2202 if (is_protected_access(current_class(), ref_class_oop, field_name, 2203 field_sig, false)) { 2204 // It's protected access, check if stack object is assignable to 2205 // current class. 2206 is_assignable = current_type().is_assignable_from( 2207 stack_object_type, this, CHECK_VERIFY(this)); 2208 if (!is_assignable) { 2209 verify_error(ErrorContext::bad_type(bci, 2210 current_frame->stack_top_ctx(), 2211 TypeOrigin::implicit(current_type())), 2212 "Bad access to protected data in getfield"); 2213 return; 2214 } 2215 } 2216 break; 2217 } 2218 default: ShouldNotReachHere(); 2219 } 2220 } 2221 2222 void ClassVerifier::verify_invoke_init( 2223 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2224 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 2225 constantPoolHandle cp, TRAPS) { 2226 u2 bci = bcs->bci(); 2227 VerificationType type = current_frame->pop_stack( 2228 VerificationType::reference_check(), CHECK_VERIFY(this)); 2229 if (type == VerificationType::uninitialized_this_type()) { 2230 // The method must be an <init> method of this class or its superclass 2231 Klass* superk = current_class()->super(); 2232 if (ref_class_type.name() != current_class()->name() && 2233 ref_class_type.name() != superk->name()) { 2234 verify_error(ErrorContext::bad_type(bci, 2235 TypeOrigin::implicit(ref_class_type), 2236 TypeOrigin::implicit(current_type())), 2237 "Bad <init> method call"); 2238 return; 2239 } 2240 2241 // Make sure that this call is not jumped over. 2242 if (bci < furthest_jump()) { 2243 verify_error(ErrorContext::bad_code(bci), 2244 "Bad <init> method call from inside of a branch"); 2245 return; 2246 } 2247 2248 // Make sure that this call is not done from within a TRY block because 2249 // that can result in returning an incomplete object. Simply checking 2250 // (bci >= start_pc) also ensures that this call is not done after a TRY 2251 // block. That is also illegal because this call must be the first Java 2252 // statement in the constructor. 2253 ExceptionTable exhandlers(_method()); 2254 int exlength = exhandlers.length(); 2255 for(int i = 0; i < exlength; i++) { 2256 if (bci >= exhandlers.start_pc(i)) { 2257 verify_error(ErrorContext::bad_code(bci), 2258 "Bad <init> method call from after the start of a try block"); 2259 return; 2260 } 2261 } 2262 2263 current_frame->initialize_object(type, current_type()); 2264 *this_uninit = true; 2265 } else if (type.is_uninitialized()) { 2266 u2 new_offset = type.bci(); 2267 address new_bcp = bcs->bcp() - bci + new_offset; 2268 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2269 /* Unreachable? Stack map parsing ensures valid type and new 2270 * instructions have a valid BCI. */ 2271 verify_error(ErrorContext::bad_code(new_offset), 2272 "Expecting new instruction"); 2273 return; 2274 } 2275 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2276 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2277 2278 // The method must be an <init> method of the indicated class 2279 VerificationType new_class_type = cp_index_to_type( | 2202 if (is_protected_access(current_class(), ref_class_oop, field_name, 2203 field_sig, false)) { 2204 // It's protected access, check if stack object is assignable to 2205 // current class. 2206 is_assignable = current_type().is_assignable_from( 2207 stack_object_type, this, CHECK_VERIFY(this)); 2208 if (!is_assignable) { 2209 verify_error(ErrorContext::bad_type(bci, 2210 current_frame->stack_top_ctx(), 2211 TypeOrigin::implicit(current_type())), 2212 "Bad access to protected data in getfield"); 2213 return; 2214 } 2215 } 2216 break; 2217 } 2218 default: ShouldNotReachHere(); 2219 } 2220 } 2221 2222 // Look at the method's handlers. If the bci is in the handler's try block 2223 // then check if the handler_pc is already on the stack. If not, push it. 2224 void ClassVerifier::push_handlers(GrowableArray<u4>* handler_stack, u4 bci) { 2225 ExceptionTable exhandlers(_method()); 2226 int exlength = exhandlers.length(); 2227 for(int x = 0; x < exlength; x++) { 2228 if (bci >= exhandlers.start_pc(x) && bci < exhandlers.end_pc(x)) { 2229 handler_stack->append_if_missing(exhandlers.handler_pc(x)); 2230 } 2231 } 2232 } 2233 2234 // Return TRUE if all code paths in the bytecode interval end in athrow. 2235 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset, u4 end_bc_offset) { 2236 // Create bytecode stream. 2237 RawBytecodeStream bcs(method()); 2238 bcs.set_interval(start_bc_offset, end_bc_offset); 2239 u4 code_length = method()->code_size(); 2240 u4 target; 2241 // Create stack for storing bytecode intervals for if*, goto*, and *switch. 2242 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(50); 2243 // Create stack for handlers for try blocks containing this handler. 2244 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(50); 2245 2246 while (true) { 2247 if (bcs.is_last_bytecode()) { 2248 if (bci_stack->is_empty()) { 2249 return false; 2250 } else { 2251 // Pop a bytecode interval and scan that interval. 2252 u4 end_offset = pop_bci_end_offset(bci_stack); 2253 u4 start_offset = pop_bci_start_offset(bci_stack); 2254 assert(end_offset >= start_offset, "Messed up bytecode offsets"); 2255 bcs.set_interval(start_offset, end_offset); 2256 } 2257 } 2258 Bytecodes::Code opcode = bcs.raw_next(); 2259 u4 bci = bcs.bci(); 2260 2261 switch (opcode) { 2262 case Bytecodes::_if_icmpeq: 2263 case Bytecodes::_if_icmpne: 2264 case Bytecodes::_if_icmplt: 2265 case Bytecodes::_if_icmpge: 2266 case Bytecodes::_if_icmpgt: 2267 case Bytecodes::_if_icmple: 2268 case Bytecodes::_ifeq: 2269 case Bytecodes::_ifne: 2270 case Bytecodes::_iflt: 2271 case Bytecodes::_ifge: 2272 case Bytecodes::_ifgt: 2273 case Bytecodes::_ifle: 2274 case Bytecodes::_if_acmpeq: 2275 case Bytecodes::_if_acmpne: 2276 case Bytecodes::_ifnull: 2277 case Bytecodes::_ifnonnull: 2278 target = bcs.dest(); 2279 if (target > bci) { // forward branch 2280 if (target >= code_length) return false; 2281 // Push the branch target interval onto the stack. 2282 push_bci_offsets(bci_stack, target, code_length); 2283 // then, scan bytecodes up to the target. 2284 bcs.set_interval(bcs.next_bci(), target); 2285 } 2286 break; 2287 2288 case Bytecodes::_goto: 2289 case Bytecodes::_goto_w: 2290 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2291 if (target > bci) { // forward branch 2292 if (target >= code_length) return false; 2293 push_bci_offsets(bci_stack, target, code_length); 2294 // scan bytecodes up to the target. 2295 bcs.set_interval(bcs.next_bci(), target); 2296 } 2297 break; 2298 2299 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2300 // is difficult to determine where each switch alternative ends, parse 2301 // each switch alternative until either hit a 'return', 'athrow', or reach 2302 // the end of the method's bytecodes. This is gross but should be okay 2303 // because: 2304 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2305 // constructor invocations should be rare. 2306 // 2. if each switch alternative ends in an athrow then the parsing should be 2307 // short. If there is no athrow then it is bogus code, anyway. 2308 case Bytecodes::_lookupswitch: 2309 case Bytecodes::_tableswitch: 2310 { 2311 address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize); 2312 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2313 int keys, delta; 2314 if (opcode == Bytecodes::_tableswitch) { 2315 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2316 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2317 // This is invalid, but let the regular bytecode verifier 2318 // report this because the user will get a better error message. 2319 if (low > high) return true; 2320 keys = high - low + 1; 2321 delta = 1; 2322 } else { 2323 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2324 delta = 2; 2325 } 2326 // Invalid, let the regular bytecode verifier deal with it. 2327 if (keys < 0) return true; 2328 2329 // Push the current state onto the stack. 2330 push_bci_offsets(bci_stack, bcs.next_bci(), bcs.end_bci()); 2331 2332 // Push the switch alternatives onto the stack. 2333 for (int i = 0; i < keys; i++) { 2334 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2335 if (target > code_length) return false; 2336 push_bci_offsets(bci_stack, target, code_length); 2337 } 2338 2339 // Start bytecode parsing for the switch at the default alternative. 2340 if (default_offset > code_length) return false; 2341 bcs.set_interval(default_offset, code_length); 2342 break; 2343 } 2344 2345 case Bytecodes::_return: 2346 return false; 2347 2348 case Bytecodes::_athrow: 2349 { 2350 // See if athrow is inside of any try blocks. 2351 push_handlers(handler_stack, bci); 2352 if (bci_stack->is_empty()) { 2353 if (handler_stack->is_empty()) { 2354 return true; 2355 } else { 2356 // Parse the catch handlers for try blocks containing athrow. 2357 bcs.set_interval(handler_stack->pop(), code_length); 2358 } 2359 } else { 2360 // Pop a bytecode interval and scan that interval. 2361 u4 end_offset = pop_bci_end_offset(bci_stack); 2362 u4 start_offset = pop_bci_start_offset(bci_stack); 2363 assert(end_offset >= start_offset, "Mixed up bytecode offsets"); 2364 bcs.set_interval(start_offset, end_offset); 2365 } 2366 } 2367 break; 2368 2369 default: 2370 ; 2371 } // end switch 2372 } // end while loop 2373 2374 return false; 2375 } 2376 2377 void ClassVerifier::verify_invoke_init( 2378 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2379 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 2380 constantPoolHandle cp, TRAPS) { 2381 u2 bci = bcs->bci(); 2382 VerificationType type = current_frame->pop_stack( 2383 VerificationType::reference_check(), CHECK_VERIFY(this)); 2384 if (type == VerificationType::uninitialized_this_type()) { 2385 // The method must be an <init> method of this class or its superclass 2386 Klass* superk = current_class()->super(); 2387 if (ref_class_type.name() != current_class()->name() && 2388 ref_class_type.name() != superk->name()) { 2389 verify_error(ErrorContext::bad_type(bci, 2390 TypeOrigin::implicit(ref_class_type), 2391 TypeOrigin::implicit(current_type())), 2392 "Bad <init> method call"); 2393 return; 2394 } 2395 2396 // Make sure that this call is not jumped over. 2397 if (bci < furthest_jump()) { 2398 verify_error(ErrorContext::bad_code(bci), 2399 "Bad <init> method call from inside of a branch"); 2400 return; 2401 } 2402 2403 // Check if this call is done from inside of a TRY block. If so, make 2404 // sure that all catch clause paths end in a throw. Otherwise, this 2405 // can result in returning an incomplete object. 2406 ExceptionTable exhandlers(_method()); 2407 int exlength = exhandlers.length(); 2408 for(int i = 0; i < exlength; i++) { 2409 u2 start_pc = exhandlers.start_pc(i); 2410 u2 end_pc = exhandlers.end_pc(i); 2411 2412 if (bci >= start_pc && bci < end_pc) { 2413 if (!ends_in_athrow(exhandlers.handler_pc(i), code_length)) { 2414 verify_error(ErrorContext::bad_code(bci), 2415 "Bad <init> method call from after the start of a try block"); 2416 return; 2417 } else if (VerboseVerification) { 2418 ResourceMark rm; 2419 tty->print_cr( 2420 "Survived call to ends_in_athrow(): %s", 2421 current_class()->name()->as_C_string()); 2422 } 2423 } 2424 } 2425 2426 current_frame->initialize_object(type, current_type()); 2427 *this_uninit = true; 2428 } else if (type.is_uninitialized()) { 2429 u2 new_offset = type.bci(); 2430 address new_bcp = bcs->bcp() - bci + new_offset; 2431 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2432 /* Unreachable? Stack map parsing ensures valid type and new 2433 * instructions have a valid BCI. */ 2434 verify_error(ErrorContext::bad_code(new_offset), 2435 "Expecting new instruction"); 2436 return; 2437 } 2438 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2439 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2440 2441 // The method must be an <init> method of the indicated class 2442 VerificationType new_class_type = cp_index_to_type( |