1 /*
2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "jvm.h"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/systemDictionary.hpp"
33 #include "classfile/verifier.hpp"
34 #include "classfile/vmSymbols.hpp"
35 #include "interpreter/bytecodes.hpp"
36 #include "interpreter/bytecodeStream.hpp"
37 #include "logging/log.hpp"
38 #include "logging/logStream.hpp"
39 #include "memory/oopFactory.hpp"
40 #include "memory/resourceArea.hpp"
41 #include "oops/constantPool.inline.hpp"
42 #include "oops/instanceKlass.hpp"
43 #include "oops/oop.inline.hpp"
44 #include "oops/typeArrayOop.hpp"
45 #include "runtime/fieldDescriptor.hpp"
46 #include "runtime/handles.inline.hpp"
47 #include "runtime/interfaceSupport.inline.hpp"
48 #include "runtime/javaCalls.hpp"
49 #include "runtime/jniHandles.inline.hpp"
50 #include "runtime/orderAccess.hpp"
51 #include "runtime/os.hpp"
52 #include "runtime/safepointVerifiers.hpp"
53 #include "runtime/thread.hpp"
54 #include "services/threadService.hpp"
55 #include "utilities/align.hpp"
56 #include "utilities/bytes.hpp"
57
58 #define NOFAILOVER_MAJOR_VERSION 51
59 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
60 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
61 #define MAX_ARRAY_DIMENSIONS 255
62
63 // Access to external entry for VerifyClassCodes - old byte code verifier
64
65 extern "C" {
66 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
67 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
68 }
69
70 static void* volatile _verify_byte_codes_fn = NULL;
71
72 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
73
74 static void* verify_byte_codes_fn() {
75 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
76 void *lib_handle = os::native_java_library();
77 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
78 OrderAccess::release_store(&_verify_byte_codes_fn, func);
79 if (func == NULL) {
80 _is_new_verify_byte_codes_fn = false;
81 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
82 OrderAccess::release_store(&_verify_byte_codes_fn, func);
83 }
84 }
85 return (void*)_verify_byte_codes_fn;
86 }
87
88
89 // Methods in Verifier
90
91 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
92 return (class_loader == NULL || !should_verify_class) ?
93 BytecodeVerificationLocal : BytecodeVerificationRemote;
94 }
95
96 bool Verifier::relax_access_for(oop loader) {
97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
98 bool need_verify =
99 // verifyAll
100 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
101 // verifyRemote
102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
103 return !need_verify;
104 }
105
106 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
107 assert(verify_class != NULL, "Unexpected null verify_class");
108 ResourceMark rm;
109 Symbol* s = verify_class->source_file_name();
110 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
111 const char* verify = verify_class->external_name();
112 const char* resolve = resolve_class->external_name();
113 // print in a single call to reduce interleaving between threads
114 if (source_file != NULL) {
115 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
116 } else {
117 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
118 }
119 }
120
121 // Prints the end-verification message to the appropriate output.
122 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) {
123 if (HAS_PENDING_EXCEPTION) {
124 st->print("Verification for %s has", klassName);
125 st->print_cr(" exception pending %s ",
126 PENDING_EXCEPTION->klass()->external_name());
127 } else if (exception_name != NULL) {
128 st->print_cr("Verification for %s failed", klassName);
129 }
130 st->print_cr("End class verification for: %s", klassName);
131 }
132
133 bool Verifier::verify(InstanceKlass* klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
134 HandleMark hm(THREAD);
135 ResourceMark rm(THREAD);
136
137 // Eagerly allocate the identity hash code for a klass. This is a fallout
138 // from 6320749 and 8059924: hash code generator is not supposed to be called
139 // during the safepoint, but it allows to sneak the hashcode in during
140 // verification. Without this eager hashcode generation, we may end up
141 // installing the hashcode during some other operation, which may be at
142 // safepoint -- blowing up the checks. It was previously done as the side
143 // effect (sic!) for external_name(), but instead of doing that, we opt to
144 // explicitly push the hashcode in here. This is signify the following block
145 // is IMPORTANT:
146 if (klass->java_mirror() != NULL) {
147 klass->java_mirror()->identity_hash();
148 }
149
150 if (!is_eligible_for_verification(klass, should_verify_class)) {
151 return true;
152 }
153
154 // Timer includes any side effects of class verification (resolution,
155 // etc), but not recursive calls to Verifier::verify().
156 JavaThread* jt = (JavaThread*)THREAD;
157 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
158 ClassLoader::perf_class_verify_selftime(),
159 ClassLoader::perf_classes_verified(),
160 jt->get_thread_stat()->perf_recursion_counts_addr(),
161 jt->get_thread_stat()->perf_timers_addr(),
162 PerfClassTraceTime::CLASS_VERIFY);
163
164 // If the class should be verified, first see if we can use the split
165 // verifier. If not, or if verification fails and FailOverToOldVerifier
166 // is set, then call the inference verifier.
167
168 Symbol* exception_name = NULL;
169 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
170 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
171 char* exception_message = message_buffer;
172
173 const char* klassName = klass->external_name();
174 bool can_failover = FailOverToOldVerifier &&
175 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
176
177 log_info(class, init)("Start class verification for: %s", klassName);
178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
179 ClassVerifier split_verifier(klass, THREAD);
180 split_verifier.verify_class(THREAD);
181 exception_name = split_verifier.result();
182 if (can_failover && !HAS_PENDING_EXCEPTION &&
183 (exception_name == vmSymbols::java_lang_VerifyError() ||
184 exception_name == vmSymbols::java_lang_ClassFormatError())) {
185 log_info(verification)("Fail over class verification to old verifier for: %s", klassName);
186 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName);
187 exception_name = inference_verify(
188 klass, message_buffer, message_buffer_len, THREAD);
189 }
190 if (exception_name != NULL) {
191 exception_message = split_verifier.exception_message();
192 }
193 } else {
194 exception_name = inference_verify(
195 klass, message_buffer, message_buffer_len, THREAD);
196 }
197
198 LogTarget(Info, class, init) lt1;
199 if (lt1.is_enabled()) {
200 LogStream ls(lt1);
201 log_end_verification(&ls, klassName, exception_name, THREAD);
202 }
203 LogTarget(Info, verification) lt2;
204 if (lt2.is_enabled()) {
205 LogStream ls(lt2);
206 log_end_verification(&ls, klassName, exception_name, THREAD);
207 }
208
209 if (HAS_PENDING_EXCEPTION) {
210 return false; // use the existing exception
211 } else if (exception_name == NULL) {
212 return true; // verifcation succeeded
213 } else { // VerifyError or ClassFormatError to be created and thrown
214 ResourceMark rm(THREAD);
215 Klass* kls =
216 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
217 if (log_is_enabled(Debug, class, resolve)) {
218 Verifier::trace_class_resolution(kls, klass);
219 }
220
221 while (kls != NULL) {
222 if (kls == klass) {
223 // If the class being verified is the exception we're creating
224 // or one of it's superclasses, we're in trouble and are going
225 // to infinitely recurse when we try to initialize the exception.
226 // So bail out here by throwing the preallocated VM error.
227 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
228 }
229 kls = kls->super();
230 }
231 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
232 THROW_MSG_(exception_name, exception_message, false);
233 }
234 }
235
236 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
237 Symbol* name = klass->name();
238 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
239
240 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
241
242 return (should_verify_for(klass->class_loader(), should_verify_class) &&
243 // return if the class is a bootstrapping class
244 // or defineClass specified not to verify by default (flags override passed arg)
245 // We need to skip the following four for bootstraping
246 name != vmSymbols::java_lang_Object() &&
247 name != vmSymbols::java_lang_Class() &&
248 name != vmSymbols::java_lang_String() &&
249 name != vmSymbols::java_lang_Throwable() &&
250
251 // Can not verify the bytecodes for shared classes because they have
252 // already been rewritten to contain constant pool cache indices,
253 // which the verifier can't understand.
254 // Shared classes shouldn't have stackmaps either.
255 !klass->is_shared() &&
256
257 // As of the fix for 4486457 we disable verification for all of the
258 // dynamically-generated bytecodes associated with the 1.4
259 // reflection implementation, not just those associated with
260 // jdk/internal/reflect/SerializationConstructorAccessor.
261 // NOTE: this is called too early in the bootstrapping process to be
262 // guarded by Universe::is_gte_jdk14x_version().
263 // Also for lambda generated code, gte jdk8
264 (!is_reflect));
265 }
266
267 Symbol* Verifier::inference_verify(
268 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
269 JavaThread* thread = (JavaThread*)THREAD;
270 JNIEnv *env = thread->jni_environment();
271
272 void* verify_func = verify_byte_codes_fn();
273
274 if (verify_func == NULL) {
275 jio_snprintf(message, message_len, "Could not link verifier");
276 return vmSymbols::java_lang_VerifyError();
277 }
278
279 ResourceMark rm(THREAD);
280 log_info(verification)("Verifying class %s with old format", klass->external_name());
281
282 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
283 jint result;
284
285 {
286 HandleMark hm(thread);
287 ThreadToNativeFromVM ttn(thread);
288 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
289 // code knows that we have left the VM
290
291 if (_is_new_verify_byte_codes_fn) {
292 verify_byte_codes_fn_new_t func =
293 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
294 result = (*func)(env, cls, message, (int)message_len,
295 klass->major_version());
296 } else {
297 verify_byte_codes_fn_t func =
298 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
299 result = (*func)(env, cls, message, (int)message_len);
300 }
301 }
302
303 JNIHandles::destroy_local(cls);
304
305 // These numbers are chosen so that VerifyClassCodes interface doesn't need
306 // to be changed (still return jboolean (unsigned char)), and result is
307 // 1 when verification is passed.
308 if (result == 0) {
309 return vmSymbols::java_lang_VerifyError();
310 } else if (result == 1) {
311 return NULL; // verified.
312 } else if (result == 2) {
313 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
314 } else if (result == 3) {
315 return vmSymbols::java_lang_ClassFormatError();
316 } else {
317 ShouldNotReachHere();
318 return NULL;
319 }
320 }
321
322 TypeOrigin TypeOrigin::null() {
323 return TypeOrigin();
324 }
325 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
326 assert(frame != NULL, "Must have a frame");
327 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
328 frame->local_at(index));
329 }
330 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
331 assert(frame != NULL, "Must have a frame");
332 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
333 frame->stack_at(index));
334 }
335 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
336 assert(frame != NULL, "Must have a frame");
337 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
338 frame->local_at(index));
339 }
340 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
341 assert(frame != NULL, "Must have a frame");
342 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
343 frame->stack_at(index));
344 }
345 TypeOrigin TypeOrigin::bad_index(u2 index) {
346 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
347 }
348 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
349 return TypeOrigin(CONST_POOL, index, NULL, vt);
350 }
351 TypeOrigin TypeOrigin::signature(VerificationType vt) {
352 return TypeOrigin(SIG, 0, NULL, vt);
353 }
354 TypeOrigin TypeOrigin::implicit(VerificationType t) {
355 return TypeOrigin(IMPLICIT, 0, NULL, t);
356 }
357 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
358 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
359 VerificationType::bogus_type());
360 }
361
362 void TypeOrigin::reset_frame() {
363 if (_frame != NULL) {
364 _frame->restore();
365 }
366 }
367
368 void TypeOrigin::details(outputStream* ss) const {
369 _type.print_on(ss);
370 switch (_origin) {
371 case CF_LOCALS:
372 ss->print(" (current frame, locals[%d])", _index);
373 break;
374 case CF_STACK:
375 ss->print(" (current frame, stack[%d])", _index);
376 break;
377 case SM_LOCALS:
378 ss->print(" (stack map, locals[%d])", _index);
379 break;
380 case SM_STACK:
381 ss->print(" (stack map, stack[%d])", _index);
382 break;
383 case CONST_POOL:
384 ss->print(" (constant pool %d)", _index);
385 break;
386 case SIG:
387 ss->print(" (from method signature)");
388 break;
389 case IMPLICIT:
390 case FRAME_ONLY:
391 case NONE:
392 default:
393 ;
394 }
395 }
396
397 #ifdef ASSERT
398 void TypeOrigin::print_on(outputStream* str) const {
399 str->print("{%d,%d,%p:", _origin, _index, _frame);
400 if (_frame != NULL) {
401 _frame->print_on(str);
402 } else {
403 str->print("null");
404 }
405 str->print(",");
406 _type.print_on(str);
407 str->print("}");
408 }
409 #endif
410
411 void ErrorContext::details(outputStream* ss, const Method* method) const {
412 if (is_valid()) {
413 ss->cr();
414 ss->print_cr("Exception Details:");
415 location_details(ss, method);
416 reason_details(ss);
417 frame_details(ss);
418 bytecode_details(ss, method);
419 handler_details(ss, method);
420 stackmap_details(ss, method);
421 }
422 }
423
424 void ErrorContext::reason_details(outputStream* ss) const {
425 streamIndentor si(ss);
426 ss->indent().print_cr("Reason:");
427 streamIndentor si2(ss);
428 ss->indent().print("%s", "");
429 switch (_fault) {
430 case INVALID_BYTECODE:
431 ss->print("Error exists in the bytecode");
432 break;
433 case WRONG_TYPE:
434 if (_expected.is_valid()) {
435 ss->print("Type ");
436 _type.details(ss);
437 ss->print(" is not assignable to ");
438 _expected.details(ss);
439 } else {
440 ss->print("Invalid type: ");
441 _type.details(ss);
442 }
443 break;
444 case FLAGS_MISMATCH:
445 if (_expected.is_valid()) {
446 ss->print("Current frame's flags are not assignable "
447 "to stack map frame's.");
448 } else {
449 ss->print("Current frame's flags are invalid in this context.");
450 }
451 break;
452 case BAD_CP_INDEX:
453 ss->print("Constant pool index %d is invalid", _type.index());
454 break;
455 case BAD_LOCAL_INDEX:
456 ss->print("Local index %d is invalid", _type.index());
457 break;
458 case LOCALS_SIZE_MISMATCH:
459 ss->print("Current frame's local size doesn't match stackmap.");
460 break;
461 case STACK_SIZE_MISMATCH:
462 ss->print("Current frame's stack size doesn't match stackmap.");
463 break;
464 case STACK_OVERFLOW:
465 ss->print("Exceeded max stack size.");
466 break;
467 case STACK_UNDERFLOW:
468 ss->print("Attempt to pop empty stack.");
469 break;
470 case MISSING_STACKMAP:
471 ss->print("Expected stackmap frame at this location.");
472 break;
473 case BAD_STACKMAP:
474 ss->print("Invalid stackmap specification.");
475 break;
476 case UNKNOWN:
477 default:
478 ShouldNotReachHere();
479 ss->print_cr("Unknown");
480 }
481 ss->cr();
482 }
483
484 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
485 if (_bci != -1 && method != NULL) {
486 streamIndentor si(ss);
487 const char* bytecode_name = "<invalid>";
488 if (method->validate_bci(_bci) != -1) {
489 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
490 if (Bytecodes::is_defined(code)) {
491 bytecode_name = Bytecodes::name(code);
492 } else {
493 bytecode_name = "<illegal>";
494 }
495 }
496 InstanceKlass* ik = method->method_holder();
497 ss->indent().print_cr("Location:");
498 streamIndentor si2(ss);
499 ss->indent().print_cr("%s.%s%s @%d: %s",
500 ik->name()->as_C_string(), method->name()->as_C_string(),
501 method->signature()->as_C_string(), _bci, bytecode_name);
502 }
503 }
504
505 void ErrorContext::frame_details(outputStream* ss) const {
506 streamIndentor si(ss);
507 if (_type.is_valid() && _type.frame() != NULL) {
508 ss->indent().print_cr("Current Frame:");
509 streamIndentor si2(ss);
510 _type.frame()->print_on(ss);
511 }
512 if (_expected.is_valid() && _expected.frame() != NULL) {
513 ss->indent().print_cr("Stackmap Frame:");
514 streamIndentor si2(ss);
515 _expected.frame()->print_on(ss);
516 }
517 }
518
519 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
520 if (method != NULL) {
521 streamIndentor si(ss);
522 ss->indent().print_cr("Bytecode:");
523 streamIndentor si2(ss);
524 ss->print_data(method->code_base(), method->code_size(), false);
525 }
526 }
527
528 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
529 if (method != NULL) {
530 streamIndentor si(ss);
531 ExceptionTable table(method);
532 if (table.length() > 0) {
533 ss->indent().print_cr("Exception Handler Table:");
534 streamIndentor si2(ss);
535 for (int i = 0; i < table.length(); ++i) {
536 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
537 table.end_pc(i), table.handler_pc(i));
538 }
539 }
540 }
541 }
542
543 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
544 if (method != NULL && method->has_stackmap_table()) {
545 streamIndentor si(ss);
546 ss->indent().print_cr("Stackmap Table:");
547 Array<u1>* data = method->stackmap_data();
548 stack_map_table* sm_table =
549 stack_map_table::at((address)data->adr_at(0));
550 stack_map_frame* sm_frame = sm_table->entries();
551 streamIndentor si2(ss);
552 int current_offset = -1;
553 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
554 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
555 ss->indent();
556 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
557 sm_frame->print_truncated(ss, current_offset);
558 return;
559 }
560 sm_frame->print_on(ss, current_offset);
561 ss->cr();
562 current_offset += sm_frame->offset_delta();
563 sm_frame = sm_frame->next();
564 }
565 }
566 }
567
568 // Methods in ClassVerifier
569
570 ClassVerifier::ClassVerifier(
571 InstanceKlass* klass, TRAPS)
572 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
573 _this_type = VerificationType::reference_type(klass->name());
574 // Create list to hold symbols in reference area.
575 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
576 }
577
578 ClassVerifier::~ClassVerifier() {
579 // Decrement the reference count for any symbols created.
580 for (int i = 0; i < _symbols->length(); i++) {
581 Symbol* s = _symbols->at(i);
582 s->decrement_refcount();
583 }
584 }
585
586 VerificationType ClassVerifier::object_type() const {
587 return VerificationType::reference_type(vmSymbols::java_lang_Object());
588 }
589
590 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
591 VerificationType vt = VerificationType::reference_type(
592 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
593 return TypeOrigin::implicit(vt);
594 }
595
596 void ClassVerifier::verify_class(TRAPS) {
597 log_info(verification)("Verifying class %s with new format", _klass->external_name());
598
599 Array<Method*>* methods = _klass->methods();
600 int num_methods = methods->length();
601
602 for (int index = 0; index < num_methods; index++) {
603 // Check for recursive re-verification before each method.
604 if (was_recursively_verified()) return;
605
606 Method* m = methods->at(index);
607 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
608 // If m is native or abstract, skip it. It is checked in class file
609 // parser that methods do not override a final method. Overpass methods
610 // are trusted since the VM generates them.
611 continue;
612 }
613 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
614 }
615
616 if (was_recursively_verified()){
617 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
618 log_info(class, init)("Recursive verification detected for: %s",
619 _klass->external_name());
620 }
621 }
622
623 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
624 HandleMark hm(THREAD);
625 _method = m; // initialize _method
626 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
627
628 // For clang, the only good constant format string is a literal constant format string.
629 #define bad_type_msg "Bad type on operand stack in %s"
630
631 int32_t max_stack = m->verifier_max_stack();
632 int32_t max_locals = m->max_locals();
633 constantPoolHandle cp(THREAD, m->constants());
634
635 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
636 class_format_error("Invalid method signature");
637 return;
638 }
639
640 // Initial stack map frame: offset is 0, stack is initially empty.
641 StackMapFrame current_frame(max_locals, max_stack, this);
642 // Set initial locals
643 VerificationType return_type = current_frame.set_locals_from_arg(
644 m, current_type(), CHECK_VERIFY(this));
645
646 int32_t stackmap_index = 0; // index to the stackmap array
647
648 u4 code_length = m->code_size();
649
650 // Scan the bytecode and map each instruction's start offset to a number.
651 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
652
653 int ex_min = code_length;
654 int ex_max = -1;
655 // Look through each item on the exception table. Each of the fields must refer
656 // to a legal instruction.
657 if (was_recursively_verified()) return;
658 verify_exception_handler_table(
659 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
660
661 // Look through each entry on the local variable table and make sure
662 // its range of code array offsets is valid. (4169817)
663 if (m->has_localvariable_table()) {
664 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
665 }
666
667 Array<u1>* stackmap_data = m->stackmap_data();
668 StackMapStream stream(stackmap_data);
669 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
670 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
671 code_data, code_length, CHECK_VERIFY(this));
672
673 LogTarget(Info, verification) lt;
674 if (lt.is_enabled()) {
675 ResourceMark rm(THREAD);
676 LogStream ls(lt);
677 stackmap_table.print_on(&ls);
678 }
679
680 RawBytecodeStream bcs(m);
681
682 // Scan the byte code linearly from the start to the end
683 bool no_control_flow = false; // Set to true when there is no direct control
684 // flow from current instruction to the next
685 // instruction in sequence
686
687 Bytecodes::Code opcode;
688 while (!bcs.is_last_bytecode()) {
689 // Check for recursive re-verification before each bytecode.
690 if (was_recursively_verified()) return;
691
692 opcode = bcs.raw_next();
693 u2 bci = bcs.bci();
694
695 // Set current frame's offset to bci
696 current_frame.set_offset(bci);
697 current_frame.set_mark();
698
699 // Make sure every offset in stackmap table point to the beginning to
700 // an instruction. Match current_frame to stackmap_table entry with
701 // the same offset if exists.
702 stackmap_index = verify_stackmap_table(
703 stackmap_index, bci, ¤t_frame, &stackmap_table,
704 no_control_flow, CHECK_VERIFY(this));
705
706
707 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
708 bool verified_exc_handlers = false;
709
710 // Merge with the next instruction
711 {
712 u2 index;
713 int target;
714 VerificationType type, type2;
715 VerificationType atype;
716
717 LogTarget(Info, verification) lt;
718 if (lt.is_enabled()) {
719 ResourceMark rm(THREAD);
720 LogStream ls(lt);
721 current_frame.print_on(&ls);
722 lt.print("offset = %d, opcode = %s", bci,
723 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
724 }
725
726 // Make sure wide instruction is in correct format
727 if (bcs.is_wide()) {
728 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
729 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
730 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
731 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
732 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
733 opcode != Bytecodes::_dstore) {
734 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
735 * if we encounter a wide instruction that modifies an invalid
736 * opcode (not one of the ones listed above) */
737 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
738 return;
739 }
740 }
741
742 // Look for possible jump target in exception handlers and see if it
743 // matches current_frame. Do this check here for astore*, dstore*,
744 // fstore*, istore*, and lstore* opcodes because they can change the type
745 // state by adding a local. JVM Spec says that the incoming type state
746 // should be used for this check. So, do the check here before a possible
747 // local is added to the type state.
748 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
749 if (was_recursively_verified()) return;
750 verify_exception_handler_targets(
751 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
752 verified_exc_handlers = true;
753 }
754
755 if (was_recursively_verified()) return;
756
757 switch (opcode) {
758 case Bytecodes::_nop :
759 no_control_flow = false; break;
760 case Bytecodes::_aconst_null :
761 current_frame.push_stack(
762 VerificationType::null_type(), CHECK_VERIFY(this));
763 no_control_flow = false; break;
764 case Bytecodes::_iconst_m1 :
765 case Bytecodes::_iconst_0 :
766 case Bytecodes::_iconst_1 :
767 case Bytecodes::_iconst_2 :
768 case Bytecodes::_iconst_3 :
769 case Bytecodes::_iconst_4 :
770 case Bytecodes::_iconst_5 :
771 current_frame.push_stack(
772 VerificationType::integer_type(), CHECK_VERIFY(this));
773 no_control_flow = false; break;
774 case Bytecodes::_lconst_0 :
775 case Bytecodes::_lconst_1 :
776 current_frame.push_stack_2(
777 VerificationType::long_type(),
778 VerificationType::long2_type(), CHECK_VERIFY(this));
779 no_control_flow = false; break;
780 case Bytecodes::_fconst_0 :
781 case Bytecodes::_fconst_1 :
782 case Bytecodes::_fconst_2 :
783 current_frame.push_stack(
784 VerificationType::float_type(), CHECK_VERIFY(this));
785 no_control_flow = false; break;
786 case Bytecodes::_dconst_0 :
787 case Bytecodes::_dconst_1 :
788 current_frame.push_stack_2(
789 VerificationType::double_type(),
790 VerificationType::double2_type(), CHECK_VERIFY(this));
791 no_control_flow = false; break;
792 case Bytecodes::_sipush :
793 case Bytecodes::_bipush :
794 current_frame.push_stack(
795 VerificationType::integer_type(), CHECK_VERIFY(this));
796 no_control_flow = false; break;
797 case Bytecodes::_ldc :
798 verify_ldc(
799 opcode, bcs.get_index_u1(), ¤t_frame,
800 cp, bci, CHECK_VERIFY(this));
801 no_control_flow = false; break;
802 case Bytecodes::_ldc_w :
803 case Bytecodes::_ldc2_w :
804 verify_ldc(
805 opcode, bcs.get_index_u2(), ¤t_frame,
806 cp, bci, CHECK_VERIFY(this));
807 no_control_flow = false; break;
808 case Bytecodes::_iload :
809 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
810 no_control_flow = false; break;
811 case Bytecodes::_iload_0 :
812 case Bytecodes::_iload_1 :
813 case Bytecodes::_iload_2 :
814 case Bytecodes::_iload_3 :
815 index = opcode - Bytecodes::_iload_0;
816 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
817 no_control_flow = false; break;
818 case Bytecodes::_lload :
819 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
820 no_control_flow = false; break;
821 case Bytecodes::_lload_0 :
822 case Bytecodes::_lload_1 :
823 case Bytecodes::_lload_2 :
824 case Bytecodes::_lload_3 :
825 index = opcode - Bytecodes::_lload_0;
826 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
827 no_control_flow = false; break;
828 case Bytecodes::_fload :
829 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
830 no_control_flow = false; break;
831 case Bytecodes::_fload_0 :
832 case Bytecodes::_fload_1 :
833 case Bytecodes::_fload_2 :
834 case Bytecodes::_fload_3 :
835 index = opcode - Bytecodes::_fload_0;
836 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
837 no_control_flow = false; break;
838 case Bytecodes::_dload :
839 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
840 no_control_flow = false; break;
841 case Bytecodes::_dload_0 :
842 case Bytecodes::_dload_1 :
843 case Bytecodes::_dload_2 :
844 case Bytecodes::_dload_3 :
845 index = opcode - Bytecodes::_dload_0;
846 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
847 no_control_flow = false; break;
848 case Bytecodes::_aload :
849 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
850 no_control_flow = false; break;
851 case Bytecodes::_aload_0 :
852 case Bytecodes::_aload_1 :
853 case Bytecodes::_aload_2 :
854 case Bytecodes::_aload_3 :
855 index = opcode - Bytecodes::_aload_0;
856 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
857 no_control_flow = false; break;
858 case Bytecodes::_iaload :
859 type = current_frame.pop_stack(
860 VerificationType::integer_type(), CHECK_VERIFY(this));
861 atype = current_frame.pop_stack(
862 VerificationType::reference_check(), CHECK_VERIFY(this));
863 if (!atype.is_int_array()) {
864 verify_error(ErrorContext::bad_type(bci,
865 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
866 bad_type_msg, "iaload");
867 return;
868 }
869 current_frame.push_stack(
870 VerificationType::integer_type(), CHECK_VERIFY(this));
871 no_control_flow = false; break;
872 case Bytecodes::_baload :
873 type = current_frame.pop_stack(
874 VerificationType::integer_type(), CHECK_VERIFY(this));
875 atype = current_frame.pop_stack(
876 VerificationType::reference_check(), CHECK_VERIFY(this));
877 if (!atype.is_bool_array() && !atype.is_byte_array()) {
878 verify_error(
879 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
880 bad_type_msg, "baload");
881 return;
882 }
883 current_frame.push_stack(
884 VerificationType::integer_type(), CHECK_VERIFY(this));
885 no_control_flow = false; break;
886 case Bytecodes::_caload :
887 type = current_frame.pop_stack(
888 VerificationType::integer_type(), CHECK_VERIFY(this));
889 atype = current_frame.pop_stack(
890 VerificationType::reference_check(), CHECK_VERIFY(this));
891 if (!atype.is_char_array()) {
892 verify_error(ErrorContext::bad_type(bci,
893 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
894 bad_type_msg, "caload");
895 return;
896 }
897 current_frame.push_stack(
898 VerificationType::integer_type(), CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_saload :
901 type = current_frame.pop_stack(
902 VerificationType::integer_type(), CHECK_VERIFY(this));
903 atype = current_frame.pop_stack(
904 VerificationType::reference_check(), CHECK_VERIFY(this));
905 if (!atype.is_short_array()) {
906 verify_error(ErrorContext::bad_type(bci,
907 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
908 bad_type_msg, "saload");
909 return;
910 }
911 current_frame.push_stack(
912 VerificationType::integer_type(), CHECK_VERIFY(this));
913 no_control_flow = false; break;
914 case Bytecodes::_laload :
915 type = current_frame.pop_stack(
916 VerificationType::integer_type(), CHECK_VERIFY(this));
917 atype = current_frame.pop_stack(
918 VerificationType::reference_check(), CHECK_VERIFY(this));
919 if (!atype.is_long_array()) {
920 verify_error(ErrorContext::bad_type(bci,
921 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
922 bad_type_msg, "laload");
923 return;
924 }
925 current_frame.push_stack_2(
926 VerificationType::long_type(),
927 VerificationType::long2_type(), CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 case Bytecodes::_faload :
930 type = current_frame.pop_stack(
931 VerificationType::integer_type(), CHECK_VERIFY(this));
932 atype = current_frame.pop_stack(
933 VerificationType::reference_check(), CHECK_VERIFY(this));
934 if (!atype.is_float_array()) {
935 verify_error(ErrorContext::bad_type(bci,
936 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
937 bad_type_msg, "faload");
938 return;
939 }
940 current_frame.push_stack(
941 VerificationType::float_type(), CHECK_VERIFY(this));
942 no_control_flow = false; break;
943 case Bytecodes::_daload :
944 type = current_frame.pop_stack(
945 VerificationType::integer_type(), CHECK_VERIFY(this));
946 atype = current_frame.pop_stack(
947 VerificationType::reference_check(), CHECK_VERIFY(this));
948 if (!atype.is_double_array()) {
949 verify_error(ErrorContext::bad_type(bci,
950 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
951 bad_type_msg, "daload");
952 return;
953 }
954 current_frame.push_stack_2(
955 VerificationType::double_type(),
956 VerificationType::double2_type(), CHECK_VERIFY(this));
957 no_control_flow = false; break;
958 case Bytecodes::_aaload : {
959 type = current_frame.pop_stack(
960 VerificationType::integer_type(), CHECK_VERIFY(this));
961 atype = current_frame.pop_stack(
962 VerificationType::reference_check(), CHECK_VERIFY(this));
963 if (!atype.is_reference_array()) {
964 verify_error(ErrorContext::bad_type(bci,
965 current_frame.stack_top_ctx(),
966 TypeOrigin::implicit(VerificationType::reference_check())),
967 bad_type_msg, "aaload");
968 return;
969 }
970 if (atype.is_null()) {
971 current_frame.push_stack(
972 VerificationType::null_type(), CHECK_VERIFY(this));
973 } else {
974 VerificationType component =
975 atype.get_component(this, CHECK_VERIFY(this));
976 current_frame.push_stack(component, CHECK_VERIFY(this));
977 }
978 no_control_flow = false; break;
979 }
980 case Bytecodes::_istore :
981 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
982 no_control_flow = false; break;
983 case Bytecodes::_istore_0 :
984 case Bytecodes::_istore_1 :
985 case Bytecodes::_istore_2 :
986 case Bytecodes::_istore_3 :
987 index = opcode - Bytecodes::_istore_0;
988 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
989 no_control_flow = false; break;
990 case Bytecodes::_lstore :
991 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
992 no_control_flow = false; break;
993 case Bytecodes::_lstore_0 :
994 case Bytecodes::_lstore_1 :
995 case Bytecodes::_lstore_2 :
996 case Bytecodes::_lstore_3 :
997 index = opcode - Bytecodes::_lstore_0;
998 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
999 no_control_flow = false; break;
1000 case Bytecodes::_fstore :
1001 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1002 no_control_flow = false; break;
1003 case Bytecodes::_fstore_0 :
1004 case Bytecodes::_fstore_1 :
1005 case Bytecodes::_fstore_2 :
1006 case Bytecodes::_fstore_3 :
1007 index = opcode - Bytecodes::_fstore_0;
1008 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1009 no_control_flow = false; break;
1010 case Bytecodes::_dstore :
1011 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1012 no_control_flow = false; break;
1013 case Bytecodes::_dstore_0 :
1014 case Bytecodes::_dstore_1 :
1015 case Bytecodes::_dstore_2 :
1016 case Bytecodes::_dstore_3 :
1017 index = opcode - Bytecodes::_dstore_0;
1018 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1019 no_control_flow = false; break;
1020 case Bytecodes::_astore :
1021 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1022 no_control_flow = false; break;
1023 case Bytecodes::_astore_0 :
1024 case Bytecodes::_astore_1 :
1025 case Bytecodes::_astore_2 :
1026 case Bytecodes::_astore_3 :
1027 index = opcode - Bytecodes::_astore_0;
1028 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1029 no_control_flow = false; break;
1030 case Bytecodes::_iastore :
1031 type = current_frame.pop_stack(
1032 VerificationType::integer_type(), CHECK_VERIFY(this));
1033 type2 = current_frame.pop_stack(
1034 VerificationType::integer_type(), CHECK_VERIFY(this));
1035 atype = current_frame.pop_stack(
1036 VerificationType::reference_check(), CHECK_VERIFY(this));
1037 if (!atype.is_int_array()) {
1038 verify_error(ErrorContext::bad_type(bci,
1039 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
1040 bad_type_msg, "iastore");
1041 return;
1042 }
1043 no_control_flow = false; break;
1044 case Bytecodes::_bastore :
1045 type = current_frame.pop_stack(
1046 VerificationType::integer_type(), CHECK_VERIFY(this));
1047 type2 = current_frame.pop_stack(
1048 VerificationType::integer_type(), CHECK_VERIFY(this));
1049 atype = current_frame.pop_stack(
1050 VerificationType::reference_check(), CHECK_VERIFY(this));
1051 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1052 verify_error(
1053 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1054 bad_type_msg, "bastore");
1055 return;
1056 }
1057 no_control_flow = false; break;
1058 case Bytecodes::_castore :
1059 current_frame.pop_stack(
1060 VerificationType::integer_type(), CHECK_VERIFY(this));
1061 current_frame.pop_stack(
1062 VerificationType::integer_type(), CHECK_VERIFY(this));
1063 atype = current_frame.pop_stack(
1064 VerificationType::reference_check(), CHECK_VERIFY(this));
1065 if (!atype.is_char_array()) {
1066 verify_error(ErrorContext::bad_type(bci,
1067 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1068 bad_type_msg, "castore");
1069 return;
1070 }
1071 no_control_flow = false; break;
1072 case Bytecodes::_sastore :
1073 current_frame.pop_stack(
1074 VerificationType::integer_type(), CHECK_VERIFY(this));
1075 current_frame.pop_stack(
1076 VerificationType::integer_type(), CHECK_VERIFY(this));
1077 atype = current_frame.pop_stack(
1078 VerificationType::reference_check(), CHECK_VERIFY(this));
1079 if (!atype.is_short_array()) {
1080 verify_error(ErrorContext::bad_type(bci,
1081 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1082 bad_type_msg, "sastore");
1083 return;
1084 }
1085 no_control_flow = false; break;
1086 case Bytecodes::_lastore :
1087 current_frame.pop_stack_2(
1088 VerificationType::long2_type(),
1089 VerificationType::long_type(), CHECK_VERIFY(this));
1090 current_frame.pop_stack(
1091 VerificationType::integer_type(), CHECK_VERIFY(this));
1092 atype = current_frame.pop_stack(
1093 VerificationType::reference_check(), CHECK_VERIFY(this));
1094 if (!atype.is_long_array()) {
1095 verify_error(ErrorContext::bad_type(bci,
1096 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1097 bad_type_msg, "lastore");
1098 return;
1099 }
1100 no_control_flow = false; break;
1101 case Bytecodes::_fastore :
1102 current_frame.pop_stack(
1103 VerificationType::float_type(), CHECK_VERIFY(this));
1104 current_frame.pop_stack
1105 (VerificationType::integer_type(), CHECK_VERIFY(this));
1106 atype = current_frame.pop_stack(
1107 VerificationType::reference_check(), CHECK_VERIFY(this));
1108 if (!atype.is_float_array()) {
1109 verify_error(ErrorContext::bad_type(bci,
1110 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1111 bad_type_msg, "fastore");
1112 return;
1113 }
1114 no_control_flow = false; break;
1115 case Bytecodes::_dastore :
1116 current_frame.pop_stack_2(
1117 VerificationType::double2_type(),
1118 VerificationType::double_type(), CHECK_VERIFY(this));
1119 current_frame.pop_stack(
1120 VerificationType::integer_type(), CHECK_VERIFY(this));
1121 atype = current_frame.pop_stack(
1122 VerificationType::reference_check(), CHECK_VERIFY(this));
1123 if (!atype.is_double_array()) {
1124 verify_error(ErrorContext::bad_type(bci,
1125 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1126 bad_type_msg, "dastore");
1127 return;
1128 }
1129 no_control_flow = false; break;
1130 case Bytecodes::_aastore :
1131 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1132 type2 = current_frame.pop_stack(
1133 VerificationType::integer_type(), CHECK_VERIFY(this));
1134 atype = current_frame.pop_stack(
1135 VerificationType::reference_check(), CHECK_VERIFY(this));
1136 // more type-checking is done at runtime
1137 if (!atype.is_reference_array()) {
1138 verify_error(ErrorContext::bad_type(bci,
1139 current_frame.stack_top_ctx(),
1140 TypeOrigin::implicit(VerificationType::reference_check())),
1141 bad_type_msg, "aastore");
1142 return;
1143 }
1144 // 4938384: relaxed constraint in JVMS 3nd edition.
1145 no_control_flow = false; break;
1146 case Bytecodes::_pop :
1147 current_frame.pop_stack(
1148 VerificationType::category1_check(), CHECK_VERIFY(this));
1149 no_control_flow = false; break;
1150 case Bytecodes::_pop2 :
1151 type = current_frame.pop_stack(CHECK_VERIFY(this));
1152 if (type.is_category1()) {
1153 current_frame.pop_stack(
1154 VerificationType::category1_check(), CHECK_VERIFY(this));
1155 } else if (type.is_category2_2nd()) {
1156 current_frame.pop_stack(
1157 VerificationType::category2_check(), CHECK_VERIFY(this));
1158 } else {
1159 /* Unreachable? Would need a category2_1st on TOS
1160 * which does not appear possible. */
1161 verify_error(
1162 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1163 bad_type_msg, "pop2");
1164 return;
1165 }
1166 no_control_flow = false; break;
1167 case Bytecodes::_dup :
1168 type = current_frame.pop_stack(
1169 VerificationType::category1_check(), CHECK_VERIFY(this));
1170 current_frame.push_stack(type, CHECK_VERIFY(this));
1171 current_frame.push_stack(type, CHECK_VERIFY(this));
1172 no_control_flow = false; break;
1173 case Bytecodes::_dup_x1 :
1174 type = current_frame.pop_stack(
1175 VerificationType::category1_check(), CHECK_VERIFY(this));
1176 type2 = current_frame.pop_stack(
1177 VerificationType::category1_check(), CHECK_VERIFY(this));
1178 current_frame.push_stack(type, CHECK_VERIFY(this));
1179 current_frame.push_stack(type2, CHECK_VERIFY(this));
1180 current_frame.push_stack(type, CHECK_VERIFY(this));
1181 no_control_flow = false; break;
1182 case Bytecodes::_dup_x2 :
1183 {
1184 VerificationType type3;
1185 type = current_frame.pop_stack(
1186 VerificationType::category1_check(), CHECK_VERIFY(this));
1187 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1188 if (type2.is_category1()) {
1189 type3 = current_frame.pop_stack(
1190 VerificationType::category1_check(), CHECK_VERIFY(this));
1191 } else if (type2.is_category2_2nd()) {
1192 type3 = current_frame.pop_stack(
1193 VerificationType::category2_check(), CHECK_VERIFY(this));
1194 } else {
1195 /* Unreachable? Would need a category2_1st at stack depth 2 with
1196 * a category1 on TOS which does not appear possible. */
1197 verify_error(ErrorContext::bad_type(
1198 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1199 return;
1200 }
1201 current_frame.push_stack(type, CHECK_VERIFY(this));
1202 current_frame.push_stack(type3, CHECK_VERIFY(this));
1203 current_frame.push_stack(type2, CHECK_VERIFY(this));
1204 current_frame.push_stack(type, CHECK_VERIFY(this));
1205 no_control_flow = false; break;
1206 }
1207 case Bytecodes::_dup2 :
1208 type = current_frame.pop_stack(CHECK_VERIFY(this));
1209 if (type.is_category1()) {
1210 type2 = current_frame.pop_stack(
1211 VerificationType::category1_check(), CHECK_VERIFY(this));
1212 } else if (type.is_category2_2nd()) {
1213 type2 = current_frame.pop_stack(
1214 VerificationType::category2_check(), CHECK_VERIFY(this));
1215 } else {
1216 /* Unreachable? Would need a category2_1st on TOS which does not
1217 * appear possible. */
1218 verify_error(
1219 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1220 bad_type_msg, "dup2");
1221 return;
1222 }
1223 current_frame.push_stack(type2, CHECK_VERIFY(this));
1224 current_frame.push_stack(type, CHECK_VERIFY(this));
1225 current_frame.push_stack(type2, CHECK_VERIFY(this));
1226 current_frame.push_stack(type, CHECK_VERIFY(this));
1227 no_control_flow = false; break;
1228 case Bytecodes::_dup2_x1 :
1229 {
1230 VerificationType type3;
1231 type = current_frame.pop_stack(CHECK_VERIFY(this));
1232 if (type.is_category1()) {
1233 type2 = current_frame.pop_stack(
1234 VerificationType::category1_check(), CHECK_VERIFY(this));
1235 } else if (type.is_category2_2nd()) {
1236 type2 = current_frame.pop_stack(
1237 VerificationType::category2_check(), CHECK_VERIFY(this));
1238 } else {
1239 /* Unreachable? Would need a category2_1st on TOS which does
1240 * not appear possible. */
1241 verify_error(
1242 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1243 bad_type_msg, "dup2_x1");
1244 return;
1245 }
1246 type3 = current_frame.pop_stack(
1247 VerificationType::category1_check(), CHECK_VERIFY(this));
1248 current_frame.push_stack(type2, CHECK_VERIFY(this));
1249 current_frame.push_stack(type, CHECK_VERIFY(this));
1250 current_frame.push_stack(type3, CHECK_VERIFY(this));
1251 current_frame.push_stack(type2, CHECK_VERIFY(this));
1252 current_frame.push_stack(type, CHECK_VERIFY(this));
1253 no_control_flow = false; break;
1254 }
1255 case Bytecodes::_dup2_x2 :
1256 {
1257 VerificationType type3, type4;
1258 type = current_frame.pop_stack(CHECK_VERIFY(this));
1259 if (type.is_category1()) {
1260 type2 = current_frame.pop_stack(
1261 VerificationType::category1_check(), CHECK_VERIFY(this));
1262 } else if (type.is_category2_2nd()) {
1263 type2 = current_frame.pop_stack(
1264 VerificationType::category2_check(), CHECK_VERIFY(this));
1265 } else {
1266 /* Unreachable? Would need a category2_1st on TOS which does
1267 * not appear possible. */
1268 verify_error(
1269 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1270 bad_type_msg, "dup2_x2");
1271 return;
1272 }
1273 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1274 if (type3.is_category1()) {
1275 type4 = current_frame.pop_stack(
1276 VerificationType::category1_check(), CHECK_VERIFY(this));
1277 } else if (type3.is_category2_2nd()) {
1278 type4 = current_frame.pop_stack(
1279 VerificationType::category2_check(), CHECK_VERIFY(this));
1280 } else {
1281 /* Unreachable? Would need a category2_1st on TOS after popping
1282 * a long/double or two category 1's, which does not
1283 * appear possible. */
1284 verify_error(
1285 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1286 bad_type_msg, "dup2_x2");
1287 return;
1288 }
1289 current_frame.push_stack(type2, CHECK_VERIFY(this));
1290 current_frame.push_stack(type, CHECK_VERIFY(this));
1291 current_frame.push_stack(type4, CHECK_VERIFY(this));
1292 current_frame.push_stack(type3, CHECK_VERIFY(this));
1293 current_frame.push_stack(type2, CHECK_VERIFY(this));
1294 current_frame.push_stack(type, CHECK_VERIFY(this));
1295 no_control_flow = false; break;
1296 }
1297 case Bytecodes::_swap :
1298 type = current_frame.pop_stack(
1299 VerificationType::category1_check(), CHECK_VERIFY(this));
1300 type2 = current_frame.pop_stack(
1301 VerificationType::category1_check(), CHECK_VERIFY(this));
1302 current_frame.push_stack(type, CHECK_VERIFY(this));
1303 current_frame.push_stack(type2, CHECK_VERIFY(this));
1304 no_control_flow = false; break;
1305 case Bytecodes::_iadd :
1306 case Bytecodes::_isub :
1307 case Bytecodes::_imul :
1308 case Bytecodes::_idiv :
1309 case Bytecodes::_irem :
1310 case Bytecodes::_ishl :
1311 case Bytecodes::_ishr :
1312 case Bytecodes::_iushr :
1313 case Bytecodes::_ior :
1314 case Bytecodes::_ixor :
1315 case Bytecodes::_iand :
1316 current_frame.pop_stack(
1317 VerificationType::integer_type(), CHECK_VERIFY(this));
1318 // fall through
1319 case Bytecodes::_ineg :
1320 current_frame.pop_stack(
1321 VerificationType::integer_type(), CHECK_VERIFY(this));
1322 current_frame.push_stack(
1323 VerificationType::integer_type(), CHECK_VERIFY(this));
1324 no_control_flow = false; break;
1325 case Bytecodes::_ladd :
1326 case Bytecodes::_lsub :
1327 case Bytecodes::_lmul :
1328 case Bytecodes::_ldiv :
1329 case Bytecodes::_lrem :
1330 case Bytecodes::_land :
1331 case Bytecodes::_lor :
1332 case Bytecodes::_lxor :
1333 current_frame.pop_stack_2(
1334 VerificationType::long2_type(),
1335 VerificationType::long_type(), CHECK_VERIFY(this));
1336 // fall through
1337 case Bytecodes::_lneg :
1338 current_frame.pop_stack_2(
1339 VerificationType::long2_type(),
1340 VerificationType::long_type(), CHECK_VERIFY(this));
1341 current_frame.push_stack_2(
1342 VerificationType::long_type(),
1343 VerificationType::long2_type(), CHECK_VERIFY(this));
1344 no_control_flow = false; break;
1345 case Bytecodes::_lshl :
1346 case Bytecodes::_lshr :
1347 case Bytecodes::_lushr :
1348 current_frame.pop_stack(
1349 VerificationType::integer_type(), CHECK_VERIFY(this));
1350 current_frame.pop_stack_2(
1351 VerificationType::long2_type(),
1352 VerificationType::long_type(), CHECK_VERIFY(this));
1353 current_frame.push_stack_2(
1354 VerificationType::long_type(),
1355 VerificationType::long2_type(), CHECK_VERIFY(this));
1356 no_control_flow = false; break;
1357 case Bytecodes::_fadd :
1358 case Bytecodes::_fsub :
1359 case Bytecodes::_fmul :
1360 case Bytecodes::_fdiv :
1361 case Bytecodes::_frem :
1362 current_frame.pop_stack(
1363 VerificationType::float_type(), CHECK_VERIFY(this));
1364 // fall through
1365 case Bytecodes::_fneg :
1366 current_frame.pop_stack(
1367 VerificationType::float_type(), CHECK_VERIFY(this));
1368 current_frame.push_stack(
1369 VerificationType::float_type(), CHECK_VERIFY(this));
1370 no_control_flow = false; break;
1371 case Bytecodes::_dadd :
1372 case Bytecodes::_dsub :
1373 case Bytecodes::_dmul :
1374 case Bytecodes::_ddiv :
1375 case Bytecodes::_drem :
1376 current_frame.pop_stack_2(
1377 VerificationType::double2_type(),
1378 VerificationType::double_type(), CHECK_VERIFY(this));
1379 // fall through
1380 case Bytecodes::_dneg :
1381 current_frame.pop_stack_2(
1382 VerificationType::double2_type(),
1383 VerificationType::double_type(), CHECK_VERIFY(this));
1384 current_frame.push_stack_2(
1385 VerificationType::double_type(),
1386 VerificationType::double2_type(), CHECK_VERIFY(this));
1387 no_control_flow = false; break;
1388 case Bytecodes::_iinc :
1389 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1390 no_control_flow = false; break;
1391 case Bytecodes::_i2l :
1392 type = current_frame.pop_stack(
1393 VerificationType::integer_type(), CHECK_VERIFY(this));
1394 current_frame.push_stack_2(
1395 VerificationType::long_type(),
1396 VerificationType::long2_type(), CHECK_VERIFY(this));
1397 no_control_flow = false; break;
1398 case Bytecodes::_l2i :
1399 current_frame.pop_stack_2(
1400 VerificationType::long2_type(),
1401 VerificationType::long_type(), CHECK_VERIFY(this));
1402 current_frame.push_stack(
1403 VerificationType::integer_type(), CHECK_VERIFY(this));
1404 no_control_flow = false; break;
1405 case Bytecodes::_i2f :
1406 current_frame.pop_stack(
1407 VerificationType::integer_type(), CHECK_VERIFY(this));
1408 current_frame.push_stack(
1409 VerificationType::float_type(), CHECK_VERIFY(this));
1410 no_control_flow = false; break;
1411 case Bytecodes::_i2d :
1412 current_frame.pop_stack(
1413 VerificationType::integer_type(), CHECK_VERIFY(this));
1414 current_frame.push_stack_2(
1415 VerificationType::double_type(),
1416 VerificationType::double2_type(), CHECK_VERIFY(this));
1417 no_control_flow = false; break;
1418 case Bytecodes::_l2f :
1419 current_frame.pop_stack_2(
1420 VerificationType::long2_type(),
1421 VerificationType::long_type(), CHECK_VERIFY(this));
1422 current_frame.push_stack(
1423 VerificationType::float_type(), CHECK_VERIFY(this));
1424 no_control_flow = false; break;
1425 case Bytecodes::_l2d :
1426 current_frame.pop_stack_2(
1427 VerificationType::long2_type(),
1428 VerificationType::long_type(), CHECK_VERIFY(this));
1429 current_frame.push_stack_2(
1430 VerificationType::double_type(),
1431 VerificationType::double2_type(), CHECK_VERIFY(this));
1432 no_control_flow = false; break;
1433 case Bytecodes::_f2i :
1434 current_frame.pop_stack(
1435 VerificationType::float_type(), CHECK_VERIFY(this));
1436 current_frame.push_stack(
1437 VerificationType::integer_type(), CHECK_VERIFY(this));
1438 no_control_flow = false; break;
1439 case Bytecodes::_f2l :
1440 current_frame.pop_stack(
1441 VerificationType::float_type(), CHECK_VERIFY(this));
1442 current_frame.push_stack_2(
1443 VerificationType::long_type(),
1444 VerificationType::long2_type(), CHECK_VERIFY(this));
1445 no_control_flow = false; break;
1446 case Bytecodes::_f2d :
1447 current_frame.pop_stack(
1448 VerificationType::float_type(), CHECK_VERIFY(this));
1449 current_frame.push_stack_2(
1450 VerificationType::double_type(),
1451 VerificationType::double2_type(), CHECK_VERIFY(this));
1452 no_control_flow = false; break;
1453 case Bytecodes::_d2i :
1454 current_frame.pop_stack_2(
1455 VerificationType::double2_type(),
1456 VerificationType::double_type(), CHECK_VERIFY(this));
1457 current_frame.push_stack(
1458 VerificationType::integer_type(), CHECK_VERIFY(this));
1459 no_control_flow = false; break;
1460 case Bytecodes::_d2l :
1461 current_frame.pop_stack_2(
1462 VerificationType::double2_type(),
1463 VerificationType::double_type(), CHECK_VERIFY(this));
1464 current_frame.push_stack_2(
1465 VerificationType::long_type(),
1466 VerificationType::long2_type(), CHECK_VERIFY(this));
1467 no_control_flow = false; break;
1468 case Bytecodes::_d2f :
1469 current_frame.pop_stack_2(
1470 VerificationType::double2_type(),
1471 VerificationType::double_type(), CHECK_VERIFY(this));
1472 current_frame.push_stack(
1473 VerificationType::float_type(), CHECK_VERIFY(this));
1474 no_control_flow = false; break;
1475 case Bytecodes::_i2b :
1476 case Bytecodes::_i2c :
1477 case Bytecodes::_i2s :
1478 current_frame.pop_stack(
1479 VerificationType::integer_type(), CHECK_VERIFY(this));
1480 current_frame.push_stack(
1481 VerificationType::integer_type(), CHECK_VERIFY(this));
1482 no_control_flow = false; break;
1483 case Bytecodes::_lcmp :
1484 current_frame.pop_stack_2(
1485 VerificationType::long2_type(),
1486 VerificationType::long_type(), CHECK_VERIFY(this));
1487 current_frame.pop_stack_2(
1488 VerificationType::long2_type(),
1489 VerificationType::long_type(), CHECK_VERIFY(this));
1490 current_frame.push_stack(
1491 VerificationType::integer_type(), CHECK_VERIFY(this));
1492 no_control_flow = false; break;
1493 case Bytecodes::_fcmpl :
1494 case Bytecodes::_fcmpg :
1495 current_frame.pop_stack(
1496 VerificationType::float_type(), CHECK_VERIFY(this));
1497 current_frame.pop_stack(
1498 VerificationType::float_type(), CHECK_VERIFY(this));
1499 current_frame.push_stack(
1500 VerificationType::integer_type(), CHECK_VERIFY(this));
1501 no_control_flow = false; break;
1502 case Bytecodes::_dcmpl :
1503 case Bytecodes::_dcmpg :
1504 current_frame.pop_stack_2(
1505 VerificationType::double2_type(),
1506 VerificationType::double_type(), CHECK_VERIFY(this));
1507 current_frame.pop_stack_2(
1508 VerificationType::double2_type(),
1509 VerificationType::double_type(), CHECK_VERIFY(this));
1510 current_frame.push_stack(
1511 VerificationType::integer_type(), CHECK_VERIFY(this));
1512 no_control_flow = false; break;
1513 case Bytecodes::_if_icmpeq:
1514 case Bytecodes::_if_icmpne:
1515 case Bytecodes::_if_icmplt:
1516 case Bytecodes::_if_icmpge:
1517 case Bytecodes::_if_icmpgt:
1518 case Bytecodes::_if_icmple:
1519 current_frame.pop_stack(
1520 VerificationType::integer_type(), CHECK_VERIFY(this));
1521 // fall through
1522 case Bytecodes::_ifeq:
1523 case Bytecodes::_ifne:
1524 case Bytecodes::_iflt:
1525 case Bytecodes::_ifge:
1526 case Bytecodes::_ifgt:
1527 case Bytecodes::_ifle:
1528 current_frame.pop_stack(
1529 VerificationType::integer_type(), CHECK_VERIFY(this));
1530 target = bcs.dest();
1531 stackmap_table.check_jump_target(
1532 ¤t_frame, target, CHECK_VERIFY(this));
1533 no_control_flow = false; break;
1534 case Bytecodes::_if_acmpeq :
1535 case Bytecodes::_if_acmpne :
1536 current_frame.pop_stack(
1537 VerificationType::reference_check(), CHECK_VERIFY(this));
1538 // fall through
1539 case Bytecodes::_ifnull :
1540 case Bytecodes::_ifnonnull :
1541 current_frame.pop_stack(
1542 VerificationType::reference_check(), CHECK_VERIFY(this));
1543 target = bcs.dest();
1544 stackmap_table.check_jump_target
1545 (¤t_frame, target, CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_goto :
1548 target = bcs.dest();
1549 stackmap_table.check_jump_target(
1550 ¤t_frame, target, CHECK_VERIFY(this));
1551 no_control_flow = true; break;
1552 case Bytecodes::_goto_w :
1553 target = bcs.dest_w();
1554 stackmap_table.check_jump_target(
1555 ¤t_frame, target, CHECK_VERIFY(this));
1556 no_control_flow = true; break;
1557 case Bytecodes::_tableswitch :
1558 case Bytecodes::_lookupswitch :
1559 verify_switch(
1560 &bcs, code_length, code_data, ¤t_frame,
1561 &stackmap_table, CHECK_VERIFY(this));
1562 no_control_flow = true; break;
1563 case Bytecodes::_ireturn :
1564 type = current_frame.pop_stack(
1565 VerificationType::integer_type(), CHECK_VERIFY(this));
1566 verify_return_value(return_type, type, bci,
1567 ¤t_frame, CHECK_VERIFY(this));
1568 no_control_flow = true; break;
1569 case Bytecodes::_lreturn :
1570 type2 = current_frame.pop_stack(
1571 VerificationType::long2_type(), CHECK_VERIFY(this));
1572 type = current_frame.pop_stack(
1573 VerificationType::long_type(), CHECK_VERIFY(this));
1574 verify_return_value(return_type, type, bci,
1575 ¤t_frame, CHECK_VERIFY(this));
1576 no_control_flow = true; break;
1577 case Bytecodes::_freturn :
1578 type = current_frame.pop_stack(
1579 VerificationType::float_type(), CHECK_VERIFY(this));
1580 verify_return_value(return_type, type, bci,
1581 ¤t_frame, CHECK_VERIFY(this));
1582 no_control_flow = true; break;
1583 case Bytecodes::_dreturn :
1584 type2 = current_frame.pop_stack(
1585 VerificationType::double2_type(), CHECK_VERIFY(this));
1586 type = current_frame.pop_stack(
1587 VerificationType::double_type(), CHECK_VERIFY(this));
1588 verify_return_value(return_type, type, bci,
1589 ¤t_frame, CHECK_VERIFY(this));
1590 no_control_flow = true; break;
1591 case Bytecodes::_areturn :
1592 type = current_frame.pop_stack(
1593 VerificationType::reference_check(), CHECK_VERIFY(this));
1594 verify_return_value(return_type, type, bci,
1595 ¤t_frame, CHECK_VERIFY(this));
1596 no_control_flow = true; break;
1597 case Bytecodes::_return :
1598 if (return_type != VerificationType::bogus_type()) {
1599 verify_error(ErrorContext::bad_code(bci),
1600 "Method expects a return value");
1601 return;
1602 }
1603 // Make sure "this" has been initialized if current method is an
1604 // <init>.
1605 if (_method->name() == vmSymbols::object_initializer_name() &&
1606 current_frame.flag_this_uninit()) {
1607 verify_error(ErrorContext::bad_code(bci),
1608 "Constructor must call super() or this() "
1609 "before return");
1610 return;
1611 }
1612 no_control_flow = true; break;
1613 case Bytecodes::_getstatic :
1614 case Bytecodes::_putstatic :
1615 // pass TRUE, operand can be an array type for getstatic/putstatic.
1616 verify_field_instructions(
1617 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1618 no_control_flow = false; break;
1619 case Bytecodes::_getfield :
1620 case Bytecodes::_putfield :
1621 // pass FALSE, operand can't be an array type for getfield/putfield.
1622 verify_field_instructions(
1623 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_invokevirtual :
1626 case Bytecodes::_invokespecial :
1627 case Bytecodes::_invokestatic :
1628 verify_invoke_instructions(
1629 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1630 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1631 no_control_flow = false; break;
1632 case Bytecodes::_invokeinterface :
1633 case Bytecodes::_invokedynamic :
1634 verify_invoke_instructions(
1635 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1636 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1637 no_control_flow = false; break;
1638 case Bytecodes::_new :
1639 {
1640 index = bcs.get_index_u2();
1641 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1642 VerificationType new_class_type =
1643 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1644 if (!new_class_type.is_object()) {
1645 verify_error(ErrorContext::bad_type(bci,
1646 TypeOrigin::cp(index, new_class_type)),
1647 "Illegal new instruction");
1648 return;
1649 }
1650 type = VerificationType::uninitialized_type(bci);
1651 current_frame.push_stack(type, CHECK_VERIFY(this));
1652 no_control_flow = false; break;
1653 }
1654 case Bytecodes::_newarray :
1655 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1656 current_frame.pop_stack(
1657 VerificationType::integer_type(), CHECK_VERIFY(this));
1658 current_frame.push_stack(type, CHECK_VERIFY(this));
1659 no_control_flow = false; break;
1660 case Bytecodes::_anewarray :
1661 verify_anewarray(
1662 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1663 no_control_flow = false; break;
1664 case Bytecodes::_arraylength :
1665 type = current_frame.pop_stack(
1666 VerificationType::reference_check(), CHECK_VERIFY(this));
1667 if (!(type.is_null() || type.is_array())) {
1668 verify_error(ErrorContext::bad_type(
1669 bci, current_frame.stack_top_ctx()),
1670 bad_type_msg, "arraylength");
1671 }
1672 current_frame.push_stack(
1673 VerificationType::integer_type(), CHECK_VERIFY(this));
1674 no_control_flow = false; break;
1675 case Bytecodes::_checkcast :
1676 {
1677 index = bcs.get_index_u2();
1678 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1679 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1680 VerificationType klass_type = cp_index_to_type(
1681 index, cp, CHECK_VERIFY(this));
1682 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1683 no_control_flow = false; break;
1684 }
1685 case Bytecodes::_instanceof : {
1686 index = bcs.get_index_u2();
1687 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1688 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1689 current_frame.push_stack(
1690 VerificationType::integer_type(), CHECK_VERIFY(this));
1691 no_control_flow = false; break;
1692 }
1693 case Bytecodes::_monitorenter :
1694 case Bytecodes::_monitorexit :
1695 current_frame.pop_stack(
1696 VerificationType::reference_check(), CHECK_VERIFY(this));
1697 no_control_flow = false; break;
1698 case Bytecodes::_multianewarray :
1699 {
1700 index = bcs.get_index_u2();
1701 u2 dim = *(bcs.bcp()+3);
1702 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1703 VerificationType new_array_type =
1704 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1705 if (!new_array_type.is_array()) {
1706 verify_error(ErrorContext::bad_type(bci,
1707 TypeOrigin::cp(index, new_array_type)),
1708 "Illegal constant pool index in multianewarray instruction");
1709 return;
1710 }
1711 if (dim < 1 || new_array_type.dimensions() < dim) {
1712 verify_error(ErrorContext::bad_code(bci),
1713 "Illegal dimension in multianewarray instruction: %d", dim);
1714 return;
1715 }
1716 for (int i = 0; i < dim; i++) {
1717 current_frame.pop_stack(
1718 VerificationType::integer_type(), CHECK_VERIFY(this));
1719 }
1720 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1721 no_control_flow = false; break;
1722 }
1723 case Bytecodes::_athrow :
1724 type = VerificationType::reference_type(
1725 vmSymbols::java_lang_Throwable());
1726 current_frame.pop_stack(type, CHECK_VERIFY(this));
1727 no_control_flow = true; break;
1728 default:
1729 // We only need to check the valid bytecodes in class file.
1730 // And jsr and ret are not in the new class file format in JDK1.5.
1731 verify_error(ErrorContext::bad_code(bci),
1732 "Bad instruction: %02x", opcode);
1733 no_control_flow = false;
1734 return;
1735 } // end switch
1736 } // end Merge with the next instruction
1737
1738 // Look for possible jump target in exception handlers and see if it matches
1739 // current_frame. Don't do this check if it has already been done (for
1740 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1741 // opcodes, such as invokespecial, may set the this_uninit flag.
1742 assert(!(verified_exc_handlers && this_uninit),
1743 "Exception handler targets got verified before this_uninit got set");
1744 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1745 if (was_recursively_verified()) return;
1746 verify_exception_handler_targets(
1747 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1748 }
1749 } // end while
1750
1751 // Make sure that control flow does not fall through end of the method
1752 if (!no_control_flow) {
1753 verify_error(ErrorContext::bad_code(code_length),
1754 "Control flow falls through code end");
1755 return;
1756 }
1757 }
1758
1759 #undef bad_type_message
1760
1761 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1762 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1763 memset(code_data, 0, sizeof(char) * code_length);
1764 RawBytecodeStream bcs(m);
1765
1766 while (!bcs.is_last_bytecode()) {
1767 if (bcs.raw_next() != Bytecodes::_illegal) {
1768 int bci = bcs.bci();
1769 if (bcs.raw_code() == Bytecodes::_new) {
1770 code_data[bci] = NEW_OFFSET;
1771 } else {
1772 code_data[bci] = BYTECODE_OFFSET;
1773 }
1774 } else {
1775 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1776 return NULL;
1777 }
1778 }
1779
1780 return code_data;
1781 }
1782
1783 // Since this method references the constant pool, call was_recursively_verified()
1784 // before calling this method to make sure a prior class load did not cause the
1785 // current class to get verified.
1786 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1787 ExceptionTable exhandlers(_method());
1788 int exlength = exhandlers.length();
1789 constantPoolHandle cp (THREAD, _method->constants());
1790
1791 for(int i = 0; i < exlength; i++) {
1792 u2 start_pc = exhandlers.start_pc(i);
1793 u2 end_pc = exhandlers.end_pc(i);
1794 u2 handler_pc = exhandlers.handler_pc(i);
1795 if (start_pc >= code_length || code_data[start_pc] == 0) {
1796 class_format_error("Illegal exception table start_pc %d", start_pc);
1797 return;
1798 }
1799 if (end_pc != code_length) { // special case: end_pc == code_length
1800 if (end_pc > code_length || code_data[end_pc] == 0) {
1801 class_format_error("Illegal exception table end_pc %d", end_pc);
1802 return;
1803 }
1804 }
1805 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1806 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1807 return;
1808 }
1809 int catch_type_index = exhandlers.catch_type_index(i);
1810 if (catch_type_index != 0) {
1811 VerificationType catch_type = cp_index_to_type(
1812 catch_type_index, cp, CHECK_VERIFY(this));
1813 VerificationType throwable =
1814 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1815 bool is_subclass = throwable.is_assignable_from(
1816 catch_type, this, false, CHECK_VERIFY(this));
1817 if (!is_subclass) {
1818 // 4286534: should throw VerifyError according to recent spec change
1819 verify_error(ErrorContext::bad_type(handler_pc,
1820 TypeOrigin::cp(catch_type_index, catch_type),
1821 TypeOrigin::implicit(throwable)),
1822 "Catch type is not a subclass "
1823 "of Throwable in exception handler %d", handler_pc);
1824 return;
1825 }
1826 }
1827 if (start_pc < min) min = start_pc;
1828 if (end_pc > max) max = end_pc;
1829 }
1830 }
1831
1832 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1833 int localvariable_table_length = _method->localvariable_table_length();
1834 if (localvariable_table_length > 0) {
1835 LocalVariableTableElement* table = _method->localvariable_table_start();
1836 for (int i = 0; i < localvariable_table_length; i++) {
1837 u2 start_bci = table[i].start_bci;
1838 u2 length = table[i].length;
1839
1840 if (start_bci >= code_length || code_data[start_bci] == 0) {
1841 class_format_error(
1842 "Illegal local variable table start_pc %d", start_bci);
1843 return;
1844 }
1845 u4 end_bci = (u4)(start_bci + length);
1846 if (end_bci != code_length) {
1847 if (end_bci >= code_length || code_data[end_bci] == 0) {
1848 class_format_error( "Illegal local variable table length %d", length);
1849 return;
1850 }
1851 }
1852 }
1853 }
1854 }
1855
1856 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1857 StackMapFrame* current_frame,
1858 StackMapTable* stackmap_table,
1859 bool no_control_flow, TRAPS) {
1860 if (stackmap_index < stackmap_table->get_frame_count()) {
1861 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1862 if (no_control_flow && this_offset > bci) {
1863 verify_error(ErrorContext::missing_stackmap(bci),
1864 "Expecting a stack map frame");
1865 return 0;
1866 }
1867 if (this_offset == bci) {
1868 ErrorContext ctx;
1869 // See if current stack map can be assigned to the frame in table.
1870 // current_frame is the stackmap frame got from the last instruction.
1871 // If matched, current_frame will be updated by this method.
1872 bool matches = stackmap_table->match_stackmap(
1873 current_frame, this_offset, stackmap_index,
1874 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1875 if (!matches) {
1876 // report type error
1877 verify_error(ctx, "Instruction type does not match stack map");
1878 return 0;
1879 }
1880 stackmap_index++;
1881 } else if (this_offset < bci) {
1882 // current_offset should have met this_offset.
1883 class_format_error("Bad stack map offset %d", this_offset);
1884 return 0;
1885 }
1886 } else if (no_control_flow) {
1887 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1888 return 0;
1889 }
1890 return stackmap_index;
1891 }
1892
1893 // Since this method references the constant pool, call was_recursively_verified()
1894 // before calling this method to make sure a prior class load did not cause the
1895 // current class to get verified.
1896 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
1897 StackMapFrame* current_frame,
1898 StackMapTable* stackmap_table, TRAPS) {
1899 constantPoolHandle cp (THREAD, _method->constants());
1900 ExceptionTable exhandlers(_method());
1901 int exlength = exhandlers.length();
1902 for(int i = 0; i < exlength; i++) {
1903 u2 start_pc = exhandlers.start_pc(i);
1904 u2 end_pc = exhandlers.end_pc(i);
1905 u2 handler_pc = exhandlers.handler_pc(i);
1906 int catch_type_index = exhandlers.catch_type_index(i);
1907 if(bci >= start_pc && bci < end_pc) {
1908 u1 flags = current_frame->flags();
1909 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1910 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1911 if (catch_type_index != 0) {
1912 if (was_recursively_verified()) return;
1913 // We know that this index refers to a subclass of Throwable
1914 VerificationType catch_type = cp_index_to_type(
1915 catch_type_index, cp, CHECK_VERIFY(this));
1916 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1917 } else {
1918 VerificationType throwable =
1919 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1920 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1921 }
1922 ErrorContext ctx;
1923 bool matches = stackmap_table->match_stackmap(
1924 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
1925 if (!matches) {
1926 verify_error(ctx, "Stack map does not match the one at "
1927 "exception handler %d", handler_pc);
1928 return;
1929 }
1930 }
1931 }
1932 }
1933
1934 void ClassVerifier::verify_cp_index(
1935 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
1936 int nconstants = cp->length();
1937 if ((index <= 0) || (index >= nconstants)) {
1938 verify_error(ErrorContext::bad_cp_index(bci, index),
1939 "Illegal constant pool index %d in class %s",
1940 index, cp->pool_holder()->external_name());
1941 return;
1942 }
1943 }
1944
1945 void ClassVerifier::verify_cp_type(
1946 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
1947
1948 // In some situations, bytecode rewriting may occur while we're verifying.
1949 // In this case, a constant pool cache exists and some indices refer to that
1950 // instead. Be sure we don't pick up such indices by accident.
1951 // We must check was_recursively_verified() before we get here.
1952 guarantee(cp->cache() == NULL, "not rewritten yet");
1953
1954 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1955 unsigned int tag = cp->tag_at(index).value();
1956 if ((types & (1 << tag)) == 0) {
1957 verify_error(ErrorContext::bad_cp_index(bci, index),
1958 "Illegal type at constant pool entry %d in class %s",
1959 index, cp->pool_holder()->external_name());
1960 return;
1961 }
1962 }
1963
1964 void ClassVerifier::verify_cp_class_type(
1965 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
1966 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1967 constantTag tag = cp->tag_at(index);
1968 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1969 verify_error(ErrorContext::bad_cp_index(bci, index),
1970 "Illegal type at constant pool entry %d in class %s",
1971 index, cp->pool_holder()->external_name());
1972 return;
1973 }
1974 }
1975
1976 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1977 stringStream ss;
1978
1979 ctx.reset_frames();
1980 _exception_type = vmSymbols::java_lang_VerifyError();
1981 _error_context = ctx;
1982 va_list va;
1983 va_start(va, msg);
1984 ss.vprint(msg, va);
1985 va_end(va);
1986 _message = ss.as_string();
1987 #ifdef ASSERT
1988 ResourceMark rm;
1989 const char* exception_name = _exception_type->as_C_string();
1990 Exceptions::debug_check_abort(exception_name, NULL);
1991 #endif // ndef ASSERT
1992 }
1993
1994 void ClassVerifier::class_format_error(const char* msg, ...) {
1995 stringStream ss;
1996 _exception_type = vmSymbols::java_lang_ClassFormatError();
1997 va_list va;
1998 va_start(va, msg);
1999 ss.vprint(msg, va);
2000 va_end(va);
2001 if (!_method.is_null()) {
2002 ss.print(" in method %s", _method->name_and_sig_as_C_string());
2003 }
2004 _message = ss.as_string();
2005 }
2006
2007 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2008 HandleMark hm(THREAD);
2009 // Get current loader and protection domain first.
2010 oop loader = current_class()->class_loader();
2011 oop protection_domain = current_class()->protection_domain();
2012
2013 Klass* kls = SystemDictionary::resolve_or_fail(
2014 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2015 true, THREAD);
2016
2017 if (kls != NULL) {
2018 current_class()->class_loader_data()->record_dependency(kls);
2019 if (log_is_enabled(Debug, class, resolve)) {
2020 InstanceKlass* cur_class = InstanceKlass::cast(current_class());
2021 Verifier::trace_class_resolution(kls, cur_class);
2022 }
2023 }
2024 return kls;
2025 }
2026
2027 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2028 Klass* target_class,
2029 Symbol* field_name,
2030 Symbol* field_sig,
2031 bool is_method) {
2032 NoSafepointVerifier nosafepoint;
2033
2034 // If target class isn't a super class of this class, we don't worry about this case
2035 if (!this_class->is_subclass_of(target_class)) {
2036 return false;
2037 }
2038 // Check if the specified method or field is protected
2039 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2040 fieldDescriptor fd;
2041 if (is_method) {
2042 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
2043 if (m != NULL && m->is_protected()) {
2044 if (!this_class->is_same_class_package(m->method_holder())) {
2045 return true;
2046 }
2047 }
2048 } else {
2049 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2050 if (member_klass != NULL && fd.is_protected()) {
2051 if (!this_class->is_same_class_package(member_klass)) {
2052 return true;
2053 }
2054 }
2055 }
2056 return false;
2057 }
2058
2059 void ClassVerifier::verify_ldc(
2060 int opcode, u2 index, StackMapFrame* current_frame,
2061 const constantPoolHandle& cp, u2 bci, TRAPS) {
2062 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2063 constantTag tag = cp->tag_at(index);
2064 unsigned int types = 0;
2065 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2066 if (!tag.is_unresolved_klass()) {
2067 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2068 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2069 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2070 | (1 << JVM_CONSTANT_Dynamic);
2071 // Note: The class file parser already verified the legality of
2072 // MethodHandle and MethodType constants.
2073 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2074 }
2075 } else {
2076 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2077 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2078 | (1 << JVM_CONSTANT_Dynamic);
2079 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2080 }
2081 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2082 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2083 } else if (tag.is_string()) {
2084 current_frame->push_stack(
2085 VerificationType::reference_type(
2086 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2087 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2088 current_frame->push_stack(
2089 VerificationType::reference_type(
2090 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2091 } else if (tag.is_int()) {
2092 current_frame->push_stack(
2093 VerificationType::integer_type(), CHECK_VERIFY(this));
2094 } else if (tag.is_float()) {
2095 current_frame->push_stack(
2096 VerificationType::float_type(), CHECK_VERIFY(this));
2097 } else if (tag.is_double()) {
2098 current_frame->push_stack_2(
2099 VerificationType::double_type(),
2100 VerificationType::double2_type(), CHECK_VERIFY(this));
2101 } else if (tag.is_long()) {
2102 current_frame->push_stack_2(
2103 VerificationType::long_type(),
2104 VerificationType::long2_type(), CHECK_VERIFY(this));
2105 } else if (tag.is_method_handle()) {
2106 current_frame->push_stack(
2107 VerificationType::reference_type(
2108 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2109 } else if (tag.is_method_type()) {
2110 current_frame->push_stack(
2111 VerificationType::reference_type(
2112 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2113 } else if (tag.is_dynamic_constant()) {
2114 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2115 if (!SignatureVerifier::is_valid_type_signature(constant_type)) {
2116 class_format_error(
2117 "Invalid type for dynamic constant in class %s referenced "
2118 "from constant pool index %d", _klass->external_name(), index);
2119 return;
2120 }
2121 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2122 "buffer type must match VerificationType size");
2123 uintptr_t constant_type_buffer[2];
2124 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2125 SignatureStream sig_stream(constant_type, false);
2126 int n = change_sig_to_verificationType(
2127 &sig_stream, v_constant_type, CHECK_VERIFY(this));
2128 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2129 if (n != opcode_n) {
2130 // wrong kind of ldc; reverify against updated type mask
2131 types &= ~(1 << JVM_CONSTANT_Dynamic);
2132 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2133 }
2134 for (int i = 0; i < n; i++) {
2135 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2136 }
2137 } else {
2138 /* Unreachable? verify_cp_type has already validated the cp type. */
2139 verify_error(
2140 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2141 return;
2142 }
2143 }
2144
2145 void ClassVerifier::verify_switch(
2146 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2147 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2148 int bci = bcs->bci();
2149 address bcp = bcs->bcp();
2150 address aligned_bcp = align_up(bcp + 1, jintSize);
2151
2152 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2153 // 4639449 & 4647081: padding bytes must be 0
2154 u2 padding_offset = 1;
2155 while ((bcp + padding_offset) < aligned_bcp) {
2156 if(*(bcp + padding_offset) != 0) {
2157 verify_error(ErrorContext::bad_code(bci),
2158 "Nonzero padding byte in lookupswitch or tableswitch");
2159 return;
2160 }
2161 padding_offset++;
2162 }
2163 }
2164
2165 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2166 int keys, delta;
2167 current_frame->pop_stack(
2168 VerificationType::integer_type(), CHECK_VERIFY(this));
2169 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2170 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2171 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2172 if (low > high) {
2173 verify_error(ErrorContext::bad_code(bci),
2174 "low must be less than or equal to high in tableswitch");
2175 return;
2176 }
2177 keys = high - low + 1;
2178 if (keys < 0) {
2179 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2180 return;
2181 }
2182 delta = 1;
2183 } else {
2184 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2185 if (keys < 0) {
2186 verify_error(ErrorContext::bad_code(bci),
2187 "number of keys in lookupswitch less than 0");
2188 return;
2189 }
2190 delta = 2;
2191 // Make sure that the lookupswitch items are sorted
2192 for (int i = 0; i < (keys - 1); i++) {
2193 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2194 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2195 if (this_key >= next_key) {
2196 verify_error(ErrorContext::bad_code(bci),
2197 "Bad lookupswitch instruction");
2198 return;
2199 }
2200 }
2201 }
2202 int target = bci + default_offset;
2203 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2204 for (int i = 0; i < keys; i++) {
2205 // Because check_jump_target() may safepoint, the bytecode could have
2206 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2207 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2208 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2209 stackmap_table->check_jump_target(
2210 current_frame, target, CHECK_VERIFY(this));
2211 }
2212 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2213 }
2214
2215 bool ClassVerifier::name_in_supers(
2216 Symbol* ref_name, InstanceKlass* current) {
2217 Klass* super = current->super();
2218 while (super != NULL) {
2219 if (super->name() == ref_name) {
2220 return true;
2221 }
2222 super = super->super();
2223 }
2224 return false;
2225 }
2226
2227 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2228 StackMapFrame* current_frame,
2229 const constantPoolHandle& cp,
2230 bool allow_arrays,
2231 TRAPS) {
2232 u2 index = bcs->get_index_u2();
2233 verify_cp_type(bcs->bci(), index, cp,
2234 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2235
2236 // Get field name and signature
2237 Symbol* field_name = cp->name_ref_at(index);
2238 Symbol* field_sig = cp->signature_ref_at(index);
2239
2240 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2241 class_format_error(
2242 "Invalid signature for field in class %s referenced "
2243 "from constant pool index %d", _klass->external_name(), index);
2244 return;
2245 }
2246
2247 // Get referenced class type
2248 VerificationType ref_class_type = cp_ref_index_to_type(
2249 index, cp, CHECK_VERIFY(this));
2250 if (!ref_class_type.is_object() &&
2251 (!allow_arrays || !ref_class_type.is_array())) {
2252 verify_error(ErrorContext::bad_type(bcs->bci(),
2253 TypeOrigin::cp(index, ref_class_type)),
2254 "Expecting reference to class in class %s at constant pool index %d",
2255 _klass->external_name(), index);
2256 return;
2257 }
2258 VerificationType target_class_type = ref_class_type;
2259
2260 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2261 "buffer type must match VerificationType size");
2262 uintptr_t field_type_buffer[2];
2263 VerificationType* field_type = (VerificationType*)field_type_buffer;
2264 // If we make a VerificationType[2] array directly, the compiler calls
2265 // to the c-runtime library to do the allocation instead of just
2266 // stack allocating it. Plus it would run constructors. This shows up
2267 // in performance profiles.
2268
2269 SignatureStream sig_stream(field_sig, false);
2270 VerificationType stack_object_type;
2271 int n = change_sig_to_verificationType(
2272 &sig_stream, field_type, CHECK_VERIFY(this));
2273 u2 bci = bcs->bci();
2274 bool is_assignable;
2275 switch (bcs->raw_code()) {
2276 case Bytecodes::_getstatic: {
2277 for (int i = 0; i < n; i++) {
2278 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2279 }
2280 break;
2281 }
2282 case Bytecodes::_putstatic: {
2283 for (int i = n - 1; i >= 0; i--) {
2284 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2285 }
2286 break;
2287 }
2288 case Bytecodes::_getfield: {
2289 stack_object_type = current_frame->pop_stack(
2290 target_class_type, CHECK_VERIFY(this));
2291 for (int i = 0; i < n; i++) {
2292 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2293 }
2294 goto check_protected;
2295 }
2296 case Bytecodes::_putfield: {
2297 for (int i = n - 1; i >= 0; i--) {
2298 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2299 }
2300 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2301
2302 // The JVMS 2nd edition allows field initialization before the superclass
2303 // initializer, if the field is defined within the current class.
2304 fieldDescriptor fd;
2305 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2306 target_class_type.equals(current_type()) &&
2307 _klass->find_local_field(field_name, field_sig, &fd)) {
2308 stack_object_type = current_type();
2309 }
2310 is_assignable = target_class_type.is_assignable_from(
2311 stack_object_type, this, false, CHECK_VERIFY(this));
2312 if (!is_assignable) {
2313 verify_error(ErrorContext::bad_type(bci,
2314 current_frame->stack_top_ctx(),
2315 TypeOrigin::cp(index, target_class_type)),
2316 "Bad type on operand stack in putfield");
2317 return;
2318 }
2319 }
2320 check_protected: {
2321 if (_this_type == stack_object_type)
2322 break; // stack_object_type must be assignable to _current_class_type
2323 if (was_recursively_verified()) return;
2324 Symbol* ref_class_name =
2325 cp->klass_name_at(cp->klass_ref_index_at(index));
2326 if (!name_in_supers(ref_class_name, current_class()))
2327 // stack_object_type must be assignable to _current_class_type since:
2328 // 1. stack_object_type must be assignable to ref_class.
2329 // 2. ref_class must be _current_class or a subclass of it. It can't
2330 // be a superclass of it. See revised JVMS 5.4.4.
2331 break;
2332
2333 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2334 if (is_protected_access(current_class(), ref_class_oop, field_name,
2335 field_sig, false)) {
2336 // It's protected access, check if stack object is assignable to
2337 // current class.
2338 is_assignable = current_type().is_assignable_from(
2339 stack_object_type, this, true, CHECK_VERIFY(this));
2340 if (!is_assignable) {
2341 verify_error(ErrorContext::bad_type(bci,
2342 current_frame->stack_top_ctx(),
2343 TypeOrigin::implicit(current_type())),
2344 "Bad access to protected data in getfield");
2345 return;
2346 }
2347 }
2348 break;
2349 }
2350 default: ShouldNotReachHere();
2351 }
2352 }
2353
2354 // Look at the method's handlers. If the bci is in the handler's try block
2355 // then check if the handler_pc is already on the stack. If not, push it
2356 // unless the handler has already been scanned.
2357 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2358 GrowableArray<u4>* handler_list,
2359 GrowableArray<u4>* handler_stack,
2360 u4 bci) {
2361 int exlength = exhandlers->length();
2362 for(int x = 0; x < exlength; x++) {
2363 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2364 u4 exhandler_pc = exhandlers->handler_pc(x);
2365 if (!handler_list->contains(exhandler_pc)) {
2366 handler_stack->append_if_missing(exhandler_pc);
2367 handler_list->append(exhandler_pc);
2368 }
2369 }
2370 }
2371 }
2372
2373 // Return TRUE if all code paths starting with start_bc_offset end in
2374 // bytecode athrow or loop.
2375 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2376 ResourceMark rm;
2377 // Create bytecode stream.
2378 RawBytecodeStream bcs(method());
2379 u4 code_length = method()->code_size();
2380 bcs.set_start(start_bc_offset);
2381 u4 target;
2382 // Create stack for storing bytecode start offsets for if* and *switch.
2383 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2384 // Create stack for handlers for try blocks containing this handler.
2385 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2386 // Create list of handlers that have been pushed onto the handler_stack
2387 // so that handlers embedded inside of their own TRY blocks only get
2388 // scanned once.
2389 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2390 // Create list of visited branch opcodes (goto* and if*).
2391 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2392 ExceptionTable exhandlers(_method());
2393
2394 while (true) {
2395 if (bcs.is_last_bytecode()) {
2396 // if no more starting offsets to parse or if at the end of the
2397 // method then return false.
2398 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2399 return false;
2400 // Pop a bytecode starting offset and scan from there.
2401 bcs.set_start(bci_stack->pop());
2402 }
2403 Bytecodes::Code opcode = bcs.raw_next();
2404 u4 bci = bcs.bci();
2405
2406 // If the bytecode is in a TRY block, push its handlers so they
2407 // will get parsed.
2408 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2409
2410 switch (opcode) {
2411 case Bytecodes::_if_icmpeq:
2412 case Bytecodes::_if_icmpne:
2413 case Bytecodes::_if_icmplt:
2414 case Bytecodes::_if_icmpge:
2415 case Bytecodes::_if_icmpgt:
2416 case Bytecodes::_if_icmple:
2417 case Bytecodes::_ifeq:
2418 case Bytecodes::_ifne:
2419 case Bytecodes::_iflt:
2420 case Bytecodes::_ifge:
2421 case Bytecodes::_ifgt:
2422 case Bytecodes::_ifle:
2423 case Bytecodes::_if_acmpeq:
2424 case Bytecodes::_if_acmpne:
2425 case Bytecodes::_ifnull:
2426 case Bytecodes::_ifnonnull:
2427 target = bcs.dest();
2428 if (visited_branches->contains(bci)) {
2429 if (bci_stack->is_empty()) {
2430 if (handler_stack->is_empty()) {
2431 return true;
2432 } else {
2433 // Parse the catch handlers for try blocks containing athrow.
2434 bcs.set_start(handler_stack->pop());
2435 }
2436 } else {
2437 // Pop a bytecode starting offset and scan from there.
2438 bcs.set_start(bci_stack->pop());
2439 }
2440 } else {
2441 if (target > bci) { // forward branch
2442 if (target >= code_length) return false;
2443 // Push the branch target onto the stack.
2444 bci_stack->push(target);
2445 // then, scan bytecodes starting with next.
2446 bcs.set_start(bcs.next_bci());
2447 } else { // backward branch
2448 // Push bytecode offset following backward branch onto the stack.
2449 bci_stack->push(bcs.next_bci());
2450 // Check bytecodes starting with branch target.
2451 bcs.set_start(target);
2452 }
2453 // Record target so we don't branch here again.
2454 visited_branches->append(bci);
2455 }
2456 break;
2457
2458 case Bytecodes::_goto:
2459 case Bytecodes::_goto_w:
2460 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2461 if (visited_branches->contains(bci)) {
2462 if (bci_stack->is_empty()) {
2463 if (handler_stack->is_empty()) {
2464 return true;
2465 } else {
2466 // Parse the catch handlers for try blocks containing athrow.
2467 bcs.set_start(handler_stack->pop());
2468 }
2469 } else {
2470 // Been here before, pop new starting offset from stack.
2471 bcs.set_start(bci_stack->pop());
2472 }
2473 } else {
2474 if (target >= code_length) return false;
2475 // Continue scanning from the target onward.
2476 bcs.set_start(target);
2477 // Record target so we don't branch here again.
2478 visited_branches->append(bci);
2479 }
2480 break;
2481
2482 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2483 // is difficult to determine where each switch alternative ends, parse
2484 // each switch alternative until either hit a 'return', 'athrow', or reach
2485 // the end of the method's bytecodes. This is gross but should be okay
2486 // because:
2487 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2488 // constructor invocations should be rare.
2489 // 2. if each switch alternative ends in an athrow then the parsing should be
2490 // short. If there is no athrow then it is bogus code, anyway.
2491 case Bytecodes::_lookupswitch:
2492 case Bytecodes::_tableswitch:
2493 {
2494 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2495 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2496 int keys, delta;
2497 if (opcode == Bytecodes::_tableswitch) {
2498 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2499 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2500 // This is invalid, but let the regular bytecode verifier
2501 // report this because the user will get a better error message.
2502 if (low > high) return true;
2503 keys = high - low + 1;
2504 delta = 1;
2505 } else {
2506 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2507 delta = 2;
2508 }
2509 // Invalid, let the regular bytecode verifier deal with it.
2510 if (keys < 0) return true;
2511
2512 // Push the offset of the next bytecode onto the stack.
2513 bci_stack->push(bcs.next_bci());
2514
2515 // Push the switch alternatives onto the stack.
2516 for (int i = 0; i < keys; i++) {
2517 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2518 if (target > code_length) return false;
2519 bci_stack->push(target);
2520 }
2521
2522 // Start bytecode parsing for the switch at the default alternative.
2523 if (default_offset > code_length) return false;
2524 bcs.set_start(default_offset);
2525 break;
2526 }
2527
2528 case Bytecodes::_return:
2529 return false;
2530
2531 case Bytecodes::_athrow:
2532 {
2533 if (bci_stack->is_empty()) {
2534 if (handler_stack->is_empty()) {
2535 return true;
2536 } else {
2537 // Parse the catch handlers for try blocks containing athrow.
2538 bcs.set_start(handler_stack->pop());
2539 }
2540 } else {
2541 // Pop a bytecode offset and starting scanning from there.
2542 bcs.set_start(bci_stack->pop());
2543 }
2544 }
2545 break;
2546
2547 default:
2548 ;
2549 } // end switch
2550 } // end while loop
2551
2552 return false;
2553 }
2554
2555 void ClassVerifier::verify_invoke_init(
2556 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2557 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2558 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2559 TRAPS) {
2560 u2 bci = bcs->bci();
2561 VerificationType type = current_frame->pop_stack(
2562 VerificationType::reference_check(), CHECK_VERIFY(this));
2563 if (type == VerificationType::uninitialized_this_type()) {
2564 // The method must be an <init> method of this class or its superclass
2565 Klass* superk = current_class()->super();
2566 if (ref_class_type.name() != current_class()->name() &&
2567 ref_class_type.name() != superk->name()) {
2568 verify_error(ErrorContext::bad_type(bci,
2569 TypeOrigin::implicit(ref_class_type),
2570 TypeOrigin::implicit(current_type())),
2571 "Bad <init> method call");
2572 return;
2573 }
2574
2575 // If this invokespecial call is done from inside of a TRY block then make
2576 // sure that all catch clause paths end in a throw. Otherwise, this can
2577 // result in returning an incomplete object.
2578 if (in_try_block) {
2579 ExceptionTable exhandlers(_method());
2580 int exlength = exhandlers.length();
2581 for(int i = 0; i < exlength; i++) {
2582 u2 start_pc = exhandlers.start_pc(i);
2583 u2 end_pc = exhandlers.end_pc(i);
2584
2585 if (bci >= start_pc && bci < end_pc) {
2586 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2587 verify_error(ErrorContext::bad_code(bci),
2588 "Bad <init> method call from after the start of a try block");
2589 return;
2590 } else if (log_is_enabled(Info, verification)) {
2591 ResourceMark rm(THREAD);
2592 log_info(verification)("Survived call to ends_in_athrow(): %s",
2593 current_class()->name()->as_C_string());
2594 }
2595 }
2596 }
2597
2598 // Check the exception handler target stackmaps with the locals from the
2599 // incoming stackmap (before initialize_object() changes them to outgoing
2600 // state).
2601 if (was_recursively_verified()) return;
2602 verify_exception_handler_targets(bci, true, current_frame,
2603 stackmap_table, CHECK_VERIFY(this));
2604 } // in_try_block
2605
2606 current_frame->initialize_object(type, current_type());
2607 *this_uninit = true;
2608 } else if (type.is_uninitialized()) {
2609 u2 new_offset = type.bci();
2610 address new_bcp = bcs->bcp() - bci + new_offset;
2611 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2612 /* Unreachable? Stack map parsing ensures valid type and new
2613 * instructions have a valid BCI. */
2614 verify_error(ErrorContext::bad_code(new_offset),
2615 "Expecting new instruction");
2616 return;
2617 }
2618 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2619 if (was_recursively_verified()) return;
2620 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2621
2622 // The method must be an <init> method of the indicated class
2623 VerificationType new_class_type = cp_index_to_type(
2624 new_class_index, cp, CHECK_VERIFY(this));
2625 if (!new_class_type.equals(ref_class_type)) {
2626 verify_error(ErrorContext::bad_type(bci,
2627 TypeOrigin::cp(new_class_index, new_class_type),
2628 TypeOrigin::cp(ref_class_index, ref_class_type)),
2629 "Call to wrong <init> method");
2630 return;
2631 }
2632 // According to the VM spec, if the referent class is a superclass of the
2633 // current class, and is in a different runtime package, and the method is
2634 // protected, then the objectref must be the current class or a subclass
2635 // of the current class.
2636 VerificationType objectref_type = new_class_type;
2637 if (name_in_supers(ref_class_type.name(), current_class())) {
2638 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2639 if (was_recursively_verified()) return;
2640 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2641 vmSymbols::object_initializer_name(),
2642 cp->signature_ref_at(bcs->get_index_u2()),
2643 Klass::find_overpass);
2644 // Do nothing if method is not found. Let resolution detect the error.
2645 if (m != NULL) {
2646 InstanceKlass* mh = m->method_holder();
2647 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2648 bool assignable = current_type().is_assignable_from(
2649 objectref_type, this, true, CHECK_VERIFY(this));
2650 if (!assignable) {
2651 verify_error(ErrorContext::bad_type(bci,
2652 TypeOrigin::cp(new_class_index, objectref_type),
2653 TypeOrigin::implicit(current_type())),
2654 "Bad access to protected <init> method");
2655 return;
2656 }
2657 }
2658 }
2659 }
2660 // Check the exception handler target stackmaps with the locals from the
2661 // incoming stackmap (before initialize_object() changes them to outgoing
2662 // state).
2663 if (in_try_block) {
2664 if (was_recursively_verified()) return;
2665 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2666 stackmap_table, CHECK_VERIFY(this));
2667 }
2668 current_frame->initialize_object(type, new_class_type);
2669 } else {
2670 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2671 "Bad operand type when invoking <init>");
2672 return;
2673 }
2674 }
2675
2676 bool ClassVerifier::is_same_or_direct_interface(
2677 InstanceKlass* klass,
2678 VerificationType klass_type,
2679 VerificationType ref_class_type) {
2680 if (ref_class_type.equals(klass_type)) return true;
2681 Array<Klass*>* local_interfaces = klass->local_interfaces();
2682 if (local_interfaces != NULL) {
2683 for (int x = 0; x < local_interfaces->length(); x++) {
2684 Klass* k = local_interfaces->at(x);
2685 assert (k != NULL && k->is_interface(), "invalid interface");
2686 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2687 return true;
2688 }
2689 }
2690 }
2691 return false;
2692 }
2693
2694 void ClassVerifier::verify_invoke_instructions(
2695 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2696 bool in_try_block, bool *this_uninit, VerificationType return_type,
2697 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2698 // Make sure the constant pool item is the right type
2699 u2 index = bcs->get_index_u2();
2700 Bytecodes::Code opcode = bcs->raw_code();
2701 unsigned int types = 0;
2702 switch (opcode) {
2703 case Bytecodes::_invokeinterface:
2704 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2705 break;
2706 case Bytecodes::_invokedynamic:
2707 types = 1 << JVM_CONSTANT_InvokeDynamic;
2708 break;
2709 case Bytecodes::_invokespecial:
2710 case Bytecodes::_invokestatic:
2711 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2712 (1 << JVM_CONSTANT_Methodref) :
2713 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2714 break;
2715 default:
2716 types = 1 << JVM_CONSTANT_Methodref;
2717 }
2718 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2719
2720 // Get method name and signature
2721 Symbol* method_name = cp->name_ref_at(index);
2722 Symbol* method_sig = cp->signature_ref_at(index);
2723
2724 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2725 class_format_error(
2726 "Invalid method signature in class %s referenced "
2727 "from constant pool index %d", _klass->external_name(), index);
2728 return;
2729 }
2730
2731 // Get referenced class type
2732 VerificationType ref_class_type;
2733 if (opcode == Bytecodes::_invokedynamic) {
2734 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2735 class_format_error(
2736 "invokedynamic instructions not supported by this class file version (%d), class %s",
2737 _klass->major_version(), _klass->external_name());
2738 return;
2739 }
2740 } else {
2741 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2742 }
2743
2744 // For a small signature length, we just allocate 128 bytes instead
2745 // of parsing the signature once to find its size.
2746 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
2747 // longs/doubles to be consertive.
2748 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2749 "buffer type must match VerificationType size");
2750 uintptr_t on_stack_sig_types_buffer[128];
2751 // If we make a VerificationType[128] array directly, the compiler calls
2752 // to the c-runtime library to do the allocation instead of just
2753 // stack allocating it. Plus it would run constructors. This shows up
2754 // in performance profiles.
2755
2756 VerificationType* sig_types;
2757 int size = (method_sig->utf8_length() - 3) * 2;
2758 if (size > 128) {
2759 // Long and double occupies two slots here.
2760 ArgumentSizeComputer size_it(method_sig);
2761 size = size_it.size();
2762 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
2763 } else{
2764 sig_types = (VerificationType*)on_stack_sig_types_buffer;
2765 }
2766 SignatureStream sig_stream(method_sig);
2767 int sig_i = 0;
2768 while (!sig_stream.at_return_type()) {
2769 sig_i += change_sig_to_verificationType(
2770 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
2771 sig_stream.next();
2772 }
2773 int nargs = sig_i;
2774
2775 #ifdef ASSERT
2776 {
2777 ArgumentSizeComputer size_it(method_sig);
2778 assert(nargs == size_it.size(), "Argument sizes do not match");
2779 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2780 }
2781 #endif
2782
2783 // Check instruction operands
2784 u2 bci = bcs->bci();
2785 if (opcode == Bytecodes::_invokeinterface) {
2786 address bcp = bcs->bcp();
2787 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2788 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2789 // the difference between the size of the operand stack before and after the instruction
2790 // executes.
2791 if (*(bcp+3) != (nargs+1)) {
2792 verify_error(ErrorContext::bad_code(bci),
2793 "Inconsistent args count operand in invokeinterface");
2794 return;
2795 }
2796 if (*(bcp+4) != 0) {
2797 verify_error(ErrorContext::bad_code(bci),
2798 "Fourth operand byte of invokeinterface must be zero");
2799 return;
2800 }
2801 }
2802
2803 if (opcode == Bytecodes::_invokedynamic) {
2804 address bcp = bcs->bcp();
2805 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2806 verify_error(ErrorContext::bad_code(bci),
2807 "Third and fourth operand bytes of invokedynamic must be zero");
2808 return;
2809 }
2810 }
2811
2812 if (method_name->byte_at(0) == '<') {
2813 // Make sure <init> can only be invoked by invokespecial
2814 if (opcode != Bytecodes::_invokespecial ||
2815 method_name != vmSymbols::object_initializer_name()) {
2816 verify_error(ErrorContext::bad_code(bci),
2817 "Illegal call to internal method");
2818 return;
2819 }
2820 } else if (opcode == Bytecodes::_invokespecial
2821 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2822 && !ref_class_type.equals(VerificationType::reference_type(
2823 current_class()->super()->name()))) {
2824 bool subtype = false;
2825 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2826 if (!current_class()->is_anonymous()) {
2827 subtype = ref_class_type.is_assignable_from(
2828 current_type(), this, false, CHECK_VERIFY(this));
2829 } else {
2830 VerificationType host_klass_type =
2831 VerificationType::reference_type(current_class()->host_klass()->name());
2832 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2833
2834 // If invokespecial of IMR, need to recheck for same or
2835 // direct interface relative to the host class
2836 have_imr_indirect = (have_imr_indirect &&
2837 !is_same_or_direct_interface(
2838 current_class()->host_klass(),
2839 host_klass_type, ref_class_type));
2840 }
2841 if (!subtype) {
2842 verify_error(ErrorContext::bad_code(bci),
2843 "Bad invokespecial instruction: "
2844 "current class isn't assignable to reference class.");
2845 return;
2846 } else if (have_imr_indirect) {
2847 verify_error(ErrorContext::bad_code(bci),
2848 "Bad invokespecial instruction: "
2849 "interface method reference is in an indirect superinterface.");
2850 return;
2851 }
2852
2853 }
2854 // Match method descriptor with operand stack
2855 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2856 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2857 }
2858 // Check objectref on operand stack
2859 if (opcode != Bytecodes::_invokestatic &&
2860 opcode != Bytecodes::_invokedynamic) {
2861 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2862 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2863 code_length, in_try_block, this_uninit, cp, stackmap_table,
2864 CHECK_VERIFY(this));
2865 if (was_recursively_verified()) return;
2866 } else { // other methods
2867 // Ensures that target class is assignable to method class.
2868 if (opcode == Bytecodes::_invokespecial) {
2869 if (!current_class()->is_anonymous()) {
2870 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2871 } else {
2872 // anonymous class invokespecial calls: check if the
2873 // objectref is a subtype of the host_klass of the current class
2874 // to allow an anonymous class to reference methods in the host_klass
2875 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2876 VerificationType hosttype =
2877 VerificationType::reference_type(current_class()->host_klass()->name());
2878 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2879 if (!subtype) {
2880 verify_error( ErrorContext::bad_type(current_frame->offset(),
2881 current_frame->stack_top_ctx(),
2882 TypeOrigin::implicit(top)),
2883 "Bad type on operand stack");
2884 return;
2885 }
2886 }
2887 } else if (opcode == Bytecodes::_invokevirtual) {
2888 VerificationType stack_object_type =
2889 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2890 if (current_type() != stack_object_type) {
2891 if (was_recursively_verified()) return;
2892 assert(cp->cache() == NULL, "not rewritten yet");
2893 Symbol* ref_class_name =
2894 cp->klass_name_at(cp->klass_ref_index_at(index));
2895 // See the comments in verify_field_instructions() for
2896 // the rationale behind this.
2897 if (name_in_supers(ref_class_name, current_class())) {
2898 Klass* ref_class = load_class(ref_class_name, CHECK);
2899 if (is_protected_access(
2900 _klass, ref_class, method_name, method_sig, true)) {
2901 // It's protected access, check if stack object is
2902 // assignable to current class.
2903 bool is_assignable = current_type().is_assignable_from(
2904 stack_object_type, this, true, CHECK_VERIFY(this));
2905 if (!is_assignable) {
2906 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2907 && stack_object_type.is_array()
2908 && method_name == vmSymbols::clone_name()) {
2909 // Special case: arrays pretend to implement public Object
2910 // clone().
2911 } else {
2912 verify_error(ErrorContext::bad_type(bci,
2913 current_frame->stack_top_ctx(),
2914 TypeOrigin::implicit(current_type())),
2915 "Bad access to protected data in invokevirtual");
2916 return;
2917 }
2918 }
2919 }
2920 }
2921 }
2922 } else {
2923 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2924 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2925 }
2926 }
2927 }
2928 // Push the result type.
2929 if (sig_stream.type() != T_VOID) {
2930 if (method_name == vmSymbols::object_initializer_name()) {
2931 // <init> method must have a void return type
2932 /* Unreachable? Class file parser verifies that methods with '<' have
2933 * void return */
2934 verify_error(ErrorContext::bad_code(bci),
2935 "Return type must be void in <init> method");
2936 return;
2937 }
2938 VerificationType return_type[2];
2939 int n = change_sig_to_verificationType(
2940 &sig_stream, return_type, CHECK_VERIFY(this));
2941 for (int i = 0; i < n; i++) {
2942 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2943 }
2944 }
2945 }
2946
2947 VerificationType ClassVerifier::get_newarray_type(
2948 u2 index, u2 bci, TRAPS) {
2949 const char* from_bt[] = {
2950 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2951 };
2952 if (index < T_BOOLEAN || index > T_LONG) {
2953 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2954 return VerificationType::bogus_type();
2955 }
2956
2957 // from_bt[index] contains the array signature which has a length of 2
2958 Symbol* sig = create_temporary_symbol(
2959 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2960 return VerificationType::reference_type(sig);
2961 }
2962
2963 void ClassVerifier::verify_anewarray(
2964 u2 bci, u2 index, const constantPoolHandle& cp,
2965 StackMapFrame* current_frame, TRAPS) {
2966 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2967 current_frame->pop_stack(
2968 VerificationType::integer_type(), CHECK_VERIFY(this));
2969
2970 if (was_recursively_verified()) return;
2971 VerificationType component_type =
2972 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2973 int length;
2974 char* arr_sig_str;
2975 if (component_type.is_array()) { // it's an array
2976 const char* component_name = component_type.name()->as_utf8();
2977 // Check for more than MAX_ARRAY_DIMENSIONS
2978 length = (int)strlen(component_name);
2979 if (length > MAX_ARRAY_DIMENSIONS &&
2980 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
2981 verify_error(ErrorContext::bad_code(bci),
2982 "Illegal anewarray instruction, array has more than 255 dimensions");
2983 }
2984 // add one dimension to component
2985 length++;
2986 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2987 arr_sig_str[0] = '[';
2988 strncpy(&arr_sig_str[1], component_name, length - 1);
2989 } else { // it's an object or interface
2990 const char* component_name = component_type.name()->as_utf8();
2991 // add one dimension to component with 'L' prepended and ';' postpended.
2992 length = (int)strlen(component_name) + 3;
2993 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2994 arr_sig_str[0] = '[';
2995 arr_sig_str[1] = 'L';
2996 strncpy(&arr_sig_str[2], component_name, length - 2);
2997 arr_sig_str[length - 1] = ';';
2998 }
2999 Symbol* arr_sig = create_temporary_symbol(
3000 arr_sig_str, length, CHECK_VERIFY(this));
3001 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3002 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3003 }
3004
3005 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3006 current_frame->get_local(
3007 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3008 current_frame->push_stack(
3009 VerificationType::integer_type(), CHECK_VERIFY(this));
3010 }
3011
3012 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3013 current_frame->get_local_2(
3014 index, VerificationType::long_type(),
3015 VerificationType::long2_type(), CHECK_VERIFY(this));
3016 current_frame->push_stack_2(
3017 VerificationType::long_type(),
3018 VerificationType::long2_type(), CHECK_VERIFY(this));
3019 }
3020
3021 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3022 current_frame->get_local(
3023 index, VerificationType::float_type(), CHECK_VERIFY(this));
3024 current_frame->push_stack(
3025 VerificationType::float_type(), CHECK_VERIFY(this));
3026 }
3027
3028 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3029 current_frame->get_local_2(
3030 index, VerificationType::double_type(),
3031 VerificationType::double2_type(), CHECK_VERIFY(this));
3032 current_frame->push_stack_2(
3033 VerificationType::double_type(),
3034 VerificationType::double2_type(), CHECK_VERIFY(this));
3035 }
3036
3037 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3038 VerificationType type = current_frame->get_local(
3039 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3040 current_frame->push_stack(type, CHECK_VERIFY(this));
3041 }
3042
3043 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3044 current_frame->pop_stack(
3045 VerificationType::integer_type(), CHECK_VERIFY(this));
3046 current_frame->set_local(
3047 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3048 }
3049
3050 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3051 current_frame->pop_stack_2(
3052 VerificationType::long2_type(),
3053 VerificationType::long_type(), CHECK_VERIFY(this));
3054 current_frame->set_local_2(
3055 index, VerificationType::long_type(),
3056 VerificationType::long2_type(), CHECK_VERIFY(this));
3057 }
3058
3059 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3060 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3061 current_frame->set_local(
3062 index, VerificationType::float_type(), CHECK_VERIFY(this));
3063 }
3064
3065 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3066 current_frame->pop_stack_2(
3067 VerificationType::double2_type(),
3068 VerificationType::double_type(), CHECK_VERIFY(this));
3069 current_frame->set_local_2(
3070 index, VerificationType::double_type(),
3071 VerificationType::double2_type(), CHECK_VERIFY(this));
3072 }
3073
3074 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3075 VerificationType type = current_frame->pop_stack(
3076 VerificationType::reference_check(), CHECK_VERIFY(this));
3077 current_frame->set_local(index, type, CHECK_VERIFY(this));
3078 }
3079
3080 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3081 VerificationType type = current_frame->get_local(
3082 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3083 current_frame->set_local(index, type, CHECK_VERIFY(this));
3084 }
3085
3086 void ClassVerifier::verify_return_value(
3087 VerificationType return_type, VerificationType type, u2 bci,
3088 StackMapFrame* current_frame, TRAPS) {
3089 if (return_type == VerificationType::bogus_type()) {
3090 verify_error(ErrorContext::bad_type(bci,
3091 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3092 "Method expects a return value");
3093 return;
3094 }
3095 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3096 if (!match) {
3097 verify_error(ErrorContext::bad_type(bci,
3098 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3099 "Bad return type");
3100 return;
3101 }
3102 }
3103
3104 // The verifier creates symbols which are substrings of Symbols.
3105 // These are stored in the verifier until the end of verification so that
3106 // they can be reference counted.
3107 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3108 int end, TRAPS) {
3109 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3110 _symbols->push(sym);
3111 return sym;
3112 }
3113
3114 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3115 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3116 _symbols->push(sym);
3117 return sym;
3118 }