2202 if (is_protected_access(current_class(), ref_class_oop, field_name,
2203 field_sig, false)) {
2204 // It's protected access, check if stack object is assignable to
2205 // current class.
2206 is_assignable = current_type().is_assignable_from(
2207 stack_object_type, this, CHECK_VERIFY(this));
2208 if (!is_assignable) {
2209 verify_error(ErrorContext::bad_type(bci,
2210 current_frame->stack_top_ctx(),
2211 TypeOrigin::implicit(current_type())),
2212 "Bad access to protected data in getfield");
2213 return;
2214 }
2215 }
2216 break;
2217 }
2218 default: ShouldNotReachHere();
2219 }
2220 }
2221
2222 void ClassVerifier::verify_invoke_init(
2223 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2224 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2225 constantPoolHandle cp, TRAPS) {
2226 u2 bci = bcs->bci();
2227 VerificationType type = current_frame->pop_stack(
2228 VerificationType::reference_check(), CHECK_VERIFY(this));
2229 if (type == VerificationType::uninitialized_this_type()) {
2230 // The method must be an <init> method of this class or its superclass
2231 Klass* superk = current_class()->super();
2232 if (ref_class_type.name() != current_class()->name() &&
2233 ref_class_type.name() != superk->name()) {
2234 verify_error(ErrorContext::bad_type(bci,
2235 TypeOrigin::implicit(ref_class_type),
2236 TypeOrigin::implicit(current_type())),
2237 "Bad <init> method call");
2238 return;
2239 }
2240
2241 // Make sure that this call is not jumped over.
2242 if (bci < furthest_jump()) {
2243 verify_error(ErrorContext::bad_code(bci),
2244 "Bad <init> method call from inside of a branch");
2245 return;
2246 }
2247
2248 // Make sure that this call is not done from within a TRY block because
2249 // that can result in returning an incomplete object. Simply checking
2250 // (bci >= start_pc) also ensures that this call is not done after a TRY
2251 // block. That is also illegal because this call must be the first Java
2252 // statement in the constructor.
2253 ExceptionTable exhandlers(_method());
2254 int exlength = exhandlers.length();
2255 for(int i = 0; i < exlength; i++) {
2256 if (bci >= exhandlers.start_pc(i)) {
2257 verify_error(ErrorContext::bad_code(bci),
2258 "Bad <init> method call from after the start of a try block");
2259 return;
2260 }
2261 }
2262
2263 current_frame->initialize_object(type, current_type());
2264 *this_uninit = true;
2265 } else if (type.is_uninitialized()) {
2266 u2 new_offset = type.bci();
2267 address new_bcp = bcs->bcp() - bci + new_offset;
2268 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2269 /* Unreachable? Stack map parsing ensures valid type and new
2270 * instructions have a valid BCI. */
2271 verify_error(ErrorContext::bad_code(new_offset),
2272 "Expecting new instruction");
2273 return;
2274 }
2275 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2276 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2277
2278 // The method must be an <init> method of the indicated class
2279 VerificationType new_class_type = cp_index_to_type(
|
2202 if (is_protected_access(current_class(), ref_class_oop, field_name,
2203 field_sig, false)) {
2204 // It's protected access, check if stack object is assignable to
2205 // current class.
2206 is_assignable = current_type().is_assignable_from(
2207 stack_object_type, this, CHECK_VERIFY(this));
2208 if (!is_assignable) {
2209 verify_error(ErrorContext::bad_type(bci,
2210 current_frame->stack_top_ctx(),
2211 TypeOrigin::implicit(current_type())),
2212 "Bad access to protected data in getfield");
2213 return;
2214 }
2215 }
2216 break;
2217 }
2218 default: ShouldNotReachHere();
2219 }
2220 }
2221
2222 // Look at the method's handlers. If the bci is in the handler's try block
2223 // then check if the handler_pc is already on the stack. If not, push it.
2224 void ClassVerifier::push_handlers(GrowableArray<u4>* handler_stack, u4 bci) {
2225 ExceptionTable exhandlers(_method());
2226 int exlength = exhandlers.length();
2227 for(int x = 0; x < exlength; x++) {
2228 if (bci >= exhandlers.start_pc(x) && bci < exhandlers.end_pc(x)) {
2229 handler_stack->append_if_missing(exhandlers.handler_pc(x));
2230 }
2231 }
2232 }
2233
2234 // Return TRUE if all code paths in the bytecode interval end in athrow.
2235 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset, u4 end_bc_offset) {
2236 // Create bytecode stream.
2237 RawBytecodeStream bcs(method());
2238 bcs.set_interval(start_bc_offset, end_bc_offset);
2239 u4 code_length = method()->code_size();
2240 u4 target;
2241 // Create stack for storing bytecode intervals for if*, goto*, and *switch.
2242 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(50);
2243 // Create stack for handlers for try blocks containing this handler.
2244 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(50);
2245
2246 while (true) {
2247 if (bcs.is_last_bytecode()) {
2248 if (bci_stack->is_empty()) {
2249 return false;
2250 } else {
2251 // Pop a bytecode interval and scan that interval.
2252 u4 end_offset = pop_bci_end_offset(bci_stack);
2253 u4 start_offset = pop_bci_start_offset(bci_stack);
2254 assert(end_offset >= start_offset, "Messed up bytecode offsets");
2255 bcs.set_interval(start_offset, end_offset);
2256 }
2257 }
2258 Bytecodes::Code opcode = bcs.raw_next();
2259 u4 bci = bcs.bci();
2260
2261 switch (opcode) {
2262 case Bytecodes::_if_icmpeq:
2263 case Bytecodes::_if_icmpne:
2264 case Bytecodes::_if_icmplt:
2265 case Bytecodes::_if_icmpge:
2266 case Bytecodes::_if_icmpgt:
2267 case Bytecodes::_if_icmple:
2268 case Bytecodes::_ifeq:
2269 case Bytecodes::_ifne:
2270 case Bytecodes::_iflt:
2271 case Bytecodes::_ifge:
2272 case Bytecodes::_ifgt:
2273 case Bytecodes::_ifle:
2274 case Bytecodes::_if_acmpeq:
2275 case Bytecodes::_if_acmpne:
2276 case Bytecodes::_ifnull:
2277 case Bytecodes::_ifnonnull:
2278 target = bcs.dest();
2279 if (target > bci) { // forward branch
2280 if (target >= code_length) return false;
2281 // Push the branch target interval onto the stack.
2282 push_bci_offsets(bci_stack, target, code_length);
2283 // then, scan bytecodes up to the target.
2284 bcs.set_interval(bcs.next_bci(), target);
2285 }
2286 break;
2287
2288 case Bytecodes::_goto:
2289 case Bytecodes::_goto_w:
2290 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2291 if (target > bci) { // forward branch
2292 if (target >= code_length) return false;
2293 push_bci_offsets(bci_stack, target, code_length);
2294 // scan bytecodes up to the target.
2295 bcs.set_interval(bcs.next_bci(), target);
2296 }
2297 break;
2298
2299 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2300 // is difficult to determine where each switch alternative ends, parse
2301 // each switch alternative until either hit a 'return', 'athrow', or reach
2302 // the end of the method's bytecodes. This is gross but should be okay
2303 // because:
2304 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2305 // constructor invocations should be rare.
2306 // 2. if each switch alternative ends in an athrow then the parsing should be
2307 // short. If there is no athrow then it is bogus code, anyway.
2308 case Bytecodes::_lookupswitch:
2309 case Bytecodes::_tableswitch:
2310 {
2311 address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);
2312 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2313 int keys, delta;
2314 if (opcode == Bytecodes::_tableswitch) {
2315 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2316 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2317 // This is invalid, but let the regular bytecode verifier
2318 // report this because the user will get a better error message.
2319 if (low > high) return true;
2320 keys = high - low + 1;
2321 delta = 1;
2322 } else {
2323 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2324 delta = 2;
2325 }
2326 // Invalid, let the regular bytecode verifier deal with it.
2327 if (keys < 0) return true;
2328
2329 // Push the current state onto the stack.
2330 push_bci_offsets(bci_stack, bcs.next_bci(), bcs.end_bci());
2331
2332 // Push the switch alternatives onto the stack.
2333 for (int i = 0; i < keys; i++) {
2334 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2335 if (target > code_length) return false;
2336 push_bci_offsets(bci_stack, target, code_length);
2337 }
2338
2339 // Start bytecode parsing for the switch at the default alternative.
2340 if (default_offset > code_length) return false;
2341 bcs.set_interval(default_offset, code_length);
2342 break;
2343 }
2344
2345 case Bytecodes::_return:
2346 return false;
2347
2348 case Bytecodes::_athrow:
2349 {
2350 // See if athrow is inside of any try blocks.
2351 push_handlers(handler_stack, bci);
2352 if (bci_stack->is_empty()) {
2353 if (handler_stack->is_empty()) {
2354 return true;
2355 } else {
2356 // Parse the catch handlers for try blocks containing athrow.
2357 bcs.set_interval(handler_stack->pop(), code_length);
2358 }
2359 } else {
2360 // Pop a bytecode interval and scan that interval.
2361 u4 end_offset = pop_bci_end_offset(bci_stack);
2362 u4 start_offset = pop_bci_start_offset(bci_stack);
2363 assert(end_offset >= start_offset, "Mixed up bytecode offsets");
2364 bcs.set_interval(start_offset, end_offset);
2365 }
2366 }
2367 break;
2368
2369 default:
2370 ;
2371 } // end switch
2372 } // end while loop
2373
2374 return false;
2375 }
2376
2377 void ClassVerifier::verify_invoke_init(
2378 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2379 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2380 constantPoolHandle cp, TRAPS) {
2381 u2 bci = bcs->bci();
2382 VerificationType type = current_frame->pop_stack(
2383 VerificationType::reference_check(), CHECK_VERIFY(this));
2384 if (type == VerificationType::uninitialized_this_type()) {
2385 // The method must be an <init> method of this class or its superclass
2386 Klass* superk = current_class()->super();
2387 if (ref_class_type.name() != current_class()->name() &&
2388 ref_class_type.name() != superk->name()) {
2389 verify_error(ErrorContext::bad_type(bci,
2390 TypeOrigin::implicit(ref_class_type),
2391 TypeOrigin::implicit(current_type())),
2392 "Bad <init> method call");
2393 return;
2394 }
2395
2396 // Make sure that this call is not jumped over.
2397 if (bci < furthest_jump()) {
2398 verify_error(ErrorContext::bad_code(bci),
2399 "Bad <init> method call from inside of a branch");
2400 return;
2401 }
2402
2403 // Check if this call is done from inside of a TRY block. If so, make
2404 // sure that all catch clause paths end in a throw. Otherwise, this
2405 // can result in returning an incomplete object.
2406 ExceptionTable exhandlers(_method());
2407 int exlength = exhandlers.length();
2408 for(int i = 0; i < exlength; i++) {
2409 u2 start_pc = exhandlers.start_pc(i);
2410 u2 end_pc = exhandlers.end_pc(i);
2411
2412 if (bci >= start_pc && bci < end_pc) {
2413 if (!ends_in_athrow(exhandlers.handler_pc(i), code_length)) {
2414 verify_error(ErrorContext::bad_code(bci),
2415 "Bad <init> method call from after the start of a try block");
2416 return;
2417 } else if (VerboseVerification) {
2418 ResourceMark rm;
2419 tty->print_cr(
2420 "Survived call to ends_in_athrow(): %s",
2421 current_class()->name()->as_C_string());
2422 }
2423 }
2424 }
2425
2426 current_frame->initialize_object(type, current_type());
2427 *this_uninit = true;
2428 } else if (type.is_uninitialized()) {
2429 u2 new_offset = type.bci();
2430 address new_bcp = bcs->bcp() - bci + new_offset;
2431 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2432 /* Unreachable? Stack map parsing ensures valid type and new
2433 * instructions have a valid BCI. */
2434 verify_error(ErrorContext::bad_code(new_offset),
2435 "Expecting new instruction");
2436 return;
2437 }
2438 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2439 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2440
2441 // The method must be an <init> method of the indicated class
2442 VerificationType new_class_type = cp_index_to_type(
|