string(), _bci, bytecode_name); 505 } 506 } 507 508 void ErrorContext::frame_details(outputStream* ss) const { 509 streamIndentor si(ss); 510 if (_type.is_valid() && _type.frame() != NULL) { 511 ss->indent().print_cr("Current Frame:"); 512 streamIndentor si2(ss); 513 _type.frame()->print_on(ss); 514 } 515 if (_expected.is_valid() && _expected.frame() != NULL) { 516 ss->indent().print_cr("Stackmap Frame:"); 517 streamIndentor si2(ss); 518 _expected.frame()->print_on(ss); 519 } 520 } 521 522 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 523 if (method != NULL) { 524 streamIndentor si(ss); 525 ss->indent().print_cr("Bytecode:"); 526 streamIndentor si2(ss); 527 ss->print_data(method->code_base(), method->code_size(), false); 528 } 529 } 530 531 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 532 if (method != NULL) { 533 streamIndentor si(ss); 534 ExceptionTable table(method); 535 if (table.length() > 0) { 536 ss->indent().print_cr("Exception Handler Table:"); 537 streamIndentor si2(ss); 538 for (int i = 0; i < table.length(); ++i) { 539 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 540 table.end_pc(i), table.handler_pc(i)); 541 } 542 } 543 } 544 } 545 546 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 547 if (method != NULL && method->has_stackmap_table()) { 548 streamIndentor si(ss); 549 ss->indent().print_cr("Stackmap Table:"); 550 Array<u1>* data = method->stackmap_data(); 551 stack_map_table* sm_table = 552 stack_map_table::at((address)data->adr_at(0)); 553 stack_map_frame* sm_frame = sm_table->entries(); 554 streamIndentor si2(ss); 555 int current_offset = -1; 556 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 557 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 558 ss->indent(); 559 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 560 sm_frame->print_truncated(ss, current_offset); 561 return; 562 } 563 sm_frame->print_on(ss, current_offset); 564 ss->cr(); 565 current_offset += sm_frame->offset_delta(); 566 sm_frame = sm_frame->next(); 567 } 568 } 569 } 570 571 // Methods in ClassVerifier 572 573 ClassVerifier::ClassVerifier( 574 InstanceKlass* klass, TRAPS) 575 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 576 _this_type = VerificationType::reference_type(klass->name()); 577 // Create list to hold symbols in reference area. 578 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 579 } 580 581 ClassVerifier::~ClassVerifier() { 582 // Decrement the reference count for any symbols created. 583 for (int i = 0; i < _symbols->length(); i++) { 584 Symbol* s = _symbols->at(i); 585 s->decrement_refcount(); 586 } 587 } 588 589 VerificationType ClassVerifier::object_type() const { 590 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 591 } 592 593 VerificationType ClassVerifier::__value_type() const { 594 return VerificationType::valuetype_type(vmSymbols::java_lang____Value()); 595 } 596 597 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 598 VerificationType vt = VerificationType::reference_type( 599 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 600 return TypeOrigin::implicit(vt); 601 } 602 603 TypeOrigin ClassVerifier::valuetype_ctx(const char* sig, TRAPS) { 604 VerificationType vt = VerificationType::valuetype_type( 605 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 606 return TypeOrigin::implicit(vt); 607 } 608 609 void ClassVerifier::verify_class(TRAPS) { 610 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 611 612 Array<Method*>* methods = _klass->methods(); 613 int num_methods = methods->length(); 614 615 for (int index = 0; index < num_methods; index++) { 616 // Check for recursive re-verification before each method. 617 if (was_recursively_verified()) return; 618 619 Method* m = methods->at(index); 620 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 621 // If m is native or abstract, skip it. It is checked in class file 622 // parser that methods do not override a final method. Overpass methods 623 // are trusted since the VM generates them. 624 continue; 625 } 626 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 627 } 628 629 if (was_recursively_verified()){ 630 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 631 log_info(class, init)("Recursive verification detected for: %s", 632 _klass->external_name()); 633 } 634 } 635 636 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 637 HandleMark hm(THREAD); 638 _method = m; // initialize _method 639 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 640 641 // For clang, the only good constant format string is a literal constant format string. 642 #define bad_type_msg "Bad type on operand stack in %s" 643 644 int32_t max_stack = m->verifier_max_stack(); 645 int32_t max_locals = m->max_locals(); 646 constantPoolHandle cp(THREAD, m->constants()); 647 648 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 649 class_format_error("Invalid method signature"); 650 return; 651 } 652 653 // Verify value type bytecodes if enabled and class file version supports them. 654 // Commented check out for now until class file version 54.1 is generated. 655 bool vbytecodes_allowed = (EnableMVT || EnableValhalla); 656 //_klass->major_version() >= Verifier::VALUETYPE_MAJOR_VERSION && 657 //_klass->minor_version() >= Verifier::VALUETYPE_MINOR_VERSION); 658 659 // Initial stack map frame: offset is 0, stack is initially empty. 660 StackMapFrame current_frame(max_locals, max_stack, this); 661 // Set initial locals 662 VerificationType return_type = current_frame.set_locals_from_arg( 663 m, current_type(), CHECK_VERIFY(this)); 664 665 int32_t stackmap_index = 0; // index to the stackmap array 666 667 u4 code_length = m->code_size(); 668 669 // Scan the bytecode and map each instruction's start offset to a number. 670 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 671 672 int ex_min = code_length; 673 int ex_max = -1; 674 // Look through each item on the exception table. Each of the fields must refer 675 // to a legal instruction. 676 if (was_recursively_verified()) return; 677 verify_exception_handler_table( 678 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 679 680 // Look through each entry on the local variable table and make sure 681 // its range of code array offsets is valid. (4169817) 682 if (m->has_localvariable_table()) { 683 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 684 } 685 686 Array<u1>* stackmap_data = m->stackmap_data(); 687 StackMapStream stream(stackmap_data); 688 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 689 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 690 code_data, code_length, CHECK_VERIFY(this)); 691 692 LogTarget(Info, verification) lt; 693 if (lt.is_enabled()) { 694 ResourceMark rm(THREAD); 695 LogStream ls(lt); 696 stackmap_table.print_on(&ls); 697 } 698 699 RawBytecodeStream bcs(m); 700 701 // Scan the byte code linearly from the start to the end 702 bool no_control_flow = false; // Set to true when there is no direct control 703 // flow from current instruction to the next 704 // instruction in sequence 705 706 Bytecodes::Code opcode; 707 while (!bcs.is_last_bytecode()) { 708 // Check for recursive re-verification before each bytecode. 709 if (was_recursively_verified()) return; 710 711 opcode = bcs.raw_next(); 712 u2 bci = bcs.bci(); 713 714 // Set current frame's offset to bci 715 current_frame.set_offset(bci); 716 current_frame.set_mark(); 717 718 // Make sure every offset in stackmap table point to the beginning to 719 // an instruction. Match current_frame to stackmap_table entry with 720 // the same offset if exists. 721 stackmap_index = verify_stackmap_table( 722 stackmap_index, bci, ¤t_frame, &stackmap_table, 723 no_control_flow, CHECK_VERIFY(this)); 724 725 726 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 727 bool verified_exc_handlers = false; 728 729 // Merge with the next instruction 730 { 731 u2 index; 732 int target; 733 VerificationType type, type2; 734 VerificationType atype; 735 736 LogTarget(Info, verification) lt; 737 if (lt.is_enabled()) { 738 ResourceMark rm(THREAD); 739 LogStream ls(lt); 740 current_frame.print_on(&ls); 741 lt.print("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 742 } 743 744 // Make sure wide instruction is in correct format 745 if (bcs.is_wide()) { 746 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 747 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 748 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 749 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 750 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 751 opcode != Bytecodes::_dstore && opcode != Bytecodes::_vstore && 752 opcode != Bytecodes::_vload) { 753 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 754 * if we encounter a wide instruction that modifies an invalid 755 * opcode (not one of the ones listed above) */ 756 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 757 return; 758 } 759 } 760 761 // Look for possible jump target in exception handlers and see if it 762 // matches current_frame. Do this check here for astore*, dstore*, 763 // fstore*, istore*, and lstore* opcodes because they can change the type 764 // state by adding a local. JVM Spec says that the incoming type state 765 // should be used for this check. So, do the check here before a possible 766 // local is added to the type state. 767 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 768 if (was_recursively_verified()) return; 769 verify_exception_handler_targets( 770 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 771 verified_exc_handlers = true; 772 } 773 774 if (was_recursively_verified()) return; 775 776 switch (opcode) { 777 case Bytecodes::_nop : 778 no_control_flow = false; break; 779 case Bytecodes::_aconst_null : 780 current_frame.push_stack( 781 VerificationType::null_type(), CHECK_VERIFY(this)); 782 no_control_flow = false; break; 783 case Bytecodes::_iconst_m1 : 784 case Bytecodes::_iconst_0 : 785 case Bytecodes::_iconst_1 : 786 case Bytecodes::_iconst_2 : 787 case Bytecodes::_iconst_3 : 788 case Bytecodes::_iconst_4 : 789 case Bytecodes::_iconst_5 : 790 current_frame.push_stack( 791 VerificationType::integer_type(), CHECK_VERIFY(this)); 792 no_control_flow = false; break; 793 case Bytecodes::_lconst_0 : 794 case Bytecodes::_lconst_1 : 795 current_frame.push_stack_2( 796 VerificationType::long_type(), 797 VerificationType::long2_type(), CHECK_VERIFY(this)); 798 no_control_flow = false; break; 799 case Bytecodes::_fconst_0 : 800 case Bytecodes::_fconst_1 : 801 case Bytecodes::_fconst_2 : 802 current_frame.push_stack( 803 VerificationType::float_type(), CHECK_VERIFY(this)); 804 no_control_flow = false; break; 805 case Bytecodes::_dconst_0 : 806 case Bytecodes::_dconst_1 : 807 current_frame.push_stack_2( 808 VerificationType::double_type(), 809 VerificationType::double2_type(), CHECK_VERIFY(this)); 810 no_control_flow = false; break; 811 case Bytecodes::_sipush : 812 case Bytecodes::_bipush : 813 current_frame.push_stack( 814 VerificationType::integer_type(), CHECK_VERIFY(this)); 815 no_control_flow = false; break; 816 case Bytecodes::_ldc : 817 verify_ldc( 818 opcode, bcs.get_index_u1(), ¤t_frame, 819 cp, bci, CHECK_VERIFY(this)); 820 no_control_flow = false; break; 821 case Bytecodes::_ldc_w : 822 case Bytecodes::_ldc2_w : 823 verify_ldc( 824 opcode, bcs.get_index_u2(), ¤t_frame, 825 cp, bci, CHECK_VERIFY(this)); 826 no_control_flow = false; break; 827 case Bytecodes::_iload : 828 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 829 no_control_flow = false; break; 830 case Bytecodes::_iload_0 : 831 case Bytecodes::_iload_1 : 832 case Bytecodes::_iload_2 : 833 case Bytecodes::_iload_3 : 834 index = opcode - Bytecodes::_iload_0; 835 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 836 no_control_flow = false; break; 837 case Bytecodes::_lload : 838 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 839 no_control_flow = false; break; 840 case Bytecodes::_lload_0 : 841 case Bytecodes::_lload_1 : 842 case Bytecodes::_lload_2 : 843 case Bytecodes::_lload_3 : 844 index = opcode - Bytecodes::_lload_0; 845 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 846 no_control_flow = false; break; 847 case Bytecodes::_fload : 848 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 849 no_control_flow = false; break; 850 case Bytecodes::_fload_0 : 851 case Bytecodes::_fload_1 : 852 case Bytecodes::_fload_2 : 853 case Bytecodes::_fload_3 : 854 index = opcode - Bytecodes::_fload_0; 855 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 856 no_control_flow = false; break; 857 case Bytecodes::_dload : 858 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 859 no_control_flow = false; break; 860 case Bytecodes::_dload_0 : 861 case Bytecodes::_dload_1 : 862 case Bytecodes::_dload_2 : 863 case Bytecodes::_dload_3 : 864 index = opcode - Bytecodes::_dload_0; 865 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 866 no_control_flow = false; break; 867 case Bytecodes::_vload : 868 if (!vbytecodes_allowed) { 869 class_format_error( 870 "vload not supported by this class file version (%d.%d), class %s", 871 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 872 return; 873 } 874 verify_vload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 875 no_control_flow = false; break; 876 case Bytecodes::_aload : 877 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 878 no_control_flow = false; break; 879 case Bytecodes::_aload_0 : 880 case Bytecodes::_aload_1 : 881 case Bytecodes::_aload_2 : 882 case Bytecodes::_aload_3 : 883 index = opcode - Bytecodes::_aload_0; 884 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_iaload : 887 type = current_frame.pop_stack( 888 VerificationType::integer_type(), CHECK_VERIFY(this)); 889 atype = current_frame.pop_stack( 890 VerificationType::reference_check(), CHECK_VERIFY(this)); 891 if (!atype.is_int_array()) { 892 verify_error(ErrorContext::bad_type(bci, 893 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 894 bad_type_msg, "iaload"); 895 return; 896 } 897 current_frame.push_stack( 898 VerificationType::integer_type(), CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_baload : 901 type = current_frame.pop_stack( 902 VerificationType::integer_type(), CHECK_VERIFY(this)); 903 atype = current_frame.pop_stack( 904 VerificationType::reference_check(), CHECK_VERIFY(this)); 905 if (!atype.is_bool_array() && !atype.is_byte_array()) { 906 verify_error( 907 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 908 bad_type_msg, "baload"); 909 return; 910 } 911 current_frame.push_stack( 912 VerificationType::integer_type(), CHECK_VERIFY(this)); 913 no_control_flow = false; break; 914 case Bytecodes::_caload : 915 type = current_frame.pop_stack( 916 VerificationType::integer_type(), CHECK_VERIFY(this)); 917 atype = current_frame.pop_stack( 918 VerificationType::reference_check(), CHECK_VERIFY(this)); 919 if (!atype.is_char_array()) { 920 verify_error(ErrorContext::bad_type(bci, 921 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 922 bad_type_msg, "caload"); 923 return; 924 } 925 current_frame.push_stack( 926 VerificationType::integer_type(), CHECK_VERIFY(this)); 927 no_control_flow = false; break; 928 case Bytecodes::_saload : 929 type = current_frame.pop_stack( 930 VerificationType::integer_type(), CHECK_VERIFY(this)); 931 atype = current_frame.pop_stack( 932 VerificationType::reference_check(), CHECK_VERIFY(this)); 933 if (!atype.is_short_array()) { 934 verify_error(ErrorContext::bad_type(bci, 935 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 936 bad_type_msg, "saload"); 937 return; 938 } 939 current_frame.push_stack( 940 VerificationType::integer_type(), CHECK_VERIFY(this)); 941 no_control_flow = false; break; 942 case Bytecodes::_laload : 943 type = current_frame.pop_stack( 944 VerificationType::integer_type(), CHECK_VERIFY(this)); 945 atype = current_frame.pop_stack( 946 VerificationType::reference_check(), CHECK_VERIFY(this)); 947 if (!atype.is_long_array()) { 948 verify_error(ErrorContext::bad_type(bci, 949 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 950 bad_type_msg, "laload"); 951 return; 952 } 953 current_frame.push_stack_2( 954 VerificationType::long_type(), 955 VerificationType::long2_type(), CHECK_VERIFY(this)); 956 no_control_flow = false; break; 957 case Bytecodes::_faload : 958 type = current_frame.pop_stack( 959 VerificationType::integer_type(), CHECK_VERIFY(this)); 960 atype = current_frame.pop_stack( 961 VerificationType::reference_check(), CHECK_VERIFY(this)); 962 if (!atype.is_float_array()) { 963 verify_error(ErrorContext::bad_type(bci, 964 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 965 bad_type_msg, "faload"); 966 return; 967 } 968 current_frame.push_stack( 969 VerificationType::float_type(), CHECK_VERIFY(this)); 970 no_control_flow = false; break; 971 case Bytecodes::_daload : 972 type = current_frame.pop_stack( 973 VerificationType::integer_type(), CHECK_VERIFY(this)); 974 atype = current_frame.pop_stack( 975 VerificationType::reference_check(), CHECK_VERIFY(this)); 976 if (!atype.is_double_array()) { 977 verify_error(ErrorContext::bad_type(bci, 978 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 979 bad_type_msg, "daload"); 980 return; 981 } 982 current_frame.push_stack_2( 983 VerificationType::double_type(), 984 VerificationType::double2_type(), CHECK_VERIFY(this)); 985 no_control_flow = false; break; 986 case Bytecodes::_aaload : { 987 type = current_frame.pop_stack( 988 VerificationType::integer_type(), CHECK_VERIFY(this)); 989 atype = current_frame.pop_stack( 990 VerificationType::reference_check(), CHECK_VERIFY(this)); 991 if (!atype.is_reference_array()) { 992 verify_error(ErrorContext::bad_type(bci, 993 current_frame.stack_top_ctx(), 994 TypeOrigin::implicit(VerificationType::reference_check())), 995 bad_type_msg, "aaload"); 996 return; 997 } 998 if (atype.is_null()) { 999 current_frame.push_stack( 1000 VerificationType::null_type(), CHECK_VERIFY(this)); 1001 } else { 1002 VerificationType component = 1003 atype.get_component(this, CHECK_VERIFY(this)); 1004 current_frame.push_stack(component, CHECK_VERIFY(this)); 1005 } 1006 no_control_flow = false; break; 1007 } 1008 case Bytecodes::_vaload : { 1009 if (!vbytecodes_allowed) { 1010 class_format_error( 1011 "vaload not supported by this class file version (%d.%d), class %s", 1012 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1013 return; 1014 } 1015 type = current_frame.pop_stack( 1016 VerificationType::integer_type(), CHECK_VERIFY(this)); 1017 atype = current_frame.pop_stack( 1018 VerificationType::reference_check(), CHECK_VERIFY(this)); 1019 // The null check is strictly not be necessary, left in for future proofing. 1020 // Will be reconsidered if type indexes are removed. 1021 if (atype.is_null() || !atype.is_value_array()) { 1022 verify_error(ErrorContext::bad_type(bci, 1023 current_frame.stack_top_ctx(), 1024 TypeOrigin::implicit(VerificationType::reference_check())), 1025 bad_type_msg, "vaload"); 1026 return; 1027 } 1028 VerificationType component = atype.get_component(this, CHECK_VERIFY(this)); 1029 if (!component.is_valuetype()) { 1030 verify_error(ErrorContext::bad_type(bci, 1031 current_frame.stack_top_ctx(), 1032 TypeOrigin::implicit(VerificationType::valuetype_check())), 1033 bad_type_msg, "vaload"); 1034 return; 1035 } 1036 current_frame.push_stack(component, CHECK_VERIFY(this)); 1037 no_control_flow = false; break; 1038 } 1039 case Bytecodes::_istore : 1040 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1041 no_control_flow = false; break; 1042 case Bytecodes::_istore_0 : 1043 case Bytecodes::_istore_1 : 1044 case Bytecodes::_istore_2 : 1045 case Bytecodes::_istore_3 : 1046 index = opcode - Bytecodes::_istore_0; 1047 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1048 no_control_flow = false; break; 1049 case Bytecodes::_lstore : 1050 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1051 no_control_flow = false; break; 1052 case Bytecodes::_lstore_0 : 1053 case Bytecodes::_lstore_1 : 1054 case Bytecodes::_lstore_2 : 1055 case Bytecodes::_lstore_3 : 1056 index = opcode - Bytecodes::_lstore_0; 1057 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1058 no_control_flow = false; break; 1059 case Bytecodes::_fstore : 1060 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1061 no_control_flow = false; break; 1062 case Bytecodes::_fstore_0 : 1063 case Bytecodes::_fstore_1 : 1064 case Bytecodes::_fstore_2 : 1065 case Bytecodes::_fstore_3 : 1066 index = opcode - Bytecodes::_fstore_0; 1067 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1068 no_control_flow = false; break; 1069 case Bytecodes::_dstore : 1070 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1071 no_control_flow = false; break; 1072 case Bytecodes::_dstore_0 : 1073 case Bytecodes::_dstore_1 : 1074 case Bytecodes::_dstore_2 : 1075 case Bytecodes::_dstore_3 : 1076 index = opcode - Bytecodes::_dstore_0; 1077 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1078 no_control_flow = false; break; 1079 case Bytecodes::_vstore : 1080 if (!vbytecodes_allowed) { 1081 class_format_error( 1082 "vstore not supported by this class file version (%d.%d), class %s", 1083 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1084 return; 1085 } 1086 verify_vstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1087 no_control_flow = false; break; 1088 case Bytecodes::_astore : 1089 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1090 no_control_flow = false; break; 1091 case Bytecodes::_astore_0 : 1092 case Bytecodes::_astore_1 : 1093 case Bytecodes::_astore_2 : 1094 case Bytecodes::_astore_3 : 1095 index = opcode - Bytecodes::_astore_0; 1096 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1097 no_control_flow = false; break; 1098 case Bytecodes::_iastore : 1099 type = current_frame.pop_stack( 1100 VerificationType::integer_type(), CHECK_VERIFY(this)); 1101 type2 = current_frame.pop_stack( 1102 VerificationType::integer_type(), CHECK_VERIFY(this)); 1103 atype = current_frame.pop_stack( 1104 VerificationType::reference_check(), CHECK_VERIFY(this)); 1105 if (!atype.is_int_array()) { 1106 verify_error(ErrorContext::bad_type(bci, 1107 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1108 bad_type_msg, "iastore"); 1109 return; 1110 } 1111 no_control_flow = false; break; 1112 case Bytecodes::_bastore : 1113 type = current_frame.pop_stack( 1114 VerificationType::integer_type(), CHECK_VERIFY(this)); 1115 type2 = current_frame.pop_stack( 1116 VerificationType::integer_type(), CHECK_VERIFY(this)); 1117 atype = current_frame.pop_stack( 1118 VerificationType::reference_check(), CHECK_VERIFY(this)); 1119 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1120 verify_error( 1121 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1122 bad_type_msg, "bastore"); 1123 return; 1124 } 1125 no_control_flow = false; break; 1126 case Bytecodes::_castore : 1127 current_frame.pop_stack( 1128 VerificationType::integer_type(), CHECK_VERIFY(this)); 1129 current_frame.pop_stack( 1130 VerificationType::integer_type(), CHECK_VERIFY(this)); 1131 atype = current_frame.pop_stack( 1132 VerificationType::reference_check(), CHECK_VERIFY(this)); 1133 if (!atype.is_char_array()) { 1134 verify_error(ErrorContext::bad_type(bci, 1135 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1136 bad_type_msg, "castore"); 1137 return; 1138 } 1139 no_control_flow = false; break; 1140 case Bytecodes::_sastore : 1141 current_frame.pop_stack( 1142 VerificationType::integer_type(), CHECK_VERIFY(this)); 1143 current_frame.pop_stack( 1144 VerificationType::integer_type(), CHECK_VERIFY(this)); 1145 atype = current_frame.pop_stack( 1146 VerificationType::reference_check(), CHECK_VERIFY(this)); 1147 if (!atype.is_short_array()) { 1148 verify_error(ErrorContext::bad_type(bci, 1149 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1150 bad_type_msg, "sastore"); 1151 return; 1152 } 1153 no_control_flow = false; break; 1154 case Bytecodes::_lastore : 1155 current_frame.pop_stack_2( 1156 VerificationType::long2_type(), 1157 VerificationType::long_type(), CHECK_VERIFY(this)); 1158 current_frame.pop_stack( 1159 VerificationType::integer_type(), CHECK_VERIFY(this)); 1160 atype = current_frame.pop_stack( 1161 VerificationType::reference_check(), CHECK_VERIFY(this)); 1162 if (!atype.is_long_array()) { 1163 verify_error(ErrorContext::bad_type(bci, 1164 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1165 bad_type_msg, "lastore"); 1166 return; 1167 } 1168 no_control_flow = false; break; 1169 case Bytecodes::_fastore : 1170 current_frame.pop_stack( 1171 VerificationType::float_type(), CHECK_VERIFY(this)); 1172 current_frame.pop_stack 1173 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1174 atype = current_frame.pop_stack( 1175 VerificationType::reference_check(), CHECK_VERIFY(this)); 1176 if (!atype.is_float_array()) { 1177 verify_error(ErrorContext::bad_type(bci, 1178 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1179 bad_type_msg, "fastore"); 1180 return; 1181 } 1182 no_control_flow = false; break; 1183 case Bytecodes::_dastore : 1184 current_frame.pop_stack_2( 1185 VerificationType::double2_type(), 1186 VerificationType::double_type(), CHECK_VERIFY(this)); 1187 current_frame.pop_stack( 1188 VerificationType::integer_type(), CHECK_VERIFY(this)); 1189 atype = current_frame.pop_stack( 1190 VerificationType::reference_check(), CHECK_VERIFY(this)); 1191 if (!atype.is_double_array()) { 1192 verify_error(ErrorContext::bad_type(bci, 1193 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1194 bad_type_msg, "dastore"); 1195 return; 1196 } 1197 no_control_flow = false; break; 1198 case Bytecodes::_aastore : 1199 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1200 type2 = current_frame.pop_stack( 1201 VerificationType::integer_type(), CHECK_VERIFY(this)); 1202 atype = current_frame.pop_stack( 1203 VerificationType::reference_check(), CHECK_VERIFY(this)); 1204 // more type-checking is done at runtime 1205 if (!atype.is_reference_array()) { 1206 verify_error(ErrorContext::bad_type(bci, 1207 current_frame.stack_top_ctx(), 1208 TypeOrigin::implicit(VerificationType::reference_check())), 1209 bad_type_msg, "aastore"); 1210 return; 1211 } 1212 // 4938384: relaxed constraint in JVMS 3nd edition. 1213 no_control_flow = false; break; 1214 case Bytecodes::_vastore : 1215 if (!vbytecodes_allowed) { 1216 class_format_error( 1217 "vastore not supported by this class file version (%d.%d), class %s", 1218 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1219 return; 1220 } 1221 type = current_frame.pop_stack(__value_type(), CHECK_VERIFY(this)); 1222 type2 = current_frame.pop_stack( 1223 VerificationType::integer_type(), CHECK_VERIFY(this)); 1224 atype = current_frame.pop_stack( 1225 VerificationType::reference_check(), CHECK_VERIFY(this)); 1226 // The null check is strictly not be necessary, left in for future proofing. 1227 // Will be reconsidered if type indexes are removed. 1228 if (atype.is_null() || !atype.is_value_array()) { 1229 verify_error(ErrorContext::bad_type(bci, 1230 current_frame.stack_top_ctx(), 1231 TypeOrigin::implicit(VerificationType::reference_check())), 1232 bad_type_msg, "vastore"); 1233 return; 1234 } 1235 no_control_flow = false; break; 1236 case Bytecodes::_pop : 1237 current_frame.pop_stack( 1238 VerificationType::category1_check(), CHECK_VERIFY(this)); 1239 no_control_flow = false; break; 1240 case Bytecodes::_pop2 : 1241 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1242 if (type.is_category1()) { 1243 current_frame.pop_stack( 1244 VerificationType::category1_check(), CHECK_VERIFY(this)); 1245 } else if (type.is_category2_2nd()) { 1246 current_frame.pop_stack( 1247 VerificationType::category2_check(), CHECK_VERIFY(this)); 1248 } else { 1249 /* Unreachable? Would need a category2_1st on TOS 1250 * which does not appear possible. */ 1251 verify_error( 1252 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1253 bad_type_msg, "pop2"); 1254 return; 1255 } 1256 no_control_flow = false; break; 1257 case Bytecodes::_dup : 1258 type = current_frame.pop_stack( 1259 VerificationType::category1_check(), CHECK_VERIFY(this)); 1260 current_frame.push_stack(type, CHECK_VERIFY(this)); 1261 current_frame.push_stack(type, CHECK_VERIFY(this)); 1262 no_control_flow = false; break; 1263 case Bytecodes::_dup_x1 : 1264 type = current_frame.pop_stack( 1265 VerificationType::category1_check(), CHECK_VERIFY(this)); 1266 type2 = current_frame.pop_stack( 1267 VerificationType::category1_check(), CHECK_VERIFY(this)); 1268 current_frame.push_stack(type, CHECK_VERIFY(this)); 1269 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1270 current_frame.push_stack(type, CHECK_VERIFY(this)); 1271 no_control_flow = false; break; 1272 case Bytecodes::_dup_x2 : 1273 { 1274 VerificationType type3; 1275 type = current_frame.pop_stack( 1276 VerificationType::category1_check(), CHECK_VERIFY(this)); 1277 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1278 if (type2.is_category1()) { 1279 type3 = current_frame.pop_stack( 1280 VerificationType::category1_check(), CHECK_VERIFY(this)); 1281 } else if (type2.is_category2_2nd()) { 1282 type3 = current_frame.pop_stack( 1283 VerificationType::category2_check(), CHECK_VERIFY(this)); 1284 } else { 1285 /* Unreachable? Would need a category2_1st at stack depth 2 with 1286 * a category1 on TOS which does not appear possible. */ 1287 verify_error(ErrorContext::bad_type( 1288 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1289 return; 1290 } 1291 current_frame.push_stack(type, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1294 current_frame.push_stack(type, CHECK_VERIFY(this)); 1295 no_control_flow = false; break; 1296 } 1297 case Bytecodes::_dup2 : 1298 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1299 if (type.is_category1()) { 1300 type2 = current_frame.pop_stack( 1301 VerificationType::category1_check(), CHECK_VERIFY(this)); 1302 } else if (type.is_category2_2nd()) { 1303 type2 = current_frame.pop_stack( 1304 VerificationType::category2_check(), CHECK_VERIFY(this)); 1305 } else { 1306 /* Unreachable? Would need a category2_1st on TOS which does not 1307 * appear possible. */ 1308 verify_error( 1309 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1310 bad_type_msg, "dup2"); 1311 return; 1312 } 1313 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1314 current_frame.push_stack(type, CHECK_VERIFY(this)); 1315 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1316 current_frame.push_stack(type, CHECK_VERIFY(this)); 1317 no_control_flow = false; break; 1318 case Bytecodes::_dup2_x1 : 1319 { 1320 VerificationType type3; 1321 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1322 if (type.is_category1()) { 1323 type2 = current_frame.pop_stack( 1324 VerificationType::category1_check(), CHECK_VERIFY(this)); 1325 } else if (type.is_category2_2nd()) { 1326 type2 = current_frame.pop_stack( 1327 VerificationType::category2_check(), CHECK_VERIFY(this)); 1328 } else { 1329 /* Unreachable? Would need a category2_1st on TOS which does 1330 * not appear possible. */ 1331 verify_error( 1332 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1333 bad_type_msg, "dup2_x1"); 1334 return; 1335 } 1336 type3 = current_frame.pop_stack( 1337 VerificationType::category1_check(), CHECK_VERIFY(this)); 1338 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1339 current_frame.push_stack(type, CHECK_VERIFY(this)); 1340 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1341 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1342 current_frame.push_stack(type, CHECK_VERIFY(this)); 1343 no_control_flow = false; break; 1344 } 1345 case Bytecodes::_dup2_x2 : 1346 { 1347 VerificationType type3, type4; 1348 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1349 if (type.is_category1()) { 1350 type2 = current_frame.pop_stack( 1351 VerificationType::category1_check(), CHECK_VERIFY(this)); 1352 } else if (type.is_category2_2nd()) { 1353 type2 = current_frame.pop_stack( 1354 VerificationType::category2_check(), CHECK_VERIFY(this)); 1355 } else { 1356 /* Unreachable? Would need a category2_1st on TOS which does 1357 * not appear possible. */ 1358 verify_error( 1359 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1360 bad_type_msg, "dup2_x2"); 1361 return; 1362 } 1363 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1364 if (type3.is_category1()) { 1365 type4 = current_frame.pop_stack( 1366 VerificationType::category1_check(), CHECK_VERIFY(this)); 1367 } else if (type3.is_category2_2nd()) { 1368 type4 = current_frame.pop_stack( 1369 VerificationType::category2_check(), CHECK_VERIFY(this)); 1370 } else { 1371 /* Unreachable? Would need a category2_1st on TOS after popping 1372 * a long/double or two category 1's, which does not 1373 * appear possible. */ 1374 verify_error( 1375 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1376 bad_type_msg, "dup2_x2"); 1377 return; 1378 } 1379 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1380 current_frame.push_stack(type, CHECK_VERIFY(this)); 1381 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1382 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1383 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1384 current_frame.push_stack(type, CHECK_VERIFY(this)); 1385 no_control_flow = false; break; 1386 } 1387 case Bytecodes::_swap : 1388 type = current_frame.pop_stack( 1389 VerificationType::category1_check(), CHECK_VERIFY(this)); 1390 type2 = current_frame.pop_stack( 1391 VerificationType::category1_check(), CHECK_VERIFY(this)); 1392 current_frame.push_stack(type, CHECK_VERIFY(this)); 1393 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1394 no_control_flow = false; break; 1395 case Bytecodes::_iadd : 1396 case Bytecodes::_isub : 1397 case Bytecodes::_imul : 1398 case Bytecodes::_idiv : 1399 case Bytecodes::_irem : 1400 case Bytecodes::_ishl : 1401 case Bytecodes::_ishr : 1402 case Bytecodes::_iushr : 1403 case Bytecodes::_ior : 1404 case Bytecodes::_ixor : 1405 case Bytecodes::_iand : 1406 current_frame.pop_stack( 1407 VerificationType::integer_type(), CHECK_VERIFY(this)); 1408 // fall through 1409 case Bytecodes::_ineg : 1410 current_frame.pop_stack( 1411 VerificationType::integer_type(), CHECK_VERIFY(this)); 1412 current_frame.push_stack( 1413 VerificationType::integer_type(), CHECK_VERIFY(this)); 1414 no_control_flow = false; break; 1415 case Bytecodes::_ladd : 1416 case Bytecodes::_lsub : 1417 case Bytecodes::_lmul : 1418 case Bytecodes::_ldiv : 1419 case Bytecodes::_lrem : 1420 case Bytecodes::_land : 1421 case Bytecodes::_lor : 1422 case Bytecodes::_lxor : 1423 current_frame.pop_stack_2( 1424 VerificationType::long2_type(), 1425 VerificationType::long_type(), CHECK_VERIFY(this)); 1426 // fall through 1427 case Bytecodes::_lneg : 1428 current_frame.pop_stack_2( 1429 VerificationType::long2_type(), 1430 VerificationType::long_type(), CHECK_VERIFY(this)); 1431 current_frame.push_stack_2( 1432 VerificationType::long_type(), 1433 VerificationType::long2_type(), CHECK_VERIFY(this)); 1434 no_control_flow = false; break; 1435 case Bytecodes::_lshl : 1436 case Bytecodes::_lshr : 1437 case Bytecodes::_lushr : 1438 current_frame.pop_stack( 1439 VerificationType::integer_type(), CHECK_VERIFY(this)); 1440 current_frame.pop_stack_2( 1441 VerificationType::long2_type(), 1442 VerificationType::long_type(), CHECK_VERIFY(this)); 1443 current_frame.push_stack_2( 1444 VerificationType::long_type(), 1445 VerificationType::long2_type(), CHECK_VERIFY(this)); 1446 no_control_flow = false; break; 1447 case Bytecodes::_fadd : 1448 case Bytecodes::_fsub : 1449 case Bytecodes::_fmul : 1450 case Bytecodes::_fdiv : 1451 case Bytecodes::_frem : 1452 current_frame.pop_stack( 1453 VerificationType::float_type(), CHECK_VERIFY(this)); 1454 // fall through 1455 case Bytecodes::_fneg : 1456 current_frame.pop_stack( 1457 VerificationType::float_type(), CHECK_VERIFY(this)); 1458 current_frame.push_stack( 1459 VerificationType::float_type(), CHECK_VERIFY(this)); 1460 no_control_flow = false; break; 1461 case Bytecodes::_dadd : 1462 case Bytecodes::_dsub : 1463 case Bytecodes::_dmul : 1464 case Bytecodes::_ddiv : 1465 case Bytecodes::_drem : 1466 current_frame.pop_stack_2( 1467 VerificationType::double2_type(), 1468 VerificationType::double_type(), CHECK_VERIFY(this)); 1469 // fall through 1470 case Bytecodes::_dneg : 1471 current_frame.pop_stack_2( 1472 VerificationType::double2_type(), 1473 VerificationType::double_type(), CHECK_VERIFY(this)); 1474 current_frame.push_stack_2( 1475 VerificationType::double_type(), 1476 VerificationType::double2_type(), CHECK_VERIFY(this)); 1477 no_control_flow = false; break; 1478 case Bytecodes::_iinc : 1479 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1480 no_control_flow = false; break; 1481 case Bytecodes::_i2l : 1482 type = current_frame.pop_stack( 1483 VerificationType::integer_type(), CHECK_VERIFY(this)); 1484 current_frame.push_stack_2( 1485 VerificationType::long_type(), 1486 VerificationType::long2_type(), CHECK_VERIFY(this)); 1487 no_control_flow = false; break; 1488 case Bytecodes::_l2i : 1489 current_frame.pop_stack_2( 1490 VerificationType::long2_type(), 1491 VerificationType::long_type(), CHECK_VERIFY(this)); 1492 current_frame.push_stack( 1493 VerificationType::integer_type(), CHECK_VERIFY(this)); 1494 no_control_flow = false; break; 1495 case Bytecodes::_i2f : 1496 current_frame.pop_stack( 1497 VerificationType::integer_type(), CHECK_VERIFY(this)); 1498 current_frame.push_stack( 1499 VerificationType::float_type(), CHECK_VERIFY(this)); 1500 no_control_flow = false; break; 1501 case Bytecodes::_i2d : 1502 current_frame.pop_stack( 1503 VerificationType::integer_type(), CHECK_VERIFY(this)); 1504 current_frame.push_stack_2( 1505 VerificationType::double_type(), 1506 VerificationType::double2_type(), CHECK_VERIFY(this)); 1507 no_control_flow = false; break; 1508 case Bytecodes::_l2f : 1509 current_frame.pop_stack_2( 1510 VerificationType::long2_type(), 1511 VerificationType::long_type(), CHECK_VERIFY(this)); 1512 current_frame.push_stack( 1513 VerificationType::float_type(), CHECK_VERIFY(this)); 1514 no_control_flow = false; break; 1515 case Bytecodes::_l2d : 1516 current_frame.pop_stack_2( 1517 VerificationType::long2_type(), 1518 VerificationType::long_type(), CHECK_VERIFY(this)); 1519 current_frame.push_stack_2( 1520 VerificationType::double_type(), 1521 VerificationType::double2_type(), CHECK_VERIFY(this)); 1522 no_control_flow = false; break; 1523 case Bytecodes::_f2i : 1524 current_frame.pop_stack( 1525 VerificationType::float_type(), CHECK_VERIFY(this)); 1526 current_frame.push_stack( 1527 VerificationType::integer_type(), CHECK_VERIFY(this)); 1528 no_control_flow = false; break; 1529 case Bytecodes::_f2l : 1530 current_frame.pop_stack( 1531 VerificationType::float_type(), CHECK_VERIFY(this)); 1532 current_frame.push_stack_2( 1533 VerificationType::long_type(), 1534 VerificationType::long2_type(), CHECK_VERIFY(this)); 1535 no_control_flow = false; break; 1536 case Bytecodes::_f2d : 1537 current_frame.pop_stack( 1538 VerificationType::float_type(), CHECK_VERIFY(this)); 1539 current_frame.push_stack_2( 1540 VerificationType::double_type(), 1541 VerificationType::double2_type(), CHECK_VERIFY(this)); 1542 no_control_flow = false; break; 1543 case Bytecodes::_d2i : 1544 current_frame.pop_stack_2( 1545 VerificationType::double2_type(), 1546 VerificationType::double_type(), CHECK_VERIFY(this)); 1547 current_frame.push_stack( 1548 VerificationType::integer_type(), CHECK_VERIFY(this)); 1549 no_control_flow = false; break; 1550 case Bytecodes::_d2l : 1551 current_frame.pop_stack_2( 1552 VerificationType::double2_type(), 1553 VerificationType::double_type(), CHECK_VERIFY(this)); 1554 current_frame.push_stack_2( 1555 VerificationType::long_type(), 1556 VerificationType::long2_type(), CHECK_VERIFY(this)); 1557 no_control_flow = false; break; 1558 case Bytecodes::_d2f : 1559 current_frame.pop_stack_2( 1560 VerificationType::double2_type(), 1561 VerificationType::double_type(), CHECK_VERIFY(this)); 1562 current_frame.push_stack( 1563 VerificationType::float_type(), CHECK_VERIFY(this)); 1564 no_control_flow = false; break; 1565 case Bytecodes::_i2b : 1566 case Bytecodes::_i2c : 1567 case Bytecodes::_i2s : 1568 current_frame.pop_stack( 1569 VerificationType::integer_type(), CHECK_VERIFY(this)); 1570 current_frame.push_stack( 1571 VerificationType::integer_type(), CHECK_VERIFY(this)); 1572 no_control_flow = false; break; 1573 case Bytecodes::_lcmp : 1574 current_frame.pop_stack_2( 1575 VerificationType::long2_type(), 1576 VerificationType::long_type(), CHECK_VERIFY(this)); 1577 current_frame.pop_stack_2( 1578 VerificationType::long2_type(), 1579 VerificationType::long_type(), CHECK_VERIFY(this)); 1580 current_frame.push_stack( 1581 VerificationType::integer_type(), CHECK_VERIFY(this)); 1582 no_control_flow = false; break; 1583 case Bytecodes::_fcmpl : 1584 case Bytecodes::_fcmpg : 1585 current_frame.pop_stack( 1586 VerificationType::float_type(), CHECK_VERIFY(this)); 1587 current_frame.pop_stack( 1588 VerificationType::float_type(), CHECK_VERIFY(this)); 1589 current_frame.push_stack( 1590 VerificationType::integer_type(), CHECK_VERIFY(this)); 1591 no_control_flow = false; break; 1592 case Bytecodes::_dcmpl : 1593 case Bytecodes::_dcmpg : 1594 current_frame.pop_stack_2( 1595 VerificationType::double2_type(), 1596 VerificationType::double_type(), CHECK_VERIFY(this)); 1597 current_frame.pop_stack_2( 1598 VerificationType::double2_type(), 1599 VerificationType::double_type(), CHECK_VERIFY(this)); 1600 current_frame.push_stack( 1601 VerificationType::integer_type(), CHECK_VERIFY(this)); 1602 no_control_flow = false; break; 1603 case Bytecodes::_if_icmpeq: 1604 case Bytecodes::_if_icmpne: 1605 case Bytecodes::_if_icmplt: 1606 case Bytecodes::_if_icmpge: 1607 case Bytecodes::_if_icmpgt: 1608 case Bytecodes::_if_icmple: 1609 current_frame.pop_stack( 1610 VerificationType::integer_type(), CHECK_VERIFY(this)); 1611 // fall through 1612 case Bytecodes::_ifeq: 1613 case Bytecodes::_ifne: 1614 case Bytecodes::_iflt: 1615 case Bytecodes::_ifge: 1616 case Bytecodes::_ifgt: 1617 case Bytecodes::_ifle: 1618 current_frame.pop_stack( 1619 VerificationType::integer_type(), CHECK_VERIFY(this)); 1620 target = bcs.dest(); 1621 stackmap_table.check_jump_target( 1622 ¤t_frame, target, CHECK_VERIFY(this)); 1623 no_control_flow = false; break; 1624 case Bytecodes::_if_acmpeq : 1625 case Bytecodes::_if_acmpne : 1626 current_frame.pop_stack( 1627 VerificationType::reference_check(), CHECK_VERIFY(this)); 1628 // fall through 1629 case Bytecodes::_ifnull : 1630 case Bytecodes::_ifnonnull : 1631 current_frame.pop_stack( 1632 VerificationType::reference_check(), CHECK_VERIFY(this)); 1633 target = bcs.dest(); 1634 stackmap_table.check_jump_target 1635 (¤t_frame, target, CHECK_VERIFY(this)); 1636 no_control_flow = false; break; 1637 case Bytecodes::_goto : 1638 target = bcs.dest(); 1639 stackmap_table.check_jump_target( 1640 ¤t_frame, target, CHECK_VERIFY(this)); 1641 no_control_flow = true; break; 1642 case Bytecodes::_goto_w : 1643 target = bcs.dest_w(); 1644 stackmap_table.check_jump_target( 1645 ¤t_frame, target, CHECK_VERIFY(this)); 1646 no_control_flow = true; break; 1647 case Bytecodes::_tableswitch : 1648 case Bytecodes::_lookupswitch : 1649 verify_switch( 1650 &bcs, code_length, code_data, ¤t_frame, 1651 &stackmap_table, CHECK_VERIFY(this)); 1652 no_control_flow = true; break; 1653 case Bytecodes::_ireturn : 1654 type = current_frame.pop_stack( 1655 VerificationType::integer_type(), CHECK_VERIFY(this)); 1656 verify_return_value(return_type, type, bci, 1657 ¤t_frame, CHECK_VERIFY(this)); 1658 no_control_flow = true; break; 1659 case Bytecodes::_lreturn : 1660 type2 = current_frame.pop_stack( 1661 VerificationType::long2_type(), CHECK_VERIFY(this)); 1662 type = current_frame.pop_stack( 1663 VerificationType::long_type(), CHECK_VERIFY(this)); 1664 verify_return_value(return_type, type, bci, 1665 ¤t_frame, CHECK_VERIFY(this)); 1666 no_control_flow = true; break; 1667 case Bytecodes::_freturn : 1668 type = current_frame.pop_stack( 1669 VerificationType::float_type(), CHECK_VERIFY(this)); 1670 verify_return_value(return_type, type, bci, 1671 ¤t_frame, CHECK_VERIFY(this)); 1672 no_control_flow = true; break; 1673 case Bytecodes::_dreturn : 1674 type2 = current_frame.pop_stack( 1675 VerificationType::double2_type(), CHECK_VERIFY(this)); 1676 type = current_frame.pop_stack( 1677 VerificationType::double_type(), CHECK_VERIFY(this)); 1678 verify_return_value(return_type, type, bci, 1679 ¤t_frame, CHECK_VERIFY(this)); 1680 no_control_flow = true; break; 1681 case Bytecodes::_areturn : 1682 type = current_frame.pop_stack( 1683 VerificationType::reference_check(), CHECK_VERIFY(this)); 1684 verify_return_value(return_type, type, bci, 1685 ¤t_frame, CHECK_VERIFY(this)); 1686 no_control_flow = true; break; 1687 case Bytecodes::_vreturn : 1688 if (!vbytecodes_allowed) { 1689 class_format_error( 1690 "vreturn not supported by this class file version (%d.%d), class %s", 1691 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1692 return; 1693 } 1694 type = current_frame.pop_stack( 1695 VerificationType::valuetype_check(), CHECK_VERIFY(this)); 1696 verify_return_value(return_type, type, bci, 1697 ¤t_frame, CHECK_VERIFY(this)); 1698 no_control_flow = true; break; 1699 case Bytecodes::_return : 1700 if (return_type != VerificationType::bogus_type()) { 1701 verify_error(ErrorContext::bad_code(bci), 1702 "Method expects a return value"); 1703 return; 1704 } 1705 // Make sure "this" has been initialized if current method is an 1706 // <init>. 1707 if (_method->name() == vmSymbols::object_initializer_name() && 1708 current_frame.flag_this_uninit()) { 1709 verify_error(ErrorContext::bad_code(bci), 1710 "Constructor must call super() or this() " 1711 "before return"); 1712 return; 1713 } 1714 no_control_flow = true; break; 1715 case Bytecodes::_getstatic : 1716 case Bytecodes::_putstatic : 1717 // pass TRUE, operand can be an array type for getstatic/putstatic. 1718 verify_field_instructions( 1719 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1720 no_control_flow = false; break; 1721 case Bytecodes::_getfield : 1722 case Bytecodes::_putfield : 1723 // pass FALSE, operand can't be an array type for getfield/putfield. 1724 verify_field_instructions( 1725 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1726 no_control_flow = false; break; 1727 case Bytecodes::_vwithfield : 1728 if (!vbytecodes_allowed) { 1729 class_format_error( 1730 "vwithfield not supported by this class file version (%d.%d), class %s", 1731 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1732 return; 1733 } 1734 verify_vwithfield(&bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1735 no_control_flow = false; break; 1736 case Bytecodes::_invokevirtual : 1737 case Bytecodes::_invokespecial : 1738 case Bytecodes::_invokestatic : 1739 verify_invoke_instructions( 1740 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1741 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1742 no_control_flow = false; break; 1743 case Bytecodes::_invokeinterface : 1744 case Bytecodes::_invokedynamic : 1745 verify_invoke_instructions( 1746 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1747 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1748 no_control_flow = false; break; 1749 case Bytecodes::_new : 1750 { 1751 index = bcs.get_index_u2(); 1752 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1753 VerificationType new_class_type = 1754 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 1755 if (!new_class_type.is_object()) { 1756 verify_error(ErrorContext::bad_type(bci, 1757 TypeOrigin::cp(index, new_class_type)), 1758 "Illegal new instruction"); 1759 return; 1760 } 1761 type = VerificationType::uninitialized_type(bci); 1762 current_frame.push_stack(type, CHECK_VERIFY(this)); 1763 no_control_flow = false; break; 1764 } 1765 case Bytecodes::_vdefault : 1766 { 1767 if (!vbytecodes_allowed) { 1768 class_format_error( 1769 "vdefault not supported by this class file version (%d.%d), class %s", 1770 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1771 return; 1772 } 1773 index = bcs.get_index_u2(); 1774 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this)); 1775 VerificationType new_value_type = 1776 cp_index_to_valuetype(index, cp, CHECK_VERIFY(this)); 1777 if (!new_value_type.is_valuetype()) { 1778 verify_error(ErrorContext::bad_type(bci, 1779 TypeOrigin::cp(index, new_value_type)), 1780 "Illegal vdefault instruction"); 1781 return; 1782 } 1783 current_frame.push_stack(new_value_type, CHECK_VERIFY(this)); 1784 no_control_flow = false; break; 1785 } 1786 case Bytecodes::_newarray : 1787 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1788 current_frame.pop_stack( 1789 VerificationType::integer_type(), CHECK_VERIFY(this)); 1790 current_frame.push_stack(type, CHECK_VERIFY(this)); 1791 no_control_flow = false; break; 1792 case Bytecodes::_anewarray : 1793 verify_anewarray( 1794 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1795 no_control_flow = false; break; 1796 case Bytecodes::_arraylength : 1797 type = current_frame.pop_stack( 1798 VerificationType::reference_check(), CHECK_VERIFY(this)); 1799 if (!(type.is_null() || type.is_array())) { 1800 verify_error(ErrorContext::bad_type( 1801 bci, current_frame.stack_top_ctx()), 1802 bad_type_msg, "arraylength"); 1803 } 1804 current_frame.push_stack( 1805 VerificationType::integer_type(), CHECK_VERIFY(this)); 1806 no_control_flow = false; break; 1807 case Bytecodes::_checkcast : 1808 { 1809 index = bcs.get_index_u2(); 1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1812 VerificationType klass_type = cp_index_to_reference_type( 1813 index, cp, CHECK_VERIFY(this)); 1814 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1815 no_control_flow = false; break; 1816 } 1817 case Bytecodes::_instanceof : { 1818 index = bcs.get_index_u2(); 1819 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1820 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1821 current_frame.push_stack( 1822 VerificationType::integer_type(), CHECK_VERIFY(this)); 1823 no_control_flow = false; break; 1824 } 1825 case Bytecodes::_vbox : { 1826 if (!EnableMVT || !vbytecodes_allowed) { 1827 class_format_error( 1828 "vbox not supported by this class file version (%d.%d), class %s", 1829 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1830 return; 1831 } 1832 index = bcs.get_index_u2(); 1833 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1834 current_frame.pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this)); 1835 VerificationType klass_type = cp_index_to_reference_type( 1836 index, cp, CHECK_VERIFY(this)); 1837 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1838 no_control_flow = false; break; 1839 } 1840 case Bytecodes::_vunbox : { 1841 if (!EnableMVT || !vbytecodes_allowed) { 1842 class_format_error( 1843 "vunbox not supported by this class file version (%d.%d), class %s", 1844 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1845 return; 1846 } 1847 index = bcs.get_index_u2(); 1848 verify_cp_value_type(bci, index, cp, CHECK_VERIFY(this)); 1849 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1850 VerificationType value_type = cp_index_to_valuetype( 1851 index, cp, CHECK_VERIFY(this)); 1852 current_frame.push_stack(value_type, CHECK_VERIFY(this)); 1853 no_control_flow = false; break; 1854 } 1855 case Bytecodes::_monitorenter : 1856 case Bytecodes::_monitorexit : 1857 current_frame.pop_stack( 1858 VerificationType::reference_check(), CHECK_VERIFY(this)); 1859 no_control_flow = false; break; 1860 case Bytecodes::_multianewarray : 1861 { 1862 index = bcs.get_index_u2(); 1863 u2 dim = *(bcs.bcp()+3); 1864 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this)); 1865 VerificationType new_array_type = 1866 cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 1867 if (!new_array_type.is_array()) { 1868 verify_error(ErrorContext::bad_type(bci, 1869 TypeOrigin::cp(index, new_array_type)), 1870 "Illegal constant pool index in multianewarray instruction"); 1871 return; 1872 } 1873 if (dim < 1 || new_array_type.dimensions() < dim) { 1874 verify_error(ErrorContext::bad_code(bci), 1875 "Illegal dimension in multianewarray instruction: %d", dim); 1876 return; 1877 } 1878 for (int i = 0; i < dim; i++) { 1879 current_frame.pop_stack( 1880 VerificationType::integer_type(), CHECK_VERIFY(this)); 1881 } 1882 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1883 no_control_flow = false; break; 1884 } 1885 case Bytecodes::_athrow : 1886 type = VerificationType::reference_type( 1887 vmSymbols::java_lang_Throwable()); 1888 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1889 no_control_flow = true; break; 1890 default: 1891 // We only need to check the valid bytecodes in class file. 1892 // And jsr and ret are not in the new class file format in JDK1.5. 1893 verify_error(ErrorContext::bad_code(bci), 1894 "Bad instruction: %02x", opcode); 1895 no_control_flow = false; 1896 return; 1897 } // end switch 1898 } // end Merge with the next instruction 1899 1900 // Look for possible jump target in exception handlers and see if it matches 1901 // current_frame. Don't do this check if it has already been done (for 1902 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1903 // opcodes, such as invokespecial, may set the this_uninit flag. 1904 assert(!(verified_exc_handlers && this_uninit), 1905 "Exception handler targets got verified before this_uninit got set"); 1906 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1907 if (was_recursively_verified()) return; 1908 verify_exception_handler_targets( 1909 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1910 } 1911 } // end while 1912 1913 // Make sure that control flow does not fall through end of the method 1914 if (!no_control_flow) { 1915 verify_error(ErrorContext::bad_code(code_length), 1916 "Control flow falls through code end"); 1917 return; 1918 } 1919 } 1920 1921 #undef bad_type_message 1922 1923 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1924 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1925 memset(code_data, 0, sizeof(char) * code_length); 1926 RawBytecodeStream bcs(m); 1927 1928 while (!bcs.is_last_bytecode()) { 1929 if (bcs.raw_next() != Bytecodes::_illegal) { 1930 int bci = bcs.bci(); 1931 if (bcs.raw_code() == Bytecodes::_new) { 1932 code_data[bci] = NEW_OFFSET; 1933 } else { 1934 code_data[bci] = BYTECODE_OFFSET; 1935 } 1936 } else { 1937 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1938 return NULL; 1939 } 1940 } 1941 1942 return code_data; 1943 } 1944 1945 // Since this method references the constant pool, call was_recursively_verified() 1946 // before calling this method to make sure a prior class load did not cause the 1947 // current class to get verified. 1948 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1949 ExceptionTable exhandlers(_method()); 1950 int exlength = exhandlers.length(); 1951 constantPoolHandle cp (THREAD, _method->constants()); 1952 1953 for(int i = 0; i < exlength; i++) { 1954 u2 start_pc = exhandlers.start_pc(i); 1955 u2 end_pc = exhandlers.end_pc(i); 1956 u2 handler_pc = exhandlers.handler_pc(i); 1957 if (start_pc >= code_length || code_data[start_pc] == 0) { 1958 class_format_error("Illegal exception table start_pc %d", start_pc); 1959 return; 1960 } 1961 if (end_pc != code_length) { // special case: end_pc == code_length 1962 if (end_pc > code_length || code_data[end_pc] == 0) { 1963 class_format_error("Illegal exception table end_pc %d", end_pc); 1964 return; 1965 } 1966 } 1967 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1968 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1969 return; 1970 } 1971 int catch_type_index = exhandlers.catch_type_index(i); 1972 if (catch_type_index != 0) { 1973 VerificationType catch_type = cp_index_to_reference_type( 1974 catch_type_index, cp, CHECK_VERIFY(this)); 1975 VerificationType throwable = 1976 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1977 bool is_subclass = throwable.is_assignable_from( 1978 catch_type, this, false, CHECK_VERIFY(this)); 1979 if (!is_subclass) { 1980 // 4286534: should throw VerifyError according to recent spec change 1981 verify_error(ErrorContext::bad_type(handler_pc, 1982 TypeOrigin::cp(catch_type_index, catch_type), 1983 TypeOrigin::implicit(throwable)), 1984 "Catch type is not a subclass " 1985 "of Throwable in exception handler %d", handler_pc); 1986 return; 1987 } 1988 } 1989 if (start_pc < min) min = start_pc; 1990 if (end_pc > max) max = end_pc; 1991 } 1992 } 1993 1994 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1995 int localvariable_table_length = _method->localvariable_table_length(); 1996 if (localvariable_table_length > 0) { 1997 LocalVariableTableElement* table = _method->localvariable_table_start(); 1998 for (int i = 0; i < localvariable_table_length; i++) { 1999 u2 start_bci = table[i].start_bci; 2000 u2 length = table[i].length; 2001 2002 if (start_bci >= code_length || code_data[start_bci] == 0) { 2003 class_format_error( 2004 "Illegal local variable table start_pc %d", start_bci); 2005 return; 2006 } 2007 u4 end_bci = (u4)(start_bci + length); 2008 if (end_bci != code_length) { 2009 if (end_bci >= code_length || code_data[end_bci] == 0) { 2010 class_format_error( "Illegal local variable table length %d", length); 2011 return; 2012 } 2013 } 2014 } 2015 } 2016 } 2017 2018 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 2019 StackMapFrame* current_frame, 2020 StackMapTable* stackmap_table, 2021 bool no_control_flow, TRAPS) { 2022 if (stackmap_index < stackmap_table->get_frame_count()) { 2023 u2 this_offset = stackmap_table->get_offset(stackmap_index); 2024 if (no_control_flow && this_offset > bci) { 2025 verify_error(ErrorContext::missing_stackmap(bci), 2026 "Expecting a stack map frame"); 2027 return 0; 2028 } 2029 if (this_offset == bci) { 2030 ErrorContext ctx; 2031 // See if current stack map can be assigned to the frame in table. 2032 // current_frame is the stackmap frame got from the last instruction. 2033 // If matched, current_frame will be updated by this method. 2034 bool matches = stackmap_table->match_stackmap( 2035 current_frame, this_offset, stackmap_index, 2036 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 2037 if (!matches) { 2038 // report type error 2039 verify_error(ctx, "Instruction type does not match stack map"); 2040 return 0; 2041 } 2042 stackmap_index++; 2043 } else if (this_offset < bci) { 2044 // current_offset should have met this_offset. 2045 class_format_error("Bad stack map offset %d", this_offset); 2046 return 0; 2047 } 2048 } else if (no_control_flow) { 2049 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 2050 return 0; 2051 } 2052 return stackmap_index; 2053 } 2054 2055 // Since this method references the constant pool, call was_recursively_verified() 2056 // before calling this method to make sure a prior class load did not cause the 2057 // current class to get verified. 2058 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 2059 StackMapFrame* current_frame, 2060 StackMapTable* stackmap_table, TRAPS) { 2061 constantPoolHandle cp (THREAD, _method->constants()); 2062 ExceptionTable exhandlers(_method()); 2063 int exlength = exhandlers.length(); 2064 for(int i = 0; i < exlength; i++) { 2065 u2 start_pc = exhandlers.start_pc(i); 2066 u2 end_pc = exhandlers.end_pc(i); 2067 u2 handler_pc = exhandlers.handler_pc(i); 2068 int catch_type_index = exhandlers.catch_type_index(i); 2069 if(bci >= start_pc && bci < end_pc) { 2070 u1 flags = current_frame->flags(); 2071 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2072 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2073 if (catch_type_index != 0) { 2074 if (was_recursively_verified()) return; 2075 // We know that this index refers to a subclass of Throwable 2076 VerificationType catch_type = cp_index_to_reference_type( 2077 catch_type_index, cp, CHECK_VERIFY(this)); 2078 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2079 } else { 2080 VerificationType throwable = 2081 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2082 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2083 } 2084 ErrorContext ctx; 2085 bool matches = stackmap_table->match_stackmap( 2086 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2087 if (!matches) { 2088 verify_error(ctx, "Stack map does not match the one at " 2089 "exception handler %d", handler_pc); 2090 return; 2091 } 2092 } 2093 } 2094 } 2095 2096 void ClassVerifier::verify_cp_index( 2097 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2098 int nconstants = cp->length(); 2099 if ((index <= 0) || (index >= nconstants)) { 2100 verify_error(ErrorContext::bad_cp_index(bci, index), 2101 "Illegal constant pool index %d in class %s", 2102 index, cp->pool_holder()->external_name()); 2103 return; 2104 } 2105 } 2106 2107 void ClassVerifier::verify_cp_type( 2108 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2109 2110 // In some situations, bytecode rewriting may occur while we're verifying. 2111 // In this case, a constant pool cache exists and some indices refer to that 2112 // instead. Be sure we don't pick up such indices by accident. 2113 // We must check was_recursively_verified() before we get here. 2114 guarantee(cp->cache() == NULL, "not rewritten yet"); 2115 2116 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2117 unsigned int tag = cp->tag_at(index).value(); 2118 2119 if (tag == JVM_CONSTANT_Value) { 2120 tag = SAFE_JVM_CONSTANT_Value; //avoid overflow 2121 } 2122 2123 if ((types & (1 << tag)) == 0) { 2124 verify_error(ErrorContext::bad_cp_index(bci, index), 2125 "Illegal type at constant pool entry %d in class %s", 2126 index, cp->pool_holder()->external_name()); 2127 return; 2128 } 2129 } 2130 2131 void ClassVerifier::verify_cp_class_type( 2132 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2133 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2134 constantTag tag = cp->tag_at(index); 2135 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2136 verify_error(ErrorContext::bad_cp_index(bci, index), 2137 "Illegal type at constant pool entry %d in class %s", 2138 index, cp->pool_holder()->external_name()); 2139 return; 2140 } 2141 } 2142 2143 void ClassVerifier::verify_cp_value_type( 2144 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2145 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2146 constantTag tag = cp->tag_at(index); 2147 if (!tag.is_value_type() && !tag.is_unresolved_value_type()) { 2148 verify_error(ErrorContext::bad_cp_index(bci, index), 2149 "Illegal type at constant pool entry %d in class %s", 2150 index, cp->pool_holder()->external_name()); 2151 return; 2152 } 2153 } 2154 2155 // Used for MVT value type overloaded bytecodes (anewarray, getfield, multianewarray) 2156 void ClassVerifier::verify_cp_class_or_value_type( 2157 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2158 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2159 constantTag tag = cp->tag_at(index); 2160 if (!tag.is_klass() && !tag.is_unresolved_klass() && 2161 !tag.is_value_type() && !tag.is_unresolved_value_type()) { 2162 verify_error(ErrorContext::bad_cp_index(bci, index), 2163 "Illegal type at constant pool entry %d in class %s", 2164 index, cp->pool_holder()->external_name()); 2165 return; 2166 } 2167 } 2168 2169 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2170 stringStream ss; 2171 2172 ctx.reset_frames(); 2173 _exception_type = vmSymbols::java_lang_VerifyError(); 2174 _error_context = ctx; 2175 va_list va; 2176 va_start(va, msg); 2177 ss.vprint(msg, va); 2178 va_end(va); 2179 _message = ss.as_string(); 2180 #ifdef ASSERT 2181 ResourceMark rm; 2182 const char* exception_name = _exception_type->as_C_string(); 2183 Exceptions::debug_check_abort(exception_name, NULL); 2184 #endif // ndef ASSERT 2185 } 2186 2187 void ClassVerifier::class_format_error(const char* msg, ...) { 2188 stringStream ss; 2189 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2190 va_list va; 2191 va_start(va, msg); 2192 ss.vprint(msg, va); 2193 va_end(va); 2194 if (!_method.is_null()) { 2195 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2196 } 2197 _message = ss.as_string(); 2198 } 2199 2200 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2201 HandleMark hm(THREAD); 2202 // Get current loader and protection domain first. 2203 oop loader = current_class()->class_loader(); 2204 oop protection_domain = current_class()->protection_domain(); 2205 2206 Klass* kls = SystemDictionary::resolve_or_fail( 2207 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2208 true, THREAD); 2209 2210 if (log_is_enabled(Debug, class, resolve)) { 2211 InstanceKlass* cur_class = InstanceKlass::cast(current_class()); 2212 Verifier::trace_class_resolution(kls, cur_class); 2213 } 2214 return kls; 2215 } 2216 2217 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2218 Klass* target_class, 2219 Symbol* field_name, 2220 Symbol* field_sig, 2221 bool is_method) { 2222 NoSafepointVerifier nosafepoint; 2223 2224 // If target class isn't a super class of this class, we don't worry about this case 2225 if (!this_class->is_subclass_of(target_class)) { 2226 return false; 2227 } 2228 // Check if the specified method or field is protected 2229 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2230 fieldDescriptor fd; 2231 if (is_method) { 2232 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2233 if (m != NULL && m->is_protected()) { 2234 if (!this_class->is_same_class_package(m->method_holder())) { 2235 return true; 2236 } 2237 } 2238 } else { 2239 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2240 if (member_klass != NULL && fd.is_protected()) { 2241 if (!this_class->is_same_class_package(member_klass)) { 2242 return true; 2243 } 2244 } 2245 } 2246 return false; 2247 } 2248 2249 void ClassVerifier::verify_ldc( 2250 int opcode, u2 index, StackMapFrame* current_frame, 2251 const constantPoolHandle& cp, u2 bci, TRAPS) { 2252 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2253 constantTag tag = cp->tag_at(index); 2254 unsigned int types; 2255 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2256 if (!tag.is_unresolved_klass() && !tag.is_unresolved_value_type()) { 2257 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2258 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2259 | (1 << SAFE_JVM_CONSTANT_Value) 2260 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType); 2261 // Note: The class file parser already verified the legality of 2262 // MethodHandle and MethodType constants. 2263 // Note: SAFE_JVM_CONSTANT_Value is used instead of JVM_CONSTANT_Value 2264 // since JVM_CONSTANT_Value is an internally defined CP tag that is 2265 // defined with a large value. When shifting left JVM_CONSTANT_Value 2266 // would overrun the width of types. 2267 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2268 } 2269 } else { 2270 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2271 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 2272 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2273 } 2274 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2275 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2276 } else if (tag.is_string()) { 2277 current_frame->push_stack( 2278 VerificationType::reference_type( 2279 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2280 } else if (tag.is_klass() || tag.is_unresolved_klass() || 2281 tag.is_value_type() || tag.is_unresolved_value_type()) { 2282 current_frame->push_stack( 2283 VerificationType::reference_type( 2284 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2285 } else if (tag.is_int()) { 2286 current_frame->push_stack( 2287 VerificationType::integer_type(), CHECK_VERIFY(this)); 2288 } else if (tag.is_float()) { 2289 current_frame->push_stack( 2290 VerificationType::float_type(), CHECK_VERIFY(this)); 2291 } else if (tag.is_double()) { 2292 current_frame->push_stack_2( 2293 VerificationType::double_type(), 2294 VerificationType::double2_type(), CHECK_VERIFY(this)); 2295 } else if (tag.is_long()) { 2296 current_frame->push_stack_2( 2297 VerificationType::long_type(), 2298 VerificationType::long2_type(), CHECK_VERIFY(this)); 2299 } else if (tag.is_method_handle()) { 2300 current_frame->push_stack( 2301 VerificationType::reference_type( 2302 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2303 } else if (tag.is_method_type()) { 2304 current_frame->push_stack( 2305 VerificationType::reference_type( 2306 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2307 } else { 2308 /* Unreachable? verify_cp_type has already validated the cp type. */ 2309 verify_error( 2310 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2311 return; 2312 } 2313 } 2314 2315 void ClassVerifier::verify_switch( 2316 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2317 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2318 int bci = bcs->bci(); 2319 address bcp = bcs->bcp(); 2320 address aligned_bcp = align_up(bcp + 1, jintSize); 2321 2322 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2323 // 4639449 & 4647081: padding bytes must be 0 2324 u2 padding_offset = 1; 2325 while ((bcp + padding_offset) < aligned_bcp) { 2326 if(*(bcp + padding_offset) != 0) { 2327 verify_error(ErrorContext::bad_code(bci), 2328 "Nonzero padding byte in lookupswitch or tableswitch"); 2329 return; 2330 } 2331 padding_offset++; 2332 } 2333 } 2334 2335 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2336 int keys, delta; 2337 current_frame->pop_stack( 2338 VerificationType::integer_type(), CHECK_VERIFY(this)); 2339 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2340 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2341 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2342 if (low > high) { 2343 verify_error(ErrorContext::bad_code(bci), 2344 "low must be less than or equal to high in tableswitch"); 2345 return; 2346 } 2347 keys = high - low + 1; 2348 if (keys < 0) { 2349 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2350 return; 2351 } 2352 delta = 1; 2353 } else { 2354 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2355 if (keys < 0) { 2356 verify_error(ErrorContext::bad_code(bci), 2357 "number of keys in lookupswitch less than 0"); 2358 return; 2359 } 2360 delta = 2; 2361 // Make sure that the lookupswitch items are sorted 2362 for (int i = 0; i < (keys - 1); i++) { 2363 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2364 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2365 if (this_key >= next_key) { 2366 verify_error(ErrorContext::bad_code(bci), 2367 "Bad lookupswitch instruction"); 2368 return; 2369 } 2370 } 2371 } 2372 int target = bci + default_offset; 2373 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2374 for (int i = 0; i < keys; i++) { 2375 // Because check_jump_target() may safepoint, the bytecode could have 2376 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2377 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2378 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2379 stackmap_table->check_jump_target( 2380 current_frame, target, CHECK_VERIFY(this)); 2381 } 2382 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2383 } 2384 2385 bool ClassVerifier::name_in_supers( 2386 Symbol* ref_name, InstanceKlass* current) { 2387 Klass* super = current->super(); 2388 while (super != NULL) { 2389 if (super->name() == ref_name) { 2390 return true; 2391 } 2392 super = super->super(); 2393 } 2394 return false; 2395 } 2396 2397 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2398 StackMapFrame* current_frame, 2399 const constantPoolHandle& cp, 2400 bool allow_arrays, 2401 TRAPS) { 2402 u2 index = bcs->get_index_u2(); 2403 verify_cp_type(bcs->bci(), index, cp, 2404 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2405 2406 // Get field name and signature 2407 Symbol* field_name = cp->name_ref_at(index); 2408 Symbol* field_sig = cp->signature_ref_at(index); 2409 2410 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2411 class_format_error( 2412 "Invalid signature for field in class %s referenced " 2413 "from constant pool index %d", _klass->external_name(), index); 2414 return; 2415 } 2416 2417 // Get referenced class or value type 2418 constantTag field_class_tag = cp->tag_at(cp->klass_ref_index_at(index)); 2419 VerificationType ref_class_type; 2420 2421 // getfield is overloaded to allow for either a reference or value type 2422 if (bcs->raw_code() == Bytecodes::_getfield && 2423 (EnableMVT || EnableValhalla) && 2424 (field_class_tag.is_value_type() || field_class_tag.is_unresolved_value_type())) { 2425 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this)); 2426 if (!ref_class_type.is_valuetype()) { 2427 verify_error(ErrorContext::bad_type(bcs->bci(), 2428 TypeOrigin::cp(index, ref_class_type)), 2429 "Expecting reference to value type in class %s at constant pool index %d", 2430 _klass->external_name(), index); 2431 return; 2432 } 2433 } else { 2434 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2435 if (!ref_class_type.is_object() && 2436 (!allow_arrays || !ref_class_type.is_array())) { 2437 verify_error(ErrorContext::bad_type(bcs->bci(), 2438 TypeOrigin::cp(index, ref_class_type)), 2439 "Expecting reference to class in class %s at constant pool index %d", 2440 _klass->external_name(), index); 2441 return; 2442 } 2443 } 2444 2445 VerificationType target_class_type = ref_class_type; 2446 2447 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2448 "buffer type must match VerificationType size"); 2449 uintptr_t field_type_buffer[2]; 2450 VerificationType* field_type = (VerificationType*)field_type_buffer; 2451 // If we make a VerificationType[2] array directly, the compiler calls 2452 // to the c-runtime library to do the allocation instead of just 2453 // stack allocating it. Plus it would run constructors. This shows up 2454 // in performance profiles. 2455 2456 SignatureStream sig_stream(field_sig, false); 2457 VerificationType stack_object_type; 2458 int n = change_sig_to_verificationType( 2459 &sig_stream, field_type, CHECK_VERIFY(this)); 2460 u2 bci = bcs->bci(); 2461 bool is_assignable; 2462 switch (bcs->raw_code()) { 2463 case Bytecodes::_getstatic: { 2464 for (int i = 0; i < n; i++) { 2465 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2466 } 2467 break; 2468 } 2469 case Bytecodes::_putstatic: { 2470 for (int i = n - 1; i >= 0; i--) { 2471 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2472 } 2473 break; 2474 } 2475 case Bytecodes::_getfield: { 2476 stack_object_type = current_frame->pop_stack( 2477 target_class_type, CHECK_VERIFY(this)); 2478 for (int i = 0; i < n; i++) { 2479 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2480 } 2481 goto check_protected; 2482 } 2483 case Bytecodes::_putfield: { 2484 for (int i = n - 1; i >= 0; i--) { 2485 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2486 } 2487 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2488 2489 // The JVMS 2nd edition allows field initialization before the superclass 2490 // initializer, if the field is defined within the current class. 2491 fieldDescriptor fd; 2492 if (stack_object_type == VerificationType::uninitialized_this_type() && 2493 target_class_type.equals(current_type()) && 2494 _klass->find_local_field(field_name, field_sig, &fd)) { 2495 stack_object_type = current_type(); 2496 } 2497 is_assignable = target_class_type.is_assignable_from( 2498 stack_object_type, this, false, CHECK_VERIFY(this)); 2499 if (!is_assignable) { 2500 verify_error(ErrorContext::bad_type(bci, 2501 current_frame->stack_top_ctx(), 2502 TypeOrigin::cp(index, target_class_type)), 2503 "Bad type on operand stack in putfield"); 2504 return; 2505 } 2506 } 2507 check_protected: { 2508 if (_this_type == stack_object_type) 2509 break; // stack_object_type must be assignable to _current_class_type 2510 if (was_recursively_verified()) return; 2511 Symbol* ref_class_name = 2512 cp->klass_name_at(cp->klass_ref_index_at(index)); 2513 if (!name_in_supers(ref_class_name, current_class())) 2514 // stack_object_type must be assignable to _current_class_type since: 2515 // 1. stack_object_type must be assignable to ref_class. 2516 // 2. ref_class must be _current_class or a subclass of it. It can't 2517 // be a superclass of it. See revised JVMS 5.4.4. 2518 break; 2519 2520 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2521 if (is_protected_access(current_class(), ref_class_oop, field_name, 2522 field_sig, false)) { 2523 // It's protected access, check if stack object is assignable to 2524 // current class. 2525 is_assignable = current_type().is_assignable_from( 2526 stack_object_type, this, true, CHECK_VERIFY(this)); 2527 if (!is_assignable) { 2528 verify_error(ErrorContext::bad_type(bci, 2529 current_frame->stack_top_ctx(), 2530 TypeOrigin::implicit(current_type())), 2531 "Bad access to protected data in getfield"); 2532 return; 2533 } 2534 } 2535 break; 2536 } 2537 default: ShouldNotReachHere(); 2538 } 2539 } 2540 2541 void ClassVerifier::verify_vwithfield(RawBytecodeStream* bcs, 2542 StackMapFrame* current_frame, 2543 const constantPoolHandle& cp, 2544 TRAPS) { 2545 u2 index = bcs->get_index_u2(); 2546 verify_cp_type(bcs->bci(), index, cp, 2547 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2548 2549 // Get field name and signature 2550 Symbol* field_name = cp->name_ref_at(index); 2551 Symbol* field_sig = cp->signature_ref_at(index); 2552 2553 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2554 class_format_error( 2555 "Invalid signature for field in value type %s referenced " 2556 "from constant pool index %d", _klass->external_name(), index); 2557 return; 2558 } 2559 2560 // Check referenced value type 2561 VerificationType ref_value_type = cp_value_index_to_type( 2562 index, cp, CHECK_VERIFY(this)); 2563 if (!ref_value_type.is_valuetype()) { 2564 verify_error(ErrorContext::bad_type(bcs->bci(), 2565 TypeOrigin::cp(index, ref_value_type)), 2566 "Expecting reference to value type in class %s at constant pool index %d", 2567 _klass->external_name(), index); 2568 return; 2569 } 2570 VerificationType target_value_type = ref_value_type; 2571 2572 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2573 "buffer type must match VerificationType size"); 2574 uintptr_t field_type_buffer[2]; 2575 VerificationType* field_type = (VerificationType*)field_type_buffer; 2576 // If we make a VerificationType[2] array directly, the compiler calls 2577 // to the c-runtime library to do the allocation instead of just 2578 // stack allocating it. Plus it would run constructors. This shows up 2579 // in performance profiles. 2580 2581 SignatureStream sig_stream(field_sig, false); 2582 int n = change_sig_to_verificationType( 2583 &sig_stream, field_type, CHECK_VERIFY(this)); 2584 u2 bci = bcs->bci(); 2585 2586 // The type of value2 must be compatible with the descriptor of the referenced field. 2587 // n could be 2 if it is a double or long. 2588 for (int i = n - 1; i >= 0; i--) { 2589 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2590 } 2591 2592 // The type of value1 must be the direct value class type appearing in the field reference. 2593 VerificationType stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2594 2595 bool is_assignable = target_value_type.is_assignable_from( 2596 stack_object_type, this, false, CHECK_VERIFY(this)); 2597 if (!is_assignable) { 2598 verify_error(ErrorContext::bad_type(bci, 2599 current_frame->stack_top_ctx(), 2600 TypeOrigin::cp(index, target_value_type)), 2601 "Bad type on operand stack in vwithfield"); 2602 return; 2603 } 2604 2605 // The derived value class instance from another, modifying a field 2606 current_frame->push_stack(stack_object_type, CHECK_VERIFY(this)); 2607 } 2608 2609 // Look at the method's handlers. If the bci is in the handler's try block 2610 // then check if the handler_pc is already on the stack. If not, push it 2611 // unless the handler has already been scanned. 2612 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2613 GrowableArray<u4>* handler_list, 2614 GrowableArray<u4>* handler_stack, 2615 u4 bci) { 2616 int exlength = exhandlers->length(); 2617 for(int x = 0; x < exlength; x++) { 2618 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2619 u4 exhandler_pc = exhandlers->handler_pc(x); 2620 if (!handler_list->contains(exhandler_pc)) { 2621 handler_stack->append_if_missing(exhandler_pc); 2622 handler_list->append(exhandler_pc); 2623 } 2624 } 2625 } 2626 } 2627 2628 // Return TRUE if all code paths starting with start_bc_offset end in 2629 // bytecode athrow or loop. 2630 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2631 ResourceMark rm; 2632 // Create bytecode stream. 2633 RawBytecodeStream bcs(method()); 2634 u4 code_length = method()->code_size(); 2635 bcs.set_start(start_bc_offset); 2636 u4 target; 2637 // Create stack for storing bytecode start offsets for if* and *switch. 2638 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2639 // Create stack for handlers for try blocks containing this handler. 2640 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2641 // Create list of handlers that have been pushed onto the handler_stack 2642 // so that handlers embedded inside of their own TRY blocks only get 2643 // scanned once. 2644 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2645 // Create list of visited branch opcodes (goto* and if*). 2646 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2647 ExceptionTable exhandlers(_method()); 2648 2649 while (true) { 2650 if (bcs.is_last_bytecode()) { 2651 // if no more starting offsets to parse or if at the end of the 2652 // method then return false. 2653 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2654 return false; 2655 // Pop a bytecode starting offset and scan from there. 2656 bcs.set_start(bci_stack->pop()); 2657 } 2658 Bytecodes::Code opcode = bcs.raw_next(); 2659 u4 bci = bcs.bci(); 2660 2661 // If the bytecode is in a TRY block, push its handlers so they 2662 // will get parsed. 2663 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2664 2665 switch (opcode) { 2666 case Bytecodes::_if_icmpeq: 2667 case Bytecodes::_if_icmpne: 2668 case Bytecodes::_if_icmplt: 2669 case Bytecodes::_if_icmpge: 2670 case Bytecodes::_if_icmpgt: 2671 case Bytecodes::_if_icmple: 2672 case Bytecodes::_ifeq: 2673 case Bytecodes::_ifne: 2674 case Bytecodes::_iflt: 2675 case Bytecodes::_ifge: 2676 case Bytecodes::_ifgt: 2677 case Bytecodes::_ifle: 2678 case Bytecodes::_if_acmpeq: 2679 case Bytecodes::_if_acmpne: 2680 case Bytecodes::_ifnull: 2681 case Bytecodes::_ifnonnull: 2682 target = bcs.dest(); 2683 if (visited_branches->contains(bci)) { 2684 if (bci_stack->is_empty()) { 2685 if (handler_stack->is_empty()) { 2686 return true; 2687 } else { 2688 // Parse the catch handlers for try blocks containing athrow. 2689 bcs.set_start(handler_stack->pop()); 2690 } 2691 } else { 2692 // Pop a bytecode starting offset and scan from there. 2693 bcs.set_start(bci_stack->pop()); 2694 } 2695 } else { 2696 if (target > bci) { // forward branch 2697 if (target >= code_length) return false; 2698 // Push the branch target onto the stack. 2699 bci_stack->push(target); 2700 // then, scan bytecodes starting with next. 2701 bcs.set_start(bcs.next_bci()); 2702 } else { // backward branch 2703 // Push bytecode offset following backward branch onto the stack. 2704 bci_stack->push(bcs.next_bci()); 2705 // Check bytecodes starting with branch target. 2706 bcs.set_start(target); 2707 } 2708 // Record target so we don't branch here again. 2709 visited_branches->append(bci); 2710 } 2711 break; 2712 2713 case Bytecodes::_goto: 2714 case Bytecodes::_goto_w: 2715 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2716 if (visited_branches->contains(bci)) { 2717 if (bci_stack->is_empty()) { 2718 if (handler_stack->is_empty()) { 2719 return true; 2720 } else { 2721 // Parse the catch handlers for try blocks containing athrow. 2722 bcs.set_start(handler_stack->pop()); 2723 } 2724 } else { 2725 // Been here before, pop new starting offset from stack. 2726 bcs.set_start(bci_stack->pop()); 2727 } 2728 } else { 2729 if (target >= code_length) return false; 2730 // Continue scanning from the target onward. 2731 bcs.set_start(target); 2732 // Record target so we don't branch here again. 2733 visited_branches->append(bci); 2734 } 2735 break; 2736 2737 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2738 // is difficult to determine where each switch alternative ends, parse 2739 // each switch alternative until either hit a 'return', 'athrow', or reach 2740 // the end of the method's bytecodes. This is gross but should be okay 2741 // because: 2742 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2743 // constructor invocations should be rare. 2744 // 2. if each switch alternative ends in an athrow then the parsing should be 2745 // short. If there is no athrow then it is bogus code, anyway. 2746 case Bytecodes::_lookupswitch: 2747 case Bytecodes::_tableswitch: 2748 { 2749 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2750 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2751 int keys, delta; 2752 if (opcode == Bytecodes::_tableswitch) { 2753 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2754 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2755 // This is invalid, but let the regular bytecode verifier 2756 // report this because the user will get a better error message. 2757 if (low > high) return true; 2758 keys = high - low + 1; 2759 delta = 1; 2760 } else { 2761 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2762 delta = 2; 2763 } 2764 // Invalid, let the regular bytecode verifier deal with it. 2765 if (keys < 0) return true; 2766 2767 // Push the offset of the next bytecode onto the stack. 2768 bci_stack->push(bcs.next_bci()); 2769 2770 // Push the switch alternatives onto the stack. 2771 for (int i = 0; i < keys; i++) { 2772 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2773 if (target > code_length) return false; 2774 bci_stack->push(target); 2775 } 2776 2777 // Start bytecode parsing for the switch at the default alternative. 2778 if (default_offset > code_length) return false; 2779 bcs.set_start(default_offset); 2780 break; 2781 } 2782 2783 case Bytecodes::_return: 2784 return false; 2785 2786 case Bytecodes::_athrow: 2787 { 2788 if (bci_stack->is_empty()) { 2789 if (handler_stack->is_empty()) { 2790 return true; 2791 } else { 2792 // Parse the catch handlers for try blocks containing athrow. 2793 bcs.set_start(handler_stack->pop()); 2794 } 2795 } else { 2796 // Pop a bytecode offset and starting scanning from there. 2797 bcs.set_start(bci_stack->pop()); 2798 } 2799 } 2800 break; 2801 2802 default: 2803 ; 2804 } // end switch 2805 } // end while loop 2806 2807 return false; 2808 } 2809 2810 void ClassVerifier::verify_invoke_init( 2811 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2812 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2813 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2814 TRAPS) { 2815 u2 bci = bcs->bci(); 2816 VerificationType type = current_frame->pop_stack( 2817 VerificationType::reference_check(), CHECK_VERIFY(this)); 2818 if (type == VerificationType::uninitialized_this_type()) { 2819 // The method must be an <init> method of this class or its superclass 2820 Klass* superk = current_class()->super(); 2821 if (ref_class_type.name() != current_class()->name() && 2822 ref_class_type.name() != superk->name()) { 2823 verify_error(ErrorContext::bad_type(bci, 2824 TypeOrigin::implicit(ref_class_type), 2825 TypeOrigin::implicit(current_type())), 2826 "Bad <init> method call"); 2827 return; 2828 } 2829 2830 // If this invokespecial call is done from inside of a TRY block then make 2831 // sure that all catch clause paths end in a throw. Otherwise, this can 2832 // result in returning an incomplete object. 2833 if (in_try_block) { 2834 ExceptionTable exhandlers(_method()); 2835 int exlength = exhandlers.length(); 2836 for(int i = 0; i < exlength; i++) { 2837 u2 start_pc = exhandlers.start_pc(i); 2838 u2 end_pc = exhandlers.end_pc(i); 2839 2840 if (bci >= start_pc && bci < end_pc) { 2841 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2842 verify_error(ErrorContext::bad_code(bci), 2843 "Bad <init> method call from after the start of a try block"); 2844 return; 2845 } else if (log_is_enabled(Info, verification)) { 2846 ResourceMark rm(THREAD); 2847 log_info(verification)("Survived call to ends_in_athrow(): %s", 2848 current_class()->name()->as_C_string()); 2849 } 2850 } 2851 } 2852 2853 // Check the exception handler target stackmaps with the locals from the 2854 // incoming stackmap (before initialize_object() changes them to outgoing 2855 // state). 2856 if (was_recursively_verified()) return; 2857 verify_exception_handler_targets(bci, true, current_frame, 2858 stackmap_table, CHECK_VERIFY(this)); 2859 } // in_try_block 2860 2861 current_frame->initialize_object(type, current_type()); 2862 *this_uninit = true; 2863 } else if (type.is_uninitialized()) { 2864 u2 new_offset = type.bci(); 2865 address new_bcp = bcs->bcp() - bci + new_offset; 2866 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2867 /* Unreachable? Stack map parsing ensures valid type and new 2868 * instructions have a valid BCI. */ 2869 verify_error(ErrorContext::bad_code(new_offset), 2870 "Expecting new instruction"); 2871 return; 2872 } 2873 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2874 if (was_recursively_verified()) return; 2875 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2876 2877 // The method must be an <init> method of the indicated class 2878 VerificationType new_class_type = cp_index_to_reference_type( 2879 new_class_index, cp, CHECK_VERIFY(this)); 2880 if (!new_class_type.equals(ref_class_type)) { 2881 verify_error(ErrorContext::bad_type(bci, 2882 TypeOrigin::cp(new_class_index, new_class_type), 2883 TypeOrigin::cp(ref_class_index, ref_class_type)), 2884 "Call to wrong <init> method"); 2885 return; 2886 } 2887 // According to the VM spec, if the referent class is a superclass of the 2888 // current class, and is in a different runtime package, and the method is 2889 // protected, then the objectref must be the current class or a subclass 2890 // of the current class. 2891 VerificationType objectref_type = new_class_type; 2892 if (name_in_supers(ref_class_type.name(), current_class())) { 2893 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2894 if (was_recursively_verified()) return; 2895 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2896 vmSymbols::object_initializer_name(), 2897 cp->signature_ref_at(bcs->get_index_u2()), 2898 Klass::find_overpass); 2899 // Do nothing if method is not found. Let resolution detect the error. 2900 if (m != NULL) { 2901 InstanceKlass* mh = m->method_holder(); 2902 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2903 bool assignable = current_type().is_assignable_from( 2904 objectref_type, this, true, CHECK_VERIFY(this)); 2905 if (!assignable) { 2906 verify_error(ErrorContext::bad_type(bci, 2907 TypeOrigin::cp(new_class_index, objectref_type), 2908 TypeOrigin::implicit(current_type())), 2909 "Bad access to protected <init> method"); 2910 return; 2911 } 2912 } 2913 } 2914 } 2915 // Check the exception handler target stackmaps with the locals from the 2916 // incoming stackmap (before initialize_object() changes them to outgoing 2917 // state). 2918 if (in_try_block) { 2919 if (was_recursively_verified()) return; 2920 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2921 stackmap_table, CHECK_VERIFY(this)); 2922 } 2923 current_frame->initialize_object(type, new_class_type); 2924 } else { 2925 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2926 "Bad operand type when invoking <init>"); 2927 return; 2928 } 2929 } 2930 2931 bool ClassVerifier::is_same_or_direct_interface( 2932 InstanceKlass* klass, 2933 VerificationType klass_type, 2934 VerificationType ref_class_type) { 2935 if (ref_class_type.equals(klass_type)) return true; 2936 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2937 if (local_interfaces != NULL) { 2938 for (int x = 0; x < local_interfaces->length(); x++) { 2939 Klass* k = local_interfaces->at(x); 2940 assert (k != NULL && k->is_interface(), "invalid interface"); 2941 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2942 return true; 2943 } 2944 } 2945 } 2946 return false; 2947 } 2948 2949 void ClassVerifier::verify_invoke_instructions( 2950 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2951 bool in_try_block, bool *this_uninit, VerificationType return_type, 2952 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2953 // Make sure the constant pool item is the right type 2954 u2 index = bcs->get_index_u2(); 2955 Bytecodes::Code opcode = bcs->raw_code(); 2956 unsigned int types; 2957 switch (opcode) { 2958 case Bytecodes::_invokeinterface: 2959 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2960 break; 2961 case Bytecodes::_invokedynamic: 2962 types = 1 << JVM_CONSTANT_InvokeDynamic; 2963 break; 2964 case Bytecodes::_invokespecial: 2965 case Bytecodes::_invokestatic: 2966 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2967 (1 << JVM_CONSTANT_Methodref) : 2968 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2969 break; 2970 default: 2971 types = 1 << JVM_CONSTANT_Methodref; 2972 } 2973 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2974 2975 // Get method name and signature 2976 Symbol* method_name = cp->name_ref_at(index); 2977 Symbol* method_sig = cp->signature_ref_at(index); 2978 2979 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2980 class_format_error( 2981 "Invalid method signature in class %s referenced " 2982 "from constant pool index %d", _klass->external_name(), index); 2983 return; 2984 } 2985 2986 // Get referenced class or value type 2987 VerificationType ref_class_type; 2988 if (opcode == Bytecodes::_invokedynamic) { 2989 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2990 class_format_error( 2991 "invokedynamic instructions not supported by this class file version (%d), class %s", 2992 _klass->major_version(), _klass->external_name()); 2993 return; 2994 } 2995 } else { 2996 constantTag method_class_tag = cp->tag_at(cp->klass_ref_index_at(index)); 2997 if (EnableValhalla && 2998 opcode == Bytecodes::_invokevirtual && 2999 (method_class_tag.is_value_type() || method_class_tag.is_unresolved_value_type())) { 3000 ref_class_type = cp_value_index_to_type(index, cp, CHECK_VERIFY(this)); 3001 } else { 3002 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 3003 } 3004 } 3005 3006 // For a small signature length, we just allocate 128 bytes instead 3007 // of parsing the signature once to find its size. 3008 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 3009 // longs/doubles to be consertive. 3010 assert(sizeof(VerificationType) == sizeof(uintptr_t), 3011 "buffer type must match VerificationType size"); 3012 uintptr_t on_stack_sig_types_buffer[128]; 3013 // If we make a VerificationType[128] array directly, the compiler calls 3014 // to the c-runtime library to do the allocation instead of just 3015 // stack allocating it. Plus it would run constructors. This shows up 3016 // in performance profiles. 3017 3018 VerificationType* sig_types; 3019 int size = (method_sig->utf8_length() - 3) * 2; 3020 if (size > 128) { 3021 // Long and double occupies two slots here. 3022 ArgumentSizeComputer size_it(method_sig); 3023 size = size_it.size(); 3024 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 3025 } else{ 3026 sig_types = (VerificationType*)on_stack_sig_types_buffer; 3027 } 3028 SignatureStream sig_stream(method_sig); 3029 int sig_i = 0; 3030 while (!sig_stream.at_return_type()) { 3031 sig_i += change_sig_to_verificationType( 3032 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 3033 sig_stream.next(); 3034 } 3035 int nargs = sig_i; 3036 3037 #ifdef ASSERT 3038 { 3039 ArgumentSizeComputer size_it(method_sig); 3040 assert(nargs == size_it.size(), "Argument sizes do not match"); 3041 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 3042 } 3043 #endif 3044 3045 // Check instruction operands 3046 u2 bci = bcs->bci(); 3047 if (opcode == Bytecodes::_invokeinterface) { 3048 address bcp = bcs->bcp(); 3049 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 3050 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 3051 // the difference between the size of the operand stack before and after the instruction 3052 // executes. 3053 if (*(bcp+3) != (nargs+1)) { 3054 verify_error(ErrorContext::bad_code(bci), 3055 "Inconsistent args count operand in invokeinterface"); 3056 return; 3057 } 3058 if (*(bcp+4) != 0) { 3059 verify_error(ErrorContext::bad_code(bci), 3060 "Fourth operand byte of invokeinterface must be zero"); 3061 return; 3062 } 3063 } 3064 3065 if (opcode == Bytecodes::_invokedynamic) { 3066 address bcp = bcs->bcp(); 3067 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 3068 verify_error(ErrorContext::bad_code(bci), 3069 "Third and fourth operand bytes of invokedynamic must be zero"); 3070 return; 3071 } 3072 } 3073 3074 if (method_name->byte_at(0) == '<') { 3075 // Make sure <init> can only be invoked by invokespecial 3076 if (opcode != Bytecodes::_invokespecial || 3077 method_name != vmSymbols::object_initializer_name()) { 3078 verify_error(ErrorContext::bad_code(bci), 3079 "Illegal call to internal method"); 3080 return; 3081 } 3082 } else if (opcode == Bytecodes::_invokespecial 3083 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 3084 && !ref_class_type.equals(VerificationType::reference_type( 3085 current_class()->super()->name()))) { 3086 bool subtype = false; 3087 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 3088 if (!current_class()->is_anonymous()) { 3089 subtype = ref_class_type.is_assignable_from( 3090 current_type(), this, false, CHECK_VERIFY(this)); 3091 } else { 3092 VerificationType host_klass_type = 3093 VerificationType::reference_type(current_class()->host_klass()->name()); 3094 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 3095 3096 // If invokespecial of IMR, need to recheck for same or 3097 // direct interface relative to the host class 3098 have_imr_indirect = (have_imr_indirect && 3099 !is_same_or_direct_interface( 3100 current_class()->host_klass(), 3101 host_klass_type, ref_class_type)); 3102 } 3103 if (!subtype) { 3104 verify_error(ErrorContext::bad_code(bci), 3105 "Bad invokespecial instruction: " 3106 "current class isn't assignable to reference class."); 3107 return; 3108 } else if (have_imr_indirect) { 3109 verify_error(ErrorContext::bad_code(bci), 3110 "Bad invokespecial instruction: " 3111 "interface method reference is in an indirect superinterface."); 3112 return; 3113 } 3114 3115 } 3116 // Match method descriptor with operand stack 3117 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 3118 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 3119 } 3120 // Check objectref on operand stack 3121 if (opcode != Bytecodes::_invokestatic && 3122 opcode != Bytecodes::_invokedynamic) { 3123 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 3124 verify_invoke_init(bcs, index, ref_class_type, current_frame, 3125 code_length, in_try_block, this_uninit, cp, stackmap_table, 3126 CHECK_VERIFY(this)); 3127 if (was_recursively_verified()) return; 3128 } else { // other methods 3129 // Ensures that target class is assignable to method class. 3130 if (opcode == Bytecodes::_invokespecial) { 3131 if (!current_class()->is_anonymous()) { 3132 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 3133 } else { 3134 // anonymous class invokespecial calls: check if the 3135 // objectref is a subtype of the host_klass of the current class 3136 // to allow an anonymous class to reference methods in the host_klass 3137 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 3138 VerificationType hosttype = 3139 VerificationType::reference_type(current_class()->host_klass()->name()); 3140 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 3141 if (!subtype) { 3142 verify_error( ErrorContext::bad_type(current_frame->offset(), 3143 current_frame->stack_top_ctx(), 3144 TypeOrigin::implicit(top)), 3145 "Bad type on operand stack"); 3146 return; 3147 } 3148 } 3149 } else if (opcode == Bytecodes::_invokevirtual) { 3150 VerificationType stack_object_type = 3151 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3152 if (current_type() != stack_object_type) { 3153 if (was_recursively_verified()) return; 3154 assert(cp->cache() == NULL, "not rewritten yet"); 3155 Symbol* ref_class_name = 3156 cp->klass_name_at(cp->klass_ref_index_at(index)); 3157 // See the comments in verify_field_instructions() for 3158 // the rationale behind this. 3159 if (name_in_supers(ref_class_name, current_class())) { 3160 Klass* ref_class = load_class(ref_class_name, CHECK); 3161 if (is_protected_access( 3162 _klass, ref_class, method_name, method_sig, true)) { 3163 // It's protected access, check if stack object is 3164 // assignable to current class. 3165 bool is_assignable = current_type().is_assignable_from( 3166 stack_object_type, this, true, CHECK_VERIFY(this)); 3167 if (!is_assignable) { 3168 if (ref_class_type.name() == vmSymbols::java_lang_Object() 3169 && stack_object_type.is_array() 3170 && method_name == vmSymbols::clone_name()) { 3171 // Special case: arrays pretend to implement public Object 3172 // clone(). 3173 } else { 3174 verify_error(ErrorContext::bad_type(bci, 3175 current_frame->stack_top_ctx(), 3176 TypeOrigin::implicit(current_type())), 3177 "Bad access to protected data in invokevirtual"); 3178 return; 3179 } 3180 } 3181 } 3182 } 3183 } 3184 } else { 3185 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3186 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3187 } 3188 } 3189 } 3190 // Push the result type. 3191 if (sig_stream.type() != T_VOID) { 3192 if (method_name == vmSymbols::object_initializer_name()) { 3193 // <init> method must have a void return type 3194 /* Unreachable? Class file parser verifies that methods with '<' have 3195 * void return */ 3196 verify_error(ErrorContext::bad_code(bci), 3197 "Return type must be void in <init> method"); 3198 return; 3199 } 3200 VerificationType return_type[2]; 3201 int n = change_sig_to_verificationType( 3202 &sig_stream, return_type, CHECK_VERIFY(this)); 3203 for (int i = 0; i < n; i++) { 3204 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 3205 } 3206 } 3207 } 3208 3209 VerificationType ClassVerifier::get_newarray_type( 3210 u2 index, u2 bci, TRAPS) { 3211 const char* from_bt[] = { 3212 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3213 }; 3214 if (index < T_BOOLEAN || index > T_LONG) { 3215 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3216 return VerificationType::bogus_type(); 3217 } 3218 3219 // from_bt[index] contains the array signature which has a length of 2 3220 Symbol* sig = create_temporary_symbol( 3221 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 3222 return VerificationType::reference_type(sig); 3223 } 3224 3225 void ClassVerifier::verify_anewarray( 3226 u2 bci, u2 index, const constantPoolHandle& cp, 3227 StackMapFrame* current_frame, TRAPS) { 3228 verify_cp_class_or_value_type(bci, index, cp, CHECK_VERIFY(this)); 3229 current_frame->pop_stack( 3230 VerificationType::integer_type(), CHECK_VERIFY(this)); 3231 3232 if (was_recursively_verified()) return; 3233 constantTag class_tag = cp->tag_at(index); 3234 VerificationType component_type; 3235 if (class_tag.is_value_type() || class_tag.is_unresolved_value_type()) { 3236 component_type = cp_index_to_valuetype(index, cp, CHECK_VERIFY(this)); 3237 } else { 3238 component_type = cp_index_to_reference_type(index, cp, CHECK_VERIFY(this)); 3239 } 3240 int length; 3241 char* arr_sig_str; 3242 if (component_type.is_array()) { // it's an array 3243 const char* component_name = component_type.name()->as_utf8(); 3244 // Check for more than MAX_ARRAY_DIMENSIONS 3245 length = (int)strlen(component_name); 3246 if (length > MAX_ARRAY_DIMENSIONS && 3247 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 3248 verify_error(ErrorContext::bad_code(bci), 3249 "Illegal anewarray instruction, array has more than 255 dimensions"); 3250 } 3251 // add one dimension to component 3252 length++; 3253 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 3254 arr_sig_str[0] = '['; 3255 strncpy(&arr_sig_str[1], component_name, length - 1); 3256 } else { // it's an object or interface 3257 const char* component_name = component_type.name()->as_utf8(); 3258 // add one dimension to component with 'L' or 'Q' (value type) prepended and ';' appended. 3259 length = (int)strlen(component_name) + 3; 3260 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 3261 arr_sig_str[0] = '['; 3262 arr_sig_str[1] = component_type.is_reference() ? 'L' : 'Q'; 3263 strncpy(&arr_sig_str[2], component_name, length - 2); 3264 arr_sig_str[length - 1] = ';'; 3265 } 3266 Symbol* arr_sig = create_temporary_symbol( 3267 arr_sig_str, length, CHECK_VERIFY(this)); 3268 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3269 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3270 } 3271 3272 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3273 current_frame->get_local( 3274 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3275 current_frame->push_stack( 3276 VerificationType::integer_type(), CHECK_VERIFY(this)); 3277 } 3278 3279 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3280 current_frame->get_local_2( 3281 index, VerificationType::long_type(), 3282 VerificationType::long2_type(), CHECK_VERIFY(this)); 3283 current_frame->push_stack_2( 3284 VerificationType::long_type(), 3285 VerificationType::long2_type(), CHECK_VERIFY(this)); 3286 } 3287 3288 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3289 current_frame->get_local( 3290 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3291 current_frame->push_stack( 3292 VerificationType::float_type(), CHECK_VERIFY(this)); 3293 } 3294 3295 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3296 current_frame->get_local_2( 3297 index, VerificationType::double_type(), 3298 VerificationType::double2_type(), CHECK_VERIFY(this)); 3299 current_frame->push_stack_2( 3300 VerificationType::double_type(), 3301 VerificationType::double2_type(), CHECK_VERIFY(this)); 3302 } 3303 3304 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3305 VerificationType type = current_frame->get_local( 3306 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3307 current_frame->push_stack(type, CHECK_VERIFY(this)); 3308 } 3309 3310 void ClassVerifier::verify_vload(u2 index, StackMapFrame* current_frame, TRAPS) { 3311 VerificationType type = current_frame->get_local( 3312 index, VerificationType::valuetype_check(), CHECK_VERIFY(this)); 3313 current_frame->push_stack(type, CHECK_VERIFY(this)); 3314 } 3315 3316 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3317 current_frame->pop_stack( 3318 VerificationType::integer_type(), CHECK_VERIFY(this)); 3319 current_frame->set_local( 3320 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3321 } 3322 3323 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3324 current_frame->pop_stack_2( 3325 VerificationType::long2_type(), 3326 VerificationType::long_type(), CHECK_VERIFY(this)); 3327 current_frame->set_local_2( 3328 index, VerificationType::long_type(), 3329 VerificationType::long2_type(), CHECK_VERIFY(this)); 3330 } 3331 3332 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3333 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3334 current_frame->set_local( 3335 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3336 } 3337 3338 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3339 current_frame->pop_stack_2( 3340 VerificationType::double2_type(), 3341 VerificationType::double_type(), CHECK_VERIFY(this)); 3342 current_frame->set_local_2( 3343 index, VerificationType::double_type(), 3344 VerificationType::double2_type(), CHECK_VERIFY(this)); 3345 } 3346 3347 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3348 VerificationType type = current_frame->pop_stack( 3349 VerificationType::reference_check(), CHECK_VERIFY(this)); 3350 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3351 } 3352 3353 void ClassVerifier::verify_vstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3354 VerificationType type = current_frame->pop_stack( 3355 VerificationType::valuetype_check(), CHECK_VERIFY(this)); 3356 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3357 } 3358 3359 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3360 VerificationType type = current_frame->get_local( 3361 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3362 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3363 } 3364 3365 void ClassVerifier::verify_return_value( 3366 VerificationType return_type, VerificationType type, u2 bci, 3367 StackMapFrame* current_frame, TRAPS) { 3368 if (return_type == VerificationType::bogus_type()) { 3369 verify_error(ErrorContext::bad_type(bci, 3370 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3371 "Method expects a return value"); 3372 return; 3373 } 3374 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3375 if (!match) { 3376 verify_error(ErrorContext::bad_type(bci, 3377 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3378 "Bad return type"); 3379 return; 3380 } 3381 } 3382 3383 // The verifier creates symbols which are substrings of Symbols. 3384 // These are stored in the verifier until the end of verification so that 3385 // they can be reference counted. 3386 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3387 int end, TRAPS) { 3388 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3389 _symbols->push(sym); 3390 return sym; 3391 } 3392 3393 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3394 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3395 _symbols->push(sym); 3396 return sym; 3397 }