1 /* 2 * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/systemDictionary.hpp" 34 #include "classfile/verifier.hpp" 35 #include "classfile/vmSymbols.hpp" 36 #include "interpreter/bytecodes.hpp" 37 #include "interpreter/bytecodeStream.hpp" 38 #include "logging/log.hpp" 39 #include "logging/logStream.hpp" 40 #include "memory/oopFactory.hpp" 41 #include "memory/resourceArea.hpp" 42 #include "oops/constantPool.inline.hpp" 43 #include "oops/instanceKlass.hpp" 44 #include "oops/oop.inline.hpp" 45 #include "oops/typeArrayOop.hpp" 46 #include "runtime/fieldDescriptor.hpp" 47 #include "runtime/handles.inline.hpp" 48 #include "runtime/interfaceSupport.inline.hpp" 49 #include "runtime/javaCalls.hpp" 50 #include "runtime/jniHandles.inline.hpp" 51 #include "runtime/orderAccess.hpp" 52 #include "runtime/os.hpp" 53 #include "runtime/safepointVerifiers.hpp" 54 #include "runtime/thread.hpp" 55 #include "services/threadService.hpp" 56 #include "utilities/align.hpp" 57 #include "utilities/bytes.hpp" 58 59 #define NOFAILOVER_MAJOR_VERSION 51 60 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 61 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 62 #define VALUETYPE_MAJOR_VERSION 56 63 #define MAX_ARRAY_DIMENSIONS 255 64 65 // Access to external entry for VerifyClassCodes - old byte code verifier 66 67 extern "C" { 68 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 69 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 70 } 71 72 static void* volatile _verify_byte_codes_fn = NULL; 73 74 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 75 76 static void* verify_byte_codes_fn() { 77 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) { 78 void *lib_handle = os::native_java_library(); 79 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 80 OrderAccess::release_store(&_verify_byte_codes_fn, func); 81 if (func == NULL) { 82 _is_new_verify_byte_codes_fn = false; 83 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 84 OrderAccess::release_store(&_verify_byte_codes_fn, func); 85 } 86 } 87 return (void*)_verify_byte_codes_fn; 88 } 89 90 91 // Methods in Verifier 92 93 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 94 return (class_loader == NULL || !should_verify_class) ? 95 BytecodeVerificationLocal : BytecodeVerificationRemote; 96 } 97 98 bool Verifier::relax_access_for(oop loader) { 99 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 100 bool need_verify = 101 // verifyAll 102 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 103 // verifyRemote 104 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 105 return !need_verify; 106 } 107 108 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 109 assert(verify_class != NULL, "Unexpected null verify_class"); 110 ResourceMark rm; 111 Symbol* s = verify_class->source_file_name(); 112 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 113 const char* verify = verify_class->external_name(); 114 const char* resolve = resolve_class->external_name(); 115 // print in a single call to reduce interleaving between threads 116 if (source_file != NULL) { 117 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 118 } else { 119 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 120 } 121 } 122 123 // Prints the end-verification message to the appropriate output. 124 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 125 if (HAS_PENDING_EXCEPTION) { 126 st->print("Verification for %s has", klassName); 127 st->print_cr(" exception pending %s ", 128 PENDING_EXCEPTION->klass()->external_name()); 129 } else if (exception_name != NULL) { 130 st->print_cr("Verification for %s failed", klassName); 131 } 132 st->print_cr("End class verification for: %s", klassName); 133 } 134 135 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 136 HandleMark hm(THREAD); 137 ResourceMark rm(THREAD); 138 139 // Eagerly allocate the identity hash code for a klass. This is a fallout 140 // from 6320749 and 8059924: hash code generator is not supposed to be called 141 // during the safepoint, but it allows to sneak the hashcode in during 142 // verification. Without this eager hashcode generation, we may end up 143 // installing the hashcode during some other operation, which may be at 144 // safepoint -- blowing up the checks. It was previously done as the side 145 // effect (sic!) for external_name(), but instead of doing that, we opt to 146 // explicitly push the hashcode in here. This is signify the following block 147 // is IMPORTANT: 148 if (klass->java_mirror() != NULL) { 149 klass->java_mirror()->identity_hash(); 150 } 151 152 if (!is_eligible_for_verification(klass, should_verify_class)) { 153 return true; 154 } 155 156 // Timer includes any side effects of class verification (resolution, 157 // etc), but not recursive calls to Verifier::verify(). 158 JavaThread* jt = (JavaThread*)THREAD; 159 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 160 ClassLoader::perf_class_verify_selftime(), 161 ClassLoader::perf_classes_verified(), 162 jt->get_thread_stat()->perf_recursion_counts_addr(), 163 jt->get_thread_stat()->perf_timers_addr(), 164 PerfClassTraceTime::CLASS_VERIFY); 165 166 // If the class should be verified, first see if we can use the split 167 // verifier. If not, or if verification fails and FailOverToOldVerifier 168 // is set, then call the inference verifier. 169 Symbol* exception_name = NULL; 170 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 171 char* message_buffer = NULL; 172 char* exception_message = NULL; 173 174 bool can_failover = FailOverToOldVerifier && 175 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 176 177 log_info(class, init)("Start class verification for: %s", klass->external_name()); 178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 179 ClassVerifier split_verifier(klass, THREAD); 180 split_verifier.verify_class(THREAD); 181 exception_name = split_verifier.result(); 182 if (can_failover && !HAS_PENDING_EXCEPTION && 183 (exception_name == vmSymbols::java_lang_VerifyError() || 184 exception_name == vmSymbols::java_lang_ClassFormatError())) { 185 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 186 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 187 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 188 exception_message = message_buffer; 189 exception_name = inference_verify( 190 klass, message_buffer, message_buffer_len, THREAD); 191 } 192 if (exception_name != NULL) { 193 exception_message = split_verifier.exception_message(); 194 } 195 } else { 196 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 197 exception_message = message_buffer; 198 exception_name = inference_verify( 199 klass, message_buffer, message_buffer_len, THREAD); 200 } 201 202 LogTarget(Info, class, init) lt1; 203 if (lt1.is_enabled()) { 204 LogStream ls(lt1); 205 log_end_verification(&ls, klass->external_name(), exception_name, THREAD); 206 } 207 LogTarget(Info, verification) lt2; 208 if (lt2.is_enabled()) { 209 LogStream ls(lt2); 210 log_end_verification(&ls, klass->external_name(), exception_name, THREAD); 211 } 212 213 if (HAS_PENDING_EXCEPTION) { 214 return false; // use the existing exception 215 } else if (exception_name == NULL) { 216 return true; // verification succeeded 217 } else { // VerifyError or ClassFormatError to be created and thrown 218 Klass* kls = 219 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 220 if (log_is_enabled(Debug, class, resolve)) { 221 Verifier::trace_class_resolution(kls, klass); 222 } 223 224 while (kls != NULL) { 225 if (kls == klass) { 226 // If the class being verified is the exception we're creating 227 // or one of it's superclasses, we're in trouble and are going 228 // to infinitely recurse when we try to initialize the exception. 229 // So bail out here by throwing the preallocated VM error. 230 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 231 } 232 kls = kls->super(); 233 } 234 if (message_buffer != NULL) { 235 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 236 } 237 assert(exception_message != NULL, ""); 238 THROW_MSG_(exception_name, exception_message, false); 239 } 240 } 241 242 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 243 Symbol* name = klass->name(); 244 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 245 246 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 247 248 return (should_verify_for(klass->class_loader(), should_verify_class) && 249 // return if the class is a bootstrapping class 250 // or defineClass specified not to verify by default (flags override passed arg) 251 // We need to skip the following four for bootstrapping 252 name != vmSymbols::java_lang_Object() && 253 name != vmSymbols::java_lang_Class() && 254 name != vmSymbols::java_lang_String() && 255 name != vmSymbols::java_lang_Throwable() && 256 257 // Can not verify the bytecodes for shared classes because they have 258 // already been rewritten to contain constant pool cache indices, 259 // which the verifier can't understand. 260 // Shared classes shouldn't have stackmaps either. 261 !klass->is_shared() && 262 263 // As of the fix for 4486457 we disable verification for all of the 264 // dynamically-generated bytecodes associated with the 1.4 265 // reflection implementation, not just those associated with 266 // jdk/internal/reflect/SerializationConstructorAccessor. 267 // NOTE: this is called too early in the bootstrapping process to be 268 // guarded by Universe::is_gte_jdk14x_version(). 269 // Also for lambda generated code, gte jdk8 270 (!is_reflect)); 271 } 272 273 Symbol* Verifier::inference_verify( 274 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 275 JavaThread* thread = (JavaThread*)THREAD; 276 JNIEnv *env = thread->jni_environment(); 277 278 void* verify_func = verify_byte_codes_fn(); 279 280 if (verify_func == NULL) { 281 jio_snprintf(message, message_len, "Could not link verifier"); 282 return vmSymbols::java_lang_VerifyError(); 283 } 284 285 ResourceMark rm(THREAD); 286 log_info(verification)("Verifying class %s with old format", klass->external_name()); 287 288 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 289 jint result; 290 291 { 292 HandleMark hm(thread); 293 ThreadToNativeFromVM ttn(thread); 294 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 295 // code knows that we have left the VM 296 297 if (_is_new_verify_byte_codes_fn) { 298 verify_byte_codes_fn_new_t func = 299 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 300 result = (*func)(env, cls, message, (int)message_len, 301 klass->major_version()); 302 } else { 303 verify_byte_codes_fn_t func = 304 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 305 result = (*func)(env, cls, message, (int)message_len); 306 } 307 } 308 309 JNIHandles::destroy_local(cls); 310 311 // These numbers are chosen so that VerifyClassCodes interface doesn't need 312 // to be changed (still return jboolean (unsigned char)), and result is 313 // 1 when verification is passed. 314 if (result == 0) { 315 return vmSymbols::java_lang_VerifyError(); 316 } else if (result == 1) { 317 return NULL; // verified. 318 } else if (result == 2) { 319 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 320 } else if (result == 3) { 321 return vmSymbols::java_lang_ClassFormatError(); 322 } else { 323 ShouldNotReachHere(); 324 return NULL; 325 } 326 } 327 328 TypeOrigin TypeOrigin::null() { 329 return TypeOrigin(); 330 } 331 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 332 assert(frame != NULL, "Must have a frame"); 333 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 334 frame->local_at(index)); 335 } 336 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 337 assert(frame != NULL, "Must have a frame"); 338 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 339 frame->stack_at(index)); 340 } 341 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 342 assert(frame != NULL, "Must have a frame"); 343 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 344 frame->local_at(index)); 345 } 346 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 347 assert(frame != NULL, "Must have a frame"); 348 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 349 frame->stack_at(index)); 350 } 351 TypeOrigin TypeOrigin::bad_index(u2 index) { 352 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 353 } 354 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 355 return TypeOrigin(CONST_POOL, index, NULL, vt); 356 } 357 TypeOrigin TypeOrigin::signature(VerificationType vt) { 358 return TypeOrigin(SIG, 0, NULL, vt); 359 } 360 TypeOrigin TypeOrigin::implicit(VerificationType t) { 361 return TypeOrigin(IMPLICIT, 0, NULL, t); 362 } 363 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 364 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 365 VerificationType::bogus_type()); 366 } 367 368 void TypeOrigin::reset_frame() { 369 if (_frame != NULL) { 370 _frame->restore(); 371 } 372 } 373 374 void TypeOrigin::details(outputStream* ss) const { 375 _type.print_on(ss); 376 switch (_origin) { 377 case CF_LOCALS: 378 ss->print(" (current frame, locals[%d])", _index); 379 break; 380 case CF_STACK: 381 ss->print(" (current frame, stack[%d])", _index); 382 break; 383 case SM_LOCALS: 384 ss->print(" (stack map, locals[%d])", _index); 385 break; 386 case SM_STACK: 387 ss->print(" (stack map, stack[%d])", _index); 388 break; 389 case CONST_POOL: 390 ss->print(" (constant pool %d)", _index); 391 break; 392 case SIG: 393 ss->print(" (from method signature)"); 394 break; 395 case IMPLICIT: 396 case FRAME_ONLY: 397 case NONE: 398 default: 399 ; 400 } 401 } 402 403 #ifdef ASSERT 404 void TypeOrigin::print_on(outputStream* str) const { 405 str->print("{%d,%d,%p:", _origin, _index, _frame); 406 if (_frame != NULL) { 407 _frame->print_on(str); 408 } else { 409 str->print("null"); 410 } 411 str->print(","); 412 _type.print_on(str); 413 str->print("}"); 414 } 415 #endif 416 417 void ErrorContext::details(outputStream* ss, const Method* method) const { 418 if (is_valid()) { 419 ss->cr(); 420 ss->print_cr("Exception Details:"); 421 location_details(ss, method); 422 reason_details(ss); 423 frame_details(ss); 424 bytecode_details(ss, method); 425 handler_details(ss, method); 426 stackmap_details(ss, method); 427 } 428 } 429 430 void ErrorContext::reason_details(outputStream* ss) const { 431 streamIndentor si(ss); 432 ss->indent().print_cr("Reason:"); 433 streamIndentor si2(ss); 434 ss->indent().print("%s", ""); 435 switch (_fault) { 436 case INVALID_BYTECODE: 437 ss->print("Error exists in the bytecode"); 438 break; 439 case WRONG_TYPE: 440 if (_expected.is_valid()) { 441 ss->print("Type "); 442 _type.details(ss); 443 ss->print(" is not assignable to "); 444 _expected.details(ss); 445 } else { 446 ss->print("Invalid type: "); 447 _type.details(ss); 448 } 449 break; 450 case FLAGS_MISMATCH: 451 if (_expected.is_valid()) { 452 ss->print("Current frame's flags are not assignable " 453 "to stack map frame's."); 454 } else { 455 ss->print("Current frame's flags are invalid in this context."); 456 } 457 break; 458 case BAD_CP_INDEX: 459 ss->print("Constant pool index %d is invalid", _type.index()); 460 break; 461 case BAD_LOCAL_INDEX: 462 ss->print("Local index %d is invalid", _type.index()); 463 break; 464 case LOCALS_SIZE_MISMATCH: 465 ss->print("Current frame's local size doesn't match stackmap."); 466 break; 467 case STACK_SIZE_MISMATCH: 468 ss->print("Current frame's stack size doesn't match stackmap."); 469 break; 470 case STACK_OVERFLOW: 471 ss->print("Exceeded max stack size."); 472 break; 473 case STACK_UNDERFLOW: 474 ss->print("Attempt to pop empty stack."); 475 break; 476 case MISSING_STACKMAP: 477 ss->print("Expected stackmap frame at this location."); 478 break; 479 case BAD_STACKMAP: 480 ss->print("Invalid stackmap specification."); 481 break; 482 case WRONG_VALUE_TYPE: 483 ss->print("Type "); 484 _type.details(ss); 485 ss->print(" and type "); 486 _expected.details(ss); 487 ss->print(" must be identical value types."); 488 break; 489 case UNKNOWN: 490 default: 491 ShouldNotReachHere(); 492 ss->print_cr("Unknown"); 493 } 494 ss->cr(); 495 } 496 497 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 498 if (_bci != -1 && method != NULL) { 499 streamIndentor si(ss); 500 const char* bytecode_name = "<invalid>"; 501 if (method->validate_bci(_bci) != -1) { 502 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 503 if (Bytecodes::is_defined(code)) { 504 bytecode_name = Bytecodes::name(code); 505 } else { 506 bytecode_name = "<illegal>"; 507 } 508 } 509 InstanceKlass* ik = method->method_holder(); 510 ss->indent().print_cr("Location:"); 511 streamIndentor si2(ss); 512 ss->indent().print_cr("%s.%s%s @%d: %s", 513 ik->name()->as_C_string(), method->name()->as_C_string(), 514 method->signature()->as_C_string(), _bci, bytecode_name); 515 } 516 } 517 518 void ErrorContext::frame_details(outputStream* ss) const { 519 streamIndentor si(ss); 520 if (_type.is_valid() && _type.frame() != NULL) { 521 ss->indent().print_cr("Current Frame:"); 522 streamIndentor si2(ss); 523 _type.frame()->print_on(ss); 524 } 525 if (_expected.is_valid() && _expected.frame() != NULL) { 526 ss->indent().print_cr("Stackmap Frame:"); 527 streamIndentor si2(ss); 528 _expected.frame()->print_on(ss); 529 } 530 } 531 532 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 533 if (method != NULL) { 534 streamIndentor si(ss); 535 ss->indent().print_cr("Bytecode:"); 536 streamIndentor si2(ss); 537 ss->print_data(method->code_base(), method->code_size(), false); 538 } 539 } 540 541 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 542 if (method != NULL) { 543 streamIndentor si(ss); 544 ExceptionTable table(method); 545 if (table.length() > 0) { 546 ss->indent().print_cr("Exception Handler Table:"); 547 streamIndentor si2(ss); 548 for (int i = 0; i < table.length(); ++i) { 549 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 550 table.end_pc(i), table.handler_pc(i)); 551 } 552 } 553 } 554 } 555 556 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 557 if (method != NULL && method->has_stackmap_table()) { 558 streamIndentor si(ss); 559 ss->indent().print_cr("Stackmap Table:"); 560 Array<u1>* data = method->stackmap_data(); 561 stack_map_table* sm_table = 562 stack_map_table::at((address)data->adr_at(0)); 563 stack_map_frame* sm_frame = sm_table->entries(); 564 streamIndentor si2(ss); 565 int current_offset = -1; 566 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 567 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 568 ss->indent(); 569 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 570 sm_frame->print_truncated(ss, current_offset); 571 return; 572 } 573 sm_frame->print_on(ss, current_offset); 574 ss->cr(); 575 current_offset += sm_frame->offset_delta(); 576 sm_frame = sm_frame->next(); 577 } 578 } 579 } 580 581 // Methods in ClassVerifier 582 583 VerificationType reference_or_valuetype(InstanceKlass* klass) { 584 if (klass->is_value()) { 585 return VerificationType::valuetype_type(klass->name()); 586 } else { 587 return VerificationType::reference_type(klass->name()); 588 } 589 } 590 591 ClassVerifier::ClassVerifier( 592 InstanceKlass* klass, TRAPS) 593 : _thread(THREAD), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL), 594 _message(NULL), _method_signatures_table(NULL), _klass(klass) { 595 _this_type = reference_or_valuetype(klass); 596 } 597 598 ClassVerifier::~ClassVerifier() { 599 // Decrement the reference count for any symbols created. 600 if (_symbols != NULL) { 601 for (int i = 0; i < _symbols->length(); i++) { 602 Symbol* s = _symbols->at(i); 603 s->decrement_refcount(); 604 } 605 } 606 } 607 608 VerificationType ClassVerifier::object_type() const { 609 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 610 } 611 612 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 613 VerificationType vt = VerificationType::reference_type( 614 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 615 return TypeOrigin::implicit(vt); 616 } 617 618 void ClassVerifier::verify_class(TRAPS) { 619 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 620 621 // Either verifying both local and remote classes or just remote classes. 622 assert(BytecodeVerificationRemote, "Should not be here"); 623 624 // Create hash table containing method signatures. 625 method_signatures_table_type method_signatures_table; 626 set_method_signatures_table(&method_signatures_table); 627 628 Array<Method*>* methods = _klass->methods(); 629 int num_methods = methods->length(); 630 631 for (int index = 0; index < num_methods; index++) { 632 // Check for recursive re-verification before each method. 633 if (was_recursively_verified()) return; 634 635 Method* m = methods->at(index); 636 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 637 // If m is native or abstract, skip it. It is checked in class file 638 // parser that methods do not override a final method. Overpass methods 639 // are trusted since the VM generates them. 640 continue; 641 } 642 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 643 } 644 645 if (was_recursively_verified()){ 646 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 647 log_info(class, init)("Recursive verification detected for: %s", 648 _klass->external_name()); 649 } 650 } 651 652 // Translate the signature entries into verification types and save them in 653 // the growable array. Also, save the count of arguments. 654 void ClassVerifier::translate_signature(Symbol* const method_sig, 655 sig_as_verification_types* sig_verif_types, 656 TRAPS) { 657 SignatureStream sig_stream(method_sig); 658 VerificationType sig_type[2]; 659 int sig_i = 0; 660 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 661 662 // Translate the signature arguments into verification types. 663 while (!sig_stream.at_return_type()) { 664 int n = change_sig_to_verificationType(&sig_stream, sig_type, CHECK_VERIFY(this)); 665 assert(n <= 2, "Unexpected signature type"); 666 667 // Store verification type(s). Longs and Doubles each have two verificationTypes. 668 for (int x = 0; x < n; x++) { 669 verif_types->push(sig_type[x]); 670 } 671 sig_i += n; 672 sig_stream.next(); 673 } 674 675 // Set final arg count, not including the return type. The final arg count will 676 // be compared with sig_verify_types' length to see if there is a return type. 677 sig_verif_types->set_num_args(sig_i); 678 679 // Store verification type(s) for the return type, if there is one. 680 if (sig_stream.type() != T_VOID) { 681 int n = change_sig_to_verificationType(&sig_stream, sig_type, CHECK_VERIFY(this)); 682 assert(n <= 2, "Unexpected signature return type"); 683 for (int y = 0; y < n; y++) { 684 verif_types->push(sig_type[y]); 685 } 686 } 687 } 688 689 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 690 int sig_index, TRAPS) { 691 // Translate the signature into verification types. 692 ConstantPool* cp = _klass->constants(); 693 Symbol* const method_sig = cp->symbol_at(sig_index); 694 translate_signature(method_sig, sig_verif_types, CHECK_VERIFY(this)); 695 696 // Add the list of this signature's verification types to the table. 697 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 698 assert(is_unique, "Duplicate entries in method_signature_table"); 699 } 700 701 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 702 HandleMark hm(THREAD); 703 _method = m; // initialize _method 704 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 705 706 // For clang, the only good constant format string is a literal constant format string. 707 #define bad_type_msg "Bad type on operand stack in %s" 708 709 int32_t max_stack = m->verifier_max_stack(); 710 int32_t max_locals = m->max_locals(); 711 constantPoolHandle cp(THREAD, m->constants()); 712 713 // Method signature was checked in ClassFileParser. 714 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 715 "Invalid method signature"); 716 717 // Initial stack map frame: offset is 0, stack is initially empty. 718 StackMapFrame current_frame(max_locals, max_stack, this); 719 // Set initial locals 720 VerificationType return_type = current_frame.set_locals_from_arg( 721 m, current_type(), CHECK_VERIFY(this)); 722 723 int32_t stackmap_index = 0; // index to the stackmap array 724 725 u4 code_length = m->code_size(); 726 727 // Scan the bytecode and map each instruction's start offset to a number. 728 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 729 730 int ex_min = code_length; 731 int ex_max = -1; 732 // Look through each item on the exception table. Each of the fields must refer 733 // to a legal instruction. 734 if (was_recursively_verified()) return; 735 verify_exception_handler_table( 736 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 737 738 // Look through each entry on the local variable table and make sure 739 // its range of code array offsets is valid. (4169817) 740 if (m->has_localvariable_table()) { 741 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 742 } 743 744 Array<u1>* stackmap_data = m->stackmap_data(); 745 StackMapStream stream(stackmap_data); 746 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 747 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 748 code_data, code_length, CHECK_VERIFY(this)); 749 750 LogTarget(Info, verification) lt; 751 if (lt.is_enabled()) { 752 ResourceMark rm(THREAD); 753 LogStream ls(lt); 754 stackmap_table.print_on(&ls); 755 } 756 757 RawBytecodeStream bcs(m); 758 759 // Scan the byte code linearly from the start to the end 760 bool no_control_flow = false; // Set to true when there is no direct control 761 // flow from current instruction to the next 762 // instruction in sequence 763 764 Bytecodes::Code opcode; 765 while (!bcs.is_last_bytecode()) { 766 // Check for recursive re-verification before each bytecode. 767 if (was_recursively_verified()) return; 768 769 opcode = bcs.raw_next(); 770 u2 bci = bcs.bci(); 771 772 // Set current frame's offset to bci 773 current_frame.set_offset(bci); 774 current_frame.set_mark(); 775 776 // Make sure every offset in stackmap table point to the beginning to 777 // an instruction. Match current_frame to stackmap_table entry with 778 // the same offset if exists. 779 stackmap_index = verify_stackmap_table( 780 stackmap_index, bci, ¤t_frame, &stackmap_table, 781 no_control_flow, CHECK_VERIFY(this)); 782 783 784 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 785 bool verified_exc_handlers = false; 786 787 // Merge with the next instruction 788 { 789 u2 index; 790 int target; 791 VerificationType type, type2; 792 VerificationType atype; 793 794 LogTarget(Info, verification) lt; 795 if (lt.is_enabled()) { 796 ResourceMark rm(THREAD); 797 LogStream ls(lt); 798 current_frame.print_on(&ls); 799 lt.print("offset = %d, opcode = %s", bci, 800 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 801 } 802 803 // Make sure wide instruction is in correct format 804 if (bcs.is_wide()) { 805 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 806 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 807 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 808 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 809 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 810 opcode != Bytecodes::_dstore) { 811 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 812 * if we encounter a wide instruction that modifies an invalid 813 * opcode (not one of the ones listed above) */ 814 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 815 return; 816 } 817 } 818 819 // Look for possible jump target in exception handlers and see if it 820 // matches current_frame. Do this check here for astore*, dstore*, 821 // fstore*, istore*, and lstore* opcodes because they can change the type 822 // state by adding a local. JVM Spec says that the incoming type state 823 // should be used for this check. So, do the check here before a possible 824 // local is added to the type state. 825 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 826 if (was_recursively_verified()) return; 827 verify_exception_handler_targets( 828 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 829 verified_exc_handlers = true; 830 } 831 832 if (was_recursively_verified()) return; 833 834 switch (opcode) { 835 case Bytecodes::_nop : 836 no_control_flow = false; break; 837 case Bytecodes::_aconst_null : 838 current_frame.push_stack( 839 VerificationType::null_type(), CHECK_VERIFY(this)); 840 no_control_flow = false; break; 841 case Bytecodes::_iconst_m1 : 842 case Bytecodes::_iconst_0 : 843 case Bytecodes::_iconst_1 : 844 case Bytecodes::_iconst_2 : 845 case Bytecodes::_iconst_3 : 846 case Bytecodes::_iconst_4 : 847 case Bytecodes::_iconst_5 : 848 current_frame.push_stack( 849 VerificationType::integer_type(), CHECK_VERIFY(this)); 850 no_control_flow = false; break; 851 case Bytecodes::_lconst_0 : 852 case Bytecodes::_lconst_1 : 853 current_frame.push_stack_2( 854 VerificationType::long_type(), 855 VerificationType::long2_type(), CHECK_VERIFY(this)); 856 no_control_flow = false; break; 857 case Bytecodes::_fconst_0 : 858 case Bytecodes::_fconst_1 : 859 case Bytecodes::_fconst_2 : 860 current_frame.push_stack( 861 VerificationType::float_type(), CHECK_VERIFY(this)); 862 no_control_flow = false; break; 863 case Bytecodes::_dconst_0 : 864 case Bytecodes::_dconst_1 : 865 current_frame.push_stack_2( 866 VerificationType::double_type(), 867 VerificationType::double2_type(), CHECK_VERIFY(this)); 868 no_control_flow = false; break; 869 case Bytecodes::_sipush : 870 case Bytecodes::_bipush : 871 current_frame.push_stack( 872 VerificationType::integer_type(), CHECK_VERIFY(this)); 873 no_control_flow = false; break; 874 case Bytecodes::_ldc : 875 verify_ldc( 876 opcode, bcs.get_index_u1(), ¤t_frame, 877 cp, bci, CHECK_VERIFY(this)); 878 no_control_flow = false; break; 879 case Bytecodes::_ldc_w : 880 case Bytecodes::_ldc2_w : 881 verify_ldc( 882 opcode, bcs.get_index_u2(), ¤t_frame, 883 cp, bci, CHECK_VERIFY(this)); 884 no_control_flow = false; break; 885 case Bytecodes::_iload : 886 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 887 no_control_flow = false; break; 888 case Bytecodes::_iload_0 : 889 case Bytecodes::_iload_1 : 890 case Bytecodes::_iload_2 : 891 case Bytecodes::_iload_3 : 892 index = opcode - Bytecodes::_iload_0; 893 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 894 no_control_flow = false; break; 895 case Bytecodes::_lload : 896 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 897 no_control_flow = false; break; 898 case Bytecodes::_lload_0 : 899 case Bytecodes::_lload_1 : 900 case Bytecodes::_lload_2 : 901 case Bytecodes::_lload_3 : 902 index = opcode - Bytecodes::_lload_0; 903 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 904 no_control_flow = false; break; 905 case Bytecodes::_fload : 906 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 907 no_control_flow = false; break; 908 case Bytecodes::_fload_0 : 909 case Bytecodes::_fload_1 : 910 case Bytecodes::_fload_2 : 911 case Bytecodes::_fload_3 : 912 index = opcode - Bytecodes::_fload_0; 913 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 914 no_control_flow = false; break; 915 case Bytecodes::_dload : 916 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 917 no_control_flow = false; break; 918 case Bytecodes::_dload_0 : 919 case Bytecodes::_dload_1 : 920 case Bytecodes::_dload_2 : 921 case Bytecodes::_dload_3 : 922 index = opcode - Bytecodes::_dload_0; 923 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 924 no_control_flow = false; break; 925 case Bytecodes::_aload : 926 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 927 no_control_flow = false; break; 928 case Bytecodes::_aload_0 : 929 case Bytecodes::_aload_1 : 930 case Bytecodes::_aload_2 : 931 case Bytecodes::_aload_3 : 932 index = opcode - Bytecodes::_aload_0; 933 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 934 no_control_flow = false; break; 935 case Bytecodes::_iaload : 936 type = current_frame.pop_stack( 937 VerificationType::integer_type(), CHECK_VERIFY(this)); 938 atype = current_frame.pop_stack( 939 VerificationType::reference_check(), CHECK_VERIFY(this)); 940 if (!atype.is_int_array()) { 941 verify_error(ErrorContext::bad_type(bci, 942 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 943 bad_type_msg, "iaload"); 944 return; 945 } 946 current_frame.push_stack( 947 VerificationType::integer_type(), CHECK_VERIFY(this)); 948 no_control_flow = false; break; 949 case Bytecodes::_baload : 950 type = current_frame.pop_stack( 951 VerificationType::integer_type(), CHECK_VERIFY(this)); 952 atype = current_frame.pop_stack( 953 VerificationType::reference_check(), CHECK_VERIFY(this)); 954 if (!atype.is_bool_array() && !atype.is_byte_array()) { 955 verify_error( 956 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 957 bad_type_msg, "baload"); 958 return; 959 } 960 current_frame.push_stack( 961 VerificationType::integer_type(), CHECK_VERIFY(this)); 962 no_control_flow = false; break; 963 case Bytecodes::_caload : 964 type = current_frame.pop_stack( 965 VerificationType::integer_type(), CHECK_VERIFY(this)); 966 atype = current_frame.pop_stack( 967 VerificationType::reference_check(), CHECK_VERIFY(this)); 968 if (!atype.is_char_array()) { 969 verify_error(ErrorContext::bad_type(bci, 970 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 971 bad_type_msg, "caload"); 972 return; 973 } 974 current_frame.push_stack( 975 VerificationType::integer_type(), CHECK_VERIFY(this)); 976 no_control_flow = false; break; 977 case Bytecodes::_saload : 978 type = current_frame.pop_stack( 979 VerificationType::integer_type(), CHECK_VERIFY(this)); 980 atype = current_frame.pop_stack( 981 VerificationType::reference_check(), CHECK_VERIFY(this)); 982 if (!atype.is_short_array()) { 983 verify_error(ErrorContext::bad_type(bci, 984 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 985 bad_type_msg, "saload"); 986 return; 987 } 988 current_frame.push_stack( 989 VerificationType::integer_type(), CHECK_VERIFY(this)); 990 no_control_flow = false; break; 991 case Bytecodes::_laload : 992 type = current_frame.pop_stack( 993 VerificationType::integer_type(), CHECK_VERIFY(this)); 994 atype = current_frame.pop_stack( 995 VerificationType::reference_check(), CHECK_VERIFY(this)); 996 if (!atype.is_long_array()) { 997 verify_error(ErrorContext::bad_type(bci, 998 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 999 bad_type_msg, "laload"); 1000 return; 1001 } 1002 current_frame.push_stack_2( 1003 VerificationType::long_type(), 1004 VerificationType::long2_type(), CHECK_VERIFY(this)); 1005 no_control_flow = false; break; 1006 case Bytecodes::_faload : 1007 type = current_frame.pop_stack( 1008 VerificationType::integer_type(), CHECK_VERIFY(this)); 1009 atype = current_frame.pop_stack( 1010 VerificationType::reference_check(), CHECK_VERIFY(this)); 1011 if (!atype.is_float_array()) { 1012 verify_error(ErrorContext::bad_type(bci, 1013 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1014 bad_type_msg, "faload"); 1015 return; 1016 } 1017 current_frame.push_stack( 1018 VerificationType::float_type(), CHECK_VERIFY(this)); 1019 no_control_flow = false; break; 1020 case Bytecodes::_daload : 1021 type = current_frame.pop_stack( 1022 VerificationType::integer_type(), CHECK_VERIFY(this)); 1023 atype = current_frame.pop_stack( 1024 VerificationType::reference_check(), CHECK_VERIFY(this)); 1025 if (!atype.is_double_array()) { 1026 verify_error(ErrorContext::bad_type(bci, 1027 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1028 bad_type_msg, "daload"); 1029 return; 1030 } 1031 current_frame.push_stack_2( 1032 VerificationType::double_type(), 1033 VerificationType::double2_type(), CHECK_VERIFY(this)); 1034 no_control_flow = false; break; 1035 case Bytecodes::_aaload : { 1036 type = current_frame.pop_stack( 1037 VerificationType::integer_type(), CHECK_VERIFY(this)); 1038 atype = current_frame.pop_stack( 1039 VerificationType::reference_check(), CHECK_VERIFY(this)); 1040 if (!atype.is_nonscalar_array()) { 1041 verify_error(ErrorContext::bad_type(bci, 1042 current_frame.stack_top_ctx(), 1043 TypeOrigin::implicit(VerificationType::reference_check())), 1044 bad_type_msg, "aaload"); 1045 return; 1046 } 1047 if (atype.is_null()) { 1048 current_frame.push_stack( 1049 VerificationType::null_type(), CHECK_VERIFY(this)); 1050 } else { 1051 VerificationType component = 1052 atype.get_component(this, CHECK_VERIFY(this)); 1053 current_frame.push_stack(component, CHECK_VERIFY(this)); 1054 } 1055 no_control_flow = false; break; 1056 } 1057 case Bytecodes::_istore : 1058 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1059 no_control_flow = false; break; 1060 case Bytecodes::_istore_0 : 1061 case Bytecodes::_istore_1 : 1062 case Bytecodes::_istore_2 : 1063 case Bytecodes::_istore_3 : 1064 index = opcode - Bytecodes::_istore_0; 1065 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1066 no_control_flow = false; break; 1067 case Bytecodes::_lstore : 1068 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1069 no_control_flow = false; break; 1070 case Bytecodes::_lstore_0 : 1071 case Bytecodes::_lstore_1 : 1072 case Bytecodes::_lstore_2 : 1073 case Bytecodes::_lstore_3 : 1074 index = opcode - Bytecodes::_lstore_0; 1075 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1076 no_control_flow = false; break; 1077 case Bytecodes::_fstore : 1078 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1079 no_control_flow = false; break; 1080 case Bytecodes::_fstore_0 : 1081 case Bytecodes::_fstore_1 : 1082 case Bytecodes::_fstore_2 : 1083 case Bytecodes::_fstore_3 : 1084 index = opcode - Bytecodes::_fstore_0; 1085 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 case Bytecodes::_dstore : 1088 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1089 no_control_flow = false; break; 1090 case Bytecodes::_dstore_0 : 1091 case Bytecodes::_dstore_1 : 1092 case Bytecodes::_dstore_2 : 1093 case Bytecodes::_dstore_3 : 1094 index = opcode - Bytecodes::_dstore_0; 1095 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1096 no_control_flow = false; break; 1097 case Bytecodes::_astore : 1098 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1099 no_control_flow = false; break; 1100 case Bytecodes::_astore_0 : 1101 case Bytecodes::_astore_1 : 1102 case Bytecodes::_astore_2 : 1103 case Bytecodes::_astore_3 : 1104 index = opcode - Bytecodes::_astore_0; 1105 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1106 no_control_flow = false; break; 1107 case Bytecodes::_iastore : 1108 type = current_frame.pop_stack( 1109 VerificationType::integer_type(), CHECK_VERIFY(this)); 1110 type2 = current_frame.pop_stack( 1111 VerificationType::integer_type(), CHECK_VERIFY(this)); 1112 atype = current_frame.pop_stack( 1113 VerificationType::reference_check(), CHECK_VERIFY(this)); 1114 if (!atype.is_int_array()) { 1115 verify_error(ErrorContext::bad_type(bci, 1116 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1117 bad_type_msg, "iastore"); 1118 return; 1119 } 1120 no_control_flow = false; break; 1121 case Bytecodes::_bastore : 1122 type = current_frame.pop_stack( 1123 VerificationType::integer_type(), CHECK_VERIFY(this)); 1124 type2 = current_frame.pop_stack( 1125 VerificationType::integer_type(), CHECK_VERIFY(this)); 1126 atype = current_frame.pop_stack( 1127 VerificationType::reference_check(), CHECK_VERIFY(this)); 1128 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1129 verify_error( 1130 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1131 bad_type_msg, "bastore"); 1132 return; 1133 } 1134 no_control_flow = false; break; 1135 case Bytecodes::_castore : 1136 current_frame.pop_stack( 1137 VerificationType::integer_type(), CHECK_VERIFY(this)); 1138 current_frame.pop_stack( 1139 VerificationType::integer_type(), CHECK_VERIFY(this)); 1140 atype = current_frame.pop_stack( 1141 VerificationType::reference_check(), CHECK_VERIFY(this)); 1142 if (!atype.is_char_array()) { 1143 verify_error(ErrorContext::bad_type(bci, 1144 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1145 bad_type_msg, "castore"); 1146 return; 1147 } 1148 no_control_flow = false; break; 1149 case Bytecodes::_sastore : 1150 current_frame.pop_stack( 1151 VerificationType::integer_type(), CHECK_VERIFY(this)); 1152 current_frame.pop_stack( 1153 VerificationType::integer_type(), CHECK_VERIFY(this)); 1154 atype = current_frame.pop_stack( 1155 VerificationType::reference_check(), CHECK_VERIFY(this)); 1156 if (!atype.is_short_array()) { 1157 verify_error(ErrorContext::bad_type(bci, 1158 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1159 bad_type_msg, "sastore"); 1160 return; 1161 } 1162 no_control_flow = false; break; 1163 case Bytecodes::_lastore : 1164 current_frame.pop_stack_2( 1165 VerificationType::long2_type(), 1166 VerificationType::long_type(), CHECK_VERIFY(this)); 1167 current_frame.pop_stack( 1168 VerificationType::integer_type(), CHECK_VERIFY(this)); 1169 atype = current_frame.pop_stack( 1170 VerificationType::reference_check(), CHECK_VERIFY(this)); 1171 if (!atype.is_long_array()) { 1172 verify_error(ErrorContext::bad_type(bci, 1173 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1174 bad_type_msg, "lastore"); 1175 return; 1176 } 1177 no_control_flow = false; break; 1178 case Bytecodes::_fastore : 1179 current_frame.pop_stack( 1180 VerificationType::float_type(), CHECK_VERIFY(this)); 1181 current_frame.pop_stack 1182 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1183 atype = current_frame.pop_stack( 1184 VerificationType::reference_check(), CHECK_VERIFY(this)); 1185 if (!atype.is_float_array()) { 1186 verify_error(ErrorContext::bad_type(bci, 1187 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1188 bad_type_msg, "fastore"); 1189 return; 1190 } 1191 no_control_flow = false; break; 1192 case Bytecodes::_dastore : 1193 current_frame.pop_stack_2( 1194 VerificationType::double2_type(), 1195 VerificationType::double_type(), CHECK_VERIFY(this)); 1196 current_frame.pop_stack( 1197 VerificationType::integer_type(), CHECK_VERIFY(this)); 1198 atype = current_frame.pop_stack( 1199 VerificationType::reference_check(), CHECK_VERIFY(this)); 1200 if (!atype.is_double_array()) { 1201 verify_error(ErrorContext::bad_type(bci, 1202 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1203 bad_type_msg, "dastore"); 1204 return; 1205 } 1206 no_control_flow = false; break; 1207 case Bytecodes::_aastore : 1208 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1209 type2 = current_frame.pop_stack( 1210 VerificationType::integer_type(), CHECK_VERIFY(this)); 1211 atype = current_frame.pop_stack( 1212 VerificationType::reference_check(), CHECK_VERIFY(this)); 1213 // more type-checking is done at runtime 1214 if (!atype.is_nonscalar_array()) { 1215 verify_error(ErrorContext::bad_type(bci, 1216 current_frame.stack_top_ctx(), 1217 TypeOrigin::implicit(VerificationType::reference_check())), 1218 bad_type_msg, "aastore"); 1219 return; 1220 } 1221 // 4938384: relaxed constraint in JVMS 3nd edition. 1222 no_control_flow = false; break; 1223 case Bytecodes::_pop : 1224 current_frame.pop_stack( 1225 VerificationType::category1_check(), CHECK_VERIFY(this)); 1226 no_control_flow = false; break; 1227 case Bytecodes::_pop2 : 1228 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1229 if (type.is_category1()) { 1230 current_frame.pop_stack( 1231 VerificationType::category1_check(), CHECK_VERIFY(this)); 1232 } else if (type.is_category2_2nd()) { 1233 current_frame.pop_stack( 1234 VerificationType::category2_check(), CHECK_VERIFY(this)); 1235 } else { 1236 /* Unreachable? Would need a category2_1st on TOS 1237 * which does not appear possible. */ 1238 verify_error( 1239 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1240 bad_type_msg, "pop2"); 1241 return; 1242 } 1243 no_control_flow = false; break; 1244 case Bytecodes::_dup : 1245 type = current_frame.pop_stack( 1246 VerificationType::category1_check(), CHECK_VERIFY(this)); 1247 current_frame.push_stack(type, CHECK_VERIFY(this)); 1248 current_frame.push_stack(type, CHECK_VERIFY(this)); 1249 no_control_flow = false; break; 1250 case Bytecodes::_dup_x1 : 1251 type = current_frame.pop_stack( 1252 VerificationType::category1_check(), CHECK_VERIFY(this)); 1253 type2 = current_frame.pop_stack( 1254 VerificationType::category1_check(), CHECK_VERIFY(this)); 1255 current_frame.push_stack(type, CHECK_VERIFY(this)); 1256 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1257 current_frame.push_stack(type, CHECK_VERIFY(this)); 1258 no_control_flow = false; break; 1259 case Bytecodes::_dup_x2 : 1260 { 1261 VerificationType type3; 1262 type = current_frame.pop_stack( 1263 VerificationType::category1_check(), CHECK_VERIFY(this)); 1264 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1265 if (type2.is_category1()) { 1266 type3 = current_frame.pop_stack( 1267 VerificationType::category1_check(), CHECK_VERIFY(this)); 1268 } else if (type2.is_category2_2nd()) { 1269 type3 = current_frame.pop_stack( 1270 VerificationType::category2_check(), CHECK_VERIFY(this)); 1271 } else { 1272 /* Unreachable? Would need a category2_1st at stack depth 2 with 1273 * a category1 on TOS which does not appear possible. */ 1274 verify_error(ErrorContext::bad_type( 1275 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1276 return; 1277 } 1278 current_frame.push_stack(type, CHECK_VERIFY(this)); 1279 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1280 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1281 current_frame.push_stack(type, CHECK_VERIFY(this)); 1282 no_control_flow = false; break; 1283 } 1284 case Bytecodes::_dup2 : 1285 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1286 if (type.is_category1()) { 1287 type2 = current_frame.pop_stack( 1288 VerificationType::category1_check(), CHECK_VERIFY(this)); 1289 } else if (type.is_category2_2nd()) { 1290 type2 = current_frame.pop_stack( 1291 VerificationType::category2_check(), CHECK_VERIFY(this)); 1292 } else { 1293 /* Unreachable? Would need a category2_1st on TOS which does not 1294 * appear possible. */ 1295 verify_error( 1296 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1297 bad_type_msg, "dup2"); 1298 return; 1299 } 1300 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1301 current_frame.push_stack(type, CHECK_VERIFY(this)); 1302 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1303 current_frame.push_stack(type, CHECK_VERIFY(this)); 1304 no_control_flow = false; break; 1305 case Bytecodes::_dup2_x1 : 1306 { 1307 VerificationType type3; 1308 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1309 if (type.is_category1()) { 1310 type2 = current_frame.pop_stack( 1311 VerificationType::category1_check(), CHECK_VERIFY(this)); 1312 } else if (type.is_category2_2nd()) { 1313 type2 = current_frame.pop_stack( 1314 VerificationType::category2_check(), CHECK_VERIFY(this)); 1315 } else { 1316 /* Unreachable? Would need a category2_1st on TOS which does 1317 * not appear possible. */ 1318 verify_error( 1319 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1320 bad_type_msg, "dup2_x1"); 1321 return; 1322 } 1323 type3 = current_frame.pop_stack( 1324 VerificationType::category1_check(), CHECK_VERIFY(this)); 1325 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1326 current_frame.push_stack(type, CHECK_VERIFY(this)); 1327 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1328 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1329 current_frame.push_stack(type, CHECK_VERIFY(this)); 1330 no_control_flow = false; break; 1331 } 1332 case Bytecodes::_dup2_x2 : 1333 { 1334 VerificationType type3, type4; 1335 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1336 if (type.is_category1()) { 1337 type2 = current_frame.pop_stack( 1338 VerificationType::category1_check(), CHECK_VERIFY(this)); 1339 } else if (type.is_category2_2nd()) { 1340 type2 = current_frame.pop_stack( 1341 VerificationType::category2_check(), CHECK_VERIFY(this)); 1342 } else { 1343 /* Unreachable? Would need a category2_1st on TOS which does 1344 * not appear possible. */ 1345 verify_error( 1346 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1347 bad_type_msg, "dup2_x2"); 1348 return; 1349 } 1350 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1351 if (type3.is_category1()) { 1352 type4 = current_frame.pop_stack( 1353 VerificationType::category1_check(), CHECK_VERIFY(this)); 1354 } else if (type3.is_category2_2nd()) { 1355 type4 = current_frame.pop_stack( 1356 VerificationType::category2_check(), CHECK_VERIFY(this)); 1357 } else { 1358 /* Unreachable? Would need a category2_1st on TOS after popping 1359 * a long/double or two category 1's, which does not 1360 * appear possible. */ 1361 verify_error( 1362 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1363 bad_type_msg, "dup2_x2"); 1364 return; 1365 } 1366 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1367 current_frame.push_stack(type, CHECK_VERIFY(this)); 1368 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1369 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1370 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1371 current_frame.push_stack(type, CHECK_VERIFY(this)); 1372 no_control_flow = false; break; 1373 } 1374 case Bytecodes::_swap : 1375 type = current_frame.pop_stack( 1376 VerificationType::category1_check(), CHECK_VERIFY(this)); 1377 type2 = current_frame.pop_stack( 1378 VerificationType::category1_check(), CHECK_VERIFY(this)); 1379 current_frame.push_stack(type, CHECK_VERIFY(this)); 1380 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1381 no_control_flow = false; break; 1382 case Bytecodes::_iadd : 1383 case Bytecodes::_isub : 1384 case Bytecodes::_imul : 1385 case Bytecodes::_idiv : 1386 case Bytecodes::_irem : 1387 case Bytecodes::_ishl : 1388 case Bytecodes::_ishr : 1389 case Bytecodes::_iushr : 1390 case Bytecodes::_ior : 1391 case Bytecodes::_ixor : 1392 case Bytecodes::_iand : 1393 current_frame.pop_stack( 1394 VerificationType::integer_type(), CHECK_VERIFY(this)); 1395 // fall through 1396 case Bytecodes::_ineg : 1397 current_frame.pop_stack( 1398 VerificationType::integer_type(), CHECK_VERIFY(this)); 1399 current_frame.push_stack( 1400 VerificationType::integer_type(), CHECK_VERIFY(this)); 1401 no_control_flow = false; break; 1402 case Bytecodes::_ladd : 1403 case Bytecodes::_lsub : 1404 case Bytecodes::_lmul : 1405 case Bytecodes::_ldiv : 1406 case Bytecodes::_lrem : 1407 case Bytecodes::_land : 1408 case Bytecodes::_lor : 1409 case Bytecodes::_lxor : 1410 current_frame.pop_stack_2( 1411 VerificationType::long2_type(), 1412 VerificationType::long_type(), CHECK_VERIFY(this)); 1413 // fall through 1414 case Bytecodes::_lneg : 1415 current_frame.pop_stack_2( 1416 VerificationType::long2_type(), 1417 VerificationType::long_type(), CHECK_VERIFY(this)); 1418 current_frame.push_stack_2( 1419 VerificationType::long_type(), 1420 VerificationType::long2_type(), CHECK_VERIFY(this)); 1421 no_control_flow = false; break; 1422 case Bytecodes::_lshl : 1423 case Bytecodes::_lshr : 1424 case Bytecodes::_lushr : 1425 current_frame.pop_stack( 1426 VerificationType::integer_type(), CHECK_VERIFY(this)); 1427 current_frame.pop_stack_2( 1428 VerificationType::long2_type(), 1429 VerificationType::long_type(), CHECK_VERIFY(this)); 1430 current_frame.push_stack_2( 1431 VerificationType::long_type(), 1432 VerificationType::long2_type(), CHECK_VERIFY(this)); 1433 no_control_flow = false; break; 1434 case Bytecodes::_fadd : 1435 case Bytecodes::_fsub : 1436 case Bytecodes::_fmul : 1437 case Bytecodes::_fdiv : 1438 case Bytecodes::_frem : 1439 current_frame.pop_stack( 1440 VerificationType::float_type(), CHECK_VERIFY(this)); 1441 // fall through 1442 case Bytecodes::_fneg : 1443 current_frame.pop_stack( 1444 VerificationType::float_type(), CHECK_VERIFY(this)); 1445 current_frame.push_stack( 1446 VerificationType::float_type(), CHECK_VERIFY(this)); 1447 no_control_flow = false; break; 1448 case Bytecodes::_dadd : 1449 case Bytecodes::_dsub : 1450 case Bytecodes::_dmul : 1451 case Bytecodes::_ddiv : 1452 case Bytecodes::_drem : 1453 current_frame.pop_stack_2( 1454 VerificationType::double2_type(), 1455 VerificationType::double_type(), CHECK_VERIFY(this)); 1456 // fall through 1457 case Bytecodes::_dneg : 1458 current_frame.pop_stack_2( 1459 VerificationType::double2_type(), 1460 VerificationType::double_type(), CHECK_VERIFY(this)); 1461 current_frame.push_stack_2( 1462 VerificationType::double_type(), 1463 VerificationType::double2_type(), CHECK_VERIFY(this)); 1464 no_control_flow = false; break; 1465 case Bytecodes::_iinc : 1466 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1467 no_control_flow = false; break; 1468 case Bytecodes::_i2l : 1469 type = current_frame.pop_stack( 1470 VerificationType::integer_type(), CHECK_VERIFY(this)); 1471 current_frame.push_stack_2( 1472 VerificationType::long_type(), 1473 VerificationType::long2_type(), CHECK_VERIFY(this)); 1474 no_control_flow = false; break; 1475 case Bytecodes::_l2i : 1476 current_frame.pop_stack_2( 1477 VerificationType::long2_type(), 1478 VerificationType::long_type(), CHECK_VERIFY(this)); 1479 current_frame.push_stack( 1480 VerificationType::integer_type(), CHECK_VERIFY(this)); 1481 no_control_flow = false; break; 1482 case Bytecodes::_i2f : 1483 current_frame.pop_stack( 1484 VerificationType::integer_type(), CHECK_VERIFY(this)); 1485 current_frame.push_stack( 1486 VerificationType::float_type(), CHECK_VERIFY(this)); 1487 no_control_flow = false; break; 1488 case Bytecodes::_i2d : 1489 current_frame.pop_stack( 1490 VerificationType::integer_type(), CHECK_VERIFY(this)); 1491 current_frame.push_stack_2( 1492 VerificationType::double_type(), 1493 VerificationType::double2_type(), CHECK_VERIFY(this)); 1494 no_control_flow = false; break; 1495 case Bytecodes::_l2f : 1496 current_frame.pop_stack_2( 1497 VerificationType::long2_type(), 1498 VerificationType::long_type(), CHECK_VERIFY(this)); 1499 current_frame.push_stack( 1500 VerificationType::float_type(), CHECK_VERIFY(this)); 1501 no_control_flow = false; break; 1502 case Bytecodes::_l2d : 1503 current_frame.pop_stack_2( 1504 VerificationType::long2_type(), 1505 VerificationType::long_type(), CHECK_VERIFY(this)); 1506 current_frame.push_stack_2( 1507 VerificationType::double_type(), 1508 VerificationType::double2_type(), CHECK_VERIFY(this)); 1509 no_control_flow = false; break; 1510 case Bytecodes::_f2i : 1511 current_frame.pop_stack( 1512 VerificationType::float_type(), CHECK_VERIFY(this)); 1513 current_frame.push_stack( 1514 VerificationType::integer_type(), CHECK_VERIFY(this)); 1515 no_control_flow = false; break; 1516 case Bytecodes::_f2l : 1517 current_frame.pop_stack( 1518 VerificationType::float_type(), CHECK_VERIFY(this)); 1519 current_frame.push_stack_2( 1520 VerificationType::long_type(), 1521 VerificationType::long2_type(), CHECK_VERIFY(this)); 1522 no_control_flow = false; break; 1523 case Bytecodes::_f2d : 1524 current_frame.pop_stack( 1525 VerificationType::float_type(), CHECK_VERIFY(this)); 1526 current_frame.push_stack_2( 1527 VerificationType::double_type(), 1528 VerificationType::double2_type(), CHECK_VERIFY(this)); 1529 no_control_flow = false; break; 1530 case Bytecodes::_d2i : 1531 current_frame.pop_stack_2( 1532 VerificationType::double2_type(), 1533 VerificationType::double_type(), CHECK_VERIFY(this)); 1534 current_frame.push_stack( 1535 VerificationType::integer_type(), CHECK_VERIFY(this)); 1536 no_control_flow = false; break; 1537 case Bytecodes::_d2l : 1538 current_frame.pop_stack_2( 1539 VerificationType::double2_type(), 1540 VerificationType::double_type(), CHECK_VERIFY(this)); 1541 current_frame.push_stack_2( 1542 VerificationType::long_type(), 1543 VerificationType::long2_type(), CHECK_VERIFY(this)); 1544 no_control_flow = false; break; 1545 case Bytecodes::_d2f : 1546 current_frame.pop_stack_2( 1547 VerificationType::double2_type(), 1548 VerificationType::double_type(), CHECK_VERIFY(this)); 1549 current_frame.push_stack( 1550 VerificationType::float_type(), CHECK_VERIFY(this)); 1551 no_control_flow = false; break; 1552 case Bytecodes::_i2b : 1553 case Bytecodes::_i2c : 1554 case Bytecodes::_i2s : 1555 current_frame.pop_stack( 1556 VerificationType::integer_type(), CHECK_VERIFY(this)); 1557 current_frame.push_stack( 1558 VerificationType::integer_type(), CHECK_VERIFY(this)); 1559 no_control_flow = false; break; 1560 case Bytecodes::_lcmp : 1561 current_frame.pop_stack_2( 1562 VerificationType::long2_type(), 1563 VerificationType::long_type(), CHECK_VERIFY(this)); 1564 current_frame.pop_stack_2( 1565 VerificationType::long2_type(), 1566 VerificationType::long_type(), CHECK_VERIFY(this)); 1567 current_frame.push_stack( 1568 VerificationType::integer_type(), CHECK_VERIFY(this)); 1569 no_control_flow = false; break; 1570 case Bytecodes::_fcmpl : 1571 case Bytecodes::_fcmpg : 1572 current_frame.pop_stack( 1573 VerificationType::float_type(), CHECK_VERIFY(this)); 1574 current_frame.pop_stack( 1575 VerificationType::float_type(), CHECK_VERIFY(this)); 1576 current_frame.push_stack( 1577 VerificationType::integer_type(), CHECK_VERIFY(this)); 1578 no_control_flow = false; break; 1579 case Bytecodes::_dcmpl : 1580 case Bytecodes::_dcmpg : 1581 current_frame.pop_stack_2( 1582 VerificationType::double2_type(), 1583 VerificationType::double_type(), CHECK_VERIFY(this)); 1584 current_frame.pop_stack_2( 1585 VerificationType::double2_type(), 1586 VerificationType::double_type(), CHECK_VERIFY(this)); 1587 current_frame.push_stack( 1588 VerificationType::integer_type(), CHECK_VERIFY(this)); 1589 no_control_flow = false; break; 1590 case Bytecodes::_if_icmpeq: 1591 case Bytecodes::_if_icmpne: 1592 case Bytecodes::_if_icmplt: 1593 case Bytecodes::_if_icmpge: 1594 case Bytecodes::_if_icmpgt: 1595 case Bytecodes::_if_icmple: 1596 current_frame.pop_stack( 1597 VerificationType::integer_type(), CHECK_VERIFY(this)); 1598 // fall through 1599 case Bytecodes::_ifeq: 1600 case Bytecodes::_ifne: 1601 case Bytecodes::_iflt: 1602 case Bytecodes::_ifge: 1603 case Bytecodes::_ifgt: 1604 case Bytecodes::_ifle: 1605 current_frame.pop_stack( 1606 VerificationType::integer_type(), CHECK_VERIFY(this)); 1607 target = bcs.dest(); 1608 stackmap_table.check_jump_target( 1609 ¤t_frame, target, CHECK_VERIFY(this)); 1610 no_control_flow = false; break; 1611 case Bytecodes::_if_acmpeq : 1612 case Bytecodes::_if_acmpne : 1613 current_frame.pop_stack( 1614 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1615 // fall through 1616 case Bytecodes::_ifnull : 1617 case Bytecodes::_ifnonnull : 1618 current_frame.pop_stack( 1619 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1620 target = bcs.dest(); 1621 stackmap_table.check_jump_target 1622 (¤t_frame, target, CHECK_VERIFY(this)); 1623 no_control_flow = false; break; 1624 case Bytecodes::_goto : 1625 target = bcs.dest(); 1626 stackmap_table.check_jump_target( 1627 ¤t_frame, target, CHECK_VERIFY(this)); 1628 no_control_flow = true; break; 1629 case Bytecodes::_goto_w : 1630 target = bcs.dest_w(); 1631 stackmap_table.check_jump_target( 1632 ¤t_frame, target, CHECK_VERIFY(this)); 1633 no_control_flow = true; break; 1634 case Bytecodes::_tableswitch : 1635 case Bytecodes::_lookupswitch : 1636 verify_switch( 1637 &bcs, code_length, code_data, ¤t_frame, 1638 &stackmap_table, CHECK_VERIFY(this)); 1639 no_control_flow = true; break; 1640 case Bytecodes::_ireturn : 1641 type = current_frame.pop_stack( 1642 VerificationType::integer_type(), CHECK_VERIFY(this)); 1643 verify_return_value(return_type, type, bci, 1644 ¤t_frame, CHECK_VERIFY(this)); 1645 no_control_flow = true; break; 1646 case Bytecodes::_lreturn : 1647 type2 = current_frame.pop_stack( 1648 VerificationType::long2_type(), CHECK_VERIFY(this)); 1649 type = current_frame.pop_stack( 1650 VerificationType::long_type(), CHECK_VERIFY(this)); 1651 verify_return_value(return_type, type, bci, 1652 ¤t_frame, CHECK_VERIFY(this)); 1653 no_control_flow = true; break; 1654 case Bytecodes::_freturn : 1655 type = current_frame.pop_stack( 1656 VerificationType::float_type(), CHECK_VERIFY(this)); 1657 verify_return_value(return_type, type, bci, 1658 ¤t_frame, CHECK_VERIFY(this)); 1659 no_control_flow = true; break; 1660 case Bytecodes::_dreturn : 1661 type2 = current_frame.pop_stack( 1662 VerificationType::double2_type(), CHECK_VERIFY(this)); 1663 type = current_frame.pop_stack( 1664 VerificationType::double_type(), CHECK_VERIFY(this)); 1665 verify_return_value(return_type, type, bci, 1666 ¤t_frame, CHECK_VERIFY(this)); 1667 no_control_flow = true; break; 1668 case Bytecodes::_areturn : 1669 type = current_frame.pop_stack( 1670 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1671 verify_return_value(return_type, type, bci, 1672 ¤t_frame, CHECK_VERIFY(this)); 1673 no_control_flow = true; break; 1674 case Bytecodes::_return : 1675 if (return_type != VerificationType::bogus_type()) { 1676 verify_error(ErrorContext::bad_code(bci), 1677 "Method expects a return value"); 1678 return; 1679 } 1680 // Make sure "this" has been initialized if current method is an 1681 // <init>. 1682 if (_method->name() == vmSymbols::object_initializer_name() && 1683 current_frame.flag_this_uninit()) { 1684 verify_error(ErrorContext::bad_code(bci), 1685 "Constructor must call super() or this() " 1686 "before return"); 1687 return; 1688 } 1689 no_control_flow = true; break; 1690 case Bytecodes::_getstatic : 1691 case Bytecodes::_putstatic : 1692 // pass TRUE, operand can be an array type for getstatic/putstatic. 1693 verify_field_instructions( 1694 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1695 no_control_flow = false; break; 1696 case Bytecodes::_getfield : 1697 case Bytecodes::_putfield : 1698 // pass FALSE, operand can't be an array type for getfield/putfield. 1699 verify_field_instructions( 1700 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1701 no_control_flow = false; break; 1702 case Bytecodes::_withfield : 1703 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) { 1704 class_format_error( 1705 "withfield not supported by this class file version (%d.%d), class %s", 1706 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1707 return; 1708 } 1709 // pass FALSE, operand can't be an array type for withfield. 1710 verify_field_instructions( 1711 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1712 no_control_flow = false; break; 1713 case Bytecodes::_invokevirtual : 1714 case Bytecodes::_invokespecial : 1715 case Bytecodes::_invokestatic : 1716 verify_invoke_instructions( 1717 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1718 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1719 no_control_flow = false; break; 1720 case Bytecodes::_invokeinterface : 1721 case Bytecodes::_invokedynamic : 1722 verify_invoke_instructions( 1723 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1724 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1725 no_control_flow = false; break; 1726 case Bytecodes::_new : 1727 { 1728 index = bcs.get_index_u2(); 1729 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1730 VerificationType new_class_type = 1731 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1732 if (!new_class_type.is_object()) { 1733 verify_error(ErrorContext::bad_type(bci, 1734 TypeOrigin::cp(index, new_class_type)), 1735 "Illegal new instruction"); 1736 return; 1737 } 1738 type = VerificationType::uninitialized_type(bci); 1739 current_frame.push_stack(type, CHECK_VERIFY(this)); 1740 no_control_flow = false; break; 1741 } 1742 case Bytecodes::_defaultvalue : 1743 { 1744 if (_klass->major_version() < VALUETYPE_MAJOR_VERSION) { 1745 class_format_error( 1746 "defaultvalue not supported by this class file version (%d.%d), class %s", 1747 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1748 return; 1749 } 1750 index = bcs.get_index_u2(); 1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1752 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1753 if (!ref_type.is_object()) { 1754 verify_error(ErrorContext::bad_type(bci, 1755 TypeOrigin::cp(index, ref_type)), 1756 "Illegal defaultvalue instruction"); 1757 return; 1758 } 1759 VerificationType value_type = 1760 VerificationType::change_ref_to_valuetype(ref_type); 1761 current_frame.push_stack(value_type, CHECK_VERIFY(this)); 1762 no_control_flow = false; break; 1763 } 1764 case Bytecodes::_newarray : 1765 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1766 current_frame.pop_stack( 1767 VerificationType::integer_type(), CHECK_VERIFY(this)); 1768 current_frame.push_stack(type, CHECK_VERIFY(this)); 1769 no_control_flow = false; break; 1770 case Bytecodes::_anewarray : 1771 verify_anewarray( 1772 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1773 no_control_flow = false; break; 1774 case Bytecodes::_arraylength : 1775 type = current_frame.pop_stack( 1776 VerificationType::reference_check(), CHECK_VERIFY(this)); 1777 if (!(type.is_null() || type.is_array())) { 1778 verify_error(ErrorContext::bad_type( 1779 bci, current_frame.stack_top_ctx()), 1780 bad_type_msg, "arraylength"); 1781 } 1782 current_frame.push_stack( 1783 VerificationType::integer_type(), CHECK_VERIFY(this)); 1784 no_control_flow = false; break; 1785 case Bytecodes::_checkcast : 1786 { 1787 index = bcs.get_index_u2(); 1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1790 VerificationType klass_type = cp_index_to_type( 1791 index, cp, CHECK_VERIFY(this)); 1792 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1793 no_control_flow = false; break; 1794 } 1795 case Bytecodes::_instanceof : { 1796 index = bcs.get_index_u2(); 1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1799 current_frame.push_stack( 1800 VerificationType::integer_type(), CHECK_VERIFY(this)); 1801 no_control_flow = false; break; 1802 } 1803 case Bytecodes::_monitorenter : 1804 case Bytecodes::_monitorexit : { 1805 VerificationType ref = current_frame.pop_stack( 1806 VerificationType::reference_check(), CHECK_VERIFY(this)); 1807 no_control_flow = false; break; 1808 } 1809 case Bytecodes::_multianewarray : 1810 { 1811 index = bcs.get_index_u2(); 1812 u2 dim = *(bcs.bcp()+3); 1813 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1814 VerificationType new_array_type = 1815 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1816 if (!new_array_type.is_array()) { 1817 verify_error(ErrorContext::bad_type(bci, 1818 TypeOrigin::cp(index, new_array_type)), 1819 "Illegal constant pool index in multianewarray instruction"); 1820 return; 1821 } 1822 if (dim < 1 || new_array_type.dimensions() < dim) { 1823 verify_error(ErrorContext::bad_code(bci), 1824 "Illegal dimension in multianewarray instruction: %d", dim); 1825 return; 1826 } 1827 for (int i = 0; i < dim; i++) { 1828 current_frame.pop_stack( 1829 VerificationType::integer_type(), CHECK_VERIFY(this)); 1830 } 1831 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1832 no_control_flow = false; break; 1833 } 1834 case Bytecodes::_athrow : 1835 type = VerificationType::reference_type( 1836 vmSymbols::java_lang_Throwable()); 1837 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1838 no_control_flow = true; break; 1839 default: 1840 // We only need to check the valid bytecodes in class file. 1841 // And jsr and ret are not in the new class file format in JDK1.5. 1842 verify_error(ErrorContext::bad_code(bci), 1843 "Bad instruction: %02x", opcode); 1844 no_control_flow = false; 1845 return; 1846 } // end switch 1847 } // end Merge with the next instruction 1848 1849 // Look for possible jump target in exception handlers and see if it matches 1850 // current_frame. Don't do this check if it has already been done (for 1851 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1852 // opcodes, such as invokespecial, may set the this_uninit flag. 1853 assert(!(verified_exc_handlers && this_uninit), 1854 "Exception handler targets got verified before this_uninit got set"); 1855 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1856 if (was_recursively_verified()) return; 1857 verify_exception_handler_targets( 1858 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1859 } 1860 } // end while 1861 1862 // Make sure that control flow does not fall through end of the method 1863 if (!no_control_flow) { 1864 verify_error(ErrorContext::bad_code(code_length), 1865 "Control flow falls through code end"); 1866 return; 1867 } 1868 } 1869 1870 #undef bad_type_message 1871 1872 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1873 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1874 memset(code_data, 0, sizeof(char) * code_length); 1875 RawBytecodeStream bcs(m); 1876 1877 while (!bcs.is_last_bytecode()) { 1878 if (bcs.raw_next() != Bytecodes::_illegal) { 1879 int bci = bcs.bci(); 1880 if (bcs.raw_code() == Bytecodes::_new) { 1881 code_data[bci] = NEW_OFFSET; 1882 } else { 1883 code_data[bci] = BYTECODE_OFFSET; 1884 } 1885 } else { 1886 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1887 return NULL; 1888 } 1889 } 1890 1891 return code_data; 1892 } 1893 1894 // Since this method references the constant pool, call was_recursively_verified() 1895 // before calling this method to make sure a prior class load did not cause the 1896 // current class to get verified. 1897 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1898 ExceptionTable exhandlers(_method()); 1899 int exlength = exhandlers.length(); 1900 constantPoolHandle cp (THREAD, _method->constants()); 1901 1902 for(int i = 0; i < exlength; i++) { 1903 u2 start_pc = exhandlers.start_pc(i); 1904 u2 end_pc = exhandlers.end_pc(i); 1905 u2 handler_pc = exhandlers.handler_pc(i); 1906 if (start_pc >= code_length || code_data[start_pc] == 0) { 1907 class_format_error("Illegal exception table start_pc %d", start_pc); 1908 return; 1909 } 1910 if (end_pc != code_length) { // special case: end_pc == code_length 1911 if (end_pc > code_length || code_data[end_pc] == 0) { 1912 class_format_error("Illegal exception table end_pc %d", end_pc); 1913 return; 1914 } 1915 } 1916 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1917 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1918 return; 1919 } 1920 int catch_type_index = exhandlers.catch_type_index(i); 1921 if (catch_type_index != 0) { 1922 VerificationType catch_type = cp_index_to_type( 1923 catch_type_index, cp, CHECK_VERIFY(this)); 1924 VerificationType throwable = 1925 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1926 bool is_subclass = throwable.is_assignable_from( 1927 catch_type, this, false, CHECK_VERIFY(this)); 1928 if (!is_subclass) { 1929 // 4286534: should throw VerifyError according to recent spec change 1930 verify_error(ErrorContext::bad_type(handler_pc, 1931 TypeOrigin::cp(catch_type_index, catch_type), 1932 TypeOrigin::implicit(throwable)), 1933 "Catch type is not a subclass " 1934 "of Throwable in exception handler %d", handler_pc); 1935 return; 1936 } 1937 } 1938 if (start_pc < min) min = start_pc; 1939 if (end_pc > max) max = end_pc; 1940 } 1941 } 1942 1943 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1944 int localvariable_table_length = _method->localvariable_table_length(); 1945 if (localvariable_table_length > 0) { 1946 LocalVariableTableElement* table = _method->localvariable_table_start(); 1947 for (int i = 0; i < localvariable_table_length; i++) { 1948 u2 start_bci = table[i].start_bci; 1949 u2 length = table[i].length; 1950 1951 if (start_bci >= code_length || code_data[start_bci] == 0) { 1952 class_format_error( 1953 "Illegal local variable table start_pc %d", start_bci); 1954 return; 1955 } 1956 u4 end_bci = (u4)(start_bci + length); 1957 if (end_bci != code_length) { 1958 if (end_bci >= code_length || code_data[end_bci] == 0) { 1959 class_format_error( "Illegal local variable table length %d", length); 1960 return; 1961 } 1962 } 1963 } 1964 } 1965 } 1966 1967 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1968 StackMapFrame* current_frame, 1969 StackMapTable* stackmap_table, 1970 bool no_control_flow, TRAPS) { 1971 if (stackmap_index < stackmap_table->get_frame_count()) { 1972 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1973 if (no_control_flow && this_offset > bci) { 1974 verify_error(ErrorContext::missing_stackmap(bci), 1975 "Expecting a stack map frame"); 1976 return 0; 1977 } 1978 if (this_offset == bci) { 1979 ErrorContext ctx; 1980 // See if current stack map can be assigned to the frame in table. 1981 // current_frame is the stackmap frame got from the last instruction. 1982 // If matched, current_frame will be updated by this method. 1983 bool matches = stackmap_table->match_stackmap( 1984 current_frame, this_offset, stackmap_index, 1985 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1986 if (!matches) { 1987 // report type error 1988 verify_error(ctx, "Instruction type does not match stack map"); 1989 return 0; 1990 } 1991 stackmap_index++; 1992 } else if (this_offset < bci) { 1993 // current_offset should have met this_offset. 1994 class_format_error("Bad stack map offset %d", this_offset); 1995 return 0; 1996 } 1997 } else if (no_control_flow) { 1998 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1999 return 0; 2000 } 2001 return stackmap_index; 2002 } 2003 2004 // Since this method references the constant pool, call was_recursively_verified() 2005 // before calling this method to make sure a prior class load did not cause the 2006 // current class to get verified. 2007 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 2008 StackMapFrame* current_frame, 2009 StackMapTable* stackmap_table, TRAPS) { 2010 constantPoolHandle cp (THREAD, _method->constants()); 2011 ExceptionTable exhandlers(_method()); 2012 int exlength = exhandlers.length(); 2013 for(int i = 0; i < exlength; i++) { 2014 u2 start_pc = exhandlers.start_pc(i); 2015 u2 end_pc = exhandlers.end_pc(i); 2016 u2 handler_pc = exhandlers.handler_pc(i); 2017 int catch_type_index = exhandlers.catch_type_index(i); 2018 if(bci >= start_pc && bci < end_pc) { 2019 u1 flags = current_frame->flags(); 2020 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2021 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2022 if (catch_type_index != 0) { 2023 if (was_recursively_verified()) return; 2024 // We know that this index refers to a subclass of Throwable 2025 VerificationType catch_type = cp_index_to_type( 2026 catch_type_index, cp, CHECK_VERIFY(this)); 2027 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2028 } else { 2029 VerificationType throwable = 2030 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2031 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2032 } 2033 ErrorContext ctx; 2034 bool matches = stackmap_table->match_stackmap( 2035 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2036 if (!matches) { 2037 verify_error(ctx, "Stack map does not match the one at " 2038 "exception handler %d", handler_pc); 2039 return; 2040 } 2041 } 2042 } 2043 } 2044 2045 void ClassVerifier::verify_cp_index( 2046 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2047 int nconstants = cp->length(); 2048 if ((index <= 0) || (index >= nconstants)) { 2049 verify_error(ErrorContext::bad_cp_index(bci, index), 2050 "Illegal constant pool index %d in class %s", 2051 index, cp->pool_holder()->external_name()); 2052 return; 2053 } 2054 } 2055 2056 void ClassVerifier::verify_cp_type( 2057 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2058 2059 // In some situations, bytecode rewriting may occur while we're verifying. 2060 // In this case, a constant pool cache exists and some indices refer to that 2061 // instead. Be sure we don't pick up such indices by accident. 2062 // We must check was_recursively_verified() before we get here. 2063 guarantee(cp->cache() == NULL, "not rewritten yet"); 2064 2065 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2066 unsigned int tag = cp->tag_at(index).value(); 2067 2068 if ((types & (1 << tag)) == 0) { 2069 verify_error(ErrorContext::bad_cp_index(bci, index), 2070 "Illegal type at constant pool entry %d in class %s", 2071 index, cp->pool_holder()->external_name()); 2072 return; 2073 } 2074 } 2075 2076 void ClassVerifier::verify_cp_class_type( 2077 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2078 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2079 constantTag tag = cp->tag_at(index); 2080 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2081 verify_error(ErrorContext::bad_cp_index(bci, index), 2082 "Illegal type at constant pool entry %d in class %s", 2083 index, cp->pool_holder()->external_name()); 2084 return; 2085 } 2086 } 2087 2088 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2089 stringStream ss; 2090 2091 ctx.reset_frames(); 2092 _exception_type = vmSymbols::java_lang_VerifyError(); 2093 _error_context = ctx; 2094 va_list va; 2095 va_start(va, msg); 2096 ss.vprint(msg, va); 2097 va_end(va); 2098 _message = ss.as_string(); 2099 #ifdef ASSERT 2100 ResourceMark rm; 2101 const char* exception_name = _exception_type->as_C_string(); 2102 Exceptions::debug_check_abort(exception_name, NULL); 2103 #endif // ndef ASSERT 2104 } 2105 2106 void ClassVerifier::class_format_error(const char* msg, ...) { 2107 stringStream ss; 2108 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2109 va_list va; 2110 va_start(va, msg); 2111 ss.vprint(msg, va); 2112 va_end(va); 2113 if (!_method.is_null()) { 2114 ss.print(" in method '"); 2115 _method->print_external_name(&ss); 2116 ss.print("'"); 2117 } 2118 _message = ss.as_string(); 2119 } 2120 2121 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2122 HandleMark hm(THREAD); 2123 // Get current loader and protection domain first. 2124 oop loader = current_class()->class_loader(); 2125 oop protection_domain = current_class()->protection_domain(); 2126 2127 Klass* kls = SystemDictionary::resolve_or_fail( 2128 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2129 true, THREAD); 2130 2131 if (kls != NULL) { 2132 if (log_is_enabled(Debug, class, resolve)) { 2133 Verifier::trace_class_resolution(kls, current_class()); 2134 } 2135 } 2136 return kls; 2137 } 2138 2139 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2140 Klass* target_class, 2141 Symbol* field_name, 2142 Symbol* field_sig, 2143 bool is_method) { 2144 NoSafepointVerifier nosafepoint; 2145 2146 // If target class isn't a super class of this class, we don't worry about this case 2147 if (!this_class->is_subclass_of(target_class)) { 2148 return false; 2149 } 2150 // Check if the specified method or field is protected 2151 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2152 fieldDescriptor fd; 2153 if (is_method) { 2154 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2155 if (m != NULL && m->is_protected()) { 2156 if (!this_class->is_same_class_package(m->method_holder())) { 2157 return true; 2158 } 2159 } 2160 } else { 2161 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2162 if (member_klass != NULL && fd.is_protected()) { 2163 if (!this_class->is_same_class_package(member_klass)) { 2164 return true; 2165 } 2166 } 2167 } 2168 return false; 2169 } 2170 2171 void ClassVerifier::verify_ldc( 2172 int opcode, u2 index, StackMapFrame* current_frame, 2173 const constantPoolHandle& cp, u2 bci, TRAPS) { 2174 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2175 constantTag tag = cp->tag_at(index); 2176 unsigned int types = 0; 2177 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2178 if (!tag.is_unresolved_klass()) { 2179 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2180 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2181 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2182 | (1 << JVM_CONSTANT_Dynamic); 2183 // Note: The class file parser already verified the legality of 2184 // MethodHandle and MethodType constants. 2185 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2186 } 2187 } else { 2188 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2189 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2190 | (1 << JVM_CONSTANT_Dynamic); 2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2192 } 2193 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2194 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2195 } else if (tag.is_string()) { 2196 current_frame->push_stack( 2197 VerificationType::reference_type( 2198 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2199 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2200 current_frame->push_stack( 2201 VerificationType::reference_type( 2202 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2203 } else if (tag.is_int()) { 2204 current_frame->push_stack( 2205 VerificationType::integer_type(), CHECK_VERIFY(this)); 2206 } else if (tag.is_float()) { 2207 current_frame->push_stack( 2208 VerificationType::float_type(), CHECK_VERIFY(this)); 2209 } else if (tag.is_double()) { 2210 current_frame->push_stack_2( 2211 VerificationType::double_type(), 2212 VerificationType::double2_type(), CHECK_VERIFY(this)); 2213 } else if (tag.is_long()) { 2214 current_frame->push_stack_2( 2215 VerificationType::long_type(), 2216 VerificationType::long2_type(), CHECK_VERIFY(this)); 2217 } else if (tag.is_method_handle()) { 2218 current_frame->push_stack( 2219 VerificationType::reference_type( 2220 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2221 } else if (tag.is_method_type()) { 2222 current_frame->push_stack( 2223 VerificationType::reference_type( 2224 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2225 } else if (tag.is_dynamic_constant()) { 2226 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2227 // Field signature was checked in ClassFileParser. 2228 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2229 "Invalid type for dynamic constant"); 2230 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2231 "buffer type must match VerificationType size"); 2232 uintptr_t constant_type_buffer[2]; 2233 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2234 SignatureStream sig_stream(constant_type, false); 2235 int n = change_sig_to_verificationType( 2236 &sig_stream, v_constant_type, CHECK_VERIFY(this)); 2237 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2238 if (n != opcode_n) { 2239 // wrong kind of ldc; reverify against updated type mask 2240 types &= ~(1 << JVM_CONSTANT_Dynamic); 2241 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2242 } 2243 for (int i = 0; i < n; i++) { 2244 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2245 } 2246 } else { 2247 /* Unreachable? verify_cp_type has already validated the cp type. */ 2248 verify_error( 2249 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2250 return; 2251 } 2252 } 2253 2254 void ClassVerifier::verify_switch( 2255 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2256 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2257 int bci = bcs->bci(); 2258 address bcp = bcs->bcp(); 2259 address aligned_bcp = align_up(bcp + 1, jintSize); 2260 2261 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2262 // 4639449 & 4647081: padding bytes must be 0 2263 u2 padding_offset = 1; 2264 while ((bcp + padding_offset) < aligned_bcp) { 2265 if(*(bcp + padding_offset) != 0) { 2266 verify_error(ErrorContext::bad_code(bci), 2267 "Nonzero padding byte in lookupswitch or tableswitch"); 2268 return; 2269 } 2270 padding_offset++; 2271 } 2272 } 2273 2274 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2275 int keys, delta; 2276 current_frame->pop_stack( 2277 VerificationType::integer_type(), CHECK_VERIFY(this)); 2278 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2279 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2280 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2281 if (low > high) { 2282 verify_error(ErrorContext::bad_code(bci), 2283 "low must be less than or equal to high in tableswitch"); 2284 return; 2285 } 2286 keys = high - low + 1; 2287 if (keys < 0) { 2288 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2289 return; 2290 } 2291 delta = 1; 2292 } else { 2293 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2294 if (keys < 0) { 2295 verify_error(ErrorContext::bad_code(bci), 2296 "number of keys in lookupswitch less than 0"); 2297 return; 2298 } 2299 delta = 2; 2300 // Make sure that the lookupswitch items are sorted 2301 for (int i = 0; i < (keys - 1); i++) { 2302 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2303 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2304 if (this_key >= next_key) { 2305 verify_error(ErrorContext::bad_code(bci), 2306 "Bad lookupswitch instruction"); 2307 return; 2308 } 2309 } 2310 } 2311 int target = bci + default_offset; 2312 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2313 for (int i = 0; i < keys; i++) { 2314 // Because check_jump_target() may safepoint, the bytecode could have 2315 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2316 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2317 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2318 stackmap_table->check_jump_target( 2319 current_frame, target, CHECK_VERIFY(this)); 2320 } 2321 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2322 } 2323 2324 bool ClassVerifier::name_in_supers( 2325 Symbol* ref_name, InstanceKlass* current) { 2326 Klass* super = current->super(); 2327 while (super != NULL) { 2328 if (super->name() == ref_name) { 2329 return true; 2330 } 2331 super = super->super(); 2332 } 2333 return false; 2334 } 2335 2336 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2337 StackMapFrame* current_frame, 2338 const constantPoolHandle& cp, 2339 bool allow_arrays, 2340 TRAPS) { 2341 u2 index = bcs->get_index_u2(); 2342 verify_cp_type(bcs->bci(), index, cp, 2343 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2344 2345 // Get field name and signature 2346 Symbol* field_name = cp->name_ref_at(index); 2347 Symbol* field_sig = cp->signature_ref_at(index); 2348 2349 // Field signature was checked in ClassFileParser. 2350 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2351 "Invalid field signature"); 2352 2353 // Get referenced class type 2354 VerificationType ref_class_type = cp_ref_index_to_type( 2355 index, cp, CHECK_VERIFY(this)); 2356 if (!ref_class_type.is_object() && 2357 (!allow_arrays || !ref_class_type.is_array())) { 2358 verify_error(ErrorContext::bad_type(bcs->bci(), 2359 TypeOrigin::cp(index, ref_class_type)), 2360 "Expecting reference to class in class %s at constant pool index %d", 2361 _klass->external_name(), index); 2362 return; 2363 } 2364 2365 VerificationType target_class_type = ref_class_type; 2366 2367 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2368 "buffer type must match VerificationType size"); 2369 uintptr_t field_type_buffer[2]; 2370 VerificationType* field_type = (VerificationType*)field_type_buffer; 2371 // If we make a VerificationType[2] array directly, the compiler calls 2372 // to the c-runtime library to do the allocation instead of just 2373 // stack allocating it. Plus it would run constructors. This shows up 2374 // in performance profiles. 2375 2376 SignatureStream sig_stream(field_sig, false); 2377 VerificationType stack_object_type; 2378 int n = change_sig_to_verificationType( 2379 &sig_stream, field_type, CHECK_VERIFY(this)); 2380 u2 bci = bcs->bci(); 2381 bool is_assignable; 2382 switch (bcs->raw_code()) { 2383 case Bytecodes::_getstatic: { 2384 for (int i = 0; i < n; i++) { 2385 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2386 } 2387 break; 2388 } 2389 case Bytecodes::_putstatic: { 2390 for (int i = n - 1; i >= 0; i--) { 2391 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2392 } 2393 break; 2394 } 2395 case Bytecodes::_withfield: { 2396 for (int i = n - 1; i >= 0; i--) { 2397 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2398 } 2399 // stack_object_type and target_class_type must be the same value type. 2400 stack_object_type = 2401 current_frame->pop_stack(VerificationType::valuetype_check(), CHECK_VERIFY(this)); 2402 VerificationType target_value_type = 2403 VerificationType::change_ref_to_valuetype(target_class_type); 2404 if (!stack_object_type.equals(target_value_type)) { 2405 verify_error(ErrorContext::bad_value_type(bci, 2406 current_frame->stack_top_ctx(), 2407 TypeOrigin::cp(index, target_class_type)), 2408 "Invalid type on operand stack in withfield instruction"); 2409 return; 2410 } 2411 current_frame->push_stack(target_value_type, CHECK_VERIFY(this)); 2412 break; 2413 } 2414 case Bytecodes::_getfield: { 2415 stack_object_type = current_frame->pop_stack( 2416 target_class_type, CHECK_VERIFY(this)); 2417 for (int i = 0; i < n; i++) { 2418 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2419 } 2420 goto check_protected; 2421 } 2422 case Bytecodes::_putfield: { 2423 for (int i = n - 1; i >= 0; i--) { 2424 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2425 } 2426 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2427 2428 // The JVMS 2nd edition allows field initialization before the superclass 2429 // initializer, if the field is defined within the current class. 2430 fieldDescriptor fd; 2431 if (stack_object_type == VerificationType::uninitialized_this_type() && 2432 target_class_type.equals(current_type()) && 2433 _klass->find_local_field(field_name, field_sig, &fd)) { 2434 stack_object_type = current_type(); 2435 } 2436 is_assignable = target_class_type.is_assignable_from( 2437 stack_object_type, this, false, CHECK_VERIFY(this)); 2438 if (!is_assignable) { 2439 verify_error(ErrorContext::bad_type(bci, 2440 current_frame->stack_top_ctx(), 2441 TypeOrigin::cp(index, target_class_type)), 2442 "Bad type on operand stack in putfield"); 2443 return; 2444 } 2445 } 2446 check_protected: { 2447 if (_this_type == stack_object_type) 2448 break; // stack_object_type must be assignable to _current_class_type 2449 if (was_recursively_verified()) return; 2450 Symbol* ref_class_name = 2451 cp->klass_name_at(cp->klass_ref_index_at(index)); 2452 if (!name_in_supers(ref_class_name, current_class())) 2453 // stack_object_type must be assignable to _current_class_type since: 2454 // 1. stack_object_type must be assignable to ref_class. 2455 // 2. ref_class must be _current_class or a subclass of it. It can't 2456 // be a superclass of it. See revised JVMS 5.4.4. 2457 break; 2458 2459 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2460 if (is_protected_access(current_class(), ref_class_oop, field_name, 2461 field_sig, false)) { 2462 // It's protected access, check if stack object is assignable to 2463 // current class. 2464 is_assignable = current_type().is_assignable_from( 2465 stack_object_type, this, true, CHECK_VERIFY(this)); 2466 if (!is_assignable) { 2467 verify_error(ErrorContext::bad_type(bci, 2468 current_frame->stack_top_ctx(), 2469 TypeOrigin::implicit(current_type())), 2470 "Bad access to protected data in getfield"); 2471 return; 2472 } 2473 } 2474 break; 2475 } 2476 default: ShouldNotReachHere(); 2477 } 2478 } 2479 2480 // Look at the method's handlers. If the bci is in the handler's try block 2481 // then check if the handler_pc is already on the stack. If not, push it 2482 // unless the handler has already been scanned. 2483 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2484 GrowableArray<u4>* handler_list, 2485 GrowableArray<u4>* handler_stack, 2486 u4 bci) { 2487 int exlength = exhandlers->length(); 2488 for(int x = 0; x < exlength; x++) { 2489 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2490 u4 exhandler_pc = exhandlers->handler_pc(x); 2491 if (!handler_list->contains(exhandler_pc)) { 2492 handler_stack->append_if_missing(exhandler_pc); 2493 handler_list->append(exhandler_pc); 2494 } 2495 } 2496 } 2497 } 2498 2499 // Return TRUE if all code paths starting with start_bc_offset end in 2500 // bytecode athrow or loop. 2501 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2502 ResourceMark rm; 2503 // Create bytecode stream. 2504 RawBytecodeStream bcs(method()); 2505 u4 code_length = method()->code_size(); 2506 bcs.set_start(start_bc_offset); 2507 u4 target; 2508 // Create stack for storing bytecode start offsets for if* and *switch. 2509 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2510 // Create stack for handlers for try blocks containing this handler. 2511 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2512 // Create list of handlers that have been pushed onto the handler_stack 2513 // so that handlers embedded inside of their own TRY blocks only get 2514 // scanned once. 2515 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2516 // Create list of visited branch opcodes (goto* and if*). 2517 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2518 ExceptionTable exhandlers(_method()); 2519 2520 while (true) { 2521 if (bcs.is_last_bytecode()) { 2522 // if no more starting offsets to parse or if at the end of the 2523 // method then return false. 2524 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2525 return false; 2526 // Pop a bytecode starting offset and scan from there. 2527 bcs.set_start(bci_stack->pop()); 2528 } 2529 Bytecodes::Code opcode = bcs.raw_next(); 2530 u4 bci = bcs.bci(); 2531 2532 // If the bytecode is in a TRY block, push its handlers so they 2533 // will get parsed. 2534 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2535 2536 switch (opcode) { 2537 case Bytecodes::_if_icmpeq: 2538 case Bytecodes::_if_icmpne: 2539 case Bytecodes::_if_icmplt: 2540 case Bytecodes::_if_icmpge: 2541 case Bytecodes::_if_icmpgt: 2542 case Bytecodes::_if_icmple: 2543 case Bytecodes::_ifeq: 2544 case Bytecodes::_ifne: 2545 case Bytecodes::_iflt: 2546 case Bytecodes::_ifge: 2547 case Bytecodes::_ifgt: 2548 case Bytecodes::_ifle: 2549 case Bytecodes::_if_acmpeq: 2550 case Bytecodes::_if_acmpne: 2551 case Bytecodes::_ifnull: 2552 case Bytecodes::_ifnonnull: 2553 target = bcs.dest(); 2554 if (visited_branches->contains(bci)) { 2555 if (bci_stack->is_empty()) { 2556 if (handler_stack->is_empty()) { 2557 return true; 2558 } else { 2559 // Parse the catch handlers for try blocks containing athrow. 2560 bcs.set_start(handler_stack->pop()); 2561 } 2562 } else { 2563 // Pop a bytecode starting offset and scan from there. 2564 bcs.set_start(bci_stack->pop()); 2565 } 2566 } else { 2567 if (target > bci) { // forward branch 2568 if (target >= code_length) return false; 2569 // Push the branch target onto the stack. 2570 bci_stack->push(target); 2571 // then, scan bytecodes starting with next. 2572 bcs.set_start(bcs.next_bci()); 2573 } else { // backward branch 2574 // Push bytecode offset following backward branch onto the stack. 2575 bci_stack->push(bcs.next_bci()); 2576 // Check bytecodes starting with branch target. 2577 bcs.set_start(target); 2578 } 2579 // Record target so we don't branch here again. 2580 visited_branches->append(bci); 2581 } 2582 break; 2583 2584 case Bytecodes::_goto: 2585 case Bytecodes::_goto_w: 2586 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2587 if (visited_branches->contains(bci)) { 2588 if (bci_stack->is_empty()) { 2589 if (handler_stack->is_empty()) { 2590 return true; 2591 } else { 2592 // Parse the catch handlers for try blocks containing athrow. 2593 bcs.set_start(handler_stack->pop()); 2594 } 2595 } else { 2596 // Been here before, pop new starting offset from stack. 2597 bcs.set_start(bci_stack->pop()); 2598 } 2599 } else { 2600 if (target >= code_length) return false; 2601 // Continue scanning from the target onward. 2602 bcs.set_start(target); 2603 // Record target so we don't branch here again. 2604 visited_branches->append(bci); 2605 } 2606 break; 2607 2608 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2609 // is difficult to determine where each switch alternative ends, parse 2610 // each switch alternative until either hit a 'return', 'athrow', or reach 2611 // the end of the method's bytecodes. This is gross but should be okay 2612 // because: 2613 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2614 // constructor invocations should be rare. 2615 // 2. if each switch alternative ends in an athrow then the parsing should be 2616 // short. If there is no athrow then it is bogus code, anyway. 2617 case Bytecodes::_lookupswitch: 2618 case Bytecodes::_tableswitch: 2619 { 2620 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2621 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2622 int keys, delta; 2623 if (opcode == Bytecodes::_tableswitch) { 2624 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2625 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2626 // This is invalid, but let the regular bytecode verifier 2627 // report this because the user will get a better error message. 2628 if (low > high) return true; 2629 keys = high - low + 1; 2630 delta = 1; 2631 } else { 2632 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2633 delta = 2; 2634 } 2635 // Invalid, let the regular bytecode verifier deal with it. 2636 if (keys < 0) return true; 2637 2638 // Push the offset of the next bytecode onto the stack. 2639 bci_stack->push(bcs.next_bci()); 2640 2641 // Push the switch alternatives onto the stack. 2642 for (int i = 0; i < keys; i++) { 2643 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2644 if (target > code_length) return false; 2645 bci_stack->push(target); 2646 } 2647 2648 // Start bytecode parsing for the switch at the default alternative. 2649 if (default_offset > code_length) return false; 2650 bcs.set_start(default_offset); 2651 break; 2652 } 2653 2654 case Bytecodes::_return: 2655 return false; 2656 2657 case Bytecodes::_athrow: 2658 { 2659 if (bci_stack->is_empty()) { 2660 if (handler_stack->is_empty()) { 2661 return true; 2662 } else { 2663 // Parse the catch handlers for try blocks containing athrow. 2664 bcs.set_start(handler_stack->pop()); 2665 } 2666 } else { 2667 // Pop a bytecode offset and starting scanning from there. 2668 bcs.set_start(bci_stack->pop()); 2669 } 2670 } 2671 break; 2672 2673 default: 2674 ; 2675 } // end switch 2676 } // end while loop 2677 2678 return false; 2679 } 2680 2681 void ClassVerifier::verify_invoke_init( 2682 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2683 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2684 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2685 TRAPS) { 2686 u2 bci = bcs->bci(); 2687 VerificationType type = current_frame->pop_stack( 2688 VerificationType::reference_check(), CHECK_VERIFY(this)); 2689 if (type == VerificationType::uninitialized_this_type()) { 2690 // The method must be an <init> method of this class or its superclass 2691 Klass* superk = current_class()->super(); 2692 if (ref_class_type.name() != current_class()->name() && 2693 ref_class_type.name() != superk->name()) { 2694 verify_error(ErrorContext::bad_type(bci, 2695 TypeOrigin::implicit(ref_class_type), 2696 TypeOrigin::implicit(current_type())), 2697 "Bad <init> method call"); 2698 return; 2699 } 2700 2701 // If this invokespecial call is done from inside of a TRY block then make 2702 // sure that all catch clause paths end in a throw. Otherwise, this can 2703 // result in returning an incomplete object. 2704 if (in_try_block) { 2705 ExceptionTable exhandlers(_method()); 2706 int exlength = exhandlers.length(); 2707 for(int i = 0; i < exlength; i++) { 2708 u2 start_pc = exhandlers.start_pc(i); 2709 u2 end_pc = exhandlers.end_pc(i); 2710 2711 if (bci >= start_pc && bci < end_pc) { 2712 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2713 verify_error(ErrorContext::bad_code(bci), 2714 "Bad <init> method call from after the start of a try block"); 2715 return; 2716 } else if (log_is_enabled(Info, verification)) { 2717 ResourceMark rm(THREAD); 2718 log_info(verification)("Survived call to ends_in_athrow(): %s", 2719 current_class()->name()->as_C_string()); 2720 } 2721 } 2722 } 2723 2724 // Check the exception handler target stackmaps with the locals from the 2725 // incoming stackmap (before initialize_object() changes them to outgoing 2726 // state). 2727 if (was_recursively_verified()) return; 2728 verify_exception_handler_targets(bci, true, current_frame, 2729 stackmap_table, CHECK_VERIFY(this)); 2730 } // in_try_block 2731 2732 current_frame->initialize_object(type, current_type()); 2733 *this_uninit = true; 2734 } else if (type.is_uninitialized()) { 2735 u2 new_offset = type.bci(); 2736 address new_bcp = bcs->bcp() - bci + new_offset; 2737 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2738 /* Unreachable? Stack map parsing ensures valid type and new 2739 * instructions have a valid BCI. */ 2740 verify_error(ErrorContext::bad_code(new_offset), 2741 "Expecting new instruction"); 2742 return; 2743 } 2744 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2745 if (was_recursively_verified()) return; 2746 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2747 2748 // The method must be an <init> method of the indicated class 2749 VerificationType new_class_type = cp_index_to_type( 2750 new_class_index, cp, CHECK_VERIFY(this)); 2751 if (!new_class_type.equals(ref_class_type)) { 2752 verify_error(ErrorContext::bad_type(bci, 2753 TypeOrigin::cp(new_class_index, new_class_type), 2754 TypeOrigin::cp(ref_class_index, ref_class_type)), 2755 "Call to wrong <init> method"); 2756 return; 2757 } 2758 // According to the VM spec, if the referent class is a superclass of the 2759 // current class, and is in a different runtime package, and the method is 2760 // protected, then the objectref must be the current class or a subclass 2761 // of the current class. 2762 VerificationType objectref_type = new_class_type; 2763 if (name_in_supers(ref_class_type.name(), current_class())) { 2764 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2765 if (was_recursively_verified()) return; 2766 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2767 vmSymbols::object_initializer_name(), 2768 cp->signature_ref_at(bcs->get_index_u2()), 2769 Klass::find_overpass); 2770 // Do nothing if method is not found. Let resolution detect the error. 2771 if (m != NULL) { 2772 InstanceKlass* mh = m->method_holder(); 2773 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2774 bool assignable = current_type().is_assignable_from( 2775 objectref_type, this, true, CHECK_VERIFY(this)); 2776 if (!assignable) { 2777 verify_error(ErrorContext::bad_type(bci, 2778 TypeOrigin::cp(new_class_index, objectref_type), 2779 TypeOrigin::implicit(current_type())), 2780 "Bad access to protected <init> method"); 2781 return; 2782 } 2783 } 2784 } 2785 } 2786 // Check the exception handler target stackmaps with the locals from the 2787 // incoming stackmap (before initialize_object() changes them to outgoing 2788 // state). 2789 if (in_try_block) { 2790 if (was_recursively_verified()) return; 2791 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2792 stackmap_table, CHECK_VERIFY(this)); 2793 } 2794 current_frame->initialize_object(type, new_class_type); 2795 } else { 2796 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2797 "Bad operand type when invoking <init>"); 2798 return; 2799 } 2800 } 2801 2802 bool ClassVerifier::is_same_or_direct_interface( 2803 InstanceKlass* klass, 2804 VerificationType klass_type, 2805 VerificationType ref_class_type) { 2806 if (ref_class_type.equals(klass_type)) return true; 2807 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2808 if (local_interfaces != NULL) { 2809 for (int x = 0; x < local_interfaces->length(); x++) { 2810 InstanceKlass* k = local_interfaces->at(x); 2811 assert (k != NULL && k->is_interface(), "invalid interface"); 2812 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2813 return true; 2814 } 2815 } 2816 } 2817 return false; 2818 } 2819 2820 void ClassVerifier::verify_invoke_instructions( 2821 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2822 bool in_try_block, bool *this_uninit, VerificationType return_type, 2823 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2824 // Make sure the constant pool item is the right type 2825 u2 index = bcs->get_index_u2(); 2826 Bytecodes::Code opcode = bcs->raw_code(); 2827 unsigned int types = 0; 2828 switch (opcode) { 2829 case Bytecodes::_invokeinterface: 2830 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2831 break; 2832 case Bytecodes::_invokedynamic: 2833 types = 1 << JVM_CONSTANT_InvokeDynamic; 2834 break; 2835 case Bytecodes::_invokespecial: 2836 case Bytecodes::_invokestatic: 2837 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2838 (1 << JVM_CONSTANT_Methodref) : 2839 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2840 break; 2841 default: 2842 types = 1 << JVM_CONSTANT_Methodref; 2843 } 2844 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2845 2846 // Get method name and signature 2847 Symbol* method_name = cp->name_ref_at(index); 2848 Symbol* method_sig = cp->signature_ref_at(index); 2849 2850 // Method signature was checked in ClassFileParser. 2851 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2852 "Invalid method signature"); 2853 2854 // Get referenced class 2855 VerificationType ref_class_type; 2856 if (opcode == Bytecodes::_invokedynamic) { 2857 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2858 class_format_error( 2859 "invokedynamic instructions not supported by this class file version (%d), class %s", 2860 _klass->major_version(), _klass->external_name()); 2861 return; 2862 } 2863 } else { 2864 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2865 } 2866 2867 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2868 "buffer type must match VerificationType size"); 2869 2870 // Get the UTF8 index for this signature. 2871 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index)); 2872 2873 // Get the signature's verification types. 2874 sig_as_verification_types* mth_sig_verif_types; 2875 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2876 if (mth_sig_verif_types_ptr != NULL) { 2877 // Found the entry for the signature's verification types in the hash table. 2878 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2879 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value"); 2880 } else { 2881 // Not found, add the entry to the table. 2882 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2883 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2884 create_method_sig_entry(mth_sig_verif_types, sig_index, CHECK_VERIFY(this)); 2885 } 2886 2887 // Get the number of arguments for this signature. 2888 int nargs = mth_sig_verif_types->num_args(); 2889 2890 // Check instruction operands 2891 u2 bci = bcs->bci(); 2892 if (opcode == Bytecodes::_invokeinterface) { 2893 address bcp = bcs->bcp(); 2894 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2895 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2896 // the difference between the size of the operand stack before and after the instruction 2897 // executes. 2898 if (*(bcp+3) != (nargs+1)) { 2899 verify_error(ErrorContext::bad_code(bci), 2900 "Inconsistent args count operand in invokeinterface"); 2901 return; 2902 } 2903 if (*(bcp+4) != 0) { 2904 verify_error(ErrorContext::bad_code(bci), 2905 "Fourth operand byte of invokeinterface must be zero"); 2906 return; 2907 } 2908 } 2909 2910 if (opcode == Bytecodes::_invokedynamic) { 2911 address bcp = bcs->bcp(); 2912 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2913 verify_error(ErrorContext::bad_code(bci), 2914 "Third and fourth operand bytes of invokedynamic must be zero"); 2915 return; 2916 } 2917 } 2918 2919 if (method_name->char_at(0) == '<') { 2920 // Make sure <init> can only be invoked by invokespecial 2921 if (opcode != Bytecodes::_invokespecial || 2922 method_name != vmSymbols::object_initializer_name()) { 2923 verify_error(ErrorContext::bad_code(bci), 2924 "Illegal call to internal method"); 2925 return; 2926 } 2927 } else if (opcode == Bytecodes::_invokespecial 2928 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2929 && !ref_class_type.equals(VerificationType::reference_type( 2930 current_class()->super()->name()))) { // super() can never be a value_type. 2931 bool subtype = false; 2932 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2933 if (!current_class()->is_unsafe_anonymous()) { 2934 subtype = ref_class_type.is_assignable_from( 2935 current_type(), this, false, CHECK_VERIFY(this)); 2936 } else { 2937 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host(); 2938 VerificationType unsafe_anonymous_host_type = reference_or_valuetype(unsafe_host); 2939 subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this)); 2940 2941 // If invokespecial of IMR, need to recheck for same or 2942 // direct interface relative to the host class 2943 have_imr_indirect = (have_imr_indirect && 2944 !is_same_or_direct_interface( 2945 unsafe_host, 2946 unsafe_anonymous_host_type, ref_class_type)); 2947 } 2948 if (!subtype) { 2949 verify_error(ErrorContext::bad_code(bci), 2950 "Bad invokespecial instruction: " 2951 "current class isn't assignable to reference class."); 2952 return; 2953 } else if (have_imr_indirect) { 2954 verify_error(ErrorContext::bad_code(bci), 2955 "Bad invokespecial instruction: " 2956 "interface method reference is in an indirect superinterface."); 2957 return; 2958 } 2959 2960 } 2961 2962 // Get the verification types for the method's arguments. 2963 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2964 assert(sig_verif_types != NULL, "Missing signature's array of verification types"); 2965 // Match method descriptor with operand stack 2966 // The arguments are on the stack in descending order. 2967 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2968 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2969 } 2970 2971 // Check objectref on operand stack 2972 if (opcode != Bytecodes::_invokestatic && 2973 opcode != Bytecodes::_invokedynamic) { 2974 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2975 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2976 code_length, in_try_block, this_uninit, cp, stackmap_table, 2977 CHECK_VERIFY(this)); 2978 if (was_recursively_verified()) return; 2979 } else { // other methods 2980 // Ensures that target class is assignable to method class. 2981 if (opcode == Bytecodes::_invokespecial) { 2982 if (!current_class()->is_unsafe_anonymous()) { 2983 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2984 } else { 2985 // anonymous class invokespecial calls: check if the 2986 // objectref is a subtype of the unsafe_anonymous_host of the current class 2987 // to allow an anonymous class to reference methods in the unsafe_anonymous_host 2988 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2989 2990 InstanceKlass* unsafe_host = current_class()->unsafe_anonymous_host(); 2991 VerificationType host_type = reference_or_valuetype(unsafe_host); 2992 bool subtype = host_type.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2993 if (!subtype) { 2994 verify_error( ErrorContext::bad_type(current_frame->offset(), 2995 current_frame->stack_top_ctx(), 2996 TypeOrigin::implicit(top)), 2997 "Bad type on operand stack"); 2998 return; 2999 } 3000 } 3001 } else if (opcode == Bytecodes::_invokevirtual) { 3002 VerificationType stack_object_type = 3003 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3004 if (current_type() != stack_object_type) { 3005 if (was_recursively_verified()) return; 3006 assert(cp->cache() == NULL, "not rewritten yet"); 3007 Symbol* ref_class_name = 3008 cp->klass_name_at(cp->klass_ref_index_at(index)); 3009 // See the comments in verify_field_instructions() for 3010 // the rationale behind this. 3011 if (name_in_supers(ref_class_name, current_class())) { 3012 Klass* ref_class = load_class(ref_class_name, CHECK); 3013 if (is_protected_access( 3014 _klass, ref_class, method_name, method_sig, true)) { 3015 // It's protected access, check if stack object is 3016 // assignable to current class. 3017 bool is_assignable = current_type().is_assignable_from( 3018 stack_object_type, this, true, CHECK_VERIFY(this)); 3019 if (!is_assignable) { 3020 if (ref_class_type.name() == vmSymbols::java_lang_Object() 3021 && stack_object_type.is_array() 3022 && method_name == vmSymbols::clone_name()) { 3023 // Special case: arrays pretend to implement public Object 3024 // clone(). 3025 } else { 3026 verify_error(ErrorContext::bad_type(bci, 3027 current_frame->stack_top_ctx(), 3028 TypeOrigin::implicit(current_type())), 3029 "Bad access to protected data in invokevirtual"); 3030 return; 3031 } 3032 } 3033 } 3034 } 3035 } 3036 } else { 3037 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3038 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3039 } 3040 } 3041 } 3042 // Push the result type. 3043 int sig_verif_types_len = sig_verif_types->length(); 3044 if (sig_verif_types_len > nargs) { // There's a return type 3045 if (method_name == vmSymbols::object_initializer_name()) { 3046 // <init> method must have a void return type 3047 /* Unreachable? Class file parser verifies that methods with '<' have 3048 * void return */ 3049 verify_error(ErrorContext::bad_code(bci), 3050 "Return type must be void in <init> method"); 3051 return; 3052 } 3053 3054 assert(sig_verif_types_len <= nargs + 2, 3055 "Signature verification types array return type is bogus"); 3056 for (int i = nargs; i < sig_verif_types_len; i++) { 3057 assert(i == nargs || sig_verif_types->at(i).is_long2() || 3058 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 3059 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 3060 } 3061 } 3062 } 3063 3064 VerificationType ClassVerifier::get_newarray_type( 3065 u2 index, u2 bci, TRAPS) { 3066 const char* from_bt[] = { 3067 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3068 }; 3069 if (index < T_BOOLEAN || index > T_LONG) { 3070 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3071 return VerificationType::bogus_type(); 3072 } 3073 3074 // from_bt[index] contains the array signature which has a length of 2 3075 Symbol* sig = create_temporary_symbol( 3076 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 3077 return VerificationType::reference_type(sig); 3078 } 3079 3080 void ClassVerifier::verify_anewarray( 3081 u2 bci, u2 index, const constantPoolHandle& cp, 3082 StackMapFrame* current_frame, TRAPS) { 3083 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3084 current_frame->pop_stack( 3085 VerificationType::integer_type(), CHECK_VERIFY(this)); 3086 3087 if (was_recursively_verified()) return; 3088 VerificationType component_type = 3089 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3090 int length; 3091 char* arr_sig_str; 3092 if (component_type.is_array()) { // it's an array 3093 const char* component_name = component_type.name()->as_utf8(); 3094 // Check for more than MAX_ARRAY_DIMENSIONS 3095 length = (int)strlen(component_name); 3096 if (length > MAX_ARRAY_DIMENSIONS && 3097 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 3098 verify_error(ErrorContext::bad_code(bci), 3099 "Illegal anewarray instruction, array has more than 255 dimensions"); 3100 } 3101 // add one dimension to component 3102 length++; 3103 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3104 int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name); 3105 assert(n == length, "Unexpected number of characters in string"); 3106 } else { // it's an object or interface 3107 const char* component_name = component_type.name()->as_utf8(); 3108 char Q_or_L = component_type.is_valuetype() ? 'Q' : 'L'; 3109 // add one dimension to component with 'L' or 'Q' prepended and ';' appended. 3110 length = (int)strlen(component_name) + 3; 3111 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3112 int n = os::snprintf(arr_sig_str, length + 1, "[%c%s;", Q_or_L, component_name); 3113 assert(n == length, "Unexpected number of characters in string"); 3114 } 3115 Symbol* arr_sig = create_temporary_symbol( 3116 arr_sig_str, length, CHECK_VERIFY(this)); 3117 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3118 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3119 } 3120 3121 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3122 current_frame->get_local( 3123 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3124 current_frame->push_stack( 3125 VerificationType::integer_type(), CHECK_VERIFY(this)); 3126 } 3127 3128 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3129 current_frame->get_local_2( 3130 index, VerificationType::long_type(), 3131 VerificationType::long2_type(), CHECK_VERIFY(this)); 3132 current_frame->push_stack_2( 3133 VerificationType::long_type(), 3134 VerificationType::long2_type(), CHECK_VERIFY(this)); 3135 } 3136 3137 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3138 current_frame->get_local( 3139 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3140 current_frame->push_stack( 3141 VerificationType::float_type(), CHECK_VERIFY(this)); 3142 } 3143 3144 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3145 current_frame->get_local_2( 3146 index, VerificationType::double_type(), 3147 VerificationType::double2_type(), CHECK_VERIFY(this)); 3148 current_frame->push_stack_2( 3149 VerificationType::double_type(), 3150 VerificationType::double2_type(), CHECK_VERIFY(this)); 3151 } 3152 3153 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3154 VerificationType type = current_frame->get_local( 3155 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3156 current_frame->push_stack(type, CHECK_VERIFY(this)); 3157 } 3158 3159 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3160 current_frame->pop_stack( 3161 VerificationType::integer_type(), CHECK_VERIFY(this)); 3162 current_frame->set_local( 3163 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3164 } 3165 3166 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3167 current_frame->pop_stack_2( 3168 VerificationType::long2_type(), 3169 VerificationType::long_type(), CHECK_VERIFY(this)); 3170 current_frame->set_local_2( 3171 index, VerificationType::long_type(), 3172 VerificationType::long2_type(), CHECK_VERIFY(this)); 3173 } 3174 3175 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3176 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3177 current_frame->set_local( 3178 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3179 } 3180 3181 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3182 current_frame->pop_stack_2( 3183 VerificationType::double2_type(), 3184 VerificationType::double_type(), CHECK_VERIFY(this)); 3185 current_frame->set_local_2( 3186 index, VerificationType::double_type(), 3187 VerificationType::double2_type(), CHECK_VERIFY(this)); 3188 } 3189 3190 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3191 VerificationType type = current_frame->pop_stack( 3192 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3193 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3194 } 3195 3196 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3197 VerificationType type = current_frame->get_local( 3198 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3199 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3200 } 3201 3202 void ClassVerifier::verify_return_value( 3203 VerificationType return_type, VerificationType type, u2 bci, 3204 StackMapFrame* current_frame, TRAPS) { 3205 if (return_type == VerificationType::bogus_type()) { 3206 verify_error(ErrorContext::bad_type(bci, 3207 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3208 "Method expects a return value"); 3209 return; 3210 } 3211 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3212 if (!match) { 3213 verify_error(ErrorContext::bad_type(bci, 3214 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3215 "Bad return type"); 3216 return; 3217 } 3218 } 3219 3220 // The verifier creates symbols which are substrings of Symbols. 3221 // These are stored in the verifier until the end of verification so that 3222 // they can be reference counted. 3223 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3224 int end, TRAPS) { 3225 const char* name = (const char*)s->base() + begin; 3226 int length = end - begin; 3227 return create_temporary_symbol(name, length, CHECK_NULL); 3228 } 3229 3230 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length, TRAPS) { 3231 // Quick deduplication check 3232 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) { 3233 return _previous_symbol; 3234 } 3235 Symbol* sym = SymbolTable::new_symbol(name, length, CHECK_NULL); 3236 if (!sym->is_permanent()) { 3237 if (_symbols == NULL) { 3238 _symbols = new GrowableArray<Symbol*>(50, 0, NULL); 3239 } 3240 _symbols->push(sym); 3241 } 3242 _previous_symbol = sym; 3243 return sym; 3244 }