verifier.cpp revision 3602:da91efe96a93
1/* 2 * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25#include "precompiled.hpp" 26#include "classfile/classFileStream.hpp" 27#include "classfile/javaClasses.hpp" 28#include "classfile/stackMapTable.hpp" 29#include "classfile/stackMapFrame.hpp" 30#include "classfile/stackMapTableFormat.hpp" 31#include "classfile/systemDictionary.hpp" 32#include "classfile/verifier.hpp" 33#include "classfile/vmSymbols.hpp" 34#include "interpreter/bytecodes.hpp" 35#include "interpreter/bytecodeStream.hpp" 36#include "memory/oopFactory.hpp" 37#include "memory/resourceArea.hpp" 38#include "oops/instanceKlass.hpp" 39#include "oops/oop.inline.hpp" 40#include "oops/typeArrayOop.hpp" 41#include "prims/jvm.h" 42#include "runtime/fieldDescriptor.hpp" 43#include "runtime/handles.inline.hpp" 44#include "runtime/interfaceSupport.hpp" 45#include "runtime/javaCalls.hpp" 46#include "runtime/orderAccess.hpp" 47#include "runtime/os.hpp" 48#ifdef TARGET_ARCH_x86 49# include "bytes_x86.hpp" 50#endif 51#ifdef TARGET_ARCH_sparc 52# include "bytes_sparc.hpp" 53#endif 54#ifdef TARGET_ARCH_zero 55# include "bytes_zero.hpp" 56#endif 57#ifdef TARGET_ARCH_arm 58# include "bytes_arm.hpp" 59#endif 60#ifdef TARGET_ARCH_ppc 61# include "bytes_ppc.hpp" 62#endif 63 64#define NOFAILOVER_MAJOR_VERSION 51 65 66// Access to external entry for VerifyClassCodes - old byte code verifier 67 68extern "C" { 69 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 70 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 71} 72 73static void* volatile _verify_byte_codes_fn = NULL; 74 75static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 76 77static void* verify_byte_codes_fn() { 78 if (_verify_byte_codes_fn == NULL) { 79 void *lib_handle = os::native_java_library(); 80 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 81 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 82 if (func == NULL) { 83 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 84 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 85 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 86 } 87 } 88 return (void*)_verify_byte_codes_fn; 89} 90 91 92// Methods in Verifier 93 94bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 95 return (class_loader == NULL || !should_verify_class) ? 96 BytecodeVerificationLocal : BytecodeVerificationRemote; 97} 98 99bool Verifier::relax_verify_for(oop loader) { 100 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 101 bool need_verify = 102 // verifyAll 103 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 104 // verifyRemote 105 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 106 return !need_verify; 107} 108 109bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 110 HandleMark hm; 111 ResourceMark rm(THREAD); 112 113 Symbol* exception_name = NULL; 114 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 115 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 116 char* exception_message = message_buffer; 117 118 const char* klassName = klass->external_name(); 119 bool can_failover = FailOverToOldVerifier && 120 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 121 122 // If the class should be verified, first see if we can use the split 123 // verifier. If not, or if verification fails and FailOverToOldVerifier 124 // is set, then call the inference verifier. 125 if (is_eligible_for_verification(klass, should_verify_class)) { 126 if (TraceClassInitialization) { 127 tty->print_cr("Start class verification for: %s", klassName); 128 } 129 if (UseSplitVerifier && 130 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 131 ClassVerifier split_verifier(klass, THREAD); 132 split_verifier.verify_class(THREAD); 133 exception_name = split_verifier.result(); 134 if (can_failover && !HAS_PENDING_EXCEPTION && 135 (exception_name == vmSymbols::java_lang_VerifyError() || 136 exception_name == vmSymbols::java_lang_ClassFormatError())) { 137 if (TraceClassInitialization || VerboseVerification) { 138 tty->print_cr( 139 "Fail over class verification to old verifier for: %s", klassName); 140 } 141 exception_name = inference_verify( 142 klass, message_buffer, message_buffer_len, THREAD); 143 } 144 if (exception_name != NULL) { 145 exception_message = split_verifier.exception_message(); 146 } 147 } else { 148 exception_name = inference_verify( 149 klass, message_buffer, message_buffer_len, THREAD); 150 } 151 152 if (TraceClassInitialization || VerboseVerification) { 153 if (HAS_PENDING_EXCEPTION) { 154 tty->print("Verification for %s has", klassName); 155 tty->print_cr(" exception pending %s ", 156 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 157 } else if (exception_name != NULL) { 158 tty->print_cr("Verification for %s failed", klassName); 159 } 160 tty->print_cr("End class verification for: %s", klassName); 161 } 162 } 163 164 if (HAS_PENDING_EXCEPTION) { 165 return false; // use the existing exception 166 } else if (exception_name == NULL) { 167 return true; // verifcation succeeded 168 } else { // VerifyError or ClassFormatError to be created and thrown 169 ResourceMark rm(THREAD); 170 instanceKlassHandle kls = 171 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 172 while (!kls.is_null()) { 173 if (kls == klass) { 174 // If the class being verified is the exception we're creating 175 // or one of it's superclasses, we're in trouble and are going 176 // to infinitely recurse when we try to initialize the exception. 177 // So bail out here by throwing the preallocated VM error. 178 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 179 } 180 kls = kls->super(); 181 } 182 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 183 THROW_MSG_(exception_name, exception_message, false); 184 } 185} 186 187bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) { 188 Symbol* name = klass->name(); 189 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 190 191 return (should_verify_for(klass->class_loader(), should_verify_class) && 192 // return if the class is a bootstrapping class 193 // or defineClass specified not to verify by default (flags override passed arg) 194 // We need to skip the following four for bootstraping 195 name != vmSymbols::java_lang_Object() && 196 name != vmSymbols::java_lang_Class() && 197 name != vmSymbols::java_lang_String() && 198 name != vmSymbols::java_lang_Throwable() && 199 200 // Can not verify the bytecodes for shared classes because they have 201 // already been rewritten to contain constant pool cache indices, 202 // which the verifier can't understand. 203 // Shared classes shouldn't have stackmaps either. 204 !klass()->is_shared() && 205 206 // As of the fix for 4486457 we disable verification for all of the 207 // dynamically-generated bytecodes associated with the 1.4 208 // reflection implementation, not just those associated with 209 // sun/reflect/SerializationConstructorAccessor. 210 // NOTE: this is called too early in the bootstrapping process to be 211 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection. 212 (refl_magic_klass == NULL || 213 !klass->is_subtype_of(refl_magic_klass) || 214 VerifyReflectionBytecodes) 215 ); 216} 217 218Symbol* Verifier::inference_verify( 219 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 220 JavaThread* thread = (JavaThread*)THREAD; 221 JNIEnv *env = thread->jni_environment(); 222 223 void* verify_func = verify_byte_codes_fn(); 224 225 if (verify_func == NULL) { 226 jio_snprintf(message, message_len, "Could not link verifier"); 227 return vmSymbols::java_lang_VerifyError(); 228 } 229 230 ResourceMark rm(THREAD); 231 if (VerboseVerification) { 232 tty->print_cr("Verifying class %s with old format", klass->external_name()); 233 } 234 235 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 236 jint result; 237 238 { 239 HandleMark hm(thread); 240 ThreadToNativeFromVM ttn(thread); 241 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 242 // code knows that we have left the VM 243 244 if (_is_new_verify_byte_codes_fn) { 245 verify_byte_codes_fn_new_t func = 246 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 247 result = (*func)(env, cls, message, (int)message_len, 248 klass->major_version()); 249 } else { 250 verify_byte_codes_fn_t func = 251 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 252 result = (*func)(env, cls, message, (int)message_len); 253 } 254 } 255 256 JNIHandles::destroy_local(cls); 257 258 // These numbers are chosen so that VerifyClassCodes interface doesn't need 259 // to be changed (still return jboolean (unsigned char)), and result is 260 // 1 when verification is passed. 261 if (result == 0) { 262 return vmSymbols::java_lang_VerifyError(); 263 } else if (result == 1) { 264 return NULL; // verified. 265 } else if (result == 2) { 266 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 267 } else if (result == 3) { 268 return vmSymbols::java_lang_ClassFormatError(); 269 } else { 270 ShouldNotReachHere(); 271 return NULL; 272 } 273} 274 275TypeOrigin TypeOrigin::null() { 276 return TypeOrigin(); 277} 278TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 279 assert(frame != NULL, "Must have a frame"); 280 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 281 frame->local_at(index)); 282} 283TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 284 assert(frame != NULL, "Must have a frame"); 285 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 286 frame->stack_at(index)); 287} 288TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 289 assert(frame != NULL, "Must have a frame"); 290 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 291 frame->local_at(index)); 292} 293TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 294 assert(frame != NULL, "Must have a frame"); 295 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 296 frame->stack_at(index)); 297} 298TypeOrigin TypeOrigin::bad_index(u2 index) { 299 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 300} 301TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 302 return TypeOrigin(CONST_POOL, index, NULL, vt); 303} 304TypeOrigin TypeOrigin::signature(VerificationType vt) { 305 return TypeOrigin(SIG, 0, NULL, vt); 306} 307TypeOrigin TypeOrigin::implicit(VerificationType t) { 308 return TypeOrigin(IMPLICIT, 0, NULL, t); 309} 310TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 311 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 312 VerificationType::bogus_type()); 313} 314 315void TypeOrigin::reset_frame() { 316 if (_frame != NULL) { 317 _frame->restore(); 318 } 319} 320 321void TypeOrigin::details(outputStream* ss) const { 322 _type.print_on(ss); 323 switch (_origin) { 324 case CF_LOCALS: 325 ss->print(" (current frame, locals[%d])", _index); 326 break; 327 case CF_STACK: 328 ss->print(" (current frame, stack[%d])", _index); 329 break; 330 case SM_LOCALS: 331 ss->print(" (stack map, locals[%d])", _index); 332 break; 333 case SM_STACK: 334 ss->print(" (stack map, stack[%d])", _index); 335 break; 336 case CONST_POOL: 337 ss->print(" (constant pool %d)", _index); 338 break; 339 case SIG: 340 ss->print(" (from method signature)"); 341 break; 342 case IMPLICIT: 343 case FRAME_ONLY: 344 case NONE: 345 default: 346 ; 347 } 348} 349 350#ifdef ASSERT 351void TypeOrigin::print_on(outputStream* str) const { 352 str->print("{%d,%d,%p:", _origin, _index, _frame); 353 if (_frame != NULL) { 354 _frame->print_on(str); 355 } else { 356 str->print("null"); 357 } 358 str->print(","); 359 _type.print_on(str); 360 str->print("}"); 361} 362#endif 363 364void ErrorContext::details(outputStream* ss, Method* method) const { 365 if (is_valid()) { 366 ss->print_cr(""); 367 ss->print_cr("Exception Details:"); 368 location_details(ss, method); 369 reason_details(ss); 370 frame_details(ss); 371 bytecode_details(ss, method); 372 handler_details(ss, method); 373 stackmap_details(ss, method); 374 } 375} 376 377void ErrorContext::reason_details(outputStream* ss) const { 378 streamIndentor si(ss); 379 ss->indent().print_cr("Reason:"); 380 streamIndentor si2(ss); 381 ss->indent().print(""); 382 switch (_fault) { 383 case INVALID_BYTECODE: 384 ss->print("Error exists in the bytecode"); 385 break; 386 case WRONG_TYPE: 387 if (_expected.is_valid()) { 388 ss->print("Type "); 389 _type.details(ss); 390 ss->print(" is not assignable to "); 391 _expected.details(ss); 392 } else { 393 ss->print("Invalid type: "); 394 _type.details(ss); 395 } 396 break; 397 case FLAGS_MISMATCH: 398 if (_expected.is_valid()) { 399 ss->print("Current frame's flags are not assignable " 400 "to stack map frame's."); 401 } else { 402 ss->print("Current frame's flags are invalid in this context."); 403 } 404 break; 405 case BAD_CP_INDEX: 406 ss->print("Constant pool index %d is invalid", _type.index()); 407 break; 408 case BAD_LOCAL_INDEX: 409 ss->print("Local index %d is invalid", _type.index()); 410 break; 411 case LOCALS_SIZE_MISMATCH: 412 ss->print("Current frame's local size doesn't match stackmap."); 413 break; 414 case STACK_SIZE_MISMATCH: 415 ss->print("Current frame's stack size doesn't match stackmap."); 416 break; 417 case STACK_OVERFLOW: 418 ss->print("Exceeded max stack size."); 419 break; 420 case STACK_UNDERFLOW: 421 ss->print("Attempt to pop empty stack."); 422 break; 423 case MISSING_STACKMAP: 424 ss->print("Expected stackmap frame at this location."); 425 break; 426 case BAD_STACKMAP: 427 ss->print("Invalid stackmap specification."); 428 break; 429 case UNKNOWN: 430 default: 431 ShouldNotReachHere(); 432 ss->print_cr("Unknown"); 433 } 434 ss->print_cr(""); 435} 436 437void ErrorContext::location_details(outputStream* ss, Method* method) const { 438 if (_bci != -1 && method != NULL) { 439 streamIndentor si(ss); 440 const char* bytecode_name = "<invalid>"; 441 if (method->validate_bci_from_bcx(_bci) != -1) { 442 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 443 if (Bytecodes::is_defined(code)) { 444 bytecode_name = Bytecodes::name(code); 445 } else { 446 bytecode_name = "<illegal>"; 447 } 448 } 449 InstanceKlass* ik = InstanceKlass::cast(method->method_holder()); 450 ss->indent().print_cr("Location:"); 451 streamIndentor si2(ss); 452 ss->indent().print_cr("%s.%s%s @%d: %s", 453 ik->name()->as_C_string(), method->name()->as_C_string(), 454 method->signature()->as_C_string(), _bci, bytecode_name); 455 } 456} 457 458void ErrorContext::frame_details(outputStream* ss) const { 459 streamIndentor si(ss); 460 if (_type.is_valid() && _type.frame() != NULL) { 461 ss->indent().print_cr("Current Frame:"); 462 streamIndentor si2(ss); 463 _type.frame()->print_on(ss); 464 } 465 if (_expected.is_valid() && _expected.frame() != NULL) { 466 ss->indent().print_cr("Stackmap Frame:"); 467 streamIndentor si2(ss); 468 _expected.frame()->print_on(ss); 469 } 470} 471 472void ErrorContext::bytecode_details(outputStream* ss, Method* method) const { 473 if (method != NULL) { 474 streamIndentor si(ss); 475 ss->indent().print_cr("Bytecode:"); 476 streamIndentor si2(ss); 477 ss->print_data(method->code_base(), method->code_size(), false); 478 } 479} 480 481void ErrorContext::handler_details(outputStream* ss, Method* method) const { 482 if (method != NULL) { 483 streamIndentor si(ss); 484 ExceptionTable table(method); 485 if (table.length() > 0) { 486 ss->indent().print_cr("Exception Handler Table:"); 487 streamIndentor si2(ss); 488 for (int i = 0; i < table.length(); ++i) { 489 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 490 table.end_pc(i), table.handler_pc(i)); 491 } 492 } 493 } 494} 495 496void ErrorContext::stackmap_details(outputStream* ss, Method* method) const { 497 if (method != NULL && method->has_stackmap_table()) { 498 streamIndentor si(ss); 499 ss->indent().print_cr("Stackmap Table:"); 500 Array<u1>* data = method->stackmap_data(); 501 stack_map_table* sm_table = 502 stack_map_table::at((address)data->adr_at(0)); 503 stack_map_frame* sm_frame = sm_table->entries(); 504 streamIndentor si2(ss); 505 int current_offset = -1; 506 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 507 ss->indent(); 508 sm_frame->print_on(ss, current_offset); 509 ss->print_cr(""); 510 current_offset += sm_frame->offset_delta(); 511 sm_frame = sm_frame->next(); 512 } 513 } 514} 515 516// Methods in ClassVerifier 517 518ClassVerifier::ClassVerifier( 519 instanceKlassHandle klass, TRAPS) 520 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 521 _this_type = VerificationType::reference_type(klass->name()); 522 // Create list to hold symbols in reference area. 523 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 524} 525 526ClassVerifier::~ClassVerifier() { 527 // Decrement the reference count for any symbols created. 528 for (int i = 0; i < _symbols->length(); i++) { 529 Symbol* s = _symbols->at(i); 530 s->decrement_refcount(); 531 } 532} 533 534VerificationType ClassVerifier::object_type() const { 535 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 536} 537 538TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 539 VerificationType vt = VerificationType::reference_type( 540 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 541 return TypeOrigin::implicit(vt); 542} 543 544void ClassVerifier::verify_class(TRAPS) { 545 if (VerboseVerification) { 546 tty->print_cr("Verifying class %s with new format", 547 _klass->external_name()); 548 } 549 550 Array<Method*>* methods = _klass->methods(); 551 int num_methods = methods->length(); 552 553 for (int index = 0; index < num_methods; index++) { 554 // Check for recursive re-verification before each method. 555 if (was_recursively_verified()) return; 556 557 Method* m = methods->at(index); 558 if (m->is_native() || m->is_abstract()) { 559 // If m is native or abstract, skip it. It is checked in class file 560 // parser that methods do not override a final method. 561 continue; 562 } 563 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 564 } 565 566 if (VerboseVerification || TraceClassInitialization) { 567 if (was_recursively_verified()) 568 tty->print_cr("Recursive verification detected for: %s", 569 _klass->external_name()); 570 } 571} 572 573void ClassVerifier::verify_method(methodHandle m, TRAPS) { 574 HandleMark hm(THREAD); 575 _method = m; // initialize _method 576 if (VerboseVerification) { 577 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 578 } 579 580 const char* bad_type_msg = "Bad type on operand stack in %s"; 581 582 int32_t max_stack = m->verifier_max_stack(); 583 int32_t max_locals = m->max_locals(); 584 constantPoolHandle cp(THREAD, m->constants()); 585 586 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 587 class_format_error("Invalid method signature"); 588 return; 589 } 590 591 // Initial stack map frame: offset is 0, stack is initially empty. 592 StackMapFrame current_frame(max_locals, max_stack, this); 593 // Set initial locals 594 VerificationType return_type = current_frame.set_locals_from_arg( 595 m, current_type(), CHECK_VERIFY(this)); 596 597 int32_t stackmap_index = 0; // index to the stackmap array 598 599 u4 code_length = m->code_size(); 600 601 // Scan the bytecode and map each instruction's start offset to a number. 602 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 603 604 int ex_min = code_length; 605 int ex_max = -1; 606 // Look through each item on the exception table. Each of the fields must refer 607 // to a legal instruction. 608 verify_exception_handler_table( 609 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 610 611 // Look through each entry on the local variable table and make sure 612 // its range of code array offsets is valid. (4169817) 613 if (m->has_localvariable_table()) { 614 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 615 } 616 617 Array<u1>* stackmap_data = m->stackmap_data(); 618 StackMapStream stream(stackmap_data); 619 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 620 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 621 code_data, code_length, CHECK_VERIFY(this)); 622 623 if (VerboseVerification) { 624 stackmap_table.print_on(tty); 625 } 626 627 RawBytecodeStream bcs(m); 628 629 // Scan the byte code linearly from the start to the end 630 bool no_control_flow = false; // Set to true when there is no direct control 631 // flow from current instruction to the next 632 // instruction in sequence 633 Bytecodes::Code opcode; 634 while (!bcs.is_last_bytecode()) { 635 // Check for recursive re-verification before each bytecode. 636 if (was_recursively_verified()) return; 637 638 opcode = bcs.raw_next(); 639 u2 bci = bcs.bci(); 640 641 // Set current frame's offset to bci 642 current_frame.set_offset(bci); 643 current_frame.set_mark(); 644 645 // Make sure every offset in stackmap table point to the beginning to 646 // an instruction. Match current_frame to stackmap_table entry with 647 // the same offset if exists. 648 stackmap_index = verify_stackmap_table( 649 stackmap_index, bci, ¤t_frame, &stackmap_table, 650 no_control_flow, CHECK_VERIFY(this)); 651 652 653 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 654 655 // Merge with the next instruction 656 { 657 u2 index; 658 int target; 659 VerificationType type, type2; 660 VerificationType atype; 661 662#ifndef PRODUCT 663 if (VerboseVerification) { 664 current_frame.print_on(tty); 665 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 666 } 667#endif 668 669 // Make sure wide instruction is in correct format 670 if (bcs.is_wide()) { 671 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 672 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 673 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 674 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 675 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 676 opcode != Bytecodes::_dstore) { 677 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 678 * if we encounter a wide instruction that modifies an invalid 679 * opcode (not one of the ones listed above) */ 680 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 681 return; 682 } 683 } 684 685 switch (opcode) { 686 case Bytecodes::_nop : 687 no_control_flow = false; break; 688 case Bytecodes::_aconst_null : 689 current_frame.push_stack( 690 VerificationType::null_type(), CHECK_VERIFY(this)); 691 no_control_flow = false; break; 692 case Bytecodes::_iconst_m1 : 693 case Bytecodes::_iconst_0 : 694 case Bytecodes::_iconst_1 : 695 case Bytecodes::_iconst_2 : 696 case Bytecodes::_iconst_3 : 697 case Bytecodes::_iconst_4 : 698 case Bytecodes::_iconst_5 : 699 current_frame.push_stack( 700 VerificationType::integer_type(), CHECK_VERIFY(this)); 701 no_control_flow = false; break; 702 case Bytecodes::_lconst_0 : 703 case Bytecodes::_lconst_1 : 704 current_frame.push_stack_2( 705 VerificationType::long_type(), 706 VerificationType::long2_type(), CHECK_VERIFY(this)); 707 no_control_flow = false; break; 708 case Bytecodes::_fconst_0 : 709 case Bytecodes::_fconst_1 : 710 case Bytecodes::_fconst_2 : 711 current_frame.push_stack( 712 VerificationType::float_type(), CHECK_VERIFY(this)); 713 no_control_flow = false; break; 714 case Bytecodes::_dconst_0 : 715 case Bytecodes::_dconst_1 : 716 current_frame.push_stack_2( 717 VerificationType::double_type(), 718 VerificationType::double2_type(), CHECK_VERIFY(this)); 719 no_control_flow = false; break; 720 case Bytecodes::_sipush : 721 case Bytecodes::_bipush : 722 current_frame.push_stack( 723 VerificationType::integer_type(), CHECK_VERIFY(this)); 724 no_control_flow = false; break; 725 case Bytecodes::_ldc : 726 verify_ldc( 727 opcode, bcs.get_index_u1(), ¤t_frame, 728 cp, bci, CHECK_VERIFY(this)); 729 no_control_flow = false; break; 730 case Bytecodes::_ldc_w : 731 case Bytecodes::_ldc2_w : 732 verify_ldc( 733 opcode, bcs.get_index_u2(), ¤t_frame, 734 cp, bci, CHECK_VERIFY(this)); 735 no_control_flow = false; break; 736 case Bytecodes::_iload : 737 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 738 no_control_flow = false; break; 739 case Bytecodes::_iload_0 : 740 case Bytecodes::_iload_1 : 741 case Bytecodes::_iload_2 : 742 case Bytecodes::_iload_3 : 743 index = opcode - Bytecodes::_iload_0; 744 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 745 no_control_flow = false; break; 746 case Bytecodes::_lload : 747 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 748 no_control_flow = false; break; 749 case Bytecodes::_lload_0 : 750 case Bytecodes::_lload_1 : 751 case Bytecodes::_lload_2 : 752 case Bytecodes::_lload_3 : 753 index = opcode - Bytecodes::_lload_0; 754 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 755 no_control_flow = false; break; 756 case Bytecodes::_fload : 757 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 758 no_control_flow = false; break; 759 case Bytecodes::_fload_0 : 760 case Bytecodes::_fload_1 : 761 case Bytecodes::_fload_2 : 762 case Bytecodes::_fload_3 : 763 index = opcode - Bytecodes::_fload_0; 764 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 765 no_control_flow = false; break; 766 case Bytecodes::_dload : 767 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 768 no_control_flow = false; break; 769 case Bytecodes::_dload_0 : 770 case Bytecodes::_dload_1 : 771 case Bytecodes::_dload_2 : 772 case Bytecodes::_dload_3 : 773 index = opcode - Bytecodes::_dload_0; 774 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 775 no_control_flow = false; break; 776 case Bytecodes::_aload : 777 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 778 no_control_flow = false; break; 779 case Bytecodes::_aload_0 : 780 case Bytecodes::_aload_1 : 781 case Bytecodes::_aload_2 : 782 case Bytecodes::_aload_3 : 783 index = opcode - Bytecodes::_aload_0; 784 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 785 no_control_flow = false; break; 786 case Bytecodes::_iaload : 787 type = current_frame.pop_stack( 788 VerificationType::integer_type(), CHECK_VERIFY(this)); 789 atype = current_frame.pop_stack( 790 VerificationType::reference_check(), CHECK_VERIFY(this)); 791 if (!atype.is_int_array()) { 792 verify_error(ErrorContext::bad_type(bci, 793 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 794 bad_type_msg, "iaload"); 795 return; 796 } 797 current_frame.push_stack( 798 VerificationType::integer_type(), CHECK_VERIFY(this)); 799 no_control_flow = false; break; 800 case Bytecodes::_baload : 801 type = current_frame.pop_stack( 802 VerificationType::integer_type(), CHECK_VERIFY(this)); 803 atype = current_frame.pop_stack( 804 VerificationType::reference_check(), CHECK_VERIFY(this)); 805 if (!atype.is_bool_array() && !atype.is_byte_array()) { 806 verify_error( 807 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 808 bad_type_msg, "baload"); 809 return; 810 } 811 current_frame.push_stack( 812 VerificationType::integer_type(), CHECK_VERIFY(this)); 813 no_control_flow = false; break; 814 case Bytecodes::_caload : 815 type = current_frame.pop_stack( 816 VerificationType::integer_type(), CHECK_VERIFY(this)); 817 atype = current_frame.pop_stack( 818 VerificationType::reference_check(), CHECK_VERIFY(this)); 819 if (!atype.is_char_array()) { 820 verify_error(ErrorContext::bad_type(bci, 821 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 822 bad_type_msg, "caload"); 823 return; 824 } 825 current_frame.push_stack( 826 VerificationType::integer_type(), CHECK_VERIFY(this)); 827 no_control_flow = false; break; 828 case Bytecodes::_saload : 829 type = current_frame.pop_stack( 830 VerificationType::integer_type(), CHECK_VERIFY(this)); 831 atype = current_frame.pop_stack( 832 VerificationType::reference_check(), CHECK_VERIFY(this)); 833 if (!atype.is_short_array()) { 834 verify_error(ErrorContext::bad_type(bci, 835 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 836 bad_type_msg, "saload"); 837 return; 838 } 839 current_frame.push_stack( 840 VerificationType::integer_type(), CHECK_VERIFY(this)); 841 no_control_flow = false; break; 842 case Bytecodes::_laload : 843 type = current_frame.pop_stack( 844 VerificationType::integer_type(), CHECK_VERIFY(this)); 845 atype = current_frame.pop_stack( 846 VerificationType::reference_check(), CHECK_VERIFY(this)); 847 if (!atype.is_long_array()) { 848 verify_error(ErrorContext::bad_type(bci, 849 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 850 bad_type_msg, "laload"); 851 return; 852 } 853 current_frame.push_stack_2( 854 VerificationType::long_type(), 855 VerificationType::long2_type(), CHECK_VERIFY(this)); 856 no_control_flow = false; break; 857 case Bytecodes::_faload : 858 type = current_frame.pop_stack( 859 VerificationType::integer_type(), CHECK_VERIFY(this)); 860 atype = current_frame.pop_stack( 861 VerificationType::reference_check(), CHECK_VERIFY(this)); 862 if (!atype.is_float_array()) { 863 verify_error(ErrorContext::bad_type(bci, 864 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 865 bad_type_msg, "faload"); 866 return; 867 } 868 current_frame.push_stack( 869 VerificationType::float_type(), CHECK_VERIFY(this)); 870 no_control_flow = false; break; 871 case Bytecodes::_daload : 872 type = current_frame.pop_stack( 873 VerificationType::integer_type(), CHECK_VERIFY(this)); 874 atype = current_frame.pop_stack( 875 VerificationType::reference_check(), CHECK_VERIFY(this)); 876 if (!atype.is_double_array()) { 877 verify_error(ErrorContext::bad_type(bci, 878 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 879 bad_type_msg, "daload"); 880 return; 881 } 882 current_frame.push_stack_2( 883 VerificationType::double_type(), 884 VerificationType::double2_type(), CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_aaload : { 887 type = current_frame.pop_stack( 888 VerificationType::integer_type(), CHECK_VERIFY(this)); 889 atype = current_frame.pop_stack( 890 VerificationType::reference_check(), CHECK_VERIFY(this)); 891 if (!atype.is_reference_array()) { 892 verify_error(ErrorContext::bad_type(bci, 893 current_frame.stack_top_ctx(), 894 TypeOrigin::implicit(VerificationType::reference_check())), 895 bad_type_msg, "aaload"); 896 return; 897 } 898 if (atype.is_null()) { 899 current_frame.push_stack( 900 VerificationType::null_type(), CHECK_VERIFY(this)); 901 } else { 902 VerificationType component = 903 atype.get_component(this, CHECK_VERIFY(this)); 904 current_frame.push_stack(component, CHECK_VERIFY(this)); 905 } 906 no_control_flow = false; break; 907 } 908 case Bytecodes::_istore : 909 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 910 no_control_flow = false; break; 911 case Bytecodes::_istore_0 : 912 case Bytecodes::_istore_1 : 913 case Bytecodes::_istore_2 : 914 case Bytecodes::_istore_3 : 915 index = opcode - Bytecodes::_istore_0; 916 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 917 no_control_flow = false; break; 918 case Bytecodes::_lstore : 919 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 920 no_control_flow = false; break; 921 case Bytecodes::_lstore_0 : 922 case Bytecodes::_lstore_1 : 923 case Bytecodes::_lstore_2 : 924 case Bytecodes::_lstore_3 : 925 index = opcode - Bytecodes::_lstore_0; 926 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 927 no_control_flow = false; break; 928 case Bytecodes::_fstore : 929 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 930 no_control_flow = false; break; 931 case Bytecodes::_fstore_0 : 932 case Bytecodes::_fstore_1 : 933 case Bytecodes::_fstore_2 : 934 case Bytecodes::_fstore_3 : 935 index = opcode - Bytecodes::_fstore_0; 936 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 937 no_control_flow = false; break; 938 case Bytecodes::_dstore : 939 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 940 no_control_flow = false; break; 941 case Bytecodes::_dstore_0 : 942 case Bytecodes::_dstore_1 : 943 case Bytecodes::_dstore_2 : 944 case Bytecodes::_dstore_3 : 945 index = opcode - Bytecodes::_dstore_0; 946 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 947 no_control_flow = false; break; 948 case Bytecodes::_astore : 949 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 950 no_control_flow = false; break; 951 case Bytecodes::_astore_0 : 952 case Bytecodes::_astore_1 : 953 case Bytecodes::_astore_2 : 954 case Bytecodes::_astore_3 : 955 index = opcode - Bytecodes::_astore_0; 956 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 957 no_control_flow = false; break; 958 case Bytecodes::_iastore : 959 type = current_frame.pop_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 type2 = current_frame.pop_stack( 962 VerificationType::integer_type(), CHECK_VERIFY(this)); 963 atype = current_frame.pop_stack( 964 VerificationType::reference_check(), CHECK_VERIFY(this)); 965 if (!atype.is_int_array()) { 966 verify_error(ErrorContext::bad_type(bci, 967 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 968 bad_type_msg, "iastore"); 969 return; 970 } 971 no_control_flow = false; break; 972 case Bytecodes::_bastore : 973 type = current_frame.pop_stack( 974 VerificationType::integer_type(), CHECK_VERIFY(this)); 975 type2 = current_frame.pop_stack( 976 VerificationType::integer_type(), CHECK_VERIFY(this)); 977 atype = current_frame.pop_stack( 978 VerificationType::reference_check(), CHECK_VERIFY(this)); 979 if (!atype.is_bool_array() && !atype.is_byte_array()) { 980 verify_error( 981 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 982 bad_type_msg, "bastore"); 983 return; 984 } 985 no_control_flow = false; break; 986 case Bytecodes::_castore : 987 current_frame.pop_stack( 988 VerificationType::integer_type(), CHECK_VERIFY(this)); 989 current_frame.pop_stack( 990 VerificationType::integer_type(), CHECK_VERIFY(this)); 991 atype = current_frame.pop_stack( 992 VerificationType::reference_check(), CHECK_VERIFY(this)); 993 if (!atype.is_char_array()) { 994 verify_error(ErrorContext::bad_type(bci, 995 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 996 bad_type_msg, "castore"); 997 return; 998 } 999 no_control_flow = false; break; 1000 case Bytecodes::_sastore : 1001 current_frame.pop_stack( 1002 VerificationType::integer_type(), CHECK_VERIFY(this)); 1003 current_frame.pop_stack( 1004 VerificationType::integer_type(), CHECK_VERIFY(this)); 1005 atype = current_frame.pop_stack( 1006 VerificationType::reference_check(), CHECK_VERIFY(this)); 1007 if (!atype.is_short_array()) { 1008 verify_error(ErrorContext::bad_type(bci, 1009 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 1010 bad_type_msg, "sastore"); 1011 return; 1012 } 1013 no_control_flow = false; break; 1014 case Bytecodes::_lastore : 1015 current_frame.pop_stack_2( 1016 VerificationType::long2_type(), 1017 VerificationType::long_type(), CHECK_VERIFY(this)); 1018 current_frame.pop_stack( 1019 VerificationType::integer_type(), CHECK_VERIFY(this)); 1020 atype = current_frame.pop_stack( 1021 VerificationType::reference_check(), CHECK_VERIFY(this)); 1022 if (!atype.is_long_array()) { 1023 verify_error(ErrorContext::bad_type(bci, 1024 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1025 bad_type_msg, "lastore"); 1026 return; 1027 } 1028 no_control_flow = false; break; 1029 case Bytecodes::_fastore : 1030 current_frame.pop_stack( 1031 VerificationType::float_type(), CHECK_VERIFY(this)); 1032 current_frame.pop_stack 1033 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1034 atype = current_frame.pop_stack( 1035 VerificationType::reference_check(), CHECK_VERIFY(this)); 1036 if (!atype.is_float_array()) { 1037 verify_error(ErrorContext::bad_type(bci, 1038 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1039 bad_type_msg, "fastore"); 1040 return; 1041 } 1042 no_control_flow = false; break; 1043 case Bytecodes::_dastore : 1044 current_frame.pop_stack_2( 1045 VerificationType::double2_type(), 1046 VerificationType::double_type(), CHECK_VERIFY(this)); 1047 current_frame.pop_stack( 1048 VerificationType::integer_type(), CHECK_VERIFY(this)); 1049 atype = current_frame.pop_stack( 1050 VerificationType::reference_check(), CHECK_VERIFY(this)); 1051 if (!atype.is_double_array()) { 1052 verify_error(ErrorContext::bad_type(bci, 1053 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1054 bad_type_msg, "dastore"); 1055 return; 1056 } 1057 no_control_flow = false; break; 1058 case Bytecodes::_aastore : 1059 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1060 type2 = current_frame.pop_stack( 1061 VerificationType::integer_type(), CHECK_VERIFY(this)); 1062 atype = current_frame.pop_stack( 1063 VerificationType::reference_check(), CHECK_VERIFY(this)); 1064 // more type-checking is done at runtime 1065 if (!atype.is_reference_array()) { 1066 verify_error(ErrorContext::bad_type(bci, 1067 current_frame.stack_top_ctx(), 1068 TypeOrigin::implicit(VerificationType::reference_check())), 1069 bad_type_msg, "aastore"); 1070 return; 1071 } 1072 // 4938384: relaxed constraint in JVMS 3nd edition. 1073 no_control_flow = false; break; 1074 case Bytecodes::_pop : 1075 current_frame.pop_stack( 1076 VerificationType::category1_check(), CHECK_VERIFY(this)); 1077 no_control_flow = false; break; 1078 case Bytecodes::_pop2 : 1079 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1080 if (type.is_category1()) { 1081 current_frame.pop_stack( 1082 VerificationType::category1_check(), CHECK_VERIFY(this)); 1083 } else if (type.is_category2_2nd()) { 1084 current_frame.pop_stack( 1085 VerificationType::category2_check(), CHECK_VERIFY(this)); 1086 } else { 1087 /* Unreachable? Would need a category2_1st on TOS 1088 * which does not appear possible. */ 1089 verify_error( 1090 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1091 bad_type_msg, "pop2"); 1092 return; 1093 } 1094 no_control_flow = false; break; 1095 case Bytecodes::_dup : 1096 type = current_frame.pop_stack( 1097 VerificationType::category1_check(), CHECK_VERIFY(this)); 1098 current_frame.push_stack(type, CHECK_VERIFY(this)); 1099 current_frame.push_stack(type, CHECK_VERIFY(this)); 1100 no_control_flow = false; break; 1101 case Bytecodes::_dup_x1 : 1102 type = current_frame.pop_stack( 1103 VerificationType::category1_check(), CHECK_VERIFY(this)); 1104 type2 = current_frame.pop_stack( 1105 VerificationType::category1_check(), CHECK_VERIFY(this)); 1106 current_frame.push_stack(type, CHECK_VERIFY(this)); 1107 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1108 current_frame.push_stack(type, CHECK_VERIFY(this)); 1109 no_control_flow = false; break; 1110 case Bytecodes::_dup_x2 : 1111 { 1112 VerificationType type3; 1113 type = current_frame.pop_stack( 1114 VerificationType::category1_check(), CHECK_VERIFY(this)); 1115 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1116 if (type2.is_category1()) { 1117 type3 = current_frame.pop_stack( 1118 VerificationType::category1_check(), CHECK_VERIFY(this)); 1119 } else if (type2.is_category2_2nd()) { 1120 type3 = current_frame.pop_stack( 1121 VerificationType::category2_check(), CHECK_VERIFY(this)); 1122 } else { 1123 /* Unreachable? Would need a category2_1st at stack depth 2 with 1124 * a category1 on TOS which does not appear possible. */ 1125 verify_error(ErrorContext::bad_type( 1126 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1127 return; 1128 } 1129 current_frame.push_stack(type, CHECK_VERIFY(this)); 1130 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1131 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1132 current_frame.push_stack(type, CHECK_VERIFY(this)); 1133 no_control_flow = false; break; 1134 } 1135 case Bytecodes::_dup2 : 1136 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1137 if (type.is_category1()) { 1138 type2 = current_frame.pop_stack( 1139 VerificationType::category1_check(), CHECK_VERIFY(this)); 1140 } else if (type.is_category2_2nd()) { 1141 type2 = current_frame.pop_stack( 1142 VerificationType::category2_check(), CHECK_VERIFY(this)); 1143 } else { 1144 /* Unreachable? Would need a category2_1st on TOS which does not 1145 * appear possible. */ 1146 verify_error( 1147 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1148 bad_type_msg, "dup2"); 1149 return; 1150 } 1151 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1152 current_frame.push_stack(type, CHECK_VERIFY(this)); 1153 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1154 current_frame.push_stack(type, CHECK_VERIFY(this)); 1155 no_control_flow = false; break; 1156 case Bytecodes::_dup2_x1 : 1157 { 1158 VerificationType type3; 1159 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1160 if (type.is_category1()) { 1161 type2 = current_frame.pop_stack( 1162 VerificationType::category1_check(), CHECK_VERIFY(this)); 1163 } else if (type.is_category2_2nd()) { 1164 type2 = current_frame.pop_stack( 1165 VerificationType::category2_check(), CHECK_VERIFY(this)); 1166 } else { 1167 /* Unreachable? Would need a category2_1st on TOS which does 1168 * not appear possible. */ 1169 verify_error( 1170 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1171 bad_type_msg, "dup2_x1"); 1172 return; 1173 } 1174 type3 = current_frame.pop_stack( 1175 VerificationType::category1_check(), CHECK_VERIFY(this)); 1176 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1177 current_frame.push_stack(type, CHECK_VERIFY(this)); 1178 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1179 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1180 current_frame.push_stack(type, CHECK_VERIFY(this)); 1181 no_control_flow = false; break; 1182 } 1183 case Bytecodes::_dup2_x2 : 1184 { 1185 VerificationType type3, type4; 1186 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1187 if (type.is_category1()) { 1188 type2 = current_frame.pop_stack( 1189 VerificationType::category1_check(), CHECK_VERIFY(this)); 1190 } else if (type.is_category2_2nd()) { 1191 type2 = current_frame.pop_stack( 1192 VerificationType::category2_check(), CHECK_VERIFY(this)); 1193 } else { 1194 /* Unreachable? Would need a category2_1st on TOS which does 1195 * not appear possible. */ 1196 verify_error( 1197 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1198 bad_type_msg, "dup2_x2"); 1199 return; 1200 } 1201 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1202 if (type3.is_category1()) { 1203 type4 = current_frame.pop_stack( 1204 VerificationType::category1_check(), CHECK_VERIFY(this)); 1205 } else if (type3.is_category2_2nd()) { 1206 type4 = current_frame.pop_stack( 1207 VerificationType::category2_check(), CHECK_VERIFY(this)); 1208 } else { 1209 /* Unreachable? Would need a category2_1st on TOS after popping 1210 * a long/double or two category 1's, which does not 1211 * appear possible. */ 1212 verify_error( 1213 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1214 bad_type_msg, "dup2_x2"); 1215 return; 1216 } 1217 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1218 current_frame.push_stack(type, CHECK_VERIFY(this)); 1219 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1220 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1221 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1222 current_frame.push_stack(type, CHECK_VERIFY(this)); 1223 no_control_flow = false; break; 1224 } 1225 case Bytecodes::_swap : 1226 type = current_frame.pop_stack( 1227 VerificationType::category1_check(), CHECK_VERIFY(this)); 1228 type2 = current_frame.pop_stack( 1229 VerificationType::category1_check(), CHECK_VERIFY(this)); 1230 current_frame.push_stack(type, CHECK_VERIFY(this)); 1231 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1232 no_control_flow = false; break; 1233 case Bytecodes::_iadd : 1234 case Bytecodes::_isub : 1235 case Bytecodes::_imul : 1236 case Bytecodes::_idiv : 1237 case Bytecodes::_irem : 1238 case Bytecodes::_ishl : 1239 case Bytecodes::_ishr : 1240 case Bytecodes::_iushr : 1241 case Bytecodes::_ior : 1242 case Bytecodes::_ixor : 1243 case Bytecodes::_iand : 1244 current_frame.pop_stack( 1245 VerificationType::integer_type(), CHECK_VERIFY(this)); 1246 // fall through 1247 case Bytecodes::_ineg : 1248 current_frame.pop_stack( 1249 VerificationType::integer_type(), CHECK_VERIFY(this)); 1250 current_frame.push_stack( 1251 VerificationType::integer_type(), CHECK_VERIFY(this)); 1252 no_control_flow = false; break; 1253 case Bytecodes::_ladd : 1254 case Bytecodes::_lsub : 1255 case Bytecodes::_lmul : 1256 case Bytecodes::_ldiv : 1257 case Bytecodes::_lrem : 1258 case Bytecodes::_land : 1259 case Bytecodes::_lor : 1260 case Bytecodes::_lxor : 1261 current_frame.pop_stack_2( 1262 VerificationType::long2_type(), 1263 VerificationType::long_type(), CHECK_VERIFY(this)); 1264 // fall through 1265 case Bytecodes::_lneg : 1266 current_frame.pop_stack_2( 1267 VerificationType::long2_type(), 1268 VerificationType::long_type(), CHECK_VERIFY(this)); 1269 current_frame.push_stack_2( 1270 VerificationType::long_type(), 1271 VerificationType::long2_type(), CHECK_VERIFY(this)); 1272 no_control_flow = false; break; 1273 case Bytecodes::_lshl : 1274 case Bytecodes::_lshr : 1275 case Bytecodes::_lushr : 1276 current_frame.pop_stack( 1277 VerificationType::integer_type(), CHECK_VERIFY(this)); 1278 current_frame.pop_stack_2( 1279 VerificationType::long2_type(), 1280 VerificationType::long_type(), CHECK_VERIFY(this)); 1281 current_frame.push_stack_2( 1282 VerificationType::long_type(), 1283 VerificationType::long2_type(), CHECK_VERIFY(this)); 1284 no_control_flow = false; break; 1285 case Bytecodes::_fadd : 1286 case Bytecodes::_fsub : 1287 case Bytecodes::_fmul : 1288 case Bytecodes::_fdiv : 1289 case Bytecodes::_frem : 1290 current_frame.pop_stack( 1291 VerificationType::float_type(), CHECK_VERIFY(this)); 1292 // fall through 1293 case Bytecodes::_fneg : 1294 current_frame.pop_stack( 1295 VerificationType::float_type(), CHECK_VERIFY(this)); 1296 current_frame.push_stack( 1297 VerificationType::float_type(), CHECK_VERIFY(this)); 1298 no_control_flow = false; break; 1299 case Bytecodes::_dadd : 1300 case Bytecodes::_dsub : 1301 case Bytecodes::_dmul : 1302 case Bytecodes::_ddiv : 1303 case Bytecodes::_drem : 1304 current_frame.pop_stack_2( 1305 VerificationType::double2_type(), 1306 VerificationType::double_type(), CHECK_VERIFY(this)); 1307 // fall through 1308 case Bytecodes::_dneg : 1309 current_frame.pop_stack_2( 1310 VerificationType::double2_type(), 1311 VerificationType::double_type(), CHECK_VERIFY(this)); 1312 current_frame.push_stack_2( 1313 VerificationType::double_type(), 1314 VerificationType::double2_type(), CHECK_VERIFY(this)); 1315 no_control_flow = false; break; 1316 case Bytecodes::_iinc : 1317 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1318 no_control_flow = false; break; 1319 case Bytecodes::_i2l : 1320 type = current_frame.pop_stack( 1321 VerificationType::integer_type(), CHECK_VERIFY(this)); 1322 current_frame.push_stack_2( 1323 VerificationType::long_type(), 1324 VerificationType::long2_type(), CHECK_VERIFY(this)); 1325 no_control_flow = false; break; 1326 case Bytecodes::_l2i : 1327 current_frame.pop_stack_2( 1328 VerificationType::long2_type(), 1329 VerificationType::long_type(), CHECK_VERIFY(this)); 1330 current_frame.push_stack( 1331 VerificationType::integer_type(), CHECK_VERIFY(this)); 1332 no_control_flow = false; break; 1333 case Bytecodes::_i2f : 1334 current_frame.pop_stack( 1335 VerificationType::integer_type(), CHECK_VERIFY(this)); 1336 current_frame.push_stack( 1337 VerificationType::float_type(), CHECK_VERIFY(this)); 1338 no_control_flow = false; break; 1339 case Bytecodes::_i2d : 1340 current_frame.pop_stack( 1341 VerificationType::integer_type(), CHECK_VERIFY(this)); 1342 current_frame.push_stack_2( 1343 VerificationType::double_type(), 1344 VerificationType::double2_type(), CHECK_VERIFY(this)); 1345 no_control_flow = false; break; 1346 case Bytecodes::_l2f : 1347 current_frame.pop_stack_2( 1348 VerificationType::long2_type(), 1349 VerificationType::long_type(), CHECK_VERIFY(this)); 1350 current_frame.push_stack( 1351 VerificationType::float_type(), CHECK_VERIFY(this)); 1352 no_control_flow = false; break; 1353 case Bytecodes::_l2d : 1354 current_frame.pop_stack_2( 1355 VerificationType::long2_type(), 1356 VerificationType::long_type(), CHECK_VERIFY(this)); 1357 current_frame.push_stack_2( 1358 VerificationType::double_type(), 1359 VerificationType::double2_type(), CHECK_VERIFY(this)); 1360 no_control_flow = false; break; 1361 case Bytecodes::_f2i : 1362 current_frame.pop_stack( 1363 VerificationType::float_type(), CHECK_VERIFY(this)); 1364 current_frame.push_stack( 1365 VerificationType::integer_type(), CHECK_VERIFY(this)); 1366 no_control_flow = false; break; 1367 case Bytecodes::_f2l : 1368 current_frame.pop_stack( 1369 VerificationType::float_type(), CHECK_VERIFY(this)); 1370 current_frame.push_stack_2( 1371 VerificationType::long_type(), 1372 VerificationType::long2_type(), CHECK_VERIFY(this)); 1373 no_control_flow = false; break; 1374 case Bytecodes::_f2d : 1375 current_frame.pop_stack( 1376 VerificationType::float_type(), CHECK_VERIFY(this)); 1377 current_frame.push_stack_2( 1378 VerificationType::double_type(), 1379 VerificationType::double2_type(), CHECK_VERIFY(this)); 1380 no_control_flow = false; break; 1381 case Bytecodes::_d2i : 1382 current_frame.pop_stack_2( 1383 VerificationType::double2_type(), 1384 VerificationType::double_type(), CHECK_VERIFY(this)); 1385 current_frame.push_stack( 1386 VerificationType::integer_type(), CHECK_VERIFY(this)); 1387 no_control_flow = false; break; 1388 case Bytecodes::_d2l : 1389 current_frame.pop_stack_2( 1390 VerificationType::double2_type(), 1391 VerificationType::double_type(), CHECK_VERIFY(this)); 1392 current_frame.push_stack_2( 1393 VerificationType::long_type(), 1394 VerificationType::long2_type(), CHECK_VERIFY(this)); 1395 no_control_flow = false; break; 1396 case Bytecodes::_d2f : 1397 current_frame.pop_stack_2( 1398 VerificationType::double2_type(), 1399 VerificationType::double_type(), CHECK_VERIFY(this)); 1400 current_frame.push_stack( 1401 VerificationType::float_type(), CHECK_VERIFY(this)); 1402 no_control_flow = false; break; 1403 case Bytecodes::_i2b : 1404 case Bytecodes::_i2c : 1405 case Bytecodes::_i2s : 1406 current_frame.pop_stack( 1407 VerificationType::integer_type(), CHECK_VERIFY(this)); 1408 current_frame.push_stack( 1409 VerificationType::integer_type(), CHECK_VERIFY(this)); 1410 no_control_flow = false; break; 1411 case Bytecodes::_lcmp : 1412 current_frame.pop_stack_2( 1413 VerificationType::long2_type(), 1414 VerificationType::long_type(), CHECK_VERIFY(this)); 1415 current_frame.pop_stack_2( 1416 VerificationType::long2_type(), 1417 VerificationType::long_type(), CHECK_VERIFY(this)); 1418 current_frame.push_stack( 1419 VerificationType::integer_type(), CHECK_VERIFY(this)); 1420 no_control_flow = false; break; 1421 case Bytecodes::_fcmpl : 1422 case Bytecodes::_fcmpg : 1423 current_frame.pop_stack( 1424 VerificationType::float_type(), CHECK_VERIFY(this)); 1425 current_frame.pop_stack( 1426 VerificationType::float_type(), CHECK_VERIFY(this)); 1427 current_frame.push_stack( 1428 VerificationType::integer_type(), CHECK_VERIFY(this)); 1429 no_control_flow = false; break; 1430 case Bytecodes::_dcmpl : 1431 case Bytecodes::_dcmpg : 1432 current_frame.pop_stack_2( 1433 VerificationType::double2_type(), 1434 VerificationType::double_type(), CHECK_VERIFY(this)); 1435 current_frame.pop_stack_2( 1436 VerificationType::double2_type(), 1437 VerificationType::double_type(), CHECK_VERIFY(this)); 1438 current_frame.push_stack( 1439 VerificationType::integer_type(), CHECK_VERIFY(this)); 1440 no_control_flow = false; break; 1441 case Bytecodes::_if_icmpeq: 1442 case Bytecodes::_if_icmpne: 1443 case Bytecodes::_if_icmplt: 1444 case Bytecodes::_if_icmpge: 1445 case Bytecodes::_if_icmpgt: 1446 case Bytecodes::_if_icmple: 1447 current_frame.pop_stack( 1448 VerificationType::integer_type(), CHECK_VERIFY(this)); 1449 // fall through 1450 case Bytecodes::_ifeq: 1451 case Bytecodes::_ifne: 1452 case Bytecodes::_iflt: 1453 case Bytecodes::_ifge: 1454 case Bytecodes::_ifgt: 1455 case Bytecodes::_ifle: 1456 current_frame.pop_stack( 1457 VerificationType::integer_type(), CHECK_VERIFY(this)); 1458 target = bcs.dest(); 1459 stackmap_table.check_jump_target( 1460 ¤t_frame, target, CHECK_VERIFY(this)); 1461 no_control_flow = false; break; 1462 case Bytecodes::_if_acmpeq : 1463 case Bytecodes::_if_acmpne : 1464 current_frame.pop_stack( 1465 VerificationType::reference_check(), CHECK_VERIFY(this)); 1466 // fall through 1467 case Bytecodes::_ifnull : 1468 case Bytecodes::_ifnonnull : 1469 current_frame.pop_stack( 1470 VerificationType::reference_check(), CHECK_VERIFY(this)); 1471 target = bcs.dest(); 1472 stackmap_table.check_jump_target 1473 (¤t_frame, target, CHECK_VERIFY(this)); 1474 no_control_flow = false; break; 1475 case Bytecodes::_goto : 1476 target = bcs.dest(); 1477 stackmap_table.check_jump_target( 1478 ¤t_frame, target, CHECK_VERIFY(this)); 1479 no_control_flow = true; break; 1480 case Bytecodes::_goto_w : 1481 target = bcs.dest_w(); 1482 stackmap_table.check_jump_target( 1483 ¤t_frame, target, CHECK_VERIFY(this)); 1484 no_control_flow = true; break; 1485 case Bytecodes::_tableswitch : 1486 case Bytecodes::_lookupswitch : 1487 verify_switch( 1488 &bcs, code_length, code_data, ¤t_frame, 1489 &stackmap_table, CHECK_VERIFY(this)); 1490 no_control_flow = true; break; 1491 case Bytecodes::_ireturn : 1492 type = current_frame.pop_stack( 1493 VerificationType::integer_type(), CHECK_VERIFY(this)); 1494 verify_return_value(return_type, type, bci, 1495 ¤t_frame, CHECK_VERIFY(this)); 1496 no_control_flow = true; break; 1497 case Bytecodes::_lreturn : 1498 type2 = current_frame.pop_stack( 1499 VerificationType::long2_type(), CHECK_VERIFY(this)); 1500 type = current_frame.pop_stack( 1501 VerificationType::long_type(), CHECK_VERIFY(this)); 1502 verify_return_value(return_type, type, bci, 1503 ¤t_frame, CHECK_VERIFY(this)); 1504 no_control_flow = true; break; 1505 case Bytecodes::_freturn : 1506 type = current_frame.pop_stack( 1507 VerificationType::float_type(), CHECK_VERIFY(this)); 1508 verify_return_value(return_type, type, bci, 1509 ¤t_frame, CHECK_VERIFY(this)); 1510 no_control_flow = true; break; 1511 case Bytecodes::_dreturn : 1512 type2 = current_frame.pop_stack( 1513 VerificationType::double2_type(), CHECK_VERIFY(this)); 1514 type = current_frame.pop_stack( 1515 VerificationType::double_type(), CHECK_VERIFY(this)); 1516 verify_return_value(return_type, type, bci, 1517 ¤t_frame, CHECK_VERIFY(this)); 1518 no_control_flow = true; break; 1519 case Bytecodes::_areturn : 1520 type = current_frame.pop_stack( 1521 VerificationType::reference_check(), CHECK_VERIFY(this)); 1522 verify_return_value(return_type, type, bci, 1523 ¤t_frame, CHECK_VERIFY(this)); 1524 no_control_flow = true; break; 1525 case Bytecodes::_return : 1526 if (return_type != VerificationType::bogus_type()) { 1527 verify_error(ErrorContext::bad_code(bci), 1528 "Method expects a return value"); 1529 return; 1530 } 1531 // Make sure "this" has been initialized if current method is an 1532 // <init> 1533 if (_method->name() == vmSymbols::object_initializer_name() && 1534 current_frame.flag_this_uninit()) { 1535 verify_error(ErrorContext::bad_code(bci), 1536 "Constructor must call super() or this() " 1537 "before return"); 1538 return; 1539 } 1540 no_control_flow = true; break; 1541 case Bytecodes::_getstatic : 1542 case Bytecodes::_putstatic : 1543 case Bytecodes::_getfield : 1544 case Bytecodes::_putfield : 1545 verify_field_instructions( 1546 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1547 no_control_flow = false; break; 1548 case Bytecodes::_invokevirtual : 1549 case Bytecodes::_invokespecial : 1550 case Bytecodes::_invokestatic : 1551 verify_invoke_instructions( 1552 &bcs, code_length, ¤t_frame, 1553 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1554 no_control_flow = false; break; 1555 case Bytecodes::_invokeinterface : 1556 case Bytecodes::_invokedynamic : 1557 verify_invoke_instructions( 1558 &bcs, code_length, ¤t_frame, 1559 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1560 no_control_flow = false; break; 1561 case Bytecodes::_new : 1562 { 1563 index = bcs.get_index_u2(); 1564 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1565 VerificationType new_class_type = 1566 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1567 if (!new_class_type.is_object()) { 1568 verify_error(ErrorContext::bad_type(bci, 1569 TypeOrigin::cp(index, new_class_type)), 1570 "Illegal new instruction"); 1571 return; 1572 } 1573 type = VerificationType::uninitialized_type(bci); 1574 current_frame.push_stack(type, CHECK_VERIFY(this)); 1575 no_control_flow = false; break; 1576 } 1577 case Bytecodes::_newarray : 1578 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1579 current_frame.pop_stack( 1580 VerificationType::integer_type(), CHECK_VERIFY(this)); 1581 current_frame.push_stack(type, CHECK_VERIFY(this)); 1582 no_control_flow = false; break; 1583 case Bytecodes::_anewarray : 1584 verify_anewarray( 1585 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1586 no_control_flow = false; break; 1587 case Bytecodes::_arraylength : 1588 type = current_frame.pop_stack( 1589 VerificationType::reference_check(), CHECK_VERIFY(this)); 1590 if (!(type.is_null() || type.is_array())) { 1591 verify_error(ErrorContext::bad_type( 1592 bci, current_frame.stack_top_ctx()), 1593 bad_type_msg, "arraylength"); 1594 } 1595 current_frame.push_stack( 1596 VerificationType::integer_type(), CHECK_VERIFY(this)); 1597 no_control_flow = false; break; 1598 case Bytecodes::_checkcast : 1599 { 1600 index = bcs.get_index_u2(); 1601 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1602 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1603 VerificationType klass_type = cp_index_to_type( 1604 index, cp, CHECK_VERIFY(this)); 1605 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1606 no_control_flow = false; break; 1607 } 1608 case Bytecodes::_instanceof : { 1609 index = bcs.get_index_u2(); 1610 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1611 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1612 current_frame.push_stack( 1613 VerificationType::integer_type(), CHECK_VERIFY(this)); 1614 no_control_flow = false; break; 1615 } 1616 case Bytecodes::_monitorenter : 1617 case Bytecodes::_monitorexit : 1618 current_frame.pop_stack( 1619 VerificationType::reference_check(), CHECK_VERIFY(this)); 1620 no_control_flow = false; break; 1621 case Bytecodes::_multianewarray : 1622 { 1623 index = bcs.get_index_u2(); 1624 u2 dim = *(bcs.bcp()+3); 1625 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1626 VerificationType new_array_type = 1627 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1628 if (!new_array_type.is_array()) { 1629 verify_error(ErrorContext::bad_type(bci, 1630 TypeOrigin::cp(index, new_array_type)), 1631 "Illegal constant pool index in multianewarray instruction"); 1632 return; 1633 } 1634 if (dim < 1 || new_array_type.dimensions() < dim) { 1635 verify_error(ErrorContext::bad_code(bci), 1636 "Illegal dimension in multianewarray instruction: %d", dim); 1637 return; 1638 } 1639 for (int i = 0; i < dim; i++) { 1640 current_frame.pop_stack( 1641 VerificationType::integer_type(), CHECK_VERIFY(this)); 1642 } 1643 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1644 no_control_flow = false; break; 1645 } 1646 case Bytecodes::_athrow : 1647 type = VerificationType::reference_type( 1648 vmSymbols::java_lang_Throwable()); 1649 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1650 no_control_flow = true; break; 1651 default: 1652 // We only need to check the valid bytecodes in class file. 1653 // And jsr and ret are not in the new class file format in JDK1.5. 1654 verify_error(ErrorContext::bad_code(bci), 1655 "Bad instruction: %02x", opcode); 1656 no_control_flow = false; 1657 return; 1658 } // end switch 1659 } // end Merge with the next instruction 1660 1661 // Look for possible jump target in exception handlers and see if it 1662 // matches current_frame 1663 if (bci >= ex_min && bci < ex_max) { 1664 verify_exception_handler_targets( 1665 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1666 } 1667 } // end while 1668 1669 // Make sure that control flow does not fall through end of the method 1670 if (!no_control_flow) { 1671 verify_error(ErrorContext::bad_code(code_length), 1672 "Control flow falls through code end"); 1673 return; 1674 } 1675} 1676 1677char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1678 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1679 memset(code_data, 0, sizeof(char) * code_length); 1680 RawBytecodeStream bcs(m); 1681 1682 while (!bcs.is_last_bytecode()) { 1683 if (bcs.raw_next() != Bytecodes::_illegal) { 1684 int bci = bcs.bci(); 1685 if (bcs.raw_code() == Bytecodes::_new) { 1686 code_data[bci] = NEW_OFFSET; 1687 } else { 1688 code_data[bci] = BYTECODE_OFFSET; 1689 } 1690 } else { 1691 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1692 return NULL; 1693 } 1694 } 1695 1696 return code_data; 1697} 1698 1699void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1700 ExceptionTable exhandlers(_method()); 1701 int exlength = exhandlers.length(); 1702 constantPoolHandle cp (THREAD, _method->constants()); 1703 1704 for(int i = 0; i < exlength; i++) { 1705 //reacquire the table in case a GC happened 1706 ExceptionTable exhandlers(_method()); 1707 u2 start_pc = exhandlers.start_pc(i); 1708 u2 end_pc = exhandlers.end_pc(i); 1709 u2 handler_pc = exhandlers.handler_pc(i); 1710 if (start_pc >= code_length || code_data[start_pc] == 0) { 1711 class_format_error("Illegal exception table start_pc %d", start_pc); 1712 return; 1713 } 1714 if (end_pc != code_length) { // special case: end_pc == code_length 1715 if (end_pc > code_length || code_data[end_pc] == 0) { 1716 class_format_error("Illegal exception table end_pc %d", end_pc); 1717 return; 1718 } 1719 } 1720 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1721 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1722 return; 1723 } 1724 int catch_type_index = exhandlers.catch_type_index(i); 1725 if (catch_type_index != 0) { 1726 VerificationType catch_type = cp_index_to_type( 1727 catch_type_index, cp, CHECK_VERIFY(this)); 1728 VerificationType throwable = 1729 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1730 bool is_subclass = throwable.is_assignable_from( 1731 catch_type, this, CHECK_VERIFY(this)); 1732 if (!is_subclass) { 1733 // 4286534: should throw VerifyError according to recent spec change 1734 verify_error(ErrorContext::bad_type(handler_pc, 1735 TypeOrigin::cp(catch_type_index, catch_type), 1736 TypeOrigin::implicit(throwable)), 1737 "Catch type is not a subclass " 1738 "of Throwable in exception handler %d", handler_pc); 1739 return; 1740 } 1741 } 1742 if (start_pc < min) min = start_pc; 1743 if (end_pc > max) max = end_pc; 1744 } 1745} 1746 1747void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1748 int localvariable_table_length = _method()->localvariable_table_length(); 1749 if (localvariable_table_length > 0) { 1750 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1751 for (int i = 0; i < localvariable_table_length; i++) { 1752 u2 start_bci = table[i].start_bci; 1753 u2 length = table[i].length; 1754 1755 if (start_bci >= code_length || code_data[start_bci] == 0) { 1756 class_format_error( 1757 "Illegal local variable table start_pc %d", start_bci); 1758 return; 1759 } 1760 u4 end_bci = (u4)(start_bci + length); 1761 if (end_bci != code_length) { 1762 if (end_bci >= code_length || code_data[end_bci] == 0) { 1763 class_format_error( "Illegal local variable table length %d", length); 1764 return; 1765 } 1766 } 1767 } 1768 } 1769} 1770 1771u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1772 StackMapFrame* current_frame, 1773 StackMapTable* stackmap_table, 1774 bool no_control_flow, TRAPS) { 1775 if (stackmap_index < stackmap_table->get_frame_count()) { 1776 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1777 if (no_control_flow && this_offset > bci) { 1778 verify_error(ErrorContext::missing_stackmap(bci), 1779 "Expecting a stack map frame"); 1780 return 0; 1781 } 1782 if (this_offset == bci) { 1783 ErrorContext ctx; 1784 // See if current stack map can be assigned to the frame in table. 1785 // current_frame is the stackmap frame got from the last instruction. 1786 // If matched, current_frame will be updated by this method. 1787 bool matches = stackmap_table->match_stackmap( 1788 current_frame, this_offset, stackmap_index, 1789 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1790 if (!matches) { 1791 // report type error 1792 verify_error(ctx, "Instruction type does not match stack map"); 1793 return 0; 1794 } 1795 stackmap_index++; 1796 } else if (this_offset < bci) { 1797 // current_offset should have met this_offset. 1798 class_format_error("Bad stack map offset %d", this_offset); 1799 return 0; 1800 } 1801 } else if (no_control_flow) { 1802 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1803 return 0; 1804 } 1805 return stackmap_index; 1806} 1807 1808void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1809 StackMapTable* stackmap_table, TRAPS) { 1810 constantPoolHandle cp (THREAD, _method->constants()); 1811 ExceptionTable exhandlers(_method()); 1812 int exlength = exhandlers.length(); 1813 for(int i = 0; i < exlength; i++) { 1814 //reacquire the table in case a GC happened 1815 ExceptionTable exhandlers(_method()); 1816 u2 start_pc = exhandlers.start_pc(i); 1817 u2 end_pc = exhandlers.end_pc(i); 1818 u2 handler_pc = exhandlers.handler_pc(i); 1819 int catch_type_index = exhandlers.catch_type_index(i); 1820 if(bci >= start_pc && bci < end_pc) { 1821 u1 flags = current_frame->flags(); 1822 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1823 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1824 if (catch_type_index != 0) { 1825 // We know that this index refers to a subclass of Throwable 1826 VerificationType catch_type = cp_index_to_type( 1827 catch_type_index, cp, CHECK_VERIFY(this)); 1828 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1829 } else { 1830 VerificationType throwable = 1831 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1832 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1833 } 1834 ErrorContext ctx; 1835 bool matches = stackmap_table->match_stackmap( 1836 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1837 if (!matches) { 1838 verify_error(ctx, "Stack map does not match the one at " 1839 "exception handler %d", handler_pc); 1840 return; 1841 } 1842 } 1843 } 1844} 1845 1846void ClassVerifier::verify_cp_index( 1847 u2 bci, constantPoolHandle cp, int index, TRAPS) { 1848 int nconstants = cp->length(); 1849 if ((index <= 0) || (index >= nconstants)) { 1850 verify_error(ErrorContext::bad_cp_index(bci, index), 1851 "Illegal constant pool index %d in class %s", 1852 index, InstanceKlass::cast(cp->pool_holder())->external_name()); 1853 return; 1854 } 1855} 1856 1857void ClassVerifier::verify_cp_type( 1858 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1859 1860 // In some situations, bytecode rewriting may occur while we're verifying. 1861 // In this case, a constant pool cache exists and some indices refer to that 1862 // instead. Be sure we don't pick up such indices by accident. 1863 // We must check was_recursively_verified() before we get here. 1864 guarantee(cp->cache() == NULL, "not rewritten yet"); 1865 1866 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1867 unsigned int tag = cp->tag_at(index).value(); 1868 if ((types & (1 << tag)) == 0) { 1869 verify_error(ErrorContext::bad_cp_index(bci, index), 1870 "Illegal type at constant pool entry %d in class %s", 1871 index, InstanceKlass::cast(cp->pool_holder())->external_name()); 1872 return; 1873 } 1874} 1875 1876void ClassVerifier::verify_cp_class_type( 1877 u2 bci, int index, constantPoolHandle cp, TRAPS) { 1878 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1879 constantTag tag = cp->tag_at(index); 1880 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1881 verify_error(ErrorContext::bad_cp_index(bci, index), 1882 "Illegal type at constant pool entry %d in class %s", 1883 index, InstanceKlass::cast(cp->pool_holder())->external_name()); 1884 return; 1885 } 1886} 1887 1888void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1889 stringStream ss; 1890 1891 ctx.reset_frames(); 1892 _exception_type = vmSymbols::java_lang_VerifyError(); 1893 _error_context = ctx; 1894 va_list va; 1895 va_start(va, msg); 1896 ss.vprint(msg, va); 1897 va_end(va); 1898 _message = ss.as_string(); 1899#ifdef ASSERT 1900 ResourceMark rm; 1901 const char* exception_name = _exception_type->as_C_string(); 1902 Exceptions::debug_check_abort(exception_name, NULL); 1903#endif // ndef ASSERT 1904} 1905 1906void ClassVerifier::class_format_error(const char* msg, ...) { 1907 stringStream ss; 1908 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1909 va_list va; 1910 va_start(va, msg); 1911 ss.vprint(msg, va); 1912 va_end(va); 1913 if (!_method.is_null()) { 1914 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 1915 } 1916 _message = ss.as_string(); 1917} 1918 1919Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 1920 // Get current loader and protection domain first. 1921 oop loader = current_class()->class_loader(); 1922 oop protection_domain = current_class()->protection_domain(); 1923 1924 return SystemDictionary::resolve_or_fail( 1925 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1926 true, CHECK_NULL); 1927} 1928 1929bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1930 Klass* target_class, 1931 Symbol* field_name, 1932 Symbol* field_sig, 1933 bool is_method) { 1934 No_Safepoint_Verifier nosafepoint; 1935 1936 // If target class isn't a super class of this class, we don't worry about this case 1937 if (!this_class->is_subclass_of(target_class)) { 1938 return false; 1939 } 1940 // Check if the specified method or field is protected 1941 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 1942 fieldDescriptor fd; 1943 if (is_method) { 1944 Method* m = target_instance->uncached_lookup_method(field_name, field_sig); 1945 if (m != NULL && m->is_protected()) { 1946 if (!this_class->is_same_class_package(m->method_holder())) { 1947 return true; 1948 } 1949 } 1950 } else { 1951 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 1952 if (member_klass != NULL && fd.is_protected()) { 1953 if (!this_class->is_same_class_package(member_klass)) { 1954 return true; 1955 } 1956 } 1957 } 1958 return false; 1959} 1960 1961void ClassVerifier::verify_ldc( 1962 int opcode, u2 index, StackMapFrame* current_frame, 1963 constantPoolHandle cp, u2 bci, TRAPS) { 1964 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1965 constantTag tag = cp->tag_at(index); 1966 unsigned int types; 1967 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1968 if (!tag.is_unresolved_klass()) { 1969 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1970 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 1971 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType); 1972 // Note: The class file parser already verified the legality of 1973 // MethodHandle and MethodType constants. 1974 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 1975 } 1976 } else { 1977 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 1978 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 1979 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 1980 } 1981 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 1982 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 1983 } else if (tag.is_string()) { 1984 current_frame->push_stack( 1985 VerificationType::reference_type( 1986 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 1987 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 1988 current_frame->push_stack( 1989 VerificationType::reference_type( 1990 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 1991 } else if (tag.is_int()) { 1992 current_frame->push_stack( 1993 VerificationType::integer_type(), CHECK_VERIFY(this)); 1994 } else if (tag.is_float()) { 1995 current_frame->push_stack( 1996 VerificationType::float_type(), CHECK_VERIFY(this)); 1997 } else if (tag.is_double()) { 1998 current_frame->push_stack_2( 1999 VerificationType::double_type(), 2000 VerificationType::double2_type(), CHECK_VERIFY(this)); 2001 } else if (tag.is_long()) { 2002 current_frame->push_stack_2( 2003 VerificationType::long_type(), 2004 VerificationType::long2_type(), CHECK_VERIFY(this)); 2005 } else if (tag.is_method_handle()) { 2006 current_frame->push_stack( 2007 VerificationType::reference_type( 2008 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2009 } else if (tag.is_method_type()) { 2010 current_frame->push_stack( 2011 VerificationType::reference_type( 2012 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2013 } else { 2014 /* Unreachable? verify_cp_type has already validated the cp type. */ 2015 verify_error( 2016 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2017 return; 2018 } 2019} 2020 2021void ClassVerifier::verify_switch( 2022 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2023 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2024 int bci = bcs->bci(); 2025 address bcp = bcs->bcp(); 2026 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 2027 2028 // 4639449 & 4647081: padding bytes must be 0 2029 u2 padding_offset = 1; 2030 while ((bcp + padding_offset) < aligned_bcp) { 2031 if(*(bcp + padding_offset) != 0) { 2032 verify_error(ErrorContext::bad_code(bci), 2033 "Nonzero padding byte in lookswitch or tableswitch"); 2034 return; 2035 } 2036 padding_offset++; 2037 } 2038 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2039 int keys, delta; 2040 current_frame->pop_stack( 2041 VerificationType::integer_type(), CHECK_VERIFY(this)); 2042 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2043 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2044 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2045 if (low > high) { 2046 verify_error(ErrorContext::bad_code(bci), 2047 "low must be less than or equal to high in tableswitch"); 2048 return; 2049 } 2050 keys = high - low + 1; 2051 if (keys < 0) { 2052 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2053 return; 2054 } 2055 delta = 1; 2056 } else { 2057 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2058 if (keys < 0) { 2059 verify_error(ErrorContext::bad_code(bci), 2060 "number of keys in lookupswitch less than 0"); 2061 return; 2062 } 2063 delta = 2; 2064 // Make sure that the lookupswitch items are sorted 2065 for (int i = 0; i < (keys - 1); i++) { 2066 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2067 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2068 if (this_key >= next_key) { 2069 verify_error(ErrorContext::bad_code(bci), 2070 "Bad lookupswitch instruction"); 2071 return; 2072 } 2073 } 2074 } 2075 int target = bci + default_offset; 2076 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2077 for (int i = 0; i < keys; i++) { 2078 // Because check_jump_target() may safepoint, the bytecode could have 2079 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2080 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize); 2081 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2082 stackmap_table->check_jump_target( 2083 current_frame, target, CHECK_VERIFY(this)); 2084 } 2085 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2086} 2087 2088bool ClassVerifier::name_in_supers( 2089 Symbol* ref_name, instanceKlassHandle current) { 2090 Klass* super = current->super(); 2091 while (super != NULL) { 2092 if (super->name() == ref_name) { 2093 return true; 2094 } 2095 super = super->super(); 2096 } 2097 return false; 2098} 2099 2100void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2101 StackMapFrame* current_frame, 2102 constantPoolHandle cp, 2103 TRAPS) { 2104 u2 index = bcs->get_index_u2(); 2105 verify_cp_type(bcs->bci(), index, cp, 2106 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2107 2108 // Get field name and signature 2109 Symbol* field_name = cp->name_ref_at(index); 2110 Symbol* field_sig = cp->signature_ref_at(index); 2111 2112 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2113 class_format_error( 2114 "Invalid signature for field in class %s referenced " 2115 "from constant pool index %d", _klass->external_name(), index); 2116 return; 2117 } 2118 2119 // Get referenced class type 2120 VerificationType ref_class_type = cp_ref_index_to_type( 2121 index, cp, CHECK_VERIFY(this)); 2122 if (!ref_class_type.is_object()) { 2123 /* Unreachable? Class file parser verifies Fieldref contents */ 2124 verify_error(ErrorContext::bad_type(bcs->bci(), 2125 TypeOrigin::cp(index, ref_class_type)), 2126 "Expecting reference to class in class %s at constant pool index %d", 2127 _klass->external_name(), index); 2128 return; 2129 } 2130 VerificationType target_class_type = ref_class_type; 2131 2132 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2133 "buffer type must match VerificationType size"); 2134 uintptr_t field_type_buffer[2]; 2135 VerificationType* field_type = (VerificationType*)field_type_buffer; 2136 // If we make a VerificationType[2] array directly, the compiler calls 2137 // to the c-runtime library to do the allocation instead of just 2138 // stack allocating it. Plus it would run constructors. This shows up 2139 // in performance profiles. 2140 2141 SignatureStream sig_stream(field_sig, false); 2142 VerificationType stack_object_type; 2143 int n = change_sig_to_verificationType( 2144 &sig_stream, field_type, CHECK_VERIFY(this)); 2145 u2 bci = bcs->bci(); 2146 bool is_assignable; 2147 switch (bcs->raw_code()) { 2148 case Bytecodes::_getstatic: { 2149 for (int i = 0; i < n; i++) { 2150 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2151 } 2152 break; 2153 } 2154 case Bytecodes::_putstatic: { 2155 for (int i = n - 1; i >= 0; i--) { 2156 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2157 } 2158 break; 2159 } 2160 case Bytecodes::_getfield: { 2161 stack_object_type = current_frame->pop_stack( 2162 target_class_type, CHECK_VERIFY(this)); 2163 for (int i = 0; i < n; i++) { 2164 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2165 } 2166 goto check_protected; 2167 } 2168 case Bytecodes::_putfield: { 2169 for (int i = n - 1; i >= 0; i--) { 2170 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2171 } 2172 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2173 2174 // The JVMS 2nd edition allows field initialization before the superclass 2175 // initializer, if the field is defined within the current class. 2176 fieldDescriptor fd; 2177 if (stack_object_type == VerificationType::uninitialized_this_type() && 2178 target_class_type.equals(current_type()) && 2179 _klass->find_local_field(field_name, field_sig, &fd)) { 2180 stack_object_type = current_type(); 2181 } 2182 is_assignable = target_class_type.is_assignable_from( 2183 stack_object_type, this, CHECK_VERIFY(this)); 2184 if (!is_assignable) { 2185 verify_error(ErrorContext::bad_type(bci, 2186 current_frame->stack_top_ctx(), 2187 TypeOrigin::cp(index, target_class_type)), 2188 "Bad type on operand stack in putfield"); 2189 return; 2190 } 2191 } 2192 check_protected: { 2193 if (_this_type == stack_object_type) 2194 break; // stack_object_type must be assignable to _current_class_type 2195 Symbol* ref_class_name = 2196 cp->klass_name_at(cp->klass_ref_index_at(index)); 2197 if (!name_in_supers(ref_class_name, current_class())) 2198 // stack_object_type must be assignable to _current_class_type since: 2199 // 1. stack_object_type must be assignable to ref_class. 2200 // 2. ref_class must be _current_class or a subclass of it. It can't 2201 // be a superclass of it. See revised JVMS 5.4.4. 2202 break; 2203 2204 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2205 if (is_protected_access(current_class(), ref_class_oop, field_name, 2206 field_sig, false)) { 2207 // It's protected access, check if stack object is assignable to 2208 // current class. 2209 is_assignable = current_type().is_assignable_from( 2210 stack_object_type, this, CHECK_VERIFY(this)); 2211 if (!is_assignable) { 2212 verify_error(ErrorContext::bad_type(bci, 2213 current_frame->stack_top_ctx(), 2214 TypeOrigin::implicit(current_type())), 2215 "Bad access to protected data in getfield"); 2216 return; 2217 } 2218 } 2219 break; 2220 } 2221 default: ShouldNotReachHere(); 2222 } 2223} 2224 2225void ClassVerifier::verify_invoke_init( 2226 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2227 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 2228 constantPoolHandle cp, TRAPS) { 2229 u2 bci = bcs->bci(); 2230 VerificationType type = current_frame->pop_stack( 2231 VerificationType::reference_check(), CHECK_VERIFY(this)); 2232 if (type == VerificationType::uninitialized_this_type()) { 2233 // The method must be an <init> method of this class or its superclass 2234 Klass* superk = current_class()->super(); 2235 if (ref_class_type.name() != current_class()->name() && 2236 ref_class_type.name() != superk->name()) { 2237 verify_error(ErrorContext::bad_type(bci, 2238 TypeOrigin::implicit(ref_class_type), 2239 TypeOrigin::implicit(current_type())), 2240 "Bad <init> method call"); 2241 return; 2242 } 2243 current_frame->initialize_object(type, current_type()); 2244 *this_uninit = true; 2245 } else if (type.is_uninitialized()) { 2246 u2 new_offset = type.bci(); 2247 address new_bcp = bcs->bcp() - bci + new_offset; 2248 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2249 /* Unreachable? Stack map parsing ensures valid type and new 2250 * instructions have a valid BCI. */ 2251 verify_error(ErrorContext::bad_code(new_offset), 2252 "Expecting new instruction"); 2253 return; 2254 } 2255 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2256 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2257 2258 // The method must be an <init> method of the indicated class 2259 VerificationType new_class_type = cp_index_to_type( 2260 new_class_index, cp, CHECK_VERIFY(this)); 2261 if (!new_class_type.equals(ref_class_type)) { 2262 verify_error(ErrorContext::bad_type(bci, 2263 TypeOrigin::cp(new_class_index, new_class_type), 2264 TypeOrigin::cp(ref_class_index, ref_class_type)), 2265 "Call to wrong <init> method"); 2266 return; 2267 } 2268 // According to the VM spec, if the referent class is a superclass of the 2269 // current class, and is in a different runtime package, and the method is 2270 // protected, then the objectref must be the current class or a subclass 2271 // of the current class. 2272 VerificationType objectref_type = new_class_type; 2273 if (name_in_supers(ref_class_type.name(), current_class())) { 2274 Klass* ref_klass = load_class( 2275 ref_class_type.name(), CHECK_VERIFY(this)); 2276 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2277 vmSymbols::object_initializer_name(), 2278 cp->signature_ref_at(bcs->get_index_u2())); 2279 instanceKlassHandle mh(THREAD, m->method_holder()); 2280 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 2281 bool assignable = current_type().is_assignable_from( 2282 objectref_type, this, CHECK_VERIFY(this)); 2283 if (!assignable) { 2284 verify_error(ErrorContext::bad_type(bci, 2285 TypeOrigin::cp(new_class_index, objectref_type), 2286 TypeOrigin::implicit(current_type())), 2287 "Bad access to protected <init> method"); 2288 return; 2289 } 2290 } 2291 } 2292 current_frame->initialize_object(type, new_class_type); 2293 } else { 2294 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2295 "Bad operand type when invoking <init>"); 2296 return; 2297 } 2298} 2299 2300void ClassVerifier::verify_invoke_instructions( 2301 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2302 bool *this_uninit, VerificationType return_type, 2303 constantPoolHandle cp, TRAPS) { 2304 // Make sure the constant pool item is the right type 2305 u2 index = bcs->get_index_u2(); 2306 Bytecodes::Code opcode = bcs->raw_code(); 2307 unsigned int types = (opcode == Bytecodes::_invokeinterface 2308 ? 1 << JVM_CONSTANT_InterfaceMethodref 2309 : opcode == Bytecodes::_invokedynamic 2310 ? 1 << JVM_CONSTANT_InvokeDynamic 2311 : 1 << JVM_CONSTANT_Methodref); 2312 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2313 2314 // Get method name and signature 2315 Symbol* method_name = cp->name_ref_at(index); 2316 Symbol* method_sig = cp->signature_ref_at(index); 2317 2318 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2319 class_format_error( 2320 "Invalid method signature in class %s referenced " 2321 "from constant pool index %d", _klass->external_name(), index); 2322 return; 2323 } 2324 2325 // Get referenced class type 2326 VerificationType ref_class_type; 2327 if (opcode == Bytecodes::_invokedynamic) { 2328 if (!EnableInvokeDynamic || 2329 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2330 class_format_error( 2331 (!EnableInvokeDynamic ? 2332 "invokedynamic instructions not enabled in this JVM" : 2333 "invokedynamic instructions not supported by this class file version"), 2334 _klass->external_name()); 2335 return; 2336 } 2337 } else { 2338 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2339 } 2340 2341 // For a small signature length, we just allocate 128 bytes instead 2342 // of parsing the signature once to find its size. 2343 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2344 // longs/doubles to be consertive. 2345 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2346 "buffer type must match VerificationType size"); 2347 uintptr_t on_stack_sig_types_buffer[128]; 2348 // If we make a VerificationType[128] array directly, the compiler calls 2349 // to the c-runtime library to do the allocation instead of just 2350 // stack allocating it. Plus it would run constructors. This shows up 2351 // in performance profiles. 2352 2353 VerificationType* sig_types; 2354 int size = (method_sig->utf8_length() - 3) * 2; 2355 if (size > 128) { 2356 // Long and double occupies two slots here. 2357 ArgumentSizeComputer size_it(method_sig); 2358 size = size_it.size(); 2359 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2360 } else{ 2361 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2362 } 2363 SignatureStream sig_stream(method_sig); 2364 int sig_i = 0; 2365 while (!sig_stream.at_return_type()) { 2366 sig_i += change_sig_to_verificationType( 2367 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2368 sig_stream.next(); 2369 } 2370 int nargs = sig_i; 2371 2372#ifdef ASSERT 2373 { 2374 ArgumentSizeComputer size_it(method_sig); 2375 assert(nargs == size_it.size(), "Argument sizes do not match"); 2376 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2377 } 2378#endif 2379 2380 // Check instruction operands 2381 u2 bci = bcs->bci(); 2382 if (opcode == Bytecodes::_invokeinterface) { 2383 address bcp = bcs->bcp(); 2384 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2385 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2386 // the difference between the size of the operand stack before and after the instruction 2387 // executes. 2388 if (*(bcp+3) != (nargs+1)) { 2389 verify_error(ErrorContext::bad_code(bci), 2390 "Inconsistent args count operand in invokeinterface"); 2391 return; 2392 } 2393 if (*(bcp+4) != 0) { 2394 verify_error(ErrorContext::bad_code(bci), 2395 "Fourth operand byte of invokeinterface must be zero"); 2396 return; 2397 } 2398 } 2399 2400 if (opcode == Bytecodes::_invokedynamic) { 2401 address bcp = bcs->bcp(); 2402 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2403 verify_error(ErrorContext::bad_code(bci), 2404 "Third and fourth operand bytes of invokedynamic must be zero"); 2405 return; 2406 } 2407 } 2408 2409 if (method_name->byte_at(0) == '<') { 2410 // Make sure <init> can only be invoked by invokespecial 2411 if (opcode != Bytecodes::_invokespecial || 2412 method_name != vmSymbols::object_initializer_name()) { 2413 verify_error(ErrorContext::bad_code(bci), 2414 "Illegal call to internal method"); 2415 return; 2416 } 2417 } else if (opcode == Bytecodes::_invokespecial 2418 && !ref_class_type.equals(current_type()) 2419 && !ref_class_type.equals(VerificationType::reference_type( 2420 current_class()->super()->name()))) { 2421 bool subtype = ref_class_type.is_assignable_from( 2422 current_type(), this, CHECK_VERIFY(this)); 2423 if (!subtype) { 2424 verify_error(ErrorContext::bad_code(bci), 2425 "Bad invokespecial instruction: " 2426 "current class isn't assignable to reference class."); 2427 return; 2428 } 2429 } 2430 // Match method descriptor with operand stack 2431 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2432 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2433 } 2434 // Check objectref on operand stack 2435 if (opcode != Bytecodes::_invokestatic && 2436 opcode != Bytecodes::_invokedynamic) { 2437 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2438 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2439 code_length, this_uninit, cp, CHECK_VERIFY(this)); 2440 } else { // other methods 2441 // Ensures that target class is assignable to method class. 2442 if (opcode == Bytecodes::_invokespecial) { 2443 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2444 } else if (opcode == Bytecodes::_invokevirtual) { 2445 VerificationType stack_object_type = 2446 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2447 if (current_type() != stack_object_type) { 2448 assert(cp->cache() == NULL, "not rewritten yet"); 2449 Symbol* ref_class_name = 2450 cp->klass_name_at(cp->klass_ref_index_at(index)); 2451 // See the comments in verify_field_instructions() for 2452 // the rationale behind this. 2453 if (name_in_supers(ref_class_name, current_class())) { 2454 Klass* ref_class = load_class(ref_class_name, CHECK); 2455 if (is_protected_access( 2456 _klass, ref_class, method_name, method_sig, true)) { 2457 // It's protected access, check if stack object is 2458 // assignable to current class. 2459 bool is_assignable = current_type().is_assignable_from( 2460 stack_object_type, this, CHECK_VERIFY(this)); 2461 if (!is_assignable) { 2462 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2463 && stack_object_type.is_array() 2464 && method_name == vmSymbols::clone_name()) { 2465 // Special case: arrays pretend to implement public Object 2466 // clone(). 2467 } else { 2468 verify_error(ErrorContext::bad_type(bci, 2469 current_frame->stack_top_ctx(), 2470 TypeOrigin::implicit(current_type())), 2471 "Bad access to protected data in invokevirtual"); 2472 return; 2473 } 2474 } 2475 } 2476 } 2477 } 2478 } else { 2479 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2480 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2481 } 2482 } 2483 } 2484 // Push the result type. 2485 if (sig_stream.type() != T_VOID) { 2486 if (method_name == vmSymbols::object_initializer_name()) { 2487 // <init> method must have a void return type 2488 /* Unreachable? Class file parser verifies that methods with '<' have 2489 * void return */ 2490 verify_error(ErrorContext::bad_code(bci), 2491 "Return type must be void in <init> method"); 2492 return; 2493 } 2494 VerificationType return_type[2]; 2495 int n = change_sig_to_verificationType( 2496 &sig_stream, return_type, CHECK_VERIFY(this)); 2497 for (int i = 0; i < n; i++) { 2498 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2499 } 2500 } 2501} 2502 2503VerificationType ClassVerifier::get_newarray_type( 2504 u2 index, u2 bci, TRAPS) { 2505 const char* from_bt[] = { 2506 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2507 }; 2508 if (index < T_BOOLEAN || index > T_LONG) { 2509 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2510 return VerificationType::bogus_type(); 2511 } 2512 2513 // from_bt[index] contains the array signature which has a length of 2 2514 Symbol* sig = create_temporary_symbol( 2515 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2516 return VerificationType::reference_type(sig); 2517} 2518 2519void ClassVerifier::verify_anewarray( 2520 u2 bci, u2 index, constantPoolHandle cp, 2521 StackMapFrame* current_frame, TRAPS) { 2522 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2523 current_frame->pop_stack( 2524 VerificationType::integer_type(), CHECK_VERIFY(this)); 2525 2526 VerificationType component_type = 2527 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2528 int length; 2529 char* arr_sig_str; 2530 if (component_type.is_array()) { // it's an array 2531 const char* component_name = component_type.name()->as_utf8(); 2532 // add one dimension to component 2533 length = (int)strlen(component_name) + 1; 2534 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2535 arr_sig_str[0] = '['; 2536 strncpy(&arr_sig_str[1], component_name, length - 1); 2537 } else { // it's an object or interface 2538 const char* component_name = component_type.name()->as_utf8(); 2539 // add one dimension to component with 'L' prepended and ';' postpended. 2540 length = (int)strlen(component_name) + 3; 2541 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2542 arr_sig_str[0] = '['; 2543 arr_sig_str[1] = 'L'; 2544 strncpy(&arr_sig_str[2], component_name, length - 2); 2545 arr_sig_str[length - 1] = ';'; 2546 } 2547 Symbol* arr_sig = create_temporary_symbol( 2548 arr_sig_str, length, CHECK_VERIFY(this)); 2549 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2550 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2551} 2552 2553void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2554 current_frame->get_local( 2555 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2556 current_frame->push_stack( 2557 VerificationType::integer_type(), CHECK_VERIFY(this)); 2558} 2559 2560void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2561 current_frame->get_local_2( 2562 index, VerificationType::long_type(), 2563 VerificationType::long2_type(), CHECK_VERIFY(this)); 2564 current_frame->push_stack_2( 2565 VerificationType::long_type(), 2566 VerificationType::long2_type(), CHECK_VERIFY(this)); 2567} 2568 2569void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2570 current_frame->get_local( 2571 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2572 current_frame->push_stack( 2573 VerificationType::float_type(), CHECK_VERIFY(this)); 2574} 2575 2576void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2577 current_frame->get_local_2( 2578 index, VerificationType::double_type(), 2579 VerificationType::double2_type(), CHECK_VERIFY(this)); 2580 current_frame->push_stack_2( 2581 VerificationType::double_type(), 2582 VerificationType::double2_type(), CHECK_VERIFY(this)); 2583} 2584 2585void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2586 VerificationType type = current_frame->get_local( 2587 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2588 current_frame->push_stack(type, CHECK_VERIFY(this)); 2589} 2590 2591void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2592 current_frame->pop_stack( 2593 VerificationType::integer_type(), CHECK_VERIFY(this)); 2594 current_frame->set_local( 2595 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2596} 2597 2598void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2599 current_frame->pop_stack_2( 2600 VerificationType::long2_type(), 2601 VerificationType::long_type(), CHECK_VERIFY(this)); 2602 current_frame->set_local_2( 2603 index, VerificationType::long_type(), 2604 VerificationType::long2_type(), CHECK_VERIFY(this)); 2605} 2606 2607void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2608 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2609 current_frame->set_local( 2610 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2611} 2612 2613void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2614 current_frame->pop_stack_2( 2615 VerificationType::double2_type(), 2616 VerificationType::double_type(), CHECK_VERIFY(this)); 2617 current_frame->set_local_2( 2618 index, VerificationType::double_type(), 2619 VerificationType::double2_type(), CHECK_VERIFY(this)); 2620} 2621 2622void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2623 VerificationType type = current_frame->pop_stack( 2624 VerificationType::reference_check(), CHECK_VERIFY(this)); 2625 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2626} 2627 2628void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2629 VerificationType type = current_frame->get_local( 2630 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2631 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2632} 2633 2634void ClassVerifier::verify_return_value( 2635 VerificationType return_type, VerificationType type, u2 bci, 2636 StackMapFrame* current_frame, TRAPS) { 2637 if (return_type == VerificationType::bogus_type()) { 2638 verify_error(ErrorContext::bad_type(bci, 2639 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2640 "Method expects a return value"); 2641 return; 2642 } 2643 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this)); 2644 if (!match) { 2645 verify_error(ErrorContext::bad_type(bci, 2646 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2647 "Bad return type"); 2648 return; 2649 } 2650} 2651 2652// The verifier creates symbols which are substrings of Symbols. 2653// These are stored in the verifier until the end of verification so that 2654// they can be reference counted. 2655Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 2656 int end, TRAPS) { 2657 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 2658 _symbols->push(sym); 2659 return sym; 2660} 2661 2662Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 2663 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 2664 _symbols->push(sym); 2665 return sym; 2666} 2667