verifier.cpp revision 1499:e9ff18c4ace7
1/* 2 * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25# include "incls/_precompiled.incl" 26# include "incls/_verifier.cpp.incl" 27 28#define NOFAILOVER_MAJOR_VERSION 51 29 30// Access to external entry for VerifyClassCodes - old byte code verifier 31 32extern "C" { 33 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 34 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 35} 36 37static void* volatile _verify_byte_codes_fn = NULL; 38 39static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 40 41static void* verify_byte_codes_fn() { 42 if (_verify_byte_codes_fn == NULL) { 43 void *lib_handle = os::native_java_library(); 44 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 45 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 46 if (func == NULL) { 47 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 48 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes"); 49 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 50 } 51 } 52 return (void*)_verify_byte_codes_fn; 53} 54 55 56// Methods in Verifier 57 58bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 59 return (class_loader == NULL || !should_verify_class) ? 60 BytecodeVerificationLocal : BytecodeVerificationRemote; 61} 62 63bool Verifier::relax_verify_for(oop loader) { 64 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 65 bool need_verify = 66 // verifyAll 67 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 68 // verifyRemote 69 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 70 return !need_verify; 71} 72 73bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 74 ResourceMark rm(THREAD); 75 HandleMark hm; 76 77 symbolHandle exception_name; 78 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 79 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 80 81 const char* klassName = klass->external_name(); 82 83 // If the class should be verified, first see if we can use the split 84 // verifier. If not, or if verification fails and FailOverToOldVerifier 85 // is set, then call the inference verifier. 86 if (is_eligible_for_verification(klass, should_verify_class)) { 87 if (TraceClassInitialization) { 88 tty->print_cr("Start class verification for: %s", klassName); 89 } 90 if (UseSplitVerifier && 91 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 92 ClassVerifier split_verifier( 93 klass, message_buffer, message_buffer_len, THREAD); 94 split_verifier.verify_class(THREAD); 95 exception_name = split_verifier.result(); 96 if (klass->major_version() < NOFAILOVER_MAJOR_VERSION && 97 FailOverToOldVerifier && !HAS_PENDING_EXCEPTION && 98 (exception_name == vmSymbols::java_lang_VerifyError() || 99 exception_name == vmSymbols::java_lang_ClassFormatError())) { 100 if (TraceClassInitialization) { 101 tty->print_cr( 102 "Fail over class verification to old verifier for: %s", klassName); 103 } 104 exception_name = inference_verify( 105 klass, message_buffer, message_buffer_len, THREAD); 106 } 107 } else { 108 exception_name = inference_verify( 109 klass, message_buffer, message_buffer_len, THREAD); 110 } 111 112 if (TraceClassInitialization) { 113 if (HAS_PENDING_EXCEPTION) { 114 tty->print("Verification for %s has", klassName); 115 tty->print_cr(" exception pending %s ", 116 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 117 } else if (!exception_name.is_null()) { 118 tty->print_cr("Verification for %s failed", klassName); 119 } 120 tty->print_cr("End class verification for: %s", klassName); 121 } 122 } 123 124 if (HAS_PENDING_EXCEPTION) { 125 return false; // use the existing exception 126 } else if (exception_name.is_null()) { 127 return true; // verifcation succeeded 128 } else { // VerifyError or ClassFormatError to be created and thrown 129 ResourceMark rm(THREAD); 130 instanceKlassHandle kls = 131 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 132 while (!kls.is_null()) { 133 if (kls == klass) { 134 // If the class being verified is the exception we're creating 135 // or one of it's superclasses, we're in trouble and are going 136 // to infinitely recurse when we try to initialize the exception. 137 // So bail out here by throwing the preallocated VM error. 138 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 139 } 140 kls = kls->super(); 141 } 142 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 143 THROW_MSG_(exception_name, message_buffer, false); 144 } 145} 146 147bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) { 148 symbolOop name = klass->name(); 149 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 150 151 return (should_verify_for(klass->class_loader(), should_verify_class) && 152 // return if the class is a bootstrapping class 153 // or defineClass specified not to verify by default (flags override passed arg) 154 // We need to skip the following four for bootstraping 155 name != vmSymbols::java_lang_Object() && 156 name != vmSymbols::java_lang_Class() && 157 name != vmSymbols::java_lang_String() && 158 name != vmSymbols::java_lang_Throwable() && 159 160 // Can not verify the bytecodes for shared classes because they have 161 // already been rewritten to contain constant pool cache indices, 162 // which the verifier can't understand. 163 // Shared classes shouldn't have stackmaps either. 164 !klass()->is_shared() && 165 166 // As of the fix for 4486457 we disable verification for all of the 167 // dynamically-generated bytecodes associated with the 1.4 168 // reflection implementation, not just those associated with 169 // sun/reflect/SerializationConstructorAccessor. 170 // NOTE: this is called too early in the bootstrapping process to be 171 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection. 172 (refl_magic_klass == NULL || 173 !klass->is_subtype_of(refl_magic_klass) || 174 VerifyReflectionBytecodes) 175 ); 176} 177 178symbolHandle Verifier::inference_verify( 179 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 180 JavaThread* thread = (JavaThread*)THREAD; 181 JNIEnv *env = thread->jni_environment(); 182 183 void* verify_func = verify_byte_codes_fn(); 184 185 if (verify_func == NULL) { 186 jio_snprintf(message, message_len, "Could not link verifier"); 187 return vmSymbols::java_lang_VerifyError(); 188 } 189 190 ResourceMark rm(THREAD); 191 if (ClassVerifier::_verify_verbose) { 192 tty->print_cr("Verifying class %s with old format", klass->external_name()); 193 } 194 195 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 196 jint result; 197 198 { 199 HandleMark hm(thread); 200 ThreadToNativeFromVM ttn(thread); 201 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 202 // code knows that we have left the VM 203 204 if (_is_new_verify_byte_codes_fn) { 205 verify_byte_codes_fn_new_t func = 206 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 207 result = (*func)(env, cls, message, (int)message_len, 208 klass->major_version()); 209 } else { 210 verify_byte_codes_fn_t func = 211 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 212 result = (*func)(env, cls, message, (int)message_len); 213 } 214 } 215 216 JNIHandles::destroy_local(cls); 217 218 // These numbers are chosen so that VerifyClassCodes interface doesn't need 219 // to be changed (still return jboolean (unsigned char)), and result is 220 // 1 when verification is passed. 221 symbolHandle nh(NULL); 222 if (result == 0) { 223 return vmSymbols::java_lang_VerifyError(); 224 } else if (result == 1) { 225 return nh; // verified. 226 } else if (result == 2) { 227 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh); 228 } else if (result == 3) { 229 return vmSymbols::java_lang_ClassFormatError(); 230 } else { 231 ShouldNotReachHere(); 232 return nh; 233 } 234} 235 236// Methods in ClassVerifier 237 238bool ClassVerifier::_verify_verbose = false; 239 240ClassVerifier::ClassVerifier( 241 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS) 242 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg), 243 _message_buffer_len(msg_len), _klass(klass) { 244 _this_type = VerificationType::reference_type(klass->name()); 245} 246 247ClassVerifier::~ClassVerifier() { 248} 249 250void ClassVerifier::verify_class(TRAPS) { 251 if (_verify_verbose) { 252 tty->print_cr("Verifying class %s with new format", 253 _klass->external_name()); 254 } 255 256 objArrayHandle methods(THREAD, _klass->methods()); 257 int num_methods = methods->length(); 258 259 for (int index = 0; index < num_methods; index++) { 260 // Check for recursive re-verification before each method. 261 if (was_recursively_verified()) return; 262 263 methodOop m = (methodOop)methods->obj_at(index); 264 if (m->is_native() || m->is_abstract()) { 265 // If m is native or abstract, skip it. It is checked in class file 266 // parser that methods do not override a final method. 267 continue; 268 } 269 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 270 } 271 272 if (_verify_verbose || TraceClassInitialization) { 273 if (was_recursively_verified()) 274 tty->print_cr("Recursive verification detected for: %s", 275 _klass->external_name()); 276 } 277} 278 279void ClassVerifier::verify_method(methodHandle m, TRAPS) { 280 ResourceMark rm(THREAD); 281 _method = m; // initialize _method 282 if (_verify_verbose) { 283 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 284 } 285 286 const char* bad_type_msg = "Bad type on operand stack in %s"; 287 288 int32_t max_stack = m->max_stack(); 289 int32_t max_locals = m->max_locals(); 290 constantPoolHandle cp(THREAD, m->constants()); 291 292 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 293 class_format_error("Invalid method signature"); 294 return; 295 } 296 297 // Initial stack map frame: offset is 0, stack is initially empty. 298 StackMapFrame current_frame(max_locals, max_stack, this); 299 // Set initial locals 300 VerificationType return_type = current_frame.set_locals_from_arg( 301 m, current_type(), CHECK_VERIFY(this)); 302 303 int32_t stackmap_index = 0; // index to the stackmap array 304 305 u4 code_length = m->code_size(); 306 307 // Scan the bytecode and map each instruction's start offset to a number. 308 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 309 310 int ex_min = code_length; 311 int ex_max = -1; 312 // Look through each item on the exception table. Each of the fields must refer 313 // to a legal instruction. 314 verify_exception_handler_table( 315 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 316 317 // Look through each entry on the local variable table and make sure 318 // its range of code array offsets is valid. (4169817) 319 if (m->has_localvariable_table()) { 320 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 321 } 322 323 typeArrayHandle stackmap_data(THREAD, m->stackmap_data()); 324 StackMapStream stream(stackmap_data); 325 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 326 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 327 code_data, code_length, CHECK_VERIFY(this)); 328 329 if (_verify_verbose) { 330 stackmap_table.print(); 331 } 332 333 RawBytecodeStream bcs(m); 334 335 // Scan the byte code linearly from the start to the end 336 bool no_control_flow = false; // Set to true when there is no direct control 337 // flow from current instruction to the next 338 // instruction in sequence 339 Bytecodes::Code opcode; 340 while (!bcs.is_last_bytecode()) { 341 // Check for recursive re-verification before each bytecode. 342 if (was_recursively_verified()) return; 343 344 opcode = bcs.raw_next(); 345 u2 bci = bcs.bci(); 346 347 // Set current frame's offset to bci 348 current_frame.set_offset(bci); 349 350 // Make sure every offset in stackmap table point to the beginning to 351 // an instruction. Match current_frame to stackmap_table entry with 352 // the same offset if exists. 353 stackmap_index = verify_stackmap_table( 354 stackmap_index, bci, ¤t_frame, &stackmap_table, 355 no_control_flow, CHECK_VERIFY(this)); 356 357 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 358 359 // Merge with the next instruction 360 { 361 u2 index; 362 int target; 363 VerificationType type, type2; 364 VerificationType atype; 365 366#ifndef PRODUCT 367 if (_verify_verbose) { 368 current_frame.print(); 369 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 370 } 371#endif 372 373 // Make sure wide instruction is in correct format 374 if (bcs.is_wide()) { 375 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 376 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 377 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 378 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 379 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 380 opcode != Bytecodes::_dstore) { 381 verify_error(bci, "Bad wide instruction"); 382 return; 383 } 384 } 385 386 switch (opcode) { 387 case Bytecodes::_nop : 388 no_control_flow = false; break; 389 case Bytecodes::_aconst_null : 390 current_frame.push_stack( 391 VerificationType::null_type(), CHECK_VERIFY(this)); 392 no_control_flow = false; break; 393 case Bytecodes::_iconst_m1 : 394 case Bytecodes::_iconst_0 : 395 case Bytecodes::_iconst_1 : 396 case Bytecodes::_iconst_2 : 397 case Bytecodes::_iconst_3 : 398 case Bytecodes::_iconst_4 : 399 case Bytecodes::_iconst_5 : 400 current_frame.push_stack( 401 VerificationType::integer_type(), CHECK_VERIFY(this)); 402 no_control_flow = false; break; 403 case Bytecodes::_lconst_0 : 404 case Bytecodes::_lconst_1 : 405 current_frame.push_stack_2( 406 VerificationType::long_type(), 407 VerificationType::long2_type(), CHECK_VERIFY(this)); 408 no_control_flow = false; break; 409 case Bytecodes::_fconst_0 : 410 case Bytecodes::_fconst_1 : 411 case Bytecodes::_fconst_2 : 412 current_frame.push_stack( 413 VerificationType::float_type(), CHECK_VERIFY(this)); 414 no_control_flow = false; break; 415 case Bytecodes::_dconst_0 : 416 case Bytecodes::_dconst_1 : 417 current_frame.push_stack_2( 418 VerificationType::double_type(), 419 VerificationType::double2_type(), CHECK_VERIFY(this)); 420 no_control_flow = false; break; 421 case Bytecodes::_sipush : 422 case Bytecodes::_bipush : 423 current_frame.push_stack( 424 VerificationType::integer_type(), CHECK_VERIFY(this)); 425 no_control_flow = false; break; 426 case Bytecodes::_ldc : 427 verify_ldc( 428 opcode, bcs.get_index_u1(), ¤t_frame, 429 cp, bci, CHECK_VERIFY(this)); 430 no_control_flow = false; break; 431 case Bytecodes::_ldc_w : 432 case Bytecodes::_ldc2_w : 433 verify_ldc( 434 opcode, bcs.get_index_u2(), ¤t_frame, 435 cp, bci, CHECK_VERIFY(this)); 436 no_control_flow = false; break; 437 case Bytecodes::_iload : 438 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 439 no_control_flow = false; break; 440 case Bytecodes::_iload_0 : 441 case Bytecodes::_iload_1 : 442 case Bytecodes::_iload_2 : 443 case Bytecodes::_iload_3 : 444 index = opcode - Bytecodes::_iload_0; 445 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 446 no_control_flow = false; break; 447 case Bytecodes::_lload : 448 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 449 no_control_flow = false; break; 450 case Bytecodes::_lload_0 : 451 case Bytecodes::_lload_1 : 452 case Bytecodes::_lload_2 : 453 case Bytecodes::_lload_3 : 454 index = opcode - Bytecodes::_lload_0; 455 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 456 no_control_flow = false; break; 457 case Bytecodes::_fload : 458 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 459 no_control_flow = false; break; 460 case Bytecodes::_fload_0 : 461 case Bytecodes::_fload_1 : 462 case Bytecodes::_fload_2 : 463 case Bytecodes::_fload_3 : 464 index = opcode - Bytecodes::_fload_0; 465 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 466 no_control_flow = false; break; 467 case Bytecodes::_dload : 468 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 469 no_control_flow = false; break; 470 case Bytecodes::_dload_0 : 471 case Bytecodes::_dload_1 : 472 case Bytecodes::_dload_2 : 473 case Bytecodes::_dload_3 : 474 index = opcode - Bytecodes::_dload_0; 475 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 476 no_control_flow = false; break; 477 case Bytecodes::_aload : 478 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 479 no_control_flow = false; break; 480 case Bytecodes::_aload_0 : 481 case Bytecodes::_aload_1 : 482 case Bytecodes::_aload_2 : 483 case Bytecodes::_aload_3 : 484 index = opcode - Bytecodes::_aload_0; 485 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 486 no_control_flow = false; break; 487 case Bytecodes::_iaload : 488 type = current_frame.pop_stack( 489 VerificationType::integer_type(), CHECK_VERIFY(this)); 490 atype = current_frame.pop_stack( 491 VerificationType::reference_check(), CHECK_VERIFY(this)); 492 if (!atype.is_int_array()) { 493 verify_error(bci, bad_type_msg, "iaload"); 494 return; 495 } 496 current_frame.push_stack( 497 VerificationType::integer_type(), CHECK_VERIFY(this)); 498 no_control_flow = false; break; 499 case Bytecodes::_baload : 500 type = current_frame.pop_stack( 501 VerificationType::integer_type(), CHECK_VERIFY(this)); 502 atype = current_frame.pop_stack( 503 VerificationType::reference_check(), CHECK_VERIFY(this)); 504 if (!atype.is_bool_array() && !atype.is_byte_array()) { 505 verify_error(bci, bad_type_msg, "baload"); 506 return; 507 } 508 current_frame.push_stack( 509 VerificationType::integer_type(), CHECK_VERIFY(this)); 510 no_control_flow = false; break; 511 case Bytecodes::_caload : 512 type = current_frame.pop_stack( 513 VerificationType::integer_type(), CHECK_VERIFY(this)); 514 atype = current_frame.pop_stack( 515 VerificationType::reference_check(), CHECK_VERIFY(this)); 516 if (!atype.is_char_array()) { 517 verify_error(bci, bad_type_msg, "caload"); 518 return; 519 } 520 current_frame.push_stack( 521 VerificationType::integer_type(), CHECK_VERIFY(this)); 522 no_control_flow = false; break; 523 case Bytecodes::_saload : 524 type = current_frame.pop_stack( 525 VerificationType::integer_type(), CHECK_VERIFY(this)); 526 atype = current_frame.pop_stack( 527 VerificationType::reference_check(), CHECK_VERIFY(this)); 528 if (!atype.is_short_array()) { 529 verify_error(bci, bad_type_msg, "saload"); 530 return; 531 } 532 current_frame.push_stack( 533 VerificationType::integer_type(), CHECK_VERIFY(this)); 534 no_control_flow = false; break; 535 case Bytecodes::_laload : 536 type = current_frame.pop_stack( 537 VerificationType::integer_type(), CHECK_VERIFY(this)); 538 atype = current_frame.pop_stack( 539 VerificationType::reference_check(), CHECK_VERIFY(this)); 540 if (!atype.is_long_array()) { 541 verify_error(bci, bad_type_msg, "laload"); 542 return; 543 } 544 current_frame.push_stack_2( 545 VerificationType::long_type(), 546 VerificationType::long2_type(), CHECK_VERIFY(this)); 547 no_control_flow = false; break; 548 case Bytecodes::_faload : 549 type = current_frame.pop_stack( 550 VerificationType::integer_type(), CHECK_VERIFY(this)); 551 atype = current_frame.pop_stack( 552 VerificationType::reference_check(), CHECK_VERIFY(this)); 553 if (!atype.is_float_array()) { 554 verify_error(bci, bad_type_msg, "faload"); 555 return; 556 } 557 current_frame.push_stack( 558 VerificationType::float_type(), CHECK_VERIFY(this)); 559 no_control_flow = false; break; 560 case Bytecodes::_daload : 561 type = current_frame.pop_stack( 562 VerificationType::integer_type(), CHECK_VERIFY(this)); 563 atype = current_frame.pop_stack( 564 VerificationType::reference_check(), CHECK_VERIFY(this)); 565 if (!atype.is_double_array()) { 566 verify_error(bci, bad_type_msg, "daload"); 567 return; 568 } 569 current_frame.push_stack_2( 570 VerificationType::double_type(), 571 VerificationType::double2_type(), CHECK_VERIFY(this)); 572 no_control_flow = false; break; 573 case Bytecodes::_aaload : { 574 type = current_frame.pop_stack( 575 VerificationType::integer_type(), CHECK_VERIFY(this)); 576 atype = current_frame.pop_stack( 577 VerificationType::reference_check(), CHECK_VERIFY(this)); 578 if (!atype.is_reference_array()) { 579 verify_error(bci, bad_type_msg, "aaload"); 580 return; 581 } 582 if (atype.is_null()) { 583 current_frame.push_stack( 584 VerificationType::null_type(), CHECK_VERIFY(this)); 585 } else { 586 VerificationType component = 587 atype.get_component(CHECK_VERIFY(this)); 588 current_frame.push_stack(component, CHECK_VERIFY(this)); 589 } 590 no_control_flow = false; break; 591 } 592 case Bytecodes::_istore : 593 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 594 no_control_flow = false; break; 595 case Bytecodes::_istore_0 : 596 case Bytecodes::_istore_1 : 597 case Bytecodes::_istore_2 : 598 case Bytecodes::_istore_3 : 599 index = opcode - Bytecodes::_istore_0; 600 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 601 no_control_flow = false; break; 602 case Bytecodes::_lstore : 603 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 604 no_control_flow = false; break; 605 case Bytecodes::_lstore_0 : 606 case Bytecodes::_lstore_1 : 607 case Bytecodes::_lstore_2 : 608 case Bytecodes::_lstore_3 : 609 index = opcode - Bytecodes::_lstore_0; 610 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 611 no_control_flow = false; break; 612 case Bytecodes::_fstore : 613 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 614 no_control_flow = false; break; 615 case Bytecodes::_fstore_0 : 616 case Bytecodes::_fstore_1 : 617 case Bytecodes::_fstore_2 : 618 case Bytecodes::_fstore_3 : 619 index = opcode - Bytecodes::_fstore_0; 620 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 621 no_control_flow = false; break; 622 case Bytecodes::_dstore : 623 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 624 no_control_flow = false; break; 625 case Bytecodes::_dstore_0 : 626 case Bytecodes::_dstore_1 : 627 case Bytecodes::_dstore_2 : 628 case Bytecodes::_dstore_3 : 629 index = opcode - Bytecodes::_dstore_0; 630 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 631 no_control_flow = false; break; 632 case Bytecodes::_astore : 633 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 634 no_control_flow = false; break; 635 case Bytecodes::_astore_0 : 636 case Bytecodes::_astore_1 : 637 case Bytecodes::_astore_2 : 638 case Bytecodes::_astore_3 : 639 index = opcode - Bytecodes::_astore_0; 640 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 641 no_control_flow = false; break; 642 case Bytecodes::_iastore : 643 type = current_frame.pop_stack( 644 VerificationType::integer_type(), CHECK_VERIFY(this)); 645 type2 = current_frame.pop_stack( 646 VerificationType::integer_type(), CHECK_VERIFY(this)); 647 atype = current_frame.pop_stack( 648 VerificationType::reference_check(), CHECK_VERIFY(this)); 649 if (!atype.is_int_array()) { 650 verify_error(bci, bad_type_msg, "iastore"); 651 return; 652 } 653 no_control_flow = false; break; 654 case Bytecodes::_bastore : 655 type = current_frame.pop_stack( 656 VerificationType::integer_type(), CHECK_VERIFY(this)); 657 type2 = current_frame.pop_stack( 658 VerificationType::integer_type(), CHECK_VERIFY(this)); 659 atype = current_frame.pop_stack( 660 VerificationType::reference_check(), CHECK_VERIFY(this)); 661 if (!atype.is_bool_array() && !atype.is_byte_array()) { 662 verify_error(bci, bad_type_msg, "bastore"); 663 return; 664 } 665 no_control_flow = false; break; 666 case Bytecodes::_castore : 667 current_frame.pop_stack( 668 VerificationType::integer_type(), CHECK_VERIFY(this)); 669 current_frame.pop_stack( 670 VerificationType::integer_type(), CHECK_VERIFY(this)); 671 atype = current_frame.pop_stack( 672 VerificationType::reference_check(), CHECK_VERIFY(this)); 673 if (!atype.is_char_array()) { 674 verify_error(bci, bad_type_msg, "castore"); 675 return; 676 } 677 no_control_flow = false; break; 678 case Bytecodes::_sastore : 679 current_frame.pop_stack( 680 VerificationType::integer_type(), CHECK_VERIFY(this)); 681 current_frame.pop_stack( 682 VerificationType::integer_type(), CHECK_VERIFY(this)); 683 atype = current_frame.pop_stack( 684 VerificationType::reference_check(), CHECK_VERIFY(this)); 685 if (!atype.is_short_array()) { 686 verify_error(bci, bad_type_msg, "sastore"); 687 return; 688 } 689 no_control_flow = false; break; 690 case Bytecodes::_lastore : 691 current_frame.pop_stack_2( 692 VerificationType::long2_type(), 693 VerificationType::long_type(), CHECK_VERIFY(this)); 694 current_frame.pop_stack( 695 VerificationType::integer_type(), CHECK_VERIFY(this)); 696 atype = current_frame.pop_stack( 697 VerificationType::reference_check(), CHECK_VERIFY(this)); 698 if (!atype.is_long_array()) { 699 verify_error(bci, bad_type_msg, "lastore"); 700 return; 701 } 702 no_control_flow = false; break; 703 case Bytecodes::_fastore : 704 current_frame.pop_stack( 705 VerificationType::float_type(), CHECK_VERIFY(this)); 706 current_frame.pop_stack 707 (VerificationType::integer_type(), CHECK_VERIFY(this)); 708 atype = current_frame.pop_stack( 709 VerificationType::reference_check(), CHECK_VERIFY(this)); 710 if (!atype.is_float_array()) { 711 verify_error(bci, bad_type_msg, "fastore"); 712 return; 713 } 714 no_control_flow = false; break; 715 case Bytecodes::_dastore : 716 current_frame.pop_stack_2( 717 VerificationType::double2_type(), 718 VerificationType::double_type(), CHECK_VERIFY(this)); 719 current_frame.pop_stack( 720 VerificationType::integer_type(), CHECK_VERIFY(this)); 721 atype = current_frame.pop_stack( 722 VerificationType::reference_check(), CHECK_VERIFY(this)); 723 if (!atype.is_double_array()) { 724 verify_error(bci, bad_type_msg, "dastore"); 725 return; 726 } 727 no_control_flow = false; break; 728 case Bytecodes::_aastore : 729 type = current_frame.pop_stack( 730 VerificationType::reference_check(), CHECK_VERIFY(this)); 731 type2 = current_frame.pop_stack( 732 VerificationType::integer_type(), CHECK_VERIFY(this)); 733 atype = current_frame.pop_stack( 734 VerificationType::reference_check(), CHECK_VERIFY(this)); 735 // more type-checking is done at runtime 736 if (!atype.is_reference_array()) { 737 verify_error(bci, bad_type_msg, "aastore"); 738 return; 739 } 740 // 4938384: relaxed constraint in JVMS 3nd edition. 741 no_control_flow = false; break; 742 case Bytecodes::_pop : 743 current_frame.pop_stack( 744 VerificationType::category1_check(), CHECK_VERIFY(this)); 745 no_control_flow = false; break; 746 case Bytecodes::_pop2 : 747 type = current_frame.pop_stack(CHECK_VERIFY(this)); 748 if (type.is_category1()) { 749 current_frame.pop_stack( 750 VerificationType::category1_check(), CHECK_VERIFY(this)); 751 } else if (type.is_category2_2nd()) { 752 current_frame.pop_stack( 753 VerificationType::category2_check(), CHECK_VERIFY(this)); 754 } else { 755 verify_error(bci, bad_type_msg, "pop2"); 756 return; 757 } 758 no_control_flow = false; break; 759 case Bytecodes::_dup : 760 type = current_frame.pop_stack( 761 VerificationType::category1_check(), CHECK_VERIFY(this)); 762 current_frame.push_stack(type, CHECK_VERIFY(this)); 763 current_frame.push_stack(type, CHECK_VERIFY(this)); 764 no_control_flow = false; break; 765 case Bytecodes::_dup_x1 : 766 type = current_frame.pop_stack( 767 VerificationType::category1_check(), CHECK_VERIFY(this)); 768 type2 = current_frame.pop_stack( 769 VerificationType::category1_check(), CHECK_VERIFY(this)); 770 current_frame.push_stack(type, CHECK_VERIFY(this)); 771 current_frame.push_stack(type2, CHECK_VERIFY(this)); 772 current_frame.push_stack(type, CHECK_VERIFY(this)); 773 no_control_flow = false; break; 774 case Bytecodes::_dup_x2 : 775 { 776 VerificationType type3; 777 type = current_frame.pop_stack( 778 VerificationType::category1_check(), CHECK_VERIFY(this)); 779 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 780 if (type2.is_category1()) { 781 type3 = current_frame.pop_stack( 782 VerificationType::category1_check(), CHECK_VERIFY(this)); 783 } else if (type2.is_category2_2nd()) { 784 type3 = current_frame.pop_stack( 785 VerificationType::category2_check(), CHECK_VERIFY(this)); 786 } else { 787 verify_error(bci, bad_type_msg, "dup_x2"); 788 return; 789 } 790 current_frame.push_stack(type, CHECK_VERIFY(this)); 791 current_frame.push_stack(type3, CHECK_VERIFY(this)); 792 current_frame.push_stack(type2, CHECK_VERIFY(this)); 793 current_frame.push_stack(type, CHECK_VERIFY(this)); 794 no_control_flow = false; break; 795 } 796 case Bytecodes::_dup2 : 797 type = current_frame.pop_stack(CHECK_VERIFY(this)); 798 if (type.is_category1()) { 799 type2 = current_frame.pop_stack( 800 VerificationType::category1_check(), CHECK_VERIFY(this)); 801 } else if (type.is_category2_2nd()) { 802 type2 = current_frame.pop_stack( 803 VerificationType::category2_check(), CHECK_VERIFY(this)); 804 } else { 805 verify_error(bci, bad_type_msg, "dup2"); 806 return; 807 } 808 current_frame.push_stack(type2, CHECK_VERIFY(this)); 809 current_frame.push_stack(type, CHECK_VERIFY(this)); 810 current_frame.push_stack(type2, CHECK_VERIFY(this)); 811 current_frame.push_stack(type, CHECK_VERIFY(this)); 812 no_control_flow = false; break; 813 case Bytecodes::_dup2_x1 : 814 { 815 VerificationType type3; 816 type = current_frame.pop_stack(CHECK_VERIFY(this)); 817 if (type.is_category1()) { 818 type2 = current_frame.pop_stack( 819 VerificationType::category1_check(), CHECK_VERIFY(this)); 820 } else if(type.is_category2_2nd()) { 821 type2 = current_frame.pop_stack 822 (VerificationType::category2_check(), CHECK_VERIFY(this)); 823 } else { 824 verify_error(bci, bad_type_msg, "dup2_x1"); 825 return; 826 } 827 type3 = current_frame.pop_stack( 828 VerificationType::category1_check(), CHECK_VERIFY(this)); 829 current_frame.push_stack(type2, CHECK_VERIFY(this)); 830 current_frame.push_stack(type, CHECK_VERIFY(this)); 831 current_frame.push_stack(type3, CHECK_VERIFY(this)); 832 current_frame.push_stack(type2, CHECK_VERIFY(this)); 833 current_frame.push_stack(type, CHECK_VERIFY(this)); 834 no_control_flow = false; break; 835 } 836 case Bytecodes::_dup2_x2 : 837 { 838 VerificationType type3, type4; 839 type = current_frame.pop_stack(CHECK_VERIFY(this)); 840 if (type.is_category1()) { 841 type2 = current_frame.pop_stack( 842 VerificationType::category1_check(), CHECK_VERIFY(this)); 843 } else if (type.is_category2_2nd()) { 844 type2 = current_frame.pop_stack( 845 VerificationType::category2_check(), CHECK_VERIFY(this)); 846 } else { 847 verify_error(bci, bad_type_msg, "dup2_x2"); 848 return; 849 } 850 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 851 if (type3.is_category1()) { 852 type4 = current_frame.pop_stack( 853 VerificationType::category1_check(), CHECK_VERIFY(this)); 854 } else if (type3.is_category2_2nd()) { 855 type4 = current_frame.pop_stack( 856 VerificationType::category2_check(), CHECK_VERIFY(this)); 857 } else { 858 verify_error(bci, bad_type_msg, "dup2_x2"); 859 return; 860 } 861 current_frame.push_stack(type2, CHECK_VERIFY(this)); 862 current_frame.push_stack(type, CHECK_VERIFY(this)); 863 current_frame.push_stack(type4, CHECK_VERIFY(this)); 864 current_frame.push_stack(type3, CHECK_VERIFY(this)); 865 current_frame.push_stack(type2, CHECK_VERIFY(this)); 866 current_frame.push_stack(type, CHECK_VERIFY(this)); 867 no_control_flow = false; break; 868 } 869 case Bytecodes::_swap : 870 type = current_frame.pop_stack( 871 VerificationType::category1_check(), CHECK_VERIFY(this)); 872 type2 = current_frame.pop_stack( 873 VerificationType::category1_check(), CHECK_VERIFY(this)); 874 current_frame.push_stack(type, CHECK_VERIFY(this)); 875 current_frame.push_stack(type2, CHECK_VERIFY(this)); 876 no_control_flow = false; break; 877 case Bytecodes::_iadd : 878 case Bytecodes::_isub : 879 case Bytecodes::_imul : 880 case Bytecodes::_idiv : 881 case Bytecodes::_irem : 882 case Bytecodes::_ishl : 883 case Bytecodes::_ishr : 884 case Bytecodes::_iushr : 885 case Bytecodes::_ior : 886 case Bytecodes::_ixor : 887 case Bytecodes::_iand : 888 current_frame.pop_stack( 889 VerificationType::integer_type(), CHECK_VERIFY(this)); 890 // fall through 891 case Bytecodes::_ineg : 892 current_frame.pop_stack( 893 VerificationType::integer_type(), CHECK_VERIFY(this)); 894 current_frame.push_stack( 895 VerificationType::integer_type(), CHECK_VERIFY(this)); 896 no_control_flow = false; break; 897 case Bytecodes::_ladd : 898 case Bytecodes::_lsub : 899 case Bytecodes::_lmul : 900 case Bytecodes::_ldiv : 901 case Bytecodes::_lrem : 902 case Bytecodes::_land : 903 case Bytecodes::_lor : 904 case Bytecodes::_lxor : 905 current_frame.pop_stack_2( 906 VerificationType::long2_type(), 907 VerificationType::long_type(), CHECK_VERIFY(this)); 908 // fall through 909 case Bytecodes::_lneg : 910 current_frame.pop_stack_2( 911 VerificationType::long2_type(), 912 VerificationType::long_type(), CHECK_VERIFY(this)); 913 current_frame.push_stack_2( 914 VerificationType::long_type(), 915 VerificationType::long2_type(), CHECK_VERIFY(this)); 916 no_control_flow = false; break; 917 case Bytecodes::_lshl : 918 case Bytecodes::_lshr : 919 case Bytecodes::_lushr : 920 current_frame.pop_stack( 921 VerificationType::integer_type(), CHECK_VERIFY(this)); 922 current_frame.pop_stack_2( 923 VerificationType::long2_type(), 924 VerificationType::long_type(), CHECK_VERIFY(this)); 925 current_frame.push_stack_2( 926 VerificationType::long_type(), 927 VerificationType::long2_type(), CHECK_VERIFY(this)); 928 no_control_flow = false; break; 929 case Bytecodes::_fadd : 930 case Bytecodes::_fsub : 931 case Bytecodes::_fmul : 932 case Bytecodes::_fdiv : 933 case Bytecodes::_frem : 934 current_frame.pop_stack( 935 VerificationType::float_type(), CHECK_VERIFY(this)); 936 // fall through 937 case Bytecodes::_fneg : 938 current_frame.pop_stack( 939 VerificationType::float_type(), CHECK_VERIFY(this)); 940 current_frame.push_stack( 941 VerificationType::float_type(), CHECK_VERIFY(this)); 942 no_control_flow = false; break; 943 case Bytecodes::_dadd : 944 case Bytecodes::_dsub : 945 case Bytecodes::_dmul : 946 case Bytecodes::_ddiv : 947 case Bytecodes::_drem : 948 current_frame.pop_stack_2( 949 VerificationType::double2_type(), 950 VerificationType::double_type(), CHECK_VERIFY(this)); 951 // fall through 952 case Bytecodes::_dneg : 953 current_frame.pop_stack_2( 954 VerificationType::double2_type(), 955 VerificationType::double_type(), CHECK_VERIFY(this)); 956 current_frame.push_stack_2( 957 VerificationType::double_type(), 958 VerificationType::double2_type(), CHECK_VERIFY(this)); 959 no_control_flow = false; break; 960 case Bytecodes::_iinc : 961 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 962 no_control_flow = false; break; 963 case Bytecodes::_i2l : 964 type = current_frame.pop_stack( 965 VerificationType::integer_type(), CHECK_VERIFY(this)); 966 current_frame.push_stack_2( 967 VerificationType::long_type(), 968 VerificationType::long2_type(), CHECK_VERIFY(this)); 969 no_control_flow = false; break; 970 case Bytecodes::_l2i : 971 current_frame.pop_stack_2( 972 VerificationType::long2_type(), 973 VerificationType::long_type(), CHECK_VERIFY(this)); 974 current_frame.push_stack( 975 VerificationType::integer_type(), CHECK_VERIFY(this)); 976 no_control_flow = false; break; 977 case Bytecodes::_i2f : 978 current_frame.pop_stack( 979 VerificationType::integer_type(), CHECK_VERIFY(this)); 980 current_frame.push_stack( 981 VerificationType::float_type(), CHECK_VERIFY(this)); 982 no_control_flow = false; break; 983 case Bytecodes::_i2d : 984 current_frame.pop_stack( 985 VerificationType::integer_type(), CHECK_VERIFY(this)); 986 current_frame.push_stack_2( 987 VerificationType::double_type(), 988 VerificationType::double2_type(), CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_l2f : 991 current_frame.pop_stack_2( 992 VerificationType::long2_type(), 993 VerificationType::long_type(), CHECK_VERIFY(this)); 994 current_frame.push_stack( 995 VerificationType::float_type(), CHECK_VERIFY(this)); 996 no_control_flow = false; break; 997 case Bytecodes::_l2d : 998 current_frame.pop_stack_2( 999 VerificationType::long2_type(), 1000 VerificationType::long_type(), CHECK_VERIFY(this)); 1001 current_frame.push_stack_2( 1002 VerificationType::double_type(), 1003 VerificationType::double2_type(), CHECK_VERIFY(this)); 1004 no_control_flow = false; break; 1005 case Bytecodes::_f2i : 1006 current_frame.pop_stack( 1007 VerificationType::float_type(), CHECK_VERIFY(this)); 1008 current_frame.push_stack( 1009 VerificationType::integer_type(), CHECK_VERIFY(this)); 1010 no_control_flow = false; break; 1011 case Bytecodes::_f2l : 1012 current_frame.pop_stack( 1013 VerificationType::float_type(), CHECK_VERIFY(this)); 1014 current_frame.push_stack_2( 1015 VerificationType::long_type(), 1016 VerificationType::long2_type(), CHECK_VERIFY(this)); 1017 no_control_flow = false; break; 1018 case Bytecodes::_f2d : 1019 current_frame.pop_stack( 1020 VerificationType::float_type(), CHECK_VERIFY(this)); 1021 current_frame.push_stack_2( 1022 VerificationType::double_type(), 1023 VerificationType::double2_type(), CHECK_VERIFY(this)); 1024 no_control_flow = false; break; 1025 case Bytecodes::_d2i : 1026 current_frame.pop_stack_2( 1027 VerificationType::double2_type(), 1028 VerificationType::double_type(), CHECK_VERIFY(this)); 1029 current_frame.push_stack( 1030 VerificationType::integer_type(), CHECK_VERIFY(this)); 1031 no_control_flow = false; break; 1032 case Bytecodes::_d2l : 1033 current_frame.pop_stack_2( 1034 VerificationType::double2_type(), 1035 VerificationType::double_type(), CHECK_VERIFY(this)); 1036 current_frame.push_stack_2( 1037 VerificationType::long_type(), 1038 VerificationType::long2_type(), CHECK_VERIFY(this)); 1039 no_control_flow = false; break; 1040 case Bytecodes::_d2f : 1041 current_frame.pop_stack_2( 1042 VerificationType::double2_type(), 1043 VerificationType::double_type(), CHECK_VERIFY(this)); 1044 current_frame.push_stack( 1045 VerificationType::float_type(), CHECK_VERIFY(this)); 1046 no_control_flow = false; break; 1047 case Bytecodes::_i2b : 1048 case Bytecodes::_i2c : 1049 case Bytecodes::_i2s : 1050 current_frame.pop_stack( 1051 VerificationType::integer_type(), CHECK_VERIFY(this)); 1052 current_frame.push_stack( 1053 VerificationType::integer_type(), CHECK_VERIFY(this)); 1054 no_control_flow = false; break; 1055 case Bytecodes::_lcmp : 1056 current_frame.pop_stack_2( 1057 VerificationType::long2_type(), 1058 VerificationType::long_type(), CHECK_VERIFY(this)); 1059 current_frame.pop_stack_2( 1060 VerificationType::long2_type(), 1061 VerificationType::long_type(), CHECK_VERIFY(this)); 1062 current_frame.push_stack( 1063 VerificationType::integer_type(), CHECK_VERIFY(this)); 1064 no_control_flow = false; break; 1065 case Bytecodes::_fcmpl : 1066 case Bytecodes::_fcmpg : 1067 current_frame.pop_stack( 1068 VerificationType::float_type(), CHECK_VERIFY(this)); 1069 current_frame.pop_stack( 1070 VerificationType::float_type(), CHECK_VERIFY(this)); 1071 current_frame.push_stack( 1072 VerificationType::integer_type(), CHECK_VERIFY(this)); 1073 no_control_flow = false; break; 1074 case Bytecodes::_dcmpl : 1075 case Bytecodes::_dcmpg : 1076 current_frame.pop_stack_2( 1077 VerificationType::double2_type(), 1078 VerificationType::double_type(), CHECK_VERIFY(this)); 1079 current_frame.pop_stack_2( 1080 VerificationType::double2_type(), 1081 VerificationType::double_type(), CHECK_VERIFY(this)); 1082 current_frame.push_stack( 1083 VerificationType::integer_type(), CHECK_VERIFY(this)); 1084 no_control_flow = false; break; 1085 case Bytecodes::_if_icmpeq: 1086 case Bytecodes::_if_icmpne: 1087 case Bytecodes::_if_icmplt: 1088 case Bytecodes::_if_icmpge: 1089 case Bytecodes::_if_icmpgt: 1090 case Bytecodes::_if_icmple: 1091 current_frame.pop_stack( 1092 VerificationType::integer_type(), CHECK_VERIFY(this)); 1093 // fall through 1094 case Bytecodes::_ifeq: 1095 case Bytecodes::_ifne: 1096 case Bytecodes::_iflt: 1097 case Bytecodes::_ifge: 1098 case Bytecodes::_ifgt: 1099 case Bytecodes::_ifle: 1100 current_frame.pop_stack( 1101 VerificationType::integer_type(), CHECK_VERIFY(this)); 1102 target = bcs.dest(); 1103 stackmap_table.check_jump_target( 1104 ¤t_frame, target, CHECK_VERIFY(this)); 1105 no_control_flow = false; break; 1106 case Bytecodes::_if_acmpeq : 1107 case Bytecodes::_if_acmpne : 1108 current_frame.pop_stack( 1109 VerificationType::reference_check(), CHECK_VERIFY(this)); 1110 // fall through 1111 case Bytecodes::_ifnull : 1112 case Bytecodes::_ifnonnull : 1113 current_frame.pop_stack( 1114 VerificationType::reference_check(), CHECK_VERIFY(this)); 1115 target = bcs.dest(); 1116 stackmap_table.check_jump_target 1117 (¤t_frame, target, CHECK_VERIFY(this)); 1118 no_control_flow = false; break; 1119 case Bytecodes::_goto : 1120 target = bcs.dest(); 1121 stackmap_table.check_jump_target( 1122 ¤t_frame, target, CHECK_VERIFY(this)); 1123 no_control_flow = true; break; 1124 case Bytecodes::_goto_w : 1125 target = bcs.dest_w(); 1126 stackmap_table.check_jump_target( 1127 ¤t_frame, target, CHECK_VERIFY(this)); 1128 no_control_flow = true; break; 1129 case Bytecodes::_tableswitch : 1130 case Bytecodes::_lookupswitch : 1131 verify_switch( 1132 &bcs, code_length, code_data, ¤t_frame, 1133 &stackmap_table, CHECK_VERIFY(this)); 1134 no_control_flow = true; break; 1135 case Bytecodes::_ireturn : 1136 type = current_frame.pop_stack( 1137 VerificationType::integer_type(), CHECK_VERIFY(this)); 1138 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1139 no_control_flow = true; break; 1140 case Bytecodes::_lreturn : 1141 type2 = current_frame.pop_stack( 1142 VerificationType::long2_type(), CHECK_VERIFY(this)); 1143 type = current_frame.pop_stack( 1144 VerificationType::long_type(), CHECK_VERIFY(this)); 1145 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1146 no_control_flow = true; break; 1147 case Bytecodes::_freturn : 1148 type = current_frame.pop_stack( 1149 VerificationType::float_type(), CHECK_VERIFY(this)); 1150 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1151 no_control_flow = true; break; 1152 case Bytecodes::_dreturn : 1153 type2 = current_frame.pop_stack( 1154 VerificationType::double2_type(), CHECK_VERIFY(this)); 1155 type = current_frame.pop_stack( 1156 VerificationType::double_type(), CHECK_VERIFY(this)); 1157 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1158 no_control_flow = true; break; 1159 case Bytecodes::_areturn : 1160 type = current_frame.pop_stack( 1161 VerificationType::reference_check(), CHECK_VERIFY(this)); 1162 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1163 no_control_flow = true; break; 1164 case Bytecodes::_return : 1165 if (return_type != VerificationType::bogus_type()) { 1166 verify_error(bci, "Method expects no return value"); 1167 return; 1168 } 1169 // Make sure "this" has been initialized if current method is an 1170 // <init> 1171 if (_method->name() == vmSymbols::object_initializer_name() && 1172 current_frame.flag_this_uninit()) { 1173 verify_error(bci, 1174 "Constructor must call super() or this() before return"); 1175 return; 1176 } 1177 no_control_flow = true; break; 1178 case Bytecodes::_getstatic : 1179 case Bytecodes::_putstatic : 1180 case Bytecodes::_getfield : 1181 case Bytecodes::_putfield : 1182 verify_field_instructions( 1183 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1184 no_control_flow = false; break; 1185 case Bytecodes::_invokevirtual : 1186 case Bytecodes::_invokespecial : 1187 case Bytecodes::_invokestatic : 1188 verify_invoke_instructions( 1189 &bcs, code_length, ¤t_frame, 1190 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1191 no_control_flow = false; break; 1192 case Bytecodes::_invokeinterface : 1193 case Bytecodes::_invokedynamic : 1194 verify_invoke_instructions( 1195 &bcs, code_length, ¤t_frame, 1196 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1197 no_control_flow = false; break; 1198 case Bytecodes::_new : 1199 { 1200 index = bcs.get_index_u2(); 1201 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1202 VerificationType new_class_type = 1203 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1204 if (!new_class_type.is_object()) { 1205 verify_error(bci, "Illegal new instruction"); 1206 return; 1207 } 1208 type = VerificationType::uninitialized_type(bci); 1209 current_frame.push_stack(type, CHECK_VERIFY(this)); 1210 no_control_flow = false; break; 1211 } 1212 case Bytecodes::_newarray : 1213 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1214 current_frame.pop_stack( 1215 VerificationType::integer_type(), CHECK_VERIFY(this)); 1216 current_frame.push_stack(type, CHECK_VERIFY(this)); 1217 no_control_flow = false; break; 1218 case Bytecodes::_anewarray : 1219 verify_anewarray( 1220 bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1221 no_control_flow = false; break; 1222 case Bytecodes::_arraylength : 1223 type = current_frame.pop_stack( 1224 VerificationType::reference_check(), CHECK_VERIFY(this)); 1225 if (!(type.is_null() || type.is_array())) { 1226 verify_error(bci, bad_type_msg, "arraylength"); 1227 } 1228 current_frame.push_stack( 1229 VerificationType::integer_type(), CHECK_VERIFY(this)); 1230 no_control_flow = false; break; 1231 case Bytecodes::_checkcast : 1232 { 1233 index = bcs.get_index_u2(); 1234 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1235 current_frame.pop_stack( 1236 VerificationType::reference_check(), CHECK_VERIFY(this)); 1237 VerificationType klass_type = cp_index_to_type( 1238 index, cp, CHECK_VERIFY(this)); 1239 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1240 no_control_flow = false; break; 1241 } 1242 case Bytecodes::_instanceof : { 1243 index = bcs.get_index_u2(); 1244 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1245 current_frame.pop_stack( 1246 VerificationType::reference_check(), CHECK_VERIFY(this)); 1247 current_frame.push_stack( 1248 VerificationType::integer_type(), CHECK_VERIFY(this)); 1249 no_control_flow = false; break; 1250 } 1251 case Bytecodes::_monitorenter : 1252 case Bytecodes::_monitorexit : 1253 current_frame.pop_stack( 1254 VerificationType::reference_check(), CHECK_VERIFY(this)); 1255 no_control_flow = false; break; 1256 case Bytecodes::_multianewarray : 1257 { 1258 index = bcs.get_index_u2(); 1259 u2 dim = *(bcs.bcp()+3); 1260 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1261 VerificationType new_array_type = 1262 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1263 if (!new_array_type.is_array()) { 1264 verify_error(bci, 1265 "Illegal constant pool index in multianewarray instruction"); 1266 return; 1267 } 1268 if (dim < 1 || new_array_type.dimensions() < dim) { 1269 verify_error(bci, 1270 "Illegal dimension in multianewarray instruction"); 1271 return; 1272 } 1273 for (int i = 0; i < dim; i++) { 1274 current_frame.pop_stack( 1275 VerificationType::integer_type(), CHECK_VERIFY(this)); 1276 } 1277 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1278 no_control_flow = false; break; 1279 } 1280 case Bytecodes::_athrow : 1281 type = VerificationType::reference_type( 1282 vmSymbols::java_lang_Throwable()); 1283 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1284 no_control_flow = true; break; 1285 default: 1286 // We only need to check the valid bytecodes in class file. 1287 // And jsr and ret are not in the new class file format in JDK1.5. 1288 verify_error(bci, "Bad instruction"); 1289 no_control_flow = false; 1290 return; 1291 } // end switch 1292 } // end Merge with the next instruction 1293 1294 // Look for possible jump target in exception handlers and see if it 1295 // matches current_frame 1296 if (bci >= ex_min && bci < ex_max) { 1297 verify_exception_handler_targets( 1298 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1299 } 1300 } // end while 1301 1302 // Make sure that control flow does not fall through end of the method 1303 if (!no_control_flow) { 1304 verify_error(code_length, "Control flow falls through code end"); 1305 return; 1306 } 1307} 1308 1309char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1310 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1311 memset(code_data, 0, sizeof(char) * code_length); 1312 RawBytecodeStream bcs(m); 1313 1314 while (!bcs.is_last_bytecode()) { 1315 if (bcs.raw_next() != Bytecodes::_illegal) { 1316 int bci = bcs.bci(); 1317 if (bcs.raw_code() == Bytecodes::_new) { 1318 code_data[bci] = NEW_OFFSET; 1319 } else { 1320 code_data[bci] = BYTECODE_OFFSET; 1321 } 1322 } else { 1323 verify_error(bcs.bci(), "Bad instruction"); 1324 return NULL; 1325 } 1326 } 1327 1328 return code_data; 1329} 1330 1331void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1332 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1333 constantPoolHandle cp (THREAD, _method->constants()); 1334 1335 if (exhandlers() != NULL) { 1336 for(int i = 0; i < exhandlers->length();) { 1337 u2 start_pc = exhandlers->int_at(i++); 1338 u2 end_pc = exhandlers->int_at(i++); 1339 u2 handler_pc = exhandlers->int_at(i++); 1340 if (start_pc >= code_length || code_data[start_pc] == 0) { 1341 class_format_error("Illegal exception table start_pc %d", start_pc); 1342 return; 1343 } 1344 if (end_pc != code_length) { // special case: end_pc == code_length 1345 if (end_pc > code_length || code_data[end_pc] == 0) { 1346 class_format_error("Illegal exception table end_pc %d", end_pc); 1347 return; 1348 } 1349 } 1350 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1351 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1352 return; 1353 } 1354 int catch_type_index = exhandlers->int_at(i++); 1355 if (catch_type_index != 0) { 1356 VerificationType catch_type = cp_index_to_type( 1357 catch_type_index, cp, CHECK_VERIFY(this)); 1358 VerificationType throwable = 1359 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1360 bool is_subclass = throwable.is_assignable_from( 1361 catch_type, current_class(), CHECK_VERIFY(this)); 1362 if (!is_subclass) { 1363 // 4286534: should throw VerifyError according to recent spec change 1364 verify_error( 1365 "Catch type is not a subclass of Throwable in handler %d", 1366 handler_pc); 1367 return; 1368 } 1369 } 1370 if (start_pc < min) min = start_pc; 1371 if (end_pc > max) max = end_pc; 1372 } 1373 } 1374} 1375 1376void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1377 int localvariable_table_length = _method()->localvariable_table_length(); 1378 if (localvariable_table_length > 0) { 1379 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1380 for (int i = 0; i < localvariable_table_length; i++) { 1381 u2 start_bci = table[i].start_bci; 1382 u2 length = table[i].length; 1383 1384 if (start_bci >= code_length || code_data[start_bci] == 0) { 1385 class_format_error( 1386 "Illegal local variable table start_pc %d", start_bci); 1387 return; 1388 } 1389 u4 end_bci = (u4)(start_bci + length); 1390 if (end_bci != code_length) { 1391 if (end_bci >= code_length || code_data[end_bci] == 0) { 1392 class_format_error( "Illegal local variable table length %d", length); 1393 return; 1394 } 1395 } 1396 } 1397 } 1398} 1399 1400u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1401 StackMapFrame* current_frame, 1402 StackMapTable* stackmap_table, 1403 bool no_control_flow, TRAPS) { 1404 if (stackmap_index < stackmap_table->get_frame_count()) { 1405 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1406 if (no_control_flow && this_offset > bci) { 1407 verify_error(bci, "Expecting a stack map frame"); 1408 return 0; 1409 } 1410 if (this_offset == bci) { 1411 // See if current stack map can be assigned to the frame in table. 1412 // current_frame is the stackmap frame got from the last instruction. 1413 // If matched, current_frame will be updated by this method. 1414 bool match = stackmap_table->match_stackmap( 1415 current_frame, this_offset, stackmap_index, 1416 !no_control_flow, true, CHECK_VERIFY_(this, 0)); 1417 if (!match) { 1418 // report type error 1419 verify_error(bci, "Instruction type does not match stack map"); 1420 return 0; 1421 } 1422 stackmap_index++; 1423 } else if (this_offset < bci) { 1424 // current_offset should have met this_offset. 1425 class_format_error("Bad stack map offset %d", this_offset); 1426 return 0; 1427 } 1428 } else if (no_control_flow) { 1429 verify_error(bci, "Expecting a stack map frame"); 1430 return 0; 1431 } 1432 return stackmap_index; 1433} 1434 1435void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1436 StackMapTable* stackmap_table, TRAPS) { 1437 constantPoolHandle cp (THREAD, _method->constants()); 1438 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1439 if (exhandlers() != NULL) { 1440 for(int i = 0; i < exhandlers->length();) { 1441 u2 start_pc = exhandlers->int_at(i++); 1442 u2 end_pc = exhandlers->int_at(i++); 1443 u2 handler_pc = exhandlers->int_at(i++); 1444 int catch_type_index = exhandlers->int_at(i++); 1445 if(bci >= start_pc && bci < end_pc) { 1446 u1 flags = current_frame->flags(); 1447 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1448 1449 ResourceMark rm(THREAD); 1450 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1451 if (catch_type_index != 0) { 1452 // We know that this index refers to a subclass of Throwable 1453 VerificationType catch_type = cp_index_to_type( 1454 catch_type_index, cp, CHECK_VERIFY(this)); 1455 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1456 } else { 1457 VerificationType throwable = 1458 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1459 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1460 } 1461 bool match = stackmap_table->match_stackmap( 1462 new_frame, handler_pc, true, false, CHECK_VERIFY(this)); 1463 if (!match) { 1464 verify_error(bci, 1465 "Stack map does not match the one at exception handler %d", 1466 handler_pc); 1467 return; 1468 } 1469 } 1470 } 1471 } 1472} 1473 1474void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) { 1475 int nconstants = cp->length(); 1476 if ((index <= 0) || (index >= nconstants)) { 1477 verify_error("Illegal constant pool index %d in class %s", 1478 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1479 return; 1480 } 1481} 1482 1483void ClassVerifier::verify_cp_type( 1484 int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1485 1486 // In some situations, bytecode rewriting may occur while we're verifying. 1487 // In this case, a constant pool cache exists and some indices refer to that 1488 // instead. Be sure we don't pick up such indices by accident. 1489 // We must check was_recursively_verified() before we get here. 1490 guarantee(cp->cache() == NULL, "not rewritten yet"); 1491 1492 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1493 unsigned int tag = cp->tag_at(index).value(); 1494 if ((types & (1 << tag)) == 0) { 1495 verify_error( 1496 "Illegal type at constant pool entry %d in class %s", 1497 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1498 return; 1499 } 1500} 1501 1502void ClassVerifier::verify_cp_class_type( 1503 int index, constantPoolHandle cp, TRAPS) { 1504 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1505 constantTag tag = cp->tag_at(index); 1506 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1507 verify_error("Illegal type at constant pool entry %d in class %s", 1508 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1509 return; 1510 } 1511} 1512 1513void ClassVerifier::format_error_message( 1514 const char* fmt, int offset, va_list va) { 1515 ResourceMark rm(_thread); 1516 stringStream message(_message, _message_buffer_len); 1517 message.vprint(fmt, va); 1518 if (!_method.is_null()) { 1519 message.print(" in method %s", _method->name_and_sig_as_C_string()); 1520 } 1521 if (offset != -1) { 1522 message.print(" at offset %d", offset); 1523 } 1524} 1525 1526void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) { 1527 _exception_type = vmSymbols::java_lang_VerifyError(); 1528 va_list va; 1529 va_start(va, fmt); 1530 format_error_message(fmt, offset, va); 1531 va_end(va); 1532} 1533 1534void ClassVerifier::verify_error(const char* fmt, ...) { 1535 _exception_type = vmSymbols::java_lang_VerifyError(); 1536 va_list va; 1537 va_start(va, fmt); 1538 format_error_message(fmt, -1, va); 1539 va_end(va); 1540} 1541 1542void ClassVerifier::class_format_error(const char* msg, ...) { 1543 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1544 va_list va; 1545 va_start(va, msg); 1546 format_error_message(msg, -1, va); 1547 va_end(va); 1548} 1549 1550klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) { 1551 // Get current loader and protection domain first. 1552 oop loader = current_class()->class_loader(); 1553 oop protection_domain = current_class()->protection_domain(); 1554 1555 return SystemDictionary::resolve_or_fail( 1556 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1557 true, CHECK_NULL); 1558} 1559 1560bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1561 klassOop target_class, 1562 symbolOop field_name, 1563 symbolOop field_sig, 1564 bool is_method) { 1565 No_Safepoint_Verifier nosafepoint; 1566 1567 // If target class isn't a super class of this class, we don't worry about this case 1568 if (!this_class->is_subclass_of(target_class)) { 1569 return false; 1570 } 1571 // Check if the specified method or field is protected 1572 instanceKlass* target_instance = instanceKlass::cast(target_class); 1573 fieldDescriptor fd; 1574 if (is_method) { 1575 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig); 1576 if (m != NULL && m->is_protected()) { 1577 if (!this_class->is_same_class_package(m->method_holder())) { 1578 return true; 1579 } 1580 } 1581 } else { 1582 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd); 1583 if(member_klass != NULL && fd.is_protected()) { 1584 if (!this_class->is_same_class_package(member_klass)) { 1585 return true; 1586 } 1587 } 1588 } 1589 return false; 1590} 1591 1592void ClassVerifier::verify_ldc( 1593 int opcode, u2 index, StackMapFrame *current_frame, 1594 constantPoolHandle cp, u2 bci, TRAPS) { 1595 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1596 constantTag tag = cp->tag_at(index); 1597 unsigned int types; 1598 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1599 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) { 1600 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1601 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class); 1602 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1603 } 1604 } else { 1605 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 1606 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 1607 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1608 } 1609 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 1610 current_frame->push_stack( 1611 VerificationType::reference_type( 1612 vmSymbols::java_lang_Object()), CHECK_VERIFY(this)); 1613 } else if (tag.is_string() || tag.is_unresolved_string()) { 1614 current_frame->push_stack( 1615 VerificationType::reference_type( 1616 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 1617 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 1618 current_frame->push_stack( 1619 VerificationType::reference_type( 1620 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 1621 } else if (tag.is_int()) { 1622 current_frame->push_stack( 1623 VerificationType::integer_type(), CHECK_VERIFY(this)); 1624 } else if (tag.is_float()) { 1625 current_frame->push_stack( 1626 VerificationType::float_type(), CHECK_VERIFY(this)); 1627 } else if (tag.is_double()) { 1628 current_frame->push_stack_2( 1629 VerificationType::double_type(), 1630 VerificationType::double2_type(), CHECK_VERIFY(this)); 1631 } else if (tag.is_long()) { 1632 current_frame->push_stack_2( 1633 VerificationType::long_type(), 1634 VerificationType::long2_type(), CHECK_VERIFY(this)); 1635 } else { 1636 verify_error(bci, "Invalid index in ldc"); 1637 return; 1638 } 1639} 1640 1641void ClassVerifier::verify_switch( 1642 RawBytecodeStream* bcs, u4 code_length, char* code_data, 1643 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 1644 int bci = bcs->bci(); 1645 address bcp = bcs->bcp(); 1646 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 1647 1648 // 4639449 & 4647081: padding bytes must be 0 1649 u2 padding_offset = 1; 1650 while ((bcp + padding_offset) < aligned_bcp) { 1651 if(*(bcp + padding_offset) != 0) { 1652 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch"); 1653 return; 1654 } 1655 padding_offset++; 1656 } 1657 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 1658 int keys, delta; 1659 current_frame->pop_stack( 1660 VerificationType::integer_type(), CHECK_VERIFY(this)); 1661 if (bcs->raw_code() == Bytecodes::_tableswitch) { 1662 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 1663 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 1664 if (low > high) { 1665 verify_error(bci, 1666 "low must be less than or equal to high in tableswitch"); 1667 return; 1668 } 1669 keys = high - low + 1; 1670 if (keys < 0) { 1671 verify_error(bci, "too many keys in tableswitch"); 1672 return; 1673 } 1674 delta = 1; 1675 } else { 1676 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 1677 if (keys < 0) { 1678 verify_error(bci, "number of keys in lookupswitch less than 0"); 1679 return; 1680 } 1681 delta = 2; 1682 // Make sure that the lookupswitch items are sorted 1683 for (int i = 0; i < (keys - 1); i++) { 1684 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 1685 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 1686 if (this_key >= next_key) { 1687 verify_error(bci, "Bad lookupswitch instruction"); 1688 return; 1689 } 1690 } 1691 } 1692 int target = bci + default_offset; 1693 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 1694 for (int i = 0; i < keys; i++) { 1695 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 1696 stackmap_table->check_jump_target( 1697 current_frame, target, CHECK_VERIFY(this)); 1698 } 1699} 1700 1701bool ClassVerifier::name_in_supers( 1702 symbolOop ref_name, instanceKlassHandle current) { 1703 klassOop super = current->super(); 1704 while (super != NULL) { 1705 if (super->klass_part()->name() == ref_name) { 1706 return true; 1707 } 1708 super = super->klass_part()->super(); 1709 } 1710 return false; 1711} 1712 1713void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 1714 StackMapFrame* current_frame, 1715 constantPoolHandle cp, 1716 TRAPS) { 1717 u2 index = bcs->get_index_u2(); 1718 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 1719 1720 // Get field name and signature 1721 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index)); 1722 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index)); 1723 1724 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 1725 class_format_error( 1726 "Invalid signature for field in class %s referenced " 1727 "from constant pool index %d", _klass->external_name(), index); 1728 return; 1729 } 1730 1731 // Get referenced class type 1732 VerificationType ref_class_type = cp_ref_index_to_type( 1733 index, cp, CHECK_VERIFY(this)); 1734 if (!ref_class_type.is_object()) { 1735 verify_error( 1736 "Expecting reference to class in class %s at constant pool index %d", 1737 _klass->external_name(), index); 1738 return; 1739 } 1740 VerificationType target_class_type = ref_class_type; 1741 1742 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1743 "buffer type must match VerificationType size"); 1744 uintptr_t field_type_buffer[2]; 1745 VerificationType* field_type = (VerificationType*)field_type_buffer; 1746 // If we make a VerificationType[2] array directly, the compiler calls 1747 // to the c-runtime library to do the allocation instead of just 1748 // stack allocating it. Plus it would run constructors. This shows up 1749 // in performance profiles. 1750 1751 SignatureStream sig_stream(field_sig, false); 1752 VerificationType stack_object_type; 1753 int n = change_sig_to_verificationType( 1754 &sig_stream, field_type, CHECK_VERIFY(this)); 1755 u2 bci = bcs->bci(); 1756 bool is_assignable; 1757 switch (bcs->raw_code()) { 1758 case Bytecodes::_getstatic: { 1759 for (int i = 0; i < n; i++) { 1760 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1761 } 1762 break; 1763 } 1764 case Bytecodes::_putstatic: { 1765 for (int i = n - 1; i >= 0; i--) { 1766 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1767 } 1768 break; 1769 } 1770 case Bytecodes::_getfield: { 1771 stack_object_type = current_frame->pop_stack( 1772 target_class_type, CHECK_VERIFY(this)); 1773 for (int i = 0; i < n; i++) { 1774 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1775 } 1776 goto check_protected; 1777 } 1778 case Bytecodes::_putfield: { 1779 for (int i = n - 1; i >= 0; i--) { 1780 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1781 } 1782 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 1783 1784 // The JVMS 2nd edition allows field initialization before the superclass 1785 // initializer, if the field is defined within the current class. 1786 fieldDescriptor fd; 1787 if (stack_object_type == VerificationType::uninitialized_this_type() && 1788 target_class_type.equals(current_type()) && 1789 _klass->find_local_field(field_name(), field_sig(), &fd)) { 1790 stack_object_type = current_type(); 1791 } 1792 is_assignable = target_class_type.is_assignable_from( 1793 stack_object_type, current_class(), CHECK_VERIFY(this)); 1794 if (!is_assignable) { 1795 verify_error(bci, "Bad type on operand stack in putfield"); 1796 return; 1797 } 1798 } 1799 check_protected: { 1800 if (_this_type == stack_object_type) 1801 break; // stack_object_type must be assignable to _current_class_type 1802 symbolHandle ref_class_name = symbolHandle(THREAD, 1803 cp->klass_name_at(cp->klass_ref_index_at(index))); 1804 if (!name_in_supers(ref_class_name(), current_class())) 1805 // stack_object_type must be assignable to _current_class_type since: 1806 // 1. stack_object_type must be assignable to ref_class. 1807 // 2. ref_class must be _current_class or a subclass of it. It can't 1808 // be a superclass of it. See revised JVMS 5.4.4. 1809 break; 1810 1811 klassOop ref_class_oop = load_class(ref_class_name, CHECK); 1812 if (is_protected_access(current_class(), ref_class_oop, field_name(), 1813 field_sig(), false)) { 1814 // It's protected access, check if stack object is assignable to 1815 // current class. 1816 is_assignable = current_type().is_assignable_from( 1817 stack_object_type, current_class(), CHECK_VERIFY(this)); 1818 if (!is_assignable) { 1819 verify_error(bci, "Bad access to protected data in getfield"); 1820 return; 1821 } 1822 } 1823 break; 1824 } 1825 default: ShouldNotReachHere(); 1826 } 1827} 1828 1829void ClassVerifier::verify_invoke_init( 1830 RawBytecodeStream* bcs, VerificationType ref_class_type, 1831 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 1832 constantPoolHandle cp, TRAPS) { 1833 u2 bci = bcs->bci(); 1834 VerificationType type = current_frame->pop_stack( 1835 VerificationType::reference_check(), CHECK_VERIFY(this)); 1836 if (type == VerificationType::uninitialized_this_type()) { 1837 // The method must be an <init> method of either this class, or one of its 1838 // superclasses 1839 klassOop oop = current_class()(); 1840 Klass* klass = oop->klass_part(); 1841 while (klass != NULL && ref_class_type.name() != klass->name()) { 1842 klass = klass->super()->klass_part(); 1843 } 1844 if (klass == NULL) { 1845 verify_error(bci, "Bad <init> method call"); 1846 return; 1847 } 1848 current_frame->initialize_object(type, current_type()); 1849 *this_uninit = true; 1850 } else if (type.is_uninitialized()) { 1851 u2 new_offset = type.bci(); 1852 address new_bcp = bcs->bcp() - bci + new_offset; 1853 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 1854 verify_error(new_offset, "Expecting new instruction"); 1855 return; 1856 } 1857 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 1858 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this)); 1859 1860 // The method must be an <init> method of the indicated class 1861 VerificationType new_class_type = cp_index_to_type( 1862 new_class_index, cp, CHECK_VERIFY(this)); 1863 if (!new_class_type.equals(ref_class_type)) { 1864 verify_error(bci, "Call to wrong <init> method"); 1865 return; 1866 } 1867 // According to the VM spec, if the referent class is a superclass of the 1868 // current class, and is in a different runtime package, and the method is 1869 // protected, then the objectref must be the current class or a subclass 1870 // of the current class. 1871 VerificationType objectref_type = new_class_type; 1872 if (name_in_supers(ref_class_type.name(), current_class())) { 1873 klassOop ref_klass = load_class( 1874 ref_class_type.name(), CHECK_VERIFY(this)); 1875 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method( 1876 vmSymbols::object_initializer_name(), 1877 cp->signature_ref_at(bcs->get_index_u2())); 1878 instanceKlassHandle mh(THREAD, m->method_holder()); 1879 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 1880 bool assignable = current_type().is_assignable_from( 1881 objectref_type, current_class(), CHECK_VERIFY(this)); 1882 if (!assignable) { 1883 verify_error(bci, "Bad access to protected <init> method"); 1884 return; 1885 } 1886 } 1887 } 1888 current_frame->initialize_object(type, new_class_type); 1889 } else { 1890 verify_error(bci, "Bad operand type when invoking <init>"); 1891 return; 1892 } 1893} 1894 1895void ClassVerifier::verify_invoke_instructions( 1896 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 1897 bool *this_uninit, VerificationType return_type, 1898 constantPoolHandle cp, TRAPS) { 1899 // Make sure the constant pool item is the right type 1900 u2 index = bcs->get_index_u2(); 1901 Bytecodes::Code opcode = bcs->raw_code(); 1902 unsigned int types = (opcode == Bytecodes::_invokeinterface 1903 ? 1 << JVM_CONSTANT_InterfaceMethodref 1904 : opcode == Bytecodes::_invokedynamic 1905 ? 1 << JVM_CONSTANT_NameAndType 1906 : 1 << JVM_CONSTANT_Methodref); 1907 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1908 1909 // Get method name and signature 1910 symbolHandle method_name(THREAD, cp->name_ref_at(index)); 1911 symbolHandle method_sig(THREAD, cp->signature_ref_at(index)); 1912 1913 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 1914 class_format_error( 1915 "Invalid method signature in class %s referenced " 1916 "from constant pool index %d", _klass->external_name(), index); 1917 return; 1918 } 1919 1920 // Get referenced class type 1921 VerificationType ref_class_type; 1922 if (opcode == Bytecodes::_invokedynamic) { 1923 if (!EnableInvokeDynamic) { 1924 class_format_error( 1925 "invokedynamic instructions not enabled on this JVM", 1926 _klass->external_name()); 1927 return; 1928 } 1929 } else { 1930 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 1931 } 1932 1933 // For a small signature length, we just allocate 128 bytes instead 1934 // of parsing the signature once to find its size. 1935 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 1936 // longs/doubles to be consertive. 1937 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1938 "buffer type must match VerificationType size"); 1939 uintptr_t on_stack_sig_types_buffer[128]; 1940 // If we make a VerificationType[128] array directly, the compiler calls 1941 // to the c-runtime library to do the allocation instead of just 1942 // stack allocating it. Plus it would run constructors. This shows up 1943 // in performance profiles. 1944 1945 VerificationType* sig_types; 1946 int size = (method_sig->utf8_length() - 3) * 2; 1947 if (size > 128) { 1948 // Long and double occupies two slots here. 1949 ArgumentSizeComputer size_it(method_sig); 1950 size = size_it.size(); 1951 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 1952 } else{ 1953 sig_types = (VerificationType*)on_stack_sig_types_buffer; 1954 } 1955 SignatureStream sig_stream(method_sig); 1956 int sig_i = 0; 1957 while (!sig_stream.at_return_type()) { 1958 sig_i += change_sig_to_verificationType( 1959 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 1960 sig_stream.next(); 1961 } 1962 int nargs = sig_i; 1963 1964#ifdef ASSERT 1965 { 1966 ArgumentSizeComputer size_it(method_sig); 1967 assert(nargs == size_it.size(), "Argument sizes do not match"); 1968 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 1969 } 1970#endif 1971 1972 // Check instruction operands 1973 u2 bci = bcs->bci(); 1974 if (opcode == Bytecodes::_invokeinterface) { 1975 address bcp = bcs->bcp(); 1976 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 1977 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 1978 // the difference between the size of the operand stack before and after the instruction 1979 // executes. 1980 if (*(bcp+3) != (nargs+1)) { 1981 verify_error(bci, "Inconsistent args count operand in invokeinterface"); 1982 return; 1983 } 1984 if (*(bcp+4) != 0) { 1985 verify_error(bci, "Fourth operand byte of invokeinterface must be zero"); 1986 return; 1987 } 1988 } 1989 1990 if (opcode == Bytecodes::_invokedynamic) { 1991 address bcp = bcs->bcp(); 1992 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 1993 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero"); 1994 return; 1995 } 1996 } 1997 1998 if (method_name->byte_at(0) == '<') { 1999 // Make sure <init> can only be invoked by invokespecial 2000 if (opcode != Bytecodes::_invokespecial || 2001 method_name() != vmSymbols::object_initializer_name()) { 2002 verify_error(bci, "Illegal call to internal method"); 2003 return; 2004 } 2005 } else if (opcode == Bytecodes::_invokespecial 2006 && !ref_class_type.equals(current_type()) 2007 && !ref_class_type.equals(VerificationType::reference_type( 2008 current_class()->super()->klass_part()->name()))) { 2009 bool subtype = ref_class_type.is_assignable_from( 2010 current_type(), current_class(), CHECK_VERIFY(this)); 2011 if (!subtype) { 2012 verify_error(bci, "Bad invokespecial instruction: " 2013 "current class isn't assignable to reference class."); 2014 return; 2015 } 2016 } 2017 // Match method descriptor with operand stack 2018 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2019 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2020 } 2021 // Check objectref on operand stack 2022 if (opcode != Bytecodes::_invokestatic && 2023 opcode != Bytecodes::_invokedynamic) { 2024 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method 2025 verify_invoke_init(bcs, ref_class_type, current_frame, 2026 code_length, this_uninit, cp, CHECK_VERIFY(this)); 2027 } else { // other methods 2028 // Ensures that target class is assignable to method class. 2029 if (opcode == Bytecodes::_invokespecial) { 2030 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2031 } else if (opcode == Bytecodes::_invokevirtual) { 2032 VerificationType stack_object_type = 2033 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2034 if (current_type() != stack_object_type) { 2035 assert(cp->cache() == NULL, "not rewritten yet"); 2036 symbolHandle ref_class_name = symbolHandle(THREAD, 2037 cp->klass_name_at(cp->klass_ref_index_at(index))); 2038 // See the comments in verify_field_instructions() for 2039 // the rationale behind this. 2040 if (name_in_supers(ref_class_name(), current_class())) { 2041 klassOop ref_class = load_class(ref_class_name, CHECK); 2042 if (is_protected_access( 2043 _klass, ref_class, method_name(), method_sig(), true)) { 2044 // It's protected access, check if stack object is 2045 // assignable to current class. 2046 bool is_assignable = current_type().is_assignable_from( 2047 stack_object_type, current_class(), CHECK_VERIFY(this)); 2048 if (!is_assignable) { 2049 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2050 && stack_object_type.is_array() 2051 && method_name() == vmSymbols::clone_name()) { 2052 // Special case: arrays pretend to implement public Object 2053 // clone(). 2054 } else { 2055 verify_error(bci, 2056 "Bad access to protected data in invokevirtual"); 2057 return; 2058 } 2059 } 2060 } 2061 } 2062 } 2063 } else { 2064 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2065 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2066 } 2067 } 2068 } 2069 // Push the result type. 2070 if (sig_stream.type() != T_VOID) { 2071 if (method_name() == vmSymbols::object_initializer_name()) { 2072 // <init> method must have a void return type 2073 verify_error(bci, "Return type must be void in <init> method"); 2074 return; 2075 } 2076 VerificationType return_type[2]; 2077 int n = change_sig_to_verificationType( 2078 &sig_stream, return_type, CHECK_VERIFY(this)); 2079 for (int i = 0; i < n; i++) { 2080 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2081 } 2082 } 2083} 2084 2085VerificationType ClassVerifier::get_newarray_type( 2086 u2 index, u2 bci, TRAPS) { 2087 const char* from_bt[] = { 2088 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2089 }; 2090 if (index < T_BOOLEAN || index > T_LONG) { 2091 verify_error(bci, "Illegal newarray instruction"); 2092 return VerificationType::bogus_type(); 2093 } 2094 2095 // from_bt[index] contains the array signature which has a length of 2 2096 symbolHandle sig = oopFactory::new_symbol_handle( 2097 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2098 return VerificationType::reference_type(sig); 2099} 2100 2101void ClassVerifier::verify_anewarray( 2102 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) { 2103 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 2104 current_frame->pop_stack( 2105 VerificationType::integer_type(), CHECK_VERIFY(this)); 2106 2107 VerificationType component_type = 2108 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2109 ResourceMark rm(THREAD); 2110 int length; 2111 char* arr_sig_str; 2112 if (component_type.is_array()) { // it's an array 2113 const char* component_name = component_type.name()->as_utf8(); 2114 // add one dimension to component 2115 length = (int)strlen(component_name) + 1; 2116 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2117 arr_sig_str[0] = '['; 2118 strncpy(&arr_sig_str[1], component_name, length - 1); 2119 } else { // it's an object or interface 2120 const char* component_name = component_type.name()->as_utf8(); 2121 // add one dimension to component with 'L' prepended and ';' postpended. 2122 length = (int)strlen(component_name) + 3; 2123 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2124 arr_sig_str[0] = '['; 2125 arr_sig_str[1] = 'L'; 2126 strncpy(&arr_sig_str[2], component_name, length - 2); 2127 arr_sig_str[length - 1] = ';'; 2128 } 2129 symbolHandle arr_sig = oopFactory::new_symbol_handle( 2130 arr_sig_str, length, CHECK_VERIFY(this)); 2131 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2132 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2133} 2134 2135void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2136 current_frame->get_local( 2137 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2138 current_frame->push_stack( 2139 VerificationType::integer_type(), CHECK_VERIFY(this)); 2140} 2141 2142void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2143 current_frame->get_local_2( 2144 index, VerificationType::long_type(), 2145 VerificationType::long2_type(), CHECK_VERIFY(this)); 2146 current_frame->push_stack_2( 2147 VerificationType::long_type(), 2148 VerificationType::long2_type(), CHECK_VERIFY(this)); 2149} 2150 2151void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2152 current_frame->get_local( 2153 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2154 current_frame->push_stack( 2155 VerificationType::float_type(), CHECK_VERIFY(this)); 2156} 2157 2158void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2159 current_frame->get_local_2( 2160 index, VerificationType::double_type(), 2161 VerificationType::double2_type(), CHECK_VERIFY(this)); 2162 current_frame->push_stack_2( 2163 VerificationType::double_type(), 2164 VerificationType::double2_type(), CHECK_VERIFY(this)); 2165} 2166 2167void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2168 VerificationType type = current_frame->get_local( 2169 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2170 current_frame->push_stack(type, CHECK_VERIFY(this)); 2171} 2172 2173void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2174 current_frame->pop_stack( 2175 VerificationType::integer_type(), CHECK_VERIFY(this)); 2176 current_frame->set_local( 2177 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2178} 2179 2180void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2181 current_frame->pop_stack_2( 2182 VerificationType::long2_type(), 2183 VerificationType::long_type(), CHECK_VERIFY(this)); 2184 current_frame->set_local_2( 2185 index, VerificationType::long_type(), 2186 VerificationType::long2_type(), CHECK_VERIFY(this)); 2187} 2188 2189void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2190 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2191 current_frame->set_local( 2192 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2193} 2194 2195void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2196 current_frame->pop_stack_2( 2197 VerificationType::double2_type(), 2198 VerificationType::double_type(), CHECK_VERIFY(this)); 2199 current_frame->set_local_2( 2200 index, VerificationType::double_type(), 2201 VerificationType::double2_type(), CHECK_VERIFY(this)); 2202} 2203 2204void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2205 VerificationType type = current_frame->pop_stack( 2206 VerificationType::reference_check(), CHECK_VERIFY(this)); 2207 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2208} 2209 2210void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2211 VerificationType type = current_frame->get_local( 2212 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2213 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2214} 2215 2216void ClassVerifier::verify_return_value( 2217 VerificationType return_type, VerificationType type, u2 bci, TRAPS) { 2218 if (return_type == VerificationType::bogus_type()) { 2219 verify_error(bci, "Method expects a return value"); 2220 return; 2221 } 2222 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this)); 2223 if (!match) { 2224 verify_error(bci, "Bad return type"); 2225 return; 2226 } 2227} 2228