1 /* 2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/javaClasses.hpp" 28 #include "classfile/stackMapTable.hpp" 29 #include "classfile/stackMapFrame.hpp" 30 #include "classfile/stackMapTableFormat.hpp" 31 #include "classfile/systemDictionary.hpp" 32 #include "classfile/verifier.hpp" 33 #include "classfile/vmSymbols.hpp" 34 #include "interpreter/bytecodes.hpp" 35 #include "interpreter/bytecodeStream.hpp" 36 #include "memory/oopFactory.hpp" 37 #include "memory/resourceArea.hpp" 38 #include "oops/instanceKlass.hpp" 39 #include "oops/oop.inline.hpp" 40 #include "oops/typeArrayOop.hpp" 41 #include "prims/jvm.h" 42 #include "runtime/fieldDescriptor.hpp" 43 #include "runtime/handles.inline.hpp" 44 #include "runtime/interfaceSupport.hpp" 45 #include "runtime/javaCalls.hpp" 46 #include "runtime/orderAccess.inline.hpp" 47 #include "runtime/os.hpp" 48 #ifdef TARGET_ARCH_x86 49 # include "bytes_x86.hpp" 50 #endif 51 #ifdef TARGET_ARCH_sparc 52 # include "bytes_sparc.hpp" 53 #endif 54 #ifdef TARGET_ARCH_zero 55 # include "bytes_zero.hpp" 56 #endif 57 #ifdef TARGET_ARCH_arm 58 # include "bytes_arm.hpp" 59 #endif 60 #ifdef TARGET_ARCH_ppc 61 # include "bytes_ppc.hpp" 62 #endif 63 64 #define NOFAILOVER_MAJOR_VERSION 51 65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 67 68 // Access to external entry for VerifyClassCodes - old byte code verifier 69 70 extern "C" { 71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 72 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 73 } 74 75 static void* volatile _verify_byte_codes_fn = NULL; 76 77 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 78 79 static void* verify_byte_codes_fn() { 80 if (_verify_byte_codes_fn == NULL) { 81 void *lib_handle = os::native_java_library(); 82 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 83 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 84 if (func == NULL) { 85 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 86 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 87 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 88 } 89 } 90 return (void*)_verify_byte_codes_fn; 91 } 92 93 94 // Methods in Verifier 95 96 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 97 return (class_loader == NULL || !should_verify_class) ? 98 BytecodeVerificationLocal : BytecodeVerificationRemote; 99 } 100 101 bool Verifier::relax_access_for(oop loader) { 102 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 103 bool need_verify = 104 // verifyAll 105 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 106 // verifyRemote 107 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 108 return !need_verify; 109 } 110 111 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 112 HandleMark hm; 113 ResourceMark rm(THREAD); 114 115 Symbol* exception_name = NULL; 116 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 117 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 118 char* exception_message = message_buffer; 119 120 const char* klassName = klass->external_name(); 121 bool can_failover = FailOverToOldVerifier && 122 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 123 124 // If the class should be verified, first see if we can use the split 125 // verifier. If not, or if verification fails and FailOverToOldVerifier 126 // is set, then call the inference verifier. 127 if (is_eligible_for_verification(klass, should_verify_class)) { 128 if (TraceClassInitialization) { 129 tty->print_cr("Start class verification for: %s", klassName); 130 } 131 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 132 ClassVerifier split_verifier(klass, THREAD); 133 split_verifier.verify_class(THREAD); 134 exception_name = split_verifier.result(); 135 if (can_failover && !HAS_PENDING_EXCEPTION && 136 (exception_name == vmSymbols::java_lang_VerifyError() || 137 exception_name == vmSymbols::java_lang_ClassFormatError())) { 138 if (TraceClassInitialization || VerboseVerification) { 139 tty->print_cr( 140 "Fail over class verification to old verifier for: %s", klassName); 141 } 142 exception_name = inference_verify( 143 klass, message_buffer, message_buffer_len, THREAD); 144 } 145 if (exception_name != NULL) { 146 exception_message = split_verifier.exception_message(); 147 } 148 } else { 149 exception_name = inference_verify( 150 klass, message_buffer, message_buffer_len, THREAD); 151 } 152 153 if (TraceClassInitialization || VerboseVerification) { 154 if (HAS_PENDING_EXCEPTION) { 155 tty->print("Verification for %s has", klassName); 156 tty->print_cr(" exception pending %s ", 157 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 158 } else if (exception_name != NULL) { 159 tty->print_cr("Verification for %s failed", klassName); 160 } 161 tty->print_cr("End class verification for: %s", klassName); 162 } 163 } 164 165 if (HAS_PENDING_EXCEPTION) { 166 return false; // use the existing exception 167 } else if (exception_name == NULL) { 168 return true; // verifcation succeeded 169 } else { // VerifyError or ClassFormatError to be created and thrown 170 ResourceMark rm(THREAD); 171 instanceKlassHandle kls = 172 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 173 while (!kls.is_null()) { 174 if (kls == klass) { 175 // If the class being verified is the exception we're creating 176 // or one of it's superclasses, we're in trouble and are going 177 // to infinitely recurse when we try to initialize the exception. 178 // So bail out here by throwing the preallocated VM error. 179 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 180 } 181 kls = kls->super(); 182 } 183 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 184 THROW_MSG_(exception_name, exception_message, false); 185 } 186 } 187 188 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) { 189 Symbol* name = klass->name(); 190 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 191 192 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 193 194 return (should_verify_for(klass->class_loader(), should_verify_class) && 195 // return if the class is a bootstrapping class 196 // or defineClass specified not to verify by default (flags override passed arg) 197 // We need to skip the following four for bootstraping 198 name != vmSymbols::java_lang_Object() && 199 name != vmSymbols::java_lang_Class() && 200 name != vmSymbols::java_lang_String() && 201 name != vmSymbols::java_lang_Throwable() && 202 203 // Can not verify the bytecodes for shared classes because they have 204 // already been rewritten to contain constant pool cache indices, 205 // which the verifier can't understand. 206 // Shared classes shouldn't have stackmaps either. 207 !klass()->is_shared() && 208 209 // As of the fix for 4486457 we disable verification for all of the 210 // dynamically-generated bytecodes associated with the 1.4 211 // reflection implementation, not just those associated with 212 // sun/reflect/SerializationConstructorAccessor. 213 // NOTE: this is called too early in the bootstrapping process to be 214 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection. 215 // Also for lambda generated code, gte jdk8 216 (!is_reflect || VerifyReflectionBytecodes)); 217 } 218 219 Symbol* Verifier::inference_verify( 220 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 221 JavaThread* thread = (JavaThread*)THREAD; 222 JNIEnv *env = thread->jni_environment(); 223 224 void* verify_func = verify_byte_codes_fn(); 225 226 if (verify_func == NULL) { 227 jio_snprintf(message, message_len, "Could not link verifier"); 228 return vmSymbols::java_lang_VerifyError(); 229 } 230 231 ResourceMark rm(THREAD); 232 if (VerboseVerification) { 233 tty->print_cr("Verifying class %s with old format", klass->external_name()); 234 } 235 236 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 237 jint result; 238 239 { 240 HandleMark hm(thread); 241 ThreadToNativeFromVM ttn(thread); 242 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 243 // code knows that we have left the VM 244 245 if (_is_new_verify_byte_codes_fn) { 246 verify_byte_codes_fn_new_t func = 247 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 248 result = (*func)(env, cls, message, (int)message_len, 249 klass->major_version()); 250 } else { 251 verify_byte_codes_fn_t func = 252 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 253 result = (*func)(env, cls, message, (int)message_len); 254 } 255 } 256 257 JNIHandles::destroy_local(cls); 258 259 // These numbers are chosen so that VerifyClassCodes interface doesn't need 260 // to be changed (still return jboolean (unsigned char)), and result is 261 // 1 when verification is passed. 262 if (result == 0) { 263 return vmSymbols::java_lang_VerifyError(); 264 } else if (result == 1) { 265 return NULL; // verified. 266 } else if (result == 2) { 267 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 268 } else if (result == 3) { 269 return vmSymbols::java_lang_ClassFormatError(); 270 } else { 271 ShouldNotReachHere(); 272 return NULL; 273 } 274 } 275 276 TypeOrigin TypeOrigin::null() { 277 return TypeOrigin(); 278 } 279 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 280 assert(frame != NULL, "Must have a frame"); 281 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 282 frame->local_at(index)); 283 } 284 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 285 assert(frame != NULL, "Must have a frame"); 286 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 287 frame->stack_at(index)); 288 } 289 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 290 assert(frame != NULL, "Must have a frame"); 291 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 292 frame->local_at(index)); 293 } 294 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 295 assert(frame != NULL, "Must have a frame"); 296 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 297 frame->stack_at(index)); 298 } 299 TypeOrigin TypeOrigin::bad_index(u2 index) { 300 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 301 } 302 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 303 return TypeOrigin(CONST_POOL, index, NULL, vt); 304 } 305 TypeOrigin TypeOrigin::signature(VerificationType vt) { 306 return TypeOrigin(SIG, 0, NULL, vt); 307 } 308 TypeOrigin TypeOrigin::implicit(VerificationType t) { 309 return TypeOrigin(IMPLICIT, 0, NULL, t); 310 } 311 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 312 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 313 VerificationType::bogus_type()); 314 } 315 316 void TypeOrigin::reset_frame() { 317 if (_frame != NULL) { 318 _frame->restore(); 319 } 320 } 321 322 void TypeOrigin::details(outputStream* ss) const { 323 _type.print_on(ss); 324 switch (_origin) { 325 case CF_LOCALS: 326 ss->print(" (current frame, locals[%d])", _index); 327 break; 328 case CF_STACK: 329 ss->print(" (current frame, stack[%d])", _index); 330 break; 331 case SM_LOCALS: 332 ss->print(" (stack map, locals[%d])", _index); 333 break; 334 case SM_STACK: 335 ss->print(" (stack map, stack[%d])", _index); 336 break; 337 case CONST_POOL: 338 ss->print(" (constant pool %d)", _index); 339 break; 340 case SIG: 341 ss->print(" (from method signature)"); 342 break; 343 case IMPLICIT: 344 case FRAME_ONLY: 345 case NONE: 346 default: 347 ; 348 } 349 } 350 351 #ifdef ASSERT 352 void TypeOrigin::print_on(outputStream* str) const { 353 str->print("{%d,%d,%p:", _origin, _index, _frame); 354 if (_frame != NULL) { 355 _frame->print_on(str); 356 } else { 357 str->print("null"); 358 } 359 str->print(","); 360 _type.print_on(str); 361 str->print("}"); 362 } 363 #endif 364 365 void ErrorContext::details(outputStream* ss, const Method* method) const { 366 if (is_valid()) { 367 ss->cr(); 368 ss->print_cr("Exception Details:"); 369 location_details(ss, method); 370 reason_details(ss); 371 frame_details(ss); 372 bytecode_details(ss, method); 373 handler_details(ss, method); 374 stackmap_details(ss, method); 375 } 376 } 377 378 void ErrorContext::reason_details(outputStream* ss) const { 379 streamIndentor si(ss); 380 ss->indent().print_cr("Reason:"); 381 streamIndentor si2(ss); 382 ss->indent().print("%s", ""); 383 switch (_fault) { 384 case INVALID_BYTECODE: 385 ss->print("Error exists in the bytecode"); 386 break; 387 case WRONG_TYPE: 388 if (_expected.is_valid()) { 389 ss->print("Type "); 390 _type.details(ss); 391 ss->print(" is not assignable to "); 392 _expected.details(ss); 393 } else { 394 ss->print("Invalid type: "); 395 _type.details(ss); 396 } 397 break; 398 case FLAGS_MISMATCH: 399 if (_expected.is_valid()) { 400 ss->print("Current frame's flags are not assignable " 401 "to stack map frame's."); 402 } else { 403 ss->print("Current frame's flags are invalid in this context."); 404 } 405 break; 406 case BAD_CP_INDEX: 407 ss->print("Constant pool index %d is invalid", _type.index()); 408 break; 409 case BAD_LOCAL_INDEX: 410 ss->print("Local index %d is invalid", _type.index()); 411 break; 412 case LOCALS_SIZE_MISMATCH: 413 ss->print("Current frame's local size doesn't match stackmap."); 414 break; 415 case STACK_SIZE_MISMATCH: 416 ss->print("Current frame's stack size doesn't match stackmap."); 417 break; 418 case STACK_OVERFLOW: 419 ss->print("Exceeded max stack size."); 420 break; 421 case STACK_UNDERFLOW: 422 ss->print("Attempt to pop empty stack."); 423 break; 424 case MISSING_STACKMAP: 425 ss->print("Expected stackmap frame at this location."); 426 break; 427 case BAD_STACKMAP: 428 ss->print("Invalid stackmap specification."); 429 break; 430 case UNKNOWN: 431 default: 432 ShouldNotReachHere(); 433 ss->print_cr("Unknown"); 434 } 435 ss->cr(); 436 } 437 438 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 439 if (_bci != -1 && method != NULL) { 440 streamIndentor si(ss); 441 const char* bytecode_name = "<invalid>"; 442 if (method->validate_bci_from_bcx(_bci) != -1) { 443 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 444 if (Bytecodes::is_defined(code)) { 445 bytecode_name = Bytecodes::name(code); 446 } else { 447 bytecode_name = "<illegal>"; 448 } 449 } 450 InstanceKlass* ik = method->method_holder(); 451 ss->indent().print_cr("Location:"); 452 streamIndentor si2(ss); 453 ss->indent().print_cr("%s.%s%s @%d: %s", 454 ik->name()->as_C_string(), method->name()->as_C_string(), 455 method->signature()->as_C_string(), _bci, bytecode_name); 456 } 457 } 458 459 void ErrorContext::frame_details(outputStream* ss) const { 460 streamIndentor si(ss); 461 if (_type.is_valid() && _type.frame() != NULL) { 462 ss->indent().print_cr("Current Frame:"); 463 streamIndentor si2(ss); 464 _type.frame()->print_on(ss); 465 } 466 if (_expected.is_valid() && _expected.frame() != NULL) { 467 ss->indent().print_cr("Stackmap Frame:"); 468 streamIndentor si2(ss); 469 _expected.frame()->print_on(ss); 470 } 471 } 472 473 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 474 if (method != NULL) { 475 streamIndentor si(ss); 476 ss->indent().print_cr("Bytecode:"); 477 streamIndentor si2(ss); 478 ss->print_data(method->code_base(), method->code_size(), false); 479 } 480 } 481 482 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 483 if (method != NULL) { 484 streamIndentor si(ss); 485 ExceptionTable table(method); 486 if (table.length() > 0) { 487 ss->indent().print_cr("Exception Handler Table:"); 488 streamIndentor si2(ss); 489 for (int i = 0; i < table.length(); ++i) { 490 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 491 table.end_pc(i), table.handler_pc(i)); 492 } 493 } 494 } 495 } 496 497 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 498 if (method != NULL && method->has_stackmap_table()) { 499 streamIndentor si(ss); 500 ss->indent().print_cr("Stackmap Table:"); 501 Array<u1>* data = method->stackmap_data(); 502 stack_map_table* sm_table = 503 stack_map_table::at((address)data->adr_at(0)); 504 stack_map_frame* sm_frame = sm_table->entries(); 505 streamIndentor si2(ss); 506 int current_offset = -1; 507 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 508 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 509 ss->indent(); 510 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 511 sm_frame->print_truncated(ss, current_offset); 512 return; 513 } 514 sm_frame->print_on(ss, current_offset); 515 ss->cr(); 516 current_offset += sm_frame->offset_delta(); 517 sm_frame = sm_frame->next(); 518 } 519 } 520 } 521 522 // Methods in ClassVerifier 523 524 ClassVerifier::ClassVerifier( 525 instanceKlassHandle klass, TRAPS) 526 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 527 _this_type = VerificationType::reference_type(klass->name()); 528 // Create list to hold symbols in reference area. 529 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 530 } 531 532 ClassVerifier::~ClassVerifier() { 533 // Decrement the reference count for any symbols created. 534 for (int i = 0; i < _symbols->length(); i++) { 535 Symbol* s = _symbols->at(i); 536 s->decrement_refcount(); 537 } 538 } 539 540 VerificationType ClassVerifier::object_type() const { 541 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 542 } 543 544 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 545 VerificationType vt = VerificationType::reference_type( 546 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 547 return TypeOrigin::implicit(vt); 548 } 549 550 void ClassVerifier::verify_class(TRAPS) { 551 if (VerboseVerification) { 552 tty->print_cr("Verifying class %s with new format", 553 _klass->external_name()); 554 } 555 556 Array<Method*>* methods = _klass->methods(); 557 int num_methods = methods->length(); 558 559 for (int index = 0; index < num_methods; index++) { 560 // Check for recursive re-verification before each method. 561 if (was_recursively_verified()) return; 562 563 Method* m = methods->at(index); 564 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 565 // If m is native or abstract, skip it. It is checked in class file 566 // parser that methods do not override a final method. Overpass methods 567 // are trusted since the VM generates them. 568 continue; 569 } 570 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 571 } 572 573 if (VerboseVerification || TraceClassInitialization) { 574 if (was_recursively_verified()) 575 tty->print_cr("Recursive verification detected for: %s", 576 _klass->external_name()); 577 } 578 } 579 580 void ClassVerifier::verify_method(methodHandle m, TRAPS) { 581 HandleMark hm(THREAD); 582 _method = m; // initialize _method 583 if (VerboseVerification) { 584 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 585 } 586 587 // For clang, the only good constant format string is a literal constant format string. 588 #define bad_type_msg "Bad type on operand stack in %s" 589 590 int32_t max_stack = m->verifier_max_stack(); 591 int32_t max_locals = m->max_locals(); 592 constantPoolHandle cp(THREAD, m->constants()); 593 594 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 595 class_format_error("Invalid method signature"); 596 return; 597 } 598 599 // Initial stack map frame: offset is 0, stack is initially empty. 600 StackMapFrame current_frame(max_locals, max_stack, this); 601 // Set initial locals 602 VerificationType return_type = current_frame.set_locals_from_arg( 603 m, current_type(), CHECK_VERIFY(this)); 604 605 int32_t stackmap_index = 0; // index to the stackmap array 606 607 u4 code_length = m->code_size(); 608 609 // Scan the bytecode and map each instruction's start offset to a number. 610 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 611 612 int ex_min = code_length; 613 int ex_max = -1; 614 // Look through each item on the exception table. Each of the fields must refer 615 // to a legal instruction. 616 verify_exception_handler_table( 617 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 618 619 // Look through each entry on the local variable table and make sure 620 // its range of code array offsets is valid. (4169817) 621 if (m->has_localvariable_table()) { 622 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 623 } 624 625 Array<u1>* stackmap_data = m->stackmap_data(); 626 StackMapStream stream(stackmap_data); 627 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 628 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 629 code_data, code_length, CHECK_VERIFY(this)); 630 631 if (VerboseVerification) { 632 stackmap_table.print_on(tty); 633 } 634 635 RawBytecodeStream bcs(m); 636 637 // Scan the byte code linearly from the start to the end 638 bool no_control_flow = false; // Set to true when there is no direct control 639 // flow from current instruction to the next 640 // instruction in sequence 641 642 Bytecodes::Code opcode; 643 while (!bcs.is_last_bytecode()) { 644 // Check for recursive re-verification before each bytecode. 645 if (was_recursively_verified()) return; 646 647 opcode = bcs.raw_next(); 648 u2 bci = bcs.bci(); 649 650 // Set current frame's offset to bci 651 current_frame.set_offset(bci); 652 current_frame.set_mark(); 653 654 // Make sure every offset in stackmap table point to the beginning to 655 // an instruction. Match current_frame to stackmap_table entry with 656 // the same offset if exists. 657 stackmap_index = verify_stackmap_table( 658 stackmap_index, bci, ¤t_frame, &stackmap_table, 659 no_control_flow, CHECK_VERIFY(this)); 660 661 662 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 663 bool verified_exc_handlers = false; 664 665 // Merge with the next instruction 666 { 667 u2 index; 668 int target; 669 VerificationType type, type2; 670 VerificationType atype; 671 672 #ifndef PRODUCT 673 if (VerboseVerification) { 674 current_frame.print_on(tty); 675 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 676 } 677 #endif 678 679 // Make sure wide instruction is in correct format 680 if (bcs.is_wide()) { 681 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 682 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 683 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 684 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 685 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 686 opcode != Bytecodes::_dstore) { 687 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 688 * if we encounter a wide instruction that modifies an invalid 689 * opcode (not one of the ones listed above) */ 690 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 691 return; 692 } 693 } 694 695 // Look for possible jump target in exception handlers and see if it 696 // matches current_frame. Do this check here for astore*, dstore*, 697 // fstore*, istore*, and lstore* opcodes because they can change the type 698 // state by adding a local. JVM Spec says that the incoming type state 699 // should be used for this check. So, do the check here before a possible 700 // local is added to the type state. 701 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 702 verify_exception_handler_targets( 703 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 704 verified_exc_handlers = true; 705 } 706 707 switch (opcode) { 708 case Bytecodes::_nop : 709 no_control_flow = false; break; 710 case Bytecodes::_aconst_null : 711 current_frame.push_stack( 712 VerificationType::null_type(), CHECK_VERIFY(this)); 713 no_control_flow = false; break; 714 case Bytecodes::_iconst_m1 : 715 case Bytecodes::_iconst_0 : 716 case Bytecodes::_iconst_1 : 717 case Bytecodes::_iconst_2 : 718 case Bytecodes::_iconst_3 : 719 case Bytecodes::_iconst_4 : 720 case Bytecodes::_iconst_5 : 721 current_frame.push_stack( 722 VerificationType::integer_type(), CHECK_VERIFY(this)); 723 no_control_flow = false; break; 724 case Bytecodes::_lconst_0 : 725 case Bytecodes::_lconst_1 : 726 current_frame.push_stack_2( 727 VerificationType::long_type(), 728 VerificationType::long2_type(), CHECK_VERIFY(this)); 729 no_control_flow = false; break; 730 case Bytecodes::_fconst_0 : 731 case Bytecodes::_fconst_1 : 732 case Bytecodes::_fconst_2 : 733 current_frame.push_stack( 734 VerificationType::float_type(), CHECK_VERIFY(this)); 735 no_control_flow = false; break; 736 case Bytecodes::_dconst_0 : 737 case Bytecodes::_dconst_1 : 738 current_frame.push_stack_2( 739 VerificationType::double_type(), 740 VerificationType::double2_type(), CHECK_VERIFY(this)); 741 no_control_flow = false; break; 742 case Bytecodes::_sipush : 743 case Bytecodes::_bipush : 744 current_frame.push_stack( 745 VerificationType::integer_type(), CHECK_VERIFY(this)); 746 no_control_flow = false; break; 747 case Bytecodes::_ldc : 748 verify_ldc( 749 opcode, bcs.get_index_u1(), ¤t_frame, 750 cp, bci, CHECK_VERIFY(this)); 751 no_control_flow = false; break; 752 case Bytecodes::_ldc_w : 753 case Bytecodes::_ldc2_w : 754 verify_ldc( 755 opcode, bcs.get_index_u2(), ¤t_frame, 756 cp, bci, CHECK_VERIFY(this)); 757 no_control_flow = false; break; 758 case Bytecodes::_iload : 759 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 760 no_control_flow = false; break; 761 case Bytecodes::_iload_0 : 762 case Bytecodes::_iload_1 : 763 case Bytecodes::_iload_2 : 764 case Bytecodes::_iload_3 : 765 index = opcode - Bytecodes::_iload_0; 766 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 767 no_control_flow = false; break; 768 case Bytecodes::_lload : 769 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 770 no_control_flow = false; break; 771 case Bytecodes::_lload_0 : 772 case Bytecodes::_lload_1 : 773 case Bytecodes::_lload_2 : 774 case Bytecodes::_lload_3 : 775 index = opcode - Bytecodes::_lload_0; 776 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 777 no_control_flow = false; break; 778 case Bytecodes::_fload : 779 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 780 no_control_flow = false; break; 781 case Bytecodes::_fload_0 : 782 case Bytecodes::_fload_1 : 783 case Bytecodes::_fload_2 : 784 case Bytecodes::_fload_3 : 785 index = opcode - Bytecodes::_fload_0; 786 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 787 no_control_flow = false; break; 788 case Bytecodes::_dload : 789 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 790 no_control_flow = false; break; 791 case Bytecodes::_dload_0 : 792 case Bytecodes::_dload_1 : 793 case Bytecodes::_dload_2 : 794 case Bytecodes::_dload_3 : 795 index = opcode - Bytecodes::_dload_0; 796 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 797 no_control_flow = false; break; 798 case Bytecodes::_aload : 799 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 800 no_control_flow = false; break; 801 case Bytecodes::_aload_0 : 802 case Bytecodes::_aload_1 : 803 case Bytecodes::_aload_2 : 804 case Bytecodes::_aload_3 : 805 index = opcode - Bytecodes::_aload_0; 806 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 807 no_control_flow = false; break; 808 case Bytecodes::_iaload : 809 type = current_frame.pop_stack( 810 VerificationType::integer_type(), CHECK_VERIFY(this)); 811 atype = current_frame.pop_stack( 812 VerificationType::reference_check(), CHECK_VERIFY(this)); 813 if (!atype.is_int_array()) { 814 verify_error(ErrorContext::bad_type(bci, 815 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 816 bad_type_msg, "iaload"); 817 return; 818 } 819 current_frame.push_stack( 820 VerificationType::integer_type(), CHECK_VERIFY(this)); 821 no_control_flow = false; break; 822 case Bytecodes::_baload : 823 type = current_frame.pop_stack( 824 VerificationType::integer_type(), CHECK_VERIFY(this)); 825 atype = current_frame.pop_stack( 826 VerificationType::reference_check(), CHECK_VERIFY(this)); 827 if (!atype.is_bool_array() && !atype.is_byte_array()) { 828 verify_error( 829 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 830 bad_type_msg, "baload"); 831 return; 832 } 833 current_frame.push_stack( 834 VerificationType::integer_type(), CHECK_VERIFY(this)); 835 no_control_flow = false; break; 836 case Bytecodes::_caload : 837 type = current_frame.pop_stack( 838 VerificationType::integer_type(), CHECK_VERIFY(this)); 839 atype = current_frame.pop_stack( 840 VerificationType::reference_check(), CHECK_VERIFY(this)); 841 if (!atype.is_char_array()) { 842 verify_error(ErrorContext::bad_type(bci, 843 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 844 bad_type_msg, "caload"); 845 return; 846 } 847 current_frame.push_stack( 848 VerificationType::integer_type(), CHECK_VERIFY(this)); 849 no_control_flow = false; break; 850 case Bytecodes::_saload : 851 type = current_frame.pop_stack( 852 VerificationType::integer_type(), CHECK_VERIFY(this)); 853 atype = current_frame.pop_stack( 854 VerificationType::reference_check(), CHECK_VERIFY(this)); 855 if (!atype.is_short_array()) { 856 verify_error(ErrorContext::bad_type(bci, 857 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 858 bad_type_msg, "saload"); 859 return; 860 } 861 current_frame.push_stack( 862 VerificationType::integer_type(), CHECK_VERIFY(this)); 863 no_control_flow = false; break; 864 case Bytecodes::_laload : 865 type = current_frame.pop_stack( 866 VerificationType::integer_type(), CHECK_VERIFY(this)); 867 atype = current_frame.pop_stack( 868 VerificationType::reference_check(), CHECK_VERIFY(this)); 869 if (!atype.is_long_array()) { 870 verify_error(ErrorContext::bad_type(bci, 871 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 872 bad_type_msg, "laload"); 873 return; 874 } 875 current_frame.push_stack_2( 876 VerificationType::long_type(), 877 VerificationType::long2_type(), CHECK_VERIFY(this)); 878 no_control_flow = false; break; 879 case Bytecodes::_faload : 880 type = current_frame.pop_stack( 881 VerificationType::integer_type(), CHECK_VERIFY(this)); 882 atype = current_frame.pop_stack( 883 VerificationType::reference_check(), CHECK_VERIFY(this)); 884 if (!atype.is_float_array()) { 885 verify_error(ErrorContext::bad_type(bci, 886 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 887 bad_type_msg, "faload"); 888 return; 889 } 890 current_frame.push_stack( 891 VerificationType::float_type(), CHECK_VERIFY(this)); 892 no_control_flow = false; break; 893 case Bytecodes::_daload : 894 type = current_frame.pop_stack( 895 VerificationType::integer_type(), CHECK_VERIFY(this)); 896 atype = current_frame.pop_stack( 897 VerificationType::reference_check(), CHECK_VERIFY(this)); 898 if (!atype.is_double_array()) { 899 verify_error(ErrorContext::bad_type(bci, 900 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 901 bad_type_msg, "daload"); 902 return; 903 } 904 current_frame.push_stack_2( 905 VerificationType::double_type(), 906 VerificationType::double2_type(), CHECK_VERIFY(this)); 907 no_control_flow = false; break; 908 case Bytecodes::_aaload : { 909 type = current_frame.pop_stack( 910 VerificationType::integer_type(), CHECK_VERIFY(this)); 911 atype = current_frame.pop_stack( 912 VerificationType::reference_check(), CHECK_VERIFY(this)); 913 if (!atype.is_reference_array()) { 914 verify_error(ErrorContext::bad_type(bci, 915 current_frame.stack_top_ctx(), 916 TypeOrigin::implicit(VerificationType::reference_check())), 917 bad_type_msg, "aaload"); 918 return; 919 } 920 if (atype.is_null()) { 921 current_frame.push_stack( 922 VerificationType::null_type(), CHECK_VERIFY(this)); 923 } else { 924 VerificationType component = 925 atype.get_component(this, CHECK_VERIFY(this)); 926 current_frame.push_stack(component, CHECK_VERIFY(this)); 927 } 928 no_control_flow = false; break; 929 } 930 case Bytecodes::_istore : 931 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 932 no_control_flow = false; break; 933 case Bytecodes::_istore_0 : 934 case Bytecodes::_istore_1 : 935 case Bytecodes::_istore_2 : 936 case Bytecodes::_istore_3 : 937 index = opcode - Bytecodes::_istore_0; 938 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 939 no_control_flow = false; break; 940 case Bytecodes::_lstore : 941 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 942 no_control_flow = false; break; 943 case Bytecodes::_lstore_0 : 944 case Bytecodes::_lstore_1 : 945 case Bytecodes::_lstore_2 : 946 case Bytecodes::_lstore_3 : 947 index = opcode - Bytecodes::_lstore_0; 948 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 949 no_control_flow = false; break; 950 case Bytecodes::_fstore : 951 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 952 no_control_flow = false; break; 953 case Bytecodes::_fstore_0 : 954 case Bytecodes::_fstore_1 : 955 case Bytecodes::_fstore_2 : 956 case Bytecodes::_fstore_3 : 957 index = opcode - Bytecodes::_fstore_0; 958 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 959 no_control_flow = false; break; 960 case Bytecodes::_dstore : 961 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 962 no_control_flow = false; break; 963 case Bytecodes::_dstore_0 : 964 case Bytecodes::_dstore_1 : 965 case Bytecodes::_dstore_2 : 966 case Bytecodes::_dstore_3 : 967 index = opcode - Bytecodes::_dstore_0; 968 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 969 no_control_flow = false; break; 970 case Bytecodes::_astore : 971 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 972 no_control_flow = false; break; 973 case Bytecodes::_astore_0 : 974 case Bytecodes::_astore_1 : 975 case Bytecodes::_astore_2 : 976 case Bytecodes::_astore_3 : 977 index = opcode - Bytecodes::_astore_0; 978 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 979 no_control_flow = false; break; 980 case Bytecodes::_iastore : 981 type = current_frame.pop_stack( 982 VerificationType::integer_type(), CHECK_VERIFY(this)); 983 type2 = current_frame.pop_stack( 984 VerificationType::integer_type(), CHECK_VERIFY(this)); 985 atype = current_frame.pop_stack( 986 VerificationType::reference_check(), CHECK_VERIFY(this)); 987 if (!atype.is_int_array()) { 988 verify_error(ErrorContext::bad_type(bci, 989 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 990 bad_type_msg, "iastore"); 991 return; 992 } 993 no_control_flow = false; break; 994 case Bytecodes::_bastore : 995 type = current_frame.pop_stack( 996 VerificationType::integer_type(), CHECK_VERIFY(this)); 997 type2 = current_frame.pop_stack( 998 VerificationType::integer_type(), CHECK_VERIFY(this)); 999 atype = current_frame.pop_stack( 1000 VerificationType::reference_check(), CHECK_VERIFY(this)); 1001 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1002 verify_error( 1003 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1004 bad_type_msg, "bastore"); 1005 return; 1006 } 1007 no_control_flow = false; break; 1008 case Bytecodes::_castore : 1009 current_frame.pop_stack( 1010 VerificationType::integer_type(), CHECK_VERIFY(this)); 1011 current_frame.pop_stack( 1012 VerificationType::integer_type(), CHECK_VERIFY(this)); 1013 atype = current_frame.pop_stack( 1014 VerificationType::reference_check(), CHECK_VERIFY(this)); 1015 if (!atype.is_char_array()) { 1016 verify_error(ErrorContext::bad_type(bci, 1017 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1018 bad_type_msg, "castore"); 1019 return; 1020 } 1021 no_control_flow = false; break; 1022 case Bytecodes::_sastore : 1023 current_frame.pop_stack( 1024 VerificationType::integer_type(), CHECK_VERIFY(this)); 1025 current_frame.pop_stack( 1026 VerificationType::integer_type(), CHECK_VERIFY(this)); 1027 atype = current_frame.pop_stack( 1028 VerificationType::reference_check(), CHECK_VERIFY(this)); 1029 if (!atype.is_short_array()) { 1030 verify_error(ErrorContext::bad_type(bci, 1031 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1032 bad_type_msg, "sastore"); 1033 return; 1034 } 1035 no_control_flow = false; break; 1036 case Bytecodes::_lastore : 1037 current_frame.pop_stack_2( 1038 VerificationType::long2_type(), 1039 VerificationType::long_type(), CHECK_VERIFY(this)); 1040 current_frame.pop_stack( 1041 VerificationType::integer_type(), CHECK_VERIFY(this)); 1042 atype = current_frame.pop_stack( 1043 VerificationType::reference_check(), CHECK_VERIFY(this)); 1044 if (!atype.is_long_array()) { 1045 verify_error(ErrorContext::bad_type(bci, 1046 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1047 bad_type_msg, "lastore"); 1048 return; 1049 } 1050 no_control_flow = false; break; 1051 case Bytecodes::_fastore : 1052 current_frame.pop_stack( 1053 VerificationType::float_type(), CHECK_VERIFY(this)); 1054 current_frame.pop_stack 1055 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1056 atype = current_frame.pop_stack( 1057 VerificationType::reference_check(), CHECK_VERIFY(this)); 1058 if (!atype.is_float_array()) { 1059 verify_error(ErrorContext::bad_type(bci, 1060 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1061 bad_type_msg, "fastore"); 1062 return; 1063 } 1064 no_control_flow = false; break; 1065 case Bytecodes::_dastore : 1066 current_frame.pop_stack_2( 1067 VerificationType::double2_type(), 1068 VerificationType::double_type(), CHECK_VERIFY(this)); 1069 current_frame.pop_stack( 1070 VerificationType::integer_type(), CHECK_VERIFY(this)); 1071 atype = current_frame.pop_stack( 1072 VerificationType::reference_check(), CHECK_VERIFY(this)); 1073 if (!atype.is_double_array()) { 1074 verify_error(ErrorContext::bad_type(bci, 1075 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1076 bad_type_msg, "dastore"); 1077 return; 1078 } 1079 no_control_flow = false; break; 1080 case Bytecodes::_aastore : 1081 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1082 type2 = current_frame.pop_stack( 1083 VerificationType::integer_type(), CHECK_VERIFY(this)); 1084 atype = current_frame.pop_stack( 1085 VerificationType::reference_check(), CHECK_VERIFY(this)); 1086 // more type-checking is done at runtime 1087 if (!atype.is_reference_array()) { 1088 verify_error(ErrorContext::bad_type(bci, 1089 current_frame.stack_top_ctx(), 1090 TypeOrigin::implicit(VerificationType::reference_check())), 1091 bad_type_msg, "aastore"); 1092 return; 1093 } 1094 // 4938384: relaxed constraint in JVMS 3nd edition. 1095 no_control_flow = false; break; 1096 case Bytecodes::_pop : 1097 current_frame.pop_stack( 1098 VerificationType::category1_check(), CHECK_VERIFY(this)); 1099 no_control_flow = false; break; 1100 case Bytecodes::_pop2 : 1101 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1102 if (type.is_category1()) { 1103 current_frame.pop_stack( 1104 VerificationType::category1_check(), CHECK_VERIFY(this)); 1105 } else if (type.is_category2_2nd()) { 1106 current_frame.pop_stack( 1107 VerificationType::category2_check(), CHECK_VERIFY(this)); 1108 } else { 1109 /* Unreachable? Would need a category2_1st on TOS 1110 * which does not appear possible. */ 1111 verify_error( 1112 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1113 bad_type_msg, "pop2"); 1114 return; 1115 } 1116 no_control_flow = false; break; 1117 case Bytecodes::_dup : 1118 type = current_frame.pop_stack( 1119 VerificationType::category1_check(), CHECK_VERIFY(this)); 1120 current_frame.push_stack(type, CHECK_VERIFY(this)); 1121 current_frame.push_stack(type, CHECK_VERIFY(this)); 1122 no_control_flow = false; break; 1123 case Bytecodes::_dup_x1 : 1124 type = current_frame.pop_stack( 1125 VerificationType::category1_check(), CHECK_VERIFY(this)); 1126 type2 = current_frame.pop_stack( 1127 VerificationType::category1_check(), CHECK_VERIFY(this)); 1128 current_frame.push_stack(type, CHECK_VERIFY(this)); 1129 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1130 current_frame.push_stack(type, CHECK_VERIFY(this)); 1131 no_control_flow = false; break; 1132 case Bytecodes::_dup_x2 : 1133 { 1134 VerificationType type3; 1135 type = current_frame.pop_stack( 1136 VerificationType::category1_check(), CHECK_VERIFY(this)); 1137 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1138 if (type2.is_category1()) { 1139 type3 = current_frame.pop_stack( 1140 VerificationType::category1_check(), CHECK_VERIFY(this)); 1141 } else if (type2.is_category2_2nd()) { 1142 type3 = current_frame.pop_stack( 1143 VerificationType::category2_check(), CHECK_VERIFY(this)); 1144 } else { 1145 /* Unreachable? Would need a category2_1st at stack depth 2 with 1146 * a category1 on TOS which does not appear possible. */ 1147 verify_error(ErrorContext::bad_type( 1148 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1149 return; 1150 } 1151 current_frame.push_stack(type, CHECK_VERIFY(this)); 1152 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1153 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1154 current_frame.push_stack(type, CHECK_VERIFY(this)); 1155 no_control_flow = false; break; 1156 } 1157 case Bytecodes::_dup2 : 1158 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1159 if (type.is_category1()) { 1160 type2 = current_frame.pop_stack( 1161 VerificationType::category1_check(), CHECK_VERIFY(this)); 1162 } else if (type.is_category2_2nd()) { 1163 type2 = current_frame.pop_stack( 1164 VerificationType::category2_check(), CHECK_VERIFY(this)); 1165 } else { 1166 /* Unreachable? Would need a category2_1st on TOS which does not 1167 * appear possible. */ 1168 verify_error( 1169 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1170 bad_type_msg, "dup2"); 1171 return; 1172 } 1173 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1174 current_frame.push_stack(type, CHECK_VERIFY(this)); 1175 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1176 current_frame.push_stack(type, CHECK_VERIFY(this)); 1177 no_control_flow = false; break; 1178 case Bytecodes::_dup2_x1 : 1179 { 1180 VerificationType type3; 1181 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1182 if (type.is_category1()) { 1183 type2 = current_frame.pop_stack( 1184 VerificationType::category1_check(), CHECK_VERIFY(this)); 1185 } else if (type.is_category2_2nd()) { 1186 type2 = current_frame.pop_stack( 1187 VerificationType::category2_check(), CHECK_VERIFY(this)); 1188 } else { 1189 /* Unreachable? Would need a category2_1st on TOS which does 1190 * not appear possible. */ 1191 verify_error( 1192 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1193 bad_type_msg, "dup2_x1"); 1194 return; 1195 } 1196 type3 = current_frame.pop_stack( 1197 VerificationType::category1_check(), CHECK_VERIFY(this)); 1198 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1199 current_frame.push_stack(type, CHECK_VERIFY(this)); 1200 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1201 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1202 current_frame.push_stack(type, CHECK_VERIFY(this)); 1203 no_control_flow = false; break; 1204 } 1205 case Bytecodes::_dup2_x2 : 1206 { 1207 VerificationType type3, type4; 1208 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1209 if (type.is_category1()) { 1210 type2 = current_frame.pop_stack( 1211 VerificationType::category1_check(), CHECK_VERIFY(this)); 1212 } else if (type.is_category2_2nd()) { 1213 type2 = current_frame.pop_stack( 1214 VerificationType::category2_check(), CHECK_VERIFY(this)); 1215 } else { 1216 /* Unreachable? Would need a category2_1st on TOS which does 1217 * not appear possible. */ 1218 verify_error( 1219 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1220 bad_type_msg, "dup2_x2"); 1221 return; 1222 } 1223 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1224 if (type3.is_category1()) { 1225 type4 = current_frame.pop_stack( 1226 VerificationType::category1_check(), CHECK_VERIFY(this)); 1227 } else if (type3.is_category2_2nd()) { 1228 type4 = current_frame.pop_stack( 1229 VerificationType::category2_check(), CHECK_VERIFY(this)); 1230 } else { 1231 /* Unreachable? Would need a category2_1st on TOS after popping 1232 * a long/double or two category 1's, which does not 1233 * appear possible. */ 1234 verify_error( 1235 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1236 bad_type_msg, "dup2_x2"); 1237 return; 1238 } 1239 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1240 current_frame.push_stack(type, CHECK_VERIFY(this)); 1241 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1242 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1243 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1244 current_frame.push_stack(type, CHECK_VERIFY(this)); 1245 no_control_flow = false; break; 1246 } 1247 case Bytecodes::_swap : 1248 type = current_frame.pop_stack( 1249 VerificationType::category1_check(), CHECK_VERIFY(this)); 1250 type2 = current_frame.pop_stack( 1251 VerificationType::category1_check(), CHECK_VERIFY(this)); 1252 current_frame.push_stack(type, CHECK_VERIFY(this)); 1253 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1254 no_control_flow = false; break; 1255 case Bytecodes::_iadd : 1256 case Bytecodes::_isub : 1257 case Bytecodes::_imul : 1258 case Bytecodes::_idiv : 1259 case Bytecodes::_irem : 1260 case Bytecodes::_ishl : 1261 case Bytecodes::_ishr : 1262 case Bytecodes::_iushr : 1263 case Bytecodes::_ior : 1264 case Bytecodes::_ixor : 1265 case Bytecodes::_iand : 1266 current_frame.pop_stack( 1267 VerificationType::integer_type(), CHECK_VERIFY(this)); 1268 // fall through 1269 case Bytecodes::_ineg : 1270 current_frame.pop_stack( 1271 VerificationType::integer_type(), CHECK_VERIFY(this)); 1272 current_frame.push_stack( 1273 VerificationType::integer_type(), CHECK_VERIFY(this)); 1274 no_control_flow = false; break; 1275 case Bytecodes::_ladd : 1276 case Bytecodes::_lsub : 1277 case Bytecodes::_lmul : 1278 case Bytecodes::_ldiv : 1279 case Bytecodes::_lrem : 1280 case Bytecodes::_land : 1281 case Bytecodes::_lor : 1282 case Bytecodes::_lxor : 1283 current_frame.pop_stack_2( 1284 VerificationType::long2_type(), 1285 VerificationType::long_type(), CHECK_VERIFY(this)); 1286 // fall through 1287 case Bytecodes::_lneg : 1288 current_frame.pop_stack_2( 1289 VerificationType::long2_type(), 1290 VerificationType::long_type(), CHECK_VERIFY(this)); 1291 current_frame.push_stack_2( 1292 VerificationType::long_type(), 1293 VerificationType::long2_type(), CHECK_VERIFY(this)); 1294 no_control_flow = false; break; 1295 case Bytecodes::_lshl : 1296 case Bytecodes::_lshr : 1297 case Bytecodes::_lushr : 1298 current_frame.pop_stack( 1299 VerificationType::integer_type(), CHECK_VERIFY(this)); 1300 current_frame.pop_stack_2( 1301 VerificationType::long2_type(), 1302 VerificationType::long_type(), CHECK_VERIFY(this)); 1303 current_frame.push_stack_2( 1304 VerificationType::long_type(), 1305 VerificationType::long2_type(), CHECK_VERIFY(this)); 1306 no_control_flow = false; break; 1307 case Bytecodes::_fadd : 1308 case Bytecodes::_fsub : 1309 case Bytecodes::_fmul : 1310 case Bytecodes::_fdiv : 1311 case Bytecodes::_frem : 1312 current_frame.pop_stack( 1313 VerificationType::float_type(), CHECK_VERIFY(this)); 1314 // fall through 1315 case Bytecodes::_fneg : 1316 current_frame.pop_stack( 1317 VerificationType::float_type(), CHECK_VERIFY(this)); 1318 current_frame.push_stack( 1319 VerificationType::float_type(), CHECK_VERIFY(this)); 1320 no_control_flow = false; break; 1321 case Bytecodes::_dadd : 1322 case Bytecodes::_dsub : 1323 case Bytecodes::_dmul : 1324 case Bytecodes::_ddiv : 1325 case Bytecodes::_drem : 1326 current_frame.pop_stack_2( 1327 VerificationType::double2_type(), 1328 VerificationType::double_type(), CHECK_VERIFY(this)); 1329 // fall through 1330 case Bytecodes::_dneg : 1331 current_frame.pop_stack_2( 1332 VerificationType::double2_type(), 1333 VerificationType::double_type(), CHECK_VERIFY(this)); 1334 current_frame.push_stack_2( 1335 VerificationType::double_type(), 1336 VerificationType::double2_type(), CHECK_VERIFY(this)); 1337 no_control_flow = false; break; 1338 case Bytecodes::_iinc : 1339 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1340 no_control_flow = false; break; 1341 case Bytecodes::_i2l : 1342 type = current_frame.pop_stack( 1343 VerificationType::integer_type(), CHECK_VERIFY(this)); 1344 current_frame.push_stack_2( 1345 VerificationType::long_type(), 1346 VerificationType::long2_type(), CHECK_VERIFY(this)); 1347 no_control_flow = false; break; 1348 case Bytecodes::_l2i : 1349 current_frame.pop_stack_2( 1350 VerificationType::long2_type(), 1351 VerificationType::long_type(), CHECK_VERIFY(this)); 1352 current_frame.push_stack( 1353 VerificationType::integer_type(), CHECK_VERIFY(this)); 1354 no_control_flow = false; break; 1355 case Bytecodes::_i2f : 1356 current_frame.pop_stack( 1357 VerificationType::integer_type(), CHECK_VERIFY(this)); 1358 current_frame.push_stack( 1359 VerificationType::float_type(), CHECK_VERIFY(this)); 1360 no_control_flow = false; break; 1361 case Bytecodes::_i2d : 1362 current_frame.pop_stack( 1363 VerificationType::integer_type(), CHECK_VERIFY(this)); 1364 current_frame.push_stack_2( 1365 VerificationType::double_type(), 1366 VerificationType::double2_type(), CHECK_VERIFY(this)); 1367 no_control_flow = false; break; 1368 case Bytecodes::_l2f : 1369 current_frame.pop_stack_2( 1370 VerificationType::long2_type(), 1371 VerificationType::long_type(), CHECK_VERIFY(this)); 1372 current_frame.push_stack( 1373 VerificationType::float_type(), CHECK_VERIFY(this)); 1374 no_control_flow = false; break; 1375 case Bytecodes::_l2d : 1376 current_frame.pop_stack_2( 1377 VerificationType::long2_type(), 1378 VerificationType::long_type(), CHECK_VERIFY(this)); 1379 current_frame.push_stack_2( 1380 VerificationType::double_type(), 1381 VerificationType::double2_type(), CHECK_VERIFY(this)); 1382 no_control_flow = false; break; 1383 case Bytecodes::_f2i : 1384 current_frame.pop_stack( 1385 VerificationType::float_type(), CHECK_VERIFY(this)); 1386 current_frame.push_stack( 1387 VerificationType::integer_type(), CHECK_VERIFY(this)); 1388 no_control_flow = false; break; 1389 case Bytecodes::_f2l : 1390 current_frame.pop_stack( 1391 VerificationType::float_type(), CHECK_VERIFY(this)); 1392 current_frame.push_stack_2( 1393 VerificationType::long_type(), 1394 VerificationType::long2_type(), CHECK_VERIFY(this)); 1395 no_control_flow = false; break; 1396 case Bytecodes::_f2d : 1397 current_frame.pop_stack( 1398 VerificationType::float_type(), CHECK_VERIFY(this)); 1399 current_frame.push_stack_2( 1400 VerificationType::double_type(), 1401 VerificationType::double2_type(), CHECK_VERIFY(this)); 1402 no_control_flow = false; break; 1403 case Bytecodes::_d2i : 1404 current_frame.pop_stack_2( 1405 VerificationType::double2_type(), 1406 VerificationType::double_type(), CHECK_VERIFY(this)); 1407 current_frame.push_stack( 1408 VerificationType::integer_type(), CHECK_VERIFY(this)); 1409 no_control_flow = false; break; 1410 case Bytecodes::_d2l : 1411 current_frame.pop_stack_2( 1412 VerificationType::double2_type(), 1413 VerificationType::double_type(), CHECK_VERIFY(this)); 1414 current_frame.push_stack_2( 1415 VerificationType::long_type(), 1416 VerificationType::long2_type(), CHECK_VERIFY(this)); 1417 no_control_flow = false; break; 1418 case Bytecodes::_d2f : 1419 current_frame.pop_stack_2( 1420 VerificationType::double2_type(), 1421 VerificationType::double_type(), CHECK_VERIFY(this)); 1422 current_frame.push_stack( 1423 VerificationType::float_type(), CHECK_VERIFY(this)); 1424 no_control_flow = false; break; 1425 case Bytecodes::_i2b : 1426 case Bytecodes::_i2c : 1427 case Bytecodes::_i2s : 1428 current_frame.pop_stack( 1429 VerificationType::integer_type(), CHECK_VERIFY(this)); 1430 current_frame.push_stack( 1431 VerificationType::integer_type(), CHECK_VERIFY(this)); 1432 no_control_flow = false; break; 1433 case Bytecodes::_lcmp : 1434 current_frame.pop_stack_2( 1435 VerificationType::long2_type(), 1436 VerificationType::long_type(), CHECK_VERIFY(this)); 1437 current_frame.pop_stack_2( 1438 VerificationType::long2_type(), 1439 VerificationType::long_type(), CHECK_VERIFY(this)); 1440 current_frame.push_stack( 1441 VerificationType::integer_type(), CHECK_VERIFY(this)); 1442 no_control_flow = false; break; 1443 case Bytecodes::_fcmpl : 1444 case Bytecodes::_fcmpg : 1445 current_frame.pop_stack( 1446 VerificationType::float_type(), CHECK_VERIFY(this)); 1447 current_frame.pop_stack( 1448 VerificationType::float_type(), CHECK_VERIFY(this)); 1449 current_frame.push_stack( 1450 VerificationType::integer_type(), CHECK_VERIFY(this)); 1451 no_control_flow = false; break; 1452 case Bytecodes::_dcmpl : 1453 case Bytecodes::_dcmpg : 1454 current_frame.pop_stack_2( 1455 VerificationType::double2_type(), 1456 VerificationType::double_type(), CHECK_VERIFY(this)); 1457 current_frame.pop_stack_2( 1458 VerificationType::double2_type(), 1459 VerificationType::double_type(), CHECK_VERIFY(this)); 1460 current_frame.push_stack( 1461 VerificationType::integer_type(), CHECK_VERIFY(this)); 1462 no_control_flow = false; break; 1463 case Bytecodes::_if_icmpeq: 1464 case Bytecodes::_if_icmpne: 1465 case Bytecodes::_if_icmplt: 1466 case Bytecodes::_if_icmpge: 1467 case Bytecodes::_if_icmpgt: 1468 case Bytecodes::_if_icmple: 1469 current_frame.pop_stack( 1470 VerificationType::integer_type(), CHECK_VERIFY(this)); 1471 // fall through 1472 case Bytecodes::_ifeq: 1473 case Bytecodes::_ifne: 1474 case Bytecodes::_iflt: 1475 case Bytecodes::_ifge: 1476 case Bytecodes::_ifgt: 1477 case Bytecodes::_ifle: 1478 current_frame.pop_stack( 1479 VerificationType::integer_type(), CHECK_VERIFY(this)); 1480 target = bcs.dest(); 1481 stackmap_table.check_jump_target( 1482 ¤t_frame, target, CHECK_VERIFY(this)); 1483 no_control_flow = false; break; 1484 case Bytecodes::_if_acmpeq : 1485 case Bytecodes::_if_acmpne : 1486 current_frame.pop_stack( 1487 VerificationType::reference_check(), CHECK_VERIFY(this)); 1488 // fall through 1489 case Bytecodes::_ifnull : 1490 case Bytecodes::_ifnonnull : 1491 current_frame.pop_stack( 1492 VerificationType::reference_check(), CHECK_VERIFY(this)); 1493 target = bcs.dest(); 1494 stackmap_table.check_jump_target 1495 (¤t_frame, target, CHECK_VERIFY(this)); 1496 no_control_flow = false; break; 1497 case Bytecodes::_goto : 1498 target = bcs.dest(); 1499 stackmap_table.check_jump_target( 1500 ¤t_frame, target, CHECK_VERIFY(this)); 1501 no_control_flow = true; break; 1502 case Bytecodes::_goto_w : 1503 target = bcs.dest_w(); 1504 stackmap_table.check_jump_target( 1505 ¤t_frame, target, CHECK_VERIFY(this)); 1506 no_control_flow = true; break; 1507 case Bytecodes::_tableswitch : 1508 case Bytecodes::_lookupswitch : 1509 verify_switch( 1510 &bcs, code_length, code_data, ¤t_frame, 1511 &stackmap_table, CHECK_VERIFY(this)); 1512 no_control_flow = true; break; 1513 case Bytecodes::_ireturn : 1514 type = current_frame.pop_stack( 1515 VerificationType::integer_type(), CHECK_VERIFY(this)); 1516 verify_return_value(return_type, type, bci, 1517 ¤t_frame, CHECK_VERIFY(this)); 1518 no_control_flow = true; break; 1519 case Bytecodes::_lreturn : 1520 type2 = current_frame.pop_stack( 1521 VerificationType::long2_type(), CHECK_VERIFY(this)); 1522 type = current_frame.pop_stack( 1523 VerificationType::long_type(), CHECK_VERIFY(this)); 1524 verify_return_value(return_type, type, bci, 1525 ¤t_frame, CHECK_VERIFY(this)); 1526 no_control_flow = true; break; 1527 case Bytecodes::_freturn : 1528 type = current_frame.pop_stack( 1529 VerificationType::float_type(), CHECK_VERIFY(this)); 1530 verify_return_value(return_type, type, bci, 1531 ¤t_frame, CHECK_VERIFY(this)); 1532 no_control_flow = true; break; 1533 case Bytecodes::_dreturn : 1534 type2 = current_frame.pop_stack( 1535 VerificationType::double2_type(), CHECK_VERIFY(this)); 1536 type = current_frame.pop_stack( 1537 VerificationType::double_type(), CHECK_VERIFY(this)); 1538 verify_return_value(return_type, type, bci, 1539 ¤t_frame, CHECK_VERIFY(this)); 1540 no_control_flow = true; break; 1541 case Bytecodes::_areturn : 1542 type = current_frame.pop_stack( 1543 VerificationType::reference_check(), CHECK_VERIFY(this)); 1544 verify_return_value(return_type, type, bci, 1545 ¤t_frame, CHECK_VERIFY(this)); 1546 no_control_flow = true; break; 1547 case Bytecodes::_return : 1548 if (return_type != VerificationType::bogus_type()) { 1549 verify_error(ErrorContext::bad_code(bci), 1550 "Method expects a return value"); 1551 return; 1552 } 1553 // Make sure "this" has been initialized if current method is an 1554 // <init> 1555 if (_method->name() == vmSymbols::object_initializer_name() && 1556 current_frame.flag_this_uninit()) { 1557 verify_error(ErrorContext::bad_code(bci), 1558 "Constructor must call super() or this() " 1559 "before return"); 1560 return; 1561 } 1562 no_control_flow = true; break; 1563 case Bytecodes::_getstatic : 1564 case Bytecodes::_putstatic : 1565 case Bytecodes::_getfield : 1566 case Bytecodes::_putfield : 1567 verify_field_instructions( 1568 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1569 no_control_flow = false; break; 1570 case Bytecodes::_invokevirtual : 1571 case Bytecodes::_invokespecial : 1572 case Bytecodes::_invokestatic : 1573 verify_invoke_instructions( 1574 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1575 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1576 no_control_flow = false; break; 1577 case Bytecodes::_invokeinterface : 1578 case Bytecodes::_invokedynamic : 1579 verify_invoke_instructions( 1580 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1581 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1582 no_control_flow = false; break; 1583 case Bytecodes::_new : 1584 { 1585 index = bcs.get_index_u2(); 1586 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1587 VerificationType new_class_type = 1588 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1589 if (!new_class_type.is_object()) { 1590 verify_error(ErrorContext::bad_type(bci, 1591 TypeOrigin::cp(index, new_class_type)), 1592 "Illegal new instruction"); 1593 return; 1594 } 1595 type = VerificationType::uninitialized_type(bci); 1596 current_frame.push_stack(type, CHECK_VERIFY(this)); 1597 no_control_flow = false; break; 1598 } 1599 case Bytecodes::_newarray : 1600 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1601 current_frame.pop_stack( 1602 VerificationType::integer_type(), CHECK_VERIFY(this)); 1603 current_frame.push_stack(type, CHECK_VERIFY(this)); 1604 no_control_flow = false; break; 1605 case Bytecodes::_anewarray : 1606 verify_anewarray( 1607 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1608 no_control_flow = false; break; 1609 case Bytecodes::_arraylength : 1610 type = current_frame.pop_stack( 1611 VerificationType::reference_check(), CHECK_VERIFY(this)); 1612 if (!(type.is_null() || type.is_array())) { 1613 verify_error(ErrorContext::bad_type( 1614 bci, current_frame.stack_top_ctx()), 1615 bad_type_msg, "arraylength"); 1616 } 1617 current_frame.push_stack( 1618 VerificationType::integer_type(), CHECK_VERIFY(this)); 1619 no_control_flow = false; break; 1620 case Bytecodes::_checkcast : 1621 { 1622 index = bcs.get_index_u2(); 1623 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1624 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1625 VerificationType klass_type = cp_index_to_type( 1626 index, cp, CHECK_VERIFY(this)); 1627 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1628 no_control_flow = false; break; 1629 } 1630 case Bytecodes::_instanceof : { 1631 index = bcs.get_index_u2(); 1632 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1633 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1634 current_frame.push_stack( 1635 VerificationType::integer_type(), CHECK_VERIFY(this)); 1636 no_control_flow = false; break; 1637 } 1638 case Bytecodes::_monitorenter : 1639 case Bytecodes::_monitorexit : 1640 current_frame.pop_stack( 1641 VerificationType::reference_check(), CHECK_VERIFY(this)); 1642 no_control_flow = false; break; 1643 case Bytecodes::_multianewarray : 1644 { 1645 index = bcs.get_index_u2(); 1646 u2 dim = *(bcs.bcp()+3); 1647 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1648 VerificationType new_array_type = 1649 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1650 if (!new_array_type.is_array()) { 1651 verify_error(ErrorContext::bad_type(bci, 1652 TypeOrigin::cp(index, new_array_type)), 1653 "Illegal constant pool index in multianewarray instruction"); 1654 return; 1655 } 1656 if (dim < 1 || new_array_type.dimensions() < dim) { 1657 verify_error(ErrorContext::bad_code(bci), 1658 "Illegal dimension in multianewarray instruction: %d", dim); 1659 return; 1660 } 1661 for (int i = 0; i < dim; i++) { 1662 current_frame.pop_stack( 1663 VerificationType::integer_type(), CHECK_VERIFY(this)); 1664 } 1665 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1666 no_control_flow = false; break; 1667 } 1668 case Bytecodes::_athrow : 1669 type = VerificationType::reference_type( 1670 vmSymbols::java_lang_Throwable()); 1671 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1672 no_control_flow = true; break; 1673 default: 1674 // We only need to check the valid bytecodes in class file. 1675 // And jsr and ret are not in the new class file format in JDK1.5. 1676 verify_error(ErrorContext::bad_code(bci), 1677 "Bad instruction: %02x", opcode); 1678 no_control_flow = false; 1679 return; 1680 } // end switch 1681 } // end Merge with the next instruction 1682 1683 // Look for possible jump target in exception handlers and see if it matches 1684 // current_frame. Don't do this check if it has already been done (for 1685 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1686 // opcodes, such as invokespecial, may set the this_uninit flag. 1687 assert(!(verified_exc_handlers && this_uninit), 1688 "Exception handler targets got verified before this_uninit got set"); 1689 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1690 verify_exception_handler_targets( 1691 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1692 } 1693 } // end while 1694 1695 // Make sure that control flow does not fall through end of the method 1696 if (!no_control_flow) { 1697 verify_error(ErrorContext::bad_code(code_length), 1698 "Control flow falls through code end"); 1699 return; 1700 } 1701 } 1702 1703 #undef bad_type_message 1704 1705 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1706 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1707 memset(code_data, 0, sizeof(char) * code_length); 1708 RawBytecodeStream bcs(m); 1709 1710 while (!bcs.is_last_bytecode()) { 1711 if (bcs.raw_next() != Bytecodes::_illegal) { 1712 int bci = bcs.bci(); 1713 if (bcs.raw_code() == Bytecodes::_new) { 1714 code_data[bci] = NEW_OFFSET; 1715 } else { 1716 code_data[bci] = BYTECODE_OFFSET; 1717 } 1718 } else { 1719 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1720 return NULL; 1721 } 1722 } 1723 1724 return code_data; 1725 } 1726 1727 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1728 ExceptionTable exhandlers(_method()); 1729 int exlength = exhandlers.length(); 1730 constantPoolHandle cp (THREAD, _method->constants()); 1731 1732 for(int i = 0; i < exlength; i++) { 1733 //reacquire the table in case a GC happened 1734 ExceptionTable exhandlers(_method()); 1735 u2 start_pc = exhandlers.start_pc(i); 1736 u2 end_pc = exhandlers.end_pc(i); 1737 u2 handler_pc = exhandlers.handler_pc(i); 1738 if (start_pc >= code_length || code_data[start_pc] == 0) { 1739 class_format_error("Illegal exception table start_pc %d", start_pc); 1740 return; 1741 } 1742 if (end_pc != code_length) { // special case: end_pc == code_length 1743 if (end_pc > code_length || code_data[end_pc] == 0) { 1744 class_format_error("Illegal exception table end_pc %d", end_pc); 1745 return; 1746 } 1747 } 1748 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1749 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1750 return; 1751 } 1752 int catch_type_index = exhandlers.catch_type_index(i); 1753 if (catch_type_index != 0) { 1754 VerificationType catch_type = cp_index_to_type( 1755 catch_type_index, cp, CHECK_VERIFY(this)); 1756 VerificationType throwable = 1757 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1758 bool is_subclass = throwable.is_assignable_from( 1759 catch_type, this, false, CHECK_VERIFY(this)); 1760 if (!is_subclass) { 1761 // 4286534: should throw VerifyError according to recent spec change 1762 verify_error(ErrorContext::bad_type(handler_pc, 1763 TypeOrigin::cp(catch_type_index, catch_type), 1764 TypeOrigin::implicit(throwable)), 1765 "Catch type is not a subclass " 1766 "of Throwable in exception handler %d", handler_pc); 1767 return; 1768 } 1769 } 1770 if (start_pc < min) min = start_pc; 1771 if (end_pc > max) max = end_pc; 1772 } 1773 } 1774 1775 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1776 int localvariable_table_length = _method()->localvariable_table_length(); 1777 if (localvariable_table_length > 0) { 1778 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1779 for (int i = 0; i < localvariable_table_length; i++) { 1780 u2 start_bci = table[i].start_bci; 1781 u2 length = table[i].length; 1782 1783 if (start_bci >= code_length || code_data[start_bci] == 0) { 1784 class_format_error( 1785 "Illegal local variable table start_pc %d", start_bci); 1786 return; 1787 } 1788 u4 end_bci = (u4)(start_bci + length); 1789 if (end_bci != code_length) { 1790 if (end_bci >= code_length || code_data[end_bci] == 0) { 1791 class_format_error( "Illegal local variable table length %d", length); 1792 return; 1793 } 1794 } 1795 } 1796 } 1797 } 1798 1799 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1800 StackMapFrame* current_frame, 1801 StackMapTable* stackmap_table, 1802 bool no_control_flow, TRAPS) { 1803 if (stackmap_index < stackmap_table->get_frame_count()) { 1804 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1805 if (no_control_flow && this_offset > bci) { 1806 verify_error(ErrorContext::missing_stackmap(bci), 1807 "Expecting a stack map frame"); 1808 return 0; 1809 } 1810 if (this_offset == bci) { 1811 ErrorContext ctx; 1812 // See if current stack map can be assigned to the frame in table. 1813 // current_frame is the stackmap frame got from the last instruction. 1814 // If matched, current_frame will be updated by this method. 1815 bool matches = stackmap_table->match_stackmap( 1816 current_frame, this_offset, stackmap_index, 1817 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1818 if (!matches) { 1819 // report type error 1820 verify_error(ctx, "Instruction type does not match stack map"); 1821 return 0; 1822 } 1823 stackmap_index++; 1824 } else if (this_offset < bci) { 1825 // current_offset should have met this_offset. 1826 class_format_error("Bad stack map offset %d", this_offset); 1827 return 0; 1828 } 1829 } else if (no_control_flow) { 1830 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1831 return 0; 1832 } 1833 return stackmap_index; 1834 } 1835 1836 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1837 StackMapTable* stackmap_table, TRAPS) { 1838 constantPoolHandle cp (THREAD, _method->constants()); 1839 ExceptionTable exhandlers(_method()); 1840 int exlength = exhandlers.length(); 1841 for(int i = 0; i < exlength; i++) { 1842 //reacquire the table in case a GC happened 1843 ExceptionTable exhandlers(_method()); 1844 u2 start_pc = exhandlers.start_pc(i); 1845 u2 end_pc = exhandlers.end_pc(i); 1846 u2 handler_pc = exhandlers.handler_pc(i); 1847 int catch_type_index = exhandlers.catch_type_index(i); 1848 if(bci >= start_pc && bci < end_pc) { 1849 u1 flags = current_frame->flags(); 1850 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1851 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1852 if (catch_type_index != 0) { 1853 // We know that this index refers to a subclass of Throwable 1854 VerificationType catch_type = cp_index_to_type( 1855 catch_type_index, cp, CHECK_VERIFY(this)); 1856 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1857 } else { 1858 VerificationType throwable = 1859 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1860 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1861 } 1862 ErrorContext ctx; 1863 bool matches = stackmap_table->match_stackmap( 1864 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1865 if (!matches) { 1866 verify_error(ctx, "Stack map does not match the one at " 1867 "exception handler %d", handler_pc); 1868 return; 1869 } 1870 } 1871 } 1872 } 1873 1874 void ClassVerifier::verify_cp_index( 1875 u2 bci, constantPoolHandle cp, int index, TRAPS) { 1876 int nconstants = cp->length(); 1877 if ((index <= 0) || (index >= nconstants)) { 1878 verify_error(ErrorContext::bad_cp_index(bci, index), 1879 "Illegal constant pool index %d in class %s", 1880 index, cp->pool_holder()->external_name()); 1881 return; 1882 } 1883 } 1884 1885 void ClassVerifier::verify_cp_type( 1886 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1887 1888 // In some situations, bytecode rewriting may occur while we're verifying. 1889 // In this case, a constant pool cache exists and some indices refer to that 1890 // instead. Be sure we don't pick up such indices by accident. 1891 // We must check was_recursively_verified() before we get here. 1892 guarantee(cp->cache() == NULL, "not rewritten yet"); 1893 1894 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1895 unsigned int tag = cp->tag_at(index).value(); 1896 if ((types & (1 << tag)) == 0) { 1897 verify_error(ErrorContext::bad_cp_index(bci, index), 1898 "Illegal type at constant pool entry %d in class %s", 1899 index, cp->pool_holder()->external_name()); 1900 return; 1901 } 1902 } 1903 1904 void ClassVerifier::verify_cp_class_type( 1905 u2 bci, int index, constantPoolHandle cp, TRAPS) { 1906 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1907 constantTag tag = cp->tag_at(index); 1908 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1909 verify_error(ErrorContext::bad_cp_index(bci, index), 1910 "Illegal type at constant pool entry %d in class %s", 1911 index, cp->pool_holder()->external_name()); 1912 return; 1913 } 1914 } 1915 1916 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1917 stringStream ss; 1918 1919 ctx.reset_frames(); 1920 _exception_type = vmSymbols::java_lang_VerifyError(); 1921 _error_context = ctx; 1922 va_list va; 1923 va_start(va, msg); 1924 ss.vprint(msg, va); 1925 va_end(va); 1926 _message = ss.as_string(); 1927 #ifdef ASSERT 1928 ResourceMark rm; 1929 const char* exception_name = _exception_type->as_C_string(); 1930 Exceptions::debug_check_abort(exception_name, NULL); 1931 #endif // ndef ASSERT 1932 } 1933 1934 void ClassVerifier::class_format_error(const char* msg, ...) { 1935 stringStream ss; 1936 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1937 va_list va; 1938 va_start(va, msg); 1939 ss.vprint(msg, va); 1940 va_end(va); 1941 if (!_method.is_null()) { 1942 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 1943 } 1944 _message = ss.as_string(); 1945 } 1946 1947 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 1948 // Get current loader and protection domain first. 1949 oop loader = current_class()->class_loader(); 1950 oop protection_domain = current_class()->protection_domain(); 1951 1952 return SystemDictionary::resolve_or_fail( 1953 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1954 true, CHECK_NULL); 1955 } 1956 1957 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1958 Klass* target_class, 1959 Symbol* field_name, 1960 Symbol* field_sig, 1961 bool is_method) { 1962 No_Safepoint_Verifier nosafepoint; 1963 1964 // If target class isn't a super class of this class, we don't worry about this case 1965 if (!this_class->is_subclass_of(target_class)) { 1966 return false; 1967 } 1968 // Check if the specified method or field is protected 1969 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 1970 fieldDescriptor fd; 1971 if (is_method) { 1972 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 1973 if (m != NULL && m->is_protected()) { 1974 if (!this_class->is_same_class_package(m->method_holder())) { 1975 return true; 1976 } 1977 } 1978 } else { 1979 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 1980 if (member_klass != NULL && fd.is_protected()) { 1981 if (!this_class->is_same_class_package(member_klass)) { 1982 return true; 1983 } 1984 } 1985 } 1986 return false; 1987 } 1988 1989 void ClassVerifier::verify_ldc( 1990 int opcode, u2 index, StackMapFrame* current_frame, 1991 constantPoolHandle cp, u2 bci, TRAPS) { 1992 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1993 constantTag tag = cp->tag_at(index); 1994 unsigned int types; 1995 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1996 if (!tag.is_unresolved_klass()) { 1997 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1998 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 1999 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType); 2000 // Note: The class file parser already verified the legality of 2001 // MethodHandle and MethodType constants. 2002 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2003 } 2004 } else { 2005 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2006 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 2007 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2008 } 2009 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2010 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2011 } else if (tag.is_string()) { 2012 current_frame->push_stack( 2013 VerificationType::reference_type( 2014 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2015 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2016 current_frame->push_stack( 2017 VerificationType::reference_type( 2018 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2019 } else if (tag.is_int()) { 2020 current_frame->push_stack( 2021 VerificationType::integer_type(), CHECK_VERIFY(this)); 2022 } else if (tag.is_float()) { 2023 current_frame->push_stack( 2024 VerificationType::float_type(), CHECK_VERIFY(this)); 2025 } else if (tag.is_double()) { 2026 current_frame->push_stack_2( 2027 VerificationType::double_type(), 2028 VerificationType::double2_type(), CHECK_VERIFY(this)); 2029 } else if (tag.is_long()) { 2030 current_frame->push_stack_2( 2031 VerificationType::long_type(), 2032 VerificationType::long2_type(), CHECK_VERIFY(this)); 2033 } else if (tag.is_method_handle()) { 2034 current_frame->push_stack( 2035 VerificationType::reference_type( 2036 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2037 } else if (tag.is_method_type()) { 2038 current_frame->push_stack( 2039 VerificationType::reference_type( 2040 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2041 } else { 2042 /* Unreachable? verify_cp_type has already validated the cp type. */ 2043 verify_error( 2044 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2045 return; 2046 } 2047 } 2048 2049 void ClassVerifier::verify_switch( 2050 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2051 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2052 int bci = bcs->bci(); 2053 address bcp = bcs->bcp(); 2054 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 2055 2056 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2057 // 4639449 & 4647081: padding bytes must be 0 2058 u2 padding_offset = 1; 2059 while ((bcp + padding_offset) < aligned_bcp) { 2060 if(*(bcp + padding_offset) != 0) { 2061 verify_error(ErrorContext::bad_code(bci), 2062 "Nonzero padding byte in lookswitch or tableswitch"); 2063 return; 2064 } 2065 padding_offset++; 2066 } 2067 } 2068 2069 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2070 int keys, delta; 2071 current_frame->pop_stack( 2072 VerificationType::integer_type(), CHECK_VERIFY(this)); 2073 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2074 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2075 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2076 if (low > high) { 2077 verify_error(ErrorContext::bad_code(bci), 2078 "low must be less than or equal to high in tableswitch"); 2079 return; 2080 } 2081 keys = high - low + 1; 2082 if (keys < 0) { 2083 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2084 return; 2085 } 2086 delta = 1; 2087 } else { 2088 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2089 if (keys < 0) { 2090 verify_error(ErrorContext::bad_code(bci), 2091 "number of keys in lookupswitch less than 0"); 2092 return; 2093 } 2094 delta = 2; 2095 // Make sure that the lookupswitch items are sorted 2096 for (int i = 0; i < (keys - 1); i++) { 2097 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2098 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2099 if (this_key >= next_key) { 2100 verify_error(ErrorContext::bad_code(bci), 2101 "Bad lookupswitch instruction"); 2102 return; 2103 } 2104 } 2105 } 2106 int target = bci + default_offset; 2107 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2108 for (int i = 0; i < keys; i++) { 2109 // Because check_jump_target() may safepoint, the bytecode could have 2110 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2111 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize); 2112 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2113 stackmap_table->check_jump_target( 2114 current_frame, target, CHECK_VERIFY(this)); 2115 } 2116 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2117 } 2118 2119 bool ClassVerifier::name_in_supers( 2120 Symbol* ref_name, instanceKlassHandle current) { 2121 Klass* super = current->super(); 2122 while (super != NULL) { 2123 if (super->name() == ref_name) { 2124 return true; 2125 } 2126 super = super->super(); 2127 } 2128 return false; 2129 } 2130 2131 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2132 StackMapFrame* current_frame, 2133 constantPoolHandle cp, 2134 TRAPS) { 2135 u2 index = bcs->get_index_u2(); 2136 verify_cp_type(bcs->bci(), index, cp, 2137 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2138 2139 // Get field name and signature 2140 Symbol* field_name = cp->name_ref_at(index); 2141 Symbol* field_sig = cp->signature_ref_at(index); 2142 2143 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2144 class_format_error( 2145 "Invalid signature for field in class %s referenced " 2146 "from constant pool index %d", _klass->external_name(), index); 2147 return; 2148 } 2149 2150 // Get referenced class type 2151 VerificationType ref_class_type = cp_ref_index_to_type( 2152 index, cp, CHECK_VERIFY(this)); 2153 if (!ref_class_type.is_object()) { 2154 /* Unreachable? Class file parser verifies Fieldref contents */ 2155 verify_error(ErrorContext::bad_type(bcs->bci(), 2156 TypeOrigin::cp(index, ref_class_type)), 2157 "Expecting reference to class in class %s at constant pool index %d", 2158 _klass->external_name(), index); 2159 return; 2160 } 2161 VerificationType target_class_type = ref_class_type; 2162 2163 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2164 "buffer type must match VerificationType size"); 2165 uintptr_t field_type_buffer[2]; 2166 VerificationType* field_type = (VerificationType*)field_type_buffer; 2167 // If we make a VerificationType[2] array directly, the compiler calls 2168 // to the c-runtime library to do the allocation instead of just 2169 // stack allocating it. Plus it would run constructors. This shows up 2170 // in performance profiles. 2171 2172 SignatureStream sig_stream(field_sig, false); 2173 VerificationType stack_object_type; 2174 int n = change_sig_to_verificationType( 2175 &sig_stream, field_type, CHECK_VERIFY(this)); 2176 u2 bci = bcs->bci(); 2177 bool is_assignable; 2178 switch (bcs->raw_code()) { 2179 case Bytecodes::_getstatic: { 2180 for (int i = 0; i < n; i++) { 2181 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2182 } 2183 break; 2184 } 2185 case Bytecodes::_putstatic: { 2186 for (int i = n - 1; i >= 0; i--) { 2187 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2188 } 2189 break; 2190 } 2191 case Bytecodes::_getfield: { 2192 stack_object_type = current_frame->pop_stack( 2193 target_class_type, CHECK_VERIFY(this)); 2194 for (int i = 0; i < n; i++) { 2195 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2196 } 2197 goto check_protected; 2198 } 2199 case Bytecodes::_putfield: { 2200 for (int i = n - 1; i >= 0; i--) { 2201 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2202 } 2203 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2204 2205 // The JVMS 2nd edition allows field initialization before the superclass 2206 // initializer, if the field is defined within the current class. 2207 fieldDescriptor fd; 2208 if (stack_object_type == VerificationType::uninitialized_this_type() && 2209 target_class_type.equals(current_type()) && 2210 _klass->find_local_field(field_name, field_sig, &fd)) { 2211 stack_object_type = current_type(); 2212 } 2213 is_assignable = target_class_type.is_assignable_from( 2214 stack_object_type, this, false, CHECK_VERIFY(this)); 2215 if (!is_assignable) { 2216 verify_error(ErrorContext::bad_type(bci, 2217 current_frame->stack_top_ctx(), 2218 TypeOrigin::cp(index, target_class_type)), 2219 "Bad type on operand stack in putfield"); 2220 return; 2221 } 2222 } 2223 check_protected: { 2224 if (_this_type == stack_object_type) 2225 break; // stack_object_type must be assignable to _current_class_type 2226 Symbol* ref_class_name = 2227 cp->klass_name_at(cp->klass_ref_index_at(index)); 2228 if (!name_in_supers(ref_class_name, current_class())) 2229 // stack_object_type must be assignable to _current_class_type since: 2230 // 1. stack_object_type must be assignable to ref_class. 2231 // 2. ref_class must be _current_class or a subclass of it. It can't 2232 // be a superclass of it. See revised JVMS 5.4.4. 2233 break; 2234 2235 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2236 if (is_protected_access(current_class(), ref_class_oop, field_name, 2237 field_sig, false)) { 2238 // It's protected access, check if stack object is assignable to 2239 // current class. 2240 is_assignable = current_type().is_assignable_from( 2241 stack_object_type, this, true, CHECK_VERIFY(this)); 2242 if (!is_assignable) { 2243 verify_error(ErrorContext::bad_type(bci, 2244 current_frame->stack_top_ctx(), 2245 TypeOrigin::implicit(current_type())), 2246 "Bad access to protected data in getfield"); 2247 return; 2248 } 2249 } 2250 break; 2251 } 2252 default: ShouldNotReachHere(); 2253 } 2254 } 2255 2256 // Look at the method's handlers. If the bci is in the handler's try block 2257 // then check if the handler_pc is already on the stack. If not, push it 2258 // unless the handler has already been scanned. 2259 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2260 GrowableArray<u4>* handler_list, 2261 GrowableArray<u4>* handler_stack, 2262 u4 bci) { 2263 int exlength = exhandlers->length(); 2264 for(int x = 0; x < exlength; x++) { 2265 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2266 u4 exhandler_pc = exhandlers->handler_pc(x); 2267 if (!handler_list->contains(exhandler_pc)) { 2268 handler_stack->append_if_missing(exhandler_pc); 2269 handler_list->append(exhandler_pc); 2270 } 2271 } 2272 } 2273 } 2274 2275 // Return TRUE if all code paths starting with start_bc_offset end in 2276 // bytecode athrow or loop. 2277 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2278 ResourceMark rm; 2279 // Create bytecode stream. 2280 RawBytecodeStream bcs(method()); 2281 u4 code_length = method()->code_size(); 2282 bcs.set_start(start_bc_offset); 2283 u4 target; 2284 // Create stack for storing bytecode start offsets for if* and *switch. 2285 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2286 // Create stack for handlers for try blocks containing this handler. 2287 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2288 // Create list of handlers that have been pushed onto the handler_stack 2289 // so that handlers embedded inside of their own TRY blocks only get 2290 // scanned once. 2291 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2292 // Create list of visited branch opcodes (goto* and if*). 2293 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2294 ExceptionTable exhandlers(_method()); 2295 2296 while (true) { 2297 if (bcs.is_last_bytecode()) { 2298 // if no more starting offsets to parse or if at the end of the 2299 // method then return false. 2300 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2301 return false; 2302 // Pop a bytecode starting offset and scan from there. 2303 bcs.set_start(bci_stack->pop()); 2304 } 2305 Bytecodes::Code opcode = bcs.raw_next(); 2306 u4 bci = bcs.bci(); 2307 2308 // If the bytecode is in a TRY block, push its handlers so they 2309 // will get parsed. 2310 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2311 2312 switch (opcode) { 2313 case Bytecodes::_if_icmpeq: 2314 case Bytecodes::_if_icmpne: 2315 case Bytecodes::_if_icmplt: 2316 case Bytecodes::_if_icmpge: 2317 case Bytecodes::_if_icmpgt: 2318 case Bytecodes::_if_icmple: 2319 case Bytecodes::_ifeq: 2320 case Bytecodes::_ifne: 2321 case Bytecodes::_iflt: 2322 case Bytecodes::_ifge: 2323 case Bytecodes::_ifgt: 2324 case Bytecodes::_ifle: 2325 case Bytecodes::_if_acmpeq: 2326 case Bytecodes::_if_acmpne: 2327 case Bytecodes::_ifnull: 2328 case Bytecodes::_ifnonnull: 2329 target = bcs.dest(); 2330 if (visited_branches->contains(bci)) { 2331 if (bci_stack->is_empty()) { 2332 if (handler_stack->is_empty()) { 2333 return true; 2334 } else { 2335 // Parse the catch handlers for try blocks containing athrow. 2336 bcs.set_start(handler_stack->pop()); 2337 } 2338 } else { 2339 // Pop a bytecode starting offset and scan from there. 2340 bcs.set_start(bci_stack->pop()); 2341 } 2342 } else { 2343 if (target > bci) { // forward branch 2344 if (target >= code_length) return false; 2345 // Push the branch target onto the stack. 2346 bci_stack->push(target); 2347 // then, scan bytecodes starting with next. 2348 bcs.set_start(bcs.next_bci()); 2349 } else { // backward branch 2350 // Push bytecode offset following backward branch onto the stack. 2351 bci_stack->push(bcs.next_bci()); 2352 // Check bytecodes starting with branch target. 2353 bcs.set_start(target); 2354 } 2355 // Record target so we don't branch here again. 2356 visited_branches->append(bci); 2357 } 2358 break; 2359 2360 case Bytecodes::_goto: 2361 case Bytecodes::_goto_w: 2362 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2363 if (visited_branches->contains(bci)) { 2364 if (bci_stack->is_empty()) { 2365 if (handler_stack->is_empty()) { 2366 return true; 2367 } else { 2368 // Parse the catch handlers for try blocks containing athrow. 2369 bcs.set_start(handler_stack->pop()); 2370 } 2371 } else { 2372 // Been here before, pop new starting offset from stack. 2373 bcs.set_start(bci_stack->pop()); 2374 } 2375 } else { 2376 if (target >= code_length) return false; 2377 // Continue scanning from the target onward. 2378 bcs.set_start(target); 2379 // Record target so we don't branch here again. 2380 visited_branches->append(bci); 2381 } 2382 break; 2383 2384 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2385 // is difficult to determine where each switch alternative ends, parse 2386 // each switch alternative until either hit a 'return', 'athrow', or reach 2387 // the end of the method's bytecodes. This is gross but should be okay 2388 // because: 2389 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2390 // constructor invocations should be rare. 2391 // 2. if each switch alternative ends in an athrow then the parsing should be 2392 // short. If there is no athrow then it is bogus code, anyway. 2393 case Bytecodes::_lookupswitch: 2394 case Bytecodes::_tableswitch: 2395 { 2396 address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize); 2397 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2398 int keys, delta; 2399 if (opcode == Bytecodes::_tableswitch) { 2400 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2401 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2402 // This is invalid, but let the regular bytecode verifier 2403 // report this because the user will get a better error message. 2404 if (low > high) return true; 2405 keys = high - low + 1; 2406 delta = 1; 2407 } else { 2408 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2409 delta = 2; 2410 } 2411 // Invalid, let the regular bytecode verifier deal with it. 2412 if (keys < 0) return true; 2413 2414 // Push the offset of the next bytecode onto the stack. 2415 bci_stack->push(bcs.next_bci()); 2416 2417 // Push the switch alternatives onto the stack. 2418 for (int i = 0; i < keys; i++) { 2419 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2420 if (target > code_length) return false; 2421 bci_stack->push(target); 2422 } 2423 2424 // Start bytecode parsing for the switch at the default alternative. 2425 if (default_offset > code_length) return false; 2426 bcs.set_start(default_offset); 2427 break; 2428 } 2429 2430 case Bytecodes::_return: 2431 return false; 2432 2433 case Bytecodes::_athrow: 2434 { 2435 if (bci_stack->is_empty()) { 2436 if (handler_stack->is_empty()) { 2437 return true; 2438 } else { 2439 // Parse the catch handlers for try blocks containing athrow. 2440 bcs.set_start(handler_stack->pop()); 2441 } 2442 } else { 2443 // Pop a bytecode offset and starting scanning from there. 2444 bcs.set_start(bci_stack->pop()); 2445 } 2446 } 2447 break; 2448 2449 default: 2450 ; 2451 } // end switch 2452 } // end while loop 2453 2454 return false; 2455 } 2456 2457 void ClassVerifier::verify_invoke_init( 2458 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2459 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2460 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table, 2461 TRAPS) { 2462 u2 bci = bcs->bci(); 2463 VerificationType type = current_frame->pop_stack( 2464 VerificationType::reference_check(), CHECK_VERIFY(this)); 2465 if (type == VerificationType::uninitialized_this_type()) { 2466 // The method must be an <init> method of this class or its superclass 2467 Klass* superk = current_class()->super(); 2468 if (ref_class_type.name() != current_class()->name() && 2469 ref_class_type.name() != superk->name()) { 2470 verify_error(ErrorContext::bad_type(bci, 2471 TypeOrigin::implicit(ref_class_type), 2472 TypeOrigin::implicit(current_type())), 2473 "Bad <init> method call"); 2474 return; 2475 } 2476 2477 // If this invokespecial call is done from inside of a TRY block then make 2478 // sure that all catch clause paths end in a throw. Otherwise, this can 2479 // result in returning an incomplete object. 2480 if (in_try_block) { 2481 ExceptionTable exhandlers(_method()); 2482 int exlength = exhandlers.length(); 2483 for(int i = 0; i < exlength; i++) { 2484 u2 start_pc = exhandlers.start_pc(i); 2485 u2 end_pc = exhandlers.end_pc(i); 2486 2487 if (bci >= start_pc && bci < end_pc) { 2488 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2489 verify_error(ErrorContext::bad_code(bci), 2490 "Bad <init> method call from after the start of a try block"); 2491 return; 2492 } else if (VerboseVerification) { 2493 ResourceMark rm; 2494 tty->print_cr( 2495 "Survived call to ends_in_athrow(): %s", 2496 current_class()->name()->as_C_string()); 2497 } 2498 } 2499 } 2500 2501 // Check the exception handler target stackmaps with the locals from the 2502 // incoming stackmap (before initialize_object() changes them to outgoing 2503 // state). 2504 verify_exception_handler_targets(bci, true, current_frame, 2505 stackmap_table, CHECK_VERIFY(this)); 2506 } // in_try_block 2507 2508 current_frame->initialize_object(type, current_type()); 2509 *this_uninit = true; 2510 } else if (type.is_uninitialized()) { 2511 u2 new_offset = type.bci(); 2512 address new_bcp = bcs->bcp() - bci + new_offset; 2513 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2514 /* Unreachable? Stack map parsing ensures valid type and new 2515 * instructions have a valid BCI. */ 2516 verify_error(ErrorContext::bad_code(new_offset), 2517 "Expecting new instruction"); 2518 return; 2519 } 2520 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2521 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2522 2523 // The method must be an <init> method of the indicated class 2524 VerificationType new_class_type = cp_index_to_type( 2525 new_class_index, cp, CHECK_VERIFY(this)); 2526 if (!new_class_type.equals(ref_class_type)) { 2527 verify_error(ErrorContext::bad_type(bci, 2528 TypeOrigin::cp(new_class_index, new_class_type), 2529 TypeOrigin::cp(ref_class_index, ref_class_type)), 2530 "Call to wrong <init> method"); 2531 return; 2532 } 2533 // According to the VM spec, if the referent class is a superclass of the 2534 // current class, and is in a different runtime package, and the method is 2535 // protected, then the objectref must be the current class or a subclass 2536 // of the current class. 2537 VerificationType objectref_type = new_class_type; 2538 if (name_in_supers(ref_class_type.name(), current_class())) { 2539 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2540 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2541 vmSymbols::object_initializer_name(), 2542 cp->signature_ref_at(bcs->get_index_u2()), Klass::find_overpass); 2543 // Do nothing if method is not found. Let resolution detect the error. 2544 if (m != NULL) { 2545 instanceKlassHandle mh(THREAD, m->method_holder()); 2546 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 2547 bool assignable = current_type().is_assignable_from( 2548 objectref_type, this, true, CHECK_VERIFY(this)); 2549 if (!assignable) { 2550 verify_error(ErrorContext::bad_type(bci, 2551 TypeOrigin::cp(new_class_index, objectref_type), 2552 TypeOrigin::implicit(current_type())), 2553 "Bad access to protected <init> method"); 2554 return; 2555 } 2556 } 2557 } 2558 } 2559 // Check the exception handler target stackmaps with the locals from the 2560 // incoming stackmap (before initialize_object() changes them to outgoing 2561 // state). 2562 if (in_try_block) { 2563 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2564 stackmap_table, CHECK_VERIFY(this)); 2565 } 2566 current_frame->initialize_object(type, new_class_type); 2567 } else { 2568 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2569 "Bad operand type when invoking <init>"); 2570 return; 2571 } 2572 } 2573 2574 bool ClassVerifier::is_same_or_direct_interface( 2575 instanceKlassHandle klass, 2576 VerificationType klass_type, 2577 VerificationType ref_class_type) { 2578 if (ref_class_type.equals(klass_type)) return true; 2579 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2580 if (local_interfaces != NULL) { 2581 for (int x = 0; x < local_interfaces->length(); x++) { 2582 Klass* k = local_interfaces->at(x); 2583 assert (k != NULL && k->is_interface(), "invalid interface"); 2584 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2585 return true; 2586 } 2587 } 2588 } 2589 return false; 2590 } 2591 2592 void ClassVerifier::verify_invoke_instructions( 2593 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2594 bool in_try_block, bool *this_uninit, VerificationType return_type, 2595 constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) { 2596 // Make sure the constant pool item is the right type 2597 u2 index = bcs->get_index_u2(); 2598 Bytecodes::Code opcode = bcs->raw_code(); 2599 unsigned int types; 2600 switch (opcode) { 2601 case Bytecodes::_invokeinterface: 2602 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2603 break; 2604 case Bytecodes::_invokedynamic: 2605 types = 1 << JVM_CONSTANT_InvokeDynamic; 2606 break; 2607 case Bytecodes::_invokespecial: 2608 case Bytecodes::_invokestatic: 2609 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2610 (1 << JVM_CONSTANT_Methodref) : 2611 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2612 break; 2613 default: 2614 types = 1 << JVM_CONSTANT_Methodref; 2615 } 2616 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2617 2618 // Get method name and signature 2619 Symbol* method_name = cp->name_ref_at(index); 2620 Symbol* method_sig = cp->signature_ref_at(index); 2621 2622 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2623 class_format_error( 2624 "Invalid method signature in class %s referenced " 2625 "from constant pool index %d", _klass->external_name(), index); 2626 return; 2627 } 2628 2629 // Get referenced class type 2630 VerificationType ref_class_type; 2631 if (opcode == Bytecodes::_invokedynamic) { 2632 if (!EnableInvokeDynamic || 2633 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2634 if (!EnableInvokeDynamic) { 2635 class_format_error("invokedynamic instructions not enabled in this JVM"); 2636 } else { 2637 class_format_error("invokedynamic instructions not supported by this class file version (%d), class %s", 2638 _klass->major_version(), _klass->external_name()); 2639 } 2640 return; 2641 } 2642 } else { 2643 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2644 } 2645 2646 // For a small signature length, we just allocate 128 bytes instead 2647 // of parsing the signature once to find its size. 2648 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2649 // longs/doubles to be consertive. 2650 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2651 "buffer type must match VerificationType size"); 2652 uintptr_t on_stack_sig_types_buffer[128]; 2653 // If we make a VerificationType[128] array directly, the compiler calls 2654 // to the c-runtime library to do the allocation instead of just 2655 // stack allocating it. Plus it would run constructors. This shows up 2656 // in performance profiles. 2657 2658 VerificationType* sig_types; 2659 int size = (method_sig->utf8_length() - 3) * 2; 2660 if (size > 128) { 2661 // Long and double occupies two slots here. 2662 ArgumentSizeComputer size_it(method_sig); 2663 size = size_it.size(); 2664 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2665 } else{ 2666 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2667 } 2668 SignatureStream sig_stream(method_sig); 2669 int sig_i = 0; 2670 while (!sig_stream.at_return_type()) { 2671 sig_i += change_sig_to_verificationType( 2672 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2673 sig_stream.next(); 2674 } 2675 int nargs = sig_i; 2676 2677 #ifdef ASSERT 2678 { 2679 ArgumentSizeComputer size_it(method_sig); 2680 assert(nargs == size_it.size(), "Argument sizes do not match"); 2681 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2682 } 2683 #endif 2684 2685 // Check instruction operands 2686 u2 bci = bcs->bci(); 2687 if (opcode == Bytecodes::_invokeinterface) { 2688 address bcp = bcs->bcp(); 2689 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2690 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2691 // the difference between the size of the operand stack before and after the instruction 2692 // executes. 2693 if (*(bcp+3) != (nargs+1)) { 2694 verify_error(ErrorContext::bad_code(bci), 2695 "Inconsistent args count operand in invokeinterface"); 2696 return; 2697 } 2698 if (*(bcp+4) != 0) { 2699 verify_error(ErrorContext::bad_code(bci), 2700 "Fourth operand byte of invokeinterface must be zero"); 2701 return; 2702 } 2703 } 2704 2705 if (opcode == Bytecodes::_invokedynamic) { 2706 address bcp = bcs->bcp(); 2707 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2708 verify_error(ErrorContext::bad_code(bci), 2709 "Third and fourth operand bytes of invokedynamic must be zero"); 2710 return; 2711 } 2712 } 2713 2714 if (method_name->byte_at(0) == '<') { 2715 // Make sure <init> can only be invoked by invokespecial 2716 if (opcode != Bytecodes::_invokespecial || 2717 method_name != vmSymbols::object_initializer_name()) { 2718 verify_error(ErrorContext::bad_code(bci), 2719 "Illegal call to internal method"); 2720 return; 2721 } 2722 } else if (opcode == Bytecodes::_invokespecial 2723 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2724 && !ref_class_type.equals(VerificationType::reference_type( 2725 current_class()->super()->name()))) { 2726 bool subtype = false; 2727 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2728 if (!current_class()->is_anonymous()) { 2729 subtype = ref_class_type.is_assignable_from( 2730 current_type(), this, false, CHECK_VERIFY(this)); 2731 } else { 2732 VerificationType host_klass_type = 2733 VerificationType::reference_type(current_class()->host_klass()->name()); 2734 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2735 2736 // If invokespecial of IMR, need to recheck for same or 2737 // direct interface relative to the host class 2738 have_imr_indirect = (have_imr_indirect && 2739 !is_same_or_direct_interface( 2740 InstanceKlass::cast(current_class()->host_klass()), 2741 host_klass_type, ref_class_type)); 2742 } 2743 if (!subtype) { 2744 verify_error(ErrorContext::bad_code(bci), 2745 "Bad invokespecial instruction: " 2746 "current class isn't assignable to reference class."); 2747 return; 2748 } else if (have_imr_indirect) { 2749 verify_error(ErrorContext::bad_code(bci), 2750 "Bad invokespecial instruction: " 2751 "interface method reference is in an indirect superinterface."); 2752 return; 2753 } 2754 2755 } 2756 // Match method descriptor with operand stack 2757 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2758 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2759 } 2760 // Check objectref on operand stack 2761 if (opcode != Bytecodes::_invokestatic && 2762 opcode != Bytecodes::_invokedynamic) { 2763 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2764 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2765 code_length, in_try_block, this_uninit, cp, stackmap_table, 2766 CHECK_VERIFY(this)); 2767 } else { // other methods 2768 // Ensures that target class is assignable to method class. 2769 if (opcode == Bytecodes::_invokespecial) { 2770 if (!current_class()->is_anonymous()) { 2771 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2772 } else { 2773 // anonymous class invokespecial calls: check if the 2774 // objectref is a subtype of the host_klass of the current class 2775 // to allow an anonymous class to reference methods in the host_klass 2776 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2777 VerificationType hosttype = 2778 VerificationType::reference_type(current_class()->host_klass()->name()); 2779 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2780 if (!subtype) { 2781 verify_error( ErrorContext::bad_type(current_frame->offset(), 2782 current_frame->stack_top_ctx(), 2783 TypeOrigin::implicit(top)), 2784 "Bad type on operand stack"); 2785 return; 2786 } 2787 } 2788 } else if (opcode == Bytecodes::_invokevirtual) { 2789 VerificationType stack_object_type = 2790 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2791 if (current_type() != stack_object_type) { 2792 assert(cp->cache() == NULL, "not rewritten yet"); 2793 Symbol* ref_class_name = 2794 cp->klass_name_at(cp->klass_ref_index_at(index)); 2795 // See the comments in verify_field_instructions() for 2796 // the rationale behind this. 2797 if (name_in_supers(ref_class_name, current_class())) { 2798 Klass* ref_class = load_class(ref_class_name, CHECK); 2799 if (is_protected_access( 2800 _klass, ref_class, method_name, method_sig, true)) { 2801 // It's protected access, check if stack object is 2802 // assignable to current class. 2803 bool is_assignable = current_type().is_assignable_from( 2804 stack_object_type, this, true, CHECK_VERIFY(this)); 2805 if (!is_assignable) { 2806 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2807 && stack_object_type.is_array() 2808 && method_name == vmSymbols::clone_name()) { 2809 // Special case: arrays pretend to implement public Object 2810 // clone(). 2811 } else { 2812 verify_error(ErrorContext::bad_type(bci, 2813 current_frame->stack_top_ctx(), 2814 TypeOrigin::implicit(current_type())), 2815 "Bad access to protected data in invokevirtual"); 2816 return; 2817 } 2818 } 2819 } 2820 } 2821 } 2822 } else { 2823 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2824 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2825 } 2826 } 2827 } 2828 // Push the result type. 2829 if (sig_stream.type() != T_VOID) { 2830 if (method_name == vmSymbols::object_initializer_name()) { 2831 // <init> method must have a void return type 2832 /* Unreachable? Class file parser verifies that methods with '<' have 2833 * void return */ 2834 verify_error(ErrorContext::bad_code(bci), 2835 "Return type must be void in <init> method"); 2836 return; 2837 } 2838 VerificationType return_type[2]; 2839 int n = change_sig_to_verificationType( 2840 &sig_stream, return_type, CHECK_VERIFY(this)); 2841 for (int i = 0; i < n; i++) { 2842 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2843 } 2844 } 2845 } 2846 2847 VerificationType ClassVerifier::get_newarray_type( 2848 u2 index, u2 bci, TRAPS) { 2849 const char* from_bt[] = { 2850 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2851 }; 2852 if (index < T_BOOLEAN || index > T_LONG) { 2853 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2854 return VerificationType::bogus_type(); 2855 } 2856 2857 // from_bt[index] contains the array signature which has a length of 2 2858 Symbol* sig = create_temporary_symbol( 2859 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2860 return VerificationType::reference_type(sig); 2861 } 2862 2863 void ClassVerifier::verify_anewarray( 2864 u2 bci, u2 index, constantPoolHandle cp, 2865 StackMapFrame* current_frame, TRAPS) { 2866 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2867 current_frame->pop_stack( 2868 VerificationType::integer_type(), CHECK_VERIFY(this)); 2869 2870 VerificationType component_type = 2871 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2872 int length; 2873 char* arr_sig_str; 2874 if (component_type.is_array()) { // it's an array 2875 const char* component_name = component_type.name()->as_utf8(); 2876 // add one dimension to component 2877 length = (int)strlen(component_name) + 1; 2878 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2879 arr_sig_str[0] = '['; 2880 strncpy(&arr_sig_str[1], component_name, length - 1); 2881 } else { // it's an object or interface 2882 const char* component_name = component_type.name()->as_utf8(); 2883 // add one dimension to component with 'L' prepended and ';' postpended. 2884 length = (int)strlen(component_name) + 3; 2885 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2886 arr_sig_str[0] = '['; 2887 arr_sig_str[1] = 'L'; 2888 strncpy(&arr_sig_str[2], component_name, length - 2); 2889 arr_sig_str[length - 1] = ';'; 2890 } 2891 Symbol* arr_sig = create_temporary_symbol( 2892 arr_sig_str, length, CHECK_VERIFY(this)); 2893 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2894 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2895 } 2896 2897 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2898 current_frame->get_local( 2899 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2900 current_frame->push_stack( 2901 VerificationType::integer_type(), CHECK_VERIFY(this)); 2902 } 2903 2904 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2905 current_frame->get_local_2( 2906 index, VerificationType::long_type(), 2907 VerificationType::long2_type(), CHECK_VERIFY(this)); 2908 current_frame->push_stack_2( 2909 VerificationType::long_type(), 2910 VerificationType::long2_type(), CHECK_VERIFY(this)); 2911 } 2912 2913 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2914 current_frame->get_local( 2915 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2916 current_frame->push_stack( 2917 VerificationType::float_type(), CHECK_VERIFY(this)); 2918 } 2919 2920 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2921 current_frame->get_local_2( 2922 index, VerificationType::double_type(), 2923 VerificationType::double2_type(), CHECK_VERIFY(this)); 2924 current_frame->push_stack_2( 2925 VerificationType::double_type(), 2926 VerificationType::double2_type(), CHECK_VERIFY(this)); 2927 } 2928 2929 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2930 VerificationType type = current_frame->get_local( 2931 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2932 current_frame->push_stack(type, CHECK_VERIFY(this)); 2933 } 2934 2935 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2936 current_frame->pop_stack( 2937 VerificationType::integer_type(), CHECK_VERIFY(this)); 2938 current_frame->set_local( 2939 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2940 } 2941 2942 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2943 current_frame->pop_stack_2( 2944 VerificationType::long2_type(), 2945 VerificationType::long_type(), CHECK_VERIFY(this)); 2946 current_frame->set_local_2( 2947 index, VerificationType::long_type(), 2948 VerificationType::long2_type(), CHECK_VERIFY(this)); 2949 } 2950 2951 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2952 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2953 current_frame->set_local( 2954 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2955 } 2956 2957 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2958 current_frame->pop_stack_2( 2959 VerificationType::double2_type(), 2960 VerificationType::double_type(), CHECK_VERIFY(this)); 2961 current_frame->set_local_2( 2962 index, VerificationType::double_type(), 2963 VerificationType::double2_type(), CHECK_VERIFY(this)); 2964 } 2965 2966 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2967 VerificationType type = current_frame->pop_stack( 2968 VerificationType::reference_check(), CHECK_VERIFY(this)); 2969 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2970 } 2971 2972 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2973 VerificationType type = current_frame->get_local( 2974 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2975 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2976 } 2977 2978 void ClassVerifier::verify_return_value( 2979 VerificationType return_type, VerificationType type, u2 bci, 2980 StackMapFrame* current_frame, TRAPS) { 2981 if (return_type == VerificationType::bogus_type()) { 2982 verify_error(ErrorContext::bad_type(bci, 2983 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2984 "Method expects a return value"); 2985 return; 2986 } 2987 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 2988 if (!match) { 2989 verify_error(ErrorContext::bad_type(bci, 2990 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2991 "Bad return type"); 2992 return; 2993 } 2994 } 2995 2996 // The verifier creates symbols which are substrings of Symbols. 2997 // These are stored in the verifier until the end of verification so that 2998 // they can be reference counted. 2999 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3000 int end, TRAPS) { 3001 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3002 _symbols->push(sym); 3003 return sym; 3004 } 3005 3006 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3007 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3008 _symbols->push(sym); 3009 return sym; 3010 }