1 /* 2 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 25 package org.graalvm.compiler.core.test; 26 27 import static java.lang.reflect.Modifier.isProtected; 28 import static java.lang.reflect.Modifier.isPublic; 29 30 import java.lang.reflect.Field; 31 32 import org.graalvm.compiler.core.common.type.TypeReference; 33 import org.graalvm.compiler.nodes.StructuredGraph; 34 import org.graalvm.compiler.nodes.java.InstanceOfNode; 35 import org.graalvm.compiler.nodes.java.MethodCallTargetNode; 36 import org.graalvm.compiler.phases.VerifyPhase; 37 import org.graalvm.compiler.phases.tiers.PhaseContext; 38 import org.graalvm.compiler.serviceprovider.GraalUnsafeAccess; 39 40 import jdk.vm.ci.meta.MetaAccessProvider; 41 import jdk.vm.ci.meta.ResolvedJavaMethod; 42 import jdk.vm.ci.meta.ResolvedJavaType; 43 import sun.misc.Unsafe; 44 45 /** 46 * Checks that the {@link Unsafe} singleton instance is only accessed via well known classes such as 47 * {@link GraalUnsafeAccess}. 48 */ 49 public class VerifyUnsafeAccess extends VerifyPhase<PhaseContext> { 50 51 @Override 52 protected void verify(StructuredGraph graph, PhaseContext context) { 53 MetaAccessProvider metaAccess = context.getMetaAccess(); 54 final ResolvedJavaType unsafeType = metaAccess.lookupJavaType(Unsafe.class); 55 56 ResolvedJavaMethod caller = graph.method(); 57 String holderQualified = caller.format("%H"); 58 String holderUnqualified = caller.format("%h"); 59 String packageName = holderQualified.equals(holderUnqualified) ? "" : holderQualified.substring(0, holderQualified.length() - holderUnqualified.length() - 1); 60 if ((holderQualified.equals(GraalUnsafeAccess.class.getName()) || 61 holderQualified.equals("jdk.vm.ci.hotspot.UnsafeAccess")) && 62 caller.getName().equals("initUnsafe")) { 63 // This is the blessed way access Unsafe in Graal and JVMCI 64 return; 65 } else if (packageName.startsWith("com.oracle.truffle") || packageName.startsWith("org.graalvm.compiler.truffle.runtime")) { 66 // Truffle and GraalTruffleRuntime do not depend on Graal and so cannot use 67 // GraalUnsafeAccess 68 return; 69 } 70 71 if (caller.getSignature().getReturnType(caller.getDeclaringClass()).equals(unsafeType)) { 72 if (caller.isPublic()) { 73 if (holderQualified.equals(GraalUnsafeAccess.class.getName()) && caller.getName().equals("getUnsafe")) { 74 // pass 75 } else { 76 throw new VerificationError("Cannot leak Unsafe from public method %s", 77 caller.format("%H.%n(%p)")); 78 } 79 } 80 } 81 82 for (InstanceOfNode node : graph.getNodes().filter(InstanceOfNode.class)) { 83 TypeReference typeRef = node.type(); 84 if (typeRef != null) { 85 if (unsafeType.isAssignableFrom(typeRef.getType())) { 86 throw new VerificationError("Cast to %s in %s is prohibited as it implies accessing Unsafe.theUnsafe via reflection. Use %s.getUnsafe() instead.", 87 unsafeType.toJavaName(), 88 caller.format("%H.%n(%p)"), 89 GraalUnsafeAccess.class.getName()); 90 91 } 92 } 93 } 94 for (MethodCallTargetNode t : graph.getNodes(MethodCallTargetNode.TYPE)) { 95 ResolvedJavaMethod callee = t.targetMethod(); 96 if (callee.getDeclaringClass().equals(unsafeType)) { 97 if (callee.getName().equals("getUnsafe")) { 98 throw new VerificationError("Call to %s at callsite %s is prohibited. Use %s.getUnsafe() instead.", 99 callee.format("%H.%n(%p)"), 100 caller.format("%H.%n(%p)"), 101 GraalUnsafeAccess.class.getName()); 102 } 103 } 104 } 105 } 106 107 @Override 108 public void verifyClass(Class<?> c, MetaAccessProvider metaAccess) { 109 for (Field field : c.getDeclaredFields()) { 110 int modifiers = field.getModifiers(); 111 if (field.getType() == Unsafe.class && (isPublic(modifiers) || isProtected(modifiers))) { 112 throw new VerificationError("Field of type %s must be private or package-private: %s", Unsafe.class.getName(), field); 113 } 114 } 115 } 116 }