1 /*
2 * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 # include "incls/_precompiled.incl"
26 # include "incls/_verifier.cpp.incl"
27
28 #define NOFAILOVER_MAJOR_VERSION 51
29
30 // Access to external entry for VerifyClassCodes - old byte code verifier
31
32 extern "C" {
33 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
34 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
35 }
36
37 static void* volatile _verify_byte_codes_fn = NULL;
38
39 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
40
41 static void* verify_byte_codes_fn() {
42 if (_verify_byte_codes_fn == NULL) {
43 void *lib_handle = os::native_java_library();
44 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
45 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
46 if (func == NULL) {
47 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);
48 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes");
49 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
50 }
51 }
52 return (void*)_verify_byte_codes_fn;
53 }
54
55
56 // Methods in Verifier
57
58 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
59 return (class_loader == NULL || !should_verify_class) ?
60 BytecodeVerificationLocal : BytecodeVerificationRemote;
61 }
62
63 bool Verifier::relax_verify_for(oop loader) {
64 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
65 bool need_verify =
66 // verifyAll
67 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
68 // verifyRemote
69 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
70 return !need_verify;
71 }
72
73 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
74 ResourceMark rm(THREAD);
75 HandleMark hm;
76
77 symbolHandle exception_name;
78 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
79 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
80
81 const char* klassName = klass->external_name();
82
83 // If the class should be verified, first see if we can use the split
84 // verifier. If not, or if verification fails and FailOverToOldVerifier
85 // is set, then call the inference verifier.
86 if (is_eligible_for_verification(klass, should_verify_class)) {
87 if (TraceClassInitialization) {
88 tty->print_cr("Start class verification for: %s", klassName);
89 }
90 if (UseSplitVerifier &&
91 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
92 ClassVerifier split_verifier(
93 klass, message_buffer, message_buffer_len, THREAD);
94 split_verifier.verify_class(THREAD);
95 exception_name = split_verifier.result();
96 if (klass->major_version() < NOFAILOVER_MAJOR_VERSION &&
97 FailOverToOldVerifier && !HAS_PENDING_EXCEPTION &&
98 (exception_name == vmSymbols::java_lang_VerifyError() ||
99 exception_name == vmSymbols::java_lang_ClassFormatError())) {
100 if (TraceClassInitialization) {
101 tty->print_cr(
102 "Fail over class verification to old verifier for: %s", klassName);
103 }
104 exception_name = inference_verify(
105 klass, message_buffer, message_buffer_len, THREAD);
106 }
107 } else {
108 exception_name = inference_verify(
109 klass, message_buffer, message_buffer_len, THREAD);
110 }
111
112 if (TraceClassInitialization) {
113 if (HAS_PENDING_EXCEPTION) {
114 tty->print("Verification for %s has", klassName);
115 tty->print_cr(" exception pending %s ",
116 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
117 } else if (!exception_name.is_null()) {
118 tty->print_cr("Verification for %s failed", klassName);
119 }
120 tty->print_cr("End class verification for: %s", klassName);
121 }
122 }
123
124 if (HAS_PENDING_EXCEPTION) {
125 return false; // use the existing exception
126 } else if (exception_name.is_null()) {
127 return true; // verifcation succeeded
128 } else { // VerifyError or ClassFormatError to be created and thrown
129 ResourceMark rm(THREAD);
130 instanceKlassHandle kls =
131 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
132 while (!kls.is_null()) {
133 if (kls == klass) {
134 // If the class being verified is the exception we're creating
135 // or one of it's superclasses, we're in trouble and are going
136 // to infinitely recurse when we try to initialize the exception.
137 // So bail out here by throwing the preallocated VM error.
138 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
139 }
140 kls = kls->super();
141 }
142 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
143 THROW_MSG_(exception_name, message_buffer, false);
144 }
145 }
146
147 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
148 symbolOop name = klass->name();
149 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
150
151 return (should_verify_for(klass->class_loader(), should_verify_class) &&
152 // return if the class is a bootstrapping class
153 // or defineClass specified not to verify by default (flags override passed arg)
154 // We need to skip the following four for bootstraping
155 name != vmSymbols::java_lang_Object() &&
156 name != vmSymbols::java_lang_Class() &&
157 name != vmSymbols::java_lang_String() &&
158 name != vmSymbols::java_lang_Throwable() &&
159
160 // Can not verify the bytecodes for shared classes because they have
161 // already been rewritten to contain constant pool cache indices,
162 // which the verifier can't understand.
163 // Shared classes shouldn't have stackmaps either.
164 !klass()->is_shared() &&
165
166 // As of the fix for 4486457 we disable verification for all of the
167 // dynamically-generated bytecodes associated with the 1.4
168 // reflection implementation, not just those associated with
169 // sun/reflect/SerializationConstructorAccessor.
170 // NOTE: this is called too early in the bootstrapping process to be
171 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
172 (refl_magic_klass == NULL ||
173 !klass->is_subtype_of(refl_magic_klass) ||
174 VerifyReflectionBytecodes)
175 );
176 }
177
178 symbolHandle Verifier::inference_verify(
179 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
180 JavaThread* thread = (JavaThread*)THREAD;
181 JNIEnv *env = thread->jni_environment();
182
183 void* verify_func = verify_byte_codes_fn();
184
185 if (verify_func == NULL) {
186 jio_snprintf(message, message_len, "Could not link verifier");
187 return vmSymbols::java_lang_VerifyError();
188 }
189
190 ResourceMark rm(THREAD);
191 if (ClassVerifier::_verify_verbose) {
192 tty->print_cr("Verifying class %s with old format", klass->external_name());
193 }
194
195 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
196 jint result;
197
198 {
199 HandleMark hm(thread);
200 ThreadToNativeFromVM ttn(thread);
201 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
202 // code knows that we have left the VM
203
204 if (_is_new_verify_byte_codes_fn) {
205 verify_byte_codes_fn_new_t func =
206 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
207 result = (*func)(env, cls, message, (int)message_len,
208 klass->major_version());
209 } else {
210 verify_byte_codes_fn_t func =
211 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
212 result = (*func)(env, cls, message, (int)message_len);
213 }
214 }
215
216 JNIHandles::destroy_local(cls);
217
218 // These numbers are chosen so that VerifyClassCodes interface doesn't need
219 // to be changed (still return jboolean (unsigned char)), and result is
220 // 1 when verification is passed.
221 symbolHandle nh(NULL);
222 if (result == 0) {
223 return vmSymbols::java_lang_VerifyError();
224 } else if (result == 1) {
225 return nh; // verified.
226 } else if (result == 2) {
227 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh);
228 } else if (result == 3) {
229 return vmSymbols::java_lang_ClassFormatError();
230 } else {
231 ShouldNotReachHere();
232 return nh;
233 }
234 }
235
236 // Methods in ClassVerifier
237
238 bool ClassVerifier::_verify_verbose = false;
239
240 ClassVerifier::ClassVerifier(
241 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS)
242 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg),
243 _message_buffer_len(msg_len), _klass(klass) {
244 _this_type = VerificationType::reference_type(klass->name());
245 }
246
247 ClassVerifier::~ClassVerifier() {
248 }
249
250 VerificationType ClassVerifier::object_type() const {
251 return VerificationType::reference_type(vmSymbols::java_lang_Object());
252 }
253
254 void ClassVerifier::verify_class(TRAPS) {
255 if (_verify_verbose) {
256 tty->print_cr("Verifying class %s with new format",
257 _klass->external_name());
258 }
259
260 objArrayHandle methods(THREAD, _klass->methods());
261 int num_methods = methods->length();
262
263 for (int index = 0; index < num_methods; index++) {
264 // Check for recursive re-verification before each method.
265 if (was_recursively_verified()) return;
266
267 methodOop m = (methodOop)methods->obj_at(index);
268 if (m->is_native() || m->is_abstract()) {
269 // If m is native or abstract, skip it. It is checked in class file
270 // parser that methods do not override a final method.
271 continue;
272 }
273 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
274 }
275
276 if (_verify_verbose || TraceClassInitialization) {
277 if (was_recursively_verified())
278 tty->print_cr("Recursive verification detected for: %s",
279 _klass->external_name());
280 }
281 }
282
283 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
284 ResourceMark rm(THREAD);
285 _method = m; // initialize _method
286 if (_verify_verbose) {
287 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
288 }
289
290 const char* bad_type_msg = "Bad type on operand stack in %s";
291
292 int32_t max_stack = m->max_stack();
293 int32_t max_locals = m->max_locals();
294 constantPoolHandle cp(THREAD, m->constants());
295
296 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
297 class_format_error("Invalid method signature");
298 return;
299 }
300
301 // Initial stack map frame: offset is 0, stack is initially empty.
302 StackMapFrame current_frame(max_locals, max_stack, this);
303 // Set initial locals
304 VerificationType return_type = current_frame.set_locals_from_arg(
305 m, current_type(), CHECK_VERIFY(this));
306
307 int32_t stackmap_index = 0; // index to the stackmap array
308
309 u4 code_length = m->code_size();
310
311 // Scan the bytecode and map each instruction's start offset to a number.
312 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
313
314 int ex_min = code_length;
315 int ex_max = -1;
316 // Look through each item on the exception table. Each of the fields must refer
317 // to a legal instruction.
318 verify_exception_handler_table(
319 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
320
321 // Look through each entry on the local variable table and make sure
322 // its range of code array offsets is valid. (4169817)
323 if (m->has_localvariable_table()) {
324 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
325 }
326
327 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
328 StackMapStream stream(stackmap_data);
329 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
330 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
331 code_data, code_length, CHECK_VERIFY(this));
332
333 if (_verify_verbose) {
334 stackmap_table.print();
335 }
336
337 RawBytecodeStream bcs(m);
338
339 // Scan the byte code linearly from the start to the end
340 bool no_control_flow = false; // Set to true when there is no direct control
341 // flow from current instruction to the next
342 // instruction in sequence
343 Bytecodes::Code opcode;
344 while (!bcs.is_last_bytecode()) {
345 // Check for recursive re-verification before each bytecode.
346 if (was_recursively_verified()) return;
347
348 opcode = bcs.raw_next();
349 u2 bci = bcs.bci();
350
351 // Set current frame's offset to bci
352 current_frame.set_offset(bci);
353
354 // Make sure every offset in stackmap table point to the beginning to
355 // an instruction. Match current_frame to stackmap_table entry with
356 // the same offset if exists.
357 stackmap_index = verify_stackmap_table(
358 stackmap_index, bci, ¤t_frame, &stackmap_table,
359 no_control_flow, CHECK_VERIFY(this));
360
361 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
362
363 // Merge with the next instruction
364 {
365 u2 index;
366 int target;
367 VerificationType type, type2;
368 VerificationType atype;
369
370 #ifndef PRODUCT
371 if (_verify_verbose) {
372 current_frame.print();
373 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
374 }
375 #endif
376
377 // Make sure wide instruction is in correct format
378 if (bcs.is_wide()) {
379 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
380 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
381 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
382 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
383 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
384 opcode != Bytecodes::_dstore) {
385 verify_error(bci, "Bad wide instruction");
386 return;
387 }
388 }
389
390 switch (opcode) {
391 case Bytecodes::_nop :
392 no_control_flow = false; break;
393 case Bytecodes::_aconst_null :
394 current_frame.push_stack(
395 VerificationType::null_type(), CHECK_VERIFY(this));
396 no_control_flow = false; break;
397 case Bytecodes::_iconst_m1 :
398 case Bytecodes::_iconst_0 :
399 case Bytecodes::_iconst_1 :
400 case Bytecodes::_iconst_2 :
401 case Bytecodes::_iconst_3 :
402 case Bytecodes::_iconst_4 :
403 case Bytecodes::_iconst_5 :
404 current_frame.push_stack(
405 VerificationType::integer_type(), CHECK_VERIFY(this));
406 no_control_flow = false; break;
407 case Bytecodes::_lconst_0 :
408 case Bytecodes::_lconst_1 :
409 current_frame.push_stack_2(
410 VerificationType::long_type(),
411 VerificationType::long2_type(), CHECK_VERIFY(this));
412 no_control_flow = false; break;
413 case Bytecodes::_fconst_0 :
414 case Bytecodes::_fconst_1 :
415 case Bytecodes::_fconst_2 :
416 current_frame.push_stack(
417 VerificationType::float_type(), CHECK_VERIFY(this));
418 no_control_flow = false; break;
419 case Bytecodes::_dconst_0 :
420 case Bytecodes::_dconst_1 :
421 current_frame.push_stack_2(
422 VerificationType::double_type(),
423 VerificationType::double2_type(), CHECK_VERIFY(this));
424 no_control_flow = false; break;
425 case Bytecodes::_sipush :
426 case Bytecodes::_bipush :
427 current_frame.push_stack(
428 VerificationType::integer_type(), CHECK_VERIFY(this));
429 no_control_flow = false; break;
430 case Bytecodes::_ldc :
431 verify_ldc(
432 opcode, bcs.get_index_u1(), ¤t_frame,
433 cp, bci, CHECK_VERIFY(this));
434 no_control_flow = false; break;
435 case Bytecodes::_ldc_w :
436 case Bytecodes::_ldc2_w :
437 verify_ldc(
438 opcode, bcs.get_index_u2(), ¤t_frame,
439 cp, bci, CHECK_VERIFY(this));
440 no_control_flow = false; break;
441 case Bytecodes::_iload :
442 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
443 no_control_flow = false; break;
444 case Bytecodes::_iload_0 :
445 case Bytecodes::_iload_1 :
446 case Bytecodes::_iload_2 :
447 case Bytecodes::_iload_3 :
448 index = opcode - Bytecodes::_iload_0;
449 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
450 no_control_flow = false; break;
451 case Bytecodes::_lload :
452 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
453 no_control_flow = false; break;
454 case Bytecodes::_lload_0 :
455 case Bytecodes::_lload_1 :
456 case Bytecodes::_lload_2 :
457 case Bytecodes::_lload_3 :
458 index = opcode - Bytecodes::_lload_0;
459 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
460 no_control_flow = false; break;
461 case Bytecodes::_fload :
462 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
463 no_control_flow = false; break;
464 case Bytecodes::_fload_0 :
465 case Bytecodes::_fload_1 :
466 case Bytecodes::_fload_2 :
467 case Bytecodes::_fload_3 :
468 index = opcode - Bytecodes::_fload_0;
469 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
470 no_control_flow = false; break;
471 case Bytecodes::_dload :
472 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
473 no_control_flow = false; break;
474 case Bytecodes::_dload_0 :
475 case Bytecodes::_dload_1 :
476 case Bytecodes::_dload_2 :
477 case Bytecodes::_dload_3 :
478 index = opcode - Bytecodes::_dload_0;
479 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
480 no_control_flow = false; break;
481 case Bytecodes::_aload :
482 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
483 no_control_flow = false; break;
484 case Bytecodes::_aload_0 :
485 case Bytecodes::_aload_1 :
486 case Bytecodes::_aload_2 :
487 case Bytecodes::_aload_3 :
488 index = opcode - Bytecodes::_aload_0;
489 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
490 no_control_flow = false; break;
491 case Bytecodes::_iaload :
492 type = current_frame.pop_stack(
493 VerificationType::integer_type(), CHECK_VERIFY(this));
494 atype = current_frame.pop_stack(
495 VerificationType::reference_check(), CHECK_VERIFY(this));
496 if (!atype.is_int_array()) {
497 verify_error(bci, bad_type_msg, "iaload");
498 return;
499 }
500 current_frame.push_stack(
501 VerificationType::integer_type(), CHECK_VERIFY(this));
502 no_control_flow = false; break;
503 case Bytecodes::_baload :
504 type = current_frame.pop_stack(
505 VerificationType::integer_type(), CHECK_VERIFY(this));
506 atype = current_frame.pop_stack(
507 VerificationType::reference_check(), CHECK_VERIFY(this));
508 if (!atype.is_bool_array() && !atype.is_byte_array()) {
509 verify_error(bci, bad_type_msg, "baload");
510 return;
511 }
512 current_frame.push_stack(
513 VerificationType::integer_type(), CHECK_VERIFY(this));
514 no_control_flow = false; break;
515 case Bytecodes::_caload :
516 type = current_frame.pop_stack(
517 VerificationType::integer_type(), CHECK_VERIFY(this));
518 atype = current_frame.pop_stack(
519 VerificationType::reference_check(), CHECK_VERIFY(this));
520 if (!atype.is_char_array()) {
521 verify_error(bci, bad_type_msg, "caload");
522 return;
523 }
524 current_frame.push_stack(
525 VerificationType::integer_type(), CHECK_VERIFY(this));
526 no_control_flow = false; break;
527 case Bytecodes::_saload :
528 type = current_frame.pop_stack(
529 VerificationType::integer_type(), CHECK_VERIFY(this));
530 atype = current_frame.pop_stack(
531 VerificationType::reference_check(), CHECK_VERIFY(this));
532 if (!atype.is_short_array()) {
533 verify_error(bci, bad_type_msg, "saload");
534 return;
535 }
536 current_frame.push_stack(
537 VerificationType::integer_type(), CHECK_VERIFY(this));
538 no_control_flow = false; break;
539 case Bytecodes::_laload :
540 type = current_frame.pop_stack(
541 VerificationType::integer_type(), CHECK_VERIFY(this));
542 atype = current_frame.pop_stack(
543 VerificationType::reference_check(), CHECK_VERIFY(this));
544 if (!atype.is_long_array()) {
545 verify_error(bci, bad_type_msg, "laload");
546 return;
547 }
548 current_frame.push_stack_2(
549 VerificationType::long_type(),
550 VerificationType::long2_type(), CHECK_VERIFY(this));
551 no_control_flow = false; break;
552 case Bytecodes::_faload :
553 type = current_frame.pop_stack(
554 VerificationType::integer_type(), CHECK_VERIFY(this));
555 atype = current_frame.pop_stack(
556 VerificationType::reference_check(), CHECK_VERIFY(this));
557 if (!atype.is_float_array()) {
558 verify_error(bci, bad_type_msg, "faload");
559 return;
560 }
561 current_frame.push_stack(
562 VerificationType::float_type(), CHECK_VERIFY(this));
563 no_control_flow = false; break;
564 case Bytecodes::_daload :
565 type = current_frame.pop_stack(
566 VerificationType::integer_type(), CHECK_VERIFY(this));
567 atype = current_frame.pop_stack(
568 VerificationType::reference_check(), CHECK_VERIFY(this));
569 if (!atype.is_double_array()) {
570 verify_error(bci, bad_type_msg, "daload");
571 return;
572 }
573 current_frame.push_stack_2(
574 VerificationType::double_type(),
575 VerificationType::double2_type(), CHECK_VERIFY(this));
576 no_control_flow = false; break;
577 case Bytecodes::_aaload : {
578 type = current_frame.pop_stack(
579 VerificationType::integer_type(), CHECK_VERIFY(this));
580 atype = current_frame.pop_stack(
581 VerificationType::reference_check(), CHECK_VERIFY(this));
582 if (!atype.is_reference_array()) {
583 verify_error(bci, bad_type_msg, "aaload");
584 return;
585 }
586 if (atype.is_null()) {
587 current_frame.push_stack(
588 VerificationType::null_type(), CHECK_VERIFY(this));
589 } else {
590 VerificationType component =
591 atype.get_component(CHECK_VERIFY(this));
592 current_frame.push_stack(component, CHECK_VERIFY(this));
593 }
594 no_control_flow = false; break;
595 }
596 case Bytecodes::_istore :
597 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
598 no_control_flow = false; break;
599 case Bytecodes::_istore_0 :
600 case Bytecodes::_istore_1 :
601 case Bytecodes::_istore_2 :
602 case Bytecodes::_istore_3 :
603 index = opcode - Bytecodes::_istore_0;
604 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
605 no_control_flow = false; break;
606 case Bytecodes::_lstore :
607 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
608 no_control_flow = false; break;
609 case Bytecodes::_lstore_0 :
610 case Bytecodes::_lstore_1 :
611 case Bytecodes::_lstore_2 :
612 case Bytecodes::_lstore_3 :
613 index = opcode - Bytecodes::_lstore_0;
614 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
615 no_control_flow = false; break;
616 case Bytecodes::_fstore :
617 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
618 no_control_flow = false; break;
619 case Bytecodes::_fstore_0 :
620 case Bytecodes::_fstore_1 :
621 case Bytecodes::_fstore_2 :
622 case Bytecodes::_fstore_3 :
623 index = opcode - Bytecodes::_fstore_0;
624 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
625 no_control_flow = false; break;
626 case Bytecodes::_dstore :
627 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
628 no_control_flow = false; break;
629 case Bytecodes::_dstore_0 :
630 case Bytecodes::_dstore_1 :
631 case Bytecodes::_dstore_2 :
632 case Bytecodes::_dstore_3 :
633 index = opcode - Bytecodes::_dstore_0;
634 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
635 no_control_flow = false; break;
636 case Bytecodes::_astore :
637 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
638 no_control_flow = false; break;
639 case Bytecodes::_astore_0 :
640 case Bytecodes::_astore_1 :
641 case Bytecodes::_astore_2 :
642 case Bytecodes::_astore_3 :
643 index = opcode - Bytecodes::_astore_0;
644 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
645 no_control_flow = false; break;
646 case Bytecodes::_iastore :
647 type = current_frame.pop_stack(
648 VerificationType::integer_type(), CHECK_VERIFY(this));
649 type2 = current_frame.pop_stack(
650 VerificationType::integer_type(), CHECK_VERIFY(this));
651 atype = current_frame.pop_stack(
652 VerificationType::reference_check(), CHECK_VERIFY(this));
653 if (!atype.is_int_array()) {
654 verify_error(bci, bad_type_msg, "iastore");
655 return;
656 }
657 no_control_flow = false; break;
658 case Bytecodes::_bastore :
659 type = current_frame.pop_stack(
660 VerificationType::integer_type(), CHECK_VERIFY(this));
661 type2 = current_frame.pop_stack(
662 VerificationType::integer_type(), CHECK_VERIFY(this));
663 atype = current_frame.pop_stack(
664 VerificationType::reference_check(), CHECK_VERIFY(this));
665 if (!atype.is_bool_array() && !atype.is_byte_array()) {
666 verify_error(bci, bad_type_msg, "bastore");
667 return;
668 }
669 no_control_flow = false; break;
670 case Bytecodes::_castore :
671 current_frame.pop_stack(
672 VerificationType::integer_type(), CHECK_VERIFY(this));
673 current_frame.pop_stack(
674 VerificationType::integer_type(), CHECK_VERIFY(this));
675 atype = current_frame.pop_stack(
676 VerificationType::reference_check(), CHECK_VERIFY(this));
677 if (!atype.is_char_array()) {
678 verify_error(bci, bad_type_msg, "castore");
679 return;
680 }
681 no_control_flow = false; break;
682 case Bytecodes::_sastore :
683 current_frame.pop_stack(
684 VerificationType::integer_type(), CHECK_VERIFY(this));
685 current_frame.pop_stack(
686 VerificationType::integer_type(), CHECK_VERIFY(this));
687 atype = current_frame.pop_stack(
688 VerificationType::reference_check(), CHECK_VERIFY(this));
689 if (!atype.is_short_array()) {
690 verify_error(bci, bad_type_msg, "sastore");
691 return;
692 }
693 no_control_flow = false; break;
694 case Bytecodes::_lastore :
695 current_frame.pop_stack_2(
696 VerificationType::long2_type(),
697 VerificationType::long_type(), CHECK_VERIFY(this));
698 current_frame.pop_stack(
699 VerificationType::integer_type(), CHECK_VERIFY(this));
700 atype = current_frame.pop_stack(
701 VerificationType::reference_check(), CHECK_VERIFY(this));
702 if (!atype.is_long_array()) {
703 verify_error(bci, bad_type_msg, "lastore");
704 return;
705 }
706 no_control_flow = false; break;
707 case Bytecodes::_fastore :
708 current_frame.pop_stack(
709 VerificationType::float_type(), CHECK_VERIFY(this));
710 current_frame.pop_stack
711 (VerificationType::integer_type(), CHECK_VERIFY(this));
712 atype = current_frame.pop_stack(
713 VerificationType::reference_check(), CHECK_VERIFY(this));
714 if (!atype.is_float_array()) {
715 verify_error(bci, bad_type_msg, "fastore");
716 return;
717 }
718 no_control_flow = false; break;
719 case Bytecodes::_dastore :
720 current_frame.pop_stack_2(
721 VerificationType::double2_type(),
722 VerificationType::double_type(), CHECK_VERIFY(this));
723 current_frame.pop_stack(
724 VerificationType::integer_type(), CHECK_VERIFY(this));
725 atype = current_frame.pop_stack(
726 VerificationType::reference_check(), CHECK_VERIFY(this));
727 if (!atype.is_double_array()) {
728 verify_error(bci, bad_type_msg, "dastore");
729 return;
730 }
731 no_control_flow = false; break;
732 case Bytecodes::_aastore :
733 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
734 type2 = current_frame.pop_stack(
735 VerificationType::integer_type(), CHECK_VERIFY(this));
736 atype = current_frame.pop_stack(
737 VerificationType::reference_check(), CHECK_VERIFY(this));
738 // more type-checking is done at runtime
739 if (!atype.is_reference_array()) {
740 verify_error(bci, bad_type_msg, "aastore");
741 return;
742 }
743 // 4938384: relaxed constraint in JVMS 3nd edition.
744 no_control_flow = false; break;
745 case Bytecodes::_pop :
746 current_frame.pop_stack(
747 VerificationType::category1_check(), CHECK_VERIFY(this));
748 no_control_flow = false; break;
749 case Bytecodes::_pop2 :
750 type = current_frame.pop_stack(CHECK_VERIFY(this));
751 if (type.is_category1()) {
752 current_frame.pop_stack(
753 VerificationType::category1_check(), CHECK_VERIFY(this));
754 } else if (type.is_category2_2nd()) {
755 current_frame.pop_stack(
756 VerificationType::category2_check(), CHECK_VERIFY(this));
757 } else {
758 verify_error(bci, bad_type_msg, "pop2");
759 return;
760 }
761 no_control_flow = false; break;
762 case Bytecodes::_dup :
763 type = current_frame.pop_stack(
764 VerificationType::category1_check(), CHECK_VERIFY(this));
765 current_frame.push_stack(type, CHECK_VERIFY(this));
766 current_frame.push_stack(type, CHECK_VERIFY(this));
767 no_control_flow = false; break;
768 case Bytecodes::_dup_x1 :
769 type = current_frame.pop_stack(
770 VerificationType::category1_check(), CHECK_VERIFY(this));
771 type2 = current_frame.pop_stack(
772 VerificationType::category1_check(), CHECK_VERIFY(this));
773 current_frame.push_stack(type, CHECK_VERIFY(this));
774 current_frame.push_stack(type2, CHECK_VERIFY(this));
775 current_frame.push_stack(type, CHECK_VERIFY(this));
776 no_control_flow = false; break;
777 case Bytecodes::_dup_x2 :
778 {
779 VerificationType type3;
780 type = current_frame.pop_stack(
781 VerificationType::category1_check(), CHECK_VERIFY(this));
782 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
783 if (type2.is_category1()) {
784 type3 = current_frame.pop_stack(
785 VerificationType::category1_check(), CHECK_VERIFY(this));
786 } else if (type2.is_category2_2nd()) {
787 type3 = current_frame.pop_stack(
788 VerificationType::category2_check(), CHECK_VERIFY(this));
789 } else {
790 verify_error(bci, bad_type_msg, "dup_x2");
791 return;
792 }
793 current_frame.push_stack(type, CHECK_VERIFY(this));
794 current_frame.push_stack(type3, CHECK_VERIFY(this));
795 current_frame.push_stack(type2, CHECK_VERIFY(this));
796 current_frame.push_stack(type, CHECK_VERIFY(this));
797 no_control_flow = false; break;
798 }
799 case Bytecodes::_dup2 :
800 type = current_frame.pop_stack(CHECK_VERIFY(this));
801 if (type.is_category1()) {
802 type2 = current_frame.pop_stack(
803 VerificationType::category1_check(), CHECK_VERIFY(this));
804 } else if (type.is_category2_2nd()) {
805 type2 = current_frame.pop_stack(
806 VerificationType::category2_check(), CHECK_VERIFY(this));
807 } else {
808 verify_error(bci, bad_type_msg, "dup2");
809 return;
810 }
811 current_frame.push_stack(type2, CHECK_VERIFY(this));
812 current_frame.push_stack(type, CHECK_VERIFY(this));
813 current_frame.push_stack(type2, CHECK_VERIFY(this));
814 current_frame.push_stack(type, CHECK_VERIFY(this));
815 no_control_flow = false; break;
816 case Bytecodes::_dup2_x1 :
817 {
818 VerificationType type3;
819 type = current_frame.pop_stack(CHECK_VERIFY(this));
820 if (type.is_category1()) {
821 type2 = current_frame.pop_stack(
822 VerificationType::category1_check(), CHECK_VERIFY(this));
823 } else if(type.is_category2_2nd()) {
824 type2 = current_frame.pop_stack
825 (VerificationType::category2_check(), CHECK_VERIFY(this));
826 } else {
827 verify_error(bci, bad_type_msg, "dup2_x1");
828 return;
829 }
830 type3 = current_frame.pop_stack(
831 VerificationType::category1_check(), CHECK_VERIFY(this));
832 current_frame.push_stack(type2, CHECK_VERIFY(this));
833 current_frame.push_stack(type, CHECK_VERIFY(this));
834 current_frame.push_stack(type3, CHECK_VERIFY(this));
835 current_frame.push_stack(type2, CHECK_VERIFY(this));
836 current_frame.push_stack(type, CHECK_VERIFY(this));
837 no_control_flow = false; break;
838 }
839 case Bytecodes::_dup2_x2 :
840 {
841 VerificationType type3, type4;
842 type = current_frame.pop_stack(CHECK_VERIFY(this));
843 if (type.is_category1()) {
844 type2 = current_frame.pop_stack(
845 VerificationType::category1_check(), CHECK_VERIFY(this));
846 } else if (type.is_category2_2nd()) {
847 type2 = current_frame.pop_stack(
848 VerificationType::category2_check(), CHECK_VERIFY(this));
849 } else {
850 verify_error(bci, bad_type_msg, "dup2_x2");
851 return;
852 }
853 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
854 if (type3.is_category1()) {
855 type4 = current_frame.pop_stack(
856 VerificationType::category1_check(), CHECK_VERIFY(this));
857 } else if (type3.is_category2_2nd()) {
858 type4 = current_frame.pop_stack(
859 VerificationType::category2_check(), CHECK_VERIFY(this));
860 } else {
861 verify_error(bci, bad_type_msg, "dup2_x2");
862 return;
863 }
864 current_frame.push_stack(type2, CHECK_VERIFY(this));
865 current_frame.push_stack(type, CHECK_VERIFY(this));
866 current_frame.push_stack(type4, CHECK_VERIFY(this));
867 current_frame.push_stack(type3, CHECK_VERIFY(this));
868 current_frame.push_stack(type2, CHECK_VERIFY(this));
869 current_frame.push_stack(type, CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 }
872 case Bytecodes::_swap :
873 type = current_frame.pop_stack(
874 VerificationType::category1_check(), CHECK_VERIFY(this));
875 type2 = current_frame.pop_stack(
876 VerificationType::category1_check(), CHECK_VERIFY(this));
877 current_frame.push_stack(type, CHECK_VERIFY(this));
878 current_frame.push_stack(type2, CHECK_VERIFY(this));
879 no_control_flow = false; break;
880 case Bytecodes::_iadd :
881 case Bytecodes::_isub :
882 case Bytecodes::_imul :
883 case Bytecodes::_idiv :
884 case Bytecodes::_irem :
885 case Bytecodes::_ishl :
886 case Bytecodes::_ishr :
887 case Bytecodes::_iushr :
888 case Bytecodes::_ior :
889 case Bytecodes::_ixor :
890 case Bytecodes::_iand :
891 current_frame.pop_stack(
892 VerificationType::integer_type(), CHECK_VERIFY(this));
893 // fall through
894 case Bytecodes::_ineg :
895 current_frame.pop_stack(
896 VerificationType::integer_type(), CHECK_VERIFY(this));
897 current_frame.push_stack(
898 VerificationType::integer_type(), CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_ladd :
901 case Bytecodes::_lsub :
902 case Bytecodes::_lmul :
903 case Bytecodes::_ldiv :
904 case Bytecodes::_lrem :
905 case Bytecodes::_land :
906 case Bytecodes::_lor :
907 case Bytecodes::_lxor :
908 current_frame.pop_stack_2(
909 VerificationType::long2_type(),
910 VerificationType::long_type(), CHECK_VERIFY(this));
911 // fall through
912 case Bytecodes::_lneg :
913 current_frame.pop_stack_2(
914 VerificationType::long2_type(),
915 VerificationType::long_type(), CHECK_VERIFY(this));
916 current_frame.push_stack_2(
917 VerificationType::long_type(),
918 VerificationType::long2_type(), CHECK_VERIFY(this));
919 no_control_flow = false; break;
920 case Bytecodes::_lshl :
921 case Bytecodes::_lshr :
922 case Bytecodes::_lushr :
923 current_frame.pop_stack(
924 VerificationType::integer_type(), CHECK_VERIFY(this));
925 current_frame.pop_stack_2(
926 VerificationType::long2_type(),
927 VerificationType::long_type(), CHECK_VERIFY(this));
928 current_frame.push_stack_2(
929 VerificationType::long_type(),
930 VerificationType::long2_type(), CHECK_VERIFY(this));
931 no_control_flow = false; break;
932 case Bytecodes::_fadd :
933 case Bytecodes::_fsub :
934 case Bytecodes::_fmul :
935 case Bytecodes::_fdiv :
936 case Bytecodes::_frem :
937 current_frame.pop_stack(
938 VerificationType::float_type(), CHECK_VERIFY(this));
939 // fall through
940 case Bytecodes::_fneg :
941 current_frame.pop_stack(
942 VerificationType::float_type(), CHECK_VERIFY(this));
943 current_frame.push_stack(
944 VerificationType::float_type(), CHECK_VERIFY(this));
945 no_control_flow = false; break;
946 case Bytecodes::_dadd :
947 case Bytecodes::_dsub :
948 case Bytecodes::_dmul :
949 case Bytecodes::_ddiv :
950 case Bytecodes::_drem :
951 current_frame.pop_stack_2(
952 VerificationType::double2_type(),
953 VerificationType::double_type(), CHECK_VERIFY(this));
954 // fall through
955 case Bytecodes::_dneg :
956 current_frame.pop_stack_2(
957 VerificationType::double2_type(),
958 VerificationType::double_type(), CHECK_VERIFY(this));
959 current_frame.push_stack_2(
960 VerificationType::double_type(),
961 VerificationType::double2_type(), CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_iinc :
964 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
965 no_control_flow = false; break;
966 case Bytecodes::_i2l :
967 type = current_frame.pop_stack(
968 VerificationType::integer_type(), CHECK_VERIFY(this));
969 current_frame.push_stack_2(
970 VerificationType::long_type(),
971 VerificationType::long2_type(), CHECK_VERIFY(this));
972 no_control_flow = false; break;
973 case Bytecodes::_l2i :
974 current_frame.pop_stack_2(
975 VerificationType::long2_type(),
976 VerificationType::long_type(), CHECK_VERIFY(this));
977 current_frame.push_stack(
978 VerificationType::integer_type(), CHECK_VERIFY(this));
979 no_control_flow = false; break;
980 case Bytecodes::_i2f :
981 current_frame.pop_stack(
982 VerificationType::integer_type(), CHECK_VERIFY(this));
983 current_frame.push_stack(
984 VerificationType::float_type(), CHECK_VERIFY(this));
985 no_control_flow = false; break;
986 case Bytecodes::_i2d :
987 current_frame.pop_stack(
988 VerificationType::integer_type(), CHECK_VERIFY(this));
989 current_frame.push_stack_2(
990 VerificationType::double_type(),
991 VerificationType::double2_type(), CHECK_VERIFY(this));
992 no_control_flow = false; break;
993 case Bytecodes::_l2f :
994 current_frame.pop_stack_2(
995 VerificationType::long2_type(),
996 VerificationType::long_type(), CHECK_VERIFY(this));
997 current_frame.push_stack(
998 VerificationType::float_type(), CHECK_VERIFY(this));
999 no_control_flow = false; break;
1000 case Bytecodes::_l2d :
1001 current_frame.pop_stack_2(
1002 VerificationType::long2_type(),
1003 VerificationType::long_type(), CHECK_VERIFY(this));
1004 current_frame.push_stack_2(
1005 VerificationType::double_type(),
1006 VerificationType::double2_type(), CHECK_VERIFY(this));
1007 no_control_flow = false; break;
1008 case Bytecodes::_f2i :
1009 current_frame.pop_stack(
1010 VerificationType::float_type(), CHECK_VERIFY(this));
1011 current_frame.push_stack(
1012 VerificationType::integer_type(), CHECK_VERIFY(this));
1013 no_control_flow = false; break;
1014 case Bytecodes::_f2l :
1015 current_frame.pop_stack(
1016 VerificationType::float_type(), CHECK_VERIFY(this));
1017 current_frame.push_stack_2(
1018 VerificationType::long_type(),
1019 VerificationType::long2_type(), CHECK_VERIFY(this));
1020 no_control_flow = false; break;
1021 case Bytecodes::_f2d :
1022 current_frame.pop_stack(
1023 VerificationType::float_type(), CHECK_VERIFY(this));
1024 current_frame.push_stack_2(
1025 VerificationType::double_type(),
1026 VerificationType::double2_type(), CHECK_VERIFY(this));
1027 no_control_flow = false; break;
1028 case Bytecodes::_d2i :
1029 current_frame.pop_stack_2(
1030 VerificationType::double2_type(),
1031 VerificationType::double_type(), CHECK_VERIFY(this));
1032 current_frame.push_stack(
1033 VerificationType::integer_type(), CHECK_VERIFY(this));
1034 no_control_flow = false; break;
1035 case Bytecodes::_d2l :
1036 current_frame.pop_stack_2(
1037 VerificationType::double2_type(),
1038 VerificationType::double_type(), CHECK_VERIFY(this));
1039 current_frame.push_stack_2(
1040 VerificationType::long_type(),
1041 VerificationType::long2_type(), CHECK_VERIFY(this));
1042 no_control_flow = false; break;
1043 case Bytecodes::_d2f :
1044 current_frame.pop_stack_2(
1045 VerificationType::double2_type(),
1046 VerificationType::double_type(), CHECK_VERIFY(this));
1047 current_frame.push_stack(
1048 VerificationType::float_type(), CHECK_VERIFY(this));
1049 no_control_flow = false; break;
1050 case Bytecodes::_i2b :
1051 case Bytecodes::_i2c :
1052 case Bytecodes::_i2s :
1053 current_frame.pop_stack(
1054 VerificationType::integer_type(), CHECK_VERIFY(this));
1055 current_frame.push_stack(
1056 VerificationType::integer_type(), CHECK_VERIFY(this));
1057 no_control_flow = false; break;
1058 case Bytecodes::_lcmp :
1059 current_frame.pop_stack_2(
1060 VerificationType::long2_type(),
1061 VerificationType::long_type(), CHECK_VERIFY(this));
1062 current_frame.pop_stack_2(
1063 VerificationType::long2_type(),
1064 VerificationType::long_type(), CHECK_VERIFY(this));
1065 current_frame.push_stack(
1066 VerificationType::integer_type(), CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_fcmpl :
1069 case Bytecodes::_fcmpg :
1070 current_frame.pop_stack(
1071 VerificationType::float_type(), CHECK_VERIFY(this));
1072 current_frame.pop_stack(
1073 VerificationType::float_type(), CHECK_VERIFY(this));
1074 current_frame.push_stack(
1075 VerificationType::integer_type(), CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_dcmpl :
1078 case Bytecodes::_dcmpg :
1079 current_frame.pop_stack_2(
1080 VerificationType::double2_type(),
1081 VerificationType::double_type(), CHECK_VERIFY(this));
1082 current_frame.pop_stack_2(
1083 VerificationType::double2_type(),
1084 VerificationType::double_type(), CHECK_VERIFY(this));
1085 current_frame.push_stack(
1086 VerificationType::integer_type(), CHECK_VERIFY(this));
1087 no_control_flow = false; break;
1088 case Bytecodes::_if_icmpeq:
1089 case Bytecodes::_if_icmpne:
1090 case Bytecodes::_if_icmplt:
1091 case Bytecodes::_if_icmpge:
1092 case Bytecodes::_if_icmpgt:
1093 case Bytecodes::_if_icmple:
1094 current_frame.pop_stack(
1095 VerificationType::integer_type(), CHECK_VERIFY(this));
1096 // fall through
1097 case Bytecodes::_ifeq:
1098 case Bytecodes::_ifne:
1099 case Bytecodes::_iflt:
1100 case Bytecodes::_ifge:
1101 case Bytecodes::_ifgt:
1102 case Bytecodes::_ifle:
1103 current_frame.pop_stack(
1104 VerificationType::integer_type(), CHECK_VERIFY(this));
1105 target = bcs.dest();
1106 stackmap_table.check_jump_target(
1107 ¤t_frame, target, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 case Bytecodes::_if_acmpeq :
1110 case Bytecodes::_if_acmpne :
1111 current_frame.pop_stack(
1112 VerificationType::reference_check(), CHECK_VERIFY(this));
1113 // fall through
1114 case Bytecodes::_ifnull :
1115 case Bytecodes::_ifnonnull :
1116 current_frame.pop_stack(
1117 VerificationType::reference_check(), CHECK_VERIFY(this));
1118 target = bcs.dest();
1119 stackmap_table.check_jump_target
1120 (¤t_frame, target, CHECK_VERIFY(this));
1121 no_control_flow = false; break;
1122 case Bytecodes::_goto :
1123 target = bcs.dest();
1124 stackmap_table.check_jump_target(
1125 ¤t_frame, target, CHECK_VERIFY(this));
1126 no_control_flow = true; break;
1127 case Bytecodes::_goto_w :
1128 target = bcs.dest_w();
1129 stackmap_table.check_jump_target(
1130 ¤t_frame, target, CHECK_VERIFY(this));
1131 no_control_flow = true; break;
1132 case Bytecodes::_tableswitch :
1133 case Bytecodes::_lookupswitch :
1134 verify_switch(
1135 &bcs, code_length, code_data, ¤t_frame,
1136 &stackmap_table, CHECK_VERIFY(this));
1137 no_control_flow = true; break;
1138 case Bytecodes::_ireturn :
1139 type = current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1142 no_control_flow = true; break;
1143 case Bytecodes::_lreturn :
1144 type2 = current_frame.pop_stack(
1145 VerificationType::long2_type(), CHECK_VERIFY(this));
1146 type = current_frame.pop_stack(
1147 VerificationType::long_type(), CHECK_VERIFY(this));
1148 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1149 no_control_flow = true; break;
1150 case Bytecodes::_freturn :
1151 type = current_frame.pop_stack(
1152 VerificationType::float_type(), CHECK_VERIFY(this));
1153 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1154 no_control_flow = true; break;
1155 case Bytecodes::_dreturn :
1156 type2 = current_frame.pop_stack(
1157 VerificationType::double2_type(), CHECK_VERIFY(this));
1158 type = current_frame.pop_stack(
1159 VerificationType::double_type(), CHECK_VERIFY(this));
1160 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1161 no_control_flow = true; break;
1162 case Bytecodes::_areturn :
1163 type = current_frame.pop_stack(
1164 VerificationType::reference_check(), CHECK_VERIFY(this));
1165 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1166 no_control_flow = true; break;
1167 case Bytecodes::_return :
1168 if (return_type != VerificationType::bogus_type()) {
1169 verify_error(bci, "Method expects no return value");
1170 return;
1171 }
1172 // Make sure "this" has been initialized if current method is an
1173 // <init>
1174 if (_method->name() == vmSymbols::object_initializer_name() &&
1175 current_frame.flag_this_uninit()) {
1176 verify_error(bci,
1177 "Constructor must call super() or this() before return");
1178 return;
1179 }
1180 no_control_flow = true; break;
1181 case Bytecodes::_getstatic :
1182 case Bytecodes::_putstatic :
1183 case Bytecodes::_getfield :
1184 case Bytecodes::_putfield :
1185 verify_field_instructions(
1186 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1187 no_control_flow = false; break;
1188 case Bytecodes::_invokevirtual :
1189 case Bytecodes::_invokespecial :
1190 case Bytecodes::_invokestatic :
1191 verify_invoke_instructions(
1192 &bcs, code_length, ¤t_frame,
1193 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1194 no_control_flow = false; break;
1195 case Bytecodes::_invokeinterface :
1196 case Bytecodes::_invokedynamic :
1197 verify_invoke_instructions(
1198 &bcs, code_length, ¤t_frame,
1199 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1200 no_control_flow = false; break;
1201 case Bytecodes::_new :
1202 {
1203 index = bcs.get_index_u2();
1204 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1205 VerificationType new_class_type =
1206 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1207 if (!new_class_type.is_object()) {
1208 verify_error(bci, "Illegal new instruction");
1209 return;
1210 }
1211 type = VerificationType::uninitialized_type(bci);
1212 current_frame.push_stack(type, CHECK_VERIFY(this));
1213 no_control_flow = false; break;
1214 }
1215 case Bytecodes::_newarray :
1216 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1217 current_frame.pop_stack(
1218 VerificationType::integer_type(), CHECK_VERIFY(this));
1219 current_frame.push_stack(type, CHECK_VERIFY(this));
1220 no_control_flow = false; break;
1221 case Bytecodes::_anewarray :
1222 verify_anewarray(
1223 bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1224 no_control_flow = false; break;
1225 case Bytecodes::_arraylength :
1226 type = current_frame.pop_stack(
1227 VerificationType::reference_check(), CHECK_VERIFY(this));
1228 if (!(type.is_null() || type.is_array())) {
1229 verify_error(bci, bad_type_msg, "arraylength");
1230 }
1231 current_frame.push_stack(
1232 VerificationType::integer_type(), CHECK_VERIFY(this));
1233 no_control_flow = false; break;
1234 case Bytecodes::_checkcast :
1235 {
1236 index = bcs.get_index_u2();
1237 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1238 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1239 VerificationType klass_type = cp_index_to_type(
1240 index, cp, CHECK_VERIFY(this));
1241 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1242 no_control_flow = false; break;
1243 }
1244 case Bytecodes::_instanceof : {
1245 index = bcs.get_index_u2();
1246 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1247 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1248 current_frame.push_stack(
1249 VerificationType::integer_type(), CHECK_VERIFY(this));
1250 no_control_flow = false; break;
1251 }
1252 case Bytecodes::_monitorenter :
1253 case Bytecodes::_monitorexit :
1254 current_frame.pop_stack(
1255 VerificationType::reference_check(), CHECK_VERIFY(this));
1256 no_control_flow = false; break;
1257 case Bytecodes::_multianewarray :
1258 {
1259 index = bcs.get_index_u2();
1260 u2 dim = *(bcs.bcp()+3);
1261 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1262 VerificationType new_array_type =
1263 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1264 if (!new_array_type.is_array()) {
1265 verify_error(bci,
1266 "Illegal constant pool index in multianewarray instruction");
1267 return;
1268 }
1269 if (dim < 1 || new_array_type.dimensions() < dim) {
1270 verify_error(bci,
1271 "Illegal dimension in multianewarray instruction");
1272 return;
1273 }
1274 for (int i = 0; i < dim; i++) {
1275 current_frame.pop_stack(
1276 VerificationType::integer_type(), CHECK_VERIFY(this));
1277 }
1278 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1279 no_control_flow = false; break;
1280 }
1281 case Bytecodes::_athrow :
1282 type = VerificationType::reference_type(
1283 vmSymbols::java_lang_Throwable());
1284 current_frame.pop_stack(type, CHECK_VERIFY(this));
1285 no_control_flow = true; break;
1286 default:
1287 // We only need to check the valid bytecodes in class file.
1288 // And jsr and ret are not in the new class file format in JDK1.5.
1289 verify_error(bci, "Bad instruction");
1290 no_control_flow = false;
1291 return;
1292 } // end switch
1293 } // end Merge with the next instruction
1294
1295 // Look for possible jump target in exception handlers and see if it
1296 // matches current_frame
1297 if (bci >= ex_min && bci < ex_max) {
1298 verify_exception_handler_targets(
1299 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1300 }
1301 } // end while
1302
1303 // Make sure that control flow does not fall through end of the method
1304 if (!no_control_flow) {
1305 verify_error(code_length, "Control flow falls through code end");
1306 return;
1307 }
1308 }
1309
1310 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1311 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1312 memset(code_data, 0, sizeof(char) * code_length);
1313 RawBytecodeStream bcs(m);
1314
1315 while (!bcs.is_last_bytecode()) {
1316 if (bcs.raw_next() != Bytecodes::_illegal) {
1317 int bci = bcs.bci();
1318 if (bcs.raw_code() == Bytecodes::_new) {
1319 code_data[bci] = NEW_OFFSET;
1320 } else {
1321 code_data[bci] = BYTECODE_OFFSET;
1322 }
1323 } else {
1324 verify_error(bcs.bci(), "Bad instruction");
1325 return NULL;
1326 }
1327 }
1328
1329 return code_data;
1330 }
1331
1332 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1333 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1334 constantPoolHandle cp (THREAD, _method->constants());
1335
1336 if (exhandlers() != NULL) {
1337 for(int i = 0; i < exhandlers->length();) {
1338 u2 start_pc = exhandlers->int_at(i++);
1339 u2 end_pc = exhandlers->int_at(i++);
1340 u2 handler_pc = exhandlers->int_at(i++);
1341 if (start_pc >= code_length || code_data[start_pc] == 0) {
1342 class_format_error("Illegal exception table start_pc %d", start_pc);
1343 return;
1344 }
1345 if (end_pc != code_length) { // special case: end_pc == code_length
1346 if (end_pc > code_length || code_data[end_pc] == 0) {
1347 class_format_error("Illegal exception table end_pc %d", end_pc);
1348 return;
1349 }
1350 }
1351 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1352 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1353 return;
1354 }
1355 int catch_type_index = exhandlers->int_at(i++);
1356 if (catch_type_index != 0) {
1357 VerificationType catch_type = cp_index_to_type(
1358 catch_type_index, cp, CHECK_VERIFY(this));
1359 VerificationType throwable =
1360 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1361 bool is_subclass = throwable.is_assignable_from(
1362 catch_type, current_class(), CHECK_VERIFY(this));
1363 if (!is_subclass) {
1364 // 4286534: should throw VerifyError according to recent spec change
1365 verify_error(
1366 "Catch type is not a subclass of Throwable in handler %d",
1367 handler_pc);
1368 return;
1369 }
1370 }
1371 if (start_pc < min) min = start_pc;
1372 if (end_pc > max) max = end_pc;
1373 }
1374 }
1375 }
1376
1377 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1378 int localvariable_table_length = _method()->localvariable_table_length();
1379 if (localvariable_table_length > 0) {
1380 LocalVariableTableElement* table = _method()->localvariable_table_start();
1381 for (int i = 0; i < localvariable_table_length; i++) {
1382 u2 start_bci = table[i].start_bci;
1383 u2 length = table[i].length;
1384
1385 if (start_bci >= code_length || code_data[start_bci] == 0) {
1386 class_format_error(
1387 "Illegal local variable table start_pc %d", start_bci);
1388 return;
1389 }
1390 u4 end_bci = (u4)(start_bci + length);
1391 if (end_bci != code_length) {
1392 if (end_bci >= code_length || code_data[end_bci] == 0) {
1393 class_format_error( "Illegal local variable table length %d", length);
1394 return;
1395 }
1396 }
1397 }
1398 }
1399 }
1400
1401 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1402 StackMapFrame* current_frame,
1403 StackMapTable* stackmap_table,
1404 bool no_control_flow, TRAPS) {
1405 if (stackmap_index < stackmap_table->get_frame_count()) {
1406 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1407 if (no_control_flow && this_offset > bci) {
1408 verify_error(bci, "Expecting a stack map frame");
1409 return 0;
1410 }
1411 if (this_offset == bci) {
1412 // See if current stack map can be assigned to the frame in table.
1413 // current_frame is the stackmap frame got from the last instruction.
1414 // If matched, current_frame will be updated by this method.
1415 bool match = stackmap_table->match_stackmap(
1416 current_frame, this_offset, stackmap_index,
1417 !no_control_flow, true, CHECK_VERIFY_(this, 0));
1418 if (!match) {
1419 // report type error
1420 verify_error(bci, "Instruction type does not match stack map");
1421 return 0;
1422 }
1423 stackmap_index++;
1424 } else if (this_offset < bci) {
1425 // current_offset should have met this_offset.
1426 class_format_error("Bad stack map offset %d", this_offset);
1427 return 0;
1428 }
1429 } else if (no_control_flow) {
1430 verify_error(bci, "Expecting a stack map frame");
1431 return 0;
1432 }
1433 return stackmap_index;
1434 }
1435
1436 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1437 StackMapTable* stackmap_table, TRAPS) {
1438 constantPoolHandle cp (THREAD, _method->constants());
1439 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1440 if (exhandlers() != NULL) {
1441 for(int i = 0; i < exhandlers->length();) {
1442 u2 start_pc = exhandlers->int_at(i++);
1443 u2 end_pc = exhandlers->int_at(i++);
1444 u2 handler_pc = exhandlers->int_at(i++);
1445 int catch_type_index = exhandlers->int_at(i++);
1446 if(bci >= start_pc && bci < end_pc) {
1447 u1 flags = current_frame->flags();
1448 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1449
1450 ResourceMark rm(THREAD);
1451 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1452 if (catch_type_index != 0) {
1453 // We know that this index refers to a subclass of Throwable
1454 VerificationType catch_type = cp_index_to_type(
1455 catch_type_index, cp, CHECK_VERIFY(this));
1456 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1457 } else {
1458 VerificationType throwable =
1459 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1460 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1461 }
1462 bool match = stackmap_table->match_stackmap(
1463 new_frame, handler_pc, true, false, CHECK_VERIFY(this));
1464 if (!match) {
1465 verify_error(bci,
1466 "Stack map does not match the one at exception handler %d",
1467 handler_pc);
1468 return;
1469 }
1470 }
1471 }
1472 }
1473 }
1474
1475 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) {
1476 int nconstants = cp->length();
1477 if ((index <= 0) || (index >= nconstants)) {
1478 verify_error("Illegal constant pool index %d in class %s",
1479 index, instanceKlass::cast(cp->pool_holder())->external_name());
1480 return;
1481 }
1482 }
1483
1484 void ClassVerifier::verify_cp_type(
1485 int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1486
1487 // In some situations, bytecode rewriting may occur while we're verifying.
1488 // In this case, a constant pool cache exists and some indices refer to that
1489 // instead. Be sure we don't pick up such indices by accident.
1490 // We must check was_recursively_verified() before we get here.
1491 guarantee(cp->cache() == NULL, "not rewritten yet");
1492
1493 verify_cp_index(cp, index, CHECK_VERIFY(this));
1494 unsigned int tag = cp->tag_at(index).value();
1495 if ((types & (1 << tag)) == 0) {
1496 verify_error(
1497 "Illegal type at constant pool entry %d in class %s",
1498 index, instanceKlass::cast(cp->pool_holder())->external_name());
1499 return;
1500 }
1501 }
1502
1503 void ClassVerifier::verify_cp_class_type(
1504 int index, constantPoolHandle cp, TRAPS) {
1505 verify_cp_index(cp, index, CHECK_VERIFY(this));
1506 constantTag tag = cp->tag_at(index);
1507 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1508 verify_error("Illegal type at constant pool entry %d in class %s",
1509 index, instanceKlass::cast(cp->pool_holder())->external_name());
1510 return;
1511 }
1512 }
1513
1514 void ClassVerifier::format_error_message(
1515 const char* fmt, int offset, va_list va) {
1516 ResourceMark rm(_thread);
1517 stringStream message(_message, _message_buffer_len);
1518 message.vprint(fmt, va);
1519 if (!_method.is_null()) {
1520 message.print(" in method %s", _method->name_and_sig_as_C_string());
1521 }
1522 if (offset != -1) {
1523 message.print(" at offset %d", offset);
1524 }
1525 }
1526
1527 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) {
1528 _exception_type = vmSymbols::java_lang_VerifyError();
1529 va_list va;
1530 va_start(va, fmt);
1531 format_error_message(fmt, offset, va);
1532 va_end(va);
1533 }
1534
1535 void ClassVerifier::verify_error(const char* fmt, ...) {
1536 _exception_type = vmSymbols::java_lang_VerifyError();
1537 va_list va;
1538 va_start(va, fmt);
1539 format_error_message(fmt, -1, va);
1540 va_end(va);
1541 }
1542
1543 void ClassVerifier::class_format_error(const char* msg, ...) {
1544 _exception_type = vmSymbols::java_lang_ClassFormatError();
1545 va_list va;
1546 va_start(va, msg);
1547 format_error_message(msg, -1, va);
1548 va_end(va);
1549 }
1550
1551 klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) {
1552 // Get current loader and protection domain first.
1553 oop loader = current_class()->class_loader();
1554 oop protection_domain = current_class()->protection_domain();
1555
1556 return SystemDictionary::resolve_or_fail(
1557 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1558 true, CHECK_NULL);
1559 }
1560
1561 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1562 klassOop target_class,
1563 symbolOop field_name,
1564 symbolOop field_sig,
1565 bool is_method) {
1566 No_Safepoint_Verifier nosafepoint;
1567
1568 // If target class isn't a super class of this class, we don't worry about this case
1569 if (!this_class->is_subclass_of(target_class)) {
1570 return false;
1571 }
1572 // Check if the specified method or field is protected
1573 instanceKlass* target_instance = instanceKlass::cast(target_class);
1574 fieldDescriptor fd;
1575 if (is_method) {
1576 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1577 if (m != NULL && m->is_protected()) {
1578 if (!this_class->is_same_class_package(m->method_holder())) {
1579 return true;
1580 }
1581 }
1582 } else {
1583 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1584 if(member_klass != NULL && fd.is_protected()) {
1585 if (!this_class->is_same_class_package(member_klass)) {
1586 return true;
1587 }
1588 }
1589 }
1590 return false;
1591 }
1592
1593 void ClassVerifier::verify_ldc(
1594 int opcode, u2 index, StackMapFrame *current_frame,
1595 constantPoolHandle cp, u2 bci, TRAPS) {
1596 verify_cp_index(cp, index, CHECK_VERIFY(this));
1597 constantTag tag = cp->tag_at(index);
1598 unsigned int types;
1599 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1600 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1601 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1602 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1603 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1604 // Note: The class file parser already verified the legality of
1605 // MethodHandle and MethodType constants.
1606 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1607 }
1608 } else {
1609 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1610 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1611 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1612 }
1613 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1614 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
1615 } else if (tag.is_string() || tag.is_unresolved_string()) {
1616 current_frame->push_stack(
1617 VerificationType::reference_type(
1618 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1619 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1620 current_frame->push_stack(
1621 VerificationType::reference_type(
1622 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1623 } else if (tag.is_int()) {
1624 current_frame->push_stack(
1625 VerificationType::integer_type(), CHECK_VERIFY(this));
1626 } else if (tag.is_float()) {
1627 current_frame->push_stack(
1628 VerificationType::float_type(), CHECK_VERIFY(this));
1629 } else if (tag.is_double()) {
1630 current_frame->push_stack_2(
1631 VerificationType::double_type(),
1632 VerificationType::double2_type(), CHECK_VERIFY(this));
1633 } else if (tag.is_long()) {
1634 current_frame->push_stack_2(
1635 VerificationType::long_type(),
1636 VerificationType::long2_type(), CHECK_VERIFY(this));
1637 } else if (tag.is_method_handle()) {
1638 current_frame->push_stack(
1639 VerificationType::reference_type(
1640 vmSymbols::java_dyn_MethodHandle()), CHECK_VERIFY(this));
1641 } else if (tag.is_method_type()) {
1642 current_frame->push_stack(
1643 VerificationType::reference_type(
1644 vmSymbols::java_dyn_MethodType()), CHECK_VERIFY(this));
1645 } else {
1646 verify_error(bci, "Invalid index in ldc");
1647 return;
1648 }
1649 }
1650
1651 void ClassVerifier::verify_switch(
1652 RawBytecodeStream* bcs, u4 code_length, char* code_data,
1653 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
1654 int bci = bcs->bci();
1655 address bcp = bcs->bcp();
1656 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
1657
1658 // 4639449 & 4647081: padding bytes must be 0
1659 u2 padding_offset = 1;
1660 while ((bcp + padding_offset) < aligned_bcp) {
1661 if(*(bcp + padding_offset) != 0) {
1662 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch");
1663 return;
1664 }
1665 padding_offset++;
1666 }
1667 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
1668 int keys, delta;
1669 current_frame->pop_stack(
1670 VerificationType::integer_type(), CHECK_VERIFY(this));
1671 if (bcs->raw_code() == Bytecodes::_tableswitch) {
1672 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
1673 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
1674 if (low > high) {
1675 verify_error(bci,
1676 "low must be less than or equal to high in tableswitch");
1677 return;
1678 }
1679 keys = high - low + 1;
1680 if (keys < 0) {
1681 verify_error(bci, "too many keys in tableswitch");
1682 return;
1683 }
1684 delta = 1;
1685 } else {
1686 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
1687 if (keys < 0) {
1688 verify_error(bci, "number of keys in lookupswitch less than 0");
1689 return;
1690 }
1691 delta = 2;
1692 // Make sure that the lookupswitch items are sorted
1693 for (int i = 0; i < (keys - 1); i++) {
1694 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
1695 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
1696 if (this_key >= next_key) {
1697 verify_error(bci, "Bad lookupswitch instruction");
1698 return;
1699 }
1700 }
1701 }
1702 int target = bci + default_offset;
1703 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
1704 for (int i = 0; i < keys; i++) {
1705 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
1706 stackmap_table->check_jump_target(
1707 current_frame, target, CHECK_VERIFY(this));
1708 }
1709 }
1710
1711 bool ClassVerifier::name_in_supers(
1712 symbolOop ref_name, instanceKlassHandle current) {
1713 klassOop super = current->super();
1714 while (super != NULL) {
1715 if (super->klass_part()->name() == ref_name) {
1716 return true;
1717 }
1718 super = super->klass_part()->super();
1719 }
1720 return false;
1721 }
1722
1723 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
1724 StackMapFrame* current_frame,
1725 constantPoolHandle cp,
1726 TRAPS) {
1727 u2 index = bcs->get_index_u2();
1728 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
1729
1730 // Get field name and signature
1731 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index));
1732 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index));
1733
1734 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
1735 class_format_error(
1736 "Invalid signature for field in class %s referenced "
1737 "from constant pool index %d", _klass->external_name(), index);
1738 return;
1739 }
1740
1741 // Get referenced class type
1742 VerificationType ref_class_type = cp_ref_index_to_type(
1743 index, cp, CHECK_VERIFY(this));
1744 if (!ref_class_type.is_object()) {
1745 verify_error(
1746 "Expecting reference to class in class %s at constant pool index %d",
1747 _klass->external_name(), index);
1748 return;
1749 }
1750 VerificationType target_class_type = ref_class_type;
1751
1752 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1753 "buffer type must match VerificationType size");
1754 uintptr_t field_type_buffer[2];
1755 VerificationType* field_type = (VerificationType*)field_type_buffer;
1756 // If we make a VerificationType[2] array directly, the compiler calls
1757 // to the c-runtime library to do the allocation instead of just
1758 // stack allocating it. Plus it would run constructors. This shows up
1759 // in performance profiles.
1760
1761 SignatureStream sig_stream(field_sig, false);
1762 VerificationType stack_object_type;
1763 int n = change_sig_to_verificationType(
1764 &sig_stream, field_type, CHECK_VERIFY(this));
1765 u2 bci = bcs->bci();
1766 bool is_assignable;
1767 switch (bcs->raw_code()) {
1768 case Bytecodes::_getstatic: {
1769 for (int i = 0; i < n; i++) {
1770 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1771 }
1772 break;
1773 }
1774 case Bytecodes::_putstatic: {
1775 for (int i = n - 1; i >= 0; i--) {
1776 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1777 }
1778 break;
1779 }
1780 case Bytecodes::_getfield: {
1781 stack_object_type = current_frame->pop_stack(
1782 target_class_type, CHECK_VERIFY(this));
1783 for (int i = 0; i < n; i++) {
1784 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1785 }
1786 goto check_protected;
1787 }
1788 case Bytecodes::_putfield: {
1789 for (int i = n - 1; i >= 0; i--) {
1790 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1791 }
1792 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
1793
1794 // The JVMS 2nd edition allows field initialization before the superclass
1795 // initializer, if the field is defined within the current class.
1796 fieldDescriptor fd;
1797 if (stack_object_type == VerificationType::uninitialized_this_type() &&
1798 target_class_type.equals(current_type()) &&
1799 _klass->find_local_field(field_name(), field_sig(), &fd)) {
1800 stack_object_type = current_type();
1801 }
1802 is_assignable = target_class_type.is_assignable_from(
1803 stack_object_type, current_class(), CHECK_VERIFY(this));
1804 if (!is_assignable) {
1805 verify_error(bci, "Bad type on operand stack in putfield");
1806 return;
1807 }
1808 }
1809 check_protected: {
1810 if (_this_type == stack_object_type)
1811 break; // stack_object_type must be assignable to _current_class_type
1812 symbolHandle ref_class_name = symbolHandle(THREAD,
1813 cp->klass_name_at(cp->klass_ref_index_at(index)));
1814 if (!name_in_supers(ref_class_name(), current_class()))
1815 // stack_object_type must be assignable to _current_class_type since:
1816 // 1. stack_object_type must be assignable to ref_class.
1817 // 2. ref_class must be _current_class or a subclass of it. It can't
1818 // be a superclass of it. See revised JVMS 5.4.4.
1819 break;
1820
1821 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
1822 if (is_protected_access(current_class(), ref_class_oop, field_name(),
1823 field_sig(), false)) {
1824 // It's protected access, check if stack object is assignable to
1825 // current class.
1826 is_assignable = current_type().is_assignable_from(
1827 stack_object_type, current_class(), CHECK_VERIFY(this));
1828 if (!is_assignable) {
1829 verify_error(bci, "Bad access to protected data in getfield");
1830 return;
1831 }
1832 }
1833 break;
1834 }
1835 default: ShouldNotReachHere();
1836 }
1837 }
1838
1839 void ClassVerifier::verify_invoke_init(
1840 RawBytecodeStream* bcs, VerificationType ref_class_type,
1841 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
1842 constantPoolHandle cp, TRAPS) {
1843 u2 bci = bcs->bci();
1844 VerificationType type = current_frame->pop_stack(
1845 VerificationType::reference_check(), CHECK_VERIFY(this));
1846 if (type == VerificationType::uninitialized_this_type()) {
1847 // The method must be an <init> method of either this class, or one of its
1848 // superclasses
1849 if (ref_class_type.name() != current_class()->name() &&
1850 !name_in_supers(ref_class_type.name(), current_class())) {
1851 verify_error(bci, "Bad <init> method call");
1852 return;
1853 }
1854 current_frame->initialize_object(type, current_type());
1855 *this_uninit = true;
1856 } else if (type.is_uninitialized()) {
1857 u2 new_offset = type.bci();
1858 address new_bcp = bcs->bcp() - bci + new_offset;
1859 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
1860 verify_error(new_offset, "Expecting new instruction");
1861 return;
1862 }
1863 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
1864 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this));
1865
1866 // The method must be an <init> method of the indicated class
1867 VerificationType new_class_type = cp_index_to_type(
1868 new_class_index, cp, CHECK_VERIFY(this));
1869 if (!new_class_type.equals(ref_class_type)) {
1870 verify_error(bci, "Call to wrong <init> method");
1871 return;
1872 }
1873 // According to the VM spec, if the referent class is a superclass of the
1874 // current class, and is in a different runtime package, and the method is
1875 // protected, then the objectref must be the current class or a subclass
1876 // of the current class.
1877 VerificationType objectref_type = new_class_type;
1878 if (name_in_supers(ref_class_type.name(), current_class())) {
1879 klassOop ref_klass = load_class(
1880 ref_class_type.name(), CHECK_VERIFY(this));
1881 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
1882 vmSymbols::object_initializer_name(),
1883 cp->signature_ref_at(bcs->get_index_u2()));
1884 instanceKlassHandle mh(THREAD, m->method_holder());
1885 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
1886 bool assignable = current_type().is_assignable_from(
1887 objectref_type, current_class(), CHECK_VERIFY(this));
1888 if (!assignable) {
1889 verify_error(bci, "Bad access to protected <init> method");
1890 return;
1891 }
1892 }
1893 }
1894 current_frame->initialize_object(type, new_class_type);
1895 } else {
1896 verify_error(bci, "Bad operand type when invoking <init>");
1897 return;
1898 }
1899 }
1900
1901 void ClassVerifier::verify_invoke_instructions(
1902 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
1903 bool *this_uninit, VerificationType return_type,
1904 constantPoolHandle cp, TRAPS) {
1905 // Make sure the constant pool item is the right type
1906 u2 index = bcs->get_index_u2();
1907 Bytecodes::Code opcode = bcs->raw_code();
1908 unsigned int types = (opcode == Bytecodes::_invokeinterface
1909 ? 1 << JVM_CONSTANT_InterfaceMethodref
1910 : opcode == Bytecodes::_invokedynamic
1911 ? (1 << JVM_CONSTANT_NameAndType
1912 |1 << JVM_CONSTANT_InvokeDynamic)
1913 : 1 << JVM_CONSTANT_Methodref);
1914 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1915
1916 // Get method name and signature
1917 symbolHandle method_name(THREAD, cp->name_ref_at(index));
1918 symbolHandle method_sig(THREAD, cp->signature_ref_at(index));
1919
1920 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
1921 class_format_error(
1922 "Invalid method signature in class %s referenced "
1923 "from constant pool index %d", _klass->external_name(), index);
1924 return;
1925 }
1926
1927 // Get referenced class type
1928 VerificationType ref_class_type;
1929 if (opcode == Bytecodes::_invokedynamic) {
1930 if (!EnableInvokeDynamic ||
1931 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
1932 class_format_error(
1933 (!EnableInvokeDynamic ?
1934 "invokedynamic instructions not enabled in this JVM" :
1935 "invokedynamic instructions not supported by this class file version"),
1936 _klass->external_name());
1937 return;
1938 }
1939 } else {
1940 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
1941 }
1942
1943 // For a small signature length, we just allocate 128 bytes instead
1944 // of parsing the signature once to find its size.
1945 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
1946 // longs/doubles to be consertive.
1947 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1948 "buffer type must match VerificationType size");
1949 uintptr_t on_stack_sig_types_buffer[128];
1950 // If we make a VerificationType[128] array directly, the compiler calls
1951 // to the c-runtime library to do the allocation instead of just
1952 // stack allocating it. Plus it would run constructors. This shows up
1953 // in performance profiles.
1954
1955 VerificationType* sig_types;
1956 int size = (method_sig->utf8_length() - 3) * 2;
1957 if (size > 128) {
1958 // Long and double occupies two slots here.
1959 ArgumentSizeComputer size_it(method_sig);
1960 size = size_it.size();
1961 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
1962 } else{
1963 sig_types = (VerificationType*)on_stack_sig_types_buffer;
1964 }
1965 SignatureStream sig_stream(method_sig);
1966 int sig_i = 0;
1967 while (!sig_stream.at_return_type()) {
1968 sig_i += change_sig_to_verificationType(
1969 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
1970 sig_stream.next();
1971 }
1972 int nargs = sig_i;
1973
1974 #ifdef ASSERT
1975 {
1976 ArgumentSizeComputer size_it(method_sig);
1977 assert(nargs == size_it.size(), "Argument sizes do not match");
1978 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
1979 }
1980 #endif
1981
1982 // Check instruction operands
1983 u2 bci = bcs->bci();
1984 if (opcode == Bytecodes::_invokeinterface) {
1985 address bcp = bcs->bcp();
1986 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
1987 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
1988 // the difference between the size of the operand stack before and after the instruction
1989 // executes.
1990 if (*(bcp+3) != (nargs+1)) {
1991 verify_error(bci, "Inconsistent args count operand in invokeinterface");
1992 return;
1993 }
1994 if (*(bcp+4) != 0) {
1995 verify_error(bci, "Fourth operand byte of invokeinterface must be zero");
1996 return;
1997 }
1998 }
1999
2000 if (opcode == Bytecodes::_invokedynamic) {
2001 address bcp = bcs->bcp();
2002 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2003 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero");
2004 return;
2005 }
2006 }
2007
2008 if (method_name->byte_at(0) == '<') {
2009 // Make sure <init> can only be invoked by invokespecial
2010 if (opcode != Bytecodes::_invokespecial ||
2011 method_name() != vmSymbols::object_initializer_name()) {
2012 verify_error(bci, "Illegal call to internal method");
2013 return;
2014 }
2015 } else if (opcode == Bytecodes::_invokespecial
2016 && !ref_class_type.equals(current_type())
2017 && !ref_class_type.equals(VerificationType::reference_type(
2018 current_class()->super()->klass_part()->name()))) {
2019 bool subtype = ref_class_type.is_assignable_from(
2020 current_type(), current_class(), CHECK_VERIFY(this));
2021 if (!subtype) {
2022 verify_error(bci, "Bad invokespecial instruction: "
2023 "current class isn't assignable to reference class.");
2024 return;
2025 }
2026 }
2027 // Match method descriptor with operand stack
2028 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2029 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2030 }
2031 // Check objectref on operand stack
2032 if (opcode != Bytecodes::_invokestatic &&
2033 opcode != Bytecodes::_invokedynamic) {
2034 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method
2035 verify_invoke_init(bcs, ref_class_type, current_frame,
2036 code_length, this_uninit, cp, CHECK_VERIFY(this));
2037 } else { // other methods
2038 // Ensures that target class is assignable to method class.
2039 if (opcode == Bytecodes::_invokespecial) {
2040 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2041 } else if (opcode == Bytecodes::_invokevirtual) {
2042 VerificationType stack_object_type =
2043 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2044 if (current_type() != stack_object_type) {
2045 assert(cp->cache() == NULL, "not rewritten yet");
2046 symbolHandle ref_class_name = symbolHandle(THREAD,
2047 cp->klass_name_at(cp->klass_ref_index_at(index)));
2048 // See the comments in verify_field_instructions() for
2049 // the rationale behind this.
2050 if (name_in_supers(ref_class_name(), current_class())) {
2051 klassOop ref_class = load_class(ref_class_name, CHECK);
2052 if (is_protected_access(
2053 _klass, ref_class, method_name(), method_sig(), true)) {
2054 // It's protected access, check if stack object is
2055 // assignable to current class.
2056 bool is_assignable = current_type().is_assignable_from(
2057 stack_object_type, current_class(), CHECK_VERIFY(this));
2058 if (!is_assignable) {
2059 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2060 && stack_object_type.is_array()
2061 && method_name() == vmSymbols::clone_name()) {
2062 // Special case: arrays pretend to implement public Object
2063 // clone().
2064 } else {
2065 verify_error(bci,
2066 "Bad access to protected data in invokevirtual");
2067 return;
2068 }
2069 }
2070 }
2071 }
2072 }
2073 } else {
2074 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2075 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2076 }
2077 }
2078 }
2079 // Push the result type.
2080 if (sig_stream.type() != T_VOID) {
2081 if (method_name() == vmSymbols::object_initializer_name()) {
2082 // <init> method must have a void return type
2083 verify_error(bci, "Return type must be void in <init> method");
2084 return;
2085 }
2086 VerificationType return_type[2];
2087 int n = change_sig_to_verificationType(
2088 &sig_stream, return_type, CHECK_VERIFY(this));
2089 for (int i = 0; i < n; i++) {
2090 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2091 }
2092 }
2093 }
2094
2095 VerificationType ClassVerifier::get_newarray_type(
2096 u2 index, u2 bci, TRAPS) {
2097 const char* from_bt[] = {
2098 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2099 };
2100 if (index < T_BOOLEAN || index > T_LONG) {
2101 verify_error(bci, "Illegal newarray instruction");
2102 return VerificationType::bogus_type();
2103 }
2104
2105 // from_bt[index] contains the array signature which has a length of 2
2106 symbolHandle sig = oopFactory::new_symbol_handle(
2107 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2108 return VerificationType::reference_type(sig);
2109 }
2110
2111 void ClassVerifier::verify_anewarray(
2112 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) {
2113 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
2114 current_frame->pop_stack(
2115 VerificationType::integer_type(), CHECK_VERIFY(this));
2116
2117 VerificationType component_type =
2118 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2119 ResourceMark rm(THREAD);
2120 int length;
2121 char* arr_sig_str;
2122 if (component_type.is_array()) { // it's an array
2123 const char* component_name = component_type.name()->as_utf8();
2124 // add one dimension to component
2125 length = (int)strlen(component_name) + 1;
2126 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2127 arr_sig_str[0] = '[';
2128 strncpy(&arr_sig_str[1], component_name, length - 1);
2129 } else { // it's an object or interface
2130 const char* component_name = component_type.name()->as_utf8();
2131 // add one dimension to component with 'L' prepended and ';' postpended.
2132 length = (int)strlen(component_name) + 3;
2133 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2134 arr_sig_str[0] = '[';
2135 arr_sig_str[1] = 'L';
2136 strncpy(&arr_sig_str[2], component_name, length - 2);
2137 arr_sig_str[length - 1] = ';';
2138 }
2139 symbolHandle arr_sig = oopFactory::new_symbol_handle(
2140 arr_sig_str, length, CHECK_VERIFY(this));
2141 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2142 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2143 }
2144
2145 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
2146 current_frame->get_local(
2147 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2148 current_frame->push_stack(
2149 VerificationType::integer_type(), CHECK_VERIFY(this));
2150 }
2151
2152 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
2153 current_frame->get_local_2(
2154 index, VerificationType::long_type(),
2155 VerificationType::long2_type(), CHECK_VERIFY(this));
2156 current_frame->push_stack_2(
2157 VerificationType::long_type(),
2158 VerificationType::long2_type(), CHECK_VERIFY(this));
2159 }
2160
2161 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
2162 current_frame->get_local(
2163 index, VerificationType::float_type(), CHECK_VERIFY(this));
2164 current_frame->push_stack(
2165 VerificationType::float_type(), CHECK_VERIFY(this));
2166 }
2167
2168 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
2169 current_frame->get_local_2(
2170 index, VerificationType::double_type(),
2171 VerificationType::double2_type(), CHECK_VERIFY(this));
2172 current_frame->push_stack_2(
2173 VerificationType::double_type(),
2174 VerificationType::double2_type(), CHECK_VERIFY(this));
2175 }
2176
2177 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
2178 VerificationType type = current_frame->get_local(
2179 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2180 current_frame->push_stack(type, CHECK_VERIFY(this));
2181 }
2182
2183 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
2184 current_frame->pop_stack(
2185 VerificationType::integer_type(), CHECK_VERIFY(this));
2186 current_frame->set_local(
2187 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2188 }
2189
2190 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2191 current_frame->pop_stack_2(
2192 VerificationType::long2_type(),
2193 VerificationType::long_type(), CHECK_VERIFY(this));
2194 current_frame->set_local_2(
2195 index, VerificationType::long_type(),
2196 VerificationType::long2_type(), CHECK_VERIFY(this));
2197 }
2198
2199 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2200 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2201 current_frame->set_local(
2202 index, VerificationType::float_type(), CHECK_VERIFY(this));
2203 }
2204
2205 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2206 current_frame->pop_stack_2(
2207 VerificationType::double2_type(),
2208 VerificationType::double_type(), CHECK_VERIFY(this));
2209 current_frame->set_local_2(
2210 index, VerificationType::double_type(),
2211 VerificationType::double2_type(), CHECK_VERIFY(this));
2212 }
2213
2214 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2215 VerificationType type = current_frame->pop_stack(
2216 VerificationType::reference_check(), CHECK_VERIFY(this));
2217 current_frame->set_local(index, type, CHECK_VERIFY(this));
2218 }
2219
2220 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2221 VerificationType type = current_frame->get_local(
2222 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2223 current_frame->set_local(index, type, CHECK_VERIFY(this));
2224 }
2225
2226 void ClassVerifier::verify_return_value(
2227 VerificationType return_type, VerificationType type, u2 bci, TRAPS) {
2228 if (return_type == VerificationType::bogus_type()) {
2229 verify_error(bci, "Method expects a return value");
2230 return;
2231 }
2232 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this));
2233 if (!match) {
2234 verify_error(bci, "Bad return type");
2235 return;
2236 }
2237 }