Mercurial > jdk8-mips64-public > hotspot / file revision
src/share/vm/classfile/verifier.cpp@ac27a9c85bea
src/share/vm/classfile/verifier.cpp
Thu, 24 May 2018 18:41:44 +0800
- author
- aoqi
- date
- Thu, 24 May 2018 18:41:44 +0800
- changeset 8856
- ac27a9c85bea
- parent 8716
- 619700f41f8e
- parent 8604
- 04d83ba48607
- child 9122
- 024be04bb151
- permissions
- -rw-r--r--
Merge
1 /*
2 * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
25 /*
26 * This file has been modified by Loongson Technology in 2015. These
27 * modifications are Copyright (c) 2015 Loongson Technology, and are made
28 * available on the same license terms set forth above.
29 */
31 #include "precompiled.hpp"
32 #include "classfile/classFileStream.hpp"
33 #include "classfile/javaClasses.hpp"
34 #include "classfile/stackMapTable.hpp"
35 #include "classfile/stackMapFrame.hpp"
36 #include "classfile/stackMapTableFormat.hpp"
37 #include "classfile/systemDictionary.hpp"
38 #include "classfile/verifier.hpp"
39 #include "classfile/vmSymbols.hpp"
40 #include "interpreter/bytecodes.hpp"
41 #include "interpreter/bytecodeStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "oops/instanceKlass.hpp"
45 #include "oops/oop.inline.hpp"
46 #include "oops/typeArrayOop.hpp"
47 #include "prims/jvm.h"
48 #include "runtime/fieldDescriptor.hpp"
49 #include "runtime/handles.inline.hpp"
50 #include "runtime/interfaceSupport.hpp"
51 #include "runtime/javaCalls.hpp"
52 #include "runtime/orderAccess.inline.hpp"
53 #include "runtime/os.hpp"
54 #ifdef TARGET_ARCH_x86
55 # include "bytes_x86.hpp"
56 #endif
57 #ifdef TARGET_ARCH_mips
58 # include "bytes_mips.hpp"
59 #endif
60 #ifdef TARGET_ARCH_sparc
61 # include "bytes_sparc.hpp"
62 #endif
63 #ifdef TARGET_ARCH_zero
64 # include "bytes_zero.hpp"
65 #endif
66 #ifdef TARGET_ARCH_arm
67 # include "bytes_arm.hpp"
68 #endif
69 #ifdef TARGET_ARCH_ppc
70 # include "bytes_ppc.hpp"
71 #endif
73 #define NOFAILOVER_MAJOR_VERSION 51
74 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
75 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
77 // Access to external entry for VerifyClassCodes - old byte code verifier
79 extern "C" {
80 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
81 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
82 }
84 static void* volatile _verify_byte_codes_fn = NULL;
86 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
88 static void* verify_byte_codes_fn() {
89 if (_verify_byte_codes_fn == NULL) {
90 void *lib_handle = os::native_java_library();
91 void *func = os::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
92 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
93 if (func == NULL) {
94 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);
95 func = os::dll_lookup(lib_handle, "VerifyClassCodes");
96 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
97 }
98 }
99 return (void*)_verify_byte_codes_fn;
100 }
103 // Methods in Verifier
105 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
106 return (class_loader == NULL || !should_verify_class) ?
107 BytecodeVerificationLocal : BytecodeVerificationRemote;
108 }
110 bool Verifier::relax_verify_for(oop loader) {
111 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
112 bool need_verify =
113 // verifyAll
114 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
115 // verifyRemote
116 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
117 return !need_verify;
118 }
120 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, bool should_verify_class, TRAPS) {
121 HandleMark hm;
122 ResourceMark rm(THREAD);
124 Symbol* exception_name = NULL;
125 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
126 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
127 char* exception_message = message_buffer;
129 const char* klassName = klass->external_name();
130 bool can_failover = FailOverToOldVerifier &&
131 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
133 // If the class should be verified, first see if we can use the split
134 // verifier. If not, or if verification fails and FailOverToOldVerifier
135 // is set, then call the inference verifier.
136 if (is_eligible_for_verification(klass, should_verify_class)) {
137 if (TraceClassInitialization) {
138 tty->print_cr("Start class verification for: %s", klassName);
139 }
140 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
141 ClassVerifier split_verifier(klass, THREAD);
142 split_verifier.verify_class(THREAD);
143 exception_name = split_verifier.result();
144 if (can_failover && !HAS_PENDING_EXCEPTION &&
145 (exception_name == vmSymbols::java_lang_VerifyError() ||
146 exception_name == vmSymbols::java_lang_ClassFormatError())) {
147 if (TraceClassInitialization || VerboseVerification) {
148 tty->print_cr(
149 "Fail over class verification to old verifier for: %s", klassName);
150 }
151 exception_name = inference_verify(
152 klass, message_buffer, message_buffer_len, THREAD);
153 }
154 if (exception_name != NULL) {
155 exception_message = split_verifier.exception_message();
156 }
157 } else {
158 exception_name = inference_verify(
159 klass, message_buffer, message_buffer_len, THREAD);
160 }
162 if (TraceClassInitialization || VerboseVerification) {
163 if (HAS_PENDING_EXCEPTION) {
164 tty->print("Verification for %s has", klassName);
165 tty->print_cr(" exception pending %s ",
166 InstanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
167 } else if (exception_name != NULL) {
168 tty->print_cr("Verification for %s failed", klassName);
169 }
170 tty->print_cr("End class verification for: %s", klassName);
171 }
172 }
174 if (HAS_PENDING_EXCEPTION) {
175 return false; // use the existing exception
176 } else if (exception_name == NULL) {
177 return true; // verifcation succeeded
178 } else { // VerifyError or ClassFormatError to be created and thrown
179 ResourceMark rm(THREAD);
180 instanceKlassHandle kls =
181 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
182 while (!kls.is_null()) {
183 if (kls == klass) {
184 // If the class being verified is the exception we're creating
185 // or one of it's superclasses, we're in trouble and are going
186 // to infinitely recurse when we try to initialize the exception.
187 // So bail out here by throwing the preallocated VM error.
188 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
189 }
190 kls = kls->super();
191 }
192 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
193 THROW_MSG_(exception_name, exception_message, false);
194 }
195 }
197 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass, bool should_verify_class) {
198 Symbol* name = klass->name();
199 Klass* refl_magic_klass = SystemDictionary::reflect_MagicAccessorImpl_klass();
201 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
203 return (should_verify_for(klass->class_loader(), should_verify_class) &&
204 // return if the class is a bootstrapping class
205 // or defineClass specified not to verify by default (flags override passed arg)
206 // We need to skip the following four for bootstraping
207 name != vmSymbols::java_lang_Object() &&
208 name != vmSymbols::java_lang_Class() &&
209 name != vmSymbols::java_lang_String() &&
210 name != vmSymbols::java_lang_Throwable() &&
212 // Can not verify the bytecodes for shared classes because they have
213 // already been rewritten to contain constant pool cache indices,
214 // which the verifier can't understand.
215 // Shared classes shouldn't have stackmaps either.
216 !klass()->is_shared() &&
218 // As of the fix for 4486457 we disable verification for all of the
219 // dynamically-generated bytecodes associated with the 1.4
220 // reflection implementation, not just those associated with
221 // sun/reflect/SerializationConstructorAccessor.
222 // NOTE: this is called too early in the bootstrapping process to be
223 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
224 // Also for lambda generated code, gte jdk8
225 (!is_reflect || VerifyReflectionBytecodes));
226 }
228 Symbol* Verifier::inference_verify(
229 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
230 JavaThread* thread = (JavaThread*)THREAD;
231 JNIEnv *env = thread->jni_environment();
233 void* verify_func = verify_byte_codes_fn();
235 if (verify_func == NULL) {
236 jio_snprintf(message, message_len, "Could not link verifier");
237 return vmSymbols::java_lang_VerifyError();
238 }
240 ResourceMark rm(THREAD);
241 if (VerboseVerification) {
242 tty->print_cr("Verifying class %s with old format", klass->external_name());
243 }
245 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
246 jint result;
248 {
249 HandleMark hm(thread);
250 ThreadToNativeFromVM ttn(thread);
251 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
252 // code knows that we have left the VM
254 if (_is_new_verify_byte_codes_fn) {
255 verify_byte_codes_fn_new_t func =
256 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
257 result = (*func)(env, cls, message, (int)message_len,
258 klass->major_version());
259 } else {
260 verify_byte_codes_fn_t func =
261 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
262 result = (*func)(env, cls, message, (int)message_len);
263 }
264 }
266 JNIHandles::destroy_local(cls);
268 // These numbers are chosen so that VerifyClassCodes interface doesn't need
269 // to be changed (still return jboolean (unsigned char)), and result is
270 // 1 when verification is passed.
271 if (result == 0) {
272 return vmSymbols::java_lang_VerifyError();
273 } else if (result == 1) {
274 return NULL; // verified.
275 } else if (result == 2) {
276 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
277 } else if (result == 3) {
278 return vmSymbols::java_lang_ClassFormatError();
279 } else {
280 ShouldNotReachHere();
281 return NULL;
282 }
283 }
285 TypeOrigin TypeOrigin::null() {
286 return TypeOrigin();
287 }
288 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
289 assert(frame != NULL, "Must have a frame");
290 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
291 frame->local_at(index));
292 }
293 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
294 assert(frame != NULL, "Must have a frame");
295 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
296 frame->stack_at(index));
297 }
298 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
299 assert(frame != NULL, "Must have a frame");
300 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
301 frame->local_at(index));
302 }
303 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
304 assert(frame != NULL, "Must have a frame");
305 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
306 frame->stack_at(index));
307 }
308 TypeOrigin TypeOrigin::bad_index(u2 index) {
309 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
310 }
311 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
312 return TypeOrigin(CONST_POOL, index, NULL, vt);
313 }
314 TypeOrigin TypeOrigin::signature(VerificationType vt) {
315 return TypeOrigin(SIG, 0, NULL, vt);
316 }
317 TypeOrigin TypeOrigin::implicit(VerificationType t) {
318 return TypeOrigin(IMPLICIT, 0, NULL, t);
319 }
320 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
321 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
322 VerificationType::bogus_type());
323 }
325 void TypeOrigin::reset_frame() {
326 if (_frame != NULL) {
327 _frame->restore();
328 }
329 }
331 void TypeOrigin::details(outputStream* ss) const {
332 _type.print_on(ss);
333 switch (_origin) {
334 case CF_LOCALS:
335 ss->print(" (current frame, locals[%d])", _index);
336 break;
337 case CF_STACK:
338 ss->print(" (current frame, stack[%d])", _index);
339 break;
340 case SM_LOCALS:
341 ss->print(" (stack map, locals[%d])", _index);
342 break;
343 case SM_STACK:
344 ss->print(" (stack map, stack[%d])", _index);
345 break;
346 case CONST_POOL:
347 ss->print(" (constant pool %d)", _index);
348 break;
349 case SIG:
350 ss->print(" (from method signature)");
351 break;
352 case IMPLICIT:
353 case FRAME_ONLY:
354 case NONE:
355 default:
356 ;
357 }
358 }
360 #ifdef ASSERT
361 void TypeOrigin::print_on(outputStream* str) const {
362 str->print("{%d,%d,%p:", _origin, _index, _frame);
363 if (_frame != NULL) {
364 _frame->print_on(str);
365 } else {
366 str->print("null");
367 }
368 str->print(",");
369 _type.print_on(str);
370 str->print("}");
371 }
372 #endif
374 void ErrorContext::details(outputStream* ss, const Method* method) const {
375 if (is_valid()) {
376 ss->cr();
377 ss->print_cr("Exception Details:");
378 location_details(ss, method);
379 reason_details(ss);
380 frame_details(ss);
381 bytecode_details(ss, method);
382 handler_details(ss, method);
383 stackmap_details(ss, method);
384 }
385 }
387 void ErrorContext::reason_details(outputStream* ss) const {
388 streamIndentor si(ss);
389 ss->indent().print_cr("Reason:");
390 streamIndentor si2(ss);
391 ss->indent().print("%s", "");
392 switch (_fault) {
393 case INVALID_BYTECODE:
394 ss->print("Error exists in the bytecode");
395 break;
396 case WRONG_TYPE:
397 if (_expected.is_valid()) {
398 ss->print("Type ");
399 _type.details(ss);
400 ss->print(" is not assignable to ");
401 _expected.details(ss);
402 } else {
403 ss->print("Invalid type: ");
404 _type.details(ss);
405 }
406 break;
407 case FLAGS_MISMATCH:
408 if (_expected.is_valid()) {
409 ss->print("Current frame's flags are not assignable "
410 "to stack map frame's.");
411 } else {
412 ss->print("Current frame's flags are invalid in this context.");
413 }
414 break;
415 case BAD_CP_INDEX:
416 ss->print("Constant pool index %d is invalid", _type.index());
417 break;
418 case BAD_LOCAL_INDEX:
419 ss->print("Local index %d is invalid", _type.index());
420 break;
421 case LOCALS_SIZE_MISMATCH:
422 ss->print("Current frame's local size doesn't match stackmap.");
423 break;
424 case STACK_SIZE_MISMATCH:
425 ss->print("Current frame's stack size doesn't match stackmap.");
426 break;
427 case STACK_OVERFLOW:
428 ss->print("Exceeded max stack size.");
429 break;
430 case STACK_UNDERFLOW:
431 ss->print("Attempt to pop empty stack.");
432 break;
433 case MISSING_STACKMAP:
434 ss->print("Expected stackmap frame at this location.");
435 break;
436 case BAD_STACKMAP:
437 ss->print("Invalid stackmap specification.");
438 break;
439 case UNKNOWN:
440 default:
441 ShouldNotReachHere();
442 ss->print_cr("Unknown");
443 }
444 ss->cr();
445 }
447 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
448 if (_bci != -1 && method != NULL) {
449 streamIndentor si(ss);
450 const char* bytecode_name = "<invalid>";
451 if (method->validate_bci_from_bcx(_bci) != -1) {
452 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
453 if (Bytecodes::is_defined(code)) {
454 bytecode_name = Bytecodes::name(code);
455 } else {
456 bytecode_name = "<illegal>";
457 }
458 }
459 InstanceKlass* ik = method->method_holder();
460 ss->indent().print_cr("Location:");
461 streamIndentor si2(ss);
462 ss->indent().print_cr("%s.%s%s @%d: %s",
463 ik->name()->as_C_string(), method->name()->as_C_string(),
464 method->signature()->as_C_string(), _bci, bytecode_name);
465 }
466 }
468 void ErrorContext::frame_details(outputStream* ss) const {
469 streamIndentor si(ss);
470 if (_type.is_valid() && _type.frame() != NULL) {
471 ss->indent().print_cr("Current Frame:");
472 streamIndentor si2(ss);
473 _type.frame()->print_on(ss);
474 }
475 if (_expected.is_valid() && _expected.frame() != NULL) {
476 ss->indent().print_cr("Stackmap Frame:");
477 streamIndentor si2(ss);
478 _expected.frame()->print_on(ss);
479 }
480 }
482 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
483 if (method != NULL) {
484 streamIndentor si(ss);
485 ss->indent().print_cr("Bytecode:");
486 streamIndentor si2(ss);
487 ss->print_data(method->code_base(), method->code_size(), false);
488 }
489 }
491 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
492 if (method != NULL) {
493 streamIndentor si(ss);
494 ExceptionTable table(method);
495 if (table.length() > 0) {
496 ss->indent().print_cr("Exception Handler Table:");
497 streamIndentor si2(ss);
498 for (int i = 0; i < table.length(); ++i) {
499 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
500 table.end_pc(i), table.handler_pc(i));
501 }
502 }
503 }
504 }
506 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
507 if (method != NULL && method->has_stackmap_table()) {
508 streamIndentor si(ss);
509 ss->indent().print_cr("Stackmap Table:");
510 Array<u1>* data = method->stackmap_data();
511 stack_map_table* sm_table =
512 stack_map_table::at((address)data->adr_at(0));
513 stack_map_frame* sm_frame = sm_table->entries();
514 streamIndentor si2(ss);
515 int current_offset = -1;
516 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
517 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
518 ss->indent();
519 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
520 sm_frame->print_truncated(ss, current_offset);
521 return;
522 }
523 sm_frame->print_on(ss, current_offset);
524 ss->cr();
525 current_offset += sm_frame->offset_delta();
526 sm_frame = sm_frame->next();
527 }
528 }
529 }
531 // Methods in ClassVerifier
533 ClassVerifier::ClassVerifier(
534 instanceKlassHandle klass, TRAPS)
535 : _thread(THREAD), _exception_type(NULL), _message(NULL), _klass(klass) {
536 _this_type = VerificationType::reference_type(klass->name());
537 // Create list to hold symbols in reference area.
538 _symbols = new GrowableArray<Symbol*>(100, 0, NULL);
539 }
541 ClassVerifier::~ClassVerifier() {
542 // Decrement the reference count for any symbols created.
543 for (int i = 0; i < _symbols->length(); i++) {
544 Symbol* s = _symbols->at(i);
545 s->decrement_refcount();
546 }
547 }
549 VerificationType ClassVerifier::object_type() const {
550 return VerificationType::reference_type(vmSymbols::java_lang_Object());
551 }
553 TypeOrigin ClassVerifier::ref_ctx(const char* sig, TRAPS) {
554 VerificationType vt = VerificationType::reference_type(
555 create_temporary_symbol(sig, (int)strlen(sig), THREAD));
556 return TypeOrigin::implicit(vt);
557 }
559 void ClassVerifier::verify_class(TRAPS) {
560 if (VerboseVerification) {
561 tty->print_cr("Verifying class %s with new format",
562 _klass->external_name());
563 }
565 Array<Method*>* methods = _klass->methods();
566 int num_methods = methods->length();
568 for (int index = 0; index < num_methods; index++) {
569 // Check for recursive re-verification before each method.
570 if (was_recursively_verified()) return;
572 Method* m = methods->at(index);
573 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
574 // If m is native or abstract, skip it. It is checked in class file
575 // parser that methods do not override a final method. Overpass methods
576 // are trusted since the VM generates them.
577 continue;
578 }
579 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
580 }
582 if (VerboseVerification || TraceClassInitialization) {
583 if (was_recursively_verified())
584 tty->print_cr("Recursive verification detected for: %s",
585 _klass->external_name());
586 }
587 }
589 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
590 HandleMark hm(THREAD);
591 _method = m; // initialize _method
592 if (VerboseVerification) {
593 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
594 }
596 // For clang, the only good constant format string is a literal constant format string.
597 #define bad_type_msg "Bad type on operand stack in %s"
599 int32_t max_stack = m->verifier_max_stack();
600 int32_t max_locals = m->max_locals();
601 constantPoolHandle cp(THREAD, m->constants());
603 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
604 class_format_error("Invalid method signature");
605 return;
606 }
608 // Initial stack map frame: offset is 0, stack is initially empty.
609 StackMapFrame current_frame(max_locals, max_stack, this);
610 // Set initial locals
611 VerificationType return_type = current_frame.set_locals_from_arg(
612 m, current_type(), CHECK_VERIFY(this));
614 int32_t stackmap_index = 0; // index to the stackmap array
616 u4 code_length = m->code_size();
618 // Scan the bytecode and map each instruction's start offset to a number.
619 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
621 int ex_min = code_length;
622 int ex_max = -1;
623 // Look through each item on the exception table. Each of the fields must refer
624 // to a legal instruction.
625 verify_exception_handler_table(
626 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
628 // Look through each entry on the local variable table and make sure
629 // its range of code array offsets is valid. (4169817)
630 if (m->has_localvariable_table()) {
631 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
632 }
634 Array<u1>* stackmap_data = m->stackmap_data();
635 StackMapStream stream(stackmap_data);
636 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
637 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
638 code_data, code_length, CHECK_VERIFY(this));
640 if (VerboseVerification) {
641 stackmap_table.print_on(tty);
642 }
644 RawBytecodeStream bcs(m);
646 // Scan the byte code linearly from the start to the end
647 bool no_control_flow = false; // Set to true when there is no direct control
648 // flow from current instruction to the next
649 // instruction in sequence
651 Bytecodes::Code opcode;
652 while (!bcs.is_last_bytecode()) {
653 // Check for recursive re-verification before each bytecode.
654 if (was_recursively_verified()) return;
656 opcode = bcs.raw_next();
657 u2 bci = bcs.bci();
659 // Set current frame's offset to bci
660 current_frame.set_offset(bci);
661 current_frame.set_mark();
663 // Make sure every offset in stackmap table point to the beginning to
664 // an instruction. Match current_frame to stackmap_table entry with
665 // the same offset if exists.
666 stackmap_index = verify_stackmap_table(
667 stackmap_index, bci, ¤t_frame, &stackmap_table,
668 no_control_flow, CHECK_VERIFY(this));
671 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
672 bool verified_exc_handlers = false;
674 // Merge with the next instruction
675 {
676 u2 index;
677 int target;
678 VerificationType type, type2;
679 VerificationType atype;
681 #ifndef PRODUCT
682 if (VerboseVerification) {
683 current_frame.print_on(tty);
684 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
685 }
686 #endif
688 // Make sure wide instruction is in correct format
689 if (bcs.is_wide()) {
690 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
691 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
692 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
693 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
694 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
695 opcode != Bytecodes::_dstore) {
696 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
697 * if we encounter a wide instruction that modifies an invalid
698 * opcode (not one of the ones listed above) */
699 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
700 return;
701 }
702 }
704 // Look for possible jump target in exception handlers and see if it
705 // matches current_frame. Do this check here for astore*, dstore*,
706 // fstore*, istore*, and lstore* opcodes because they can change the type
707 // state by adding a local. JVM Spec says that the incoming type state
708 // should be used for this check. So, do the check here before a possible
709 // local is added to the type state.
710 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
711 verify_exception_handler_targets(
712 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
713 verified_exc_handlers = true;
714 }
716 switch (opcode) {
717 case Bytecodes::_nop :
718 no_control_flow = false; break;
719 case Bytecodes::_aconst_null :
720 current_frame.push_stack(
721 VerificationType::null_type(), CHECK_VERIFY(this));
722 no_control_flow = false; break;
723 case Bytecodes::_iconst_m1 :
724 case Bytecodes::_iconst_0 :
725 case Bytecodes::_iconst_1 :
726 case Bytecodes::_iconst_2 :
727 case Bytecodes::_iconst_3 :
728 case Bytecodes::_iconst_4 :
729 case Bytecodes::_iconst_5 :
730 current_frame.push_stack(
731 VerificationType::integer_type(), CHECK_VERIFY(this));
732 no_control_flow = false; break;
733 case Bytecodes::_lconst_0 :
734 case Bytecodes::_lconst_1 :
735 current_frame.push_stack_2(
736 VerificationType::long_type(),
737 VerificationType::long2_type(), CHECK_VERIFY(this));
738 no_control_flow = false; break;
739 case Bytecodes::_fconst_0 :
740 case Bytecodes::_fconst_1 :
741 case Bytecodes::_fconst_2 :
742 current_frame.push_stack(
743 VerificationType::float_type(), CHECK_VERIFY(this));
744 no_control_flow = false; break;
745 case Bytecodes::_dconst_0 :
746 case Bytecodes::_dconst_1 :
747 current_frame.push_stack_2(
748 VerificationType::double_type(),
749 VerificationType::double2_type(), CHECK_VERIFY(this));
750 no_control_flow = false; break;
751 case Bytecodes::_sipush :
752 case Bytecodes::_bipush :
753 current_frame.push_stack(
754 VerificationType::integer_type(), CHECK_VERIFY(this));
755 no_control_flow = false; break;
756 case Bytecodes::_ldc :
757 verify_ldc(
758 opcode, bcs.get_index_u1(), ¤t_frame,
759 cp, bci, CHECK_VERIFY(this));
760 no_control_flow = false; break;
761 case Bytecodes::_ldc_w :
762 case Bytecodes::_ldc2_w :
763 verify_ldc(
764 opcode, bcs.get_index_u2(), ¤t_frame,
765 cp, bci, CHECK_VERIFY(this));
766 no_control_flow = false; break;
767 case Bytecodes::_iload :
768 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
769 no_control_flow = false; break;
770 case Bytecodes::_iload_0 :
771 case Bytecodes::_iload_1 :
772 case Bytecodes::_iload_2 :
773 case Bytecodes::_iload_3 :
774 index = opcode - Bytecodes::_iload_0;
775 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
776 no_control_flow = false; break;
777 case Bytecodes::_lload :
778 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
779 no_control_flow = false; break;
780 case Bytecodes::_lload_0 :
781 case Bytecodes::_lload_1 :
782 case Bytecodes::_lload_2 :
783 case Bytecodes::_lload_3 :
784 index = opcode - Bytecodes::_lload_0;
785 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
786 no_control_flow = false; break;
787 case Bytecodes::_fload :
788 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
789 no_control_flow = false; break;
790 case Bytecodes::_fload_0 :
791 case Bytecodes::_fload_1 :
792 case Bytecodes::_fload_2 :
793 case Bytecodes::_fload_3 :
794 index = opcode - Bytecodes::_fload_0;
795 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
796 no_control_flow = false; break;
797 case Bytecodes::_dload :
798 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
799 no_control_flow = false; break;
800 case Bytecodes::_dload_0 :
801 case Bytecodes::_dload_1 :
802 case Bytecodes::_dload_2 :
803 case Bytecodes::_dload_3 :
804 index = opcode - Bytecodes::_dload_0;
805 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
806 no_control_flow = false; break;
807 case Bytecodes::_aload :
808 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
809 no_control_flow = false; break;
810 case Bytecodes::_aload_0 :
811 case Bytecodes::_aload_1 :
812 case Bytecodes::_aload_2 :
813 case Bytecodes::_aload_3 :
814 index = opcode - Bytecodes::_aload_0;
815 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
816 no_control_flow = false; break;
817 case Bytecodes::_iaload :
818 type = current_frame.pop_stack(
819 VerificationType::integer_type(), CHECK_VERIFY(this));
820 atype = current_frame.pop_stack(
821 VerificationType::reference_check(), CHECK_VERIFY(this));
822 if (!atype.is_int_array()) {
823 verify_error(ErrorContext::bad_type(bci,
824 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
825 bad_type_msg, "iaload");
826 return;
827 }
828 current_frame.push_stack(
829 VerificationType::integer_type(), CHECK_VERIFY(this));
830 no_control_flow = false; break;
831 case Bytecodes::_baload :
832 type = current_frame.pop_stack(
833 VerificationType::integer_type(), CHECK_VERIFY(this));
834 atype = current_frame.pop_stack(
835 VerificationType::reference_check(), CHECK_VERIFY(this));
836 if (!atype.is_bool_array() && !atype.is_byte_array()) {
837 verify_error(
838 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
839 bad_type_msg, "baload");
840 return;
841 }
842 current_frame.push_stack(
843 VerificationType::integer_type(), CHECK_VERIFY(this));
844 no_control_flow = false; break;
845 case Bytecodes::_caload :
846 type = current_frame.pop_stack(
847 VerificationType::integer_type(), CHECK_VERIFY(this));
848 atype = current_frame.pop_stack(
849 VerificationType::reference_check(), CHECK_VERIFY(this));
850 if (!atype.is_char_array()) {
851 verify_error(ErrorContext::bad_type(bci,
852 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
853 bad_type_msg, "caload");
854 return;
855 }
856 current_frame.push_stack(
857 VerificationType::integer_type(), CHECK_VERIFY(this));
858 no_control_flow = false; break;
859 case Bytecodes::_saload :
860 type = current_frame.pop_stack(
861 VerificationType::integer_type(), CHECK_VERIFY(this));
862 atype = current_frame.pop_stack(
863 VerificationType::reference_check(), CHECK_VERIFY(this));
864 if (!atype.is_short_array()) {
865 verify_error(ErrorContext::bad_type(bci,
866 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
867 bad_type_msg, "saload");
868 return;
869 }
870 current_frame.push_stack(
871 VerificationType::integer_type(), CHECK_VERIFY(this));
872 no_control_flow = false; break;
873 case Bytecodes::_laload :
874 type = current_frame.pop_stack(
875 VerificationType::integer_type(), CHECK_VERIFY(this));
876 atype = current_frame.pop_stack(
877 VerificationType::reference_check(), CHECK_VERIFY(this));
878 if (!atype.is_long_array()) {
879 verify_error(ErrorContext::bad_type(bci,
880 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
881 bad_type_msg, "laload");
882 return;
883 }
884 current_frame.push_stack_2(
885 VerificationType::long_type(),
886 VerificationType::long2_type(), CHECK_VERIFY(this));
887 no_control_flow = false; break;
888 case Bytecodes::_faload :
889 type = current_frame.pop_stack(
890 VerificationType::integer_type(), CHECK_VERIFY(this));
891 atype = current_frame.pop_stack(
892 VerificationType::reference_check(), CHECK_VERIFY(this));
893 if (!atype.is_float_array()) {
894 verify_error(ErrorContext::bad_type(bci,
895 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
896 bad_type_msg, "faload");
897 return;
898 }
899 current_frame.push_stack(
900 VerificationType::float_type(), CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_daload :
903 type = current_frame.pop_stack(
904 VerificationType::integer_type(), CHECK_VERIFY(this));
905 atype = current_frame.pop_stack(
906 VerificationType::reference_check(), CHECK_VERIFY(this));
907 if (!atype.is_double_array()) {
908 verify_error(ErrorContext::bad_type(bci,
909 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
910 bad_type_msg, "daload");
911 return;
912 }
913 current_frame.push_stack_2(
914 VerificationType::double_type(),
915 VerificationType::double2_type(), CHECK_VERIFY(this));
916 no_control_flow = false; break;
917 case Bytecodes::_aaload : {
918 type = current_frame.pop_stack(
919 VerificationType::integer_type(), CHECK_VERIFY(this));
920 atype = current_frame.pop_stack(
921 VerificationType::reference_check(), CHECK_VERIFY(this));
922 if (!atype.is_reference_array()) {
923 verify_error(ErrorContext::bad_type(bci,
924 current_frame.stack_top_ctx(),
925 TypeOrigin::implicit(VerificationType::reference_check())),
926 bad_type_msg, "aaload");
927 return;
928 }
929 if (atype.is_null()) {
930 current_frame.push_stack(
931 VerificationType::null_type(), CHECK_VERIFY(this));
932 } else {
933 VerificationType component =
934 atype.get_component(this, CHECK_VERIFY(this));
935 current_frame.push_stack(component, CHECK_VERIFY(this));
936 }
937 no_control_flow = false; break;
938 }
939 case Bytecodes::_istore :
940 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
941 no_control_flow = false; break;
942 case Bytecodes::_istore_0 :
943 case Bytecodes::_istore_1 :
944 case Bytecodes::_istore_2 :
945 case Bytecodes::_istore_3 :
946 index = opcode - Bytecodes::_istore_0;
947 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
948 no_control_flow = false; break;
949 case Bytecodes::_lstore :
950 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
951 no_control_flow = false; break;
952 case Bytecodes::_lstore_0 :
953 case Bytecodes::_lstore_1 :
954 case Bytecodes::_lstore_2 :
955 case Bytecodes::_lstore_3 :
956 index = opcode - Bytecodes::_lstore_0;
957 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
958 no_control_flow = false; break;
959 case Bytecodes::_fstore :
960 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
961 no_control_flow = false; break;
962 case Bytecodes::_fstore_0 :
963 case Bytecodes::_fstore_1 :
964 case Bytecodes::_fstore_2 :
965 case Bytecodes::_fstore_3 :
966 index = opcode - Bytecodes::_fstore_0;
967 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
968 no_control_flow = false; break;
969 case Bytecodes::_dstore :
970 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
971 no_control_flow = false; break;
972 case Bytecodes::_dstore_0 :
973 case Bytecodes::_dstore_1 :
974 case Bytecodes::_dstore_2 :
975 case Bytecodes::_dstore_3 :
976 index = opcode - Bytecodes::_dstore_0;
977 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
978 no_control_flow = false; break;
979 case Bytecodes::_astore :
980 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
981 no_control_flow = false; break;
982 case Bytecodes::_astore_0 :
983 case Bytecodes::_astore_1 :
984 case Bytecodes::_astore_2 :
985 case Bytecodes::_astore_3 :
986 index = opcode - Bytecodes::_astore_0;
987 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
988 no_control_flow = false; break;
989 case Bytecodes::_iastore :
990 type = current_frame.pop_stack(
991 VerificationType::integer_type(), CHECK_VERIFY(this));
992 type2 = current_frame.pop_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 atype = current_frame.pop_stack(
995 VerificationType::reference_check(), CHECK_VERIFY(this));
996 if (!atype.is_int_array()) {
997 verify_error(ErrorContext::bad_type(bci,
998 current_frame.stack_top_ctx(), ref_ctx("[I", THREAD)),
999 bad_type_msg, "iastore");
1000 return;
1001 }
1002 no_control_flow = false; break;
1003 case Bytecodes::_bastore :
1004 type = current_frame.pop_stack(
1005 VerificationType::integer_type(), CHECK_VERIFY(this));
1006 type2 = current_frame.pop_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 atype = current_frame.pop_stack(
1009 VerificationType::reference_check(), CHECK_VERIFY(this));
1010 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1011 verify_error(
1012 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1013 bad_type_msg, "bastore");
1014 return;
1015 }
1016 no_control_flow = false; break;
1017 case Bytecodes::_castore :
1018 current_frame.pop_stack(
1019 VerificationType::integer_type(), CHECK_VERIFY(this));
1020 current_frame.pop_stack(
1021 VerificationType::integer_type(), CHECK_VERIFY(this));
1022 atype = current_frame.pop_stack(
1023 VerificationType::reference_check(), CHECK_VERIFY(this));
1024 if (!atype.is_char_array()) {
1025 verify_error(ErrorContext::bad_type(bci,
1026 current_frame.stack_top_ctx(), ref_ctx("[C", THREAD)),
1027 bad_type_msg, "castore");
1028 return;
1029 }
1030 no_control_flow = false; break;
1031 case Bytecodes::_sastore :
1032 current_frame.pop_stack(
1033 VerificationType::integer_type(), CHECK_VERIFY(this));
1034 current_frame.pop_stack(
1035 VerificationType::integer_type(), CHECK_VERIFY(this));
1036 atype = current_frame.pop_stack(
1037 VerificationType::reference_check(), CHECK_VERIFY(this));
1038 if (!atype.is_short_array()) {
1039 verify_error(ErrorContext::bad_type(bci,
1040 current_frame.stack_top_ctx(), ref_ctx("[S", THREAD)),
1041 bad_type_msg, "sastore");
1042 return;
1043 }
1044 no_control_flow = false; break;
1045 case Bytecodes::_lastore :
1046 current_frame.pop_stack_2(
1047 VerificationType::long2_type(),
1048 VerificationType::long_type(), CHECK_VERIFY(this));
1049 current_frame.pop_stack(
1050 VerificationType::integer_type(), CHECK_VERIFY(this));
1051 atype = current_frame.pop_stack(
1052 VerificationType::reference_check(), CHECK_VERIFY(this));
1053 if (!atype.is_long_array()) {
1054 verify_error(ErrorContext::bad_type(bci,
1055 current_frame.stack_top_ctx(), ref_ctx("[J", THREAD)),
1056 bad_type_msg, "lastore");
1057 return;
1058 }
1059 no_control_flow = false; break;
1060 case Bytecodes::_fastore :
1061 current_frame.pop_stack(
1062 VerificationType::float_type(), CHECK_VERIFY(this));
1063 current_frame.pop_stack
1064 (VerificationType::integer_type(), CHECK_VERIFY(this));
1065 atype = current_frame.pop_stack(
1066 VerificationType::reference_check(), CHECK_VERIFY(this));
1067 if (!atype.is_float_array()) {
1068 verify_error(ErrorContext::bad_type(bci,
1069 current_frame.stack_top_ctx(), ref_ctx("[F", THREAD)),
1070 bad_type_msg, "fastore");
1071 return;
1072 }
1073 no_control_flow = false; break;
1074 case Bytecodes::_dastore :
1075 current_frame.pop_stack_2(
1076 VerificationType::double2_type(),
1077 VerificationType::double_type(), CHECK_VERIFY(this));
1078 current_frame.pop_stack(
1079 VerificationType::integer_type(), CHECK_VERIFY(this));
1080 atype = current_frame.pop_stack(
1081 VerificationType::reference_check(), CHECK_VERIFY(this));
1082 if (!atype.is_double_array()) {
1083 verify_error(ErrorContext::bad_type(bci,
1084 current_frame.stack_top_ctx(), ref_ctx("[D", THREAD)),
1085 bad_type_msg, "dastore");
1086 return;
1087 }
1088 no_control_flow = false; break;
1089 case Bytecodes::_aastore :
1090 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1091 type2 = current_frame.pop_stack(
1092 VerificationType::integer_type(), CHECK_VERIFY(this));
1093 atype = current_frame.pop_stack(
1094 VerificationType::reference_check(), CHECK_VERIFY(this));
1095 // more type-checking is done at runtime
1096 if (!atype.is_reference_array()) {
1097 verify_error(ErrorContext::bad_type(bci,
1098 current_frame.stack_top_ctx(),
1099 TypeOrigin::implicit(VerificationType::reference_check())),
1100 bad_type_msg, "aastore");
1101 return;
1102 }
1103 // 4938384: relaxed constraint in JVMS 3nd edition.
1104 no_control_flow = false; break;
1105 case Bytecodes::_pop :
1106 current_frame.pop_stack(
1107 VerificationType::category1_check(), CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 case Bytecodes::_pop2 :
1110 type = current_frame.pop_stack(CHECK_VERIFY(this));
1111 if (type.is_category1()) {
1112 current_frame.pop_stack(
1113 VerificationType::category1_check(), CHECK_VERIFY(this));
1114 } else if (type.is_category2_2nd()) {
1115 current_frame.pop_stack(
1116 VerificationType::category2_check(), CHECK_VERIFY(this));
1117 } else {
1118 /* Unreachable? Would need a category2_1st on TOS
1119 * which does not appear possible. */
1120 verify_error(
1121 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1122 bad_type_msg, "pop2");
1123 return;
1124 }
1125 no_control_flow = false; break;
1126 case Bytecodes::_dup :
1127 type = current_frame.pop_stack(
1128 VerificationType::category1_check(), CHECK_VERIFY(this));
1129 current_frame.push_stack(type, CHECK_VERIFY(this));
1130 current_frame.push_stack(type, CHECK_VERIFY(this));
1131 no_control_flow = false; break;
1132 case Bytecodes::_dup_x1 :
1133 type = current_frame.pop_stack(
1134 VerificationType::category1_check(), CHECK_VERIFY(this));
1135 type2 = current_frame.pop_stack(
1136 VerificationType::category1_check(), CHECK_VERIFY(this));
1137 current_frame.push_stack(type, CHECK_VERIFY(this));
1138 current_frame.push_stack(type2, CHECK_VERIFY(this));
1139 current_frame.push_stack(type, CHECK_VERIFY(this));
1140 no_control_flow = false; break;
1141 case Bytecodes::_dup_x2 :
1142 {
1143 VerificationType type3;
1144 type = current_frame.pop_stack(
1145 VerificationType::category1_check(), CHECK_VERIFY(this));
1146 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1147 if (type2.is_category1()) {
1148 type3 = current_frame.pop_stack(
1149 VerificationType::category1_check(), CHECK_VERIFY(this));
1150 } else if (type2.is_category2_2nd()) {
1151 type3 = current_frame.pop_stack(
1152 VerificationType::category2_check(), CHECK_VERIFY(this));
1153 } else {
1154 /* Unreachable? Would need a category2_1st at stack depth 2 with
1155 * a category1 on TOS which does not appear possible. */
1156 verify_error(ErrorContext::bad_type(
1157 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1158 return;
1159 }
1160 current_frame.push_stack(type, CHECK_VERIFY(this));
1161 current_frame.push_stack(type3, CHECK_VERIFY(this));
1162 current_frame.push_stack(type2, CHECK_VERIFY(this));
1163 current_frame.push_stack(type, CHECK_VERIFY(this));
1164 no_control_flow = false; break;
1165 }
1166 case Bytecodes::_dup2 :
1167 type = current_frame.pop_stack(CHECK_VERIFY(this));
1168 if (type.is_category1()) {
1169 type2 = current_frame.pop_stack(
1170 VerificationType::category1_check(), CHECK_VERIFY(this));
1171 } else if (type.is_category2_2nd()) {
1172 type2 = current_frame.pop_stack(
1173 VerificationType::category2_check(), CHECK_VERIFY(this));
1174 } else {
1175 /* Unreachable? Would need a category2_1st on TOS which does not
1176 * appear possible. */
1177 verify_error(
1178 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1179 bad_type_msg, "dup2");
1180 return;
1181 }
1182 current_frame.push_stack(type2, CHECK_VERIFY(this));
1183 current_frame.push_stack(type, CHECK_VERIFY(this));
1184 current_frame.push_stack(type2, CHECK_VERIFY(this));
1185 current_frame.push_stack(type, CHECK_VERIFY(this));
1186 no_control_flow = false; break;
1187 case Bytecodes::_dup2_x1 :
1188 {
1189 VerificationType type3;
1190 type = current_frame.pop_stack(CHECK_VERIFY(this));
1191 if (type.is_category1()) {
1192 type2 = current_frame.pop_stack(
1193 VerificationType::category1_check(), CHECK_VERIFY(this));
1194 } else if (type.is_category2_2nd()) {
1195 type2 = current_frame.pop_stack(
1196 VerificationType::category2_check(), CHECK_VERIFY(this));
1197 } else {
1198 /* Unreachable? Would need a category2_1st on TOS which does
1199 * not appear possible. */
1200 verify_error(
1201 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1202 bad_type_msg, "dup2_x1");
1203 return;
1204 }
1205 type3 = current_frame.pop_stack(
1206 VerificationType::category1_check(), CHECK_VERIFY(this));
1207 current_frame.push_stack(type2, CHECK_VERIFY(this));
1208 current_frame.push_stack(type, CHECK_VERIFY(this));
1209 current_frame.push_stack(type3, CHECK_VERIFY(this));
1210 current_frame.push_stack(type2, CHECK_VERIFY(this));
1211 current_frame.push_stack(type, CHECK_VERIFY(this));
1212 no_control_flow = false; break;
1213 }
1214 case Bytecodes::_dup2_x2 :
1215 {
1216 VerificationType type3, type4;
1217 type = current_frame.pop_stack(CHECK_VERIFY(this));
1218 if (type.is_category1()) {
1219 type2 = current_frame.pop_stack(
1220 VerificationType::category1_check(), CHECK_VERIFY(this));
1221 } else if (type.is_category2_2nd()) {
1222 type2 = current_frame.pop_stack(
1223 VerificationType::category2_check(), CHECK_VERIFY(this));
1224 } else {
1225 /* Unreachable? Would need a category2_1st on TOS which does
1226 * not appear possible. */
1227 verify_error(
1228 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1229 bad_type_msg, "dup2_x2");
1230 return;
1231 }
1232 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1233 if (type3.is_category1()) {
1234 type4 = current_frame.pop_stack(
1235 VerificationType::category1_check(), CHECK_VERIFY(this));
1236 } else if (type3.is_category2_2nd()) {
1237 type4 = current_frame.pop_stack(
1238 VerificationType::category2_check(), CHECK_VERIFY(this));
1239 } else {
1240 /* Unreachable? Would need a category2_1st on TOS after popping
1241 * a long/double or two category 1's, which does not
1242 * appear possible. */
1243 verify_error(
1244 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1245 bad_type_msg, "dup2_x2");
1246 return;
1247 }
1248 current_frame.push_stack(type2, CHECK_VERIFY(this));
1249 current_frame.push_stack(type, CHECK_VERIFY(this));
1250 current_frame.push_stack(type4, CHECK_VERIFY(this));
1251 current_frame.push_stack(type3, CHECK_VERIFY(this));
1252 current_frame.push_stack(type2, CHECK_VERIFY(this));
1253 current_frame.push_stack(type, CHECK_VERIFY(this));
1254 no_control_flow = false; break;
1255 }
1256 case Bytecodes::_swap :
1257 type = current_frame.pop_stack(
1258 VerificationType::category1_check(), CHECK_VERIFY(this));
1259 type2 = current_frame.pop_stack(
1260 VerificationType::category1_check(), CHECK_VERIFY(this));
1261 current_frame.push_stack(type, CHECK_VERIFY(this));
1262 current_frame.push_stack(type2, CHECK_VERIFY(this));
1263 no_control_flow = false; break;
1264 case Bytecodes::_iadd :
1265 case Bytecodes::_isub :
1266 case Bytecodes::_imul :
1267 case Bytecodes::_idiv :
1268 case Bytecodes::_irem :
1269 case Bytecodes::_ishl :
1270 case Bytecodes::_ishr :
1271 case Bytecodes::_iushr :
1272 case Bytecodes::_ior :
1273 case Bytecodes::_ixor :
1274 case Bytecodes::_iand :
1275 current_frame.pop_stack(
1276 VerificationType::integer_type(), CHECK_VERIFY(this));
1277 // fall through
1278 case Bytecodes::_ineg :
1279 current_frame.pop_stack(
1280 VerificationType::integer_type(), CHECK_VERIFY(this));
1281 current_frame.push_stack(
1282 VerificationType::integer_type(), CHECK_VERIFY(this));
1283 no_control_flow = false; break;
1284 case Bytecodes::_ladd :
1285 case Bytecodes::_lsub :
1286 case Bytecodes::_lmul :
1287 case Bytecodes::_ldiv :
1288 case Bytecodes::_lrem :
1289 case Bytecodes::_land :
1290 case Bytecodes::_lor :
1291 case Bytecodes::_lxor :
1292 current_frame.pop_stack_2(
1293 VerificationType::long2_type(),
1294 VerificationType::long_type(), CHECK_VERIFY(this));
1295 // fall through
1296 case Bytecodes::_lneg :
1297 current_frame.pop_stack_2(
1298 VerificationType::long2_type(),
1299 VerificationType::long_type(), CHECK_VERIFY(this));
1300 current_frame.push_stack_2(
1301 VerificationType::long_type(),
1302 VerificationType::long2_type(), CHECK_VERIFY(this));
1303 no_control_flow = false; break;
1304 case Bytecodes::_lshl :
1305 case Bytecodes::_lshr :
1306 case Bytecodes::_lushr :
1307 current_frame.pop_stack(
1308 VerificationType::integer_type(), CHECK_VERIFY(this));
1309 current_frame.pop_stack_2(
1310 VerificationType::long2_type(),
1311 VerificationType::long_type(), CHECK_VERIFY(this));
1312 current_frame.push_stack_2(
1313 VerificationType::long_type(),
1314 VerificationType::long2_type(), CHECK_VERIFY(this));
1315 no_control_flow = false; break;
1316 case Bytecodes::_fadd :
1317 case Bytecodes::_fsub :
1318 case Bytecodes::_fmul :
1319 case Bytecodes::_fdiv :
1320 case Bytecodes::_frem :
1321 current_frame.pop_stack(
1322 VerificationType::float_type(), CHECK_VERIFY(this));
1323 // fall through
1324 case Bytecodes::_fneg :
1325 current_frame.pop_stack(
1326 VerificationType::float_type(), CHECK_VERIFY(this));
1327 current_frame.push_stack(
1328 VerificationType::float_type(), CHECK_VERIFY(this));
1329 no_control_flow = false; break;
1330 case Bytecodes::_dadd :
1331 case Bytecodes::_dsub :
1332 case Bytecodes::_dmul :
1333 case Bytecodes::_ddiv :
1334 case Bytecodes::_drem :
1335 current_frame.pop_stack_2(
1336 VerificationType::double2_type(),
1337 VerificationType::double_type(), CHECK_VERIFY(this));
1338 // fall through
1339 case Bytecodes::_dneg :
1340 current_frame.pop_stack_2(
1341 VerificationType::double2_type(),
1342 VerificationType::double_type(), CHECK_VERIFY(this));
1343 current_frame.push_stack_2(
1344 VerificationType::double_type(),
1345 VerificationType::double2_type(), CHECK_VERIFY(this));
1346 no_control_flow = false; break;
1347 case Bytecodes::_iinc :
1348 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1349 no_control_flow = false; break;
1350 case Bytecodes::_i2l :
1351 type = current_frame.pop_stack(
1352 VerificationType::integer_type(), CHECK_VERIFY(this));
1353 current_frame.push_stack_2(
1354 VerificationType::long_type(),
1355 VerificationType::long2_type(), CHECK_VERIFY(this));
1356 no_control_flow = false; break;
1357 case Bytecodes::_l2i :
1358 current_frame.pop_stack_2(
1359 VerificationType::long2_type(),
1360 VerificationType::long_type(), CHECK_VERIFY(this));
1361 current_frame.push_stack(
1362 VerificationType::integer_type(), CHECK_VERIFY(this));
1363 no_control_flow = false; break;
1364 case Bytecodes::_i2f :
1365 current_frame.pop_stack(
1366 VerificationType::integer_type(), CHECK_VERIFY(this));
1367 current_frame.push_stack(
1368 VerificationType::float_type(), CHECK_VERIFY(this));
1369 no_control_flow = false; break;
1370 case Bytecodes::_i2d :
1371 current_frame.pop_stack(
1372 VerificationType::integer_type(), CHECK_VERIFY(this));
1373 current_frame.push_stack_2(
1374 VerificationType::double_type(),
1375 VerificationType::double2_type(), CHECK_VERIFY(this));
1376 no_control_flow = false; break;
1377 case Bytecodes::_l2f :
1378 current_frame.pop_stack_2(
1379 VerificationType::long2_type(),
1380 VerificationType::long_type(), CHECK_VERIFY(this));
1381 current_frame.push_stack(
1382 VerificationType::float_type(), CHECK_VERIFY(this));
1383 no_control_flow = false; break;
1384 case Bytecodes::_l2d :
1385 current_frame.pop_stack_2(
1386 VerificationType::long2_type(),
1387 VerificationType::long_type(), CHECK_VERIFY(this));
1388 current_frame.push_stack_2(
1389 VerificationType::double_type(),
1390 VerificationType::double2_type(), CHECK_VERIFY(this));
1391 no_control_flow = false; break;
1392 case Bytecodes::_f2i :
1393 current_frame.pop_stack(
1394 VerificationType::float_type(), CHECK_VERIFY(this));
1395 current_frame.push_stack(
1396 VerificationType::integer_type(), CHECK_VERIFY(this));
1397 no_control_flow = false; break;
1398 case Bytecodes::_f2l :
1399 current_frame.pop_stack(
1400 VerificationType::float_type(), CHECK_VERIFY(this));
1401 current_frame.push_stack_2(
1402 VerificationType::long_type(),
1403 VerificationType::long2_type(), CHECK_VERIFY(this));
1404 no_control_flow = false; break;
1405 case Bytecodes::_f2d :
1406 current_frame.pop_stack(
1407 VerificationType::float_type(), CHECK_VERIFY(this));
1408 current_frame.push_stack_2(
1409 VerificationType::double_type(),
1410 VerificationType::double2_type(), CHECK_VERIFY(this));
1411 no_control_flow = false; break;
1412 case Bytecodes::_d2i :
1413 current_frame.pop_stack_2(
1414 VerificationType::double2_type(),
1415 VerificationType::double_type(), CHECK_VERIFY(this));
1416 current_frame.push_stack(
1417 VerificationType::integer_type(), CHECK_VERIFY(this));
1418 no_control_flow = false; break;
1419 case Bytecodes::_d2l :
1420 current_frame.pop_stack_2(
1421 VerificationType::double2_type(),
1422 VerificationType::double_type(), CHECK_VERIFY(this));
1423 current_frame.push_stack_2(
1424 VerificationType::long_type(),
1425 VerificationType::long2_type(), CHECK_VERIFY(this));
1426 no_control_flow = false; break;
1427 case Bytecodes::_d2f :
1428 current_frame.pop_stack_2(
1429 VerificationType::double2_type(),
1430 VerificationType::double_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack(
1432 VerificationType::float_type(), CHECK_VERIFY(this));
1433 no_control_flow = false; break;
1434 case Bytecodes::_i2b :
1435 case Bytecodes::_i2c :
1436 case Bytecodes::_i2s :
1437 current_frame.pop_stack(
1438 VerificationType::integer_type(), CHECK_VERIFY(this));
1439 current_frame.push_stack(
1440 VerificationType::integer_type(), CHECK_VERIFY(this));
1441 no_control_flow = false; break;
1442 case Bytecodes::_lcmp :
1443 current_frame.pop_stack_2(
1444 VerificationType::long2_type(),
1445 VerificationType::long_type(), CHECK_VERIFY(this));
1446 current_frame.pop_stack_2(
1447 VerificationType::long2_type(),
1448 VerificationType::long_type(), CHECK_VERIFY(this));
1449 current_frame.push_stack(
1450 VerificationType::integer_type(), CHECK_VERIFY(this));
1451 no_control_flow = false; break;
1452 case Bytecodes::_fcmpl :
1453 case Bytecodes::_fcmpg :
1454 current_frame.pop_stack(
1455 VerificationType::float_type(), CHECK_VERIFY(this));
1456 current_frame.pop_stack(
1457 VerificationType::float_type(), CHECK_VERIFY(this));
1458 current_frame.push_stack(
1459 VerificationType::integer_type(), CHECK_VERIFY(this));
1460 no_control_flow = false; break;
1461 case Bytecodes::_dcmpl :
1462 case Bytecodes::_dcmpg :
1463 current_frame.pop_stack_2(
1464 VerificationType::double2_type(),
1465 VerificationType::double_type(), CHECK_VERIFY(this));
1466 current_frame.pop_stack_2(
1467 VerificationType::double2_type(),
1468 VerificationType::double_type(), CHECK_VERIFY(this));
1469 current_frame.push_stack(
1470 VerificationType::integer_type(), CHECK_VERIFY(this));
1471 no_control_flow = false; break;
1472 case Bytecodes::_if_icmpeq:
1473 case Bytecodes::_if_icmpne:
1474 case Bytecodes::_if_icmplt:
1475 case Bytecodes::_if_icmpge:
1476 case Bytecodes::_if_icmpgt:
1477 case Bytecodes::_if_icmple:
1478 current_frame.pop_stack(
1479 VerificationType::integer_type(), CHECK_VERIFY(this));
1480 // fall through
1481 case Bytecodes::_ifeq:
1482 case Bytecodes::_ifne:
1483 case Bytecodes::_iflt:
1484 case Bytecodes::_ifge:
1485 case Bytecodes::_ifgt:
1486 case Bytecodes::_ifle:
1487 current_frame.pop_stack(
1488 VerificationType::integer_type(), CHECK_VERIFY(this));
1489 target = bcs.dest();
1490 stackmap_table.check_jump_target(
1491 ¤t_frame, target, CHECK_VERIFY(this));
1492 no_control_flow = false; break;
1493 case Bytecodes::_if_acmpeq :
1494 case Bytecodes::_if_acmpne :
1495 current_frame.pop_stack(
1496 VerificationType::reference_check(), CHECK_VERIFY(this));
1497 // fall through
1498 case Bytecodes::_ifnull :
1499 case Bytecodes::_ifnonnull :
1500 current_frame.pop_stack(
1501 VerificationType::reference_check(), CHECK_VERIFY(this));
1502 target = bcs.dest();
1503 stackmap_table.check_jump_target
1504 (¤t_frame, target, CHECK_VERIFY(this));
1505 no_control_flow = false; break;
1506 case Bytecodes::_goto :
1507 target = bcs.dest();
1508 stackmap_table.check_jump_target(
1509 ¤t_frame, target, CHECK_VERIFY(this));
1510 no_control_flow = true; break;
1511 case Bytecodes::_goto_w :
1512 target = bcs.dest_w();
1513 stackmap_table.check_jump_target(
1514 ¤t_frame, target, CHECK_VERIFY(this));
1515 no_control_flow = true; break;
1516 case Bytecodes::_tableswitch :
1517 case Bytecodes::_lookupswitch :
1518 verify_switch(
1519 &bcs, code_length, code_data, ¤t_frame,
1520 &stackmap_table, CHECK_VERIFY(this));
1521 no_control_flow = true; break;
1522 case Bytecodes::_ireturn :
1523 type = current_frame.pop_stack(
1524 VerificationType::integer_type(), CHECK_VERIFY(this));
1525 verify_return_value(return_type, type, bci,
1526 ¤t_frame, CHECK_VERIFY(this));
1527 no_control_flow = true; break;
1528 case Bytecodes::_lreturn :
1529 type2 = current_frame.pop_stack(
1530 VerificationType::long2_type(), CHECK_VERIFY(this));
1531 type = current_frame.pop_stack(
1532 VerificationType::long_type(), CHECK_VERIFY(this));
1533 verify_return_value(return_type, type, bci,
1534 ¤t_frame, CHECK_VERIFY(this));
1535 no_control_flow = true; break;
1536 case Bytecodes::_freturn :
1537 type = current_frame.pop_stack(
1538 VerificationType::float_type(), CHECK_VERIFY(this));
1539 verify_return_value(return_type, type, bci,
1540 ¤t_frame, CHECK_VERIFY(this));
1541 no_control_flow = true; break;
1542 case Bytecodes::_dreturn :
1543 type2 = current_frame.pop_stack(
1544 VerificationType::double2_type(), CHECK_VERIFY(this));
1545 type = current_frame.pop_stack(
1546 VerificationType::double_type(), CHECK_VERIFY(this));
1547 verify_return_value(return_type, type, bci,
1548 ¤t_frame, CHECK_VERIFY(this));
1549 no_control_flow = true; break;
1550 case Bytecodes::_areturn :
1551 type = current_frame.pop_stack(
1552 VerificationType::reference_check(), CHECK_VERIFY(this));
1553 verify_return_value(return_type, type, bci,
1554 ¤t_frame, CHECK_VERIFY(this));
1555 no_control_flow = true; break;
1556 case Bytecodes::_return :
1557 if (return_type != VerificationType::bogus_type()) {
1558 verify_error(ErrorContext::bad_code(bci),
1559 "Method expects a return value");
1560 return;
1561 }
1562 // Make sure "this" has been initialized if current method is an
1563 // <init>
1564 if (_method->name() == vmSymbols::object_initializer_name() &&
1565 current_frame.flag_this_uninit()) {
1566 verify_error(ErrorContext::bad_code(bci),
1567 "Constructor must call super() or this() "
1568 "before return");
1569 return;
1570 }
1571 no_control_flow = true; break;
1572 case Bytecodes::_getstatic :
1573 case Bytecodes::_putstatic :
1574 case Bytecodes::_getfield :
1575 case Bytecodes::_putfield :
1576 verify_field_instructions(
1577 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1578 no_control_flow = false; break;
1579 case Bytecodes::_invokevirtual :
1580 case Bytecodes::_invokespecial :
1581 case Bytecodes::_invokestatic :
1582 verify_invoke_instructions(
1583 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1584 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1585 no_control_flow = false; break;
1586 case Bytecodes::_invokeinterface :
1587 case Bytecodes::_invokedynamic :
1588 verify_invoke_instructions(
1589 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1590 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1591 no_control_flow = false; break;
1592 case Bytecodes::_new :
1593 {
1594 index = bcs.get_index_u2();
1595 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1596 VerificationType new_class_type =
1597 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1598 if (!new_class_type.is_object()) {
1599 verify_error(ErrorContext::bad_type(bci,
1600 TypeOrigin::cp(index, new_class_type)),
1601 "Illegal new instruction");
1602 return;
1603 }
1604 type = VerificationType::uninitialized_type(bci);
1605 current_frame.push_stack(type, CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 }
1608 case Bytecodes::_newarray :
1609 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1610 current_frame.pop_stack(
1611 VerificationType::integer_type(), CHECK_VERIFY(this));
1612 current_frame.push_stack(type, CHECK_VERIFY(this));
1613 no_control_flow = false; break;
1614 case Bytecodes::_anewarray :
1615 verify_anewarray(
1616 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1617 no_control_flow = false; break;
1618 case Bytecodes::_arraylength :
1619 type = current_frame.pop_stack(
1620 VerificationType::reference_check(), CHECK_VERIFY(this));
1621 if (!(type.is_null() || type.is_array())) {
1622 verify_error(ErrorContext::bad_type(
1623 bci, current_frame.stack_top_ctx()),
1624 bad_type_msg, "arraylength");
1625 }
1626 current_frame.push_stack(
1627 VerificationType::integer_type(), CHECK_VERIFY(this));
1628 no_control_flow = false; break;
1629 case Bytecodes::_checkcast :
1630 {
1631 index = bcs.get_index_u2();
1632 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1633 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1634 VerificationType klass_type = cp_index_to_type(
1635 index, cp, CHECK_VERIFY(this));
1636 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1637 no_control_flow = false; break;
1638 }
1639 case Bytecodes::_instanceof : {
1640 index = bcs.get_index_u2();
1641 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1642 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1643 current_frame.push_stack(
1644 VerificationType::integer_type(), CHECK_VERIFY(this));
1645 no_control_flow = false; break;
1646 }
1647 case Bytecodes::_monitorenter :
1648 case Bytecodes::_monitorexit :
1649 current_frame.pop_stack(
1650 VerificationType::reference_check(), CHECK_VERIFY(this));
1651 no_control_flow = false; break;
1652 case Bytecodes::_multianewarray :
1653 {
1654 index = bcs.get_index_u2();
1655 u2 dim = *(bcs.bcp()+3);
1656 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1657 VerificationType new_array_type =
1658 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1659 if (!new_array_type.is_array()) {
1660 verify_error(ErrorContext::bad_type(bci,
1661 TypeOrigin::cp(index, new_array_type)),
1662 "Illegal constant pool index in multianewarray instruction");
1663 return;
1664 }
1665 if (dim < 1 || new_array_type.dimensions() < dim) {
1666 verify_error(ErrorContext::bad_code(bci),
1667 "Illegal dimension in multianewarray instruction: %d", dim);
1668 return;
1669 }
1670 for (int i = 0; i < dim; i++) {
1671 current_frame.pop_stack(
1672 VerificationType::integer_type(), CHECK_VERIFY(this));
1673 }
1674 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1675 no_control_flow = false; break;
1676 }
1677 case Bytecodes::_athrow :
1678 type = VerificationType::reference_type(
1679 vmSymbols::java_lang_Throwable());
1680 current_frame.pop_stack(type, CHECK_VERIFY(this));
1681 no_control_flow = true; break;
1682 default:
1683 // We only need to check the valid bytecodes in class file.
1684 // And jsr and ret are not in the new class file format in JDK1.5.
1685 verify_error(ErrorContext::bad_code(bci),
1686 "Bad instruction: %02x", opcode);
1687 no_control_flow = false;
1688 return;
1689 } // end switch
1690 } // end Merge with the next instruction
1692 // Look for possible jump target in exception handlers and see if it matches
1693 // current_frame. Don't do this check if it has already been done (for
1694 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1695 // opcodes, such as invokespecial, may set the this_uninit flag.
1696 assert(!(verified_exc_handlers && this_uninit),
1697 "Exception handler targets got verified before this_uninit got set");
1698 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1699 verify_exception_handler_targets(
1700 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1701 }
1702 } // end while
1704 // Make sure that control flow does not fall through end of the method
1705 if (!no_control_flow) {
1706 verify_error(ErrorContext::bad_code(code_length),
1707 "Control flow falls through code end");
1708 return;
1709 }
1710 }
1712 #undef bad_type_message
1714 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1715 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1716 memset(code_data, 0, sizeof(char) * code_length);
1717 RawBytecodeStream bcs(m);
1719 while (!bcs.is_last_bytecode()) {
1720 if (bcs.raw_next() != Bytecodes::_illegal) {
1721 int bci = bcs.bci();
1722 if (bcs.raw_code() == Bytecodes::_new) {
1723 code_data[bci] = NEW_OFFSET;
1724 } else {
1725 code_data[bci] = BYTECODE_OFFSET;
1726 }
1727 } else {
1728 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1729 return NULL;
1730 }
1731 }
1733 return code_data;
1734 }
1736 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1737 ExceptionTable exhandlers(_method());
1738 int exlength = exhandlers.length();
1739 constantPoolHandle cp (THREAD, _method->constants());
1741 for(int i = 0; i < exlength; i++) {
1742 //reacquire the table in case a GC happened
1743 ExceptionTable exhandlers(_method());
1744 u2 start_pc = exhandlers.start_pc(i);
1745 u2 end_pc = exhandlers.end_pc(i);
1746 u2 handler_pc = exhandlers.handler_pc(i);
1747 if (start_pc >= code_length || code_data[start_pc] == 0) {
1748 class_format_error("Illegal exception table start_pc %d", start_pc);
1749 return;
1750 }
1751 if (end_pc != code_length) { // special case: end_pc == code_length
1752 if (end_pc > code_length || code_data[end_pc] == 0) {
1753 class_format_error("Illegal exception table end_pc %d", end_pc);
1754 return;
1755 }
1756 }
1757 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1758 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1759 return;
1760 }
1761 int catch_type_index = exhandlers.catch_type_index(i);
1762 if (catch_type_index != 0) {
1763 VerificationType catch_type = cp_index_to_type(
1764 catch_type_index, cp, CHECK_VERIFY(this));
1765 VerificationType throwable =
1766 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1767 bool is_subclass = throwable.is_assignable_from(
1768 catch_type, this, false, CHECK_VERIFY(this));
1769 if (!is_subclass) {
1770 // 4286534: should throw VerifyError according to recent spec change
1771 verify_error(ErrorContext::bad_type(handler_pc,
1772 TypeOrigin::cp(catch_type_index, catch_type),
1773 TypeOrigin::implicit(throwable)),
1774 "Catch type is not a subclass "
1775 "of Throwable in exception handler %d", handler_pc);
1776 return;
1777 }
1778 }
1779 if (start_pc < min) min = start_pc;
1780 if (end_pc > max) max = end_pc;
1781 }
1782 }
1784 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1785 int localvariable_table_length = _method()->localvariable_table_length();
1786 if (localvariable_table_length > 0) {
1787 LocalVariableTableElement* table = _method()->localvariable_table_start();
1788 for (int i = 0; i < localvariable_table_length; i++) {
1789 u2 start_bci = table[i].start_bci;
1790 u2 length = table[i].length;
1792 if (start_bci >= code_length || code_data[start_bci] == 0) {
1793 class_format_error(
1794 "Illegal local variable table start_pc %d", start_bci);
1795 return;
1796 }
1797 u4 end_bci = (u4)(start_bci + length);
1798 if (end_bci != code_length) {
1799 if (end_bci >= code_length || code_data[end_bci] == 0) {
1800 class_format_error( "Illegal local variable table length %d", length);
1801 return;
1802 }
1803 }
1804 }
1805 }
1806 }
1808 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1809 StackMapFrame* current_frame,
1810 StackMapTable* stackmap_table,
1811 bool no_control_flow, TRAPS) {
1812 if (stackmap_index < stackmap_table->get_frame_count()) {
1813 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1814 if (no_control_flow && this_offset > bci) {
1815 verify_error(ErrorContext::missing_stackmap(bci),
1816 "Expecting a stack map frame");
1817 return 0;
1818 }
1819 if (this_offset == bci) {
1820 ErrorContext ctx;
1821 // See if current stack map can be assigned to the frame in table.
1822 // current_frame is the stackmap frame got from the last instruction.
1823 // If matched, current_frame will be updated by this method.
1824 bool matches = stackmap_table->match_stackmap(
1825 current_frame, this_offset, stackmap_index,
1826 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1827 if (!matches) {
1828 // report type error
1829 verify_error(ctx, "Instruction type does not match stack map");
1830 return 0;
1831 }
1832 stackmap_index++;
1833 } else if (this_offset < bci) {
1834 // current_offset should have met this_offset.
1835 class_format_error("Bad stack map offset %d", this_offset);
1836 return 0;
1837 }
1838 } else if (no_control_flow) {
1839 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1840 return 0;
1841 }
1842 return stackmap_index;
1843 }
1845 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1846 StackMapTable* stackmap_table, TRAPS) {
1847 constantPoolHandle cp (THREAD, _method->constants());
1848 ExceptionTable exhandlers(_method());
1849 int exlength = exhandlers.length();
1850 for(int i = 0; i < exlength; i++) {
1851 //reacquire the table in case a GC happened
1852 ExceptionTable exhandlers(_method());
1853 u2 start_pc = exhandlers.start_pc(i);
1854 u2 end_pc = exhandlers.end_pc(i);
1855 u2 handler_pc = exhandlers.handler_pc(i);
1856 int catch_type_index = exhandlers.catch_type_index(i);
1857 if(bci >= start_pc && bci < end_pc) {
1858 u1 flags = current_frame->flags();
1859 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1860 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1861 if (catch_type_index != 0) {
1862 // We know that this index refers to a subclass of Throwable
1863 VerificationType catch_type = cp_index_to_type(
1864 catch_type_index, cp, CHECK_VERIFY(this));
1865 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1866 } else {
1867 VerificationType throwable =
1868 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1869 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1870 }
1871 ErrorContext ctx;
1872 bool matches = stackmap_table->match_stackmap(
1873 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
1874 if (!matches) {
1875 verify_error(ctx, "Stack map does not match the one at "
1876 "exception handler %d", handler_pc);
1877 return;
1878 }
1879 }
1880 }
1881 }
1883 void ClassVerifier::verify_cp_index(
1884 u2 bci, constantPoolHandle cp, int index, TRAPS) {
1885 int nconstants = cp->length();
1886 if ((index <= 0) || (index >= nconstants)) {
1887 verify_error(ErrorContext::bad_cp_index(bci, index),
1888 "Illegal constant pool index %d in class %s",
1889 index, cp->pool_holder()->external_name());
1890 return;
1891 }
1892 }
1894 void ClassVerifier::verify_cp_type(
1895 u2 bci, int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1897 // In some situations, bytecode rewriting may occur while we're verifying.
1898 // In this case, a constant pool cache exists and some indices refer to that
1899 // instead. Be sure we don't pick up such indices by accident.
1900 // We must check was_recursively_verified() before we get here.
1901 guarantee(cp->cache() == NULL, "not rewritten yet");
1903 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1904 unsigned int tag = cp->tag_at(index).value();
1905 if ((types & (1 << tag)) == 0) {
1906 verify_error(ErrorContext::bad_cp_index(bci, index),
1907 "Illegal type at constant pool entry %d in class %s",
1908 index, cp->pool_holder()->external_name());
1909 return;
1910 }
1911 }
1913 void ClassVerifier::verify_cp_class_type(
1914 u2 bci, int index, constantPoolHandle cp, TRAPS) {
1915 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
1916 constantTag tag = cp->tag_at(index);
1917 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1918 verify_error(ErrorContext::bad_cp_index(bci, index),
1919 "Illegal type at constant pool entry %d in class %s",
1920 index, cp->pool_holder()->external_name());
1921 return;
1922 }
1923 }
1925 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
1926 stringStream ss;
1928 ctx.reset_frames();
1929 _exception_type = vmSymbols::java_lang_VerifyError();
1930 _error_context = ctx;
1931 va_list va;
1932 va_start(va, msg);
1933 ss.vprint(msg, va);
1934 va_end(va);
1935 _message = ss.as_string();
1936 #ifdef ASSERT
1937 ResourceMark rm;
1938 const char* exception_name = _exception_type->as_C_string();
1939 Exceptions::debug_check_abort(exception_name, NULL);
1940 #endif // ndef ASSERT
1941 }
1943 void ClassVerifier::class_format_error(const char* msg, ...) {
1944 stringStream ss;
1945 _exception_type = vmSymbols::java_lang_ClassFormatError();
1946 va_list va;
1947 va_start(va, msg);
1948 ss.vprint(msg, va);
1949 va_end(va);
1950 if (!_method.is_null()) {
1951 ss.print(" in method %s", _method->name_and_sig_as_C_string());
1952 }
1953 _message = ss.as_string();
1954 }
1956 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
1957 // Get current loader and protection domain first.
1958 oop loader = current_class()->class_loader();
1959 oop protection_domain = current_class()->protection_domain();
1961 return SystemDictionary::resolve_or_fail(
1962 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1963 true, CHECK_NULL);
1964 }
1966 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1967 Klass* target_class,
1968 Symbol* field_name,
1969 Symbol* field_sig,
1970 bool is_method) {
1971 No_Safepoint_Verifier nosafepoint;
1973 // If target class isn't a super class of this class, we don't worry about this case
1974 if (!this_class->is_subclass_of(target_class)) {
1975 return false;
1976 }
1977 // Check if the specified method or field is protected
1978 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
1979 fieldDescriptor fd;
1980 if (is_method) {
1981 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::find_overpass);
1982 if (m != NULL && m->is_protected()) {
1983 if (!this_class->is_same_class_package(m->method_holder())) {
1984 return true;
1985 }
1986 }
1987 } else {
1988 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
1989 if (member_klass != NULL && fd.is_protected()) {
1990 if (!this_class->is_same_class_package(member_klass)) {
1991 return true;
1992 }
1993 }
1994 }
1995 return false;
1996 }
1998 void ClassVerifier::verify_ldc(
1999 int opcode, u2 index, StackMapFrame* current_frame,
2000 constantPoolHandle cp, u2 bci, TRAPS) {
2001 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2002 constantTag tag = cp->tag_at(index);
2003 unsigned int types;
2004 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2005 if (!tag.is_unresolved_klass()) {
2006 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2007 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2008 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType);
2009 // Note: The class file parser already verified the legality of
2010 // MethodHandle and MethodType constants.
2011 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2012 }
2013 } else {
2014 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2015 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
2016 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2017 }
2018 if (tag.is_string() && cp->is_pseudo_string_at(index)) {
2019 current_frame->push_stack(object_type(), CHECK_VERIFY(this));
2020 } else if (tag.is_string()) {
2021 current_frame->push_stack(
2022 VerificationType::reference_type(
2023 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2024 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2025 current_frame->push_stack(
2026 VerificationType::reference_type(
2027 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2028 } else if (tag.is_int()) {
2029 current_frame->push_stack(
2030 VerificationType::integer_type(), CHECK_VERIFY(this));
2031 } else if (tag.is_float()) {
2032 current_frame->push_stack(
2033 VerificationType::float_type(), CHECK_VERIFY(this));
2034 } else if (tag.is_double()) {
2035 current_frame->push_stack_2(
2036 VerificationType::double_type(),
2037 VerificationType::double2_type(), CHECK_VERIFY(this));
2038 } else if (tag.is_long()) {
2039 current_frame->push_stack_2(
2040 VerificationType::long_type(),
2041 VerificationType::long2_type(), CHECK_VERIFY(this));
2042 } else if (tag.is_method_handle()) {
2043 current_frame->push_stack(
2044 VerificationType::reference_type(
2045 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2046 } else if (tag.is_method_type()) {
2047 current_frame->push_stack(
2048 VerificationType::reference_type(
2049 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2050 } else {
2051 /* Unreachable? verify_cp_type has already validated the cp type. */
2052 verify_error(
2053 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2054 return;
2055 }
2056 }
2058 void ClassVerifier::verify_switch(
2059 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2060 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2061 int bci = bcs->bci();
2062 address bcp = bcs->bcp();
2063 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
2065 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2066 // 4639449 & 4647081: padding bytes must be 0
2067 u2 padding_offset = 1;
2068 while ((bcp + padding_offset) < aligned_bcp) {
2069 if(*(bcp + padding_offset) != 0) {
2070 verify_error(ErrorContext::bad_code(bci),
2071 "Nonzero padding byte in lookswitch or tableswitch");
2072 return;
2073 }
2074 padding_offset++;
2075 }
2076 }
2078 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2079 int keys, delta;
2080 current_frame->pop_stack(
2081 VerificationType::integer_type(), CHECK_VERIFY(this));
2082 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2083 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2084 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2085 if (low > high) {
2086 verify_error(ErrorContext::bad_code(bci),
2087 "low must be less than or equal to high in tableswitch");
2088 return;
2089 }
2090 keys = high - low + 1;
2091 if (keys < 0) {
2092 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2093 return;
2094 }
2095 delta = 1;
2096 } else {
2097 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2098 if (keys < 0) {
2099 verify_error(ErrorContext::bad_code(bci),
2100 "number of keys in lookupswitch less than 0");
2101 return;
2102 }
2103 delta = 2;
2104 // Make sure that the lookupswitch items are sorted
2105 for (int i = 0; i < (keys - 1); i++) {
2106 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2107 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2108 if (this_key >= next_key) {
2109 verify_error(ErrorContext::bad_code(bci),
2110 "Bad lookupswitch instruction");
2111 return;
2112 }
2113 }
2114 }
2115 int target = bci + default_offset;
2116 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2117 for (int i = 0; i < keys; i++) {
2118 // Because check_jump_target() may safepoint, the bytecode could have
2119 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2120 aligned_bcp = (address)round_to((intptr_t)(bcs->bcp() + 1), jintSize);
2121 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2122 stackmap_table->check_jump_target(
2123 current_frame, target, CHECK_VERIFY(this));
2124 }
2125 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2126 }
2128 bool ClassVerifier::name_in_supers(
2129 Symbol* ref_name, instanceKlassHandle current) {
2130 Klass* super = current->super();
2131 while (super != NULL) {
2132 if (super->name() == ref_name) {
2133 return true;
2134 }
2135 super = super->super();
2136 }
2137 return false;
2138 }
2140 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2141 StackMapFrame* current_frame,
2142 constantPoolHandle cp,
2143 TRAPS) {
2144 u2 index = bcs->get_index_u2();
2145 verify_cp_type(bcs->bci(), index, cp,
2146 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2148 // Get field name and signature
2149 Symbol* field_name = cp->name_ref_at(index);
2150 Symbol* field_sig = cp->signature_ref_at(index);
2152 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
2153 class_format_error(
2154 "Invalid signature for field in class %s referenced "
2155 "from constant pool index %d", _klass->external_name(), index);
2156 return;
2157 }
2159 // Get referenced class type
2160 VerificationType ref_class_type = cp_ref_index_to_type(
2161 index, cp, CHECK_VERIFY(this));
2162 if (!ref_class_type.is_object()) {
2163 /* Unreachable? Class file parser verifies Fieldref contents */
2164 verify_error(ErrorContext::bad_type(bcs->bci(),
2165 TypeOrigin::cp(index, ref_class_type)),
2166 "Expecting reference to class in class %s at constant pool index %d",
2167 _klass->external_name(), index);
2168 return;
2169 }
2170 VerificationType target_class_type = ref_class_type;
2172 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2173 "buffer type must match VerificationType size");
2174 uintptr_t field_type_buffer[2];
2175 VerificationType* field_type = (VerificationType*)field_type_buffer;
2176 // If we make a VerificationType[2] array directly, the compiler calls
2177 // to the c-runtime library to do the allocation instead of just
2178 // stack allocating it. Plus it would run constructors. This shows up
2179 // in performance profiles.
2181 SignatureStream sig_stream(field_sig, false);
2182 VerificationType stack_object_type;
2183 int n = change_sig_to_verificationType(
2184 &sig_stream, field_type, CHECK_VERIFY(this));
2185 u2 bci = bcs->bci();
2186 bool is_assignable;
2187 switch (bcs->raw_code()) {
2188 case Bytecodes::_getstatic: {
2189 for (int i = 0; i < n; i++) {
2190 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2191 }
2192 break;
2193 }
2194 case Bytecodes::_putstatic: {
2195 for (int i = n - 1; i >= 0; i--) {
2196 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2197 }
2198 break;
2199 }
2200 case Bytecodes::_getfield: {
2201 stack_object_type = current_frame->pop_stack(
2202 target_class_type, CHECK_VERIFY(this));
2203 for (int i = 0; i < n; i++) {
2204 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2205 }
2206 goto check_protected;
2207 }
2208 case Bytecodes::_putfield: {
2209 for (int i = n - 1; i >= 0; i--) {
2210 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2211 }
2212 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2214 // The JVMS 2nd edition allows field initialization before the superclass
2215 // initializer, if the field is defined within the current class.
2216 fieldDescriptor fd;
2217 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2218 target_class_type.equals(current_type()) &&
2219 _klass->find_local_field(field_name, field_sig, &fd)) {
2220 stack_object_type = current_type();
2221 }
2222 is_assignable = target_class_type.is_assignable_from(
2223 stack_object_type, this, false, CHECK_VERIFY(this));
2224 if (!is_assignable) {
2225 verify_error(ErrorContext::bad_type(bci,
2226 current_frame->stack_top_ctx(),
2227 TypeOrigin::cp(index, target_class_type)),
2228 "Bad type on operand stack in putfield");
2229 return;
2230 }
2231 }
2232 check_protected: {
2233 if (_this_type == stack_object_type)
2234 break; // stack_object_type must be assignable to _current_class_type
2235 Symbol* ref_class_name =
2236 cp->klass_name_at(cp->klass_ref_index_at(index));
2237 if (!name_in_supers(ref_class_name, current_class()))
2238 // stack_object_type must be assignable to _current_class_type since:
2239 // 1. stack_object_type must be assignable to ref_class.
2240 // 2. ref_class must be _current_class or a subclass of it. It can't
2241 // be a superclass of it. See revised JVMS 5.4.4.
2242 break;
2244 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2245 if (is_protected_access(current_class(), ref_class_oop, field_name,
2246 field_sig, false)) {
2247 // It's protected access, check if stack object is assignable to
2248 // current class.
2249 is_assignable = current_type().is_assignable_from(
2250 stack_object_type, this, true, CHECK_VERIFY(this));
2251 if (!is_assignable) {
2252 verify_error(ErrorContext::bad_type(bci,
2253 current_frame->stack_top_ctx(),
2254 TypeOrigin::implicit(current_type())),
2255 "Bad access to protected data in getfield");
2256 return;
2257 }
2258 }
2259 break;
2260 }
2261 default: ShouldNotReachHere();
2262 }
2263 }
2265 // Look at the method's handlers. If the bci is in the handler's try block
2266 // then check if the handler_pc is already on the stack. If not, push it
2267 // unless the handler has already been scanned.
2268 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2269 GrowableArray<u4>* handler_list,
2270 GrowableArray<u4>* handler_stack,
2271 u4 bci) {
2272 int exlength = exhandlers->length();
2273 for(int x = 0; x < exlength; x++) {
2274 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2275 u4 exhandler_pc = exhandlers->handler_pc(x);
2276 if (!handler_list->contains(exhandler_pc)) {
2277 handler_stack->append_if_missing(exhandler_pc);
2278 handler_list->append(exhandler_pc);
2279 }
2280 }
2281 }
2282 }
2284 // Return TRUE if all code paths starting with start_bc_offset end in
2285 // bytecode athrow or loop.
2286 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2287 ResourceMark rm;
2288 // Create bytecode stream.
2289 RawBytecodeStream bcs(method());
2290 u4 code_length = method()->code_size();
2291 bcs.set_start(start_bc_offset);
2292 u4 target;
2293 // Create stack for storing bytecode start offsets for if* and *switch.
2294 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2295 // Create stack for handlers for try blocks containing this handler.
2296 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2297 // Create list of handlers that have been pushed onto the handler_stack
2298 // so that handlers embedded inside of their own TRY blocks only get
2299 // scanned once.
2300 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2301 // Create list of visited branch opcodes (goto* and if*).
2302 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2303 ExceptionTable exhandlers(_method());
2305 while (true) {
2306 if (bcs.is_last_bytecode()) {
2307 // if no more starting offsets to parse or if at the end of the
2308 // method then return false.
2309 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2310 return false;
2311 // Pop a bytecode starting offset and scan from there.
2312 bcs.set_start(bci_stack->pop());
2313 }
2314 Bytecodes::Code opcode = bcs.raw_next();
2315 u4 bci = bcs.bci();
2317 // If the bytecode is in a TRY block, push its handlers so they
2318 // will get parsed.
2319 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2321 switch (opcode) {
2322 case Bytecodes::_if_icmpeq:
2323 case Bytecodes::_if_icmpne:
2324 case Bytecodes::_if_icmplt:
2325 case Bytecodes::_if_icmpge:
2326 case Bytecodes::_if_icmpgt:
2327 case Bytecodes::_if_icmple:
2328 case Bytecodes::_ifeq:
2329 case Bytecodes::_ifne:
2330 case Bytecodes::_iflt:
2331 case Bytecodes::_ifge:
2332 case Bytecodes::_ifgt:
2333 case Bytecodes::_ifle:
2334 case Bytecodes::_if_acmpeq:
2335 case Bytecodes::_if_acmpne:
2336 case Bytecodes::_ifnull:
2337 case Bytecodes::_ifnonnull:
2338 target = bcs.dest();
2339 if (visited_branches->contains(bci)) {
2340 if (bci_stack->is_empty()) {
2341 if (handler_stack->is_empty()) {
2342 return true;
2343 } else {
2344 // Parse the catch handlers for try blocks containing athrow.
2345 bcs.set_start(handler_stack->pop());
2346 }
2347 } else {
2348 // Pop a bytecode starting offset and scan from there.
2349 bcs.set_start(bci_stack->pop());
2350 }
2351 } else {
2352 if (target > bci) { // forward branch
2353 if (target >= code_length) return false;
2354 // Push the branch target onto the stack.
2355 bci_stack->push(target);
2356 // then, scan bytecodes starting with next.
2357 bcs.set_start(bcs.next_bci());
2358 } else { // backward branch
2359 // Push bytecode offset following backward branch onto the stack.
2360 bci_stack->push(bcs.next_bci());
2361 // Check bytecodes starting with branch target.
2362 bcs.set_start(target);
2363 }
2364 // Record target so we don't branch here again.
2365 visited_branches->append(bci);
2366 }
2367 break;
2369 case Bytecodes::_goto:
2370 case Bytecodes::_goto_w:
2371 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2372 if (visited_branches->contains(bci)) {
2373 if (bci_stack->is_empty()) {
2374 if (handler_stack->is_empty()) {
2375 return true;
2376 } else {
2377 // Parse the catch handlers for try blocks containing athrow.
2378 bcs.set_start(handler_stack->pop());
2379 }
2380 } else {
2381 // Been here before, pop new starting offset from stack.
2382 bcs.set_start(bci_stack->pop());
2383 }
2384 } else {
2385 if (target >= code_length) return false;
2386 // Continue scanning from the target onward.
2387 bcs.set_start(target);
2388 // Record target so we don't branch here again.
2389 visited_branches->append(bci);
2390 }
2391 break;
2393 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2394 // is difficult to determine where each switch alternative ends, parse
2395 // each switch alternative until either hit a 'return', 'athrow', or reach
2396 // the end of the method's bytecodes. This is gross but should be okay
2397 // because:
2398 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2399 // constructor invocations should be rare.
2400 // 2. if each switch alternative ends in an athrow then the parsing should be
2401 // short. If there is no athrow then it is bogus code, anyway.
2402 case Bytecodes::_lookupswitch:
2403 case Bytecodes::_tableswitch:
2404 {
2405 address aligned_bcp = (address) round_to((intptr_t)(bcs.bcp() + 1), jintSize);
2406 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2407 int keys, delta;
2408 if (opcode == Bytecodes::_tableswitch) {
2409 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2410 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2411 // This is invalid, but let the regular bytecode verifier
2412 // report this because the user will get a better error message.
2413 if (low > high) return true;
2414 keys = high - low + 1;
2415 delta = 1;
2416 } else {
2417 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2418 delta = 2;
2419 }
2420 // Invalid, let the regular bytecode verifier deal with it.
2421 if (keys < 0) return true;
2423 // Push the offset of the next bytecode onto the stack.
2424 bci_stack->push(bcs.next_bci());
2426 // Push the switch alternatives onto the stack.
2427 for (int i = 0; i < keys; i++) {
2428 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2429 if (target > code_length) return false;
2430 bci_stack->push(target);
2431 }
2433 // Start bytecode parsing for the switch at the default alternative.
2434 if (default_offset > code_length) return false;
2435 bcs.set_start(default_offset);
2436 break;
2437 }
2439 case Bytecodes::_return:
2440 return false;
2442 case Bytecodes::_athrow:
2443 {
2444 if (bci_stack->is_empty()) {
2445 if (handler_stack->is_empty()) {
2446 return true;
2447 } else {
2448 // Parse the catch handlers for try blocks containing athrow.
2449 bcs.set_start(handler_stack->pop());
2450 }
2451 } else {
2452 // Pop a bytecode offset and starting scanning from there.
2453 bcs.set_start(bci_stack->pop());
2454 }
2455 }
2456 break;
2458 default:
2459 ;
2460 } // end switch
2461 } // end while loop
2463 return false;
2464 }
2466 void ClassVerifier::verify_invoke_init(
2467 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2468 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2469 bool *this_uninit, constantPoolHandle cp, StackMapTable* stackmap_table,
2470 TRAPS) {
2471 u2 bci = bcs->bci();
2472 VerificationType type = current_frame->pop_stack(
2473 VerificationType::reference_check(), CHECK_VERIFY(this));
2474 if (type == VerificationType::uninitialized_this_type()) {
2475 // The method must be an <init> method of this class or its superclass
2476 Klass* superk = current_class()->super();
2477 if (ref_class_type.name() != current_class()->name() &&
2478 ref_class_type.name() != superk->name()) {
2479 verify_error(ErrorContext::bad_type(bci,
2480 TypeOrigin::implicit(ref_class_type),
2481 TypeOrigin::implicit(current_type())),
2482 "Bad <init> method call");
2483 return;
2484 }
2486 // If this invokespecial call is done from inside of a TRY block then make
2487 // sure that all catch clause paths end in a throw. Otherwise, this can
2488 // result in returning an incomplete object.
2489 if (in_try_block) {
2490 ExceptionTable exhandlers(_method());
2491 int exlength = exhandlers.length();
2492 for(int i = 0; i < exlength; i++) {
2493 u2 start_pc = exhandlers.start_pc(i);
2494 u2 end_pc = exhandlers.end_pc(i);
2496 if (bci >= start_pc && bci < end_pc) {
2497 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2498 verify_error(ErrorContext::bad_code(bci),
2499 "Bad <init> method call from after the start of a try block");
2500 return;
2501 } else if (VerboseVerification) {
2502 ResourceMark rm;
2503 tty->print_cr(
2504 "Survived call to ends_in_athrow(): %s",
2505 current_class()->name()->as_C_string());
2506 }
2507 }
2508 }
2510 // Check the exception handler target stackmaps with the locals from the
2511 // incoming stackmap (before initialize_object() changes them to outgoing
2512 // state).
2513 verify_exception_handler_targets(bci, true, current_frame,
2514 stackmap_table, CHECK_VERIFY(this));
2515 } // in_try_block
2517 current_frame->initialize_object(type, current_type());
2518 *this_uninit = true;
2519 } else if (type.is_uninitialized()) {
2520 u2 new_offset = type.bci();
2521 address new_bcp = bcs->bcp() - bci + new_offset;
2522 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2523 /* Unreachable? Stack map parsing ensures valid type and new
2524 * instructions have a valid BCI. */
2525 verify_error(ErrorContext::bad_code(new_offset),
2526 "Expecting new instruction");
2527 return;
2528 }
2529 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2530 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2532 // The method must be an <init> method of the indicated class
2533 VerificationType new_class_type = cp_index_to_type(
2534 new_class_index, cp, CHECK_VERIFY(this));
2535 if (!new_class_type.equals(ref_class_type)) {
2536 verify_error(ErrorContext::bad_type(bci,
2537 TypeOrigin::cp(new_class_index, new_class_type),
2538 TypeOrigin::cp(ref_class_index, ref_class_type)),
2539 "Call to wrong <init> method");
2540 return;
2541 }
2542 // According to the VM spec, if the referent class is a superclass of the
2543 // current class, and is in a different runtime package, and the method is
2544 // protected, then the objectref must be the current class or a subclass
2545 // of the current class.
2546 VerificationType objectref_type = new_class_type;
2547 if (name_in_supers(ref_class_type.name(), current_class())) {
2548 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2549 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2550 vmSymbols::object_initializer_name(),
2551 cp->signature_ref_at(bcs->get_index_u2()), Klass::find_overpass);
2552 // Do nothing if method is not found. Let resolution detect the error.
2553 if (m != NULL) {
2554 instanceKlassHandle mh(THREAD, m->method_holder());
2555 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
2556 bool assignable = current_type().is_assignable_from(
2557 objectref_type, this, true, CHECK_VERIFY(this));
2558 if (!assignable) {
2559 verify_error(ErrorContext::bad_type(bci,
2560 TypeOrigin::cp(new_class_index, objectref_type),
2561 TypeOrigin::implicit(current_type())),
2562 "Bad access to protected <init> method");
2563 return;
2564 }
2565 }
2566 }
2567 }
2568 // Check the exception handler target stackmaps with the locals from the
2569 // incoming stackmap (before initialize_object() changes them to outgoing
2570 // state).
2571 if (in_try_block) {
2572 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2573 stackmap_table, CHECK_VERIFY(this));
2574 }
2575 current_frame->initialize_object(type, new_class_type);
2576 } else {
2577 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2578 "Bad operand type when invoking <init>");
2579 return;
2580 }
2581 }
2583 bool ClassVerifier::is_same_or_direct_interface(
2584 instanceKlassHandle klass,
2585 VerificationType klass_type,
2586 VerificationType ref_class_type) {
2587 if (ref_class_type.equals(klass_type)) return true;
2588 Array<Klass*>* local_interfaces = klass->local_interfaces();
2589 if (local_interfaces != NULL) {
2590 for (int x = 0; x < local_interfaces->length(); x++) {
2591 Klass* k = local_interfaces->at(x);
2592 assert (k != NULL && k->is_interface(), "invalid interface");
2593 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2594 return true;
2595 }
2596 }
2597 }
2598 return false;
2599 }
2601 void ClassVerifier::verify_invoke_instructions(
2602 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2603 bool in_try_block, bool *this_uninit, VerificationType return_type,
2604 constantPoolHandle cp, StackMapTable* stackmap_table, TRAPS) {
2605 // Make sure the constant pool item is the right type
2606 u2 index = bcs->get_index_u2();
2607 Bytecodes::Code opcode = bcs->raw_code();
2608 unsigned int types;
2609 switch (opcode) {
2610 case Bytecodes::_invokeinterface:
2611 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2612 break;
2613 case Bytecodes::_invokedynamic:
2614 types = 1 << JVM_CONSTANT_InvokeDynamic;
2615 break;
2616 case Bytecodes::_invokespecial:
2617 case Bytecodes::_invokestatic:
2618 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2619 (1 << JVM_CONSTANT_Methodref) :
2620 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2621 break;
2622 default:
2623 types = 1 << JVM_CONSTANT_Methodref;
2624 }
2625 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2627 // Get method name and signature
2628 Symbol* method_name = cp->name_ref_at(index);
2629 Symbol* method_sig = cp->signature_ref_at(index);
2631 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
2632 class_format_error(
2633 "Invalid method signature in class %s referenced "
2634 "from constant pool index %d", _klass->external_name(), index);
2635 return;
2636 }
2638 // Get referenced class type
2639 VerificationType ref_class_type;
2640 if (opcode == Bytecodes::_invokedynamic) {
2641 if (!EnableInvokeDynamic ||
2642 _klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2643 if (!EnableInvokeDynamic) {
2644 class_format_error("invokedynamic instructions not enabled in this JVM");
2645 } else {
2646 class_format_error("invokedynamic instructions not supported by this class file version (%d), class %s",
2647 _klass->major_version(), _klass->external_name());
2648 }
2649 return;
2650 }
2651 } else {
2652 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2653 }
2655 // For a small signature length, we just allocate 128 bytes instead
2656 // of parsing the signature once to find its size.
2657 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
2658 // longs/doubles to be consertive.
2659 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2660 "buffer type must match VerificationType size");
2661 uintptr_t on_stack_sig_types_buffer[128];
2662 // If we make a VerificationType[128] array directly, the compiler calls
2663 // to the c-runtime library to do the allocation instead of just
2664 // stack allocating it. Plus it would run constructors. This shows up
2665 // in performance profiles.
2667 VerificationType* sig_types;
2668 int size = (method_sig->utf8_length() - 3) * 2;
2669 if (size > 128) {
2670 // Long and double occupies two slots here.
2671 ArgumentSizeComputer size_it(method_sig);
2672 size = size_it.size();
2673 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
2674 } else{
2675 sig_types = (VerificationType*)on_stack_sig_types_buffer;
2676 }
2677 SignatureStream sig_stream(method_sig);
2678 int sig_i = 0;
2679 while (!sig_stream.at_return_type()) {
2680 sig_i += change_sig_to_verificationType(
2681 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
2682 sig_stream.next();
2683 }
2684 int nargs = sig_i;
2686 #ifdef ASSERT
2687 {
2688 ArgumentSizeComputer size_it(method_sig);
2689 assert(nargs == size_it.size(), "Argument sizes do not match");
2690 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
2691 }
2692 #endif
2694 // Check instruction operands
2695 u2 bci = bcs->bci();
2696 if (opcode == Bytecodes::_invokeinterface) {
2697 address bcp = bcs->bcp();
2698 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2699 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2700 // the difference between the size of the operand stack before and after the instruction
2701 // executes.
2702 if (*(bcp+3) != (nargs+1)) {
2703 verify_error(ErrorContext::bad_code(bci),
2704 "Inconsistent args count operand in invokeinterface");
2705 return;
2706 }
2707 if (*(bcp+4) != 0) {
2708 verify_error(ErrorContext::bad_code(bci),
2709 "Fourth operand byte of invokeinterface must be zero");
2710 return;
2711 }
2712 }
2714 if (opcode == Bytecodes::_invokedynamic) {
2715 address bcp = bcs->bcp();
2716 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2717 verify_error(ErrorContext::bad_code(bci),
2718 "Third and fourth operand bytes of invokedynamic must be zero");
2719 return;
2720 }
2721 }
2723 if (method_name->byte_at(0) == '<') {
2724 // Make sure <init> can only be invoked by invokespecial
2725 if (opcode != Bytecodes::_invokespecial ||
2726 method_name != vmSymbols::object_initializer_name()) {
2727 verify_error(ErrorContext::bad_code(bci),
2728 "Illegal call to internal method");
2729 return;
2730 }
2731 } else if (opcode == Bytecodes::_invokespecial
2732 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2733 && !ref_class_type.equals(VerificationType::reference_type(
2734 current_class()->super()->name()))) {
2735 bool subtype = false;
2736 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2737 if (!current_class()->is_anonymous()) {
2738 subtype = ref_class_type.is_assignable_from(
2739 current_type(), this, false, CHECK_VERIFY(this));
2740 } else {
2741 VerificationType host_klass_type =
2742 VerificationType::reference_type(current_class()->host_klass()->name());
2743 subtype = ref_class_type.is_assignable_from(host_klass_type, this, false, CHECK_VERIFY(this));
2745 // If invokespecial of IMR, need to recheck for same or
2746 // direct interface relative to the host class
2747 have_imr_indirect = (have_imr_indirect &&
2748 !is_same_or_direct_interface(
2749 InstanceKlass::cast(current_class()->host_klass()),
2750 host_klass_type, ref_class_type));
2751 }
2752 if (!subtype) {
2753 verify_error(ErrorContext::bad_code(bci),
2754 "Bad invokespecial instruction: "
2755 "current class isn't assignable to reference class.");
2756 return;
2757 } else if (have_imr_indirect) {
2758 verify_error(ErrorContext::bad_code(bci),
2759 "Bad invokespecial instruction: "
2760 "interface method reference is in an indirect superinterface.");
2761 return;
2762 }
2764 }
2765 // Match method descriptor with operand stack
2766 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2767 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
2768 }
2769 // Check objectref on operand stack
2770 if (opcode != Bytecodes::_invokestatic &&
2771 opcode != Bytecodes::_invokedynamic) {
2772 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2773 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2774 code_length, in_try_block, this_uninit, cp, stackmap_table,
2775 CHECK_VERIFY(this));
2776 } else { // other methods
2777 // Ensures that target class is assignable to method class.
2778 if (opcode == Bytecodes::_invokespecial) {
2779 if (!current_class()->is_anonymous()) {
2780 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2781 } else {
2782 // anonymous class invokespecial calls: check if the
2783 // objectref is a subtype of the host_klass of the current class
2784 // to allow an anonymous class to reference methods in the host_klass
2785 VerificationType top = current_frame->pop_stack(CHECK_VERIFY(this));
2786 VerificationType hosttype =
2787 VerificationType::reference_type(current_class()->host_klass()->name());
2788 bool subtype = hosttype.is_assignable_from(top, this, false, CHECK_VERIFY(this));
2789 if (!subtype) {
2790 verify_error( ErrorContext::bad_type(current_frame->offset(),
2791 current_frame->stack_top_ctx(),
2792 TypeOrigin::implicit(top)),
2793 "Bad type on operand stack");
2794 return;
2795 }
2796 }
2797 } else if (opcode == Bytecodes::_invokevirtual) {
2798 VerificationType stack_object_type =
2799 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2800 if (current_type() != stack_object_type) {
2801 assert(cp->cache() == NULL, "not rewritten yet");
2802 Symbol* ref_class_name =
2803 cp->klass_name_at(cp->klass_ref_index_at(index));
2804 // See the comments in verify_field_instructions() for
2805 // the rationale behind this.
2806 if (name_in_supers(ref_class_name, current_class())) {
2807 Klass* ref_class = load_class(ref_class_name, CHECK);
2808 if (is_protected_access(
2809 _klass, ref_class, method_name, method_sig, true)) {
2810 // It's protected access, check if stack object is
2811 // assignable to current class.
2812 bool is_assignable = current_type().is_assignable_from(
2813 stack_object_type, this, true, CHECK_VERIFY(this));
2814 if (!is_assignable) {
2815 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2816 && stack_object_type.is_array()
2817 && method_name == vmSymbols::clone_name()) {
2818 // Special case: arrays pretend to implement public Object
2819 // clone().
2820 } else {
2821 verify_error(ErrorContext::bad_type(bci,
2822 current_frame->stack_top_ctx(),
2823 TypeOrigin::implicit(current_type())),
2824 "Bad access to protected data in invokevirtual");
2825 return;
2826 }
2827 }
2828 }
2829 }
2830 }
2831 } else {
2832 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2833 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2834 }
2835 }
2836 }
2837 // Push the result type.
2838 if (sig_stream.type() != T_VOID) {
2839 if (method_name == vmSymbols::object_initializer_name()) {
2840 // <init> method must have a void return type
2841 /* Unreachable? Class file parser verifies that methods with '<' have
2842 * void return */
2843 verify_error(ErrorContext::bad_code(bci),
2844 "Return type must be void in <init> method");
2845 return;
2846 }
2847 VerificationType return_type[2];
2848 int n = change_sig_to_verificationType(
2849 &sig_stream, return_type, CHECK_VERIFY(this));
2850 for (int i = 0; i < n; i++) {
2851 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2852 }
2853 }
2854 }
2856 VerificationType ClassVerifier::get_newarray_type(
2857 u2 index, u2 bci, TRAPS) {
2858 const char* from_bt[] = {
2859 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2860 };
2861 if (index < T_BOOLEAN || index > T_LONG) {
2862 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2863 return VerificationType::bogus_type();
2864 }
2866 // from_bt[index] contains the array signature which has a length of 2
2867 Symbol* sig = create_temporary_symbol(
2868 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2869 return VerificationType::reference_type(sig);
2870 }
2872 void ClassVerifier::verify_anewarray(
2873 u2 bci, u2 index, constantPoolHandle cp,
2874 StackMapFrame* current_frame, TRAPS) {
2875 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2876 current_frame->pop_stack(
2877 VerificationType::integer_type(), CHECK_VERIFY(this));
2879 VerificationType component_type =
2880 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2881 int length;
2882 char* arr_sig_str;
2883 if (component_type.is_array()) { // it's an array
2884 const char* component_name = component_type.name()->as_utf8();
2885 // add one dimension to component
2886 length = (int)strlen(component_name) + 1;
2887 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2888 arr_sig_str[0] = '[';
2889 strncpy(&arr_sig_str[1], component_name, length - 1);
2890 } else { // it's an object or interface
2891 const char* component_name = component_type.name()->as_utf8();
2892 // add one dimension to component with 'L' prepended and ';' postpended.
2893 length = (int)strlen(component_name) + 3;
2894 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2895 arr_sig_str[0] = '[';
2896 arr_sig_str[1] = 'L';
2897 strncpy(&arr_sig_str[2], component_name, length - 2);
2898 arr_sig_str[length - 1] = ';';
2899 }
2900 Symbol* arr_sig = create_temporary_symbol(
2901 arr_sig_str, length, CHECK_VERIFY(this));
2902 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2903 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2904 }
2906 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
2907 current_frame->get_local(
2908 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2909 current_frame->push_stack(
2910 VerificationType::integer_type(), CHECK_VERIFY(this));
2911 }
2913 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
2914 current_frame->get_local_2(
2915 index, VerificationType::long_type(),
2916 VerificationType::long2_type(), CHECK_VERIFY(this));
2917 current_frame->push_stack_2(
2918 VerificationType::long_type(),
2919 VerificationType::long2_type(), CHECK_VERIFY(this));
2920 }
2922 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
2923 current_frame->get_local(
2924 index, VerificationType::float_type(), CHECK_VERIFY(this));
2925 current_frame->push_stack(
2926 VerificationType::float_type(), CHECK_VERIFY(this));
2927 }
2929 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
2930 current_frame->get_local_2(
2931 index, VerificationType::double_type(),
2932 VerificationType::double2_type(), CHECK_VERIFY(this));
2933 current_frame->push_stack_2(
2934 VerificationType::double_type(),
2935 VerificationType::double2_type(), CHECK_VERIFY(this));
2936 }
2938 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
2939 VerificationType type = current_frame->get_local(
2940 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2941 current_frame->push_stack(type, CHECK_VERIFY(this));
2942 }
2944 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
2945 current_frame->pop_stack(
2946 VerificationType::integer_type(), CHECK_VERIFY(this));
2947 current_frame->set_local(
2948 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2949 }
2951 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2952 current_frame->pop_stack_2(
2953 VerificationType::long2_type(),
2954 VerificationType::long_type(), CHECK_VERIFY(this));
2955 current_frame->set_local_2(
2956 index, VerificationType::long_type(),
2957 VerificationType::long2_type(), CHECK_VERIFY(this));
2958 }
2960 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2961 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2962 current_frame->set_local(
2963 index, VerificationType::float_type(), CHECK_VERIFY(this));
2964 }
2966 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2967 current_frame->pop_stack_2(
2968 VerificationType::double2_type(),
2969 VerificationType::double_type(), CHECK_VERIFY(this));
2970 current_frame->set_local_2(
2971 index, VerificationType::double_type(),
2972 VerificationType::double2_type(), CHECK_VERIFY(this));
2973 }
2975 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2976 VerificationType type = current_frame->pop_stack(
2977 VerificationType::reference_check(), CHECK_VERIFY(this));
2978 current_frame->set_local(index, type, CHECK_VERIFY(this));
2979 }
2981 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2982 VerificationType type = current_frame->get_local(
2983 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2984 current_frame->set_local(index, type, CHECK_VERIFY(this));
2985 }
2987 void ClassVerifier::verify_return_value(
2988 VerificationType return_type, VerificationType type, u2 bci,
2989 StackMapFrame* current_frame, TRAPS) {
2990 if (return_type == VerificationType::bogus_type()) {
2991 verify_error(ErrorContext::bad_type(bci,
2992 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2993 "Method expects a return value");
2994 return;
2995 }
2996 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2997 if (!match) {
2998 verify_error(ErrorContext::bad_type(bci,
2999 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3000 "Bad return type");
3001 return;
3002 }
3003 }
3005 // The verifier creates symbols which are substrings of Symbols.
3006 // These are stored in the verifier until the end of verification so that
3007 // they can be reference counted.
3008 Symbol* ClassVerifier::create_temporary_symbol(const Symbol *s, int begin,
3009 int end, TRAPS) {
3010 Symbol* sym = SymbolTable::new_symbol(s, begin, end, CHECK_NULL);
3011 _symbols->push(sym);
3012 return sym;
3013 }
3015 Symbol* ClassVerifier::create_temporary_symbol(const char *s, int length, TRAPS) {
3016 Symbol* sym = SymbolTable::new_symbol(s, length, CHECK_NULL);
3017 _symbols->push(sym);
3018 return sym;
3019 }
