1 /* 2 * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/systemDictionary.hpp" 33 #include "classfile/verifier.hpp" 34 #include "classfile/vmSymbols.hpp" 35 #include "interpreter/bytecodes.hpp" 36 #include "interpreter/bytecodeStream.hpp" 37 #include "logging/log.hpp" 38 #include "logging/logStream.hpp" 39 #include "memory/oopFactory.hpp" 40 #include "memory/resourceArea.hpp" 41 #include "oops/constantPool.inline.hpp" 42 #include "oops/instanceKlass.hpp" 43 #include "oops/oop.inline.hpp" 44 #include "oops/typeArrayOop.hpp" 45 #include "runtime/fieldDescriptor.hpp" 46 #include "runtime/handles.inline.hpp" 47 #include "runtime/interfaceSupport.inline.hpp" 48 #include "runtime/javaCalls.hpp" 49 #include "runtime/jniHandles.inline.hpp" 50 #include "runtime/orderAccess.hpp" 51 #include "runtime/os.hpp" 52 #include "runtime/safepointVerifiers.hpp" 53 #include "runtime/thread.hpp" 54 #include "services/threadService.hpp" 55 #include "utilities/align.hpp" 56 #include "utilities/bytes.hpp" 57 58 #define NOFAILOVER_MAJOR_VERSION 51 59 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 60 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 61 #define MAX_ARRAY_DIMENSIONS 255 62 63 // Access to external entry for VerifyClassCodes - old byte code verifier 64 65 extern "C" { 66 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 67 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 68 } 69 70 static void* volatile _verify_byte_codes_fn = NULL; 71 72 static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 73 74 static void* verify_byte_codes_fn() { 75 if (OrderAccess::load_acquire(&_verify_byte_codes_fn) == NULL) { 76 void *lib_handle = os::native_java_library(); 77 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 78 OrderAccess::release_store(&_verify_byte_codes_fn, func); 79 if (func == NULL) { 80 _is_new_verify_byte_codes_fn = false; 81 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 82 OrderAccess::release_store(&_verify_byte_codes_fn, func); 83 } 84 } 85 return (void*)_verify_byte_codes_fn; 86 } 87 88 89 // Methods in Verifier 90 91 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 92 return (class_loader == NULL || !should_verify_class) ? 93 BytecodeVerificationLocal : BytecodeVerificationRemote; 94 } 95 96 bool Verifier::relax_access_for(oop loader) { 97 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 98 bool need_verify = 99 // verifyAll 100 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 101 // verifyRemote 102 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 103 return !need_verify; 104 } 105 106 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 107 assert(verify_class != NULL, "Unexpected null verify_class"); 108 ResourceMark rm; 109 Symbol* s = verify_class->source_file_name(); 110 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 111 const char* verify = verify_class->external_name(); 112 const char* resolve = resolve_class->external_name(); 113 // print in a single call to reduce interleaving between threads 114 if (source_file != NULL) { 115 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 116 } else { 117 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 118 } 119 } 120 121 // Prints the end-verification message to the appropriate output. 122 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, TRAPS) { 123 if (HAS_PENDING_EXCEPTION) { 124 st->print("Verification for %s has", klassName); 125 st->print_cr(" exception pending %s ", 126 PENDING_EXCEPTION->klass()->external_name()); 127 } else if (exception_name != NULL) { 128 st->print_cr("Verification for %s failed", klassName); 129 } 130 st->print_cr("End class verification for: %s", klassName); 131 } 132 133 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 134 HandleMark hm(THREAD); 135 ResourceMark rm(THREAD); 136 137 // Eagerly allocate the identity hash code for a klass. This is a fallout 138 // from 6320749 and 8059924: hash code generator is not supposed to be called 139 // during the safepoint, but it allows to sneak the hashcode in during 140 // verification. Without this eager hashcode generation, we may end up 141 // installing the hashcode during some other operation, which may be at 142 // safepoint -- blowing up the checks. It was previously done as the side 143 // effect (sic!) for external_name(), but instead of doing that, we opt to 144 // explicitly push the hashcode in here. This is signify the following block 145 // is IMPORTANT: 146 if (klass->java_mirror() != NULL) { 147 klass->java_mirror()->identity_hash(); 148 } 149 150 if (!is_eligible_for_verification(klass, should_verify_class)) { 151 return true; 152 } 153 154 // Timer includes any side effects of class verification (resolution, 155 // etc), but not recursive calls to Verifier::verify(). 156 JavaThread* jt = (JavaThread*)THREAD; 157 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 158 ClassLoader::perf_class_verify_selftime(), 159 ClassLoader::perf_classes_verified(), 160 jt->get_thread_stat()->perf_recursion_counts_addr(), 161 jt->get_thread_stat()->perf_timers_addr(), 162 PerfClassTraceTime::CLASS_VERIFY); 163 164 // If the class should be verified, first see if we can use the split 165 // verifier. If not, or if verification fails and FailOverToOldVerifier 166 // is set, then call the inference verifier. 167 168 Symbol* exception_name = NULL; 169 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 170 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 171 char* exception_message = message_buffer; 172 173 const char* klassName = klass->external_name(); 174 bool can_failover = FailOverToOldVerifier && 175 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 176 177 log_info(class, init)("Start class verification for: %s", klassName); 178 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 179 ClassVerifier split_verifier(klass, THREAD); 180 split_verifier.verify_class(THREAD); 181 exception_name = split_verifier.result(); 182 if (can_failover && !HAS_PENDING_EXCEPTION && 183 (exception_name == vmSymbols::java_lang_VerifyError() || 184 exception_name == vmSymbols::java_lang_ClassFormatError())) { 185 log_info(verification)("Fail over class verification to old verifier for: %s", klassName); 186 log_info(class, init)("Fail over class verification to old verifier for: %s", klassName); 187 exception_name = inference_verify( 188 klass, message_buffer, message_buffer_len, THREAD); 189 } 190 if (exception_name != NULL) { 191 exception_message = split_verifier.exception_message(); 192 } 193 } else { 194 exception_name = inference_verify( 195 klass, message_buffer, message_buffer_len, THREAD); 196 } 197 198 LogTarget(Info, class, init) lt1; 199 if (lt1.is_enabled()) { 200 LogStream ls(lt1); 201 log_end_verification(&ls, klassName, exception_name, THREAD); 202 } 203 LogTarget(Info, verification) lt2; 204 if (lt2.is_enabled()) { 205 LogStream ls(lt2); 206 log_end_verification(&ls, klassName, exception_name, THREAD); 207 } 208 209 if (HAS_PENDING_EXCEPTION) { 210 return false; // use the existing exception 211 } else if (exception_name == NULL) { 212 return true; // verifcation succeeded 213 } else { // VerifyError or ClassFormatError to be created and thrown 214 ResourceMark rm(THREAD); 215 Klass* kls = 216 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 217 if (log_is_enabled(Debug, class, resolve)) { 218 Verifier::trace_class_resolution(kls, klass); 219 } 220 221 while (kls != NULL) { 222 if (kls == klass) { 223 // If the class being verified is the exception we're creating 224 // or one of it's superclasses, we're in trouble and are going 225 // to infinitely recurse when we try to initialize the exception. 226 // So bail out here by throwing the preallocated VM error. 227 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 228 } 229 kls = kls->super(); 230 } 231 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 232 THROW_MSG_(exception_name, exception_message, false); 233 } 234 } 235 236 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 237 Symbol* name = klass->name(); 238 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 239 240 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 241 242 return (should_verify_for(klass->class_loader(), should_verify_class) && 243 // return if the class is a bootstrapping class 244 // or defineClass specified not to verify by default (flags override passed arg) 245 // We need to skip the following four for bootstraping 246 name != vmSymbols::java_lang_Object() && 247 name != vmSymbols::java_lang_Class() && 248 name != vmSymbols::java_lang_String() && 249 name != vmSymbols::java_lang_Throwable() && 250 251 // Can not verify the bytecodes for shared classes because they have 252 // already been rewritten to contain constant pool cache indices, 253 // which the verifier can't understand. 254 // Shared classes shouldn't have stackmaps either. 255 !klass->is_shared() && 256 257 // As of the fix for 4486457 we disable verification for all of the 258 // dynamically-generated bytecodes associated with the 1.4 259 // reflection implementation, not just those associated with 260 // jdk/internal/reflect/SerializationConstructorAccessor. 261 // NOTE: this is called too early in the bootstrapping process to be 262 // guarded by Universe::is_gte_jdk14x_version(). 263 // Also for lambda generated code, gte jdk8 264 (!is_reflect)); 265 } 266 267 Symbol* Verifier::inference_verify( 268 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 269 JavaThread* thread = (JavaThread*)THREAD; 270 JNIEnv *env = thread->jni_environment(); 271 272 void* verify_func = verify_byte_codes_fn(); 273 274 if (verify_func == NULL) { 275 jio_snprintf(message, message_len, "Could not link verifier"); 276 return vmSymbols::java_lang_VerifyError(); 277 } 278 279 ResourceMark rm(THREAD); 280 log_info(verification)("Verifying class %s with old format", klass->external_name()); 281 282 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 283 jint result; 284 285 { 286 HandleMark hm(thread); 287 ThreadToNativeFromVM ttn(thread); 288 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 289 // code knows that we have left the VM 290 291 if (_is_new_verify_byte_codes_fn) { 292 verify_byte_codes_fn_new_t func = 293 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 294 result = (*func)(env, cls, message, (int)message_len, 295 klass->major_version()); 296 } else { 297 verify_byte_codes_fn_t func = 298 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 299 result = (*func)(env, cls, message, (int)message_len); 300 } 301 } 302 303 JNIHandles::destroy_local(cls); 304 305 // These numbers are chosen so that VerifyClassCodes interface doesn't need 306 // to be changed (still return jboolean (unsigned char)), and result is 307 // 1 when verification is passed. 308 if (result == 0) { 309 return vmSymbols::java_lang_VerifyError(); 310 } else if (result == 1) { 311 return NULL; // verified. 312 } else if (result == 2) { 313 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 314 } else if (result == 3) { 315 return vmSymbols::java_lang_ClassFormatError(); 316 } else { 317 ShouldNotReachHere(); 318 return NULL; 319 } 320 } 321 322 TypeOrigin TypeOrigin::null() { 323 return TypeOrigin(); 324 } 325 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 326 assert(frame != NULL, "Must have a frame"); 327 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 328 frame->local_at(index)); 329 } 330 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 331 assert(frame != NULL, "Must have a frame"); 332 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 333 frame->stack_at(index)); 334 } 335 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 336 assert(frame != NULL, "Must have a frame"); 337 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 338 frame->local_at(index)); 339 } 340 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 341 assert(frame != NULL, "Must have a frame"); 342 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 343 frame->stack_at(index)); 344 } 345 TypeOrigin TypeOrigin::bad_index(u2 index) { 346 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 347 } 348 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 349 return TypeOrigin(CONST_POOL, index, NULL, vt); 350 } 351 TypeOrigin TypeOrigin::signature(VerificationType vt) { 352 return TypeOrigin(SIG, 0, NULL, vt); 353 } 354 TypeOrigin TypeOrigin::implicit(VerificationType t) { 355 return TypeOrigin(IMPLICIT, 0, NULL, t); 356 } 357 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 358 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 359 VerificationType::bogus_type()); 360 } 361 362 void TypeOrigin::reset_frame() { 363 if (_frame != NULL) { 364 _frame->restore(); 365 } 366 } 367 368 void TypeOrigin::details(outputStream* ss) const { 369 _type.print_on(ss); 370 switch (_origin) { 371 case CF_LOCALS: 372 ss->print(" (current frame, locals[%d])", _index); 373 break; 374 case CF_STACK: 375 ss->print(" (current frame, stack[%d])", _index); 376 break; 377 case SM_LOCALS: 378 ss->print(" (stack map, locals[%d])", _index); 379 break; 380 case SM_STACK: 381 ss->print(" (stack map, stack[%d])", _index); 382 break; 383 case CONST_POOL: 384 ss->print(" (constant pool %d)", _index); 385 break; 386 case SIG: 387 ss->print(" (from method signature)"); 388 break; 389 case IMPLICIT: 390 case FRAME_ONLY: 391 case NONE: 392 default: 393 ; 394 } 395 } 396 397 #ifdef ASSERT 398 void TypeOrigin::print_on(outputStream* str) const { 399 str->print("{%d,%d,%p:", _origin, _index, _frame); 400 if (_frame != NULL) { 401 _frame->print_on(str); 402 } else { 403 str->print("null"); 404 } 405 str->print(","); 406 _type.print_on(str); 407 str->print("}"); 408 } 409 #endif 410 411 void ErrorContext::details(outputStream* ss, const Method* method) const { 412 if (is_valid()) { 413 ss->cr(); 414 ss->print_cr("Exception Details:"); 415 location_details(ss, method); 416 reason_details(ss); 417 frame_details(ss); 418 bytecode_details(ss, method); 419 handler_details(ss, method); 420 stackmap_details(ss, method); 421 } 422 } 423 424 void ErrorContext::reason_details(outputStream* ss) const { 425 streamIndentor si(ss); 426 ss->indent().print_cr("Reason:"); 427 streamIndentor si2(ss); 428 ss->indent().print("%s", ""); 429 switch (_fault) { 430 case INVALID_BYTECODE: 431 ss->print("Error exists in the bytecode"); 432 break; 433 case WRONG_TYPE: 434 if (_expected.is_valid()) { 435 ss->print("Type "); 436 _type.details(ss); 437 ss->print(" is not assignable to "); 438 _expected.details(ss); 439 } else { 440 ss->print("Invalid type: "); 441 _type.details(ss); 442 } 443 break; 444 case FLAGS_MISMATCH: 445 if (_expected.is_valid()) { 446 ss->print("Current frame's flags are not assignable " 447 "to stack map frame's."); 448 } else { 449 ss->print("Current frame's flags are invalid in this context."); 450 } 451 break; 452 case BAD_CP_INDEX: 453 ss->print("Constant pool index %d is invalid", _type.index()); 454 break; 455 case BAD_LOCAL_INDEX: 456 ss->print("Local index %d is invalid", _type.index()); 457 break; 458 case LOCALS_SIZE_MISMATCH: 459 ss->print("Current frame's local size doesn't match stackmap."); 460 break; 461 case STACK_SIZE_MISMATCH: 462 ss->print("Current frame's stack size doesn't match stackmap."); 463 break; 464 case STACK_OVERFLOW: 465 ss->print("Exceeded max stack size."); 466 break; 467 case STACK_UNDERFLOW: 468 ss->print("Attempt to pop empty stack."); 469 break; 470 case MISSING_STACKMAP: 471 ss->print("Expected stackmap frame at this location."); 472 break; 473 case BAD_STACKMAP: 474 ss->print("Invalid stackmap specification."); 475 break; 476 case UNKNOWN: 477 default: 478 ShouldNotReachHere(); 479 ss->print_cr("Unknown"); 480 } 481 ss->cr(); 482 } 483 484 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 485 if (_bci != -1 && method != NULL) { 486 streamIndentor si(ss); 487 const char* bytecode_name = "<invalid>"; 488 if (method->validate_bci(_bci) != -1) { 489 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 490 if (Bytecodes::is_defined(code)) { 491 bytecode_name = Bytecodes::name(code); 492 } else { 493 bytecode_name = "<illegal>"; 494 } 495 } 496 InstanceKlass* ik = method->method_holder(); 497 ss->indent().print_cr("Location:"); 498 streamIndentor si2(ss); 499 ss->indent().print_cr("%s.%s%s @%d: %s", 500 ik->name()->as_C_string(), method->name()->as_C_string(), 501 method->signature()->as_C_string(), _bci, bytecode_name); 502 } 503 } 504 505 void ErrorContext::frame_details(outputStream* ss) const { 506 streamIndentor si(ss); 507 if (_type.is_valid() && _type.frame() != NULL) { 508 ss->indent().print_cr("Current Frame:"); 509 streamIndentor si2(ss); 510 _type.frame()->print_on(ss); 511 } 512 if (_expected.is_valid() && _expected.frame() != NULL) { 513 ss->indent().print_cr("Stackmap Frame:"); 514 streamIndentor si2(ss); 515 _expected.frame()->print_on(ss); 516 } 517 } 518 519 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 520 if (method != NULL) { 521 streamIndentor si(ss); 522 ss->indent().print_cr("Bytecode:"); 523 streamIndentor si2(ss); 524 ss->print_data(method->code_base(), method->code_size(), false); 525 } 526 } 527 528 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 529 if (method != NULL) { 530 streamIndentor si(ss); 531 ExceptionTable table(method); 532 if (table.length() > 0) { 533 ss->indent().print_cr("Exception Handler Table:"); 534 streamIndentor si2(ss); 535 for (int i = 0; i < table.length(); ++i) { 536 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 537 table.end_pc(i), table.handler_pc(i)); 538 } 539 } 540 } 541 } 542 543 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 544 if (method != NULL && method->has_stackmap_table()) { 545 streamIndentor si(ss); 546 ss->indent().print_cr("Stackmap Table:"); 547 Array<u1>* data = method->stackmap_data(); 548 stack_map_table* sm_table = 549 stack_map_table::at((address)data->adr_at(0)); 550 stack_map_frame* sm_frame = sm_table->entries(); 551 streamIndentor si2(ss); 552 int current_offset = -1; 553 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 554 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 555 ss->indent(); 556 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 557 sm_frame->print_truncated(ss, current_offset); 558 return; 559 } 560 sm_frame->print_on(ss, current_offset); 561 ss->cr(); 562 current_offset += sm_frame->offset_delta(); 563 sm_frame = sm_frame->next(); 564 } 565 } 566 } 567 568 // Methods in ClassVerifier 569 570 ClassVerifier::ClassVerifier( 571 InstanceKlass* klass, TRAPS) 572 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 573 _this_type = VerificationType::reference_type(klass->name()); 574 // Create list to hold symbols in reference area. 575 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 576 } 577 578 ClassVerifier::~ClassVerifier() { 579 // Decrement the reference count for any symbols created. 580 for (int i = 0; i < _symbols->length(); i++) { 581 Symbol* s = _symbols->at(i); 582 s->decrement_refcount(); 583 } 584 } 585 586 VerificationType ClassVerifier::object_type() const { 587 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 588 } 589 590 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 591 VerificationType vt = VerificationType::reference_type( 592 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 593 return TypeOrigin::implicit(vt); 594 } 595 596 void ClassVerifier::verify_class(TRAPS) { 597 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 598 599 Array<Method*>* methods = _klass->methods(); 600 int num_methods = methods->length(); 601 602 for (int index = 0; index < num_methods; index++) { 603 // Check for recursive re-verification before each method. 604 if (was_recursively_verified()) return; 605 606 Method* m = methods->at(index); 607 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 608 // If m is native or abstract, skip it. It is checked in class file 609 // parser that methods do not override a final method. Overpass methods 610 // are trusted since the VM generates them. 611 continue; 612 } 613 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 614 } 615 616 if (was_recursively_verified()){ 617 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 618 log_info(class, init)("Recursive verification detected for: %s", 619 _klass->external_name()); 620 } 621 } 622 623 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 624 HandleMark hm(THREAD); 625 _method = m; // initialize _method 626 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 627 628 // For clang, the only good constant format string is a literal constant format string. 629 #define bad_type_msg "Bad type on operand stack in %s" 630 631 int32_t max_stack = m->verifier_max_stack(); 632 int32_t max_locals = m->max_locals(); 633 constantPoolHandle cp(THREAD, m->constants()); 634 635 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 636 class_format_error("Invalid method signature"); 637 return; 638 } 639 640 // Initial stack map frame: offset is 0, stack is initially empty. 641 StackMapFrame current_frame(max_locals, max_stack, this); 642 // Set initial locals 643 VerificationType return_type = current_frame.set_locals_from_arg( 644 m, current_type(), CHECK_VERIFY(this)); 645 646 int32_t stackmap_index = 0; // index to the stackmap array 647 648 u4 code_length = m->code_size(); 649 650 // Scan the bytecode and map each instruction's start offset to a number. 651 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 652 653 int ex_min = code_length; 654 int ex_max = -1; 655 // Look through each item on the exception table. Each of the fields must refer 656 // to a legal instruction. 657 if (was_recursively_verified()) return; 658 verify_exception_handler_table( 659 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 660 661 // Look through each entry on the local variable table and make sure 662 // its range of code array offsets is valid. (4169817) 663 if (m->has_localvariable_table()) { 664 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 665 } 666 667 Array<u1>* stackmap_data = m->stackmap_data(); 668 StackMapStream stream(stackmap_data); 669 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 670 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 671 code_data, code_length, CHECK_VERIFY(this)); 672 673 LogTarget(Info, verification) lt; 674 if (lt.is_enabled()) { 675 ResourceMark rm(THREAD); 676 LogStream ls(lt); 677 stackmap_table.print_on(&ls); 678 } 679 680 RawBytecodeStream bcs(m); 681 682 // Scan the byte code linearly from the start to the end 683 bool no_control_flow = false; // Set to true when there is no direct control 684 // flow from current instruction to the next 685 // instruction in sequence 686 687 Bytecodes::Code opcode; 688 while (!bcs.is_last_bytecode()) { 689 // Check for recursive re-verification before each bytecode. 690 if (was_recursively_verified()) return; 691 692 opcode = bcs.raw_next(); 693 u2 bci = bcs.bci(); 694 695 // Set current frame's offset to bci 696 current_frame.set_offset(bci); 697 current_frame.set_mark(); 698 699 // Make sure every offset in stackmap table point to the beginning to 700 // an instruction. Match current_frame to stackmap_table entry with 701 // the same offset if exists. 702 stackmap_index = verify_stackmap_table( 703 stackmap_index, bci, ¤t_frame, &stackmap_table, 704 no_control_flow, CHECK_VERIFY(this)); 705 706 707 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 708 bool verified_exc_handlers = false; 709 710 // Merge with the next instruction 711 { 712 u2 index; 713 int target; 714 VerificationType type, type2; 715 VerificationType atype; 716 717 LogTarget(Info, verification) lt; 718 if (lt.is_enabled()) { 719 ResourceMark rm(THREAD); 720 LogStream ls(lt); 721 current_frame.print_on(&ls); 722 lt.print("offset = %d, opcode = %s", bci, 723 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 724 } 725 726 // Make sure wide instruction is in correct format 727 if (bcs.is_wide()) { 728 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 729 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 730 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 731 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 732 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 733 opcode != Bytecodes::_dstore) { 734 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 735 * if we encounter a wide instruction that modifies an invalid 736 * opcode (not one of the ones listed above) */ 737 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 738 return; 739 } 740 } 741 742 // Look for possible jump target in exception handlers and see if it 743 // matches current_frame. Do this check here for astore*, dstore*, 744 // fstore*, istore*, and lstore* opcodes because they can change the type 745 // state by adding a local. JVM Spec says that the incoming type state 746 // should be used for this check. So, do the check here before a possible 747 // local is added to the type state. 748 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 749 if (was_recursively_verified()) return; 750 verify_exception_handler_targets( 751 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 752 verified_exc_handlers = true; 753 } 754 755 if (was_recursively_verified()) return; 756 757 switch (opcode) { 758 case Bytecodes::_nop : 759 no_control_flow = false; break; 760 case Bytecodes::_aconst_null : 761 current_frame.push_stack( 762 VerificationType::null_type(), CHECK_VERIFY(this)); 763 no_control_flow = false; break; 764 case Bytecodes::_iconst_m1 : 765 case Bytecodes::_iconst_0 : 766 case Bytecodes::_iconst_1 : 767 case Bytecodes::_iconst_2 : 768 case Bytecodes::_iconst_3 : 769 case Bytecodes::_iconst_4 : 770 case Bytecodes::_iconst_5 : 771 current_frame.push_stack( 772 VerificationType::integer_type(), CHECK_VERIFY(this)); 773 no_control_flow = false; break; 774 case Bytecodes::_lconst_0 : 775 case Bytecodes::_lconst_1 : 776 current_frame.push_stack_2( 777 VerificationType::long_type(), 778 VerificationType::long2_type(), CHECK_VERIFY(this)); 779 no_control_flow = false; break; 780 case Bytecodes::_fconst_0 : 781 case Bytecodes::_fconst_1 : 782 case Bytecodes::_fconst_2 : 783 current_frame.push_stack( 784 VerificationType::float_type(), CHECK_VERIFY(this)); 785 no_control_flow = false; break; 786 case Bytecodes::_dconst_0 : 787 case Bytecodes::_dconst_1 : 788 current_frame.push_stack_2( 789 VerificationType::double_type(), 790 VerificationType::double2_type(), CHECK_VERIFY(this)); 791 no_control_flow = false; break; 792 case Bytecodes::_sipush : 793 case Bytecodes::_bipush : 794 current_frame.push_stack( 795 VerificationType::integer_type(), CHECK_VERIFY(this)); 796 no_control_flow = false; break; 797 case Bytecodes::_ldc : 798 verify_ldc( 799 opcode, bcs.get_index_u1(), ¤t_frame, 800 cp, bci, CHECK_VERIFY(this)); 801 no_control_flow = false; break; 802 case Bytecodes::_ldc_w : 803 case Bytecodes::_ldc2_w : 804 verify_ldc( 805 opcode, bcs.get_index_u2(), ¤t_frame, 806 cp, bci, CHECK_VERIFY(this)); 807 no_control_flow = false; break; 808 case Bytecodes::_iload : 809 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 810 no_control_flow = false; break; 811 case Bytecodes::_iload_0 : 812 case Bytecodes::_iload_1 : 813 case Bytecodes::_iload_2 : 814 case Bytecodes::_iload_3 : 815 index = opcode - Bytecodes::_iload_0; 816 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 817 no_control_flow = false; break; 818 case Bytecodes::_lload : 819 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 820 no_control_flow = false; break; 821 case Bytecodes::_lload_0 : 822 case Bytecodes::_lload_1 : 823 case Bytecodes::_lload_2 : 824 case Bytecodes::_lload_3 : 825 index = opcode - Bytecodes::_lload_0; 826 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 827 no_control_flow = false; break; 828 case Bytecodes::_fload : 829 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 830 no_control_flow = false; break; 831 case Bytecodes::_fload_0 : 832 case Bytecodes::_fload_1 : 833 case Bytecodes::_fload_2 : 834 case Bytecodes::_fload_3 : 835 index = opcode - Bytecodes::_fload_0; 836 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 837 no_control_flow = false; break; 838 case Bytecodes::_dload : 839 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 840 no_control_flow = false; break; 841 case Bytecodes::_dload_0 : 842 case Bytecodes::_dload_1 : 843 case Bytecodes::_dload_2 : 844 case Bytecodes::_dload_3 : 845 index = opcode - Bytecodes::_dload_0; 846 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 847 no_control_flow = false; break; 848 case Bytecodes::_aload : 849 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 850 no_control_flow = false; break; 851 case Bytecodes::_aload_0 : 852 case Bytecodes::_aload_1 : 853 case Bytecodes::_aload_2 : 854 case Bytecodes::_aload_3 : 855 index = opcode - Bytecodes::_aload_0; 856 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 857 no_control_flow = false; break; 858 case Bytecodes::_iaload : 859 type = current_frame.pop_stack( 860 VerificationType::integer_type(), CHECK_VERIFY(this)); 861 atype = current_frame.pop_stack( 862 VerificationType::reference_check(), CHECK_VERIFY(this)); 863 if (!atype.is_int_array()) { 864 verify_error(ErrorContext::bad_type(bci, 865 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 866 bad_type_msg, "iaload"); 867 return; 868 } 869 current_frame.push_stack( 870 VerificationType::integer_type(), CHECK_VERIFY(this)); 871 no_control_flow = false; break; 872 case Bytecodes::_baload : 873 type = current_frame.pop_stack( 874 VerificationType::integer_type(), CHECK_VERIFY(this)); 875 atype = current_frame.pop_stack( 876 VerificationType::reference_check(), CHECK_VERIFY(this)); 877 if (!atype.is_bool_array() && !atype.is_byte_array()) { 878 verify_error( 879 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 880 bad_type_msg, "baload"); 881 return; 882 } 883 current_frame.push_stack( 884 VerificationType::integer_type(), CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_caload : 887 type = current_frame.pop_stack( 888 VerificationType::integer_type(), CHECK_VERIFY(this)); 889 atype = current_frame.pop_stack( 890 VerificationType::reference_check(), CHECK_VERIFY(this)); 891 if (!atype.is_char_array()) { 892 verify_error(ErrorContext::bad_type(bci, 893 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 894 bad_type_msg, "caload"); 895 return; 896 } 897 current_frame.push_stack( 898 VerificationType::integer_type(), CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_saload : 901 type = current_frame.pop_stack( 902 VerificationType::integer_type(), CHECK_VERIFY(this)); 903 atype = current_frame.pop_stack( 904 VerificationType::reference_check(), CHECK_VERIFY(this)); 905 if (!atype.is_short_array()) { 906 verify_error(ErrorContext::bad_type(bci, 907 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 908 bad_type_msg, "saload"); 909 return; 910 } 911 current_frame.push_stack( 912 VerificationType::integer_type(), CHECK_VERIFY(this)); 913 no_control_flow = false; break; 914 case Bytecodes::_laload : 915 type = current_frame.pop_stack( 916 VerificationType::integer_type(), CHECK_VERIFY(this)); 917 atype = current_frame.pop_stack( 918 VerificationType::reference_check(), CHECK_VERIFY(this)); 919 if (!atype.is_long_array()) { 920 verify_error(ErrorContext::bad_type(bci, 921 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 922 bad_type_msg, "laload"); 923 return; 924 } 925 current_frame.push_stack_2( 926 VerificationType::long_type(), 927 VerificationType::long2_type(), CHECK_VERIFY(this)); 928 no_control_flow = false; break; 929 case Bytecodes::_faload : 930 type = current_frame.pop_stack( 931 VerificationType::integer_type(), CHECK_VERIFY(this)); 932 atype = current_frame.pop_stack( 933 VerificationType::reference_check(), CHECK_VERIFY(this)); 934 if (!atype.is_float_array()) { 935 verify_error(ErrorContext::bad_type(bci, 936 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 937 bad_type_msg, "faload"); 938 return; 939 } 940 current_frame.push_stack( 941 VerificationType::float_type(), CHECK_VERIFY(this)); 942 no_control_flow = false; break; 943 case Bytecodes::_daload : 944 type = current_frame.pop_stack( 945 VerificationType::integer_type(), CHECK_VERIFY(this)); 946 atype = current_frame.pop_stack( 947 VerificationType::reference_check(), CHECK_VERIFY(this)); 948 if (!atype.is_double_array()) { 949 verify_error(ErrorContext::bad_type(bci, 950 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 951 bad_type_msg, "daload"); 952 return; 953 } 954 current_frame.push_stack_2( 955 VerificationType::double_type(), 956 VerificationType::double2_type(), CHECK_VERIFY(this)); 957 no_control_flow = false; break; 958 case Bytecodes::_aaload : { 959 type = current_frame.pop_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 atype = current_frame.pop_stack( 962 VerificationType::reference_check(), CHECK_VERIFY(this)); 963 if (!atype.is_reference_array()) { 964 verify_error(ErrorContext::bad_type(bci, 965 current_frame.stack_top_ctx(), 966 TypeOrigin::implicit(VerificationType::reference_check())), 967 bad_type_msg, "aaload"); 968 return; 969 } 970 if (atype.is_null()) { 971 current_frame.push_stack( 972 VerificationType::null_type(), CHECK_VERIFY(this)); 973 } else { 974 VerificationType component = 975 atype.get_component(this, CHECK_VERIFY(this)); 976 current_frame.push_stack(component, CHECK_VERIFY(this)); 977 } 978 no_control_flow = false; break; 979 } 980 case Bytecodes::_istore : 981 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 982 no_control_flow = false; break; 983 case Bytecodes::_istore_0 : 984 case Bytecodes::_istore_1 : 985 case Bytecodes::_istore_2 : 986 case Bytecodes::_istore_3 : 987 index = opcode - Bytecodes::_istore_0; 988 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_lstore : 991 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 992 no_control_flow = false; break; 993 case Bytecodes::_lstore_0 : 994 case Bytecodes::_lstore_1 : 995 case Bytecodes::_lstore_2 : 996 case Bytecodes::_lstore_3 : 997 index = opcode - Bytecodes::_lstore_0; 998 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 999 no_control_flow = false; break; 1000 case Bytecodes::_fstore : 1001 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1002 no_control_flow = false; break; 1003 case Bytecodes::_fstore_0 : 1004 case Bytecodes::_fstore_1 : 1005 case Bytecodes::_fstore_2 : 1006 case Bytecodes::_fstore_3 : 1007 index = opcode - Bytecodes::_fstore_0; 1008 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1009 no_control_flow = false; break; 1010 case Bytecodes::_dstore : 1011 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1012 no_control_flow = false; break; 1013 case Bytecodes::_dstore_0 : 1014 case Bytecodes::_dstore_1 : 1015 case Bytecodes::_dstore_2 : 1016 case Bytecodes::_dstore_3 : 1017 index = opcode - Bytecodes::_dstore_0; 1018 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1019 no_control_flow = false; break; 1020 case Bytecodes::_astore : 1021 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1022 no_control_flow = false; break; 1023 case Bytecodes::_astore_0 : 1024 case Bytecodes::_astore_1 : 1025 case Bytecodes::_astore_2 : 1026 case Bytecodes::_astore_3 : 1027 index = opcode - Bytecodes::_astore_0; 1028 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1029 no_control_flow = false; break; 1030 case Bytecodes::_iastore : 1031 type = current_frame.pop_stack( 1032 VerificationType::integer_type(), CHECK_VERIFY(this)); 1033 type2 = current_frame.pop_stack( 1034 VerificationType::integer_type(), CHECK_VERIFY(this)); 1035 atype = current_frame.pop_stack( 1036 VerificationType::reference_check(), CHECK_VERIFY(this)); 1037 if (!atype.is_int_array()) { 1038 verify_error(ErrorContext::bad_type(bci, 1039 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 1040 bad_type_msg, "iastore"); 1041 return; 1042 } 1043 no_control_flow = false; break; 1044 case Bytecodes::_bastore : 1045 type = current_frame.pop_stack( 1046 VerificationType::integer_type(), CHECK_VERIFY(this)); 1047 type2 = current_frame.pop_stack( 1048 VerificationType::integer_type(), CHECK_VERIFY(this)); 1049 atype = current_frame.pop_stack( 1050 VerificationType::reference_check(), CHECK_VERIFY(this)); 1051 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1052 verify_error( 1053 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1054 bad_type_msg, "bastore"); 1055 return; 1056 } 1057 no_control_flow = false; break; 1058 case Bytecodes::_castore : 1059 current_frame.pop_stack( 1060 VerificationType::integer_type(), CHECK_VERIFY(this)); 1061 current_frame.pop_stack( 1062 VerificationType::integer_type(), CHECK_VERIFY(this)); 1063 atype = current_frame.pop_stack( 1064 VerificationType::reference_check(), CHECK_VERIFY(this)); 1065 if (!atype.is_char_array()) { 1066 verify_error(ErrorContext::bad_type(bci, 1067 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 1068 bad_type_msg, "castore"); 1069 return; 1070 } 1071 no_control_flow = false; break; 1072 case Bytecodes::_sastore : 1073 current_frame.pop_stack( 1074 VerificationType::integer_type(), CHECK_VERIFY(this)); 1075 current_frame.pop_stack( 1076 VerificationType::integer_type(), CHECK_VERIFY(this)); 1077 atype = current_frame.pop_stack( 1078 VerificationType::reference_check(), CHECK_VERIFY(this)); 1079 if (!atype.is_short_array()) { 1080 verify_error(ErrorContext::bad_type(bci, 1081 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1082 bad_type_msg, "sastore"); 1083 return; 1084 } 1085 no_control_flow = false; break; 1086 case Bytecodes::_lastore : 1087 current_frame.pop_stack_2( 1088 VerificationType::long2_type(), 1089 VerificationType::long_type(), CHECK_VERIFY(this)); 1090 current_frame.pop_stack( 1091 VerificationType::integer_type(), CHECK_VERIFY(this)); 1092 atype = current_frame.pop_stack( 1093 VerificationType::reference_check(), CHECK_VERIFY(this)); 1094 if (!atype.is_long_array()) { 1095 verify_error(ErrorContext::bad_type(bci, 1096 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1097 bad_type_msg, "lastore"); 1098 return; 1099 } 1100 no_control_flow = false; break; 1101 case Bytecodes::_fastore : 1102 current_frame.pop_stack( 1103 VerificationType::float_type(), CHECK_VERIFY(this)); 1104 current_frame.pop_stack 1105 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1106 atype = current_frame.pop_stack( 1107 VerificationType::reference_check(), CHECK_VERIFY(this)); 1108 if (!atype.is_float_array()) { 1109 verify_error(ErrorContext::bad_type(bci, 1110 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1111 bad_type_msg, "fastore"); 1112 return; 1113 } 1114 no_control_flow = false; break; 1115 case Bytecodes::_dastore : 1116 current_frame.pop_stack_2( 1117 VerificationType::double2_type(), 1118 VerificationType::double_type(), CHECK_VERIFY(this)); 1119 current_frame.pop_stack( 1120 VerificationType::integer_type(), CHECK_VERIFY(this)); 1121 atype = current_frame.pop_stack( 1122 VerificationType::reference_check(), CHECK_VERIFY(this)); 1123 if (!atype.is_double_array()) { 1124 verify_error(ErrorContext::bad_type(bci, 1125 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1126 bad_type_msg, "dastore"); 1127 return; 1128 } 1129 no_control_flow = false; break; 1130 case Bytecodes::_aastore : 1131 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1132 type2 = current_frame.pop_stack( 1133 VerificationType::integer_type(), CHECK_VERIFY(this)); 1134 atype = current_frame.pop_stack( 1135 VerificationType::reference_check(), CHECK_VERIFY(this)); 1136 // more type-checking is done at runtime 1137 if (!atype.is_reference_array()) { 1138 verify_error(ErrorContext::bad_type(bci, 1139 current_frame.stack_top_ctx(), 1140 TypeOrigin::implicit(VerificationType::reference_check())), 1141 bad_type_msg, "aastore"); 1142 return; 1143 } 1144 // 4938384: relaxed constraint in JVMS 3nd edition. 1145 no_control_flow = false; break; 1146 case Bytecodes::_pop : 1147 current_frame.pop_stack( 1148 VerificationType::category1_check(), CHECK_VERIFY(this)); 1149 no_control_flow = false; break; 1150 case Bytecodes::_pop2 : 1151 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1152 if (type.is_category1()) { 1153 current_frame.pop_stack( 1154 VerificationType::category1_check(), CHECK_VERIFY(this)); 1155 } else if (type.is_category2_2nd()) { 1156 current_frame.pop_stack( 1157 VerificationType::category2_check(), CHECK_VERIFY(this)); 1158 } else { 1159 /* Unreachable? Would need a category2_1st on TOS 1160 * which does not appear possible. */ 1161 verify_error( 1162 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1163 bad_type_msg, "pop2"); 1164 return; 1165 } 1166 no_control_flow = false; break; 1167 case Bytecodes::_dup : 1168 type = current_frame.pop_stack( 1169 VerificationType::category1_check(), CHECK_VERIFY(this)); 1170 current_frame.push_stack(type, CHECK_VERIFY(this)); 1171 current_frame.push_stack(type, CHECK_VERIFY(this)); 1172 no_control_flow = false; break; 1173 case Bytecodes::_dup_x1 : 1174 type = current_frame.pop_stack( 1175 VerificationType::category1_check(), CHECK_VERIFY(this)); 1176 type2 = current_frame.pop_stack( 1177 VerificationType::category1_check(), CHECK_VERIFY(this)); 1178 current_frame.push_stack(type, CHECK_VERIFY(this)); 1179 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1180 current_frame.push_stack(type, CHECK_VERIFY(this)); 1181 no_control_flow = false; break; 1182 case Bytecodes::_dup_x2 : 1183 { 1184 VerificationType type3; 1185 type = current_frame.pop_stack( 1186 VerificationType::category1_check(), CHECK_VERIFY(this)); 1187 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1188 if (type2.is_category1()) { 1189 type3 = current_frame.pop_stack( 1190 VerificationType::category1_check(), CHECK_VERIFY(this)); 1191 } else if (type2.is_category2_2nd()) { 1192 type3 = current_frame.pop_stack( 1193 VerificationType::category2_check(), CHECK_VERIFY(this)); 1194 } else { 1195 /* Unreachable? Would need a category2_1st at stack depth 2 with 1196 * a category1 on TOS which does not appear possible. */ 1197 verify_error(ErrorContext::bad_type( 1198 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1199 return; 1200 } 1201 current_frame.push_stack(type, CHECK_VERIFY(this)); 1202 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1203 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1204 current_frame.push_stack(type, CHECK_VERIFY(this)); 1205 no_control_flow = false; break; 1206 } 1207 case Bytecodes::_dup2 : 1208 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1209 if (type.is_category1()) { 1210 type2 = current_frame.pop_stack( 1211 VerificationType::category1_check(), CHECK_VERIFY(this)); 1212 } else if (type.is_category2_2nd()) { 1213 type2 = current_frame.pop_stack( 1214 VerificationType::category2_check(), CHECK_VERIFY(this)); 1215 } else { 1216 /* Unreachable? Would need a category2_1st on TOS which does not 1217 * appear possible. */ 1218 verify_error( 1219 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1220 bad_type_msg, "dup2"); 1221 return; 1222 } 1223 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1224 current_frame.push_stack(type, CHECK_VERIFY(this)); 1225 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1226 current_frame.push_stack(type, CHECK_VERIFY(this)); 1227 no_control_flow = false; break; 1228 case Bytecodes::_dup2_x1 : 1229 { 1230 VerificationType type3; 1231 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1232 if (type.is_category1()) { 1233 type2 = current_frame.pop_stack( 1234 VerificationType::category1_check(), CHECK_VERIFY(this)); 1235 } else if (type.is_category2_2nd()) { 1236 type2 = current_frame.pop_stack( 1237 VerificationType::category2_check(), CHECK_VERIFY(this)); 1238 } else { 1239 /* Unreachable? Would need a category2_1st on TOS which does 1240 * not appear possible. */ 1241 verify_error( 1242 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1243 bad_type_msg, "dup2_x1"); 1244 return; 1245 } 1246 type3 = current_frame.pop_stack( 1247 VerificationType::category1_check(), CHECK_VERIFY(this)); 1248 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1249 current_frame.push_stack(type, CHECK_VERIFY(this)); 1250 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1251 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1252 current_frame.push_stack(type, CHECK_VERIFY(this)); 1253 no_control_flow = false; break; 1254 } 1255 case Bytecodes::_dup2_x2 : 1256 { 1257 VerificationType type3, type4; 1258 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1259 if (type.is_category1()) { 1260 type2 = current_frame.pop_stack( 1261 VerificationType::category1_check(), CHECK_VERIFY(this)); 1262 } else if (type.is_category2_2nd()) { 1263 type2 = current_frame.pop_stack( 1264 VerificationType::category2_check(), CHECK_VERIFY(this)); 1265 } else { 1266 /* Unreachable? Would need a category2_1st on TOS which does 1267 * not appear possible. */ 1268 verify_error( 1269 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1270 bad_type_msg, "dup2_x2"); 1271 return; 1272 } 1273 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1274 if (type3.is_category1()) { 1275 type4 = current_frame.pop_stack( 1276 VerificationType::category1_check(), CHECK_VERIFY(this)); 1277 } else if (type3.is_category2_2nd()) { 1278 type4 = current_frame.pop_stack( 1279 VerificationType::category2_check(), CHECK_VERIFY(this)); 1280 } else { 1281 /* Unreachable? Would need a category2_1st on TOS after popping 1282 * a long/double or two category 1's, which does not 1283 * appear possible. */ 1284 verify_error( 1285 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1286 bad_type_msg, "dup2_x2"); 1287 return; 1288 } 1289 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1290 current_frame.push_stack(type, CHECK_VERIFY(this)); 1291 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1292 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1294 current_frame.push_stack(type, CHECK_VERIFY(this)); 1295 no_control_flow = false; break; 1296 } 1297 case Bytecodes::_swap : 1298 type = current_frame.pop_stack( 1299 VerificationType::category1_check(), CHECK_VERIFY(this)); 1300 type2 = current_frame.pop_stack( 1301 VerificationType::category1_check(), CHECK_VERIFY(this)); 1302 current_frame.push_stack(type, CHECK_VERIFY(this)); 1303 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1304 no_control_flow = false; break; 1305 case Bytecodes::_iadd : 1306 case Bytecodes::_isub : 1307 case Bytecodes::_imul : 1308 case Bytecodes::_idiv : 1309 case Bytecodes::_irem : 1310 case Bytecodes::_ishl : 1311 case Bytecodes::_ishr : 1312 case Bytecodes::_iushr : 1313 case Bytecodes::_ior : 1314 case Bytecodes::_ixor : 1315 case Bytecodes::_iand : 1316 current_frame.pop_stack( 1317 VerificationType::integer_type(), CHECK_VERIFY(this)); 1318 // fall through 1319 case Bytecodes::_ineg : 1320 current_frame.pop_stack( 1321 VerificationType::integer_type(), CHECK_VERIFY(this)); 1322 current_frame.push_stack( 1323 VerificationType::integer_type(), CHECK_VERIFY(this)); 1324 no_control_flow = false; break; 1325 case Bytecodes::_ladd : 1326 case Bytecodes::_lsub : 1327 case Bytecodes::_lmul : 1328 case Bytecodes::_ldiv : 1329 case Bytecodes::_lrem : 1330 case Bytecodes::_land : 1331 case Bytecodes::_lor : 1332 case Bytecodes::_lxor : 1333 current_frame.pop_stack_2( 1334 VerificationType::long2_type(), 1335 VerificationType::long_type(), CHECK_VERIFY(this)); 1336 // fall through 1337 case Bytecodes::_lneg : 1338 current_frame.pop_stack_2( 1339 VerificationType::long2_type(), 1340 VerificationType::long_type(), CHECK_VERIFY(this)); 1341 current_frame.push_stack_2( 1342 VerificationType::long_type(), 1343 VerificationType::long2_type(), CHECK_VERIFY(this)); 1344 no_control_flow = false; break; 1345 case Bytecodes::_lshl : 1346 case Bytecodes::_lshr : 1347 case Bytecodes::_lushr : 1348 current_frame.pop_stack( 1349 VerificationType::integer_type(), CHECK_VERIFY(this)); 1350 current_frame.pop_stack_2( 1351 VerificationType::long2_type(), 1352 VerificationType::long_type(), CHECK_VERIFY(this)); 1353 current_frame.push_stack_2( 1354 VerificationType::long_type(), 1355 VerificationType::long2_type(), CHECK_VERIFY(this)); 1356 no_control_flow = false; break; 1357 case Bytecodes::_fadd : 1358 case Bytecodes::_fsub : 1359 case Bytecodes::_fmul : 1360 case Bytecodes::_fdiv : 1361 case Bytecodes::_frem : 1362 current_frame.pop_stack( 1363 VerificationType::float_type(), CHECK_VERIFY(this)); 1364 // fall through 1365 case Bytecodes::_fneg : 1366 current_frame.pop_stack( 1367 VerificationType::float_type(), CHECK_VERIFY(this)); 1368 current_frame.push_stack( 1369 VerificationType::float_type(), CHECK_VERIFY(this)); 1370 no_control_flow = false; break; 1371 case Bytecodes::_dadd : 1372 case Bytecodes::_dsub : 1373 case Bytecodes::_dmul : 1374 case Bytecodes::_ddiv : 1375 case Bytecodes::_drem : 1376 current_frame.pop_stack_2( 1377 VerificationType::double2_type(), 1378 VerificationType::double_type(), CHECK_VERIFY(this)); 1379 // fall through 1380 case Bytecodes::_dneg : 1381 current_frame.pop_stack_2( 1382 VerificationType::double2_type(), 1383 VerificationType::double_type(), CHECK_VERIFY(this)); 1384 current_frame.push_stack_2( 1385 VerificationType::double_type(), 1386 VerificationType::double2_type(), CHECK_VERIFY(this)); 1387 no_control_flow = false; break; 1388 case Bytecodes::_iinc : 1389 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1390 no_control_flow = false; break; 1391 case Bytecodes::_i2l : 1392 type = current_frame.pop_stack( 1393 VerificationType::integer_type(), CHECK_VERIFY(this)); 1394 current_frame.push_stack_2( 1395 VerificationType::long_type(), 1396 VerificationType::long2_type(), CHECK_VERIFY(this)); 1397 no_control_flow = false; break; 1398 case Bytecodes::_l2i : 1399 current_frame.pop_stack_2( 1400 VerificationType::long2_type(), 1401 VerificationType::long_type(), CHECK_VERIFY(this)); 1402 current_frame.push_stack( 1403 VerificationType::integer_type(), CHECK_VERIFY(this)); 1404 no_control_flow = false; break; 1405 case Bytecodes::_i2f : 1406 current_frame.pop_stack( 1407 VerificationType::integer_type(), CHECK_VERIFY(this)); 1408 current_frame.push_stack( 1409 VerificationType::float_type(), CHECK_VERIFY(this)); 1410 no_control_flow = false; break; 1411 case Bytecodes::_i2d : 1412 current_frame.pop_stack( 1413 VerificationType::integer_type(), CHECK_VERIFY(this)); 1414 current_frame.push_stack_2( 1415 VerificationType::double_type(), 1416 VerificationType::double2_type(), CHECK_VERIFY(this)); 1417 no_control_flow = false; break; 1418 case Bytecodes::_l2f : 1419 current_frame.pop_stack_2( 1420 VerificationType::long2_type(), 1421 VerificationType::long_type(), CHECK_VERIFY(this)); 1422 current_frame.push_stack( 1423 VerificationType::float_type(), CHECK_VERIFY(this)); 1424 no_control_flow = false; break; 1425 case Bytecodes::_l2d : 1426 current_frame.pop_stack_2( 1427 VerificationType::long2_type(), 1428 VerificationType::long_type(), CHECK_VERIFY(this)); 1429 current_frame.push_stack_2( 1430 VerificationType::double_type(), 1431 VerificationType::double2_type(), CHECK_VERIFY(this)); 1432 no_control_flow = false; break; 1433 case Bytecodes::_f2i : 1434 current_frame.pop_stack( 1435 VerificationType::float_type(), CHECK_VERIFY(this)); 1436 current_frame.push_stack( 1437 VerificationType::integer_type(), CHECK_VERIFY(this)); 1438 no_control_flow = false; break; 1439 case Bytecodes::_f2l : 1440 current_frame.pop_stack( 1441 VerificationType::float_type(), CHECK_VERIFY(this)); 1442 current_frame.push_stack_2( 1443 VerificationType::long_type(), 1444 VerificationType::long2_type(), CHECK_VERIFY(this)); 1445 no_control_flow = false; break; 1446 case Bytecodes::_f2d : 1447 current_frame.pop_stack( 1448 VerificationType::float_type(), CHECK_VERIFY(this)); 1449 current_frame.push_stack_2( 1450 VerificationType::double_type(), 1451 VerificationType::double2_type(), CHECK_VERIFY(this)); 1452 no_control_flow = false; break; 1453 case Bytecodes::_d2i : 1454 current_frame.pop_stack_2( 1455 VerificationType::double2_type(), 1456 VerificationType::double_type(), CHECK_VERIFY(this)); 1457 current_frame.push_stack( 1458 VerificationType::integer_type(), CHECK_VERIFY(this)); 1459 no_control_flow = false; break; 1460 case Bytecodes::_d2l : 1461 current_frame.pop_stack_2( 1462 VerificationType::double2_type(), 1463 VerificationType::double_type(), CHECK_VERIFY(this)); 1464 current_frame.push_stack_2( 1465 VerificationType::long_type(), 1466 VerificationType::long2_type(), CHECK_VERIFY(this)); 1467 no_control_flow = false; break; 1468 case Bytecodes::_d2f : 1469 current_frame.pop_stack_2( 1470 VerificationType::double2_type(), 1471 VerificationType::double_type(), CHECK_VERIFY(this)); 1472 current_frame.push_stack( 1473 VerificationType::float_type(), CHECK_VERIFY(this)); 1474 no_control_flow = false; break; 1475 case Bytecodes::_i2b : 1476 case Bytecodes::_i2c : 1477 case Bytecodes::_i2s : 1478 current_frame.pop_stack( 1479 VerificationType::integer_type(), CHECK_VERIFY(this)); 1480 current_frame.push_stack( 1481 VerificationType::integer_type(), CHECK_VERIFY(this)); 1482 no_control_flow = false; break; 1483 case Bytecodes::_lcmp : 1484 current_frame.pop_stack_2( 1485 VerificationType::long2_type(), 1486 VerificationType::long_type(), CHECK_VERIFY(this)); 1487 current_frame.pop_stack_2( 1488 VerificationType::long2_type(), 1489 VerificationType::long_type(), CHECK_VERIFY(this)); 1490 current_frame.push_stack( 1491 VerificationType::integer_type(), CHECK_VERIFY(this)); 1492 no_control_flow = false; break; 1493 case Bytecodes::_fcmpl : 1494 case Bytecodes::_fcmpg : 1495 current_frame.pop_stack( 1496 VerificationType::float_type(), CHECK_VERIFY(this)); 1497 current_frame.pop_stack( 1498 VerificationType::float_type(), CHECK_VERIFY(this)); 1499 current_frame.push_stack( 1500 VerificationType::integer_type(), CHECK_VERIFY(this)); 1501 no_control_flow = false; break; 1502 case Bytecodes::_dcmpl : 1503 case Bytecodes::_dcmpg : 1504 current_frame.pop_stack_2( 1505 VerificationType::double2_type(), 1506 VerificationType::double_type(), CHECK_VERIFY(this)); 1507 current_frame.pop_stack_2( 1508 VerificationType::double2_type(), 1509 VerificationType::double_type(), CHECK_VERIFY(this)); 1510 current_frame.push_stack( 1511 VerificationType::integer_type(), CHECK_VERIFY(this)); 1512 no_control_flow = false; break; 1513 case Bytecodes::_if_icmpeq: 1514 case Bytecodes::_if_icmpne: 1515 case Bytecodes::_if_icmplt: 1516 case Bytecodes::_if_icmpge: 1517 case Bytecodes::_if_icmpgt: 1518 case Bytecodes::_if_icmple: 1519 current_frame.pop_stack( 1520 VerificationType::integer_type(), CHECK_VERIFY(this)); 1521 // fall through 1522 case Bytecodes::_ifeq: 1523 case Bytecodes::_ifne: 1524 case Bytecodes::_iflt: 1525 case Bytecodes::_ifge: 1526 case Bytecodes::_ifgt: 1527 case Bytecodes::_ifle: 1528 current_frame.pop_stack( 1529 VerificationType::integer_type(), CHECK_VERIFY(this)); 1530 target = bcs.dest(); 1531 stackmap_table.check_jump_target( 1532 ¤t_frame, target, CHECK_VERIFY(this)); 1533 no_control_flow = false; break; 1534 case Bytecodes::_if_acmpeq : 1535 case Bytecodes::_if_acmpne : 1536 current_frame.pop_stack( 1537 VerificationType::reference_check(), CHECK_VERIFY(this)); 1538 // fall through 1539 case Bytecodes::_ifnull : 1540 case Bytecodes::_ifnonnull : 1541 current_frame.pop_stack( 1542 VerificationType::reference_check(), CHECK_VERIFY(this)); 1543 target = bcs.dest(); 1544 stackmap_table.check_jump_target 1545 (¤t_frame, target, CHECK_VERIFY(this)); 1546 no_control_flow = false; break; 1547 case Bytecodes::_goto : 1548 target = bcs.dest(); 1549 stackmap_table.check_jump_target( 1550 ¤t_frame, target, CHECK_VERIFY(this)); 1551 no_control_flow = true; break; 1552 case Bytecodes::_goto_w : 1553 target = bcs.dest_w(); 1554 stackmap_table.check_jump_target( 1555 ¤t_frame, target, CHECK_VERIFY(this)); 1556 no_control_flow = true; break; 1557 case Bytecodes::_tableswitch : 1558 case Bytecodes::_lookupswitch : 1559 verify_switch( 1560 &bcs, code_length, code_data, ¤t_frame, 1561 &stackmap_table, CHECK_VERIFY(this)); 1562 no_control_flow = true; break; 1563 case Bytecodes::_ireturn : 1564 type = current_frame.pop_stack( 1565 VerificationType::integer_type(), CHECK_VERIFY(this)); 1566 verify_return_value(return_type, type, bci, 1567 ¤t_frame, CHECK_VERIFY(this)); 1568 no_control_flow = true; break; 1569 case Bytecodes::_lreturn : 1570 type2 = current_frame.pop_stack( 1571 VerificationType::long2_type(), CHECK_VERIFY(this)); 1572 type = current_frame.pop_stack( 1573 VerificationType::long_type(), CHECK_VERIFY(this)); 1574 verify_return_value(return_type, type, bci, 1575 ¤t_frame, CHECK_VERIFY(this)); 1576 no_control_flow = true; break; 1577 case Bytecodes::_freturn : 1578 type = current_frame.pop_stack( 1579 VerificationType::float_type(), CHECK_VERIFY(this)); 1580 verify_return_value(return_type, type, bci, 1581 ¤t_frame, CHECK_VERIFY(this)); 1582 no_control_flow = true; break; 1583 case Bytecodes::_dreturn : 1584 type2 = current_frame.pop_stack( 1585 VerificationType::double2_type(), CHECK_VERIFY(this)); 1586 type = current_frame.pop_stack( 1587 VerificationType::double_type(), CHECK_VERIFY(this)); 1588 verify_return_value(return_type, type, bci, 1589 ¤t_frame, CHECK_VERIFY(this)); 1590 no_control_flow = true; break; 1591 case Bytecodes::_areturn : 1592 type = current_frame.pop_stack( 1593 VerificationType::reference_check(), CHECK_VERIFY(this)); 1594 verify_return_value(return_type, type, bci, 1595 ¤t_frame, CHECK_VERIFY(this)); 1596 no_control_flow = true; break; 1597 case Bytecodes::_return : 1598 if (return_type != VerificationType::bogus_type()) { 1599 verify_error(ErrorContext::bad_code(bci), 1600 "Method expects a return value"); 1601 return; 1602 } 1603 // Make sure "this" has been initialized if current method is an 1604 // <init>. 1605 if (_method->name() == vmSymbols::object_initializer_name() && 1606 current_frame.flag_this_uninit()) { 1607 verify_error(ErrorContext::bad_code(bci), 1608 "Constructor must call super() or this() " 1609 "before return"); 1610 return; 1611 } 1612 no_control_flow = true; break; 1613 case Bytecodes::_getstatic : 1614 case Bytecodes::_putstatic : 1615 // pass TRUE, operand can be an array type for getstatic/putstatic. 1616 verify_field_instructions( 1617 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1618 no_control_flow = false; break; 1619 case Bytecodes::_getfield : 1620 case Bytecodes::_putfield : 1621 // pass FALSE, operand can't be an array type for getfield/putfield. 1622 verify_field_instructions( 1623 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1624 no_control_flow = false; break; 1625 case Bytecodes::_invokevirtual : 1626 case Bytecodes::_invokespecial : 1627 case Bytecodes::_invokestatic : 1628 verify_invoke_instructions( 1629 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1630 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1631 no_control_flow = false; break; 1632 case Bytecodes::_invokeinterface : 1633 case Bytecodes::_invokedynamic : 1634 verify_invoke_instructions( 1635 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1636 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1637 no_control_flow = false; break; 1638 case Bytecodes::_new : 1639 { 1640 index = bcs.get_index_u2(); 1641 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1642 VerificationType new_class_type = 1643 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1644 if (!new_class_type.is_object()) { 1645 verify_error(ErrorContext::bad_type(bci, 1646 TypeOrigin::cp(index, new_class_type)), 1647 "Illegal new instruction"); 1648 return; 1649 } 1650 type = VerificationType::uninitialized_type(bci); 1651 current_frame.push_stack(type, CHECK_VERIFY(this)); 1652 no_control_flow = false; break; 1653 } 1654 case Bytecodes::_newarray : 1655 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1656 current_frame.pop_stack( 1657 VerificationType::integer_type(), CHECK_VERIFY(this)); 1658 current_frame.push_stack(type, CHECK_VERIFY(this)); 1659 no_control_flow = false; break; 1660 case Bytecodes::_anewarray : 1661 verify_anewarray( 1662 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1663 no_control_flow = false; break; 1664 case Bytecodes::_arraylength : 1665 type = current_frame.pop_stack( 1666 VerificationType::reference_check(), CHECK_VERIFY(this)); 1667 if (!(type.is_null() || type.is_array())) { 1668 verify_error(ErrorContext::bad_type( 1669 bci, current_frame.stack_top_ctx()), 1670 bad_type_msg, "arraylength"); 1671 } 1672 current_frame.push_stack( 1673 VerificationType::integer_type(), CHECK_VERIFY(this)); 1674 no_control_flow = false; break; 1675 case Bytecodes::_checkcast : 1676 { 1677 index = bcs.get_index_u2(); 1678 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1679 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1680 VerificationType klass_type = cp_index_to_type( 1681 index, cp, CHECK_VERIFY(this)); 1682 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1683 no_control_flow = false; break; 1684 } 1685 case Bytecodes::_instanceof : { 1686 index = bcs.get_index_u2(); 1687 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1688 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1689 current_frame.push_stack( 1690 VerificationType::integer_type(), CHECK_VERIFY(this)); 1691 no_control_flow = false; break; 1692 } 1693 case Bytecodes::_monitorenter : 1694 case Bytecodes::_monitorexit : 1695 current_frame.pop_stack( 1696 VerificationType::reference_check(), CHECK_VERIFY(this)); 1697 no_control_flow = false; break; 1698 case Bytecodes::_multianewarray : 1699 { 1700 index = bcs.get_index_u2(); 1701 u2 dim = *(bcs.bcp()+3); 1702 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1703 VerificationType new_array_type = 1704 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1705 if (!new_array_type.is_array()) { 1706 verify_error(ErrorContext::bad_type(bci, 1707 TypeOrigin::cp(index, new_array_type)), 1708 "Illegal constant pool index in multianewarray instruction"); 1709 return; 1710 } 1711 if (dim < 1 || new_array_type.dimensions() < dim) { 1712 verify_error(ErrorContext::bad_code(bci), 1713 "Illegal dimension in multianewarray instruction: %d", dim); 1714 return; 1715 } 1716 for (int i = 0; i < dim; i++) { 1717 current_frame.pop_stack( 1718 VerificationType::integer_type(), CHECK_VERIFY(this)); 1719 } 1720 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1721 no_control_flow = false; break; 1722 } 1723 case Bytecodes::_athrow : 1724 type = VerificationType::reference_type( 1725 vmSymbols::java_lang_Throwable()); 1726 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1727 no_control_flow = true; break; 1728 default: 1729 // We only need to check the valid bytecodes in class file. 1730 // And jsr and ret are not in the new class file format in JDK1.5. 1731 verify_error(ErrorContext::bad_code(bci), 1732 "Bad instruction: %02x", opcode); 1733 no_control_flow = false; 1734 return; 1735 } // end switch 1736 } // end Merge with the next instruction 1737 1738 // Look for possible jump target in exception handlers and see if it matches 1739 // current_frame. Don't do this check if it has already been done (for 1740 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1741 // opcodes, such as invokespecial, may set the this_uninit flag. 1742 assert(!(verified_exc_handlers && this_uninit), 1743 "Exception handler targets got verified before this_uninit got set"); 1744 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1745 if (was_recursively_verified()) return; 1746 verify_exception_handler_targets( 1747 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1748 } 1749 } // end while 1750 1751 // Make sure that control flow does not fall through end of the method 1752 if (!no_control_flow) { 1753 verify_error(ErrorContext::bad_code(code_length), 1754 "Control flow falls through code end"); 1755 return; 1756 } 1757 } 1758 1759 #undef bad_type_message 1760 1761 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1762 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1763 memset(code_data, 0, sizeof(char) * code_length); 1764 RawBytecodeStream bcs(m); 1765 1766 while (!bcs.is_last_bytecode()) { 1767 if (bcs.raw_next() != Bytecodes::_illegal) { 1768 int bci = bcs.bci(); 1769 if (bcs.raw_code() == Bytecodes::_new) { 1770 code_data[bci] = NEW_OFFSET; 1771 } else { 1772 code_data[bci] = BYTECODE_OFFSET; 1773 } 1774 } else { 1775 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1776 return NULL; 1777 } 1778 } 1779 1780 return code_data; 1781 } 1782 1783 // Since this method references the constant pool, call was_recursively_verified() 1784 // before calling this method to make sure a prior class load did not cause the 1785 // current class to get verified. 1786 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1787 ExceptionTable exhandlers(_method()); 1788 int exlength = exhandlers.length(); 1789 constantPoolHandle cp (THREAD, _method->constants()); 1790 1791 for(int i = 0; i < exlength; i++) { 1792 u2 start_pc = exhandlers.start_pc(i); 1793 u2 end_pc = exhandlers.end_pc(i); 1794 u2 handler_pc = exhandlers.handler_pc(i); 1795 if (start_pc >= code_length || code_data[start_pc] == 0) { 1796 class_format_error("Illegal exception table start_pc %d", start_pc); 1797 return; 1798 } 1799 if (end_pc != code_length) { // special case: end_pc == code_length 1800 if (end_pc > code_length || code_data[end_pc] == 0) { 1801 class_format_error("Illegal exception table end_pc %d", end_pc); 1802 return; 1803 } 1804 } 1805 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1806 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1807 return; 1808 } 1809 int catch_type_index = exhandlers.catch_type_index(i); 1810 if (catch_type_index != 0) { 1811 VerificationType catch_type = cp_index_to_type( 1812 catch_type_index, cp, CHECK_VERIFY(this)); 1813 VerificationType throwable = 1814 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1815 bool is_subclass = throwable.is_assignable_from( 1816 catch_type, this, false, CHECK_VERIFY(this)); 1817 if (!is_subclass) { 1818 // 4286534: should throw VerifyError according to recent spec change 1819 verify_error(ErrorContext::bad_type(handler_pc, 1820 TypeOrigin::cp(catch_type_index, catch_type), 1821 TypeOrigin::implicit(throwable)), 1822 "Catch type is not a subclass " 1823 "of Throwable in exception handler %d", handler_pc); 1824 return; 1825 } 1826 } 1827 if (start_pc < min) min = start_pc; 1828 if (end_pc > max) max = end_pc; 1829 } 1830 } 1831 1832 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1833 int localvariable_table_length = _method->localvariable_table_length(); 1834 if (localvariable_table_length > 0) { 1835 LocalVariableTableElement* table = _method->localvariable_table_start(); 1836 for (int i = 0; i < localvariable_table_length; i++) { 1837 u2 start_bci = table[i].start_bci; 1838 u2 length = table[i].length; 1839 1840 if (start_bci >= code_length || code_data[start_bci] == 0) { 1841 class_format_error( 1842 "Illegal local variable table start_pc %d", start_bci); 1843 return; 1844 } 1845 u4 end_bci = (u4)(start_bci + length); 1846 if (end_bci != code_length) { 1847 if (end_bci >= code_length || code_data[end_bci] == 0) { 1848 class_format_error( "Illegal local variable table length %d", length); 1849 return; 1850 } 1851 } 1852 } 1853 } 1854 } 1855 1856 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1857 StackMapFrame* current_frame, 1858 StackMapTable* stackmap_table, 1859 bool no_control_flow, TRAPS) { 1860 if (stackmap_index < stackmap_table->get_frame_count()) { 1861 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1862 if (no_control_flow && this_offset > bci) { 1863 verify_error(ErrorContext::missing_stackmap(bci), 1864 "Expecting a stack map frame"); 1865 return 0; 1866 } 1867 if (this_offset == bci) { 1868 ErrorContext ctx; 1869 // See if current stack map can be assigned to the frame in table. 1870 // current_frame is the stackmap frame got from the last instruction. 1871 // If matched, current_frame will be updated by this method. 1872 bool matches = stackmap_table->match_stackmap( 1873 current_frame, this_offset, stackmap_index, 1874 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1875 if (!matches) { 1876 // report type error 1877 verify_error(ctx, "Instruction type does not match stack map"); 1878 return 0; 1879 } 1880 stackmap_index++; 1881 } else if (this_offset < bci) { 1882 // current_offset should have met this_offset. 1883 class_format_error("Bad stack map offset %d", this_offset); 1884 return 0; 1885 } 1886 } else if (no_control_flow) { 1887 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1888 return 0; 1889 } 1890 return stackmap_index; 1891 } 1892 1893 // Since this method references the constant pool, call was_recursively_verified() 1894 // before calling this method to make sure a prior class load did not cause the 1895 // current class to get verified. 1896 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1897 StackMapFrame* current_frame, 1898 StackMapTable* stackmap_table, TRAPS) { 1899 constantPoolHandle cp (THREAD, _method->constants()); 1900 ExceptionTable exhandlers(_method()); 1901 int exlength = exhandlers.length(); 1902 for(int i = 0; i < exlength; i++) { 1903 u2 start_pc = exhandlers.start_pc(i); 1904 u2 end_pc = exhandlers.end_pc(i); 1905 u2 handler_pc = exhandlers.handler_pc(i); 1906 int catch_type_index = exhandlers.catch_type_index(i); 1907 if(bci >= start_pc && bci < end_pc) { 1908 u1 flags = current_frame->flags(); 1909 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1910 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1911 if (catch_type_index != 0) { 1912 if (was_recursively_verified()) return; 1913 // We know that this index refers to a subclass of Throwable 1914 VerificationType catch_type = cp_index_to_type( 1915 catch_type_index, cp, CHECK_VERIFY(this)); 1916 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1917 } else { 1918 VerificationType throwable = 1919 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1920 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1921 } 1922 ErrorContext ctx; 1923 bool matches = stackmap_table->match_stackmap( 1924 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1925 if (!matches) { 1926 verify_error(ctx, "Stack map does not match the one at " 1927 "exception handler %d", handler_pc); 1928 return; 1929 } 1930 } 1931 } 1932 } 1933 1934 void ClassVerifier::verify_cp_index( 1935 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 1936 int nconstants = cp->length(); 1937 if ((index <= 0) || (index >= nconstants)) { 1938 verify_error(ErrorContext::bad_cp_index(bci, index), 1939 "Illegal constant pool index %d in class %s", 1940 index, cp->pool_holder()->external_name()); 1941 return; 1942 } 1943 } 1944 1945 void ClassVerifier::verify_cp_type( 1946 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 1947 1948 // In some situations, bytecode rewriting may occur while we're verifying. 1949 // In this case, a constant pool cache exists and some indices refer to that 1950 // instead. Be sure we don't pick up such indices by accident. 1951 // We must check was_recursively_verified() before we get here. 1952 guarantee(cp->cache() == NULL, "not rewritten yet"); 1953 1954 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1955 unsigned int tag = cp->tag_at(index).value(); 1956 if ((types & (1 << tag)) == 0) { 1957 verify_error(ErrorContext::bad_cp_index(bci, index), 1958 "Illegal type at constant pool entry %d in class %s", 1959 index, cp->pool_holder()->external_name()); 1960 return; 1961 } 1962 } 1963 1964 void ClassVerifier::verify_cp_class_type( 1965 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 1966 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1967 constantTag tag = cp->tag_at(index); 1968 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1969 verify_error(ErrorContext::bad_cp_index(bci, index), 1970 "Illegal type at constant pool entry %d in class %s", 1971 index, cp->pool_holder()->external_name()); 1972 return; 1973 } 1974 } 1975 1976 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1977 stringStream ss; 1978 1979 ctx.reset_frames(); 1980 _exception_type = vmSymbols::java_lang_VerifyError(); 1981 _error_context = ctx; 1982 va_list va; 1983 va_start(va, msg); 1984 ss.vprint(msg, va); 1985 va_end(va); 1986 _message = ss.as_string(); 1987 #ifdef ASSERT 1988 ResourceMark rm; 1989 const char* exception_name = _exception_type->as_C_string(); 1990 Exceptions::debug_check_abort(exception_name, NULL); 1991 #endif // ndef ASSERT 1992 } 1993 1994 void ClassVerifier::class_format_error(const char* msg, ...) { 1995 stringStream ss; 1996 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1997 va_list va; 1998 va_start(va, msg); 1999 ss.vprint(msg, va); 2000 va_end(va); 2001 if (!_method.is_null()) { 2002 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 2003 } 2004 _message = ss.as_string(); 2005 } 2006 2007 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2008 HandleMark hm(THREAD); 2009 // Get current loader and protection domain first. 2010 oop loader = current_class()->class_loader(); 2011 oop protection_domain = current_class()->protection_domain(); 2012 2013 Klass* kls = SystemDictionary::resolve_or_fail( 2014 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2015 true, THREAD); 2016 2017 if (kls != NULL) { 2018 if (log_is_enabled(Debug, class, resolve)) { 2019 Verifier::trace_class_resolution(kls, current_class()); 2020 } 2021 } 2022 return kls; 2023 } 2024 2025 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2026 Klass* target_class, 2027 Symbol* field_name, 2028 Symbol* field_sig, 2029 bool is_method) { 2030 NoSafepointVerifier nosafepoint; 2031 2032 // If target class isn't a super class of this class, we don't worry about this case 2033 if (!this_class->is_subclass_of(target_class)) { 2034 return false; 2035 } 2036 // Check if the specified method or field is protected 2037 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2038 fieldDescriptor fd; 2039 if (is_method) { 2040 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass); 2041 if (m != NULL && m->is_protected()) { 2042 if (!this_class->is_same_class_package(m->method_holder())) { 2043 return true; 2044 } 2045 } 2046 } else { 2047 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2048 if (member_klass != NULL && fd.is_protected()) { 2049 if (!this_class->is_same_class_package(member_klass)) { 2050 return true; 2051 } 2052 } 2053 } 2054 return false; 2055 } 2056 2057 void ClassVerifier::verify_ldc( 2058 int opcode, u2 index, StackMapFrame* current_frame, 2059 const constantPoolHandle& cp, u2 bci, TRAPS) { 2060 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2061 constantTag tag = cp->tag_at(index); 2062 unsigned int types = 0; 2063 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2064 if (!tag.is_unresolved_klass()) { 2065 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2066 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2067 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2068 | (1 << JVM_CONSTANT_Dynamic); 2069 // Note: The class file parser already verified the legality of 2070 // MethodHandle and MethodType constants. 2071 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2072 } 2073 } else { 2074 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2075 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2076 | (1 << JVM_CONSTANT_Dynamic); 2077 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2078 } 2079 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 2080 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 2081 } else if (tag.is_string()) { 2082 current_frame->push_stack( 2083 VerificationType::reference_type( 2084 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2085 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2086 current_frame->push_stack( 2087 VerificationType::reference_type( 2088 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2089 } else if (tag.is_int()) { 2090 current_frame->push_stack( 2091 VerificationType::integer_type(), CHECK_VERIFY(this)); 2092 } else if (tag.is_float()) { 2093 current_frame->push_stack( 2094 VerificationType::float_type(), CHECK_VERIFY(this)); 2095 } else if (tag.is_double()) { 2096 current_frame->push_stack_2( 2097 VerificationType::double_type(), 2098 VerificationType::double2_type(), CHECK_VERIFY(this)); 2099 } else if (tag.is_long()) { 2100 current_frame->push_stack_2( 2101 VerificationType::long_type(), 2102 VerificationType::long2_type(), CHECK_VERIFY(this)); 2103 } else if (tag.is_method_handle()) { 2104 current_frame->push_stack( 2105 VerificationType::reference_type( 2106 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2107 } else if (tag.is_method_type()) { 2108 current_frame->push_stack( 2109 VerificationType::reference_type( 2110 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2111 } else if (tag.is_dynamic_constant()) { 2112 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2113 if (!SignatureVerifier::is_valid_type_signature(constant_type)) { 2114 class_format_error( 2115 "Invalid type for dynamic constant in class %s referenced " 2116 "from constant pool index %d", _klass->external_name(), index); 2117 return; 2118 } 2119 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2120 "buffer type must match VerificationType size"); 2121 uintptr_t constant_type_buffer[2]; 2122 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2123 SignatureStream sig_stream(constant_type, false); 2124 int n = change_sig_to_verificationType( 2125 &sig_stream, v_constant_type, CHECK_VERIFY(this)); 2126 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2127 if (n != opcode_n) { 2128 // wrong kind of ldc; reverify against updated type mask 2129 types &= ~(1 << JVM_CONSTANT_Dynamic); 2130 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2131 } 2132 for (int i = 0; i < n; i++) { 2133 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2134 } 2135 } else { 2136 /* Unreachable? verify_cp_type has already validated the cp type. */ 2137 verify_error( 2138 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2139 return; 2140 } 2141 } 2142 2143 void ClassVerifier::verify_switch( 2144 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2145 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2146 int bci = bcs->bci(); 2147 address bcp = bcs->bcp(); 2148 address aligned_bcp = align_up(bcp + 1, jintSize); 2149 2150 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2151 // 4639449 & 4647081: padding bytes must be 0 2152 u2 padding_offset = 1; 2153 while ((bcp + padding_offset) < aligned_bcp) { 2154 if(*(bcp + padding_offset) != 0) { 2155 verify_error(ErrorContext::bad_code(bci), 2156 "Nonzero padding byte in lookupswitch or tableswitch"); 2157 return; 2158 } 2159 padding_offset++; 2160 } 2161 } 2162 2163 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2164 int keys, delta; 2165 current_frame->pop_stack( 2166 VerificationType::integer_type(), CHECK_VERIFY(this)); 2167 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2168 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2169 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2170 if (low > high) { 2171 verify_error(ErrorContext::bad_code(bci), 2172 "low must be less than or equal to high in tableswitch"); 2173 return; 2174 } 2175 keys = high - low + 1; 2176 if (keys < 0) { 2177 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2178 return; 2179 } 2180 delta = 1; 2181 } else { 2182 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2183 if (keys < 0) { 2184 verify_error(ErrorContext::bad_code(bci), 2185 "number of keys in lookupswitch less than 0"); 2186 return; 2187 } 2188 delta = 2; 2189 // Make sure that the lookupswitch items are sorted 2190 for (int i = 0; i < (keys - 1); i++) { 2191 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2192 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2193 if (this_key >= next_key) { 2194 verify_error(ErrorContext::bad_code(bci), 2195 "Bad lookupswitch instruction"); 2196 return; 2197 } 2198 } 2199 } 2200 int target = bci + default_offset; 2201 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2202 for (int i = 0; i < keys; i++) { 2203 // Because check_jump_target() may safepoint, the bytecode could have 2204 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2205 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2206 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2207 stackmap_table->check_jump_target( 2208 current_frame, target, CHECK_VERIFY(this)); 2209 } 2210 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2211 } 2212 2213 bool ClassVerifier::name_in_supers( 2214 Symbol* ref_name, InstanceKlass* current) { 2215 Klass* super = current->super(); 2216 while (super != NULL) { 2217 if (super->name() == ref_name) { 2218 return true; 2219 } 2220 super = super->super(); 2221 } 2222 return false; 2223 } 2224 2225 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2226 StackMapFrame* current_frame, 2227 const constantPoolHandle& cp, 2228 bool allow_arrays, 2229 TRAPS) { 2230 u2 index = bcs->get_index_u2(); 2231 verify_cp_type(bcs->bci(), index, cp, 2232 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2233 2234 // Get field name and signature 2235 Symbol* field_name = cp->name_ref_at(index); 2236 Symbol* field_sig = cp->signature_ref_at(index); 2237 2238 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2239 class_format_error( 2240 "Invalid signature for field in class %s referenced " 2241 "from constant pool index %d", _klass->external_name(), index); 2242 return; 2243 } 2244 2245 // Get referenced class type 2246 VerificationType ref_class_type = cp_ref_index_to_type( 2247 index, cp, CHECK_VERIFY(this)); 2248 if (!ref_class_type.is_object() && 2249 (!allow_arrays || !ref_class_type.is_array())) { 2250 verify_error(ErrorContext::bad_type(bcs->bci(), 2251 TypeOrigin::cp(index, ref_class_type)), 2252 "Expecting reference to class in class %s at constant pool index %d", 2253 _klass->external_name(), index); 2254 return; 2255 } 2256 VerificationType target_class_type = ref_class_type; 2257 2258 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2259 "buffer type must match VerificationType size"); 2260 uintptr_t field_type_buffer[2]; 2261 VerificationType* field_type = (VerificationType*)field_type_buffer; 2262 // If we make a VerificationType[2] array directly, the compiler calls 2263 // to the c-runtime library to do the allocation instead of just 2264 // stack allocating it. Plus it would run constructors. This shows up 2265 // in performance profiles. 2266 2267 SignatureStream sig_stream(field_sig, false); 2268 VerificationType stack_object_type; 2269 int n = change_sig_to_verificationType( 2270 &sig_stream, field_type, CHECK_VERIFY(this)); 2271 u2 bci = bcs->bci(); 2272 bool is_assignable; 2273 switch (bcs->raw_code()) { 2274 case Bytecodes::_getstatic: { 2275 for (int i = 0; i < n; i++) { 2276 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2277 } 2278 break; 2279 } 2280 case Bytecodes::_putstatic: { 2281 for (int i = n - 1; i >= 0; i--) { 2282 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2283 } 2284 break; 2285 } 2286 case Bytecodes::_getfield: { 2287 stack_object_type = current_frame->pop_stack( 2288 target_class_type, CHECK_VERIFY(this)); 2289 for (int i = 0; i < n; i++) { 2290 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2291 } 2292 goto check_protected; 2293 } 2294 case Bytecodes::_putfield: { 2295 for (int i = n - 1; i >= 0; i--) { 2296 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2297 } 2298 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2299 2300 // The JVMS 2nd edition allows field initialization before the superclass 2301 // initializer, if the field is defined within the current class. 2302 fieldDescriptor fd; 2303 if (stack_object_type == VerificationType::uninitialized_this_type() && 2304 target_class_type.equals(current_type()) && 2305 _klass->find_local_field(field_name, field_sig, &fd)) { 2306 stack_object_type = current_type(); 2307 } 2308 is_assignable = target_class_type.is_assignable_from( 2309 stack_object_type, this, false, CHECK_VERIFY(this)); 2310 if (!is_assignable) { 2311 verify_error(ErrorContext::bad_type(bci, 2312 current_frame->stack_top_ctx(), 2313 TypeOrigin::cp(index, target_class_type)), 2314 "Bad type on operand stack in putfield"); 2315 return; 2316 } 2317 } 2318 check_protected: { 2319 if (_this_type == stack_object_type) 2320 break; // stack_object_type must be assignable to _current_class_type 2321 if (was_recursively_verified()) return; 2322 Symbol* ref_class_name = 2323 cp->klass_name_at(cp->klass_ref_index_at(index)); 2324 if (!name_in_supers(ref_class_name, current_class())) 2325 // stack_object_type must be assignable to _current_class_type since: 2326 // 1. stack_object_type must be assignable to ref_class. 2327 // 2. ref_class must be _current_class or a subclass of it. It can't 2328 // be a superclass of it. See revised JVMS 5.4.4. 2329 break; 2330 2331 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2332 if (is_protected_access(current_class(), ref_class_oop, field_name, 2333 field_sig, false)) { 2334 // It's protected access, check if stack object is assignable to 2335 // current class. 2336 is_assignable = current_type().is_assignable_from( 2337 stack_object_type, this, true, CHECK_VERIFY(this)); 2338 if (!is_assignable) { 2339 verify_error(ErrorContext::bad_type(bci, 2340 current_frame->stack_top_ctx(), 2341 TypeOrigin::implicit(current_type())), 2342 "Bad access to protected data in getfield"); 2343 return; 2344 } 2345 } 2346 break; 2347 } 2348 default: ShouldNotReachHere(); 2349 } 2350 } 2351 2352 // Look at the method's handlers. If the bci is in the handler's try block 2353 // then check if the handler_pc is already on the stack. If not, push it 2354 // unless the handler has already been scanned. 2355 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2356 GrowableArray<u4>* handler_list, 2357 GrowableArray<u4>* handler_stack, 2358 u4 bci) { 2359 int exlength = exhandlers->length(); 2360 for(int x = 0; x < exlength; x++) { 2361 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2362 u4 exhandler_pc = exhandlers->handler_pc(x); 2363 if (!handler_list->contains(exhandler_pc)) { 2364 handler_stack->append_if_missing(exhandler_pc); 2365 handler_list->append(exhandler_pc); 2366 } 2367 } 2368 } 2369 } 2370 2371 // Return TRUE if all code paths starting with start_bc_offset end in 2372 // bytecode athrow or loop. 2373 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2374 ResourceMark rm; 2375 // Create bytecode stream. 2376 RawBytecodeStream bcs(method()); 2377 u4 code_length = method()->code_size(); 2378 bcs.set_start(start_bc_offset); 2379 u4 target; 2380 // Create stack for storing bytecode start offsets for if* and *switch. 2381 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2382 // Create stack for handlers for try blocks containing this handler. 2383 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2384 // Create list of handlers that have been pushed onto the handler_stack 2385 // so that handlers embedded inside of their own TRY blocks only get 2386 // scanned once. 2387 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2388 // Create list of visited branch opcodes (goto* and if*). 2389 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2390 ExceptionTable exhandlers(_method()); 2391 2392 while (true) { 2393 if (bcs.is_last_bytecode()) { 2394 // if no more starting offsets to parse or if at the end of the 2395 // method then return false. 2396 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2397 return false; 2398 // Pop a bytecode starting offset and scan from there. 2399 bcs.set_start(bci_stack->pop()); 2400 } 2401 Bytecodes::Code opcode = bcs.raw_next(); 2402 u4 bci = bcs.bci(); 2403 2404 // If the bytecode is in a TRY block, push its handlers so they 2405 // will get parsed. 2406 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2407 2408 switch (opcode) { 2409 case Bytecodes::_if_icmpeq: 2410 case Bytecodes::_if_icmpne: 2411 case Bytecodes::_if_icmplt: 2412 case Bytecodes::_if_icmpge: 2413 case Bytecodes::_if_icmpgt: 2414 case Bytecodes::_if_icmple: 2415 case Bytecodes::_ifeq: 2416 case Bytecodes::_ifne: 2417 case Bytecodes::_iflt: 2418 case Bytecodes::_ifge: 2419 case Bytecodes::_ifgt: 2420 case Bytecodes::_ifle: 2421 case Bytecodes::_if_acmpeq: 2422 case Bytecodes::_if_acmpne: 2423 case Bytecodes::_ifnull: 2424 case Bytecodes::_ifnonnull: 2425 target = bcs.dest(); 2426 if (visited_branches->contains(bci)) { 2427 if (bci_stack->is_empty()) { 2428 if (handler_stack->is_empty()) { 2429 return true; 2430 } else { 2431 // Parse the catch handlers for try blocks containing athrow. 2432 bcs.set_start(handler_stack->pop()); 2433 } 2434 } else { 2435 // Pop a bytecode starting offset and scan from there. 2436 bcs.set_start(bci_stack->pop()); 2437 } 2438 } else { 2439 if (target > bci) { // forward branch 2440 if (target >= code_length) return false; 2441 // Push the branch target onto the stack. 2442 bci_stack->push(target); 2443 // then, scan bytecodes starting with next. 2444 bcs.set_start(bcs.next_bci()); 2445 } else { // backward branch 2446 // Push bytecode offset following backward branch onto the stack. 2447 bci_stack->push(bcs.next_bci()); 2448 // Check bytecodes starting with branch target. 2449 bcs.set_start(target); 2450 } 2451 // Record target so we don't branch here again. 2452 visited_branches->append(bci); 2453 } 2454 break; 2455 2456 case Bytecodes::_goto: 2457 case Bytecodes::_goto_w: 2458 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2459 if (visited_branches->contains(bci)) { 2460 if (bci_stack->is_empty()) { 2461 if (handler_stack->is_empty()) { 2462 return true; 2463 } else { 2464 // Parse the catch handlers for try blocks containing athrow. 2465 bcs.set_start(handler_stack->pop()); 2466 } 2467 } else { 2468 // Been here before, pop new starting offset from stack. 2469 bcs.set_start(bci_stack->pop()); 2470 } 2471 } else { 2472 if (target >= code_length) return false; 2473 // Continue scanning from the target onward. 2474 bcs.set_start(target); 2475 // Record target so we don't branch here again. 2476 visited_branches->append(bci); 2477 } 2478 break; 2479 2480 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2481 // is difficult to determine where each switch alternative ends, parse 2482 // each switch alternative until either hit a 'return', 'athrow', or reach 2483 // the end of the method's bytecodes. This is gross but should be okay 2484 // because: 2485 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2486 // constructor invocations should be rare. 2487 // 2. if each switch alternative ends in an athrow then the parsing should be 2488 // short. If there is no athrow then it is bogus code, anyway. 2489 case Bytecodes::_lookupswitch: 2490 case Bytecodes::_tableswitch: 2491 { 2492 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2493 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2494 int keys, delta; 2495 if (opcode == Bytecodes::_tableswitch) { 2496 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2497 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2498 // This is invalid, but let the regular bytecode verifier 2499 // report this because the user will get a better error message. 2500 if (low > high) return true; 2501 keys = high - low + 1; 2502 delta = 1; 2503 } else { 2504 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2505 delta = 2; 2506 } 2507 // Invalid, let the regular bytecode verifier deal with it. 2508 if (keys < 0) return true; 2509 2510 // Push the offset of the next bytecode onto the stack. 2511 bci_stack->push(bcs.next_bci()); 2512 2513 // Push the switch alternatives onto the stack. 2514 for (int i = 0; i < keys; i++) { 2515 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2516 if (target > code_length) return false; 2517 bci_stack->push(target); 2518 } 2519 2520 // Start bytecode parsing for the switch at the default alternative. 2521 if (default_offset > code_length) return false; 2522 bcs.set_start(default_offset); 2523 break; 2524 } 2525 2526 case Bytecodes::_return: 2527 return false; 2528 2529 case Bytecodes::_athrow: 2530 { 2531 if (bci_stack->is_empty()) { 2532 if (handler_stack->is_empty()) { 2533 return true; 2534 } else { 2535 // Parse the catch handlers for try blocks containing athrow. 2536 bcs.set_start(handler_stack->pop()); 2537 } 2538 } else { 2539 // Pop a bytecode offset and starting scanning from there. 2540 bcs.set_start(bci_stack->pop()); 2541 } 2542 } 2543 break; 2544 2545 default: 2546 ; 2547 } // end switch 2548 } // end while loop 2549 2550 return false; 2551 } 2552 2553 void ClassVerifier::verify_invoke_init( 2554 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2555 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2556 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2557 TRAPS) { 2558 u2 bci = bcs->bci(); 2559 VerificationType type = current_frame->pop_stack( 2560 VerificationType::reference_check(), CHECK_VERIFY(this)); 2561 if (type == VerificationType::uninitialized_this_type()) { 2562 // The method must be an <init> method of this class or its superclass 2563 Klass* superk = current_class()->super(); 2564 if (ref_class_type.name() != current_class()->name() && 2565 ref_class_type.name() != superk->name()) { 2566 verify_error(ErrorContext::bad_type(bci, 2567 TypeOrigin::implicit(ref_class_type), 2568 TypeOrigin::implicit(current_type())), 2569 "Bad <init> method call"); 2570 return; 2571 } 2572 2573 // If this invokespecial call is done from inside of a TRY block then make 2574 // sure that all catch clause paths end in a throw. Otherwise, this can 2575 // result in returning an incomplete object. 2576 if (in_try_block) { 2577 ExceptionTable exhandlers(_method()); 2578 int exlength = exhandlers.length(); 2579 for(int i = 0; i < exlength; i++) { 2580 u2 start_pc = exhandlers.start_pc(i); 2581 u2 end_pc = exhandlers.end_pc(i); 2582 2583 if (bci >= start_pc && bci < end_pc) { 2584 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2585 verify_error(ErrorContext::bad_code(bci), 2586 "Bad <init> method call from after the start of a try block"); 2587 return; 2588 } else if (log_is_enabled(Info, verification)) { 2589 ResourceMark rm(THREAD); 2590 log_info(verification)("Survived call to ends_in_athrow(): %s", 2591 current_class()->name()->as_C_string()); 2592 } 2593 } 2594 } 2595 2596 // Check the exception handler target stackmaps with the locals from the 2597 // incoming stackmap (before initialize_object() changes them to outgoing 2598 // state). 2599 if (was_recursively_verified()) return; 2600 verify_exception_handler_targets(bci, true, current_frame, 2601 stackmap_table, CHECK_VERIFY(this)); 2602 } // in_try_block 2603 2604 current_frame->initialize_object(type, current_type()); 2605 *this_uninit = true; 2606 } else if (type.is_uninitialized()) { 2607 u2 new_offset = type.bci(); 2608 address new_bcp = bcs->bcp() - bci + new_offset; 2609 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2610 /* Unreachable? Stack map parsing ensures valid type and new 2611 * instructions have a valid BCI. */ 2612 verify_error(ErrorContext::bad_code(new_offset), 2613 "Expecting new instruction"); 2614 return; 2615 } 2616 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2617 if (was_recursively_verified()) return; 2618 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2619 2620 // The method must be an <init> method of the indicated class 2621 VerificationType new_class_type = cp_index_to_type( 2622 new_class_index, cp, CHECK_VERIFY(this)); 2623 if (!new_class_type.equals(ref_class_type)) { 2624 verify_error(ErrorContext::bad_type(bci, 2625 TypeOrigin::cp(new_class_index, new_class_type), 2626 TypeOrigin::cp(ref_class_index, ref_class_type)), 2627 "Call to wrong <init> method"); 2628 return; 2629 } 2630 // According to the VM spec, if the referent class is a superclass of the 2631 // current class, and is in a different runtime package, and the method is 2632 // protected, then the objectref must be the current class or a subclass 2633 // of the current class. 2634 VerificationType objectref_type = new_class_type; 2635 if (name_in_supers(ref_class_type.name(), current_class())) { 2636 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2637 if (was_recursively_verified()) return; 2638 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2639 vmSymbols::object_initializer_name(), 2640 cp->signature_ref_at(bcs->get_index_u2()), 2641 Klass::find_overpass); 2642 // Do nothing if method is not found. Let resolution detect the error. 2643 if (m != NULL) { 2644 InstanceKlass* mh = m->method_holder(); 2645 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2646 bool assignable = current_type().is_assignable_from( 2647 objectref_type, this, true, CHECK_VERIFY(this)); 2648 if (!assignable) { 2649 verify_error(ErrorContext::bad_type(bci, 2650 TypeOrigin::cp(new_class_index, objectref_type), 2651 TypeOrigin::implicit(current_type())), 2652 "Bad access to protected <init> method"); 2653 return; 2654 } 2655 } 2656 } 2657 } 2658 // Check the exception handler target stackmaps with the locals from the 2659 // incoming stackmap (before initialize_object() changes them to outgoing 2660 // state). 2661 if (in_try_block) { 2662 if (was_recursively_verified()) return; 2663 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2664 stackmap_table, CHECK_VERIFY(this)); 2665 } 2666 current_frame->initialize_object(type, new_class_type); 2667 } else { 2668 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2669 "Bad operand type when invoking <init>"); 2670 return; 2671 } 2672 } 2673 2674 bool ClassVerifier::is_same_or_direct_interface( 2675 InstanceKlass* klass, 2676 VerificationType klass_type, 2677 VerificationType ref_class_type) { 2678 if (ref_class_type.equals(klass_type)) return true; 2679 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2680 if (local_interfaces != NULL) { 2681 for (int x = 0; x < local_interfaces->length(); x++) { 2682 InstanceKlass* k = local_interfaces->at(x); 2683 assert (k != NULL && k->is_interface(), "invalid interface"); 2684 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2685 return true; 2686 } 2687 } 2688 } 2689 return false; 2690 } 2691 2692 void ClassVerifier::verify_invoke_instructions( 2693 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2694 bool in_try_block, bool *this_uninit, VerificationType return_type, 2695 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2696 // Make sure the constant pool item is the right type 2697 u2 index = bcs->get_index_u2(); 2698 Bytecodes::Code opcode = bcs->raw_code(); 2699 unsigned int types = 0; 2700 switch (opcode) { 2701 case Bytecodes::_invokeinterface: 2702 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2703 break; 2704 case Bytecodes::_invokedynamic: 2705 types = 1 << JVM_CONSTANT_InvokeDynamic; 2706 break; 2707 case Bytecodes::_invokespecial: 2708 case Bytecodes::_invokestatic: 2709 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2710 (1 << JVM_CONSTANT_Methodref) : 2711 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2712 break; 2713 default: 2714 types = 1 << JVM_CONSTANT_Methodref; 2715 } 2716 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2717 2718 // Get method name and signature 2719 Symbol* method_name = cp->name_ref_at(index); 2720 Symbol* method_sig = cp->signature_ref_at(index); 2721 2722 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2723 class_format_error( 2724 "Invalid method signature in class %s referenced " 2725 "from constant pool index %d", _klass->external_name(), index); 2726 return; 2727 } 2728 2729 // Get referenced class type 2730 VerificationType ref_class_type; 2731 if (opcode == Bytecodes::_invokedynamic) { 2732 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2733 class_format_error( 2734 "invokedynamic instructions not supported by this class file version (%d), class %s", 2735 _klass->major_version(), _klass->external_name()); 2736 return; 2737 } 2738 } else { 2739 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2740 } 2741 2742 // For a small signature length, we just allocate 128 bytes instead 2743 // of parsing the signature once to find its size. 2744 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2745 // longs/doubles to be consertive. 2746 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2747 "buffer type must match VerificationType size"); 2748 uintptr_t on_stack_sig_types_buffer[128]; 2749 // If we make a VerificationType[128] array directly, the compiler calls 2750 // to the c-runtime library to do the allocation instead of just 2751 // stack allocating it. Plus it would run constructors. This shows up 2752 // in performance profiles. 2753 2754 VerificationType* sig_types; 2755 int size = (method_sig->utf8_length() - 3) * 2; 2756 if (size > 128) { 2757 // Long and double occupies two slots here. 2758 ArgumentSizeComputer size_it(method_sig); 2759 size = size_it.size(); 2760 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2761 } else{ 2762 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2763 } 2764 SignatureStream sig_stream(method_sig); 2765 int sig_i = 0; 2766 while (!sig_stream.at_return_type()) { 2767 sig_i += change_sig_to_verificationType( 2768 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2769 sig_stream.next(); 2770 } 2771 int nargs = sig_i; 2772 2773 #ifdef ASSERT 2774 { 2775 ArgumentSizeComputer size_it(method_sig); 2776 assert(nargs == size_it.size(), "Argument sizes do not match"); 2777 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2778 } 2779 #endif 2780 2781 // Check instruction operands 2782 u2 bci = bcs->bci(); 2783 if (opcode == Bytecodes::_invokeinterface) { 2784 address bcp = bcs->bcp(); 2785 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2786 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2787 // the difference between the size of the operand stack before and after the instruction 2788 // executes. 2789 if (*(bcp+3) != (nargs+1)) { 2790 verify_error(ErrorContext::bad_code(bci), 2791 "Inconsistent args count operand in invokeinterface"); 2792 return; 2793 } 2794 if (*(bcp+4) != 0) { 2795 verify_error(ErrorContext::bad_code(bci), 2796 "Fourth operand byte of invokeinterface must be zero"); 2797 return; 2798 } 2799 } 2800 2801 if (opcode == Bytecodes::_invokedynamic) { 2802 address bcp = bcs->bcp(); 2803 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2804 verify_error(ErrorContext::bad_code(bci), 2805 "Third and fourth operand bytes of invokedynamic must be zero"); 2806 return; 2807 } 2808 } 2809 2810 if (method_name->char_at(0) == '<') { 2811 // Make sure <init> can only be invoked by invokespecial 2812 if (opcode != Bytecodes::_invokespecial || 2813 method_name != vmSymbols::object_initializer_name()) { 2814 verify_error(ErrorContext::bad_code(bci), 2815 "Illegal call to internal method"); 2816 return; 2817 } 2818 } else if (opcode == Bytecodes::_invokespecial 2819 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2820 && !ref_class_type.equals(VerificationType::reference_type( 2821 current_class()->super()->name()))) { 2822 bool subtype = false; 2823 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2824 if (!current_class()->is_unsafe_anonymous()) { 2825 subtype = ref_class_type.is_assignable_from( 2826 current_type(), this, false, CHECK_VERIFY(this)); 2827 } else { 2828 VerificationType unsafe_anonymous_host_type = 2829 VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name()); 2830 subtype = ref_class_type.is_assignable_from(unsafe_anonymous_host_type, this, false, CHECK_VERIFY(this)); 2831 2832 // If invokespecial of IMR, need to recheck for same or 2833 // direct interface relative to the host class 2834 have_imr_indirect = (have_imr_indirect && 2835 !is_same_or_direct_interface( 2836 current_class()->unsafe_anonymous_host(), 2837 unsafe_anonymous_host_type, ref_class_type)); 2838 } 2839 if (!subtype) { 2840 verify_error(ErrorContext::bad_code(bci), 2841 "Bad invokespecial instruction: " 2842 "current class isn't assignable to reference class."); 2843 return; 2844 } else if (have_imr_indirect) { 2845 verify_error(ErrorContext::bad_code(bci), 2846 "Bad invokespecial instruction: " 2847 "interface method reference is in an indirect superinterface."); 2848 return; 2849 } 2850 2851 } 2852 // Match method descriptor with operand stack 2853 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2854 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2855 } 2856 // Check objectref on operand stack 2857 if (opcode != Bytecodes::_invokestatic && 2858 opcode != Bytecodes::_invokedynamic) { 2859 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2860 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2861 code_length, in_try_block, this_uninit, cp, stackmap_table, 2862 CHECK_VERIFY(this)); 2863 if (was_recursively_verified()) return; 2864 } else { // other methods 2865 // Ensures that target class is assignable to method class. 2866 if (opcode == Bytecodes::_invokespecial) { 2867 if (!current_class()->is_unsafe_anonymous()) { 2868 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2869 } else { 2870 // anonymous class invokespecial calls: check if the 2871 // objectref is a subtype of the unsafe_anonymous_host of the current class 2872 // to allow an anonymous class to reference methods in the unsafe_anonymous_host 2873 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2874 VerificationType hosttype = 2875 VerificationType::reference_type(current_class()->unsafe_anonymous_host()->name()); 2876 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this)); 2877 if (!subtype) { 2878 verify_error( ErrorContext::bad_type(current_frame->offset(), 2879 current_frame->stack_top_ctx(), 2880 TypeOrigin::implicit(top)), 2881 "Bad type on operand stack"); 2882 return; 2883 } 2884 } 2885 } else if (opcode == Bytecodes::_invokevirtual) { 2886 VerificationType stack_object_type = 2887 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2888 if (current_type() != stack_object_type) { 2889 if (was_recursively_verified()) return; 2890 assert(cp->cache() == NULL, "not rewritten yet"); 2891 Symbol* ref_class_name = 2892 cp->klass_name_at(cp->klass_ref_index_at(index)); 2893 // See the comments in verify_field_instructions() for 2894 // the rationale behind this. 2895 if (name_in_supers(ref_class_name, current_class())) { 2896 Klass* ref_class = load_class(ref_class_name, CHECK); 2897 if (is_protected_access( 2898 _klass, ref_class, method_name, method_sig, true)) { 2899 // It's protected access, check if stack object is 2900 // assignable to current class. 2901 bool is_assignable = current_type().is_assignable_from( 2902 stack_object_type, this, true, CHECK_VERIFY(this)); 2903 if (!is_assignable) { 2904 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2905 && stack_object_type.is_array() 2906 && method_name == vmSymbols::clone_name()) { 2907 // Special case: arrays pretend to implement public Object 2908 // clone(). 2909 } else { 2910 verify_error(ErrorContext::bad_type(bci, 2911 current_frame->stack_top_ctx(), 2912 TypeOrigin::implicit(current_type())), 2913 "Bad access to protected data in invokevirtual"); 2914 return; 2915 } 2916 } 2917 } 2918 } 2919 } 2920 } else { 2921 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2922 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2923 } 2924 } 2925 } 2926 // Push the result type. 2927 if (sig_stream.type() != T_VOID) { 2928 if (method_name == vmSymbols::object_initializer_name()) { 2929 // <init> method must have a void return type 2930 /* Unreachable? Class file parser verifies that methods with '<' have 2931 * void return */ 2932 verify_error(ErrorContext::bad_code(bci), 2933 "Return type must be void in <init> method"); 2934 return; 2935 } 2936 VerificationType return_type[2]; 2937 int n = change_sig_to_verificationType( 2938 &sig_stream, return_type, CHECK_VERIFY(this)); 2939 for (int i = 0; i < n; i++) { 2940 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2941 } 2942 } 2943 } 2944 2945 VerificationType ClassVerifier::get_newarray_type( 2946 u2 index, u2 bci, TRAPS) { 2947 const char* from_bt[] = { 2948 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2949 }; 2950 if (index < T_BOOLEAN || index > T_LONG) { 2951 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2952 return VerificationType::bogus_type(); 2953 } 2954 2955 // from_bt[index] contains the array signature which has a length of 2 2956 Symbol* sig = create_temporary_symbol( 2957 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2958 return VerificationType::reference_type(sig); 2959 } 2960 2961 void ClassVerifier::verify_anewarray( 2962 u2 bci, u2 index, const constantPoolHandle& cp, 2963 StackMapFrame* current_frame, TRAPS) { 2964 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2965 current_frame->pop_stack( 2966 VerificationType::integer_type(), CHECK_VERIFY(this)); 2967 2968 if (was_recursively_verified()) return; 2969 VerificationType component_type = 2970 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2971 int length; 2972 char* arr_sig_str; 2973 if (component_type.is_array()) { // it's an array 2974 const char* component_name = component_type.name()->as_utf8(); 2975 // Check for more than MAX_ARRAY_DIMENSIONS 2976 length = (int)strlen(component_name); 2977 if (length > MAX_ARRAY_DIMENSIONS && 2978 component_name[MAX_ARRAY_DIMENSIONS - 1] == '[') { 2979 verify_error(ErrorContext::bad_code(bci), 2980 "Illegal anewarray instruction, array has more than 255 dimensions"); 2981 } 2982 // add one dimension to component 2983 length++; 2984 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 2985 int n = os::snprintf(arr_sig_str, length + 1, "[%s", component_name); 2986 assert(n == length, "Unexpected number of characters in string"); 2987 } else { // it's an object or interface 2988 const char* component_name = component_type.name()->as_utf8(); 2989 // add one dimension to component with 'L' prepended and ';' postpended. 2990 length = (int)strlen(component_name) + 3; 2991 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 2992 int n = os::snprintf(arr_sig_str, length + 1, "[L%s;", component_name); 2993 assert(n == length, "Unexpected number of characters in string"); 2994 } 2995 Symbol* arr_sig = create_temporary_symbol( 2996 arr_sig_str, length, CHECK_VERIFY(this)); 2997 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2998 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2999 } 3000 3001 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3002 current_frame->get_local( 3003 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3004 current_frame->push_stack( 3005 VerificationType::integer_type(), CHECK_VERIFY(this)); 3006 } 3007 3008 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3009 current_frame->get_local_2( 3010 index, VerificationType::long_type(), 3011 VerificationType::long2_type(), CHECK_VERIFY(this)); 3012 current_frame->push_stack_2( 3013 VerificationType::long_type(), 3014 VerificationType::long2_type(), CHECK_VERIFY(this)); 3015 } 3016 3017 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3018 current_frame->get_local( 3019 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3020 current_frame->push_stack( 3021 VerificationType::float_type(), CHECK_VERIFY(this)); 3022 } 3023 3024 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3025 current_frame->get_local_2( 3026 index, VerificationType::double_type(), 3027 VerificationType::double2_type(), CHECK_VERIFY(this)); 3028 current_frame->push_stack_2( 3029 VerificationType::double_type(), 3030 VerificationType::double2_type(), CHECK_VERIFY(this)); 3031 } 3032 3033 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3034 VerificationType type = current_frame->get_local( 3035 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3036 current_frame->push_stack(type, CHECK_VERIFY(this)); 3037 } 3038 3039 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3040 current_frame->pop_stack( 3041 VerificationType::integer_type(), CHECK_VERIFY(this)); 3042 current_frame->set_local( 3043 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3044 } 3045 3046 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3047 current_frame->pop_stack_2( 3048 VerificationType::long2_type(), 3049 VerificationType::long_type(), CHECK_VERIFY(this)); 3050 current_frame->set_local_2( 3051 index, VerificationType::long_type(), 3052 VerificationType::long2_type(), CHECK_VERIFY(this)); 3053 } 3054 3055 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3056 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3057 current_frame->set_local( 3058 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3059 } 3060 3061 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3062 current_frame->pop_stack_2( 3063 VerificationType::double2_type(), 3064 VerificationType::double_type(), CHECK_VERIFY(this)); 3065 current_frame->set_local_2( 3066 index, VerificationType::double_type(), 3067 VerificationType::double2_type(), CHECK_VERIFY(this)); 3068 } 3069 3070 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3071 VerificationType type = current_frame->pop_stack( 3072 VerificationType::reference_check(), CHECK_VERIFY(this)); 3073 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3074 } 3075 3076 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3077 VerificationType type = current_frame->get_local( 3078 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3079 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3080 } 3081 3082 void ClassVerifier::verify_return_value( 3083 VerificationType return_type, VerificationType type, u2 bci, 3084 StackMapFrame* current_frame, TRAPS) { 3085 if (return_type == VerificationType::bogus_type()) { 3086 verify_error(ErrorContext::bad_type(bci, 3087 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3088 "Method expects a return value"); 3089 return; 3090 } 3091 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3092 if (!match) { 3093 verify_error(ErrorContext::bad_type(bci, 3094 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3095 "Bad return type"); 3096 return; 3097 } 3098 } 3099 3100 // The verifier creates symbols which are substrings of Symbols. 3101 // These are stored in the verifier until the end of verification so that 3102 // they can be reference counted. 3103 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 3104 int end, TRAPS) { 3105 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 3106 _symbols->push(sym); 3107 return sym; 3108 } 3109 3110 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 3111 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 3112 _symbols->push(sym); 3113 return sym; 3114 }