New src/jdk.internal.vm.compiler/share/classes/org.graalvm.compiler.core.test/src/org/graalvm/compiler/core/test/VerifyUnsafeAccess.java

   1 /*
   2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 
  25 package org.graalvm.compiler.core.test;
  26 
  27 import static java.lang.reflect.Modifier.isProtected;
  28 import static java.lang.reflect.Modifier.isPublic;
  29 
  30 import java.lang.reflect.Field;
  31 
  32 import org.graalvm.compiler.core.common.type.TypeReference;
  33 import org.graalvm.compiler.nodes.StructuredGraph;
  34 import org.graalvm.compiler.nodes.java.InstanceOfNode;
  35 import org.graalvm.compiler.nodes.java.MethodCallTargetNode;
  36 import org.graalvm.compiler.phases.VerifyPhase;
  37 import org.graalvm.compiler.phases.tiers.PhaseContext;
  38 import org.graalvm.compiler.serviceprovider.GraalUnsafeAccess;
  39 
  40 import jdk.vm.ci.meta.MetaAccessProvider;
  41 import jdk.vm.ci.meta.ResolvedJavaMethod;
  42 import jdk.vm.ci.meta.ResolvedJavaType;
  43 import sun.misc.Unsafe;
  44 
  45 /**
  46  * Checks that the {@link Unsafe} singleton instance is only accessed via well known classes such as
  47  * {@link GraalUnsafeAccess}.
  48  */
  49 public class VerifyUnsafeAccess extends VerifyPhase<PhaseContext> {
  50 
  51     @Override
  52     protected void verify(StructuredGraph graph, PhaseContext context) {
  53         MetaAccessProvider metaAccess = context.getMetaAccess();
  54         final ResolvedJavaType unsafeType = metaAccess.lookupJavaType(Unsafe.class);
  55 
  56         ResolvedJavaMethod caller = graph.method();
  57         String holderQualified = caller.format("%H");
  58         String holderUnqualified = caller.format("%h");
  59         String packageName = holderQualified.equals(holderUnqualified) ? "" : holderQualified.substring(0, holderQualified.length() - holderUnqualified.length() - 1);
  60         if ((holderQualified.equals(GraalUnsafeAccess.class.getName()) ||
  61                         holderQualified.equals("jdk.vm.ci.hotspot.UnsafeAccess")) &&
  62                         caller.getName().equals("initUnsafe")) {
  63             // This is the blessed way access Unsafe in Graal and JVMCI
  64             return;
  65         } else if (packageName.startsWith("com.oracle.truffle") || packageName.startsWith("org.graalvm.compiler.truffle.runtime")) {
  66             // Truffle and GraalTruffleRuntime do not depend on Graal and so cannot use
  67             // GraalUnsafeAccess
  68             return;
  69         }
  70 
  71         if (caller.getSignature().getReturnType(caller.getDeclaringClass()).equals(unsafeType)) {
  72             if (caller.isPublic()) {
  73                 if (holderQualified.equals(GraalUnsafeAccess.class.getName()) && caller.getName().equals("getUnsafe")) {
  74                     // pass
  75                 } else {
  76                     throw new VerificationError("Cannot leak Unsafe from public method %s",
  77                                     caller.format("%H.%n(%p)"));
  78                 }
  79             }
  80         }
  81 
  82         for (InstanceOfNode node : graph.getNodes().filter(InstanceOfNode.class)) {
  83             TypeReference typeRef = node.type();
  84             if (typeRef != null) {
  85                 if (unsafeType.isAssignableFrom(typeRef.getType())) {
  86                     throw new VerificationError("Cast to %s in %s is prohibited as it implies accessing Unsafe.theUnsafe via reflection. Use %s.getUnsafe() instead.",
  87                                     unsafeType.toJavaName(),
  88                                     caller.format("%H.%n(%p)"),
  89                                     GraalUnsafeAccess.class.getName());
  90 
  91                 }
  92             }
  93         }
  94         for (MethodCallTargetNode t : graph.getNodes(MethodCallTargetNode.TYPE)) {
  95             ResolvedJavaMethod callee = t.targetMethod();
  96             if (callee.getDeclaringClass().equals(unsafeType)) {
  97                 if (callee.getName().equals("getUnsafe")) {
  98                     throw new VerificationError("Call to %s at callsite %s is prohibited. Use %s.getUnsafe() instead.",
  99                                     callee.format("%H.%n(%p)"),
 100                                     caller.format("%H.%n(%p)"),
 101                                     GraalUnsafeAccess.class.getName());
 102                 }
 103             }
 104         }
 105     }
 106 
 107     @Override
 108     public void verifyClass(Class<?> c, MetaAccessProvider metaAccess) {
 109         for (Field field : c.getDeclaredFields()) {
 110             int modifiers = field.getModifiers();
 111             if (field.getType() == Unsafe.class && (isPublic(modifiers) || isProtected(modifiers))) {
 112                 throw new VerificationError("Field of type %s must be private or package-private: %s", Unsafe.class.getName(), field);
 113             }
 114         }
 115     }
 116 }