Path: blob/aarch64-shenandoah-jdk8u272-b10/hotspot/src/share/vm/classfile/verifier.cpp
32285 views
/*1* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*22*/2324#include "precompiled.hpp"25#include "classfile/classFileStream.hpp"26#include "classfile/javaClasses.hpp"27#include "classfile/stackMapTable.hpp"28#include "classfile/stackMapFrame.hpp"29#include "classfile/stackMapTableFormat.hpp"30#include "classfile/systemDictionary.hpp"31#include "classfile/verifier.hpp"32#include "classfile/vmSymbols.hpp"33#include "interpreter/bytecodes.hpp"34#include "interpreter/bytecodeStream.hpp"35#include "memory/oopFactory.hpp"36#include "memory/resourceArea.hpp"37#include "oops/instanceKlass.hpp"38#include "oops/oop.inline.hpp"39#include "oops/typeArrayOop.hpp"40#include "prims/jvm.h"41#include "runtime/fieldDescriptor.hpp"42#include "runtime/handles.inline.hpp"43#include "runtime/interfaceSupport.hpp"44#include "runtime/javaCalls.hpp"45#include "runtime/orderAccess.inline.hpp"46#include "runtime/os.hpp"47#ifdef TARGET_ARCH_x8648# include "bytes_x86.hpp"49#endif50#ifdef TARGET_ARCH_aarch3251# include "bytes_aarch32.hpp"52#endif53#ifdef TARGET_ARCH_aarch6454# include "bytes_aarch64.hpp"55#endif56#ifdef TARGET_ARCH_sparc57# include "bytes_sparc.hpp"58#endif59#ifdef TARGET_ARCH_zero60# include "bytes_zero.hpp"61#endif62#ifdef TARGET_ARCH_arm63# include "bytes_arm.hpp"64#endif65#ifdef TARGET_ARCH_ppc66# include "bytes_ppc.hpp"67#endif6869#define NOFAILOVER_MAJOR_VERSION 5170#define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 5171#define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 527273// Access to external entry for VerifyClassCodes - old byte code verifier7475extern "C" {76typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);77typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);78}7980static void* volatile _verify_byte_codes_fn = NULL;8182static volatile jint _is_new_verify_byte_codes_fn = (jint) true;8384static void* verify_byte_codes_fn() {85if (_verify_byte_codes_fn == NULL) {86void *lib_handle = os::native_java_library();87void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");88OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);89if (func == NULL) {90OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);91func = os::dll_lookup(lib_handle, "VerifyClassCodes");92OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);93}94}95return (void*)_verify_byte_codes_fn;96}979899// Methods in Verifier100101bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {102return (class_loader == NULL || !should_verify_class) ?103BytecodeVerificationLocal : BytecodeVerificationRemote;104}105106bool Verifier::relax_access_for(oop loader) {107bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);108bool need_verify =109// verifyAll110(BytecodeVerificationLocal && BytecodeVerificationRemote) ||111// verifyRemote112(!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);113return !need_verify;114}115116bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {117HandleMark hm;118ResourceMark rm(THREAD);119120Symbol* exception_name = NULL;121const size_t message_buffer_len = klass->name()->utf8_length() + 1024;122char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);123char* exception_message = message_buffer;124125const char* klassName = klass->external_name();126bool can_failover = FailOverToOldVerifier &&127klass->major_version() < NOFAILOVER_MAJOR_VERSION;128129// If the class should be verified, first see if we can use the split130// verifier. If not, or if verification fails and FailOverToOldVerifier131// is set, then call the inference verifier.132if (is_eligible_for_verification(klass, should_verify_class)) {133if (TraceClassInitialization) {134tty->print_cr("Start class verification for: %s", klassName);135}136if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {137ClassVerifier split_verifier(klass, THREAD);138split_verifier.verify_class(THREAD);139exception_name = split_verifier.result();140if (can_failover && !HAS_PENDING_EXCEPTION &&141(exception_name == vmSymbols::java_lang_VerifyError() ||142exception_name == vmSymbols::java_lang_ClassFormatError())) {143if (TraceClassInitialization || VerboseVerification) {144tty->print_cr(145"Fail over class verification to old verifier for: %s", klassName);146}147exception_name = inference_verify(148klass, message_buffer, message_buffer_len, THREAD);149}150if (exception_name != NULL) {151exception_message = split_verifier.exception_message();152}153} else {154exception_name = inference_verify(155klass, message_buffer, message_buffer_len, THREAD);156}157158if (TraceClassInitialization || VerboseVerification) {159if (HAS_PENDING_EXCEPTION) {160tty->print("Verification for %s has", klassName);161tty->print_cr(" exception pending %s ",162InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());163} else if (exception_name != NULL) {164tty->print_cr("Verification for %s failed", klassName);165}166tty->print_cr("End class verification for: %s", klassName);167}168}169170if (HAS_PENDING_EXCEPTION) {171return false; // use the existing exception172} else if (exception_name == NULL) {173return true; // verifcation succeeded174} else { // VerifyError or ClassFormatError to be created and thrown175ResourceMark rm(THREAD);176instanceKlassHandle kls =177SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);178while (!kls.is_null()) {179if (kls == klass) {180// If the class being verified is the exception we're creating181// or one of it's superclasses, we're in trouble and are going182// to infinitely recurse when we try to initialize the exception.183// So bail out here by throwing the preallocated VM error.184THROW_OOP_(Universe::virtual_machine_error_instance(), false);185}186kls = kls->super();187}188message_buffer[message_buffer_len - 1] = '\0'; // just to be sure189THROW_MSG_(exception_name, exception_message, false);190}191}192193bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {194Symbol* name = klass->name();195Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();196197bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);198199return (should_verify_for(klass->class_loader(), should_verify_class) &&200// return if the class is a bootstrapping class201// or defineClass specified not to verify by default (flags override passed arg)202// We need to skip the following four for bootstraping203name != vmSymbols::java_lang_Object() &&204name != vmSymbols::java_lang_Class() &&205name != vmSymbols::java_lang_String() &&206name != vmSymbols::java_lang_Throwable() &&207208// Can not verify the bytecodes for shared classes because they have209// already been rewritten to contain constant pool cache indices,210// which the verifier can't understand.211// Shared classes shouldn't have stackmaps either.212!klass()->is_shared() &&213214// As of the fix for 4486457 we disable verification for all of the215// dynamically-generated bytecodes associated with the 1.4216// reflection implementation, not just those associated with217// sun/reflect/SerializationConstructorAccessor.218// NOTE: this is called too early in the bootstrapping process to be219// guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.220// Also for lambda generated code, gte jdk8221(!is_reflect || VerifyReflectionBytecodes));222}223224Symbol* Verifier::inference_verify(225instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {226JavaThread* thread = (JavaThread*)THREAD;227JNIEnv *env = thread->jni_environment();228229void* verify_func = verify_byte_codes_fn();230231if (verify_func == NULL) {232jio_snprintf(message, message_len, "Could not link verifier");233return vmSymbols::java_lang_VerifyError();234}235236ResourceMark rm(THREAD);237if (VerboseVerification) {238tty->print_cr("Verifying class %s with old format", klass->external_name());239}240241jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());242jint result;243244{245HandleMark hm(thread);246ThreadToNativeFromVM ttn(thread);247// ThreadToNativeFromVM takes care of changing thread_state, so safepoint248// code knows that we have left the VM249250if (_is_new_verify_byte_codes_fn) {251verify_byte_codes_fn_new_t func =252CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);253result = (*func)(env, cls, message, (int)message_len,254klass->major_version());255} else {256verify_byte_codes_fn_t func =257CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);258result = (*func)(env, cls, message, (int)message_len);259}260}261262JNIHandles::destroy_local(cls);263264// These numbers are chosen so that VerifyClassCodes interface doesn't need265// to be changed (still return jboolean (unsigned char)), and result is266// 1 when verification is passed.267if (result == 0) {268return vmSymbols::java_lang_VerifyError();269} else if (result == 1) {270return NULL; // verified.271} else if (result == 2) {272THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);273} else if (result == 3) {274return vmSymbols::java_lang_ClassFormatError();275} else {276ShouldNotReachHere();277return NULL;278}279}280281TypeOrigin TypeOrigin::null() {282return TypeOrigin();283}284TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {285assert(frame != NULL, "Must have a frame");286return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),287frame->local_at(index));288}289TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {290assert(frame != NULL, "Must have a frame");291return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),292frame->stack_at(index));293}294TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {295assert(frame != NULL, "Must have a frame");296return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),297frame->local_at(index));298}299TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {300assert(frame != NULL, "Must have a frame");301return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),302frame->stack_at(index));303}304TypeOrigin TypeOrigin::bad_index(u2 index) {305return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());306}307TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {308return TypeOrigin(CONST_POOL, index, NULL, vt);309}310TypeOrigin TypeOrigin::signature(VerificationType vt) {311return TypeOrigin(SIG, 0, NULL, vt);312}313TypeOrigin TypeOrigin::implicit(VerificationType t) {314return TypeOrigin(IMPLICIT, 0, NULL, t);315}316TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {317return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),318VerificationType::bogus_type());319}320321void TypeOrigin::reset_frame() {322if (_frame != NULL) {323_frame->restore();324}325}326327void TypeOrigin::details(outputStream* ss) const {328_type.print_on(ss);329switch (_origin) {330case CF_LOCALS:331ss->print(" (current frame, locals[%d])", _index);332break;333case CF_STACK:334ss->print(" (current frame, stack[%d])", _index);335break;336case SM_LOCALS:337ss->print(" (stack map, locals[%d])", _index);338break;339case SM_STACK:340ss->print(" (stack map, stack[%d])", _index);341break;342case CONST_POOL:343ss->print(" (constant pool %d)", _index);344break;345case SIG:346ss->print(" (from method signature)");347break;348case IMPLICIT:349case FRAME_ONLY:350case NONE:351default:352;353}354}355356#ifdef ASSERT357void TypeOrigin::print_on(outputStream* str) const {358str->print("{%d,%d,%p:", _origin, _index, _frame);359if (_frame != NULL) {360_frame->print_on(str);361} else {362str->print("null");363}364str->print(",");365_type.print_on(str);366str->print("}");367}368#endif369370void ErrorContext::details(outputStream* ss, const Method* method) const {371if (is_valid()) {372ss->cr();373ss->print_cr("Exception Details:");374location_details(ss, method);375reason_details(ss);376frame_details(ss);377bytecode_details(ss, method);378handler_details(ss, method);379stackmap_details(ss, method);380}381}382383void ErrorContext::reason_details(outputStream* ss) const {384streamIndentor si(ss);385ss->indent().print_cr("Reason:");386streamIndentor si2(ss);387ss->indent().print("%s", "");388switch (_fault) {389case INVALID_BYTECODE:390ss->print("Error exists in the bytecode");391break;392case WRONG_TYPE:393if (_expected.is_valid()) {394ss->print("Type ");395_type.details(ss);396ss->print(" is not assignable to ");397_expected.details(ss);398} else {399ss->print("Invalid type: ");400_type.details(ss);401}402break;403case FLAGS_MISMATCH:404if (_expected.is_valid()) {405ss->print("Current frame's flags are not assignable "406"to stack map frame's.");407} else {408ss->print("Current frame's flags are invalid in this context.");409}410break;411case BAD_CP_INDEX:412ss->print("Constant pool index %d is invalid", _type.index());413break;414case BAD_LOCAL_INDEX:415ss->print("Local index %d is invalid", _type.index());416break;417case LOCALS_SIZE_MISMATCH:418ss->print("Current frame's local size doesn't match stackmap.");419break;420case STACK_SIZE_MISMATCH:421ss->print("Current frame's stack size doesn't match stackmap.");422break;423case STACK_OVERFLOW:424ss->print("Exceeded max stack size.");425break;426case STACK_UNDERFLOW:427ss->print("Attempt to pop empty stack.");428break;429case MISSING_STACKMAP:430ss->print("Expected stackmap frame at this location.");431break;432case BAD_STACKMAP:433ss->print("Invalid stackmap specification.");434break;435case UNKNOWN:436default:437ShouldNotReachHere();438ss->print_cr("Unknown");439}440ss->cr();441}442443void ErrorContext::location_details(outputStream* ss, const Method* method) const {444if (_bci != -1 && method != NULL) {445streamIndentor si(ss);446const char* bytecode_name = "<invalid>";447if (method->validate_bci_from_bcx(_bci) != -1) {448Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));449if (Bytecodes::is_defined(code)) {450bytecode_name = Bytecodes::name(code);451} else {452bytecode_name = "<illegal>";453}454}455InstanceKlass* ik = method->method_holder();456ss->indent().print_cr("Location:");457streamIndentor si2(ss);458ss->indent().print_cr("%s.%s%s @%d: %s",459ik->name()->as_C_string(), method->name()->as_C_string(),460method->signature()->as_C_string(), _bci, bytecode_name);461}462}463464void ErrorContext::frame_details(outputStream* ss) const {465streamIndentor si(ss);466if (_type.is_valid() && _type.frame() != NULL) {467ss->indent().print_cr("Current Frame:");468streamIndentor si2(ss);469_type.frame()->print_on(ss);470}471if (_expected.is_valid() && _expected.frame() != NULL) {472ss->indent().print_cr("Stackmap Frame:");473streamIndentor si2(ss);474_expected.frame()->print_on(ss);475}476}477478void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {479if (method != NULL) {480streamIndentor si(ss);481ss->indent().print_cr("Bytecode:");482streamIndentor si2(ss);483ss->print_data(method->code_base(), method->code_size(), false);484}485}486487void ErrorContext::handler_details(outputStream* ss, const Method* method) const {488if (method != NULL) {489streamIndentor si(ss);490ExceptionTable table(method);491if (table.length() > 0) {492ss->indent().print_cr("Exception Handler Table:");493streamIndentor si2(ss);494for (int i = 0; i < table.length(); ++i) {495ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),496table.end_pc(i), table.handler_pc(i));497}498}499}500}501502void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {503if (method != NULL && method->has_stackmap_table()) {504streamIndentor si(ss);505ss->indent().print_cr("Stackmap Table:");506Array<u1>* data = method->stackmap_data();507stack_map_table* sm_table =508stack_map_table::at((address)data->adr_at(0));509stack_map_frame* sm_frame = sm_table->entries();510streamIndentor si2(ss);511int current_offset = -1;512address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();513for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {514ss->indent();515if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {516sm_frame->print_truncated(ss, current_offset);517return;518}519sm_frame->print_on(ss, current_offset);520ss->cr();521current_offset += sm_frame->offset_delta();522sm_frame = sm_frame->next();523}524}525}526527// Methods in ClassVerifier528529ClassVerifier::ClassVerifier(530instanceKlassHandle klass, TRAPS)531: _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {532_this_type = VerificationType::reference_type(klass->name());533// Create list to hold symbols in reference area.534_symbols = new GrowableArray<Symbol*>(100, 0, NULL);535}536537ClassVerifier::~ClassVerifier() {538// Decrement the reference count for any symbols created.539for (int i = 0; i < _symbols->length(); i++) {540Symbol* s = _symbols->at(i);541s->decrement_refcount();542}543}544545VerificationType ClassVerifier::object_type() const {546return VerificationType::reference_type(vmSymbols::java_lang_Object());547}548549TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {550VerificationType vt = VerificationType::reference_type(551create_temporary_symbol(sig, (int)strlen(sig), THREAD));552return TypeOrigin::implicit(vt);553}554555void ClassVerifier::verify_class(TRAPS) {556if (VerboseVerification) {557tty->print_cr("Verifying class %s with new format",558_klass->external_name());559}560561Array<Method*>* methods = _klass->methods();562int num_methods = methods->length();563564for (int index = 0; index < num_methods; index++) {565// Check for recursive re-verification before each method.566if (was_recursively_verified()) return;567568Method* m = methods->at(index);569if (m->is_native() || m->is_abstract() || m->is_overpass()) {570// If m is native or abstract, skip it. It is checked in class file571// parser that methods do not override a final method. Overpass methods572// are trusted since the VM generates them.573continue;574}575verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));576}577578if (VerboseVerification || TraceClassInitialization) {579if (was_recursively_verified())580tty->print_cr("Recursive verification detected for: %s",581_klass->external_name());582}583}584585void ClassVerifier::verify_method(methodHandle m, TRAPS) {586HandleMark hm(THREAD);587_method = m; // initialize _method588if (VerboseVerification) {589tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());590}591592// For clang, the only good constant format string is a literal constant format string.593#define bad_type_msg "Bad type on operand stack in %s"594595int32_t max_stack = m->verifier_max_stack();596int32_t max_locals = m->max_locals();597constantPoolHandle cp(THREAD, m->constants());598599if (!SignatureVerifier::is_valid_method_signature(m->signature())) {600class_format_error("Invalid method signature");601return;602}603604// Initial stack map frame: offset is 0, stack is initially empty.605StackMapFrame current_frame(max_locals, max_stack, this);606// Set initial locals607VerificationType return_type = current_frame.set_locals_from_arg(608m, current_type(), CHECK_VERIFY(this));609610int32_t stackmap_index = 0; // index to the stackmap array611612u4 code_length = m->code_size();613614// Scan the bytecode and map each instruction's start offset to a number.615char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));616617int ex_min = code_length;618int ex_max = -1;619// Look through each item on the exception table. Each of the fields must refer620// to a legal instruction.621verify_exception_handler_table(622code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));623624// Look through each entry on the local variable table and make sure625// its range of code array offsets is valid. (4169817)626if (m->has_localvariable_table()) {627verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));628}629630Array<u1>* stackmap_data = m->stackmap_data();631StackMapStream stream(stackmap_data);632StackMapReader reader(this, &stream, code_data, code_length, THREAD);633StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,634code_data, code_length, CHECK_VERIFY(this));635636if (VerboseVerification) {637stackmap_table.print_on(tty);638}639640RawBytecodeStream bcs(m);641642// Scan the byte code linearly from the start to the end643bool no_control_flow = false; // Set to true when there is no direct control644// flow from current instruction to the next645// instruction in sequence646647Bytecodes::Code opcode;648while (!bcs.is_last_bytecode()) {649// Check for recursive re-verification before each bytecode.650if (was_recursively_verified()) return;651652opcode = bcs.raw_next();653u2 bci = bcs.bci();654655// Set current frame's offset to bci656current_frame.set_offset(bci);657current_frame.set_mark();658659// Make sure every offset in stackmap table point to the beginning to660// an instruction. Match current_frame to stackmap_table entry with661// the same offset if exists.662stackmap_index = verify_stackmap_table(663stackmap_index, bci, ¤t_frame, &stackmap_table,664no_control_flow, CHECK_VERIFY(this));665666667bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'668bool verified_exc_handlers = false;669670// Merge with the next instruction671{672u2 index;673int target;674VerificationType type, type2;675VerificationType atype;676677#ifndef PRODUCT678if (VerboseVerification) {679current_frame.print_on(tty);680tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));681}682#endif683684// Make sure wide instruction is in correct format685if (bcs.is_wide()) {686if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&687opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&688opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&689opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&690opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&691opcode != Bytecodes::_dstore) {692/* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'693* if we encounter a wide instruction that modifies an invalid694* opcode (not one of the ones listed above) */695verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");696return;697}698}699700// Look for possible jump target in exception handlers and see if it701// matches current_frame. Do this check here for astore*, dstore*,702// fstore*, istore*, and lstore* opcodes because they can change the type703// state by adding a local. JVM Spec says that the incoming type state704// should be used for this check. So, do the check here before a possible705// local is added to the type state.706if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {707verify_exception_handler_targets(708bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));709verified_exc_handlers = true;710}711712switch (opcode) {713case Bytecodes::_nop :714no_control_flow = false; break;715case Bytecodes::_aconst_null :716current_frame.push_stack(717VerificationType::null_type(), CHECK_VERIFY(this));718no_control_flow = false; break;719case Bytecodes::_iconst_m1 :720case Bytecodes::_iconst_0 :721case Bytecodes::_iconst_1 :722case Bytecodes::_iconst_2 :723case Bytecodes::_iconst_3 :724case Bytecodes::_iconst_4 :725case Bytecodes::_iconst_5 :726current_frame.push_stack(727VerificationType::integer_type(), CHECK_VERIFY(this));728no_control_flow = false; break;729case Bytecodes::_lconst_0 :730case Bytecodes::_lconst_1 :731current_frame.push_stack_2(732VerificationType::long_type(),733VerificationType::long2_type(), CHECK_VERIFY(this));734no_control_flow = false; break;735case Bytecodes::_fconst_0 :736case Bytecodes::_fconst_1 :737case Bytecodes::_fconst_2 :738current_frame.push_stack(739VerificationType::float_type(), CHECK_VERIFY(this));740no_control_flow = false; break;741case Bytecodes::_dconst_0 :742case Bytecodes::_dconst_1 :743current_frame.push_stack_2(744VerificationType::double_type(),745VerificationType::double2_type(), CHECK_VERIFY(this));746no_control_flow = false; break;747case Bytecodes::_sipush :748case Bytecodes::_bipush :749current_frame.push_stack(750VerificationType::integer_type(), CHECK_VERIFY(this));751no_control_flow = false; break;752case Bytecodes::_ldc :753verify_ldc(754opcode, bcs.get_index_u1(), ¤t_frame,755cp, bci, CHECK_VERIFY(this));756no_control_flow = false; break;757case Bytecodes::_ldc_w :758case Bytecodes::_ldc2_w :759verify_ldc(760opcode, bcs.get_index_u2(), ¤t_frame,761cp, bci, CHECK_VERIFY(this));762no_control_flow = false; break;763case Bytecodes::_iload :764verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));765no_control_flow = false; break;766case Bytecodes::_iload_0 :767case Bytecodes::_iload_1 :768case Bytecodes::_iload_2 :769case Bytecodes::_iload_3 :770index = opcode - Bytecodes::_iload_0;771verify_iload(index, ¤t_frame, CHECK_VERIFY(this));772no_control_flow = false; break;773case Bytecodes::_lload :774verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));775no_control_flow = false; break;776case Bytecodes::_lload_0 :777case Bytecodes::_lload_1 :778case Bytecodes::_lload_2 :779case Bytecodes::_lload_3 :780index = opcode - Bytecodes::_lload_0;781verify_lload(index, ¤t_frame, CHECK_VERIFY(this));782no_control_flow = false; break;783case Bytecodes::_fload :784verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));785no_control_flow = false; break;786case Bytecodes::_fload_0 :787case Bytecodes::_fload_1 :788case Bytecodes::_fload_2 :789case Bytecodes::_fload_3 :790index = opcode - Bytecodes::_fload_0;791verify_fload(index, ¤t_frame, CHECK_VERIFY(this));792no_control_flow = false; break;793case Bytecodes::_dload :794verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));795no_control_flow = false; break;796case Bytecodes::_dload_0 :797case Bytecodes::_dload_1 :798case Bytecodes::_dload_2 :799case Bytecodes::_dload_3 :800index = opcode - Bytecodes::_dload_0;801verify_dload(index, ¤t_frame, CHECK_VERIFY(this));802no_control_flow = false; break;803case Bytecodes::_aload :804verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));805no_control_flow = false; break;806case Bytecodes::_aload_0 :807case Bytecodes::_aload_1 :808case Bytecodes::_aload_2 :809case Bytecodes::_aload_3 :810index = opcode - Bytecodes::_aload_0;811verify_aload(index, ¤t_frame, CHECK_VERIFY(this));812no_control_flow = false; break;813case Bytecodes::_iaload :814type = current_frame.pop_stack(815VerificationType::integer_type(), CHECK_VERIFY(this));816atype = current_frame.pop_stack(817VerificationType::reference_check(), CHECK_VERIFY(this));818if (!atype.is_int_array()) {819verify_error(ErrorContext::bad_type(bci,820current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),821bad_type_msg, "iaload");822return;823}824current_frame.push_stack(825VerificationType::integer_type(), CHECK_VERIFY(this));826no_control_flow = false; break;827case Bytecodes::_baload :828type = current_frame.pop_stack(829VerificationType::integer_type(), CHECK_VERIFY(this));830atype = current_frame.pop_stack(831VerificationType::reference_check(), CHECK_VERIFY(this));832if (!atype.is_bool_array() && !atype.is_byte_array()) {833verify_error(834ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),835bad_type_msg, "baload");836return;837}838current_frame.push_stack(839VerificationType::integer_type(), CHECK_VERIFY(this));840no_control_flow = false; break;841case Bytecodes::_caload :842type = current_frame.pop_stack(843VerificationType::integer_type(), CHECK_VERIFY(this));844atype = current_frame.pop_stack(845VerificationType::reference_check(), CHECK_VERIFY(this));846if (!atype.is_char_array()) {847verify_error(ErrorContext::bad_type(bci,848current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),849bad_type_msg, "caload");850return;851}852current_frame.push_stack(853VerificationType::integer_type(), CHECK_VERIFY(this));854no_control_flow = false; break;855case Bytecodes::_saload :856type = current_frame.pop_stack(857VerificationType::integer_type(), CHECK_VERIFY(this));858atype = current_frame.pop_stack(859VerificationType::reference_check(), CHECK_VERIFY(this));860if (!atype.is_short_array()) {861verify_error(ErrorContext::bad_type(bci,862current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),863bad_type_msg, "saload");864return;865}866current_frame.push_stack(867VerificationType::integer_type(), CHECK_VERIFY(this));868no_control_flow = false; break;869case Bytecodes::_laload :870type = current_frame.pop_stack(871VerificationType::integer_type(), CHECK_VERIFY(this));872atype = current_frame.pop_stack(873VerificationType::reference_check(), CHECK_VERIFY(this));874if (!atype.is_long_array()) {875verify_error(ErrorContext::bad_type(bci,876current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),877bad_type_msg, "laload");878return;879}880current_frame.push_stack_2(881VerificationType::long_type(),882VerificationType::long2_type(), CHECK_VERIFY(this));883no_control_flow = false; break;884case Bytecodes::_faload :885type = current_frame.pop_stack(886VerificationType::integer_type(), CHECK_VERIFY(this));887atype = current_frame.pop_stack(888VerificationType::reference_check(), CHECK_VERIFY(this));889if (!atype.is_float_array()) {890verify_error(ErrorContext::bad_type(bci,891current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),892bad_type_msg, "faload");893return;894}895current_frame.push_stack(896VerificationType::float_type(), CHECK_VERIFY(this));897no_control_flow = false; break;898case Bytecodes::_daload :899type = current_frame.pop_stack(900VerificationType::integer_type(), CHECK_VERIFY(this));901atype = current_frame.pop_stack(902VerificationType::reference_check(), CHECK_VERIFY(this));903if (!atype.is_double_array()) {904verify_error(ErrorContext::bad_type(bci,905current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),906bad_type_msg, "daload");907return;908}909current_frame.push_stack_2(910VerificationType::double_type(),911VerificationType::double2_type(), CHECK_VERIFY(this));912no_control_flow = false; break;913case Bytecodes::_aaload : {914type = current_frame.pop_stack(915VerificationType::integer_type(), CHECK_VERIFY(this));916atype = current_frame.pop_stack(917VerificationType::reference_check(), CHECK_VERIFY(this));918if (!atype.is_reference_array()) {919verify_error(ErrorContext::bad_type(bci,920current_frame.stack_top_ctx(),921TypeOrigin::implicit(VerificationType::reference_check())),922bad_type_msg, "aaload");923return;924}925if (atype.is_null()) {926current_frame.push_stack(927VerificationType::null_type(), CHECK_VERIFY(this));928} else {929VerificationType component =930atype.get_component(this, CHECK_VERIFY(this));931current_frame.push_stack(component, CHECK_VERIFY(this));932}933no_control_flow = false; break;934}935case Bytecodes::_istore :936verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));937no_control_flow = false; break;938case Bytecodes::_istore_0 :939case Bytecodes::_istore_1 :940case Bytecodes::_istore_2 :941case Bytecodes::_istore_3 :942index = opcode - Bytecodes::_istore_0;943verify_istore(index, ¤t_frame, CHECK_VERIFY(this));944no_control_flow = false; break;945case Bytecodes::_lstore :946verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));947no_control_flow = false; break;948case Bytecodes::_lstore_0 :949case Bytecodes::_lstore_1 :950case Bytecodes::_lstore_2 :951case Bytecodes::_lstore_3 :952index = opcode - Bytecodes::_lstore_0;953verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));954no_control_flow = false; break;955case Bytecodes::_fstore :956verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));957no_control_flow = false; break;958case Bytecodes::_fstore_0 :959case Bytecodes::_fstore_1 :960case Bytecodes::_fstore_2 :961case Bytecodes::_fstore_3 :962index = opcode - Bytecodes::_fstore_0;963verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));964no_control_flow = false; break;965case Bytecodes::_dstore :966verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));967no_control_flow = false; break;968case Bytecodes::_dstore_0 :969case Bytecodes::_dstore_1 :970case Bytecodes::_dstore_2 :971case Bytecodes::_dstore_3 :972index = opcode - Bytecodes::_dstore_0;973verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));974no_control_flow = false; break;975case Bytecodes::_astore :976verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));977no_control_flow = false; break;978case Bytecodes::_astore_0 :979case Bytecodes::_astore_1 :980case Bytecodes::_astore_2 :981case Bytecodes::_astore_3 :982index = opcode - Bytecodes::_astore_0;983verify_astore(index, ¤t_frame, CHECK_VERIFY(this));984no_control_flow = false; break;985case Bytecodes::_iastore :986type = current_frame.pop_stack(987VerificationType::integer_type(), CHECK_VERIFY(this));988type2 = current_frame.pop_stack(989VerificationType::integer_type(), CHECK_VERIFY(this));990atype = current_frame.pop_stack(991VerificationType::reference_check(), CHECK_VERIFY(this));992if (!atype.is_int_array()) {993verify_error(ErrorContext::bad_type(bci,994current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),995bad_type_msg, "iastore");996return;997}998no_control_flow = false; break;999case Bytecodes::_bastore :1000type = current_frame.pop_stack(1001VerificationType::integer_type(), CHECK_VERIFY(this));1002type2 = current_frame.pop_stack(1003VerificationType::integer_type(), CHECK_VERIFY(this));1004atype = current_frame.pop_stack(1005VerificationType::reference_check(), CHECK_VERIFY(this));1006if (!atype.is_bool_array() && !atype.is_byte_array()) {1007verify_error(1008ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1009bad_type_msg, "bastore");1010return;1011}1012no_control_flow = false; break;1013case Bytecodes::_castore :1014current_frame.pop_stack(1015VerificationType::integer_type(), CHECK_VERIFY(this));1016current_frame.pop_stack(1017VerificationType::integer_type(), CHECK_VERIFY(this));1018atype = current_frame.pop_stack(1019VerificationType::reference_check(), CHECK_VERIFY(this));1020if (!atype.is_char_array()) {1021verify_error(ErrorContext::bad_type(bci,1022current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),1023bad_type_msg, "castore");1024return;1025}1026no_control_flow = false; break;1027case Bytecodes::_sastore :1028current_frame.pop_stack(1029VerificationType::integer_type(), CHECK_VERIFY(this));1030current_frame.pop_stack(1031VerificationType::integer_type(), CHECK_VERIFY(this));1032atype = current_frame.pop_stack(1033VerificationType::reference_check(), CHECK_VERIFY(this));1034if (!atype.is_short_array()) {1035verify_error(ErrorContext::bad_type(bci,1036current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),1037bad_type_msg, "sastore");1038return;1039}1040no_control_flow = false; break;1041case Bytecodes::_lastore :1042current_frame.pop_stack_2(1043VerificationType::long2_type(),1044VerificationType::long_type(), CHECK_VERIFY(this));1045current_frame.pop_stack(1046VerificationType::integer_type(), CHECK_VERIFY(this));1047atype = current_frame.pop_stack(1048VerificationType::reference_check(), CHECK_VERIFY(this));1049if (!atype.is_long_array()) {1050verify_error(ErrorContext::bad_type(bci,1051current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),1052bad_type_msg, "lastore");1053return;1054}1055no_control_flow = false; break;1056case Bytecodes::_fastore :1057current_frame.pop_stack(1058VerificationType::float_type(), CHECK_VERIFY(this));1059current_frame.pop_stack1060(VerificationType::integer_type(), CHECK_VERIFY(this));1061atype = current_frame.pop_stack(1062VerificationType::reference_check(), CHECK_VERIFY(this));1063if (!atype.is_float_array()) {1064verify_error(ErrorContext::bad_type(bci,1065current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),1066bad_type_msg, "fastore");1067return;1068}1069no_control_flow = false; break;1070case Bytecodes::_dastore :1071current_frame.pop_stack_2(1072VerificationType::double2_type(),1073VerificationType::double_type(), CHECK_VERIFY(this));1074current_frame.pop_stack(1075VerificationType::integer_type(), CHECK_VERIFY(this));1076atype = current_frame.pop_stack(1077VerificationType::reference_check(), CHECK_VERIFY(this));1078if (!atype.is_double_array()) {1079verify_error(ErrorContext::bad_type(bci,1080current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),1081bad_type_msg, "dastore");1082return;1083}1084no_control_flow = false; break;1085case Bytecodes::_aastore :1086type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));1087type2 = current_frame.pop_stack(1088VerificationType::integer_type(), CHECK_VERIFY(this));1089atype = current_frame.pop_stack(1090VerificationType::reference_check(), CHECK_VERIFY(this));1091// more type-checking is done at runtime1092if (!atype.is_reference_array()) {1093verify_error(ErrorContext::bad_type(bci,1094current_frame.stack_top_ctx(),1095TypeOrigin::implicit(VerificationType::reference_check())),1096bad_type_msg, "aastore");1097return;1098}1099// 4938384: relaxed constraint in JVMS 3nd edition.1100no_control_flow = false; break;1101case Bytecodes::_pop :1102current_frame.pop_stack(1103VerificationType::category1_check(), CHECK_VERIFY(this));1104no_control_flow = false; break;1105case Bytecodes::_pop2 :1106type = current_frame.pop_stack(CHECK_VERIFY(this));1107if (type.is_category1()) {1108current_frame.pop_stack(1109VerificationType::category1_check(), CHECK_VERIFY(this));1110} else if (type.is_category2_2nd()) {1111current_frame.pop_stack(1112VerificationType::category2_check(), CHECK_VERIFY(this));1113} else {1114/* Unreachable? Would need a category2_1st on TOS1115* which does not appear possible. */1116verify_error(1117ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1118bad_type_msg, "pop2");1119return;1120}1121no_control_flow = false; break;1122case Bytecodes::_dup :1123type = current_frame.pop_stack(1124VerificationType::category1_check(), CHECK_VERIFY(this));1125current_frame.push_stack(type, CHECK_VERIFY(this));1126current_frame.push_stack(type, CHECK_VERIFY(this));1127no_control_flow = false; break;1128case Bytecodes::_dup_x1 :1129type = current_frame.pop_stack(1130VerificationType::category1_check(), CHECK_VERIFY(this));1131type2 = current_frame.pop_stack(1132VerificationType::category1_check(), CHECK_VERIFY(this));1133current_frame.push_stack(type, CHECK_VERIFY(this));1134current_frame.push_stack(type2, CHECK_VERIFY(this));1135current_frame.push_stack(type, CHECK_VERIFY(this));1136no_control_flow = false; break;1137case Bytecodes::_dup_x2 :1138{1139VerificationType type3;1140type = current_frame.pop_stack(1141VerificationType::category1_check(), CHECK_VERIFY(this));1142type2 = current_frame.pop_stack(CHECK_VERIFY(this));1143if (type2.is_category1()) {1144type3 = current_frame.pop_stack(1145VerificationType::category1_check(), CHECK_VERIFY(this));1146} else if (type2.is_category2_2nd()) {1147type3 = current_frame.pop_stack(1148VerificationType::category2_check(), CHECK_VERIFY(this));1149} else {1150/* Unreachable? Would need a category2_1st at stack depth 2 with1151* a category1 on TOS which does not appear possible. */1152verify_error(ErrorContext::bad_type(1153bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");1154return;1155}1156current_frame.push_stack(type, CHECK_VERIFY(this));1157current_frame.push_stack(type3, CHECK_VERIFY(this));1158current_frame.push_stack(type2, CHECK_VERIFY(this));1159current_frame.push_stack(type, CHECK_VERIFY(this));1160no_control_flow = false; break;1161}1162case Bytecodes::_dup2 :1163type = current_frame.pop_stack(CHECK_VERIFY(this));1164if (type.is_category1()) {1165type2 = current_frame.pop_stack(1166VerificationType::category1_check(), CHECK_VERIFY(this));1167} else if (type.is_category2_2nd()) {1168type2 = current_frame.pop_stack(1169VerificationType::category2_check(), CHECK_VERIFY(this));1170} else {1171/* Unreachable? Would need a category2_1st on TOS which does not1172* appear possible. */1173verify_error(1174ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1175bad_type_msg, "dup2");1176return;1177}1178current_frame.push_stack(type2, CHECK_VERIFY(this));1179current_frame.push_stack(type, CHECK_VERIFY(this));1180current_frame.push_stack(type2, CHECK_VERIFY(this));1181current_frame.push_stack(type, CHECK_VERIFY(this));1182no_control_flow = false; break;1183case Bytecodes::_dup2_x1 :1184{1185VerificationType type3;1186type = current_frame.pop_stack(CHECK_VERIFY(this));1187if (type.is_category1()) {1188type2 = current_frame.pop_stack(1189VerificationType::category1_check(), CHECK_VERIFY(this));1190} else if (type.is_category2_2nd()) {1191type2 = current_frame.pop_stack(1192VerificationType::category2_check(), CHECK_VERIFY(this));1193} else {1194/* Unreachable? Would need a category2_1st on TOS which does1195* not appear possible. */1196verify_error(1197ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1198bad_type_msg, "dup2_x1");1199return;1200}1201type3 = current_frame.pop_stack(1202VerificationType::category1_check(), CHECK_VERIFY(this));1203current_frame.push_stack(type2, CHECK_VERIFY(this));1204current_frame.push_stack(type, CHECK_VERIFY(this));1205current_frame.push_stack(type3, CHECK_VERIFY(this));1206current_frame.push_stack(type2, CHECK_VERIFY(this));1207current_frame.push_stack(type, CHECK_VERIFY(this));1208no_control_flow = false; break;1209}1210case Bytecodes::_dup2_x2 :1211{1212VerificationType type3, type4;1213type = current_frame.pop_stack(CHECK_VERIFY(this));1214if (type.is_category1()) {1215type2 = current_frame.pop_stack(1216VerificationType::category1_check(), CHECK_VERIFY(this));1217} else if (type.is_category2_2nd()) {1218type2 = current_frame.pop_stack(1219VerificationType::category2_check(), CHECK_VERIFY(this));1220} else {1221/* Unreachable? Would need a category2_1st on TOS which does1222* not appear possible. */1223verify_error(1224ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1225bad_type_msg, "dup2_x2");1226return;1227}1228type3 = current_frame.pop_stack(CHECK_VERIFY(this));1229if (type3.is_category1()) {1230type4 = current_frame.pop_stack(1231VerificationType::category1_check(), CHECK_VERIFY(this));1232} else if (type3.is_category2_2nd()) {1233type4 = current_frame.pop_stack(1234VerificationType::category2_check(), CHECK_VERIFY(this));1235} else {1236/* Unreachable? Would need a category2_1st on TOS after popping1237* a long/double or two category 1's, which does not1238* appear possible. */1239verify_error(1240ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),1241bad_type_msg, "dup2_x2");1242return;1243}1244current_frame.push_stack(type2, CHECK_VERIFY(this));1245current_frame.push_stack(type, CHECK_VERIFY(this));1246current_frame.push_stack(type4, CHECK_VERIFY(this));1247current_frame.push_stack(type3, CHECK_VERIFY(this));1248current_frame.push_stack(type2, CHECK_VERIFY(this));1249current_frame.push_stack(type, CHECK_VERIFY(this));1250no_control_flow = false; break;1251}1252case Bytecodes::_swap :1253type = current_frame.pop_stack(1254VerificationType::category1_check(), CHECK_VERIFY(this));1255type2 = current_frame.pop_stack(1256VerificationType::category1_check(), CHECK_VERIFY(this));1257current_frame.push_stack(type, CHECK_VERIFY(this));1258current_frame.push_stack(type2, CHECK_VERIFY(this));1259no_control_flow = false; break;1260case Bytecodes::_iadd :1261case Bytecodes::_isub :1262case Bytecodes::_imul :1263case Bytecodes::_idiv :1264case Bytecodes::_irem :1265case Bytecodes::_ishl :1266case Bytecodes::_ishr :1267case Bytecodes::_iushr :1268case Bytecodes::_ior :1269case Bytecodes::_ixor :1270case Bytecodes::_iand :1271current_frame.pop_stack(1272VerificationType::integer_type(), CHECK_VERIFY(this));1273// fall through1274case Bytecodes::_ineg :1275current_frame.pop_stack(1276VerificationType::integer_type(), CHECK_VERIFY(this));1277current_frame.push_stack(1278VerificationType::integer_type(), CHECK_VERIFY(this));1279no_control_flow = false; break;1280case Bytecodes::_ladd :1281case Bytecodes::_lsub :1282case Bytecodes::_lmul :1283case Bytecodes::_ldiv :1284case Bytecodes::_lrem :1285case Bytecodes::_land :1286case Bytecodes::_lor :1287case Bytecodes::_lxor :1288current_frame.pop_stack_2(1289VerificationType::long2_type(),1290VerificationType::long_type(), CHECK_VERIFY(this));1291// fall through1292case Bytecodes::_lneg :1293current_frame.pop_stack_2(1294VerificationType::long2_type(),1295VerificationType::long_type(), CHECK_VERIFY(this));1296current_frame.push_stack_2(1297VerificationType::long_type(),1298VerificationType::long2_type(), CHECK_VERIFY(this));1299no_control_flow = false; break;1300case Bytecodes::_lshl :1301case Bytecodes::_lshr :1302case Bytecodes::_lushr :1303current_frame.pop_stack(1304VerificationType::integer_type(), CHECK_VERIFY(this));1305current_frame.pop_stack_2(1306VerificationType::long2_type(),1307VerificationType::long_type(), CHECK_VERIFY(this));1308current_frame.push_stack_2(1309VerificationType::long_type(),1310VerificationType::long2_type(), CHECK_VERIFY(this));1311no_control_flow = false; break;1312case Bytecodes::_fadd :1313case Bytecodes::_fsub :1314case Bytecodes::_fmul :1315case Bytecodes::_fdiv :1316case Bytecodes::_frem :1317current_frame.pop_stack(1318VerificationType::float_type(), CHECK_VERIFY(this));1319// fall through1320case Bytecodes::_fneg :1321current_frame.pop_stack(1322VerificationType::float_type(), CHECK_VERIFY(this));1323current_frame.push_stack(1324VerificationType::float_type(), CHECK_VERIFY(this));1325no_control_flow = false; break;1326case Bytecodes::_dadd :1327case Bytecodes::_dsub :1328case Bytecodes::_dmul :1329case Bytecodes::_ddiv :1330case Bytecodes::_drem :1331current_frame.pop_stack_2(1332VerificationType::double2_type(),1333VerificationType::double_type(), CHECK_VERIFY(this));1334// fall through1335case Bytecodes::_dneg :1336current_frame.pop_stack_2(1337VerificationType::double2_type(),1338VerificationType::double_type(), CHECK_VERIFY(this));1339current_frame.push_stack_2(1340VerificationType::double_type(),1341VerificationType::double2_type(), CHECK_VERIFY(this));1342no_control_flow = false; break;1343case Bytecodes::_iinc :1344verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));1345no_control_flow = false; break;1346case Bytecodes::_i2l :1347type = current_frame.pop_stack(1348VerificationType::integer_type(), CHECK_VERIFY(this));1349current_frame.push_stack_2(1350VerificationType::long_type(),1351VerificationType::long2_type(), CHECK_VERIFY(this));1352no_control_flow = false; break;1353case Bytecodes::_l2i :1354current_frame.pop_stack_2(1355VerificationType::long2_type(),1356VerificationType::long_type(), CHECK_VERIFY(this));1357current_frame.push_stack(1358VerificationType::integer_type(), CHECK_VERIFY(this));1359no_control_flow = false; break;1360case Bytecodes::_i2f :1361current_frame.pop_stack(1362VerificationType::integer_type(), CHECK_VERIFY(this));1363current_frame.push_stack(1364VerificationType::float_type(), CHECK_VERIFY(this));1365no_control_flow = false; break;1366case Bytecodes::_i2d :1367current_frame.pop_stack(1368VerificationType::integer_type(), CHECK_VERIFY(this));1369current_frame.push_stack_2(1370VerificationType::double_type(),1371VerificationType::double2_type(), CHECK_VERIFY(this));1372no_control_flow = false; break;1373case Bytecodes::_l2f :1374current_frame.pop_stack_2(1375VerificationType::long2_type(),1376VerificationType::long_type(), CHECK_VERIFY(this));1377current_frame.push_stack(1378VerificationType::float_type(), CHECK_VERIFY(this));1379no_control_flow = false; break;1380case Bytecodes::_l2d :1381current_frame.pop_stack_2(1382VerificationType::long2_type(),1383VerificationType::long_type(), CHECK_VERIFY(this));1384current_frame.push_stack_2(1385VerificationType::double_type(),1386VerificationType::double2_type(), CHECK_VERIFY(this));1387no_control_flow = false; break;1388case Bytecodes::_f2i :1389current_frame.pop_stack(1390VerificationType::float_type(), CHECK_VERIFY(this));1391current_frame.push_stack(1392VerificationType::integer_type(), CHECK_VERIFY(this));1393no_control_flow = false; break;1394case Bytecodes::_f2l :1395current_frame.pop_stack(1396VerificationType::float_type(), CHECK_VERIFY(this));1397current_frame.push_stack_2(1398VerificationType::long_type(),1399VerificationType::long2_type(), CHECK_VERIFY(this));1400no_control_flow = false; break;1401case Bytecodes::_f2d :1402current_frame.pop_stack(1403VerificationType::float_type(), CHECK_VERIFY(this));1404current_frame.push_stack_2(1405VerificationType::double_type(),1406VerificationType::double2_type(), CHECK_VERIFY(this));1407no_control_flow = false; break;1408case Bytecodes::_d2i :1409current_frame.pop_stack_2(1410VerificationType::double2_type(),1411VerificationType::double_type(), CHECK_VERIFY(this));1412current_frame.push_stack(1413VerificationType::integer_type(), CHECK_VERIFY(this));1414no_control_flow = false; break;1415case Bytecodes::_d2l :1416current_frame.pop_stack_2(1417VerificationType::double2_type(),1418VerificationType::double_type(), CHECK_VERIFY(this));1419current_frame.push_stack_2(1420VerificationType::long_type(),1421VerificationType::long2_type(), CHECK_VERIFY(this));1422no_control_flow = false; break;1423case Bytecodes::_d2f :1424current_frame.pop_stack_2(1425VerificationType::double2_type(),1426VerificationType::double_type(), CHECK_VERIFY(this));1427current_frame.push_stack(1428VerificationType::float_type(), CHECK_VERIFY(this));1429no_control_flow = false; break;1430case Bytecodes::_i2b :1431case Bytecodes::_i2c :1432case Bytecodes::_i2s :1433current_frame.pop_stack(1434VerificationType::integer_type(), CHECK_VERIFY(this));1435current_frame.push_stack(1436VerificationType::integer_type(), CHECK_VERIFY(this));1437no_control_flow = false; break;1438case Bytecodes::_lcmp :1439current_frame.pop_stack_2(1440VerificationType::long2_type(),1441VerificationType::long_type(), CHECK_VERIFY(this));1442current_frame.pop_stack_2(1443VerificationType::long2_type(),1444VerificationType::long_type(), CHECK_VERIFY(this));1445current_frame.push_stack(1446VerificationType::integer_type(), CHECK_VERIFY(this));1447no_control_flow = false; break;1448case Bytecodes::_fcmpl :1449case Bytecodes::_fcmpg :1450current_frame.pop_stack(1451VerificationType::float_type(), CHECK_VERIFY(this));1452current_frame.pop_stack(1453VerificationType::float_type(), CHECK_VERIFY(this));1454current_frame.push_stack(1455VerificationType::integer_type(), CHECK_VERIFY(this));1456no_control_flow = false; break;1457case Bytecodes::_dcmpl :1458case Bytecodes::_dcmpg :1459current_frame.pop_stack_2(1460VerificationType::double2_type(),1461VerificationType::double_type(), CHECK_VERIFY(this));1462current_frame.pop_stack_2(1463VerificationType::double2_type(),1464VerificationType::double_type(), CHECK_VERIFY(this));1465current_frame.push_stack(1466VerificationType::integer_type(), CHECK_VERIFY(this));1467no_control_flow = false; break;1468case Bytecodes::_if_icmpeq:1469case Bytecodes::_if_icmpne:1470case Bytecodes::_if_icmplt:1471case Bytecodes::_if_icmpge:1472case Bytecodes::_if_icmpgt:1473case Bytecodes::_if_icmple:1474current_frame.pop_stack(1475VerificationType::integer_type(), CHECK_VERIFY(this));1476// fall through1477case Bytecodes::_ifeq:1478case Bytecodes::_ifne:1479case Bytecodes::_iflt:1480case Bytecodes::_ifge:1481case Bytecodes::_ifgt:1482case Bytecodes::_ifle:1483current_frame.pop_stack(1484VerificationType::integer_type(), CHECK_VERIFY(this));1485target = bcs.dest();1486stackmap_table.check_jump_target(1487¤t_frame, target, CHECK_VERIFY(this));1488no_control_flow = false; break;1489case Bytecodes::_if_acmpeq :1490case Bytecodes::_if_acmpne :1491current_frame.pop_stack(1492VerificationType::reference_check(), CHECK_VERIFY(this));1493// fall through1494case Bytecodes::_ifnull :1495case Bytecodes::_ifnonnull :1496current_frame.pop_stack(1497VerificationType::reference_check(), CHECK_VERIFY(this));1498target = bcs.dest();1499stackmap_table.check_jump_target1500(¤t_frame, target, CHECK_VERIFY(this));1501no_control_flow = false; break;1502case Bytecodes::_goto :1503target = bcs.dest();1504stackmap_table.check_jump_target(1505¤t_frame, target, CHECK_VERIFY(this));1506no_control_flow = true; break;1507case Bytecodes::_goto_w :1508target = bcs.dest_w();1509stackmap_table.check_jump_target(1510¤t_frame, target, CHECK_VERIFY(this));1511no_control_flow = true; break;1512case Bytecodes::_tableswitch :1513case Bytecodes::_lookupswitch :1514verify_switch(1515&bcs, code_length, code_data, ¤t_frame,1516&stackmap_table, CHECK_VERIFY(this));1517no_control_flow = true; break;1518case Bytecodes::_ireturn :1519type = current_frame.pop_stack(1520VerificationType::integer_type(), CHECK_VERIFY(this));1521verify_return_value(return_type, type, bci,1522¤t_frame, CHECK_VERIFY(this));1523no_control_flow = true; break;1524case Bytecodes::_lreturn :1525type2 = current_frame.pop_stack(1526VerificationType::long2_type(), CHECK_VERIFY(this));1527type = current_frame.pop_stack(1528VerificationType::long_type(), CHECK_VERIFY(this));1529verify_return_value(return_type, type, bci,1530¤t_frame, CHECK_VERIFY(this));1531no_control_flow = true; break;1532case Bytecodes::_freturn :1533type = current_frame.pop_stack(1534VerificationType::float_type(), CHECK_VERIFY(this));1535verify_return_value(return_type, type, bci,1536¤t_frame, CHECK_VERIFY(this));1537no_control_flow = true; break;1538case Bytecodes::_dreturn :1539type2 = current_frame.pop_stack(1540VerificationType::double2_type(), CHECK_VERIFY(this));1541type = current_frame.pop_stack(1542VerificationType::double_type(), CHECK_VERIFY(this));1543verify_return_value(return_type, type, bci,1544¤t_frame, CHECK_VERIFY(this));1545no_control_flow = true; break;1546case Bytecodes::_areturn :1547type = current_frame.pop_stack(1548VerificationType::reference_check(), CHECK_VERIFY(this));1549verify_return_value(return_type, type, bci,1550¤t_frame, CHECK_VERIFY(this));1551no_control_flow = true; break;1552case Bytecodes::_return :1553if (return_type != VerificationType::bogus_type()) {1554verify_error(ErrorContext::bad_code(bci),1555"Method expects a return value");1556return;1557}1558// Make sure "this" has been initialized if current method is an1559// <init>1560if (_method->name() == vmSymbols::object_initializer_name() &&1561current_frame.flag_this_uninit()) {1562verify_error(ErrorContext::bad_code(bci),1563"Constructor must call super() or this() "1564"before return");1565return;1566}1567no_control_flow = true; break;1568case Bytecodes::_getstatic :1569case Bytecodes::_putstatic :1570case Bytecodes::_getfield :1571case Bytecodes::_putfield :1572verify_field_instructions(1573&bcs, ¤t_frame, cp, CHECK_VERIFY(this));1574no_control_flow = false; break;1575case Bytecodes::_invokevirtual :1576case Bytecodes::_invokespecial :1577case Bytecodes::_invokestatic :1578verify_invoke_instructions(1579&bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),1580&this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));1581no_control_flow = false; break;1582case Bytecodes::_invokeinterface :1583case Bytecodes::_invokedynamic :1584verify_invoke_instructions(1585&bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),1586&this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));1587no_control_flow = false; break;1588case Bytecodes::_new :1589{1590index = bcs.get_index_u2();1591verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));1592VerificationType new_class_type =1593cp_index_to_type(index, cp, CHECK_VERIFY(this));1594if (!new_class_type.is_object()) {1595verify_error(ErrorContext::bad_type(bci,1596TypeOrigin::cp(index, new_class_type)),1597"Illegal new instruction");1598return;1599}1600type = VerificationType::uninitialized_type(bci);1601current_frame.push_stack(type, CHECK_VERIFY(this));1602no_control_flow = false; break;1603}1604case Bytecodes::_newarray :1605type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));1606current_frame.pop_stack(1607VerificationType::integer_type(), CHECK_VERIFY(this));1608current_frame.push_stack(type, CHECK_VERIFY(this));1609no_control_flow = false; break;1610case Bytecodes::_anewarray :1611verify_anewarray(1612bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));1613no_control_flow = false; break;1614case Bytecodes::_arraylength :1615type = current_frame.pop_stack(1616VerificationType::reference_check(), CHECK_VERIFY(this));1617if (!(type.is_null() || type.is_array())) {1618verify_error(ErrorContext::bad_type(1619bci, current_frame.stack_top_ctx()),1620bad_type_msg, "arraylength");1621}1622current_frame.push_stack(1623VerificationType::integer_type(), CHECK_VERIFY(this));1624no_control_flow = false; break;1625case Bytecodes::_checkcast :1626{1627index = bcs.get_index_u2();1628verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));1629current_frame.pop_stack(object_type(), CHECK_VERIFY(this));1630VerificationType klass_type = cp_index_to_type(1631index, cp, CHECK_VERIFY(this));1632current_frame.push_stack(klass_type, CHECK_VERIFY(this));1633no_control_flow = false; break;1634}1635case Bytecodes::_instanceof : {1636index = bcs.get_index_u2();1637verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));1638current_frame.pop_stack(object_type(), CHECK_VERIFY(this));1639current_frame.push_stack(1640VerificationType::integer_type(), CHECK_VERIFY(this));1641no_control_flow = false; break;1642}1643case Bytecodes::_monitorenter :1644case Bytecodes::_monitorexit :1645current_frame.pop_stack(1646VerificationType::reference_check(), CHECK_VERIFY(this));1647no_control_flow = false; break;1648case Bytecodes::_multianewarray :1649{1650index = bcs.get_index_u2();1651u2 dim = *(bcs.bcp()+3);1652verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));1653VerificationType new_array_type =1654cp_index_to_type(index, cp, CHECK_VERIFY(this));1655if (!new_array_type.is_array()) {1656verify_error(ErrorContext::bad_type(bci,1657TypeOrigin::cp(index, new_array_type)),1658"Illegal constant pool index in multianewarray instruction");1659return;1660}1661if (dim < 1 || new_array_type.dimensions() < dim) {1662verify_error(ErrorContext::bad_code(bci),1663"Illegal dimension in multianewarray instruction: %d", dim);1664return;1665}1666for (int i = 0; i < dim; i++) {1667current_frame.pop_stack(1668VerificationType::integer_type(), CHECK_VERIFY(this));1669}1670current_frame.push_stack(new_array_type, CHECK_VERIFY(this));1671no_control_flow = false; break;1672}1673case Bytecodes::_athrow :1674type = VerificationType::reference_type(1675vmSymbols::java_lang_Throwable());1676current_frame.pop_stack(type, CHECK_VERIFY(this));1677no_control_flow = true; break;1678default:1679// We only need to check the valid bytecodes in class file.1680// And jsr and ret are not in the new class file format in JDK1.5.1681verify_error(ErrorContext::bad_code(bci),1682"Bad instruction: %02x", opcode);1683no_control_flow = false;1684return;1685} // end switch1686} // end Merge with the next instruction16871688// Look for possible jump target in exception handlers and see if it matches1689// current_frame. Don't do this check if it has already been done (for1690// ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because1691// opcodes, such as invokespecial, may set the this_uninit flag.1692assert(!(verified_exc_handlers && this_uninit),1693"Exception handler targets got verified before this_uninit got set");1694if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {1695verify_exception_handler_targets(1696bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));1697}1698} // end while16991700// Make sure that control flow does not fall through end of the method1701if (!no_control_flow) {1702verify_error(ErrorContext::bad_code(code_length),1703"Control flow falls through code end");1704return;1705}1706}17071708#undef bad_type_message17091710char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {1711char* code_data = NEW_RESOURCE_ARRAY(char, code_length);1712memset(code_data, 0, sizeof(char) * code_length);1713RawBytecodeStream bcs(m);17141715while (!bcs.is_last_bytecode()) {1716if (bcs.raw_next() != Bytecodes::_illegal) {1717int bci = bcs.bci();1718if (bcs.raw_code() == Bytecodes::_new) {1719code_data[bci] = NEW_OFFSET;1720} else {1721code_data[bci] = BYTECODE_OFFSET;1722}1723} else {1724verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");1725return NULL;1726}1727}17281729return code_data;1730}17311732void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {1733ExceptionTable exhandlers(_method());1734int exlength = exhandlers.length();1735constantPoolHandle cp (THREAD, _method->constants());17361737for(int i = 0; i < exlength; i++) {1738//reacquire the table in case a GC happened1739ExceptionTable exhandlers(_method());1740u2 start_pc = exhandlers.start_pc(i);1741u2 end_pc = exhandlers.end_pc(i);1742u2 handler_pc = exhandlers.handler_pc(i);1743if (start_pc >= code_length || code_data[start_pc] == 0) {1744class_format_error("Illegal exception table start_pc %d", start_pc);1745return;1746}1747if (end_pc != code_length) { // special case: end_pc == code_length1748if (end_pc > code_length || code_data[end_pc] == 0) {1749class_format_error("Illegal exception table end_pc %d", end_pc);1750return;1751}1752}1753if (handler_pc >= code_length || code_data[handler_pc] == 0) {1754class_format_error("Illegal exception table handler_pc %d", handler_pc);1755return;1756}1757int catch_type_index = exhandlers.catch_type_index(i);1758if (catch_type_index != 0) {1759VerificationType catch_type = cp_index_to_type(1760catch_type_index, cp, CHECK_VERIFY(this));1761VerificationType throwable =1762VerificationType::reference_type(vmSymbols::java_lang_Throwable());1763bool is_subclass = throwable.is_assignable_from(1764catch_type, this, false, CHECK_VERIFY(this));1765if (!is_subclass) {1766// 4286534: should throw VerifyError according to recent spec change1767verify_error(ErrorContext::bad_type(handler_pc,1768TypeOrigin::cp(catch_type_index, catch_type),1769TypeOrigin::implicit(throwable)),1770"Catch type is not a subclass "1771"of Throwable in exception handler %d", handler_pc);1772return;1773}1774}1775if (start_pc < min) min = start_pc;1776if (end_pc > max) max = end_pc;1777}1778}17791780void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {1781int localvariable_table_length = _method()->localvariable_table_length();1782if (localvariable_table_length > 0) {1783LocalVariableTableElement* table = _method()->localvariable_table_start();1784for (int i = 0; i < localvariable_table_length; i++) {1785u2 start_bci = table[i].start_bci;1786u2 length = table[i].length;17871788if (start_bci >= code_length || code_data[start_bci] == 0) {1789class_format_error(1790"Illegal local variable table start_pc %d", start_bci);1791return;1792}1793u4 end_bci = (u4)(start_bci + length);1794if (end_bci != code_length) {1795if (end_bci >= code_length || code_data[end_bci] == 0) {1796class_format_error( "Illegal local variable table length %d", length);1797return;1798}1799}1800}1801}1802}18031804u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,1805StackMapFrame* current_frame,1806StackMapTable* stackmap_table,1807bool no_control_flow, TRAPS) {1808if (stackmap_index < stackmap_table->get_frame_count()) {1809u2 this_offset = stackmap_table->get_offset(stackmap_index);1810if (no_control_flow && this_offset > bci) {1811verify_error(ErrorContext::missing_stackmap(bci),1812"Expecting a stack map frame");1813return 0;1814}1815if (this_offset == bci) {1816ErrorContext ctx;1817// See if current stack map can be assigned to the frame in table.1818// current_frame is the stackmap frame got from the last instruction.1819// If matched, current_frame will be updated by this method.1820bool matches = stackmap_table->match_stackmap(1821current_frame, this_offset, stackmap_index,1822!no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));1823if (!matches) {1824// report type error1825verify_error(ctx, "Instruction type does not match stack map");1826return 0;1827}1828stackmap_index++;1829} else if (this_offset < bci) {1830// current_offset should have met this_offset.1831class_format_error("Bad stack map offset %d", this_offset);1832return 0;1833}1834} else if (no_control_flow) {1835verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");1836return 0;1837}1838return stackmap_index;1839}18401841void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,1842StackMapTable* stackmap_table, TRAPS) {1843constantPoolHandle cp (THREAD, _method->constants());1844ExceptionTable exhandlers(_method());1845int exlength = exhandlers.length();1846for(int i = 0; i < exlength; i++) {1847//reacquire the table in case a GC happened1848ExceptionTable exhandlers(_method());1849u2 start_pc = exhandlers.start_pc(i);1850u2 end_pc = exhandlers.end_pc(i);1851u2 handler_pc = exhandlers.handler_pc(i);1852int catch_type_index = exhandlers.catch_type_index(i);1853if(bci >= start_pc && bci < end_pc) {1854u1 flags = current_frame->flags();1855if (this_uninit) { flags |= FLAG_THIS_UNINIT; }1856StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);1857if (catch_type_index != 0) {1858// We know that this index refers to a subclass of Throwable1859VerificationType catch_type = cp_index_to_type(1860catch_type_index, cp, CHECK_VERIFY(this));1861new_frame->push_stack(catch_type, CHECK_VERIFY(this));1862} else {1863VerificationType throwable =1864VerificationType::reference_type(vmSymbols::java_lang_Throwable());1865new_frame->push_stack(throwable, CHECK_VERIFY(this));1866}1867ErrorContext ctx;1868bool matches = stackmap_table->match_stackmap(1869new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));1870if (!matches) {1871verify_error(ctx, "Stack map does not match the one at "1872"exception handler %d", handler_pc);1873return;1874}1875}1876}1877}18781879void ClassVerifier::verify_cp_index(1880u2 bci, constantPoolHandle cp, int index, TRAPS) {1881int nconstants = cp->length();1882if ((index <= 0) || (index >= nconstants)) {1883verify_error(ErrorContext::bad_cp_index(bci, index),1884"Illegal constant pool index %d in class %s",1885index, cp->pool_holder()->external_name());1886return;1887}1888}18891890void ClassVerifier::verify_cp_type(1891u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) {18921893// In some situations, bytecode rewriting may occur while we're verifying.1894// In this case, a constant pool cache exists and some indices refer to that1895// instead. Be sure we don't pick up such indices by accident.1896// We must check was_recursively_verified() before we get here.1897guarantee(cp->cache() == NULL, "not rewritten yet");18981899verify_cp_index(bci, cp, index, CHECK_VERIFY(this));1900unsigned int tag = cp->tag_at(index).value();1901if ((types & (1 << tag)) == 0) {1902verify_error(ErrorContext::bad_cp_index(bci, index),1903"Illegal type at constant pool entry %d in class %s",1904index, cp->pool_holder()->external_name());1905return;1906}1907}19081909void ClassVerifier::verify_cp_class_type(1910u2 bci, int index, constantPoolHandle cp, TRAPS) {1911verify_cp_index(bci, cp, index, CHECK_VERIFY(this));1912constantTag tag = cp->tag_at(index);1913if (!tag.is_klass() && !tag.is_unresolved_klass()) {1914verify_error(ErrorContext::bad_cp_index(bci, index),1915"Illegal type at constant pool entry %d in class %s",1916index, cp->pool_holder()->external_name());1917return;1918}1919}19201921void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {1922stringStream ss;19231924ctx.reset_frames();1925_exception_type = vmSymbols::java_lang_VerifyError();1926_error_context = ctx;1927va_list va;1928va_start(va, msg);1929ss.vprint(msg, va);1930va_end(va);1931_message = ss.as_string();1932#ifdef ASSERT1933ResourceMark rm;1934const char* exception_name = _exception_type->as_C_string();1935Exceptions::debug_check_abort(exception_name, NULL);1936#endif // ndef ASSERT1937}19381939void ClassVerifier::class_format_error(const char* msg, ...) {1940stringStream ss;1941_exception_type = vmSymbols::java_lang_ClassFormatError();1942va_list va;1943va_start(va, msg);1944ss.vprint(msg, va);1945va_end(va);1946if (!_method.is_null()) {1947ss.print(" in method %s", _method->name_and_sig_as_C_string());1948}1949_message = ss.as_string();1950}19511952Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {1953// Get current loader and protection domain first.1954oop loader = current_class()->class_loader();1955oop protection_domain = current_class()->protection_domain();19561957return SystemDictionary::resolve_or_fail(1958name, Handle(THREAD, loader), Handle(THREAD, protection_domain),1959true, CHECK_NULL);1960}19611962bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,1963Klass* target_class,1964Symbol* field_name,1965Symbol* field_sig,1966bool is_method) {1967No_Safepoint_Verifier nosafepoint;19681969// If target class isn't a super class of this class, we don't worry about this case1970if (!this_class->is_subclass_of(target_class)) {1971return false;1972}1973// Check if the specified method or field is protected1974InstanceKlass* target_instance = InstanceKlass::cast(target_class);1975fieldDescriptor fd;1976if (is_method) {1977Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);1978if (m != NULL && m->is_protected()) {1979if (!this_class->is_same_class_package(m->method_holder())) {1980return true;1981}1982}1983} else {1984Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);1985if (member_klass != NULL && fd.is_protected()) {1986if (!this_class->is_same_class_package(member_klass)) {1987return true;1988}1989}1990}1991return false;1992}19931994void ClassVerifier::verify_ldc(1995int opcode, u2 index, StackMapFrame* current_frame,1996constantPoolHandle cp, u2 bci, TRAPS) {1997verify_cp_index(bci, cp, index, CHECK_VERIFY(this));1998constantTag tag = cp->tag_at(index);1999unsigned int types;2000if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {2001if (!tag.is_unresolved_klass()) {2002types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)2003| (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)2004| (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);2005// Note: The class file parser already verified the legality of2006// MethodHandle and MethodType constants.2007verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));2008}2009} else {2010assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");2011types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);2012verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));2013}2014if (tag.is_string() && cp->is_pseudo_string_at(index)) {2015current_frame->push_stack(object_type(), CHECK_VERIFY(this));2016} else if (tag.is_string()) {2017current_frame->push_stack(2018VerificationType::reference_type(2019vmSymbols::java_lang_String()), CHECK_VERIFY(this));2020} else if (tag.is_klass() || tag.is_unresolved_klass()) {2021current_frame->push_stack(2022VerificationType::reference_type(2023vmSymbols::java_lang_Class()), CHECK_VERIFY(this));2024} else if (tag.is_int()) {2025current_frame->push_stack(2026VerificationType::integer_type(), CHECK_VERIFY(this));2027} else if (tag.is_float()) {2028current_frame->push_stack(2029VerificationType::float_type(), CHECK_VERIFY(this));2030} else if (tag.is_double()) {2031current_frame->push_stack_2(2032VerificationType::double_type(),2033VerificationType::double2_type(), CHECK_VERIFY(this));2034} else if (tag.is_long()) {2035current_frame->push_stack_2(2036VerificationType::long_type(),2037VerificationType::long2_type(), CHECK_VERIFY(this));2038} else if (tag.is_method_handle()) {2039current_frame->push_stack(2040VerificationType::reference_type(2041vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));2042} else if (tag.is_method_type()) {2043current_frame->push_stack(2044VerificationType::reference_type(2045vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));2046} else {2047/* Unreachable? verify_cp_type has already validated the cp type. */2048verify_error(2049ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");2050return;2051}2052}20532054void ClassVerifier::verify_switch(2055RawBytecodeStream* bcs, u4 code_length, char* code_data,2056StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {2057int bci = bcs->bci();2058address bcp = bcs->bcp();2059address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);20602061if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {2062// 4639449 & 4647081: padding bytes must be 02063u2 padding_offset = 1;2064while ((bcp + padding_offset) < aligned_bcp) {2065if(*(bcp + padding_offset) != 0) {2066verify_error(ErrorContext::bad_code(bci),2067"Nonzero padding byte in lookswitch or tableswitch");2068return;2069}2070padding_offset++;2071}2072}20732074int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);2075int keys, delta;2076current_frame->pop_stack(2077VerificationType::integer_type(), CHECK_VERIFY(this));2078if (bcs->raw_code() == Bytecodes::_tableswitch) {2079jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);2080jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);2081if (low > high) {2082verify_error(ErrorContext::bad_code(bci),2083"low must be less than or equal to high in tableswitch");2084return;2085}2086keys = high - low + 1;2087if (keys < 0) {2088verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");2089return;2090}2091delta = 1;2092} else {2093keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);2094if (keys < 0) {2095verify_error(ErrorContext::bad_code(bci),2096"number of keys in lookupswitch less than 0");2097return;2098}2099delta = 2;2100// Make sure that the lookupswitch items are sorted2101for (int i = 0; i < (keys - 1); i++) {2102jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);2103jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);2104if (this_key >= next_key) {2105verify_error(ErrorContext::bad_code(bci),2106"Bad lookupswitch instruction");2107return;2108}2109}2110}2111int target = bci + default_offset;2112stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));2113for (int i = 0; i < keys; i++) {2114// Because check_jump_target() may safepoint, the bytecode could have2115// moved, which means 'aligned_bcp' is no good and needs to be recalculated.2116aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);2117target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);2118stackmap_table->check_jump_target(2119current_frame, target, CHECK_VERIFY(this));2120}2121NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point2122}21232124bool ClassVerifier::name_in_supers(2125Symbol* ref_name, instanceKlassHandle current) {2126Klass* super = current->super();2127while (super != NULL) {2128if (super->name() == ref_name) {2129return true;2130}2131super = super->super();2132}2133return false;2134}21352136void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,2137StackMapFrame* current_frame,2138constantPoolHandle cp,2139TRAPS) {2140u2 index = bcs->get_index_u2();2141verify_cp_type(bcs->bci(), index, cp,21421 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));21432144// Get field name and signature2145Symbol* field_name = cp->name_ref_at(index);2146Symbol* field_sig = cp->signature_ref_at(index);21472148if (!SignatureVerifier::is_valid_type_signature(field_sig)) {2149class_format_error(2150"Invalid signature for field in class %s referenced "2151"from constant pool index %d", _klass->external_name(), index);2152return;2153}21542155// Get referenced class type2156VerificationType ref_class_type = cp_ref_index_to_type(2157index, cp, CHECK_VERIFY(this));2158if (!ref_class_type.is_object()) {2159/* Unreachable? Class file parser verifies Fieldref contents */2160verify_error(ErrorContext::bad_type(bcs->bci(),2161TypeOrigin::cp(index, ref_class_type)),2162"Expecting reference to class in class %s at constant pool index %d",2163_klass->external_name(), index);2164return;2165}2166VerificationType target_class_type = ref_class_type;21672168assert(sizeof(VerificationType) == sizeof(uintptr_t),2169"buffer type must match VerificationType size");2170uintptr_t field_type_buffer[2];2171VerificationType* field_type = (VerificationType*)field_type_buffer;2172// If we make a VerificationType[2] array directly, the compiler calls2173// to the c-runtime library to do the allocation instead of just2174// stack allocating it. Plus it would run constructors. This shows up2175// in performance profiles.21762177SignatureStream sig_stream(field_sig, false);2178VerificationType stack_object_type;2179int n = change_sig_to_verificationType(2180&sig_stream, field_type, CHECK_VERIFY(this));2181u2 bci = bcs->bci();2182bool is_assignable;2183switch (bcs->raw_code()) {2184case Bytecodes::_getstatic: {2185for (int i = 0; i < n; i++) {2186current_frame->push_stack(field_type[i], CHECK_VERIFY(this));2187}2188break;2189}2190case Bytecodes::_putstatic: {2191for (int i = n - 1; i >= 0; i--) {2192current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));2193}2194break;2195}2196case Bytecodes::_getfield: {2197stack_object_type = current_frame->pop_stack(2198target_class_type, CHECK_VERIFY(this));2199for (int i = 0; i < n; i++) {2200current_frame->push_stack(field_type[i], CHECK_VERIFY(this));2201}2202goto check_protected;2203}2204case Bytecodes::_putfield: {2205for (int i = n - 1; i >= 0; i--) {2206current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));2207}2208stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));22092210// The JVMS 2nd edition allows field initialization before the superclass2211// initializer, if the field is defined within the current class.2212fieldDescriptor fd;2213if (stack_object_type == VerificationType::uninitialized_this_type() &&2214target_class_type.equals(current_type()) &&2215_klass->find_local_field(field_name, field_sig, &fd)) {2216stack_object_type = current_type();2217}2218is_assignable = target_class_type.is_assignable_from(2219stack_object_type, this, false, CHECK_VERIFY(this));2220if (!is_assignable) {2221verify_error(ErrorContext::bad_type(bci,2222current_frame->stack_top_ctx(),2223TypeOrigin::cp(index, target_class_type)),2224"Bad type on operand stack in putfield");2225return;2226}2227}2228check_protected: {2229if (_this_type == stack_object_type)2230break; // stack_object_type must be assignable to _current_class_type2231Symbol* ref_class_name =2232cp->klass_name_at(cp->klass_ref_index_at(index));2233if (!name_in_supers(ref_class_name, current_class()))2234// stack_object_type must be assignable to _current_class_type since:2235// 1. stack_object_type must be assignable to ref_class.2236// 2. ref_class must be _current_class or a subclass of it. It can't2237// be a superclass of it. See revised JVMS 5.4.4.2238break;22392240Klass* ref_class_oop = load_class(ref_class_name, CHECK);2241if (is_protected_access(current_class(), ref_class_oop, field_name,2242field_sig, false)) {2243// It's protected access, check if stack object is assignable to2244// current class.2245is_assignable = current_type().is_assignable_from(2246stack_object_type, this, true, CHECK_VERIFY(this));2247if (!is_assignable) {2248verify_error(ErrorContext::bad_type(bci,2249current_frame->stack_top_ctx(),2250TypeOrigin::implicit(current_type())),2251"Bad access to protected data in getfield");2252return;2253}2254}2255break;2256}2257default: ShouldNotReachHere();2258}2259}22602261// Look at the method's handlers. If the bci is in the handler's try block2262// then check if the handler_pc is already on the stack. If not, push it2263// unless the handler has already been scanned.2264void ClassVerifier::push_handlers(ExceptionTable* exhandlers,2265GrowableArray<u4>* handler_list,2266GrowableArray<u4>* handler_stack,2267u4 bci) {2268int exlength = exhandlers->length();2269for(int x = 0; x < exlength; x++) {2270if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {2271u4 exhandler_pc = exhandlers->handler_pc(x);2272if (!handler_list->contains(exhandler_pc)) {2273handler_stack->append_if_missing(exhandler_pc);2274handler_list->append(exhandler_pc);2275}2276}2277}2278}22792280// Return TRUE if all code paths starting with start_bc_offset end in2281// bytecode athrow or loop.2282bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {2283ResourceMark rm;2284// Create bytecode stream.2285RawBytecodeStream bcs(method());2286u4 code_length = method()->code_size();2287bcs.set_start(start_bc_offset);2288u4 target;2289// Create stack for storing bytecode start offsets for if* and *switch.2290GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);2291// Create stack for handlers for try blocks containing this handler.2292GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);2293// Create list of handlers that have been pushed onto the handler_stack2294// so that handlers embedded inside of their own TRY blocks only get2295// scanned once.2296GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);2297// Create list of visited branch opcodes (goto* and if*).2298GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);2299ExceptionTable exhandlers(_method());23002301while (true) {2302if (bcs.is_last_bytecode()) {2303// if no more starting offsets to parse or if at the end of the2304// method then return false.2305if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))2306return false;2307// Pop a bytecode starting offset and scan from there.2308bcs.set_start(bci_stack->pop());2309}2310Bytecodes::Code opcode = bcs.raw_next();2311u4 bci = bcs.bci();23122313// If the bytecode is in a TRY block, push its handlers so they2314// will get parsed.2315push_handlers(&exhandlers, handler_list, handler_stack, bci);23162317switch (opcode) {2318case Bytecodes::_if_icmpeq:2319case Bytecodes::_if_icmpne:2320case Bytecodes::_if_icmplt:2321case Bytecodes::_if_icmpge:2322case Bytecodes::_if_icmpgt:2323case Bytecodes::_if_icmple:2324case Bytecodes::_ifeq:2325case Bytecodes::_ifne:2326case Bytecodes::_iflt:2327case Bytecodes::_ifge:2328case Bytecodes::_ifgt:2329case Bytecodes::_ifle:2330case Bytecodes::_if_acmpeq:2331case Bytecodes::_if_acmpne:2332case Bytecodes::_ifnull:2333case Bytecodes::_ifnonnull:2334target = bcs.dest();2335if (visited_branches->contains(bci)) {2336if (bci_stack->is_empty()) {2337if (handler_stack->is_empty()) {2338return true;2339} else {2340// Parse the catch handlers for try blocks containing athrow.2341bcs.set_start(handler_stack->pop());2342}2343} else {2344// Pop a bytecode starting offset and scan from there.2345bcs.set_start(bci_stack->pop());2346}2347} else {2348if (target > bci) { // forward branch2349if (target >= code_length) return false;2350// Push the branch target onto the stack.2351bci_stack->push(target);2352// then, scan bytecodes starting with next.2353bcs.set_start(bcs.next_bci());2354} else { // backward branch2355// Push bytecode offset following backward branch onto the stack.2356bci_stack->push(bcs.next_bci());2357// Check bytecodes starting with branch target.2358bcs.set_start(target);2359}2360// Record target so we don't branch here again.2361visited_branches->append(bci);2362}2363break;23642365case Bytecodes::_goto:2366case Bytecodes::_goto_w:2367target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());2368if (visited_branches->contains(bci)) {2369if (bci_stack->is_empty()) {2370if (handler_stack->is_empty()) {2371return true;2372} else {2373// Parse the catch handlers for try blocks containing athrow.2374bcs.set_start(handler_stack->pop());2375}2376} else {2377// Been here before, pop new starting offset from stack.2378bcs.set_start(bci_stack->pop());2379}2380} else {2381if (target >= code_length) return false;2382// Continue scanning from the target onward.2383bcs.set_start(target);2384// Record target so we don't branch here again.2385visited_branches->append(bci);2386}2387break;23882389// Check that all switch alternatives end in 'athrow' bytecodes. Since it2390// is difficult to determine where each switch alternative ends, parse2391// each switch alternative until either hit a 'return', 'athrow', or reach2392// the end of the method's bytecodes. This is gross but should be okay2393// because:2394// 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit2395// constructor invocations should be rare.2396// 2. if each switch alternative ends in an athrow then the parsing should be2397// short. If there is no athrow then it is bogus code, anyway.2398case Bytecodes::_lookupswitch:2399case Bytecodes::_tableswitch:2400{2401address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);2402u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;2403int keys, delta;2404if (opcode == Bytecodes::_tableswitch) {2405jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);2406jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);2407// This is invalid, but let the regular bytecode verifier2408// report this because the user will get a better error message.2409if (low > high) return true;2410keys = high - low + 1;2411delta = 1;2412} else {2413keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);2414delta = 2;2415}2416// Invalid, let the regular bytecode verifier deal with it.2417if (keys < 0) return true;24182419// Push the offset of the next bytecode onto the stack.2420bci_stack->push(bcs.next_bci());24212422// Push the switch alternatives onto the stack.2423for (int i = 0; i < keys; i++) {2424u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);2425if (target > code_length) return false;2426bci_stack->push(target);2427}24282429// Start bytecode parsing for the switch at the default alternative.2430if (default_offset > code_length) return false;2431bcs.set_start(default_offset);2432break;2433}24342435case Bytecodes::_return:2436return false;24372438case Bytecodes::_athrow:2439{2440if (bci_stack->is_empty()) {2441if (handler_stack->is_empty()) {2442return true;2443} else {2444// Parse the catch handlers for try blocks containing athrow.2445bcs.set_start(handler_stack->pop());2446}2447} else {2448// Pop a bytecode offset and starting scanning from there.2449bcs.set_start(bci_stack->pop());2450}2451}2452break;24532454default:2455;2456} // end switch2457} // end while loop24582459return false;2460}24612462void ClassVerifier::verify_invoke_init(2463RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,2464StackMapFrame* current_frame, u4 code_length, bool in_try_block,2465bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,2466TRAPS) {2467u2 bci = bcs->bci();2468VerificationType type = current_frame->pop_stack(2469VerificationType::reference_check(), CHECK_VERIFY(this));2470if (type == VerificationType::uninitialized_this_type()) {2471// The method must be an <init> method of this class or its superclass2472Klass* superk = current_class()->super();2473if (ref_class_type.name() != current_class()->name() &&2474ref_class_type.name() != superk->name()) {2475verify_error(ErrorContext::bad_type(bci,2476TypeOrigin::implicit(ref_class_type),2477TypeOrigin::implicit(current_type())),2478"Bad <init> method call");2479return;2480}24812482// If this invokespecial call is done from inside of a TRY block then make2483// sure that all catch clause paths end in a throw. Otherwise, this can2484// result in returning an incomplete object.2485if (in_try_block) {2486ExceptionTable exhandlers(_method());2487int exlength = exhandlers.length();2488for(int i = 0; i < exlength; i++) {2489u2 start_pc = exhandlers.start_pc(i);2490u2 end_pc = exhandlers.end_pc(i);24912492if (bci >= start_pc && bci < end_pc) {2493if (!ends_in_athrow(exhandlers.handler_pc(i))) {2494verify_error(ErrorContext::bad_code(bci),2495"Bad <init> method call from after the start of a try block");2496return;2497} else if (VerboseVerification) {2498ResourceMark rm;2499tty->print_cr(2500"Survived call to ends_in_athrow(): %s",2501current_class()->name()->as_C_string());2502}2503}2504}25052506// Check the exception handler target stackmaps with the locals from the2507// incoming stackmap (before initialize_object() changes them to outgoing2508// state).2509verify_exception_handler_targets(bci, true, current_frame,2510stackmap_table, CHECK_VERIFY(this));2511} // in_try_block25122513current_frame->initialize_object(type, current_type());2514*this_uninit = true;2515} else if (type.is_uninitialized()) {2516u2 new_offset = type.bci();2517address new_bcp = bcs->bcp() - bci + new_offset;2518if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {2519/* Unreachable? Stack map parsing ensures valid type and new2520* instructions have a valid BCI. */2521verify_error(ErrorContext::bad_code(new_offset),2522"Expecting new instruction");2523return;2524}2525u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);2526verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));25272528// The method must be an <init> method of the indicated class2529VerificationType new_class_type = cp_index_to_type(2530new_class_index, cp, CHECK_VERIFY(this));2531if (!new_class_type.equals(ref_class_type)) {2532verify_error(ErrorContext::bad_type(bci,2533TypeOrigin::cp(new_class_index, new_class_type),2534TypeOrigin::cp(ref_class_index, ref_class_type)),2535"Call to wrong <init> method");2536return;2537}2538// According to the VM spec, if the referent class is a superclass of the2539// current class, and is in a different runtime package, and the method is2540// protected, then the objectref must be the current class or a subclass2541// of the current class.2542VerificationType objectref_type = new_class_type;2543if (name_in_supers(ref_class_type.name(), current_class())) {2544Klass* ref_klass = load_class(ref_class_type.name(), CHECK);2545Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(2546vmSymbols::object_initializer_name(),2547cp->signature_ref_at(bcs->get_index_u2()), Klass::find_overpass);2548// Do nothing if method is not found. Let resolution detect the error.2549if (m != NULL) {2550instanceKlassHandle mh(THREAD, m->method_holder());2551if (m->is_protected() && !mh->is_same_class_package(_klass())) {2552bool assignable = current_type().is_assignable_from(2553objectref_type, this, true, CHECK_VERIFY(this));2554if (!assignable) {2555verify_error(ErrorContext::bad_type(bci,2556TypeOrigin::cp(new_class_index, objectref_type),2557TypeOrigin::implicit(current_type())),2558"Bad access to protected <init> method");2559return;2560}2561}2562}2563}2564// Check the exception handler target stackmaps with the locals from the2565// incoming stackmap (before initialize_object() changes them to outgoing2566// state).2567if (in_try_block) {2568verify_exception_handler_targets(bci, *this_uninit, current_frame,2569stackmap_table, CHECK_VERIFY(this));2570}2571current_frame->initialize_object(type, new_class_type);2572} else {2573verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),2574"Bad operand type when invoking <init>");2575return;2576}2577}25782579bool ClassVerifier::is_same_or_direct_interface(2580instanceKlassHandle klass,2581VerificationType klass_type,2582VerificationType ref_class_type) {2583if (ref_class_type.equals(klass_type)) return true;2584Array<Klass*>* local_interfaces = klass->local_interfaces();2585if (local_interfaces != NULL) {2586for (int x = 0; x < local_interfaces->length(); x++) {2587Klass* k = local_interfaces->at(x);2588assert (k != NULL && k->is_interface(), "invalid interface");2589if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {2590return true;2591}2592}2593}2594return false;2595}25962597void ClassVerifier::verify_invoke_instructions(2598RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,2599bool in_try_block, bool *this_uninit, VerificationType return_type,2600constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) {2601// Make sure the constant pool item is the right type2602u2 index = bcs->get_index_u2();2603Bytecodes::Code opcode = bcs->raw_code();2604unsigned int types;2605switch (opcode) {2606case Bytecodes::_invokeinterface:2607types = 1 << JVM_CONSTANT_InterfaceMethodref;2608break;2609case Bytecodes::_invokedynamic:2610types = 1 << JVM_CONSTANT_InvokeDynamic;2611break;2612case Bytecodes::_invokespecial:2613case Bytecodes::_invokestatic:2614types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?2615(1 << JVM_CONSTANT_Methodref) :2616((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));2617break;2618default:2619types = 1 << JVM_CONSTANT_Methodref;2620}2621verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));26222623// Get method name and signature2624Symbol* method_name = cp->name_ref_at(index);2625Symbol* method_sig = cp->signature_ref_at(index);26262627if (!SignatureVerifier::is_valid_method_signature(method_sig)) {2628class_format_error(2629"Invalid method signature in class %s referenced "2630"from constant pool index %d", _klass->external_name(), index);2631return;2632}26332634// Get referenced class type2635VerificationType ref_class_type;2636if (opcode == Bytecodes::_invokedynamic) {2637if (!EnableInvokeDynamic ||2638_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {2639if (!EnableInvokeDynamic) {2640class_format_error("invokedynamic instructions not enabled in this JVM");2641} else {2642class_format_error("invokedynamic instructions not supported by this class file version (%d), class %s",2643_klass->major_version(), _klass->external_name());2644}2645return;2646}2647} else {2648ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));2649}26502651// For a small signature length, we just allocate 128 bytes instead2652// of parsing the signature once to find its size.2653// -3 is for '(', ')' and return descriptor; multiply by 2 is for2654// longs/doubles to be consertive.2655assert(sizeof(VerificationType) == sizeof(uintptr_t),2656"buffer type must match VerificationType size");2657uintptr_t on_stack_sig_types_buffer[128];2658// If we make a VerificationType[128] array directly, the compiler calls2659// to the c-runtime library to do the allocation instead of just2660// stack allocating it. Plus it would run constructors. This shows up2661// in performance profiles.26622663VerificationType* sig_types;2664int size = (method_sig->utf8_length() - 3) * 2;2665if (size > 128) {2666// Long and double occupies two slots here.2667ArgumentSizeComputer size_it(method_sig);2668size = size_it.size();2669sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);2670} else{2671sig_types = (VerificationType*)on_stack_sig_types_buffer;2672}2673SignatureStream sig_stream(method_sig);2674int sig_i = 0;2675while (!sig_stream.at_return_type()) {2676sig_i += change_sig_to_verificationType(2677&sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));2678sig_stream.next();2679}2680int nargs = sig_i;26812682#ifdef ASSERT2683{2684ArgumentSizeComputer size_it(method_sig);2685assert(nargs == size_it.size(), "Argument sizes do not match");2686assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");2687}2688#endif26892690// Check instruction operands2691u2 bci = bcs->bci();2692if (opcode == Bytecodes::_invokeinterface) {2693address bcp = bcs->bcp();2694// 4905268: count operand in invokeinterface should be nargs+1, not nargs.2695// JSR202 spec: The count operand of an invokeinterface instruction is valid if it is2696// the difference between the size of the operand stack before and after the instruction2697// executes.2698if (*(bcp+3) != (nargs+1)) {2699verify_error(ErrorContext::bad_code(bci),2700"Inconsistent args count operand in invokeinterface");2701return;2702}2703if (*(bcp+4) != 0) {2704verify_error(ErrorContext::bad_code(bci),2705"Fourth operand byte of invokeinterface must be zero");2706return;2707}2708}27092710if (opcode == Bytecodes::_invokedynamic) {2711address bcp = bcs->bcp();2712if (*(bcp+3) != 0 || *(bcp+4) != 0) {2713verify_error(ErrorContext::bad_code(bci),2714"Third and fourth operand bytes of invokedynamic must be zero");2715return;2716}2717}27182719if (method_name->byte_at(0) == '<') {2720// Make sure <init> can only be invoked by invokespecial2721if (opcode != Bytecodes::_invokespecial ||2722method_name != vmSymbols::object_initializer_name()) {2723verify_error(ErrorContext::bad_code(bci),2724"Illegal call to internal method");2725return;2726}2727} else if (opcode == Bytecodes::_invokespecial2728&& !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)2729&& !ref_class_type.equals(VerificationType::reference_type(2730current_class()->super()->name()))) {2731bool subtype = false;2732bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;2733if (!current_class()->is_anonymous()) {2734subtype = ref_class_type.is_assignable_from(2735current_type(), this, false, CHECK_VERIFY(this));2736} else {2737VerificationType host_klass_type =2738VerificationType::reference_type(current_class()->host_klass()->name());2739subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));27402741// If invokespecial of IMR, need to recheck for same or2742// direct interface relative to the host class2743have_imr_indirect = (have_imr_indirect &&2744!is_same_or_direct_interface(2745InstanceKlass::cast(current_class()->host_klass()),2746host_klass_type, ref_class_type));2747}2748if (!subtype) {2749verify_error(ErrorContext::bad_code(bci),2750"Bad invokespecial instruction: "2751"current class isn't assignable to reference class.");2752return;2753} else if (have_imr_indirect) {2754verify_error(ErrorContext::bad_code(bci),2755"Bad invokespecial instruction: "2756"interface method reference is in an indirect superinterface.");2757return;2758}27592760}2761// Match method descriptor with operand stack2762for (int i = nargs - 1; i >= 0; i--) { // Run backwards2763current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));2764}2765// Check objectref on operand stack2766if (opcode != Bytecodes::_invokestatic &&2767opcode != Bytecodes::_invokedynamic) {2768if (method_name == vmSymbols::object_initializer_name()) { // <init> method2769verify_invoke_init(bcs, index, ref_class_type, current_frame,2770code_length, in_try_block, this_uninit, cp, stackmap_table,2771CHECK_VERIFY(this));2772} else { // other methods2773// Ensures that target class is assignable to method class.2774if (opcode == Bytecodes::_invokespecial) {2775if (!current_class()->is_anonymous()) {2776current_frame->pop_stack(current_type(), CHECK_VERIFY(this));2777} else {2778// anonymous class invokespecial calls: check if the2779// objectref is a subtype of the host_klass of the current class2780// to allow an anonymous class to reference methods in the host_klass2781VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));2782VerificationType hosttype =2783VerificationType::reference_type(current_class()->host_klass()->name());2784bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));2785if (!subtype) {2786verify_error( ErrorContext::bad_type(current_frame->offset(),2787current_frame->stack_top_ctx(),2788TypeOrigin::implicit(top)),2789"Bad type on operand stack");2790return;2791}2792}2793} else if (opcode == Bytecodes::_invokevirtual) {2794VerificationType stack_object_type =2795current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));2796if (current_type() != stack_object_type) {2797assert(cp->cache() == NULL, "not rewritten yet");2798Symbol* ref_class_name =2799cp->klass_name_at(cp->klass_ref_index_at(index));2800// See the comments in verify_field_instructions() for2801// the rationale behind this.2802if (name_in_supers(ref_class_name, current_class())) {2803Klass* ref_class = load_class(ref_class_name, CHECK);2804if (is_protected_access(2805_klass, ref_class, method_name, method_sig, true)) {2806// It's protected access, check if stack object is2807// assignable to current class.2808bool is_assignable = current_type().is_assignable_from(2809stack_object_type, this, true, CHECK_VERIFY(this));2810if (!is_assignable) {2811if (ref_class_type.name() == vmSymbols::java_lang_Object()2812&& stack_object_type.is_array()2813&& method_name == vmSymbols::clone_name()) {2814// Special case: arrays pretend to implement public Object2815// clone().2816} else {2817verify_error(ErrorContext::bad_type(bci,2818current_frame->stack_top_ctx(),2819TypeOrigin::implicit(current_type())),2820"Bad access to protected data in invokevirtual");2821return;2822}2823}2824}2825}2826}2827} else {2828assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");2829current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));2830}2831}2832}2833// Push the result type.2834if (sig_stream.type() != T_VOID) {2835if (method_name == vmSymbols::object_initializer_name()) {2836// <init> method must have a void return type2837/* Unreachable? Class file parser verifies that methods with '<' have2838* void return */2839verify_error(ErrorContext::bad_code(bci),2840"Return type must be void in <init> method");2841return;2842}2843VerificationType return_type[2];2844int n = change_sig_to_verificationType(2845&sig_stream, return_type, CHECK_VERIFY(this));2846for (int i = 0; i < n; i++) {2847current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards2848}2849}2850}28512852VerificationType ClassVerifier::get_newarray_type(2853u2 index, u2 bci, TRAPS) {2854const char* from_bt[] = {2855NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",2856};2857if (index < T_BOOLEAN || index > T_LONG) {2858verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");2859return VerificationType::bogus_type();2860}28612862// from_bt[index] contains the array signature which has a length of 22863Symbol* sig = create_temporary_symbol(2864from_bt[index], 2, CHECK_(VerificationType::bogus_type()));2865return VerificationType::reference_type(sig);2866}28672868void ClassVerifier::verify_anewarray(2869u2 bci, u2 index, constantPoolHandle cp,2870StackMapFrame* current_frame, TRAPS) {2871verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));2872current_frame->pop_stack(2873VerificationType::integer_type(), CHECK_VERIFY(this));28742875VerificationType component_type =2876cp_index_to_type(index, cp, CHECK_VERIFY(this));2877int length;2878char* arr_sig_str;2879if (component_type.is_array()) { // it's an array2880const char* component_name = component_type.name()->as_utf8();2881// add one dimension to component2882length = (int)strlen(component_name) + 1;2883arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);2884arr_sig_str[0] = '[';2885strncpy(&arr_sig_str[1], component_name, length - 1);2886} else { // it's an object or interface2887const char* component_name = component_type.name()->as_utf8();2888// add one dimension to component with 'L' prepended and ';' postpended.2889length = (int)strlen(component_name) + 3;2890arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);2891arr_sig_str[0] = '[';2892arr_sig_str[1] = 'L';2893strncpy(&arr_sig_str[2], component_name, length - 2);2894arr_sig_str[length - 1] = ';';2895}2896Symbol* arr_sig = create_temporary_symbol(2897arr_sig_str, length, CHECK_VERIFY(this));2898VerificationType new_array_type = VerificationType::reference_type(arr_sig);2899current_frame->push_stack(new_array_type, CHECK_VERIFY(this));2900}29012902void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {2903current_frame->get_local(2904index, VerificationType::integer_type(), CHECK_VERIFY(this));2905current_frame->push_stack(2906VerificationType::integer_type(), CHECK_VERIFY(this));2907}29082909void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {2910current_frame->get_local_2(2911index, VerificationType::long_type(),2912VerificationType::long2_type(), CHECK_VERIFY(this));2913current_frame->push_stack_2(2914VerificationType::long_type(),2915VerificationType::long2_type(), CHECK_VERIFY(this));2916}29172918void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {2919current_frame->get_local(2920index, VerificationType::float_type(), CHECK_VERIFY(this));2921current_frame->push_stack(2922VerificationType::float_type(), CHECK_VERIFY(this));2923}29242925void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {2926current_frame->get_local_2(2927index, VerificationType::double_type(),2928VerificationType::double2_type(), CHECK_VERIFY(this));2929current_frame->push_stack_2(2930VerificationType::double_type(),2931VerificationType::double2_type(), CHECK_VERIFY(this));2932}29332934void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {2935VerificationType type = current_frame->get_local(2936index, VerificationType::reference_check(), CHECK_VERIFY(this));2937current_frame->push_stack(type, CHECK_VERIFY(this));2938}29392940void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {2941current_frame->pop_stack(2942VerificationType::integer_type(), CHECK_VERIFY(this));2943current_frame->set_local(2944index, VerificationType::integer_type(), CHECK_VERIFY(this));2945}29462947void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {2948current_frame->pop_stack_2(2949VerificationType::long2_type(),2950VerificationType::long_type(), CHECK_VERIFY(this));2951current_frame->set_local_2(2952index, VerificationType::long_type(),2953VerificationType::long2_type(), CHECK_VERIFY(this));2954}29552956void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {2957current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));2958current_frame->set_local(2959index, VerificationType::float_type(), CHECK_VERIFY(this));2960}29612962void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {2963current_frame->pop_stack_2(2964VerificationType::double2_type(),2965VerificationType::double_type(), CHECK_VERIFY(this));2966current_frame->set_local_2(2967index, VerificationType::double_type(),2968VerificationType::double2_type(), CHECK_VERIFY(this));2969}29702971void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {2972VerificationType type = current_frame->pop_stack(2973VerificationType::reference_check(), CHECK_VERIFY(this));2974current_frame->set_local(index, type, CHECK_VERIFY(this));2975}29762977void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {2978VerificationType type = current_frame->get_local(2979index, VerificationType::integer_type(), CHECK_VERIFY(this));2980current_frame->set_local(index, type, CHECK_VERIFY(this));2981}29822983void ClassVerifier::verify_return_value(2984VerificationType return_type, VerificationType type, u2 bci,2985StackMapFrame* current_frame, TRAPS) {2986if (return_type == VerificationType::bogus_type()) {2987verify_error(ErrorContext::bad_type(bci,2988current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),2989"Method expects a return value");2990return;2991}2992bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));2993if (!match) {2994verify_error(ErrorContext::bad_type(bci,2995current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),2996"Bad return type");2997return;2998}2999}30003001// The verifier creates symbols which are substrings of Symbols.3002// These are stored in the verifier until the end of verification so that3003// they can be reference counted.3004Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,3005int end, TRAPS) {3006Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);3007_symbols->push(sym);3008return sym;3009}30103011Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {3012Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);3013_symbols->push(sym);3014return sym;3015}301630173018