verifier.cpp revision 1472:c18cbe5936b8
1/* 2 * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25# include "incls/_precompiled.incl" 26# include "incls/_verifier.cpp.incl" 27 28// Access to external entry for VerifyClassCodes - old byte code verifier 29 30extern "C" { 31 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint); 32 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint); 33} 34 35static void* volatile _verify_byte_codes_fn = NULL; 36 37static volatile jint _is_new_verify_byte_codes_fn = (jint) true; 38 39static void* verify_byte_codes_fn() { 40 if (_verify_byte_codes_fn == NULL) { 41 void *lib_handle = os::native_java_library(); 42 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion"); 43 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 44 if (func == NULL) { 45 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false); 46 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes"); 47 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func); 48 } 49 } 50 return (void*)_verify_byte_codes_fn; 51} 52 53 54// Methods in Verifier 55 56bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 57 return (class_loader == NULL || !should_verify_class) ? 58 BytecodeVerificationLocal : BytecodeVerificationRemote; 59} 60 61bool Verifier::relax_verify_for(oop loader) { 62 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 63 bool need_verify = 64 // verifyAll 65 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 66 // verifyRemote 67 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 68 return !need_verify; 69} 70 71bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) { 72 ResourceMark rm(THREAD); 73 HandleMark hm; 74 75 symbolHandle exception_name; 76 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 77 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 78 79 const char* klassName = klass->external_name(); 80 81 // If the class should be verified, first see if we can use the split 82 // verifier. If not, or if verification fails and FailOverToOldVerifier 83 // is set, then call the inference verifier. 84 if (is_eligible_for_verification(klass, should_verify_class)) { 85 if (TraceClassInitialization) { 86 tty->print_cr("Start class verification for: %s", klassName); 87 } 88 if (UseSplitVerifier && 89 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 90 ClassVerifier split_verifier( 91 klass, message_buffer, message_buffer_len, THREAD); 92 split_verifier.verify_class(THREAD); 93 exception_name = split_verifier.result(); 94 if (FailOverToOldVerifier && !HAS_PENDING_EXCEPTION && 95 (exception_name == vmSymbols::java_lang_VerifyError() || 96 exception_name == vmSymbols::java_lang_ClassFormatError())) { 97 if (TraceClassInitialization) { 98 tty->print_cr( 99 "Fail over class verification to old verifier for: %s", klassName); 100 } 101 exception_name = inference_verify( 102 klass, message_buffer, message_buffer_len, THREAD); 103 } 104 } else { 105 exception_name = inference_verify( 106 klass, message_buffer, message_buffer_len, THREAD); 107 } 108 109 if (TraceClassInitialization) { 110 if (HAS_PENDING_EXCEPTION) { 111 tty->print("Verification for %s has", klassName); 112 tty->print_cr(" exception pending %s ", 113 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name()); 114 } else if (!exception_name.is_null()) { 115 tty->print_cr("Verification for %s failed", klassName); 116 } 117 tty->print_cr("End class verification for: %s", klassName); 118 } 119 } 120 121 if (HAS_PENDING_EXCEPTION) { 122 return false; // use the existing exception 123 } else if (exception_name.is_null()) { 124 return true; // verifcation succeeded 125 } else { // VerifyError or ClassFormatError to be created and thrown 126 ResourceMark rm(THREAD); 127 instanceKlassHandle kls = 128 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 129 while (!kls.is_null()) { 130 if (kls == klass) { 131 // If the class being verified is the exception we're creating 132 // or one of it's superclasses, we're in trouble and are going 133 // to infinitely recurse when we try to initialize the exception. 134 // So bail out here by throwing the preallocated VM error. 135 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 136 } 137 kls = kls->super(); 138 } 139 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 140 THROW_MSG_(exception_name, message_buffer, false); 141 } 142} 143 144bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) { 145 symbolOop name = klass->name(); 146 klassOop refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass(); 147 148 return (should_verify_for(klass->class_loader(), should_verify_class) && 149 // return if the class is a bootstrapping class 150 // or defineClass specified not to verify by default (flags override passed arg) 151 // We need to skip the following four for bootstraping 152 name != vmSymbols::java_lang_Object() && 153 name != vmSymbols::java_lang_Class() && 154 name != vmSymbols::java_lang_String() && 155 name != vmSymbols::java_lang_Throwable() && 156 157 // Can not verify the bytecodes for shared classes because they have 158 // already been rewritten to contain constant pool cache indices, 159 // which the verifier can't understand. 160 // Shared classes shouldn't have stackmaps either. 161 !klass()->is_shared() && 162 163 // As of the fix for 4486457 we disable verification for all of the 164 // dynamically-generated bytecodes associated with the 1.4 165 // reflection implementation, not just those associated with 166 // sun/reflect/SerializationConstructorAccessor. 167 // NOTE: this is called too early in the bootstrapping process to be 168 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection. 169 (refl_magic_klass == NULL || 170 !klass->is_subtype_of(refl_magic_klass) || 171 VerifyReflectionBytecodes) 172 ); 173} 174 175symbolHandle Verifier::inference_verify( 176 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) { 177 JavaThread* thread = (JavaThread*)THREAD; 178 JNIEnv *env = thread->jni_environment(); 179 180 void* verify_func = verify_byte_codes_fn(); 181 182 if (verify_func == NULL) { 183 jio_snprintf(message, message_len, "Could not link verifier"); 184 return vmSymbols::java_lang_VerifyError(); 185 } 186 187 ResourceMark rm(THREAD); 188 if (ClassVerifier::_verify_verbose) { 189 tty->print_cr("Verifying class %s with old format", klass->external_name()); 190 } 191 192 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror()); 193 jint result; 194 195 { 196 HandleMark hm(thread); 197 ThreadToNativeFromVM ttn(thread); 198 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 199 // code knows that we have left the VM 200 201 if (_is_new_verify_byte_codes_fn) { 202 verify_byte_codes_fn_new_t func = 203 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func); 204 result = (*func)(env, cls, message, (int)message_len, 205 klass->major_version()); 206 } else { 207 verify_byte_codes_fn_t func = 208 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func); 209 result = (*func)(env, cls, message, (int)message_len); 210 } 211 } 212 213 JNIHandles::destroy_local(cls); 214 215 // These numbers are chosen so that VerifyClassCodes interface doesn't need 216 // to be changed (still return jboolean (unsigned char)), and result is 217 // 1 when verification is passed. 218 symbolHandle nh(NULL); 219 if (result == 0) { 220 return vmSymbols::java_lang_VerifyError(); 221 } else if (result == 1) { 222 return nh; // verified. 223 } else if (result == 2) { 224 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh); 225 } else if (result == 3) { 226 return vmSymbols::java_lang_ClassFormatError(); 227 } else { 228 ShouldNotReachHere(); 229 return nh; 230 } 231} 232 233// Methods in ClassVerifier 234 235bool ClassVerifier::_verify_verbose = false; 236 237ClassVerifier::ClassVerifier( 238 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS) 239 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg), 240 _message_buffer_len(msg_len), _klass(klass) { 241 _this_type = VerificationType::reference_type(klass->name()); 242} 243 244ClassVerifier::~ClassVerifier() { 245} 246 247void ClassVerifier::verify_class(TRAPS) { 248 if (_verify_verbose) { 249 tty->print_cr("Verifying class %s with new format", 250 _klass->external_name()); 251 } 252 253 objArrayHandle methods(THREAD, _klass->methods()); 254 int num_methods = methods->length(); 255 256 for (int index = 0; index < num_methods; index++) { 257 methodOop m = (methodOop)methods->obj_at(index); 258 if (m->is_native() || m->is_abstract()) { 259 // If m is native or abstract, skip it. It is checked in class file 260 // parser that methods do not override a final method. 261 continue; 262 } 263 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 264 } 265} 266 267void ClassVerifier::verify_method(methodHandle m, TRAPS) { 268 ResourceMark rm(THREAD); 269 _method = m; // initialize _method 270 if (_verify_verbose) { 271 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string()); 272 } 273 274 const char* bad_type_msg = "Bad type on operand stack in %s"; 275 276 int32_t max_stack = m->max_stack(); 277 int32_t max_locals = m->max_locals(); 278 constantPoolHandle cp(THREAD, m->constants()); 279 280 if (!SignatureVerifier::is_valid_method_signature(m->signature())) { 281 class_format_error("Invalid method signature"); 282 return; 283 } 284 285 // Initial stack map frame: offset is 0, stack is initially empty. 286 StackMapFrame current_frame(max_locals, max_stack, this); 287 // Set initial locals 288 VerificationType return_type = current_frame.set_locals_from_arg( 289 m, current_type(), CHECK_VERIFY(this)); 290 291 int32_t stackmap_index = 0; // index to the stackmap array 292 293 u4 code_length = m->code_size(); 294 295 // Scan the bytecode and map each instruction's start offset to a number. 296 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 297 298 int ex_min = code_length; 299 int ex_max = -1; 300 // Look through each item on the exception table. Each of the fields must refer 301 // to a legal instruction. 302 verify_exception_handler_table( 303 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 304 305 // Look through each entry on the local variable table and make sure 306 // its range of code array offsets is valid. (4169817) 307 if (m->has_localvariable_table()) { 308 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 309 } 310 311 typeArrayHandle stackmap_data(THREAD, m->stackmap_data()); 312 StackMapStream stream(stackmap_data); 313 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 314 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 315 code_data, code_length, CHECK_VERIFY(this)); 316 317 if (_verify_verbose) { 318 stackmap_table.print(); 319 } 320 321 RawBytecodeStream bcs(m); 322 323 // Scan the byte code linearly from the start to the end 324 bool no_control_flow = false; // Set to true when there is no direct control 325 // flow from current instruction to the next 326 // instruction in sequence 327 Bytecodes::Code opcode; 328 while (!bcs.is_last_bytecode()) { 329 opcode = bcs.raw_next(); 330 u2 bci = bcs.bci(); 331 332 // Set current frame's offset to bci 333 current_frame.set_offset(bci); 334 335 // Make sure every offset in stackmap table point to the beginning to 336 // an instruction. Match current_frame to stackmap_table entry with 337 // the same offset if exists. 338 stackmap_index = verify_stackmap_table( 339 stackmap_index, bci, ¤t_frame, &stackmap_table, 340 no_control_flow, CHECK_VERIFY(this)); 341 342 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 343 344 // Merge with the next instruction 345 { 346 u2 index; 347 int target; 348 VerificationType type, type2; 349 VerificationType atype; 350 351#ifndef PRODUCT 352 if (_verify_verbose) { 353 current_frame.print(); 354 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode)); 355 } 356#endif 357 358 // Make sure wide instruction is in correct format 359 if (bcs.is_wide()) { 360 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 361 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 362 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 363 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 364 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 365 opcode != Bytecodes::_dstore) { 366 verify_error(bci, "Bad wide instruction"); 367 return; 368 } 369 } 370 371 switch (opcode) { 372 case Bytecodes::_nop : 373 no_control_flow = false; break; 374 case Bytecodes::_aconst_null : 375 current_frame.push_stack( 376 VerificationType::null_type(), CHECK_VERIFY(this)); 377 no_control_flow = false; break; 378 case Bytecodes::_iconst_m1 : 379 case Bytecodes::_iconst_0 : 380 case Bytecodes::_iconst_1 : 381 case Bytecodes::_iconst_2 : 382 case Bytecodes::_iconst_3 : 383 case Bytecodes::_iconst_4 : 384 case Bytecodes::_iconst_5 : 385 current_frame.push_stack( 386 VerificationType::integer_type(), CHECK_VERIFY(this)); 387 no_control_flow = false; break; 388 case Bytecodes::_lconst_0 : 389 case Bytecodes::_lconst_1 : 390 current_frame.push_stack_2( 391 VerificationType::long_type(), 392 VerificationType::long2_type(), CHECK_VERIFY(this)); 393 no_control_flow = false; break; 394 case Bytecodes::_fconst_0 : 395 case Bytecodes::_fconst_1 : 396 case Bytecodes::_fconst_2 : 397 current_frame.push_stack( 398 VerificationType::float_type(), CHECK_VERIFY(this)); 399 no_control_flow = false; break; 400 case Bytecodes::_dconst_0 : 401 case Bytecodes::_dconst_1 : 402 current_frame.push_stack_2( 403 VerificationType::double_type(), 404 VerificationType::double2_type(), CHECK_VERIFY(this)); 405 no_control_flow = false; break; 406 case Bytecodes::_sipush : 407 case Bytecodes::_bipush : 408 current_frame.push_stack( 409 VerificationType::integer_type(), CHECK_VERIFY(this)); 410 no_control_flow = false; break; 411 case Bytecodes::_ldc : 412 verify_ldc( 413 opcode, bcs.get_index(), ¤t_frame, 414 cp, bci, CHECK_VERIFY(this)); 415 no_control_flow = false; break; 416 case Bytecodes::_ldc_w : 417 case Bytecodes::_ldc2_w : 418 verify_ldc( 419 opcode, bcs.get_index_big(), ¤t_frame, 420 cp, bci, CHECK_VERIFY(this)); 421 no_control_flow = false; break; 422 case Bytecodes::_iload : 423 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 424 no_control_flow = false; break; 425 case Bytecodes::_iload_0 : 426 case Bytecodes::_iload_1 : 427 case Bytecodes::_iload_2 : 428 case Bytecodes::_iload_3 : 429 index = opcode - Bytecodes::_iload_0; 430 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 431 no_control_flow = false; break; 432 case Bytecodes::_lload : 433 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 434 no_control_flow = false; break; 435 case Bytecodes::_lload_0 : 436 case Bytecodes::_lload_1 : 437 case Bytecodes::_lload_2 : 438 case Bytecodes::_lload_3 : 439 index = opcode - Bytecodes::_lload_0; 440 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 441 no_control_flow = false; break; 442 case Bytecodes::_fload : 443 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 444 no_control_flow = false; break; 445 case Bytecodes::_fload_0 : 446 case Bytecodes::_fload_1 : 447 case Bytecodes::_fload_2 : 448 case Bytecodes::_fload_3 : 449 index = opcode - Bytecodes::_fload_0; 450 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 451 no_control_flow = false; break; 452 case Bytecodes::_dload : 453 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 454 no_control_flow = false; break; 455 case Bytecodes::_dload_0 : 456 case Bytecodes::_dload_1 : 457 case Bytecodes::_dload_2 : 458 case Bytecodes::_dload_3 : 459 index = opcode - Bytecodes::_dload_0; 460 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 461 no_control_flow = false; break; 462 case Bytecodes::_aload : 463 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 464 no_control_flow = false; break; 465 case Bytecodes::_aload_0 : 466 case Bytecodes::_aload_1 : 467 case Bytecodes::_aload_2 : 468 case Bytecodes::_aload_3 : 469 index = opcode - Bytecodes::_aload_0; 470 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 471 no_control_flow = false; break; 472 case Bytecodes::_iaload : 473 type = current_frame.pop_stack( 474 VerificationType::integer_type(), CHECK_VERIFY(this)); 475 atype = current_frame.pop_stack( 476 VerificationType::reference_check(), CHECK_VERIFY(this)); 477 if (!atype.is_int_array()) { 478 verify_error(bci, bad_type_msg, "iaload"); 479 return; 480 } 481 current_frame.push_stack( 482 VerificationType::integer_type(), CHECK_VERIFY(this)); 483 no_control_flow = false; break; 484 case Bytecodes::_baload : 485 type = current_frame.pop_stack( 486 VerificationType::integer_type(), CHECK_VERIFY(this)); 487 atype = current_frame.pop_stack( 488 VerificationType::reference_check(), CHECK_VERIFY(this)); 489 if (!atype.is_bool_array() && !atype.is_byte_array()) { 490 verify_error(bci, bad_type_msg, "baload"); 491 return; 492 } 493 current_frame.push_stack( 494 VerificationType::integer_type(), CHECK_VERIFY(this)); 495 no_control_flow = false; break; 496 case Bytecodes::_caload : 497 type = current_frame.pop_stack( 498 VerificationType::integer_type(), CHECK_VERIFY(this)); 499 atype = current_frame.pop_stack( 500 VerificationType::reference_check(), CHECK_VERIFY(this)); 501 if (!atype.is_char_array()) { 502 verify_error(bci, bad_type_msg, "caload"); 503 return; 504 } 505 current_frame.push_stack( 506 VerificationType::integer_type(), CHECK_VERIFY(this)); 507 no_control_flow = false; break; 508 case Bytecodes::_saload : 509 type = current_frame.pop_stack( 510 VerificationType::integer_type(), CHECK_VERIFY(this)); 511 atype = current_frame.pop_stack( 512 VerificationType::reference_check(), CHECK_VERIFY(this)); 513 if (!atype.is_short_array()) { 514 verify_error(bci, bad_type_msg, "saload"); 515 return; 516 } 517 current_frame.push_stack( 518 VerificationType::integer_type(), CHECK_VERIFY(this)); 519 no_control_flow = false; break; 520 case Bytecodes::_laload : 521 type = current_frame.pop_stack( 522 VerificationType::integer_type(), CHECK_VERIFY(this)); 523 atype = current_frame.pop_stack( 524 VerificationType::reference_check(), CHECK_VERIFY(this)); 525 if (!atype.is_long_array()) { 526 verify_error(bci, bad_type_msg, "laload"); 527 return; 528 } 529 current_frame.push_stack_2( 530 VerificationType::long_type(), 531 VerificationType::long2_type(), CHECK_VERIFY(this)); 532 no_control_flow = false; break; 533 case Bytecodes::_faload : 534 type = current_frame.pop_stack( 535 VerificationType::integer_type(), CHECK_VERIFY(this)); 536 atype = current_frame.pop_stack( 537 VerificationType::reference_check(), CHECK_VERIFY(this)); 538 if (!atype.is_float_array()) { 539 verify_error(bci, bad_type_msg, "faload"); 540 return; 541 } 542 current_frame.push_stack( 543 VerificationType::float_type(), CHECK_VERIFY(this)); 544 no_control_flow = false; break; 545 case Bytecodes::_daload : 546 type = current_frame.pop_stack( 547 VerificationType::integer_type(), CHECK_VERIFY(this)); 548 atype = current_frame.pop_stack( 549 VerificationType::reference_check(), CHECK_VERIFY(this)); 550 if (!atype.is_double_array()) { 551 verify_error(bci, bad_type_msg, "daload"); 552 return; 553 } 554 current_frame.push_stack_2( 555 VerificationType::double_type(), 556 VerificationType::double2_type(), CHECK_VERIFY(this)); 557 no_control_flow = false; break; 558 case Bytecodes::_aaload : { 559 type = current_frame.pop_stack( 560 VerificationType::integer_type(), CHECK_VERIFY(this)); 561 atype = current_frame.pop_stack( 562 VerificationType::reference_check(), CHECK_VERIFY(this)); 563 if (!atype.is_reference_array()) { 564 verify_error(bci, bad_type_msg, "aaload"); 565 return; 566 } 567 if (atype.is_null()) { 568 current_frame.push_stack( 569 VerificationType::null_type(), CHECK_VERIFY(this)); 570 } else { 571 VerificationType component = 572 atype.get_component(CHECK_VERIFY(this)); 573 current_frame.push_stack(component, CHECK_VERIFY(this)); 574 } 575 no_control_flow = false; break; 576 } 577 case Bytecodes::_istore : 578 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 579 no_control_flow = false; break; 580 case Bytecodes::_istore_0 : 581 case Bytecodes::_istore_1 : 582 case Bytecodes::_istore_2 : 583 case Bytecodes::_istore_3 : 584 index = opcode - Bytecodes::_istore_0; 585 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 586 no_control_flow = false; break; 587 case Bytecodes::_lstore : 588 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 589 no_control_flow = false; break; 590 case Bytecodes::_lstore_0 : 591 case Bytecodes::_lstore_1 : 592 case Bytecodes::_lstore_2 : 593 case Bytecodes::_lstore_3 : 594 index = opcode - Bytecodes::_lstore_0; 595 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 596 no_control_flow = false; break; 597 case Bytecodes::_fstore : 598 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 599 no_control_flow = false; break; 600 case Bytecodes::_fstore_0 : 601 case Bytecodes::_fstore_1 : 602 case Bytecodes::_fstore_2 : 603 case Bytecodes::_fstore_3 : 604 index = opcode - Bytecodes::_fstore_0; 605 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 606 no_control_flow = false; break; 607 case Bytecodes::_dstore : 608 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 609 no_control_flow = false; break; 610 case Bytecodes::_dstore_0 : 611 case Bytecodes::_dstore_1 : 612 case Bytecodes::_dstore_2 : 613 case Bytecodes::_dstore_3 : 614 index = opcode - Bytecodes::_dstore_0; 615 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 616 no_control_flow = false; break; 617 case Bytecodes::_astore : 618 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 619 no_control_flow = false; break; 620 case Bytecodes::_astore_0 : 621 case Bytecodes::_astore_1 : 622 case Bytecodes::_astore_2 : 623 case Bytecodes::_astore_3 : 624 index = opcode - Bytecodes::_astore_0; 625 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 626 no_control_flow = false; break; 627 case Bytecodes::_iastore : 628 type = current_frame.pop_stack( 629 VerificationType::integer_type(), CHECK_VERIFY(this)); 630 type2 = current_frame.pop_stack( 631 VerificationType::integer_type(), CHECK_VERIFY(this)); 632 atype = current_frame.pop_stack( 633 VerificationType::reference_check(), CHECK_VERIFY(this)); 634 if (!atype.is_int_array()) { 635 verify_error(bci, bad_type_msg, "iastore"); 636 return; 637 } 638 no_control_flow = false; break; 639 case Bytecodes::_bastore : 640 type = current_frame.pop_stack( 641 VerificationType::integer_type(), CHECK_VERIFY(this)); 642 type2 = current_frame.pop_stack( 643 VerificationType::integer_type(), CHECK_VERIFY(this)); 644 atype = current_frame.pop_stack( 645 VerificationType::reference_check(), CHECK_VERIFY(this)); 646 if (!atype.is_bool_array() && !atype.is_byte_array()) { 647 verify_error(bci, bad_type_msg, "bastore"); 648 return; 649 } 650 no_control_flow = false; break; 651 case Bytecodes::_castore : 652 current_frame.pop_stack( 653 VerificationType::integer_type(), CHECK_VERIFY(this)); 654 current_frame.pop_stack( 655 VerificationType::integer_type(), CHECK_VERIFY(this)); 656 atype = current_frame.pop_stack( 657 VerificationType::reference_check(), CHECK_VERIFY(this)); 658 if (!atype.is_char_array()) { 659 verify_error(bci, bad_type_msg, "castore"); 660 return; 661 } 662 no_control_flow = false; break; 663 case Bytecodes::_sastore : 664 current_frame.pop_stack( 665 VerificationType::integer_type(), CHECK_VERIFY(this)); 666 current_frame.pop_stack( 667 VerificationType::integer_type(), CHECK_VERIFY(this)); 668 atype = current_frame.pop_stack( 669 VerificationType::reference_check(), CHECK_VERIFY(this)); 670 if (!atype.is_short_array()) { 671 verify_error(bci, bad_type_msg, "sastore"); 672 return; 673 } 674 no_control_flow = false; break; 675 case Bytecodes::_lastore : 676 current_frame.pop_stack_2( 677 VerificationType::long2_type(), 678 VerificationType::long_type(), CHECK_VERIFY(this)); 679 current_frame.pop_stack( 680 VerificationType::integer_type(), CHECK_VERIFY(this)); 681 atype = current_frame.pop_stack( 682 VerificationType::reference_check(), CHECK_VERIFY(this)); 683 if (!atype.is_long_array()) { 684 verify_error(bci, bad_type_msg, "lastore"); 685 return; 686 } 687 no_control_flow = false; break; 688 case Bytecodes::_fastore : 689 current_frame.pop_stack( 690 VerificationType::float_type(), CHECK_VERIFY(this)); 691 current_frame.pop_stack 692 (VerificationType::integer_type(), CHECK_VERIFY(this)); 693 atype = current_frame.pop_stack( 694 VerificationType::reference_check(), CHECK_VERIFY(this)); 695 if (!atype.is_float_array()) { 696 verify_error(bci, bad_type_msg, "fastore"); 697 return; 698 } 699 no_control_flow = false; break; 700 case Bytecodes::_dastore : 701 current_frame.pop_stack_2( 702 VerificationType::double2_type(), 703 VerificationType::double_type(), CHECK_VERIFY(this)); 704 current_frame.pop_stack( 705 VerificationType::integer_type(), CHECK_VERIFY(this)); 706 atype = current_frame.pop_stack( 707 VerificationType::reference_check(), CHECK_VERIFY(this)); 708 if (!atype.is_double_array()) { 709 verify_error(bci, bad_type_msg, "dastore"); 710 return; 711 } 712 no_control_flow = false; break; 713 case Bytecodes::_aastore : 714 type = current_frame.pop_stack( 715 VerificationType::reference_check(), CHECK_VERIFY(this)); 716 type2 = current_frame.pop_stack( 717 VerificationType::integer_type(), CHECK_VERIFY(this)); 718 atype = current_frame.pop_stack( 719 VerificationType::reference_check(), CHECK_VERIFY(this)); 720 // more type-checking is done at runtime 721 if (!atype.is_reference_array()) { 722 verify_error(bci, bad_type_msg, "aastore"); 723 return; 724 } 725 // 4938384: relaxed constraint in JVMS 3nd edition. 726 no_control_flow = false; break; 727 case Bytecodes::_pop : 728 current_frame.pop_stack( 729 VerificationType::category1_check(), CHECK_VERIFY(this)); 730 no_control_flow = false; break; 731 case Bytecodes::_pop2 : 732 type = current_frame.pop_stack(CHECK_VERIFY(this)); 733 if (type.is_category1()) { 734 current_frame.pop_stack( 735 VerificationType::category1_check(), CHECK_VERIFY(this)); 736 } else if (type.is_category2_2nd()) { 737 current_frame.pop_stack( 738 VerificationType::category2_check(), CHECK_VERIFY(this)); 739 } else { 740 verify_error(bci, bad_type_msg, "pop2"); 741 return; 742 } 743 no_control_flow = false; break; 744 case Bytecodes::_dup : 745 type = current_frame.pop_stack( 746 VerificationType::category1_check(), CHECK_VERIFY(this)); 747 current_frame.push_stack(type, CHECK_VERIFY(this)); 748 current_frame.push_stack(type, CHECK_VERIFY(this)); 749 no_control_flow = false; break; 750 case Bytecodes::_dup_x1 : 751 type = current_frame.pop_stack( 752 VerificationType::category1_check(), CHECK_VERIFY(this)); 753 type2 = current_frame.pop_stack( 754 VerificationType::category1_check(), CHECK_VERIFY(this)); 755 current_frame.push_stack(type, CHECK_VERIFY(this)); 756 current_frame.push_stack(type2, CHECK_VERIFY(this)); 757 current_frame.push_stack(type, CHECK_VERIFY(this)); 758 no_control_flow = false; break; 759 case Bytecodes::_dup_x2 : 760 { 761 VerificationType type3; 762 type = current_frame.pop_stack( 763 VerificationType::category1_check(), CHECK_VERIFY(this)); 764 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 765 if (type2.is_category1()) { 766 type3 = current_frame.pop_stack( 767 VerificationType::category1_check(), CHECK_VERIFY(this)); 768 } else if (type2.is_category2_2nd()) { 769 type3 = current_frame.pop_stack( 770 VerificationType::category2_check(), CHECK_VERIFY(this)); 771 } else { 772 verify_error(bci, bad_type_msg, "dup_x2"); 773 return; 774 } 775 current_frame.push_stack(type, CHECK_VERIFY(this)); 776 current_frame.push_stack(type3, CHECK_VERIFY(this)); 777 current_frame.push_stack(type2, CHECK_VERIFY(this)); 778 current_frame.push_stack(type, CHECK_VERIFY(this)); 779 no_control_flow = false; break; 780 } 781 case Bytecodes::_dup2 : 782 type = current_frame.pop_stack(CHECK_VERIFY(this)); 783 if (type.is_category1()) { 784 type2 = current_frame.pop_stack( 785 VerificationType::category1_check(), CHECK_VERIFY(this)); 786 } else if (type.is_category2_2nd()) { 787 type2 = current_frame.pop_stack( 788 VerificationType::category2_check(), CHECK_VERIFY(this)); 789 } else { 790 verify_error(bci, bad_type_msg, "dup2"); 791 return; 792 } 793 current_frame.push_stack(type2, CHECK_VERIFY(this)); 794 current_frame.push_stack(type, CHECK_VERIFY(this)); 795 current_frame.push_stack(type2, CHECK_VERIFY(this)); 796 current_frame.push_stack(type, CHECK_VERIFY(this)); 797 no_control_flow = false; break; 798 case Bytecodes::_dup2_x1 : 799 { 800 VerificationType type3; 801 type = current_frame.pop_stack(CHECK_VERIFY(this)); 802 if (type.is_category1()) { 803 type2 = current_frame.pop_stack( 804 VerificationType::category1_check(), CHECK_VERIFY(this)); 805 } else if(type.is_category2_2nd()) { 806 type2 = current_frame.pop_stack 807 (VerificationType::category2_check(), CHECK_VERIFY(this)); 808 } else { 809 verify_error(bci, bad_type_msg, "dup2_x1"); 810 return; 811 } 812 type3 = current_frame.pop_stack( 813 VerificationType::category1_check(), CHECK_VERIFY(this)); 814 current_frame.push_stack(type2, CHECK_VERIFY(this)); 815 current_frame.push_stack(type, CHECK_VERIFY(this)); 816 current_frame.push_stack(type3, CHECK_VERIFY(this)); 817 current_frame.push_stack(type2, CHECK_VERIFY(this)); 818 current_frame.push_stack(type, CHECK_VERIFY(this)); 819 no_control_flow = false; break; 820 } 821 case Bytecodes::_dup2_x2 : 822 { 823 VerificationType type3, type4; 824 type = current_frame.pop_stack(CHECK_VERIFY(this)); 825 if (type.is_category1()) { 826 type2 = current_frame.pop_stack( 827 VerificationType::category1_check(), CHECK_VERIFY(this)); 828 } else if (type.is_category2_2nd()) { 829 type2 = current_frame.pop_stack( 830 VerificationType::category2_check(), CHECK_VERIFY(this)); 831 } else { 832 verify_error(bci, bad_type_msg, "dup2_x2"); 833 return; 834 } 835 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 836 if (type3.is_category1()) { 837 type4 = current_frame.pop_stack( 838 VerificationType::category1_check(), CHECK_VERIFY(this)); 839 } else if (type3.is_category2_2nd()) { 840 type4 = current_frame.pop_stack( 841 VerificationType::category2_check(), CHECK_VERIFY(this)); 842 } else { 843 verify_error(bci, bad_type_msg, "dup2_x2"); 844 return; 845 } 846 current_frame.push_stack(type2, CHECK_VERIFY(this)); 847 current_frame.push_stack(type, CHECK_VERIFY(this)); 848 current_frame.push_stack(type4, CHECK_VERIFY(this)); 849 current_frame.push_stack(type3, CHECK_VERIFY(this)); 850 current_frame.push_stack(type2, CHECK_VERIFY(this)); 851 current_frame.push_stack(type, CHECK_VERIFY(this)); 852 no_control_flow = false; break; 853 } 854 case Bytecodes::_swap : 855 type = current_frame.pop_stack( 856 VerificationType::category1_check(), CHECK_VERIFY(this)); 857 type2 = current_frame.pop_stack( 858 VerificationType::category1_check(), CHECK_VERIFY(this)); 859 current_frame.push_stack(type, CHECK_VERIFY(this)); 860 current_frame.push_stack(type2, CHECK_VERIFY(this)); 861 no_control_flow = false; break; 862 case Bytecodes::_iadd : 863 case Bytecodes::_isub : 864 case Bytecodes::_imul : 865 case Bytecodes::_idiv : 866 case Bytecodes::_irem : 867 case Bytecodes::_ishl : 868 case Bytecodes::_ishr : 869 case Bytecodes::_iushr : 870 case Bytecodes::_ior : 871 case Bytecodes::_ixor : 872 case Bytecodes::_iand : 873 current_frame.pop_stack( 874 VerificationType::integer_type(), CHECK_VERIFY(this)); 875 // fall through 876 case Bytecodes::_ineg : 877 current_frame.pop_stack( 878 VerificationType::integer_type(), CHECK_VERIFY(this)); 879 current_frame.push_stack( 880 VerificationType::integer_type(), CHECK_VERIFY(this)); 881 no_control_flow = false; break; 882 case Bytecodes::_ladd : 883 case Bytecodes::_lsub : 884 case Bytecodes::_lmul : 885 case Bytecodes::_ldiv : 886 case Bytecodes::_lrem : 887 case Bytecodes::_land : 888 case Bytecodes::_lor : 889 case Bytecodes::_lxor : 890 current_frame.pop_stack_2( 891 VerificationType::long2_type(), 892 VerificationType::long_type(), CHECK_VERIFY(this)); 893 // fall through 894 case Bytecodes::_lneg : 895 current_frame.pop_stack_2( 896 VerificationType::long2_type(), 897 VerificationType::long_type(), CHECK_VERIFY(this)); 898 current_frame.push_stack_2( 899 VerificationType::long_type(), 900 VerificationType::long2_type(), CHECK_VERIFY(this)); 901 no_control_flow = false; break; 902 case Bytecodes::_lshl : 903 case Bytecodes::_lshr : 904 case Bytecodes::_lushr : 905 current_frame.pop_stack( 906 VerificationType::integer_type(), CHECK_VERIFY(this)); 907 current_frame.pop_stack_2( 908 VerificationType::long2_type(), 909 VerificationType::long_type(), CHECK_VERIFY(this)); 910 current_frame.push_stack_2( 911 VerificationType::long_type(), 912 VerificationType::long2_type(), CHECK_VERIFY(this)); 913 no_control_flow = false; break; 914 case Bytecodes::_fadd : 915 case Bytecodes::_fsub : 916 case Bytecodes::_fmul : 917 case Bytecodes::_fdiv : 918 case Bytecodes::_frem : 919 current_frame.pop_stack( 920 VerificationType::float_type(), CHECK_VERIFY(this)); 921 // fall through 922 case Bytecodes::_fneg : 923 current_frame.pop_stack( 924 VerificationType::float_type(), CHECK_VERIFY(this)); 925 current_frame.push_stack( 926 VerificationType::float_type(), CHECK_VERIFY(this)); 927 no_control_flow = false; break; 928 case Bytecodes::_dadd : 929 case Bytecodes::_dsub : 930 case Bytecodes::_dmul : 931 case Bytecodes::_ddiv : 932 case Bytecodes::_drem : 933 current_frame.pop_stack_2( 934 VerificationType::double2_type(), 935 VerificationType::double_type(), CHECK_VERIFY(this)); 936 // fall through 937 case Bytecodes::_dneg : 938 current_frame.pop_stack_2( 939 VerificationType::double2_type(), 940 VerificationType::double_type(), CHECK_VERIFY(this)); 941 current_frame.push_stack_2( 942 VerificationType::double_type(), 943 VerificationType::double2_type(), CHECK_VERIFY(this)); 944 no_control_flow = false; break; 945 case Bytecodes::_iinc : 946 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 947 no_control_flow = false; break; 948 case Bytecodes::_i2l : 949 type = current_frame.pop_stack( 950 VerificationType::integer_type(), CHECK_VERIFY(this)); 951 current_frame.push_stack_2( 952 VerificationType::long_type(), 953 VerificationType::long2_type(), CHECK_VERIFY(this)); 954 no_control_flow = false; break; 955 case Bytecodes::_l2i : 956 current_frame.pop_stack_2( 957 VerificationType::long2_type(), 958 VerificationType::long_type(), CHECK_VERIFY(this)); 959 current_frame.push_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 no_control_flow = false; break; 962 case Bytecodes::_i2f : 963 current_frame.pop_stack( 964 VerificationType::integer_type(), CHECK_VERIFY(this)); 965 current_frame.push_stack( 966 VerificationType::float_type(), CHECK_VERIFY(this)); 967 no_control_flow = false; break; 968 case Bytecodes::_i2d : 969 current_frame.pop_stack( 970 VerificationType::integer_type(), CHECK_VERIFY(this)); 971 current_frame.push_stack_2( 972 VerificationType::double_type(), 973 VerificationType::double2_type(), CHECK_VERIFY(this)); 974 no_control_flow = false; break; 975 case Bytecodes::_l2f : 976 current_frame.pop_stack_2( 977 VerificationType::long2_type(), 978 VerificationType::long_type(), CHECK_VERIFY(this)); 979 current_frame.push_stack( 980 VerificationType::float_type(), CHECK_VERIFY(this)); 981 no_control_flow = false; break; 982 case Bytecodes::_l2d : 983 current_frame.pop_stack_2( 984 VerificationType::long2_type(), 985 VerificationType::long_type(), CHECK_VERIFY(this)); 986 current_frame.push_stack_2( 987 VerificationType::double_type(), 988 VerificationType::double2_type(), CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_f2i : 991 current_frame.pop_stack( 992 VerificationType::float_type(), CHECK_VERIFY(this)); 993 current_frame.push_stack( 994 VerificationType::integer_type(), CHECK_VERIFY(this)); 995 no_control_flow = false; break; 996 case Bytecodes::_f2l : 997 current_frame.pop_stack( 998 VerificationType::float_type(), CHECK_VERIFY(this)); 999 current_frame.push_stack_2( 1000 VerificationType::long_type(), 1001 VerificationType::long2_type(), CHECK_VERIFY(this)); 1002 no_control_flow = false; break; 1003 case Bytecodes::_f2d : 1004 current_frame.pop_stack( 1005 VerificationType::float_type(), CHECK_VERIFY(this)); 1006 current_frame.push_stack_2( 1007 VerificationType::double_type(), 1008 VerificationType::double2_type(), CHECK_VERIFY(this)); 1009 no_control_flow = false; break; 1010 case Bytecodes::_d2i : 1011 current_frame.pop_stack_2( 1012 VerificationType::double2_type(), 1013 VerificationType::double_type(), CHECK_VERIFY(this)); 1014 current_frame.push_stack( 1015 VerificationType::integer_type(), CHECK_VERIFY(this)); 1016 no_control_flow = false; break; 1017 case Bytecodes::_d2l : 1018 current_frame.pop_stack_2( 1019 VerificationType::double2_type(), 1020 VerificationType::double_type(), CHECK_VERIFY(this)); 1021 current_frame.push_stack_2( 1022 VerificationType::long_type(), 1023 VerificationType::long2_type(), CHECK_VERIFY(this)); 1024 no_control_flow = false; break; 1025 case Bytecodes::_d2f : 1026 current_frame.pop_stack_2( 1027 VerificationType::double2_type(), 1028 VerificationType::double_type(), CHECK_VERIFY(this)); 1029 current_frame.push_stack( 1030 VerificationType::float_type(), CHECK_VERIFY(this)); 1031 no_control_flow = false; break; 1032 case Bytecodes::_i2b : 1033 case Bytecodes::_i2c : 1034 case Bytecodes::_i2s : 1035 current_frame.pop_stack( 1036 VerificationType::integer_type(), CHECK_VERIFY(this)); 1037 current_frame.push_stack( 1038 VerificationType::integer_type(), CHECK_VERIFY(this)); 1039 no_control_flow = false; break; 1040 case Bytecodes::_lcmp : 1041 current_frame.pop_stack_2( 1042 VerificationType::long2_type(), 1043 VerificationType::long_type(), CHECK_VERIFY(this)); 1044 current_frame.pop_stack_2( 1045 VerificationType::long2_type(), 1046 VerificationType::long_type(), CHECK_VERIFY(this)); 1047 current_frame.push_stack( 1048 VerificationType::integer_type(), CHECK_VERIFY(this)); 1049 no_control_flow = false; break; 1050 case Bytecodes::_fcmpl : 1051 case Bytecodes::_fcmpg : 1052 current_frame.pop_stack( 1053 VerificationType::float_type(), CHECK_VERIFY(this)); 1054 current_frame.pop_stack( 1055 VerificationType::float_type(), CHECK_VERIFY(this)); 1056 current_frame.push_stack( 1057 VerificationType::integer_type(), CHECK_VERIFY(this)); 1058 no_control_flow = false; break; 1059 case Bytecodes::_dcmpl : 1060 case Bytecodes::_dcmpg : 1061 current_frame.pop_stack_2( 1062 VerificationType::double2_type(), 1063 VerificationType::double_type(), CHECK_VERIFY(this)); 1064 current_frame.pop_stack_2( 1065 VerificationType::double2_type(), 1066 VerificationType::double_type(), CHECK_VERIFY(this)); 1067 current_frame.push_stack( 1068 VerificationType::integer_type(), CHECK_VERIFY(this)); 1069 no_control_flow = false; break; 1070 case Bytecodes::_if_icmpeq: 1071 case Bytecodes::_if_icmpne: 1072 case Bytecodes::_if_icmplt: 1073 case Bytecodes::_if_icmpge: 1074 case Bytecodes::_if_icmpgt: 1075 case Bytecodes::_if_icmple: 1076 current_frame.pop_stack( 1077 VerificationType::integer_type(), CHECK_VERIFY(this)); 1078 // fall through 1079 case Bytecodes::_ifeq: 1080 case Bytecodes::_ifne: 1081 case Bytecodes::_iflt: 1082 case Bytecodes::_ifge: 1083 case Bytecodes::_ifgt: 1084 case Bytecodes::_ifle: 1085 current_frame.pop_stack( 1086 VerificationType::integer_type(), CHECK_VERIFY(this)); 1087 target = bcs.dest(); 1088 stackmap_table.check_jump_target( 1089 ¤t_frame, target, CHECK_VERIFY(this)); 1090 no_control_flow = false; break; 1091 case Bytecodes::_if_acmpeq : 1092 case Bytecodes::_if_acmpne : 1093 current_frame.pop_stack( 1094 VerificationType::reference_check(), CHECK_VERIFY(this)); 1095 // fall through 1096 case Bytecodes::_ifnull : 1097 case Bytecodes::_ifnonnull : 1098 current_frame.pop_stack( 1099 VerificationType::reference_check(), CHECK_VERIFY(this)); 1100 target = bcs.dest(); 1101 stackmap_table.check_jump_target 1102 (¤t_frame, target, CHECK_VERIFY(this)); 1103 no_control_flow = false; break; 1104 case Bytecodes::_goto : 1105 target = bcs.dest(); 1106 stackmap_table.check_jump_target( 1107 ¤t_frame, target, CHECK_VERIFY(this)); 1108 no_control_flow = true; break; 1109 case Bytecodes::_goto_w : 1110 target = bcs.dest_w(); 1111 stackmap_table.check_jump_target( 1112 ¤t_frame, target, CHECK_VERIFY(this)); 1113 no_control_flow = true; break; 1114 case Bytecodes::_tableswitch : 1115 case Bytecodes::_lookupswitch : 1116 verify_switch( 1117 &bcs, code_length, code_data, ¤t_frame, 1118 &stackmap_table, CHECK_VERIFY(this)); 1119 no_control_flow = true; break; 1120 case Bytecodes::_ireturn : 1121 type = current_frame.pop_stack( 1122 VerificationType::integer_type(), CHECK_VERIFY(this)); 1123 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1124 no_control_flow = true; break; 1125 case Bytecodes::_lreturn : 1126 type2 = current_frame.pop_stack( 1127 VerificationType::long2_type(), CHECK_VERIFY(this)); 1128 type = current_frame.pop_stack( 1129 VerificationType::long_type(), CHECK_VERIFY(this)); 1130 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1131 no_control_flow = true; break; 1132 case Bytecodes::_freturn : 1133 type = current_frame.pop_stack( 1134 VerificationType::float_type(), CHECK_VERIFY(this)); 1135 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1136 no_control_flow = true; break; 1137 case Bytecodes::_dreturn : 1138 type2 = current_frame.pop_stack( 1139 VerificationType::double2_type(), CHECK_VERIFY(this)); 1140 type = current_frame.pop_stack( 1141 VerificationType::double_type(), CHECK_VERIFY(this)); 1142 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1143 no_control_flow = true; break; 1144 case Bytecodes::_areturn : 1145 type = current_frame.pop_stack( 1146 VerificationType::reference_check(), CHECK_VERIFY(this)); 1147 verify_return_value(return_type, type, bci, CHECK_VERIFY(this)); 1148 no_control_flow = true; break; 1149 case Bytecodes::_return : 1150 if (return_type != VerificationType::bogus_type()) { 1151 verify_error(bci, "Method expects no return value"); 1152 return; 1153 } 1154 // Make sure "this" has been initialized if current method is an 1155 // <init> 1156 if (_method->name() == vmSymbols::object_initializer_name() && 1157 current_frame.flag_this_uninit()) { 1158 verify_error(bci, 1159 "Constructor must call super() or this() before return"); 1160 return; 1161 } 1162 no_control_flow = true; break; 1163 case Bytecodes::_getstatic : 1164 case Bytecodes::_putstatic : 1165 case Bytecodes::_getfield : 1166 case Bytecodes::_putfield : 1167 verify_field_instructions( 1168 &bcs, ¤t_frame, cp, CHECK_VERIFY(this)); 1169 no_control_flow = false; break; 1170 case Bytecodes::_invokevirtual : 1171 case Bytecodes::_invokespecial : 1172 case Bytecodes::_invokestatic : 1173 verify_invoke_instructions( 1174 &bcs, code_length, ¤t_frame, 1175 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1176 no_control_flow = false; break; 1177 case Bytecodes::_invokeinterface : 1178 case Bytecodes::_invokedynamic : 1179 verify_invoke_instructions( 1180 &bcs, code_length, ¤t_frame, 1181 &this_uninit, return_type, cp, CHECK_VERIFY(this)); 1182 no_control_flow = false; break; 1183 case Bytecodes::_new : 1184 { 1185 index = bcs.get_index_big(); 1186 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1187 VerificationType new_class_type = 1188 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1189 if (!new_class_type.is_object()) { 1190 verify_error(bci, "Illegal new instruction"); 1191 return; 1192 } 1193 type = VerificationType::uninitialized_type(bci); 1194 current_frame.push_stack(type, CHECK_VERIFY(this)); 1195 no_control_flow = false; break; 1196 } 1197 case Bytecodes::_newarray : 1198 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1199 current_frame.pop_stack( 1200 VerificationType::integer_type(), CHECK_VERIFY(this)); 1201 current_frame.push_stack(type, CHECK_VERIFY(this)); 1202 no_control_flow = false; break; 1203 case Bytecodes::_anewarray : 1204 verify_anewarray( 1205 bcs.get_index_big(), cp, ¤t_frame, CHECK_VERIFY(this)); 1206 no_control_flow = false; break; 1207 case Bytecodes::_arraylength : 1208 type = current_frame.pop_stack( 1209 VerificationType::reference_check(), CHECK_VERIFY(this)); 1210 if (!(type.is_null() || type.is_array())) { 1211 verify_error(bci, bad_type_msg, "arraylength"); 1212 } 1213 current_frame.push_stack( 1214 VerificationType::integer_type(), CHECK_VERIFY(this)); 1215 no_control_flow = false; break; 1216 case Bytecodes::_checkcast : 1217 { 1218 index = bcs.get_index_big(); 1219 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1220 current_frame.pop_stack( 1221 VerificationType::reference_check(), CHECK_VERIFY(this)); 1222 VerificationType klass_type = cp_index_to_type( 1223 index, cp, CHECK_VERIFY(this)); 1224 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1225 no_control_flow = false; break; 1226 } 1227 case Bytecodes::_instanceof : { 1228 index = bcs.get_index_big(); 1229 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1230 current_frame.pop_stack( 1231 VerificationType::reference_check(), CHECK_VERIFY(this)); 1232 current_frame.push_stack( 1233 VerificationType::integer_type(), CHECK_VERIFY(this)); 1234 no_control_flow = false; break; 1235 } 1236 case Bytecodes::_monitorenter : 1237 case Bytecodes::_monitorexit : 1238 current_frame.pop_stack( 1239 VerificationType::reference_check(), CHECK_VERIFY(this)); 1240 no_control_flow = false; break; 1241 case Bytecodes::_multianewarray : 1242 { 1243 index = bcs.get_index_big(); 1244 u2 dim = *(bcs.bcp()+3); 1245 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 1246 VerificationType new_array_type = 1247 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1248 if (!new_array_type.is_array()) { 1249 verify_error(bci, 1250 "Illegal constant pool index in multianewarray instruction"); 1251 return; 1252 } 1253 if (dim < 1 || new_array_type.dimensions() < dim) { 1254 verify_error(bci, 1255 "Illegal dimension in multianewarray instruction"); 1256 return; 1257 } 1258 for (int i = 0; i < dim; i++) { 1259 current_frame.pop_stack( 1260 VerificationType::integer_type(), CHECK_VERIFY(this)); 1261 } 1262 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1263 no_control_flow = false; break; 1264 } 1265 case Bytecodes::_athrow : 1266 type = VerificationType::reference_type( 1267 vmSymbols::java_lang_Throwable()); 1268 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1269 no_control_flow = true; break; 1270 default: 1271 // We only need to check the valid bytecodes in class file. 1272 // And jsr and ret are not in the new class file format in JDK1.5. 1273 verify_error(bci, "Bad instruction"); 1274 no_control_flow = false; 1275 return; 1276 } // end switch 1277 } // end Merge with the next instruction 1278 1279 // Look for possible jump target in exception handlers and see if it 1280 // matches current_frame 1281 if (bci >= ex_min && bci < ex_max) { 1282 verify_exception_handler_targets( 1283 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1284 } 1285 } // end while 1286 1287 // Make sure that control flow does not fall through end of the method 1288 if (!no_control_flow) { 1289 verify_error(code_length, "Control flow falls through code end"); 1290 return; 1291 } 1292} 1293 1294char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) { 1295 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1296 memset(code_data, 0, sizeof(char) * code_length); 1297 RawBytecodeStream bcs(m); 1298 1299 while (!bcs.is_last_bytecode()) { 1300 if (bcs.raw_next() != Bytecodes::_illegal) { 1301 int bci = bcs.bci(); 1302 if (bcs.code() == Bytecodes::_new) { 1303 code_data[bci] = NEW_OFFSET; 1304 } else { 1305 code_data[bci] = BYTECODE_OFFSET; 1306 } 1307 } else { 1308 verify_error(bcs.bci(), "Bad instruction"); 1309 return NULL; 1310 } 1311 } 1312 1313 return code_data; 1314} 1315 1316void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1317 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1318 constantPoolHandle cp (THREAD, _method->constants()); 1319 1320 if (exhandlers() != NULL) { 1321 for(int i = 0; i < exhandlers->length();) { 1322 u2 start_pc = exhandlers->int_at(i++); 1323 u2 end_pc = exhandlers->int_at(i++); 1324 u2 handler_pc = exhandlers->int_at(i++); 1325 if (start_pc >= code_length || code_data[start_pc] == 0) { 1326 class_format_error("Illegal exception table start_pc %d", start_pc); 1327 return; 1328 } 1329 if (end_pc != code_length) { // special case: end_pc == code_length 1330 if (end_pc > code_length || code_data[end_pc] == 0) { 1331 class_format_error("Illegal exception table end_pc %d", end_pc); 1332 return; 1333 } 1334 } 1335 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1336 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1337 return; 1338 } 1339 int catch_type_index = exhandlers->int_at(i++); 1340 if (catch_type_index != 0) { 1341 VerificationType catch_type = cp_index_to_type( 1342 catch_type_index, cp, CHECK_VERIFY(this)); 1343 VerificationType throwable = 1344 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1345 bool is_subclass = throwable.is_assignable_from( 1346 catch_type, current_class(), CHECK_VERIFY(this)); 1347 if (!is_subclass) { 1348 // 4286534: should throw VerifyError according to recent spec change 1349 verify_error( 1350 "Catch type is not a subclass of Throwable in handler %d", 1351 handler_pc); 1352 return; 1353 } 1354 } 1355 if (start_pc < min) min = start_pc; 1356 if (end_pc > max) max = end_pc; 1357 } 1358 } 1359} 1360 1361void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1362 int localvariable_table_length = _method()->localvariable_table_length(); 1363 if (localvariable_table_length > 0) { 1364 LocalVariableTableElement* table = _method()->localvariable_table_start(); 1365 for (int i = 0; i < localvariable_table_length; i++) { 1366 u2 start_bci = table[i].start_bci; 1367 u2 length = table[i].length; 1368 1369 if (start_bci >= code_length || code_data[start_bci] == 0) { 1370 class_format_error( 1371 "Illegal local variable table start_pc %d", start_bci); 1372 return; 1373 } 1374 u4 end_bci = (u4)(start_bci + length); 1375 if (end_bci != code_length) { 1376 if (end_bci >= code_length || code_data[end_bci] == 0) { 1377 class_format_error( "Illegal local variable table length %d", length); 1378 return; 1379 } 1380 } 1381 } 1382 } 1383} 1384 1385u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1386 StackMapFrame* current_frame, 1387 StackMapTable* stackmap_table, 1388 bool no_control_flow, TRAPS) { 1389 if (stackmap_index < stackmap_table->get_frame_count()) { 1390 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1391 if (no_control_flow && this_offset > bci) { 1392 verify_error(bci, "Expecting a stack map frame"); 1393 return 0; 1394 } 1395 if (this_offset == bci) { 1396 // See if current stack map can be assigned to the frame in table. 1397 // current_frame is the stackmap frame got from the last instruction. 1398 // If matched, current_frame will be updated by this method. 1399 bool match = stackmap_table->match_stackmap( 1400 current_frame, this_offset, stackmap_index, 1401 !no_control_flow, true, CHECK_VERIFY_(this, 0)); 1402 if (!match) { 1403 // report type error 1404 verify_error(bci, "Instruction type does not match stack map"); 1405 return 0; 1406 } 1407 stackmap_index++; 1408 } else if (this_offset < bci) { 1409 // current_offset should have met this_offset. 1410 class_format_error("Bad stack map offset %d", this_offset); 1411 return 0; 1412 } 1413 } else if (no_control_flow) { 1414 verify_error(bci, "Expecting a stack map frame"); 1415 return 0; 1416 } 1417 return stackmap_index; 1418} 1419 1420void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame, 1421 StackMapTable* stackmap_table, TRAPS) { 1422 constantPoolHandle cp (THREAD, _method->constants()); 1423 typeArrayHandle exhandlers (THREAD, _method->exception_table()); 1424 if (exhandlers() != NULL) { 1425 for(int i = 0; i < exhandlers->length();) { 1426 u2 start_pc = exhandlers->int_at(i++); 1427 u2 end_pc = exhandlers->int_at(i++); 1428 u2 handler_pc = exhandlers->int_at(i++); 1429 int catch_type_index = exhandlers->int_at(i++); 1430 if(bci >= start_pc && bci < end_pc) { 1431 u1 flags = current_frame->flags(); 1432 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1433 1434 ResourceMark rm(THREAD); 1435 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1436 if (catch_type_index != 0) { 1437 // We know that this index refers to a subclass of Throwable 1438 VerificationType catch_type = cp_index_to_type( 1439 catch_type_index, cp, CHECK_VERIFY(this)); 1440 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1441 } else { 1442 VerificationType throwable = 1443 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1444 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 1445 } 1446 bool match = stackmap_table->match_stackmap( 1447 new_frame, handler_pc, true, false, CHECK_VERIFY(this)); 1448 if (!match) { 1449 verify_error(bci, 1450 "Stack map does not match the one at exception handler %d", 1451 handler_pc); 1452 return; 1453 } 1454 } 1455 } 1456 } 1457} 1458 1459void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) { 1460 int nconstants = cp->length(); 1461 if ((index <= 0) || (index >= nconstants)) { 1462 verify_error("Illegal constant pool index %d in class %s", 1463 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1464 return; 1465 } 1466} 1467 1468void ClassVerifier::verify_cp_type( 1469 int index, constantPoolHandle cp, unsigned int types, TRAPS) { 1470 1471 // In some situations, bytecode rewriting may occur while we're verifying. 1472 // In this case, a constant pool cache exists and some indices refer to that 1473 // instead. Get the original index for the tag check 1474 constantPoolCacheOop cache = cp->cache(); 1475 if (cache != NULL && 1476 ((types == (1 << JVM_CONSTANT_InterfaceMethodref)) || 1477 (types == (1 << JVM_CONSTANT_Methodref)) || 1478 (types == (1 << JVM_CONSTANT_Fieldref)))) { 1479 int native_index = index; 1480 if (Bytes::is_Java_byte_ordering_different()) { 1481 native_index = Bytes::swap_u2(index); 1482 } 1483 assert((native_index >= 0) && (native_index < cache->length()), 1484 "Must be a legal index into the cp cache"); 1485 index = cache->entry_at(native_index)->constant_pool_index(); 1486 } 1487 1488 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1489 unsigned int tag = cp->tag_at(index).value(); 1490 if ((types & (1 << tag)) == 0) { 1491 verify_error( 1492 "Illegal type at constant pool entry %d in class %s", 1493 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1494 return; 1495 } 1496} 1497 1498void ClassVerifier::verify_cp_class_type( 1499 int index, constantPoolHandle cp, TRAPS) { 1500 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1501 constantTag tag = cp->tag_at(index); 1502 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 1503 verify_error("Illegal type at constant pool entry %d in class %s", 1504 index, instanceKlass::cast(cp->pool_holder())->external_name()); 1505 return; 1506 } 1507} 1508 1509void ClassVerifier::format_error_message( 1510 const char* fmt, int offset, va_list va) { 1511 ResourceMark rm(_thread); 1512 stringStream message(_message, _message_buffer_len); 1513 message.vprint(fmt, va); 1514 if (!_method.is_null()) { 1515 message.print(" in method %s", _method->name_and_sig_as_C_string()); 1516 } 1517 if (offset != -1) { 1518 message.print(" at offset %d", offset); 1519 } 1520} 1521 1522void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) { 1523 _exception_type = vmSymbols::java_lang_VerifyError(); 1524 va_list va; 1525 va_start(va, fmt); 1526 format_error_message(fmt, offset, va); 1527 va_end(va); 1528} 1529 1530void ClassVerifier::verify_error(const char* fmt, ...) { 1531 _exception_type = vmSymbols::java_lang_VerifyError(); 1532 va_list va; 1533 va_start(va, fmt); 1534 format_error_message(fmt, -1, va); 1535 va_end(va); 1536} 1537 1538void ClassVerifier::class_format_error(const char* msg, ...) { 1539 _exception_type = vmSymbols::java_lang_ClassFormatError(); 1540 va_list va; 1541 va_start(va, msg); 1542 format_error_message(msg, -1, va); 1543 va_end(va); 1544} 1545 1546klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) { 1547 // Get current loader and protection domain first. 1548 oop loader = current_class()->class_loader(); 1549 oop protection_domain = current_class()->protection_domain(); 1550 1551 return SystemDictionary::resolve_or_fail( 1552 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 1553 true, CHECK_NULL); 1554} 1555 1556bool ClassVerifier::is_protected_access(instanceKlassHandle this_class, 1557 klassOop target_class, 1558 symbolOop field_name, 1559 symbolOop field_sig, 1560 bool is_method) { 1561 No_Safepoint_Verifier nosafepoint; 1562 1563 // If target class isn't a super class of this class, we don't worry about this case 1564 if (!this_class->is_subclass_of(target_class)) { 1565 return false; 1566 } 1567 // Check if the specified method or field is protected 1568 instanceKlass* target_instance = instanceKlass::cast(target_class); 1569 fieldDescriptor fd; 1570 if (is_method) { 1571 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig); 1572 if (m != NULL && m->is_protected()) { 1573 if (!this_class->is_same_class_package(m->method_holder())) { 1574 return true; 1575 } 1576 } 1577 } else { 1578 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd); 1579 if(member_klass != NULL && fd.is_protected()) { 1580 if (!this_class->is_same_class_package(member_klass)) { 1581 return true; 1582 } 1583 } 1584 } 1585 return false; 1586} 1587 1588void ClassVerifier::verify_ldc( 1589 int opcode, u2 index, StackMapFrame *current_frame, 1590 constantPoolHandle cp, u2 bci, TRAPS) { 1591 verify_cp_index(cp, index, CHECK_VERIFY(this)); 1592 constantTag tag = cp->tag_at(index); 1593 unsigned int types; 1594 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 1595 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) { 1596 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 1597 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class); 1598 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1599 } 1600 } else { 1601 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 1602 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long); 1603 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1604 } 1605 if (tag.is_string() && cp->is_pseudo_string_at(index)) { 1606 current_frame->push_stack( 1607 VerificationType::reference_type( 1608 vmSymbols::java_lang_Object()), CHECK_VERIFY(this)); 1609 } else if (tag.is_string() || tag.is_unresolved_string()) { 1610 current_frame->push_stack( 1611 VerificationType::reference_type( 1612 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 1613 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 1614 current_frame->push_stack( 1615 VerificationType::reference_type( 1616 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 1617 } else if (tag.is_int()) { 1618 current_frame->push_stack( 1619 VerificationType::integer_type(), CHECK_VERIFY(this)); 1620 } else if (tag.is_float()) { 1621 current_frame->push_stack( 1622 VerificationType::float_type(), CHECK_VERIFY(this)); 1623 } else if (tag.is_double()) { 1624 current_frame->push_stack_2( 1625 VerificationType::double_type(), 1626 VerificationType::double2_type(), CHECK_VERIFY(this)); 1627 } else if (tag.is_long()) { 1628 current_frame->push_stack_2( 1629 VerificationType::long_type(), 1630 VerificationType::long2_type(), CHECK_VERIFY(this)); 1631 } else { 1632 verify_error(bci, "Invalid index in ldc"); 1633 return; 1634 } 1635} 1636 1637void ClassVerifier::verify_switch( 1638 RawBytecodeStream* bcs, u4 code_length, char* code_data, 1639 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 1640 int bci = bcs->bci(); 1641 address bcp = bcs->bcp(); 1642 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize); 1643 1644 // 4639449 & 4647081: padding bytes must be 0 1645 u2 padding_offset = 1; 1646 while ((bcp + padding_offset) < aligned_bcp) { 1647 if(*(bcp + padding_offset) != 0) { 1648 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch"); 1649 return; 1650 } 1651 padding_offset++; 1652 } 1653 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 1654 int keys, delta; 1655 current_frame->pop_stack( 1656 VerificationType::integer_type(), CHECK_VERIFY(this)); 1657 if (bcs->code() == Bytecodes::_tableswitch) { 1658 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 1659 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 1660 if (low > high) { 1661 verify_error(bci, 1662 "low must be less than or equal to high in tableswitch"); 1663 return; 1664 } 1665 keys = high - low + 1; 1666 if (keys < 0) { 1667 verify_error(bci, "too many keys in tableswitch"); 1668 return; 1669 } 1670 delta = 1; 1671 } else { 1672 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 1673 if (keys < 0) { 1674 verify_error(bci, "number of keys in lookupswitch less than 0"); 1675 return; 1676 } 1677 delta = 2; 1678 // Make sure that the lookupswitch items are sorted 1679 for (int i = 0; i < (keys - 1); i++) { 1680 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 1681 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 1682 if (this_key >= next_key) { 1683 verify_error(bci, "Bad lookupswitch instruction"); 1684 return; 1685 } 1686 } 1687 } 1688 int target = bci + default_offset; 1689 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 1690 for (int i = 0; i < keys; i++) { 1691 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 1692 stackmap_table->check_jump_target( 1693 current_frame, target, CHECK_VERIFY(this)); 1694 } 1695} 1696 1697bool ClassVerifier::name_in_supers( 1698 symbolOop ref_name, instanceKlassHandle current) { 1699 klassOop super = current->super(); 1700 while (super != NULL) { 1701 if (super->klass_part()->name() == ref_name) { 1702 return true; 1703 } 1704 super = super->klass_part()->super(); 1705 } 1706 return false; 1707} 1708 1709void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 1710 StackMapFrame* current_frame, 1711 constantPoolHandle cp, 1712 TRAPS) { 1713 u2 index = bcs->get_index_big(); 1714 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 1715 1716 // Get field name and signature 1717 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index)); 1718 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index)); 1719 1720 if (!SignatureVerifier::is_valid_type_signature(field_sig)) { 1721 class_format_error( 1722 "Invalid signature for field in class %s referenced " 1723 "from constant pool index %d", _klass->external_name(), index); 1724 return; 1725 } 1726 1727 // Get referenced class type 1728 VerificationType ref_class_type = cp_ref_index_to_type( 1729 index, cp, CHECK_VERIFY(this)); 1730 if (!ref_class_type.is_object()) { 1731 verify_error( 1732 "Expecting reference to class in class %s at constant pool index %d", 1733 _klass->external_name(), index); 1734 return; 1735 } 1736 VerificationType target_class_type = ref_class_type; 1737 1738 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1739 "buffer type must match VerificationType size"); 1740 uintptr_t field_type_buffer[2]; 1741 VerificationType* field_type = (VerificationType*)field_type_buffer; 1742 // If we make a VerificationType[2] array directly, the compiler calls 1743 // to the c-runtime library to do the allocation instead of just 1744 // stack allocating it. Plus it would run constructors. This shows up 1745 // in performance profiles. 1746 1747 SignatureStream sig_stream(field_sig, false); 1748 VerificationType stack_object_type; 1749 int n = change_sig_to_verificationType( 1750 &sig_stream, field_type, CHECK_VERIFY(this)); 1751 u2 bci = bcs->bci(); 1752 bool is_assignable; 1753 switch (bcs->code()) { 1754 case Bytecodes::_getstatic: { 1755 for (int i = 0; i < n; i++) { 1756 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1757 } 1758 break; 1759 } 1760 case Bytecodes::_putstatic: { 1761 for (int i = n - 1; i >= 0; i--) { 1762 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1763 } 1764 break; 1765 } 1766 case Bytecodes::_getfield: { 1767 stack_object_type = current_frame->pop_stack( 1768 target_class_type, CHECK_VERIFY(this)); 1769 for (int i = 0; i < n; i++) { 1770 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 1771 } 1772 goto check_protected; 1773 } 1774 case Bytecodes::_putfield: { 1775 for (int i = n - 1; i >= 0; i--) { 1776 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 1777 } 1778 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 1779 1780 // The JVMS 2nd edition allows field initialization before the superclass 1781 // initializer, if the field is defined within the current class. 1782 fieldDescriptor fd; 1783 if (stack_object_type == VerificationType::uninitialized_this_type() && 1784 target_class_type.equals(current_type()) && 1785 _klass->find_local_field(field_name(), field_sig(), &fd)) { 1786 stack_object_type = current_type(); 1787 } 1788 is_assignable = target_class_type.is_assignable_from( 1789 stack_object_type, current_class(), CHECK_VERIFY(this)); 1790 if (!is_assignable) { 1791 verify_error(bci, "Bad type on operand stack in putfield"); 1792 return; 1793 } 1794 } 1795 check_protected: { 1796 if (_this_type == stack_object_type) 1797 break; // stack_object_type must be assignable to _current_class_type 1798 symbolHandle ref_class_name = symbolHandle(THREAD, 1799 cp->klass_name_at(cp->klass_ref_index_at(index))); 1800 if (!name_in_supers(ref_class_name(), current_class())) 1801 // stack_object_type must be assignable to _current_class_type since: 1802 // 1. stack_object_type must be assignable to ref_class. 1803 // 2. ref_class must be _current_class or a subclass of it. It can't 1804 // be a superclass of it. See revised JVMS 5.4.4. 1805 break; 1806 1807 klassOop ref_class_oop = load_class(ref_class_name, CHECK); 1808 if (is_protected_access(current_class(), ref_class_oop, field_name(), 1809 field_sig(), false)) { 1810 // It's protected access, check if stack object is assignable to 1811 // current class. 1812 is_assignable = current_type().is_assignable_from( 1813 stack_object_type, current_class(), CHECK_VERIFY(this)); 1814 if (!is_assignable) { 1815 verify_error(bci, "Bad access to protected data in getfield"); 1816 return; 1817 } 1818 } 1819 break; 1820 } 1821 default: ShouldNotReachHere(); 1822 } 1823} 1824 1825void ClassVerifier::verify_invoke_init( 1826 RawBytecodeStream* bcs, VerificationType ref_class_type, 1827 StackMapFrame* current_frame, u4 code_length, bool *this_uninit, 1828 constantPoolHandle cp, TRAPS) { 1829 u2 bci = bcs->bci(); 1830 VerificationType type = current_frame->pop_stack( 1831 VerificationType::reference_check(), CHECK_VERIFY(this)); 1832 if (type == VerificationType::uninitialized_this_type()) { 1833 // The method must be an <init> method of either this class, or one of its 1834 // superclasses 1835 klassOop oop = current_class()(); 1836 Klass* klass = oop->klass_part(); 1837 while (klass != NULL && ref_class_type.name() != klass->name()) { 1838 klass = klass->super()->klass_part(); 1839 } 1840 if (klass == NULL) { 1841 verify_error(bci, "Bad <init> method call"); 1842 return; 1843 } 1844 current_frame->initialize_object(type, current_type()); 1845 *this_uninit = true; 1846 } else if (type.is_uninitialized()) { 1847 u2 new_offset = type.bci(); 1848 address new_bcp = bcs->bcp() - bci + new_offset; 1849 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 1850 verify_error(new_offset, "Expecting new instruction"); 1851 return; 1852 } 1853 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 1854 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this)); 1855 1856 // The method must be an <init> method of the indicated class 1857 VerificationType new_class_type = cp_index_to_type( 1858 new_class_index, cp, CHECK_VERIFY(this)); 1859 if (!new_class_type.equals(ref_class_type)) { 1860 verify_error(bci, "Call to wrong <init> method"); 1861 return; 1862 } 1863 // According to the VM spec, if the referent class is a superclass of the 1864 // current class, and is in a different runtime package, and the method is 1865 // protected, then the objectref must be the current class or a subclass 1866 // of the current class. 1867 VerificationType objectref_type = new_class_type; 1868 if (name_in_supers(ref_class_type.name(), current_class())) { 1869 klassOop ref_klass = load_class( 1870 ref_class_type.name(), CHECK_VERIFY(this)); 1871 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method( 1872 vmSymbols::object_initializer_name(), 1873 cp->signature_ref_at(bcs->get_index_big())); 1874 instanceKlassHandle mh(THREAD, m->method_holder()); 1875 if (m->is_protected() && !mh->is_same_class_package(_klass())) { 1876 bool assignable = current_type().is_assignable_from( 1877 objectref_type, current_class(), CHECK_VERIFY(this)); 1878 if (!assignable) { 1879 verify_error(bci, "Bad access to protected <init> method"); 1880 return; 1881 } 1882 } 1883 } 1884 current_frame->initialize_object(type, new_class_type); 1885 } else { 1886 verify_error(bci, "Bad operand type when invoking <init>"); 1887 return; 1888 } 1889} 1890 1891void ClassVerifier::verify_invoke_instructions( 1892 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 1893 bool *this_uninit, VerificationType return_type, 1894 constantPoolHandle cp, TRAPS) { 1895 // Make sure the constant pool item is the right type 1896 u2 index = bcs->get_index_big(); 1897 Bytecodes::Code opcode = bcs->code(); 1898 unsigned int types = (opcode == Bytecodes::_invokeinterface 1899 ? 1 << JVM_CONSTANT_InterfaceMethodref 1900 : opcode == Bytecodes::_invokedynamic 1901 ? 1 << JVM_CONSTANT_NameAndType 1902 : 1 << JVM_CONSTANT_Methodref); 1903 verify_cp_type(index, cp, types, CHECK_VERIFY(this)); 1904 1905 // Get method name and signature 1906 symbolHandle method_name(THREAD, cp->name_ref_at(index)); 1907 symbolHandle method_sig(THREAD, cp->signature_ref_at(index)); 1908 1909 if (!SignatureVerifier::is_valid_method_signature(method_sig)) { 1910 class_format_error( 1911 "Invalid method signature in class %s referenced " 1912 "from constant pool index %d", _klass->external_name(), index); 1913 return; 1914 } 1915 1916 // Get referenced class type 1917 VerificationType ref_class_type; 1918 if (opcode == Bytecodes::_invokedynamic) { 1919 if (!EnableInvokeDynamic) { 1920 class_format_error( 1921 "invokedynamic instructions not enabled on this JVM", 1922 _klass->external_name()); 1923 return; 1924 } 1925 } else { 1926 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 1927 } 1928 1929 // For a small signature length, we just allocate 128 bytes instead 1930 // of parsing the signature once to find its size. 1931 // -3 is for '(', ')' and return descriptor; multiply by 2 is for 1932 // longs/doubles to be consertive. 1933 assert(sizeof(VerificationType) == sizeof(uintptr_t), 1934 "buffer type must match VerificationType size"); 1935 uintptr_t on_stack_sig_types_buffer[128]; 1936 // If we make a VerificationType[128] array directly, the compiler calls 1937 // to the c-runtime library to do the allocation instead of just 1938 // stack allocating it. Plus it would run constructors. This shows up 1939 // in performance profiles. 1940 1941 VerificationType* sig_types; 1942 int size = (method_sig->utf8_length() - 3) * 2; 1943 if (size > 128) { 1944 // Long and double occupies two slots here. 1945 ArgumentSizeComputer size_it(method_sig); 1946 size = size_it.size(); 1947 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size); 1948 } else{ 1949 sig_types = (VerificationType*)on_stack_sig_types_buffer; 1950 } 1951 SignatureStream sig_stream(method_sig); 1952 int sig_i = 0; 1953 while (!sig_stream.at_return_type()) { 1954 sig_i += change_sig_to_verificationType( 1955 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this)); 1956 sig_stream.next(); 1957 } 1958 int nargs = sig_i; 1959 1960#ifdef ASSERT 1961 { 1962 ArgumentSizeComputer size_it(method_sig); 1963 assert(nargs == size_it.size(), "Argument sizes do not match"); 1964 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough"); 1965 } 1966#endif 1967 1968 // Check instruction operands 1969 u2 bci = bcs->bci(); 1970 if (opcode == Bytecodes::_invokeinterface) { 1971 address bcp = bcs->bcp(); 1972 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 1973 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 1974 // the difference between the size of the operand stack before and after the instruction 1975 // executes. 1976 if (*(bcp+3) != (nargs+1)) { 1977 verify_error(bci, "Inconsistent args count operand in invokeinterface"); 1978 return; 1979 } 1980 if (*(bcp+4) != 0) { 1981 verify_error(bci, "Fourth operand byte of invokeinterface must be zero"); 1982 return; 1983 } 1984 } 1985 1986 if (opcode == Bytecodes::_invokedynamic) { 1987 address bcp = bcs->bcp(); 1988 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 1989 verify_error(bci, "Third and fourth operand bytes of invokedynamic must be zero"); 1990 return; 1991 } 1992 } 1993 1994 if (method_name->byte_at(0) == '<') { 1995 // Make sure <init> can only be invoked by invokespecial 1996 if (opcode != Bytecodes::_invokespecial || 1997 method_name() != vmSymbols::object_initializer_name()) { 1998 verify_error(bci, "Illegal call to internal method"); 1999 return; 2000 } 2001 } else if (opcode == Bytecodes::_invokespecial 2002 && !ref_class_type.equals(current_type()) 2003 && !ref_class_type.equals(VerificationType::reference_type( 2004 current_class()->super()->klass_part()->name()))) { 2005 bool subtype = ref_class_type.is_assignable_from( 2006 current_type(), current_class(), CHECK_VERIFY(this)); 2007 if (!subtype) { 2008 verify_error(bci, "Bad invokespecial instruction: " 2009 "current class isn't assignable to reference class."); 2010 return; 2011 } 2012 } 2013 // Match method descriptor with operand stack 2014 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2015 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this)); 2016 } 2017 // Check objectref on operand stack 2018 if (opcode != Bytecodes::_invokestatic && 2019 opcode != Bytecodes::_invokedynamic) { 2020 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method 2021 verify_invoke_init(bcs, ref_class_type, current_frame, 2022 code_length, this_uninit, cp, CHECK_VERIFY(this)); 2023 } else { // other methods 2024 // Ensures that target class is assignable to method class. 2025 if (opcode == Bytecodes::_invokespecial) { 2026 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2027 } else if (opcode == Bytecodes::_invokevirtual) { 2028 VerificationType stack_object_type = 2029 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2030 if (current_type() != stack_object_type) { 2031 assert(cp->cache() == NULL, "not rewritten yet"); 2032 symbolHandle ref_class_name = symbolHandle(THREAD, 2033 cp->klass_name_at(cp->klass_ref_index_at(index))); 2034 // See the comments in verify_field_instructions() for 2035 // the rationale behind this. 2036 if (name_in_supers(ref_class_name(), current_class())) { 2037 klassOop ref_class = load_class(ref_class_name, CHECK); 2038 if (is_protected_access( 2039 _klass, ref_class, method_name(), method_sig(), true)) { 2040 // It's protected access, check if stack object is 2041 // assignable to current class. 2042 bool is_assignable = current_type().is_assignable_from( 2043 stack_object_type, current_class(), CHECK_VERIFY(this)); 2044 if (!is_assignable) { 2045 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2046 && stack_object_type.is_array() 2047 && method_name() == vmSymbols::clone_name()) { 2048 // Special case: arrays pretend to implement public Object 2049 // clone(). 2050 } else { 2051 verify_error(bci, 2052 "Bad access to protected data in invokevirtual"); 2053 return; 2054 } 2055 } 2056 } 2057 } 2058 } 2059 } else { 2060 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2061 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2062 } 2063 } 2064 } 2065 // Push the result type. 2066 if (sig_stream.type() != T_VOID) { 2067 if (method_name() == vmSymbols::object_initializer_name()) { 2068 // <init> method must have a void return type 2069 verify_error(bci, "Return type must be void in <init> method"); 2070 return; 2071 } 2072 VerificationType return_type[2]; 2073 int n = change_sig_to_verificationType( 2074 &sig_stream, return_type, CHECK_VERIFY(this)); 2075 for (int i = 0; i < n; i++) { 2076 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards 2077 } 2078 } 2079} 2080 2081VerificationType ClassVerifier::get_newarray_type( 2082 u2 index, u2 bci, TRAPS) { 2083 const char* from_bt[] = { 2084 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2085 }; 2086 if (index < T_BOOLEAN || index > T_LONG) { 2087 verify_error(bci, "Illegal newarray instruction"); 2088 return VerificationType::bogus_type(); 2089 } 2090 2091 // from_bt[index] contains the array signature which has a length of 2 2092 symbolHandle sig = oopFactory::new_symbol_handle( 2093 from_bt[index], 2, CHECK_(VerificationType::bogus_type())); 2094 return VerificationType::reference_type(sig); 2095} 2096 2097void ClassVerifier::verify_anewarray( 2098 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) { 2099 verify_cp_class_type(index, cp, CHECK_VERIFY(this)); 2100 current_frame->pop_stack( 2101 VerificationType::integer_type(), CHECK_VERIFY(this)); 2102 2103 VerificationType component_type = 2104 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 2105 ResourceMark rm(THREAD); 2106 int length; 2107 char* arr_sig_str; 2108 if (component_type.is_array()) { // it's an array 2109 const char* component_name = component_type.name()->as_utf8(); 2110 // add one dimension to component 2111 length = (int)strlen(component_name) + 1; 2112 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2113 arr_sig_str[0] = '['; 2114 strncpy(&arr_sig_str[1], component_name, length - 1); 2115 } else { // it's an object or interface 2116 const char* component_name = component_type.name()->as_utf8(); 2117 // add one dimension to component with 'L' prepended and ';' postpended. 2118 length = (int)strlen(component_name) + 3; 2119 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length); 2120 arr_sig_str[0] = '['; 2121 arr_sig_str[1] = 'L'; 2122 strncpy(&arr_sig_str[2], component_name, length - 2); 2123 arr_sig_str[length - 1] = ';'; 2124 } 2125 symbolHandle arr_sig = oopFactory::new_symbol_handle( 2126 arr_sig_str, length, CHECK_VERIFY(this)); 2127 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 2128 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 2129} 2130 2131void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 2132 current_frame->get_local( 2133 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2134 current_frame->push_stack( 2135 VerificationType::integer_type(), CHECK_VERIFY(this)); 2136} 2137 2138void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 2139 current_frame->get_local_2( 2140 index, VerificationType::long_type(), 2141 VerificationType::long2_type(), CHECK_VERIFY(this)); 2142 current_frame->push_stack_2( 2143 VerificationType::long_type(), 2144 VerificationType::long2_type(), CHECK_VERIFY(this)); 2145} 2146 2147void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 2148 current_frame->get_local( 2149 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2150 current_frame->push_stack( 2151 VerificationType::float_type(), CHECK_VERIFY(this)); 2152} 2153 2154void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 2155 current_frame->get_local_2( 2156 index, VerificationType::double_type(), 2157 VerificationType::double2_type(), CHECK_VERIFY(this)); 2158 current_frame->push_stack_2( 2159 VerificationType::double_type(), 2160 VerificationType::double2_type(), CHECK_VERIFY(this)); 2161} 2162 2163void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 2164 VerificationType type = current_frame->get_local( 2165 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 2166 current_frame->push_stack(type, CHECK_VERIFY(this)); 2167} 2168 2169void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 2170 current_frame->pop_stack( 2171 VerificationType::integer_type(), CHECK_VERIFY(this)); 2172 current_frame->set_local( 2173 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2174} 2175 2176void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2177 current_frame->pop_stack_2( 2178 VerificationType::long2_type(), 2179 VerificationType::long_type(), CHECK_VERIFY(this)); 2180 current_frame->set_local_2( 2181 index, VerificationType::long_type(), 2182 VerificationType::long2_type(), CHECK_VERIFY(this)); 2183} 2184 2185void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2186 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 2187 current_frame->set_local( 2188 index, VerificationType::float_type(), CHECK_VERIFY(this)); 2189} 2190 2191void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 2192 current_frame->pop_stack_2( 2193 VerificationType::double2_type(), 2194 VerificationType::double_type(), CHECK_VERIFY(this)); 2195 current_frame->set_local_2( 2196 index, VerificationType::double_type(), 2197 VerificationType::double2_type(), CHECK_VERIFY(this)); 2198} 2199 2200void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 2201 VerificationType type = current_frame->pop_stack( 2202 VerificationType::reference_check(), CHECK_VERIFY(this)); 2203 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2204} 2205 2206void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 2207 VerificationType type = current_frame->get_local( 2208 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 2209 current_frame->set_local(index, type, CHECK_VERIFY(this)); 2210} 2211 2212void ClassVerifier::verify_return_value( 2213 VerificationType return_type, VerificationType type, u2 bci, TRAPS) { 2214 if (return_type == VerificationType::bogus_type()) { 2215 verify_error(bci, "Method expects a return value"); 2216 return; 2217 } 2218 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this)); 2219 if (!match) { 2220 verify_error(bci, "Bad return type"); 2221 return; 2222 } 2223} 2224