1 /*
2 * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 # include "incls/_precompiled.incl"
26 # include "incls/_verifier.cpp.incl"
27
28 #define NOFAILOVER_MAJOR_VERSION 51
29
30 // Access to external entry for VerifyClassCodes - old byte code verifier
31
32 extern "C" {
33 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
34 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
35 }
36
37 static void* volatile _verify_byte_codes_fn = NULL;
38
39 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
40
41 static void* verify_byte_codes_fn() {
42 if (_verify_byte_codes_fn == NULL) {
43 void *lib_handle = os::native_java_library();
44 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
45 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
46 if (func == NULL) {
47 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);
48 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes");
49 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
50 }
51 }
52 return (void*)_verify_byte_codes_fn;
53 }
54
55
56 // Methods in Verifier
57
58 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
59 return (class_loader == NULL || !should_verify_class) ?
60 BytecodeVerificationLocal : BytecodeVerificationRemote;
61 }
62
63 bool Verifier::relax_verify_for(oop loader) {
64 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
65 bool need_verify =
66 // verifyAll
67 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
68 // verifyRemote
69 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
70 return !need_verify;
71 }
72
73 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
74 ResourceMark rm(THREAD);
75 HandleMark hm;
76
77 symbolHandle exception_name;
78 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
79 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
80
81 const char* klassName = klass->external_name();
82
83 // If the class should be verified, first see if we can use the split
84 // verifier. If not, or if verification fails and FailOverToOldVerifier
85 // is set, then call the inference verifier.
86 if (is_eligible_for_verification(klass, should_verify_class)) {
87 if (TraceClassInitialization) {
88 tty->print_cr("Start class verification for: %s", klassName);
89 }
90 if (UseSplitVerifier &&
91 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
92 ClassVerifier split_verifier(
93 klass, message_buffer, message_buffer_len, THREAD);
94 split_verifier.verify_class(THREAD);
95 exception_name = split_verifier.result();
96 if (klass->major_version() < NOFAILOVER_MAJOR_VERSION &&
97 FailOverToOldVerifier && !HAS_PENDING_EXCEPTION &&
98 (exception_name == vmSymbols::java_lang_VerifyError() ||
99 exception_name == vmSymbols::java_lang_ClassFormatError())) {
100 if (TraceClassInitialization) {
101 tty->print_cr(
102 "Fail over class verification to old verifier for: %s", klassName);
103 }
104 exception_name = inference_verify(
105 klass, message_buffer, message_buffer_len, THREAD);
106 }
107 } else {
108 exception_name = inference_verify(
109 klass, message_buffer, message_buffer_len, THREAD);
110 }
111
112 if (TraceClassInitialization) {
113 if (HAS_PENDING_EXCEPTION) {
114 tty->print("Verification for %s has", klassName);
115 tty->print_cr(" exception pending %s ",
116 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
117 } else if (!exception_name.is_null()) {
118 tty->print_cr("Verification for %s failed", klassName);
119 }
120 tty->print_cr("End class verification for: %s", klassName);
121 }
122 }
123
124 if (HAS_PENDING_EXCEPTION) {
125 return false; // use the existing exception
126 } else if (exception_name.is_null()) {
127 return true; // verifcation succeeded
128 } else { // VerifyError or ClassFormatError to be created and thrown
129 ResourceMark rm(THREAD);
130 instanceKlassHandle kls =
131 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
132 while (!kls.is_null()) {
133 if (kls == klass) {
134 // If the class being verified is the exception we're creating
135 // or one of it's superclasses, we're in trouble and are going
136 // to infinitely recurse when we try to initialize the exception.
137 // So bail out here by throwing the preallocated VM error.
138 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
139 }
140 kls = kls->super();
141 }
142 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
143 THROW_MSG_(exception_name, message_buffer, false);
144 }
145 }
146
147 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
148 symbolOop name = klass->name();
149 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
150
151 return (should_verify_for(klass->class_loader(), should_verify_class) &&
152 // return if the class is a bootstrapping class
153 // or defineClass specified not to verify by default (flags override passed arg)
154 // We need to skip the following four for bootstraping
155 name != vmSymbols::java_lang_Object() &&
156 name != vmSymbols::java_lang_Class() &&
157 name != vmSymbols::java_lang_String() &&
158 name != vmSymbols::java_lang_Throwable() &&
159
160 // Can not verify the bytecodes for shared classes because they have
161 // already been rewritten to contain constant pool cache indices,
162 // which the verifier can't understand.
163 // Shared classes shouldn't have stackmaps either.
164 !klass()->is_shared() &&
165
166 // As of the fix for 4486457 we disable verification for all of the
167 // dynamically-generated bytecodes associated with the 1.4
168 // reflection implementation, not just those associated with
169 // sun/reflect/SerializationConstructorAccessor.
170 // NOTE: this is called too early in the bootstrapping process to be
171 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
172 (refl_magic_klass == NULL ||
173 !klass->is_subtype_of(refl_magic_klass) ||
174 VerifyReflectionBytecodes)
175 );
176 }
177
178 symbolHandle Verifier::inference_verify(
179 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
180 JavaThread* thread = (JavaThread*)THREAD;
181 JNIEnv *env = thread->jni_environment();
182
183 void* verify_func = verify_byte_codes_fn();
184
185 if (verify_func == NULL) {
186 jio_snprintf(message, message_len, "Could not link verifier");
187 return vmSymbols::java_lang_VerifyError();
188 }
189
190 ResourceMark rm(THREAD);
191 if (ClassVerifier::_verify_verbose) {
192 tty->print_cr("Verifying class %s with old format", klass->external_name());
193 }
194
195 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
196 jint result;
197
198 {
199 HandleMark hm(thread);
200 ThreadToNativeFromVM ttn(thread);
201 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
202 // code knows that we have left the VM
203
204 if (_is_new_verify_byte_codes_fn) {
205 verify_byte_codes_fn_new_t func =
206 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
207 result = (*func)(env, cls, message, (int)message_len,
208 klass->major_version());
209 } else {
210 verify_byte_codes_fn_t func =
211 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
212 result = (*func)(env, cls, message, (int)message_len);
213 }
214 }
215
216 JNIHandles::destroy_local(cls);
217
218 // These numbers are chosen so that VerifyClassCodes interface doesn't need
219 // to be changed (still return jboolean (unsigned char)), and result is
220 // 1 when verification is passed.
221 symbolHandle nh(NULL);
222 if (result == 0) {
223 return vmSymbols::java_lang_VerifyError();
224 } else if (result == 1) {
225 return nh; // verified.
226 } else if (result == 2) {
227 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh);
228 } else if (result == 3) {
229 return vmSymbols::java_lang_ClassFormatError();
230 } else {
231 ShouldNotReachHere();
232 return nh;
233 }
234 }
235
236 // Methods in ClassVerifier
237
238 bool ClassVerifier::_verify_verbose = false;
239
240 ClassVerifier::ClassVerifier(
241 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS)
242 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg),
243 _message_buffer_len(msg_len), _klass(klass) {
244 _this_type = VerificationType::reference_type(klass->name());
245 }
246
247 ClassVerifier::~ClassVerifier() {
248 }
249
250 void ClassVerifier::verify_class(TRAPS) {
251 if (_verify_verbose) {
252 tty->print_cr("Verifying class %s with new format",
253 _klass->external_name());
254 }
255
256 objArrayHandle methods(THREAD, _klass->methods());
257 int num_methods = methods->length();
258
259 for (int index = 0; index < num_methods; index++) {
260 // Check for recursive re-verification before each method.
261 if (was_recursively_verified()) return;
262
263 methodOop m = (methodOop)methods->obj_at(index);
264 if (m->is_native() || m->is_abstract()) {
265 // If m is native or abstract, skip it. It is checked in class file
266 // parser that methods do not override a final method.
267 continue;
268 }
269 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
270 }
271
272 if (_verify_verbose || TraceClassInitialization) {
273 if (was_recursively_verified())
274 tty->print_cr("Recursive verification detected for: %s",
275 _klass->external_name());
276 }
277 }
278
279 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
280 ResourceMark rm(THREAD);
281 _method = m; // initialize _method
282 if (_verify_verbose) {
283 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
284 }
285
286 const char* bad_type_msg = "Bad type on operand stack in %s";
287
288 int32_t max_stack = m->max_stack();
289 int32_t max_locals = m->max_locals();
290 constantPoolHandle cp(THREAD, m->constants());
291
292 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
293 class_format_error("Invalid method signature");
294 return;
295 }
296
297 // Initial stack map frame: offset is 0, stack is initially empty.
298 StackMapFrame current_frame(max_locals, max_stack, this);
299 // Set initial locals
300 VerificationType return_type = current_frame.set_locals_from_arg(
301 m, current_type(), CHECK_VERIFY(this));
302
303 int32_t stackmap_index = 0; // index to the stackmap array
304
305 u4 code_length = m->code_size();
306
307 // Scan the bytecode and map each instruction's start offset to a number.
308 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
309
310 int ex_min = code_length;
311 int ex_max = -1;
312 // Look through each item on the exception table. Each of the fields must refer
313 // to a legal instruction.
314 verify_exception_handler_table(
315 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
316
317 // Look through each entry on the local variable table and make sure
318 // its range of code array offsets is valid. (4169817)
319 if (m->has_localvariable_table()) {
320 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
321 }
322
323 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
324 StackMapStream stream(stackmap_data);
325 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
326 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
327 code_data, code_length, CHECK_VERIFY(this));
328
329 if (_verify_verbose) {
330 stackmap_table.print();
331 }
332
333 RawBytecodeStream bcs(m);
334
335 // Scan the byte code linearly from the start to the end
336 bool no_control_flow = false; // Set to true when there is no direct control
337 // flow from current instruction to the next
338 // instruction in sequence
339 Bytecodes::Code opcode;
340 while (!bcs.is_last_bytecode()) {
341 // Check for recursive re-verification before each bytecode.
342 if (was_recursively_verified()) return;
343
344 opcode = bcs.raw_next();
345 u2 bci = bcs.bci();
346
347 // Set current frame's offset to bci
348 current_frame.set_offset(bci);
349
350 // Make sure every offset in stackmap table point to the beginning to
351 // an instruction. Match current_frame to stackmap_table entry with
352 // the same offset if exists.
353 stackmap_index = verify_stackmap_table(
354 stackmap_index, bci, ¤t_frame, &stackmap_table,
355 no_control_flow, CHECK_VERIFY(this));
356
357 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
358
359 // Merge with the next instruction
360 {
361 u2 index;
362 int target;
363 VerificationType type, type2;
364 VerificationType atype;
365
366 #ifndef PRODUCT
367 if (_verify_verbose) {
368 current_frame.print();
369 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
370 }
371 #endif
372
373 // Make sure wide instruction is in correct format
374 if (bcs.is_wide()) {
375 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
376 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
377 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
378 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
379 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
380 opcode != Bytecodes::_dstore) {
381 verify_error(bci, "Bad wide instruction");
382 return;
383 }
384 }
385
386 switch (opcode) {
387 case Bytecodes::_nop :
388 no_control_flow = false; break;
389 case Bytecodes::_aconst_null :
390 current_frame.push_stack(
391 VerificationType::null_type(), CHECK_VERIFY(this));
392 no_control_flow = false; break;
393 case Bytecodes::_iconst_m1 :
394 case Bytecodes::_iconst_0 :
395 case Bytecodes::_iconst_1 :
396 case Bytecodes::_iconst_2 :
397 case Bytecodes::_iconst_3 :
398 case Bytecodes::_iconst_4 :
399 case Bytecodes::_iconst_5 :
400 current_frame.push_stack(
401 VerificationType::integer_type(), CHECK_VERIFY(this));
402 no_control_flow = false; break;
403 case Bytecodes::_lconst_0 :
404 case Bytecodes::_lconst_1 :
405 current_frame.push_stack_2(
406 VerificationType::long_type(),
407 VerificationType::long2_type(), CHECK_VERIFY(this));
408 no_control_flow = false; break;
409 case Bytecodes::_fconst_0 :
410 case Bytecodes::_fconst_1 :
411 case Bytecodes::_fconst_2 :
412 current_frame.push_stack(
413 VerificationType::float_type(), CHECK_VERIFY(this));
414 no_control_flow = false; break;
415 case Bytecodes::_dconst_0 :
416 case Bytecodes::_dconst_1 :
417 current_frame.push_stack_2(
418 VerificationType::double_type(),
419 VerificationType::double2_type(), CHECK_VERIFY(this));
420 no_control_flow = false; break;
421 case Bytecodes::_sipush :
422 case Bytecodes::_bipush :
423 current_frame.push_stack(
424 VerificationType::integer_type(), CHECK_VERIFY(this));
425 no_control_flow = false; break;
426 case Bytecodes::_ldc :
427 verify_ldc(
428 opcode, bcs.get_index_u1(), ¤t_frame,
429 cp, bci, CHECK_VERIFY(this));
430 no_control_flow = false; break;
431 case Bytecodes::_ldc_w :
432 case Bytecodes::_ldc2_w :
433 verify_ldc(
434 opcode, bcs.get_index_u2(), ¤t_frame,
435 cp, bci, CHECK_VERIFY(this));
436 no_control_flow = false; break;
437 case Bytecodes::_iload :
438 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
439 no_control_flow = false; break;
440 case Bytecodes::_iload_0 :
441 case Bytecodes::_iload_1 :
442 case Bytecodes::_iload_2 :
443 case Bytecodes::_iload_3 :
444 index = opcode - Bytecodes::_iload_0;
445 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
446 no_control_flow = false; break;
447 case Bytecodes::_lload :
448 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
449 no_control_flow = false; break;
450 case Bytecodes::_lload_0 :
451 case Bytecodes::_lload_1 :
452 case Bytecodes::_lload_2 :
453 case Bytecodes::_lload_3 :
454 index = opcode - Bytecodes::_lload_0;
455 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
456 no_control_flow = false; break;
457 case Bytecodes::_fload :
458 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
459 no_control_flow = false; break;
460 case Bytecodes::_fload_0 :
461 case Bytecodes::_fload_1 :
462 case Bytecodes::_fload_2 :
463 case Bytecodes::_fload_3 :
464 index = opcode - Bytecodes::_fload_0;
465 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
466 no_control_flow = false; break;
467 case Bytecodes::_dload :
468 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
469 no_control_flow = false; break;
470 case Bytecodes::_dload_0 :
471 case Bytecodes::_dload_1 :
472 case Bytecodes::_dload_2 :
473 case Bytecodes::_dload_3 :
474 index = opcode - Bytecodes::_dload_0;
475 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
476 no_control_flow = false; break;
477 case Bytecodes::_aload :
478 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
479 no_control_flow = false; break;
480 case Bytecodes::_aload_0 :
481 case Bytecodes::_aload_1 :
482 case Bytecodes::_aload_2 :
483 case Bytecodes::_aload_3 :
484 index = opcode - Bytecodes::_aload_0;
485 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
486 no_control_flow = false; break;
487 case Bytecodes::_iaload :
488 type = current_frame.pop_stack(
489 VerificationType::integer_type(), CHECK_VERIFY(this));
490 atype = current_frame.pop_stack(
491 VerificationType::reference_check(), CHECK_VERIFY(this));
492 if (!atype.is_int_array()) {
493 verify_error(bci, bad_type_msg, "iaload");
494 return;
495 }
496 current_frame.push_stack(
497 VerificationType::integer_type(), CHECK_VERIFY(this));
498 no_control_flow = false; break;
499 case Bytecodes::_baload :
500 type = current_frame.pop_stack(
501 VerificationType::integer_type(), CHECK_VERIFY(this));
502 atype = current_frame.pop_stack(
503 VerificationType::reference_check(), CHECK_VERIFY(this));
504 if (!atype.is_bool_array() && !atype.is_byte_array()) {
505 verify_error(bci, bad_type_msg, "baload");
506 return;
507 }
508 current_frame.push_stack(
509 VerificationType::integer_type(), CHECK_VERIFY(this));
510 no_control_flow = false; break;
511 case Bytecodes::_caload :
512 type = current_frame.pop_stack(
513 VerificationType::integer_type(), CHECK_VERIFY(this));
514 atype = current_frame.pop_stack(
515 VerificationType::reference_check(), CHECK_VERIFY(this));
516 if (!atype.is_char_array()) {
517 verify_error(bci, bad_type_msg, "caload");
518 return;
519 }
520 current_frame.push_stack(
521 VerificationType::integer_type(), CHECK_VERIFY(this));
522 no_control_flow = false; break;
523 case Bytecodes::_saload :
524 type = current_frame.pop_stack(
525 VerificationType::integer_type(), CHECK_VERIFY(this));
526 atype = current_frame.pop_stack(
527 VerificationType::reference_check(), CHECK_VERIFY(this));
528 if (!atype.is_short_array()) {
529 verify_error(bci, bad_type_msg, "saload");
530 return;
531 }
532 current_frame.push_stack(
533 VerificationType::integer_type(), CHECK_VERIFY(this));
534 no_control_flow = false; break;
535 case Bytecodes::_laload :
536 type = current_frame.pop_stack(
537 VerificationType::integer_type(), CHECK_VERIFY(this));
538 atype = current_frame.pop_stack(
539 VerificationType::reference_check(), CHECK_VERIFY(this));
540 if (!atype.is_long_array()) {
541 verify_error(bci, bad_type_msg, "laload");
542 return;
543 }
544 current_frame.push_stack_2(
545 VerificationType::long_type(),
546 VerificationType::long2_type(), CHECK_VERIFY(this));
547 no_control_flow = false; break;
548 case Bytecodes::_faload :
549 type = current_frame.pop_stack(
550 VerificationType::integer_type(), CHECK_VERIFY(this));
551 atype = current_frame.pop_stack(
552 VerificationType::reference_check(), CHECK_VERIFY(this));
553 if (!atype.is_float_array()) {
554 verify_error(bci, bad_type_msg, "faload");
555 return;
556 }
557 current_frame.push_stack(
558 VerificationType::float_type(), CHECK_VERIFY(this));
559 no_control_flow = false; break;
560 case Bytecodes::_daload :
561 type = current_frame.pop_stack(
562 VerificationType::integer_type(), CHECK_VERIFY(this));
563 atype = current_frame.pop_stack(
564 VerificationType::reference_check(), CHECK_VERIFY(this));
565 if (!atype.is_double_array()) {
566 verify_error(bci, bad_type_msg, "daload");
567 return;
568 }
569 current_frame.push_stack_2(
570 VerificationType::double_type(),
571 VerificationType::double2_type(), CHECK_VERIFY(this));
572 no_control_flow = false; break;
573 case Bytecodes::_aaload : {
574 type = current_frame.pop_stack(
575 VerificationType::integer_type(), CHECK_VERIFY(this));
576 atype = current_frame.pop_stack(
577 VerificationType::reference_check(), CHECK_VERIFY(this));
578 if (!atype.is_reference_array()) {
579 verify_error(bci, bad_type_msg, "aaload");
580 return;
581 }
582 if (atype.is_null()) {
583 current_frame.push_stack(
584 VerificationType::null_type(), CHECK_VERIFY(this));
585 } else {
586 VerificationType component =
587 atype.get_component(CHECK_VERIFY(this));
588 current_frame.push_stack(component, CHECK_VERIFY(this));
589 }
590 no_control_flow = false; break;
591 }
592 case Bytecodes::_istore :
593 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
594 no_control_flow = false; break;
595 case Bytecodes::_istore_0 :
596 case Bytecodes::_istore_1 :
597 case Bytecodes::_istore_2 :
598 case Bytecodes::_istore_3 :
599 index = opcode - Bytecodes::_istore_0;
600 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
601 no_control_flow = false; break;
602 case Bytecodes::_lstore :
603 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
604 no_control_flow = false; break;
605 case Bytecodes::_lstore_0 :
606 case Bytecodes::_lstore_1 :
607 case Bytecodes::_lstore_2 :
608 case Bytecodes::_lstore_3 :
609 index = opcode - Bytecodes::_lstore_0;
610 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
611 no_control_flow = false; break;
612 case Bytecodes::_fstore :
613 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
614 no_control_flow = false; break;
615 case Bytecodes::_fstore_0 :
616 case Bytecodes::_fstore_1 :
617 case Bytecodes::_fstore_2 :
618 case Bytecodes::_fstore_3 :
619 index = opcode - Bytecodes::_fstore_0;
620 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
621 no_control_flow = false; break;
622 case Bytecodes::_dstore :
623 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
624 no_control_flow = false; break;
625 case Bytecodes::_dstore_0 :
626 case Bytecodes::_dstore_1 :
627 case Bytecodes::_dstore_2 :
628 case Bytecodes::_dstore_3 :
629 index = opcode - Bytecodes::_dstore_0;
630 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
631 no_control_flow = false; break;
632 case Bytecodes::_astore :
633 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
634 no_control_flow = false; break;
635 case Bytecodes::_astore_0 :
636 case Bytecodes::_astore_1 :
637 case Bytecodes::_astore_2 :
638 case Bytecodes::_astore_3 :
639 index = opcode - Bytecodes::_astore_0;
640 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
641 no_control_flow = false; break;
642 case Bytecodes::_iastore :
643 type = current_frame.pop_stack(
644 VerificationType::integer_type(), CHECK_VERIFY(this));
645 type2 = current_frame.pop_stack(
646 VerificationType::integer_type(), CHECK_VERIFY(this));
647 atype = current_frame.pop_stack(
648 VerificationType::reference_check(), CHECK_VERIFY(this));
649 if (!atype.is_int_array()) {
650 verify_error(bci, bad_type_msg, "iastore");
651 return;
652 }
653 no_control_flow = false; break;
654 case Bytecodes::_bastore :
655 type = current_frame.pop_stack(
656 VerificationType::integer_type(), CHECK_VERIFY(this));
657 type2 = current_frame.pop_stack(
658 VerificationType::integer_type(), CHECK_VERIFY(this));
659 atype = current_frame.pop_stack(
660 VerificationType::reference_check(), CHECK_VERIFY(this));
661 if (!atype.is_bool_array() && !atype.is_byte_array()) {
662 verify_error(bci, bad_type_msg, "bastore");
663 return;
664 }
665 no_control_flow = false; break;
666 case Bytecodes::_castore :
667 current_frame.pop_stack(
668 VerificationType::integer_type(), CHECK_VERIFY(this));
669 current_frame.pop_stack(
670 VerificationType::integer_type(), CHECK_VERIFY(this));
671 atype = current_frame.pop_stack(
672 VerificationType::reference_check(), CHECK_VERIFY(this));
673 if (!atype.is_char_array()) {
674 verify_error(bci, bad_type_msg, "castore");
675 return;
676 }
677 no_control_flow = false; break;
678 case Bytecodes::_sastore :
679 current_frame.pop_stack(
680 VerificationType::integer_type(), CHECK_VERIFY(this));
681 current_frame.pop_stack(
682 VerificationType::integer_type(), CHECK_VERIFY(this));
683 atype = current_frame.pop_stack(
684 VerificationType::reference_check(), CHECK_VERIFY(this));
685 if (!atype.is_short_array()) {
686 verify_error(bci, bad_type_msg, "sastore");
687 return;
688 }
689 no_control_flow = false; break;
690 case Bytecodes::_lastore :
691 current_frame.pop_stack_2(
692 VerificationType::long2_type(),
693 VerificationType::long_type(), CHECK_VERIFY(this));
694 current_frame.pop_stack(
695 VerificationType::integer_type(), CHECK_VERIFY(this));
696 atype = current_frame.pop_stack(
697 VerificationType::reference_check(), CHECK_VERIFY(this));
698 if (!atype.is_long_array()) {
699 verify_error(bci, bad_type_msg, "lastore");
700 return;
701 }
702 no_control_flow = false; break;
703 case Bytecodes::_fastore :
704 current_frame.pop_stack(
705 VerificationType::float_type(), CHECK_VERIFY(this));
706 current_frame.pop_stack
707 (VerificationType::integer_type(), CHECK_VERIFY(this));
708 atype = current_frame.pop_stack(
709 VerificationType::reference_check(), CHECK_VERIFY(this));
710 if (!atype.is_float_array()) {
711 verify_error(bci, bad_type_msg, "fastore");
712 return;
713 }
714 no_control_flow = false; break;
715 case Bytecodes::_dastore :
716 current_frame.pop_stack_2(
717 VerificationType::double2_type(),
718 VerificationType::double_type(), CHECK_VERIFY(this));
719 current_frame.pop_stack(
720 VerificationType::integer_type(), CHECK_VERIFY(this));
721 atype = current_frame.pop_stack(
722 VerificationType::reference_check(), CHECK_VERIFY(this));
723 if (!atype.is_double_array()) {
724 verify_error(bci, bad_type_msg, "dastore");
725 return;
726 }
727 no_control_flow = false; break;
728 case Bytecodes::_aastore :
729 type = current_frame.pop_stack(
730 VerificationType::reference_check(), CHECK_VERIFY(this));
731 type2 = current_frame.pop_stack(
732 VerificationType::integer_type(), CHECK_VERIFY(this));
733 atype = current_frame.pop_stack(
734 VerificationType::reference_check(), CHECK_VERIFY(this));
735 // more type-checking is done at runtime
736 if (!atype.is_reference_array()) {
737 verify_error(bci, bad_type_msg, "aastore");
738 return;
739 }
740 // 4938384: relaxed constraint in JVMS 3nd edition.
741 no_control_flow = false; break;
742 case Bytecodes::_pop :
743 current_frame.pop_stack(
744 VerificationType::category1_check(), CHECK_VERIFY(this));
745 no_control_flow = false; break;
746 case Bytecodes::_pop2 :
747 type = current_frame.pop_stack(CHECK_VERIFY(this));
748 if (type.is_category1()) {
749 current_frame.pop_stack(
750 VerificationType::category1_check(), CHECK_VERIFY(this));
751 } else if (type.is_category2_2nd()) {
752 current_frame.pop_stack(
753 VerificationType::category2_check(), CHECK_VERIFY(this));
754 } else {
755 verify_error(bci, bad_type_msg, "pop2");
756 return;
757 }
758 no_control_flow = false; break;
759 case Bytecodes::_dup :
760 type = current_frame.pop_stack(
761 VerificationType::category1_check(), CHECK_VERIFY(this));
762 current_frame.push_stack(type, CHECK_VERIFY(this));
763 current_frame.push_stack(type, CHECK_VERIFY(this));
764 no_control_flow = false; break;
765 case Bytecodes::_dup_x1 :
766 type = current_frame.pop_stack(
767 VerificationType::category1_check(), CHECK_VERIFY(this));
768 type2 = current_frame.pop_stack(
769 VerificationType::category1_check(), CHECK_VERIFY(this));
770 current_frame.push_stack(type, CHECK_VERIFY(this));
771 current_frame.push_stack(type2, CHECK_VERIFY(this));
772 current_frame.push_stack(type, CHECK_VERIFY(this));
773 no_control_flow = false; break;
774 case Bytecodes::_dup_x2 :
775 {
776 VerificationType type3;
777 type = current_frame.pop_stack(
778 VerificationType::category1_check(), CHECK_VERIFY(this));
779 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
780 if (type2.is_category1()) {
781 type3 = current_frame.pop_stack(
782 VerificationType::category1_check(), CHECK_VERIFY(this));
783 } else if (type2.is_category2_2nd()) {
784 type3 = current_frame.pop_stack(
785 VerificationType::category2_check(), CHECK_VERIFY(this));
786 } else {
787 verify_error(bci, bad_type_msg, "dup_x2");
788 return;
789 }
790 current_frame.push_stack(type, CHECK_VERIFY(this));
791 current_frame.push_stack(type3, CHECK_VERIFY(this));
792 current_frame.push_stack(type2, CHECK_VERIFY(this));
793 current_frame.push_stack(type, CHECK_VERIFY(this));
794 no_control_flow = false; break;
795 }
796 case Bytecodes::_dup2 :
797 type = current_frame.pop_stack(CHECK_VERIFY(this));
798 if (type.is_category1()) {
799 type2 = current_frame.pop_stack(
800 VerificationType::category1_check(), CHECK_VERIFY(this));
801 } else if (type.is_category2_2nd()) {
802 type2 = current_frame.pop_stack(
803 VerificationType::category2_check(), CHECK_VERIFY(this));
804 } else {
805 verify_error(bci, bad_type_msg, "dup2");
806 return;
807 }
808 current_frame.push_stack(type2, CHECK_VERIFY(this));
809 current_frame.push_stack(type, CHECK_VERIFY(this));
810 current_frame.push_stack(type2, CHECK_VERIFY(this));
811 current_frame.push_stack(type, CHECK_VERIFY(this));
812 no_control_flow = false; break;
813 case Bytecodes::_dup2_x1 :
814 {
815 VerificationType type3;
816 type = current_frame.pop_stack(CHECK_VERIFY(this));
817 if (type.is_category1()) {
818 type2 = current_frame.pop_stack(
819 VerificationType::category1_check(), CHECK_VERIFY(this));
820 } else if(type.is_category2_2nd()) {
821 type2 = current_frame.pop_stack
822 (VerificationType::category2_check(), CHECK_VERIFY(this));
823 } else {
824 verify_error(bci, bad_type_msg, "dup2_x1");
825 return;
826 }
827 type3 = current_frame.pop_stack(
828 VerificationType::category1_check(), CHECK_VERIFY(this));
829 current_frame.push_stack(type2, CHECK_VERIFY(this));
830 current_frame.push_stack(type, CHECK_VERIFY(this));
831 current_frame.push_stack(type3, CHECK_VERIFY(this));
832 current_frame.push_stack(type2, CHECK_VERIFY(this));
833 current_frame.push_stack(type, CHECK_VERIFY(this));
834 no_control_flow = false; break;
835 }
836 case Bytecodes::_dup2_x2 :
837 {
838 VerificationType type3, type4;
839 type = current_frame.pop_stack(CHECK_VERIFY(this));
840 if (type.is_category1()) {
841 type2 = current_frame.pop_stack(
842 VerificationType::category1_check(), CHECK_VERIFY(this));
843 } else if (type.is_category2_2nd()) {
844 type2 = current_frame.pop_stack(
845 VerificationType::category2_check(), CHECK_VERIFY(this));
846 } else {
847 verify_error(bci, bad_type_msg, "dup2_x2");
848 return;
849 }
850 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
851 if (type3.is_category1()) {
852 type4 = current_frame.pop_stack(
853 VerificationType::category1_check(), CHECK_VERIFY(this));
854 } else if (type3.is_category2_2nd()) {
855 type4 = current_frame.pop_stack(
856 VerificationType::category2_check(), CHECK_VERIFY(this));
857 } else {
858 verify_error(bci, bad_type_msg, "dup2_x2");
859 return;
860 }
861 current_frame.push_stack(type2, CHECK_VERIFY(this));
862 current_frame.push_stack(type, CHECK_VERIFY(this));
863 current_frame.push_stack(type4, CHECK_VERIFY(this));
864 current_frame.push_stack(type3, CHECK_VERIFY(this));
865 current_frame.push_stack(type2, CHECK_VERIFY(this));
866 current_frame.push_stack(type, CHECK_VERIFY(this));
867 no_control_flow = false; break;
868 }
869 case Bytecodes::_swap :
870 type = current_frame.pop_stack(
871 VerificationType::category1_check(), CHECK_VERIFY(this));
872 type2 = current_frame.pop_stack(
873 VerificationType::category1_check(), CHECK_VERIFY(this));
874 current_frame.push_stack(type, CHECK_VERIFY(this));
875 current_frame.push_stack(type2, CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_iadd :
878 case Bytecodes::_isub :
879 case Bytecodes::_imul :
880 case Bytecodes::_idiv :
881 case Bytecodes::_irem :
882 case Bytecodes::_ishl :
883 case Bytecodes::_ishr :
884 case Bytecodes::_iushr :
885 case Bytecodes::_ior :
886 case Bytecodes::_ixor :
887 case Bytecodes::_iand :
888 current_frame.pop_stack(
889 VerificationType::integer_type(), CHECK_VERIFY(this));
890 // fall through
891 case Bytecodes::_ineg :
892 current_frame.pop_stack(
893 VerificationType::integer_type(), CHECK_VERIFY(this));
894 current_frame.push_stack(
895 VerificationType::integer_type(), CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_ladd :
898 case Bytecodes::_lsub :
899 case Bytecodes::_lmul :
900 case Bytecodes::_ldiv :
901 case Bytecodes::_lrem :
902 case Bytecodes::_land :
903 case Bytecodes::_lor :
904 case Bytecodes::_lxor :
905 current_frame.pop_stack_2(
906 VerificationType::long2_type(),
907 VerificationType::long_type(), CHECK_VERIFY(this));
908 // fall through
909 case Bytecodes::_lneg :
910 current_frame.pop_stack_2(
911 VerificationType::long2_type(),
912 VerificationType::long_type(), CHECK_VERIFY(this));
913 current_frame.push_stack_2(
914 VerificationType::long_type(),
915 VerificationType::long2_type(), CHECK_VERIFY(this));
916 no_control_flow = false; break;
917 case Bytecodes::_lshl :
918 case Bytecodes::_lshr :
919 case Bytecodes::_lushr :
920 current_frame.pop_stack(
921 VerificationType::integer_type(), CHECK_VERIFY(this));
922 current_frame.pop_stack_2(
923 VerificationType::long2_type(),
924 VerificationType::long_type(), CHECK_VERIFY(this));
925 current_frame.push_stack_2(
926 VerificationType::long_type(),
927 VerificationType::long2_type(), CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 case Bytecodes::_fadd :
930 case Bytecodes::_fsub :
931 case Bytecodes::_fmul :
932 case Bytecodes::_fdiv :
933 case Bytecodes::_frem :
934 current_frame.pop_stack(
935 VerificationType::float_type(), CHECK_VERIFY(this));
936 // fall through
937 case Bytecodes::_fneg :
938 current_frame.pop_stack(
939 VerificationType::float_type(), CHECK_VERIFY(this));
940 current_frame.push_stack(
941 VerificationType::float_type(), CHECK_VERIFY(this));
942 no_control_flow = false; break;
943 case Bytecodes::_dadd :
944 case Bytecodes::_dsub :
945 case Bytecodes::_dmul :
946 case Bytecodes::_ddiv :
947 case Bytecodes::_drem :
948 current_frame.pop_stack_2(
949 VerificationType::double2_type(),
950 VerificationType::double_type(), CHECK_VERIFY(this));
951 // fall through
952 case Bytecodes::_dneg :
953 current_frame.pop_stack_2(
954 VerificationType::double2_type(),
955 VerificationType::double_type(), CHECK_VERIFY(this));
956 current_frame.push_stack_2(
957 VerificationType::double_type(),
958 VerificationType::double2_type(), CHECK_VERIFY(this));
959 no_control_flow = false; break;
960 case Bytecodes::_iinc :
961 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_i2l :
964 type = current_frame.pop_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 current_frame.push_stack_2(
967 VerificationType::long_type(),
968 VerificationType::long2_type(), CHECK_VERIFY(this));
969 no_control_flow = false; break;
970 case Bytecodes::_l2i :
971 current_frame.pop_stack_2(
972 VerificationType::long2_type(),
973 VerificationType::long_type(), CHECK_VERIFY(this));
974 current_frame.push_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 no_control_flow = false; break;
977 case Bytecodes::_i2f :
978 current_frame.pop_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 current_frame.push_stack(
981 VerificationType::float_type(), CHECK_VERIFY(this));
982 no_control_flow = false; break;
983 case Bytecodes::_i2d :
984 current_frame.pop_stack(
985 VerificationType::integer_type(), CHECK_VERIFY(this));
986 current_frame.push_stack_2(
987 VerificationType::double_type(),
988 VerificationType::double2_type(), CHECK_VERIFY(this));
989 no_control_flow = false; break;
990 case Bytecodes::_l2f :
991 current_frame.pop_stack_2(
992 VerificationType::long2_type(),
993 VerificationType::long_type(), CHECK_VERIFY(this));
994 current_frame.push_stack(
995 VerificationType::float_type(), CHECK_VERIFY(this));
996 no_control_flow = false; break;
997 case Bytecodes::_l2d :
998 current_frame.pop_stack_2(
999 VerificationType::long2_type(),
1000 VerificationType::long_type(), CHECK_VERIFY(this));
1001 current_frame.push_stack_2(
1002 VerificationType::double_type(),
1003 VerificationType::double2_type(), CHECK_VERIFY(this));
1004 no_control_flow = false; break;
1005 case Bytecodes::_f2i :
1006 current_frame.pop_stack(
1007 VerificationType::float_type(), CHECK_VERIFY(this));
1008 current_frame.push_stack(
1009 VerificationType::integer_type(), CHECK_VERIFY(this));
1010 no_control_flow = false; break;
1011 case Bytecodes::_f2l :
1012 current_frame.pop_stack(
1013 VerificationType::float_type(), CHECK_VERIFY(this));
1014 current_frame.push_stack_2(
1015 VerificationType::long_type(),
1016 VerificationType::long2_type(), CHECK_VERIFY(this));
1017 no_control_flow = false; break;
1018 case Bytecodes::_f2d :
1019 current_frame.pop_stack(
1020 VerificationType::float_type(), CHECK_VERIFY(this));
1021 current_frame.push_stack_2(
1022 VerificationType::double_type(),
1023 VerificationType::double2_type(), CHECK_VERIFY(this));
1024 no_control_flow = false; break;
1025 case Bytecodes::_d2i :
1026 current_frame.pop_stack_2(
1027 VerificationType::double2_type(),
1028 VerificationType::double_type(), CHECK_VERIFY(this));
1029 current_frame.push_stack(
1030 VerificationType::integer_type(), CHECK_VERIFY(this));
1031 no_control_flow = false; break;
1032 case Bytecodes::_d2l :
1033 current_frame.pop_stack_2(
1034 VerificationType::double2_type(),
1035 VerificationType::double_type(), CHECK_VERIFY(this));
1036 current_frame.push_stack_2(
1037 VerificationType::long_type(),
1038 VerificationType::long2_type(), CHECK_VERIFY(this));
1039 no_control_flow = false; break;
1040 case Bytecodes::_d2f :
1041 current_frame.pop_stack_2(
1042 VerificationType::double2_type(),
1043 VerificationType::double_type(), CHECK_VERIFY(this));
1044 current_frame.push_stack(
1045 VerificationType::float_type(), CHECK_VERIFY(this));
1046 no_control_flow = false; break;
1047 case Bytecodes::_i2b :
1048 case Bytecodes::_i2c :
1049 case Bytecodes::_i2s :
1050 current_frame.pop_stack(
1051 VerificationType::integer_type(), CHECK_VERIFY(this));
1052 current_frame.push_stack(
1053 VerificationType::integer_type(), CHECK_VERIFY(this));
1054 no_control_flow = false; break;
1055 case Bytecodes::_lcmp :
1056 current_frame.pop_stack_2(
1057 VerificationType::long2_type(),
1058 VerificationType::long_type(), CHECK_VERIFY(this));
1059 current_frame.pop_stack_2(
1060 VerificationType::long2_type(),
1061 VerificationType::long_type(), CHECK_VERIFY(this));
1062 current_frame.push_stack(
1063 VerificationType::integer_type(), CHECK_VERIFY(this));
1064 no_control_flow = false; break;
1065 case Bytecodes::_fcmpl :
1066 case Bytecodes::_fcmpg :
1067 current_frame.pop_stack(
1068 VerificationType::float_type(), CHECK_VERIFY(this));
1069 current_frame.pop_stack(
1070 VerificationType::float_type(), CHECK_VERIFY(this));
1071 current_frame.push_stack(
1072 VerificationType::integer_type(), CHECK_VERIFY(this));
1073 no_control_flow = false; break;
1074 case Bytecodes::_dcmpl :
1075 case Bytecodes::_dcmpg :
1076 current_frame.pop_stack_2(
1077 VerificationType::double2_type(),
1078 VerificationType::double_type(), CHECK_VERIFY(this));
1079 current_frame.pop_stack_2(
1080 VerificationType::double2_type(),
1081 VerificationType::double_type(), CHECK_VERIFY(this));
1082 current_frame.push_stack(
1083 VerificationType::integer_type(), CHECK_VERIFY(this));
1084 no_control_flow = false; break;
1085 case Bytecodes::_if_icmpeq:
1086 case Bytecodes::_if_icmpne:
1087 case Bytecodes::_if_icmplt:
1088 case Bytecodes::_if_icmpge:
1089 case Bytecodes::_if_icmpgt:
1090 case Bytecodes::_if_icmple:
1091 current_frame.pop_stack(
1092 VerificationType::integer_type(), CHECK_VERIFY(this));
1093 // fall through
1094 case Bytecodes::_ifeq:
1095 case Bytecodes::_ifne:
1096 case Bytecodes::_iflt:
1097 case Bytecodes::_ifge:
1098 case Bytecodes::_ifgt:
1099 case Bytecodes::_ifle:
1100 current_frame.pop_stack(
1101 VerificationType::integer_type(), CHECK_VERIFY(this));
1102 target = bcs.dest();
1103 stackmap_table.check_jump_target(
1104 ¤t_frame, target, CHECK_VERIFY(this));
1105 no_control_flow = false; break;
1106 case Bytecodes::_if_acmpeq :
1107 case Bytecodes::_if_acmpne :
1108 current_frame.pop_stack(
1109 VerificationType::reference_check(), CHECK_VERIFY(this));
1110 // fall through
1111 case Bytecodes::_ifnull :
1112 case Bytecodes::_ifnonnull :
1113 current_frame.pop_stack(
1114 VerificationType::reference_check(), CHECK_VERIFY(this));
1115 target = bcs.dest();
1116 stackmap_table.check_jump_target
1117 (¤t_frame, target, CHECK_VERIFY(this));
1118 no_control_flow = false; break;
1119 case Bytecodes::_goto :
1120 target = bcs.dest();
1121 stackmap_table.check_jump_target(
1122 ¤t_frame, target, CHECK_VERIFY(this));
1123 no_control_flow = true; break;
1124 case Bytecodes::_goto_w :
1125 target = bcs.dest_w();
1126 stackmap_table.check_jump_target(
1127 ¤t_frame, target, CHECK_VERIFY(this));
1128 no_control_flow = true; break;
1129 case Bytecodes::_tableswitch :
1130 case Bytecodes::_lookupswitch :
1131 verify_switch(
1132 &bcs, code_length, code_data, ¤t_frame,
1133 &stackmap_table, CHECK_VERIFY(this));
1134 no_control_flow = true; break;
1135 case Bytecodes::_ireturn :
1136 type = current_frame.pop_stack(
1137 VerificationType::integer_type(), CHECK_VERIFY(this));
1138 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1139 no_control_flow = true; break;
1140 case Bytecodes::_lreturn :
1141 type2 = current_frame.pop_stack(
1142 VerificationType::long2_type(), CHECK_VERIFY(this));
1143 type = current_frame.pop_stack(
1144 VerificationType::long_type(), CHECK_VERIFY(this));
1145 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1146 no_control_flow = true; break;
1147 case Bytecodes::_freturn :
1148 type = current_frame.pop_stack(
1149 VerificationType::float_type(), CHECK_VERIFY(this));
1150 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1151 no_control_flow = true; break;
1152 case Bytecodes::_dreturn :
1153 type2 = current_frame.pop_stack(
1154 VerificationType::double2_type(), CHECK_VERIFY(this));
1155 type = current_frame.pop_stack(
1156 VerificationType::double_type(), CHECK_VERIFY(this));
1157 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1158 no_control_flow = true; break;
1159 case Bytecodes::_areturn :
1160 type = current_frame.pop_stack(
1161 VerificationType::reference_check(), CHECK_VERIFY(this));
1162 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1163 no_control_flow = true; break;
1164 case Bytecodes::_return :
1165 if (return_type != VerificationType::bogus_type()) {
1166 verify_error(bci, "Method expects no return value");
1167 return;
1168 }
1169 // Make sure "this" has been initialized if current method is an
1170 // <init>
1171 if (_method->name() == vmSymbols::object_initializer_name() &&
1172 current_frame.flag_this_uninit()) {
1173 verify_error(bci,
1174 "Constructor must call super() or this() before return");
1175 return;
1176 }
1177 no_control_flow = true; break;
1178 case Bytecodes::_getstatic :
1179 case Bytecodes::_putstatic :
1180 case Bytecodes::_getfield :
1181 case Bytecodes::_putfield :
1182 verify_field_instructions(
1183 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1184 no_control_flow = false; break;
1185 case Bytecodes::_invokevirtual :
1186 case Bytecodes::_invokespecial :
1187 case Bytecodes::_invokestatic :
1188 verify_invoke_instructions(
1189 &bcs, code_length, ¤t_frame,
1190 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1191 no_control_flow = false; break;
1192 case Bytecodes::_invokeinterface :
1193 case Bytecodes::_invokedynamic :
1194 verify_invoke_instructions(
1195 &bcs, code_length, ¤t_frame,
1196 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1197 no_control_flow = false; break;
1198 case Bytecodes::_new :
1199 {
1200 index = bcs.get_index_u2();
1201 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1202 VerificationType new_class_type =
1203 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1204 if (!new_class_type.is_object()) {
1205 verify_error(bci, "Illegal new instruction");
1206 return;
1207 }
1208 type = VerificationType::uninitialized_type(bci);
1209 current_frame.push_stack(type, CHECK_VERIFY(this));
1210 no_control_flow = false; break;
1211 }
1212 case Bytecodes::_newarray :
1213 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1214 current_frame.pop_stack(
1215 VerificationType::integer_type(), CHECK_VERIFY(this));
1216 current_frame.push_stack(type, CHECK_VERIFY(this));
1217 no_control_flow = false; break;
1218 case Bytecodes::_anewarray :
1219 verify_anewarray(
1220 bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1221 no_control_flow = false; break;
1222 case Bytecodes::_arraylength :
1223 type = current_frame.pop_stack(
1224 VerificationType::reference_check(), CHECK_VERIFY(this));
1225 if (!(type.is_null() || type.is_array())) {
1226 verify_error(bci, bad_type_msg, "arraylength");
1227 }
1228 current_frame.push_stack(
1229 VerificationType::integer_type(), CHECK_VERIFY(this));
1230 no_control_flow = false; break;
1231 case Bytecodes::_checkcast :
1232 {
1233 index = bcs.get_index_u2();
1234 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1235 current_frame.pop_stack(
1236 VerificationType::reference_check(), CHECK_VERIFY(this));
1237 VerificationType klass_type = cp_index_to_type(
1238 index, cp, CHECK_VERIFY(this));
1239 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1240 no_control_flow = false; break;
1241 }
1242 case Bytecodes::_instanceof : {
1243 index = bcs.get_index_u2();
1244 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1245 current_frame.pop_stack(
1246 VerificationType::reference_check(), CHECK_VERIFY(this));
1247 current_frame.push_stack(
1248 VerificationType::integer_type(), CHECK_VERIFY(this));
1249 no_control_flow = false; break;
1250 }
1251 case Bytecodes::_monitorenter :
1252 case Bytecodes::_monitorexit :
1253 current_frame.pop_stack(
1254 VerificationType::reference_check(), CHECK_VERIFY(this));
1255 no_control_flow = false; break;
1256 case Bytecodes::_multianewarray :
1257 {
1258 index = bcs.get_index_u2();
1259 u2 dim = *(bcs.bcp()+3);
1260 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1261 VerificationType new_array_type =
1262 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1263 if (!new_array_type.is_array()) {
1264 verify_error(bci,
1265 "Illegal constant pool index in multianewarray instruction");
1266 return;
1267 }
1268 if (dim < 1 || new_array_type.dimensions() < dim) {
1269 verify_error(bci,
1270 "Illegal dimension in multianewarray instruction");
1271 return;
1272 }
1273 for (int i = 0; i < dim; i++) {
1274 current_frame.pop_stack(
1275 VerificationType::integer_type(), CHECK_VERIFY(this));
1276 }
1277 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1278 no_control_flow = false; break;
1279 }
1280 case Bytecodes::_athrow :
1281 type = VerificationType::reference_type(
1282 vmSymbols::java_lang_Throwable());
1283 current_frame.pop_stack(type, CHECK_VERIFY(this));
1284 no_control_flow = true; break;
1285 default:
1286 // We only need to check the valid bytecodes in class file.
1287 // And jsr and ret are not in the new class file format in JDK1.5.
1288 verify_error(bci, "Bad instruction");
1289 no_control_flow = false;
1290 return;
1291 } // end switch
1292 } // end Merge with the next instruction
1293
1294 // Look for possible jump target in exception handlers and see if it
1295 // matches current_frame
1296 if (bci >= ex_min && bci < ex_max) {
1297 verify_exception_handler_targets(
1298 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1299 }
1300 } // end while
1301
1302 // Make sure that control flow does not fall through end of the method
1303 if (!no_control_flow) {
1304 verify_error(code_length, "Control flow falls through code end");
1305 return;
1306 }
1307 }
1308
1309 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1310 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1311 memset(code_data, 0, sizeof(char) * code_length);
1312 RawBytecodeStream bcs(m);
1313
1314 while (!bcs.is_last_bytecode()) {
1315 if (bcs.raw_next() != Bytecodes::_illegal) {
1316 int bci = bcs.bci();
1317 if (bcs.raw_code() == Bytecodes::_new) {
1318 code_data[bci] = NEW_OFFSET;
1319 } else {
1320 code_data[bci] = BYTECODE_OFFSET;
1321 }
1322 } else {
1323 verify_error(bcs.bci(), "Bad instruction");
1324 return NULL;
1325 }
1326 }
1327
1328 return code_data;
1329 }
1330
1331 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1332 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1333 constantPoolHandle cp (THREAD, _method->constants());
1334
1335 if (exhandlers() != NULL) {
1336 for(int i = 0; i < exhandlers->length();) {
1337 u2 start_pc = exhandlers->int_at(i++);
1338 u2 end_pc = exhandlers->int_at(i++);
1339 u2 handler_pc = exhandlers->int_at(i++);
1340 if (start_pc >= code_length || code_data[start_pc] == 0) {
1341 class_format_error("Illegal exception table start_pc %d", start_pc);
1342 return;
1343 }
1344 if (end_pc != code_length) { // special case: end_pc == code_length
1345 if (end_pc > code_length || code_data[end_pc] == 0) {
1346 class_format_error("Illegal exception table end_pc %d", end_pc);
1347 return;
1348 }
1349 }
1350 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1351 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1352 return;
1353 }
1354 int catch_type_index = exhandlers->int_at(i++);
1355 if (catch_type_index != 0) {
1356 VerificationType catch_type = cp_index_to_type(
1357 catch_type_index, cp, CHECK_VERIFY(this));
1358 VerificationType throwable =
1359 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1360 bool is_subclass = throwable.is_assignable_from(
1361 catch_type, current_class(), CHECK_VERIFY(this));
1362 if (!is_subclass) {
1363 // 4286534: should throw VerifyError according to recent spec change
1364 verify_error(
1365 "Catch type is not a subclass of Throwable in handler %d",
1366 handler_pc);
1367 return;
1368 }
1369 }
1370 if (start_pc < min) min = start_pc;
1371 if (end_pc > max) max = end_pc;
1372 }
1373 }
1374 }
1375
1376 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1377 int localvariable_table_length = _method()->localvariable_table_length();
1378 if (localvariable_table_length > 0) {
1379 LocalVariableTableElement* table = _method()->localvariable_table_start();
1380 for (int i = 0; i < localvariable_table_length; i++) {
1381 u2 start_bci = table[i].start_bci;
1382 u2 length = table[i].length;
1383
1384 if (start_bci >= code_length || code_data[start_bci] == 0) {
1385 class_format_error(
1386 "Illegal local variable table start_pc %d", start_bci);
1387 return;
1388 }
1389 u4 end_bci = (u4)(start_bci + length);
1390 if (end_bci != code_length) {
1391 if (end_bci >= code_length || code_data[end_bci] == 0) {
1392 class_format_error( "Illegal local variable table length %d", length);
1393 return;
1394 }
1395 }
1396 }
1397 }
1398 }
1399
1400 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1401 StackMapFrame* current_frame,
1402 StackMapTable* stackmap_table,
1403 bool no_control_flow, TRAPS) {
1404 if (stackmap_index < stackmap_table->get_frame_count()) {
1405 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1406 if (no_control_flow && this_offset > bci) {
1407 verify_error(bci, "Expecting a stack map frame");
1408 return 0;
1409 }
1410 if (this_offset == bci) {
1411 // See if current stack map can be assigned to the frame in table.
1412 // current_frame is the stackmap frame got from the last instruction.
1413 // If matched, current_frame will be updated by this method.
1414 bool match = stackmap_table->match_stackmap(
1415 current_frame, this_offset, stackmap_index,
1416 !no_control_flow, true, CHECK_VERIFY_(this, 0));
1417 if (!match) {
1418 // report type error
1419 verify_error(bci, "Instruction type does not match stack map");
1420 return 0;
1421 }
1422 stackmap_index++;
1423 } else if (this_offset < bci) {
1424 // current_offset should have met this_offset.
1425 class_format_error("Bad stack map offset %d", this_offset);
1426 return 0;
1427 }
1428 } else if (no_control_flow) {
1429 verify_error(bci, "Expecting a stack map frame");
1430 return 0;
1431 }
1432 return stackmap_index;
1433 }
1434
1435 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1436 StackMapTable* stackmap_table, TRAPS) {
1437 constantPoolHandle cp (THREAD, _method->constants());
1438 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1439 if (exhandlers() != NULL) {
1440 for(int i = 0; i < exhandlers->length();) {
1441 u2 start_pc = exhandlers->int_at(i++);
1442 u2 end_pc = exhandlers->int_at(i++);
1443 u2 handler_pc = exhandlers->int_at(i++);
1444 int catch_type_index = exhandlers->int_at(i++);
1445 if(bci >= start_pc && bci < end_pc) {
1446 u1 flags = current_frame->flags();
1447 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1448
1449 ResourceMark rm(THREAD);
1450 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1451 if (catch_type_index != 0) {
1452 // We know that this index refers to a subclass of Throwable
1453 VerificationType catch_type = cp_index_to_type(
1454 catch_type_index, cp, CHECK_VERIFY(this));
1455 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1456 } else {
1457 VerificationType throwable =
1458 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1459 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1460 }
1461 bool match = stackmap_table->match_stackmap(
1462 new_frame, handler_pc, true, false, CHECK_VERIFY(this));
1463 if (!match) {
1464 verify_error(bci,
1465 "Stack map does not match the one at exception handler %d",
1466 handler_pc);
1467 return;
1468 }
1469 }
1470 }
1471 }
1472 }
1473
1474 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) {
1475 int nconstants = cp->length();
1476 if ((index <= 0) || (index >= nconstants)) {
1477 verify_error("Illegal constant pool index %d in class %s",
1478 index, instanceKlass::cast(cp->pool_holder())->external_name());
1479 return;
1480 }
1481 }
1482
1483 void ClassVerifier::verify_cp_type(
1484 int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1485
1486 // In some situations, bytecode rewriting may occur while we're verifying.
1487 // In this case, a constant pool cache exists and some indices refer to that
1488 // instead. Be sure we don't pick up such indices by accident.
1489 // We must check was_recursively_verified() before we get here.
1490 guarantee(cp->cache() == NULL, "not rewritten yet");
1491
1492 verify_cp_index(cp, index, CHECK_VERIFY(this));
1493 unsigned int tag = cp->tag_at(index).value();
1494 if ((types & (1 << tag)) == 0) {
1495 verify_error(
1496 "Illegal type at constant pool entry %d in class %s",
1497 index, instanceKlass::cast(cp->pool_holder())->external_name());
1498 return;
1499 }
1500 }
1501
1502 void ClassVerifier::verify_cp_class_type(
1503 int index, constantPoolHandle cp, TRAPS) {
1504 verify_cp_index(cp, index, CHECK_VERIFY(this));
1505 constantTag tag = cp->tag_at(index);
1506 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1507 verify_error("Illegal type at constant pool entry %d in class %s",
1508 index, instanceKlass::cast(cp->pool_holder())->external_name());
1509 return;
1510 }
1511 }
1512
1513 void ClassVerifier::format_error_message(
1514 const char* fmt, int offset, va_list va) {
1515 ResourceMark rm(_thread);
1516 stringStream message(_message, _message_buffer_len);
1517 message.vprint(fmt, va);
1518 if (!_method.is_null()) {
1519 message.print(" in method %s", _method->name_and_sig_as_C_string());
1520 }
1521 if (offset != -1) {
1522 message.print(" at offset %d", offset);
1523 }
1524 }
1525
1526 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) {
1527 _exception_type = vmSymbols::java_lang_VerifyError();
1528 va_list va;
1529 va_start(va, fmt);
1530 format_error_message(fmt, offset, va);
1531 va_end(va);
1532 }
1533
1534 void ClassVerifier::verify_error(const char* fmt, ...) {
1535 _exception_type = vmSymbols::java_lang_VerifyError();
1536 va_list va;
1537 va_start(va, fmt);
1538 format_error_message(fmt, -1, va);
1539 va_end(va);
1540 }
1541
1542 void ClassVerifier::class_format_error(const char* msg, ...) {
1543 _exception_type = vmSymbols::java_lang_ClassFormatError();
1544 va_list va;
1545 va_start(va, msg);
1546 format_error_message(msg, -1, va);
1547 va_end(va);
1548 }
1549
1550 klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) {
1551 // Get current loader and protection domain first.
1552 oop loader = current_class()->class_loader();
1553 oop protection_domain = current_class()->protection_domain();
1554
1555 return SystemDictionary::resolve_or_fail(
1556 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1557 true, CHECK_NULL);
1558 }
1559
1560 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1561 klassOop target_class,
1562 symbolOop field_name,
1563 symbolOop field_sig,
1564 bool is_method) {
1565 No_Safepoint_Verifier nosafepoint;
1566
1567 // If target class isn't a super class of this class, we don't worry about this case
1568 if (!this_class->is_subclass_of(target_class)) {
1569 return false;
1570 }
1571 // Check if the specified method or field is protected
1572 instanceKlass* target_instance = instanceKlass::cast(target_class);
1573 fieldDescriptor fd;
1574 if (is_method) {
1575 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1576 if (m != NULL && m->is_protected()) {
1577 if (!this_class->is_same_class_package(m->method_holder())) {
1578 return true;
1579 }
1580 }
1581 } else {
1582 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1583 if(member_klass != NULL && fd.is_protected()) {
1584 if (!this_class->is_same_class_package(member_klass)) {
1585 return true;
1586 }
1587 }
1588 }
1589 return false;
1590 }
1591
1592 void ClassVerifier::verify_ldc(
1593 int opcode, u2 index, StackMapFrame *current_frame,
1594 constantPoolHandle cp, u2 bci, TRAPS) {
1595 verify_cp_index(cp, index, CHECK_VERIFY(this));
1596 constantTag tag = cp->tag_at(index);
1597 unsigned int types;
1598 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1599 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1600 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1601 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
1602 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
1603 // Note: The class file parser already verified the legality of
1604 // MethodHandle and MethodType constants.
1605 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1606 }
1607 } else {
1608 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1609 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1610 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1611 }
1612 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
1613 current_frame->push_stack(
1614 VerificationType::reference_type(
1615 vmSymbols::java_lang_Object()), CHECK_VERIFY(this));
1616 } else if (tag.is_string() || tag.is_unresolved_string()) {
1617 current_frame->push_stack(
1618 VerificationType::reference_type(
1619 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1620 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1621 current_frame->push_stack(
1622 VerificationType::reference_type(
1623 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1624 } else if (tag.is_int()) {
1625 current_frame->push_stack(
1626 VerificationType::integer_type(), CHECK_VERIFY(this));
1627 } else if (tag.is_float()) {
1628 current_frame->push_stack(
1629 VerificationType::float_type(), CHECK_VERIFY(this));
1630 } else if (tag.is_double()) {
1631 current_frame->push_stack_2(
1632 VerificationType::double_type(),
1633 VerificationType::double2_type(), CHECK_VERIFY(this));
1634 } else if (tag.is_long()) {
1635 current_frame->push_stack_2(
1636 VerificationType::long_type(),
1637 VerificationType::long2_type(), CHECK_VERIFY(this));
1638 } else if (tag.is_method_handle()) {
1639 current_frame->push_stack(
1640 VerificationType::reference_type(
1641 vmSymbols::java_dyn_MethodHandle()), CHECK_VERIFY(this));
1642 } else if (tag.is_method_type()) {
1643 current_frame->push_stack(
1644 VerificationType::reference_type(
1645 vmSymbols::java_dyn_MethodType()), CHECK_VERIFY(this));
1646 } else {
1647 verify_error(bci, "Invalid index in ldc");
1648 return;
1649 }
1650 }
1651
1652 void ClassVerifier::verify_switch(
1653 RawBytecodeStream* bcs, u4 code_length, char* code_data,
1654 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
1655 int bci = bcs->bci();
1656 address bcp = bcs->bcp();
1657 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
1658
1659 // 4639449 & 4647081: padding bytes must be 0
1660 u2 padding_offset = 1;
1661 while ((bcp + padding_offset) < aligned_bcp) {
1662 if(*(bcp + padding_offset) != 0) {
1663 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch");
1664 return;
1665 }
1666 padding_offset++;
1667 }
1668 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
1669 int keys, delta;
1670 current_frame->pop_stack(
1671 VerificationType::integer_type(), CHECK_VERIFY(this));
1672 if (bcs->raw_code() == Bytecodes::_tableswitch) {
1673 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
1674 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
1675 if (low > high) {
1676 verify_error(bci,
1677 "low must be less than or equal to high in tableswitch");
1678 return;
1679 }
1680 keys = high - low + 1;
1681 if (keys < 0) {
1682 verify_error(bci, "too many keys in tableswitch");
1683 return;
1684 }
1685 delta = 1;
1686 } else {
1687 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
1688 if (keys < 0) {
1689 verify_error(bci, "number of keys in lookupswitch less than 0");
1690 return;
1691 }
1692 delta = 2;
1693 // Make sure that the lookupswitch items are sorted
1694 for (int i = 0; i < (keys - 1); i++) {
1695 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
1696 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
1697 if (this_key >= next_key) {
1698 verify_error(bci, "Bad lookupswitch instruction");
1699 return;
1700 }
1701 }
1702 }
1703 int target = bci + default_offset;
1704 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
1705 for (int i = 0; i < keys; i++) {
1706 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
1707 stackmap_table->check_jump_target(
1708 current_frame, target, CHECK_VERIFY(this));
1709 }
1710 }
1711
1712 bool ClassVerifier::name_in_supers(
1713 symbolOop ref_name, instanceKlassHandle current) {
1714 klassOop super = current->super();
1715 while (super != NULL) {
1716 if (super->klass_part()->name() == ref_name) {
1717 return true;
1718 }
1719 super = super->klass_part()->super();
1720 }
1721 return false;
1722 }
1723
1724 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
1725 StackMapFrame* current_frame,
1726 constantPoolHandle cp,
1727 TRAPS) {
1728 u2 index = bcs->get_index_u2();
1729 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
1730
1731 // Get field name and signature
1732 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index));
1733 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index));
1734
1735 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
1736 class_format_error(
1737 "Invalid signature for field in class %s referenced "
1738 "from constant pool index %d", _klass->external_name(), index);
1739 return;
1740 }
1741
1742 // Get referenced class type
1743 VerificationType ref_class_type = cp_ref_index_to_type(
1744 index, cp, CHECK_VERIFY(this));
1745 if (!ref_class_type.is_object()) {
1746 verify_error(
1747 "Expecting reference to class in class %s at constant pool index %d",
1748 _klass->external_name(), index);
1749 return;
1750 }
1751 VerificationType target_class_type = ref_class_type;
1752
1753 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1754 "buffer type must match VerificationType size");
1755 uintptr_t field_type_buffer[2];
1756 VerificationType* field_type = (VerificationType*)field_type_buffer;
1757 // If we make a VerificationType[2] array directly, the compiler calls
1758 // to the c-runtime library to do the allocation instead of just
1759 // stack allocating it. Plus it would run constructors. This shows up
1760 // in performance profiles.
1761
1762 SignatureStream sig_stream(field_sig, false);
1763 VerificationType stack_object_type;
1764 int n = change_sig_to_verificationType(
1765 &sig_stream, field_type, CHECK_VERIFY(this));
1766 u2 bci = bcs->bci();
1767 bool is_assignable;
1768 switch (bcs->raw_code()) {
1769 case Bytecodes::_getstatic: {
1770 for (int i = 0; i < n; i++) {
1771 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1772 }
1773 break;
1774 }
1775 case Bytecodes::_putstatic: {
1776 for (int i = n - 1; i >= 0; i--) {
1777 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1778 }
1779 break;
1780 }
1781 case Bytecodes::_getfield: {
1782 stack_object_type = current_frame->pop_stack(
1783 target_class_type, CHECK_VERIFY(this));
1784 for (int i = 0; i < n; i++) {
1785 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1786 }
1787 goto check_protected;
1788 }
1789 case Bytecodes::_putfield: {
1790 for (int i = n - 1; i >= 0; i--) {
1791 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1792 }
1793 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
1794
1795 // The JVMS 2nd edition allows field initialization before the superclass
1796 // initializer, if the field is defined within the current class.
1797 fieldDescriptor fd;
1798 if (stack_object_type == VerificationType::uninitialized_this_type() &&
1799 target_class_type.equals(current_type()) &&
1800 _klass->find_local_field(field_name(), field_sig(), &fd)) {
1801 stack_object_type = current_type();
1802 }
1803 is_assignable = target_class_type.is_assignable_from(
1804 stack_object_type, current_class(), CHECK_VERIFY(this));
1805 if (!is_assignable) {
1806 verify_error(bci, "Bad type on operand stack in putfield");
1807 return;
1808 }
1809 }
1810 check_protected: {
1811 if (_this_type == stack_object_type)
1812 break; // stack_object_type must be assignable to _current_class_type
1813 symbolHandle ref_class_name = symbolHandle(THREAD,
1814 cp->klass_name_at(cp->klass_ref_index_at(index)));
1815 if (!name_in_supers(ref_class_name(), current_class()))
1816 // stack_object_type must be assignable to _current_class_type since:
1817 // 1. stack_object_type must be assignable to ref_class.
1818 // 2. ref_class must be _current_class or a subclass of it. It can't
1819 // be a superclass of it. See revised JVMS 5.4.4.
1820 break;
1821
1822 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
1823 if (is_protected_access(current_class(), ref_class_oop, field_name(),
1824 field_sig(), false)) {
1825 // It's protected access, check if stack object is assignable to
1826 // current class.
1827 is_assignable = current_type().is_assignable_from(
1828 stack_object_type, current_class(), CHECK_VERIFY(this));
1829 if (!is_assignable) {
1830 verify_error(bci, "Bad access to protected data in getfield");
1831 return;
1832 }
1833 }
1834 break;
1835 }
1836 default: ShouldNotReachHere();
1837 }
1838 }
1839
1840 void ClassVerifier::verify_invoke_init(
1841 RawBytecodeStream* bcs, VerificationType ref_class_type,
1842 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
1843 constantPoolHandle cp, TRAPS) {
1844 u2 bci = bcs->bci();
1845 VerificationType type = current_frame->pop_stack(
1846 VerificationType::reference_check(), CHECK_VERIFY(this));
1847 if (type == VerificationType::uninitialized_this_type()) {
1848 // The method must be an <init> method of either this class, or one of its
1849 // superclasses
1850 if (ref_class_type.name() != current_class()->name() &&
1851 !name_in_supers(ref_class_type.name(), current_class())) {
1852 verify_error(bci, "Bad <init> method call");
1853 return;
1854 }
1855 current_frame->initialize_object(type, current_type());
1856 *this_uninit = true;
1857 } else if (type.is_uninitialized()) {
1858 u2 new_offset = type.bci();
1859 address new_bcp = bcs->bcp() - bci + new_offset;
1860 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
1861 verify_error(new_offset, "Expecting new instruction");
1862 return;
1863 }
1864 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
1865 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this));
1866
1867 // The method must be an <init> method of the indicated class
1868 VerificationType new_class_type = cp_index_to_type(
1869 new_class_index, cp, CHECK_VERIFY(this));
1870 if (!new_class_type.equals(ref_class_type)) {
1871 verify_error(bci, "Call to wrong <init> method");
1872 return;
1873 }
1874 // According to the VM spec, if the referent class is a superclass of the
1875 // current class, and is in a different runtime package, and the method is
1876 // protected, then the objectref must be the current class or a subclass
1877 // of the current class.
1878 VerificationType objectref_type = new_class_type;
1879 if (name_in_supers(ref_class_type.name(), current_class())) {
1880 klassOop ref_klass = load_class(
1881 ref_class_type.name(), CHECK_VERIFY(this));
1882 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
1883 vmSymbols::object_initializer_name(),
1884 cp->signature_ref_at(bcs->get_index_u2()));
1885 instanceKlassHandle mh(THREAD, m->method_holder());
1886 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
1887 bool assignable = current_type().is_assignable_from(
1888 objectref_type, current_class(), CHECK_VERIFY(this));
1889 if (!assignable) {
1890 verify_error(bci, "Bad access to protected <init> method");
1891 return;
1892 }
1893 }
1894 }
1895 current_frame->initialize_object(type, new_class_type);
1896 } else {
1897 verify_error(bci, "Bad operand type when invoking <init>");
1898 return;
1899 }
1900 }
1901
1902 void ClassVerifier::verify_invoke_instructions(
1903 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
1904 bool *this_uninit, VerificationType return_type,
1905 constantPoolHandle cp, TRAPS) {
1906 // Make sure the constant pool item is the right type
1907 u2 index = bcs->get_index_u2();
1908 Bytecodes::Code opcode = bcs->raw_code();
1909 unsigned int types = (opcode == Bytecodes::_invokeinterface
1910 ? 1 << JVM_CONSTANT_InterfaceMethodref
1911 : opcode == Bytecodes::_invokedynamic
1912 ? (1 << JVM_CONSTANT_NameAndType
1913 |1 << JVM_CONSTANT_InvokeDynamic)
1914 : 1 << JVM_CONSTANT_Methodref);
1915 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1916
1917 // Get method name and signature
1918 symbolHandle method_name(THREAD, cp->name_ref_at(index));
1919 symbolHandle method_sig(THREAD, cp->signature_ref_at(index));
1920
1921 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
1922 class_format_error(
1923 "Invalid method signature in class %s referenced "
1924 "from constant pool index %d", _klass->external_name(), index);
1925 return;
1926 }
1927
1928 // Get referenced class type
1929 VerificationType ref_class_type;
1930 if (opcode == Bytecodes::_invokedynamic) {
1931 if (!EnableInvokeDynamic ||
1932 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
1933 class_format_error(
1934 (!EnableInvokeDynamic ?
1935 "invokedynamic instructions not enabled in this JVM" :
1936 "invokedynamic instructions not supported by this class file version"),
1937 _klass->external_name());
1938 return;
1939 }
1940 } else {
1941 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
1942 }
1943
1944 // For a small signature length, we just allocate 128 bytes instead
1945 // of parsing the signature once to find its size.
1946 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
1947 // longs/doubles to be consertive.
1948 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1949 "buffer type must match VerificationType size");
1950 uintptr_t on_stack_sig_types_buffer[128];
1951 // If we make a VerificationType[128] array directly, the compiler calls
1952 // to the c-runtime library to do the allocation instead of just
1953 // stack allocating it. Plus it would run constructors. This shows up
1954 // in performance profiles.
1955
1956 VerificationType* sig_types;
1957 int size = (method_sig->utf8_length() - 3) * 2;
1958 if (size > 128) {
1959 // Long and double occupies two slots here.
1960 ArgumentSizeComputer size_it(method_sig);
1961 size = size_it.size();
1962 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
1963 } else{
1964 sig_types = (VerificationType*)on_stack_sig_types_buffer;
1965 }
1966 SignatureStream sig_stream(method_sig);
1967 int sig_i = 0;
1968 while (!sig_stream.at_return_type()) {
1969 sig_i += change_sig_to_verificationType(
1970 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
1971 sig_stream.next();
1972 }
1973 int nargs = sig_i;
1974
1975 #ifdef ASSERT
1976 {
1977 ArgumentSizeComputer size_it(method_sig);
1978 assert(nargs == size_it.size(), "Argument sizes do not match");
1979 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
1980 }
1981 #endif
1982
1983 // Check instruction operands
1984 u2 bci = bcs->bci();
1985 if (opcode == Bytecodes::_invokeinterface) {
1986 address bcp = bcs->bcp();
1987 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
1988 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
1989 // the difference between the size of the operand stack before and after the instruction
1990 // executes.
1991 if (*(bcp+3) != (nargs+1)) {
1992 verify_error(bci, "Inconsistent args count operand in invokeinterface");
1993 return;
1994 }
1995 if (*(bcp+4) != 0) {
1996 verify_error(bci, "Fourth operand byte of invokeinterface must be zero");
1997 return;
1998 }
1999 }
2000
2001 if (opcode == Bytecodes::_invokedynamic) {
2002 address bcp = bcs->bcp();
2003 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2004 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero");
2005 return;
2006 }
2007 }
2008
2009 if (method_name->byte_at(0) == '<') {
2010 // Make sure <init> can only be invoked by invokespecial
2011 if (opcode != Bytecodes::_invokespecial ||
2012 method_name() != vmSymbols::object_initializer_name()) {
2013 verify_error(bci, "Illegal call to internal method");
2014 return;
2015 }
2016 } else if (opcode == Bytecodes::_invokespecial
2017 && !ref_class_type.equals(current_type())
2018 && !ref_class_type.equals(VerificationType::reference_type(
2019 current_class()->super()->klass_part()->name()))) {
2020 bool subtype = ref_class_type.is_assignable_from(
2021 current_type(), current_class(), CHECK_VERIFY(this));
2022 if (!subtype) {
2023 verify_error(bci, "Bad invokespecial instruction: "
2024 "current class isn't assignable to reference class.");
2025 return;
2026 }
2027 }
2028 // Match method descriptor with operand stack
2029 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2030 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2031 }
2032 // Check objectref on operand stack
2033 if (opcode != Bytecodes::_invokestatic &&
2034 opcode != Bytecodes::_invokedynamic) {
2035 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method
2036 verify_invoke_init(bcs, ref_class_type, current_frame,
2037 code_length, this_uninit, cp, CHECK_VERIFY(this));
2038 } else { // other methods
2039 // Ensures that target class is assignable to method class.
2040 if (opcode == Bytecodes::_invokespecial) {
2041 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2042 } else if (opcode == Bytecodes::_invokevirtual) {
2043 VerificationType stack_object_type =
2044 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2045 if (current_type() != stack_object_type) {
2046 assert(cp->cache() == NULL, "not rewritten yet");
2047 symbolHandle ref_class_name = symbolHandle(THREAD,
2048 cp->klass_name_at(cp->klass_ref_index_at(index)));
2049 // See the comments in verify_field_instructions() for
2050 // the rationale behind this.
2051 if (name_in_supers(ref_class_name(), current_class())) {
2052 klassOop ref_class = load_class(ref_class_name, CHECK);
2053 if (is_protected_access(
2054 _klass, ref_class, method_name(), method_sig(), true)) {
2055 // It's protected access, check if stack object is
2056 // assignable to current class.
2057 bool is_assignable = current_type().is_assignable_from(
2058 stack_object_type, current_class(), CHECK_VERIFY(this));
2059 if (!is_assignable) {
2060 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2061 && stack_object_type.is_array()
2062 && method_name() == vmSymbols::clone_name()) {
2063 // Special case: arrays pretend to implement public Object
2064 // clone().
2065 } else {
2066 verify_error(bci,
2067 "Bad access to protected data in invokevirtual");
2068 return;
2069 }
2070 }
2071 }
2072 }
2073 }
2074 } else {
2075 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2076 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2077 }
2078 }
2079 }
2080 // Push the result type.
2081 if (sig_stream.type() != T_VOID) {
2082 if (method_name() == vmSymbols::object_initializer_name()) {
2083 // <init> method must have a void return type
2084 verify_error(bci, "Return type must be void in <init> method");
2085 return;
2086 }
2087 VerificationType return_type[2];
2088 int n = change_sig_to_verificationType(
2089 &sig_stream, return_type, CHECK_VERIFY(this));
2090 for (int i = 0; i < n; i++) {
2091 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2092 }
2093 }
2094 }
2095
2096 VerificationType ClassVerifier::get_newarray_type(
2097 u2 index, u2 bci, TRAPS) {
2098 const char* from_bt[] = {
2099 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2100 };
2101 if (index < T_BOOLEAN || index > T_LONG) {
2102 verify_error(bci, "Illegal newarray instruction");
2103 return VerificationType::bogus_type();
2104 }
2105
2106 // from_bt[index] contains the array signature which has a length of 2
2107 symbolHandle sig = oopFactory::new_symbol_handle(
2108 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2109 return VerificationType::reference_type(sig);
2110 }
2111
2112 void ClassVerifier::verify_anewarray(
2113 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) {
2114 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
2115 current_frame->pop_stack(
2116 VerificationType::integer_type(), CHECK_VERIFY(this));
2117
2118 VerificationType component_type =
2119 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2120 ResourceMark rm(THREAD);
2121 int length;
2122 char* arr_sig_str;
2123 if (component_type.is_array()) { // it's an array
2124 const char* component_name = component_type.name()->as_utf8();
2125 // add one dimension to component
2126 length = (int)strlen(component_name) + 1;
2127 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2128 arr_sig_str[0] = '[';
2129 strncpy(&arr_sig_str[1], component_name, length - 1);
2130 } else { // it's an object or interface
2131 const char* component_name = component_type.name()->as_utf8();
2132 // add one dimension to component with 'L' prepended and ';' postpended.
2133 length = (int)strlen(component_name) + 3;
2134 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2135 arr_sig_str[0] = '[';
2136 arr_sig_str[1] = 'L';
2137 strncpy(&arr_sig_str[2], component_name, length - 2);
2138 arr_sig_str[length - 1] = ';';
2139 }
2140 symbolHandle arr_sig = oopFactory::new_symbol_handle(
2141 arr_sig_str, length, CHECK_VERIFY(this));
2142 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2143 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2144 }
2145
2146 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
2147 current_frame->get_local(
2148 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2149 current_frame->push_stack(
2150 VerificationType::integer_type(), CHECK_VERIFY(this));
2151 }
2152
2153 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
2154 current_frame->get_local_2(
2155 index, VerificationType::long_type(),
2156 VerificationType::long2_type(), CHECK_VERIFY(this));
2157 current_frame->push_stack_2(
2158 VerificationType::long_type(),
2159 VerificationType::long2_type(), CHECK_VERIFY(this));
2160 }
2161
2162 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
2163 current_frame->get_local(
2164 index, VerificationType::float_type(), CHECK_VERIFY(this));
2165 current_frame->push_stack(
2166 VerificationType::float_type(), CHECK_VERIFY(this));
2167 }
2168
2169 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
2170 current_frame->get_local_2(
2171 index, VerificationType::double_type(),
2172 VerificationType::double2_type(), CHECK_VERIFY(this));
2173 current_frame->push_stack_2(
2174 VerificationType::double_type(),
2175 VerificationType::double2_type(), CHECK_VERIFY(this));
2176 }
2177
2178 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
2179 VerificationType type = current_frame->get_local(
2180 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2181 current_frame->push_stack(type, CHECK_VERIFY(this));
2182 }
2183
2184 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
2185 current_frame->pop_stack(
2186 VerificationType::integer_type(), CHECK_VERIFY(this));
2187 current_frame->set_local(
2188 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2189 }
2190
2191 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2192 current_frame->pop_stack_2(
2193 VerificationType::long2_type(),
2194 VerificationType::long_type(), CHECK_VERIFY(this));
2195 current_frame->set_local_2(
2196 index, VerificationType::long_type(),
2197 VerificationType::long2_type(), CHECK_VERIFY(this));
2198 }
2199
2200 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2201 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2202 current_frame->set_local(
2203 index, VerificationType::float_type(), CHECK_VERIFY(this));
2204 }
2205
2206 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2207 current_frame->pop_stack_2(
2208 VerificationType::double2_type(),
2209 VerificationType::double_type(), CHECK_VERIFY(this));
2210 current_frame->set_local_2(
2211 index, VerificationType::double_type(),
2212 VerificationType::double2_type(), CHECK_VERIFY(this));
2213 }
2214
2215 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2216 VerificationType type = current_frame->pop_stack(
2217 VerificationType::reference_check(), CHECK_VERIFY(this));
2218 current_frame->set_local(index, type, CHECK_VERIFY(this));
2219 }
2220
2221 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2222 VerificationType type = current_frame->get_local(
2223 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2224 current_frame->set_local(index, type, CHECK_VERIFY(this));
2225 }
2226
2227 void ClassVerifier::verify_return_value(
2228 VerificationType return_type, VerificationType type, u2 bci, TRAPS) {
2229 if (return_type == VerificationType::bogus_type()) {
2230 verify_error(bci, "Method expects a return value");
2231 return;
2232 }
2233 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this));
2234 if (!match) {
2235 verify_error(bci, "Bad return type");
2236 return;
2237 }
2238 }