src/share/vm/classfile/verifier.cpp
Index Unified diffs Context diffs Sdiffs Wdiffs Patch New Old Previous File Next File bug_8050485_5 Sdiff src/share/vm/classfile

src/share/vm/classfile/verifier.cpp

Print this page




2200       if (is_protected_access(current_class(), ref_class_oop, field_name,
2201                               field_sig, false)) {
2202         // It's protected access, check if stack object is assignable to
2203         // current class.
2204         is_assignable = current_type().is_assignable_from(
2205           stack_object_type, this, CHECK_VERIFY(this));
2206         if (!is_assignable) {
2207           verify_error(ErrorContext::bad_type(bci,
2208               current_frame->stack_top_ctx(),
2209               TypeOrigin::implicit(current_type())),
2210               "Bad access to protected data in getfield");
2211           return;
2212         }
2213       }
2214       break;
2215     }
2216     default: ShouldNotReachHere();
2217   }
2218 }
2219 














































































































































































2220 void ClassVerifier::verify_invoke_init(
2221     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2222     StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2223     constantPoolHandle cp, TRAPS) {
2224   u2 bci = bcs->bci();
2225   VerificationType type = current_frame->pop_stack(
2226     VerificationType::reference_check(), CHECK_VERIFY(this));
2227   if (type == VerificationType::uninitialized_this_type()) {
2228     // The method must be an <init> method of this class or its superclass
2229     Klass* superk = current_class()->super();
2230     if (ref_class_type.name() != current_class()->name() &&
2231         ref_class_type.name() != superk->name()) {
2232       verify_error(ErrorContext::bad_type(bci,
2233           TypeOrigin::implicit(ref_class_type),
2234           TypeOrigin::implicit(current_type())),
2235           "Bad <init> method call");
2236       return;
2237     }
2238 
2239     // Make sure that this call is not done from within a TRY block because
2240     // that can result in returning an incomplete object.  Simply checking
2241     // (bci >= start_pc) also ensures that this call is not done after a TRY
2242     // block.  That is also illegal because this call must be the first Java
2243     // statement in the constructor.
2244     ExceptionTable exhandlers(_method());
2245     int exlength = exhandlers.length();
2246     for(int i = 0; i < exlength; i++) {
2247       if (bci >= exhandlers.start_pc(i)) {




2248         verify_error(ErrorContext::bad_code(bci),
2249                      "Bad <init> method call from after the start of a try block");
2250         return;






2251       }
2252     }
2253 
2254     current_frame->initialize_object(type, current_type());
2255     *this_uninit = true;
2256   } else if (type.is_uninitialized()) {
2257     u2 new_offset = type.bci();
2258     address new_bcp = bcs->bcp() - bci + new_offset;
2259     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2260       /* Unreachable?  Stack map parsing ensures valid type and new
2261        * instructions have a valid BCI. */
2262       verify_error(ErrorContext::bad_code(new_offset),
2263                    "Expecting new instruction");
2264       return;
2265     }
2266     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2267     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2268 
2269     // The method must be an <init> method of the indicated class
2270     VerificationType new_class_type = cp_index_to_type(




2200       if (is_protected_access(current_class(), ref_class_oop, field_name,
2201                               field_sig, false)) {
2202         // It's protected access, check if stack object is assignable to
2203         // current class.
2204         is_assignable = current_type().is_assignable_from(
2205           stack_object_type, this, CHECK_VERIFY(this));
2206         if (!is_assignable) {
2207           verify_error(ErrorContext::bad_type(bci,
2208               current_frame->stack_top_ctx(),
2209               TypeOrigin::implicit(current_type())),
2210               "Bad access to protected data in getfield");
2211           return;
2212         }
2213       }
2214       break;
2215     }
2216     default: ShouldNotReachHere();
2217   }
2218 }
2219 
2220 // Look at the method's handlers.  If the bci is in the handler's try block
2221 // then check if the handler_pc is already on the stack.  If not, push it.
2222 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2223                                   GrowableArray<u4>* handler_stack,
2224                                   u4 bci) {
2225   int exlength = exhandlers->length();
2226   for(int x = 0; x < exlength; x++) {
2227     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2228       handler_stack->append_if_missing(exhandlers->handler_pc(x));
2229     }
2230   }
2231 }
2232 
2233 // Return TRUE if all code paths starting with start_bc_offset end in
2234 // bytecode athrow or loop.
2235 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2236   // Create bytecode stream.
2237   RawBytecodeStream bcs(method());
2238   u4 code_length = method()->code_size();
2239   bcs.set_start(start_bc_offset);
2240   u4 target;
2241   // Create stack for storing bytecode start offsets for if* and *switch.
2242   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(50);
2243   // Create stack for handlers for try blocks containing this handler.
2244   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(50);
2245   // Create list of visited branch opcodes (goto* and if*).
2246   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(50);
2247   ExceptionTable exhandlers(_method());
2248 
2249   while (true) {
2250     if (bcs.is_last_bytecode()) {
2251       // if no more starting offsets to parse or if at the end of the
2252       // method then return false.
2253       if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2254         return false;
2255       // Pop a bytecode starting offset and scan from there.
2256       bcs.set_start(bci_stack->pop());
2257     }
2258     Bytecodes::Code opcode = bcs.raw_next();
2259     u4 bci = bcs.bci();
2260 
2261     // If the bytecode is in a TRY block, push its handlers so they
2262     // will get parsed.
2263     push_handlers(&exhandlers, handler_stack, bci);
2264 
2265     switch (opcode) {
2266       case Bytecodes::_if_icmpeq:
2267       case Bytecodes::_if_icmpne:
2268       case Bytecodes::_if_icmplt:
2269       case Bytecodes::_if_icmpge:
2270       case Bytecodes::_if_icmpgt:
2271       case Bytecodes::_if_icmple:
2272       case Bytecodes::_ifeq:
2273       case Bytecodes::_ifne:
2274       case Bytecodes::_iflt:
2275       case Bytecodes::_ifge:
2276       case Bytecodes::_ifgt:
2277       case Bytecodes::_ifle:
2278       case Bytecodes::_if_acmpeq:
2279       case Bytecodes::_if_acmpne:
2280       case Bytecodes::_ifnull:
2281       case Bytecodes::_ifnonnull:
2282         target = bcs.dest();
2283         if (visited_branches->contains(bci)) {
2284           if (bci_stack->is_empty()) return true;
2285           // Pop a bytecode starting offset and scan from there.
2286           bcs.set_start(bci_stack->pop());
2287         } else {
2288           if (target > bci) { // forward branch
2289             if (target >= code_length) return false;
2290             // Push the branch target onto the stack.
2291             bci_stack->push(target);
2292             // then, scan bytecodes starting with next.
2293             bcs.set_start(bcs.next_bci());
2294           } else { // backward branch
2295             // Push bytecode offset following backward branch onto the stack.
2296             bci_stack->push(bcs.next_bci());
2297             // Check bytecodes starting with branch target.
2298             bcs.set_start(target);
2299           }
2300           // Record target so we don't branch here again.
2301           visited_branches->append(bci);
2302         }
2303         break;
2304 
2305       case Bytecodes::_goto:
2306       case Bytecodes::_goto_w:
2307         target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2308         if (visited_branches->contains(bci)) {
2309           if (bci_stack->is_empty()) return true;
2310           // Been here before, pop new starting offset from stack.
2311           bcs.set_start(bci_stack->pop());
2312         } else {
2313           if (target >= code_length) return false;
2314           // Continue scanning from the target onward.
2315           bcs.set_start(target);
2316           // Record target so we don't branch here again.
2317           visited_branches->append(bci);
2318         }
2319         break;
2320 
2321       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2322       // is  difficult to determine where each switch alternative ends, parse
2323       // each switch alternative until either hit a 'return', 'athrow', or reach
2324       // the end of the method's bytecodes.  This is gross but should be okay
2325       // because:
2326       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2327       //    constructor invocations should be rare.
2328       // 2. if each switch alternative ends in an athrow then the parsing should be
2329       //    short.  If there is no athrow then it is bogus code, anyway.
2330       case Bytecodes::_lookupswitch:
2331       case Bytecodes::_tableswitch:
2332         {
2333           address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);
2334           u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2335           int keys, delta;
2336           if (opcode == Bytecodes::_tableswitch) {
2337             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2338             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2339             // This is invalid, but let the regular bytecode verifier
2340             // report this because the user will get a better error message.
2341             if (low > high) return true;
2342             keys = high - low + 1;
2343             delta = 1;
2344           } else {
2345             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2346             delta = 2;
2347           }
2348           // Invalid, let the regular bytecode verifier deal with it.
2349           if (keys < 0) return true;
2350 
2351           // Push the offset of the next bytecode onto the stack.
2352           bci_stack->push(bcs.next_bci());
2353 
2354           // Push the switch alternatives onto the stack.
2355           for (int i = 0; i < keys; i++) {
2356             u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2357             if (target > code_length) return false;
2358             bci_stack->push(target);
2359           }
2360 
2361           // Start bytecode parsing for the switch at the default alternative.
2362           if (default_offset > code_length) return false;
2363           bcs.set_start(default_offset);
2364           break;
2365         }
2366 
2367       case Bytecodes::_return:
2368         return false;
2369 
2370       case Bytecodes::_athrow:
2371         {
2372           if (bci_stack->is_empty()) {
2373             if (handler_stack->is_empty()) {
2374               return true;
2375             } else {
2376               // Parse the catch handlers for try blocks containing athrow.
2377               bcs.set_start(handler_stack->pop());
2378             }
2379           } else {
2380             // Pop a bytecode offset and starting scanning from there.
2381             bcs.set_start(bci_stack->pop());
2382           }
2383         }
2384         break;
2385 
2386       default:
2387         ;
2388     } // end switch
2389   } // end while loop
2390 
2391   return false;
2392 }
2393 
2394 void ClassVerifier::verify_invoke_init(
2395     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2396     StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2397     constantPoolHandle cp, TRAPS) {
2398   u2 bci = bcs->bci();
2399   VerificationType type = current_frame->pop_stack(
2400     VerificationType::reference_check(), CHECK_VERIFY(this));
2401   if (type == VerificationType::uninitialized_this_type()) {
2402     // The method must be an <init> method of this class or its superclass
2403     Klass* superk = current_class()->super();
2404     if (ref_class_type.name() != current_class()->name() &&
2405         ref_class_type.name() != superk->name()) {
2406       verify_error(ErrorContext::bad_type(bci,
2407           TypeOrigin::implicit(ref_class_type),
2408           TypeOrigin::implicit(current_type())),
2409           "Bad <init> method call");
2410       return;
2411     }
2412 
2413     // Check if this call is done from inside of a TRY block.  If so, make
2414     // sure that all catch clause paths end in a throw.  Otherwise, this
2415     // can result in returning an incomplete object.


2416     ExceptionTable exhandlers(_method());
2417     int exlength = exhandlers.length();
2418     for(int i = 0; i < exlength; i++) {
2419       u2 start_pc = exhandlers.start_pc(i);
2420       u2 end_pc = exhandlers.end_pc(i);
2421 
2422       if (bci >= start_pc && bci < end_pc) {
2423         if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2424           verify_error(ErrorContext::bad_code(bci),
2425             "Bad <init> method call from after the start of a try block");
2426           return;
2427         } else if (VerboseVerification) {
2428           ResourceMark rm;
2429           tty->print_cr(
2430             "Survived call to ends_in_athrow(): %s",
2431                         current_class()->name()->as_C_string());
2432         }
2433       }
2434     }
2435 
2436     current_frame->initialize_object(type, current_type());
2437     *this_uninit = true;
2438   } else if (type.is_uninitialized()) {
2439     u2 new_offset = type.bci();
2440     address new_bcp = bcs->bcp() - bci + new_offset;
2441     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2442       /* Unreachable?  Stack map parsing ensures valid type and new
2443        * instructions have a valid BCI. */
2444       verify_error(ErrorContext::bad_code(new_offset),
2445                    "Expecting new instruction");
2446       return;
2447     }
2448     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2449     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2450 
2451     // The method must be an <init> method of the indicated class
2452     VerificationType new_class_type = cp_index_to_type(


src/share/vm/classfile/verifier.cpp
Index Unified diffs Context diffs Sdiffs Wdiffs Patch New Old Previous File Next File