verifier.cpp revision 6760:22b98ab2a69f
1/* 2 * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25#include "precompiled.hpp" 26#include "classfile/classFileStream.hpp" 27#include "classfile/javaClasses.hpp" 28#include "classfile/stackMapTable.hpp" 29#include "classfile/stackMapFrame.hpp" 30#include "classfile/stackMapTableFormat.hpp" 31#include "classfile/systemDictionary.hpp" 32#include "classfile/verifier.hpp" 33#include "classfile/vmSymbols.hpp" 34#include "interpreter/bytecodes.hpp" 35#include "interpreter/bytecodeStream.hpp" 36#include "memory/oopFactory.hpp" 37#include "memory/resourceArea.hpp" 38#include "oops/instanceKlass.hpp" 39#include "oops/oop.inline.hpp" 40#include "oops/typeArrayOop.hpp" 41#include "prims/jvm.h" 42#include "runtime/fieldDescriptor.hpp" 43#include "runtime/handles.inline.hpp" 44#include "runtime/interfaceSupport.hpp" 45#include "runtime/javaCalls.hpp" 46#include "runtime/orderAccess.inline.hpp" 47#include "runtime/os.hpp" 48#include "utilities/bytes.hpp" 49 50#define NOFAILOVER_MAJOR_VERSION 51 51#define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 52#define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 53 54// Access to external entry for VerifyClassCodes - old byte code verifier 55 56extern "C" { 57 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 58 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 59} 60 61static void* volatile _verify_byte_codes_fn = NULL; 62 63static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 64 65static void* verify_byte_codes_fn() { 66 if (_verify_byte_codes_fn == NULL) { 67 void *lib_handle = os::native_java_library(); 68 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 69 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 70 if (func == NULL) { 71 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 72 func = os::dll_lookup(lib_handle, "VerifyClassCodes"); 73 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 74 } 75 } 76 return (void*)_verify_byte_codes_fn; 77} 78 79 80// Methods in Verifier 81 82bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 83 return (class_loader == NULL || !should_verify_class) ? 84 BytecodeVerificationLocal : BytecodeVerificationRemote; 85} 86 87bool Verifier::relax_verify_for(oop loader) { 88 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 89 bool need_verify = 90 // verifyAll 91 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 92 // verifyRemote 93 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 94 return !need_verify; 95} 96 97bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 98 HandleMark hm; 99 ResourceMark rm(THREAD); 100 101 Symbol* exception_name = NULL; 102 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 103 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 104 char* exception_message = message_buffer; 105 106 const char* klassName = klass->external_name(); 107 bool can_failover = FailOverToOldVerifier && 108 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 109 110 // If the class should be verified, first see if we can use the split 111 // verifier. If not, or if verification fails and FailOverToOldVerifier 112 // is set, then call the inference verifier. 113 if (is_eligible_for_verification(klass, should_verify_class)) { 114 if (TraceClassInitialization) { 115 tty->print_cr("Start class verification for: %s", klassName); 116 } 117 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 118 ClassVerifier split_verifier(klass, THREAD); 119 split_verifier.verify_class(THREAD); 120 exception_name = split_verifier.result(); 121 if (can_failover && !HAS_PENDING_EXCEPTION && 122 (exception_name == vmSymbols::java_lang_VerifyError() || 123 exception_name == vmSymbols::java_lang_ClassFormatError())) { 124 if (TraceClassInitialization || VerboseVerification) { 125 tty->print_cr( 126 "Fail over class verification to old verifier for: %s", klassName); 127 } 128 exception_name = inference_verify( 129 klass, message_buffer, message_buffer_len, THREAD); 130 } 131 if (exception_name != NULL) { 132 exception_message = split_verifier.exception_message(); 133 } 134 } else { 135 exception_name = inference_verify( 136 klass, message_buffer, message_buffer_len, THREAD); 137 } 138 139 if (TraceClassInitialization || VerboseVerification) { 140 if (HAS_PENDING_EXCEPTION) { 141 tty->print("Verification for %s has", klassName); 142 tty->print_cr(" exception pending %s ", 143 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 144 } else if (exception_name != NULL) { 145 tty->print_cr("Verification for %s failed", klassName); 146 } 147 tty->print_cr("End class verification for: %s", klassName); 148 } 149 } 150 151 if (HAS_PENDING_EXCEPTION) { 152 return false; // use the existing exception 153 } else if (exception_name == NULL) { 154 return true; // verifcation succeeded 155 } else { // VerifyError or ClassFormatError to be created and thrown 156 ResourceMark rm(THREAD); 157 instanceKlassHandle kls = 158 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 159 while (!kls.is_null()) { 160 if (kls == klass) { 161 // If the class being verified is the exception we're creating 162 // or one of it's superclasses, we're in trouble and are going 163 // to infinitely recurse when we try to initialize the exception. 164 // So bail out here by throwing the preallocated VM error. 165 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 166 } 167 kls = kls->super(); 168 } 169 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 170 THROW_MSG_(exception_name, exception_message, false); 171 } 172} 173 174bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) { 175 Symbol* name = klass->name(); 176 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 177 178 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 179 180 return (should_verify_for(klass->class_loader(), should_verify_class) && 181 // return if the class is a bootstrapping class 182 // or defineClass specified not to verify by default (flags override passed arg) 183 // We need to skip the following four for bootstraping 184 name != vmSymbols::java_lang_Object() && 185 name != vmSymbols::java_lang_Class() && 186 name != vmSymbols::java_lang_String() && 187 name != vmSymbols::java_lang_Throwable() && 188 189 // Can not verify the bytecodes for shared classes because they have 190 // already been rewritten to contain constant pool cache indices, 191 // which the verifier can't understand. 192 // Shared classes shouldn't have stackmaps either. 193 !klass()->is_shared() && 194 195 // As of the fix for 4486457 we disable verification for all of the 196 // dynamically-generated bytecodes associated with the 1.4 197 // reflection implementation, not just those associated with 198 // sun/reflect/SerializationConstructorAccessor. 199 // NOTE: this is called too early in the bootstrapping process to be 200 // guarded by Universe::is_gte_jdk14x_version(). 201 // Also for lambda generated code, gte jdk8 202 (!is_reflect)); 203} 204 205Symbol* Verifier::inference_verify( 206 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 207 JavaThread* thread = (JavaThread*)THREAD; 208 JNIEnv *env = thread->jni_environment(); 209 210 void* verify_func = verify_byte_codes_fn(); 211 212 if (verify_func == NULL) { 213 jio_snprintf(message, message_len, "Could not link verifier"); 214 return vmSymbols::java_lang_VerifyError(); 215 } 216 217 ResourceMark rm(THREAD); 218 if (VerboseVerification) { 219 tty->print_cr("Verifying class %s with old format", klass->external_name()); 220 } 221 222 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 223 jint result; 224 225 { 226 HandleMark hm(thread); 227 ThreadToNativeFromVM ttn(thread); 228 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 229 // code knows that we have left the VM 230 231 if (_is_new_verify_byte_codes_fn) { 232 verify_byte_codes_fn_new_t func = 233 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 234 result = (*func)(env, cls, message, (int)message_len, 235 klass->major_version()); 236 } else { 237 verify_byte_codes_fn_t func = 238 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 239 result = (*func)(env, cls, message, (int)message_len); 240 } 241 } 242 243 JNIHandles::destroy_local(cls); 244 245 // These numbers are chosen so that VerifyClassCodes interface doesn't need 246 // to be changed (still return jboolean (unsigned char)), and result is 247 // 1 when verification is passed. 248 if (result == 0) { 249 return vmSymbols::java_lang_VerifyError(); 250 } else if (result == 1) { 251 return NULL; // verified. 252 } else if (result == 2) { 253 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 254 } else if (result == 3) { 255 return vmSymbols::java_lang_ClassFormatError(); 256 } else { 257 ShouldNotReachHere(); 258 return NULL; 259 } 260} 261 262TypeOrigin TypeOrigin::null() { 263 return TypeOrigin(); 264} 265TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 266 assert(frame != NULL, "Must have a frame"); 267 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 268 frame->local_at(index)); 269} 270TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 271 assert(frame != NULL, "Must have a frame"); 272 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 273 frame->stack_at(index)); 274} 275TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 276 assert(frame != NULL, "Must have a frame"); 277 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 278 frame->local_at(index)); 279} 280TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 281 assert(frame != NULL, "Must have a frame"); 282 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 283 frame->stack_at(index)); 284} 285TypeOrigin TypeOrigin::bad_index(u2 index) { 286 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 287} 288TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 289 return TypeOrigin(CONST_POOL, index, NULL, vt); 290} 291TypeOrigin TypeOrigin::signature(VerificationType vt) { 292 return TypeOrigin(SIG, 0, NULL, vt); 293} 294TypeOrigin TypeOrigin::implicit(VerificationType t) { 295 return TypeOrigin(IMPLICIT, 0, NULL, t); 296} 297TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 298 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 299 VerificationType::bogus_type()); 300} 301 302void TypeOrigin::reset_frame() { 303 if (_frame != NULL) { 304 _frame->restore(); 305 } 306} 307 308void TypeOrigin::details(outputStream* ss) const { 309 _type.print_on(ss); 310 switch (_origin) { 311 case CF_LOCALS: 312 ss->print(" (current frame, locals[%d])", _index); 313 break; 314 case CF_STACK: 315 ss->print(" (current frame, stack[%d])", _index); 316 break; 317 case SM_LOCALS: 318 ss->print(" (stack map, locals[%d])", _index); 319 break; 320 case SM_STACK: 321 ss->print(" (stack map, stack[%d])", _index); 322 break; 323 case CONST_POOL: 324 ss->print(" (constant pool %d)", _index); 325 break; 326 case SIG: 327 ss->print(" (from method signature)"); 328 break; 329 case IMPLICIT: 330 case FRAME_ONLY: 331 case NONE: 332 default: 333 ; 334 } 335} 336 337#ifdef ASSERT 338void TypeOrigin::print_on(outputStream* str) const { 339 str->print("{%d,%d,%p:", _origin, _index, _frame); 340 if (_frame != NULL) { 341 _frame->print_on(str); 342 } else { 343 str->print("null"); 344 } 345 str->print(","); 346 _type.print_on(str); 347 str->print("}"); 348} 349#endif 350 351void ErrorContext::details(outputStream* ss, const Method* method) const { 352 if (is_valid()) { 353 ss->cr(); 354 ss->print_cr("Exception Details:"); 355 location_details(ss, method); 356 reason_details(ss); 357 frame_details(ss); 358 bytecode_details(ss, method); 359 handler_details(ss, method); 360 stackmap_details(ss, method); 361 } 362} 363 364void ErrorContext::reason_details(outputStream* ss) const { 365 streamIndentor si(ss); 366 ss->indent().print_cr("Reason:"); 367 streamIndentor si2(ss); 368 ss->indent().print("%s", ""); 369 switch (_fault) { 370 case INVALID_BYTECODE: 371 ss->print("Error exists in the bytecode"); 372 break; 373 case WRONG_TYPE: 374 if (_expected.is_valid()) { 375 ss->print("Type "); 376 _type.details(ss); 377 ss->print(" is not assignable to "); 378 _expected.details(ss); 379 } else { 380 ss->print("Invalid type: "); 381 _type.details(ss); 382 } 383 break; 384 case FLAGS_MISMATCH: 385 if (_expected.is_valid()) { 386 ss->print("Current frame's flags are not assignable " 387 "to stack map frame's."); 388 } else { 389 ss->print("Current frame's flags are invalid in this context."); 390 } 391 break; 392 case BAD_CP_INDEX: 393 ss->print("Constant pool index %d is invalid", _type.index()); 394 break; 395 case BAD_LOCAL_INDEX: 396 ss->print("Local index %d is invalid", _type.index()); 397 break; 398 case LOCALS_SIZE_MISMATCH: 399 ss->print("Current frame's local size doesn't match stackmap."); 400 break; 401 case STACK_SIZE_MISMATCH: 402 ss->print("Current frame's stack size doesn't match stackmap."); 403 break; 404 case STACK_OVERFLOW: 405 ss->print("Exceeded max stack size."); 406 break; 407 case STACK_UNDERFLOW: 408 ss->print("Attempt to pop empty stack."); 409 break; 410 case MISSING_STACKMAP: 411 ss->print("Expected stackmap frame at this location."); 412 break; 413 case BAD_STACKMAP: 414 ss->print("Invalid stackmap specification."); 415 break; 416 case UNKNOWN: 417 default: 418 ShouldNotReachHere(); 419 ss->print_cr("Unknown"); 420 } 421 ss->cr(); 422} 423 424void ErrorContext::location_details(outputStream* ss, const Method* method) const { 425 if (_bci != -1 && method != NULL) { 426 streamIndentor si(ss); 427 const char* bytecode_name = "<invalid>"; 428 if (method->validate_bci_from_bcx(_bci) != -1) { 429 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 430 if (Bytecodes::is_defined(code)) { 431 bytecode_name = Bytecodes::name(code); 432 } else { 433 bytecode_name = "<illegal>"; 434 } 435 } 436 InstanceKlass* ik = method->method_holder(); 437 ss->indent().print_cr("Location:"); 438 streamIndentor si2(ss); 439 ss->indent().print_cr("%s.%s%s @%d: %s", 440 ik->name()->as_C_string(), method->name()->as_C_string(), 441 method->signature()->as_C_string(), _bci, bytecode_name); 442 } 443} 444 445void ErrorContext::frame_details(outputStream* ss) const { 446 streamIndentor si(ss); 447 if (_type.is_valid() && _type.frame() != NULL) { 448 ss->indent().print_cr("Current Frame:"); 449 streamIndentor si2(ss); 450 _type.frame()->print_on(ss); 451 } 452 if (_expected.is_valid() && _expected.frame() != NULL) { 453 ss->indent().print_cr("Stackmap Frame:"); 454 streamIndentor si2(ss); 455 _expected.frame()->print_on(ss); 456 } 457} 458 459void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 460 if (method != NULL) { 461 streamIndentor si(ss); 462 ss->indent().print_cr("Bytecode:"); 463 streamIndentor si2(ss); 464 ss->print_data(method->code_base(), method->code_size(), false); 465 } 466} 467 468void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 469 if (method != NULL) { 470 streamIndentor si(ss); 471 ExceptionTable table(method); 472 if (table.length() > 0) { 473 ss->indent().print_cr("Exception Handler Table:"); 474 streamIndentor si2(ss); 475 for (int i = 0; i < table.length(); ++i) { 476 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 477 table.end_pc(i), table.handler_pc(i)); 478 } 479 } 480 } 481} 482 483void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 484 if (method != NULL && method->has_stackmap_table()) { 485 streamIndentor si(ss); 486 ss->indent().print_cr("Stackmap Table:"); 487 Array<u1>* data = method->stackmap_data(); 488 stack_map_table* sm_table = 489 stack_map_table::at((address)data->adr_at(0)); 490 stack_map_frame* sm_frame = sm_table->entries(); 491 streamIndentor si2(ss); 492 int current_offset = -1; 493 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 494 ss->indent(); 495 sm_frame->print_on(ss, current_offset); 496 ss->cr(); 497 current_offset += sm_frame->offset_delta(); 498 sm_frame = sm_frame->next(); 499 } 500 } 501} 502 503// Methods in ClassVerifier 504 505ClassVerifier::ClassVerifier( 506 instanceKlassHandle klass, TRAPS) 507 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) { 508 _this_type = VerificationType::reference_type(klass->name()); 509 // Create list to hold symbols in reference area. 510 _symbols = new GrowableArray<Symbol*>(100, 0, NULL); 511} 512 513ClassVerifier::~ClassVerifier() { 514 // Decrement the reference count for any symbols created. 515 for (int i = 0; i < _symbols->length(); i++) { 516 Symbol* s = _symbols->at(i); 517 s->decrement_refcount(); 518 } 519} 520 521VerificationType ClassVerifier::object_type() const { 522 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 523} 524 525TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) { 526 VerificationType vt = VerificationType::reference_type( 527 create_temporary_symbol(sig, (int)strlen(sig), THREAD)); 528 return TypeOrigin::implicit(vt); 529} 530 531void ClassVerifier::verify_class(TRAPS) { 532 if (VerboseVerification) { 533 tty->print_cr("Verifying class %s with new format", 534 _klass->external_name()); 535 } 536 537 Array<Method*>* methods = _klass->methods(); 538 int num_methods = methods->length(); 539 540 for (int index = 0; index < num_methods; index++) { 541 // Check for recursive re-verification before each method. 542 if (was_recursively_verified()) return; 543 544 Method* m = methods->at(index); 545 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 546 // If m is native or abstract, skip it. It is checked in class file 547 // parser that methods do not override a final method. Overpass methods 548 // are trusted since the VM generates them. 549 continue; 550 } 551 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 552 } 553 554 if (VerboseVerification || TraceClassInitialization) { 555 if (was_recursively_verified()) 556 tty->print_cr("Recursive verification detected for: %s", 557 _klass->external_name()); 558 } 559} 560 561void ClassVerifier::verify_method(methodHandle m, TRAPS) { 562 HandleMark hm(THREAD); 563 _method = m; // initialize _method 564 if (VerboseVerification) { 565 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 566 } 567 568// For clang, the only good constant format string is a literal constant format string. 569#define bad_type_msg "Bad type on operand stack in %s" 570 571 int32_t max_stack = m->verifier_max_stack(); 572 int32_t max_locals = m->max_locals(); 573 constantPoolHandle cp(THREAD, m->constants()); 574 575 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 576 class_format_error("Invalid method signature"); 577 return; 578 } 579 580 // Initial stack map frame: offset is 0, stack is initially empty. 581 StackMapFrame current_frame(max_locals, max_stack, this); 582 // Set initial locals 583 VerificationType return_type = current_frame.set_locals_from_arg( 584 m, current_type(), CHECK_VERIFY(this)); 585 586 int32_t stackmap_index = 0; // index to the stackmap array 587 588 u4 code_length = m->code_size(); 589 590 // Scan the bytecode and map each instruction's start offset to a number. 591 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 592 593 int ex_min = code_length; 594 int ex_max = -1; 595 // Look through each item on the exception table. Each of the fields must refer 596 // to a legal instruction. 597 verify_exception_handler_table( 598 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 599 600 // Look through each entry on the local variable table and make sure 601 // its range of code array offsets is valid. (4169817) 602 if (m->has_localvariable_table()) { 603 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 604 } 605 606 Array<u1>* stackmap_data = m->stackmap_data(); 607 StackMapStream stream(stackmap_data); 608 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 609 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 610 code_data, code_length, CHECK_VERIFY(this)); 611 612 if (VerboseVerification) { 613 stackmap_table.print_on(tty); 614 } 615 616 RawBytecodeStream bcs(m); 617 618 // Scan the byte code linearly from the start to the end 619 bool no_control_flow = false; // Set to true when there is no direct control 620 // flow from current instruction to the next 621 // instruction in sequence 622 Bytecodes::Code opcode; 623 while (!bcs.is_last_bytecode()) { 624 // Check for recursive re-verification before each bytecode. 625 if (was_recursively_verified()) return; 626 627 opcode = bcs.raw_next(); 628 u2 bci = bcs.bci(); 629 630 // Set current frame's offset to bci 631 current_frame.set_offset(bci); 632 current_frame.set_mark(); 633 634 // Make sure every offset in stackmap table point to the beginning to 635 // an instruction. Match current_frame to stackmap_table entry with 636 // the same offset if exists. 637 stackmap_index = verify_stackmap_table( 638 stackmap_index, bci, ¤t_frame, &stackmap_table, 639 no_control_flow, CHECK_VERIFY(this)); 640 641 642 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 643 644 // Merge with the next instruction 645 { 646 u2 index; 647 int target; 648 VerificationType type, type2; 649 VerificationType atype; 650 651#ifndef PRODUCT 652 if (VerboseVerification) { 653 current_frame.print_on(tty); 654 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 655 } 656#endif 657 658 // Make sure wide instruction is in correct format 659 if (bcs.is_wide()) { 660 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 661 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 662 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 663 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 664 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 665 opcode != Bytecodes::_dstore) { 666 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 667 * if we encounter a wide instruction that modifies an invalid 668 * opcode (not one of the ones listed above) */ 669 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 670 return; 671 } 672 } 673 674 switch (opcode) { 675 case Bytecodes::_nop : 676 no_control_flow = false; break; 677 case Bytecodes::_aconst_null : 678 current_frame.push_stack( 679 VerificationType::null_type(), CHECK_VERIFY(this)); 680 no_control_flow = false; break; 681 case Bytecodes::_iconst_m1 : 682 case Bytecodes::_iconst_0 : 683 case Bytecodes::_iconst_1 : 684 case Bytecodes::_iconst_2 : 685 case Bytecodes::_iconst_3 : 686 case Bytecodes::_iconst_4 : 687 case Bytecodes::_iconst_5 : 688 current_frame.push_stack( 689 VerificationType::integer_type(), CHECK_VERIFY(this)); 690 no_control_flow = false; break; 691 case Bytecodes::_lconst_0 : 692 case Bytecodes::_lconst_1 : 693 current_frame.push_stack_2( 694 VerificationType::long_type(), 695 VerificationType::long2_type(), CHECK_VERIFY(this)); 696 no_control_flow = false; break; 697 case Bytecodes::_fconst_0 : 698 case Bytecodes::_fconst_1 : 699 case Bytecodes::_fconst_2 : 700 current_frame.push_stack( 701 VerificationType::float_type(), CHECK_VERIFY(this)); 702 no_control_flow = false; break; 703 case Bytecodes::_dconst_0 : 704 case Bytecodes::_dconst_1 : 705 current_frame.push_stack_2( 706 VerificationType::double_type(), 707 VerificationType::double2_type(), CHECK_VERIFY(this)); 708 no_control_flow = false; break; 709 case Bytecodes::_sipush : 710 case Bytecodes::_bipush : 711 current_frame.push_stack( 712 VerificationType::integer_type(), CHECK_VERIFY(this)); 713 no_control_flow = false; break; 714 case Bytecodes::_ldc : 715 verify_ldc( 716 opcode, bcs.get_index_u1(), ¤t_frame, 717 cp, bci, CHECK_VERIFY(this)); 718 no_control_flow = false; break; 719 case Bytecodes::_ldc_w : 720 case Bytecodes::_ldc2_w : 721 verify_ldc( 722 opcode, bcs.get_index_u2(), ¤t_frame, 723 cp, bci, CHECK_VERIFY(this)); 724 no_control_flow = false; break; 725 case Bytecodes::_iload : 726 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 727 no_control_flow = false; break; 728 case Bytecodes::_iload_0 : 729 case Bytecodes::_iload_1 : 730 case Bytecodes::_iload_2 : 731 case Bytecodes::_iload_3 : 732 index = opcode - Bytecodes::_iload_0; 733 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 734 no_control_flow = false; break; 735 case Bytecodes::_lload : 736 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 737 no_control_flow = false; break; 738 case Bytecodes::_lload_0 : 739 case Bytecodes::_lload_1 : 740 case Bytecodes::_lload_2 : 741 case Bytecodes::_lload_3 : 742 index = opcode - Bytecodes::_lload_0; 743 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 744 no_control_flow = false; break; 745 case Bytecodes::_fload : 746 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 747 no_control_flow = false; break; 748 case Bytecodes::_fload_0 : 749 case Bytecodes::_fload_1 : 750 case Bytecodes::_fload_2 : 751 case Bytecodes::_fload_3 : 752 index = opcode - Bytecodes::_fload_0; 753 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 754 no_control_flow = false; break; 755 case Bytecodes::_dload : 756 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 757 no_control_flow = false; break; 758 case Bytecodes::_dload_0 : 759 case Bytecodes::_dload_1 : 760 case Bytecodes::_dload_2 : 761 case Bytecodes::_dload_3 : 762 index = opcode - Bytecodes::_dload_0; 763 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 764 no_control_flow = false; break; 765 case Bytecodes::_aload : 766 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 767 no_control_flow = false; break; 768 case Bytecodes::_aload_0 : 769 case Bytecodes::_aload_1 : 770 case Bytecodes::_aload_2 : 771 case Bytecodes::_aload_3 : 772 index = opcode - Bytecodes::_aload_0; 773 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 774 no_control_flow = false; break; 775 case Bytecodes::_iaload : 776 type = current_frame.pop_stack( 777 VerificationType::integer_type(), CHECK_VERIFY(this)); 778 atype = current_frame.pop_stack( 779 VerificationType::reference_check(), CHECK_VERIFY(this)); 780 if (!atype.is_int_array()) { 781 verify_error(ErrorContext::bad_type(bci, 782 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 783 bad_type_msg, "iaload"); 784 return; 785 } 786 current_frame.push_stack( 787 VerificationType::integer_type(), CHECK_VERIFY(this)); 788 no_control_flow = false; break; 789 case Bytecodes::_baload : 790 type = current_frame.pop_stack( 791 VerificationType::integer_type(), CHECK_VERIFY(this)); 792 atype = current_frame.pop_stack( 793 VerificationType::reference_check(), CHECK_VERIFY(this)); 794 if (!atype.is_bool_array() && !atype.is_byte_array()) { 795 verify_error( 796 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 797 bad_type_msg, "baload"); 798 return; 799 } 800 current_frame.push_stack( 801 VerificationType::integer_type(), CHECK_VERIFY(this)); 802 no_control_flow = false; break; 803 case Bytecodes::_caload : 804 type = current_frame.pop_stack( 805 VerificationType::integer_type(), CHECK_VERIFY(this)); 806 atype = current_frame.pop_stack( 807 VerificationType::reference_check(), CHECK_VERIFY(this)); 808 if (!atype.is_char_array()) { 809 verify_error(ErrorContext::bad_type(bci, 810 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 811 bad_type_msg, "caload"); 812 return; 813 } 814 current_frame.push_stack( 815 VerificationType::integer_type(), CHECK_VERIFY(this)); 816 no_control_flow = false; break; 817 case Bytecodes::_saload : 818 type = current_frame.pop_stack( 819 VerificationType::integer_type(), CHECK_VERIFY(this)); 820 atype = current_frame.pop_stack( 821 VerificationType::reference_check(), CHECK_VERIFY(this)); 822 if (!atype.is_short_array()) { 823 verify_error(ErrorContext::bad_type(bci, 824 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 825 bad_type_msg, "saload"); 826 return; 827 } 828 current_frame.push_stack( 829 VerificationType::integer_type(), CHECK_VERIFY(this)); 830 no_control_flow = false; break; 831 case Bytecodes::_laload : 832 type = current_frame.pop_stack( 833 VerificationType::integer_type(), CHECK_VERIFY(this)); 834 atype = current_frame.pop_stack( 835 VerificationType::reference_check(), CHECK_VERIFY(this)); 836 if (!atype.is_long_array()) { 837 verify_error(ErrorContext::bad_type(bci, 838 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 839 bad_type_msg, "laload"); 840 return; 841 } 842 current_frame.push_stack_2( 843 VerificationType::long_type(), 844 VerificationType::long2_type(), CHECK_VERIFY(this)); 845 no_control_flow = false; break; 846 case Bytecodes::_faload : 847 type = current_frame.pop_stack( 848 VerificationType::integer_type(), CHECK_VERIFY(this)); 849 atype = current_frame.pop_stack( 850 VerificationType::reference_check(), CHECK_VERIFY(this)); 851 if (!atype.is_float_array()) { 852 verify_error(ErrorContext::bad_type(bci, 853 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 854 bad_type_msg, "faload"); 855 return; 856 } 857 current_frame.push_stack( 858 VerificationType::float_type(), CHECK_VERIFY(this)); 859 no_control_flow = false; break; 860 case Bytecodes::_daload : 861 type = current_frame.pop_stack( 862 VerificationType::integer_type(), CHECK_VERIFY(this)); 863 atype = current_frame.pop_stack( 864 VerificationType::reference_check(), CHECK_VERIFY(this)); 865 if (!atype.is_double_array()) { 866 verify_error(ErrorContext::bad_type(bci, 867 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 868 bad_type_msg, "daload"); 869 return; 870 } 871 current_frame.push_stack_2( 872 VerificationType::double_type(), 873 VerificationType::double2_type(), CHECK_VERIFY(this)); 874 no_control_flow = false; break; 875 case Bytecodes::_aaload : { 876 type = current_frame.pop_stack( 877 VerificationType::integer_type(), CHECK_VERIFY(this)); 878 atype = current_frame.pop_stack( 879 VerificationType::reference_check(), CHECK_VERIFY(this)); 880 if (!atype.is_reference_array()) { 881 verify_error(ErrorContext::bad_type(bci, 882 current_frame.stack_top_ctx(), 883 TypeOrigin::implicit(VerificationType::reference_check())), 884 bad_type_msg, "aaload"); 885 return; 886 } 887 if (atype.is_null()) { 888 current_frame.push_stack( 889 VerificationType::null_type(), CHECK_VERIFY(this)); 890 } else { 891 VerificationType component = 892 atype.get_component(this, CHECK_VERIFY(this)); 893 current_frame.push_stack(component, CHECK_VERIFY(this)); 894 } 895 no_control_flow = false; break; 896 } 897 case Bytecodes::_istore : 898 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_istore_0 : 901 case Bytecodes::_istore_1 : 902 case Bytecodes::_istore_2 : 903 case Bytecodes::_istore_3 : 904 index = opcode - Bytecodes::_istore_0; 905 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 906 no_control_flow = false; break; 907 case Bytecodes::_lstore : 908 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 909 no_control_flow = false; break; 910 case Bytecodes::_lstore_0 : 911 case Bytecodes::_lstore_1 : 912 case Bytecodes::_lstore_2 : 913 case Bytecodes::_lstore_3 : 914 index = opcode - Bytecodes::_lstore_0; 915 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 916 no_control_flow = false; break; 917 case Bytecodes::_fstore : 918 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 919 no_control_flow = false; break; 920 case Bytecodes::_fstore_0 : 921 case Bytecodes::_fstore_1 : 922 case Bytecodes::_fstore_2 : 923 case Bytecodes::_fstore_3 : 924 index = opcode - Bytecodes::_fstore_0; 925 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_dstore : 928 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 929 no_control_flow = false; break; 930 case Bytecodes::_dstore_0 : 931 case Bytecodes::_dstore_1 : 932 case Bytecodes::_dstore_2 : 933 case Bytecodes::_dstore_3 : 934 index = opcode - Bytecodes::_dstore_0; 935 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 936 no_control_flow = false; break; 937 case Bytecodes::_astore : 938 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 939 no_control_flow = false; break; 940 case Bytecodes::_astore_0 : 941 case Bytecodes::_astore_1 : 942 case Bytecodes::_astore_2 : 943 case Bytecodes::_astore_3 : 944 index = opcode - Bytecodes::_astore_0; 945 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 946 no_control_flow = false; break; 947 case Bytecodes::_iastore : 948 type = current_frame.pop_stack( 949 VerificationType::integer_type(), CHECK_VERIFY(this)); 950 type2 = current_frame.pop_stack( 951 VerificationType::integer_type(), CHECK_VERIFY(this)); 952 atype = current_frame.pop_stack( 953 VerificationType::reference_check(), CHECK_VERIFY(this)); 954 if (!atype.is_int_array()) { 955 verify_error(ErrorContext::bad_type(bci, 956 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)), 957 bad_type_msg, "iastore"); 958 return; 959 } 960 no_control_flow = false; break; 961 case Bytecodes::_bastore : 962 type = current_frame.pop_stack( 963 VerificationType::integer_type(), CHECK_VERIFY(this)); 964 type2 = current_frame.pop_stack( 965 VerificationType::integer_type(), CHECK_VERIFY(this)); 966 atype = current_frame.pop_stack( 967 VerificationType::reference_check(), CHECK_VERIFY(this)); 968 if (!atype.is_bool_array() && !atype.is_byte_array()) { 969 verify_error( 970 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 971 bad_type_msg, "bastore"); 972 return; 973 } 974 no_control_flow = false; break; 975 case Bytecodes::_castore : 976 current_frame.pop_stack( 977 VerificationType::integer_type(), CHECK_VERIFY(this)); 978 current_frame.pop_stack( 979 VerificationType::integer_type(), CHECK_VERIFY(this)); 980 atype = current_frame.pop_stack( 981 VerificationType::reference_check(), CHECK_VERIFY(this)); 982 if (!atype.is_char_array()) { 983 verify_error(ErrorContext::bad_type(bci, 984 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)), 985 bad_type_msg, "castore"); 986 return; 987 } 988 no_control_flow = false; break; 989 case Bytecodes::_sastore : 990 current_frame.pop_stack( 991 VerificationType::integer_type(), CHECK_VERIFY(this)); 992 current_frame.pop_stack( 993 VerificationType::integer_type(), CHECK_VERIFY(this)); 994 atype = current_frame.pop_stack( 995 VerificationType::reference_check(), CHECK_VERIFY(this)); 996 if (!atype.is_short_array()) { 997 verify_error(ErrorContext::bad_type(bci, 998 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)), 999 bad_type_msg, "sastore"); 1000 return; 1001 } 1002 no_control_flow = false; break; 1003 case Bytecodes::_lastore : 1004 current_frame.pop_stack_2( 1005 VerificationType::long2_type(), 1006 VerificationType::long_type(), CHECK_VERIFY(this)); 1007 current_frame.pop_stack( 1008 VerificationType::integer_type(), CHECK_VERIFY(this)); 1009 atype = current_frame.pop_stack( 1010 VerificationType::reference_check(), CHECK_VERIFY(this)); 1011 if (!atype.is_long_array()) { 1012 verify_error(ErrorContext::bad_type(bci, 1013 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)), 1014 bad_type_msg, "lastore"); 1015 return; 1016 } 1017 no_control_flow = false; break; 1018 case Bytecodes::_fastore : 1019 current_frame.pop_stack( 1020 VerificationType::float_type(), CHECK_VERIFY(this)); 1021 current_frame.pop_stack 1022 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1023 atype = current_frame.pop_stack( 1024 VerificationType::reference_check(), CHECK_VERIFY(this)); 1025 if (!atype.is_float_array()) { 1026 verify_error(ErrorContext::bad_type(bci, 1027 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)), 1028 bad_type_msg, "fastore"); 1029 return; 1030 } 1031 no_control_flow = false; break; 1032 case Bytecodes::_dastore : 1033 current_frame.pop_stack_2( 1034 VerificationType::double2_type(), 1035 VerificationType::double_type(), CHECK_VERIFY(this)); 1036 current_frame.pop_stack( 1037 VerificationType::integer_type(), CHECK_VERIFY(this)); 1038 atype = current_frame.pop_stack( 1039 VerificationType::reference_check(), CHECK_VERIFY(this)); 1040 if (!atype.is_double_array()) { 1041 verify_error(ErrorContext::bad_type(bci, 1042 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)), 1043 bad_type_msg, "dastore"); 1044 return; 1045 } 1046 no_control_flow = false; break; 1047 case Bytecodes::_aastore : 1048 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1049 type2 = current_frame.pop_stack( 1050 VerificationType::integer_type(), CHECK_VERIFY(this)); 1051 atype = current_frame.pop_stack( 1052 VerificationType::reference_check(), CHECK_VERIFY(this)); 1053 // more type-checking is done at runtime 1054 if (!atype.is_reference_array()) { 1055 verify_error(ErrorContext::bad_type(bci, 1056 current_frame.stack_top_ctx(), 1057 TypeOrigin::implicit(VerificationType::reference_check())), 1058 bad_type_msg, "aastore"); 1059 return; 1060 } 1061 // 4938384: relaxed constraint in JVMS 3nd edition. 1062 no_control_flow = false; break; 1063 case Bytecodes::_pop : 1064 current_frame.pop_stack( 1065 VerificationType::category1_check(), CHECK_VERIFY(this)); 1066 no_control_flow = false; break; 1067 case Bytecodes::_pop2 : 1068 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1069 if (type.is_category1()) { 1070 current_frame.pop_stack( 1071 VerificationType::category1_check(), CHECK_VERIFY(this)); 1072 } else if (type.is_category2_2nd()) { 1073 current_frame.pop_stack( 1074 VerificationType::category2_check(), CHECK_VERIFY(this)); 1075 } else { 1076 /* Unreachable? Would need a category2_1st on TOS 1077 * which does not appear possible. */ 1078 verify_error( 1079 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1080 bad_type_msg, "pop2"); 1081 return; 1082 } 1083 no_control_flow = false; break; 1084 case Bytecodes::_dup : 1085 type = current_frame.pop_stack( 1086 VerificationType::category1_check(), CHECK_VERIFY(this)); 1087 current_frame.push_stack(type, CHECK_VERIFY(this)); 1088 current_frame.push_stack(type, CHECK_VERIFY(this)); 1089 no_control_flow = false; break; 1090 case Bytecodes::_dup_x1 : 1091 type = current_frame.pop_stack( 1092 VerificationType::category1_check(), CHECK_VERIFY(this)); 1093 type2 = current_frame.pop_stack( 1094 VerificationType::category1_check(), CHECK_VERIFY(this)); 1095 current_frame.push_stack(type, CHECK_VERIFY(this)); 1096 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1097 current_frame.push_stack(type, CHECK_VERIFY(this)); 1098 no_control_flow = false; break; 1099 case Bytecodes::_dup_x2 : 1100 { 1101 VerificationType type3; 1102 type = current_frame.pop_stack( 1103 VerificationType::category1_check(), CHECK_VERIFY(this)); 1104 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1105 if (type2.is_category1()) { 1106 type3 = current_frame.pop_stack( 1107 VerificationType::category1_check(), CHECK_VERIFY(this)); 1108 } else if (type2.is_category2_2nd()) { 1109 type3 = current_frame.pop_stack( 1110 VerificationType::category2_check(), CHECK_VERIFY(this)); 1111 } else { 1112 /* Unreachable? Would need a category2_1st at stack depth 2 with 1113 * a category1 on TOS which does not appear possible. */ 1114 verify_error(ErrorContext::bad_type( 1115 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1116 return; 1117 } 1118 current_frame.push_stack(type, CHECK_VERIFY(this)); 1119 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1120 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1121 current_frame.push_stack(type, CHECK_VERIFY(this)); 1122 no_control_flow = false; break; 1123 } 1124 case Bytecodes::_dup2 : 1125 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1126 if (type.is_category1()) { 1127 type2 = current_frame.pop_stack( 1128 VerificationType::category1_check(), CHECK_VERIFY(this)); 1129 } else if (type.is_category2_2nd()) { 1130 type2 = current_frame.pop_stack( 1131 VerificationType::category2_check(), CHECK_VERIFY(this)); 1132 } else { 1133 /* Unreachable? Would need a category2_1st on TOS which does not 1134 * appear possible. */ 1135 verify_error( 1136 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1137 bad_type_msg, "dup2"); 1138 return; 1139 } 1140 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1141 current_frame.push_stack(type, CHECK_VERIFY(this)); 1142 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1143 current_frame.push_stack(type, CHECK_VERIFY(this)); 1144 no_control_flow = false; break; 1145 case Bytecodes::_dup2_x1 : 1146 { 1147 VerificationType type3; 1148 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1149 if (type.is_category1()) { 1150 type2 = current_frame.pop_stack( 1151 VerificationType::category1_check(), CHECK_VERIFY(this)); 1152 } else if (type.is_category2_2nd()) { 1153 type2 = current_frame.pop_stack( 1154 VerificationType::category2_check(), CHECK_VERIFY(this)); 1155 } else { 1156 /* Unreachable? Would need a category2_1st on TOS which does 1157 * not appear possible. */ 1158 verify_error( 1159 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1160 bad_type_msg, "dup2_x1"); 1161 return; 1162 } 1163 type3 = current_frame.pop_stack( 1164 VerificationType::category1_check(), CHECK_VERIFY(this)); 1165 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1166 current_frame.push_stack(type, CHECK_VERIFY(this)); 1167 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1168 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1169 current_frame.push_stack(type, CHECK_VERIFY(this)); 1170 no_control_flow = false; break; 1171 } 1172 case Bytecodes::_dup2_x2 : 1173 { 1174 VerificationType type3, type4; 1175 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1176 if (type.is_category1()) { 1177 type2 = current_frame.pop_stack( 1178 VerificationType::category1_check(), CHECK_VERIFY(this)); 1179 } else if (type.is_category2_2nd()) { 1180 type2 = current_frame.pop_stack( 1181 VerificationType::category2_check(), CHECK_VERIFY(this)); 1182 } else { 1183 /* Unreachable? Would need a category2_1st on TOS which does 1184 * not appear possible. */ 1185 verify_error( 1186 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1187 bad_type_msg, "dup2_x2"); 1188 return; 1189 } 1190 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1191 if (type3.is_category1()) { 1192 type4 = current_frame.pop_stack( 1193 VerificationType::category1_check(), CHECK_VERIFY(this)); 1194 } else if (type3.is_category2_2nd()) { 1195 type4 = current_frame.pop_stack( 1196 VerificationType::category2_check(), CHECK_VERIFY(this)); 1197 } else { 1198 /* Unreachable? Would need a category2_1st on TOS after popping 1199 * a long/double or two category 1's, which does not 1200 * appear possible. */ 1201 verify_error( 1202 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1203 bad_type_msg, "dup2_x2"); 1204 return; 1205 } 1206 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1207 current_frame.push_stack(type, CHECK_VERIFY(this)); 1208 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1209 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1210 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1211 current_frame.push_stack(type, CHECK_VERIFY(this)); 1212 no_control_flow = false; break; 1213 } 1214 case Bytecodes::_swap : 1215 type = current_frame.pop_stack( 1216 VerificationType::category1_check(), CHECK_VERIFY(this)); 1217 type2 = current_frame.pop_stack( 1218 VerificationType::category1_check(), CHECK_VERIFY(this)); 1219 current_frame.push_stack(type, CHECK_VERIFY(this)); 1220 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1221 no_control_flow = false; break; 1222 case Bytecodes::_iadd : 1223 case Bytecodes::_isub : 1224 case Bytecodes::_imul : 1225 case Bytecodes::_idiv : 1226 case Bytecodes::_irem : 1227 case Bytecodes::_ishl : 1228 case Bytecodes::_ishr : 1229 case Bytecodes::_iushr : 1230 case Bytecodes::_ior : 1231 case Bytecodes::_ixor : 1232 case Bytecodes::_iand : 1233 current_frame.pop_stack( 1234 VerificationType::integer_type(), CHECK_VERIFY(this)); 1235 // fall through 1236 case Bytecodes::_ineg : 1237 current_frame.pop_stack( 1238 VerificationType::integer_type(), CHECK_VERIFY(this)); 1239 current_frame.push_stack( 1240 VerificationType::integer_type(), CHECK_VERIFY(this)); 1241 no_control_flow = false; break; 1242 case Bytecodes::_ladd : 1243 case Bytecodes::_lsub : 1244 case Bytecodes::_lmul : 1245 case Bytecodes::_ldiv : 1246 case Bytecodes::_lrem : 1247 case Bytecodes::_land : 1248 case Bytecodes::_lor : 1249 case Bytecodes::_lxor : 1250 current_frame.pop_stack_2( 1251 VerificationType::long2_type(), 1252 VerificationType::long_type(), CHECK_VERIFY(this)); 1253 // fall through 1254 case Bytecodes::_lneg : 1255 current_frame.pop_stack_2( 1256 VerificationType::long2_type(), 1257 VerificationType::long_type(), CHECK_VERIFY(this)); 1258 current_frame.push_stack_2( 1259 VerificationType::long_type(), 1260 VerificationType::long2_type(), CHECK_VERIFY(this)); 1261 no_control_flow = false; break; 1262 case Bytecodes::_lshl : 1263 case Bytecodes::_lshr : 1264 case Bytecodes::_lushr : 1265 current_frame.pop_stack( 1266 VerificationType::integer_type(), CHECK_VERIFY(this)); 1267 current_frame.pop_stack_2( 1268 VerificationType::long2_type(), 1269 VerificationType::long_type(), CHECK_VERIFY(this)); 1270 current_frame.push_stack_2( 1271 VerificationType::long_type(), 1272 VerificationType::long2_type(), CHECK_VERIFY(this)); 1273 no_control_flow = false; break; 1274 case Bytecodes::_fadd : 1275 case Bytecodes::_fsub : 1276 case Bytecodes::_fmul : 1277 case Bytecodes::_fdiv : 1278 case Bytecodes::_frem : 1279 current_frame.pop_stack( 1280 VerificationType::float_type(), CHECK_VERIFY(this)); 1281 // fall through 1282 case Bytecodes::_fneg : 1283 current_frame.pop_stack( 1284 VerificationType::float_type(), CHECK_VERIFY(this)); 1285 current_frame.push_stack( 1286 VerificationType::float_type(), CHECK_VERIFY(this)); 1287 no_control_flow = false; break; 1288 case Bytecodes::_dadd : 1289 case Bytecodes::_dsub : 1290 case Bytecodes::_dmul : 1291 case Bytecodes::_ddiv : 1292 case Bytecodes::_drem : 1293 current_frame.pop_stack_2( 1294 VerificationType::double2_type(), 1295 VerificationType::double_type(), CHECK_VERIFY(this)); 1296 // fall through 1297 case Bytecodes::_dneg : 1298 current_frame.pop_stack_2( 1299 VerificationType::double2_type(), 1300 VerificationType::double_type(), CHECK_VERIFY(this)); 1301 current_frame.push_stack_2( 1302 VerificationType::double_type(), 1303 VerificationType::double2_type(), CHECK_VERIFY(this)); 1304 no_control_flow = false; break; 1305 case Bytecodes::_iinc : 1306 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1307 no_control_flow = false; break; 1308 case Bytecodes::_i2l : 1309 type = current_frame.pop_stack( 1310 VerificationType::integer_type(), CHECK_VERIFY(this)); 1311 current_frame.push_stack_2( 1312 VerificationType::long_type(), 1313 VerificationType::long2_type(), CHECK_VERIFY(this)); 1314 no_control_flow = false; break; 1315 case Bytecodes::_l2i : 1316 current_frame.pop_stack_2( 1317 VerificationType::long2_type(), 1318 VerificationType::long_type(), CHECK_VERIFY(this)); 1319 current_frame.push_stack( 1320 VerificationType::integer_type(), CHECK_VERIFY(this)); 1321 no_control_flow = false; break; 1322 case Bytecodes::_i2f : 1323 current_frame.pop_stack( 1324 VerificationType::integer_type(), CHECK_VERIFY(this)); 1325 current_frame.push_stack( 1326 VerificationType::float_type(), CHECK_VERIFY(this)); 1327 no_control_flow = false; break; 1328 case Bytecodes::_i2d : 1329 current_frame.pop_stack( 1330 VerificationType::integer_type(), CHECK_VERIFY(this)); 1331 current_frame.push_stack_2( 1332 VerificationType::double_type(), 1333 VerificationType::double2_type(), CHECK_VERIFY(this)); 1334 no_control_flow = false; break; 1335 case Bytecodes::_l2f : 1336 current_frame.pop_stack_2( 1337 VerificationType::long2_type(), 1338 VerificationType::long_type(), CHECK_VERIFY(this)); 1339 current_frame.push_stack( 1340 VerificationType::float_type(), CHECK_VERIFY(this)); 1341 no_control_flow = false; break; 1342 case Bytecodes::_l2d : 1343 current_frame.pop_stack_2( 1344 VerificationType::long2_type(), 1345 VerificationType::long_type(), CHECK_VERIFY(this)); 1346 current_frame.push_stack_2( 1347 VerificationType::double_type(), 1348 VerificationType::double2_type(), CHECK_VERIFY(this)); 1349 no_control_flow = false; break; 1350 case Bytecodes::_f2i : 1351 current_frame.pop_stack( 1352 VerificationType::float_type(), CHECK_VERIFY(this)); 1353 current_frame.push_stack( 1354 VerificationType::integer_type(), CHECK_VERIFY(this)); 1355 no_control_flow = false; break; 1356 case Bytecodes::_f2l : 1357 current_frame.pop_stack( 1358 VerificationType::float_type(), CHECK_VERIFY(this)); 1359 current_frame.push_stack_2( 1360 VerificationType::long_type(), 1361 VerificationType::long2_type(), CHECK_VERIFY(this)); 1362 no_control_flow = false; break; 1363 case Bytecodes::_f2d : 1364 current_frame.pop_stack( 1365 VerificationType::float_type(), CHECK_VERIFY(this)); 1366 current_frame.push_stack_2( 1367 VerificationType::double_type(), 1368 VerificationType::double2_type(), CHECK_VERIFY(this)); 1369 no_control_flow = false; break; 1370 case Bytecodes::_d2i : 1371 current_frame.pop_stack_2( 1372 VerificationType::double2_type(), 1373 VerificationType::double_type(), CHECK_VERIFY(this)); 1374 current_frame.push_stack( 1375 VerificationType::integer_type(), CHECK_VERIFY(this)); 1376 no_control_flow = false; break; 1377 case Bytecodes::_d2l : 1378 current_frame.pop_stack_2( 1379 VerificationType::double2_type(), 1380 VerificationType::double_type(), CHECK_VERIFY(this)); 1381 current_frame.push_stack_2( 1382 VerificationType::long_type(), 1383 VerificationType::long2_type(), CHECK_VERIFY(this)); 1384 no_control_flow = false; break; 1385 case Bytecodes::_d2f : 1386 current_frame.pop_stack_2( 1387 VerificationType::double2_type(), 1388 VerificationType::double_type(), CHECK_VERIFY(this)); 1389 current_frame.push_stack( 1390 VerificationType::float_type(), CHECK_VERIFY(this)); 1391 no_control_flow = false; break; 1392 case Bytecodes::_i2b : 1393 case Bytecodes::_i2c : 1394 case Bytecodes::_i2s : 1395 current_frame.pop_stack( 1396 VerificationType::integer_type(), CHECK_VERIFY(this)); 1397 current_frame.push_stack( 1398 VerificationType::integer_type(), CHECK_VERIFY(this)); 1399 no_control_flow = false; break; 1400 case Bytecodes::_lcmp : 1401 current_frame.pop_stack_2( 1402 VerificationType::long2_type(), 1403 VerificationType::long_type(), CHECK_VERIFY(this)); 1404 current_frame.pop_stack_2( 1405 VerificationType::long2_type(), 1406 VerificationType::long_type(), CHECK_VERIFY(this)); 1407 current_frame.push_stack( 1408 VerificationType::integer_type(), CHECK_VERIFY(this)); 1409 no_control_flow = false; break; 1410 case Bytecodes::_fcmpl : 1411 case Bytecodes::_fcmpg : 1412 current_frame.pop_stack( 1413 VerificationType::float_type(), CHECK_VERIFY(this)); 1414 current_frame.pop_stack( 1415 VerificationType::float_type(), CHECK_VERIFY(this)); 1416 current_frame.push_stack( 1417 VerificationType::integer_type(), CHECK_VERIFY(this)); 1418 no_control_flow = false; break; 1419 case Bytecodes::_dcmpl : 1420 case Bytecodes::_dcmpg : 1421 current_frame.pop_stack_2( 1422 VerificationType::double2_type(), 1423 VerificationType::double_type(), CHECK_VERIFY(this)); 1424 current_frame.pop_stack_2( 1425 VerificationType::double2_type(), 1426 VerificationType::double_type(), CHECK_VERIFY(this)); 1427 current_frame.push_stack( 1428 VerificationType::integer_type(), CHECK_VERIFY(this)); 1429 no_control_flow = false; break; 1430 case Bytecodes::_if_icmpeq: 1431 case Bytecodes::_if_icmpne: 1432 case Bytecodes::_if_icmplt: 1433 case Bytecodes::_if_icmpge: 1434 case Bytecodes::_if_icmpgt: 1435 case Bytecodes::_if_icmple: 1436 current_frame.pop_stack( 1437 VerificationType::integer_type(), CHECK_VERIFY(this)); 1438 // fall through 1439 case Bytecodes::_ifeq: 1440 case Bytecodes::_ifne: 1441 case Bytecodes::_iflt: 1442 case Bytecodes::_ifge: 1443 case Bytecodes::_ifgt: 1444 case Bytecodes::_ifle: 1445 current_frame.pop_stack( 1446 VerificationType::integer_type(), CHECK_VERIFY(this)); 1447 target = bcs.dest(); 1448 stackmap_table.check_jump_target( 1449 ¤t_frame, target, CHECK_VERIFY(this)); 1450 no_control_flow = false; break; 1451 case Bytecodes::_if_acmpeq : 1452 case Bytecodes::_if_acmpne : 1453 current_frame.pop_stack( 1454 VerificationType::reference_check(), CHECK_VERIFY(this)); 1455 // fall through 1456 case Bytecodes::_ifnull : 1457 case Bytecodes::_ifnonnull : 1458 current_frame.pop_stack( 1459 VerificationType::reference_check(), CHECK_VERIFY(this)); 1460 target = bcs.dest(); 1461 stackmap_table.check_jump_target 1462 (¤t_frame, target, CHECK_VERIFY(this)); 1463 no_control_flow = false; break; 1464 case Bytecodes::_goto : 1465 target = bcs.dest(); 1466 stackmap_table.check_jump_target( 1467 ¤t_frame, target, CHECK_VERIFY(this)); 1468 no_control_flow = true; break; 1469 case Bytecodes::_goto_w : 1470 target = bcs.dest_w(); 1471 stackmap_table.check_jump_target( 1472 ¤t_frame, target, CHECK_VERIFY(this)); 1473 no_control_flow = true; break; 1474 case Bytecodes::_tableswitch : 1475 case Bytecodes::_lookupswitch : 1476 verify_switch( 1477 &bcs, code_length, code_data, ¤t_frame, 1478 &stackmap_table, CHECK_VERIFY(this)); 1479 no_control_flow = true; break; 1480 case Bytecodes::_ireturn : 1481 type = current_frame.pop_stack( 1482 VerificationType::integer_type(), CHECK_VERIFY(this)); 1483 verify_return_value(return_type, type, bci, 1484 ¤t_frame, CHECK_VERIFY(this)); 1485 no_control_flow = true; break; 1486 case Bytecodes::_lreturn : 1487 type2 = current_frame.pop_stack( 1488 VerificationType::long2_type(), CHECK_VERIFY(this)); 1489 type = current_frame.pop_stack( 1490 VerificationType::long_type(), CHECK_VERIFY(this)); 1491 verify_return_value(return_type, type, bci, 1492 ¤t_frame, CHECK_VERIFY(this)); 1493 no_control_flow = true; break; 1494 case Bytecodes::_freturn : 1495 type = current_frame.pop_stack( 1496 VerificationType::float_type(), CHECK_VERIFY(this)); 1497 verify_return_value(return_type, type, bci, 1498 ¤t_frame, CHECK_VERIFY(this)); 1499 no_control_flow = true; break; 1500 case Bytecodes::_dreturn : 1501 type2 = current_frame.pop_stack( 1502 VerificationType::double2_type(), CHECK_VERIFY(this)); 1503 type = current_frame.pop_stack( 1504 VerificationType::double_type(), CHECK_VERIFY(this)); 1505 verify_return_value(return_type, type, bci, 1506 ¤t_frame, CHECK_VERIFY(this)); 1507 no_control_flow = true; break; 1508 case Bytecodes::_areturn : 1509 type = current_frame.pop_stack( 1510 VerificationType::reference_check(), CHECK_VERIFY(this)); 1511 verify_return_value(return_type, type, bci, 1512 ¤t_frame, CHECK_VERIFY(this)); 1513 no_control_flow = true; break; 1514 case Bytecodes::_return : 1515 if (return_type != VerificationType::bogus_type()) { 1516 verify_error(ErrorContext::bad_code(bci), 1517 "Method expects a return value"); 1518 return; 1519 } 1520 // Make sure "this" has been initialized if current method is an 1521 // <init> 1522 if (_method->name() == vmSymbols::object_initializer_name() && 1523 current_frame.flag_this_uninit()) { 1524 verify_error(ErrorContext::bad_code(bci), 1525 "Constructor must call super() or this() " 1526 "before return"); 1527 return; 1528 } 1529 no_control_flow = true; break; 1530 case Bytecodes::_getstatic : 1531 case Bytecodes::_putstatic : 1532 case Bytecodes::_getfield : 1533 case Bytecodes::_putfield : 1534 verify_field_instructions( 1535 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1536 no_control_flow = false; break; 1537 case Bytecodes::_invokevirtual : 1538 case Bytecodes::_invokespecial : 1539 case Bytecodes::_invokestatic : 1540 verify_invoke_instructions( 1541 &bcs, code_length, ¤t_frame, 1542 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1543 no_control_flow = false; break; 1544 case Bytecodes::_invokeinterface : 1545 case Bytecodes::_invokedynamic : 1546 verify_invoke_instructions( 1547 &bcs, code_length, ¤t_frame, 1548 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1549 no_control_flow = false; break; 1550 case Bytecodes::_new : 1551 { 1552 index = bcs.get_index_u2(); 1553 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1554 VerificationType new_class_type = 1555 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1556 if (!new_class_type.is_object()) { 1557 verify_error(ErrorContext::bad_type(bci, 1558 TypeOrigin::cp(index, new_class_type)), 1559 "Illegal new instruction"); 1560 return; 1561 } 1562 type = VerificationType::uninitialized_type(bci); 1563 current_frame.push_stack(type, CHECK_VERIFY(this)); 1564 no_control_flow = false; break; 1565 } 1566 case Bytecodes::_newarray : 1567 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1568 current_frame.pop_stack( 1569 VerificationType::integer_type(), CHECK_VERIFY(this)); 1570 current_frame.push_stack(type, CHECK_VERIFY(this)); 1571 no_control_flow = false; break; 1572 case Bytecodes::_anewarray : 1573 verify_anewarray( 1574 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1575 no_control_flow = false; break; 1576 case Bytecodes::_arraylength : 1577 type = current_frame.pop_stack( 1578 VerificationType::reference_check(), CHECK_VERIFY(this)); 1579 if (!(type.is_null() || type.is_array())) { 1580 verify_error(ErrorContext::bad_type( 1581 bci, current_frame.stack_top_ctx()), 1582 bad_type_msg, "arraylength"); 1583 } 1584 current_frame.push_stack( 1585 VerificationType::integer_type(), CHECK_VERIFY(this)); 1586 no_control_flow = false; break; 1587 case Bytecodes::_checkcast : 1588 { 1589 index = bcs.get_index_u2(); 1590 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1591 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1592 VerificationType klass_type = cp_index_to_type( 1593 index, cp, CHECK_VERIFY(this)); 1594 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1595 no_control_flow = false; break; 1596 } 1597 case Bytecodes::_instanceof : { 1598 index = bcs.get_index_u2(); 1599 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1600 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1601 current_frame.push_stack( 1602 VerificationType::integer_type(), CHECK_VERIFY(this)); 1603 no_control_flow = false; break; 1604 } 1605 case Bytecodes::_monitorenter : 1606 case Bytecodes::_monitorexit : 1607 current_frame.pop_stack( 1608 VerificationType::reference_check(), CHECK_VERIFY(this)); 1609 no_control_flow = false; break; 1610 case Bytecodes::_multianewarray : 1611 { 1612 index = bcs.get_index_u2(); 1613 u2 dim = *(bcs.bcp()+3); 1614 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1615 VerificationType new_array_type = 1616 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1617 if (!new_array_type.is_array()) { 1618 verify_error(ErrorContext::bad_type(bci, 1619 TypeOrigin::cp(index, new_array_type)), 1620 "Illegal constant pool index in multianewarray instruction"); 1621 return; 1622 } 1623 if (dim < 1 || new_array_type.dimensions() < dim) { 1624 verify_error(ErrorContext::bad_code(bci), 1625 "Illegal dimension in multianewarray instruction: %d", dim); 1626 return; 1627 } 1628 for (int i = 0; i < dim; i++) { 1629 current_frame.pop_stack( 1630 VerificationType::integer_type(), CHECK_VERIFY(this)); 1631 } 1632 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1633 no_control_flow = false; break; 1634 } 1635 case Bytecodes::_athrow : 1636 type = VerificationType::reference_type( 1637 vmSymbols::java_lang_Throwable()); 1638 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1639 no_control_flow = true; break; 1640 default: 1641 // We only need to check the valid bytecodes in class file. 1642 // And jsr and ret are not in the new class file format in JDK1.5. 1643 verify_error(ErrorContext::bad_code(bci), 1644 "Bad instruction: %02x", opcode); 1645 no_control_flow = false; 1646 return; 1647 } // end switch 1648 } // end Merge with the next instruction 1649 1650 // Look for possible jump target in exception handlers and see if it 1651 // matches current_frame 1652 if (bci >= ex_min && bci < ex_max) { 1653 verify_exception_handler_targets( 1654 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1655 } 1656 } // end while 1657 1658 // Make sure that control flow does not fall through end of the method 1659 if (!no_control_flow) { 1660 verify_error(ErrorContext::bad_code(code_length), 1661 "Control flow falls through code end"); 1662 return; 1663 } 1664} 1665 1666#undef bad_type_message 1667 1668char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1669 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1670 memset(code_data, 0, sizeof(char) * code_length); 1671 RawBytecodeStream bcs(m); 1672 1673 while (!bcs.is_last_bytecode()) { 1674 if (bcs.raw_next() != Bytecodes::_illegal) { 1675 int bci = bcs.bci(); 1676 if (bcs.raw_code() == Bytecodes::_new) { 1677 code_data[bci] = NEW_OFFSET; 1678 } else { 1679 code_data[bci] = BYTECODE_OFFSET; 1680 } 1681 } else { 1682 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1683 return NULL; 1684 } 1685 } 1686 1687 return code_data; 1688} 1689 1690void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1691 ExceptionTable exhandlers(_method()); 1692 int exlength = exhandlers.length(); 1693 constantPoolHandle cp (THREAD, _method->constants()); 1694 1695 for(int i = 0; i < exlength; i++) { 1696 //reacquire the table in case a GC happened 1697 ExceptionTable exhandlers(_method()); 1698 u2 start_pc = exhandlers.start_pc(i); 1699 u2 end_pc = exhandlers.end_pc(i); 1700 u2 handler_pc = exhandlers.handler_pc(i); 1701 if (start_pc >= code_length || code_data[start_pc] == 0) { 1702 class_format_error("Illegal exception table start_pc %d", start_pc); 1703 return; 1704 } 1705 if (end_pc != code_length) { // special case: end_pc == code_length 1706 if (end_pc > code_length || code_data[end_pc] == 0) { 1707 class_format_error("Illegal exception table end_pc %d", end_pc); 1708 return; 1709 } 1710 } 1711 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1712 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1713 return; 1714 } 1715 int catch_type_index = exhandlers.catch_type_index(i); 1716 if (catch_type_index != 0) { 1717 VerificationType catch_type = cp_index_to_type( 1718 catch_type_index, cp, CHECK_VERIFY(this)); 1719 VerificationType throwable = 1720 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1721 bool is_subclass = throwable.is_assignable_from( 1722 catch_type, this, CHECK_VERIFY(this)); 1723 if (!is_subclass) { 1724 // 4286534: should throw VerifyError according to recent spec change 1725 verify_error(ErrorContext::bad_type(handler_pc, 1726 TypeOrigin::cp(catch_type_index, catch_type), 1727 TypeOrigin::implicit(throwable)), 1728 "Catch type is not a subclass " 1729 "of Throwable in exception handler %d", handler_pc); 1730 return; 1731 } 1732 } 1733 if (start_pc < min) min = start_pc; 1734 if (end_pc > max) max = end_pc; 1735 } 1736} 1737 1738void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1739 int localvariable_table_length = _method()->localvariable_table_length(); 1740 if (localvariable_table_length > 0) { 1741 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1742 for (int i = 0; i < localvariable_table_length; i++) { 1743 u2 start_bci = table[i].start_bci; 1744 u2 length = table[i].length; 1745 1746 if (start_bci >= code_length || code_data[start_bci] == 0) { 1747 class_format_error( 1748 "Illegal local variable table start_pc %d", start_bci); 1749 return; 1750 } 1751 u4 end_bci = (u4)(start_bci + length); 1752 if (end_bci != code_length) { 1753 if (end_bci >= code_length || code_data[end_bci] == 0) { 1754 class_format_error( "Illegal local variable table length %d", length); 1755 return; 1756 } 1757 } 1758 } 1759 } 1760} 1761 1762u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1763 StackMapFrame* current_frame, 1764 StackMapTable* stackmap_table, 1765 bool no_control_flow, TRAPS) { 1766 if (stackmap_index < stackmap_table->get_frame_count()) { 1767 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1768 if (no_control_flow && this_offset > bci) { 1769 verify_error(ErrorContext::missing_stackmap(bci), 1770 "Expecting a stack map frame"); 1771 return 0; 1772 } 1773 if (this_offset == bci) { 1774 ErrorContext ctx; 1775 // See if current stack map can be assigned to the frame in table. 1776 // current_frame is the stackmap frame got from the last instruction. 1777 // If matched, current_frame will be updated by this method. 1778 bool matches = stackmap_table->match_stackmap( 1779 current_frame, this_offset, stackmap_index, 1780 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1781 if (!matches) { 1782 // report type error 1783 verify_error(ctx, "Instruction type does not match stack map"); 1784 return 0; 1785 } 1786 stackmap_index++; 1787 } else if (this_offset < bci) { 1788 // current_offset should have met this_offset. 1789 class_format_error("Bad stack map offset %d", this_offset); 1790 return 0; 1791 } 1792 } else if (no_control_flow) { 1793 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1794 return 0; 1795 } 1796 return stackmap_index; 1797} 1798 1799void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1800 StackMapTable* stackmap_table, TRAPS) { 1801 constantPoolHandle cp (THREAD, _method->constants()); 1802 ExceptionTable exhandlers(_method()); 1803 int exlength = exhandlers.length(); 1804 for(int i = 0; i < exlength; i++) { 1805 //reacquire the table in case a GC happened 1806 ExceptionTable exhandlers(_method()); 1807 u2 start_pc = exhandlers.start_pc(i); 1808 u2 end_pc = exhandlers.end_pc(i); 1809 u2 handler_pc = exhandlers.handler_pc(i); 1810 int catch_type_index = exhandlers.catch_type_index(i); 1811 if(bci >= start_pc && bci < end_pc) { 1812 u1 flags = current_frame->flags(); 1813 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1814 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1815 if (catch_type_index != 0) { 1816 // We know that this index refers to a subclass of Throwable 1817 VerificationType catch_type = cp_index_to_type( 1818 catch_type_index, cp, CHECK_VERIFY(this)); 1819 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1820 } else { 1821 VerificationType throwable = 1822 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1823 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1824 } 1825 ErrorContext ctx; 1826 bool matches = stackmap_table->match_stackmap( 1827 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 1828 if (!matches) { 1829 verify_error(ctx, "Stack map does not match the one at " 1830 "exception handler %d", handler_pc); 1831 return; 1832 } 1833 } 1834 } 1835} 1836 1837void ClassVerifier::verify_cp_index( 1838 u2 bci, constantPoolHandle cp, int index, TRAPS) { 1839 int nconstants = cp->length(); 1840 if ((index <= 0) || (index >= nconstants)) { 1841 verify_error(ErrorContext::bad_cp_index(bci, index), 1842 "Illegal constant pool index %d in class %s", 1843 index, cp->pool_holder()->external_name()); 1844 return; 1845 } 1846} 1847 1848void ClassVerifier::verify_cp_type( 1849 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1850 1851 // In some situations, bytecode rewriting may occur while we're verifying. 1852 // In this case, a constant pool cache exists and some indices refer to that 1853 // instead. Be sure we don't pick up such indices by accident. 1854 // We must check was_recursively_verified() before we get here. 1855 guarantee(cp->cache() == NULL, "not rewritten yet"); 1856 1857 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1858 unsigned int tag = cp->tag_at(index).value(); 1859 if ((types & (1 << tag)) == 0) { 1860 verify_error(ErrorContext::bad_cp_index(bci, index), 1861 "Illegal type at constant pool entry %d in class %s", 1862 index, cp->pool_holder()->external_name()); 1863 return; 1864 } 1865} 1866 1867void ClassVerifier::verify_cp_class_type( 1868 u2 bci, int index, constantPoolHandle cp, TRAPS) { 1869 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1870 constantTag tag = cp->tag_at(index); 1871 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1872 verify_error(ErrorContext::bad_cp_index(bci, index), 1873 "Illegal type at constant pool entry %d in class %s", 1874 index, cp->pool_holder()->external_name()); 1875 return; 1876 } 1877} 1878 1879void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 1880 stringStream ss; 1881 1882 ctx.reset_frames(); 1883 _exception_type = vmSymbols::java_lang_VerifyError(); 1884 _error_context = ctx; 1885 va_list va; 1886 va_start(va, msg); 1887 ss.vprint(msg, va); 1888 va_end(va); 1889 _message = ss.as_string(); 1890#ifdef ASSERT 1891 ResourceMark rm; 1892 const char* exception_name = _exception_type->as_C_string(); 1893 Exceptions::debug_check_abort(exception_name, NULL); 1894#endif // ndef ASSERT 1895} 1896 1897void ClassVerifier::class_format_error(const char* msg, ...) { 1898 stringStream ss; 1899 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1900 va_list va; 1901 va_start(va, msg); 1902 ss.vprint(msg, va); 1903 va_end(va); 1904 if (!_method.is_null()) { 1905 ss.print(" in method %s", _method->name_and_sig_as_C_string()); 1906 } 1907 _message = ss.as_string(); 1908} 1909 1910Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 1911 // Get current loader and protection domain first. 1912 oop loader = current_class()->class_loader(); 1913 oop protection_domain = current_class()->protection_domain(); 1914 1915 return SystemDictionary::resolve_or_fail( 1916 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1917 true, CHECK_NULL); 1918} 1919 1920bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1921 Klass* target_class, 1922 Symbol* field_name, 1923 Symbol* field_sig, 1924 bool is_method) { 1925 No_Safepoint_Verifier nosafepoint; 1926 1927 // If target class isn't a super class of this class, we don't worry about this case 1928 if (!this_class->is_subclass_of(target_class)) { 1929 return false; 1930 } 1931 // Check if the specified method or field is protected 1932 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 1933 fieldDescriptor fd; 1934 if (is_method) { 1935 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::normal); 1936 if (m != NULL && m->is_protected()) { 1937 if (!this_class->is_same_class_package(m->method_holder())) { 1938 return true; 1939 } 1940 } 1941 } else { 1942 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 1943 if (member_klass != NULL && fd.is_protected()) { 1944 if (!this_class->is_same_class_package(member_klass)) { 1945 return true; 1946 } 1947 } 1948 } 1949 return false; 1950} 1951 1952void ClassVerifier::verify_ldc( 1953 int opcode, u2 index, StackMapFrame* current_frame, 1954 constantPoolHandle cp, u2 bci, TRAPS) { 1955 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 1956 constantTag tag = cp->tag_at(index); 1957 unsigned int types; 1958 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1959 if (!tag.is_unresolved_klass()) { 1960 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1961 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 1962 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType); 1963 // Note: The class file parser already verified the legality of 1964 // MethodHandle and MethodType constants. 1965 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 1966 } 1967 } else { 1968 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 1969 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 1970 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 1971 } 1972 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 1973 current_frame->push_stack(object_type(), CHECK_VERIFY(this)); 1974 } else if (tag.is_string()) { 1975 current_frame->push_stack( 1976 VerificationType::reference_type( 1977 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 1978 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 1979 current_frame->push_stack( 1980 VerificationType::reference_type( 1981 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 1982 } else if (tag.is_int()) { 1983 current_frame->push_stack( 1984 VerificationType::integer_type(), CHECK_VERIFY(this)); 1985 } else if (tag.is_float()) { 1986 current_frame->push_stack( 1987 VerificationType::float_type(), CHECK_VERIFY(this)); 1988 } else if (tag.is_double()) { 1989 current_frame->push_stack_2( 1990 VerificationType::double_type(), 1991 VerificationType::double2_type(), CHECK_VERIFY(this)); 1992 } else if (tag.is_long()) { 1993 current_frame->push_stack_2( 1994 VerificationType::long_type(), 1995 VerificationType::long2_type(), CHECK_VERIFY(this)); 1996 } else if (tag.is_method_handle()) { 1997 current_frame->push_stack( 1998 VerificationType::reference_type( 1999 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2000 } else if (tag.is_method_type()) { 2001 current_frame->push_stack( 2002 VerificationType::reference_type( 2003 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2004 } else { 2005 /* Unreachable? verify_cp_type has already validated the cp type. */ 2006 verify_error( 2007 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2008 return; 2009 } 2010} 2011 2012void ClassVerifier::verify_switch( 2013 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2014 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2015 int bci = bcs->bci(); 2016 address bcp = bcs->bcp(); 2017 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 2018 2019 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2020 // 4639449 & 4647081: padding bytes must be 0 2021 u2 padding_offset = 1; 2022 while ((bcp + padding_offset) < aligned_bcp) { 2023 if(*(bcp + padding_offset) != 0) { 2024 verify_error(ErrorContext::bad_code(bci), 2025 "Nonzero padding byte in lookupswitch or tableswitch"); 2026 return; 2027 } 2028 padding_offset++; 2029 } 2030 } 2031 2032 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2033 int keys, delta; 2034 current_frame->pop_stack( 2035 VerificationType::integer_type(), CHECK_VERIFY(this)); 2036 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2037 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2038 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2039 if (low > high) { 2040 verify_error(ErrorContext::bad_code(bci), 2041 "low must be less than or equal to high in tableswitch"); 2042 return; 2043 } 2044 keys = high - low + 1; 2045 if (keys < 0) { 2046 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2047 return; 2048 } 2049 delta = 1; 2050 } else { 2051 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2052 if (keys < 0) { 2053 verify_error(ErrorContext::bad_code(bci), 2054 "number of keys in lookupswitch less than 0"); 2055 return; 2056 } 2057 delta = 2; 2058 // Make sure that the lookupswitch items are sorted 2059 for (int i = 0; i < (keys - 1); i++) { 2060 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2061 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2062 if (this_key >= next_key) { 2063 verify_error(ErrorContext::bad_code(bci), 2064 "Bad lookupswitch instruction"); 2065 return; 2066 } 2067 } 2068 } 2069 int target = bci + default_offset; 2070 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2071 for (int i = 0; i < keys; i++) { 2072 // Because check_jump_target() may safepoint, the bytecode could have 2073 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2074 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize); 2075 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2076 stackmap_table->check_jump_target( 2077 current_frame, target, CHECK_VERIFY(this)); 2078 } 2079 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2080} 2081 2082bool ClassVerifier::name_in_supers( 2083 Symbol* ref_name, instanceKlassHandle current) { 2084 Klass* super = current->super(); 2085 while (super != NULL) { 2086 if (super->name() == ref_name) { 2087 return true; 2088 } 2089 super = super->super(); 2090 } 2091 return false; 2092} 2093 2094void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2095 StackMapFrame* current_frame, 2096 constantPoolHandle cp, 2097 TRAPS) { 2098 u2 index = bcs->get_index_u2(); 2099 verify_cp_type(bcs->bci(), index, cp, 2100 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2101 2102 // Get field name and signature 2103 Symbol* field_name = cp->name_ref_at(index); 2104 Symbol* field_sig = cp->signature_ref_at(index); 2105 2106 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 2107 class_format_error( 2108 "Invalid signature for field in class %s referenced " 2109 "from constant pool index %d", _klass->external_name(), index); 2110 return; 2111 } 2112 2113 // Get referenced class type 2114 VerificationType ref_class_type = cp_ref_index_to_type( 2115 index, cp, CHECK_VERIFY(this)); 2116 if (!ref_class_type.is_object()) { 2117 /* Unreachable? Class file parser verifies Fieldref contents */ 2118 verify_error(ErrorContext::bad_type(bcs->bci(), 2119 TypeOrigin::cp(index, ref_class_type)), 2120 "Expecting reference to class in class %s at constant pool index %d", 2121 _klass->external_name(), index); 2122 return; 2123 } 2124 VerificationType target_class_type = ref_class_type; 2125 2126 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2127 "buffer type must match VerificationType size"); 2128 uintptr_t field_type_buffer[2]; 2129 VerificationType* field_type = (VerificationType*)field_type_buffer; 2130 // If we make a VerificationType[2] array directly, the compiler calls 2131 // to the c-runtime library to do the allocation instead of just 2132 // stack allocating it. Plus it would run constructors. This shows up 2133 // in performance profiles. 2134 2135 SignatureStream sig_stream(field_sig, false); 2136 VerificationType stack_object_type; 2137 int n = change_sig_to_verificationType( 2138 &sig_stream, field_type, CHECK_VERIFY(this)); 2139 u2 bci = bcs->bci(); 2140 bool is_assignable; 2141 switch (bcs->raw_code()) { 2142 case Bytecodes::_getstatic: { 2143 for (int i = 0; i < n; i++) { 2144 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2145 } 2146 break; 2147 } 2148 case Bytecodes::_putstatic: { 2149 for (int i = n - 1; i >= 0; i--) { 2150 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2151 } 2152 break; 2153 } 2154 case Bytecodes::_getfield: { 2155 stack_object_type = current_frame->pop_stack( 2156 target_class_type, CHECK_VERIFY(this)); 2157 for (int i = 0; i < n; i++) { 2158 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2159 } 2160 goto check_protected; 2161 } 2162 case Bytecodes::_putfield: { 2163 for (int i = n - 1; i >= 0; i--) { 2164 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2165 } 2166 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2167 2168 // The JVMS 2nd edition allows field initialization before the superclass 2169 // initializer, if the field is defined within the current class. 2170 fieldDescriptor fd; 2171 if (stack_object_type == VerificationType::uninitialized_this_type() && 2172 target_class_type.equals(current_type()) && 2173 _klass->find_local_field(field_name, field_sig, &fd)) { 2174 stack_object_type = current_type(); 2175 } 2176 is_assignable = target_class_type.is_assignable_from( 2177 stack_object_type, this, CHECK_VERIFY(this)); 2178 if (!is_assignable) { 2179 verify_error(ErrorContext::bad_type(bci, 2180 current_frame->stack_top_ctx(), 2181 TypeOrigin::cp(index, target_class_type)), 2182 "Bad type on operand stack in putfield"); 2183 return; 2184 } 2185 } 2186 check_protected: { 2187 if (_this_type == stack_object_type) 2188 break; // stack_object_type must be assignable to _current_class_type 2189 Symbol* ref_class_name = 2190 cp->klass_name_at(cp->klass_ref_index_at(index)); 2191 if (!name_in_supers(ref_class_name, current_class())) 2192 // stack_object_type must be assignable to _current_class_type since: 2193 // 1. stack_object_type must be assignable to ref_class. 2194 // 2. ref_class must be _current_class or a subclass of it. It can't 2195 // be a superclass of it. See revised JVMS 5.4.4. 2196 break; 2197 2198 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2199 if (is_protected_access(current_class(), ref_class_oop, field_name, 2200 field_sig, false)) { 2201 // It's protected access, check if stack object is assignable to 2202 // current class. 2203 is_assignable = current_type().is_assignable_from( 2204 stack_object_type, this, CHECK_VERIFY(this)); 2205 if (!is_assignable) { 2206 verify_error(ErrorContext::bad_type(bci, 2207 current_frame->stack_top_ctx(), 2208 TypeOrigin::implicit(current_type())), 2209 "Bad access to protected data in getfield"); 2210 return; 2211 } 2212 } 2213 break; 2214 } 2215 default: ShouldNotReachHere(); 2216 } 2217} 2218 2219void ClassVerifier::verify_invoke_init( 2220 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2221 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 2222 constantPoolHandle cp, TRAPS) { 2223 u2 bci = bcs->bci(); 2224 VerificationType type = current_frame->pop_stack( 2225 VerificationType::reference_check(), CHECK_VERIFY(this)); 2226 if (type == VerificationType::uninitialized_this_type()) { 2227 // The method must be an <init> method of this class or its superclass 2228 Klass* superk = current_class()->super(); 2229 if (ref_class_type.name() != current_class()->name() && 2230 ref_class_type.name() != superk->name()) { 2231 verify_error(ErrorContext::bad_type(bci, 2232 TypeOrigin::implicit(ref_class_type), 2233 TypeOrigin::implicit(current_type())), 2234 "Bad <init> method call"); 2235 return; 2236 } 2237 current_frame->initialize_object(type, current_type()); 2238 *this_uninit = true; 2239 } else if (type.is_uninitialized()) { 2240 u2 new_offset = type.bci(); 2241 address new_bcp = bcs->bcp() - bci + new_offset; 2242 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2243 /* Unreachable? Stack map parsing ensures valid type and new 2244 * instructions have a valid BCI. */ 2245 verify_error(ErrorContext::bad_code(new_offset), 2246 "Expecting new instruction"); 2247 return; 2248 } 2249 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2250 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2251 2252 // The method must be an <init> method of the indicated class 2253 VerificationType new_class_type = cp_index_to_type( 2254 new_class_index, cp, CHECK_VERIFY(this)); 2255 if (!new_class_type.equals(ref_class_type)) { 2256 verify_error(ErrorContext::bad_type(bci, 2257 TypeOrigin::cp(new_class_index, new_class_type), 2258 TypeOrigin::cp(ref_class_index, ref_class_type)), 2259 "Call to wrong <init> method"); 2260 return; 2261 } 2262 // According to the VM spec, if the referent class is a superclass of the 2263 // current class, and is in a different runtime package, and the method is 2264 // protected, then the objectref must be the current class or a subclass 2265 // of the current class. 2266 VerificationType objectref_type = new_class_type; 2267 if (name_in_supers(ref_class_type.name(), current_class())) { 2268 Klass* ref_klass = load_class( 2269 ref_class_type.name(), CHECK_VERIFY(this)); 2270 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2271 vmSymbols::object_initializer_name(), 2272 cp->signature_ref_at(bcs->get_index_u2()), 2273 Klass::normal); 2274 instanceKlassHandle mh(THREAD, m->method_holder()); 2275 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 2276 bool assignable = current_type().is_assignable_from( 2277 objectref_type, this, CHECK_VERIFY(this)); 2278 if (!assignable) { 2279 verify_error(ErrorContext::bad_type(bci, 2280 TypeOrigin::cp(new_class_index, objectref_type), 2281 TypeOrigin::implicit(current_type())), 2282 "Bad access to protected <init> method"); 2283 return; 2284 } 2285 } 2286 } 2287 current_frame->initialize_object(type, new_class_type); 2288 } else { 2289 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2290 "Bad operand type when invoking <init>"); 2291 return; 2292 } 2293} 2294 2295bool ClassVerifier::is_same_or_direct_interface( 2296 instanceKlassHandle klass, 2297 VerificationType klass_type, 2298 VerificationType ref_class_type) { 2299 if (ref_class_type.equals(klass_type)) return true; 2300 Array<Klass*>* local_interfaces = klass->local_interfaces(); 2301 if (local_interfaces != NULL) { 2302 for (int x = 0; x < local_interfaces->length(); x++) { 2303 Klass* k = local_interfaces->at(x); 2304 assert (k != NULL && k->is_interface(), "invalid interface"); 2305 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2306 return true; 2307 } 2308 } 2309 } 2310 return false; 2311} 2312 2313void ClassVerifier::verify_invoke_instructions( 2314 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2315 bool *this_uninit, VerificationType return_type, 2316 constantPoolHandle cp, TRAPS) { 2317 // Make sure the constant pool item is the right type 2318 u2 index = bcs->get_index_u2(); 2319 Bytecodes::Code opcode = bcs->raw_code(); 2320 unsigned int types; 2321 switch (opcode) { 2322 case Bytecodes::_invokeinterface: 2323 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2324 break; 2325 case Bytecodes::_invokedynamic: 2326 types = 1 << JVM_CONSTANT_InvokeDynamic; 2327 break; 2328 case Bytecodes::_invokespecial: 2329 case Bytecodes::_invokestatic: 2330 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2331 (1 << JVM_CONSTANT_Methodref) : 2332 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2333 break; 2334 default: 2335 types = 1 << JVM_CONSTANT_Methodref; 2336 } 2337 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2338 2339 // Get method name and signature 2340 Symbol* method_name = cp->name_ref_at(index); 2341 Symbol* method_sig = cp->signature_ref_at(index); 2342 2343 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 2344 class_format_error( 2345 "Invalid method signature in class %s referenced " 2346 "from constant pool index %d", _klass->external_name(), index); 2347 return; 2348 } 2349 2350 // Get referenced class type 2351 VerificationType ref_class_type; 2352 if (opcode == Bytecodes::_invokedynamic) { 2353 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2354 class_format_error( 2355 "invokedynamic instructions not supported by this class file version (%d), class %s", 2356 _klass->major_version(), _klass->external_name()); 2357 return; 2358 } 2359 } else { 2360 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2361 } 2362 2363 // For a small signature length, we just allocate 128 bytes instead 2364 // of parsing the signature once to find its size. 2365 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 2366 // longs/doubles to be consertive. 2367 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2368 "buffer type must match VerificationType size"); 2369 uintptr_t on_stack_sig_types_buffer[128]; 2370 // If we make a VerificationType[128] array directly, the compiler calls 2371 // to the c-runtime library to do the allocation instead of just 2372 // stack allocating it. Plus it would run constructors. This shows up 2373 // in performance profiles. 2374 2375 VerificationType* sig_types; 2376 int size = (method_sig->utf8_length() - 3) * 2; 2377 if (size > 128) { 2378 // Long and double occupies two slots here. 2379 ArgumentSizeComputer size_it(method_sig); 2380 size = size_it.size(); 2381 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 2382 } else{ 2383 sig_types = (VerificationType*)on_stack_sig_types_buffer; 2384 } 2385 SignatureStream sig_stream(method_sig); 2386 int sig_i = 0; 2387 while (!sig_stream.at_return_type()) { 2388 sig_i += change_sig_to_verificationType( 2389 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 2390 sig_stream.next(); 2391 } 2392 int nargs = sig_i; 2393 2394#ifdef ASSERT 2395 { 2396 ArgumentSizeComputer size_it(method_sig); 2397 assert(nargs == size_it.size(), "Argument sizes do not match"); 2398 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 2399 } 2400#endif 2401 2402 // Check instruction operands 2403 u2 bci = bcs->bci(); 2404 if (opcode == Bytecodes::_invokeinterface) { 2405 address bcp = bcs->bcp(); 2406 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2407 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2408 // the difference between the size of the operand stack before and after the instruction 2409 // executes. 2410 if (*(bcp+3) != (nargs+1)) { 2411 verify_error(ErrorContext::bad_code(bci), 2412 "Inconsistent args count operand in invokeinterface"); 2413 return; 2414 } 2415 if (*(bcp+4) != 0) { 2416 verify_error(ErrorContext::bad_code(bci), 2417 "Fourth operand byte of invokeinterface must be zero"); 2418 return; 2419 } 2420 } 2421 2422 if (opcode == Bytecodes::_invokedynamic) { 2423 address bcp = bcs->bcp(); 2424 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2425 verify_error(ErrorContext::bad_code(bci), 2426 "Third and fourth operand bytes of invokedynamic must be zero"); 2427 return; 2428 } 2429 } 2430 2431 if (method_name->byte_at(0) == '<') { 2432 // Make sure <init> can only be invoked by invokespecial 2433 if (opcode != Bytecodes::_invokespecial || 2434 method_name != vmSymbols::object_initializer_name()) { 2435 verify_error(ErrorContext::bad_code(bci), 2436 "Illegal call to internal method"); 2437 return; 2438 } 2439 } else if (opcode == Bytecodes::_invokespecial 2440 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2441 && !ref_class_type.equals(VerificationType::reference_type( 2442 current_class()->super()->name()))) { 2443 bool subtype = false; 2444 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2445 if (!current_class()->is_anonymous()) { 2446 subtype = ref_class_type.is_assignable_from( 2447 current_type(), this, CHECK_VERIFY(this)); 2448 } else { 2449 VerificationType host_klass_type = 2450 VerificationType::reference_type(current_class()->host_klass()->name()); 2451 subtype = ref_class_type.is_assignable_from(host_klass_type, this, CHECK_VERIFY(this)); 2452 2453 // If invokespecial of IMR, need to recheck for same or 2454 // direct interface relative to the host class 2455 have_imr_indirect = (have_imr_indirect && 2456 !is_same_or_direct_interface( 2457 InstanceKlass::cast(current_class()->host_klass()), 2458 host_klass_type, ref_class_type)); 2459 } 2460 if (!subtype) { 2461 verify_error(ErrorContext::bad_code(bci), 2462 "Bad invokespecial instruction: " 2463 "current class isn't assignable to reference class."); 2464 return; 2465 } else if (have_imr_indirect) { 2466 verify_error(ErrorContext::bad_code(bci), 2467 "Bad invokespecial instruction: " 2468 "interface method reference is in an indirect superinterface."); 2469 return; 2470 } 2471 2472 } 2473 // Match method descriptor with operand stack 2474 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2475 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2476 } 2477 // Check objectref on operand stack 2478 if (opcode != Bytecodes::_invokestatic && 2479 opcode != Bytecodes::_invokedynamic) { 2480 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2481 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2482 code_length, this_uninit, cp, CHECK_VERIFY(this)); 2483 } else { // other methods 2484 // Ensures that target class is assignable to method class. 2485 if (opcode == Bytecodes::_invokespecial) { 2486 if (!current_class()->is_anonymous()) { 2487 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2488 } else { 2489 // anonymous class invokespecial calls: check if the 2490 // objectref is a subtype of the host_klass of the current class 2491 // to allow an anonymous class to reference methods in the host_klass 2492 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this)); 2493 VerificationType hosttype = 2494 VerificationType::reference_type(current_class()->host_klass()->name()); 2495 bool subtype = hosttype.is_assignable_from(top, this, CHECK_VERIFY(this)); 2496 if (!subtype) { 2497 verify_error( ErrorContext::bad_type(current_frame->offset(), 2498 current_frame->stack_top_ctx(), 2499 TypeOrigin::implicit(top)), 2500 "Bad type on operand stack"); 2501 return; 2502 } 2503 } 2504 } else if (opcode == Bytecodes::_invokevirtual) { 2505 VerificationType stack_object_type = 2506 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2507 if (current_type() != stack_object_type) { 2508 assert(cp->cache() == NULL, "not rewritten yet"); 2509 Symbol* ref_class_name = 2510 cp->klass_name_at(cp->klass_ref_index_at(index)); 2511 // See the comments in verify_field_instructions() for 2512 // the rationale behind this. 2513 if (name_in_supers(ref_class_name, current_class())) { 2514 Klass* ref_class = load_class(ref_class_name, CHECK); 2515 if (is_protected_access( 2516 _klass, ref_class, method_name, method_sig, true)) { 2517 // It's protected access, check if stack object is 2518 // assignable to current class. 2519 bool is_assignable = current_type().is_assignable_from( 2520 stack_object_type, this, CHECK_VERIFY(this)); 2521 if (!is_assignable) { 2522 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2523 && stack_object_type.is_array() 2524 && method_name == vmSymbols::clone_name()) { 2525 // Special case: arrays pretend to implement public Object 2526 // clone(). 2527 } else { 2528 verify_error(ErrorContext::bad_type(bci, 2529 current_frame->stack_top_ctx(), 2530 TypeOrigin::implicit(current_type())), 2531 "Bad access to protected data in invokevirtual"); 2532 return; 2533 } 2534 } 2535 } 2536 } 2537 } 2538 } else { 2539 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2540 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2541 } 2542 } 2543 } 2544 // Push the result type. 2545 if (sig_stream.type() != T_VOID) { 2546 if (method_name == vmSymbols::object_initializer_name()) { 2547 // <init> method must have a void return type 2548 /* Unreachable? Class file parser verifies that methods with '<' have 2549 * void return */ 2550 verify_error(ErrorContext::bad_code(bci), 2551 "Return type must be void in <init> method"); 2552 return; 2553 } 2554 VerificationType return_type[2]; 2555 int n = change_sig_to_verificationType( 2556 &sig_stream, return_type, CHECK_VERIFY(this)); 2557 for (int i = 0; i < n; i++) { 2558 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2559 } 2560 } 2561} 2562 2563VerificationType ClassVerifier::get_newarray_type( 2564 u2 index, u2 bci, TRAPS) { 2565 const char* from_bt[] = { 2566 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2567 }; 2568 if (index < T_BOOLEAN || index > T_LONG) { 2569 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 2570 return VerificationType::bogus_type(); 2571 } 2572 2573 // from_bt[index] contains the array signature which has a length of 2 2574 Symbol* sig = create_temporary_symbol( 2575 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2576 return VerificationType::reference_type(sig); 2577} 2578 2579void ClassVerifier::verify_anewarray( 2580 u2 bci, u2 index, constantPoolHandle cp, 2581 StackMapFrame* current_frame, TRAPS) { 2582 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 2583 current_frame->pop_stack( 2584 VerificationType::integer_type(), CHECK_VERIFY(this)); 2585 2586 VerificationType component_type = 2587 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2588 int length; 2589 char* arr_sig_str; 2590 if (component_type.is_array()) { // it's an array 2591 const char* component_name = component_type.name()->as_utf8(); 2592 // add one dimension to component 2593 length = (int)strlen(component_name) + 1; 2594 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2595 arr_sig_str[0] = '['; 2596 strncpy(&arr_sig_str[1], component_name, length - 1); 2597 } else { // it's an object or interface 2598 const char* component_name = component_type.name()->as_utf8(); 2599 // add one dimension to component with 'L' prepended and ';' postpended. 2600 length = (int)strlen(component_name) + 3; 2601 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2602 arr_sig_str[0] = '['; 2603 arr_sig_str[1] = 'L'; 2604 strncpy(&arr_sig_str[2], component_name, length - 2); 2605 arr_sig_str[length - 1] = ';'; 2606 } 2607 Symbol* arr_sig = create_temporary_symbol( 2608 arr_sig_str, length, CHECK_VERIFY(this)); 2609 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2610 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2611} 2612 2613void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2614 current_frame->get_local( 2615 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2616 current_frame->push_stack( 2617 VerificationType::integer_type(), CHECK_VERIFY(this)); 2618} 2619 2620void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2621 current_frame->get_local_2( 2622 index, VerificationType::long_type(), 2623 VerificationType::long2_type(), CHECK_VERIFY(this)); 2624 current_frame->push_stack_2( 2625 VerificationType::long_type(), 2626 VerificationType::long2_type(), CHECK_VERIFY(this)); 2627} 2628 2629void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2630 current_frame->get_local( 2631 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2632 current_frame->push_stack( 2633 VerificationType::float_type(), CHECK_VERIFY(this)); 2634} 2635 2636void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2637 current_frame->get_local_2( 2638 index, VerificationType::double_type(), 2639 VerificationType::double2_type(), CHECK_VERIFY(this)); 2640 current_frame->push_stack_2( 2641 VerificationType::double_type(), 2642 VerificationType::double2_type(), CHECK_VERIFY(this)); 2643} 2644 2645void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2646 VerificationType type = current_frame->get_local( 2647 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2648 current_frame->push_stack(type, CHECK_VERIFY(this)); 2649} 2650 2651void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2652 current_frame->pop_stack( 2653 VerificationType::integer_type(), CHECK_VERIFY(this)); 2654 current_frame->set_local( 2655 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2656} 2657 2658void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2659 current_frame->pop_stack_2( 2660 VerificationType::long2_type(), 2661 VerificationType::long_type(), CHECK_VERIFY(this)); 2662 current_frame->set_local_2( 2663 index, VerificationType::long_type(), 2664 VerificationType::long2_type(), CHECK_VERIFY(this)); 2665} 2666 2667void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2668 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2669 current_frame->set_local( 2670 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2671} 2672 2673void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2674 current_frame->pop_stack_2( 2675 VerificationType::double2_type(), 2676 VerificationType::double_type(), CHECK_VERIFY(this)); 2677 current_frame->set_local_2( 2678 index, VerificationType::double_type(), 2679 VerificationType::double2_type(), CHECK_VERIFY(this)); 2680} 2681 2682void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2683 VerificationType type = current_frame->pop_stack( 2684 VerificationType::reference_check(), CHECK_VERIFY(this)); 2685 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2686} 2687 2688void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2689 VerificationType type = current_frame->get_local( 2690 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2691 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2692} 2693 2694void ClassVerifier::verify_return_value( 2695 VerificationType return_type, VerificationType type, u2 bci, 2696 StackMapFrame* current_frame, TRAPS) { 2697 if (return_type == VerificationType::bogus_type()) { 2698 verify_error(ErrorContext::bad_type(bci, 2699 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2700 "Method expects a return value"); 2701 return; 2702 } 2703 bool match = return_type.is_assignable_from(type, this, CHECK_VERIFY(this)); 2704 if (!match) { 2705 verify_error(ErrorContext::bad_type(bci, 2706 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 2707 "Bad return type"); 2708 return; 2709 } 2710} 2711 2712// The verifier creates symbols which are substrings of Symbols. 2713// These are stored in the verifier until the end of verification so that 2714// they can be reference counted. 2715Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin, 2716 int end, TRAPS) { 2717 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL); 2718 _symbols->push(sym); 2719 return sym; 2720} 2721 2722Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) { 2723 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL); 2724 _symbols->push(sym); 2725 return sym; 2726} 2727