1 /*
2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTableFormat.hpp"
31 #include "classfile/systemDictionary.hpp"
32 #include "classfile/verifier.hpp"
33 #include "classfile/vmSymbols.hpp"
34 #include "interpreter/bytecodes.hpp"
35 #include "interpreter/bytecodeStream.hpp"
36 #include "memory/oopFactory.hpp"
37 #include "memory/resourceArea.hpp"
38 #include "oops/instanceKlass.hpp"
39 #include "oops/oop.inline.hpp"
40 #include "oops/typeArrayOop.hpp"
41 #include "prims/jvm.h"
42 #include "runtime/fieldDescriptor.hpp"
43 #include "runtime/handles.inline.hpp"
44 #include "runtime/interfaceSupport.hpp"
45 #include "runtime/javaCalls.hpp"
46 #include "runtime/orderAccess.inline.hpp"
47 #include "runtime/os.hpp"
48 #ifdef TARGET_ARCH_x86
49 # include "bytes_x86.hpp"
50 #endif
51 #ifdef TARGET_ARCH_sparc
52 # include "bytes_sparc.hpp"
53 #endif
54 #ifdef TARGET_ARCH_zero
55 # include "bytes_zero.hpp"
56 #endif
57 #ifdef TARGET_ARCH_arm
58 # include "bytes_arm.hpp"
59 #endif
60 #ifdef TARGET_ARCH_ppc
61 # include "bytes_ppc.hpp"
62 #endif
63
64 #define NOFAILOVER_MAJOR_VERSION 51
65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
67
68 // Access to external entry for VerifyClassCodes - old byte code verifier
69
70 extern "C" {
71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
72 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static void* volatile _verify_byte_codes_fn = NULL;
76
77 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
78
79 static void* verify_byte_codes_fn() {
80 if (_verify_byte_codes_fn == NULL) {
81 void *lib_handle = os::native_java_library();
82 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
83 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
84 if (func == NULL) {
85 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);
86 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
87 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
88 }
89 }
90 return (void*)_verify_byte_codes_fn;
91 }
92
93
94 // Methods in Verifier
95
96 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
97 return (class_loader == NULL || !should_verify_class) ?
98 BytecodeVerificationLocal : BytecodeVerificationRemote;
99 }
100
101 bool Verifier::relax_access_for(oop loader) {
102 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
103 bool need_verify =
104 // verifyAll
105 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
106 // verifyRemote
107 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
108 return !need_verify;
109 }
110
111 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
112 HandleMark hm;
113 ResourceMark rm(THREAD);
114
115 Symbol* exception_name = NULL;
116 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
117 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
118 char* exception_message = message_buffer;
119
120 const char* klassName = klass->external_name();
121 bool can_failover = FailOverToOldVerifier &&
122 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
123
124 // If the class should be verified, first see if we can use the split
125 // verifier. If not, or if verification fails and FailOverToOldVerifier
126 // is set, then call the inference verifier.
127 if (is_eligible_for_verification(klass, should_verify_class)) {
128 if (TraceClassInitialization) {
129 tty->print_cr("Start class verification for: %s", klassName);
130 }
131 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
132 ClassVerifier split_verifier(klass, THREAD);
133 split_verifier.verify_class(THREAD);
134 exception_name = split_verifier.result();
135 if (can_failover && !HAS_PENDING_EXCEPTION &&
136 (exception_name == vmSymbols::java_lang_VerifyError() ||
137 exception_name == vmSymbols::java_lang_ClassFormatError())) {
138 if (TraceClassInitialization || VerboseVerification) {
139 tty->print_cr(
140 "Fail over class verification to old verifier for: %s", klassName);
141 }
142 exception_name = inference_verify(
143 klass, message_buffer, message_buffer_len, THREAD);
144 }
145 if (exception_name != NULL) {
146 exception_message = split_verifier.exception_message();
147 }
148 } else {
149 exception_name = inference_verify(
150 klass, message_buffer, message_buffer_len, THREAD);
151 }
152
153 if (TraceClassInitialization || VerboseVerification) {
154 if (HAS_PENDING_EXCEPTION) {
155 tty->print("Verification for %s has", klassName);
156 tty->print_cr(" exception pending %s ",
157 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
158 } else if (exception_name != NULL) {
159 tty->print_cr("Verification for %s failed", klassName);
160 }
161 tty->print_cr("End class verification for: %s", klassName);
162 }
163 }
164
165 if (HAS_PENDING_EXCEPTION) {
166 return false; // use the existing exception
167 } else if (exception_name == NULL) {
168 return true; // verifcation succeeded
169 } else { // VerifyError or ClassFormatError to be created and thrown
170 ResourceMark rm(THREAD);
171 instanceKlassHandle kls =
172 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
173 while (!kls.is_null()) {
174 if (kls == klass) {
175 // If the class being verified is the exception we're creating
176 // or one of it's superclasses, we're in trouble and are going
177 // to infinitely recurse when we try to initialize the exception.
178 // So bail out here by throwing the preallocated VM error.
179 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
180 }
181 kls = kls->super();
182 }
183 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
184 THROW_MSG_(exception_name, exception_message, false);
185 }
186 }
187
188 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
189 Symbol* name = klass->name();
190 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
191
192 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
193
194 return (should_verify_for(klass->class_loader(), should_verify_class) &&
195 // return if the class is a bootstrapping class
196 // or defineClass specified not to verify by default (flags override passed arg)
197 // We need to skip the following four for bootstraping
198 name != vmSymbols::java_lang_Object() &&
199 name != vmSymbols::java_lang_Class() &&
200 name != vmSymbols::java_lang_String() &&
201 name != vmSymbols::java_lang_Throwable() &&
202
203 // Can not verify the bytecodes for shared classes because they have
204 // already been rewritten to contain constant pool cache indices,
205 // which the verifier can't understand.
206 // Shared classes shouldn't have stackmaps either.
207 !klass()->is_shared() &&
208
209 // As of the fix for 4486457 we disable verification for all of the
210 // dynamically-generated bytecodes associated with the 1.4
211 // reflection implementation, not just those associated with
212 // sun/reflect/SerializationConstructorAccessor.
213 // NOTE: this is called too early in the bootstrapping process to be
214 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
215 // Also for lambda generated code, gte jdk8
216 (!is_reflect || VerifyReflectionBytecodes));
217 }
218
219 Symbol* Verifier::inference_verify(
220 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
221 JavaThread* thread = (JavaThread*)THREAD;
222 JNIEnv *env = thread->jni_environment();
223
224 void* verify_func = verify_byte_codes_fn();
225
226 if (verify_func == NULL) {
227 jio_snprintf(message, message_len, "Could not link verifier");
228 return vmSymbols::java_lang_VerifyError();
229 }
230
231 ResourceMark rm(THREAD);
232 if (VerboseVerification) {
233 tty->print_cr("Verifying class %s with old format", klass->external_name());
234 }
235
236 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
237 jint result;
238
239 {
240 HandleMark hm(thread);
241 ThreadToNativeFromVM ttn(thread);
242 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
243 // code knows that we have left the VM
244
245 if (_is_new_verify_byte_codes_fn) {
246 verify_byte_codes_fn_new_t func =
247 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
248 result = (*func)(env, cls, message, (int)message_len,
249 klass->major_version());
250 } else {
251 verify_byte_codes_fn_t func =
252 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
253 result = (*func)(env, cls, message, (int)message_len);
254 }
255 }
256
257 JNIHandles::destroy_local(cls);
258
259 // These numbers are chosen so that VerifyClassCodes interface doesn't need
260 // to be changed (still return jboolean (unsigned char)), and result is
261 // 1 when verification is passed.
262 if (result == 0) {
263 return vmSymbols::java_lang_VerifyError();
264 } else if (result == 1) {
265 return NULL; // verified.
266 } else if (result == 2) {
267 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
268 } else if (result == 3) {
269 return vmSymbols::java_lang_ClassFormatError();
270 } else {
271 ShouldNotReachHere();
272 return NULL;
273 }
274 }
275
276 TypeOrigin TypeOrigin::null() {
277 return TypeOrigin();
278 }
279 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
280 assert(frame != NULL, "Must have a frame");
281 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
282 frame->local_at(index));
283 }
284 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
285 assert(frame != NULL, "Must have a frame");
286 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
287 frame->stack_at(index));
288 }
289 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
290 assert(frame != NULL, "Must have a frame");
291 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
292 frame->local_at(index));
293 }
294 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
295 assert(frame != NULL, "Must have a frame");
296 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
297 frame->stack_at(index));
298 }
299 TypeOrigin TypeOrigin::bad_index(u2 index) {
300 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
301 }
302 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
303 return TypeOrigin(CONST_POOL, index, NULL, vt);
304 }
305 TypeOrigin TypeOrigin::signature(VerificationType vt) {
306 return TypeOrigin(SIG, 0, NULL, vt);
307 }
308 TypeOrigin TypeOrigin::implicit(VerificationType t) {
309 return TypeOrigin(IMPLICIT, 0, NULL, t);
310 }
311 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
312 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
313 VerificationType::bogus_type());
314 }
315
316 void TypeOrigin::reset_frame() {
317 if (_frame != NULL) {
318 _frame->restore();
319 }
320 }
321
322 void TypeOrigin::details(outputStream* ss) const {
323 _type.print_on(ss);
324 switch (_origin) {
325 case CF_LOCALS:
326 ss->print(" (current frame, locals[%d])", _index);
327 break;
328 case CF_STACK:
329 ss->print(" (current frame, stack[%d])", _index);
330 break;
331 case SM_LOCALS:
332 ss->print(" (stack map, locals[%d])", _index);
333 break;
334 case SM_STACK:
335 ss->print(" (stack map, stack[%d])", _index);
336 break;
337 case CONST_POOL:
338 ss->print(" (constant pool %d)", _index);
339 break;
340 case SIG:
341 ss->print(" (from method signature)");
342 break;
343 case IMPLICIT:
344 case FRAME_ONLY:
345 case NONE:
346 default:
347 ;
348 }
349 }
350
351 #ifdef ASSERT
352 void TypeOrigin::print_on(outputStream* str) const {
353 str->print("{%d,%d,%p:", _origin, _index, _frame);
354 if (_frame != NULL) {
355 _frame->print_on(str);
356 } else {
357 str->print("null");
358 }
359 str->print(",");
360 _type.print_on(str);
361 str->print("}");
362 }
363 #endif
364
365 void ErrorContext::details(outputStream* ss, const Method* method) const {
366 if (is_valid()) {
367 ss->cr();
368 ss->print_cr("Exception Details:");
369 location_details(ss, method);
370 reason_details(ss);
371 frame_details(ss);
372 bytecode_details(ss, method);
373 handler_details(ss, method);
374 stackmap_details(ss, method);
375 }
376 }
377
378 void ErrorContext::reason_details(outputStream* ss) const {
379 streamIndentor si(ss);
380 ss->indent().print_cr("Reason:");
381 streamIndentor si2(ss);
382 ss->indent().print("%s", "");
383 switch (_fault) {
384 case INVALID_BYTECODE:
385 ss->print("Error exists in the bytecode");
386 break;
387 case WRONG_TYPE:
388 if (_expected.is_valid()) {
389 ss->print("Type ");
390 _type.details(ss);
391 ss->print(" is not assignable to ");
392 _expected.details(ss);
393 } else {
394 ss->print("Invalid type: ");
395 _type.details(ss);
396 }
397 break;
398 case FLAGS_MISMATCH:
399 if (_expected.is_valid()) {
400 ss->print("Current frame's flags are not assignable "
401 "to stack map frame's.");
402 } else {
403 ss->print("Current frame's flags are invalid in this context.");
404 }
405 break;
406 case BAD_CP_INDEX:
407 ss->print("Constant pool index %d is invalid", _type.index());
408 break;
409 case BAD_LOCAL_INDEX:
410 ss->print("Local index %d is invalid", _type.index());
411 break;
412 case LOCALS_SIZE_MISMATCH:
413 ss->print("Current frame's local size doesn't match stackmap.");
414 break;
415 case STACK_SIZE_MISMATCH:
416 ss->print("Current frame's stack size doesn't match stackmap.");
417 break;
418 case STACK_OVERFLOW:
419 ss->print("Exceeded max stack size.");
420 break;
421 case STACK_UNDERFLOW:
422 ss->print("Attempt to pop empty stack.");
423 break;
424 case MISSING_STACKMAP:
425 ss->print("Expected stackmap frame at this location.");
426 break;
427 case BAD_STACKMAP:
428 ss->print("Invalid stackmap specification.");
429 break;
430 case UNKNOWN:
431 default:
432 ShouldNotReachHere();
433 ss->print_cr("Unknown");
434 }
435 ss->cr();
436 }
437
438 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
439 if (_bci != -1 && method != NULL) {
440 streamIndentor si(ss);
441 const char* bytecode_name = "<invalid>";
442 if (method->validate_bci_from_bcx(_bci) != -1) {
443 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
444 if (Bytecodes::is_defined(code)) {
445 bytecode_name = Bytecodes::name(code);
446 } else {
447 bytecode_name = "<illegal>";
448 }
449 }
450 InstanceKlass* ik = method->method_holder();
451 ss->indent().print_cr("Location:");
452 streamIndentor si2(ss);
453 ss->indent().print_cr("%s.%s%s @%d: %s",
454 ik->name()->as_C_string(), method->name()->as_C_string(),
455 method->signature()->as_C_string(), _bci, bytecode_name);
456 }
457 }
458
459 void ErrorContext::frame_details(outputStream* ss) const {
460 streamIndentor si(ss);
461 if (_type.is_valid() && _type.frame() != NULL) {
462 ss->indent().print_cr("Current Frame:");
463 streamIndentor si2(ss);
464 _type.frame()->print_on(ss);
465 }
466 if (_expected.is_valid() && _expected.frame() != NULL) {
467 ss->indent().print_cr("Stackmap Frame:");
468 streamIndentor si2(ss);
469 _expected.frame()->print_on(ss);
470 }
471 }
472
473 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
474 if (method != NULL) {
475 streamIndentor si(ss);
476 ss->indent().print_cr("Bytecode:");
477 streamIndentor si2(ss);
478 ss->print_data(method->code_base(), method->code_size(), false);
479 }
480 }
481
482 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
483 if (method != NULL) {
484 streamIndentor si(ss);
485 ExceptionTable table(method);
486 if (table.length() > 0) {
487 ss->indent().print_cr("Exception Handler Table:");
488 streamIndentor si2(ss);
489 for (int i = 0; i < table.length(); ++i) {
490 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
491 table.end_pc(i), table.handler_pc(i));
492 }
493 }
494 }
495 }
496
497 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
498 if (method != NULL && method->has_stackmap_table()) {
499 streamIndentor si(ss);
500 ss->indent().print_cr("Stackmap Table:");
501 Array<u1>* data = method->stackmap_data();
502 stack_map_table* sm_table =
503 stack_map_table::at((address)data->adr_at(0));
504 stack_map_frame* sm_frame = sm_table->entries();
505 streamIndentor si2(ss);
506 int current_offset = -1;
507 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
508 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
509 ss->indent();
510 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
511 sm_frame->print_truncated(ss, current_offset);
512 return;
513 }
514 sm_frame->print_on(ss, current_offset);
515 ss->cr();
516 current_offset += sm_frame->offset_delta();
517 sm_frame = sm_frame->next();
518 }
519 }
520 }
521
522 // Methods in ClassVerifier
523
524 ClassVerifier::ClassVerifier(
525 instanceKlassHandle klass, TRAPS)
526 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
527 _this_type = VerificationType::reference_type(klass->name());
528 // Create list to hold symbols in reference area.
529 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
530 }
531
532 ClassVerifier::~ClassVerifier() {
533 // Decrement the reference count for any symbols created.
534 for (int i = 0; i < _symbols->length(); i++) {
535 Symbol* s = _symbols->at(i);
536 s->decrement_refcount();
537 }
538 }
539
540 VerificationType ClassVerifier::object_type() const {
541 return VerificationType::reference_type(vmSymbols::java_lang_Object());
542 }
543
544 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
545 VerificationType vt = VerificationType::reference_type(
546 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
547 return TypeOrigin::implicit(vt);
548 }
549
550 void ClassVerifier::verify_class(TRAPS) {
551 if (VerboseVerification) {
552 tty->print_cr("Verifying class %s with new format",
553 _klass->external_name());
554 }
555
556 Array<Method*>* methods = _klass->methods();
557 int num_methods = methods->length();
558
559 for (int index = 0; index < num_methods; index++) {
560 // Check for recursive re-verification before each method.
561 if (was_recursively_verified()) return;
562
563 Method* m = methods->at(index);
564 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
565 // If m is native or abstract, skip it. It is checked in class file
566 // parser that methods do not override a final method. Overpass methods
567 // are trusted since the VM generates them.
568 continue;
569 }
570 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
571 }
572
573 if (VerboseVerification || TraceClassInitialization) {
574 if (was_recursively_verified())
575 tty->print_cr("Recursive verification detected for: %s",
576 _klass->external_name());
577 }
578 }
579
580 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
581 HandleMark hm(THREAD);
582 _method = m; // initialize _method
583 if (VerboseVerification) {
584 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
585 }
586
587 // For clang, the only good constant format string is a literal constant format string.
588 #define bad_type_msg "Bad type on operand stack in %s"
589
590 int32_t max_stack = m->verifier_max_stack();
591 int32_t max_locals = m->max_locals();
592 constantPoolHandle cp(THREAD, m->constants());
593
594 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
595 class_format_error("Invalid method signature");
596 return;
597 }
598
599 // Initial stack map frame: offset is 0, stack is initially empty.
600 StackMapFrame current_frame(max_locals, max_stack, this);
601 // Set initial locals
602 VerificationType return_type = current_frame.set_locals_from_arg(
603 m, current_type(), CHECK_VERIFY(this));
604
605 int32_t stackmap_index = 0; // index to the stackmap array
606
607 u4 code_length = m->code_size();
608
609 // Scan the bytecode and map each instruction's start offset to a number.
610 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
611
612 int ex_min = code_length;
613 int ex_max = -1;
614 // Look through each item on the exception table. Each of the fields must refer
615 // to a legal instruction.
616 verify_exception_handler_table(
617 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
618
619 // Look through each entry on the local variable table and make sure
620 // its range of code array offsets is valid. (4169817)
621 if (m->has_localvariable_table()) {
622 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
623 }
624
625 Array<u1>* stackmap_data = m->stackmap_data();
626 StackMapStream stream(stackmap_data);
627 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
628 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
629 code_data, code_length, CHECK_VERIFY(this));
630
631 if (VerboseVerification) {
632 stackmap_table.print_on(tty);
633 }
634
635 RawBytecodeStream bcs(m);
636
637 // Scan the byte code linearly from the start to the end
638 bool no_control_flow = false; // Set to true when there is no direct control
639 // flow from current instruction to the next
640 // instruction in sequence
641
642 Bytecodes::Code opcode;
643 while (!bcs.is_last_bytecode()) {
644 // Check for recursive re-verification before each bytecode.
645 if (was_recursively_verified()) return;
646
647 opcode = bcs.raw_next();
648 u2 bci = bcs.bci();
649
650 // Set current frame's offset to bci
651 current_frame.set_offset(bci);
652 current_frame.set_mark();
653
654 // Make sure every offset in stackmap table point to the beginning to
655 // an instruction. Match current_frame to stackmap_table entry with
656 // the same offset if exists.
657 stackmap_index = verify_stackmap_table(
658 stackmap_index, bci, ¤t_frame, &stackmap_table,
659 no_control_flow, CHECK_VERIFY(this));
660
661
662 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
663 bool verified_exc_handlers = false;
664
665 // Merge with the next instruction
666 {
667 u2 index;
668 int target;
669 VerificationType type, type2;
670 VerificationType atype;
671
672 #ifndef PRODUCT
673 if (VerboseVerification) {
674 current_frame.print_on(tty);
675 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
676 }
677 #endif
678
679 // Make sure wide instruction is in correct format
680 if (bcs.is_wide()) {
681 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
682 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
683 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
684 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
685 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
686 opcode != Bytecodes::_dstore) {
687 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
688 * if we encounter a wide instruction that modifies an invalid
689 * opcode (not one of the ones listed above) */
690 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
691 return;
692 }
693 }
694
695 // Look for possible jump target in exception handlers and see if it
696 // matches current_frame. Do this check here for astore*, dstore*,
697 // fstore*, istore*, and lstore* opcodes because they can change the type
698 // state by adding a local. JVM Spec says that the incoming type state
699 // should be used for this check. So, do the check here before a possible
700 // local is added to the type state.
701 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
702 verify_exception_handler_targets(
703 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
704 verified_exc_handlers = true;
705 }
706
707 switch (opcode) {
708 case Bytecodes::_nop :
709 no_control_flow = false; break;
710 case Bytecodes::_aconst_null :
711 current_frame.push_stack(
712 VerificationType::null_type(), CHECK_VERIFY(this));
713 no_control_flow = false; break;
714 case Bytecodes::_iconst_m1 :
715 case Bytecodes::_iconst_0 :
716 case Bytecodes::_iconst_1 :
717 case Bytecodes::_iconst_2 :
718 case Bytecodes::_iconst_3 :
719 case Bytecodes::_iconst_4 :
720 case Bytecodes::_iconst_5 :
721 current_frame.push_stack(
722 VerificationType::integer_type(), CHECK_VERIFY(this));
723 no_control_flow = false; break;
724 case Bytecodes::_lconst_0 :
725 case Bytecodes::_lconst_1 :
726 current_frame.push_stack_2(
727 VerificationType::long_type(),
728 VerificationType::long2_type(), CHECK_VERIFY(this));
729 no_control_flow = false; break;
730 case Bytecodes::_fconst_0 :
731 case Bytecodes::_fconst_1 :
732 case Bytecodes::_fconst_2 :
733 current_frame.push_stack(
734 VerificationType::float_type(), CHECK_VERIFY(this));
735 no_control_flow = false; break;
736 case Bytecodes::_dconst_0 :
737 case Bytecodes::_dconst_1 :
738 current_frame.push_stack_2(
739 VerificationType::double_type(),
740 VerificationType::double2_type(), CHECK_VERIFY(this));
741 no_control_flow = false; break;
742 case Bytecodes::_sipush :
743 case Bytecodes::_bipush :
744 current_frame.push_stack(
745 VerificationType::integer_type(), CHECK_VERIFY(this));
746 no_control_flow = false; break;
747 case Bytecodes::_ldc :
748 verify_ldc(
749 opcode, bcs.get_index_u1(), ¤t_frame,
750 cp, bci, CHECK_VERIFY(this));
751 no_control_flow = false; break;
752 case Bytecodes::_ldc_w :
753 case Bytecodes::_ldc2_w :
754 verify_ldc(
755 opcode, bcs.get_index_u2(), ¤t_frame,
756 cp, bci, CHECK_VERIFY(this));
757 no_control_flow = false; break;
758 case Bytecodes::_iload :
759 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
760 no_control_flow = false; break;
761 case Bytecodes::_iload_0 :
762 case Bytecodes::_iload_1 :
763 case Bytecodes::_iload_2 :
764 case Bytecodes::_iload_3 :
765 index = opcode - Bytecodes::_iload_0;
766 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
767 no_control_flow = false; break;
768 case Bytecodes::_lload :
769 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
770 no_control_flow = false; break;
771 case Bytecodes::_lload_0 :
772 case Bytecodes::_lload_1 :
773 case Bytecodes::_lload_2 :
774 case Bytecodes::_lload_3 :
775 index = opcode - Bytecodes::_lload_0;
776 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
777 no_control_flow = false; break;
778 case Bytecodes::_fload :
779 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
780 no_control_flow = false; break;
781 case Bytecodes::_fload_0 :
782 case Bytecodes::_fload_1 :
783 case Bytecodes::_fload_2 :
784 case Bytecodes::_fload_3 :
785 index = opcode - Bytecodes::_fload_0;
786 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
787 no_control_flow = false; break;
788 case Bytecodes::_dload :
789 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
790 no_control_flow = false; break;
791 case Bytecodes::_dload_0 :
792 case Bytecodes::_dload_1 :
793 case Bytecodes::_dload_2 :
794 case Bytecodes::_dload_3 :
795 index = opcode - Bytecodes::_dload_0;
796 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
797 no_control_flow = false; break;
798 case Bytecodes::_aload :
799 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
800 no_control_flow = false; break;
801 case Bytecodes::_aload_0 :
802 case Bytecodes::_aload_1 :
803 case Bytecodes::_aload_2 :
804 case Bytecodes::_aload_3 :
805 index = opcode - Bytecodes::_aload_0;
806 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
807 no_control_flow = false; break;
808 case Bytecodes::_iaload :
809 type = current_frame.pop_stack(
810 VerificationType::integer_type(), CHECK_VERIFY(this));
811 atype = current_frame.pop_stack(
812 VerificationType::reference_check(), CHECK_VERIFY(this));
813 if (!atype.is_int_array()) {
814 verify_error(ErrorContext::bad_type(bci,
815 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
816 bad_type_msg, "iaload");
817 return;
818 }
819 current_frame.push_stack(
820 VerificationType::integer_type(), CHECK_VERIFY(this));
821 no_control_flow = false; break;
822 case Bytecodes::_baload :
823 type = current_frame.pop_stack(
824 VerificationType::integer_type(), CHECK_VERIFY(this));
825 atype = current_frame.pop_stack(
826 VerificationType::reference_check(), CHECK_VERIFY(this));
827 if (!atype.is_bool_array() && !atype.is_byte_array()) {
828 verify_error(
829 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
830 bad_type_msg, "baload");
831 return;
832 }
833 current_frame.push_stack(
834 VerificationType::integer_type(), CHECK_VERIFY(this));
835 no_control_flow = false; break;
836 case Bytecodes::_caload :
837 type = current_frame.pop_stack(
838 VerificationType::integer_type(), CHECK_VERIFY(this));
839 atype = current_frame.pop_stack(
840 VerificationType::reference_check(), CHECK_VERIFY(this));
841 if (!atype.is_char_array()) {
842 verify_error(ErrorContext::bad_type(bci,
843 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
844 bad_type_msg, "caload");
845 return;
846 }
847 current_frame.push_stack(
848 VerificationType::integer_type(), CHECK_VERIFY(this));
849 no_control_flow = false; break;
850 case Bytecodes::_saload :
851 type = current_frame.pop_stack(
852 VerificationType::integer_type(), CHECK_VERIFY(this));
853 atype = current_frame.pop_stack(
854 VerificationType::reference_check(), CHECK_VERIFY(this));
855 if (!atype.is_short_array()) {
856 verify_error(ErrorContext::bad_type(bci,
857 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
858 bad_type_msg, "saload");
859 return;
860 }
861 current_frame.push_stack(
862 VerificationType::integer_type(), CHECK_VERIFY(this));
863 no_control_flow = false; break;
864 case Bytecodes::_laload :
865 type = current_frame.pop_stack(
866 VerificationType::integer_type(), CHECK_VERIFY(this));
867 atype = current_frame.pop_stack(
868 VerificationType::reference_check(), CHECK_VERIFY(this));
869 if (!atype.is_long_array()) {
870 verify_error(ErrorContext::bad_type(bci,
871 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
872 bad_type_msg, "laload");
873 return;
874 }
875 current_frame.push_stack_2(
876 VerificationType::long_type(),
877 VerificationType::long2_type(), CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_faload :
880 type = current_frame.pop_stack(
881 VerificationType::integer_type(), CHECK_VERIFY(this));
882 atype = current_frame.pop_stack(
883 VerificationType::reference_check(), CHECK_VERIFY(this));
884 if (!atype.is_float_array()) {
885 verify_error(ErrorContext::bad_type(bci,
886 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
887 bad_type_msg, "faload");
888 return;
889 }
890 current_frame.push_stack(
891 VerificationType::float_type(), CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_daload :
894 type = current_frame.pop_stack(
895 VerificationType::integer_type(), CHECK_VERIFY(this));
896 atype = current_frame.pop_stack(
897 VerificationType::reference_check(), CHECK_VERIFY(this));
898 if (!atype.is_double_array()) {
899 verify_error(ErrorContext::bad_type(bci,
900 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
901 bad_type_msg, "daload");
902 return;
903 }
904 current_frame.push_stack_2(
905 VerificationType::double_type(),
906 VerificationType::double2_type(), CHECK_VERIFY(this));
907 no_control_flow = false; break;
908 case Bytecodes::_aaload : {
909 type = current_frame.pop_stack(
910 VerificationType::integer_type(), CHECK_VERIFY(this));
911 atype = current_frame.pop_stack(
912 VerificationType::reference_check(), CHECK_VERIFY(this));
913 if (!atype.is_reference_array()) {
914 verify_error(ErrorContext::bad_type(bci,
915 current_frame.stack_top_ctx(),
916 TypeOrigin::implicit(VerificationType::reference_check())),
917 bad_type_msg, "aaload");
918 return;
919 }
920 if (atype.is_null()) {
921 current_frame.push_stack(
922 VerificationType::null_type(), CHECK_VERIFY(this));
923 } else {
924 VerificationType component =
925 atype.get_component(this, CHECK_VERIFY(this));
926 current_frame.push_stack(component, CHECK_VERIFY(this));
927 }
928 no_control_flow = false; break;
929 }
930 case Bytecodes::_istore :
931 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 case Bytecodes::_istore_0 :
934 case Bytecodes::_istore_1 :
935 case Bytecodes::_istore_2 :
936 case Bytecodes::_istore_3 :
937 index = opcode - Bytecodes::_istore_0;
938 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
939 no_control_flow = false; break;
940 case Bytecodes::_lstore :
941 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
942 no_control_flow = false; break;
943 case Bytecodes::_lstore_0 :
944 case Bytecodes::_lstore_1 :
945 case Bytecodes::_lstore_2 :
946 case Bytecodes::_lstore_3 :
947 index = opcode - Bytecodes::_lstore_0;
948 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
949 no_control_flow = false; break;
950 case Bytecodes::_fstore :
951 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
952 no_control_flow = false; break;
953 case Bytecodes::_fstore_0 :
954 case Bytecodes::_fstore_1 :
955 case Bytecodes::_fstore_2 :
956 case Bytecodes::_fstore_3 :
957 index = opcode - Bytecodes::_fstore_0;
958 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
959 no_control_flow = false; break;
960 case Bytecodes::_dstore :
961 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_dstore_0 :
964 case Bytecodes::_dstore_1 :
965 case Bytecodes::_dstore_2 :
966 case Bytecodes::_dstore_3 :
967 index = opcode - Bytecodes::_dstore_0;
968 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
969 no_control_flow = false; break;
970 case Bytecodes::_astore :
971 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
972 no_control_flow = false; break;
973 case Bytecodes::_astore_0 :
974 case Bytecodes::_astore_1 :
975 case Bytecodes::_astore_2 :
976 case Bytecodes::_astore_3 :
977 index = opcode - Bytecodes::_astore_0;
978 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
979 no_control_flow = false; break;
980 case Bytecodes::_iastore :
981 type = current_frame.pop_stack(
982 VerificationType::integer_type(), CHECK_VERIFY(this));
983 type2 = current_frame.pop_stack(
984 VerificationType::integer_type(), CHECK_VERIFY(this));
985 atype = current_frame.pop_stack(
986 VerificationType::reference_check(), CHECK_VERIFY(this));
987 if (!atype.is_int_array()) {
988 verify_error(ErrorContext::bad_type(bci,
989 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
990 bad_type_msg, "iastore");
991 return;
992 }
993 no_control_flow = false; break;
994 case Bytecodes::_bastore :
995 type = current_frame.pop_stack(
996 VerificationType::integer_type(), CHECK_VERIFY(this));
997 type2 = current_frame.pop_stack(
998 VerificationType::integer_type(), CHECK_VERIFY(this));
999 atype = current_frame.pop_stack(
1000 VerificationType::reference_check(), CHECK_VERIFY(this));
1001 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1002 verify_error(
1003 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1004 bad_type_msg, "bastore");
1005 return;
1006 }
1007 no_control_flow = false; break;
1008 case Bytecodes::_castore :
1009 current_frame.pop_stack(
1010 VerificationType::integer_type(), CHECK_VERIFY(this));
1011 current_frame.pop_stack(
1012 VerificationType::integer_type(), CHECK_VERIFY(this));
1013 atype = current_frame.pop_stack(
1014 VerificationType::reference_check(), CHECK_VERIFY(this));
1015 if (!atype.is_char_array()) {
1016 verify_error(ErrorContext::bad_type(bci,
1017 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1018 bad_type_msg, "castore");
1019 return;
1020 }
1021 no_control_flow = false; break;
1022 case Bytecodes::_sastore :
1023 current_frame.pop_stack(
1024 VerificationType::integer_type(), CHECK_VERIFY(this));
1025 current_frame.pop_stack(
1026 VerificationType::integer_type(), CHECK_VERIFY(this));
1027 atype = current_frame.pop_stack(
1028 VerificationType::reference_check(), CHECK_VERIFY(this));
1029 if (!atype.is_short_array()) {
1030 verify_error(ErrorContext::bad_type(bci,
1031 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1032 bad_type_msg, "sastore");
1033 return;
1034 }
1035 no_control_flow = false; break;
1036 case Bytecodes::_lastore :
1037 current_frame.pop_stack_2(
1038 VerificationType::long2_type(),
1039 VerificationType::long_type(), CHECK_VERIFY(this));
1040 current_frame.pop_stack(
1041 VerificationType::integer_type(), CHECK_VERIFY(this));
1042 atype = current_frame.pop_stack(
1043 VerificationType::reference_check(), CHECK_VERIFY(this));
1044 if (!atype.is_long_array()) {
1045 verify_error(ErrorContext::bad_type(bci,
1046 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1047 bad_type_msg, "lastore");
1048 return;
1049 }
1050 no_control_flow = false; break;
1051 case Bytecodes::_fastore :
1052 current_frame.pop_stack(
1053 VerificationType::float_type(), CHECK_VERIFY(this));
1054 current_frame.pop_stack
1055 (VerificationType::integer_type(), CHECK_VERIFY(this));
1056 atype = current_frame.pop_stack(
1057 VerificationType::reference_check(), CHECK_VERIFY(this));
1058 if (!atype.is_float_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1061 bad_type_msg, "fastore");
1062 return;
1063 }
1064 no_control_flow = false; break;
1065 case Bytecodes::_dastore :
1066 current_frame.pop_stack_2(
1067 VerificationType::double2_type(),
1068 VerificationType::double_type(), CHECK_VERIFY(this));
1069 current_frame.pop_stack(
1070 VerificationType::integer_type(), CHECK_VERIFY(this));
1071 atype = current_frame.pop_stack(
1072 VerificationType::reference_check(), CHECK_VERIFY(this));
1073 if (!atype.is_double_array()) {
1074 verify_error(ErrorContext::bad_type(bci,
1075 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1076 bad_type_msg, "dastore");
1077 return;
1078 }
1079 no_control_flow = false; break;
1080 case Bytecodes::_aastore :
1081 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1082 type2 = current_frame.pop_stack(
1083 VerificationType::integer_type(), CHECK_VERIFY(this));
1084 atype = current_frame.pop_stack(
1085 VerificationType::reference_check(), CHECK_VERIFY(this));
1086 // more type-checking is done at runtime
1087 if (!atype.is_reference_array()) {
1088 verify_error(ErrorContext::bad_type(bci,
1089 current_frame.stack_top_ctx(),
1090 TypeOrigin::implicit(VerificationType::reference_check())),
1091 bad_type_msg, "aastore");
1092 return;
1093 }
1094 // 4938384: relaxed constraint in JVMS 3nd edition.
1095 no_control_flow = false; break;
1096 case Bytecodes::_pop :
1097 current_frame.pop_stack(
1098 VerificationType::category1_check(), CHECK_VERIFY(this));
1099 no_control_flow = false; break;
1100 case Bytecodes::_pop2 :
1101 type = current_frame.pop_stack(CHECK_VERIFY(this));
1102 if (type.is_category1()) {
1103 current_frame.pop_stack(
1104 VerificationType::category1_check(), CHECK_VERIFY(this));
1105 } else if (type.is_category2_2nd()) {
1106 current_frame.pop_stack(
1107 VerificationType::category2_check(), CHECK_VERIFY(this));
1108 } else {
1109 /* Unreachable? Would need a category2_1st on TOS
1110 * which does not appear possible. */
1111 verify_error(
1112 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1113 bad_type_msg, "pop2");
1114 return;
1115 }
1116 no_control_flow = false; break;
1117 case Bytecodes::_dup :
1118 type = current_frame.pop_stack(
1119 VerificationType::category1_check(), CHECK_VERIFY(this));
1120 current_frame.push_stack(type, CHECK_VERIFY(this));
1121 current_frame.push_stack(type, CHECK_VERIFY(this));
1122 no_control_flow = false; break;
1123 case Bytecodes::_dup_x1 :
1124 type = current_frame.pop_stack(
1125 VerificationType::category1_check(), CHECK_VERIFY(this));
1126 type2 = current_frame.pop_stack(
1127 VerificationType::category1_check(), CHECK_VERIFY(this));
1128 current_frame.push_stack(type, CHECK_VERIFY(this));
1129 current_frame.push_stack(type2, CHECK_VERIFY(this));
1130 current_frame.push_stack(type, CHECK_VERIFY(this));
1131 no_control_flow = false; break;
1132 case Bytecodes::_dup_x2 :
1133 {
1134 VerificationType type3;
1135 type = current_frame.pop_stack(
1136 VerificationType::category1_check(), CHECK_VERIFY(this));
1137 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1138 if (type2.is_category1()) {
1139 type3 = current_frame.pop_stack(
1140 VerificationType::category1_check(), CHECK_VERIFY(this));
1141 } else if (type2.is_category2_2nd()) {
1142 type3 = current_frame.pop_stack(
1143 VerificationType::category2_check(), CHECK_VERIFY(this));
1144 } else {
1145 /* Unreachable? Would need a category2_1st at stack depth 2 with
1146 * a category1 on TOS which does not appear possible. */
1147 verify_error(ErrorContext::bad_type(
1148 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1149 return;
1150 }
1151 current_frame.push_stack(type, CHECK_VERIFY(this));
1152 current_frame.push_stack(type3, CHECK_VERIFY(this));
1153 current_frame.push_stack(type2, CHECK_VERIFY(this));
1154 current_frame.push_stack(type, CHECK_VERIFY(this));
1155 no_control_flow = false; break;
1156 }
1157 case Bytecodes::_dup2 :
1158 type = current_frame.pop_stack(CHECK_VERIFY(this));
1159 if (type.is_category1()) {
1160 type2 = current_frame.pop_stack(
1161 VerificationType::category1_check(), CHECK_VERIFY(this));
1162 } else if (type.is_category2_2nd()) {
1163 type2 = current_frame.pop_stack(
1164 VerificationType::category2_check(), CHECK_VERIFY(this));
1165 } else {
1166 /* Unreachable? Would need a category2_1st on TOS which does not
1167 * appear possible. */
1168 verify_error(
1169 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1170 bad_type_msg, "dup2");
1171 return;
1172 }
1173 current_frame.push_stack(type2, CHECK_VERIFY(this));
1174 current_frame.push_stack(type, CHECK_VERIFY(this));
1175 current_frame.push_stack(type2, CHECK_VERIFY(this));
1176 current_frame.push_stack(type, CHECK_VERIFY(this));
1177 no_control_flow = false; break;
1178 case Bytecodes::_dup2_x1 :
1179 {
1180 VerificationType type3;
1181 type = current_frame.pop_stack(CHECK_VERIFY(this));
1182 if (type.is_category1()) {
1183 type2 = current_frame.pop_stack(
1184 VerificationType::category1_check(), CHECK_VERIFY(this));
1185 } else if (type.is_category2_2nd()) {
1186 type2 = current_frame.pop_stack(
1187 VerificationType::category2_check(), CHECK_VERIFY(this));
1188 } else {
1189 /* Unreachable? Would need a category2_1st on TOS which does
1190 * not appear possible. */
1191 verify_error(
1192 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1193 bad_type_msg, "dup2_x1");
1194 return;
1195 }
1196 type3 = current_frame.pop_stack(
1197 VerificationType::category1_check(), CHECK_VERIFY(this));
1198 current_frame.push_stack(type2, CHECK_VERIFY(this));
1199 current_frame.push_stack(type, CHECK_VERIFY(this));
1200 current_frame.push_stack(type3, CHECK_VERIFY(this));
1201 current_frame.push_stack(type2, CHECK_VERIFY(this));
1202 current_frame.push_stack(type, CHECK_VERIFY(this));
1203 no_control_flow = false; break;
1204 }
1205 case Bytecodes::_dup2_x2 :
1206 {
1207 VerificationType type3, type4;
1208 type = current_frame.pop_stack(CHECK_VERIFY(this));
1209 if (type.is_category1()) {
1210 type2 = current_frame.pop_stack(
1211 VerificationType::category1_check(), CHECK_VERIFY(this));
1212 } else if (type.is_category2_2nd()) {
1213 type2 = current_frame.pop_stack(
1214 VerificationType::category2_check(), CHECK_VERIFY(this));
1215 } else {
1216 /* Unreachable? Would need a category2_1st on TOS which does
1217 * not appear possible. */
1218 verify_error(
1219 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1220 bad_type_msg, "dup2_x2");
1221 return;
1222 }
1223 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1224 if (type3.is_category1()) {
1225 type4 = current_frame.pop_stack(
1226 VerificationType::category1_check(), CHECK_VERIFY(this));
1227 } else if (type3.is_category2_2nd()) {
1228 type4 = current_frame.pop_stack(
1229 VerificationType::category2_check(), CHECK_VERIFY(this));
1230 } else {
1231 /* Unreachable? Would need a category2_1st on TOS after popping
1232 * a long/double or two category 1's, which does not
1233 * appear possible. */
1234 verify_error(
1235 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1236 bad_type_msg, "dup2_x2");
1237 return;
1238 }
1239 current_frame.push_stack(type2, CHECK_VERIFY(this));
1240 current_frame.push_stack(type, CHECK_VERIFY(this));
1241 current_frame.push_stack(type4, CHECK_VERIFY(this));
1242 current_frame.push_stack(type3, CHECK_VERIFY(this));
1243 current_frame.push_stack(type2, CHECK_VERIFY(this));
1244 current_frame.push_stack(type, CHECK_VERIFY(this));
1245 no_control_flow = false; break;
1246 }
1247 case Bytecodes::_swap :
1248 type = current_frame.pop_stack(
1249 VerificationType::category1_check(), CHECK_VERIFY(this));
1250 type2 = current_frame.pop_stack(
1251 VerificationType::category1_check(), CHECK_VERIFY(this));
1252 current_frame.push_stack(type, CHECK_VERIFY(this));
1253 current_frame.push_stack(type2, CHECK_VERIFY(this));
1254 no_control_flow = false; break;
1255 case Bytecodes::_iadd :
1256 case Bytecodes::_isub :
1257 case Bytecodes::_imul :
1258 case Bytecodes::_idiv :
1259 case Bytecodes::_irem :
1260 case Bytecodes::_ishl :
1261 case Bytecodes::_ishr :
1262 case Bytecodes::_iushr :
1263 case Bytecodes::_ior :
1264 case Bytecodes::_ixor :
1265 case Bytecodes::_iand :
1266 current_frame.pop_stack(
1267 VerificationType::integer_type(), CHECK_VERIFY(this));
1268 // fall through
1269 case Bytecodes::_ineg :
1270 current_frame.pop_stack(
1271 VerificationType::integer_type(), CHECK_VERIFY(this));
1272 current_frame.push_stack(
1273 VerificationType::integer_type(), CHECK_VERIFY(this));
1274 no_control_flow = false; break;
1275 case Bytecodes::_ladd :
1276 case Bytecodes::_lsub :
1277 case Bytecodes::_lmul :
1278 case Bytecodes::_ldiv :
1279 case Bytecodes::_lrem :
1280 case Bytecodes::_land :
1281 case Bytecodes::_lor :
1282 case Bytecodes::_lxor :
1283 current_frame.pop_stack_2(
1284 VerificationType::long2_type(),
1285 VerificationType::long_type(), CHECK_VERIFY(this));
1286 // fall through
1287 case Bytecodes::_lneg :
1288 current_frame.pop_stack_2(
1289 VerificationType::long2_type(),
1290 VerificationType::long_type(), CHECK_VERIFY(this));
1291 current_frame.push_stack_2(
1292 VerificationType::long_type(),
1293 VerificationType::long2_type(), CHECK_VERIFY(this));
1294 no_control_flow = false; break;
1295 case Bytecodes::_lshl :
1296 case Bytecodes::_lshr :
1297 case Bytecodes::_lushr :
1298 current_frame.pop_stack(
1299 VerificationType::integer_type(), CHECK_VERIFY(this));
1300 current_frame.pop_stack_2(
1301 VerificationType::long2_type(),
1302 VerificationType::long_type(), CHECK_VERIFY(this));
1303 current_frame.push_stack_2(
1304 VerificationType::long_type(),
1305 VerificationType::long2_type(), CHECK_VERIFY(this));
1306 no_control_flow = false; break;
1307 case Bytecodes::_fadd :
1308 case Bytecodes::_fsub :
1309 case Bytecodes::_fmul :
1310 case Bytecodes::_fdiv :
1311 case Bytecodes::_frem :
1312 current_frame.pop_stack(
1313 VerificationType::float_type(), CHECK_VERIFY(this));
1314 // fall through
1315 case Bytecodes::_fneg :
1316 current_frame.pop_stack(
1317 VerificationType::float_type(), CHECK_VERIFY(this));
1318 current_frame.push_stack(
1319 VerificationType::float_type(), CHECK_VERIFY(this));
1320 no_control_flow = false; break;
1321 case Bytecodes::_dadd :
1322 case Bytecodes::_dsub :
1323 case Bytecodes::_dmul :
1324 case Bytecodes::_ddiv :
1325 case Bytecodes::_drem :
1326 current_frame.pop_stack_2(
1327 VerificationType::double2_type(),
1328 VerificationType::double_type(), CHECK_VERIFY(this));
1329 // fall through
1330 case Bytecodes::_dneg :
1331 current_frame.pop_stack_2(
1332 VerificationType::double2_type(),
1333 VerificationType::double_type(), CHECK_VERIFY(this));
1334 current_frame.push_stack_2(
1335 VerificationType::double_type(),
1336 VerificationType::double2_type(), CHECK_VERIFY(this));
1337 no_control_flow = false; break;
1338 case Bytecodes::_iinc :
1339 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1340 no_control_flow = false; break;
1341 case Bytecodes::_i2l :
1342 type = current_frame.pop_stack(
1343 VerificationType::integer_type(), CHECK_VERIFY(this));
1344 current_frame.push_stack_2(
1345 VerificationType::long_type(),
1346 VerificationType::long2_type(), CHECK_VERIFY(this));
1347 no_control_flow = false; break;
1348 case Bytecodes::_l2i :
1349 current_frame.pop_stack_2(
1350 VerificationType::long2_type(),
1351 VerificationType::long_type(), CHECK_VERIFY(this));
1352 current_frame.push_stack(
1353 VerificationType::integer_type(), CHECK_VERIFY(this));
1354 no_control_flow = false; break;
1355 case Bytecodes::_i2f :
1356 current_frame.pop_stack(
1357 VerificationType::integer_type(), CHECK_VERIFY(this));
1358 current_frame.push_stack(
1359 VerificationType::float_type(), CHECK_VERIFY(this));
1360 no_control_flow = false; break;
1361 case Bytecodes::_i2d :
1362 current_frame.pop_stack(
1363 VerificationType::integer_type(), CHECK_VERIFY(this));
1364 current_frame.push_stack_2(
1365 VerificationType::double_type(),
1366 VerificationType::double2_type(), CHECK_VERIFY(this));
1367 no_control_flow = false; break;
1368 case Bytecodes::_l2f :
1369 current_frame.pop_stack_2(
1370 VerificationType::long2_type(),
1371 VerificationType::long_type(), CHECK_VERIFY(this));
1372 current_frame.push_stack(
1373 VerificationType::float_type(), CHECK_VERIFY(this));
1374 no_control_flow = false; break;
1375 case Bytecodes::_l2d :
1376 current_frame.pop_stack_2(
1377 VerificationType::long2_type(),
1378 VerificationType::long_type(), CHECK_VERIFY(this));
1379 current_frame.push_stack_2(
1380 VerificationType::double_type(),
1381 VerificationType::double2_type(), CHECK_VERIFY(this));
1382 no_control_flow = false; break;
1383 case Bytecodes::_f2i :
1384 current_frame.pop_stack(
1385 VerificationType::float_type(), CHECK_VERIFY(this));
1386 current_frame.push_stack(
1387 VerificationType::integer_type(), CHECK_VERIFY(this));
1388 no_control_flow = false; break;
1389 case Bytecodes::_f2l :
1390 current_frame.pop_stack(
1391 VerificationType::float_type(), CHECK_VERIFY(this));
1392 current_frame.push_stack_2(
1393 VerificationType::long_type(),
1394 VerificationType::long2_type(), CHECK_VERIFY(this));
1395 no_control_flow = false; break;
1396 case Bytecodes::_f2d :
1397 current_frame.pop_stack(
1398 VerificationType::float_type(), CHECK_VERIFY(this));
1399 current_frame.push_stack_2(
1400 VerificationType::double_type(),
1401 VerificationType::double2_type(), CHECK_VERIFY(this));
1402 no_control_flow = false; break;
1403 case Bytecodes::_d2i :
1404 current_frame.pop_stack_2(
1405 VerificationType::double2_type(),
1406 VerificationType::double_type(), CHECK_VERIFY(this));
1407 current_frame.push_stack(
1408 VerificationType::integer_type(), CHECK_VERIFY(this));
1409 no_control_flow = false; break;
1410 case Bytecodes::_d2l :
1411 current_frame.pop_stack_2(
1412 VerificationType::double2_type(),
1413 VerificationType::double_type(), CHECK_VERIFY(this));
1414 current_frame.push_stack_2(
1415 VerificationType::long_type(),
1416 VerificationType::long2_type(), CHECK_VERIFY(this));
1417 no_control_flow = false; break;
1418 case Bytecodes::_d2f :
1419 current_frame.pop_stack_2(
1420 VerificationType::double2_type(),
1421 VerificationType::double_type(), CHECK_VERIFY(this));
1422 current_frame.push_stack(
1423 VerificationType::float_type(), CHECK_VERIFY(this));
1424 no_control_flow = false; break;
1425 case Bytecodes::_i2b :
1426 case Bytecodes::_i2c :
1427 case Bytecodes::_i2s :
1428 current_frame.pop_stack(
1429 VerificationType::integer_type(), CHECK_VERIFY(this));
1430 current_frame.push_stack(
1431 VerificationType::integer_type(), CHECK_VERIFY(this));
1432 no_control_flow = false; break;
1433 case Bytecodes::_lcmp :
1434 current_frame.pop_stack_2(
1435 VerificationType::long2_type(),
1436 VerificationType::long_type(), CHECK_VERIFY(this));
1437 current_frame.pop_stack_2(
1438 VerificationType::long2_type(),
1439 VerificationType::long_type(), CHECK_VERIFY(this));
1440 current_frame.push_stack(
1441 VerificationType::integer_type(), CHECK_VERIFY(this));
1442 no_control_flow = false; break;
1443 case Bytecodes::_fcmpl :
1444 case Bytecodes::_fcmpg :
1445 current_frame.pop_stack(
1446 VerificationType::float_type(), CHECK_VERIFY(this));
1447 current_frame.pop_stack(
1448 VerificationType::float_type(), CHECK_VERIFY(this));
1449 current_frame.push_stack(
1450 VerificationType::integer_type(), CHECK_VERIFY(this));
1451 no_control_flow = false; break;
1452 case Bytecodes::_dcmpl :
1453 case Bytecodes::_dcmpg :
1454 current_frame.pop_stack_2(
1455 VerificationType::double2_type(),
1456 VerificationType::double_type(), CHECK_VERIFY(this));
1457 current_frame.pop_stack_2(
1458 VerificationType::double2_type(),
1459 VerificationType::double_type(), CHECK_VERIFY(this));
1460 current_frame.push_stack(
1461 VerificationType::integer_type(), CHECK_VERIFY(this));
1462 no_control_flow = false; break;
1463 case Bytecodes::_if_icmpeq:
1464 case Bytecodes::_if_icmpne:
1465 case Bytecodes::_if_icmplt:
1466 case Bytecodes::_if_icmpge:
1467 case Bytecodes::_if_icmpgt:
1468 case Bytecodes::_if_icmple:
1469 current_frame.pop_stack(
1470 VerificationType::integer_type(), CHECK_VERIFY(this));
1471 // fall through
1472 case Bytecodes::_ifeq:
1473 case Bytecodes::_ifne:
1474 case Bytecodes::_iflt:
1475 case Bytecodes::_ifge:
1476 case Bytecodes::_ifgt:
1477 case Bytecodes::_ifle:
1478 current_frame.pop_stack(
1479 VerificationType::integer_type(), CHECK_VERIFY(this));
1480 target = bcs.dest();
1481 stackmap_table.check_jump_target(
1482 ¤t_frame, target, CHECK_VERIFY(this));
1483 no_control_flow = false; break;
1484 case Bytecodes::_if_acmpeq :
1485 case Bytecodes::_if_acmpne :
1486 current_frame.pop_stack(
1487 VerificationType::reference_check(), CHECK_VERIFY(this));
1488 // fall through
1489 case Bytecodes::_ifnull :
1490 case Bytecodes::_ifnonnull :
1491 current_frame.pop_stack(
1492 VerificationType::reference_check(), CHECK_VERIFY(this));
1493 target = bcs.dest();
1494 stackmap_table.check_jump_target
1495 (¤t_frame, target, CHECK_VERIFY(this));
1496 no_control_flow = false; break;
1497 case Bytecodes::_goto :
1498 target = bcs.dest();
1499 stackmap_table.check_jump_target(
1500 ¤t_frame, target, CHECK_VERIFY(this));
1501 no_control_flow = true; break;
1502 case Bytecodes::_goto_w :
1503 target = bcs.dest_w();
1504 stackmap_table.check_jump_target(
1505 ¤t_frame, target, CHECK_VERIFY(this));
1506 no_control_flow = true; break;
1507 case Bytecodes::_tableswitch :
1508 case Bytecodes::_lookupswitch :
1509 verify_switch(
1510 &bcs, code_length, code_data, ¤t_frame,
1511 &stackmap_table, CHECK_VERIFY(this));
1512 no_control_flow = true; break;
1513 case Bytecodes::_ireturn :
1514 type = current_frame.pop_stack(
1515 VerificationType::integer_type(), CHECK_VERIFY(this));
1516 verify_return_value(return_type, type, bci,
1517 ¤t_frame, CHECK_VERIFY(this));
1518 no_control_flow = true; break;
1519 case Bytecodes::_lreturn :
1520 type2 = current_frame.pop_stack(
1521 VerificationType::long2_type(), CHECK_VERIFY(this));
1522 type = current_frame.pop_stack(
1523 VerificationType::long_type(), CHECK_VERIFY(this));
1524 verify_return_value(return_type, type, bci,
1525 ¤t_frame, CHECK_VERIFY(this));
1526 no_control_flow = true; break;
1527 case Bytecodes::_freturn :
1528 type = current_frame.pop_stack(
1529 VerificationType::float_type(), CHECK_VERIFY(this));
1530 verify_return_value(return_type, type, bci,
1531 ¤t_frame, CHECK_VERIFY(this));
1532 no_control_flow = true; break;
1533 case Bytecodes::_dreturn :
1534 type2 = current_frame.pop_stack(
1535 VerificationType::double2_type(), CHECK_VERIFY(this));
1536 type = current_frame.pop_stack(
1537 VerificationType::double_type(), CHECK_VERIFY(this));
1538 verify_return_value(return_type, type, bci,
1539 ¤t_frame, CHECK_VERIFY(this));
1540 no_control_flow = true; break;
1541 case Bytecodes::_areturn :
1542 type = current_frame.pop_stack(
1543 VerificationType::reference_check(), CHECK_VERIFY(this));
1544 verify_return_value(return_type, type, bci,
1545 ¤t_frame, CHECK_VERIFY(this));
1546 no_control_flow = true; break;
1547 case Bytecodes::_return :
1548 if (return_type != VerificationType::bogus_type()) {
1549 verify_error(ErrorContext::bad_code(bci),
1550 "Method expects a return value");
1551 return;
1552 }
1553 // Make sure "this" has been initialized if current method is an
1554 // <init>
1555 if (_method->name() == vmSymbols::object_initializer_name() &&
1556 current_frame.flag_this_uninit()) {
1557 verify_error(ErrorContext::bad_code(bci),
1558 "Constructor must call super() or this() "
1559 "before return");
1560 return;
1561 }
1562 no_control_flow = true; break;
1563 case Bytecodes::_getstatic :
1564 case Bytecodes::_putstatic :
1565 case Bytecodes::_getfield :
1566 case Bytecodes::_putfield :
1567 verify_field_instructions(
1568 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1569 no_control_flow = false; break;
1570 case Bytecodes::_invokevirtual :
1571 case Bytecodes::_invokespecial :
1572 case Bytecodes::_invokestatic :
1573 verify_invoke_instructions(
1574 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1575 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1576 no_control_flow = false; break;
1577 case Bytecodes::_invokeinterface :
1578 case Bytecodes::_invokedynamic :
1579 verify_invoke_instructions(
1580 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1581 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1582 no_control_flow = false; break;
1583 case Bytecodes::_new :
1584 {
1585 index = bcs.get_index_u2();
1586 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1587 VerificationType new_class_type =
1588 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1589 if (!new_class_type.is_object()) {
1590 verify_error(ErrorContext::bad_type(bci,
1591 TypeOrigin::cp(index, new_class_type)),
1592 "Illegal new instruction");
1593 return;
1594 }
1595 type = VerificationType::uninitialized_type(bci);
1596 current_frame.push_stack(type, CHECK_VERIFY(this));
1597 no_control_flow = false; break;
1598 }
1599 case Bytecodes::_newarray :
1600 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1601 current_frame.pop_stack(
1602 VerificationType::integer_type(), CHECK_VERIFY(this));
1603 current_frame.push_stack(type, CHECK_VERIFY(this));
1604 no_control_flow = false; break;
1605 case Bytecodes::_anewarray :
1606 verify_anewarray(
1607 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1608 no_control_flow = false; break;
1609 case Bytecodes::_arraylength :
1610 type = current_frame.pop_stack(
1611 VerificationType::reference_check(), CHECK_VERIFY(this));
1612 if (!(type.is_null() || type.is_array())) {
1613 verify_error(ErrorContext::bad_type(
1614 bci, current_frame.stack_top_ctx()),
1615 bad_type_msg, "arraylength");
1616 }
1617 current_frame.push_stack(
1618 VerificationType::integer_type(), CHECK_VERIFY(this));
1619 no_control_flow = false; break;
1620 case Bytecodes::_checkcast :
1621 {
1622 index = bcs.get_index_u2();
1623 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1624 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1625 VerificationType klass_type = cp_index_to_type(
1626 index, cp, CHECK_VERIFY(this));
1627 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1628 no_control_flow = false; break;
1629 }
1630 case Bytecodes::_instanceof : {
1631 index = bcs.get_index_u2();
1632 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1633 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1634 current_frame.push_stack(
1635 VerificationType::integer_type(), CHECK_VERIFY(this));
1636 no_control_flow = false; break;
1637 }
1638 case Bytecodes::_monitorenter :
1639 case Bytecodes::_monitorexit :
1640 current_frame.pop_stack(
1641 VerificationType::reference_check(), CHECK_VERIFY(this));
1642 no_control_flow = false; break;
1643 case Bytecodes::_multianewarray :
1644 {
1645 index = bcs.get_index_u2();
1646 u2 dim = *(bcs.bcp()+3);
1647 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1648 VerificationType new_array_type =
1649 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1650 if (!new_array_type.is_array()) {
1651 verify_error(ErrorContext::bad_type(bci,
1652 TypeOrigin::cp(index, new_array_type)),
1653 "Illegal constant pool index in multianewarray instruction");
1654 return;
1655 }
1656 if (dim < 1 || new_array_type.dimensions() < dim) {
1657 verify_error(ErrorContext::bad_code(bci),
1658 "Illegal dimension in multianewarray instruction: %d", dim);
1659 return;
1660 }
1661 for (int i = 0; i < dim; i++) {
1662 current_frame.pop_stack(
1663 VerificationType::integer_type(), CHECK_VERIFY(this));
1664 }
1665 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1666 no_control_flow = false; break;
1667 }
1668 case Bytecodes::_athrow :
1669 type = VerificationType::reference_type(
1670 vmSymbols::java_lang_Throwable());
1671 current_frame.pop_stack(type, CHECK_VERIFY(this));
1672 no_control_flow = true; break;
1673 default:
1674 // We only need to check the valid bytecodes in class file.
1675 // And jsr and ret are not in the new class file format in JDK1.5.
1676 verify_error(ErrorContext::bad_code(bci),
1677 "Bad instruction: %02x", opcode);
1678 no_control_flow = false;
1679 return;
1680 } // end switch
1681 } // end Merge with the next instruction
1682
1683 // Look for possible jump target in exception handlers and see if it matches
1684 // current_frame. Don't do this check if it has already been done (for
1685 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1686 // opcodes, such as invokespecial, may set the this_uninit flag.
1687 assert(!(verified_exc_handlers && this_uninit),
1688 "Exception handler targets got verified before this_uninit got set");
1689 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1690 verify_exception_handler_targets(
1691 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1692 }
1693 } // end while
1694
1695 // Make sure that control flow does not fall through end of the method
1696 if (!no_control_flow) {
1697 verify_error(ErrorContext::bad_code(code_length),
1698 "Control flow falls through code end");
1699 return;
1700 }
1701 }
1702
1703 #undef bad_type_message
1704
1705 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1706 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1707 memset(code_data, 0, sizeof(char) * code_length);
1708 RawBytecodeStream bcs(m);
1709
1710 while (!bcs.is_last_bytecode()) {
1711 if (bcs.raw_next() != Bytecodes::_illegal) {
1712 int bci = bcs.bci();
1713 if (bcs.raw_code() == Bytecodes::_new) {
1714 code_data[bci] = NEW_OFFSET;
1715 } else {
1716 code_data[bci] = BYTECODE_OFFSET;
1717 }
1718 } else {
1719 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1720 return NULL;
1721 }
1722 }
1723
1724 return code_data;
1725 }
1726
1727 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1728 ExceptionTable exhandlers(_method());
1729 int exlength = exhandlers.length();
1730 constantPoolHandle cp (THREAD, _method->constants());
1731
1732 for(int i = 0; i < exlength; i++) {
1733 //reacquire the table in case a GC happened
1734 ExceptionTable exhandlers(_method());
1735 u2 start_pc = exhandlers.start_pc(i);
1736 u2 end_pc = exhandlers.end_pc(i);
1737 u2 handler_pc = exhandlers.handler_pc(i);
1738 if (start_pc >= code_length || code_data[start_pc] == 0) {
1739 class_format_error("Illegal exception table start_pc %d", start_pc);
1740 return;
1741 }
1742 if (end_pc != code_length) { // special case: end_pc == code_length
1743 if (end_pc > code_length || code_data[end_pc] == 0) {
1744 class_format_error("Illegal exception table end_pc %d", end_pc);
1745 return;
1746 }
1747 }
1748 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1749 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1750 return;
1751 }
1752 int catch_type_index = exhandlers.catch_type_index(i);
1753 if (catch_type_index != 0) {
1754 VerificationType catch_type = cp_index_to_type(
1755 catch_type_index, cp, CHECK_VERIFY(this));
1756 VerificationType throwable =
1757 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1758 bool is_subclass = throwable.is_assignable_from(
1759 catch_type, this, false, CHECK_VERIFY(this));
1760 if (!is_subclass) {
1761 // 4286534: should throw VerifyError according to recent spec change
1762 verify_error(ErrorContext::bad_type(handler_pc,
1763 TypeOrigin::cp(catch_type_index, catch_type),
1764 TypeOrigin::implicit(throwable)),
1765 "Catch type is not a subclass "
1766 "of Throwable in exception handler %d", handler_pc);
1767 return;
1768 }
1769 }
1770 if (start_pc < min) min = start_pc;
1771 if (end_pc > max) max = end_pc;
1772 }
1773 }
1774
1775 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1776 int localvariable_table_length = _method()->localvariable_table_length();
1777 if (localvariable_table_length > 0) {
1778 LocalVariableTableElement* table = _method()->localvariable_table_start();
1779 for (int i = 0; i < localvariable_table_length; i++) {
1780 u2 start_bci = table[i].start_bci;
1781 u2 length = table[i].length;
1782
1783 if (start_bci >= code_length || code_data[start_bci] == 0) {
1784 class_format_error(
1785 "Illegal local variable table start_pc %d", start_bci);
1786 return;
1787 }
1788 u4 end_bci = (u4)(start_bci + length);
1789 if (end_bci != code_length) {
1790 if (end_bci >= code_length || code_data[end_bci] == 0) {
1791 class_format_error( "Illegal local variable table length %d", length);
1792 return;
1793 }
1794 }
1795 }
1796 }
1797 }
1798
1799 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1800 StackMapFrame* current_frame,
1801 StackMapTable* stackmap_table,
1802 bool no_control_flow, TRAPS) {
1803 if (stackmap_index < stackmap_table->get_frame_count()) {
1804 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1805 if (no_control_flow && this_offset > bci) {
1806 verify_error(ErrorContext::missing_stackmap(bci),
1807 "Expecting a stack map frame");
1808 return 0;
1809 }
1810 if (this_offset == bci) {
1811 ErrorContext ctx;
1812 // See if current stack map can be assigned to the frame in table.
1813 // current_frame is the stackmap frame got from the last instruction.
1814 // If matched, current_frame will be updated by this method.
1815 bool matches = stackmap_table->match_stackmap(
1816 current_frame, this_offset, stackmap_index,
1817 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1818 if (!matches) {
1819 // report type error
1820 verify_error(ctx, "Instruction type does not match stack map");
1821 return 0;
1822 }
1823 stackmap_index++;
1824 } else if (this_offset < bci) {
1825 // current_offset should have met this_offset.
1826 class_format_error("Bad stack map offset %d", this_offset);
1827 return 0;
1828 }
1829 } else if (no_control_flow) {
1830 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1831 return 0;
1832 }
1833 return stackmap_index;
1834 }
1835
1836 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1837 StackMapTable* stackmap_table, TRAPS) {
1838 constantPoolHandle cp (THREAD, _method->constants());
1839 ExceptionTable exhandlers(_method());
1840 int exlength = exhandlers.length();
1841 for(int i = 0; i < exlength; i++) {
1842 //reacquire the table in case a GC happened
1843 ExceptionTable exhandlers(_method());
1844 u2 start_pc = exhandlers.start_pc(i);
1845 u2 end_pc = exhandlers.end_pc(i);
1846 u2 handler_pc = exhandlers.handler_pc(i);
1847 int catch_type_index = exhandlers.catch_type_index(i);
1848 if(bci >= start_pc && bci < end_pc) {
1849 u1 flags = current_frame->flags();
1850 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1851 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1852 if (catch_type_index != 0) {
1853 // We know that this index refers to a subclass of Throwable
1854 VerificationType catch_type = cp_index_to_type(
1855 catch_type_index, cp, CHECK_VERIFY(this));
1856 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1857 } else {
1858 VerificationType throwable =
1859 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1860 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1861 }
1862 ErrorContext ctx;
1863 bool matches = stackmap_table->match_stackmap(
1864 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
1865 if (!matches) {
1866 verify_error(ctx, "Stack map does not match the one at "
1867 "exception handler %d", handler_pc);
1868 return;
1869 }
1870 }
1871 }
1872 }
1873
1874 void ClassVerifier::verify_cp_index(
1875 u2 bci, constantPoolHandle cp, int index, TRAPS) {
1876 int nconstants = cp->length();
1877 if ((index <= 0) || (index >= nconstants)) {
1878 verify_error(ErrorContext::bad_cp_index(bci, index),
1879 "Illegal constant pool index %d in class %s",
1880 index, cp->pool_holder()->external_name());
1881 return;
1882 }
1883 }
1884
1885 void ClassVerifier::verify_cp_type(
1886 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1887
1888 // In some situations, bytecode rewriting may occur while we're verifying.
1889 // In this case, a constant pool cache exists and some indices refer to that
1890 // instead. Be sure we don't pick up such indices by accident.
1891 // We must check was_recursively_verified() before we get here.
1892 guarantee(cp->cache() == NULL, "not rewritten yet");
1893
1894 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1895 unsigned int tag = cp->tag_at(index).value();
1896 if ((types & (1 << tag)) == 0) {
1897 verify_error(ErrorContext::bad_cp_index(bci, index),
1898 "Illegal type at constant pool entry %d in class %s",
1899 index, cp->pool_holder()->external_name());
1900 return;
1901 }
1902 }
1903
1904 void ClassVerifier::verify_cp_class_type(
1905 u2 bci, int index, constantPoolHandle cp, TRAPS) {
1906 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1907 constantTag tag = cp->tag_at(index);
1908 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1909 verify_error(ErrorContext::bad_cp_index(bci, index),
1910 "Illegal type at constant pool entry %d in class %s",
1911 index, cp->pool_holder()->external_name());
1912 return;
1913 }
1914 }
1915
1916 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1917 stringStream ss;
1918
1919 ctx.reset_frames();
1920 _exception_type = vmSymbols::java_lang_VerifyError();
1921 _error_context = ctx;
1922 va_list va;
1923 va_start(va, msg);
1924 ss.vprint(msg, va);
1925 va_end(va);
1926 _message = ss.as_string();
1927 #ifdef ASSERT
1928 ResourceMark rm;
1929 const char* exception_name = _exception_type->as_C_string();
1930 Exceptions::debug_check_abort(exception_name, NULL);
1931 #endif // ndef ASSERT
1932 }
1933
1934 void ClassVerifier::class_format_error(const char* msg, ...) {
1935 stringStream ss;
1936 _exception_type = vmSymbols::java_lang_ClassFormatError();
1937 va_list va;
1938 va_start(va, msg);
1939 ss.vprint(msg, va);
1940 va_end(va);
1941 if (!_method.is_null()) {
1942 ss.print(" in method %s", _method->name_and_sig_as_C_string());
1943 }
1944 _message = ss.as_string();
1945 }
1946
1947 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
1948 // Get current loader and protection domain first.
1949 oop loader = current_class()->class_loader();
1950 oop protection_domain = current_class()->protection_domain();
1951
1952 return SystemDictionary::resolve_or_fail(
1953 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1954 true, CHECK_NULL);
1955 }
1956
1957 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1958 Klass* target_class,
1959 Symbol* field_name,
1960 Symbol* field_sig,
1961 bool is_method) {
1962 No_Safepoint_Verifier nosafepoint;
1963
1964 // If target class isn't a super class of this class, we don't worry about this case
1965 if (!this_class->is_subclass_of(target_class)) {
1966 return false;
1967 }
1968 // Check if the specified method or field is protected
1969 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
1970 fieldDescriptor fd;
1971 if (is_method) {
1972 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
1973 if (m != NULL && m->is_protected()) {
1974 if (!this_class->is_same_class_package(m->method_holder())) {
1975 return true;
1976 }
1977 }
1978 } else {
1979 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
1980 if (member_klass != NULL && fd.is_protected()) {
1981 if (!this_class->is_same_class_package(member_klass)) {
1982 return true;
1983 }
1984 }
1985 }
1986 return false;
1987 }
1988
1989 void ClassVerifier::verify_ldc(
1990 int opcode, u2 index, StackMapFrame* current_frame,
1991 constantPoolHandle cp, u2 bci, TRAPS) {
1992 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1993 constantTag tag = cp->tag_at(index);
1994 unsigned int types;
1995 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1996 if (!tag.is_unresolved_klass()) {
1997 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1998 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1999 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
2000 // Note: The class file parser already verified the legality of
2001 // MethodHandle and MethodType constants.
2002 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2003 }
2004 } else {
2005 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2006 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
2007 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2008 }
2009 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2010 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2011 } else if (tag.is_string()) {
2012 current_frame->push_stack(
2013 VerificationType::reference_type(
2014 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2015 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2016 current_frame->push_stack(
2017 VerificationType::reference_type(
2018 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2019 } else if (tag.is_int()) {
2020 current_frame->push_stack(
2021 VerificationType::integer_type(), CHECK_VERIFY(this));
2022 } else if (tag.is_float()) {
2023 current_frame->push_stack(
2024 VerificationType::float_type(), CHECK_VERIFY(this));
2025 } else if (tag.is_double()) {
2026 current_frame->push_stack_2(
2027 VerificationType::double_type(),
2028 VerificationType::double2_type(), CHECK_VERIFY(this));
2029 } else if (tag.is_long()) {
2030 current_frame->push_stack_2(
2031 VerificationType::long_type(),
2032 VerificationType::long2_type(), CHECK_VERIFY(this));
2033 } else if (tag.is_method_handle()) {
2034 current_frame->push_stack(
2035 VerificationType::reference_type(
2036 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2037 } else if (tag.is_method_type()) {
2038 current_frame->push_stack(
2039 VerificationType::reference_type(
2040 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2041 } else {
2042 /* Unreachable? verify_cp_type has already validated the cp type. */
2043 verify_error(
2044 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2045 return;
2046 }
2047 }
2048
2049 void ClassVerifier::verify_switch(
2050 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2051 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2052 int bci = bcs->bci();
2053 address bcp = bcs->bcp();
2054 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
2055
2056 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2057 // 4639449 & 4647081: padding bytes must be 0
2058 u2 padding_offset = 1;
2059 while ((bcp + padding_offset) < aligned_bcp) {
2060 if(*(bcp + padding_offset) != 0) {
2061 verify_error(ErrorContext::bad_code(bci),
2062 "Nonzero padding byte in lookswitch or tableswitch");
2063 return;
2064 }
2065 padding_offset++;
2066 }
2067 }
2068
2069 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2070 int keys, delta;
2071 current_frame->pop_stack(
2072 VerificationType::integer_type(), CHECK_VERIFY(this));
2073 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2074 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2075 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2076 if (low > high) {
2077 verify_error(ErrorContext::bad_code(bci),
2078 "low must be less than or equal to high in tableswitch");
2079 return;
2080 }
2081 keys = high - low + 1;
2082 if (keys < 0) {
2083 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2084 return;
2085 }
2086 delta = 1;
2087 } else {
2088 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2089 if (keys < 0) {
2090 verify_error(ErrorContext::bad_code(bci),
2091 "number of keys in lookupswitch less than 0");
2092 return;
2093 }
2094 delta = 2;
2095 // Make sure that the lookupswitch items are sorted
2096 for (int i = 0; i < (keys - 1); i++) {
2097 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2098 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2099 if (this_key >= next_key) {
2100 verify_error(ErrorContext::bad_code(bci),
2101 "Bad lookupswitch instruction");
2102 return;
2103 }
2104 }
2105 }
2106 int target = bci + default_offset;
2107 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2108 for (int i = 0; i < keys; i++) {
2109 // Because check_jump_target() may safepoint, the bytecode could have
2110 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2111 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2112 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2113 stackmap_table->check_jump_target(
2114 current_frame, target, CHECK_VERIFY(this));
2115 }
2116 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2117 }
2118
2119 bool ClassVerifier::name_in_supers(
2120 Symbol* ref_name, instanceKlassHandle current) {
2121 Klass* super = current->super();
2122 while (super != NULL) {
2123 if (super->name() == ref_name) {
2124 return true;
2125 }
2126 super = super->super();
2127 }
2128 return false;
2129 }
2130
2131 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2132 StackMapFrame* current_frame,
2133 constantPoolHandle cp,
2134 TRAPS) {
2135 u2 index = bcs->get_index_u2();
2136 verify_cp_type(bcs->bci(), index, cp,
2137 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2138
2139 // Get field name and signature
2140 Symbol* field_name = cp->name_ref_at(index);
2141 Symbol* field_sig = cp->signature_ref_at(index);
2142
2143 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2144 class_format_error(
2145 "Invalid signature for field in class %s referenced "
2146 "from constant pool index %d", _klass->external_name(), index);
2147 return;
2148 }
2149
2150 // Get referenced class type
2151 VerificationType ref_class_type = cp_ref_index_to_type(
2152 index, cp, CHECK_VERIFY(this));
2153 if (!ref_class_type.is_object()) {
2154 /* Unreachable? Class file parser verifies Fieldref contents */
2155 verify_error(ErrorContext::bad_type(bcs->bci(),
2156 TypeOrigin::cp(index, ref_class_type)),
2157 "Expecting reference to class in class %s at constant pool index %d",
2158 _klass->external_name(), index);
2159 return;
2160 }
2161 VerificationType target_class_type = ref_class_type;
2162
2163 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2164 "buffer type must match VerificationType size");
2165 uintptr_t field_type_buffer[2];
2166 VerificationType* field_type = (VerificationType*)field_type_buffer;
2167 // If we make a VerificationType[2] array directly, the compiler calls
2168 // to the c-runtime library to do the allocation instead of just
2169 // stack allocating it. Plus it would run constructors. This shows up
2170 // in performance profiles.
2171
2172 SignatureStream sig_stream(field_sig, false);
2173 VerificationType stack_object_type;
2174 int n = change_sig_to_verificationType(
2175 &sig_stream, field_type, CHECK_VERIFY(this));
2176 u2 bci = bcs->bci();
2177 bool is_assignable;
2178 switch (bcs->raw_code()) {
2179 case Bytecodes::_getstatic: {
2180 for (int i = 0; i < n; i++) {
2181 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2182 }
2183 break;
2184 }
2185 case Bytecodes::_putstatic: {
2186 for (int i = n - 1; i >= 0; i--) {
2187 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2188 }
2189 break;
2190 }
2191 case Bytecodes::_getfield: {
2192 stack_object_type = current_frame->pop_stack(
2193 target_class_type, CHECK_VERIFY(this));
2194 for (int i = 0; i < n; i++) {
2195 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2196 }
2197 goto check_protected;
2198 }
2199 case Bytecodes::_putfield: {
2200 for (int i = n - 1; i >= 0; i--) {
2201 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2202 }
2203 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2204
2205 // The JVMS 2nd edition allows field initialization before the superclass
2206 // initializer, if the field is defined within the current class.
2207 fieldDescriptor fd;
2208 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2209 target_class_type.equals(current_type()) &&
2210 _klass->find_local_field(field_name, field_sig, &fd)) {
2211 stack_object_type = current_type();
2212 }
2213 is_assignable = target_class_type.is_assignable_from(
2214 stack_object_type, this, false, CHECK_VERIFY(this));
2215 if (!is_assignable) {
2216 verify_error(ErrorContext::bad_type(bci,
2217 current_frame->stack_top_ctx(),
2218 TypeOrigin::cp(index, target_class_type)),
2219 "Bad type on operand stack in putfield");
2220 return;
2221 }
2222 }
2223 check_protected: {
2224 if (_this_type == stack_object_type)
2225 break; // stack_object_type must be assignable to _current_class_type
2226 Symbol* ref_class_name =
2227 cp->klass_name_at(cp->klass_ref_index_at(index));
2228 if (!name_in_supers(ref_class_name, current_class()))
2229 // stack_object_type must be assignable to _current_class_type since:
2230 // 1. stack_object_type must be assignable to ref_class.
2231 // 2. ref_class must be _current_class or a subclass of it. It can't
2232 // be a superclass of it. See revised JVMS 5.4.4.
2233 break;
2234
2235 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2236 if (is_protected_access(current_class(), ref_class_oop, field_name,
2237 field_sig, false)) {
2238 // It's protected access, check if stack object is assignable to
2239 // current class.
2240 is_assignable = current_type().is_assignable_from(
2241 stack_object_type, this, true, CHECK_VERIFY(this));
2242 if (!is_assignable) {
2243 verify_error(ErrorContext::bad_type(bci,
2244 current_frame->stack_top_ctx(),
2245 TypeOrigin::implicit(current_type())),
2246 "Bad access to protected data in getfield");
2247 return;
2248 }
2249 }
2250 break;
2251 }
2252 default: ShouldNotReachHere();
2253 }
2254 }
2255
2256 // Look at the method's handlers. If the bci is in the handler's try block
2257 // then check if the handler_pc is already on the stack. If not, push it
2258 // unless the handler has already been scanned.
2259 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2260 GrowableArray<u4>* handler_list,
2261 GrowableArray<u4>* handler_stack,
2262 u4 bci) {
2263 int exlength = exhandlers->length();
2264 for(int x = 0; x < exlength; x++) {
2265 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2266 u4 exhandler_pc = exhandlers->handler_pc(x);
2267 if (!handler_list->contains(exhandler_pc)) {
2268 handler_stack->append_if_missing(exhandler_pc);
2269 handler_list->append(exhandler_pc);
2270 }
2271 }
2272 }
2273 }
2274
2275 // Return TRUE if all code paths starting with start_bc_offset end in
2276 // bytecode athrow or loop.
2277 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2278 ResourceMark rm;
2279 // Create bytecode stream.
2280 RawBytecodeStream bcs(method());
2281 u4 code_length = method()->code_size();
2282 bcs.set_start(start_bc_offset);
2283 u4 target;
2284 // Create stack for storing bytecode start offsets for if* and *switch.
2285 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2286 // Create stack for handlers for try blocks containing this handler.
2287 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2288 // Create list of handlers that have been pushed onto the handler_stack
2289 // so that handlers embedded inside of their own TRY blocks only get
2290 // scanned once.
2291 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2292 // Create list of visited branch opcodes (goto* and if*).
2293 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2294 ExceptionTable exhandlers(_method());
2295
2296 while (true) {
2297 if (bcs.is_last_bytecode()) {
2298 // if no more starting offsets to parse or if at the end of the
2299 // method then return false.
2300 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2301 return false;
2302 // Pop a bytecode starting offset and scan from there.
2303 bcs.set_start(bci_stack->pop());
2304 }
2305 Bytecodes::Code opcode = bcs.raw_next();
2306 u4 bci = bcs.bci();
2307
2308 // If the bytecode is in a TRY block, push its handlers so they
2309 // will get parsed.
2310 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2311
2312 switch (opcode) {
2313 case Bytecodes::_if_icmpeq:
2314 case Bytecodes::_if_icmpne:
2315 case Bytecodes::_if_icmplt:
2316 case Bytecodes::_if_icmpge:
2317 case Bytecodes::_if_icmpgt:
2318 case Bytecodes::_if_icmple:
2319 case Bytecodes::_ifeq:
2320 case Bytecodes::_ifne:
2321 case Bytecodes::_iflt:
2322 case Bytecodes::_ifge:
2323 case Bytecodes::_ifgt:
2324 case Bytecodes::_ifle:
2325 case Bytecodes::_if_acmpeq:
2326 case Bytecodes::_if_acmpne:
2327 case Bytecodes::_ifnull:
2328 case Bytecodes::_ifnonnull:
2329 target = bcs.dest();
2330 if (visited_branches->contains(bci)) {
2331 if (bci_stack->is_empty()) {
2332 if (handler_stack->is_empty()) {
2333 return true;
2334 } else {
2335 // Parse the catch handlers for try blocks containing athrow.
2336 bcs.set_start(handler_stack->pop());
2337 }
2338 } else {
2339 // Pop a bytecode starting offset and scan from there.
2340 bcs.set_start(bci_stack->pop());
2341 }
2342 } else {
2343 if (target > bci) { // forward branch
2344 if (target >= code_length) return false;
2345 // Push the branch target onto the stack.
2346 bci_stack->push(target);
2347 // then, scan bytecodes starting with next.
2348 bcs.set_start(bcs.next_bci());
2349 } else { // backward branch
2350 // Push bytecode offset following backward branch onto the stack.
2351 bci_stack->push(bcs.next_bci());
2352 // Check bytecodes starting with branch target.
2353 bcs.set_start(target);
2354 }
2355 // Record target so we don't branch here again.
2356 visited_branches->append(bci);
2357 }
2358 break;
2359
2360 case Bytecodes::_goto:
2361 case Bytecodes::_goto_w:
2362 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2363 if (visited_branches->contains(bci)) {
2364 if (bci_stack->is_empty()) {
2365 if (handler_stack->is_empty()) {
2366 return true;
2367 } else {
2368 // Parse the catch handlers for try blocks containing athrow.
2369 bcs.set_start(handler_stack->pop());
2370 }
2371 } else {
2372 // Been here before, pop new starting offset from stack.
2373 bcs.set_start(bci_stack->pop());
2374 }
2375 } else {
2376 if (target >= code_length) return false;
2377 // Continue scanning from the target onward.
2378 bcs.set_start(target);
2379 // Record target so we don't branch here again.
2380 visited_branches->append(bci);
2381 }
2382 break;
2383
2384 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2385 // is difficult to determine where each switch alternative ends, parse
2386 // each switch alternative until either hit a 'return', 'athrow', or reach
2387 // the end of the method's bytecodes. This is gross but should be okay
2388 // because:
2389 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2390 // constructor invocations should be rare.
2391 // 2. if each switch alternative ends in an athrow then the parsing should be
2392 // short. If there is no athrow then it is bogus code, anyway.
2393 case Bytecodes::_lookupswitch:
2394 case Bytecodes::_tableswitch:
2395 {
2396 address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);
2397 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2398 int keys, delta;
2399 if (opcode == Bytecodes::_tableswitch) {
2400 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2401 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2402 // This is invalid, but let the regular bytecode verifier
2403 // report this because the user will get a better error message.
2404 if (low > high) return true;
2405 keys = high - low + 1;
2406 delta = 1;
2407 } else {
2408 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2409 delta = 2;
2410 }
2411 // Invalid, let the regular bytecode verifier deal with it.
2412 if (keys < 0) return true;
2413
2414 // Push the offset of the next bytecode onto the stack.
2415 bci_stack->push(bcs.next_bci());
2416
2417 // Push the switch alternatives onto the stack.
2418 for (int i = 0; i < keys; i++) {
2419 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2420 if (target > code_length) return false;
2421 bci_stack->push(target);
2422 }
2423
2424 // Start bytecode parsing for the switch at the default alternative.
2425 if (default_offset > code_length) return false;
2426 bcs.set_start(default_offset);
2427 break;
2428 }
2429
2430 case Bytecodes::_return:
2431 return false;
2432
2433 case Bytecodes::_athrow:
2434 {
2435 if (bci_stack->is_empty()) {
2436 if (handler_stack->is_empty()) {
2437 return true;
2438 } else {
2439 // Parse the catch handlers for try blocks containing athrow.
2440 bcs.set_start(handler_stack->pop());
2441 }
2442 } else {
2443 // Pop a bytecode offset and starting scanning from there.
2444 bcs.set_start(bci_stack->pop());
2445 }
2446 }
2447 break;
2448
2449 default:
2450 ;
2451 } // end switch
2452 } // end while loop
2453
2454 return false;
2455 }
2456
2457 void ClassVerifier::verify_invoke_init(
2458 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2459 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2460 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2461 TRAPS) {
2462 u2 bci = bcs->bci();
2463 VerificationType type = current_frame->pop_stack(
2464 VerificationType::reference_check(), CHECK_VERIFY(this));
2465 if (type == VerificationType::uninitialized_this_type()) {
2466 // The method must be an <init> method of this class or its superclass
2467 Klass* superk = current_class()->super();
2468 if (ref_class_type.name() != current_class()->name() &&
2469 ref_class_type.name() != superk->name()) {
2470 verify_error(ErrorContext::bad_type(bci,
2471 TypeOrigin::implicit(ref_class_type),
2472 TypeOrigin::implicit(current_type())),
2473 "Bad <init> method call");
2474 return;
2475 }
2476
2477 // If this invokespecial call is done from inside of a TRY block then make
2478 // sure that all catch clause paths end in a throw. Otherwise, this can
2479 // result in returning an incomplete object.
2480 if (in_try_block) {
2481 ExceptionTable exhandlers(_method());
2482 int exlength = exhandlers.length();
2483 for(int i = 0; i < exlength; i++) {
2484 u2 start_pc = exhandlers.start_pc(i);
2485 u2 end_pc = exhandlers.end_pc(i);
2486
2487 if (bci >= start_pc && bci < end_pc) {
2488 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2489 verify_error(ErrorContext::bad_code(bci),
2490 "Bad <init> method call from after the start of a try block");
2491 return;
2492 } else if (VerboseVerification) {
2493 ResourceMark rm;
2494 tty->print_cr(
2495 "Survived call to ends_in_athrow(): %s",
2496 current_class()->name()->as_C_string());
2497 }
2498 }
2499 }
2500
2501 // Check the exception handler target stackmaps with the locals from the
2502 // incoming stackmap (before initialize_object() changes them to outgoing
2503 // state).
2504 verify_exception_handler_targets(bci, true, current_frame,
2505 stackmap_table, CHECK_VERIFY(this));
2506 } // in_try_block
2507
2508 current_frame->initialize_object(type, current_type());
2509 *this_uninit = true;
2510 } else if (type.is_uninitialized()) {
2511 u2 new_offset = type.bci();
2512 address new_bcp = bcs->bcp() - bci + new_offset;
2513 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2514 /* Unreachable? Stack map parsing ensures valid type and new
2515 * instructions have a valid BCI. */
2516 verify_error(ErrorContext::bad_code(new_offset),
2517 "Expecting new instruction");
2518 return;
2519 }
2520 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2521 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2522
2523 // The method must be an <init> method of the indicated class
2524 VerificationType new_class_type = cp_index_to_type(
2525 new_class_index, cp, CHECK_VERIFY(this));
2526 if (!new_class_type.equals(ref_class_type)) {
2527 verify_error(ErrorContext::bad_type(bci,
2528 TypeOrigin::cp(new_class_index, new_class_type),
2529 TypeOrigin::cp(ref_class_index, ref_class_type)),
2530 "Call to wrong <init> method");
2531 return;
2532 }
2533 // According to the VM spec, if the referent class is a superclass of the
2534 // current class, and is in a different runtime package, and the method is
2535 // protected, then the objectref must be the current class or a subclass
2536 // of the current class.
2537 VerificationType objectref_type = new_class_type;
2538 if (name_in_supers(ref_class_type.name(), current_class())) {
2539 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2540 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2541 vmSymbols::object_initializer_name(),
2542 cp->signature_ref_at(bcs->get_index_u2()), Klass::find_overpass);
2543 // Do nothing if method is not found. Let resolution detect the error.
2544 if (m != NULL) {
2545 instanceKlassHandle mh(THREAD, m->method_holder());
2546 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
2547 bool assignable = current_type().is_assignable_from(
2548 objectref_type, this, true, CHECK_VERIFY(this));
2549 if (!assignable) {
2550 verify_error(ErrorContext::bad_type(bci,
2551 TypeOrigin::cp(new_class_index, objectref_type),
2552 TypeOrigin::implicit(current_type())),
2553 "Bad access to protected <init> method");
2554 return;
2555 }
2556 }
2557 }
2558 }
2559 // Check the exception handler target stackmaps with the locals from the
2560 // incoming stackmap (before initialize_object() changes them to outgoing
2561 // state).
2562 if (in_try_block) {
2563 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2564 stackmap_table, CHECK_VERIFY(this));
2565 }
2566 current_frame->initialize_object(type, new_class_type);
2567 } else {
2568 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2569 "Bad operand type when invoking <init>");
2570 return;
2571 }
2572 }
2573
2574 bool ClassVerifier::is_same_or_direct_interface(
2575 instanceKlassHandle klass,
2576 VerificationType klass_type,
2577 VerificationType ref_class_type) {
2578 if (ref_class_type.equals(klass_type)) return true;
2579 Array<Klass*>* local_interfaces = klass->local_interfaces();
2580 if (local_interfaces != NULL) {
2581 for (int x = 0; x < local_interfaces->length(); x++) {
2582 Klass* k = local_interfaces->at(x);
2583 assert (k != NULL && k->is_interface(), "invalid interface");
2584 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2585 return true;
2586 }
2587 }
2588 }
2589 return false;
2590 }
2591
2592 void ClassVerifier::verify_invoke_instructions(
2593 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2594 bool in_try_block, bool *this_uninit, VerificationType return_type,
2595 constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) {
2596 // Make sure the constant pool item is the right type
2597 u2 index = bcs->get_index_u2();
2598 Bytecodes::Code opcode = bcs->raw_code();
2599 unsigned int types;
2600 switch (opcode) {
2601 case Bytecodes::_invokeinterface:
2602 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2603 break;
2604 case Bytecodes::_invokedynamic:
2605 types = 1 << JVM_CONSTANT_InvokeDynamic;
2606 break;
2607 case Bytecodes::_invokespecial:
2608 case Bytecodes::_invokestatic:
2609 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2610 (1 << JVM_CONSTANT_Methodref) :
2611 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2612 break;
2613 default:
2614 types = 1 << JVM_CONSTANT_Methodref;
2615 }
2616 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2617
2618 // Get method name and signature
2619 Symbol* method_name = cp->name_ref_at(index);
2620 Symbol* method_sig = cp->signature_ref_at(index);
2621
2622 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2623 class_format_error(
2624 "Invalid method signature in class %s referenced "
2625 "from constant pool index %d", _klass->external_name(), index);
2626 return;
2627 }
2628
2629 // Get referenced class type
2630 VerificationType ref_class_type;
2631 if (opcode == Bytecodes::_invokedynamic) {
2632 if (!EnableInvokeDynamic ||
2633 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2634 if (!EnableInvokeDynamic) {
2635 class_format_error("invokedynamic instructions not enabled in this JVM");
2636 } else {
2637 class_format_error("invokedynamic instructions not supported by this class file version (%d), class %s",
2638 _klass->major_version(), _klass->external_name());
2639 }
2640 return;
2641 }
2642 } else {
2643 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2644 }
2645
2646 // For a small signature length, we just allocate 128 bytes instead
2647 // of parsing the signature once to find its size.
2648 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
2649 // longs/doubles to be consertive.
2650 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2651 "buffer type must match VerificationType size");
2652 uintptr_t on_stack_sig_types_buffer[128];
2653 // If we make a VerificationType[128] array directly, the compiler calls
2654 // to the c-runtime library to do the allocation instead of just
2655 // stack allocating it. Plus it would run constructors. This shows up
2656 // in performance profiles.
2657
2658 VerificationType* sig_types;
2659 int size = (method_sig->utf8_length() - 3) * 2;
2660 if (size > 128) {
2661 // Long and double occupies two slots here.
2662 ArgumentSizeComputer size_it(method_sig);
2663 size = size_it.size();
2664 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
2665 } else{
2666 sig_types = (VerificationType*)on_stack_sig_types_buffer;
2667 }
2668 SignatureStream sig_stream(method_sig);
2669 int sig_i = 0;
2670 while (!sig_stream.at_return_type()) {
2671 sig_i += change_sig_to_verificationType(
2672 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
2673 sig_stream.next();
2674 }
2675 int nargs = sig_i;
2676
2677 #ifdef ASSERT
2678 {
2679 ArgumentSizeComputer size_it(method_sig);
2680 assert(nargs == size_it.size(), "Argument sizes do not match");
2681 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2682 }
2683 #endif
2684
2685 // Check instruction operands
2686 u2 bci = bcs->bci();
2687 if (opcode == Bytecodes::_invokeinterface) {
2688 address bcp = bcs->bcp();
2689 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2690 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2691 // the difference between the size of the operand stack before and after the instruction
2692 // executes.
2693 if (*(bcp+3) != (nargs+1)) {
2694 verify_error(ErrorContext::bad_code(bci),
2695 "Inconsistent args count operand in invokeinterface");
2696 return;
2697 }
2698 if (*(bcp+4) != 0) {
2699 verify_error(ErrorContext::bad_code(bci),
2700 "Fourth operand byte of invokeinterface must be zero");
2701 return;
2702 }
2703 }
2704
2705 if (opcode == Bytecodes::_invokedynamic) {
2706 address bcp = bcs->bcp();
2707 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2708 verify_error(ErrorContext::bad_code(bci),
2709 "Third and fourth operand bytes of invokedynamic must be zero");
2710 return;
2711 }
2712 }
2713
2714 if (method_name->byte_at(0) == '<') {
2715 // Make sure <init> can only be invoked by invokespecial
2716 if (opcode != Bytecodes::_invokespecial ||
2717 method_name != vmSymbols::object_initializer_name()) {
2718 verify_error(ErrorContext::bad_code(bci),
2719 "Illegal call to internal method");
2720 return;
2721 }
2722 } else if (opcode == Bytecodes::_invokespecial
2723 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2724 && !ref_class_type.equals(VerificationType::reference_type(
2725 current_class()->super()->name()))) {
2726 bool subtype = false;
2727 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2728 if (!current_class()->is_anonymous()) {
2729 subtype = ref_class_type.is_assignable_from(
2730 current_type(), this, false, CHECK_VERIFY(this));
2731 } else {
2732 VerificationType host_klass_type =
2733 VerificationType::reference_type(current_class()->host_klass()->name());
2734 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2735
2736 // If invokespecial of IMR, need to recheck for same or
2737 // direct interface relative to the host class
2738 have_imr_indirect = (have_imr_indirect &&
2739 !is_same_or_direct_interface(
2740 InstanceKlass::cast(current_class()->host_klass()),
2741 host_klass_type, ref_class_type));
2742 }
2743 if (!subtype) {
2744 verify_error(ErrorContext::bad_code(bci),
2745 "Bad invokespecial instruction: "
2746 "current class isn't assignable to reference class.");
2747 return;
2748 } else if (have_imr_indirect) {
2749 verify_error(ErrorContext::bad_code(bci),
2750 "Bad invokespecial instruction: "
2751 "interface method reference is in an indirect superinterface.");
2752 return;
2753 }
2754
2755 }
2756 // Match method descriptor with operand stack
2757 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2758 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2759 }
2760 // Check objectref on operand stack
2761 if (opcode != Bytecodes::_invokestatic &&
2762 opcode != Bytecodes::_invokedynamic) {
2763 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2764 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2765 code_length, in_try_block, this_uninit, cp, stackmap_table,
2766 CHECK_VERIFY(this));
2767 } else { // other methods
2768 // Ensures that target class is assignable to method class.
2769 if (opcode == Bytecodes::_invokespecial) {
2770 if (!current_class()->is_anonymous()) {
2771 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2772 } else {
2773 // anonymous class invokespecial calls: check if the
2774 // objectref is a subtype of the host_klass of the current class
2775 // to allow an anonymous class to reference methods in the host_klass
2776 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2777 VerificationType hosttype =
2778 VerificationType::reference_type(current_class()->host_klass()->name());
2779 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2780 if (!subtype) {
2781 verify_error( ErrorContext::bad_type(current_frame->offset(),
2782 current_frame->stack_top_ctx(),
2783 TypeOrigin::implicit(top)),
2784 "Bad type on operand stack");
2785 return;
2786 }
2787 }
2788 } else if (opcode == Bytecodes::_invokevirtual) {
2789 VerificationType stack_object_type =
2790 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2791 if (current_type() != stack_object_type) {
2792 assert(cp->cache() == NULL, "not rewritten yet");
2793 Symbol* ref_class_name =
2794 cp->klass_name_at(cp->klass_ref_index_at(index));
2795 // See the comments in verify_field_instructions() for
2796 // the rationale behind this.
2797 if (name_in_supers(ref_class_name, current_class())) {
2798 Klass* ref_class = load_class(ref_class_name, CHECK);
2799 if (is_protected_access(
2800 _klass, ref_class, method_name, method_sig, true)) {
2801 // It's protected access, check if stack object is
2802 // assignable to current class.
2803 bool is_assignable = current_type().is_assignable_from(
2804 stack_object_type, this, true, CHECK_VERIFY(this));
2805 if (!is_assignable) {
2806 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2807 && stack_object_type.is_array()
2808 && method_name == vmSymbols::clone_name()) {
2809 // Special case: arrays pretend to implement public Object
2810 // clone().
2811 } else {
2812 verify_error(ErrorContext::bad_type(bci,
2813 current_frame->stack_top_ctx(),
2814 TypeOrigin::implicit(current_type())),
2815 "Bad access to protected data in invokevirtual");
2816 return;
2817 }
2818 }
2819 }
2820 }
2821 }
2822 } else {
2823 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2824 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2825 }
2826 }
2827 }
2828 // Push the result type.
2829 if (sig_stream.type() != T_VOID) {
2830 if (method_name == vmSymbols::object_initializer_name()) {
2831 // <init> method must have a void return type
2832 /* Unreachable? Class file parser verifies that methods with '<' have
2833 * void return */
2834 verify_error(ErrorContext::bad_code(bci),
2835 "Return type must be void in <init> method");
2836 return;
2837 }
2838 VerificationType return_type[2];
2839 int n = change_sig_to_verificationType(
2840 &sig_stream, return_type, CHECK_VERIFY(this));
2841 for (int i = 0; i < n; i++) {
2842 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2843 }
2844 }
2845 }
2846
2847 VerificationType ClassVerifier::get_newarray_type(
2848 u2 index, u2 bci, TRAPS) {
2849 const char* from_bt[] = {
2850 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2851 };
2852 if (index < T_BOOLEAN || index > T_LONG) {
2853 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2854 return VerificationType::bogus_type();
2855 }
2856
2857 // from_bt[index] contains the array signature which has a length of 2
2858 Symbol* sig = create_temporary_symbol(
2859 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2860 return VerificationType::reference_type(sig);
2861 }
2862
2863 void ClassVerifier::verify_anewarray(
2864 u2 bci, u2 index, constantPoolHandle cp,
2865 StackMapFrame* current_frame, TRAPS) {
2866 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2867 current_frame->pop_stack(
2868 VerificationType::integer_type(), CHECK_VERIFY(this));
2869
2870 VerificationType component_type =
2871 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2872 int length;
2873 char* arr_sig_str;
2874 if (component_type.is_array()) { // it's an array
2875 const char* component_name = component_type.name()->as_utf8();
2876 // add one dimension to component
2877 length = (int)strlen(component_name) + 1;
2878 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2879 arr_sig_str[0] = '[';
2880 strncpy(&arr_sig_str[1], component_name, length - 1);
2881 } else { // it's an object or interface
2882 const char* component_name = component_type.name()->as_utf8();
2883 // add one dimension to component with 'L' prepended and ';' postpended.
2884 length = (int)strlen(component_name) + 3;
2885 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2886 arr_sig_str[0] = '[';
2887 arr_sig_str[1] = 'L';
2888 strncpy(&arr_sig_str[2], component_name, length - 2);
2889 arr_sig_str[length - 1] = ';';
2890 }
2891 Symbol* arr_sig = create_temporary_symbol(
2892 arr_sig_str, length, CHECK_VERIFY(this));
2893 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2894 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2895 }
2896
2897 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
2898 current_frame->get_local(
2899 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2900 current_frame->push_stack(
2901 VerificationType::integer_type(), CHECK_VERIFY(this));
2902 }
2903
2904 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
2905 current_frame->get_local_2(
2906 index, VerificationType::long_type(),
2907 VerificationType::long2_type(), CHECK_VERIFY(this));
2908 current_frame->push_stack_2(
2909 VerificationType::long_type(),
2910 VerificationType::long2_type(), CHECK_VERIFY(this));
2911 }
2912
2913 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
2914 current_frame->get_local(
2915 index, VerificationType::float_type(), CHECK_VERIFY(this));
2916 current_frame->push_stack(
2917 VerificationType::float_type(), CHECK_VERIFY(this));
2918 }
2919
2920 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
2921 current_frame->get_local_2(
2922 index, VerificationType::double_type(),
2923 VerificationType::double2_type(), CHECK_VERIFY(this));
2924 current_frame->push_stack_2(
2925 VerificationType::double_type(),
2926 VerificationType::double2_type(), CHECK_VERIFY(this));
2927 }
2928
2929 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
2930 VerificationType type = current_frame->get_local(
2931 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2932 current_frame->push_stack(type, CHECK_VERIFY(this));
2933 }
2934
2935 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
2936 current_frame->pop_stack(
2937 VerificationType::integer_type(), CHECK_VERIFY(this));
2938 current_frame->set_local(
2939 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2940 }
2941
2942 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2943 current_frame->pop_stack_2(
2944 VerificationType::long2_type(),
2945 VerificationType::long_type(), CHECK_VERIFY(this));
2946 current_frame->set_local_2(
2947 index, VerificationType::long_type(),
2948 VerificationType::long2_type(), CHECK_VERIFY(this));
2949 }
2950
2951 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2952 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2953 current_frame->set_local(
2954 index, VerificationType::float_type(), CHECK_VERIFY(this));
2955 }
2956
2957 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2958 current_frame->pop_stack_2(
2959 VerificationType::double2_type(),
2960 VerificationType::double_type(), CHECK_VERIFY(this));
2961 current_frame->set_local_2(
2962 index, VerificationType::double_type(),
2963 VerificationType::double2_type(), CHECK_VERIFY(this));
2964 }
2965
2966 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2967 VerificationType type = current_frame->pop_stack(
2968 VerificationType::reference_check(), CHECK_VERIFY(this));
2969 current_frame->set_local(index, type, CHECK_VERIFY(this));
2970 }
2971
2972 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2973 VerificationType type = current_frame->get_local(
2974 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2975 current_frame->set_local(index, type, CHECK_VERIFY(this));
2976 }
2977
2978 void ClassVerifier::verify_return_value(
2979 VerificationType return_type, VerificationType type, u2 bci,
2980 StackMapFrame* current_frame, TRAPS) {
2981 if (return_type == VerificationType::bogus_type()) {
2982 verify_error(ErrorContext::bad_type(bci,
2983 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2984 "Method expects a return value");
2985 return;
2986 }
2987 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2988 if (!match) {
2989 verify_error(ErrorContext::bad_type(bci,
2990 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2991 "Bad return type");
2992 return;
2993 }
2994 }
2995
2996 // The verifier creates symbols which are substrings of Symbols.
2997 // These are stored in the verifier until the end of verification so that
2998 // they can be reference counted.
2999 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3000 int end, TRAPS) {
3001 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3002 _symbols->push(sym);
3003 return sym;
3004 }
3005
3006 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3007 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3008 _symbols->push(sym);
3009 return sym;
3010 }