1 /* 2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/systemDictionary.hpp" 33 #include "classfile/verifier.hpp" 34 #include "classfile/vmSymbols.hpp" 35 #include "interpreter/bytecodes.hpp" 36 #include "interpreter/bytecodeStream.hpp" 37 #include "logging/log.hpp" 38 #include "logging/logStream.hpp" 39 #include "memory/oopFactory.hpp" 40 #include "memory/resourceArea.hpp" 41 #include "oops/constantPool.inline.hpp" 42 #include "oops/instanceKlass.hpp" 43 #include "oops/oop.inline.hpp" 44 #include "oops/typeArrayOop.hpp" 45 #include "runtime/fieldDescriptor.hpp" 46 #include "runtime/handles.inline.hpp" 47 #include "runtime/interfaceSupport.inline.hpp" 48 #include "runtime/javaCalls.hpp" 49 #include "runtime/jniHandles.inline.hpp" 50 #include "runtime/orderAccess.hpp" 51 #include "runtime/os.hpp" 52 #include "runtime/safepointVerifiers.hpp" 53 #include "runtime/thread.hpp" 54 #include "services/threadService.hpp" 55 #include "utilities/align.hpp" 56 #include "utilities/bytes.hpp" 57 58 #define NOFAILOVER_MAJOR_VERSION 51 59 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 60 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 61 #define MAX_ARRAY_DIMENSIONS 255 62 63 // Access to external entry for VerifyClassCodes - old byte code verifier 64 65 extern "C" { 66 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 67 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 68 } 69 70 static void* volatile _verify_byte_codes_fn = NULL; 71 72 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 73 74 static void* verify_byte_codes_fn() { 75 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) { 76 void *lib_handle = os::native_java_library(); 77 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 78 OrderAccess::release_store(&_verify_byte_codes_fn, func); 79 if (func == NULL) { 80 _is_new_verify_byte_codes_fn = false; 81 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 82 OrderAccess::release_store(&_verify_byte_codes_fn, func); 83 } 84 } 85 return (void*)_verify_byte_codes_fn; 86 } 87 88 89 // Methods in Verifier 90 91 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 92 return (class_loader == NULL || !should_verify_class) ? 93 BytecodeVerificationLocal : BytecodeVerificationRemote; 94 } 95 96 bool Verifier::relax_access_for(oop loader) { 97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 98 bool need_verify = 99 // verifyAll 100 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 101 // verifyRemote 102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 103 return !need_verify; 104 } 105 106 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 107 assert(verify_class != NULL, "Unexpected null verify_class"); 108 ResourceMark rm; 109 Symbol* s = verify_class->source_file_name(); 110 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 111 const char* verify = verify_class->external_name(); 112 const char* resolve = resolve_class->external_name(); 113 // print in a single call to reduce interleaving between threads 114 if (source_file != NULL) { 115 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 116 } else { 117 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 118 } 119 } 120 121 // Prints the end-verification message to the appropriate output. 122 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 123 if (HAS_PENDING_EXCEPTION) { 124 st->print("Verification for %s has", klassName); 125 st->print_cr(" exception pending %s ", 126 PENDING_EXCEPTION->klass()->external_name()); 127 } else if (exception_name != NULL) { 128 st->print_cr("Verification for %s failed", klassName); 129 } 130 st->print_cr("End class verification for: %s", klassName); 131 } 132 133 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 134 HandleMark hm(THREAD); 135 ResourceMark rm(THREAD); 136 137 // Eagerly allocate the identity hash code for a klass. This is a fallout 138 // from 6320749 and 8059924: hash code generator is not supposed to be called 139 // during the safepoint, but it allows to sneak the hashcode in during 140 // verification. Without this eager hashcode generation, we may end up 141 // installing the hashcode during some other operation, which may be at 142 // safepoint -- blowing up the checks. It was previously done as the side 143 // effect (sic!) for external_name(), but instead of doing that, we opt to 144 // explicitly push the hashcode in here. This is signify the following block 145 // is IMPORTANT: 146 if (klass->java_mirror() != NULL) { 147 klass->java_mirror()->identity_hash(); 148 } 149 150 if (!is_eligible_for_verification(klass, should_verify_class)) { 151 return true; 152 } 153 154 // Timer includes any side effects of class verification (resolution, 155 // etc), but not recursive calls to Verifier::verify(). 156 JavaThread* jt = (JavaThread*)THREAD; 157 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 158 ClassLoader::perf_class_verify_selftime(), 159 ClassLoader::perf_classes_verified(), 160 jt->get_thread_stat()->perf_recursion_counts_addr(), 161 jt->get_thread_stat()->perf_timers_addr(), 162 PerfClassTraceTime::CLASS_VERIFY); 163 164 // If the class should be verified, first see if we can use the split 165 // verifier. If not, or if verification fails and FailOverToOldVerifier 166 // is set, then call the inference verifier. 167 168 Symbol* exception_name = NULL; 169 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 170 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 171 char* exception_message = message_buffer; 172 173 const char* klassName = klass->external_name(); 174 bool can_failover = FailOverToOldVerifier && 175 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 176 177 log_info(class, init)("Start class verification for: %s", klassName); 178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 179 ClassVerifier split_verifier(klass, THREAD); 180 split_verifier.verify_class(THREAD); 181 exception_name = split_verifier.result(); 182 if (can_failover && !HAS_PENDING_EXCEPTION && 183 (exception_name == vmSymbols::java_lang_VerifyError() || 184 exception_name == vmSymbols::java_lang_ClassFormatError())) { 185 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 186 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 187 exception_name = inference_verify( 188 klass, message_buffer, message_buffer_len, THREAD); 189 } 190 if (exception_name != NULL) { 191 exception_message = split_verifier.exception_message(); 192 } 193 } else { 194 exception_name = inference_verify( 195 klass, message_buffer, message_buffer_len, THREAD); 196 } 197 198 LogTarget(Info, class, init) lt1; 199 if (lt1.is_enabled()) { 200 LogStream ls(lt1); 201 log_end_verification(&ls, klassName, exception_name, THREAD); 202 } 203 LogTarget(Info, verification) lt2; 204 if (lt2.is_enabled()) { 205 LogStream ls(lt2); 206 log_end_verification(&ls, klassName, exception_name, THREAD); 207 } 208 209 if (HAS_PENDING_EXCEPTION) { 210 return false; // use the existing exception 211 } else if (exception_name == NULL) { 212 return true; // verifcation succeeded 213 } else { // VerifyError or ClassFormatError to be created and thrown 214 ResourceMark rm(THREAD); 215 Klass* kls = 216 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 217 if (log_is_enabled(Debug, class, resolve)) { 218 Verifier::trace_class_resolution(kls, klass); 219 } 220 221 while (kls != NULL) { 222 if (kls == klass) { 223 // If the class being verified is the exception we're creating 224 // or one of it's superclasses, we're in trouble and are going 225 // to infinitely recurse when we try to initialize the exception. 226 // So bail out here by throwing the preallocated VM error. 227 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 228 } 229 kls = kls->super(); 230 } 231 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 232 THROW_MSG_(exception_name, exception_message, false); 233 } 234 } 235 236 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 237 Symbol* name = klass->name(); 238 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 239 240 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 241 242 return (should_verify_for(klass->class_loader(), should_verify_class) && 243 // return if the class is a bootstrapping class 244 // or defineClass specified not to verify by default (flags override passed arg) 245 // We need to skip the following four for bootstraping 246 name != vmSymbols::java_lang_Object() && 247 name != vmSymbols::java_lang_Class() && 248 name != vmSymbols::java_lang_String() && 249 name != vmSymbols::java_lang_Throwable() && 250 251 // Can not verify the bytecodes for shared classes because they have 252 // already been rewritten to contain constant pool cache indices, 253 // which the verifier can't understand. 254 // Shared classes shouldn't have stackmaps either. 255 !klass->is_shared() && 256 257 // As of the fix for 4486457 we disable verification for all of the 258 // dynamically-generated bytecodes associated with the 1.4 259 // reflection implementation, not just those associated with 260 // jdk/internal/reflect/SerializationConstructorAccessor. 261 // NOTE: this is called too early in the bootstrapping process to be 262 // guarded by Universe::is_gte_jdk14x_version(). 263 // Also for lambda generated code, gte jdk8 264 (!is_reflect)); 265 } 266 267 Symbol* Verifier::inference_verify( 268 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 269 JavaThread* thread = (JavaThread*)THREAD; 270 JNIEnv *env = thread->jni_environment(); 271 272 void* verify_func = verify_byte_codes_fn(); 273 274 if (verify_func == NULL) { 275 jio_snprintf(message, message_len, "Could not link verifier"); 276 return vmSymbols::java_lang_VerifyError(); 277 } 278 279 ResourceMark rm(THREAD); 280 log_info(verification)("Verifying class %s with old format", klass->external_name()); 281 282 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 283 jint result; 284 285 { 286 HandleMark hm(thread); 287 ThreadToNativeFromVM ttn(thread); 288 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 289 // code knows that we have left the VM 290 291 if (_is_new_verify_byte_codes_fn) { 292 verify_byte_codes_fn_new_t func = 293 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 294 result = (*func)(env, cls, message, (int)message_len, 295 klass->major_version()); 296 } else { 297 verify_byte_codes_fn_t func = 298 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 299 result = (*func)(env, cls, message, (int)message_len); 300 } 301 } 302 303 JNIHandles::destroy_local(cls); 304 305 // These numbers are chosen so that VerifyClassCodes interface doesn't need 306 // to be changed (still return jboolean (unsigned char)), and result is 307 // 1 when verification is passed. 308 if (result == 0) { 309 return vmSymbols::java_lang_VerifyError(); 310 } else if (result == 1) { 311 return NULL; // verified. 312 } else if (result == 2) { 313 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 314 } else if (result == 3) { 315 return vmSymbols::java_lang_ClassFormatError(); 316 } else { 317 ShouldNotReachHere(); 318 return NULL; 319 } 320 } 321 322 TypeOrigin TypeOrigin::null() { 323 return TypeOrigin(); 324 } 325 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 326 assert(frame != NULL, "Must have a frame"); 327 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 328 frame->local_at(index)); 329 } 330 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 331 assert(frame != NULL, "Must have a frame"); 332 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 333 frame->stack_at(index)); 334 } 335 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 336 assert(frame != NULL, "Must have a frame"); 337 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 338 frame->local_at(index)); 339 } 340 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 341 assert(frame != NULL, "Must have a frame"); 342 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 343 frame->stack_at(index)); 344 } 345 TypeOrigin TypeOrigin::bad_index(u2 index) { 346 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 347 } 348 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 349 return TypeOrigin(CONST_POOL, index, NULL, vt); 350 } 351 TypeOrigin TypeOrigin::signature(VerificationType vt) { 352 return TypeOrigin(SIG, 0, NULL, vt); 353 } 354 TypeOrigin TypeOrigin::implicit(VerificationType t) { 355 return TypeOrigin(IMPLICIT, 0, NULL, t); 356 } 357 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 358 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 359 VerificationType::bogus_type()); 360 } 361 362 void TypeOrigin::reset_frame() { 363 if (_frame != NULL) { 364 _frame->restore(); 365 } 366 } 367 368 void TypeOrigin::details(outputStream* ss) const { 369 _type.print_on(ss); 370 switch (_origin) { 371 case CF_LOCALS: 372 ss->print(" (current frame, locals[%d])", _index); 373 break; 374 case CF_STACK: 375 ss->print(" (current frame, stack[%d])", _index); 376 break; 377 case SM_LOCALS: 378 ss->print(" (stack map, locals[%d])", _index); 379 break; 380 case SM_STACK: 381 ss->print(" (stack map, stack[%d])", _index); 382 break; 383 case CONST_POOL: 384 ss->print(" (constant pool %d)", _index); 385 break; 386 case SIG: 387 ss->print(" (from method signature)"); 388 break; 389 case IMPLICIT: 390 case FRAME_ONLY: 391 case NONE: 392 default: 393 ; 394 } 395 } 396 397 #ifdef ASSERT 398 void TypeOrigin::print_on(outputStream* str) const { 399 str->print("{%d,%d,%p:", _origin, _index, _frame); 400 if (_frame != NULL) { 401 _frame->print_on(str); 402 } else { 403 str->print("null"); 404 } 405 str->print(","); 406 _type.print_on(str); 407 str->print("}"); 408 } 409 #endif 410 411 void ErrorContext::details(outputStream* ss, const Method* method) const { 412 if (is_valid()) { 413 ss->cr(); 414 ss->print_cr("Exception Details:"); 415 location_details(ss, method); 416 reason_details(ss); 417 frame_details(ss); 418 bytecode_details(ss, method); 419 handler_details(ss, method); 420 stackmap_details(ss, method); 421 } 422 } 423 424 void ErrorContext::reason_details(outputStream* ss) const { 425 streamIndentor si(ss); 426 ss->indent().print_cr("Reason:"); 427 streamIndentor si2(ss); 428 ss->indent().print("%s", ""); 429 switch (_fault) { 430 case INVALID_BYTECODE: 431 ss->print("Error exists in the bytecode"); 432 break; 433 case WRONG_TYPE: 434 if (_expected.is_valid()) { 435 ss->print("Type "); 436 _type.details(ss); 437 ss->print(" is not assignable to "); 438 _expected.details(ss); 439 } else { 440 ss->print("Invalid type: "); 441 _type.details(ss); 442 } 443 break; 444 case FLAGS_MISMATCH: 445 if (_expected.is_valid()) { 446 ss->print("Current frame's flags are not assignable " 447 "to stack map frame's."); 448 } else { 449 ss->print("Current frame's flags are invalid in this context."); 450 } 451 break; 452 case BAD_CP_INDEX: 453 ss->print("Constant pool index %d is invalid", _type.index()); 454 break; 455 case BAD_LOCAL_INDEX: 456 ss->print("Local index %d is invalid", _type.index()); 457 break; 458 case LOCALS_SIZE_MISMATCH: 459 ss->print("Current frame's local size doesn't match stackmap."); 460 break; 461 case STACK_SIZE_MISMATCH: 462 ss->print("Current frame's stack size doesn't match stackmap."); 463 break; 464 case STACK_OVERFLOW: 465 ss->print("Exceeded max stack size."); 466 break; 467 case STACK_UNDERFLOW: 468 ss->print("Attempt to pop empty stack."); 469 break; 470 case MISSING_STACKMAP: 471 ss->print("Expected stackmap frame at this location."); 472 break; 473 case BAD_STACKMAP: 474 ss->print("Invalid stackmap specification."); 475 break; 476 case UNKNOWN: 477 default: 478 ShouldNotReachHere(); 479 ss->print_cr("Unknown"); 480 } 481 ss->cr(); 482 } 483 484 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 485 if (_bci != -1 && method != NULL) { 486 streamIndentor si(ss); 487 const char* bytecode_name = "<invalid>"; 488 if (method->validate_bci(_bci) != -1) { 489 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 490 if (Bytecodes::is_defined(code)) { 491 bytecode_name = Bytecodes::name(code); 492 } else { 493 bytecode_name = "<illegal>"; 494 } 495 } 496 InstanceKlass* ik = method->method_holder(); 497 ss->indent().print_cr("Location:"); 498 streamIndentor si2(ss); 499 ss->indent().print_cr("%s.%s%s @%d: %s", 500 ik->name()->as_C_string(), method->name()->as_C_string(), 501 method->signature()->as_C_string(), _bci, bytecode_name); 502 } 503 } 504 505 void ErrorContext::frame_details(outputStream* ss) const { 506 streamIndentor si(ss); 507 if (_type.is_valid() && _type.frame() != NULL) { 508 ss->indent().print_cr("Current Frame:"); 509 streamIndentor si2(ss); 510 _type.frame()->print_on(ss); 511 } 512 if (_expected.is_valid() && _expected.frame() != NULL) { 513 ss->indent().print_cr("Stackmap Frame:"); 514 streamIndentor si2(ss); 515 _expected.frame()->print_on(ss); 516 } 517 } 518 519 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 520 if (method != NULL) { 521 streamIndentor si(ss); 522 ss->indent().print_cr("Bytecode:"); 523 streamIndentor si2(ss); 524 ss->print_data(method->code_base(), method->code_size(), false); 525 } 526 } 527 528 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 529 if (method != NULL) { 530 streamIndentor si(ss); 531 ExceptionTable table(method); 532 if (table.length() > 0) { 533 ss->indent().print_cr("Exception Handler Table:"); 534 streamIndentor si2(ss); 535 for (int i = 0; i < table.length(); ++i) { 536 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 537 table.end_pc(i), table.handler_pc(i)); 538 } 539 } 540 } 541 } 542 543 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 544 if (method != NULL && method->has_stackmap_table()) { 545 streamIndentor si(ss); 546 ss->indent().print_cr("Stackmap Table:"); 547 Array<u1>* data = method->stackmap_data(); 548 stack_map_table* sm_table = 549 stack_map_table::at((address)data->adr_at(0)); 550 stack_map_frame* sm_frame = sm_table->entries(); 551 streamIndentor si2(ss); 552 int current_offset = -1; 553 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 554 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 555 ss->indent(); 556 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 557 sm_frame->print_truncated(ss, current_offset); 558 return; 559 } 560 sm_frame->print_on(ss, current_offset); 561 ss->cr(); 562 current_offset += sm_frame->offset_delta(); 563 sm_frame = sm_frame->next(); 564 } 565 } 566 } 567 568 // Methods in ClassVerifier 569 570 ClassVerifier::ClassVerifier( 571 InstanceKlass* klass, TRAPS) 572 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 573 _this_type = VerificationType::reference_type(klass->name()); 574 // Create list to hold symbols in reference area. 575 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 576 } 577 578 ClassVerifier::~ClassVerifier() { 579 // Decrement the reference count for any symbols created. 580 for (int i = 0; i < _symbols->length(); i++) { 581 Symbol* s = _symbols->at(i); 582 s->decrement_refcount(); 583 } 584 } 585 586 VerificationType ClassVerifier::object_type() const { 587 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 588 } 589 590 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 591 VerificationType vt = VerificationType::reference_type( 592 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 593 return TypeOrigin::implicit(vt); 594 } 595 596 void ClassVerifier::verify_class(TRAPS) { 597 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 598 599 Array<Method*>* methods = _klass->methods(); 600 int num_methods = methods->length(); 601 602 for (int index = 0; index < num_methods; index++) { 603 // Check for recursive re-verification before each method. 604 if (was_recursively_verified()) return; 605 606 Method* m = methods->at(index); 607 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 608 // If m is native or abstract, skip it. It is checked in class file 609 // parser that methods do not override a final method. Overpass methods 610 // are trusted since the VM generates them. 611 continue; 612 } 613 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 614 } 615 616 if (was_recursively_verified()){ 617 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 618 log_info(class, init)("Recursive verification detected for: %s", 619 _klass->external_name()); 620 } 621 } 622 623 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 624 HandleMark hm(THREAD); 625 _method = m; // initialize _method 626 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 627 628 // For clang, the only good constant format string is a literal constant format string. 629 #define bad_type_msg "Bad type on operand stack in %s" 630 631 int32_t max_stack = m->verifier_max_stack(); 632 int32_t max_locals = m->max_locals(); 633 constantPoolHandle cp(THREAD, m->constants()); 634 635 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 636 class_format_error("Invalid method signature"); 637 return; 638 } 639 640 // Initial stack map frame: offset is 0, stack is initially empty. 641 StackMapFrame current_frame(max_locals, max_stack, this); 642 // Set initial locals 643 VerificationType return_type = current_frame.set_locals_from_arg( 644 m, current_type(), CHECK_VERIFY(this)); 645 646 int32_t stackmap_index = 0; // index to the stackmap array 647 648 u4 code_length = m->code_size(); 649 650 // Scan the bytecode and map each instruction's start offset to a number. 651 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 652 653 int ex_min = code_length; 654 int ex_max = -1; 655 // Look through each item on the exception table. Each of the fields must refer 656 // to a legal instruction. 657 if (was_recursively_verified()) return; 658 verify_exception_handler_table( 659 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 660 661 // Look through each entry on the local variable table and make sure 662 // its range of code array offsets is valid. (4169817) 663 if (m->has_localvariable_table()) { 664 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 665 } 666 667 Array<u1>* stackmap_data = m->stackmap_data(); 668 StackMapStream stream(stackmap_data); 669 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 670 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 671 code_data, code_length, CHECK_VERIFY(this)); 672 673 LogTarget(Info, verification) lt; 674 if (lt.is_enabled()) { 675 ResourceMark rm(THREAD); 676 LogStream ls(lt); 677 stackmap_table.print_on(&ls); 678 } 679 680 RawBytecodeStream bcs(m); 681 682 // Scan the byte code linearly from the start to the end 683 bool no_control_flow = false; // Set to true when there is no direct control 684 // flow from current instruction to the next 685 // instruction in sequence 686 687 Bytecodes::Code opcode; 688 while (!bcs.is_last_bytecode()) { 689 // Check for recursive re-verification before each bytecode. 690 if (was_recursively_verified()) return; 691 692 opcode = bcs.raw_next(); 693 u2 bci = bcs.bci(); 694 695 // Set current frame's offset to bci 696 current_frame.set_offset(bci); 697 current_frame.set_mark(); 698 699 // Make sure every offset in stackmap table point to the beginning to 700 // an instruction. Match current_frame to stackmap_table entry with 701 // the same offset if exists. 702 stackmap_index = verify_stackmap_table( 703 stackmap_index, bci, ¤t_frame, &stackmap_table, 704 no_control_flow, CHECK_VERIFY(this)); 705 706 707 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 708 bool verified_exc_handlers = false; 709 710 // Merge with the next instruction 711 { 712 u2 index; 713 int target; 714 VerificationType type, type2; 715 VerificationType atype; 716 717 LogTarget(Info, verification) lt; 718 if (lt.is_enabled()) { 719 ResourceMark rm(THREAD); 720 LogStream ls(lt); 721 current_frame.print_on(&ls); 722 lt.print("offset = %d, opcode = %s", bci, 723 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 724 } 725 726 // Make sure wide instruction is in correct format 727 if (bcs.is_wide()) { 728 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 729 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 730 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 731 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 732 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 733 opcode != Bytecodes::_dstore) { 734 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 735 * if we encounter a wide instruction that modifies an invalid 736 * opcode (not one of the ones listed above) */ 737 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 738 return; 739 } 740 } 741 742 // Look for possible jump target in exception handlers and see if it 743 // matches current_frame. Do this check here for astore*, dstore*, 744 // fstore*, istore*, and lstore* opcodes because they can change the type 745 // state by adding a local. JVM Spec says that the incoming type state 746 // should be used for this check. So, do the check here before a possible 747 // local is added to the type state. 748 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 749 if (was_recursively_verified()) return; 750 verify_exception_handler_targets( 751 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 752 verified_exc_handlers = true; 753 } 754 755 if (was_recursively_verified()) return; 756 757 switch (opcode) { 758 case Bytecodes::_nop : 759 no_control_flow = false; break; 760 case Bytecodes::_aconst_null : 761 current_frame.push_stack( 762 VerificationType::null_type(), CHECK_VERIFY(this)); 763 no_control_flow = false; break; 764 case Bytecodes::_iconst_m1 : 765 case Bytecodes::_iconst_0 : 766 case Bytecodes::_iconst_1 : 767 case Bytecodes::_iconst_2 : 768 case Bytecodes::_iconst_3 : 769 case Bytecodes::_iconst_4 : 770 case Bytecodes::_iconst_5 : 771 current_frame.push_stack( 772 VerificationType::integer_type(), CHECK_VERIFY(this)); 773 no_control_flow = false; break; 774 case Bytecodes::_lconst_0 : 775 case Bytecodes::_lconst_1 : 776 current_frame.push_stack_2( 777 VerificationType::long_type(), 778 VerificationType::long2_type(), CHECK_VERIFY(this)); 779 no_control_flow = false; break; 780 case Bytecodes::_fconst_0 : 781 case Bytecodes::_fconst_1 : 782 case Bytecodes::_fconst_2 : 783 current_frame.push_stack( 784 VerificationType::float_type(), CHECK_VERIFY(this)); 785 no_control_flow = false; break; 786 case Bytecodes::_dconst_0 : 787 case Bytecodes::_dconst_1 : 788 current_frame.push_stack_2( 789 VerificationType::double_type(), 790 VerificationType::double2_type(), CHECK_VERIFY(this)); 791 no_control_flow = false; break; 792 case Bytecodes::_sipush : 793 case Bytecodes::_bipush : 794 current_frame.push_stack( 795 VerificationType::integer_type(), CHECK_VERIFY(this)); 796 no_control_flow = false; break; 797 case Bytecodes::_ldc : 798 verify_ldc( 799 opcode, bcs.get_index_u1(), ¤t_frame, 800 cp, bci, CHECK_VERIFY(this)); 801 no_control_flow = false; break; 802 case Bytecodes::_ldc_w : 803 case Bytecodes::_ldc2_w : 804 verify_ldc( 805 opcode, bcs.get_index_u2(), ¤t_frame, 806 cp, bci, CHECK_VERIFY(this)); 807 no_control_flow = false; break; 808 case Bytecodes::_iload : 809 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 810 no_control_flow = false; break; 811 case Bytecodes::_iload_0 : 812 case Bytecodes::_iload_1 : 813 case Bytecodes::_iload_2 : 814 case Bytecodes::_iload_3 : 815 index = opcode - Bytecodes::_iload_0; 816 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 817 no_control_flow = false; break; 818 case Bytecodes::_lload : 819 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 820 no_control_flow = false; break; 821 case Bytecodes::_lload_0 : 822 case Bytecodes::_lload_1 : 823 case Bytecodes::_lload_2 : 824 case Bytecodes::_lload_3 : 825 index = opcode - Bytecodes::_lload_0; 826 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 827 no_control_flow = false; break; 828 case Bytecodes::_fload : 829 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 830 no_control_flow = false; break; 831 case Bytecodes::_fload_0 : 832 case Bytecodes::_fload_1 : 833 case Bytecodes::_fload_2 : 834 case Bytecodes::_fload_3 : 835 index = opcode - Bytecodes::_fload_0; 836 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 837 no_control_flow = false; break; 838 case Bytecodes::_dload : 839 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 840 no_control_flow = false; break; 841 case Bytecodes::_dload_0 : 842 case Bytecodes::_dload_1 : 843 case Bytecodes::_dload_2 : 844 case Bytecodes::_dload_3 : 845 index = opcode - Bytecodes::_dload_0; 846 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 847 no_control_flow = false; break; 848 case Bytecodes::_aload : 849 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 850 no_control_flow = false; break; 851 case Bytecodes::_aload_0 : 852 case Bytecodes::_aload_1 : 853 case Bytecodes::_aload_2 : 854 case Bytecodes::_aload_3 : 855 index = opcode - Bytecodes::_aload_0; 856 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 857 no_control_flow = false; break; 858 case Bytecodes::_iaload : 859 type = current_frame.pop_stack( 860 VerificationType::integer_type(), CHECK_VERIFY(this)); 861 atype = current_frame.pop_stack( 862 VerificationType::reference_check(), CHECK_VERIFY(this)); 863 if (!atype.is_int_array()) { 864 verify_error(ErrorContext::bad_type(bci, 865 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 866 bad_type_msg, "iaload"); 867 return; 868 } 869 current_frame.push_stack( 870 VerificationType::integer_type(), CHECK_VERIFY(this)); 871 no_control_flow = false; break; 872 case Bytecodes::_baload : 873 type = current_frame.pop_stack( 874 VerificationType::integer_type(), CHECK_VERIFY(this)); 875 atype = current_frame.pop_stack( 876 VerificationType::reference_check(), CHECK_VERIFY(this)); 877 if (!atype.is_bool_array() && !atype.is_byte_array()) { 878 verify_error( 879 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 880 bad_type_msg, "baload"); 881 return; 882 } 883 current_frame.push_stack( 884 VerificationType::integer_type(), CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_caload : 887 type = current_frame.pop_stack( 888 VerificationType::integer_type(), CHECK_VERIFY(this)); 889 atype = current_frame.pop_stack( 890 VerificationType::reference_check(), CHECK_VERIFY(this)); 891 if (!atype.is_char_array()) { 892 verify_error(ErrorContext::bad_type(bci, 893 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 894 bad_type_msg, "caload"); 895 return; 896 } 897 current_frame.push_stack( 898 VerificationType::integer_type(), CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_saload : 901 type = current_frame.pop_stack( 902 VerificationType::integer_type(), CHECK_VERIFY(this)); 903 atype = current_frame.pop_stack( 904 VerificationType::reference_check(), CHECK_VERIFY(this)); 905 if (!atype.is_short_array()) { 906 verify_error(ErrorContext::bad_type(bci, 907 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 908 bad_type_msg, "saload"); 909 return; 910 } 911 current_frame.push_stack( 912 VerificationType::integer_type(), CHECK_VERIFY(this)); 913 no_control_flow = false; break; 914 case Bytecodes::_laload : 915 type = current_frame.pop_stack( 916 VerificationType::integer_type(), CHECK_VERIFY(this)); 917 atype = current_frame.pop_stack( 918 VerificationType::reference_check(), CHECK_VERIFY(this)); 919 if (!atype.is_long_array()) { 920 verify_error(ErrorContext::bad_type(bci, 921 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 922 bad_type_msg, "laload"); 923 return; 924 } 925 current_frame.push_stack_2( 926 VerificationType::long_type(), 927 VerificationType::long2_type(), CHECK_VERIFY(this)); 928 no_control_flow = false; break; 929 case Bytecodes::_faload : 930 type = current_frame.pop_stack( 931 VerificationType::integer_type(), CHECK_VERIFY(this)); 932 atype = current_frame.pop_stack( 933 VerificationType::reference_check(), CHECK_VERIFY(this)); 934 if (!atype.is_float_array()) { 935 verify_error(ErrorContext::bad_type(bci, 936 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 937 bad_type_msg, "faload"); 938 return; 939 } 940 current_frame.push_stack( 941 VerificationType::float_type(), CHECK_VERIFY(this)); 942 no_control_flow = false; break; 943 case Bytecodes::_daload : 944 type = current_frame.pop_stack( 945 VerificationType::integer_type(), CHECK_VERIFY(this)); 946 atype = current_frame.pop_stack( 947 VerificationType::reference_check(), CHECK_VERIFY(this)); 948 if (!atype.is_double_array()) { 949 verify_error(ErrorContext::bad_type(bci, 950 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 951 bad_type_msg, "daload"); 952 return; 953 } 954 current_frame.push_stack_2( 955 VerificationType::double_type(), 956 VerificationType::double2_type(), CHECK_VERIFY(this)); 957 no_control_flow = false; break; 958 case Bytecodes::_aaload : { 959 type = current_frame.pop_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 atype = current_frame.pop_stack( 962 VerificationType::reference_check(), CHECK_VERIFY(this)); 963 if (!atype.is_reference_array()) { 964 verify_error(ErrorContext::bad_type(bci, 965 current_frame.stack_top_ctx(), 966 TypeOrigin::implicit(VerificationType::reference_check())), 967 bad_type_msg, "aaload"); 968 return; 969 } 970 if (atype.is_null()) { 971 current_frame.push_stack( 972 VerificationType::null_type(), CHECK_VERIFY(this)); 973 } else { 974 VerificationType component = 975 atype.get_component(this, CHECK_VERIFY(this)); 976 current_frame.push_stack(component, CHECK_VERIFY(this)); 977 } 978 no_control_flow = false; break; 979 } 980 case Bytecodes::_istore : 981 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 982 no_control_flow = false; break; 983 case Bytecodes::_istore_0 : 984 case Bytecodes::_istore_1 : 985 case Bytecodes::_istore_2 : 986 case Bytecodes::_istore_3 : 987 index = opcode - Bytecodes::_istore_0; 988 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_lstore : 991 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 992 no_control_flow = false; break; 993 case Bytecodes::_lstore_0 : 994 case Bytecodes::_lstore_1 : 995 case Bytecodes::_lstore_2 : 996 case Bytecodes::_lstore_3 : 997 index = opcode - Bytecodes::_lstore_0; 998 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 999 no_control_flow = false; break; 1000 case Bytecodes::_fstore : 1001 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1002 no_control_flow = false; break; 1003 case Bytecodes::_fstore_0 : 1004 case Bytecodes::_fstore_1 : 1005 case Bytecodes::_fstore_2 : 1006 case Bytecodes::_fstore_3 : 1007 index = opcode - Bytecodes::_fstore_0; 1008 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1009 no_control_flow = false; break; 1010 case Bytecodes::_dstore : 1011 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1012 no_control_flow = false; break; 1013 case Bytecodes::_dstore_0 : 1014 case Bytecodes::_dstore_1 : 1015 case Bytecodes::_dstore_2 : 1016 case Bytecodes::_dstore_3 : 1017 index = opcode - Bytecodes::_dstore_0; 1018 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1019 no_control_flow = false; break; 1020 case Bytecodes::_astore : 1021 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1022 no_control_flow = false; break; 1023 case Bytecodes::_astore_0 : 1024 case Bytecodes::_astore_1 : 1025 case Bytecodes::_astore_2 : 1026 case Bytecodes::_astore_3 : 1027 index = opcode - Bytecodes::_astore_0; 1028 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1029 no_control_flow = false; break; 1030 case Bytecodes::_iastore : 1031 type = current_frame.pop_stack( 1032 VerificationType::integer_type(), CHECK_VERIFY(this)); 1033 type2 = current_frame.pop_stack( 1034 VerificationType::integer_type(), CHECK_VERIFY(this)); 1035 atype = current_frame.pop_stack( 1036 VerificationType::reference_check(), CHECK_VERIFY(this)); 1037 if (!atype.is_int_array()) { 1038 verify_error(ErrorContext::bad_type(bci, 1039 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1040 bad_type_msg, "iastore"); 1041 return; 1042 } 1043 no_control_flow = false; break; 1044 case Bytecodes::_bastore : 1045 type = current_frame.pop_stack( 1046 VerificationType::integer_type(), CHECK_VERIFY(this)); 1047 type2 = current_frame.pop_stack( 1048 VerificationType::integer_type(), CHECK_VERIFY(this)); 1049 atype = current_frame.pop_stack( 1050 VerificationType::reference_check(), CHECK_VERIFY(this)); 1051 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1052 verify_error( 1053 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1054 bad_type_msg, "bastore"); 1055 return; 1056 } 1057 no_control_flow = false; break; 1058 case Bytecodes::_castore : 1059 current_frame.pop_stack( 1060 VerificationType::integer_type(), CHECK_VERIFY(this)); 1061 current_frame.pop_stack( 1062 VerificationType::integer_type(), CHECK_VERIFY(this)); 1063 atype = current_frame.pop_stack( 1064 VerificationType::reference_check(), CHECK_VERIFY(this)); 1065 if (!atype.is_char_array()) { 1066 verify_error(ErrorContext::bad_type(bci, 1067 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1068 bad_type_msg, "castore"); 1069 return; 1070 } 1071 no_control_flow = false; break; 1072 case Bytecodes::_sastore : 1073 current_frame.pop_stack( 1074 VerificationType::integer_type(), CHECK_VERIFY(this)); 1075 current_frame.pop_stack( 1076 VerificationType::integer_type(), CHECK_VERIFY(this)); 1077 atype = current_frame.pop_stack( 1078 VerificationType::reference_check(), CHECK_VERIFY(this)); 1079 if (!atype.is_short_array()) { 1080 verify_error(ErrorContext::bad_type(bci, 1081 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1082 bad_type_msg, "sastore"); 1083 return; 1084 } 1085 no_control_flow = false; break; 1086 case Bytecodes::_lastore : 1087 current_frame.pop_stack_2( 1088 VerificationType::long2_type(), 1089 VerificationType::long_type(), CHECK_VERIFY(this)); 1090 current_frame.pop_stack( 1091 VerificationType::integer_type(), CHECK_VERIFY(this)); 1092 atype = current_frame.pop_stack( 1093 VerificationType::reference_check(), CHECK_VERIFY(this)); 1094 if (!atype.is_long_array()) { 1095 verify_error(ErrorContext::bad_type(bci, 1096 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1097 bad_type_msg, "lastore"); 1098 return; 1099 } 1100 no_control_flow = false; break; 1101 case Bytecodes::_fastore : 1102 current_frame.pop_stack( 1103 VerificationType::float_type(), CHECK_VERIFY(this)); 1104 current_frame.pop_stack 1105 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1106 atype = current_frame.pop_stack( 1107 VerificationType::reference_check(), CHECK_VERIFY(this)); 1108 if (!atype.is_float_array()) { 1109 verify_error(ErrorContext::bad_type(bci, 1110 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1111 bad_type_msg, "fastore"); 1112 return; 1113 } 1114 no_control_flow = false; break; 1115 case Bytecodes::_dastore : 1116 current_frame.pop_stack_2( 1117 VerificationType::double2_type(), 1118 VerificationType::double_type(), CHECK_VERIFY(this)); 1119 current_frame.pop_stack( 1120 VerificationType::integer_type(), CHECK_VERIFY(this)); 1121 atype = current_frame.pop_stack( 1122 VerificationType::reference_check(), CHECK_VERIFY(this)); 1123 if (!atype.is_double_array()) { 1124 verify_error(ErrorContext::bad_type(bci, 1125 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1126 bad_type_msg, "dastore"); 1127 return; 1128 } 1129 no_control_flow = false; break; 1130 case Bytecodes::_aastore : 1131 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1132 type2 = current_frame.pop_stack( 1133 VerificationType::integer_type(), CHECK_VERIFY(this)); 1134 atype = current_frame.pop_stack( 1135 VerificationType::reference_check(), CHECK_VERIFY(this)); 1136 // more type-checking is done at runtime 1137 if (!atype.is_reference_array()) { 1138 verify_error(ErrorContext::bad_type(bci, 1139 current_frame.stack_top_ctx(), 1140 TypeOrigin::implicit(VerificationType::reference_check())), 1141 bad_type_msg, "aastore"); 1142 return; 1143 } 1144 // 4938384: relaxed constraint in JVMS 3nd edition. 1145 no_control_flow = false; break; 1146 case Bytecodes::_pop : 1147 current_frame.pop_stack( 1148 VerificationType::category1_check(), CHECK_VERIFY(this)); 1149 no_control_flow = false; break; 1150 case Bytecodes::_pop2 : 1151 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1152 if (type.is_category1()) { 1153 current_frame.pop_stack( 1154 VerificationType::category1_check(), CHECK_VERIFY(this)); 1155 } else if (type.is_category2_2nd()) { 1156 current_frame.pop_stack( 1157 VerificationType::category2_check(), CHECK_VERIFY(this)); 1158 } else { 1159 /* Unreachable? Would need a category2_1st on TOS 1160 * which does not appear possible. */ 1161 verify_error( 1162 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1163 bad_type_msg, "pop2"); 1164 return; 1165 } 1166 no_control_flow = false; break; 1167 case Bytecodes::_dup : 1168 type = current_frame.pop_stack( 1169 VerificationType::category1_check(), CHECK_VERIFY(this)); 1170 current_frame.push_stack(type, CHECK_VERIFY(this)); 1171 current_frame.push_stack(type, CHECK_VERIFY(this)); 1172 no_control_flow = false; break; 1173 case Bytecodes::_dup_x1 : 1174 type = current_frame.pop_stack( 1175 VerificationType::category1_check(), CHECK_VERIFY(this)); 1176 type2 = current_frame.pop_stack( 1177 VerificationType::category1_check(), CHECK_VERIFY(this)); 1178 current_frame.push_stack(type, CHECK_VERIFY(this)); 1179 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1180 current_frame.push_stack(type, CHECK_VERIFY(this)); 1181 no_control_flow = false; break; 1182 case Bytecodes::_dup_x2 : 1183 { 1184 VerificationType type3; 1185 type = current_frame.pop_stack( 1186 VerificationType::category1_check(), CHECK_VERIFY(this)); 1187 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1188 if (type2.is_category1()) { 1189 type3 = current_frame.pop_stack( 1190 VerificationType::category1_check(), CHECK_VERIFY(this)); 1191 } else if (type2.is_category2_2nd()) { 1192 type3 = current_frame.pop_stack( 1193 VerificationType::category2_check(), CHECK_VERIFY(this)); 1194 } else { 1195 /* Unreachable? Would need a category2_1st at stack depth 2 with 1196 * a category1 on TOS which does not appear possible. */ 1197 verify_error(ErrorContext::bad_type( 1198 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1199 return; 1200 } 1201 current_frame.push_stack(type, CHECK_VERIFY(this)); 1202 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1203 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1204 current_frame.push_stack(type, CHECK_VERIFY(this)); 1205 no_control_flow = false; break; 1206 } 1207 case Bytecodes::_dup2 : 1208 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1209 if (type.is_category1()) { 1210 type2 = current_frame.pop_stack( 1211 VerificationType::category1_check(), CHECK_VERIFY(this)); 1212 } else if (type.is_category2_2nd()) { 1213 type2 = current_frame.pop_stack( 1214 VerificationType::category2_check(), CHECK_VERIFY(this)); 1215 } else { 1216 /* Unreachable? Would need a category2_1st on TOS which does not 1217 * appear possible. */ 1218 verify_error( 1219 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1220 bad_type_msg, "dup2"); 1221 return; 1222 } 1223 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1224 current_frame.push_stack(type, CHECK_VERIFY(this)); 1225 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1226 current_frame.push_stack(type, CHECK_VERIFY(this)); 1227 no_control_flow = false; break; 1228 case Bytecodes::_dup2_x1 : 1229 { 1230 VerificationType type3; 1231 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1232 if (type.is_category1()) { 1233 type2 = current_frame.pop_stack( 1234 VerificationType::category1_check(), CHECK_VERIFY(this)); 1235 } else if (type.is_category2_2nd()) { 1236 type2 = current_frame.pop_stack( 1237 VerificationType::category2_check(), CHECK_VERIFY(this)); 1238 } else { 1239 /* Unreachable? Would need a category2_1st on TOS which does 1240 * not appear possible. */ 1241 verify_error( 1242 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1243 bad_type_msg, "dup2_x1"); 1244 return; 1245 } 1246 type3 = current_frame.pop_stack( 1247 VerificationType::category1_check(), CHECK_VERIFY(this)); 1248 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1249 current_frame.push_stack(type, CHECK_VERIFY(this)); 1250 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1251 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1252 current_frame.push_stack(type, CHECK_VERIFY(this)); 1253 no_control_flow = false; break; 1254 } 1255 case Bytecodes::_dup2_x2 : 1256 { 1257 VerificationType type3, type4; 1258 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1259 if (type.is_category1()) { 1260 type2 = current_frame.pop_stack( 1261 VerificationType::category1_check(), CHECK_VERIFY(this)); 1262 } else if (type.is_category2_2nd()) { 1263 type2 = current_frame.pop_stack( 1264 VerificationType::category2_check(), CHECK_VERIFY(this)); 1265 } else { 1266 /* Unreachable? Would need a category2_1st on TOS which does 1267 * not appear possible. */ 1268 verify_error( 1269 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1270 bad_type_msg, "dup2_x2"); 1271 return; 1272 } 1273 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1274 if (type3.is_category1()) { 1275 type4 = current_frame.pop_stack( 1276 VerificationType::category1_check(), CHECK_VERIFY(this)); 1277 } else if (type3.is_category2_2nd()) { 1278 type4 = current_frame.pop_stack( 1279 VerificationType::category2_check(), CHECK_VERIFY(this)); 1280 } else { 1281 /* Unreachable? Would need a category2_1st on TOS after popping 1282 * a long/double or two category 1's, which does not 1283 * appear possible. */ 1284 verify_error( 1285 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1286 bad_type_msg, "dup2_x2"); 1287 return; 1288 } 1289 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1290 current_frame.push_stack(type, CHECK_VERIFY(this)); 1291 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1294 current_frame.push_stack(type, CHECK_VERIFY(this)); 1295 no_control_flow = false; break; 1296 } 1297 case Bytecodes::_swap : 1298 type = current_frame.pop_stack( 1299 VerificationType::category1_check(), CHECK_VERIFY(this)); 1300 type2 = current_frame.pop_stack( 1301 VerificationType::category1_check(), CHECK_VERIFY(this)); 1302 current_frame.push_stack(type, CHECK_VERIFY(this)); 1303 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1304 no_control_flow = false; break; 1305 case Bytecodes::_iadd : 1306 case Bytecodes::_isub : 1307 case Bytecodes::_imul : 1308 case Bytecodes::_idiv : 1309 case Bytecodes::_irem : 1310 case Bytecodes::_ishl : 1311 case Bytecodes::_ishr : 1312 case Bytecodes::_iushr : 1313 case Bytecodes::_ior : 1314 case Bytecodes::_ixor : 1315 case Bytecodes::_iand : 1316 current_frame.pop_stack( 1317 VerificationType::integer_type(), CHECK_VERIFY(this)); 1318 // fall through 1319 case Bytecodes::_ineg : 1320 current_frame.pop_stack( 1321 VerificationType::integer_type(), CHECK_VERIFY(this)); 1322 current_frame.push_stack( 1323 VerificationType::integer_type(), CHECK_VERIFY(this)); 1324 no_control_flow = false; break; 1325 case Bytecodes::_ladd : 1326 case Bytecodes::_lsub : 1327 case Bytecodes::_lmul : 1328 case Bytecodes::_ldiv : 1329 case Bytecodes::_lrem : 1330 case Bytecodes::_land : 1331 case Bytecodes::_lor : 1332 case Bytecodes::_lxor : 1333 current_frame.pop_stack_2( 1334 VerificationType::long2_type(), 1335 VerificationType::long_type(), CHECK_VERIFY(this)); 1336 // fall through 1337 case Bytecodes::_lneg : 1338 current_frame.pop_stack_2( 1339 VerificationType::long2_type(), 1340 VerificationType::long_type(), CHECK_VERIFY(this)); 1341 current_frame.push_stack_2( 1342 VerificationType::long_type(), 1343 VerificationType::long2_type(), CHECK_VERIFY(this)); 1344 no_control_flow = false; break; 1345 case Bytecodes::_lshl : 1346 case Bytecodes::_lshr : 1347 case Bytecodes::_lushr : 1348 current_frame.pop_stack( 1349 VerificationType::integer_type(), CHECK_VERIFY(this)); 1350 current_frame.pop_stack_2( 1351 VerificationType::long2_type(), 1352 VerificationType::long_type(), CHECK_VERIFY(this)); 1353 current_frame.push_stack_2( 1354 VerificationType::long_type(), 1355 VerificationType::long2_type(), CHECK_VERIFY(this)); 1356 no_control_flow = false; break; 1357 case Bytecodes::_fadd : 1358 case Bytecodes::_fsub : 1359 case Bytecodes::_fmul : 1360 case Bytecodes::_fdiv : 1361 case Bytecodes::_frem : 1362 current_frame.pop_stack( 1363 VerificationType::float_type(), CHECK_VERIFY(this)); 1364 // fall through 1365 case Bytecodes::_fneg : 1366 current_frame.pop_stack( 1367 VerificationType::float_type(), CHECK_VERIFY(this)); 1368 current_frame.push_stack( 1369 VerificationType::float_type(), CHECK_VERIFY(this)); 1370 no_control_flow = false; break; 1371 case Bytecodes::_dadd : 1372 case Bytecodes::_dsub : 1373 case Bytecodes::_dmul : 1374 case Bytecodes::_ddiv : 1375 case Bytecodes::_drem : 1376 current_frame.pop_stack_2( 1377 VerificationType::double2_type(), 1378 VerificationType::double_type(), CHECK_VERIFY(this)); 1379 // fall through 1380 case Bytecodes::_dneg : 1381 current_frame.pop_stack_2( 1382 VerificationType::double2_type(), 1383 VerificationType::double_type(), CHECK_VERIFY(this)); 1384 current_frame.push_stack_2( 1385 VerificationType::double_type(), 1386 VerificationType::double2_type(), CHECK_VERIFY(this)); 1387 no_control_flow = false; break; 1388 case Bytecodes::_iinc : 1389 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1390 no_control_flow = false; break; 1391 case Bytecodes::_i2l : 1392 type = current_frame.pop_stack( 1393 VerificationType::integer_type(), CHECK_VERIFY(this)); 1394 current_frame.push_stack_2( 1395 VerificationType::long_type(), 1396 VerificationType::long2_type(), CHECK_VERIFY(this)); 1397 no_control_flow = false; break; 1398 case Bytecodes::_l2i : 1399 current_frame.pop_stack_2( 1400 VerificationType::long2_type(), 1401 VerificationType::long_type(), CHECK_VERIFY(this)); 1402 current_frame.push_stack( 1403 VerificationType::integer_type(), CHECK_VERIFY(this)); 1404 no_control_flow = false; break; 1405 case Bytecodes::_i2f : 1406 current_frame.pop_stack( 1407 VerificationType::integer_type(), CHECK_VERIFY(this)); 1408 current_frame.push_stack( 1409 VerificationType::float_type(), CHECK_VERIFY(this)); 1410 no_control_flow = false; break; 1411 case Bytecodes::_i2d : 1412 current_frame.pop_stack( 1413 VerificationType::integer_type(), CHECK_VERIFY(this)); 1414 current_frame.push_stack_2( 1415 VerificationType::double_type(), 1416 VerificationType::double2_type(), CHECK_VERIFY(this)); 1417 no_control_flow = false; break; 1418 case Bytecodes::_l2f : 1419 current_frame.pop_stack_2( 1420 VerificationType::long2_type(), 1421 VerificationType::long_type(), CHECK_VERIFY(this)); 1422 current_frame.push_stack( 1423 VerificationType::float_type(), CHECK_VERIFY(this)); 1424 no_control_flow = false; break; 1425 case Bytecodes::_l2d : 1426 current_frame.pop_stack_2( 1427 VerificationType::long2_type(), 1428 VerificationType::long_type(), CHECK_VERIFY(this)); 1429 current_frame.push_stack_2( 1430 VerificationType::double_type(), 1431 VerificationType::double2_type(), CHECK_VERIFY(this)); 1432 no_control_flow = false; break; 1433 case Bytecodes::_f2i : 1434 current_frame.pop_stack( 1435 VerificationType::float_type(), CHECK_VERIFY(this)); 1436 current_frame.push_stack( 1437 VerificationType::integer_type(), CHECK_VERIFY(this)); 1438 no_control_flow = false; break; 1439 case Bytecodes::_f2l : 1440 current_frame.pop_stack( 1441 VerificationType::float_type(), CHECK_VERIFY(this)); 1442 current_frame.push_stack_2( 1443 VerificationType::long_type(), 1444 VerificationType::long2_type(), CHECK_VERIFY(this)); 1445 no_control_flow = false; break; 1446 case Bytecodes::_f2d : 1447 current_frame.pop_stack( 1448 VerificationType::float_type(), CHECK_VERIFY(this)); 1449 current_frame.push_stack_2( 1450 VerificationType::double_type(), 1451 VerificationType::double2_type(), CHECK_VERIFY(this)); 1452 no_control_flow = false; break; 1453 case Bytecodes::_d2i : 1454 current_frame.pop_stack_2( 1455 VerificationType::double2_type(), 1456 VerificationType::double_type(), CHECK_VERIFY(this)); 1457 current_frame.push_stack( 1458 VerificationType::integer_type(), CHECK_VERIFY(this)); 1459 no_control_flow = false; break; 1460 case Bytecodes::_d2l : 1461 current_frame.pop_stack_2( 1462 VerificationType::double2_type(), 1463 VerificationType::double_type(), CHECK_VERIFY(this)); 1464 current_frame.push_stack_2( 1465 VerificationType::long_type(), 1466 VerificationType::long2_type(), CHECK_VERIFY(this)); 1467 no_control_flow = false; break; 1468 case Bytecodes::_d2f : 1469 current_frame.pop_stack_2( 1470 VerificationType::double2_type(), 1471 VerificationType::double_type(), CHECK_VERIFY(this)); 1472 current_frame.push_stack( 1473 VerificationType::float_type(), CHECK_VERIFY(this)); 1474 no_control_flow = false; break; 1475 case Bytecodes::_i2b : 1476 case Bytecodes::_i2c : 1477 case Bytecodes::_i2s : 1478 current_frame.pop_stack( 1479 VerificationType::integer_type(), CHECK_VERIFY(this)); 1480 current_frame.push_stack( 1481 VerificationType::integer_type(), CHECK_VERIFY(this)); 1482 no_control_flow = false; break; 1483 case Bytecodes::_lcmp : 1484 current_frame.pop_stack_2( 1485 VerificationType::long2_type(), 1486 VerificationType::long_type(), CHECK_VERIFY(this)); 1487 current_frame.pop_stack_2( 1488 VerificationType::long2_type(), 1489 VerificationType::long_type(), CHECK_VERIFY(this)); 1490 current_frame.push_stack( 1491 VerificationType::integer_type(), CHECK_VERIFY(this)); 1492 no_control_flow = false; break; 1493 case Bytecodes::_fcmpl : 1494 case Bytecodes::_fcmpg : 1495 current_frame.pop_stack( 1496 VerificationType::float_type(), CHECK_VERIFY(this)); 1497 current_frame.pop_stack( 1498 VerificationType::float_type(), CHECK_VERIFY(this)); 1499 current_frame.push_stack( 1500 VerificationType::integer_type(), CHECK_VERIFY(this)); 1501 no_control_flow = false; break; 1502 case Bytecodes::_dcmpl : 1503 case Bytecodes::_dcmpg : 1504 current_frame.pop_stack_2( 1505 VerificationType::double2_type(), 1506 VerificationType::double_type(), CHECK_VERIFY(this)); 1507 current_frame.pop_stack_2( 1508 VerificationType::double2_type(), 1509 VerificationType::double_type(), CHECK_VERIFY(this)); 1510 current_frame.push_stack( 1511 VerificationType::integer_type(), CHECK_VERIFY(this)); 1512 no_control_flow = false; break; 1513 case Bytecodes::_if_icmpeq: 1514 case Bytecodes::_if_icmpne: 1515 case Bytecodes::_if_icmplt: 1516 case Bytecodes::_if_icmpge: 1517 case Bytecodes::_if_icmpgt: 1518 case Bytecodes::_if_icmple: 1519 current_frame.pop_stack( 1520 VerificationType::integer_type(), CHECK_VERIFY(this)); 1521 // fall through 1522 case Bytecodes::_ifeq: 1523 case Bytecodes::_ifne: 1524 case Bytecodes::_iflt: 1525 case Bytecodes::_ifge: 1526 case Bytecodes::_ifgt: 1527 case Bytecodes::_ifle: 1528 current_frame.pop_stack( 1529 VerificationType::integer_type(), CHECK_VERIFY(this)); 1530 target = bcs.dest(); 1531 stackmap_table.check_jump_target( 1532 ¤t_frame, target, CHECK_VERIFY(this)); 1533 no_control_flow = false; break; 1534 case Bytecodes::_if_acmpeq : 1535 case Bytecodes::_if_acmpne : 1536 current_frame.pop_stack( 1537 VerificationType::reference_check(), CHECK_VERIFY(this)); 1538 // fall through 1539 case Bytecodes::_ifnull : 1540 case Bytecodes::_ifnonnull : 1541 current_frame.pop_stack( 1542 VerificationType::reference_check(), CHECK_VERIFY(this)); 1543 target = bcs.dest(); 1544 stackmap_table.check_jump_target 1545 (¤t_frame, target, CHECK_VERIFY(this)); 1546 no_control_flow = false; break; 1547 case Bytecodes::_goto : 1548 target = bcs.dest(); 1549 stackmap_table.check_jump_target( 1550 ¤t_frame, target, CHECK_VERIFY(this)); 1551 no_control_flow = true; break; 1552 case Bytecodes::_goto_w : 1553 target = bcs.dest_w(); 1554 stackmap_table.check_jump_target( 1555 ¤t_frame, target, CHECK_VERIFY(this)); 1556 no_control_flow = true; break; 1557 case Bytecodes::_tableswitch : 1558 case Bytecodes::_lookupswitch : 1559 verify_switch( 1560 &bcs, code_length, code_data, ¤t_frame, 1561 &stackmap_table, CHECK_VERIFY(this)); 1562 no_control_flow = true; break; 1563 case Bytecodes::_ireturn : 1564 type = current_frame.pop_stack( 1565 VerificationType::integer_type(), CHECK_VERIFY(this)); 1566 verify_return_value(return_type, type, bci, 1567 ¤t_frame, CHECK_VERIFY(this)); 1568 no_control_flow = true; break; 1569 case Bytecodes::_lreturn : 1570 type2 = current_frame.pop_stack( 1571 VerificationType::long2_type(), CHECK_VERIFY(this)); 1572 type = current_frame.pop_stack( 1573 VerificationType::long_type(), CHECK_VERIFY(this)); 1574 verify_return_value(return_type, type, bci, 1575 ¤t_frame, CHECK_VERIFY(this)); 1576 no_control_flow = true; break; 1577 case Bytecodes::_freturn : 1578 type = current_frame.pop_stack( 1579 VerificationType::float_type(), CHECK_VERIFY(this)); 1580 verify_return_value(return_type, type, bci, 1581 ¤t_frame, CHECK_VERIFY(this)); 1582 no_control_flow = true; break; 1583 case Bytecodes::_dreturn : 1584 type2 = current_frame.pop_stack( 1585 VerificationType::double2_type(), CHECK_VERIFY(this)); 1586 type = current_frame.pop_stack( 1587 VerificationType::double_type(), CHECK_VERIFY(this)); 1588 verify_return_value(return_type, type, bci, 1589 ¤t_frame, CHECK_VERIFY(this)); 1590 no_control_flow = true; break; 1591 case Bytecodes::_areturn : 1592 type = current_frame.pop_stack( 1593 VerificationType::reference_check(), CHECK_VERIFY(this)); 1594 verify_return_value(return_type, type, bci, 1595 ¤t_frame, CHECK_VERIFY(this)); 1596 no_control_flow = true; break; 1597 case Bytecodes::_return : 1598 if (return_type != VerificationType::bogus_type()) { 1599 verify_error(ErrorContext::bad_code(bci), 1600 "Method expects a return value"); 1601 return; 1602 } 1603 // Make sure "this" has been initialized if current method is an 1604 // <init>. 1605 if (_method->name() == vmSymbols::object_initializer_name() && 1606 current_frame.flag_this_uninit()) { 1607 verify_error(ErrorContext::bad_code(bci), 1608 "Constructor must call super() or this() " 1609 "before return"); 1610 return; 1611 } 1612 no_control_flow = true; break; 1613 case Bytecodes::_getstatic : 1614 case Bytecodes::_putstatic : 1615 // pass TRUE, operand can be an array type for getstatic/putstatic. 1616 verify_field_instructions( 1617 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1618 no_control_flow = false; break; 1619 case Bytecodes::_getfield : 1620 case Bytecodes::_putfield : 1621 // pass FALSE, operand can't be an array type for getfield/putfield. 1622 verify_field_instructions( 1623 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1624 no_control_flow = false; break; 1625 case Bytecodes::_invokevirtual : 1626 case Bytecodes::_invokespecial : 1627 case Bytecodes::_invokestatic : 1628 verify_invoke_instructions( 1629 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1630 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1631 no_control_flow = false; break; 1632 case Bytecodes::_invokeinterface : 1633 case Bytecodes::_invokedynamic : 1634 verify_invoke_instructions( 1635 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1636 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1637 no_control_flow = false; break; 1638 case Bytecodes::_new : 1639 { 1640 index = bcs.get_index_u2(); 1641 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1642 VerificationType new_class_type = 1643 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1644 if (!new_class_type.is_object()) { 1645 verify_error(ErrorContext::bad_type(bci, 1646 TypeOrigin::cp(index, new_class_type)), 1647 "Illegal new instruction"); 1648 return; 1649 } 1650 type = VerificationType::uninitialized_type(bci); 1651 current_frame.push_stack(type, CHECK_VERIFY(this)); 1652 no_control_flow = false; break; 1653 } 1654 case Bytecodes::_newarray : 1655 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1656 current_frame.pop_stack( 1657 VerificationType::integer_type(), CHECK_VERIFY(this)); 1658 current_frame.push_stack(type, CHECK_VERIFY(this)); 1659 no_control_flow = false; break; 1660 case Bytecodes::_anewarray : 1661 verify_anewarray( 1662 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1663 no_control_flow = false; break; 1664 case Bytecodes::_arraylength : 1665 type = current_frame.pop_stack( 1666 VerificationType::reference_check(), CHECK_VERIFY(this)); 1667 if (!(type.is_null() || type.is_array())) { 1668 verify_error(ErrorContext::bad_type( 1669 bci, current_frame.stack_top_ctx()), 1670 bad_type_msg, "arraylength"); 1671 } 1672 current_frame.push_stack( 1673 VerificationType::integer_type(), CHECK_VERIFY(this)); 1674 no_control_flow = false; break; 1675 case Bytecodes::_checkcast : 1676 { 1677 index = bcs.get_index_u2(); 1678 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1679 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1680 VerificationType klass_type = cp_index_to_type( 1681 index, cp, CHECK_VERIFY(this)); 1682 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1683 no_control_flow = false; break; 1684 } 1685 case Bytecodes::_instanceof : { 1686 index = bcs.get_index_u2(); 1687 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1688 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1689 current_frame.push_stack( 1690 VerificationType::integer_type(), CHECK_VERIFY(this)); 1691 no_control_flow = false; break; 1692 } 1693 case Bytecodes::_monitorenter : 1694 case Bytecodes::_monitorexit : 1695 current_frame.pop_stack( 1696 VerificationType::reference_check(), CHECK_VERIFY(this)); 1697 no_control_flow = false; break; 1698 case Bytecodes::_multianewarray : 1699 { 1700 index = bcs.get_index_u2(); 1701 u2 dim = *(bcs.bcp()+3); 1702 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1703 VerificationType new_array_type = 1704 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1705 if (!new_array_type.is_array()) { 1706 verify_error(ErrorContext::bad_type(bci, 1707 TypeOrigin::cp(index, new_array_type)), 1708 "Illegal constant pool index in multianewarray instruction"); 1709 return; 1710 } 1711 if (dim < 1 || new_array_type.dimensions() < dim) { 1712 verify_error(ErrorContext::bad_code(bci), 1713 "Illegal dimension in multianewarray instruction: %d", dim); 1714 return; 1715 } 1716 for (int i = 0; i < dim; i++) { 1717 current_frame.pop_stack( 1718 VerificationType::integer_type(), CHECK_VERIFY(this)); 1719 } 1720 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1721 no_control_flow = false; break; 1722 } 1723 case Bytecodes::_athrow : 1724 type = VerificationType::reference_type( 1725 vmSymbols::java_lang_Throwable()); 1726 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1727 no_control_flow = true; break; 1728 default: 1729 // We only need to check the valid bytecodes in class file. 1730 // And jsr and ret are not in the new class file format in JDK1.5. 1731 verify_error(ErrorContext::bad_code(bci), 1732 "Bad instruction: %02x", opcode); 1733 no_control_flow = false; 1734 return; 1735 } // end switch 1736 } // end Merge with the next instruction 1737 1738 // Look for possible jump target in exception handlers and see if it matches 1739 // current_frame. Don't do this check if it has already been done (for 1740 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1741 // opcodes, such as invokespecial, may set the this_uninit flag. 1742 assert(!(verified_exc_handlers && this_uninit), 1743 "Exception handler targets got verified before this_uninit got set"); 1744 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1745 if (was_recursively_verified()) return; 1746 verify_exception_handler_targets( 1747 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1748 } 1749 } // end while 1750 1751 // Make sure that control flow does not fall through end of the method 1752 if (!no_control_flow) { 1753 verify_error(ErrorContext::bad_code(code_length), 1754 "Control flow falls through code end"); 1755 return; 1756 } 1757 } 1758 1759 #undef bad_type_message 1760 1761 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1762 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1763 memset(code_data, 0, sizeof(char) * code_length); 1764 RawBytecodeStream bcs(m); 1765 1766 while (!bcs.is_last_bytecode()) { 1767 if (bcs.raw_next() != Bytecodes::_illegal) { 1768 int bci = bcs.bci(); 1769 if (bcs.raw_code() == Bytecodes::_new) { 1770 code_data[bci] = NEW_OFFSET; 1771 } else { 1772 code_data[bci] = BYTECODE_OFFSET; 1773 } 1774 } else { 1775 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1776 return NULL; 1777 } 1778 } 1779 1780 return code_data; 1781 } 1782 1783 // Since this method references the constant pool, call was_recursively_verified() 1784 // before calling this method to make sure a prior class load did not cause the 1785 // current class to get verified. 1786 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1787 ExceptionTable exhandlers(_method()); 1788 int exlength = exhandlers.length(); 1789 constantPoolHandle cp (THREAD, _method->constants()); 1790 1791 for(int i = 0; i < exlength; i++) { 1792 u2 start_pc = exhandlers.start_pc(i); 1793 u2 end_pc = exhandlers.end_pc(i); 1794 u2 handler_pc = exhandlers.handler_pc(i); 1795 if (start_pc >= code_length || code_data[start_pc] == 0) { 1796 class_format_error("Illegal exception table start_pc %d", start_pc); 1797 return; 1798 } 1799 if (end_pc != code_length) { // special case: end_pc == code_length 1800 if (end_pc > code_length || code_data[end_pc] == 0) { 1801 class_format_error("Illegal exception table end_pc %d", end_pc); 1802 return; 1803 } 1804 } 1805 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1806 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1807 return; 1808 } 1809 int catch_type_index = exhandlers.catch_type_index(i); 1810 if (catch_type_index != 0) { 1811 VerificationType catch_type = cp_index_to_type( 1812 catch_type_index, cp, CHECK_VERIFY(this)); 1813 VerificationType throwable = 1814 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1815 bool is_subclass = throwable.is_assignable_from( 1816 catch_type, this, false, CHECK_VERIFY(this)); 1817 if (!is_subclass) { 1818 // 4286534: should throw VerifyError according to recent spec change 1819 verify_error(ErrorContext::bad_type(handler_pc, 1820 TypeOrigin::cp(catch_type_index, catch_type), 1821 TypeOrigin::implicit(throwable)), 1822 "Catch type is not a subclass " 1823 "of Throwable in exception handler %d", handler_pc); 1824 return; 1825 } 1826 } 1827 if (start_pc < min) min = start_pc; 1828 if (end_pc > max) max = end_pc; 1829 } 1830 } 1831 1832 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1833 int localvariable_table_length = _method->localvariable_table_length(); 1834 if (localvariable_table_length > 0) { 1835 LocalVariableTableElement* table = _method->localvariable_table_start(); 1836 for (int i = 0; i < localvariable_table_length; i++) { 1837 u2 start_bci = table[i].start_bci; 1838 u2 length = table[i].length; 1839 1840 if (start_bci >= code_length || code_data[start_bci] == 0) { 1841 class_format_error( 1842 "Illegal local variable table start_pc %d", start_bci); 1843 return; 1844 } 1845 u4 end_bci = (u4)(start_bci + length); 1846 if (end_bci != code_length) { 1847 if (end_bci >= code_length || code_data[end_bci] == 0) { 1848 class_format_error( "Illegal local variable table length %d", length); 1849 return; 1850 } 1851 } 1852 } 1853 } 1854 } 1855 1856 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1857 StackMapFrame* current_frame, 1858 StackMapTable* stackmap_table, 1859 bool no_control_flow, TRAPS) { 1860 if (stackmap_index < stackmap_table->get_frame_count()) { 1861 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1862 if (no_control_flow && this_offset > bci) { 1863 verify_error(ErrorContext::missing_stackmap(bci), 1864 "Expecting a stack map frame"); 1865 return 0; 1866 } 1867 if (this_offset == bci) { 1868 ErrorContext ctx; 1869 // See if current stack map can be assigned to the frame in table. 1870 // current_frame is the stackmap frame got from the last instruction. 1871 // If matched, current_frame will be updated by this method. 1872 bool matches = stackmap_table->match_stackmap( 1873 current_frame, this_offset, stackmap_index, 1874 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1875 if (!matches) { 1876 // report type error 1877 verify_error(ctx, "Instruction type does not match stack map"); 1878 return 0; 1879 } 1880 stackmap_index++; 1881 } else if (this_offset < bci) { 1882 // current_offset should have met this_offset. 1883 class_format_error("Bad stack map offset %d", this_offset); 1884 return 0; 1885 } 1886 } else if (no_control_flow) { 1887 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1888 return 0; 1889 } 1890 return stackmap_index; 1891 } 1892 1893 // Since this method references the constant pool, call was_recursively_verified() 1894 // before calling this method to make sure a prior class load did not cause the 1895 // current class to get verified. 1896 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1897 StackMapFrame* current_frame, 1898 StackMapTable* stackmap_table, TRAPS) { 1899 constantPoolHandle cp (THREAD, _method->constants()); 1900 ExceptionTable exhandlers(_method()); 1901 int exlength = exhandlers.length(); 1902 for(int i = 0; i < exlength; i++) { 1903 u2 start_pc = exhandlers.start_pc(i); 1904 u2 end_pc = exhandlers.end_pc(i); 1905 u2 handler_pc = exhandlers.handler_pc(i); 1906 int catch_type_index = exhandlers.catch_type_index(i); 1907 if(bci >= start_pc && bci < end_pc) { 1908 u1 flags = current_frame->flags(); 1909 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1910 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1911 if (catch_type_index != 0) { 1912 if (was_recursively_verified()) return; 1913 // We know that this index refers to a subclass of Throwable 1914 VerificationType catch_type = cp_index_to_type( 1915 catch_type_index, cp, CHECK_VERIFY(this)); 1916 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1917 } else { 1918 VerificationType throwable = 1919 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1920 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1921 } 1922 ErrorContext ctx; 1923 bool matches = stackmap_table->match_stackmap( 1924 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1925 if (!matches) { 1926 verify_error(ctx, "Stack map does not match the one at " 1927 "exception handler %d", handler_pc); 1928 return; 1929 } 1930 } 1931 } 1932 } 1933 1934 void ClassVerifier::verify_cp_index( 1935 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 1936 int nconstants = cp->length(); 1937 if ((index <= 0) || (index >= nconstants)) { 1938 verify_error(ErrorContext::bad_cp_index(bci, index), 1939 "Illegal constant pool index %d in class %s", 1940 index, cp->pool_holder()->external_name()); 1941 return; 1942 } 1943 } 1944 1945 void ClassVerifier::verify_cp_type( 1946 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 1947 1948 // In some situations, bytecode rewriting may occur while we're verifying. 1949 // In this case, a constant pool cache exists and some indices refer to that 1950 // instead. Be sure we don't pick up such indices by accident. 1951 // We must check was_recursively_verified() before we get here. 1952 guarantee(cp->cache() == NULL, "not rewritten yet"); 1953 1954 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1955 unsigned int tag = cp->tag_at(index).value(); 1956 if ((types & (1 << tag)) == 0) { 1957 verify_error(ErrorContext::bad_cp_index(bci, index), 1958 "Illegal type at constant pool entry %d in class %s", 1959 index, cp->pool_holder()->external_name()); 1960 return; 1961 } 1962 } 1963 1964 void ClassVerifier::verify_cp_class_type( 1965 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 1966 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1967 constantTag tag = cp->tag_at(index); 1968 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1969 verify_error(ErrorContext::bad_cp_index(bci, index), 1970 "Illegal type at constant pool entry %d in class %s", 1971 index, cp->pool_holder()->external_name()); 1972 return; 1973 } 1974 } 1975 1976 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1977 stringStream ss; 1978 1979 ctx.reset_frames(); 1980 _exception_type = vmSymbols::java_lang_VerifyError(); 1981 _error_context = ctx; 1982 va_list va; 1983 va_start(va, msg); 1984 ss.vprint(msg, va); 1985 va_end(va); 1986 _message = ss.as_string(); 1987 #ifdef ASSERT 1988 ResourceMark rm; 1989 const char* exception_name = _exception_type->as_C_string(); 1990 Exceptions::debug_check_abort(exception_name, NULL); 1991 #endif // ndef ASSERT 1992 } 1993 1994 void ClassVerifier::class_format_error(const char* msg, ...) { 1995 stringStream ss; 1996 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1997 va_list va; 1998 va_start(va, msg); 1999 ss.vprint(msg, va); 2000 va_end(va); 2001 if (!_method.is_null()) { 2002 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2003 } 2004 _message = ss.as_string(); 2005 } 2006 2007 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2008 HandleMark hm(THREAD); 2009 // Get current loader and protection domain first. 2010 oop loader = current_class()->class_loader(); 2011 oop protection_domain = current_class()->protection_domain(); 2012 2013 Klass* kls = SystemDictionary::resolve_or_fail( 2014 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2015 true, THREAD); 2016 2017 if (kls != NULL) { 2018 current_class()->class_loader_data()->record_dependency(kls); 2019 if (log_is_enabled(Debug, class, resolve)) { 2020 InstanceKlass* cur_class = InstanceKlass::cast(current_class()); 2021 Verifier::trace_class_resolution(kls, cur_class); 2022 } 2023 } 2024 return kls; 2025 } 2026 2027 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2028 Klass* target_class, 2029 Symbol* field_name, 2030 Symbol* field_sig, 2031 bool is_method) { 2032 NoSafepointVerifier nosafepoint; 2033 2034 // If target class isn't a super class of this class, we don't worry about this case 2035 if (!this_class->is_subclass_of(target_class)) { 2036 return false; 2037 } 2038 // Check if the specified method or field is protected 2039 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2040 fieldDescriptor fd; 2041 if (is_method) { 2042 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2043 if (m != NULL && m->is_protected()) { 2044 if (!this_class->is_same_class_package(m->method_holder())) { 2045 return true; 2046 } 2047 } 2048 } else { 2049 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2050 if (member_klass != NULL && fd.is_protected()) { 2051 if (!this_class->is_same_class_package(member_klass)) { 2052 return true; 2053 } 2054 } 2055 } 2056 return false; 2057 } 2058 2059 void ClassVerifier::verify_ldc( 2060 int opcode, u2 index, StackMapFrame* current_frame, 2061 const constantPoolHandle& cp, u2 bci, TRAPS) { 2062 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2063 constantTag tag = cp->tag_at(index); 2064 unsigned int types = 0; 2065 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2066 if (!tag.is_unresolved_klass()) { 2067 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2068 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2069 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2070 | (1 << JVM_CONSTANT_Dynamic); 2071 // Note: The class file parser already verified the legality of 2072 // MethodHandle and MethodType constants. 2073 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2074 } 2075 } else { 2076 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2077 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2078 | (1 << JVM_CONSTANT_Dynamic); 2079 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2080 } 2081 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2082 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2083 } else if (tag.is_string()) { 2084 current_frame->push_stack( 2085 VerificationType::reference_type( 2086 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2087 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2088 current_frame->push_stack( 2089 VerificationType::reference_type( 2090 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2091 } else if (tag.is_int()) { 2092 current_frame->push_stack( 2093 VerificationType::integer_type(), CHECK_VERIFY(this)); 2094 } else if (tag.is_float()) { 2095 current_frame->push_stack( 2096 VerificationType::float_type(), CHECK_VERIFY(this)); 2097 } else if (tag.is_double()) { 2098 current_frame->push_stack_2( 2099 VerificationType::double_type(), 2100 VerificationType::double2_type(), CHECK_VERIFY(this)); 2101 } else if (tag.is_long()) { 2102 current_frame->push_stack_2( 2103 VerificationType::long_type(), 2104 VerificationType::long2_type(), CHECK_VERIFY(this)); 2105 } else if (tag.is_method_handle()) { 2106 current_frame->push_stack( 2107 VerificationType::reference_type( 2108 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2109 } else if (tag.is_method_type()) { 2110 current_frame->push_stack( 2111 VerificationType::reference_type( 2112 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2113 } else if (tag.is_dynamic_constant()) { 2114 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2115 if (!SignatureVerifier::is_valid_type_signature(constant_type)) { 2116 class_format_error( 2117 "Invalid type for dynamic constant in class %s referenced " 2118 "from constant pool index %d", _klass->external_name(), index); 2119 return; 2120 } 2121 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2122 "buffer type must match VerificationType size"); 2123 uintptr_t constant_type_buffer[2]; 2124 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2125 SignatureStream sig_stream(constant_type, false); 2126 int n = change_sig_to_verificationType( 2127 &sig_stream, v_constant_type, CHECK_VERIFY(this)); 2128 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2129 if (n != opcode_n) { 2130 // wrong kind of ldc; reverify against updated type mask 2131 types &= ~(1 << JVM_CONSTANT_Dynamic); 2132 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2133 } 2134 for (int i = 0; i < n; i++) { 2135 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2136 } 2137 } else { 2138 /* Unreachable? verify_cp_type has already validated the cp type. */ 2139 verify_error( 2140 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2141 return; 2142 } 2143 } 2144 2145 void ClassVerifier::verify_switch( 2146 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2147 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2148 int bci = bcs->bci(); 2149 address bcp = bcs->bcp(); 2150 address aligned_bcp = align_up(bcp + 1, jintSize); 2151 2152 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2153 // 4639449 & 4647081: padding bytes must be 0 2154 u2 padding_offset = 1; 2155 while ((bcp + padding_offset) < aligned_bcp) { 2156 if(*(bcp + padding_offset) != 0) { 2157 verify_error(ErrorContext::bad_code(bci), 2158 "Nonzero padding byte in lookupswitch or tableswitch"); 2159 return; 2160 } 2161 padding_offset++; 2162 } 2163 } 2164 2165 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2166 int keys, delta; 2167 current_frame->pop_stack( 2168 VerificationType::integer_type(), CHECK_VERIFY(this)); 2169 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2170 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2171 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2172 if (low > high) { 2173 verify_error(ErrorContext::bad_code(bci), 2174 "low must be less than or equal to high in tableswitch"); 2175 return; 2176 } 2177 keys = high - low + 1; 2178 if (keys < 0) { 2179 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2180 return; 2181 } 2182 delta = 1; 2183 } else { 2184 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2185 if (keys < 0) { 2186 verify_error(ErrorContext::bad_code(bci), 2187 "number of keys in lookupswitch less than 0"); 2188 return; 2189 } 2190 delta = 2; 2191 // Make sure that the lookupswitch items are sorted 2192 for (int i = 0; i < (keys - 1); i++) { 2193 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2194 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2195 if (this_key >= next_key) { 2196 verify_error(ErrorContext::bad_code(bci), 2197 "Bad lookupswitch instruction"); 2198 return; 2199 } 2200 } 2201 } 2202 int target = bci + default_offset; 2203 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2204 for (int i = 0; i < keys; i++) { 2205 // Because check_jump_target() may safepoint, the bytecode could have 2206 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2207 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2208 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2209 stackmap_table->check_jump_target( 2210 current_frame, target, CHECK_VERIFY(this)); 2211 } 2212 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2213 } 2214 2215 bool ClassVerifier::name_in_supers( 2216 Symbol* ref_name, InstanceKlass* current) { 2217 Klass* super = current->super(); 2218 while (super != NULL) { 2219 if (super->name() == ref_name) { 2220 return true; 2221 } 2222 super = super->super(); 2223 } 2224 return false; 2225 } 2226 2227 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2228 StackMapFrame* current_frame, 2229 const constantPoolHandle& cp, 2230 bool allow_arrays, 2231 TRAPS) { 2232 u2 index = bcs->get_index_u2(); 2233 verify_cp_type(bcs->bci(), index, cp, 2234 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2235 2236 // Get field name and signature 2237 Symbol* field_name = cp->name_ref_at(index); 2238 Symbol* field_sig = cp->signature_ref_at(index); 2239 2240 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2241 class_format_error( 2242 "Invalid signature for field in class %s referenced " 2243 "from constant pool index %d", _klass->external_name(), index); 2244 return; 2245 } 2246 2247 // Get referenced class type 2248 VerificationType ref_class_type = cp_ref_index_to_type( 2249 index, cp, CHECK_VERIFY(this)); 2250 if (!ref_class_type.is_object() && 2251 (!allow_arrays || !ref_class_type.is_array())) { 2252 verify_error(ErrorContext::bad_type(bcs->bci(), 2253 TypeOrigin::cp(index, ref_class_type)), 2254 "Expecting reference to class in class %s at constant pool index %d", 2255 _klass->external_name(), index); 2256 return; 2257 } 2258 VerificationType target_class_type = ref_class_type; 2259 2260 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2261 "buffer type must match VerificationType size"); 2262 uintptr_t field_type_buffer[2]; 2263 VerificationType* field_type = (VerificationType*)field_type_buffer; 2264 // If we make a VerificationType[2] array directly, the compiler calls 2265 // to the c-runtime library to do the allocation instead of just 2266 // stack allocating it. Plus it would run constructors. This shows up 2267 // in performance profiles. 2268 2269 SignatureStream sig_stream(field_sig, false); 2270 VerificationType stack_object_type; 2271 int n = change_sig_to_verificationType( 2272 &sig_stream, field_type, CHECK_VERIFY(this)); 2273 u2 bci = bcs->bci(); 2274 bool is_assignable; 2275 switch (bcs->raw_code()) { 2276 case Bytecodes::_getstatic: { 2277 for (int i = 0; i < n; i++) { 2278 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2279 } 2280 break; 2281 } 2282 case Bytecodes::_putstatic: { 2283 for (int i = n - 1; i >= 0; i--) { 2284 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2285 } 2286 break; 2287 } 2288 case Bytecodes::_getfield: { 2289 stack_object_type = current_frame->pop_stack( 2290 target_class_type, CHECK_VERIFY(this)); 2291 for (int i = 0; i < n; i++) { 2292 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2293 } 2294 goto check_protected; 2295 } 2296 case Bytecodes::_putfield: { 2297 for (int i = n - 1; i >= 0; i--) { 2298 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2299 } 2300 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2301 2302 // The JVMS 2nd edition allows field initialization before the superclass 2303 // initializer, if the field is defined within the current class. 2304 fieldDescriptor fd; 2305 if (stack_object_type == VerificationType::uninitialized_this_type() && 2306 target_class_type.equals(current_type()) && 2307 _klass->find_local_field(field_name, field_sig, &fd)) { 2308 stack_object_type = current_type(); 2309 } 2310 is_assignable = target_class_type.is_assignable_from( 2311 stack_object_type, this, false, CHECK_VERIFY(this)); 2312 if (!is_assignable) { 2313 verify_error(ErrorContext::bad_type(bci, 2314 current_frame->stack_top_ctx(), 2315 TypeOrigin::cp(index, target_class_type)), 2316 "Bad type on operand stack in putfield"); 2317 return; 2318 } 2319 } 2320 check_protected: { 2321 if (_this_type == stack_object_type) 2322 break; // stack_object_type must be assignable to _current_class_type 2323 if (was_recursively_verified()) return; 2324 Symbol* ref_class_name = 2325 cp->klass_name_at(cp->klass_ref_index_at(index)); 2326 if (!name_in_supers(ref_class_name, current_class())) 2327 // stack_object_type must be assignable to _current_class_type since: 2328 // 1. stack_object_type must be assignable to ref_class. 2329 // 2. ref_class must be _current_class or a subclass of it. It can't 2330 // be a superclass of it. See revised JVMS 5.4.4. 2331 break; 2332 2333 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2334 if (is_protected_access(current_class(), ref_class_oop, field_name, 2335 field_sig, false)) { 2336 // It's protected access, check if stack object is assignable to 2337 // current class. 2338 is_assignable = current_type().is_assignable_from( 2339 stack_object_type, this, true, CHECK_VERIFY(this)); 2340 if (!is_assignable) { 2341 verify_error(ErrorContext::bad_type(bci, 2342 current_frame->stack_top_ctx(), 2343 TypeOrigin::implicit(current_type())), 2344 "Bad access to protected data in getfield"); 2345 return; 2346 } 2347 } 2348 break; 2349 } 2350 default: ShouldNotReachHere(); 2351 } 2352 } 2353 2354 // Look at the method's handlers. If the bci is in the handler's try block 2355 // then check if the handler_pc is already on the stack. If not, push it 2356 // unless the handler has already been scanned. 2357 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2358 GrowableArray<u4>* handler_list, 2359 GrowableArray<u4>* handler_stack, 2360 u4 bci) { 2361 int exlength = exhandlers->length(); 2362 for(int x = 0; x < exlength; x++) { 2363 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2364 u4 exhandler_pc = exhandlers->handler_pc(x); 2365 if (!handler_list->contains(exhandler_pc)) { 2366 handler_stack->append_if_missing(exhandler_pc); 2367 handler_list->append(exhandler_pc); 2368 } 2369 } 2370 } 2371 } 2372 2373 // Return TRUE if all code paths starting with start_bc_offset end in 2374 // bytecode athrow or loop. 2375 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2376 ResourceMark rm; 2377 // Create bytecode stream. 2378 RawBytecodeStream bcs(method()); 2379 u4 code_length = method()->code_size(); 2380 bcs.set_start(start_bc_offset); 2381 u4 target; 2382 // Create stack for storing bytecode start offsets for if* and *switch. 2383 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2384 // Create stack for handlers for try blocks containing this handler. 2385 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2386 // Create list of handlers that have been pushed onto the handler_stack 2387 // so that handlers embedded inside of their own TRY blocks only get 2388 // scanned once. 2389 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2390 // Create list of visited branch opcodes (goto* and if*). 2391 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2392 ExceptionTable exhandlers(_method()); 2393 2394 while (true) { 2395 if (bcs.is_last_bytecode()) { 2396 // if no more starting offsets to parse or if at the end of the 2397 // method then return false. 2398 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2399 return false; 2400 // Pop a bytecode starting offset and scan from there. 2401 bcs.set_start(bci_stack->pop()); 2402 } 2403 Bytecodes::Code opcode = bcs.raw_next(); 2404 u4 bci = bcs.bci(); 2405 2406 // If the bytecode is in a TRY block, push its handlers so they 2407 // will get parsed. 2408 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2409 2410 switch (opcode) { 2411 case Bytecodes::_if_icmpeq: 2412 case Bytecodes::_if_icmpne: 2413 case Bytecodes::_if_icmplt: 2414 case Bytecodes::_if_icmpge: 2415 case Bytecodes::_if_icmpgt: 2416 case Bytecodes::_if_icmple: 2417 case Bytecodes::_ifeq: 2418 case Bytecodes::_ifne: 2419 case Bytecodes::_iflt: 2420 case Bytecodes::_ifge: 2421 case Bytecodes::_ifgt: 2422 case Bytecodes::_ifle: 2423 case Bytecodes::_if_acmpeq: 2424 case Bytecodes::_if_acmpne: 2425 case Bytecodes::_ifnull: 2426 case Bytecodes::_ifnonnull: 2427 target = bcs.dest(); 2428 if (visited_branches->contains(bci)) { 2429 if (bci_stack->is_empty()) { 2430 if (handler_stack->is_empty()) { 2431 return true; 2432 } else { 2433 // Parse the catch handlers for try blocks containing athrow. 2434 bcs.set_start(handler_stack->pop()); 2435 } 2436 } else { 2437 // Pop a bytecode starting offset and scan from there. 2438 bcs.set_start(bci_stack->pop()); 2439 } 2440 } else { 2441 if (target > bci) { // forward branch 2442 if (target >= code_length) return false; 2443 // Push the branch target onto the stack. 2444 bci_stack->push(target); 2445 // then, scan bytecodes starting with next. 2446 bcs.set_start(bcs.next_bci()); 2447 } else { // backward branch 2448 // Push bytecode offset following backward branch onto the stack. 2449 bci_stack->push(bcs.next_bci()); 2450 // Check bytecodes starting with branch target. 2451 bcs.set_start(target); 2452 } 2453 // Record target so we don't branch here again. 2454 visited_branches->append(bci); 2455 } 2456 break; 2457 2458 case Bytecodes::_goto: 2459 case Bytecodes::_goto_w: 2460 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2461 if (visited_branches->contains(bci)) { 2462 if (bci_stack->is_empty()) { 2463 if (handler_stack->is_empty()) { 2464 return true; 2465 } else { 2466 // Parse the catch handlers for try blocks containing athrow. 2467 bcs.set_start(handler_stack->pop()); 2468 } 2469 } else { 2470 // Been here before, pop new starting offset from stack. 2471 bcs.set_start(bci_stack->pop()); 2472 } 2473 } else { 2474 if (target >= code_length) return false; 2475 // Continue scanning from the target onward. 2476 bcs.set_start(target); 2477 // Record target so we don't branch here again. 2478 visited_branches->append(bci); 2479 } 2480 break; 2481 2482 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2483 // is difficult to determine where each switch alternative ends, parse 2484 // each switch alternative until either hit a 'return', 'athrow', or reach 2485 // the end of the method's bytecodes. This is gross but should be okay 2486 // because: 2487 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2488 // constructor invocations should be rare. 2489 // 2. if each switch alternative ends in an athrow then the parsing should be 2490 // short. If there is no athrow then it is bogus code, anyway. 2491 case Bytecodes::_lookupswitch: 2492 case Bytecodes::_tableswitch: 2493 { 2494 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2495 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2496 int keys, delta; 2497 if (opcode == Bytecodes::_tableswitch) { 2498 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2499 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2500 // This is invalid, but let the regular bytecode verifier 2501 // report this because the user will get a better error message. 2502 if (low > high) return true; 2503 keys = high - low + 1; 2504 delta = 1; 2505 } else { 2506 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2507 delta = 2; 2508 } 2509 // Invalid, let the regular bytecode verifier deal with it. 2510 if (keys < 0) return true; 2511 2512 // Push the offset of the next bytecode onto the stack. 2513 bci_stack->push(bcs.next_bci()); 2514 2515 // Push the switch alternatives onto the stack. 2516 for (int i = 0; i < keys; i++) { 2517 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2518 if (target > code_length) return false; 2519 bci_stack->push(target); 2520 } 2521 2522 // Start bytecode parsing for the switch at the default alternative. 2523 if (default_offset > code_length) return false; 2524 bcs.set_start(default_offset); 2525 break; 2526 } 2527 2528 case Bytecodes::_return: 2529 return false; 2530 2531 case Bytecodes::_athrow: 2532 { 2533 if (bci_stack->is_empty()) { 2534 if (handler_stack->is_empty()) { 2535 return true; 2536 } else { 2537 // Parse the catch handlers for try blocks containing athrow. 2538 bcs.set_start(handler_stack->pop()); 2539 } 2540 } else { 2541 // Pop a bytecode offset and starting scanning from there. 2542 bcs.set_start(bci_stack->pop()); 2543 } 2544 } 2545 break; 2546 2547 default: 2548 ; 2549 } // end switch 2550 } // end while loop 2551 2552 return false; 2553 } 2554 2555 void ClassVerifier::verify_invoke_init( 2556 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2557 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2558 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2559 TRAPS) { 2560 u2 bci = bcs->bci(); 2561 VerificationType type = current_frame->pop_stack( 2562 VerificationType::reference_check(), CHECK_VERIFY(this)); 2563 if (type == VerificationType::uninitialized_this_type()) { 2564 // The method must be an <init> method of this class or its superclass 2565 Klass* superk = current_class()->super(); 2566 if (ref_class_type.name() != current_class()->name() && 2567 ref_class_type.name() != superk->name()) { 2568 verify_error(ErrorContext::bad_type(bci, 2569 TypeOrigin::implicit(ref_class_type), 2570 TypeOrigin::implicit(current_type())), 2571 "Bad <init> method call"); 2572 return; 2573 } 2574 2575 // If this invokespecial call is done from inside of a TRY block then make 2576 // sure that all catch clause paths end in a throw. Otherwise, this can 2577 // result in returning an incomplete object. 2578 if (in_try_block) { 2579 ExceptionTable exhandlers(_method()); 2580 int exlength = exhandlers.length(); 2581 for(int i = 0; i < exlength; i++) { 2582 u2 start_pc = exhandlers.start_pc(i); 2583 u2 end_pc = exhandlers.end_pc(i); 2584 2585 if (bci >= start_pc && bci < end_pc) { 2586 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2587 verify_error(ErrorContext::bad_code(bci), 2588 "Bad <init> method call from after the start of a try block"); 2589 return; 2590 } else if (log_is_enabled(Info, verification)) { 2591 ResourceMark rm(THREAD); 2592 log_info(verification)("Survived call to ends_in_athrow(): %s", 2593 current_class()->name()->as_C_string()); 2594 } 2595 } 2596 } 2597 2598 // Check the exception handler target stackmaps with the locals from the 2599 // incoming stackmap (before initialize_object() changes them to outgoing 2600 // state). 2601 if (was_recursively_verified()) return; 2602 verify_exception_handler_targets(bci, true, current_frame, 2603 stackmap_table, CHECK_VERIFY(this)); 2604 } // in_try_block 2605 2606 current_frame->initialize_object(type, current_type()); 2607 *this_uninit = true; 2608 } else if (type.is_uninitialized()) { 2609 u2 new_offset = type.bci(); 2610 address new_bcp = bcs->bcp() - bci + new_offset; 2611 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2612 /* Unreachable? Stack map parsing ensures valid type and new 2613 * instructions have a valid BCI. */ 2614 verify_error(ErrorContext::bad_code(new_offset), 2615 "Expecting new instruction"); 2616 return; 2617 } 2618 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2619 if (was_recursively_verified()) return; 2620 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2621 2622 // The method must be an <init> method of the indicated class 2623 VerificationType new_class_type = cp_index_to_type( 2624 new_class_index, cp, CHECK_VERIFY(this)); 2625 if (!new_class_type.equals(ref_class_type)) { 2626 verify_error(ErrorContext::bad_type(bci, 2627 TypeOrigin::cp(new_class_index, new_class_type), 2628 TypeOrigin::cp(ref_class_index, ref_class_type)), 2629 "Call to wrong <init> method"); 2630 return; 2631 } 2632 // According to the VM spec, if the referent class is a superclass of the 2633 // current class, and is in a different runtime package, and the method is 2634 // protected, then the objectref must be the current class or a subclass 2635 // of the current class. 2636 VerificationType objectref_type = new_class_type; 2637 if (name_in_supers(ref_class_type.name(), current_class())) { 2638 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2639 if (was_recursively_verified()) return; 2640 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2641 vmSymbols::object_initializer_name(), 2642 cp->signature_ref_at(bcs->get_index_u2()), 2643 Klass::find_overpass); 2644 // Do nothing if method is not found. Let resolution detect the error. 2645 if (m != NULL) { 2646 InstanceKlass* mh = m->method_holder(); 2647 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2648 bool assignable = current_type().is_assignable_from( 2649 objectref_type, this, true, CHECK_VERIFY(this)); 2650 if (!assignable) { 2651 verify_error(ErrorContext::bad_type(bci, 2652 TypeOrigin::cp(new_class_index, objectref_type), 2653 TypeOrigin::implicit(current_type())), 2654 "Bad access to protected <init> method"); 2655 return; 2656 } 2657 } 2658 } 2659 } 2660 // Check the exception handler target stackmaps with the locals from the 2661 // incoming stackmap (before initialize_object() changes them to outgoing 2662 // state). 2663 if (in_try_block) { 2664 if (was_recursively_verified()) return; 2665 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2666 stackmap_table, CHECK_VERIFY(this)); 2667 } 2668 current_frame->initialize_object(type, new_class_type); 2669 } else { 2670 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2671 "Bad operand type when invoking <init>"); 2672 return; 2673 } 2674 } 2675 2676 bool ClassVerifier::is_same_or_direct_interface( 2677 InstanceKlass* klass, 2678 VerificationType klass_type, 2679 VerificationType ref_class_type) { 2680 if (ref_class_type.equals(klass_type)) return true; 2681 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2682 if (local_interfaces != NULL) { 2683 for (int x = 0; x < local_interfaces->length(); x++) { 2684 Klass* k = local_interfaces->at(x); 2685 assert (k != NULL && k->is_interface(), "invalid interface"); 2686 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2687 return true; 2688 } 2689 } 2690 } 2691 return false; 2692 } 2693 2694 void ClassVerifier::verify_invoke_instructions( 2695 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2696 bool in_try_block, bool *this_uninit, VerificationType return_type, 2697 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2698 // Make sure the constant pool item is the right type 2699 u2 index = bcs->get_index_u2(); 2700 Bytecodes::Code opcode = bcs->raw_code(); 2701 unsigned int types = 0; 2702 switch (opcode) { 2703 case Bytecodes::_invokeinterface: 2704 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2705 break; 2706 case Bytecodes::_invokedynamic: 2707 types = 1 << JVM_CONSTANT_InvokeDynamic; 2708 break; 2709 case Bytecodes::_invokespecial: 2710 case Bytecodes::_invokestatic: 2711 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2712 (1 << JVM_CONSTANT_Methodref) : 2713 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2714 break; 2715 default: 2716 types = 1 << JVM_CONSTANT_Methodref; 2717 } 2718 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2719 2720 // Get method name and signature 2721 Symbol* method_name = cp->name_ref_at(index); 2722 Symbol* method_sig = cp->signature_ref_at(index); 2723 2724 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2725 class_format_error( 2726 "Invalid method signature in class %s referenced " 2727 "from constant pool index %d", _klass->external_name(), index); 2728 return; 2729 } 2730 2731 // Get referenced class type 2732 VerificationType ref_class_type; 2733 if (opcode == Bytecodes::_invokedynamic) { 2734 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2735 class_format_error( 2736 "invokedynamic instructions not supported by this class file version (%d), class %s", 2737 _klass->major_version(), _klass->external_name()); 2738 return; 2739 } 2740 } else { 2741 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2742 } 2743 2744 // For a small signature length, we just allocate 128 bytes instead 2745 // of parsing the signature once to find its size. 2746 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2747 // longs/doubles to be consertive. 2748 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2749 "buffer type must match VerificationType size"); 2750 uintptr_t on_stack_sig_types_buffer[128]; 2751 // If we make a VerificationType[128] array directly, the compiler calls 2752 // to the c-runtime library to do the allocation instead of just 2753 // stack allocating it. Plus it would run constructors. This shows up 2754 // in performance profiles. 2755 2756 VerificationType* sig_types; 2757 int size = (method_sig->utf8_length() - 3) * 2; 2758 if (size > 128) { 2759 // Long and double occupies two slots here. 2760 ArgumentSizeComputer size_it(method_sig); 2761 size = size_it.size(); 2762 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2763 } else{ 2764 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2765 } 2766 SignatureStream sig_stream(method_sig); 2767 int sig_i = 0; 2768 while (!sig_stream.at_return_type()) { 2769 sig_i += change_sig_to_verificationType( 2770 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2771 sig_stream.next(); 2772 } 2773 int nargs = sig_i; 2774 2775 #ifdef ASSERT 2776 { 2777 ArgumentSizeComputer size_it(method_sig); 2778 assert(nargs == size_it.size(), "Argument sizes do not match"); 2779 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2780 } 2781 #endif 2782 2783 // Check instruction operands 2784 u2 bci = bcs->bci(); 2785 if (opcode == Bytecodes::_invokeinterface) { 2786 address bcp = bcs->bcp(); 2787 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2788 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2789 // the difference between the size of the operand stack before and after the instruction 2790 // executes. 2791 if (*(bcp+3) != (nargs+1)) { 2792 verify_error(ErrorContext::bad_code(bci), 2793 "Inconsistent args count operand in invokeinterface"); 2794 return; 2795 } 2796 if (*(bcp+4) != 0) { 2797 verify_error(ErrorContext::bad_code(bci), 2798 "Fourth operand byte of invokeinterface must be zero"); 2799 return; 2800 } 2801 } 2802 2803 if (opcode == Bytecodes::_invokedynamic) { 2804 address bcp = bcs->bcp(); 2805 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2806 verify_error(ErrorContext::bad_code(bci), 2807 "Third and fourth operand bytes of invokedynamic must be zero"); 2808 return; 2809 } 2810 } 2811 2812 if (method_name->byte_at(0) == '<') { 2813 // Make sure <init> can only be invoked by invokespecial 2814 if (opcode != Bytecodes::_invokespecial || 2815 method_name != vmSymbols::object_initializer_name()) { 2816 verify_error(ErrorContext::bad_code(bci), 2817 "Illegal call to internal method"); 2818 return; 2819 } 2820 } else if (opcode == Bytecodes::_invokespecial 2821 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2822 && !ref_class_type.equals(VerificationType::reference_type( 2823 current_class()->super()->name()))) { 2824 bool subtype = false; 2825 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2826 if (!current_class()->is_anonymous()) { 2827 subtype = ref_class_type.is_assignable_from( 2828 current_type(), this, false, CHECK_VERIFY(this)); 2829 } else { 2830 VerificationType host_klass_type = 2831 VerificationType::reference_type(current_class()->host_klass()->name()); 2832 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this)); 2833 2834 // If invokespecial of IMR, need to recheck for same or 2835 // direct interface relative to the host class 2836 have_imr_indirect = (have_imr_indirect && 2837 !is_same_or_direct_interface( 2838 current_class()->host_klass(), 2839 host_klass_type, ref_class_type)); 2840 } 2841 if (!subtype) { 2842 verify_error(ErrorContext::bad_code(bci), 2843 "Bad invokespecial instruction: " 2844 "current class isn't assignable to reference class."); 2845 return; 2846 } else if (have_imr_indirect) { 2847 verify_error(ErrorContext::bad_code(bci), 2848 "Bad invokespecial instruction: " 2849 "interface method reference is in an indirect superinterface."); 2850 return; 2851 } 2852 2853 } 2854 // Match method descriptor with operand stack 2855 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2856 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2857 } 2858 // Check objectref on operand stack 2859 if (opcode != Bytecodes::_invokestatic && 2860 opcode != Bytecodes::_invokedynamic) { 2861 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2862 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2863 code_length, in_try_block, this_uninit, cp, stackmap_table, 2864 CHECK_VERIFY(this)); 2865 if (was_recursively_verified()) return; 2866 } else { // other methods 2867 // Ensures that target class is assignable to method class. 2868 if (opcode == Bytecodes::_invokespecial) { 2869 if (!current_class()->is_anonymous()) { 2870 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2871 } else { 2872 // anonymous class invokespecial calls: check if the 2873 // objectref is a subtype of the host_klass of the current class 2874 // to allow an anonymous class to reference methods in the host_klass 2875 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2876 VerificationType hosttype = 2877 VerificationType::reference_type(current_class()->host_klass()->name()); 2878 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2879 if (!subtype) { 2880 verify_error( ErrorContext::bad_type(current_frame->offset(), 2881 current_frame->stack_top_ctx(), 2882 TypeOrigin::implicit(top)), 2883 "Bad type on operand stack"); 2884 return; 2885 } 2886 } 2887 } else if (opcode == Bytecodes::_invokevirtual) { 2888 VerificationType stack_object_type = 2889 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2890 if (current_type() != stack_object_type) { 2891 if (was_recursively_verified()) return; 2892 assert(cp->cache() == NULL, "not rewritten yet"); 2893 Symbol* ref_class_name = 2894 cp->klass_name_at(cp->klass_ref_index_at(index)); 2895 // See the comments in verify_field_instructions() for 2896 // the rationale behind this. 2897 if (name_in_supers(ref_class_name, current_class())) { 2898 Klass* ref_class = load_class(ref_class_name, CHECK); 2899 if (is_protected_access( 2900 _klass, ref_class, method_name, method_sig, true)) { 2901 // It's protected access, check if stack object is 2902 // assignable to current class. 2903 bool is_assignable = current_type().is_assignable_from( 2904 stack_object_type, this, true, CHECK_VERIFY(this)); 2905 if (!is_assignable) { 2906 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2907 && stack_object_type.is_array() 2908 && method_name == vmSymbols::clone_name()) { 2909 // Special case: arrays pretend to implement public Object 2910 // clone(). 2911 } else { 2912 verify_error(ErrorContext::bad_type(bci, 2913 current_frame->stack_top_ctx(), 2914 TypeOrigin::implicit(current_type())), 2915 "Bad access to protected data in invokevirtual"); 2916 return; 2917 } 2918 } 2919 } 2920 } 2921 } 2922 } else { 2923 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2924 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2925 } 2926 } 2927 } 2928 // Push the result type. 2929 if (sig_stream.type() != T_VOID) { 2930 if (method_name == vmSymbols::object_initializer_name()) { 2931 // <init> method must have a void return type 2932 /* Unreachable? Class file parser verifies that methods with '<' have 2933 * void return */ 2934 verify_error(ErrorContext::bad_code(bci), 2935 "Return type must be void in <init> method"); 2936 return; 2937 } 2938 VerificationType return_type[2]; 2939 int n = change_sig_to_verificationType( 2940 &sig_stream, return_type, CHECK_VERIFY(this)); 2941 for (int i = 0; i < n; i++) { 2942 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2943 } 2944 } 2945 } 2946 2947 VerificationType ClassVerifier::get_newarray_type( 2948 u2 index, u2 bci, TRAPS) { 2949 const char* from_bt[] = { 2950 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2951 }; 2952 if (index < T_BOOLEAN || index > T_LONG) { 2953 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2954 return VerificationType::bogus_type(); 2955 } 2956 2957 // from_bt[index] contains the array signature which has a length of 2 2958 Symbol* sig = create_temporary_symbol( 2959 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2960 return VerificationType::reference_type(sig); 2961 } 2962 2963 void ClassVerifier::verify_anewarray( 2964 u2 bci, u2 index, const constantPoolHandle& cp, 2965 StackMapFrame* current_frame, TRAPS) { 2966 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2967 current_frame->pop_stack( 2968 VerificationType::integer_type(), CHECK_VERIFY(this)); 2969 2970 if (was_recursively_verified()) return; 2971 VerificationType component_type = 2972 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2973 int length; 2974 char* arr_sig_str; 2975 if (component_type.is_array()) { // it's an array 2976 const char* component_name = component_type.name()->as_utf8(); 2977 // Check for more than MAX_ARRAY_DIMENSIONS 2978 length = (int)strlen(component_name); 2979 if (length > MAX_ARRAY_DIMENSIONS && 2980 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 2981 verify_error(ErrorContext::bad_code(bci), 2982 "Illegal anewarray instruction, array has more than 255 dimensions"); 2983 } 2984 // add one dimension to component 2985 length++; 2986 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2987 arr_sig_str[0] = '['; 2988 strncpy(&arr_sig_str[1], component_name, length - 1); 2989 } else { // it's an object or interface 2990 const char* component_name = component_type.name()->as_utf8(); 2991 // add one dimension to component with 'L' prepended and ';' postpended. 2992 length = (int)strlen(component_name) + 3; 2993 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2994 arr_sig_str[0] = '['; 2995 arr_sig_str[1] = 'L'; 2996 strncpy(&arr_sig_str[2], component_name, length - 2); 2997 arr_sig_str[length - 1] = ';'; 2998 } 2999 Symbol* arr_sig = create_temporary_symbol( 3000 arr_sig_str, length, CHECK_VERIFY(this)); 3001 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3002 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3003 } 3004 3005 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3006 current_frame->get_local( 3007 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3008 current_frame->push_stack( 3009 VerificationType::integer_type(), CHECK_VERIFY(this)); 3010 } 3011 3012 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3013 current_frame->get_local_2( 3014 index, VerificationType::long_type(), 3015 VerificationType::long2_type(), CHECK_VERIFY(this)); 3016 current_frame->push_stack_2( 3017 VerificationType::long_type(), 3018 VerificationType::long2_type(), CHECK_VERIFY(this)); 3019 } 3020 3021 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3022 current_frame->get_local( 3023 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3024 current_frame->push_stack( 3025 VerificationType::float_type(), CHECK_VERIFY(this)); 3026 } 3027 3028 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3029 current_frame->get_local_2( 3030 index, VerificationType::double_type(), 3031 VerificationType::double2_type(), CHECK_VERIFY(this)); 3032 current_frame->push_stack_2( 3033 VerificationType::double_type(), 3034 VerificationType::double2_type(), CHECK_VERIFY(this)); 3035 } 3036 3037 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3038 VerificationType type = current_frame->get_local( 3039 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3040 current_frame->push_stack(type, CHECK_VERIFY(this)); 3041 } 3042 3043 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3044 current_frame->pop_stack( 3045 VerificationType::integer_type(), CHECK_VERIFY(this)); 3046 current_frame->set_local( 3047 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3048 } 3049 3050 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3051 current_frame->pop_stack_2( 3052 VerificationType::long2_type(), 3053 VerificationType::long_type(), CHECK_VERIFY(this)); 3054 current_frame->set_local_2( 3055 index, VerificationType::long_type(), 3056 VerificationType::long2_type(), CHECK_VERIFY(this)); 3057 } 3058 3059 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3060 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3061 current_frame->set_local( 3062 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3063 } 3064 3065 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3066 current_frame->pop_stack_2( 3067 VerificationType::double2_type(), 3068 VerificationType::double_type(), CHECK_VERIFY(this)); 3069 current_frame->set_local_2( 3070 index, VerificationType::double_type(), 3071 VerificationType::double2_type(), CHECK_VERIFY(this)); 3072 } 3073 3074 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3075 VerificationType type = current_frame->pop_stack( 3076 VerificationType::reference_check(), CHECK_VERIFY(this)); 3077 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3078 } 3079 3080 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3081 VerificationType type = current_frame->get_local( 3082 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3083 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3084 } 3085 3086 void ClassVerifier::verify_return_value( 3087 VerificationType return_type, VerificationType type, u2 bci, 3088 StackMapFrame* current_frame, TRAPS) { 3089 if (return_type == VerificationType::bogus_type()) { 3090 verify_error(ErrorContext::bad_type(bci, 3091 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3092 "Method expects a return value"); 3093 return; 3094 } 3095 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3096 if (!match) { 3097 verify_error(ErrorContext::bad_type(bci, 3098 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3099 "Bad return type"); 3100 return; 3101 } 3102 } 3103 3104 // The verifier creates symbols which are substrings of Symbols. 3105 // These are stored in the verifier until the end of verification so that 3106 // they can be reference counted. 3107 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3108 int end, TRAPS) { 3109 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3110 _symbols->push(sym); 3111 return sym; 3112 } 3113 3114 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3115 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3116 _symbols->push(sym); 3117 return sym; 3118 }