9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/systemDictionary.hpp"
30 #include "classfile/verifier.hpp"
31 #include "classfile/vmSymbols.hpp"
32 #include "interpreter/bytecodeStream.hpp"
33 #include "memory/oopFactory.hpp"
34 #include "memory/resourceArea.hpp"
35 #include "oops/instanceKlass.hpp"
36 #include "oops/oop.inline.hpp"
37 #include "oops/typeArrayOop.hpp"
38 #include "prims/jvm.h"
39 #include "runtime/fieldDescriptor.hpp"
40 #include "runtime/handles.inline.hpp"
41 #include "runtime/interfaceSupport.hpp"
42 #include "runtime/javaCalls.hpp"
43 #include "runtime/orderAccess.hpp"
44 #include "runtime/os.hpp"
45 #ifdef TARGET_ARCH_x86
46 # include "bytes_x86.hpp"
47 #endif
48 #ifdef TARGET_ARCH_sparc
49 # include "bytes_sparc.hpp"
50 #endif
51 #ifdef TARGET_ARCH_zero
93 BytecodeVerificationLocal : BytecodeVerificationRemote;
94 }
95
96 bool Verifier::relax_verify_for(oop loader) {
97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
98 bool need_verify =
99 // verifyAll
100 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
101 // verifyRemote
102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
103 return !need_verify;
104 }
105
106 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
107 HandleMark hm;
108 ResourceMark rm(THREAD);
109
110 Symbol* exception_name = NULL;
111 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
112 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
113
114 const char* klassName = klass->external_name();
115
116 // If the class should be verified, first see if we can use the split
117 // verifier. If not, or if verification fails and FailOverToOldVerifier
118 // is set, then call the inference verifier.
119 if (is_eligible_for_verification(klass, should_verify_class)) {
120 if (TraceClassInitialization) {
121 tty->print_cr("Start class verification for: %s", klassName);
122 }
123 if (UseSplitVerifier &&
124 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
125 ClassVerifier split_verifier(
126 klass, message_buffer, message_buffer_len, THREAD);
127 split_verifier.verify_class(THREAD);
128 exception_name = split_verifier.result();
129 if (klass->major_version() < NOFAILOVER_MAJOR_VERSION &&
130 FailOverToOldVerifier && !HAS_PENDING_EXCEPTION &&
131 (exception_name == vmSymbols::java_lang_VerifyError() ||
132 exception_name == vmSymbols::java_lang_ClassFormatError())) {
133 if (TraceClassInitialization) {
134 tty->print_cr(
135 "Fail over class verification to old verifier for: %s", klassName);
136 }
137 exception_name = inference_verify(
138 klass, message_buffer, message_buffer_len, THREAD);
139 }
140 } else {
141 exception_name = inference_verify(
142 klass, message_buffer, message_buffer_len, THREAD);
143 }
144
145 if (TraceClassInitialization) {
146 if (HAS_PENDING_EXCEPTION) {
147 tty->print("Verification for %s has", klassName);
148 tty->print_cr(" exception pending %s ",
149 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
150 } else if (exception_name != NULL) {
151 tty->print_cr("Verification for %s failed", klassName);
152 }
153 tty->print_cr("End class verification for: %s", klassName);
154 }
155 }
156
157 if (HAS_PENDING_EXCEPTION) {
158 return false; // use the existing exception
159 } else if (exception_name == NULL) {
160 return true; // verifcation succeeded
161 } else { // VerifyError or ClassFormatError to be created and thrown
162 ResourceMark rm(THREAD);
163 instanceKlassHandle kls =
164 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
165 while (!kls.is_null()) {
166 if (kls == klass) {
167 // If the class being verified is the exception we're creating
168 // or one of it's superclasses, we're in trouble and are going
169 // to infinitely recurse when we try to initialize the exception.
170 // So bail out here by throwing the preallocated VM error.
171 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
172 }
173 kls = kls->super();
174 }
175 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
176 THROW_MSG_(exception_name, message_buffer, false);
177 }
178 }
179
180 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
181 Symbol* name = klass->name();
182 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
183
184 return (should_verify_for(klass->class_loader(), should_verify_class) &&
185 // return if the class is a bootstrapping class
186 // or defineClass specified not to verify by default (flags override passed arg)
187 // We need to skip the following four for bootstraping
188 name != vmSymbols::java_lang_Object() &&
189 name != vmSymbols::java_lang_Class() &&
190 name != vmSymbols::java_lang_String() &&
191 name != vmSymbols::java_lang_Throwable() &&
192
193 // Can not verify the bytecodes for shared classes because they have
194 // already been rewritten to contain constant pool cache indices,
195 // which the verifier can't understand.
196 // Shared classes shouldn't have stackmaps either.
204 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
205 (refl_magic_klass == NULL ||
206 !klass->is_subtype_of(refl_magic_klass) ||
207 VerifyReflectionBytecodes)
208 );
209 }
210
211 Symbol* Verifier::inference_verify(
212 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
213 JavaThread* thread = (JavaThread*)THREAD;
214 JNIEnv *env = thread->jni_environment();
215
216 void* verify_func = verify_byte_codes_fn();
217
218 if (verify_func == NULL) {
219 jio_snprintf(message, message_len, "Could not link verifier");
220 return vmSymbols::java_lang_VerifyError();
221 }
222
223 ResourceMark rm(THREAD);
224 if (ClassVerifier::_verify_verbose) {
225 tty->print_cr("Verifying class %s with old format", klass->external_name());
226 }
227
228 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
229 jint result;
230
231 {
232 HandleMark hm(thread);
233 ThreadToNativeFromVM ttn(thread);
234 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
235 // code knows that we have left the VM
236
237 if (_is_new_verify_byte_codes_fn) {
238 verify_byte_codes_fn_new_t func =
239 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
240 result = (*func)(env, cls, message, (int)message_len,
241 klass->major_version());
242 } else {
243 verify_byte_codes_fn_t func =
244 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
248
249 JNIHandles::destroy_local(cls);
250
251 // These numbers are chosen so that VerifyClassCodes interface doesn't need
252 // to be changed (still return jboolean (unsigned char)), and result is
253 // 1 when verification is passed.
254 if (result == 0) {
255 return vmSymbols::java_lang_VerifyError();
256 } else if (result == 1) {
257 return NULL; // verified.
258 } else if (result == 2) {
259 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
260 } else if (result == 3) {
261 return vmSymbols::java_lang_ClassFormatError();
262 } else {
263 ShouldNotReachHere();
264 return NULL;
265 }
266 }
267
268 // Methods in ClassVerifier
269
270 bool ClassVerifier::_verify_verbose = false;
271
272 ClassVerifier::ClassVerifier(
273 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS)
274 : _thread(THREAD), _exception_type(NULL), _message(msg),
275 _message_buffer_len(msg_len), _klass(klass) {
276 _this_type = VerificationType::reference_type(klass->name());
277 // Create list to hold symbols in reference area.
278 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
279 }
280
281 ClassVerifier::~ClassVerifier() {
282 // Decrement the reference count for any symbols created.
283 for (int i = 0; i < _symbols->length(); i++) {
284 Symbol* s = _symbols->at(i);
285 s->decrement_refcount();
286 }
287 }
288
289 VerificationType ClassVerifier::object_type() const {
290 return VerificationType::reference_type(vmSymbols::java_lang_Object());
291 }
292
293 void ClassVerifier::verify_class(TRAPS) {
294 if (_verify_verbose) {
295 tty->print_cr("Verifying class %s with new format",
296 _klass->external_name());
297 }
298
299 objArrayHandle methods(THREAD, _klass->methods());
300 int num_methods = methods->length();
301
302 for (int index = 0; index < num_methods; index++) {
303 // Check for recursive re-verification before each method.
304 if (was_recursively_verified()) return;
305
306 methodOop m = (methodOop)methods->obj_at(index);
307 if (m->is_native() || m->is_abstract()) {
308 // If m is native or abstract, skip it. It is checked in class file
309 // parser that methods do not override a final method.
310 continue;
311 }
312 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
313 }
314
315 if (_verify_verbose || TraceClassInitialization) {
316 if (was_recursively_verified())
317 tty->print_cr("Recursive verification detected for: %s",
318 _klass->external_name());
319 }
320 }
321
322 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
323 _method = m; // initialize _method
324 if (_verify_verbose) {
325 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
326 }
327
328 const char* bad_type_msg = "Bad type on operand stack in %s";
329
330 int32_t max_stack = m->max_stack();
331 int32_t max_locals = m->max_locals();
332 constantPoolHandle cp(THREAD, m->constants());
333
334 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
335 class_format_error("Invalid method signature");
336 return;
337 }
338
339 // Initial stack map frame: offset is 0, stack is initially empty.
340 StackMapFrame current_frame(max_locals, max_stack, this);
341 // Set initial locals
342 VerificationType return_type = current_frame.set_locals_from_arg(
343 m, current_type(), CHECK_VERIFY(this));
344
351
352 int ex_min = code_length;
353 int ex_max = -1;
354 // Look through each item on the exception table. Each of the fields must refer
355 // to a legal instruction.
356 verify_exception_handler_table(
357 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
358
359 // Look through each entry on the local variable table and make sure
360 // its range of code array offsets is valid. (4169817)
361 if (m->has_localvariable_table()) {
362 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
363 }
364
365 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
366 StackMapStream stream(stackmap_data);
367 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
368 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
369 code_data, code_length, CHECK_VERIFY(this));
370
371 if (_verify_verbose) {
372 stackmap_table.print();
373 }
374
375 RawBytecodeStream bcs(m);
376
377 // Scan the byte code linearly from the start to the end
378 bool no_control_flow = false; // Set to true when there is no direct control
379 // flow from current instruction to the next
380 // instruction in sequence
381 Bytecodes::Code opcode;
382 while (!bcs.is_last_bytecode()) {
383 // Check for recursive re-verification before each bytecode.
384 if (was_recursively_verified()) return;
385
386 opcode = bcs.raw_next();
387 u2 bci = bcs.bci();
388
389 // Set current frame's offset to bci
390 current_frame.set_offset(bci);
391
392 // Make sure every offset in stackmap table point to the beginning to
393 // an instruction. Match current_frame to stackmap_table entry with
394 // the same offset if exists.
395 stackmap_index = verify_stackmap_table(
396 stackmap_index, bci, ¤t_frame, &stackmap_table,
397 no_control_flow, CHECK_VERIFY(this));
398
399 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
400
401 // Merge with the next instruction
402 {
403 u2 index;
404 int target;
405 VerificationType type, type2;
406 VerificationType atype;
407
408 #ifndef PRODUCT
409 if (_verify_verbose) {
410 current_frame.print();
411 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
412 }
413 #endif
414
415 // Make sure wide instruction is in correct format
416 if (bcs.is_wide()) {
417 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
418 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
419 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
420 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
421 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
422 opcode != Bytecodes::_dstore) {
423 verify_error(bci, "Bad wide instruction");
424 return;
425 }
426 }
427
428 switch (opcode) {
429 case Bytecodes::_nop :
430 no_control_flow = false; break;
431 case Bytecodes::_aconst_null :
432 current_frame.push_stack(
433 VerificationType::null_type(), CHECK_VERIFY(this));
434 no_control_flow = false; break;
435 case Bytecodes::_iconst_m1 :
436 case Bytecodes::_iconst_0 :
437 case Bytecodes::_iconst_1 :
438 case Bytecodes::_iconst_2 :
439 case Bytecodes::_iconst_3 :
440 case Bytecodes::_iconst_4 :
441 case Bytecodes::_iconst_5 :
442 current_frame.push_stack(
443 VerificationType::integer_type(), CHECK_VERIFY(this));
515 case Bytecodes::_dload_3 :
516 index = opcode - Bytecodes::_dload_0;
517 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
518 no_control_flow = false; break;
519 case Bytecodes::_aload :
520 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
521 no_control_flow = false; break;
522 case Bytecodes::_aload_0 :
523 case Bytecodes::_aload_1 :
524 case Bytecodes::_aload_2 :
525 case Bytecodes::_aload_3 :
526 index = opcode - Bytecodes::_aload_0;
527 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
528 no_control_flow = false; break;
529 case Bytecodes::_iaload :
530 type = current_frame.pop_stack(
531 VerificationType::integer_type(), CHECK_VERIFY(this));
532 atype = current_frame.pop_stack(
533 VerificationType::reference_check(), CHECK_VERIFY(this));
534 if (!atype.is_int_array()) {
535 verify_error(bci, bad_type_msg, "iaload");
536 return;
537 }
538 current_frame.push_stack(
539 VerificationType::integer_type(), CHECK_VERIFY(this));
540 no_control_flow = false; break;
541 case Bytecodes::_baload :
542 type = current_frame.pop_stack(
543 VerificationType::integer_type(), CHECK_VERIFY(this));
544 atype = current_frame.pop_stack(
545 VerificationType::reference_check(), CHECK_VERIFY(this));
546 if (!atype.is_bool_array() && !atype.is_byte_array()) {
547 verify_error(bci, bad_type_msg, "baload");
548 return;
549 }
550 current_frame.push_stack(
551 VerificationType::integer_type(), CHECK_VERIFY(this));
552 no_control_flow = false; break;
553 case Bytecodes::_caload :
554 type = current_frame.pop_stack(
555 VerificationType::integer_type(), CHECK_VERIFY(this));
556 atype = current_frame.pop_stack(
557 VerificationType::reference_check(), CHECK_VERIFY(this));
558 if (!atype.is_char_array()) {
559 verify_error(bci, bad_type_msg, "caload");
560 return;
561 }
562 current_frame.push_stack(
563 VerificationType::integer_type(), CHECK_VERIFY(this));
564 no_control_flow = false; break;
565 case Bytecodes::_saload :
566 type = current_frame.pop_stack(
567 VerificationType::integer_type(), CHECK_VERIFY(this));
568 atype = current_frame.pop_stack(
569 VerificationType::reference_check(), CHECK_VERIFY(this));
570 if (!atype.is_short_array()) {
571 verify_error(bci, bad_type_msg, "saload");
572 return;
573 }
574 current_frame.push_stack(
575 VerificationType::integer_type(), CHECK_VERIFY(this));
576 no_control_flow = false; break;
577 case Bytecodes::_laload :
578 type = current_frame.pop_stack(
579 VerificationType::integer_type(), CHECK_VERIFY(this));
580 atype = current_frame.pop_stack(
581 VerificationType::reference_check(), CHECK_VERIFY(this));
582 if (!atype.is_long_array()) {
583 verify_error(bci, bad_type_msg, "laload");
584 return;
585 }
586 current_frame.push_stack_2(
587 VerificationType::long_type(),
588 VerificationType::long2_type(), CHECK_VERIFY(this));
589 no_control_flow = false; break;
590 case Bytecodes::_faload :
591 type = current_frame.pop_stack(
592 VerificationType::integer_type(), CHECK_VERIFY(this));
593 atype = current_frame.pop_stack(
594 VerificationType::reference_check(), CHECK_VERIFY(this));
595 if (!atype.is_float_array()) {
596 verify_error(bci, bad_type_msg, "faload");
597 return;
598 }
599 current_frame.push_stack(
600 VerificationType::float_type(), CHECK_VERIFY(this));
601 no_control_flow = false; break;
602 case Bytecodes::_daload :
603 type = current_frame.pop_stack(
604 VerificationType::integer_type(), CHECK_VERIFY(this));
605 atype = current_frame.pop_stack(
606 VerificationType::reference_check(), CHECK_VERIFY(this));
607 if (!atype.is_double_array()) {
608 verify_error(bci, bad_type_msg, "daload");
609 return;
610 }
611 current_frame.push_stack_2(
612 VerificationType::double_type(),
613 VerificationType::double2_type(), CHECK_VERIFY(this));
614 no_control_flow = false; break;
615 case Bytecodes::_aaload : {
616 type = current_frame.pop_stack(
617 VerificationType::integer_type(), CHECK_VERIFY(this));
618 atype = current_frame.pop_stack(
619 VerificationType::reference_check(), CHECK_VERIFY(this));
620 if (!atype.is_reference_array()) {
621 verify_error(bci, bad_type_msg, "aaload");
622 return;
623 }
624 if (atype.is_null()) {
625 current_frame.push_stack(
626 VerificationType::null_type(), CHECK_VERIFY(this));
627 } else {
628 VerificationType component =
629 atype.get_component(this, CHECK_VERIFY(this));
630 current_frame.push_stack(component, CHECK_VERIFY(this));
631 }
632 no_control_flow = false; break;
633 }
634 case Bytecodes::_istore :
635 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
636 no_control_flow = false; break;
637 case Bytecodes::_istore_0 :
638 case Bytecodes::_istore_1 :
639 case Bytecodes::_istore_2 :
640 case Bytecodes::_istore_3 :
641 index = opcode - Bytecodes::_istore_0;
672 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
673 no_control_flow = false; break;
674 case Bytecodes::_astore :
675 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
676 no_control_flow = false; break;
677 case Bytecodes::_astore_0 :
678 case Bytecodes::_astore_1 :
679 case Bytecodes::_astore_2 :
680 case Bytecodes::_astore_3 :
681 index = opcode - Bytecodes::_astore_0;
682 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
683 no_control_flow = false; break;
684 case Bytecodes::_iastore :
685 type = current_frame.pop_stack(
686 VerificationType::integer_type(), CHECK_VERIFY(this));
687 type2 = current_frame.pop_stack(
688 VerificationType::integer_type(), CHECK_VERIFY(this));
689 atype = current_frame.pop_stack(
690 VerificationType::reference_check(), CHECK_VERIFY(this));
691 if (!atype.is_int_array()) {
692 verify_error(bci, bad_type_msg, "iastore");
693 return;
694 }
695 no_control_flow = false; break;
696 case Bytecodes::_bastore :
697 type = current_frame.pop_stack(
698 VerificationType::integer_type(), CHECK_VERIFY(this));
699 type2 = current_frame.pop_stack(
700 VerificationType::integer_type(), CHECK_VERIFY(this));
701 atype = current_frame.pop_stack(
702 VerificationType::reference_check(), CHECK_VERIFY(this));
703 if (!atype.is_bool_array() && !atype.is_byte_array()) {
704 verify_error(bci, bad_type_msg, "bastore");
705 return;
706 }
707 no_control_flow = false; break;
708 case Bytecodes::_castore :
709 current_frame.pop_stack(
710 VerificationType::integer_type(), CHECK_VERIFY(this));
711 current_frame.pop_stack(
712 VerificationType::integer_type(), CHECK_VERIFY(this));
713 atype = current_frame.pop_stack(
714 VerificationType::reference_check(), CHECK_VERIFY(this));
715 if (!atype.is_char_array()) {
716 verify_error(bci, bad_type_msg, "castore");
717 return;
718 }
719 no_control_flow = false; break;
720 case Bytecodes::_sastore :
721 current_frame.pop_stack(
722 VerificationType::integer_type(), CHECK_VERIFY(this));
723 current_frame.pop_stack(
724 VerificationType::integer_type(), CHECK_VERIFY(this));
725 atype = current_frame.pop_stack(
726 VerificationType::reference_check(), CHECK_VERIFY(this));
727 if (!atype.is_short_array()) {
728 verify_error(bci, bad_type_msg, "sastore");
729 return;
730 }
731 no_control_flow = false; break;
732 case Bytecodes::_lastore :
733 current_frame.pop_stack_2(
734 VerificationType::long2_type(),
735 VerificationType::long_type(), CHECK_VERIFY(this));
736 current_frame.pop_stack(
737 VerificationType::integer_type(), CHECK_VERIFY(this));
738 atype = current_frame.pop_stack(
739 VerificationType::reference_check(), CHECK_VERIFY(this));
740 if (!atype.is_long_array()) {
741 verify_error(bci, bad_type_msg, "lastore");
742 return;
743 }
744 no_control_flow = false; break;
745 case Bytecodes::_fastore :
746 current_frame.pop_stack(
747 VerificationType::float_type(), CHECK_VERIFY(this));
748 current_frame.pop_stack
749 (VerificationType::integer_type(), CHECK_VERIFY(this));
750 atype = current_frame.pop_stack(
751 VerificationType::reference_check(), CHECK_VERIFY(this));
752 if (!atype.is_float_array()) {
753 verify_error(bci, bad_type_msg, "fastore");
754 return;
755 }
756 no_control_flow = false; break;
757 case Bytecodes::_dastore :
758 current_frame.pop_stack_2(
759 VerificationType::double2_type(),
760 VerificationType::double_type(), CHECK_VERIFY(this));
761 current_frame.pop_stack(
762 VerificationType::integer_type(), CHECK_VERIFY(this));
763 atype = current_frame.pop_stack(
764 VerificationType::reference_check(), CHECK_VERIFY(this));
765 if (!atype.is_double_array()) {
766 verify_error(bci, bad_type_msg, "dastore");
767 return;
768 }
769 no_control_flow = false; break;
770 case Bytecodes::_aastore :
771 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
772 type2 = current_frame.pop_stack(
773 VerificationType::integer_type(), CHECK_VERIFY(this));
774 atype = current_frame.pop_stack(
775 VerificationType::reference_check(), CHECK_VERIFY(this));
776 // more type-checking is done at runtime
777 if (!atype.is_reference_array()) {
778 verify_error(bci, bad_type_msg, "aastore");
779 return;
780 }
781 // 4938384: relaxed constraint in JVMS 3nd edition.
782 no_control_flow = false; break;
783 case Bytecodes::_pop :
784 current_frame.pop_stack(
785 VerificationType::category1_check(), CHECK_VERIFY(this));
786 no_control_flow = false; break;
787 case Bytecodes::_pop2 :
788 type = current_frame.pop_stack(CHECK_VERIFY(this));
789 if (type.is_category1()) {
790 current_frame.pop_stack(
791 VerificationType::category1_check(), CHECK_VERIFY(this));
792 } else if (type.is_category2_2nd()) {
793 current_frame.pop_stack(
794 VerificationType::category2_check(), CHECK_VERIFY(this));
795 } else {
796 verify_error(bci, bad_type_msg, "pop2");
797 return;
798 }
799 no_control_flow = false; break;
800 case Bytecodes::_dup :
801 type = current_frame.pop_stack(
802 VerificationType::category1_check(), CHECK_VERIFY(this));
803 current_frame.push_stack(type, CHECK_VERIFY(this));
804 current_frame.push_stack(type, CHECK_VERIFY(this));
805 no_control_flow = false; break;
806 case Bytecodes::_dup_x1 :
807 type = current_frame.pop_stack(
808 VerificationType::category1_check(), CHECK_VERIFY(this));
809 type2 = current_frame.pop_stack(
810 VerificationType::category1_check(), CHECK_VERIFY(this));
811 current_frame.push_stack(type, CHECK_VERIFY(this));
812 current_frame.push_stack(type2, CHECK_VERIFY(this));
813 current_frame.push_stack(type, CHECK_VERIFY(this));
814 no_control_flow = false; break;
815 case Bytecodes::_dup_x2 :
816 {
817 VerificationType type3;
818 type = current_frame.pop_stack(
819 VerificationType::category1_check(), CHECK_VERIFY(this));
820 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
821 if (type2.is_category1()) {
822 type3 = current_frame.pop_stack(
823 VerificationType::category1_check(), CHECK_VERIFY(this));
824 } else if (type2.is_category2_2nd()) {
825 type3 = current_frame.pop_stack(
826 VerificationType::category2_check(), CHECK_VERIFY(this));
827 } else {
828 verify_error(bci, bad_type_msg, "dup_x2");
829 return;
830 }
831 current_frame.push_stack(type, CHECK_VERIFY(this));
832 current_frame.push_stack(type3, CHECK_VERIFY(this));
833 current_frame.push_stack(type2, CHECK_VERIFY(this));
834 current_frame.push_stack(type, CHECK_VERIFY(this));
835 no_control_flow = false; break;
836 }
837 case Bytecodes::_dup2 :
838 type = current_frame.pop_stack(CHECK_VERIFY(this));
839 if (type.is_category1()) {
840 type2 = current_frame.pop_stack(
841 VerificationType::category1_check(), CHECK_VERIFY(this));
842 } else if (type.is_category2_2nd()) {
843 type2 = current_frame.pop_stack(
844 VerificationType::category2_check(), CHECK_VERIFY(this));
845 } else {
846 verify_error(bci, bad_type_msg, "dup2");
847 return;
848 }
849 current_frame.push_stack(type2, CHECK_VERIFY(this));
850 current_frame.push_stack(type, CHECK_VERIFY(this));
851 current_frame.push_stack(type2, CHECK_VERIFY(this));
852 current_frame.push_stack(type, CHECK_VERIFY(this));
853 no_control_flow = false; break;
854 case Bytecodes::_dup2_x1 :
855 {
856 VerificationType type3;
857 type = current_frame.pop_stack(CHECK_VERIFY(this));
858 if (type.is_category1()) {
859 type2 = current_frame.pop_stack(
860 VerificationType::category1_check(), CHECK_VERIFY(this));
861 } else if(type.is_category2_2nd()) {
862 type2 = current_frame.pop_stack
863 (VerificationType::category2_check(), CHECK_VERIFY(this));
864 } else {
865 verify_error(bci, bad_type_msg, "dup2_x1");
866 return;
867 }
868 type3 = current_frame.pop_stack(
869 VerificationType::category1_check(), CHECK_VERIFY(this));
870 current_frame.push_stack(type2, CHECK_VERIFY(this));
871 current_frame.push_stack(type, CHECK_VERIFY(this));
872 current_frame.push_stack(type3, CHECK_VERIFY(this));
873 current_frame.push_stack(type2, CHECK_VERIFY(this));
874 current_frame.push_stack(type, CHECK_VERIFY(this));
875 no_control_flow = false; break;
876 }
877 case Bytecodes::_dup2_x2 :
878 {
879 VerificationType type3, type4;
880 type = current_frame.pop_stack(CHECK_VERIFY(this));
881 if (type.is_category1()) {
882 type2 = current_frame.pop_stack(
883 VerificationType::category1_check(), CHECK_VERIFY(this));
884 } else if (type.is_category2_2nd()) {
885 type2 = current_frame.pop_stack(
886 VerificationType::category2_check(), CHECK_VERIFY(this));
887 } else {
888 verify_error(bci, bad_type_msg, "dup2_x2");
889 return;
890 }
891 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
892 if (type3.is_category1()) {
893 type4 = current_frame.pop_stack(
894 VerificationType::category1_check(), CHECK_VERIFY(this));
895 } else if (type3.is_category2_2nd()) {
896 type4 = current_frame.pop_stack(
897 VerificationType::category2_check(), CHECK_VERIFY(this));
898 } else {
899 verify_error(bci, bad_type_msg, "dup2_x2");
900 return;
901 }
902 current_frame.push_stack(type2, CHECK_VERIFY(this));
903 current_frame.push_stack(type, CHECK_VERIFY(this));
904 current_frame.push_stack(type4, CHECK_VERIFY(this));
905 current_frame.push_stack(type3, CHECK_VERIFY(this));
906 current_frame.push_stack(type2, CHECK_VERIFY(this));
907 current_frame.push_stack(type, CHECK_VERIFY(this));
908 no_control_flow = false; break;
909 }
910 case Bytecodes::_swap :
911 type = current_frame.pop_stack(
912 VerificationType::category1_check(), CHECK_VERIFY(this));
913 type2 = current_frame.pop_stack(
914 VerificationType::category1_check(), CHECK_VERIFY(this));
915 current_frame.push_stack(type, CHECK_VERIFY(this));
916 current_frame.push_stack(type2, CHECK_VERIFY(this));
917 no_control_flow = false; break;
918 case Bytecodes::_iadd :
919 case Bytecodes::_isub :
1159 no_control_flow = false; break;
1160 case Bytecodes::_goto :
1161 target = bcs.dest();
1162 stackmap_table.check_jump_target(
1163 ¤t_frame, target, CHECK_VERIFY(this));
1164 no_control_flow = true; break;
1165 case Bytecodes::_goto_w :
1166 target = bcs.dest_w();
1167 stackmap_table.check_jump_target(
1168 ¤t_frame, target, CHECK_VERIFY(this));
1169 no_control_flow = true; break;
1170 case Bytecodes::_tableswitch :
1171 case Bytecodes::_lookupswitch :
1172 verify_switch(
1173 &bcs, code_length, code_data, ¤t_frame,
1174 &stackmap_table, CHECK_VERIFY(this));
1175 no_control_flow = true; break;
1176 case Bytecodes::_ireturn :
1177 type = current_frame.pop_stack(
1178 VerificationType::integer_type(), CHECK_VERIFY(this));
1179 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1180 no_control_flow = true; break;
1181 case Bytecodes::_lreturn :
1182 type2 = current_frame.pop_stack(
1183 VerificationType::long2_type(), CHECK_VERIFY(this));
1184 type = current_frame.pop_stack(
1185 VerificationType::long_type(), CHECK_VERIFY(this));
1186 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1187 no_control_flow = true; break;
1188 case Bytecodes::_freturn :
1189 type = current_frame.pop_stack(
1190 VerificationType::float_type(), CHECK_VERIFY(this));
1191 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1192 no_control_flow = true; break;
1193 case Bytecodes::_dreturn :
1194 type2 = current_frame.pop_stack(
1195 VerificationType::double2_type(), CHECK_VERIFY(this));
1196 type = current_frame.pop_stack(
1197 VerificationType::double_type(), CHECK_VERIFY(this));
1198 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1199 no_control_flow = true; break;
1200 case Bytecodes::_areturn :
1201 type = current_frame.pop_stack(
1202 VerificationType::reference_check(), CHECK_VERIFY(this));
1203 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1204 no_control_flow = true; break;
1205 case Bytecodes::_return :
1206 if (return_type != VerificationType::bogus_type()) {
1207 verify_error(bci, "Method expects no return value");
1208 return;
1209 }
1210 // Make sure "this" has been initialized if current method is an
1211 // <init>
1212 if (_method->name() == vmSymbols::object_initializer_name() &&
1213 current_frame.flag_this_uninit()) {
1214 verify_error(bci,
1215 "Constructor must call super() or this() before return");
1216 return;
1217 }
1218 no_control_flow = true; break;
1219 case Bytecodes::_getstatic :
1220 case Bytecodes::_putstatic :
1221 case Bytecodes::_getfield :
1222 case Bytecodes::_putfield :
1223 verify_field_instructions(
1224 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1225 no_control_flow = false; break;
1226 case Bytecodes::_invokevirtual :
1227 case Bytecodes::_invokespecial :
1228 case Bytecodes::_invokestatic :
1229 verify_invoke_instructions(
1230 &bcs, code_length, ¤t_frame,
1231 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1232 no_control_flow = false; break;
1233 case Bytecodes::_invokeinterface :
1234 case Bytecodes::_invokedynamic :
1235 verify_invoke_instructions(
1236 &bcs, code_length, ¤t_frame,
1237 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1238 no_control_flow = false; break;
1239 case Bytecodes::_new :
1240 {
1241 index = bcs.get_index_u2();
1242 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1243 VerificationType new_class_type =
1244 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1245 if (!new_class_type.is_object()) {
1246 verify_error(bci, "Illegal new instruction");
1247 return;
1248 }
1249 type = VerificationType::uninitialized_type(bci);
1250 current_frame.push_stack(type, CHECK_VERIFY(this));
1251 no_control_flow = false; break;
1252 }
1253 case Bytecodes::_newarray :
1254 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1255 current_frame.pop_stack(
1256 VerificationType::integer_type(), CHECK_VERIFY(this));
1257 current_frame.push_stack(type, CHECK_VERIFY(this));
1258 no_control_flow = false; break;
1259 case Bytecodes::_anewarray :
1260 verify_anewarray(
1261 bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1262 no_control_flow = false; break;
1263 case Bytecodes::_arraylength :
1264 type = current_frame.pop_stack(
1265 VerificationType::reference_check(), CHECK_VERIFY(this));
1266 if (!(type.is_null() || type.is_array())) {
1267 verify_error(bci, bad_type_msg, "arraylength");
1268 }
1269 current_frame.push_stack(
1270 VerificationType::integer_type(), CHECK_VERIFY(this));
1271 no_control_flow = false; break;
1272 case Bytecodes::_checkcast :
1273 {
1274 index = bcs.get_index_u2();
1275 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1276 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1277 VerificationType klass_type = cp_index_to_type(
1278 index, cp, CHECK_VERIFY(this));
1279 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1280 no_control_flow = false; break;
1281 }
1282 case Bytecodes::_instanceof : {
1283 index = bcs.get_index_u2();
1284 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1285 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1286 current_frame.push_stack(
1287 VerificationType::integer_type(), CHECK_VERIFY(this));
1288 no_control_flow = false; break;
1289 }
1290 case Bytecodes::_monitorenter :
1291 case Bytecodes::_monitorexit :
1292 current_frame.pop_stack(
1293 VerificationType::reference_check(), CHECK_VERIFY(this));
1294 no_control_flow = false; break;
1295 case Bytecodes::_multianewarray :
1296 {
1297 index = bcs.get_index_u2();
1298 u2 dim = *(bcs.bcp()+3);
1299 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1300 VerificationType new_array_type =
1301 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1302 if (!new_array_type.is_array()) {
1303 verify_error(bci,
1304 "Illegal constant pool index in multianewarray instruction");
1305 return;
1306 }
1307 if (dim < 1 || new_array_type.dimensions() < dim) {
1308 verify_error(bci,
1309 "Illegal dimension in multianewarray instruction");
1310 return;
1311 }
1312 for (int i = 0; i < dim; i++) {
1313 current_frame.pop_stack(
1314 VerificationType::integer_type(), CHECK_VERIFY(this));
1315 }
1316 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1317 no_control_flow = false; break;
1318 }
1319 case Bytecodes::_athrow :
1320 type = VerificationType::reference_type(
1321 vmSymbols::java_lang_Throwable());
1322 current_frame.pop_stack(type, CHECK_VERIFY(this));
1323 no_control_flow = true; break;
1324 default:
1325 // We only need to check the valid bytecodes in class file.
1326 // And jsr and ret are not in the new class file format in JDK1.5.
1327 verify_error(bci, "Bad instruction");
1328 no_control_flow = false;
1329 return;
1330 } // end switch
1331 } // end Merge with the next instruction
1332
1333 // Look for possible jump target in exception handlers and see if it
1334 // matches current_frame
1335 if (bci >= ex_min && bci < ex_max) {
1336 verify_exception_handler_targets(
1337 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1338 }
1339 } // end while
1340
1341 // Make sure that control flow does not fall through end of the method
1342 if (!no_control_flow) {
1343 verify_error(code_length, "Control flow falls through code end");
1344 return;
1345 }
1346 }
1347
1348 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1349 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1350 memset(code_data, 0, sizeof(char) * code_length);
1351 RawBytecodeStream bcs(m);
1352
1353 while (!bcs.is_last_bytecode()) {
1354 if (bcs.raw_next() != Bytecodes::_illegal) {
1355 int bci = bcs.bci();
1356 if (bcs.raw_code() == Bytecodes::_new) {
1357 code_data[bci] = NEW_OFFSET;
1358 } else {
1359 code_data[bci] = BYTECODE_OFFSET;
1360 }
1361 } else {
1362 verify_error(bcs.bci(), "Bad instruction");
1363 return NULL;
1364 }
1365 }
1366
1367 return code_data;
1368 }
1369
1370 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1371 ExceptionTable exhandlers(_method());
1372 int exlength = exhandlers.length();
1373 constantPoolHandle cp (THREAD, _method->constants());
1374
1375 for(int i = 0; i < exlength; i++) {
1376 //reacquire the table in case a GC happened
1377 ExceptionTable exhandlers(_method());
1378 u2 start_pc = exhandlers.start_pc(i);
1379 u2 end_pc = exhandlers.end_pc(i);
1380 u2 handler_pc = exhandlers.handler_pc(i);
1381 if (start_pc >= code_length || code_data[start_pc] == 0) {
1382 class_format_error("Illegal exception table start_pc %d", start_pc);
1385 if (end_pc != code_length) { // special case: end_pc == code_length
1386 if (end_pc > code_length || code_data[end_pc] == 0) {
1387 class_format_error("Illegal exception table end_pc %d", end_pc);
1388 return;
1389 }
1390 }
1391 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1392 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1393 return;
1394 }
1395 int catch_type_index = exhandlers.catch_type_index(i);
1396 if (catch_type_index != 0) {
1397 VerificationType catch_type = cp_index_to_type(
1398 catch_type_index, cp, CHECK_VERIFY(this));
1399 VerificationType throwable =
1400 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1401 bool is_subclass = throwable.is_assignable_from(
1402 catch_type, this, CHECK_VERIFY(this));
1403 if (!is_subclass) {
1404 // 4286534: should throw VerifyError according to recent spec change
1405 verify_error(
1406 "Catch type is not a subclass of Throwable in handler %d",
1407 handler_pc);
1408 return;
1409 }
1410 }
1411 if (start_pc < min) min = start_pc;
1412 if (end_pc > max) max = end_pc;
1413 }
1414 }
1415
1416 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1417 int localvariable_table_length = _method()->localvariable_table_length();
1418 if (localvariable_table_length > 0) {
1419 LocalVariableTableElement* table = _method()->localvariable_table_start();
1420 for (int i = 0; i < localvariable_table_length; i++) {
1421 u2 start_bci = table[i].start_bci;
1422 u2 length = table[i].length;
1423
1424 if (start_bci >= code_length || code_data[start_bci] == 0) {
1425 class_format_error(
1426 "Illegal local variable table start_pc %d", start_bci);
1427 return;
1428 }
1429 u4 end_bci = (u4)(start_bci + length);
1430 if (end_bci != code_length) {
1431 if (end_bci >= code_length || code_data[end_bci] == 0) {
1432 class_format_error( "Illegal local variable table length %d", length);
1433 return;
1434 }
1435 }
1436 }
1437 }
1438 }
1439
1440 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1441 StackMapFrame* current_frame,
1442 StackMapTable* stackmap_table,
1443 bool no_control_flow, TRAPS) {
1444 if (stackmap_index < stackmap_table->get_frame_count()) {
1445 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1446 if (no_control_flow && this_offset > bci) {
1447 verify_error(bci, "Expecting a stack map frame");
1448 return 0;
1449 }
1450 if (this_offset == bci) {
1451 // See if current stack map can be assigned to the frame in table.
1452 // current_frame is the stackmap frame got from the last instruction.
1453 // If matched, current_frame will be updated by this method.
1454 bool match = stackmap_table->match_stackmap(
1455 current_frame, this_offset, stackmap_index,
1456 !no_control_flow, true, CHECK_VERIFY_(this, 0));
1457 if (!match) {
1458 // report type error
1459 verify_error(bci, "Instruction type does not match stack map");
1460 return 0;
1461 }
1462 stackmap_index++;
1463 } else if (this_offset < bci) {
1464 // current_offset should have met this_offset.
1465 class_format_error("Bad stack map offset %d", this_offset);
1466 return 0;
1467 }
1468 } else if (no_control_flow) {
1469 verify_error(bci, "Expecting a stack map frame");
1470 return 0;
1471 }
1472 return stackmap_index;
1473 }
1474
1475 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1476 StackMapTable* stackmap_table, TRAPS) {
1477 constantPoolHandle cp (THREAD, _method->constants());
1478 ExceptionTable exhandlers(_method());
1479 int exlength = exhandlers.length();
1480 for(int i = 0; i < exlength; i++) {
1481 //reacquire the table in case a GC happened
1482 ExceptionTable exhandlers(_method());
1483 u2 start_pc = exhandlers.start_pc(i);
1484 u2 end_pc = exhandlers.end_pc(i);
1485 u2 handler_pc = exhandlers.handler_pc(i);
1486 int catch_type_index = exhandlers.catch_type_index(i);
1487 if(bci >= start_pc && bci < end_pc) {
1488 u1 flags = current_frame->flags();
1489 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1490 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1491 if (catch_type_index != 0) {
1492 // We know that this index refers to a subclass of Throwable
1493 VerificationType catch_type = cp_index_to_type(
1494 catch_type_index, cp, CHECK_VERIFY(this));
1495 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1496 } else {
1497 VerificationType throwable =
1498 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1499 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1500 }
1501 bool match = stackmap_table->match_stackmap(
1502 new_frame, handler_pc, true, false, CHECK_VERIFY(this));
1503 if (!match) {
1504 verify_error(bci,
1505 "Stack map does not match the one at exception handler %d",
1506 handler_pc);
1507 return;
1508 }
1509 }
1510 }
1511 }
1512
1513 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) {
1514 int nconstants = cp->length();
1515 if ((index <= 0) || (index >= nconstants)) {
1516 verify_error("Illegal constant pool index %d in class %s",
1517 index, instanceKlass::cast(cp->pool_holder())->external_name());
1518 return;
1519 }
1520 }
1521
1522 void ClassVerifier::verify_cp_type(
1523 int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1524
1525 // In some situations, bytecode rewriting may occur while we're verifying.
1526 // In this case, a constant pool cache exists and some indices refer to that
1527 // instead. Be sure we don't pick up such indices by accident.
1528 // We must check was_recursively_verified() before we get here.
1529 guarantee(cp->cache() == NULL, "not rewritten yet");
1530
1531 verify_cp_index(cp, index, CHECK_VERIFY(this));
1532 unsigned int tag = cp->tag_at(index).value();
1533 if ((types & (1 << tag)) == 0) {
1534 verify_error(
1535 "Illegal type at constant pool entry %d in class %s",
1536 index, instanceKlass::cast(cp->pool_holder())->external_name());
1537 return;
1538 }
1539 }
1540
1541 void ClassVerifier::verify_cp_class_type(
1542 int index, constantPoolHandle cp, TRAPS) {
1543 verify_cp_index(cp, index, CHECK_VERIFY(this));
1544 constantTag tag = cp->tag_at(index);
1545 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1546 verify_error("Illegal type at constant pool entry %d in class %s",
1547 index, instanceKlass::cast(cp->pool_holder())->external_name());
1548 return;
1549 }
1550 }
1551
1552 void ClassVerifier::format_error_message(
1553 const char* fmt, int offset, va_list va) {
1554 ResourceMark rm(_thread);
1555 stringStream message(_message, _message_buffer_len);
1556 message.vprint(fmt, va);
1557 if (!_method.is_null()) {
1558 message.print(" in method %s", _method->name_and_sig_as_C_string());
1559 }
1560 if (offset != -1) {
1561 message.print(" at offset %d", offset);
1562 }
1563 }
1564
1565 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) {
1566 _exception_type = vmSymbols::java_lang_VerifyError();
1567 va_list va;
1568 va_start(va, fmt);
1569 format_error_message(fmt, offset, va);
1570 va_end(va);
1571 }
1572
1573 void ClassVerifier::verify_error(const char* fmt, ...) {
1574 _exception_type = vmSymbols::java_lang_VerifyError();
1575 va_list va;
1576 va_start(va, fmt);
1577 format_error_message(fmt, -1, va);
1578 va_end(va);
1579 }
1580
1581 void ClassVerifier::class_format_error(const char* msg, ...) {
1582 _exception_type = vmSymbols::java_lang_ClassFormatError();
1583 va_list va;
1584 va_start(va, msg);
1585 format_error_message(msg, -1, va);
1586 va_end(va);
1587 }
1588
1589 klassOop ClassVerifier::load_class(Symbol* name, TRAPS) {
1590 // Get current loader and protection domain first.
1591 oop loader = current_class()->class_loader();
1592 oop protection_domain = current_class()->protection_domain();
1593
1594 return SystemDictionary::resolve_or_fail(
1595 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1596 true, CHECK_NULL);
1597 }
1598
1599 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1600 klassOop target_class,
1601 Symbol* field_name,
1602 Symbol* field_sig,
1603 bool is_method) {
1604 No_Safepoint_Verifier nosafepoint;
1605
1606 // If target class isn't a super class of this class, we don't worry about this case
1607 if (!this_class->is_subclass_of(target_class)) {
1608 return false;
1609 }
1610 // Check if the specified method or field is protected
1611 instanceKlass* target_instance = instanceKlass::cast(target_class);
1612 fieldDescriptor fd;
1613 if (is_method) {
1614 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1615 if (m != NULL && m->is_protected()) {
1616 if (!this_class->is_same_class_package(m->method_holder())) {
1617 return true;
1618 }
1619 }
1620 } else {
1621 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1622 if(member_klass != NULL && fd.is_protected()) {
1623 if (!this_class->is_same_class_package(member_klass)) {
1624 return true;
1625 }
1626 }
1627 }
1628 return false;
1629 }
1630
1631 void ClassVerifier::verify_ldc(
1632 int opcode, u2 index, StackMapFrame *current_frame,
1633 constantPoolHandle cp, u2 bci, TRAPS) {
1634 verify_cp_index(cp, index, CHECK_VERIFY(this));
1635 constantTag tag = cp->tag_at(index);
1636 unsigned int types;
1637 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1638 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1639 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1640 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1641 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1642 // Note: The class file parser already verified the legality of
1643 // MethodHandle and MethodType constants.
1644 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1645 }
1646 } else {
1647 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1648 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1649 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1650 }
1651 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1652 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
1653 } else if (tag.is_string() || tag.is_unresolved_string()) {
1654 current_frame->push_stack(
1655 VerificationType::reference_type(
1656 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1657 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1658 current_frame->push_stack(
1659 VerificationType::reference_type(
1660 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1661 } else if (tag.is_int()) {
1662 current_frame->push_stack(
1663 VerificationType::integer_type(), CHECK_VERIFY(this));
1664 } else if (tag.is_float()) {
1665 current_frame->push_stack(
1666 VerificationType::float_type(), CHECK_VERIFY(this));
1667 } else if (tag.is_double()) {
1668 current_frame->push_stack_2(
1669 VerificationType::double_type(),
1670 VerificationType::double2_type(), CHECK_VERIFY(this));
1671 } else if (tag.is_long()) {
1672 current_frame->push_stack_2(
1673 VerificationType::long_type(),
1674 VerificationType::long2_type(), CHECK_VERIFY(this));
1675 } else if (tag.is_method_handle()) {
1676 current_frame->push_stack(
1677 VerificationType::reference_type(
1678 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
1679 } else if (tag.is_method_type()) {
1680 current_frame->push_stack(
1681 VerificationType::reference_type(
1682 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
1683 } else {
1684 verify_error(bci, "Invalid index in ldc");
1685 return;
1686 }
1687 }
1688
1689 void ClassVerifier::verify_switch(
1690 RawBytecodeStream* bcs, u4 code_length, char* code_data,
1691 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
1692 int bci = bcs->bci();
1693 address bcp = bcs->bcp();
1694 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
1695
1696 // 4639449 & 4647081: padding bytes must be 0
1697 u2 padding_offset = 1;
1698 while ((bcp + padding_offset) < aligned_bcp) {
1699 if(*(bcp + padding_offset) != 0) {
1700 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch");
1701 return;
1702 }
1703 padding_offset++;
1704 }
1705 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
1706 int keys, delta;
1707 current_frame->pop_stack(
1708 VerificationType::integer_type(), CHECK_VERIFY(this));
1709 if (bcs->raw_code() == Bytecodes::_tableswitch) {
1710 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
1711 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
1712 if (low > high) {
1713 verify_error(bci,
1714 "low must be less than or equal to high in tableswitch");
1715 return;
1716 }
1717 keys = high - low + 1;
1718 if (keys < 0) {
1719 verify_error(bci, "too many keys in tableswitch");
1720 return;
1721 }
1722 delta = 1;
1723 } else {
1724 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
1725 if (keys < 0) {
1726 verify_error(bci, "number of keys in lookupswitch less than 0");
1727 return;
1728 }
1729 delta = 2;
1730 // Make sure that the lookupswitch items are sorted
1731 for (int i = 0; i < (keys - 1); i++) {
1732 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
1733 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
1734 if (this_key >= next_key) {
1735 verify_error(bci, "Bad lookupswitch instruction");
1736 return;
1737 }
1738 }
1739 }
1740 int target = bci + default_offset;
1741 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
1742 for (int i = 0; i < keys; i++) {
1743 // Because check_jump_target() may safepoint, the bytecode could have
1744 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
1745 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
1746 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
1747 stackmap_table->check_jump_target(
1748 current_frame, target, CHECK_VERIFY(this));
1749 }
1750 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
1751 }
1752
1753 bool ClassVerifier::name_in_supers(
1754 Symbol* ref_name, instanceKlassHandle current) {
1755 klassOop super = current->super();
1756 while (super != NULL) {
1757 if (super->klass_part()->name() == ref_name) {
1758 return true;
1759 }
1760 super = super->klass_part()->super();
1761 }
1762 return false;
1763 }
1764
1765 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
1766 StackMapFrame* current_frame,
1767 constantPoolHandle cp,
1768 TRAPS) {
1769 u2 index = bcs->get_index_u2();
1770 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
1771
1772 // Get field name and signature
1773 Symbol* field_name = cp->name_ref_at(index);
1774 Symbol* field_sig = cp->signature_ref_at(index);
1775
1776 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
1777 class_format_error(
1778 "Invalid signature for field in class %s referenced "
1779 "from constant pool index %d", _klass->external_name(), index);
1780 return;
1781 }
1782
1783 // Get referenced class type
1784 VerificationType ref_class_type = cp_ref_index_to_type(
1785 index, cp, CHECK_VERIFY(this));
1786 if (!ref_class_type.is_object()) {
1787 verify_error(
1788 "Expecting reference to class in class %s at constant pool index %d",
1789 _klass->external_name(), index);
1790 return;
1791 }
1792 VerificationType target_class_type = ref_class_type;
1793
1794 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1795 "buffer type must match VerificationType size");
1796 uintptr_t field_type_buffer[2];
1797 VerificationType* field_type = (VerificationType*)field_type_buffer;
1798 // If we make a VerificationType[2] array directly, the compiler calls
1799 // to the c-runtime library to do the allocation instead of just
1800 // stack allocating it. Plus it would run constructors. This shows up
1801 // in performance profiles.
1802
1803 SignatureStream sig_stream(field_sig, false);
1804 VerificationType stack_object_type;
1805 int n = change_sig_to_verificationType(
1806 &sig_stream, field_type, CHECK_VERIFY(this));
1807 u2 bci = bcs->bci();
1827 }
1828 goto check_protected;
1829 }
1830 case Bytecodes::_putfield: {
1831 for (int i = n - 1; i >= 0; i--) {
1832 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1833 }
1834 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
1835
1836 // The JVMS 2nd edition allows field initialization before the superclass
1837 // initializer, if the field is defined within the current class.
1838 fieldDescriptor fd;
1839 if (stack_object_type == VerificationType::uninitialized_this_type() &&
1840 target_class_type.equals(current_type()) &&
1841 _klass->find_local_field(field_name, field_sig, &fd)) {
1842 stack_object_type = current_type();
1843 }
1844 is_assignable = target_class_type.is_assignable_from(
1845 stack_object_type, this, CHECK_VERIFY(this));
1846 if (!is_assignable) {
1847 verify_error(bci, "Bad type on operand stack in putfield");
1848 return;
1849 }
1850 }
1851 check_protected: {
1852 if (_this_type == stack_object_type)
1853 break; // stack_object_type must be assignable to _current_class_type
1854 Symbol* ref_class_name =
1855 cp->klass_name_at(cp->klass_ref_index_at(index));
1856 if (!name_in_supers(ref_class_name, current_class()))
1857 // stack_object_type must be assignable to _current_class_type since:
1858 // 1. stack_object_type must be assignable to ref_class.
1859 // 2. ref_class must be _current_class or a subclass of it. It can't
1860 // be a superclass of it. See revised JVMS 5.4.4.
1861 break;
1862
1863 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
1864 if (is_protected_access(current_class(), ref_class_oop, field_name,
1865 field_sig, false)) {
1866 // It's protected access, check if stack object is assignable to
1867 // current class.
1868 is_assignable = current_type().is_assignable_from(
1869 stack_object_type, this, CHECK_VERIFY(this));
1870 if (!is_assignable) {
1871 verify_error(bci, "Bad access to protected data in getfield");
1872 return;
1873 }
1874 }
1875 break;
1876 }
1877 default: ShouldNotReachHere();
1878 }
1879 }
1880
1881 void ClassVerifier::verify_invoke_init(
1882 RawBytecodeStream* bcs, VerificationType ref_class_type,
1883 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
1884 constantPoolHandle cp, TRAPS) {
1885 u2 bci = bcs->bci();
1886 VerificationType type = current_frame->pop_stack(
1887 VerificationType::reference_check(), CHECK_VERIFY(this));
1888 if (type == VerificationType::uninitialized_this_type()) {
1889 // The method must be an <init> method of this class or its superclass
1890 klassOop superk = current_class()->super();
1891 if (ref_class_type.name() != current_class()->name() &&
1892 ref_class_type.name() != superk->klass_part()->name()) {
1893 verify_error(bci, "Bad <init> method call");
1894 return;
1895 }
1896 current_frame->initialize_object(type, current_type());
1897 *this_uninit = true;
1898 } else if (type.is_uninitialized()) {
1899 u2 new_offset = type.bci();
1900 address new_bcp = bcs->bcp() - bci + new_offset;
1901 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
1902 verify_error(new_offset, "Expecting new instruction");
1903 return;
1904 }
1905 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
1906 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this));
1907
1908 // The method must be an <init> method of the indicated class
1909 VerificationType new_class_type = cp_index_to_type(
1910 new_class_index, cp, CHECK_VERIFY(this));
1911 if (!new_class_type.equals(ref_class_type)) {
1912 verify_error(bci, "Call to wrong <init> method");
1913 return;
1914 }
1915 // According to the VM spec, if the referent class is a superclass of the
1916 // current class, and is in a different runtime package, and the method is
1917 // protected, then the objectref must be the current class or a subclass
1918 // of the current class.
1919 VerificationType objectref_type = new_class_type;
1920 if (name_in_supers(ref_class_type.name(), current_class())) {
1921 klassOop ref_klass = load_class(
1922 ref_class_type.name(), CHECK_VERIFY(this));
1923 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
1924 vmSymbols::object_initializer_name(),
1925 cp->signature_ref_at(bcs->get_index_u2()));
1926 instanceKlassHandle mh(THREAD, m->method_holder());
1927 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
1928 bool assignable = current_type().is_assignable_from(
1929 objectref_type, this, CHECK_VERIFY(this));
1930 if (!assignable) {
1931 verify_error(bci, "Bad access to protected <init> method");
1932 return;
1933 }
1934 }
1935 }
1936 current_frame->initialize_object(type, new_class_type);
1937 } else {
1938 verify_error(bci, "Bad operand type when invoking <init>");
1939 return;
1940 }
1941 }
1942
1943 void ClassVerifier::verify_invoke_instructions(
1944 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
1945 bool *this_uninit, VerificationType return_type,
1946 constantPoolHandle cp, TRAPS) {
1947 // Make sure the constant pool item is the right type
1948 u2 index = bcs->get_index_u2();
1949 Bytecodes::Code opcode = bcs->raw_code();
1950 unsigned int types = (opcode == Bytecodes::_invokeinterface
1951 ? 1 << JVM_CONSTANT_InterfaceMethodref
1952 : opcode == Bytecodes::_invokedynamic
1953 ? 1 << JVM_CONSTANT_InvokeDynamic
1954 : 1 << JVM_CONSTANT_Methodref);
1955 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1956
1957 // Get method name and signature
1958 Symbol* method_name = cp->name_ref_at(index);
1959 Symbol* method_sig = cp->signature_ref_at(index);
1960
1961 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
1962 class_format_error(
1963 "Invalid method signature in class %s referenced "
1964 "from constant pool index %d", _klass->external_name(), index);
1965 return;
1966 }
1967
1968 // Get referenced class type
1969 VerificationType ref_class_type;
1970 if (opcode == Bytecodes::_invokedynamic) {
1971 if (!EnableInvokeDynamic ||
1972 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
1973 class_format_error(
1974 (!EnableInvokeDynamic ?
1975 "invokedynamic instructions not enabled in this JVM" :
2012 }
2013 int nargs = sig_i;
2014
2015 #ifdef ASSERT
2016 {
2017 ArgumentSizeComputer size_it(method_sig);
2018 assert(nargs == size_it.size(), "Argument sizes do not match");
2019 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2020 }
2021 #endif
2022
2023 // Check instruction operands
2024 u2 bci = bcs->bci();
2025 if (opcode == Bytecodes::_invokeinterface) {
2026 address bcp = bcs->bcp();
2027 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2028 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2029 // the difference between the size of the operand stack before and after the instruction
2030 // executes.
2031 if (*(bcp+3) != (nargs+1)) {
2032 verify_error(bci, "Inconsistent args count operand in invokeinterface");
2033 return;
2034 }
2035 if (*(bcp+4) != 0) {
2036 verify_error(bci, "Fourth operand byte of invokeinterface must be zero");
2037 return;
2038 }
2039 }
2040
2041 if (opcode == Bytecodes::_invokedynamic) {
2042 address bcp = bcs->bcp();
2043 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2044 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero");
2045 return;
2046 }
2047 }
2048
2049 if (method_name->byte_at(0) == '<') {
2050 // Make sure <init> can only be invoked by invokespecial
2051 if (opcode != Bytecodes::_invokespecial ||
2052 method_name != vmSymbols::object_initializer_name()) {
2053 verify_error(bci, "Illegal call to internal method");
2054 return;
2055 }
2056 } else if (opcode == Bytecodes::_invokespecial
2057 && !ref_class_type.equals(current_type())
2058 && !ref_class_type.equals(VerificationType::reference_type(
2059 current_class()->super()->klass_part()->name()))) {
2060 bool subtype = ref_class_type.is_assignable_from(
2061 current_type(), this, CHECK_VERIFY(this));
2062 if (!subtype) {
2063 verify_error(bci, "Bad invokespecial instruction: "
2064 "current class isn't assignable to reference class.");
2065 return;
2066 }
2067 }
2068 // Match method descriptor with operand stack
2069 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2070 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2071 }
2072 // Check objectref on operand stack
2073 if (opcode != Bytecodes::_invokestatic &&
2074 opcode != Bytecodes::_invokedynamic) {
2075 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2076 verify_invoke_init(bcs, ref_class_type, current_frame,
2077 code_length, this_uninit, cp, CHECK_VERIFY(this));
2078 } else { // other methods
2079 // Ensures that target class is assignable to method class.
2080 if (opcode == Bytecodes::_invokespecial) {
2081 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2082 } else if (opcode == Bytecodes::_invokevirtual) {
2083 VerificationType stack_object_type =
2084 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2085 if (current_type() != stack_object_type) {
2086 assert(cp->cache() == NULL, "not rewritten yet");
2087 Symbol* ref_class_name =
2088 cp->klass_name_at(cp->klass_ref_index_at(index));
2089 // See the comments in verify_field_instructions() for
2090 // the rationale behind this.
2091 if (name_in_supers(ref_class_name, current_class())) {
2092 klassOop ref_class = load_class(ref_class_name, CHECK);
2093 if (is_protected_access(
2094 _klass, ref_class, method_name, method_sig, true)) {
2095 // It's protected access, check if stack object is
2096 // assignable to current class.
2097 bool is_assignable = current_type().is_assignable_from(
2098 stack_object_type, this, CHECK_VERIFY(this));
2099 if (!is_assignable) {
2100 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2101 && stack_object_type.is_array()
2102 && method_name == vmSymbols::clone_name()) {
2103 // Special case: arrays pretend to implement public Object
2104 // clone().
2105 } else {
2106 verify_error(bci,
2107 "Bad access to protected data in invokevirtual");
2108 return;
2109 }
2110 }
2111 }
2112 }
2113 }
2114 } else {
2115 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2116 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2117 }
2118 }
2119 }
2120 // Push the result type.
2121 if (sig_stream.type() != T_VOID) {
2122 if (method_name == vmSymbols::object_initializer_name()) {
2123 // <init> method must have a void return type
2124 verify_error(bci, "Return type must be void in <init> method");
2125 return;
2126 }
2127 VerificationType return_type[2];
2128 int n = change_sig_to_verificationType(
2129 &sig_stream, return_type, CHECK_VERIFY(this));
2130 for (int i = 0; i < n; i++) {
2131 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2132 }
2133 }
2134 }
2135
2136 VerificationType ClassVerifier::get_newarray_type(
2137 u2 index, u2 bci, TRAPS) {
2138 const char* from_bt[] = {
2139 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2140 };
2141 if (index < T_BOOLEAN || index > T_LONG) {
2142 verify_error(bci, "Illegal newarray instruction");
2143 return VerificationType::bogus_type();
2144 }
2145
2146 // from_bt[index] contains the array signature which has a length of 2
2147 Symbol* sig = create_temporary_symbol(
2148 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2149 return VerificationType::reference_type(sig);
2150 }
2151
2152 void ClassVerifier::verify_anewarray(
2153 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) {
2154 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
2155 current_frame->pop_stack(
2156 VerificationType::integer_type(), CHECK_VERIFY(this));
2157
2158 VerificationType component_type =
2159 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2160 int length;
2161 char* arr_sig_str;
2162 if (component_type.is_array()) { // it's an array
2163 const char* component_name = component_type.name()->as_utf8();
2164 // add one dimension to component
2165 length = (int)strlen(component_name) + 1;
2166 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2167 arr_sig_str[0] = '[';
2168 strncpy(&arr_sig_str[1], component_name, length - 1);
2169 } else { // it's an object or interface
2170 const char* component_name = component_type.name()->as_utf8();
2171 // add one dimension to component with 'L' prepended and ';' postpended.
2172 length = (int)strlen(component_name) + 3;
2173 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2174 arr_sig_str[0] = '[';
2247 VerificationType::double2_type(),
2248 VerificationType::double_type(), CHECK_VERIFY(this));
2249 current_frame->set_local_2(
2250 index, VerificationType::double_type(),
2251 VerificationType::double2_type(), CHECK_VERIFY(this));
2252 }
2253
2254 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2255 VerificationType type = current_frame->pop_stack(
2256 VerificationType::reference_check(), CHECK_VERIFY(this));
2257 current_frame->set_local(index, type, CHECK_VERIFY(this));
2258 }
2259
2260 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2261 VerificationType type = current_frame->get_local(
2262 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2263 current_frame->set_local(index, type, CHECK_VERIFY(this));
2264 }
2265
2266 void ClassVerifier::verify_return_value(
2267 VerificationType return_type, VerificationType type, u2 bci, TRAPS) {
2268 if (return_type == VerificationType::bogus_type()) {
2269 verify_error(bci, "Method expects a return value");
2270 return;
2271 }
2272 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
2273 if (!match) {
2274 verify_error(bci, "Bad return type");
2275 return;
2276 }
2277 }
2278
2279 // The verifier creates symbols which are substrings of Symbols.
2280 // These are stored in the verifier until the end of verification so that
2281 // they can be reference counted.
2282 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
2283 int end, TRAPS) {
2284 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2285 _symbols->push(sym);
2286 return sym;
2287 }
2288
2289 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2290 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2291 _symbols->push(sym);
2292 return sym;
2293 }
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/javaClasses.hpp"
28 #include "classfile/stackMapTable.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTableFormat.hpp"
31 #include "classfile/systemDictionary.hpp"
32 #include "classfile/verifier.hpp"
33 #include "classfile/vmSymbols.hpp"
34 #include "interpreter/bytecodes.hpp"
35 #include "interpreter/bytecodeStream.hpp"
36 #include "memory/oopFactory.hpp"
37 #include "memory/resourceArea.hpp"
38 #include "oops/instanceKlass.hpp"
39 #include "oops/oop.inline.hpp"
40 #include "oops/typeArrayOop.hpp"
41 #include "prims/jvm.h"
42 #include "runtime/fieldDescriptor.hpp"
43 #include "runtime/handles.inline.hpp"
44 #include "runtime/interfaceSupport.hpp"
45 #include "runtime/javaCalls.hpp"
46 #include "runtime/orderAccess.hpp"
47 #include "runtime/os.hpp"
48 #ifdef TARGET_ARCH_x86
49 # include "bytes_x86.hpp"
50 #endif
51 #ifdef TARGET_ARCH_sparc
52 # include "bytes_sparc.hpp"
53 #endif
54 #ifdef TARGET_ARCH_zero
96 BytecodeVerificationLocal : BytecodeVerificationRemote;
97 }
98
99 bool Verifier::relax_verify_for(oop loader) {
100 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
101 bool need_verify =
102 // verifyAll
103 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
104 // verifyRemote
105 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
106 return !need_verify;
107 }
108
109 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
110 HandleMark hm;
111 ResourceMark rm(THREAD);
112
113 Symbol* exception_name = NULL;
114 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
115 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
116 char* exception_message = message_buffer;
117
118 const char* klassName = klass->external_name();
119 bool can_failover = FailOverToOldVerifier &&
120 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
121
122 // If the class should be verified, first see if we can use the split
123 // verifier. If not, or if verification fails and FailOverToOldVerifier
124 // is set, then call the inference verifier.
125 if (is_eligible_for_verification(klass, should_verify_class)) {
126 if (TraceClassInitialization) {
127 tty->print_cr("Start class verification for: %s", klassName);
128 }
129 if (UseSplitVerifier &&
130 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
131 ClassVerifier split_verifier(klass, THREAD);
132 split_verifier.verify_class(THREAD);
133 exception_name = split_verifier.result();
134 if (can_failover && !HAS_PENDING_EXCEPTION &&
135 (exception_name == vmSymbols::java_lang_VerifyError() ||
136 exception_name == vmSymbols::java_lang_ClassFormatError())) {
137 if (TraceClassInitialization || VerboseVerification) {
138 tty->print_cr(
139 "Fail over class verification to old verifier for: %s", klassName);
140 }
141 exception_name = inference_verify(
142 klass, message_buffer, message_buffer_len, THREAD);
143 }
144 if (exception_name != NULL) {
145 exception_message = split_verifier.exception_message();
146 }
147 } else {
148 exception_name = inference_verify(
149 klass, message_buffer, message_buffer_len, THREAD);
150 }
151
152 if (TraceClassInitialization || VerboseVerification) {
153 if (HAS_PENDING_EXCEPTION) {
154 tty->print("Verification for %s has", klassName);
155 tty->print_cr(" exception pending %s ",
156 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
157 } else if (exception_name != NULL) {
158 tty->print_cr("Verification for %s failed", klassName);
159 }
160 tty->print_cr("End class verification for: %s", klassName);
161 }
162 }
163
164 if (HAS_PENDING_EXCEPTION) {
165 return false; // use the existing exception
166 } else if (exception_name == NULL) {
167 return true; // verifcation succeeded
168 } else { // VerifyError or ClassFormatError to be created and thrown
169 ResourceMark rm(THREAD);
170 instanceKlassHandle kls =
171 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
172 while (!kls.is_null()) {
173 if (kls == klass) {
174 // If the class being verified is the exception we're creating
175 // or one of it's superclasses, we're in trouble and are going
176 // to infinitely recurse when we try to initialize the exception.
177 // So bail out here by throwing the preallocated VM error.
178 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
179 }
180 kls = kls->super();
181 }
182 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
183 THROW_MSG_(exception_name, exception_message, false);
184 }
185 }
186
187 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
188 Symbol* name = klass->name();
189 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
190
191 return (should_verify_for(klass->class_loader(), should_verify_class) &&
192 // return if the class is a bootstrapping class
193 // or defineClass specified not to verify by default (flags override passed arg)
194 // We need to skip the following four for bootstraping
195 name != vmSymbols::java_lang_Object() &&
196 name != vmSymbols::java_lang_Class() &&
197 name != vmSymbols::java_lang_String() &&
198 name != vmSymbols::java_lang_Throwable() &&
199
200 // Can not verify the bytecodes for shared classes because they have
201 // already been rewritten to contain constant pool cache indices,
202 // which the verifier can't understand.
203 // Shared classes shouldn't have stackmaps either.
211 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
212 (refl_magic_klass == NULL ||
213 !klass->is_subtype_of(refl_magic_klass) ||
214 VerifyReflectionBytecodes)
215 );
216 }
217
218 Symbol* Verifier::inference_verify(
219 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
220 JavaThread* thread = (JavaThread*)THREAD;
221 JNIEnv *env = thread->jni_environment();
222
223 void* verify_func = verify_byte_codes_fn();
224
225 if (verify_func == NULL) {
226 jio_snprintf(message, message_len, "Could not link verifier");
227 return vmSymbols::java_lang_VerifyError();
228 }
229
230 ResourceMark rm(THREAD);
231 if (VerboseVerification) {
232 tty->print_cr("Verifying class %s with old format", klass->external_name());
233 }
234
235 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
236 jint result;
237
238 {
239 HandleMark hm(thread);
240 ThreadToNativeFromVM ttn(thread);
241 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
242 // code knows that we have left the VM
243
244 if (_is_new_verify_byte_codes_fn) {
245 verify_byte_codes_fn_new_t func =
246 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
247 result = (*func)(env, cls, message, (int)message_len,
248 klass->major_version());
249 } else {
250 verify_byte_codes_fn_t func =
251 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
255
256 JNIHandles::destroy_local(cls);
257
258 // These numbers are chosen so that VerifyClassCodes interface doesn't need
259 // to be changed (still return jboolean (unsigned char)), and result is
260 // 1 when verification is passed.
261 if (result == 0) {
262 return vmSymbols::java_lang_VerifyError();
263 } else if (result == 1) {
264 return NULL; // verified.
265 } else if (result == 2) {
266 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
267 } else if (result == 3) {
268 return vmSymbols::java_lang_ClassFormatError();
269 } else {
270 ShouldNotReachHere();
271 return NULL;
272 }
273 }
274
275 TypeOrigin TypeOrigin::null() {
276 return TypeOrigin();
277 }
278 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
279 assert(frame != NULL, "Must have a frame");
280 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
281 frame->local_at(index));
282 }
283 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
284 assert(frame != NULL, "Must have a frame");
285 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
286 frame->stack_at(index));
287 }
288 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
289 assert(frame != NULL, "Must have a frame");
290 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
291 frame->local_at(index));
292 }
293 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
294 assert(frame != NULL, "Must have a frame");
295 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
296 frame->stack_at(index));
297 }
298 TypeOrigin TypeOrigin::bad_index(u2 index) {
299 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
300 }
301 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
302 return TypeOrigin(CONST_POOL, index, NULL, vt);
303 }
304 TypeOrigin TypeOrigin::signature(VerificationType vt) {
305 return TypeOrigin(SIG, 0, NULL, vt);
306 }
307 TypeOrigin TypeOrigin::implicit(VerificationType t) {
308 return TypeOrigin(IMPLICIT, 0, NULL, t);
309 }
310 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
311 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
312 VerificationType::bogus_type());
313 }
314
315 void TypeOrigin::reset_frame() {
316 if (_frame != NULL) {
317 _frame->restore();
318 }
319 }
320
321 void TypeOrigin::details(outputStream* ss) {
322 _type.print_on(ss);
323 switch (_origin) {
324 case CF_LOCALS:
325 ss->print(" (current frame, locals[%d])", _index);
326 break;
327 case CF_STACK:
328 ss->print(" (current frame, stack[%d])", _index);
329 break;
330 case SM_LOCALS:
331 ss->print(" (stack map, locals[%d])", _index);
332 break;
333 case SM_STACK:
334 ss->print(" (stack map, stack[%d])", _index);
335 break;
336 case CONST_POOL:
337 ss->print(" (constant pool %d)", _index);
338 break;
339 case SIG:
340 ss->print(" (from method signature)");
341 break;
342 case IMPLICIT:
343 case FRAME_ONLY:
344 case NONE:
345 default:
346 ;
347 }
348 }
349
350 #ifdef ASSERT
351 void TypeOrigin::print(outputStream* str) {
352 str->print("{%d,%d,%p:", _origin, _index, _frame);
353 if (_frame != NULL) {
354 _frame->print(str);
355 } else {
356 str->print("null");
357 }
358 str->print(",");
359 _type.print_on(str);
360 str->print("}");
361 }
362 #endif
363
364 void ErrorContext::details(outputStream* ss, methodOop method) {
365 if (is_valid()) {
366 ss->print_cr("");
367 ss->print_cr("Exception Details:");
368 location_details(ss, method);
369 reason_details(ss);
370 frame_details(ss);
371 bytecode_details(ss, method);
372 handler_details(ss, method);
373 stackmap_details(ss, method);
374 }
375 }
376
377 void ErrorContext::reason_details(outputStream* ss) {
378 streamIndentor si(ss);
379 ss->indent().print_cr("Reason:");
380 streamIndentor si2(ss);
381 ss->indent().print("");
382 switch (_fault) {
383 case INVALID_BYTECODE:
384 ss->print("Error exists in the bytecode");
385 break;
386 case WRONG_TYPE:
387 if (_expected.is_valid()) {
388 ss->print("Type ");
389 _type.details(ss);
390 ss->print(" is not assignable to ");
391 _expected.details(ss);
392 } else {
393 ss->print("Invalid type: ");
394 _type.details(ss);
395 }
396 break;
397 case FLAGS_MISMATCH:
398 if (_expected.is_valid()) {
399 ss->print("Current frame's flags are not assignable "
400 "to stack map frame's.");
401 } else {
402 ss->print("Current frame's flags are invalid in this context.");
403 }
404 break;
405 case BAD_CP_INDEX:
406 ss->print("Constant pool index %d is invalid", _type.index());
407 break;
408 case BAD_LOCAL_INDEX:
409 ss->print("Local index %d is invalid", _type.index());
410 break;
411 case LOCALS_SIZE_MISMATCH:
412 ss->print("Current frame's local size doesn't match stackmap.");
413 break;
414 case STACK_SIZE_MISMATCH:
415 ss->print("Current frame's stack size doesn't match stackmap.");
416 break;
417 case STACK_OVERFLOW:
418 ss->print("Exceeded max stack size.");
419 break;
420 case STACK_UNDERFLOW:
421 ss->print("Attempt to pop empty stack.");
422 break;
423 case MISSING_STACKMAP:
424 ss->print("Expected stackmap frame at this location.");
425 break;
426 case BAD_STACKMAP:
427 ss->print("Invalid stackmap specification.");
428 break;
429 case UNKNOWN:
430 default:
431 ShouldNotReachHere();
432 ss->print_cr("Unknown");
433 }
434 ss->print_cr("");
435 }
436
437 void ErrorContext::location_details(outputStream* ss, methodOop method) {
438 if (_bci != -1 && method != NULL) {
439 streamIndentor si(ss);
440 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
441 instanceKlass* ik = instanceKlass::cast(method->method_holder());
442 ss->indent().print_cr("Location:");
443 streamIndentor si2(ss);
444 ss->indent().print_cr("%s.%s%s @%d: %s",
445 ik->name()->as_C_string(),
446 method->name()->as_C_string(),
447 method->signature()->as_C_string(), _bci,
448 Bytecodes::is_defined(code) ? Bytecodes::name(code) : "<illegal>");
449 }
450 }
451
452 void ErrorContext::frame_details(outputStream* ss) {
453 streamIndentor si(ss);
454 if (_type.is_valid() && _type.frame() != NULL) {
455 ss->indent().print_cr("Current Frame:");
456 streamIndentor si2(ss);
457 _type.frame()->print(ss);
458 }
459 if (_expected.is_valid() && _expected.frame() != NULL) {
460 ss->indent().print_cr("Stackmap Frame:");
461 streamIndentor si2(ss);
462 _expected.frame()->print(ss);
463 }
464 }
465
466 void ErrorContext::bytecode_details(outputStream* ss, methodOop method) {
467 if (method != NULL) {
468 streamIndentor si(ss);
469 ss->indent().print_cr("Bytecode:");
470 streamIndentor si2(ss);
471 ss->print_data(method->code_base(), method->code_size(), false);
472 }
473 }
474
475 void ErrorContext::handler_details(outputStream* ss, methodOop method) {
476 if (method != NULL) {
477 streamIndentor si(ss);
478 ExceptionTable table(method);
479 if (table.length() > 0) {
480 ss->indent().print_cr("Exception Handler Table:");
481 streamIndentor si2(ss);
482 for (int i = 0; i < table.length(); ++i) {
483 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
484 table.end_pc(i), table.handler_pc(i));
485 }
486 }
487 }
488 }
489
490 void ErrorContext::stackmap_details(outputStream* ss, methodOop method) {
491 if (method != NULL && method->has_stackmap_table()) {
492 streamIndentor si(ss);
493 ss->indent().print_cr("Stackmap Table:");
494 typeArrayOop data = method->stackmap_data();
495 stack_map_table* sm_table =
496 stack_map_table::at((address)data->byte_at_addr(0));
497 stack_map_frame* sm_frame = sm_table->entries();
498 streamIndentor si2(ss);
499 int current_offset = -1;
500 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
501 ss->indent();
502 sm_frame->print_on(ss, current_offset);
503 ss->print_cr("");
504 current_offset += sm_frame->offset_delta();
505 sm_frame = sm_frame->next();
506 }
507 }
508 }
509
510 // Methods in ClassVerifier
511
512 ClassVerifier::ClassVerifier(
513 instanceKlassHandle klass, TRAPS)
514 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
515 _this_type = VerificationType::reference_type(klass->name());
516 // Create list to hold symbols in reference area.
517 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
518 }
519
520 ClassVerifier::~ClassVerifier() {
521 // Decrement the reference count for any symbols created.
522 for (int i = 0; i < _symbols->length(); i++) {
523 Symbol* s = _symbols->at(i);
524 s->decrement_refcount();
525 }
526 }
527
528 VerificationType ClassVerifier::object_type() const {
529 return VerificationType::reference_type(vmSymbols::java_lang_Object());
530 }
531
532 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
533 VerificationType vt = VerificationType::reference_type(
534 create_temporary_symbol(sig, strlen(sig), THREAD));
535 return TypeOrigin::implicit(vt);
536 }
537
538 void ClassVerifier::verify_class(TRAPS) {
539 if (VerboseVerification) {
540 tty->print_cr("Verifying class %s with new format",
541 _klass->external_name());
542 }
543
544 objArrayHandle methods(THREAD, _klass->methods());
545 int num_methods = methods->length();
546
547 for (int index = 0; index < num_methods; index++) {
548 // Check for recursive re-verification before each method.
549 if (was_recursively_verified()) return;
550
551 methodOop m = (methodOop)methods->obj_at(index);
552 if (m->is_native() || m->is_abstract()) {
553 // If m is native or abstract, skip it. It is checked in class file
554 // parser that methods do not override a final method.
555 continue;
556 }
557 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
558 }
559
560 if (VerboseVerification || TraceClassInitialization) {
561 if (was_recursively_verified())
562 tty->print_cr("Recursive verification detected for: %s",
563 _klass->external_name());
564 }
565 }
566
567 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
568 _method = m; // initialize _method
569 if (VerboseVerification) {
570 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
571 }
572
573 const char* bad_type_msg = "Bad type on operand stack in %s";
574
575 int32_t max_stack = m->max_stack();
576 int32_t max_locals = m->max_locals();
577 constantPoolHandle cp(THREAD, m->constants());
578
579 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
580 class_format_error("Invalid method signature");
581 return;
582 }
583
584 // Initial stack map frame: offset is 0, stack is initially empty.
585 StackMapFrame current_frame(max_locals, max_stack, this);
586 // Set initial locals
587 VerificationType return_type = current_frame.set_locals_from_arg(
588 m, current_type(), CHECK_VERIFY(this));
589
596
597 int ex_min = code_length;
598 int ex_max = -1;
599 // Look through each item on the exception table. Each of the fields must refer
600 // to a legal instruction.
601 verify_exception_handler_table(
602 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
603
604 // Look through each entry on the local variable table and make sure
605 // its range of code array offsets is valid. (4169817)
606 if (m->has_localvariable_table()) {
607 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
608 }
609
610 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
611 StackMapStream stream(stackmap_data);
612 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
613 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
614 code_data, code_length, CHECK_VERIFY(this));
615
616 if (VerboseVerification) {
617 stackmap_table.print(tty);
618 }
619
620 RawBytecodeStream bcs(m);
621
622 // Scan the byte code linearly from the start to the end
623 bool no_control_flow = false; // Set to true when there is no direct control
624 // flow from current instruction to the next
625 // instruction in sequence
626 Bytecodes::Code opcode;
627 while (!bcs.is_last_bytecode()) {
628 // Check for recursive re-verification before each bytecode.
629 if (was_recursively_verified()) return;
630
631 opcode = bcs.raw_next();
632 u2 bci = bcs.bci();
633
634 // Set current frame's offset to bci
635 current_frame.set_offset(bci);
636 current_frame.set_mark();
637
638 // Make sure every offset in stackmap table point to the beginning to
639 // an instruction. Match current_frame to stackmap_table entry with
640 // the same offset if exists.
641 stackmap_index = verify_stackmap_table(
642 stackmap_index, bci, ¤t_frame, &stackmap_table,
643 no_control_flow, CHECK_VERIFY(this));
644
645
646 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
647
648 // Merge with the next instruction
649 {
650 u2 index;
651 int target;
652 VerificationType type, type2;
653 VerificationType atype;
654
655 #ifndef PRODUCT
656 if (VerboseVerification) {
657 current_frame.print(tty);
658 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
659 }
660 #endif
661
662 // Make sure wide instruction is in correct format
663 if (bcs.is_wide()) {
664 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
665 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
666 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
667 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
668 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
669 opcode != Bytecodes::_dstore) {
670 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
671 * if we encounter a wide instruction that modifies an invalid
672 * opcode (not one of the ones listed above) */
673 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
674 return;
675 }
676 }
677
678 switch (opcode) {
679 case Bytecodes::_nop :
680 no_control_flow = false; break;
681 case Bytecodes::_aconst_null :
682 current_frame.push_stack(
683 VerificationType::null_type(), CHECK_VERIFY(this));
684 no_control_flow = false; break;
685 case Bytecodes::_iconst_m1 :
686 case Bytecodes::_iconst_0 :
687 case Bytecodes::_iconst_1 :
688 case Bytecodes::_iconst_2 :
689 case Bytecodes::_iconst_3 :
690 case Bytecodes::_iconst_4 :
691 case Bytecodes::_iconst_5 :
692 current_frame.push_stack(
693 VerificationType::integer_type(), CHECK_VERIFY(this));
765 case Bytecodes::_dload_3 :
766 index = opcode - Bytecodes::_dload_0;
767 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
768 no_control_flow = false; break;
769 case Bytecodes::_aload :
770 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
771 no_control_flow = false; break;
772 case Bytecodes::_aload_0 :
773 case Bytecodes::_aload_1 :
774 case Bytecodes::_aload_2 :
775 case Bytecodes::_aload_3 :
776 index = opcode - Bytecodes::_aload_0;
777 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
778 no_control_flow = false; break;
779 case Bytecodes::_iaload :
780 type = current_frame.pop_stack(
781 VerificationType::integer_type(), CHECK_VERIFY(this));
782 atype = current_frame.pop_stack(
783 VerificationType::reference_check(), CHECK_VERIFY(this));
784 if (!atype.is_int_array()) {
785 verify_error(ErrorContext::bad_type(bci,
786 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
787 bad_type_msg, "iaload");
788 return;
789 }
790 current_frame.push_stack(
791 VerificationType::integer_type(), CHECK_VERIFY(this));
792 no_control_flow = false; break;
793 case Bytecodes::_baload :
794 type = current_frame.pop_stack(
795 VerificationType::integer_type(), CHECK_VERIFY(this));
796 atype = current_frame.pop_stack(
797 VerificationType::reference_check(), CHECK_VERIFY(this));
798 if (!atype.is_bool_array() && !atype.is_byte_array()) {
799 verify_error(
800 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
801 bad_type_msg, "baload");
802 return;
803 }
804 current_frame.push_stack(
805 VerificationType::integer_type(), CHECK_VERIFY(this));
806 no_control_flow = false; break;
807 case Bytecodes::_caload :
808 type = current_frame.pop_stack(
809 VerificationType::integer_type(), CHECK_VERIFY(this));
810 atype = current_frame.pop_stack(
811 VerificationType::reference_check(), CHECK_VERIFY(this));
812 if (!atype.is_char_array()) {
813 verify_error(ErrorContext::bad_type(bci,
814 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
815 bad_type_msg, "caload");
816 return;
817 }
818 current_frame.push_stack(
819 VerificationType::integer_type(), CHECK_VERIFY(this));
820 no_control_flow = false; break;
821 case Bytecodes::_saload :
822 type = current_frame.pop_stack(
823 VerificationType::integer_type(), CHECK_VERIFY(this));
824 atype = current_frame.pop_stack(
825 VerificationType::reference_check(), CHECK_VERIFY(this));
826 if (!atype.is_short_array()) {
827 verify_error(ErrorContext::bad_type(bci,
828 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
829 bad_type_msg, "saload");
830 return;
831 }
832 current_frame.push_stack(
833 VerificationType::integer_type(), CHECK_VERIFY(this));
834 no_control_flow = false; break;
835 case Bytecodes::_laload :
836 type = current_frame.pop_stack(
837 VerificationType::integer_type(), CHECK_VERIFY(this));
838 atype = current_frame.pop_stack(
839 VerificationType::reference_check(), CHECK_VERIFY(this));
840 if (!atype.is_long_array()) {
841 verify_error(ErrorContext::bad_type(bci,
842 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
843 bad_type_msg, "laload");
844 return;
845 }
846 current_frame.push_stack_2(
847 VerificationType::long_type(),
848 VerificationType::long2_type(), CHECK_VERIFY(this));
849 no_control_flow = false; break;
850 case Bytecodes::_faload :
851 type = current_frame.pop_stack(
852 VerificationType::integer_type(), CHECK_VERIFY(this));
853 atype = current_frame.pop_stack(
854 VerificationType::reference_check(), CHECK_VERIFY(this));
855 if (!atype.is_float_array()) {
856 verify_error(ErrorContext::bad_type(bci,
857 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
858 bad_type_msg, "faload");
859 return;
860 }
861 current_frame.push_stack(
862 VerificationType::float_type(), CHECK_VERIFY(this));
863 no_control_flow = false; break;
864 case Bytecodes::_daload :
865 type = current_frame.pop_stack(
866 VerificationType::integer_type(), CHECK_VERIFY(this));
867 atype = current_frame.pop_stack(
868 VerificationType::reference_check(), CHECK_VERIFY(this));
869 if (!atype.is_double_array()) {
870 verify_error(ErrorContext::bad_type(bci,
871 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
872 bad_type_msg, "daload");
873 return;
874 }
875 current_frame.push_stack_2(
876 VerificationType::double_type(),
877 VerificationType::double2_type(), CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_aaload : {
880 type = current_frame.pop_stack(
881 VerificationType::integer_type(), CHECK_VERIFY(this));
882 atype = current_frame.pop_stack(
883 VerificationType::reference_check(), CHECK_VERIFY(this));
884 if (!atype.is_reference_array()) {
885 verify_error(ErrorContext::bad_type(bci,
886 current_frame.stack_top_ctx(),
887 TypeOrigin::implicit(VerificationType::reference_check())),
888 bad_type_msg, "aaload");
889 return;
890 }
891 if (atype.is_null()) {
892 current_frame.push_stack(
893 VerificationType::null_type(), CHECK_VERIFY(this));
894 } else {
895 VerificationType component =
896 atype.get_component(this, CHECK_VERIFY(this));
897 current_frame.push_stack(component, CHECK_VERIFY(this));
898 }
899 no_control_flow = false; break;
900 }
901 case Bytecodes::_istore :
902 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
903 no_control_flow = false; break;
904 case Bytecodes::_istore_0 :
905 case Bytecodes::_istore_1 :
906 case Bytecodes::_istore_2 :
907 case Bytecodes::_istore_3 :
908 index = opcode - Bytecodes::_istore_0;
939 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
940 no_control_flow = false; break;
941 case Bytecodes::_astore :
942 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
943 no_control_flow = false; break;
944 case Bytecodes::_astore_0 :
945 case Bytecodes::_astore_1 :
946 case Bytecodes::_astore_2 :
947 case Bytecodes::_astore_3 :
948 index = opcode - Bytecodes::_astore_0;
949 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
950 no_control_flow = false; break;
951 case Bytecodes::_iastore :
952 type = current_frame.pop_stack(
953 VerificationType::integer_type(), CHECK_VERIFY(this));
954 type2 = current_frame.pop_stack(
955 VerificationType::integer_type(), CHECK_VERIFY(this));
956 atype = current_frame.pop_stack(
957 VerificationType::reference_check(), CHECK_VERIFY(this));
958 if (!atype.is_int_array()) {
959 verify_error(ErrorContext::bad_type(bci,
960 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
961 bad_type_msg, "iastore");
962 return;
963 }
964 no_control_flow = false; break;
965 case Bytecodes::_bastore :
966 type = current_frame.pop_stack(
967 VerificationType::integer_type(), CHECK_VERIFY(this));
968 type2 = current_frame.pop_stack(
969 VerificationType::integer_type(), CHECK_VERIFY(this));
970 atype = current_frame.pop_stack(
971 VerificationType::reference_check(), CHECK_VERIFY(this));
972 if (!atype.is_bool_array() && !atype.is_byte_array()) {
973 verify_error(
974 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
975 bad_type_msg, "bastore");
976 return;
977 }
978 no_control_flow = false; break;
979 case Bytecodes::_castore :
980 current_frame.pop_stack(
981 VerificationType::integer_type(), CHECK_VERIFY(this));
982 current_frame.pop_stack(
983 VerificationType::integer_type(), CHECK_VERIFY(this));
984 atype = current_frame.pop_stack(
985 VerificationType::reference_check(), CHECK_VERIFY(this));
986 if (!atype.is_char_array()) {
987 verify_error(ErrorContext::bad_type(bci,
988 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
989 bad_type_msg, "castore");
990 return;
991 }
992 no_control_flow = false; break;
993 case Bytecodes::_sastore :
994 current_frame.pop_stack(
995 VerificationType::integer_type(), CHECK_VERIFY(this));
996 current_frame.pop_stack(
997 VerificationType::integer_type(), CHECK_VERIFY(this));
998 atype = current_frame.pop_stack(
999 VerificationType::reference_check(), CHECK_VERIFY(this));
1000 if (!atype.is_short_array()) {
1001 verify_error(ErrorContext::bad_type(bci,
1002 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1003 bad_type_msg, "sastore");
1004 return;
1005 }
1006 no_control_flow = false; break;
1007 case Bytecodes::_lastore :
1008 current_frame.pop_stack_2(
1009 VerificationType::long2_type(),
1010 VerificationType::long_type(), CHECK_VERIFY(this));
1011 current_frame.pop_stack(
1012 VerificationType::integer_type(), CHECK_VERIFY(this));
1013 atype = current_frame.pop_stack(
1014 VerificationType::reference_check(), CHECK_VERIFY(this));
1015 if (!atype.is_long_array()) {
1016 verify_error(ErrorContext::bad_type(bci,
1017 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1018 bad_type_msg, "lastore");
1019 return;
1020 }
1021 no_control_flow = false; break;
1022 case Bytecodes::_fastore :
1023 current_frame.pop_stack(
1024 VerificationType::float_type(), CHECK_VERIFY(this));
1025 current_frame.pop_stack
1026 (VerificationType::integer_type(), CHECK_VERIFY(this));
1027 atype = current_frame.pop_stack(
1028 VerificationType::reference_check(), CHECK_VERIFY(this));
1029 if (!atype.is_float_array()) {
1030 verify_error(ErrorContext::bad_type(bci,
1031 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1032 bad_type_msg, "fastore");
1033 return;
1034 }
1035 no_control_flow = false; break;
1036 case Bytecodes::_dastore :
1037 current_frame.pop_stack_2(
1038 VerificationType::double2_type(),
1039 VerificationType::double_type(), CHECK_VERIFY(this));
1040 current_frame.pop_stack(
1041 VerificationType::integer_type(), CHECK_VERIFY(this));
1042 atype = current_frame.pop_stack(
1043 VerificationType::reference_check(), CHECK_VERIFY(this));
1044 if (!atype.is_double_array()) {
1045 verify_error(ErrorContext::bad_type(bci,
1046 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1047 bad_type_msg, "dastore");
1048 return;
1049 }
1050 no_control_flow = false; break;
1051 case Bytecodes::_aastore :
1052 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1053 type2 = current_frame.pop_stack(
1054 VerificationType::integer_type(), CHECK_VERIFY(this));
1055 atype = current_frame.pop_stack(
1056 VerificationType::reference_check(), CHECK_VERIFY(this));
1057 // more type-checking is done at runtime
1058 if (!atype.is_reference_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(),
1061 TypeOrigin::implicit(VerificationType::reference_check())),
1062 bad_type_msg, "aastore");
1063 return;
1064 }
1065 // 4938384: relaxed constraint in JVMS 3nd edition.
1066 no_control_flow = false; break;
1067 case Bytecodes::_pop :
1068 current_frame.pop_stack(
1069 VerificationType::category1_check(), CHECK_VERIFY(this));
1070 no_control_flow = false; break;
1071 case Bytecodes::_pop2 :
1072 type = current_frame.pop_stack(CHECK_VERIFY(this));
1073 if (type.is_category1()) {
1074 current_frame.pop_stack(
1075 VerificationType::category1_check(), CHECK_VERIFY(this));
1076 } else if (type.is_category2_2nd()) {
1077 current_frame.pop_stack(
1078 VerificationType::category2_check(), CHECK_VERIFY(this));
1079 } else {
1080 /* Unreachable? Would need a category2_1st on TOS
1081 * which does not appear possible. */
1082 verify_error(
1083 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1084 bad_type_msg, "pop2");
1085 return;
1086 }
1087 no_control_flow = false; break;
1088 case Bytecodes::_dup :
1089 type = current_frame.pop_stack(
1090 VerificationType::category1_check(), CHECK_VERIFY(this));
1091 current_frame.push_stack(type, CHECK_VERIFY(this));
1092 current_frame.push_stack(type, CHECK_VERIFY(this));
1093 no_control_flow = false; break;
1094 case Bytecodes::_dup_x1 :
1095 type = current_frame.pop_stack(
1096 VerificationType::category1_check(), CHECK_VERIFY(this));
1097 type2 = current_frame.pop_stack(
1098 VerificationType::category1_check(), CHECK_VERIFY(this));
1099 current_frame.push_stack(type, CHECK_VERIFY(this));
1100 current_frame.push_stack(type2, CHECK_VERIFY(this));
1101 current_frame.push_stack(type, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 case Bytecodes::_dup_x2 :
1104 {
1105 VerificationType type3;
1106 type = current_frame.pop_stack(
1107 VerificationType::category1_check(), CHECK_VERIFY(this));
1108 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1109 if (type2.is_category1()) {
1110 type3 = current_frame.pop_stack(
1111 VerificationType::category1_check(), CHECK_VERIFY(this));
1112 } else if (type2.is_category2_2nd()) {
1113 type3 = current_frame.pop_stack(
1114 VerificationType::category2_check(), CHECK_VERIFY(this));
1115 } else {
1116 /* Unreachable? Would need a category2_1st at stack depth 2 with
1117 * a category1 on TOS which does not appear possible. */
1118 verify_error(ErrorContext::bad_type(
1119 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1120 return;
1121 }
1122 current_frame.push_stack(type, CHECK_VERIFY(this));
1123 current_frame.push_stack(type3, CHECK_VERIFY(this));
1124 current_frame.push_stack(type2, CHECK_VERIFY(this));
1125 current_frame.push_stack(type, CHECK_VERIFY(this));
1126 no_control_flow = false; break;
1127 }
1128 case Bytecodes::_dup2 :
1129 type = current_frame.pop_stack(CHECK_VERIFY(this));
1130 if (type.is_category1()) {
1131 type2 = current_frame.pop_stack(
1132 VerificationType::category1_check(), CHECK_VERIFY(this));
1133 } else if (type.is_category2_2nd()) {
1134 type2 = current_frame.pop_stack(
1135 VerificationType::category2_check(), CHECK_VERIFY(this));
1136 } else {
1137 /* Unreachable? Would need a category2_1st on TOS which does not
1138 * appear possible. */
1139 verify_error(
1140 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1141 bad_type_msg, "dup2");
1142 return;
1143 }
1144 current_frame.push_stack(type2, CHECK_VERIFY(this));
1145 current_frame.push_stack(type, CHECK_VERIFY(this));
1146 current_frame.push_stack(type2, CHECK_VERIFY(this));
1147 current_frame.push_stack(type, CHECK_VERIFY(this));
1148 no_control_flow = false; break;
1149 case Bytecodes::_dup2_x1 :
1150 {
1151 VerificationType type3;
1152 type = current_frame.pop_stack(CHECK_VERIFY(this));
1153 if (type.is_category1()) {
1154 type2 = current_frame.pop_stack(
1155 VerificationType::category1_check(), CHECK_VERIFY(this));
1156 } else if (type.is_category2_2nd()) {
1157 type2 = current_frame.pop_stack(
1158 VerificationType::category2_check(), CHECK_VERIFY(this));
1159 } else {
1160 /* Unreachable? Would need a category2_1st on TOS which does
1161 * not appear possible. */
1162 verify_error(
1163 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1164 bad_type_msg, "dup2_x1");
1165 return;
1166 }
1167 type3 = current_frame.pop_stack(
1168 VerificationType::category1_check(), CHECK_VERIFY(this));
1169 current_frame.push_stack(type2, CHECK_VERIFY(this));
1170 current_frame.push_stack(type, CHECK_VERIFY(this));
1171 current_frame.push_stack(type3, CHECK_VERIFY(this));
1172 current_frame.push_stack(type2, CHECK_VERIFY(this));
1173 current_frame.push_stack(type, CHECK_VERIFY(this));
1174 no_control_flow = false; break;
1175 }
1176 case Bytecodes::_dup2_x2 :
1177 {
1178 VerificationType type3, type4;
1179 type = current_frame.pop_stack(CHECK_VERIFY(this));
1180 if (type.is_category1()) {
1181 type2 = current_frame.pop_stack(
1182 VerificationType::category1_check(), CHECK_VERIFY(this));
1183 } else if (type.is_category2_2nd()) {
1184 type2 = current_frame.pop_stack(
1185 VerificationType::category2_check(), CHECK_VERIFY(this));
1186 } else {
1187 /* Unreachable? Would need a category2_1st on TOS which does
1188 * not appear possible. */
1189 verify_error(
1190 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1191 bad_type_msg, "dup2_x2");
1192 return;
1193 }
1194 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1195 if (type3.is_category1()) {
1196 type4 = current_frame.pop_stack(
1197 VerificationType::category1_check(), CHECK_VERIFY(this));
1198 } else if (type3.is_category2_2nd()) {
1199 type4 = current_frame.pop_stack(
1200 VerificationType::category2_check(), CHECK_VERIFY(this));
1201 } else {
1202 /* Unreachable? Would need a category2_1st on TOS after popping
1203 * a long/double or two category 1's, which does not
1204 * appear possible. */
1205 verify_error(
1206 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1207 bad_type_msg, "dup2_x2");
1208 return;
1209 }
1210 current_frame.push_stack(type2, CHECK_VERIFY(this));
1211 current_frame.push_stack(type, CHECK_VERIFY(this));
1212 current_frame.push_stack(type4, CHECK_VERIFY(this));
1213 current_frame.push_stack(type3, CHECK_VERIFY(this));
1214 current_frame.push_stack(type2, CHECK_VERIFY(this));
1215 current_frame.push_stack(type, CHECK_VERIFY(this));
1216 no_control_flow = false; break;
1217 }
1218 case Bytecodes::_swap :
1219 type = current_frame.pop_stack(
1220 VerificationType::category1_check(), CHECK_VERIFY(this));
1221 type2 = current_frame.pop_stack(
1222 VerificationType::category1_check(), CHECK_VERIFY(this));
1223 current_frame.push_stack(type, CHECK_VERIFY(this));
1224 current_frame.push_stack(type2, CHECK_VERIFY(this));
1225 no_control_flow = false; break;
1226 case Bytecodes::_iadd :
1227 case Bytecodes::_isub :
1467 no_control_flow = false; break;
1468 case Bytecodes::_goto :
1469 target = bcs.dest();
1470 stackmap_table.check_jump_target(
1471 ¤t_frame, target, CHECK_VERIFY(this));
1472 no_control_flow = true; break;
1473 case Bytecodes::_goto_w :
1474 target = bcs.dest_w();
1475 stackmap_table.check_jump_target(
1476 ¤t_frame, target, CHECK_VERIFY(this));
1477 no_control_flow = true; break;
1478 case Bytecodes::_tableswitch :
1479 case Bytecodes::_lookupswitch :
1480 verify_switch(
1481 &bcs, code_length, code_data, ¤t_frame,
1482 &stackmap_table, CHECK_VERIFY(this));
1483 no_control_flow = true; break;
1484 case Bytecodes::_ireturn :
1485 type = current_frame.pop_stack(
1486 VerificationType::integer_type(), CHECK_VERIFY(this));
1487 verify_return_value(return_type, type, bci,
1488 ¤t_frame, CHECK_VERIFY(this));
1489 no_control_flow = true; break;
1490 case Bytecodes::_lreturn :
1491 type2 = current_frame.pop_stack(
1492 VerificationType::long2_type(), CHECK_VERIFY(this));
1493 type = current_frame.pop_stack(
1494 VerificationType::long_type(), CHECK_VERIFY(this));
1495 verify_return_value(return_type, type, bci,
1496 ¤t_frame, CHECK_VERIFY(this));
1497 no_control_flow = true; break;
1498 case Bytecodes::_freturn :
1499 type = current_frame.pop_stack(
1500 VerificationType::float_type(), CHECK_VERIFY(this));
1501 verify_return_value(return_type, type, bci,
1502 ¤t_frame, CHECK_VERIFY(this));
1503 no_control_flow = true; break;
1504 case Bytecodes::_dreturn :
1505 type2 = current_frame.pop_stack(
1506 VerificationType::double2_type(), CHECK_VERIFY(this));
1507 type = current_frame.pop_stack(
1508 VerificationType::double_type(), CHECK_VERIFY(this));
1509 verify_return_value(return_type, type, bci,
1510 ¤t_frame, CHECK_VERIFY(this));
1511 no_control_flow = true; break;
1512 case Bytecodes::_areturn :
1513 type = current_frame.pop_stack(
1514 VerificationType::reference_check(), CHECK_VERIFY(this));
1515 verify_return_value(return_type, type, bci,
1516 ¤t_frame, CHECK_VERIFY(this));
1517 no_control_flow = true; break;
1518 case Bytecodes::_return :
1519 if (return_type != VerificationType::bogus_type()) {
1520 verify_error(ErrorContext::bad_code(bci),
1521 "Method expects a return value");
1522 return;
1523 }
1524 // Make sure "this" has been initialized if current method is an
1525 // <init>
1526 if (_method->name() == vmSymbols::object_initializer_name() &&
1527 current_frame.flag_this_uninit()) {
1528 verify_error(ErrorContext::bad_code(bci),
1529 "Constructor must call super() or this() "
1530 "before return");
1531 return;
1532 }
1533 no_control_flow = true; break;
1534 case Bytecodes::_getstatic :
1535 case Bytecodes::_putstatic :
1536 case Bytecodes::_getfield :
1537 case Bytecodes::_putfield :
1538 verify_field_instructions(
1539 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1540 no_control_flow = false; break;
1541 case Bytecodes::_invokevirtual :
1542 case Bytecodes::_invokespecial :
1543 case Bytecodes::_invokestatic :
1544 verify_invoke_instructions(
1545 &bcs, code_length, ¤t_frame,
1546 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1547 no_control_flow = false; break;
1548 case Bytecodes::_invokeinterface :
1549 case Bytecodes::_invokedynamic :
1550 verify_invoke_instructions(
1551 &bcs, code_length, ¤t_frame,
1552 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1553 no_control_flow = false; break;
1554 case Bytecodes::_new :
1555 {
1556 index = bcs.get_index_u2();
1557 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1558 VerificationType new_class_type =
1559 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1560 if (!new_class_type.is_object()) {
1561 verify_error(ErrorContext::bad_type(bci,
1562 TypeOrigin::cp(index, new_class_type)),
1563 "Illegal new instruction");
1564 return;
1565 }
1566 type = VerificationType::uninitialized_type(bci);
1567 current_frame.push_stack(type, CHECK_VERIFY(this));
1568 no_control_flow = false; break;
1569 }
1570 case Bytecodes::_newarray :
1571 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1572 current_frame.pop_stack(
1573 VerificationType::integer_type(), CHECK_VERIFY(this));
1574 current_frame.push_stack(type, CHECK_VERIFY(this));
1575 no_control_flow = false; break;
1576 case Bytecodes::_anewarray :
1577 verify_anewarray(
1578 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1579 no_control_flow = false; break;
1580 case Bytecodes::_arraylength :
1581 type = current_frame.pop_stack(
1582 VerificationType::reference_check(), CHECK_VERIFY(this));
1583 if (!(type.is_null() || type.is_array())) {
1584 verify_error(ErrorContext::bad_type(
1585 bci, current_frame.stack_top_ctx()),
1586 bad_type_msg, "arraylength");
1587 }
1588 current_frame.push_stack(
1589 VerificationType::integer_type(), CHECK_VERIFY(this));
1590 no_control_flow = false; break;
1591 case Bytecodes::_checkcast :
1592 {
1593 index = bcs.get_index_u2();
1594 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1595 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1596 VerificationType klass_type = cp_index_to_type(
1597 index, cp, CHECK_VERIFY(this));
1598 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1599 no_control_flow = false; break;
1600 }
1601 case Bytecodes::_instanceof : {
1602 index = bcs.get_index_u2();
1603 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1604 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1605 current_frame.push_stack(
1606 VerificationType::integer_type(), CHECK_VERIFY(this));
1607 no_control_flow = false; break;
1608 }
1609 case Bytecodes::_monitorenter :
1610 case Bytecodes::_monitorexit :
1611 current_frame.pop_stack(
1612 VerificationType::reference_check(), CHECK_VERIFY(this));
1613 no_control_flow = false; break;
1614 case Bytecodes::_multianewarray :
1615 {
1616 index = bcs.get_index_u2();
1617 u2 dim = *(bcs.bcp()+3);
1618 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1619 VerificationType new_array_type =
1620 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1621 if (!new_array_type.is_array()) {
1622 verify_error(ErrorContext::bad_type(bci,
1623 TypeOrigin::cp(index, new_array_type)),
1624 "Illegal constant pool index in multianewarray instruction");
1625 return;
1626 }
1627 if (dim < 1 || new_array_type.dimensions() < dim) {
1628 verify_error(ErrorContext::bad_code(bci),
1629 "Illegal dimension in multianewarray instruction: %d", dim);
1630 return;
1631 }
1632 for (int i = 0; i < dim; i++) {
1633 current_frame.pop_stack(
1634 VerificationType::integer_type(), CHECK_VERIFY(this));
1635 }
1636 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1637 no_control_flow = false; break;
1638 }
1639 case Bytecodes::_athrow :
1640 type = VerificationType::reference_type(
1641 vmSymbols::java_lang_Throwable());
1642 current_frame.pop_stack(type, CHECK_VERIFY(this));
1643 no_control_flow = true; break;
1644 default:
1645 // We only need to check the valid bytecodes in class file.
1646 // And jsr and ret are not in the new class file format in JDK1.5.
1647 verify_error(ErrorContext::bad_code(bci),
1648 "Bad instruction: %02x", opcode);
1649 no_control_flow = false;
1650 return;
1651 } // end switch
1652 } // end Merge with the next instruction
1653
1654 // Look for possible jump target in exception handlers and see if it
1655 // matches current_frame
1656 if (bci >= ex_min && bci < ex_max) {
1657 verify_exception_handler_targets(
1658 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1659 }
1660 } // end while
1661
1662 // Make sure that control flow does not fall through end of the method
1663 if (!no_control_flow) {
1664 verify_error(ErrorContext::bad_code(code_length),
1665 "Control flow falls through code end");
1666 return;
1667 }
1668 }
1669
1670 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1671 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1672 memset(code_data, 0, sizeof(char) * code_length);
1673 RawBytecodeStream bcs(m);
1674
1675 while (!bcs.is_last_bytecode()) {
1676 if (bcs.raw_next() != Bytecodes::_illegal) {
1677 int bci = bcs.bci();
1678 if (bcs.raw_code() == Bytecodes::_new) {
1679 code_data[bci] = NEW_OFFSET;
1680 } else {
1681 code_data[bci] = BYTECODE_OFFSET;
1682 }
1683 } else {
1684 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1685 return NULL;
1686 }
1687 }
1688
1689 return code_data;
1690 }
1691
1692 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1693 ExceptionTable exhandlers(_method());
1694 int exlength = exhandlers.length();
1695 constantPoolHandle cp (THREAD, _method->constants());
1696
1697 for(int i = 0; i < exlength; i++) {
1698 //reacquire the table in case a GC happened
1699 ExceptionTable exhandlers(_method());
1700 u2 start_pc = exhandlers.start_pc(i);
1701 u2 end_pc = exhandlers.end_pc(i);
1702 u2 handler_pc = exhandlers.handler_pc(i);
1703 if (start_pc >= code_length || code_data[start_pc] == 0) {
1704 class_format_error("Illegal exception table start_pc %d", start_pc);
1707 if (end_pc != code_length) { // special case: end_pc == code_length
1708 if (end_pc > code_length || code_data[end_pc] == 0) {
1709 class_format_error("Illegal exception table end_pc %d", end_pc);
1710 return;
1711 }
1712 }
1713 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1714 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1715 return;
1716 }
1717 int catch_type_index = exhandlers.catch_type_index(i);
1718 if (catch_type_index != 0) {
1719 VerificationType catch_type = cp_index_to_type(
1720 catch_type_index, cp, CHECK_VERIFY(this));
1721 VerificationType throwable =
1722 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1723 bool is_subclass = throwable.is_assignable_from(
1724 catch_type, this, CHECK_VERIFY(this));
1725 if (!is_subclass) {
1726 // 4286534: should throw VerifyError according to recent spec change
1727 verify_error(ErrorContext::bad_type(handler_pc,
1728 TypeOrigin::cp(catch_type_index, catch_type),
1729 TypeOrigin::implicit(throwable)),
1730 "Catch type is not a subclass "
1731 "of Throwable in exception handler %d", handler_pc);
1732 return;
1733 }
1734 }
1735 if (start_pc < min) min = start_pc;
1736 if (end_pc > max) max = end_pc;
1737 }
1738 }
1739
1740 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1741 int localvariable_table_length = _method()->localvariable_table_length();
1742 if (localvariable_table_length > 0) {
1743 LocalVariableTableElement* table = _method()->localvariable_table_start();
1744 for (int i = 0; i < localvariable_table_length; i++) {
1745 u2 start_bci = table[i].start_bci;
1746 u2 length = table[i].length;
1747
1748 if (start_bci >= code_length || code_data[start_bci] == 0) {
1749 class_format_error(
1750 "Illegal local variable table start_pc %d", start_bci);
1751 return;
1752 }
1753 u4 end_bci = (u4)(start_bci + length);
1754 if (end_bci != code_length) {
1755 if (end_bci >= code_length || code_data[end_bci] == 0) {
1756 class_format_error( "Illegal local variable table length %d", length);
1757 return;
1758 }
1759 }
1760 }
1761 }
1762 }
1763
1764 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1765 StackMapFrame* current_frame,
1766 StackMapTable* stackmap_table,
1767 bool no_control_flow, TRAPS) {
1768 if (stackmap_index < stackmap_table->get_frame_count()) {
1769 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1770 if (no_control_flow && this_offset > bci) {
1771 verify_error(ErrorContext::missing_stackmap(bci),
1772 "Expecting a stack map frame");
1773 return 0;
1774 }
1775 if (this_offset == bci) {
1776 ErrorContext ctx;
1777 // See if current stack map can be assigned to the frame in table.
1778 // current_frame is the stackmap frame got from the last instruction.
1779 // If matched, current_frame will be updated by this method.
1780 bool matches = stackmap_table->match_stackmap(
1781 current_frame, this_offset, stackmap_index,
1782 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1783 if (!matches) {
1784 // report type error
1785 verify_error(ctx, "Instruction type does not match stack map");
1786 return 0;
1787 }
1788 stackmap_index++;
1789 } else if (this_offset < bci) {
1790 // current_offset should have met this_offset.
1791 class_format_error("Bad stack map offset %d", this_offset);
1792 return 0;
1793 }
1794 } else if (no_control_flow) {
1795 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1796 return 0;
1797 }
1798 return stackmap_index;
1799 }
1800
1801 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1802 StackMapTable* stackmap_table, TRAPS) {
1803 constantPoolHandle cp (THREAD, _method->constants());
1804 ExceptionTable exhandlers(_method());
1805 int exlength = exhandlers.length();
1806 for(int i = 0; i < exlength; i++) {
1807 //reacquire the table in case a GC happened
1808 ExceptionTable exhandlers(_method());
1809 u2 start_pc = exhandlers.start_pc(i);
1810 u2 end_pc = exhandlers.end_pc(i);
1811 u2 handler_pc = exhandlers.handler_pc(i);
1812 int catch_type_index = exhandlers.catch_type_index(i);
1813 if(bci >= start_pc && bci < end_pc) {
1814 u1 flags = current_frame->flags();
1815 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1816 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1817 if (catch_type_index != 0) {
1818 // We know that this index refers to a subclass of Throwable
1819 VerificationType catch_type = cp_index_to_type(
1820 catch_type_index, cp, CHECK_VERIFY(this));
1821 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1822 } else {
1823 VerificationType throwable =
1824 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1825 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1826 }
1827 ErrorContext ctx;
1828 bool matches = stackmap_table->match_stackmap(
1829 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
1830 if (!matches) {
1831 verify_error(ctx, "Stack map does not match the one at "
1832 "exception handler %d", handler_pc);
1833 return;
1834 }
1835 }
1836 }
1837 }
1838
1839 void ClassVerifier::verify_cp_index(
1840 u2 bci, constantPoolHandle cp, int index, TRAPS) {
1841 int nconstants = cp->length();
1842 if ((index <= 0) || (index >= nconstants)) {
1843 verify_error(ErrorContext::bad_cp_index(bci, index),
1844 "Illegal constant pool index %d in class %s",
1845 index, instanceKlass::cast(cp->pool_holder())->external_name());
1846 return;
1847 }
1848 }
1849
1850 void ClassVerifier::verify_cp_type(
1851 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1852
1853 // In some situations, bytecode rewriting may occur while we're verifying.
1854 // In this case, a constant pool cache exists and some indices refer to that
1855 // instead. Be sure we don't pick up such indices by accident.
1856 // We must check was_recursively_verified() before we get here.
1857 guarantee(cp->cache() == NULL, "not rewritten yet");
1858
1859 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1860 unsigned int tag = cp->tag_at(index).value();
1861 if ((types & (1 << tag)) == 0) {
1862 verify_error(ErrorContext::bad_cp_index(bci, index),
1863 "Illegal type at constant pool entry %d in class %s",
1864 index, instanceKlass::cast(cp->pool_holder())->external_name());
1865 return;
1866 }
1867 }
1868
1869 void ClassVerifier::verify_cp_class_type(
1870 u2 bci, int index, constantPoolHandle cp, TRAPS) {
1871 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1872 constantTag tag = cp->tag_at(index);
1873 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1874 verify_error(ErrorContext::bad_cp_index(bci, index),
1875 "Illegal type at constant pool entry %d in class %s",
1876 index, instanceKlass::cast(cp->pool_holder())->external_name());
1877 return;
1878 }
1879 }
1880
1881 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1882 stringStream ss;
1883
1884 ctx.reset_frames();
1885 _exception_type = vmSymbols::java_lang_VerifyError();
1886 _error_context = ctx;
1887 va_list va;
1888 va_start(va, msg);
1889 ss.vprint(msg, va);
1890 va_end(va);
1891 _message = ss.as_string();
1892 #ifdef ASSERT
1893 ResourceMark rm;
1894 const char* exception_name = _exception_type->as_C_string();
1895 Exceptions::debug_check_abort(exception_name, NULL);
1896 #endif // ndef ASSERT
1897 }
1898
1899 void ClassVerifier::class_format_error(const char* msg, ...) {
1900 stringStream ss;
1901 _exception_type = vmSymbols::java_lang_ClassFormatError();
1902 va_list va;
1903 va_start(va, msg);
1904 ss.vprint(msg, va);
1905 va_end(va);
1906 if (!_method.is_null()) {
1907 ss.print(" in method %s", _method->name_and_sig_as_C_string());
1908 }
1909 _message = ss.as_string();
1910 }
1911
1912 klassOop ClassVerifier::load_class(Symbol* name, TRAPS) {
1913 // Get current loader and protection domain first.
1914 oop loader = current_class()->class_loader();
1915 oop protection_domain = current_class()->protection_domain();
1916
1917 return SystemDictionary::resolve_or_fail(
1918 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1919 true, CHECK_NULL);
1920 }
1921
1922 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1923 klassOop target_class,
1924 Symbol* field_name,
1925 Symbol* field_sig,
1926 bool is_method) {
1927 No_Safepoint_Verifier nosafepoint;
1928
1929 // If target class isn't a super class of this class, we don't worry about this case
1930 if (!this_class->is_subclass_of(target_class)) {
1931 return false;
1932 }
1933 // Check if the specified method or field is protected
1934 instanceKlass* target_instance = instanceKlass::cast(target_class);
1935 fieldDescriptor fd;
1936 if (is_method) {
1937 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1938 if (m != NULL && m->is_protected()) {
1939 if (!this_class->is_same_class_package(m->method_holder())) {
1940 return true;
1941 }
1942 }
1943 } else {
1944 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1945 if (member_klass != NULL && fd.is_protected()) {
1946 if (!this_class->is_same_class_package(member_klass)) {
1947 return true;
1948 }
1949 }
1950 }
1951 return false;
1952 }
1953
1954 void ClassVerifier::verify_ldc(
1955 int opcode, u2 index, StackMapFrame* current_frame,
1956 constantPoolHandle cp, u2 bci, TRAPS) {
1957 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1958 constantTag tag = cp->tag_at(index);
1959 unsigned int types;
1960 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1961 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1962 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1963 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1964 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1965 // Note: The class file parser already verified the legality of
1966 // MethodHandle and MethodType constants.
1967 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
1968 }
1969 } else {
1970 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1971 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1972 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
1973 }
1974 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1975 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
1976 } else if (tag.is_string() || tag.is_unresolved_string()) {
1977 current_frame->push_stack(
1978 VerificationType::reference_type(
1979 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1980 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1981 current_frame->push_stack(
1982 VerificationType::reference_type(
1983 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1984 } else if (tag.is_int()) {
1985 current_frame->push_stack(
1986 VerificationType::integer_type(), CHECK_VERIFY(this));
1987 } else if (tag.is_float()) {
1988 current_frame->push_stack(
1989 VerificationType::float_type(), CHECK_VERIFY(this));
1990 } else if (tag.is_double()) {
1991 current_frame->push_stack_2(
1992 VerificationType::double_type(),
1993 VerificationType::double2_type(), CHECK_VERIFY(this));
1994 } else if (tag.is_long()) {
1995 current_frame->push_stack_2(
1996 VerificationType::long_type(),
1997 VerificationType::long2_type(), CHECK_VERIFY(this));
1998 } else if (tag.is_method_handle()) {
1999 current_frame->push_stack(
2000 VerificationType::reference_type(
2001 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2002 } else if (tag.is_method_type()) {
2003 current_frame->push_stack(
2004 VerificationType::reference_type(
2005 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2006 } else {
2007 /* Unreachable? verify_cp_type has already validated the cp type. */
2008 verify_error(
2009 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2010 return;
2011 }
2012 }
2013
2014 void ClassVerifier::verify_switch(
2015 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2016 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2017 int bci = bcs->bci();
2018 address bcp = bcs->bcp();
2019 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
2020
2021 // 4639449 & 4647081: padding bytes must be 0
2022 u2 padding_offset = 1;
2023 while ((bcp + padding_offset) < aligned_bcp) {
2024 if(*(bcp + padding_offset) != 0) {
2025 verify_error(ErrorContext::bad_code(bci),
2026 "Nonzero padding byte in lookswitch or tableswitch");
2027 return;
2028 }
2029 padding_offset++;
2030 }
2031 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2032 int keys, delta;
2033 current_frame->pop_stack(
2034 VerificationType::integer_type(), CHECK_VERIFY(this));
2035 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2036 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2037 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2038 if (low > high) {
2039 verify_error(ErrorContext::bad_code(bci),
2040 "low must be less than or equal to high in tableswitch");
2041 return;
2042 }
2043 keys = high - low + 1;
2044 if (keys < 0) {
2045 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2046 return;
2047 }
2048 delta = 1;
2049 } else {
2050 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2051 if (keys < 0) {
2052 verify_error(ErrorContext::bad_code(bci),
2053 "number of keys in lookupswitch less than 0");
2054 return;
2055 }
2056 delta = 2;
2057 // Make sure that the lookupswitch items are sorted
2058 for (int i = 0; i < (keys - 1); i++) {
2059 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2060 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2061 if (this_key >= next_key) {
2062 verify_error(ErrorContext::bad_code(bci),
2063 "Bad lookupswitch instruction");
2064 return;
2065 }
2066 }
2067 }
2068 int target = bci + default_offset;
2069 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2070 for (int i = 0; i < keys; i++) {
2071 // Because check_jump_target() may safepoint, the bytecode could have
2072 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2073 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2074 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2075 stackmap_table->check_jump_target(
2076 current_frame, target, CHECK_VERIFY(this));
2077 }
2078 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2079 }
2080
2081 bool ClassVerifier::name_in_supers(
2082 Symbol* ref_name, instanceKlassHandle current) {
2083 klassOop super = current->super();
2084 while (super != NULL) {
2085 if (super->klass_part()->name() == ref_name) {
2086 return true;
2087 }
2088 super = super->klass_part()->super();
2089 }
2090 return false;
2091 }
2092
2093 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2094 StackMapFrame* current_frame,
2095 constantPoolHandle cp,
2096 TRAPS) {
2097 u2 index = bcs->get_index_u2();
2098 verify_cp_type(bcs->bci(), index, cp,
2099 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2100
2101 // Get field name and signature
2102 Symbol* field_name = cp->name_ref_at(index);
2103 Symbol* field_sig = cp->signature_ref_at(index);
2104
2105 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2106 class_format_error(
2107 "Invalid signature for field in class %s referenced "
2108 "from constant pool index %d", _klass->external_name(), index);
2109 return;
2110 }
2111
2112 // Get referenced class type
2113 VerificationType ref_class_type = cp_ref_index_to_type(
2114 index, cp, CHECK_VERIFY(this));
2115 if (!ref_class_type.is_object()) {
2116 /* Unreachable? Class file parser verifies Fieldref contents */
2117 verify_error(ErrorContext::bad_type(bcs->bci(),
2118 TypeOrigin::cp(index, ref_class_type)),
2119 "Expecting reference to class in class %s at constant pool index %d",
2120 _klass->external_name(), index);
2121 return;
2122 }
2123 VerificationType target_class_type = ref_class_type;
2124
2125 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2126 "buffer type must match VerificationType size");
2127 uintptr_t field_type_buffer[2];
2128 VerificationType* field_type = (VerificationType*)field_type_buffer;
2129 // If we make a VerificationType[2] array directly, the compiler calls
2130 // to the c-runtime library to do the allocation instead of just
2131 // stack allocating it. Plus it would run constructors. This shows up
2132 // in performance profiles.
2133
2134 SignatureStream sig_stream(field_sig, false);
2135 VerificationType stack_object_type;
2136 int n = change_sig_to_verificationType(
2137 &sig_stream, field_type, CHECK_VERIFY(this));
2138 u2 bci = bcs->bci();
2158 }
2159 goto check_protected;
2160 }
2161 case Bytecodes::_putfield: {
2162 for (int i = n - 1; i >= 0; i--) {
2163 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2164 }
2165 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2166
2167 // The JVMS 2nd edition allows field initialization before the superclass
2168 // initializer, if the field is defined within the current class.
2169 fieldDescriptor fd;
2170 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2171 target_class_type.equals(current_type()) &&
2172 _klass->find_local_field(field_name, field_sig, &fd)) {
2173 stack_object_type = current_type();
2174 }
2175 is_assignable = target_class_type.is_assignable_from(
2176 stack_object_type, this, CHECK_VERIFY(this));
2177 if (!is_assignable) {
2178 verify_error(ErrorContext::bad_type(bci,
2179 current_frame->stack_top_ctx(),
2180 TypeOrigin::cp(index, target_class_type)),
2181 "Bad type on operand stack in putfield");
2182 return;
2183 }
2184 }
2185 check_protected: {
2186 if (_this_type == stack_object_type)
2187 break; // stack_object_type must be assignable to _current_class_type
2188 Symbol* ref_class_name =
2189 cp->klass_name_at(cp->klass_ref_index_at(index));
2190 if (!name_in_supers(ref_class_name, current_class()))
2191 // stack_object_type must be assignable to _current_class_type since:
2192 // 1. stack_object_type must be assignable to ref_class.
2193 // 2. ref_class must be _current_class or a subclass of it. It can't
2194 // be a superclass of it. See revised JVMS 5.4.4.
2195 break;
2196
2197 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
2198 if (is_protected_access(current_class(), ref_class_oop, field_name,
2199 field_sig, false)) {
2200 // It's protected access, check if stack object is assignable to
2201 // current class.
2202 is_assignable = current_type().is_assignable_from(
2203 stack_object_type, this, CHECK_VERIFY(this));
2204 if (!is_assignable) {
2205 verify_error(ErrorContext::bad_type(bci,
2206 current_frame->stack_top_ctx(),
2207 TypeOrigin::implicit(current_type())),
2208 "Bad access to protected data in getfield");
2209 return;
2210 }
2211 }
2212 break;
2213 }
2214 default: ShouldNotReachHere();
2215 }
2216 }
2217
2218 void ClassVerifier::verify_invoke_init(
2219 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2220 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
2221 constantPoolHandle cp, TRAPS) {
2222 u2 bci = bcs->bci();
2223 VerificationType type = current_frame->pop_stack(
2224 VerificationType::reference_check(), CHECK_VERIFY(this));
2225 if (type == VerificationType::uninitialized_this_type()) {
2226 // The method must be an <init> method of this class or its superclass
2227 klassOop superk = current_class()->super();
2228 if (ref_class_type.name() != current_class()->name() &&
2229 ref_class_type.name() != superk->klass_part()->name()) {
2230 verify_error(ErrorContext::bad_type(bci,
2231 TypeOrigin::implicit(ref_class_type),
2232 TypeOrigin::implicit(current_type())),
2233 "Bad <init> method call");
2234 return;
2235 }
2236 current_frame->initialize_object(type, current_type());
2237 *this_uninit = true;
2238 } else if (type.is_uninitialized()) {
2239 u2 new_offset = type.bci();
2240 address new_bcp = bcs->bcp() - bci + new_offset;
2241 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2242 /* Unreachable? Stack map parsing ensures valid type and new
2243 * instructions have a valid BCI. */
2244 verify_error(ErrorContext::bad_code(new_offset),
2245 "Expecting new instruction");
2246 return;
2247 }
2248 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2249 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2250
2251 // The method must be an <init> method of the indicated class
2252 VerificationType new_class_type = cp_index_to_type(
2253 new_class_index, cp, CHECK_VERIFY(this));
2254 if (!new_class_type.equals(ref_class_type)) {
2255 verify_error(ErrorContext::bad_type(bci,
2256 TypeOrigin::cp(new_class_index, new_class_type),
2257 TypeOrigin::cp(ref_class_index, ref_class_type)),
2258 "Call to wrong <init> method");
2259 return;
2260 }
2261 // According to the VM spec, if the referent class is a superclass of the
2262 // current class, and is in a different runtime package, and the method is
2263 // protected, then the objectref must be the current class or a subclass
2264 // of the current class.
2265 VerificationType objectref_type = new_class_type;
2266 if (name_in_supers(ref_class_type.name(), current_class())) {
2267 klassOop ref_klass = load_class(
2268 ref_class_type.name(), CHECK_VERIFY(this));
2269 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
2270 vmSymbols::object_initializer_name(),
2271 cp->signature_ref_at(bcs->get_index_u2()));
2272 instanceKlassHandle mh(THREAD, m->method_holder());
2273 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
2274 bool assignable = current_type().is_assignable_from(
2275 objectref_type, this, CHECK_VERIFY(this));
2276 if (!assignable) {
2277 verify_error(ErrorContext::bad_type(bci,
2278 TypeOrigin::cp(new_class_index, objectref_type),
2279 TypeOrigin::implicit(current_type())),
2280 "Bad access to protected <init> method");
2281 return;
2282 }
2283 }
2284 }
2285 current_frame->initialize_object(type, new_class_type);
2286 } else {
2287 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2288 "Bad operand type when invoking <init>");
2289 return;
2290 }
2291 }
2292
2293 void ClassVerifier::verify_invoke_instructions(
2294 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2295 bool *this_uninit, VerificationType return_type,
2296 constantPoolHandle cp, TRAPS) {
2297 // Make sure the constant pool item is the right type
2298 u2 index = bcs->get_index_u2();
2299 Bytecodes::Code opcode = bcs->raw_code();
2300 unsigned int types = (opcode == Bytecodes::_invokeinterface
2301 ? 1 << JVM_CONSTANT_InterfaceMethodref
2302 : opcode == Bytecodes::_invokedynamic
2303 ? 1 << JVM_CONSTANT_InvokeDynamic
2304 : 1 << JVM_CONSTANT_Methodref);
2305 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2306
2307 // Get method name and signature
2308 Symbol* method_name = cp->name_ref_at(index);
2309 Symbol* method_sig = cp->signature_ref_at(index);
2310
2311 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2312 class_format_error(
2313 "Invalid method signature in class %s referenced "
2314 "from constant pool index %d", _klass->external_name(), index);
2315 return;
2316 }
2317
2318 // Get referenced class type
2319 VerificationType ref_class_type;
2320 if (opcode == Bytecodes::_invokedynamic) {
2321 if (!EnableInvokeDynamic ||
2322 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2323 class_format_error(
2324 (!EnableInvokeDynamic ?
2325 "invokedynamic instructions not enabled in this JVM" :
2362 }
2363 int nargs = sig_i;
2364
2365 #ifdef ASSERT
2366 {
2367 ArgumentSizeComputer size_it(method_sig);
2368 assert(nargs == size_it.size(), "Argument sizes do not match");
2369 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2370 }
2371 #endif
2372
2373 // Check instruction operands
2374 u2 bci = bcs->bci();
2375 if (opcode == Bytecodes::_invokeinterface) {
2376 address bcp = bcs->bcp();
2377 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2378 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2379 // the difference between the size of the operand stack before and after the instruction
2380 // executes.
2381 if (*(bcp+3) != (nargs+1)) {
2382 verify_error(ErrorContext::bad_code(bci),
2383 "Inconsistent args count operand in invokeinterface");
2384 return;
2385 }
2386 if (*(bcp+4) != 0) {
2387 verify_error(ErrorContext::bad_code(bci),
2388 "Fourth operand byte of invokeinterface must be zero");
2389 return;
2390 }
2391 }
2392
2393 if (opcode == Bytecodes::_invokedynamic) {
2394 address bcp = bcs->bcp();
2395 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2396 verify_error(ErrorContext::bad_code(bci),
2397 "Third and fourth operand bytes of invokedynamic must be zero");
2398 return;
2399 }
2400 }
2401
2402 if (method_name->byte_at(0) == '<') {
2403 // Make sure <init> can only be invoked by invokespecial
2404 if (opcode != Bytecodes::_invokespecial ||
2405 method_name != vmSymbols::object_initializer_name()) {
2406 verify_error(ErrorContext::bad_code(bci),
2407 "Illegal call to internal method");
2408 return;
2409 }
2410 } else if (opcode == Bytecodes::_invokespecial
2411 && !ref_class_type.equals(current_type())
2412 && !ref_class_type.equals(VerificationType::reference_type(
2413 current_class()->super()->klass_part()->name()))) {
2414 bool subtype = ref_class_type.is_assignable_from(
2415 current_type(), this, CHECK_VERIFY(this));
2416 if (!subtype) {
2417 verify_error(ErrorContext::bad_code(bci),
2418 "Bad invokespecial instruction: "
2419 "current class isn't assignable to reference class.");
2420 return;
2421 }
2422 }
2423 // Match method descriptor with operand stack
2424 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2425 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2426 }
2427 // Check objectref on operand stack
2428 if (opcode != Bytecodes::_invokestatic &&
2429 opcode != Bytecodes::_invokedynamic) {
2430 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2431 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2432 code_length, this_uninit, cp, CHECK_VERIFY(this));
2433 } else { // other methods
2434 // Ensures that target class is assignable to method class.
2435 if (opcode == Bytecodes::_invokespecial) {
2436 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2437 } else if (opcode == Bytecodes::_invokevirtual) {
2438 VerificationType stack_object_type =
2439 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2440 if (current_type() != stack_object_type) {
2441 assert(cp->cache() == NULL, "not rewritten yet");
2442 Symbol* ref_class_name =
2443 cp->klass_name_at(cp->klass_ref_index_at(index));
2444 // See the comments in verify_field_instructions() for
2445 // the rationale behind this.
2446 if (name_in_supers(ref_class_name, current_class())) {
2447 klassOop ref_class = load_class(ref_class_name, CHECK);
2448 if (is_protected_access(
2449 _klass, ref_class, method_name, method_sig, true)) {
2450 // It's protected access, check if stack object is
2451 // assignable to current class.
2452 bool is_assignable = current_type().is_assignable_from(
2453 stack_object_type, this, CHECK_VERIFY(this));
2454 if (!is_assignable) {
2455 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2456 && stack_object_type.is_array()
2457 && method_name == vmSymbols::clone_name()) {
2458 // Special case: arrays pretend to implement public Object
2459 // clone().
2460 } else {
2461 verify_error(ErrorContext::bad_type(bci,
2462 current_frame->stack_top_ctx(),
2463 TypeOrigin::implicit(current_type())),
2464 "Bad access to protected data in invokevirtual");
2465 return;
2466 }
2467 }
2468 }
2469 }
2470 }
2471 } else {
2472 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2473 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2474 }
2475 }
2476 }
2477 // Push the result type.
2478 if (sig_stream.type() != T_VOID) {
2479 if (method_name == vmSymbols::object_initializer_name()) {
2480 // <init> method must have a void return type
2481 /* Unreachable? Class file parser verifies that methods with '<' have
2482 * void return */
2483 verify_error(ErrorContext::bad_code(bci),
2484 "Return type must be void in <init> method");
2485 return;
2486 }
2487 VerificationType return_type[2];
2488 int n = change_sig_to_verificationType(
2489 &sig_stream, return_type, CHECK_VERIFY(this));
2490 for (int i = 0; i < n; i++) {
2491 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2492 }
2493 }
2494 }
2495
2496 VerificationType ClassVerifier::get_newarray_type(
2497 u2 index, u2 bci, TRAPS) {
2498 const char* from_bt[] = {
2499 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2500 };
2501 if (index < T_BOOLEAN || index > T_LONG) {
2502 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2503 return VerificationType::bogus_type();
2504 }
2505
2506 // from_bt[index] contains the array signature which has a length of 2
2507 Symbol* sig = create_temporary_symbol(
2508 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2509 return VerificationType::reference_type(sig);
2510 }
2511
2512 void ClassVerifier::verify_anewarray(
2513 u2 bci, u2 index, constantPoolHandle cp,
2514 StackMapFrame* current_frame, TRAPS) {
2515 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2516 current_frame->pop_stack(
2517 VerificationType::integer_type(), CHECK_VERIFY(this));
2518
2519 VerificationType component_type =
2520 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2521 int length;
2522 char* arr_sig_str;
2523 if (component_type.is_array()) { // it's an array
2524 const char* component_name = component_type.name()->as_utf8();
2525 // add one dimension to component
2526 length = (int)strlen(component_name) + 1;
2527 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2528 arr_sig_str[0] = '[';
2529 strncpy(&arr_sig_str[1], component_name, length - 1);
2530 } else { // it's an object or interface
2531 const char* component_name = component_type.name()->as_utf8();
2532 // add one dimension to component with 'L' prepended and ';' postpended.
2533 length = (int)strlen(component_name) + 3;
2534 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2535 arr_sig_str[0] = '[';
2608 VerificationType::double2_type(),
2609 VerificationType::double_type(), CHECK_VERIFY(this));
2610 current_frame->set_local_2(
2611 index, VerificationType::double_type(),
2612 VerificationType::double2_type(), CHECK_VERIFY(this));
2613 }
2614
2615 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2616 VerificationType type = current_frame->pop_stack(
2617 VerificationType::reference_check(), CHECK_VERIFY(this));
2618 current_frame->set_local(index, type, CHECK_VERIFY(this));
2619 }
2620
2621 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2622 VerificationType type = current_frame->get_local(
2623 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2624 current_frame->set_local(index, type, CHECK_VERIFY(this));
2625 }
2626
2627 void ClassVerifier::verify_return_value(
2628 VerificationType return_type, VerificationType type, u2 bci,
2629 StackMapFrame* current_frame, TRAPS) {
2630 if (return_type == VerificationType::bogus_type()) {
2631 verify_error(ErrorContext::bad_type(bci,
2632 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2633 "Method expects a return value");
2634 return;
2635 }
2636 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this));
2637 if (!match) {
2638 verify_error(ErrorContext::bad_type(bci,
2639 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2640 "Bad return type");
2641 return;
2642 }
2643 }
2644
2645 // The verifier creates symbols which are substrings of Symbols.
2646 // These are stored in the verifier until the end of verification so that
2647 // they can be reference counted.
2648 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
2649 int end, TRAPS) {
2650 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
2651 _symbols->push(sym);
2652 return sym;
2653 }
2654
2655 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
2656 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
2657 _symbols->push(sym);
2658 return sym;
2659 }
|