1 /*
2 * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "jvm.h"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmSymbols.hpp"
36 #include "interpreter/bytecodes.hpp"
37 #include "interpreter/bytecodeStream.hpp"
38 #include "logging/log.hpp"
39 #include "logging/logStream.hpp"
40 #include "memory/oopFactory.hpp"
41 #include "memory/resourceArea.hpp"
42 #include "oops/constantPool.inline.hpp"
43 #include "oops/instanceKlass.hpp"
44 #include "oops/oop.inline.hpp"
45 #include "oops/typeArrayOop.hpp"
46 #include "runtime/fieldDescriptor.hpp"
47 #include "runtime/handles.inline.hpp"
48 #include "runtime/interfaceSupport.inline.hpp"
49 #include "runtime/javaCalls.hpp"
50 #include "runtime/jniHandles.inline.hpp"
51 #include "runtime/orderAccess.hpp"
52 #include "runtime/os.hpp"
53 #include "runtime/safepointVerifiers.hpp"
54 #include "runtime/thread.hpp"
55 #include "services/threadService.hpp"
56 #include "utilities/align.hpp"
57 #include "utilities/bytes.hpp"
58
59 #define NOFAILOVER_MAJOR_VERSION 51
60 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
61 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
62 #define VALUETYPE_MAJOR_VERSION 56
63 #define MAX_ARRAY_DIMENSIONS 255
64
65 // Access to external entry for VerifyClassCodes - old byte code verifier
66
67 extern "C" {
68 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
69 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
70 }
71
72 static void* volatile _verify_byte_codes_fn = NULL;
73
74 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
75
76 static void* verify_byte_codes_fn() {
77 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) {
78 void *lib_handle = os::native_java_library();
79 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
80 OrderAccess::release_store(&_verify_byte_codes_fn, func);
81 if (func == NULL) {
82 _is_new_verify_byte_codes_fn = false;
83 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
84 OrderAccess::release_store(&_verify_byte_codes_fn, func);
85 }
86 }
87 return (void*)_verify_byte_codes_fn;
88 }
89
90
91 // Methods in Verifier
92
93 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
94 return (class_loader == NULL || !should_verify_class) ?
95 BytecodeVerificationLocal : BytecodeVerificationRemote;
96 }
97
98 bool Verifier::relax_access_for(oop loader) {
99 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
100 bool need_verify =
101 // verifyAll
102 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
103 // verifyRemote
104 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
105 return !need_verify;
106 }
107
108 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
109 assert(verify_class != NULL, "Unexpected null verify_class");
110 ResourceMark rm;
111 Symbol* s = verify_class->source_file_name();
112 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
113 const char* verify = verify_class->external_name();
114 const char* resolve = resolve_class->external_name();
115 // print in a single call to reduce interleaving between threads
116 if (source_file != NULL) {
117 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
118 } else {
119 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
120 }
121 }
122
123 // Prints the end-verification message to the appropriate output.
124 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) {
125 if (HAS_PENDING_EXCEPTION) {
126 st->print("Verification for %s has", klassName);
127 st->print_cr(" exception pending %s ",
128 PENDING_EXCEPTION->klass()->external_name());
129 } else if (exception_name != NULL) {
130 st->print_cr("Verification for %s failed", klassName);
131 }
132 st->print_cr("End class verification for: %s", klassName);
133 }
134
135 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
136 HandleMark hm(THREAD);
137 ResourceMark rm(THREAD);
138
139 // Eagerly allocate the identity hash code for a klass. This is a fallout
140 // from 6320749 and 8059924: hash code generator is not supposed to be called
141 // during the safepoint, but it allows to sneak the hashcode in during
142 // verification. Without this eager hashcode generation, we may end up
143 // installing the hashcode during some other operation, which may be at
144 // safepoint -- blowing up the checks. It was previously done as the side
145 // effect (sic!) for external_name(), but instead of doing that, we opt to
146 // explicitly push the hashcode in here. This is signify the following block
147 // is IMPORTANT:
148 if (klass->java_mirror() != NULL) {
149 klass->java_mirror()->identity_hash();
150 }
151
152 if (!is_eligible_for_verification(klass, should_verify_class)) {
153 return true;
154 }
155
156 // Timer includes any side effects of class verification (resolution,
157 // etc), but not recursive calls to Verifier::verify().
158 JavaThread* jt = (JavaThread*)THREAD;
159 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
160 ClassLoader::perf_class_verify_selftime(),
161 ClassLoader::perf_classes_verified(),
162 jt->get_thread_stat()->perf_recursion_counts_addr(),
163 jt->get_thread_stat()->perf_timers_addr(),
164 PerfClassTraceTime::CLASS_VERIFY);
165
166 // If the class should be verified, first see if we can use the split
167 // verifier. If not, or if verification fails and FailOverToOldVerifier
168 // is set, then call the inference verifier.
169 Symbol* exception_name = NULL;
170 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
171 char* message_buffer = NULL;
172 char* exception_message = NULL;
173
174 bool can_failover = FailOverToOldVerifier &&
175 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
176
177 log_info(class, init)("Start class verification for: %s", klass->external_name());
178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
179 ClassVerifier split_verifier(klass, THREAD);
180 split_verifier.verify_class(THREAD);
181 exception_name = split_verifier.result();
182 if (can_failover && !HAS_PENDING_EXCEPTION &&
183 (exception_name == vmSymbols::java_lang_VerifyError() ||
184 exception_name == vmSymbols::java_lang_ClassFormatError())) {
185 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
186 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
187 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
188 exception_message = message_buffer;
189 exception_name = inference_verify(
190 klass, message_buffer, message_buffer_len, THREAD);
191 }
192 if (exception_name != NULL) {
193 exception_message = split_verifier.exception_message();
194 }
195 } else {
196 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
197 exception_message = message_buffer;
198 exception_name = inference_verify(
199 klass, message_buffer, message_buffer_len, THREAD);
200 }
201
202 LogTarget(Info, class, init) lt1;
203 if (lt1.is_enabled()) {
204 LogStream ls(lt1);
205 log_end_verification(&ls, klass->external_name(), exception_name, THREAD);
206 }
207 LogTarget(Info, verification) lt2;
208 if (lt2.is_enabled()) {
209 LogStream ls(lt2);
210 log_end_verification(&ls, klass->external_name(), exception_name, THREAD);
211 }
212
213 if (HAS_PENDING_EXCEPTION) {
214 return false; // use the existing exception
215 } else if (exception_name == NULL) {
216 return true; // verification succeeded
217 } else { // VerifyError or ClassFormatError to be created and thrown
218 Klass* kls =
219 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
220 if (log_is_enabled(Debug, class, resolve)) {
221 Verifier::trace_class_resolution(kls, klass);
222 }
223
224 while (kls != NULL) {
225 if (kls == klass) {
226 // If the class being verified is the exception we're creating
227 // or one of it's superclasses, we're in trouble and are going
228 // to infinitely recurse when we try to initialize the exception.
229 // So bail out here by throwing the preallocated VM error.
230 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
231 }
232 kls = kls->super();
233 }
234 if (message_buffer != NULL) {
235 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
236 }
237 assert(exception_message != NULL, "");
238 THROW_MSG_(exception_name, exception_message, false);
239 }
240 }
241
242 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
243 Symbol* name = klass->name();
244 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
245
246 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
247
248 return (should_verify_for(klass->class_loader(), should_verify_class) &&
249 // return if the class is a bootstrapping class
250 // or defineClass specified not to verify by default (flags override passed arg)
251 // We need to skip the following four for bootstrapping
252 name != vmSymbols::java_lang_Object() &&
253 name != vmSymbols::java_lang_Class() &&
254 name != vmSymbols::java_lang_String() &&
255 name != vmSymbols::java_lang_Throwable() &&
256
257 // Can not verify the bytecodes for shared classes because they have
258 // already been rewritten to contain constant pool cache indices,
259 // which the verifier can't understand.
260 // Shared classes shouldn't have stackmaps either.
261 !klass->is_shared() &&
262
263 // As of the fix for 4486457 we disable verification for all of the
264 // dynamically-generated bytecodes associated with the 1.4
265 // reflection implementation, not just those associated with
266 // jdk/internal/reflect/SerializationConstructorAccessor.
267 // NOTE: this is called too early in the bootstrapping process to be
268 // guarded by Universe::is_gte_jdk14x_version().
269 // Also for lambda generated code, gte jdk8
270 (!is_reflect));
271 }
272
273 Symbol* Verifier::inference_verify(
274 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
275 JavaThread* thread = (JavaThread*)THREAD;
276 JNIEnv *env = thread->jni_environment();
277
278 void* verify_func = verify_byte_codes_fn();
279
280 if (verify_func == NULL) {
281 jio_snprintf(message, message_len, "Could not link verifier");
282 return vmSymbols::java_lang_VerifyError();
283 }
284
285 ResourceMark rm(THREAD);
286 log_info(verification)("Verifying class %s with old format", klass->external_name());
287
288 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
289 jint result;
290
291 {
292 HandleMark hm(thread);
293 ThreadToNativeFromVM ttn(thread);
294 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
295 // code knows that we have left the VM
296
297 if (_is_new_verify_byte_codes_fn) {
298 verify_byte_codes_fn_new_t func =
299 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
300 result = (*func)(env, cls, message, (int)message_len,
301 klass->major_version());
302 } else {
303 verify_byte_codes_fn_t func =
304 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
305 result = (*func)(env, cls, message, (int)message_len);
306 }
307 }
308
309 JNIHandles::destroy_local(cls);
310
311 // These numbers are chosen so that VerifyClassCodes interface doesn't need
312 // to be changed (still return jboolean (unsigned char)), and result is
313 // 1 when verification is passed.
314 if (result == 0) {
315 return vmSymbols::java_lang_VerifyError();
316 } else if (result == 1) {
317 return NULL; // verified.
318 } else if (result == 2) {
319 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
320 } else if (result == 3) {
321 return vmSymbols::java_lang_ClassFormatError();
322 } else {
323 ShouldNotReachHere();
324 return NULL;
325 }
326 }
327
328 TypeOrigin TypeOrigin::null() {
329 return TypeOrigin();
330 }
331 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
332 assert(frame != NULL, "Must have a frame");
333 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
334 frame->local_at(index));
335 }
336 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
337 assert(frame != NULL, "Must have a frame");
338 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
339 frame->stack_at(index));
340 }
341 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
342 assert(frame != NULL, "Must have a frame");
343 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
344 frame->local_at(index));
345 }
346 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
347 assert(frame != NULL, "Must have a frame");
348 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
349 frame->stack_at(index));
350 }
351 TypeOrigin TypeOrigin::bad_index(u2 index) {
352 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
353 }
354 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
355 return TypeOrigin(CONST_POOL, index, NULL, vt);
356 }
357 TypeOrigin TypeOrigin::signature(VerificationType vt) {
358 return TypeOrigin(SIG, 0, NULL, vt);
359 }
360 TypeOrigin TypeOrigin::implicit(VerificationType t) {
361 return TypeOrigin(IMPLICIT, 0, NULL, t);
362 }
363 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
364 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
365 VerificationType::bogus_type());
366 }
367
368 void TypeOrigin::reset_frame() {
369 if (_frame != NULL) {
370 _frame->restore();
371 }
372 }
373
374 void TypeOrigin::details(outputStream* ss) const {
375 _type.print_on(ss);
376 switch (_origin) {
377 case CF_LOCALS:
378 ss->print(" (current frame, locals[%d])", _index);
379 break;
380 case CF_STACK:
381 ss->print(" (current frame, stack[%d])", _index);
382 break;
383 case SM_LOCALS:
384 ss->print(" (stack map, locals[%d])", _index);
385 break;
386 case SM_STACK:
387 ss->print(" (stack map, stack[%d])", _index);
388 break;
389 case CONST_POOL:
390 ss->print(" (constant pool %d)", _index);
391 break;
392 case SIG:
393 ss->print(" (from method signature)");
394 break;
395 case IMPLICIT:
396 case FRAME_ONLY:
397 case NONE:
398 default:
399 ;
400 }
401 }
402
403 #ifdef ASSERT
404 void TypeOrigin::print_on(outputStream* str) const {
405 str->print("{%d,%d,%p:", _origin, _index, _frame);
406 if (_frame != NULL) {
407 _frame->print_on(str);
408 } else {
409 str->print("null");
410 }
411 str->print(",");
412 _type.print_on(str);
413 str->print("}");
414 }
415 #endif
416
417 void ErrorContext::details(outputStream* ss, const Method* method) const {
418 if (is_valid()) {
419 ss->cr();
420 ss->print_cr("Exception Details:");
421 location_details(ss, method);
422 reason_details(ss);
423 frame_details(ss);
424 bytecode_details(ss, method);
425 handler_details(ss, method);
426 stackmap_details(ss, method);
427 }
428 }
429
430 void ErrorContext::reason_details(outputStream* ss) const {
431 streamIndentor si(ss);
432 ss->indent().print_cr("Reason:");
433 streamIndentor si2(ss);
434 ss->indent().print("%s", "");
435 switch (_fault) {
436 case INVALID_BYTECODE:
437 ss->print("Error exists in the bytecode");
438 break;
439 case WRONG_TYPE:
440 if (_expected.is_valid()) {
441 ss->print("Type ");
442 _type.details(ss);
443 ss->print(" is not assignable to ");
444 _expected.details(ss);
445 } else {
446 ss->print("Invalid type: ");
447 _type.details(ss);
448 }
449 break;
450 case FLAGS_MISMATCH:
451 if (_expected.is_valid()) {
452 ss->print("Current frame's flags are not assignable "
453 "to stack map frame's.");
454 } else {
455 ss->print("Current frame's flags are invalid in this context.");
456 }
457 break;
458 case BAD_CP_INDEX:
459 ss->print("Constant pool index %d is invalid", _type.index());
460 break;
461 case BAD_LOCAL_INDEX:
462 ss->print("Local index %d is invalid", _type.index());
463 break;
464 case LOCALS_SIZE_MISMATCH:
465 ss->print("Current frame's local size doesn't match stackmap.");
466 break;
467 case STACK_SIZE_MISMATCH:
468 ss->print("Current frame's stack size doesn't match stackmap.");
469 break;
470 case STACK_OVERFLOW:
471 ss->print("Exceeded max stack size.");
472 break;
473 case STACK_UNDERFLOW:
474 ss->print("Attempt to pop empty stack.");
475 break;
476 case MISSING_STACKMAP:
477 ss->print("Expected stackmap frame at this location.");
478 break;
479 case BAD_STACKMAP:
480 ss->print("Invalid stackmap specification.");
481 break;
482 case WRONG_VALUE_TYPE:
483 ss->print("Type ");
484 _type.details(ss);
485 ss->print(" and type ");
486 _expected.details(ss);
487 ss->print(" must be identical value types.");
488 break;
489 case UNKNOWN:
490 default:
491 ShouldNotReachHere();
492 ss->print_cr("Unknown");
493 }
494 ss->cr();
495 }
496
497 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
498 if (_bci != -1 && method != NULL) {
499 streamIndentor si(ss);
500 const char* bytecode_name = "<invalid>";
501 if (method->validate_bci(_bci) != -1) {
502 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
503 if (Bytecodes::is_defined(code)) {
504 bytecode_name = Bytecodes::name(code);
505 } else {
506 bytecode_name = "<illegal>";
507 }
508 }
509 InstanceKlass* ik = method->method_holder();
510 ss->indent().print_cr("Location:");
511 streamIndentor si2(ss);
512 ss->indent().print_cr("%s.%s%s @%d: %s",
513 ik->name()->as_C_string(), method->name()->as_C_string(),
514 method->signature()->as_C_string(), _bci, bytecode_name);
515 }
516 }
517
518 void ErrorContext::frame_details(outputStream* ss) const {
519 streamIndentor si(ss);
520 if (_type.is_valid() && _type.frame() != NULL) {
521 ss->indent().print_cr("Current Frame:");
522 streamIndentor si2(ss);
523 _type.frame()->print_on(ss);
524 }
525 if (_expected.is_valid() && _expected.frame() != NULL) {
526 ss->indent().print_cr("Stackmap Frame:");
527 streamIndentor si2(ss);
528 _expected.frame()->print_on(ss);
529 }
530 }
531
532 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
533 if (method != NULL) {
534 streamIndentor si(ss);
535 ss->indent().print_cr("Bytecode:");
536 streamIndentor si2(ss);
537 ss->print_data(method->code_base(), method->code_size(), false);
538 }
539 }
540
541 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
542 if (method != NULL) {
543 streamIndentor si(ss);
544 ExceptionTable table(method);
545 if (table.length() > 0) {
546 ss->indent().print_cr("Exception Handler Table:");
547 streamIndentor si2(ss);
548 for (int i = 0; i < table.length(); ++i) {
549 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
550 table.end_pc(i), table.handler_pc(i));
551 }
552 }
553 }
554 }
555
556 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
557 if (method != NULL && method->has_stackmap_table()) {
558 streamIndentor si(ss);
559 ss->indent().print_cr("Stackmap Table:");
560 Array<u1>* data = method->stackmap_data();
561 stack_map_table* sm_table =
562 stack_map_table::at((address)data->adr_at(0));
563 stack_map_frame* sm_frame = sm_table->entries();
564 streamIndentor si2(ss);
565 int current_offset = -1;
566 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
567 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
568 ss->indent();
569 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
570 sm_frame->print_truncated(ss, current_offset);
571 return;
572 }
573 sm_frame->print_on(ss, current_offset);
574 ss->cr();
575 current_offset += sm_frame->offset_delta();
576 sm_frame = sm_frame->next();
577 }
578 }
579 }
580
581 // Methods in ClassVerifier
582
583 VerificationType reference_or_valuetype(InstanceKlass* klass) {
584 if (klass->is_value()) {
585 return VerificationType::valuetype_type(klass->name());
586 } else {
587 return VerificationType::reference_type(klass->name());
588 }
589 }
590
591 ClassVerifier::ClassVerifier(
592 InstanceKlass* klass, TRAPS)
593 : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
594 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
595 _this_type = reference_or_valuetype(klass);
596 }
597
598 ClassVerifier::~ClassVerifier() {
599 // Decrement the reference count for any symbols created.
600 if (_symbols != NULL) {
601 for (int i = 0; i < _symbols->length(); i++) {
602 Symbol* s = _symbols->at(i);
603 s->decrement_refcount();
604 }
605 }
606 }
607
608 VerificationType ClassVerifier::object_type() const {
609 return VerificationType::reference_type(vmSymbols::java_lang_Object());
610 }
611
612 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
613 VerificationType vt = VerificationType::reference_type(
614 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
615 return TypeOrigin::implicit(vt);
616 }
617
618 void ClassVerifier::verify_class(TRAPS) {
619 log_info(verification)("Verifying class %s with new format", _klass->external_name());
620
621 // Either verifying both local and remote classes or just remote classes.
622 assert(BytecodeVerificationRemote, "Should not be here");
623
624 // Create hash table containing method signatures.
625 method_signatures_table_type method_signatures_table;
626 set_method_signatures_table(&method_signatures_table);
627
628 Array<Method*>* methods = _klass->methods();
629 int num_methods = methods->length();
630
631 for (int index = 0; index < num_methods; index++) {
632 // Check for recursive re-verification before each method.
633 if (was_recursively_verified()) return;
634
635 Method* m = methods->at(index);
636 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
637 // If m is native or abstract, skip it. It is checked in class file
638 // parser that methods do not override a final method. Overpass methods
639 // are trusted since the VM generates them.
640 continue;
641 }
642 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
643 }
644
645 if (was_recursively_verified()){
646 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
647 log_info(class, init)("Recursive verification detected for: %s",
648 _klass->external_name());
649 }
650 }
651
652 // Translate the signature entries into verification types and save them in
653 // the growable array. Also, save the count of arguments.
654 void ClassVerifier::translate_signature(Symbol* const method_sig,
655 sig_as_verification_types* sig_verif_types,
656 TRAPS) {
657 SignatureStream sig_stream(method_sig);
658 VerificationType sig_type[2];
659 int sig_i = 0;
660 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
661
662 // Translate the signature arguments into verification types.
663 while (!sig_stream.at_return_type()) {
664 int n = change_sig_to_verificationType(&sig_stream, sig_type, CHECK_VERIFY(this));
665 assert(n <= 2, "Unexpected signature type");
666
667 // Store verification type(s). Longs and Doubles each have two verificationTypes.
668 for (int x = 0; x < n; x++) {
669 verif_types->push(sig_type[x]);
670 }
671 sig_i += n;
672 sig_stream.next();
673 }
674
675 // Set final arg count, not including the return type. The final arg count will
676 // be compared with sig_verify_types' length to see if there is a return type.
677 sig_verif_types->set_num_args(sig_i);
678
679 // Store verification type(s) for the return type, if there is one.
680 if (sig_stream.type() != T_VOID) {
681 int n = change_sig_to_verificationType(&sig_stream, sig_type, CHECK_VERIFY(this));
682 assert(n <= 2, "Unexpected signature return type");
683 for (int y = 0; y < n; y++) {
684 verif_types->push(sig_type[y]);
685 }
686 }
687 }
688
689 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
690 int sig_index, TRAPS) {
691 // Translate the signature into verification types.
692 ConstantPool* cp = _klass->constants();
693 Symbol* const method_sig = cp->symbol_at(sig_index);
694 translate_signature(method_sig, sig_verif_types, CHECK_VERIFY(this));
695
696 // Add the list of this signature's verification types to the table.
697 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
698 assert(is_unique, "Duplicate entries in method_signature_table");
699 }
700
701 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
702 HandleMark hm(THREAD);
703 _method = m; // initialize _method
704 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
705
706 // For clang, the only good constant format string is a literal constant format string.
707 #define bad_type_msg "Bad type on operand stack in %s"
708
709 int32_t max_stack = m->verifier_max_stack();
710 int32_t max_locals = m->max_locals();
711 constantPoolHandle cp(THREAD, m->constants());
712
713 // Method signature was checked in ClassFileParser.
714 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
715 "Invalid method signature");
716
717 // Initial stack map frame: offset is 0, stack is initially empty.
718 StackMapFrame current_frame(max_locals, max_stack, this);
719 // Set initial locals
720 VerificationType return_type = current_frame.set_locals_from_arg(
721 m, current_type(), CHECK_VERIFY(this));
722
723 int32_t stackmap_index = 0; // index to the stackmap array
724
725 u4 code_length = m->code_size();
726
727 // Scan the bytecode and map each instruction's start offset to a number.
728 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
729
730 int ex_min = code_length;
731 int ex_max = -1;
732 // Look through each item on the exception table. Each of the fields must refer
733 // to a legal instruction.
734 if (was_recursively_verified()) return;
735 verify_exception_handler_table(
736 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
737
738 // Look through each entry on the local variable table and make sure
739 // its range of code array offsets is valid. (4169817)
740 if (m->has_localvariable_table()) {
741 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
742 }
743
744 Array<u1>* stackmap_data = m->stackmap_data();
745 StackMapStream stream(stackmap_data);
746 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
747 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
748 code_data, code_length, CHECK_VERIFY(this));
749
750 LogTarget(Info, verification) lt;
751 if (lt.is_enabled()) {
752 ResourceMark rm(THREAD);
753 LogStream ls(lt);
754 stackmap_table.print_on(&ls);
755 }
756
757 RawBytecodeStream bcs(m);
758
759 // Scan the byte code linearly from the start to the end
760 bool no_control_flow = false; // Set to true when there is no direct control
761 // flow from current instruction to the next
762 // instruction in sequence
763
764 Bytecodes::Code opcode;
765 while (!bcs.is_last_bytecode()) {
766 // Check for recursive re-verification before each bytecode.
767 if (was_recursively_verified()) return;
768
769 opcode = bcs.raw_next();
770 u2 bci = bcs.bci();
771
772 // Set current frame's offset to bci
773 current_frame.set_offset(bci);
774 current_frame.set_mark();
775
776 // Make sure every offset in stackmap table point to the beginning to
777 // an instruction. Match current_frame to stackmap_table entry with
778 // the same offset if exists.
779 stackmap_index = verify_stackmap_table(
780 stackmap_index, bci, ¤t_frame, &stackmap_table,
781 no_control_flow, CHECK_VERIFY(this));
782
783
784 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
785 bool verified_exc_handlers = false;
786
787 // Merge with the next instruction
788 {
789 u2 index;
790 int target;
791 VerificationType type, type2;
792 VerificationType atype;
793
794 LogTarget(Info, verification) lt;
795 if (lt.is_enabled()) {
796 ResourceMark rm(THREAD);
797 LogStream ls(lt);
798 current_frame.print_on(&ls);
799 lt.print("offset = %d, opcode = %s", bci,
800 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
801 }
802
803 // Make sure wide instruction is in correct format
804 if (bcs.is_wide()) {
805 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
806 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
807 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
808 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
809 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
810 opcode != Bytecodes::_dstore) {
811 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
812 * if we encounter a wide instruction that modifies an invalid
813 * opcode (not one of the ones listed above) */
814 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
815 return;
816 }
817 }
818
819 // Look for possible jump target in exception handlers and see if it
820 // matches current_frame. Do this check here for astore*, dstore*,
821 // fstore*, istore*, and lstore* opcodes because they can change the type
822 // state by adding a local. JVM Spec says that the incoming type state
823 // should be used for this check. So, do the check here before a possible
824 // local is added to the type state.
825 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
826 if (was_recursively_verified()) return;
827 verify_exception_handler_targets(
828 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
829 verified_exc_handlers = true;
830 }
831
832 if (was_recursively_verified()) return;
833
834 switch (opcode) {
835 case Bytecodes::_nop :
836 no_control_flow = false; break;
837 case Bytecodes::_aconst_null :
838 current_frame.push_stack(
839 VerificationType::null_type(), CHECK_VERIFY(this));
840 no_control_flow = false; break;
841 case Bytecodes::_iconst_m1 :
842 case Bytecodes::_iconst_0 :
843 case Bytecodes::_iconst_1 :
844 case Bytecodes::_iconst_2 :
845 case Bytecodes::_iconst_3 :
846 case Bytecodes::_iconst_4 :
847 case Bytecodes::_iconst_5 :
848 current_frame.push_stack(
849 VerificationType::integer_type(), CHECK_VERIFY(this));
850 no_control_flow = false; break;
851 case Bytecodes::_lconst_0 :
852 case Bytecodes::_lconst_1 :
853 current_frame.push_stack_2(
854 VerificationType::long_type(),
855 VerificationType::long2_type(), CHECK_VERIFY(this));
856 no_control_flow = false; break;
857 case Bytecodes::_fconst_0 :
858 case Bytecodes::_fconst_1 :
859 case Bytecodes::_fconst_2 :
860 current_frame.push_stack(
861 VerificationType::float_type(), CHECK_VERIFY(this));
862 no_control_flow = false; break;
863 case Bytecodes::_dconst_0 :
864 case Bytecodes::_dconst_1 :
865 current_frame.push_stack_2(
866 VerificationType::double_type(),
867 VerificationType::double2_type(), CHECK_VERIFY(this));
868 no_control_flow = false; break;
869 case Bytecodes::_sipush :
870 case Bytecodes::_bipush :
871 current_frame.push_stack(
872 VerificationType::integer_type(), CHECK_VERIFY(this));
873 no_control_flow = false; break;
874 case Bytecodes::_ldc :
875 verify_ldc(
876 opcode, bcs.get_index_u1(), ¤t_frame,
877 cp, bci, CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_ldc_w :
880 case Bytecodes::_ldc2_w :
881 verify_ldc(
882 opcode, bcs.get_index_u2(), ¤t_frame,
883 cp, bci, CHECK_VERIFY(this));
884 no_control_flow = false; break;
885 case Bytecodes::_iload :
886 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
887 no_control_flow = false; break;
888 case Bytecodes::_iload_0 :
889 case Bytecodes::_iload_1 :
890 case Bytecodes::_iload_2 :
891 case Bytecodes::_iload_3 :
892 index = opcode - Bytecodes::_iload_0;
893 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
894 no_control_flow = false; break;
895 case Bytecodes::_lload :
896 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
897 no_control_flow = false; break;
898 case Bytecodes::_lload_0 :
899 case Bytecodes::_lload_1 :
900 case Bytecodes::_lload_2 :
901 case Bytecodes::_lload_3 :
902 index = opcode - Bytecodes::_lload_0;
903 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
904 no_control_flow = false; break;
905 case Bytecodes::_fload :
906 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
907 no_control_flow = false; break;
908 case Bytecodes::_fload_0 :
909 case Bytecodes::_fload_1 :
910 case Bytecodes::_fload_2 :
911 case Bytecodes::_fload_3 :
912 index = opcode - Bytecodes::_fload_0;
913 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
914 no_control_flow = false; break;
915 case Bytecodes::_dload :
916 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
917 no_control_flow = false; break;
918 case Bytecodes::_dload_0 :
919 case Bytecodes::_dload_1 :
920 case Bytecodes::_dload_2 :
921 case Bytecodes::_dload_3 :
922 index = opcode - Bytecodes::_dload_0;
923 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
924 no_control_flow = false; break;
925 case Bytecodes::_aload :
926 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
927 no_control_flow = false; break;
928 case Bytecodes::_aload_0 :
929 case Bytecodes::_aload_1 :
930 case Bytecodes::_aload_2 :
931 case Bytecodes::_aload_3 :
932 index = opcode - Bytecodes::_aload_0;
933 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
934 no_control_flow = false; break;
935 case Bytecodes::_iaload :
936 type = current_frame.pop_stack(
937 VerificationType::integer_type(), CHECK_VERIFY(this));
938 atype = current_frame.pop_stack(
939 VerificationType::reference_check(), CHECK_VERIFY(this));
940 if (!atype.is_int_array()) {
941 verify_error(ErrorContext::bad_type(bci,
942 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
943 bad_type_msg, "iaload");
944 return;
945 }
946 current_frame.push_stack(
947 VerificationType::integer_type(), CHECK_VERIFY(this));
948 no_control_flow = false; break;
949 case Bytecodes::_baload :
950 type = current_frame.pop_stack(
951 VerificationType::integer_type(), CHECK_VERIFY(this));
952 atype = current_frame.pop_stack(
953 VerificationType::reference_check(), CHECK_VERIFY(this));
954 if (!atype.is_bool_array() && !atype.is_byte_array()) {
955 verify_error(
956 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
957 bad_type_msg, "baload");
958 return;
959 }
960 current_frame.push_stack(
961 VerificationType::integer_type(), CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_caload :
964 type = current_frame.pop_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 atype = current_frame.pop_stack(
967 VerificationType::reference_check(), CHECK_VERIFY(this));
968 if (!atype.is_char_array()) {
969 verify_error(ErrorContext::bad_type(bci,
970 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
971 bad_type_msg, "caload");
972 return;
973 }
974 current_frame.push_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 no_control_flow = false; break;
977 case Bytecodes::_saload :
978 type = current_frame.pop_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 atype = current_frame.pop_stack(
981 VerificationType::reference_check(), CHECK_VERIFY(this));
982 if (!atype.is_short_array()) {
983 verify_error(ErrorContext::bad_type(bci,
984 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
985 bad_type_msg, "saload");
986 return;
987 }
988 current_frame.push_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 no_control_flow = false; break;
991 case Bytecodes::_laload :
992 type = current_frame.pop_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 atype = current_frame.pop_stack(
995 VerificationType::reference_check(), CHECK_VERIFY(this));
996 if (!atype.is_long_array()) {
997 verify_error(ErrorContext::bad_type(bci,
998 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
999 bad_type_msg, "laload");
1000 return;
1001 }
1002 current_frame.push_stack_2(
1003 VerificationType::long_type(),
1004 VerificationType::long2_type(), CHECK_VERIFY(this));
1005 no_control_flow = false; break;
1006 case Bytecodes::_faload :
1007 type = current_frame.pop_stack(
1008 VerificationType::integer_type(), CHECK_VERIFY(this));
1009 atype = current_frame.pop_stack(
1010 VerificationType::reference_check(), CHECK_VERIFY(this));
1011 if (!atype.is_float_array()) {
1012 verify_error(ErrorContext::bad_type(bci,
1013 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1014 bad_type_msg, "faload");
1015 return;
1016 }
1017 current_frame.push_stack(
1018 VerificationType::float_type(), CHECK_VERIFY(this));
1019 no_control_flow = false; break;
1020 case Bytecodes::_daload :
1021 type = current_frame.pop_stack(
1022 VerificationType::integer_type(), CHECK_VERIFY(this));
1023 atype = current_frame.pop_stack(
1024 VerificationType::reference_check(), CHECK_VERIFY(this));
1025 if (!atype.is_double_array()) {
1026 verify_error(ErrorContext::bad_type(bci,
1027 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1028 bad_type_msg, "daload");
1029 return;
1030 }
1031 current_frame.push_stack_2(
1032 VerificationType::double_type(),
1033 VerificationType::double2_type(), CHECK_VERIFY(this));
1034 no_control_flow = false; break;
1035 case Bytecodes::_aaload : {
1036 type = current_frame.pop_stack(
1037 VerificationType::integer_type(), CHECK_VERIFY(this));
1038 atype = current_frame.pop_stack(
1039 VerificationType::reference_check(), CHECK_VERIFY(this));
1040 if (!atype.is_nonscalar_array()) {
1041 verify_error(ErrorContext::bad_type(bci,
1042 current_frame.stack_top_ctx(),
1043 TypeOrigin::implicit(VerificationType::reference_check())),
1044 bad_type_msg, "aaload");
1045 return;
1046 }
1047 if (atype.is_null()) {
1048 current_frame.push_stack(
1049 VerificationType::null_type(), CHECK_VERIFY(this));
1050 } else {
1051 VerificationType component =
1052 atype.get_component(this, CHECK_VERIFY(this));
1053 current_frame.push_stack(component, CHECK_VERIFY(this));
1054 }
1055 no_control_flow = false; break;
1056 }
1057 case Bytecodes::_istore :
1058 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1059 no_control_flow = false; break;
1060 case Bytecodes::_istore_0 :
1061 case Bytecodes::_istore_1 :
1062 case Bytecodes::_istore_2 :
1063 case Bytecodes::_istore_3 :
1064 index = opcode - Bytecodes::_istore_0;
1065 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1066 no_control_flow = false; break;
1067 case Bytecodes::_lstore :
1068 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1069 no_control_flow = false; break;
1070 case Bytecodes::_lstore_0 :
1071 case Bytecodes::_lstore_1 :
1072 case Bytecodes::_lstore_2 :
1073 case Bytecodes::_lstore_3 :
1074 index = opcode - Bytecodes::_lstore_0;
1075 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_fstore :
1078 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1079 no_control_flow = false; break;
1080 case Bytecodes::_fstore_0 :
1081 case Bytecodes::_fstore_1 :
1082 case Bytecodes::_fstore_2 :
1083 case Bytecodes::_fstore_3 :
1084 index = opcode - Bytecodes::_fstore_0;
1085 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 case Bytecodes::_dstore :
1088 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_dstore_0 :
1091 case Bytecodes::_dstore_1 :
1092 case Bytecodes::_dstore_2 :
1093 case Bytecodes::_dstore_3 :
1094 index = opcode - Bytecodes::_dstore_0;
1095 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1096 no_control_flow = false; break;
1097 case Bytecodes::_astore :
1098 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1099 no_control_flow = false; break;
1100 case Bytecodes::_astore_0 :
1101 case Bytecodes::_astore_1 :
1102 case Bytecodes::_astore_2 :
1103 case Bytecodes::_astore_3 :
1104 index = opcode - Bytecodes::_astore_0;
1105 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1106 no_control_flow = false; break;
1107 case Bytecodes::_iastore :
1108 type = current_frame.pop_stack(
1109 VerificationType::integer_type(), CHECK_VERIFY(this));
1110 type2 = current_frame.pop_stack(
1111 VerificationType::integer_type(), CHECK_VERIFY(this));
1112 atype = current_frame.pop_stack(
1113 VerificationType::reference_check(), CHECK_VERIFY(this));
1114 if (!atype.is_int_array()) {
1115 verify_error(ErrorContext::bad_type(bci,
1116 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
1117 bad_type_msg, "iastore");
1118 return;
1119 }
1120 no_control_flow = false; break;
1121 case Bytecodes::_bastore :
1122 type = current_frame.pop_stack(
1123 VerificationType::integer_type(), CHECK_VERIFY(this));
1124 type2 = current_frame.pop_stack(
1125 VerificationType::integer_type(), CHECK_VERIFY(this));
1126 atype = current_frame.pop_stack(
1127 VerificationType::reference_check(), CHECK_VERIFY(this));
1128 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1129 verify_error(
1130 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1131 bad_type_msg, "bastore");
1132 return;
1133 }
1134 no_control_flow = false; break;
1135 case Bytecodes::_castore :
1136 current_frame.pop_stack(
1137 VerificationType::integer_type(), CHECK_VERIFY(this));
1138 current_frame.pop_stack(
1139 VerificationType::integer_type(), CHECK_VERIFY(this));
1140 atype = current_frame.pop_stack(
1141 VerificationType::reference_check(), CHECK_VERIFY(this));
1142 if (!atype.is_char_array()) {
1143 verify_error(ErrorContext::bad_type(bci,
1144 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1145 bad_type_msg, "castore");
1146 return;
1147 }
1148 no_control_flow = false; break;
1149 case Bytecodes::_sastore :
1150 current_frame.pop_stack(
1151 VerificationType::integer_type(), CHECK_VERIFY(this));
1152 current_frame.pop_stack(
1153 VerificationType::integer_type(), CHECK_VERIFY(this));
1154 atype = current_frame.pop_stack(
1155 VerificationType::reference_check(), CHECK_VERIFY(this));
1156 if (!atype.is_short_array()) {
1157 verify_error(ErrorContext::bad_type(bci,
1158 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1159 bad_type_msg, "sastore");
1160 return;
1161 }
1162 no_control_flow = false; break;
1163 case Bytecodes::_lastore :
1164 current_frame.pop_stack_2(
1165 VerificationType::long2_type(),
1166 VerificationType::long_type(), CHECK_VERIFY(this));
1167 current_frame.pop_stack(
1168 VerificationType::integer_type(), CHECK_VERIFY(this));
1169 atype = current_frame.pop_stack(
1170 VerificationType::reference_check(), CHECK_VERIFY(this));
1171 if (!atype.is_long_array()) {
1172 verify_error(ErrorContext::bad_type(bci,
1173 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1174 bad_type_msg, "lastore");
1175 return;
1176 }
1177 no_control_flow = false; break;
1178 case Bytecodes::_fastore :
1179 current_frame.pop_stack(
1180 VerificationType::float_type(), CHECK_VERIFY(this));
1181 current_frame.pop_stack
1182 (VerificationType::integer_type(), CHECK_VERIFY(this));
1183 atype = current_frame.pop_stack(
1184 VerificationType::reference_check(), CHECK_VERIFY(this));
1185 if (!atype.is_float_array()) {
1186 verify_error(ErrorContext::bad_type(bci,
1187 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1188 bad_type_msg, "fastore");
1189 return;
1190 }
1191 no_control_flow = false; break;
1192 case Bytecodes::_dastore :
1193 current_frame.pop_stack_2(
1194 VerificationType::double2_type(),
1195 VerificationType::double_type(), CHECK_VERIFY(this));
1196 current_frame.pop_stack(
1197 VerificationType::integer_type(), CHECK_VERIFY(this));
1198 atype = current_frame.pop_stack(
1199 VerificationType::reference_check(), CHECK_VERIFY(this));
1200 if (!atype.is_double_array()) {
1201 verify_error(ErrorContext::bad_type(bci,
1202 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1203 bad_type_msg, "dastore");
1204 return;
1205 }
1206 no_control_flow = false; break;
1207 case Bytecodes::_aastore :
1208 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1209 type2 = current_frame.pop_stack(
1210 VerificationType::integer_type(), CHECK_VERIFY(this));
1211 atype = current_frame.pop_stack(
1212 VerificationType::reference_check(), CHECK_VERIFY(this));
1213 // more type-checking is done at runtime
1214 if (!atype.is_nonscalar_array()) {
1215 verify_error(ErrorContext::bad_type(bci,
1216 current_frame.stack_top_ctx(),
1217 TypeOrigin::implicit(VerificationType::reference_check())),
1218 bad_type_msg, "aastore");
1219 return;
1220 }
1221 // 4938384: relaxed constraint in JVMS 3nd edition.
1222 no_control_flow = false; break;
1223 case Bytecodes::_pop :
1224 current_frame.pop_stack(
1225 VerificationType::category1_check(), CHECK_VERIFY(this));
1226 no_control_flow = false; break;
1227 case Bytecodes::_pop2 :
1228 type = current_frame.pop_stack(CHECK_VERIFY(this));
1229 if (type.is_category1()) {
1230 current_frame.pop_stack(
1231 VerificationType::category1_check(), CHECK_VERIFY(this));
1232 } else if (type.is_category2_2nd()) {
1233 current_frame.pop_stack(
1234 VerificationType::category2_check(), CHECK_VERIFY(this));
1235 } else {
1236 /* Unreachable? Would need a category2_1st on TOS
1237 * which does not appear possible. */
1238 verify_error(
1239 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1240 bad_type_msg, "pop2");
1241 return;
1242 }
1243 no_control_flow = false; break;
1244 case Bytecodes::_dup :
1245 type = current_frame.pop_stack(
1246 VerificationType::category1_check(), CHECK_VERIFY(this));
1247 current_frame.push_stack(type, CHECK_VERIFY(this));
1248 current_frame.push_stack(type, CHECK_VERIFY(this));
1249 no_control_flow = false; break;
1250 case Bytecodes::_dup_x1 :
1251 type = current_frame.pop_stack(
1252 VerificationType::category1_check(), CHECK_VERIFY(this));
1253 type2 = current_frame.pop_stack(
1254 VerificationType::category1_check(), CHECK_VERIFY(this));
1255 current_frame.push_stack(type, CHECK_VERIFY(this));
1256 current_frame.push_stack(type2, CHECK_VERIFY(this));
1257 current_frame.push_stack(type, CHECK_VERIFY(this));
1258 no_control_flow = false; break;
1259 case Bytecodes::_dup_x2 :
1260 {
1261 VerificationType type3;
1262 type = current_frame.pop_stack(
1263 VerificationType::category1_check(), CHECK_VERIFY(this));
1264 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1265 if (type2.is_category1()) {
1266 type3 = current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 } else if (type2.is_category2_2nd()) {
1269 type3 = current_frame.pop_stack(
1270 VerificationType::category2_check(), CHECK_VERIFY(this));
1271 } else {
1272 /* Unreachable? Would need a category2_1st at stack depth 2 with
1273 * a category1 on TOS which does not appear possible. */
1274 verify_error(ErrorContext::bad_type(
1275 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1276 return;
1277 }
1278 current_frame.push_stack(type, CHECK_VERIFY(this));
1279 current_frame.push_stack(type3, CHECK_VERIFY(this));
1280 current_frame.push_stack(type2, CHECK_VERIFY(this));
1281 current_frame.push_stack(type, CHECK_VERIFY(this));
1282 no_control_flow = false; break;
1283 }
1284 case Bytecodes::_dup2 :
1285 type = current_frame.pop_stack(CHECK_VERIFY(this));
1286 if (type.is_category1()) {
1287 type2 = current_frame.pop_stack(
1288 VerificationType::category1_check(), CHECK_VERIFY(this));
1289 } else if (type.is_category2_2nd()) {
1290 type2 = current_frame.pop_stack(
1291 VerificationType::category2_check(), CHECK_VERIFY(this));
1292 } else {
1293 /* Unreachable? Would need a category2_1st on TOS which does not
1294 * appear possible. */
1295 verify_error(
1296 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1297 bad_type_msg, "dup2");
1298 return;
1299 }
1300 current_frame.push_stack(type2, CHECK_VERIFY(this));
1301 current_frame.push_stack(type, CHECK_VERIFY(this));
1302 current_frame.push_stack(type2, CHECK_VERIFY(this));
1303 current_frame.push_stack(type, CHECK_VERIFY(this));
1304 no_control_flow = false; break;
1305 case Bytecodes::_dup2_x1 :
1306 {
1307 VerificationType type3;
1308 type = current_frame.pop_stack(CHECK_VERIFY(this));
1309 if (type.is_category1()) {
1310 type2 = current_frame.pop_stack(
1311 VerificationType::category1_check(), CHECK_VERIFY(this));
1312 } else if (type.is_category2_2nd()) {
1313 type2 = current_frame.pop_stack(
1314 VerificationType::category2_check(), CHECK_VERIFY(this));
1315 } else {
1316 /* Unreachable? Would need a category2_1st on TOS which does
1317 * not appear possible. */
1318 verify_error(
1319 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1320 bad_type_msg, "dup2_x1");
1321 return;
1322 }
1323 type3 = current_frame.pop_stack(
1324 VerificationType::category1_check(), CHECK_VERIFY(this));
1325 current_frame.push_stack(type2, CHECK_VERIFY(this));
1326 current_frame.push_stack(type, CHECK_VERIFY(this));
1327 current_frame.push_stack(type3, CHECK_VERIFY(this));
1328 current_frame.push_stack(type2, CHECK_VERIFY(this));
1329 current_frame.push_stack(type, CHECK_VERIFY(this));
1330 no_control_flow = false; break;
1331 }
1332 case Bytecodes::_dup2_x2 :
1333 {
1334 VerificationType type3, type4;
1335 type = current_frame.pop_stack(CHECK_VERIFY(this));
1336 if (type.is_category1()) {
1337 type2 = current_frame.pop_stack(
1338 VerificationType::category1_check(), CHECK_VERIFY(this));
1339 } else if (type.is_category2_2nd()) {
1340 type2 = current_frame.pop_stack(
1341 VerificationType::category2_check(), CHECK_VERIFY(this));
1342 } else {
1343 /* Unreachable? Would need a category2_1st on TOS which does
1344 * not appear possible. */
1345 verify_error(
1346 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1347 bad_type_msg, "dup2_x2");
1348 return;
1349 }
1350 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1351 if (type3.is_category1()) {
1352 type4 = current_frame.pop_stack(
1353 VerificationType::category1_check(), CHECK_VERIFY(this));
1354 } else if (type3.is_category2_2nd()) {
1355 type4 = current_frame.pop_stack(
1356 VerificationType::category2_check(), CHECK_VERIFY(this));
1357 } else {
1358 /* Unreachable? Would need a category2_1st on TOS after popping
1359 * a long/double or two category 1's, which does not
1360 * appear possible. */
1361 verify_error(
1362 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1363 bad_type_msg, "dup2_x2");
1364 return;
1365 }
1366 current_frame.push_stack(type2, CHECK_VERIFY(this));
1367 current_frame.push_stack(type, CHECK_VERIFY(this));
1368 current_frame.push_stack(type4, CHECK_VERIFY(this));
1369 current_frame.push_stack(type3, CHECK_VERIFY(this));
1370 current_frame.push_stack(type2, CHECK_VERIFY(this));
1371 current_frame.push_stack(type, CHECK_VERIFY(this));
1372 no_control_flow = false; break;
1373 }
1374 case Bytecodes::_swap :
1375 type = current_frame.pop_stack(
1376 VerificationType::category1_check(), CHECK_VERIFY(this));
1377 type2 = current_frame.pop_stack(
1378 VerificationType::category1_check(), CHECK_VERIFY(this));
1379 current_frame.push_stack(type, CHECK_VERIFY(this));
1380 current_frame.push_stack(type2, CHECK_VERIFY(this));
1381 no_control_flow = false; break;
1382 case Bytecodes::_iadd :
1383 case Bytecodes::_isub :
1384 case Bytecodes::_imul :
1385 case Bytecodes::_idiv :
1386 case Bytecodes::_irem :
1387 case Bytecodes::_ishl :
1388 case Bytecodes::_ishr :
1389 case Bytecodes::_iushr :
1390 case Bytecodes::_ior :
1391 case Bytecodes::_ixor :
1392 case Bytecodes::_iand :
1393 current_frame.pop_stack(
1394 VerificationType::integer_type(), CHECK_VERIFY(this));
1395 // fall through
1396 case Bytecodes::_ineg :
1397 current_frame.pop_stack(
1398 VerificationType::integer_type(), CHECK_VERIFY(this));
1399 current_frame.push_stack(
1400 VerificationType::integer_type(), CHECK_VERIFY(this));
1401 no_control_flow = false; break;
1402 case Bytecodes::_ladd :
1403 case Bytecodes::_lsub :
1404 case Bytecodes::_lmul :
1405 case Bytecodes::_ldiv :
1406 case Bytecodes::_lrem :
1407 case Bytecodes::_land :
1408 case Bytecodes::_lor :
1409 case Bytecodes::_lxor :
1410 current_frame.pop_stack_2(
1411 VerificationType::long2_type(),
1412 VerificationType::long_type(), CHECK_VERIFY(this));
1413 // fall through
1414 case Bytecodes::_lneg :
1415 current_frame.pop_stack_2(
1416 VerificationType::long2_type(),
1417 VerificationType::long_type(), CHECK_VERIFY(this));
1418 current_frame.push_stack_2(
1419 VerificationType::long_type(),
1420 VerificationType::long2_type(), CHECK_VERIFY(this));
1421 no_control_flow = false; break;
1422 case Bytecodes::_lshl :
1423 case Bytecodes::_lshr :
1424 case Bytecodes::_lushr :
1425 current_frame.pop_stack(
1426 VerificationType::integer_type(), CHECK_VERIFY(this));
1427 current_frame.pop_stack_2(
1428 VerificationType::long2_type(),
1429 VerificationType::long_type(), CHECK_VERIFY(this));
1430 current_frame.push_stack_2(
1431 VerificationType::long_type(),
1432 VerificationType::long2_type(), CHECK_VERIFY(this));
1433 no_control_flow = false; break;
1434 case Bytecodes::_fadd :
1435 case Bytecodes::_fsub :
1436 case Bytecodes::_fmul :
1437 case Bytecodes::_fdiv :
1438 case Bytecodes::_frem :
1439 current_frame.pop_stack(
1440 VerificationType::float_type(), CHECK_VERIFY(this));
1441 // fall through
1442 case Bytecodes::_fneg :
1443 current_frame.pop_stack(
1444 VerificationType::float_type(), CHECK_VERIFY(this));
1445 current_frame.push_stack(
1446 VerificationType::float_type(), CHECK_VERIFY(this));
1447 no_control_flow = false; break;
1448 case Bytecodes::_dadd :
1449 case Bytecodes::_dsub :
1450 case Bytecodes::_dmul :
1451 case Bytecodes::_ddiv :
1452 case Bytecodes::_drem :
1453 current_frame.pop_stack_2(
1454 VerificationType::double2_type(),
1455 VerificationType::double_type(), CHECK_VERIFY(this));
1456 // fall through
1457 case Bytecodes::_dneg :
1458 current_frame.pop_stack_2(
1459 VerificationType::double2_type(),
1460 VerificationType::double_type(), CHECK_VERIFY(this));
1461 current_frame.push_stack_2(
1462 VerificationType::double_type(),
1463 VerificationType::double2_type(), CHECK_VERIFY(this));
1464 no_control_flow = false; break;
1465 case Bytecodes::_iinc :
1466 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1467 no_control_flow = false; break;
1468 case Bytecodes::_i2l :
1469 type = current_frame.pop_stack(
1470 VerificationType::integer_type(), CHECK_VERIFY(this));
1471 current_frame.push_stack_2(
1472 VerificationType::long_type(),
1473 VerificationType::long2_type(), CHECK_VERIFY(this));
1474 no_control_flow = false; break;
1475 case Bytecodes::_l2i :
1476 current_frame.pop_stack_2(
1477 VerificationType::long2_type(),
1478 VerificationType::long_type(), CHECK_VERIFY(this));
1479 current_frame.push_stack(
1480 VerificationType::integer_type(), CHECK_VERIFY(this));
1481 no_control_flow = false; break;
1482 case Bytecodes::_i2f :
1483 current_frame.pop_stack(
1484 VerificationType::integer_type(), CHECK_VERIFY(this));
1485 current_frame.push_stack(
1486 VerificationType::float_type(), CHECK_VERIFY(this));
1487 no_control_flow = false; break;
1488 case Bytecodes::_i2d :
1489 current_frame.pop_stack(
1490 VerificationType::integer_type(), CHECK_VERIFY(this));
1491 current_frame.push_stack_2(
1492 VerificationType::double_type(),
1493 VerificationType::double2_type(), CHECK_VERIFY(this));
1494 no_control_flow = false; break;
1495 case Bytecodes::_l2f :
1496 current_frame.pop_stack_2(
1497 VerificationType::long2_type(),
1498 VerificationType::long_type(), CHECK_VERIFY(this));
1499 current_frame.push_stack(
1500 VerificationType::float_type(), CHECK_VERIFY(this));
1501 no_control_flow = false; break;
1502 case Bytecodes::_l2d :
1503 current_frame.pop_stack_2(
1504 VerificationType::long2_type(),
1505 VerificationType::long_type(), CHECK_VERIFY(this));
1506 current_frame.push_stack_2(
1507 VerificationType::double_type(),
1508 VerificationType::double2_type(), CHECK_VERIFY(this));
1509 no_control_flow = false; break;
1510 case Bytecodes::_f2i :
1511 current_frame.pop_stack(
1512 VerificationType::float_type(), CHECK_VERIFY(this));
1513 current_frame.push_stack(
1514 VerificationType::integer_type(), CHECK_VERIFY(this));
1515 no_control_flow = false; break;
1516 case Bytecodes::_f2l :
1517 current_frame.pop_stack(
1518 VerificationType::float_type(), CHECK_VERIFY(this));
1519 current_frame.push_stack_2(
1520 VerificationType::long_type(),
1521 VerificationType::long2_type(), CHECK_VERIFY(this));
1522 no_control_flow = false; break;
1523 case Bytecodes::_f2d :
1524 current_frame.pop_stack(
1525 VerificationType::float_type(), CHECK_VERIFY(this));
1526 current_frame.push_stack_2(
1527 VerificationType::double_type(),
1528 VerificationType::double2_type(), CHECK_VERIFY(this));
1529 no_control_flow = false; break;
1530 case Bytecodes::_d2i :
1531 current_frame.pop_stack_2(
1532 VerificationType::double2_type(),
1533 VerificationType::double_type(), CHECK_VERIFY(this));
1534 current_frame.push_stack(
1535 VerificationType::integer_type(), CHECK_VERIFY(this));
1536 no_control_flow = false; break;
1537 case Bytecodes::_d2l :
1538 current_frame.pop_stack_2(
1539 VerificationType::double2_type(),
1540 VerificationType::double_type(), CHECK_VERIFY(this));
1541 current_frame.push_stack_2(
1542 VerificationType::long_type(),
1543 VerificationType::long2_type(), CHECK_VERIFY(this));
1544 no_control_flow = false; break;
1545 case Bytecodes::_d2f :
1546 current_frame.pop_stack_2(
1547 VerificationType::double2_type(),
1548 VerificationType::double_type(), CHECK_VERIFY(this));
1549 current_frame.push_stack(
1550 VerificationType::float_type(), CHECK_VERIFY(this));
1551 no_control_flow = false; break;
1552 case Bytecodes::_i2b :
1553 case Bytecodes::_i2c :
1554 case Bytecodes::_i2s :
1555 current_frame.pop_stack(
1556 VerificationType::integer_type(), CHECK_VERIFY(this));
1557 current_frame.push_stack(
1558 VerificationType::integer_type(), CHECK_VERIFY(this));
1559 no_control_flow = false; break;
1560 case Bytecodes::_lcmp :
1561 current_frame.pop_stack_2(
1562 VerificationType::long2_type(),
1563 VerificationType::long_type(), CHECK_VERIFY(this));
1564 current_frame.pop_stack_2(
1565 VerificationType::long2_type(),
1566 VerificationType::long_type(), CHECK_VERIFY(this));
1567 current_frame.push_stack(
1568 VerificationType::integer_type(), CHECK_VERIFY(this));
1569 no_control_flow = false; break;
1570 case Bytecodes::_fcmpl :
1571 case Bytecodes::_fcmpg :
1572 current_frame.pop_stack(
1573 VerificationType::float_type(), CHECK_VERIFY(this));
1574 current_frame.pop_stack(
1575 VerificationType::float_type(), CHECK_VERIFY(this));
1576 current_frame.push_stack(
1577 VerificationType::integer_type(), CHECK_VERIFY(this));
1578 no_control_flow = false; break;
1579 case Bytecodes::_dcmpl :
1580 case Bytecodes::_dcmpg :
1581 current_frame.pop_stack_2(
1582 VerificationType::double2_type(),
1583 VerificationType::double_type(), CHECK_VERIFY(this));
1584 current_frame.pop_stack_2(
1585 VerificationType::double2_type(),
1586 VerificationType::double_type(), CHECK_VERIFY(this));
1587 current_frame.push_stack(
1588 VerificationType::integer_type(), CHECK_VERIFY(this));
1589 no_control_flow = false; break;
1590 case Bytecodes::_if_icmpeq:
1591 case Bytecodes::_if_icmpne:
1592 case Bytecodes::_if_icmplt:
1593 case Bytecodes::_if_icmpge:
1594 case Bytecodes::_if_icmpgt:
1595 case Bytecodes::_if_icmple:
1596 current_frame.pop_stack(
1597 VerificationType::integer_type(), CHECK_VERIFY(this));
1598 // fall through
1599 case Bytecodes::_ifeq:
1600 case Bytecodes::_ifne:
1601 case Bytecodes::_iflt:
1602 case Bytecodes::_ifge:
1603 case Bytecodes::_ifgt:
1604 case Bytecodes::_ifle:
1605 current_frame.pop_stack(
1606 VerificationType::integer_type(), CHECK_VERIFY(this));
1607 target = bcs.dest();
1608 stackmap_table.check_jump_target(
1609 ¤t_frame, target, CHECK_VERIFY(this));
1610 no_control_flow = false; break;
1611 case Bytecodes::_if_acmpeq :
1612 case Bytecodes::_if_acmpne :
1613 current_frame.pop_stack(
1614 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifnull :
1617 case Bytecodes::_ifnonnull :
1618 current_frame.pop_stack(
1619 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1620 target = bcs.dest();
1621 stackmap_table.check_jump_target
1622 (¤t_frame, target, CHECK_VERIFY(this));
1623 no_control_flow = false; break;
1624 case Bytecodes::_goto :
1625 target = bcs.dest();
1626 stackmap_table.check_jump_target(
1627 ¤t_frame, target, CHECK_VERIFY(this));
1628 no_control_flow = true; break;
1629 case Bytecodes::_goto_w :
1630 target = bcs.dest_w();
1631 stackmap_table.check_jump_target(
1632 ¤t_frame, target, CHECK_VERIFY(this));
1633 no_control_flow = true; break;
1634 case Bytecodes::_tableswitch :
1635 case Bytecodes::_lookupswitch :
1636 verify_switch(
1637 &bcs, code_length, code_data, ¤t_frame,
1638 &stackmap_table, CHECK_VERIFY(this));
1639 no_control_flow = true; break;
1640 case Bytecodes::_ireturn :
1641 type = current_frame.pop_stack(
1642 VerificationType::integer_type(), CHECK_VERIFY(this));
1643 verify_return_value(return_type, type, bci,
1644 ¤t_frame, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_lreturn :
1647 type2 = current_frame.pop_stack(
1648 VerificationType::long2_type(), CHECK_VERIFY(this));
1649 type = current_frame.pop_stack(
1650 VerificationType::long_type(), CHECK_VERIFY(this));
1651 verify_return_value(return_type, type, bci,
1652 ¤t_frame, CHECK_VERIFY(this));
1653 no_control_flow = true; break;
1654 case Bytecodes::_freturn :
1655 type = current_frame.pop_stack(
1656 VerificationType::float_type(), CHECK_VERIFY(this));
1657 verify_return_value(return_type, type, bci,
1658 ¤t_frame, CHECK_VERIFY(this));
1659 no_control_flow = true; break;
1660 case Bytecodes::_dreturn :
1661 type2 = current_frame.pop_stack(
1662 VerificationType::double2_type(), CHECK_VERIFY(this));
1663 type = current_frame.pop_stack(
1664 VerificationType::double_type(), CHECK_VERIFY(this));
1665 verify_return_value(return_type, type, bci,
1666 ¤t_frame, CHECK_VERIFY(this));
1667 no_control_flow = true; break;
1668 case Bytecodes::_areturn :
1669 type = current_frame.pop_stack(
1670 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1671 verify_return_value(return_type, type, bci,
1672 ¤t_frame, CHECK_VERIFY(this));
1673 no_control_flow = true; break;
1674 case Bytecodes::_return :
1675 if (return_type != VerificationType::bogus_type()) {
1676 verify_error(ErrorContext::bad_code(bci),
1677 "Method expects a return value");
1678 return;
1679 }
1680 // Make sure "this" has been initialized if current method is an
1681 // <init>.
1682 if (_method->name() == vmSymbols::object_initializer_name() &&
1683 current_frame.flag_this_uninit()) {
1684 verify_error(ErrorContext::bad_code(bci),
1685 "Constructor must call super() or this() "
1686 "before return");
1687 return;
1688 }
1689 no_control_flow = true; break;
1690 case Bytecodes::_getstatic :
1691 case Bytecodes::_putstatic :
1692 // pass TRUE, operand can be an array type for getstatic/putstatic.
1693 verify_field_instructions(
1694 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1695 no_control_flow = false; break;
1696 case Bytecodes::_getfield :
1697 case Bytecodes::_putfield :
1698 // pass FALSE, operand can't be an array type for getfield/putfield.
1699 verify_field_instructions(
1700 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1701 no_control_flow = false; break;
1702 case Bytecodes::_withfield :
1703 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1704 class_format_error(
1705 "withfield not supported by this class file version (%d.%d), class %s",
1706 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1707 return;
1708 }
1709 // pass FALSE, operand can't be an array type for withfield.
1710 verify_field_instructions(
1711 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_invokevirtual :
1714 case Bytecodes::_invokespecial :
1715 case Bytecodes::_invokestatic :
1716 verify_invoke_instructions(
1717 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1718 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1719 no_control_flow = false; break;
1720 case Bytecodes::_invokeinterface :
1721 case Bytecodes::_invokedynamic :
1722 verify_invoke_instructions(
1723 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1724 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1725 no_control_flow = false; break;
1726 case Bytecodes::_new :
1727 {
1728 index = bcs.get_index_u2();
1729 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1730 VerificationType new_class_type =
1731 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1732 if (!new_class_type.is_object()) {
1733 verify_error(ErrorContext::bad_type(bci,
1734 TypeOrigin::cp(index, new_class_type)),
1735 "Illegal new instruction");
1736 return;
1737 }
1738 type = VerificationType::uninitialized_type(bci);
1739 current_frame.push_stack(type, CHECK_VERIFY(this));
1740 no_control_flow = false; break;
1741 }
1742 case Bytecodes::_defaultvalue :
1743 {
1744 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) {
1745 class_format_error(
1746 "defaultvalue not supported by this class file version (%d.%d), class %s",
1747 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1748 return;
1749 }
1750 index = bcs.get_index_u2();
1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1753 if (!ref_type.is_object()) {
1754 verify_error(ErrorContext::bad_type(bci,
1755 TypeOrigin::cp(index, ref_type)),
1756 "Illegal defaultvalue instruction");
1757 return;
1758 }
1759 VerificationType value_type =
1760 VerificationType::change_ref_to_valuetype(ref_type);
1761 current_frame.push_stack(value_type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_newarray :
1765 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1766 current_frame.pop_stack(
1767 VerificationType::integer_type(), CHECK_VERIFY(this));
1768 current_frame.push_stack(type, CHECK_VERIFY(this));
1769 no_control_flow = false; break;
1770 case Bytecodes::_anewarray :
1771 verify_anewarray(
1772 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1773 no_control_flow = false; break;
1774 case Bytecodes::_arraylength :
1775 type = current_frame.pop_stack(
1776 VerificationType::reference_check(), CHECK_VERIFY(this));
1777 if (!(type.is_null() || type.is_array())) {
1778 verify_error(ErrorContext::bad_type(
1779 bci, current_frame.stack_top_ctx()),
1780 bad_type_msg, "arraylength");
1781 }
1782 current_frame.push_stack(
1783 VerificationType::integer_type(), CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 case Bytecodes::_checkcast :
1786 {
1787 index = bcs.get_index_u2();
1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790 VerificationType klass_type = cp_index_to_type(
1791 index, cp, CHECK_VERIFY(this));
1792 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 }
1795 case Bytecodes::_instanceof : {
1796 index = bcs.get_index_u2();
1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799 current_frame.push_stack(
1800 VerificationType::integer_type(), CHECK_VERIFY(this));
1801 no_control_flow = false; break;
1802 }
1803 case Bytecodes::_monitorenter :
1804 case Bytecodes::_monitorexit : {
1805 VerificationType ref = current_frame.pop_stack(
1806 VerificationType::reference_check(), CHECK_VERIFY(this));
1807 no_control_flow = false; break;
1808 }
1809 case Bytecodes::_multianewarray :
1810 {
1811 index = bcs.get_index_u2();
1812 u2 dim = *(bcs.bcp()+3);
1813 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1814 VerificationType new_array_type =
1815 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1816 if (!new_array_type.is_array()) {
1817 verify_error(ErrorContext::bad_type(bci,
1818 TypeOrigin::cp(index, new_array_type)),
1819 "Illegal constant pool index in multianewarray instruction");
1820 return;
1821 }
1822 if (dim < 1 || new_array_type.dimensions() < dim) {
1823 verify_error(ErrorContext::bad_code(bci),
1824 "Illegal dimension in multianewarray instruction: %d", dim);
1825 return;
1826 }
1827 for (int i = 0; i < dim; i++) {
1828 current_frame.pop_stack(
1829 VerificationType::integer_type(), CHECK_VERIFY(this));
1830 }
1831 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1832 no_control_flow = false; break;
1833 }
1834 case Bytecodes::_athrow :
1835 type = VerificationType::reference_type(
1836 vmSymbols::java_lang_Throwable());
1837 current_frame.pop_stack(type, CHECK_VERIFY(this));
1838 no_control_flow = true; break;
1839 default:
1840 // We only need to check the valid bytecodes in class file.
1841 // And jsr and ret are not in the new class file format in JDK1.5.
1842 verify_error(ErrorContext::bad_code(bci),
1843 "Bad instruction: %02x", opcode);
1844 no_control_flow = false;
1845 return;
1846 } // end switch
1847 } // end Merge with the next instruction
1848
1849 // Look for possible jump target in exception handlers and see if it matches
1850 // current_frame. Don't do this check if it has already been done (for
1851 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1852 // opcodes, such as invokespecial, may set the this_uninit flag.
1853 assert(!(verified_exc_handlers && this_uninit),
1854 "Exception handler targets got verified before this_uninit got set");
1855 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1856 if (was_recursively_verified()) return;
1857 verify_exception_handler_targets(
1858 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1859 }
1860 } // end while
1861
1862 // Make sure that control flow does not fall through end of the method
1863 if (!no_control_flow) {
1864 verify_error(ErrorContext::bad_code(code_length),
1865 "Control flow falls through code end");
1866 return;
1867 }
1868 }
1869
1870 #undef bad_type_message
1871
1872 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1873 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1874 memset(code_data, 0, sizeof(char) * code_length);
1875 RawBytecodeStream bcs(m);
1876
1877 while (!bcs.is_last_bytecode()) {
1878 if (bcs.raw_next() != Bytecodes::_illegal) {
1879 int bci = bcs.bci();
1880 if (bcs.raw_code() == Bytecodes::_new) {
1881 code_data[bci] = NEW_OFFSET;
1882 } else {
1883 code_data[bci] = BYTECODE_OFFSET;
1884 }
1885 } else {
1886 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1887 return NULL;
1888 }
1889 }
1890
1891 return code_data;
1892 }
1893
1894 // Since this method references the constant pool, call was_recursively_verified()
1895 // before calling this method to make sure a prior class load did not cause the
1896 // current class to get verified.
1897 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1898 ExceptionTable exhandlers(_method());
1899 int exlength = exhandlers.length();
1900 constantPoolHandle cp (THREAD, _method->constants());
1901
1902 for(int i = 0; i < exlength; i++) {
1903 u2 start_pc = exhandlers.start_pc(i);
1904 u2 end_pc = exhandlers.end_pc(i);
1905 u2 handler_pc = exhandlers.handler_pc(i);
1906 if (start_pc >= code_length || code_data[start_pc] == 0) {
1907 class_format_error("Illegal exception table start_pc %d", start_pc);
1908 return;
1909 }
1910 if (end_pc != code_length) { // special case: end_pc == code_length
1911 if (end_pc > code_length || code_data[end_pc] == 0) {
1912 class_format_error("Illegal exception table end_pc %d", end_pc);
1913 return;
1914 }
1915 }
1916 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1917 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1918 return;
1919 }
1920 int catch_type_index = exhandlers.catch_type_index(i);
1921 if (catch_type_index != 0) {
1922 VerificationType catch_type = cp_index_to_type(
1923 catch_type_index, cp, CHECK_VERIFY(this));
1924 VerificationType throwable =
1925 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1926 bool is_subclass = throwable.is_assignable_from(
1927 catch_type, this, false, CHECK_VERIFY(this));
1928 if (!is_subclass) {
1929 // 4286534: should throw VerifyError according to recent spec change
1930 verify_error(ErrorContext::bad_type(handler_pc,
1931 TypeOrigin::cp(catch_type_index, catch_type),
1932 TypeOrigin::implicit(throwable)),
1933 "Catch type is not a subclass "
1934 "of Throwable in exception handler %d", handler_pc);
1935 return;
1936 }
1937 }
1938 if (start_pc < min) min = start_pc;
1939 if (end_pc > max) max = end_pc;
1940 }
1941 }
1942
1943 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1944 int localvariable_table_length = _method->localvariable_table_length();
1945 if (localvariable_table_length > 0) {
1946 LocalVariableTableElement* table = _method->localvariable_table_start();
1947 for (int i = 0; i < localvariable_table_length; i++) {
1948 u2 start_bci = table[i].start_bci;
1949 u2 length = table[i].length;
1950
1951 if (start_bci >= code_length || code_data[start_bci] == 0) {
1952 class_format_error(
1953 "Illegal local variable table start_pc %d", start_bci);
1954 return;
1955 }
1956 u4 end_bci = (u4)(start_bci + length);
1957 if (end_bci != code_length) {
1958 if (end_bci >= code_length || code_data[end_bci] == 0) {
1959 class_format_error( "Illegal local variable table length %d", length);
1960 return;
1961 }
1962 }
1963 }
1964 }
1965 }
1966
1967 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1968 StackMapFrame* current_frame,
1969 StackMapTable* stackmap_table,
1970 bool no_control_flow, TRAPS) {
1971 if (stackmap_index < stackmap_table->get_frame_count()) {
1972 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1973 if (no_control_flow && this_offset > bci) {
1974 verify_error(ErrorContext::missing_stackmap(bci),
1975 "Expecting a stack map frame");
1976 return 0;
1977 }
1978 if (this_offset == bci) {
1979 ErrorContext ctx;
1980 // See if current stack map can be assigned to the frame in table.
1981 // current_frame is the stackmap frame got from the last instruction.
1982 // If matched, current_frame will be updated by this method.
1983 bool matches = stackmap_table->match_stackmap(
1984 current_frame, this_offset, stackmap_index,
1985 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1986 if (!matches) {
1987 // report type error
1988 verify_error(ctx, "Instruction type does not match stack map");
1989 return 0;
1990 }
1991 stackmap_index++;
1992 } else if (this_offset < bci) {
1993 // current_offset should have met this_offset.
1994 class_format_error("Bad stack map offset %d", this_offset);
1995 return 0;
1996 }
1997 } else if (no_control_flow) {
1998 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1999 return 0;
2000 }
2001 return stackmap_index;
2002 }
2003
2004 // Since this method references the constant pool, call was_recursively_verified()
2005 // before calling this method to make sure a prior class load did not cause the
2006 // current class to get verified.
2007 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2008 StackMapFrame* current_frame,
2009 StackMapTable* stackmap_table, TRAPS) {
2010 constantPoolHandle cp (THREAD, _method->constants());
2011 ExceptionTable exhandlers(_method());
2012 int exlength = exhandlers.length();
2013 for(int i = 0; i < exlength; i++) {
2014 u2 start_pc = exhandlers.start_pc(i);
2015 u2 end_pc = exhandlers.end_pc(i);
2016 u2 handler_pc = exhandlers.handler_pc(i);
2017 int catch_type_index = exhandlers.catch_type_index(i);
2018 if(bci >= start_pc && bci < end_pc) {
2019 u1 flags = current_frame->flags();
2020 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2021 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2022 if (catch_type_index != 0) {
2023 if (was_recursively_verified()) return;
2024 // We know that this index refers to a subclass of Throwable
2025 VerificationType catch_type = cp_index_to_type(
2026 catch_type_index, cp, CHECK_VERIFY(this));
2027 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2028 } else {
2029 VerificationType throwable =
2030 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2031 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2032 }
2033 ErrorContext ctx;
2034 bool matches = stackmap_table->match_stackmap(
2035 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2036 if (!matches) {
2037 verify_error(ctx, "Stack map does not match the one at "
2038 "exception handler %d", handler_pc);
2039 return;
2040 }
2041 }
2042 }
2043 }
2044
2045 void ClassVerifier::verify_cp_index(
2046 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2047 int nconstants = cp->length();
2048 if ((index <= 0) || (index >= nconstants)) {
2049 verify_error(ErrorContext::bad_cp_index(bci, index),
2050 "Illegal constant pool index %d in class %s",
2051 index, cp->pool_holder()->external_name());
2052 return;
2053 }
2054 }
2055
2056 void ClassVerifier::verify_cp_type(
2057 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2058
2059 // In some situations, bytecode rewriting may occur while we're verifying.
2060 // In this case, a constant pool cache exists and some indices refer to that
2061 // instead. Be sure we don't pick up such indices by accident.
2062 // We must check was_recursively_verified() before we get here.
2063 guarantee(cp->cache() == NULL, "not rewritten yet");
2064
2065 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2066 unsigned int tag = cp->tag_at(index).value();
2067
2068 if ((types & (1 << tag)) == 0) {
2069 verify_error(ErrorContext::bad_cp_index(bci, index),
2070 "Illegal type at constant pool entry %d in class %s",
2071 index, cp->pool_holder()->external_name());
2072 return;
2073 }
2074 }
2075
2076 void ClassVerifier::verify_cp_class_type(
2077 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2078 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2079 constantTag tag = cp->tag_at(index);
2080 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2081 verify_error(ErrorContext::bad_cp_index(bci, index),
2082 "Illegal type at constant pool entry %d in class %s",
2083 index, cp->pool_holder()->external_name());
2084 return;
2085 }
2086 }
2087
2088 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2089 stringStream ss;
2090
2091 ctx.reset_frames();
2092 _exception_type = vmSymbols::java_lang_VerifyError();
2093 _error_context = ctx;
2094 va_list va;
2095 va_start(va, msg);
2096 ss.vprint(msg, va);
2097 va_end(va);
2098 _message = ss.as_string();
2099 #ifdef ASSERT
2100 ResourceMark rm;
2101 const char* exception_name = _exception_type->as_C_string();
2102 Exceptions::debug_check_abort(exception_name, NULL);
2103 #endif // ndef ASSERT
2104 }
2105
2106 void ClassVerifier::class_format_error(const char* msg, ...) {
2107 stringStream ss;
2108 _exception_type = vmSymbols::java_lang_ClassFormatError();
2109 va_list va;
2110 va_start(va, msg);
2111 ss.vprint(msg, va);
2112 va_end(va);
2113 if (!_method.is_null()) {
2114 ss.print(" in method '");
2115 _method->print_external_name(&ss);
2116 ss.print("'");
2117 }
2118 _message = ss.as_string();
2119 }
2120
2121 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2122 HandleMark hm(THREAD);
2123 // Get current loader and protection domain first.
2124 oop loader = current_class()->class_loader();
2125 oop protection_domain = current_class()->protection_domain();
2126
2127 Klass* kls = SystemDictionary::resolve_or_fail(
2128 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2129 true, THREAD);
2130
2131 if (kls != NULL) {
2132 if (log_is_enabled(Debug, class, resolve)) {
2133 Verifier::trace_class_resolution(kls, current_class());
2134 }
2135 }
2136 return kls;
2137 }
2138
2139 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2140 Klass* target_class,
2141 Symbol* field_name,
2142 Symbol* field_sig,
2143 bool is_method) {
2144 NoSafepointVerifier nosafepoint;
2145
2146 // If target class isn't a super class of this class, we don't worry about this case
2147 if (!this_class->is_subclass_of(target_class)) {
2148 return false;
2149 }
2150 // Check if the specified method or field is protected
2151 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2152 fieldDescriptor fd;
2153 if (is_method) {
2154 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
2155 if (m != NULL && m->is_protected()) {
2156 if (!this_class->is_same_class_package(m->method_holder())) {
2157 return true;
2158 }
2159 }
2160 } else {
2161 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2162 if (member_klass != NULL && fd.is_protected()) {
2163 if (!this_class->is_same_class_package(member_klass)) {
2164 return true;
2165 }
2166 }
2167 }
2168 return false;
2169 }
2170
2171 void ClassVerifier::verify_ldc(
2172 int opcode, u2 index, StackMapFrame* current_frame,
2173 const constantPoolHandle& cp, u2 bci, TRAPS) {
2174 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2175 constantTag tag = cp->tag_at(index);
2176 unsigned int types = 0;
2177 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2178 if (!tag.is_unresolved_klass()) {
2179 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2180 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2181 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2182 | (1 << JVM_CONSTANT_Dynamic);
2183 // Note: The class file parser already verified the legality of
2184 // MethodHandle and MethodType constants.
2185 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2186 }
2187 } else {
2188 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2189 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2190 | (1 << JVM_CONSTANT_Dynamic);
2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2192 }
2193 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2194 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2195 } else if (tag.is_string()) {
2196 current_frame->push_stack(
2197 VerificationType::reference_type(
2198 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2199 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2200 current_frame->push_stack(
2201 VerificationType::reference_type(
2202 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2203 } else if (tag.is_int()) {
2204 current_frame->push_stack(
2205 VerificationType::integer_type(), CHECK_VERIFY(this));
2206 } else if (tag.is_float()) {
2207 current_frame->push_stack(
2208 VerificationType::float_type(), CHECK_VERIFY(this));
2209 } else if (tag.is_double()) {
2210 current_frame->push_stack_2(
2211 VerificationType::double_type(),
2212 VerificationType::double2_type(), CHECK_VERIFY(this));
2213 } else if (tag.is_long()) {
2214 current_frame->push_stack_2(
2215 VerificationType::long_type(),
2216 VerificationType::long2_type(), CHECK_VERIFY(this));
2217 } else if (tag.is_method_handle()) {
2218 current_frame->push_stack(
2219 VerificationType::reference_type(
2220 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2221 } else if (tag.is_method_type()) {
2222 current_frame->push_stack(
2223 VerificationType::reference_type(
2224 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2225 } else if (tag.is_dynamic_constant()) {
2226 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2227 // Field signature was checked in ClassFileParser.
2228 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2229 "Invalid type for dynamic constant");
2230 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2231 "buffer type must match VerificationType size");
2232 uintptr_t constant_type_buffer[2];
2233 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2234 SignatureStream sig_stream(constant_type, false);
2235 int n = change_sig_to_verificationType(
2236 &sig_stream, v_constant_type, CHECK_VERIFY(this));
2237 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2238 if (n != opcode_n) {
2239 // wrong kind of ldc; reverify against updated type mask
2240 types &= ~(1 << JVM_CONSTANT_Dynamic);
2241 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2242 }
2243 for (int i = 0; i < n; i++) {
2244 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2245 }
2246 } else {
2247 /* Unreachable? verify_cp_type has already validated the cp type. */
2248 verify_error(
2249 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2250 return;
2251 }
2252 }
2253
2254 void ClassVerifier::verify_switch(
2255 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2256 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2257 int bci = bcs->bci();
2258 address bcp = bcs->bcp();
2259 address aligned_bcp = align_up(bcp + 1, jintSize);
2260
2261 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2262 // 4639449 & 4647081: padding bytes must be 0
2263 u2 padding_offset = 1;
2264 while ((bcp + padding_offset) < aligned_bcp) {
2265 if(*(bcp + padding_offset) != 0) {
2266 verify_error(ErrorContext::bad_code(bci),
2267 "Nonzero padding byte in lookupswitch or tableswitch");
2268 return;
2269 }
2270 padding_offset++;
2271 }
2272 }
2273
2274 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2275 int keys, delta;
2276 current_frame->pop_stack(
2277 VerificationType::integer_type(), CHECK_VERIFY(this));
2278 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2279 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2280 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2281 if (low > high) {
2282 verify_error(ErrorContext::bad_code(bci),
2283 "low must be less than or equal to high in tableswitch");
2284 return;
2285 }
2286 keys = high - low + 1;
2287 if (keys < 0) {
2288 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2289 return;
2290 }
2291 delta = 1;
2292 } else {
2293 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2294 if (keys < 0) {
2295 verify_error(ErrorContext::bad_code(bci),
2296 "number of keys in lookupswitch less than 0");
2297 return;
2298 }
2299 delta = 2;
2300 // Make sure that the lookupswitch items are sorted
2301 for (int i = 0; i < (keys - 1); i++) {
2302 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2303 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2304 if (this_key >= next_key) {
2305 verify_error(ErrorContext::bad_code(bci),
2306 "Bad lookupswitch instruction");
2307 return;
2308 }
2309 }
2310 }
2311 int target = bci + default_offset;
2312 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2313 for (int i = 0; i < keys; i++) {
2314 // Because check_jump_target() may safepoint, the bytecode could have
2315 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2316 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2317 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2318 stackmap_table->check_jump_target(
2319 current_frame, target, CHECK_VERIFY(this));
2320 }
2321 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2322 }
2323
2324 bool ClassVerifier::name_in_supers(
2325 Symbol* ref_name, InstanceKlass* current) {
2326 Klass* super = current->super();
2327 while (super != NULL) {
2328 if (super->name() == ref_name) {
2329 return true;
2330 }
2331 super = super->super();
2332 }
2333 return false;
2334 }
2335
2336 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2337 StackMapFrame* current_frame,
2338 const constantPoolHandle& cp,
2339 bool allow_arrays,
2340 TRAPS) {
2341 u2 index = bcs->get_index_u2();
2342 verify_cp_type(bcs->bci(), index, cp,
2343 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2344
2345 // Get field name and signature
2346 Symbol* field_name = cp->name_ref_at(index);
2347 Symbol* field_sig = cp->signature_ref_at(index);
2348
2349 // Field signature was checked in ClassFileParser.
2350 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2351 "Invalid field signature");
2352
2353 // Get referenced class type
2354 VerificationType ref_class_type = cp_ref_index_to_type(
2355 index, cp, CHECK_VERIFY(this));
2356 if (!ref_class_type.is_object() &&
2357 (!allow_arrays || !ref_class_type.is_array())) {
2358 verify_error(ErrorContext::bad_type(bcs->bci(),
2359 TypeOrigin::cp(index, ref_class_type)),
2360 "Expecting reference to class in class %s at constant pool index %d",
2361 _klass->external_name(), index);
2362 return;
2363 }
2364
2365 VerificationType target_class_type = ref_class_type;
2366
2367 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2368 "buffer type must match VerificationType size");
2369 uintptr_t field_type_buffer[2];
2370 VerificationType* field_type = (VerificationType*)field_type_buffer;
2371 // If we make a VerificationType[2] array directly, the compiler calls
2372 // to the c-runtime library to do the allocation instead of just
2373 // stack allocating it. Plus it would run constructors. This shows up
2374 // in performance profiles.
2375
2376 SignatureStream sig_stream(field_sig, false);
2377 VerificationType stack_object_type;
2378 int n = change_sig_to_verificationType(
2379 &sig_stream, field_type, CHECK_VERIFY(this));
2380 u2 bci = bcs->bci();
2381 bool is_assignable;
2382 switch (bcs->raw_code()) {
2383 case Bytecodes::_getstatic: {
2384 for (int i = 0; i < n; i++) {
2385 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2386 }
2387 break;
2388 }
2389 case Bytecodes::_putstatic: {
2390 for (int i = n - 1; i >= 0; i--) {
2391 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2392 }
2393 break;
2394 }
2395 case Bytecodes::_withfield: {
2396 for (int i = n - 1; i >= 0; i--) {
2397 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2398 }
2399 // stack_object_type and target_class_type must be the same value type.
2400 stack_object_type =
2401 current_frame->pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this));
2402 VerificationType target_value_type =
2403 VerificationType::change_ref_to_valuetype(target_class_type);
2404 if (!stack_object_type.equals(target_value_type)) {
2405 verify_error(ErrorContext::bad_value_type(bci,
2406 current_frame->stack_top_ctx(),
2407 TypeOrigin::cp(index, target_class_type)),
2408 "Invalid type on operand stack in withfield instruction");
2409 return;
2410 }
2411 current_frame->push_stack(target_value_type, CHECK_VERIFY(this));
2412 break;
2413 }
2414 case Bytecodes::_getfield: {
2415 stack_object_type = current_frame->pop_stack(
2416 target_class_type, CHECK_VERIFY(this));
2417 for (int i = 0; i < n; i++) {
2418 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2419 }
2420 goto check_protected;
2421 }
2422 case Bytecodes::_putfield: {
2423 for (int i = n - 1; i >= 0; i--) {
2424 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2425 }
2426 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2427
2428 // The JVMS 2nd edition allows field initialization before the superclass
2429 // initializer, if the field is defined within the current class.
2430 fieldDescriptor fd;
2431 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2432 target_class_type.equals(current_type()) &&
2433 _klass->find_local_field(field_name, field_sig, &fd)) {
2434 stack_object_type = current_type();
2435 }
2436 is_assignable = target_class_type.is_assignable_from(
2437 stack_object_type, this, false, CHECK_VERIFY(this));
2438 if (!is_assignable) {
2439 verify_error(ErrorContext::bad_type(bci,
2440 current_frame->stack_top_ctx(),
2441 TypeOrigin::cp(index, target_class_type)),
2442 "Bad type on operand stack in putfield");
2443 return;
2444 }
2445 }
2446 check_protected: {
2447 if (_this_type == stack_object_type)
2448 break; // stack_object_type must be assignable to _current_class_type
2449 if (was_recursively_verified()) return;
2450 Symbol* ref_class_name =
2451 cp->klass_name_at(cp->klass_ref_index_at(index));
2452 if (!name_in_supers(ref_class_name, current_class()))
2453 // stack_object_type must be assignable to _current_class_type since:
2454 // 1. stack_object_type must be assignable to ref_class.
2455 // 2. ref_class must be _current_class or a subclass of it. It can't
2456 // be a superclass of it. See revised JVMS 5.4.4.
2457 break;
2458
2459 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2460 if (is_protected_access(current_class(), ref_class_oop, field_name,
2461 field_sig, false)) {
2462 // It's protected access, check if stack object is assignable to
2463 // current class.
2464 is_assignable = current_type().is_assignable_from(
2465 stack_object_type, this, true, CHECK_VERIFY(this));
2466 if (!is_assignable) {
2467 verify_error(ErrorContext::bad_type(bci,
2468 current_frame->stack_top_ctx(),
2469 TypeOrigin::implicit(current_type())),
2470 "Bad access to protected data in getfield");
2471 return;
2472 }
2473 }
2474 break;
2475 }
2476 default: ShouldNotReachHere();
2477 }
2478 }
2479
2480 // Look at the method's handlers. If the bci is in the handler's try block
2481 // then check if the handler_pc is already on the stack. If not, push it
2482 // unless the handler has already been scanned.
2483 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2484 GrowableArray<u4>* handler_list,
2485 GrowableArray<u4>* handler_stack,
2486 u4 bci) {
2487 int exlength = exhandlers->length();
2488 for(int x = 0; x < exlength; x++) {
2489 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2490 u4 exhandler_pc = exhandlers->handler_pc(x);
2491 if (!handler_list->contains(exhandler_pc)) {
2492 handler_stack->append_if_missing(exhandler_pc);
2493 handler_list->append(exhandler_pc);
2494 }
2495 }
2496 }
2497 }
2498
2499 // Return TRUE if all code paths starting with start_bc_offset end in
2500 // bytecode athrow or loop.
2501 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2502 ResourceMark rm;
2503 // Create bytecode stream.
2504 RawBytecodeStream bcs(method());
2505 u4 code_length = method()->code_size();
2506 bcs.set_start(start_bc_offset);
2507 u4 target;
2508 // Create stack for storing bytecode start offsets for if* and *switch.
2509 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2510 // Create stack for handlers for try blocks containing this handler.
2511 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2512 // Create list of handlers that have been pushed onto the handler_stack
2513 // so that handlers embedded inside of their own TRY blocks only get
2514 // scanned once.
2515 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2516 // Create list of visited branch opcodes (goto* and if*).
2517 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2518 ExceptionTable exhandlers(_method());
2519
2520 while (true) {
2521 if (bcs.is_last_bytecode()) {
2522 // if no more starting offsets to parse or if at the end of the
2523 // method then return false.
2524 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2525 return false;
2526 // Pop a bytecode starting offset and scan from there.
2527 bcs.set_start(bci_stack->pop());
2528 }
2529 Bytecodes::Code opcode = bcs.raw_next();
2530 u4 bci = bcs.bci();
2531
2532 // If the bytecode is in a TRY block, push its handlers so they
2533 // will get parsed.
2534 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2535
2536 switch (opcode) {
2537 case Bytecodes::_if_icmpeq:
2538 case Bytecodes::_if_icmpne:
2539 case Bytecodes::_if_icmplt:
2540 case Bytecodes::_if_icmpge:
2541 case Bytecodes::_if_icmpgt:
2542 case Bytecodes::_if_icmple:
2543 case Bytecodes::_ifeq:
2544 case Bytecodes::_ifne:
2545 case Bytecodes::_iflt:
2546 case Bytecodes::_ifge:
2547 case Bytecodes::_ifgt:
2548 case Bytecodes::_ifle:
2549 case Bytecodes::_if_acmpeq:
2550 case Bytecodes::_if_acmpne:
2551 case Bytecodes::_ifnull:
2552 case Bytecodes::_ifnonnull:
2553 target = bcs.dest();
2554 if (visited_branches->contains(bci)) {
2555 if (bci_stack->is_empty()) {
2556 if (handler_stack->is_empty()) {
2557 return true;
2558 } else {
2559 // Parse the catch handlers for try blocks containing athrow.
2560 bcs.set_start(handler_stack->pop());
2561 }
2562 } else {
2563 // Pop a bytecode starting offset and scan from there.
2564 bcs.set_start(bci_stack->pop());
2565 }
2566 } else {
2567 if (target > bci) { // forward branch
2568 if (target >= code_length) return false;
2569 // Push the branch target onto the stack.
2570 bci_stack->push(target);
2571 // then, scan bytecodes starting with next.
2572 bcs.set_start(bcs.next_bci());
2573 } else { // backward branch
2574 // Push bytecode offset following backward branch onto the stack.
2575 bci_stack->push(bcs.next_bci());
2576 // Check bytecodes starting with branch target.
2577 bcs.set_start(target);
2578 }
2579 // Record target so we don't branch here again.
2580 visited_branches->append(bci);
2581 }
2582 break;
2583
2584 case Bytecodes::_goto:
2585 case Bytecodes::_goto_w:
2586 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2587 if (visited_branches->contains(bci)) {
2588 if (bci_stack->is_empty()) {
2589 if (handler_stack->is_empty()) {
2590 return true;
2591 } else {
2592 // Parse the catch handlers for try blocks containing athrow.
2593 bcs.set_start(handler_stack->pop());
2594 }
2595 } else {
2596 // Been here before, pop new starting offset from stack.
2597 bcs.set_start(bci_stack->pop());
2598 }
2599 } else {
2600 if (target >= code_length) return false;
2601 // Continue scanning from the target onward.
2602 bcs.set_start(target);
2603 // Record target so we don't branch here again.
2604 visited_branches->append(bci);
2605 }
2606 break;
2607
2608 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2609 // is difficult to determine where each switch alternative ends, parse
2610 // each switch alternative until either hit a 'return', 'athrow', or reach
2611 // the end of the method's bytecodes. This is gross but should be okay
2612 // because:
2613 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2614 // constructor invocations should be rare.
2615 // 2. if each switch alternative ends in an athrow then the parsing should be
2616 // short. If there is no athrow then it is bogus code, anyway.
2617 case Bytecodes::_lookupswitch:
2618 case Bytecodes::_tableswitch:
2619 {
2620 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2621 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2622 int keys, delta;
2623 if (opcode == Bytecodes::_tableswitch) {
2624 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2625 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2626 // This is invalid, but let the regular bytecode verifier
2627 // report this because the user will get a better error message.
2628 if (low > high) return true;
2629 keys = high - low + 1;
2630 delta = 1;
2631 } else {
2632 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2633 delta = 2;
2634 }
2635 // Invalid, let the regular bytecode verifier deal with it.
2636 if (keys < 0) return true;
2637
2638 // Push the offset of the next bytecode onto the stack.
2639 bci_stack->push(bcs.next_bci());
2640
2641 // Push the switch alternatives onto the stack.
2642 for (int i = 0; i < keys; i++) {
2643 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2644 if (target > code_length) return false;
2645 bci_stack->push(target);
2646 }
2647
2648 // Start bytecode parsing for the switch at the default alternative.
2649 if (default_offset > code_length) return false;
2650 bcs.set_start(default_offset);
2651 break;
2652 }
2653
2654 case Bytecodes::_return:
2655 return false;
2656
2657 case Bytecodes::_athrow:
2658 {
2659 if (bci_stack->is_empty()) {
2660 if (handler_stack->is_empty()) {
2661 return true;
2662 } else {
2663 // Parse the catch handlers for try blocks containing athrow.
2664 bcs.set_start(handler_stack->pop());
2665 }
2666 } else {
2667 // Pop a bytecode offset and starting scanning from there.
2668 bcs.set_start(bci_stack->pop());
2669 }
2670 }
2671 break;
2672
2673 default:
2674 ;
2675 } // end switch
2676 } // end while loop
2677
2678 return false;
2679 }
2680
2681 void ClassVerifier::verify_invoke_init(
2682 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2683 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2684 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2685 TRAPS) {
2686 u2 bci = bcs->bci();
2687 VerificationType type = current_frame->pop_stack(
2688 VerificationType::reference_check(), CHECK_VERIFY(this));
2689 if (type == VerificationType::uninitialized_this_type()) {
2690 // The method must be an <init> method of this class or its superclass
2691 Klass* superk = current_class()->super();
2692 if (ref_class_type.name() != current_class()->name() &&
2693 ref_class_type.name() != superk->name()) {
2694 verify_error(ErrorContext::bad_type(bci,
2695 TypeOrigin::implicit(ref_class_type),
2696 TypeOrigin::implicit(current_type())),
2697 "Bad <init> method call");
2698 return;
2699 }
2700
2701 // If this invokespecial call is done from inside of a TRY block then make
2702 // sure that all catch clause paths end in a throw. Otherwise, this can
2703 // result in returning an incomplete object.
2704 if (in_try_block) {
2705 ExceptionTable exhandlers(_method());
2706 int exlength = exhandlers.length();
2707 for(int i = 0; i < exlength; i++) {
2708 u2 start_pc = exhandlers.start_pc(i);
2709 u2 end_pc = exhandlers.end_pc(i);
2710
2711 if (bci >= start_pc && bci < end_pc) {
2712 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2713 verify_error(ErrorContext::bad_code(bci),
2714 "Bad <init> method call from after the start of a try block");
2715 return;
2716 } else if (log_is_enabled(Info, verification)) {
2717 ResourceMark rm(THREAD);
2718 log_info(verification)("Survived call to ends_in_athrow(): %s",
2719 current_class()->name()->as_C_string());
2720 }
2721 }
2722 }
2723
2724 // Check the exception handler target stackmaps with the locals from the
2725 // incoming stackmap (before initialize_object() changes them to outgoing
2726 // state).
2727 if (was_recursively_verified()) return;
2728 verify_exception_handler_targets(bci, true, current_frame,
2729 stackmap_table, CHECK_VERIFY(this));
2730 } // in_try_block
2731
2732 current_frame->initialize_object(type, current_type());
2733 *this_uninit = true;
2734 } else if (type.is_uninitialized()) {
2735 u2 new_offset = type.bci();
2736 address new_bcp = bcs->bcp() - bci + new_offset;
2737 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2738 /* Unreachable? Stack map parsing ensures valid type and new
2739 * instructions have a valid BCI. */
2740 verify_error(ErrorContext::bad_code(new_offset),
2741 "Expecting new instruction");
2742 return;
2743 }
2744 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2745 if (was_recursively_verified()) return;
2746 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2747
2748 // The method must be an <init> method of the indicated class
2749 VerificationType new_class_type = cp_index_to_type(
2750 new_class_index, cp, CHECK_VERIFY(this));
2751 if (!new_class_type.equals(ref_class_type)) {
2752 verify_error(ErrorContext::bad_type(bci,
2753 TypeOrigin::cp(new_class_index, new_class_type),
2754 TypeOrigin::cp(ref_class_index, ref_class_type)),
2755 "Call to wrong <init> method");
2756 return;
2757 }
2758 // According to the VM spec, if the referent class is a superclass of the
2759 // current class, and is in a different runtime package, and the method is
2760 // protected, then the objectref must be the current class or a subclass
2761 // of the current class.
2762 VerificationType objectref_type = new_class_type;
2763 if (name_in_supers(ref_class_type.name(), current_class())) {
2764 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2765 if (was_recursively_verified()) return;
2766 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2767 vmSymbols::object_initializer_name(),
2768 cp->signature_ref_at(bcs->get_index_u2()),
2769 Klass::find_overpass);
2770 // Do nothing if method is not found. Let resolution detect the error.
2771 if (m != NULL) {
2772 InstanceKlass* mh = m->method_holder();
2773 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2774 bool assignable = current_type().is_assignable_from(
2775 objectref_type, this, true, CHECK_VERIFY(this));
2776 if (!assignable) {
2777 verify_error(ErrorContext::bad_type(bci,
2778 TypeOrigin::cp(new_class_index, objectref_type),
2779 TypeOrigin::implicit(current_type())),
2780 "Bad access to protected <init> method");
2781 return;
2782 }
2783 }
2784 }
2785 }
2786 // Check the exception handler target stackmaps with the locals from the
2787 // incoming stackmap (before initialize_object() changes them to outgoing
2788 // state).
2789 if (in_try_block) {
2790 if (was_recursively_verified()) return;
2791 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2792 stackmap_table, CHECK_VERIFY(this));
2793 }
2794 current_frame->initialize_object(type, new_class_type);
2795 } else {
2796 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2797 "Bad operand type when invoking <init>");
2798 return;
2799 }
2800 }
2801
2802 bool ClassVerifier::is_same_or_direct_interface(
2803 InstanceKlass* klass,
2804 VerificationType klass_type,
2805 VerificationType ref_class_type) {
2806 if (ref_class_type.equals(klass_type)) return true;
2807 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2808 if (local_interfaces != NULL) {
2809 for (int x = 0; x < local_interfaces->length(); x++) {
2810 InstanceKlass* k = local_interfaces->at(x);
2811 assert (k != NULL && k->is_interface(), "invalid interface");
2812 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2813 return true;
2814 }
2815 }
2816 }
2817 return false;
2818 }
2819
2820 void ClassVerifier::verify_invoke_instructions(
2821 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2822 bool in_try_block, bool *this_uninit, VerificationType return_type,
2823 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2824 // Make sure the constant pool item is the right type
2825 u2 index = bcs->get_index_u2();
2826 Bytecodes::Code opcode = bcs->raw_code();
2827 unsigned int types = 0;
2828 switch (opcode) {
2829 case Bytecodes::_invokeinterface:
2830 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2831 break;
2832 case Bytecodes::_invokedynamic:
2833 types = 1 << JVM_CONSTANT_InvokeDynamic;
2834 break;
2835 case Bytecodes::_invokespecial:
2836 case Bytecodes::_invokestatic:
2837 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2838 (1 << JVM_CONSTANT_Methodref) :
2839 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2840 break;
2841 default:
2842 types = 1 << JVM_CONSTANT_Methodref;
2843 }
2844 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2845
2846 // Get method name and signature
2847 Symbol* method_name = cp->name_ref_at(index);
2848 Symbol* method_sig = cp->signature_ref_at(index);
2849
2850 // Method signature was checked in ClassFileParser.
2851 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2852 "Invalid method signature");
2853
2854 // Get referenced class
2855 VerificationType ref_class_type;
2856 if (opcode == Bytecodes::_invokedynamic) {
2857 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2858 class_format_error(
2859 "invokedynamic instructions not supported by this class file version (%d), class %s",
2860 _klass->major_version(), _klass->external_name());
2861 return;
2862 }
2863 } else {
2864 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2865 }
2866
2867 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2868 "buffer type must match VerificationType size");
2869
2870 // Get the UTF8 index for this signature.
2871 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2872
2873 // Get the signature's verification types.
2874 sig_as_verification_types* mth_sig_verif_types;
2875 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2876 if (mth_sig_verif_types_ptr != NULL) {
2877 // Found the entry for the signature's verification types in the hash table.
2878 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2879 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value");
2880 } else {
2881 // Not found, add the entry to the table.
2882 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2883 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2884 create_method_sig_entry(mth_sig_verif_types, sig_index, CHECK_VERIFY(this));
2885 }
2886
2887 // Get the number of arguments for this signature.
2888 int nargs = mth_sig_verif_types->num_args();
2889
2890 // Check instruction operands
2891 u2 bci = bcs->bci();
2892 if (opcode == Bytecodes::_invokeinterface) {
2893 address bcp = bcs->bcp();
2894 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2895 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2896 // the difference between the size of the operand stack before and after the instruction
2897 // executes.
2898 if (*(bcp+3) != (nargs+1)) {
2899 verify_error(ErrorContext::bad_code(bci),
2900 "Inconsistent args count operand in invokeinterface");
2901 return;
2902 }
2903 if (*(bcp+4) != 0) {
2904 verify_error(ErrorContext::bad_code(bci),
2905 "Fourth operand byte of invokeinterface must be zero");
2906 return;
2907 }
2908 }
2909
2910 if (opcode == Bytecodes::_invokedynamic) {
2911 address bcp = bcs->bcp();
2912 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2913 verify_error(ErrorContext::bad_code(bci),
2914 "Third and fourth operand bytes of invokedynamic must be zero");
2915 return;
2916 }
2917 }
2918
2919 if (method_name->char_at(0) == '<') {
2920 // Make sure <init> can only be invoked by invokespecial
2921 if (opcode != Bytecodes::_invokespecial ||
2922 method_name != vmSymbols::object_initializer_name()) {
2923 verify_error(ErrorContext::bad_code(bci),
2924 "Illegal call to internal method");
2925 return;
2926 }
2927 } else if (opcode == Bytecodes::_invokespecial
2928 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2929 && !ref_class_type.equals(VerificationType::reference_type(
2930 current_class()->super()->name()))) { // super() can never be a value_type.
2931 bool subtype = false;
2932 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2933 if (!current_class()->is_unsafe_anonymous()) {
2934 subtype = ref_class_type.is_assignable_from(
2935 current_type(), this, false, CHECK_VERIFY(this));
2936 } else {
2937 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2938 VerificationType unsafe_anonymous_host_type = reference_or_valuetype(unsafe_host);
2939 subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this));
2940
2941 // If invokespecial of IMR, need to recheck for same or
2942 // direct interface relative to the host class
2943 have_imr_indirect = (have_imr_indirect &&
2944 !is_same_or_direct_interface(
2945 unsafe_host,
2946 unsafe_anonymous_host_type, ref_class_type));
2947 }
2948 if (!subtype) {
2949 verify_error(ErrorContext::bad_code(bci),
2950 "Bad invokespecial instruction: "
2951 "current class isn't assignable to reference class.");
2952 return;
2953 } else if (have_imr_indirect) {
2954 verify_error(ErrorContext::bad_code(bci),
2955 "Bad invokespecial instruction: "
2956 "interface method reference is in an indirect superinterface.");
2957 return;
2958 }
2959
2960 }
2961
2962 // Get the verification types for the method's arguments.
2963 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2964 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2965 // Match method descriptor with operand stack
2966 // The arguments are on the stack in descending order.
2967 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2968 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2969 }
2970
2971 // Check objectref on operand stack
2972 if (opcode != Bytecodes::_invokestatic &&
2973 opcode != Bytecodes::_invokedynamic) {
2974 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2975 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2976 code_length, in_try_block, this_uninit, cp, stackmap_table,
2977 CHECK_VERIFY(this));
2978 if (was_recursively_verified()) return;
2979 } else { // other methods
2980 // Ensures that target class is assignable to method class.
2981 if (opcode == Bytecodes::_invokespecial) {
2982 if (!current_class()->is_unsafe_anonymous()) {
2983 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2984 } else {
2985 // anonymous class invokespecial calls: check if the
2986 // objectref is a subtype of the unsafe_anonymous_host of the current class
2987 // to allow an anonymous class to reference methods in the unsafe_anonymous_host
2988 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2989
2990 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host();
2991 VerificationType host_type = reference_or_valuetype(unsafe_host);
2992 bool subtype = host_type.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2993 if (!subtype) {
2994 verify_error( ErrorContext::bad_type(current_frame->offset(),
2995 current_frame->stack_top_ctx(),
2996 TypeOrigin::implicit(top)),
2997 "Bad type on operand stack");
2998 return;
2999 }
3000 }
3001 } else if (opcode == Bytecodes::_invokevirtual) {
3002 VerificationType stack_object_type =
3003 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3004 if (current_type() != stack_object_type) {
3005 if (was_recursively_verified()) return;
3006 assert(cp->cache() == NULL, "not rewritten yet");
3007 Symbol* ref_class_name =
3008 cp->klass_name_at(cp->klass_ref_index_at(index));
3009 // See the comments in verify_field_instructions() for
3010 // the rationale behind this.
3011 if (name_in_supers(ref_class_name, current_class())) {
3012 Klass* ref_class = load_class(ref_class_name, CHECK);
3013 if (is_protected_access(
3014 _klass, ref_class, method_name, method_sig, true)) {
3015 // It's protected access, check if stack object is
3016 // assignable to current class.
3017 bool is_assignable = current_type().is_assignable_from(
3018 stack_object_type, this, true, CHECK_VERIFY(this));
3019 if (!is_assignable) {
3020 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3021 && stack_object_type.is_array()
3022 && method_name == vmSymbols::clone_name()) {
3023 // Special case: arrays pretend to implement public Object
3024 // clone().
3025 } else {
3026 verify_error(ErrorContext::bad_type(bci,
3027 current_frame->stack_top_ctx(),
3028 TypeOrigin::implicit(current_type())),
3029 "Bad access to protected data in invokevirtual");
3030 return;
3031 }
3032 }
3033 }
3034 }
3035 }
3036 } else {
3037 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3038 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3039 }
3040 }
3041 }
3042 // Push the result type.
3043 int sig_verif_types_len = sig_verif_types->length();
3044 if (sig_verif_types_len > nargs) { // There's a return type
3045 if (method_name == vmSymbols::object_initializer_name()) {
3046 // <init> method must have a void return type
3047 /* Unreachable? Class file parser verifies that methods with '<' have
3048 * void return */
3049 verify_error(ErrorContext::bad_code(bci),
3050 "Return type must be void in <init> method");
3051 return;
3052 }
3053
3054 assert(sig_verif_types_len <= nargs + 2,
3055 "Signature verification types array return type is bogus");
3056 for (int i = nargs; i < sig_verif_types_len; i++) {
3057 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3058 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3059 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3060 }
3061 }
3062 }
3063
3064 VerificationType ClassVerifier::get_newarray_type(
3065 u2 index, u2 bci, TRAPS) {
3066 const char* from_bt[] = {
3067 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3068 };
3069 if (index < T_BOOLEAN || index > T_LONG) {
3070 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3071 return VerificationType::bogus_type();
3072 }
3073
3074 // from_bt[index] contains the array signature which has a length of 2
3075 Symbol* sig = create_temporary_symbol(
3076 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
3077 return VerificationType::reference_type(sig);
3078 }
3079
3080 void ClassVerifier::verify_anewarray(
3081 u2 bci, u2 index, const constantPoolHandle& cp,
3082 StackMapFrame* current_frame, TRAPS) {
3083 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3084 current_frame->pop_stack(
3085 VerificationType::integer_type(), CHECK_VERIFY(this));
3086
3087 if (was_recursively_verified()) return;
3088 VerificationType component_type =
3089 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3090 int length;
3091 char* arr_sig_str;
3092 if (component_type.is_array()) { // it's an array
3093 const char* component_name = component_type.name()->as_utf8();
3094 // Check for more than MAX_ARRAY_DIMENSIONS
3095 length = (int)strlen(component_name);
3096 if (length > MAX_ARRAY_DIMENSIONS &&
3097 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') {
3098 verify_error(ErrorContext::bad_code(bci),
3099 "Illegal anewarray instruction, array has more than 255 dimensions");
3100 }
3101 // add one dimension to component
3102 length++;
3103 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3104 int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name);
3105 assert(n == length, "Unexpected number of characters in string");
3106 } else { // it's an object or interface
3107 const char* component_name = component_type.name()->as_utf8();
3108 char Q_or_L = component_type.is_valuetype() ? 'Q' : 'L';
3109 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3110 length = (int)strlen(component_name) + 3;
3111 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3112 int n = os::snprintf(arr_sig_str, length + 1, "[%c%s;", Q_or_L, component_name);
3113 assert(n == length, "Unexpected number of characters in string");
3114 }
3115 Symbol* arr_sig = create_temporary_symbol(
3116 arr_sig_str, length, CHECK_VERIFY(this));
3117 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3118 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3119 }
3120
3121 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3122 current_frame->get_local(
3123 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3124 current_frame->push_stack(
3125 VerificationType::integer_type(), CHECK_VERIFY(this));
3126 }
3127
3128 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3129 current_frame->get_local_2(
3130 index, VerificationType::long_type(),
3131 VerificationType::long2_type(), CHECK_VERIFY(this));
3132 current_frame->push_stack_2(
3133 VerificationType::long_type(),
3134 VerificationType::long2_type(), CHECK_VERIFY(this));
3135 }
3136
3137 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3138 current_frame->get_local(
3139 index, VerificationType::float_type(), CHECK_VERIFY(this));
3140 current_frame->push_stack(
3141 VerificationType::float_type(), CHECK_VERIFY(this));
3142 }
3143
3144 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3145 current_frame->get_local_2(
3146 index, VerificationType::double_type(),
3147 VerificationType::double2_type(), CHECK_VERIFY(this));
3148 current_frame->push_stack_2(
3149 VerificationType::double_type(),
3150 VerificationType::double2_type(), CHECK_VERIFY(this));
3151 }
3152
3153 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3154 VerificationType type = current_frame->get_local(
3155 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3156 current_frame->push_stack(type, CHECK_VERIFY(this));
3157 }
3158
3159 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3160 current_frame->pop_stack(
3161 VerificationType::integer_type(), CHECK_VERIFY(this));
3162 current_frame->set_local(
3163 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3164 }
3165
3166 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3167 current_frame->pop_stack_2(
3168 VerificationType::long2_type(),
3169 VerificationType::long_type(), CHECK_VERIFY(this));
3170 current_frame->set_local_2(
3171 index, VerificationType::long_type(),
3172 VerificationType::long2_type(), CHECK_VERIFY(this));
3173 }
3174
3175 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3176 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3177 current_frame->set_local(
3178 index, VerificationType::float_type(), CHECK_VERIFY(this));
3179 }
3180
3181 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3182 current_frame->pop_stack_2(
3183 VerificationType::double2_type(),
3184 VerificationType::double_type(), CHECK_VERIFY(this));
3185 current_frame->set_local_2(
3186 index, VerificationType::double_type(),
3187 VerificationType::double2_type(), CHECK_VERIFY(this));
3188 }
3189
3190 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3191 VerificationType type = current_frame->pop_stack(
3192 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3193 current_frame->set_local(index, type, CHECK_VERIFY(this));
3194 }
3195
3196 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3197 VerificationType type = current_frame->get_local(
3198 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3199 current_frame->set_local(index, type, CHECK_VERIFY(this));
3200 }
3201
3202 void ClassVerifier::verify_return_value(
3203 VerificationType return_type, VerificationType type, u2 bci,
3204 StackMapFrame* current_frame, TRAPS) {
3205 if (return_type == VerificationType::bogus_type()) {
3206 verify_error(ErrorContext::bad_type(bci,
3207 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3208 "Method expects a return value");
3209 return;
3210 }
3211 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3212 if (!match) {
3213 verify_error(ErrorContext::bad_type(bci,
3214 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3215 "Bad return type");
3216 return;
3217 }
3218 }
3219
3220 // The verifier creates symbols which are substrings of Symbols.
3221 // These are stored in the verifier until the end of verification so that
3222 // they can be reference counted.
3223 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3224 int end, TRAPS) {
3225 const char* name = (const char*)s->base() + begin;
3226 int length = end - begin;
3227 return create_temporary_symbol(name, length, CHECK_NULL);
3228 }
3229
3230 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length, TRAPS) {
3231 // Quick deduplication check
3232 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) {
3233 return _previous_symbol;
3234 }
3235 Symbol* sym = SymbolTable::new_symbol(name, length, CHECK_NULL);
3236 if (!sym->is_permanent()) {
3237 if (_symbols == NULL) {
3238 _symbols = new GrowableArray<Symbol*>(50, 0, NULL);
3239 }
3240 _symbols->push(sym);
3241 }
3242 _previous_symbol = sym;
3243 return sym;
3244 }