1 /*
2 * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
20 * CA 95054 USA or visit www.sun.com if you need additional information or
21 * have any questions.
22 *
23 */
24
25 # include "incls/_precompiled.incl"
26 # include "incls/_verifier.cpp.incl"
27
28 // Access to external entry for VerifyClassCodes - old byte code verifier
29
30 extern "C" {
31 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint);
32 typedef jboolean (*verify_byte_codes_fn_new_t)(JNIEnv *, jclass, char *, jint, jint);
33 }
34
35 static void* volatile _verify_byte_codes_fn = NULL;
36
37 static volatile jint _is_new_verify_byte_codes_fn = (jint) true;
38
39 static void* verify_byte_codes_fn() {
40 if (_verify_byte_codes_fn == NULL) {
41 void *lib_handle = os::native_java_library();
42 void *func = hpi::dll_lookup(lib_handle, "VerifyClassCodesForMajorVersion");
43 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
44 if (func == NULL) {
45 OrderAccess::release_store(&_is_new_verify_byte_codes_fn, false);
46 func = hpi::dll_lookup(lib_handle, "VerifyClassCodes");
47 OrderAccess::release_store_ptr(&_verify_byte_codes_fn, func);
48 }
49 }
50 return (void*)_verify_byte_codes_fn;
51 }
52
53
54 // Methods in Verifier
55
56 bool Verifier::should_verify_for(oop class_loader) {
57 return class_loader == NULL ?
58 BytecodeVerificationLocal : BytecodeVerificationRemote;
59 }
60
61 bool Verifier::relax_verify_for(oop loader) {
62 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
63 bool need_verify =
64 // verifyAll
65 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
66 // verifyRemote
67 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
68 return !need_verify;
69 }
70
71 bool Verifier::verify(instanceKlassHandle klass, Verifier::Mode mode, TRAPS) {
72 ResourceMark rm(THREAD);
73 HandleMark hm;
74
75 symbolHandle exception_name;
76 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
77 char* message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
78
79 const char* klassName = klass->external_name();
80
81 // If the class should be verified, first see if we can use the split
82 // verifier. If not, or if verification fails and FailOverToOldVerifier
83 // is set, then call the inference verifier.
84 if (is_eligible_for_verification(klass)) {
85 if (TraceClassInitialization) {
86 tty->print_cr("Start class verification for: %s", klassName);
87 }
88 if (UseSplitVerifier &&
89 klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
90 ClassVerifier split_verifier(
91 klass, message_buffer, message_buffer_len, THREAD);
92 split_verifier.verify_class(THREAD);
93 exception_name = split_verifier.result();
94 if (FailOverToOldVerifier && !HAS_PENDING_EXCEPTION &&
95 (exception_name == vmSymbols::java_lang_VerifyError() ||
96 exception_name == vmSymbols::java_lang_ClassFormatError())) {
97 if (TraceClassInitialization) {
98 tty->print_cr(
99 "Fail over class verification to old verifier for: %s", klassName);
100 }
101 exception_name = inference_verify(
102 klass, message_buffer, message_buffer_len, THREAD);
103 }
104 } else {
105 exception_name = inference_verify(
106 klass, message_buffer, message_buffer_len, THREAD);
107 }
108
109 if (TraceClassInitialization) {
110 if (HAS_PENDING_EXCEPTION) {
111 tty->print("Verification for %s has", klassName);
112 tty->print_cr(" exception pending %s ",
113 instanceKlass::cast(PENDING_EXCEPTION->klass())->external_name());
114 } else if (!exception_name.is_null()) {
115 tty->print_cr("Verification for %s failed", klassName);
116 }
117 tty->print_cr("End class verification for: %s", klassName);
118 }
119 }
120
121 if (HAS_PENDING_EXCEPTION) {
122 return false; // use the existing exception
123 } else if (exception_name.is_null()) {
124 return true; // verifcation succeeded
125 } else { // VerifyError or ClassFormatError to be created and thrown
126 ResourceMark rm(THREAD);
127 instanceKlassHandle kls =
128 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
129 while (!kls.is_null()) {
130 if (kls == klass) {
131 // If the class being verified is the exception we're creating
132 // or one of it's superclasses, we're in trouble and are going
133 // to infinitely recurse when we try to initialize the exception.
134 // So bail out here by throwing the preallocated VM error.
135 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
136 }
137 kls = kls->super();
138 }
139 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
140 THROW_MSG_(exception_name, message_buffer, false);
141 }
142 }
143
144 bool Verifier::is_eligible_for_verification(instanceKlassHandle klass) {
145 symbolOop name = klass->name();
146 klassOop refl_magic_klass = SystemDictionary::reflect_magic_klass();
147
148 return (should_verify_for(klass->class_loader()) &&
149 // return if the class is a bootstrapping class
150 // We need to skip the following four for bootstraping
151 name != vmSymbols::java_lang_Object() &&
152 name != vmSymbols::java_lang_Class() &&
153 name != vmSymbols::java_lang_String() &&
154 name != vmSymbols::java_lang_Throwable() &&
155
156 // Can not verify the bytecodes for shared classes because they have
157 // already been rewritten to contain constant pool cache indices,
158 // which the verifier can't understand.
159 // Shared classes shouldn't have stackmaps either.
160 !klass()->is_shared() &&
161
162 // As of the fix for 4486457 we disable verification for all of the
163 // dynamically-generated bytecodes associated with the 1.4
164 // reflection implementation, not just those associated with
165 // sun/reflect/SerializationConstructorAccessor.
166 // NOTE: this is called too early in the bootstrapping process to be
167 // guarded by Universe::is_gte_jdk14x_version()/UseNewReflection.
168 (refl_magic_klass == NULL ||
169 !klass->is_subtype_of(refl_magic_klass) ||
170 VerifyReflectionBytecodes)
171 );
172 }
173
174 symbolHandle Verifier::inference_verify(
175 instanceKlassHandle klass, char* message, size_t message_len, TRAPS) {
176 JavaThread* thread = (JavaThread*)THREAD;
177 JNIEnv *env = thread->jni_environment();
178
179 void* verify_func = verify_byte_codes_fn();
180
181 if (verify_func == NULL) {
182 jio_snprintf(message, message_len, "Could not link verifier");
183 return vmSymbols::java_lang_VerifyError();
184 }
185
186 ResourceMark rm(THREAD);
187 if (ClassVerifier::_verify_verbose) {
188 tty->print_cr("Verifying class %s with old format", klass->external_name());
189 }
190
191 jclass cls = (jclass) JNIHandles::make_local(env, klass->java_mirror());
192 jint result;
193
194 {
195 HandleMark hm(thread);
196 ThreadToNativeFromVM ttn(thread);
197 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
198 // code knows that we have left the VM
199
200 if (_is_new_verify_byte_codes_fn) {
201 verify_byte_codes_fn_new_t func =
202 CAST_TO_FN_PTR(verify_byte_codes_fn_new_t, verify_func);
203 result = (*func)(env, cls, message, (int)message_len,
204 klass->major_version());
205 } else {
206 verify_byte_codes_fn_t func =
207 CAST_TO_FN_PTR(verify_byte_codes_fn_t, verify_func);
208 result = (*func)(env, cls, message, (int)message_len);
209 }
210 }
211
212 JNIHandles::destroy_local(cls);
213
214 // These numbers are chosen so that VerifyClassCodes interface doesn't need
215 // to be changed (still return jboolean (unsigned char)), and result is
216 // 1 when verification is passed.
217 symbolHandle nh(NULL);
218 if (result == 0) {
219 return vmSymbols::java_lang_VerifyError();
220 } else if (result == 1) {
221 return nh; // verified.
222 } else if (result == 2) {
223 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nh);
224 } else if (result == 3) {
225 return vmSymbols::java_lang_ClassFormatError();
226 } else {
227 ShouldNotReachHere();
228 return nh;
229 }
230 }
231
232 // Methods in ClassVerifier
233
234 bool ClassVerifier::_verify_verbose = false;
235
236 ClassVerifier::ClassVerifier(
237 instanceKlassHandle klass, char* msg, size_t msg_len, TRAPS)
238 : _thread(THREAD), _exception_type(symbolHandle()), _message(msg),
239 _message_buffer_len(msg_len), _klass(klass) {
240 _this_type = VerificationType::reference_type(klass->name());
241 }
242
243 ClassVerifier::~ClassVerifier() {
244 }
245
246 void ClassVerifier::verify_class(TRAPS) {
247 if (_verify_verbose) {
248 tty->print_cr("Verifying class %s with new format",
249 _klass->external_name());
250 }
251
252 objArrayHandle methods(THREAD, _klass->methods());
253 int num_methods = methods->length();
254
255 for (int index = 0; index < num_methods; index++) {
256 methodOop m = (methodOop)methods->obj_at(index);
257 if (m->is_native() || m->is_abstract()) {
258 // If m is native or abstract, skip it. It is checked in class file
259 // parser that methods do not override a final method.
260 continue;
261 }
262 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
263 }
264 }
265
266 void ClassVerifier::verify_method(methodHandle m, TRAPS) {
267 ResourceMark rm(THREAD);
268 _method = m; // initialize _method
269 if (_verify_verbose) {
270 tty->print_cr("Verifying method %s", m->name_and_sig_as_C_string());
271 }
272
273 const char* bad_type_msg = "Bad type on operand stack in %s";
274
275 int32_t max_stack = m->max_stack();
276 int32_t max_locals = m->max_locals();
277 constantPoolHandle cp(THREAD, m->constants());
278
279 if (!SignatureVerifier::is_valid_method_signature(m->signature())) {
280 class_format_error("Invalid method signature");
281 return;
282 }
283
284 // Initial stack map frame: offset is 0, stack is initially empty.
285 StackMapFrame current_frame(max_locals, max_stack, this);
286 // Set initial locals
287 VerificationType return_type = current_frame.set_locals_from_arg(
288 m, current_type(), CHECK_VERIFY(this));
289
290 int32_t stackmap_index = 0; // index to the stackmap array
291
292 u4 code_length = m->code_size();
293
294 // Scan the bytecode and map each instruction's start offset to a number.
295 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
296
297 int ex_min = code_length;
298 int ex_max = -1;
299 // Look through each item on the exception table. Each of the fields must refer
300 // to a legal instruction.
301 verify_exception_handler_table(
302 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
303
304 // Look through each entry on the local variable table and make sure
305 // its range of code array offsets is valid. (4169817)
306 if (m->has_localvariable_table()) {
307 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
308 }
309
310 typeArrayHandle stackmap_data(THREAD, m->stackmap_data());
311 StackMapStream stream(stackmap_data);
312 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
313 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
314 code_data, code_length, CHECK_VERIFY(this));
315
316 if (_verify_verbose) {
317 stackmap_table.print();
318 }
319
320 RawBytecodeStream bcs(m);
321
322 // Scan the byte code linearly from the start to the end
323 bool no_control_flow = false; // Set to true when there is no direct control
324 // flow from current instruction to the next
325 // instruction in sequence
326 Bytecodes::Code opcode;
327 while (!bcs.is_last_bytecode()) {
328 opcode = bcs.raw_next();
329 u2 bci = bcs.bci();
330
331 // Set current frame's offset to bci
332 current_frame.set_offset(bci);
333
334 // Make sure every offset in stackmap table point to the beginning to
335 // an instruction. Match current_frame to stackmap_table entry with
336 // the same offset if exists.
337 stackmap_index = verify_stackmap_table(
338 stackmap_index, bci, ¤t_frame, &stackmap_table,
339 no_control_flow, CHECK_VERIFY(this));
340
341 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
342
343 // Merge with the next instruction
344 {
345 u2 index;
346 int target;
347 VerificationType type, type2;
348 VerificationType atype;
349
350 #ifndef PRODUCT
351 if (_verify_verbose) {
352 current_frame.print();
353 tty->print_cr("offset = %d, opcode = %s", bci, Bytecodes::name(opcode));
354 }
355 #endif
356
357 // Make sure wide instruction is in correct format
358 if (bcs.is_wide()) {
359 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
360 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
361 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
362 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
363 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
364 opcode != Bytecodes::_dstore) {
365 verify_error(bci, "Bad wide instruction");
366 return;
367 }
368 }
369
370 switch (opcode) {
371 case Bytecodes::_nop :
372 no_control_flow = false; break;
373 case Bytecodes::_aconst_null :
374 current_frame.push_stack(
375 VerificationType::null_type(), CHECK_VERIFY(this));
376 no_control_flow = false; break;
377 case Bytecodes::_iconst_m1 :
378 case Bytecodes::_iconst_0 :
379 case Bytecodes::_iconst_1 :
380 case Bytecodes::_iconst_2 :
381 case Bytecodes::_iconst_3 :
382 case Bytecodes::_iconst_4 :
383 case Bytecodes::_iconst_5 :
384 current_frame.push_stack(
385 VerificationType::integer_type(), CHECK_VERIFY(this));
386 no_control_flow = false; break;
387 case Bytecodes::_lconst_0 :
388 case Bytecodes::_lconst_1 :
389 current_frame.push_stack_2(
390 VerificationType::long_type(),
391 VerificationType::long2_type(), CHECK_VERIFY(this));
392 no_control_flow = false; break;
393 case Bytecodes::_fconst_0 :
394 case Bytecodes::_fconst_1 :
395 case Bytecodes::_fconst_2 :
396 current_frame.push_stack(
397 VerificationType::float_type(), CHECK_VERIFY(this));
398 no_control_flow = false; break;
399 case Bytecodes::_dconst_0 :
400 case Bytecodes::_dconst_1 :
401 current_frame.push_stack_2(
402 VerificationType::double_type(),
403 VerificationType::double2_type(), CHECK_VERIFY(this));
404 no_control_flow = false; break;
405 case Bytecodes::_sipush :
406 case Bytecodes::_bipush :
407 current_frame.push_stack(
408 VerificationType::integer_type(), CHECK_VERIFY(this));
409 no_control_flow = false; break;
410 case Bytecodes::_ldc :
411 verify_ldc(
412 opcode, bcs.get_index(), ¤t_frame,
413 cp, bci, CHECK_VERIFY(this));
414 no_control_flow = false; break;
415 case Bytecodes::_ldc_w :
416 case Bytecodes::_ldc2_w :
417 verify_ldc(
418 opcode, bcs.get_index_big(), ¤t_frame,
419 cp, bci, CHECK_VERIFY(this));
420 no_control_flow = false; break;
421 case Bytecodes::_iload :
422 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
423 no_control_flow = false; break;
424 case Bytecodes::_iload_0 :
425 case Bytecodes::_iload_1 :
426 case Bytecodes::_iload_2 :
427 case Bytecodes::_iload_3 :
428 index = opcode - Bytecodes::_iload_0;
429 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
430 no_control_flow = false; break;
431 case Bytecodes::_lload :
432 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
433 no_control_flow = false; break;
434 case Bytecodes::_lload_0 :
435 case Bytecodes::_lload_1 :
436 case Bytecodes::_lload_2 :
437 case Bytecodes::_lload_3 :
438 index = opcode - Bytecodes::_lload_0;
439 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
440 no_control_flow = false; break;
441 case Bytecodes::_fload :
442 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
443 no_control_flow = false; break;
444 case Bytecodes::_fload_0 :
445 case Bytecodes::_fload_1 :
446 case Bytecodes::_fload_2 :
447 case Bytecodes::_fload_3 :
448 index = opcode - Bytecodes::_fload_0;
449 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
450 no_control_flow = false; break;
451 case Bytecodes::_dload :
452 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
453 no_control_flow = false; break;
454 case Bytecodes::_dload_0 :
455 case Bytecodes::_dload_1 :
456 case Bytecodes::_dload_2 :
457 case Bytecodes::_dload_3 :
458 index = opcode - Bytecodes::_dload_0;
459 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
460 no_control_flow = false; break;
461 case Bytecodes::_aload :
462 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
463 no_control_flow = false; break;
464 case Bytecodes::_aload_0 :
465 case Bytecodes::_aload_1 :
466 case Bytecodes::_aload_2 :
467 case Bytecodes::_aload_3 :
468 index = opcode - Bytecodes::_aload_0;
469 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
470 no_control_flow = false; break;
471 case Bytecodes::_iaload :
472 type = current_frame.pop_stack(
473 VerificationType::integer_type(), CHECK_VERIFY(this));
474 atype = current_frame.pop_stack(
475 VerificationType::reference_check(), CHECK_VERIFY(this));
476 if (!atype.is_int_array()) {
477 verify_error(bci, bad_type_msg, "iaload");
478 return;
479 }
480 current_frame.push_stack(
481 VerificationType::integer_type(), CHECK_VERIFY(this));
482 no_control_flow = false; break;
483 case Bytecodes::_baload :
484 type = current_frame.pop_stack(
485 VerificationType::integer_type(), CHECK_VERIFY(this));
486 atype = current_frame.pop_stack(
487 VerificationType::reference_check(), CHECK_VERIFY(this));
488 if (!atype.is_bool_array() && !atype.is_byte_array()) {
489 verify_error(bci, bad_type_msg, "baload");
490 return;
491 }
492 current_frame.push_stack(
493 VerificationType::integer_type(), CHECK_VERIFY(this));
494 no_control_flow = false; break;
495 case Bytecodes::_caload :
496 type = current_frame.pop_stack(
497 VerificationType::integer_type(), CHECK_VERIFY(this));
498 atype = current_frame.pop_stack(
499 VerificationType::reference_check(), CHECK_VERIFY(this));
500 if (!atype.is_char_array()) {
501 verify_error(bci, bad_type_msg, "caload");
502 return;
503 }
504 current_frame.push_stack(
505 VerificationType::integer_type(), CHECK_VERIFY(this));
506 no_control_flow = false; break;
507 case Bytecodes::_saload :
508 type = current_frame.pop_stack(
509 VerificationType::integer_type(), CHECK_VERIFY(this));
510 atype = current_frame.pop_stack(
511 VerificationType::reference_check(), CHECK_VERIFY(this));
512 if (!atype.is_short_array()) {
513 verify_error(bci, bad_type_msg, "saload");
514 return;
515 }
516 current_frame.push_stack(
517 VerificationType::integer_type(), CHECK_VERIFY(this));
518 no_control_flow = false; break;
519 case Bytecodes::_laload :
520 type = current_frame.pop_stack(
521 VerificationType::integer_type(), CHECK_VERIFY(this));
522 atype = current_frame.pop_stack(
523 VerificationType::reference_check(), CHECK_VERIFY(this));
524 if (!atype.is_long_array()) {
525 verify_error(bci, bad_type_msg, "laload");
526 return;
527 }
528 current_frame.push_stack_2(
529 VerificationType::long_type(),
530 VerificationType::long2_type(), CHECK_VERIFY(this));
531 no_control_flow = false; break;
532 case Bytecodes::_faload :
533 type = current_frame.pop_stack(
534 VerificationType::integer_type(), CHECK_VERIFY(this));
535 atype = current_frame.pop_stack(
536 VerificationType::reference_check(), CHECK_VERIFY(this));
537 if (!atype.is_float_array()) {
538 verify_error(bci, bad_type_msg, "faload");
539 return;
540 }
541 current_frame.push_stack(
542 VerificationType::float_type(), CHECK_VERIFY(this));
543 no_control_flow = false; break;
544 case Bytecodes::_daload :
545 type = current_frame.pop_stack(
546 VerificationType::integer_type(), CHECK_VERIFY(this));
547 atype = current_frame.pop_stack(
548 VerificationType::reference_check(), CHECK_VERIFY(this));
549 if (!atype.is_double_array()) {
550 verify_error(bci, bad_type_msg, "daload");
551 return;
552 }
553 current_frame.push_stack_2(
554 VerificationType::double_type(),
555 VerificationType::double2_type(), CHECK_VERIFY(this));
556 no_control_flow = false; break;
557 case Bytecodes::_aaload : {
558 type = current_frame.pop_stack(
559 VerificationType::integer_type(), CHECK_VERIFY(this));
560 atype = current_frame.pop_stack(
561 VerificationType::reference_check(), CHECK_VERIFY(this));
562 if (!atype.is_reference_array()) {
563 verify_error(bci, bad_type_msg, "aaload");
564 return;
565 }
566 if (atype.is_null()) {
567 current_frame.push_stack(
568 VerificationType::null_type(), CHECK_VERIFY(this));
569 } else {
570 VerificationType component =
571 atype.get_component(CHECK_VERIFY(this));
572 current_frame.push_stack(component, CHECK_VERIFY(this));
573 }
574 no_control_flow = false; break;
575 }
576 case Bytecodes::_istore :
577 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
578 no_control_flow = false; break;
579 case Bytecodes::_istore_0 :
580 case Bytecodes::_istore_1 :
581 case Bytecodes::_istore_2 :
582 case Bytecodes::_istore_3 :
583 index = opcode - Bytecodes::_istore_0;
584 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
585 no_control_flow = false; break;
586 case Bytecodes::_lstore :
587 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
588 no_control_flow = false; break;
589 case Bytecodes::_lstore_0 :
590 case Bytecodes::_lstore_1 :
591 case Bytecodes::_lstore_2 :
592 case Bytecodes::_lstore_3 :
593 index = opcode - Bytecodes::_lstore_0;
594 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
595 no_control_flow = false; break;
596 case Bytecodes::_fstore :
597 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
598 no_control_flow = false; break;
599 case Bytecodes::_fstore_0 :
600 case Bytecodes::_fstore_1 :
601 case Bytecodes::_fstore_2 :
602 case Bytecodes::_fstore_3 :
603 index = opcode - Bytecodes::_fstore_0;
604 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
605 no_control_flow = false; break;
606 case Bytecodes::_dstore :
607 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
608 no_control_flow = false; break;
609 case Bytecodes::_dstore_0 :
610 case Bytecodes::_dstore_1 :
611 case Bytecodes::_dstore_2 :
612 case Bytecodes::_dstore_3 :
613 index = opcode - Bytecodes::_dstore_0;
614 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
615 no_control_flow = false; break;
616 case Bytecodes::_astore :
617 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
618 no_control_flow = false; break;
619 case Bytecodes::_astore_0 :
620 case Bytecodes::_astore_1 :
621 case Bytecodes::_astore_2 :
622 case Bytecodes::_astore_3 :
623 index = opcode - Bytecodes::_astore_0;
624 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
625 no_control_flow = false; break;
626 case Bytecodes::_iastore :
627 type = current_frame.pop_stack(
628 VerificationType::integer_type(), CHECK_VERIFY(this));
629 type2 = current_frame.pop_stack(
630 VerificationType::integer_type(), CHECK_VERIFY(this));
631 atype = current_frame.pop_stack(
632 VerificationType::reference_check(), CHECK_VERIFY(this));
633 if (!atype.is_int_array()) {
634 verify_error(bci, bad_type_msg, "iastore");
635 return;
636 }
637 no_control_flow = false; break;
638 case Bytecodes::_bastore :
639 type = current_frame.pop_stack(
640 VerificationType::integer_type(), CHECK_VERIFY(this));
641 type2 = current_frame.pop_stack(
642 VerificationType::integer_type(), CHECK_VERIFY(this));
643 atype = current_frame.pop_stack(
644 VerificationType::reference_check(), CHECK_VERIFY(this));
645 if (!atype.is_bool_array() && !atype.is_byte_array()) {
646 verify_error(bci, bad_type_msg, "bastore");
647 return;
648 }
649 no_control_flow = false; break;
650 case Bytecodes::_castore :
651 current_frame.pop_stack(
652 VerificationType::integer_type(), CHECK_VERIFY(this));
653 current_frame.pop_stack(
654 VerificationType::integer_type(), CHECK_VERIFY(this));
655 atype = current_frame.pop_stack(
656 VerificationType::reference_check(), CHECK_VERIFY(this));
657 if (!atype.is_char_array()) {
658 verify_error(bci, bad_type_msg, "castore");
659 return;
660 }
661 no_control_flow = false; break;
662 case Bytecodes::_sastore :
663 current_frame.pop_stack(
664 VerificationType::integer_type(), CHECK_VERIFY(this));
665 current_frame.pop_stack(
666 VerificationType::integer_type(), CHECK_VERIFY(this));
667 atype = current_frame.pop_stack(
668 VerificationType::reference_check(), CHECK_VERIFY(this));
669 if (!atype.is_short_array()) {
670 verify_error(bci, bad_type_msg, "sastore");
671 return;
672 }
673 no_control_flow = false; break;
674 case Bytecodes::_lastore :
675 current_frame.pop_stack_2(
676 VerificationType::long2_type(),
677 VerificationType::long_type(), CHECK_VERIFY(this));
678 current_frame.pop_stack(
679 VerificationType::integer_type(), CHECK_VERIFY(this));
680 atype = current_frame.pop_stack(
681 VerificationType::reference_check(), CHECK_VERIFY(this));
682 if (!atype.is_long_array()) {
683 verify_error(bci, bad_type_msg, "lastore");
684 return;
685 }
686 no_control_flow = false; break;
687 case Bytecodes::_fastore :
688 current_frame.pop_stack(
689 VerificationType::float_type(), CHECK_VERIFY(this));
690 current_frame.pop_stack
691 (VerificationType::integer_type(), CHECK_VERIFY(this));
692 atype = current_frame.pop_stack(
693 VerificationType::reference_check(), CHECK_VERIFY(this));
694 if (!atype.is_float_array()) {
695 verify_error(bci, bad_type_msg, "fastore");
696 return;
697 }
698 no_control_flow = false; break;
699 case Bytecodes::_dastore :
700 current_frame.pop_stack_2(
701 VerificationType::double2_type(),
702 VerificationType::double_type(), CHECK_VERIFY(this));
703 current_frame.pop_stack(
704 VerificationType::integer_type(), CHECK_VERIFY(this));
705 atype = current_frame.pop_stack(
706 VerificationType::reference_check(), CHECK_VERIFY(this));
707 if (!atype.is_double_array()) {
708 verify_error(bci, bad_type_msg, "dastore");
709 return;
710 }
711 no_control_flow = false; break;
712 case Bytecodes::_aastore :
713 type = current_frame.pop_stack(
714 VerificationType::reference_check(), CHECK_VERIFY(this));
715 type2 = current_frame.pop_stack(
716 VerificationType::integer_type(), CHECK_VERIFY(this));
717 atype = current_frame.pop_stack(
718 VerificationType::reference_check(), CHECK_VERIFY(this));
719 // more type-checking is done at runtime
720 if (!atype.is_reference_array()) {
721 verify_error(bci, bad_type_msg, "aastore");
722 return;
723 }
724 // 4938384: relaxed constraint in JVMS 3nd edition.
725 no_control_flow = false; break;
726 case Bytecodes::_pop :
727 current_frame.pop_stack(
728 VerificationType::category1_check(), CHECK_VERIFY(this));
729 no_control_flow = false; break;
730 case Bytecodes::_pop2 :
731 type = current_frame.pop_stack(CHECK_VERIFY(this));
732 if (type.is_category1()) {
733 current_frame.pop_stack(
734 VerificationType::category1_check(), CHECK_VERIFY(this));
735 } else if (type.is_category2_2nd()) {
736 current_frame.pop_stack(
737 VerificationType::category2_check(), CHECK_VERIFY(this));
738 } else {
739 verify_error(bci, bad_type_msg, "pop2");
740 return;
741 }
742 no_control_flow = false; break;
743 case Bytecodes::_dup :
744 type = current_frame.pop_stack(
745 VerificationType::category1_check(), CHECK_VERIFY(this));
746 current_frame.push_stack(type, CHECK_VERIFY(this));
747 current_frame.push_stack(type, CHECK_VERIFY(this));
748 no_control_flow = false; break;
749 case Bytecodes::_dup_x1 :
750 type = current_frame.pop_stack(
751 VerificationType::category1_check(), CHECK_VERIFY(this));
752 type2 = current_frame.pop_stack(
753 VerificationType::category1_check(), CHECK_VERIFY(this));
754 current_frame.push_stack(type, CHECK_VERIFY(this));
755 current_frame.push_stack(type2, CHECK_VERIFY(this));
756 current_frame.push_stack(type, CHECK_VERIFY(this));
757 no_control_flow = false; break;
758 case Bytecodes::_dup_x2 :
759 {
760 VerificationType type3;
761 type = current_frame.pop_stack(
762 VerificationType::category1_check(), CHECK_VERIFY(this));
763 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
764 if (type2.is_category1()) {
765 type3 = current_frame.pop_stack(
766 VerificationType::category1_check(), CHECK_VERIFY(this));
767 } else if (type2.is_category2_2nd()) {
768 type3 = current_frame.pop_stack(
769 VerificationType::category2_check(), CHECK_VERIFY(this));
770 } else {
771 verify_error(bci, bad_type_msg, "dup_x2");
772 return;
773 }
774 current_frame.push_stack(type, CHECK_VERIFY(this));
775 current_frame.push_stack(type3, CHECK_VERIFY(this));
776 current_frame.push_stack(type2, CHECK_VERIFY(this));
777 current_frame.push_stack(type, CHECK_VERIFY(this));
778 no_control_flow = false; break;
779 }
780 case Bytecodes::_dup2 :
781 type = current_frame.pop_stack(CHECK_VERIFY(this));
782 if (type.is_category1()) {
783 type2 = current_frame.pop_stack(
784 VerificationType::category1_check(), CHECK_VERIFY(this));
785 } else if (type.is_category2_2nd()) {
786 type2 = current_frame.pop_stack(
787 VerificationType::category2_check(), CHECK_VERIFY(this));
788 } else {
789 verify_error(bci, bad_type_msg, "dup2");
790 return;
791 }
792 current_frame.push_stack(type2, CHECK_VERIFY(this));
793 current_frame.push_stack(type, CHECK_VERIFY(this));
794 current_frame.push_stack(type2, CHECK_VERIFY(this));
795 current_frame.push_stack(type, CHECK_VERIFY(this));
796 no_control_flow = false; break;
797 case Bytecodes::_dup2_x1 :
798 {
799 VerificationType type3;
800 type = current_frame.pop_stack(CHECK_VERIFY(this));
801 if (type.is_category1()) {
802 type2 = current_frame.pop_stack(
803 VerificationType::category1_check(), CHECK_VERIFY(this));
804 } else if(type.is_category2_2nd()) {
805 type2 = current_frame.pop_stack
806 (VerificationType::category2_check(), CHECK_VERIFY(this));
807 } else {
808 verify_error(bci, bad_type_msg, "dup2_x1");
809 return;
810 }
811 type3 = current_frame.pop_stack(
812 VerificationType::category1_check(), CHECK_VERIFY(this));
813 current_frame.push_stack(type2, CHECK_VERIFY(this));
814 current_frame.push_stack(type, CHECK_VERIFY(this));
815 current_frame.push_stack(type3, CHECK_VERIFY(this));
816 current_frame.push_stack(type2, CHECK_VERIFY(this));
817 current_frame.push_stack(type, CHECK_VERIFY(this));
818 no_control_flow = false; break;
819 }
820 case Bytecodes::_dup2_x2 :
821 {
822 VerificationType type3, type4;
823 type = current_frame.pop_stack(CHECK_VERIFY(this));
824 if (type.is_category1()) {
825 type2 = current_frame.pop_stack(
826 VerificationType::category1_check(), CHECK_VERIFY(this));
827 } else if (type.is_category2_2nd()) {
828 type2 = current_frame.pop_stack(
829 VerificationType::category2_check(), CHECK_VERIFY(this));
830 } else {
831 verify_error(bci, bad_type_msg, "dup2_x2");
832 return;
833 }
834 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
835 if (type3.is_category1()) {
836 type4 = current_frame.pop_stack(
837 VerificationType::category1_check(), CHECK_VERIFY(this));
838 } else if (type3.is_category2_2nd()) {
839 type4 = current_frame.pop_stack(
840 VerificationType::category2_check(), CHECK_VERIFY(this));
841 } else {
842 verify_error(bci, bad_type_msg, "dup2_x2");
843 return;
844 }
845 current_frame.push_stack(type2, CHECK_VERIFY(this));
846 current_frame.push_stack(type, CHECK_VERIFY(this));
847 current_frame.push_stack(type4, CHECK_VERIFY(this));
848 current_frame.push_stack(type3, CHECK_VERIFY(this));
849 current_frame.push_stack(type2, CHECK_VERIFY(this));
850 current_frame.push_stack(type, CHECK_VERIFY(this));
851 no_control_flow = false; break;
852 }
853 case Bytecodes::_swap :
854 type = current_frame.pop_stack(
855 VerificationType::category1_check(), CHECK_VERIFY(this));
856 type2 = current_frame.pop_stack(
857 VerificationType::category1_check(), CHECK_VERIFY(this));
858 current_frame.push_stack(type, CHECK_VERIFY(this));
859 current_frame.push_stack(type2, CHECK_VERIFY(this));
860 no_control_flow = false; break;
861 case Bytecodes::_iadd :
862 case Bytecodes::_isub :
863 case Bytecodes::_imul :
864 case Bytecodes::_idiv :
865 case Bytecodes::_irem :
866 case Bytecodes::_ishl :
867 case Bytecodes::_ishr :
868 case Bytecodes::_iushr :
869 case Bytecodes::_ior :
870 case Bytecodes::_ixor :
871 case Bytecodes::_iand :
872 current_frame.pop_stack(
873 VerificationType::integer_type(), CHECK_VERIFY(this));
874 // fall through
875 case Bytecodes::_ineg :
876 current_frame.pop_stack(
877 VerificationType::integer_type(), CHECK_VERIFY(this));
878 current_frame.push_stack(
879 VerificationType::integer_type(), CHECK_VERIFY(this));
880 no_control_flow = false; break;
881 case Bytecodes::_ladd :
882 case Bytecodes::_lsub :
883 case Bytecodes::_lmul :
884 case Bytecodes::_ldiv :
885 case Bytecodes::_lrem :
886 case Bytecodes::_land :
887 case Bytecodes::_lor :
888 case Bytecodes::_lxor :
889 current_frame.pop_stack_2(
890 VerificationType::long2_type(),
891 VerificationType::long_type(), CHECK_VERIFY(this));
892 // fall through
893 case Bytecodes::_lneg :
894 current_frame.pop_stack_2(
895 VerificationType::long2_type(),
896 VerificationType::long_type(), CHECK_VERIFY(this));
897 current_frame.push_stack_2(
898 VerificationType::long_type(),
899 VerificationType::long2_type(), CHECK_VERIFY(this));
900 no_control_flow = false; break;
901 case Bytecodes::_lshl :
902 case Bytecodes::_lshr :
903 case Bytecodes::_lushr :
904 current_frame.pop_stack(
905 VerificationType::integer_type(), CHECK_VERIFY(this));
906 current_frame.pop_stack_2(
907 VerificationType::long2_type(),
908 VerificationType::long_type(), CHECK_VERIFY(this));
909 current_frame.push_stack_2(
910 VerificationType::long_type(),
911 VerificationType::long2_type(), CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_fadd :
914 case Bytecodes::_fsub :
915 case Bytecodes::_fmul :
916 case Bytecodes::_fdiv :
917 case Bytecodes::_frem :
918 current_frame.pop_stack(
919 VerificationType::float_type(), CHECK_VERIFY(this));
920 // fall through
921 case Bytecodes::_fneg :
922 current_frame.pop_stack(
923 VerificationType::float_type(), CHECK_VERIFY(this));
924 current_frame.push_stack(
925 VerificationType::float_type(), CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_dadd :
928 case Bytecodes::_dsub :
929 case Bytecodes::_dmul :
930 case Bytecodes::_ddiv :
931 case Bytecodes::_drem :
932 current_frame.pop_stack_2(
933 VerificationType::double2_type(),
934 VerificationType::double_type(), CHECK_VERIFY(this));
935 // fall through
936 case Bytecodes::_dneg :
937 current_frame.pop_stack_2(
938 VerificationType::double2_type(),
939 VerificationType::double_type(), CHECK_VERIFY(this));
940 current_frame.push_stack_2(
941 VerificationType::double_type(),
942 VerificationType::double2_type(), CHECK_VERIFY(this));
943 no_control_flow = false; break;
944 case Bytecodes::_iinc :
945 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
946 no_control_flow = false; break;
947 case Bytecodes::_i2l :
948 type = current_frame.pop_stack(
949 VerificationType::integer_type(), CHECK_VERIFY(this));
950 current_frame.push_stack_2(
951 VerificationType::long_type(),
952 VerificationType::long2_type(), CHECK_VERIFY(this));
953 no_control_flow = false; break;
954 case Bytecodes::_l2i :
955 current_frame.pop_stack_2(
956 VerificationType::long2_type(),
957 VerificationType::long_type(), CHECK_VERIFY(this));
958 current_frame.push_stack(
959 VerificationType::integer_type(), CHECK_VERIFY(this));
960 no_control_flow = false; break;
961 case Bytecodes::_i2f :
962 current_frame.pop_stack(
963 VerificationType::integer_type(), CHECK_VERIFY(this));
964 current_frame.push_stack(
965 VerificationType::float_type(), CHECK_VERIFY(this));
966 no_control_flow = false; break;
967 case Bytecodes::_i2d :
968 current_frame.pop_stack(
969 VerificationType::integer_type(), CHECK_VERIFY(this));
970 current_frame.push_stack_2(
971 VerificationType::double_type(),
972 VerificationType::double2_type(), CHECK_VERIFY(this));
973 no_control_flow = false; break;
974 case Bytecodes::_l2f :
975 current_frame.pop_stack_2(
976 VerificationType::long2_type(),
977 VerificationType::long_type(), CHECK_VERIFY(this));
978 current_frame.push_stack(
979 VerificationType::float_type(), CHECK_VERIFY(this));
980 no_control_flow = false; break;
981 case Bytecodes::_l2d :
982 current_frame.pop_stack_2(
983 VerificationType::long2_type(),
984 VerificationType::long_type(), CHECK_VERIFY(this));
985 current_frame.push_stack_2(
986 VerificationType::double_type(),
987 VerificationType::double2_type(), CHECK_VERIFY(this));
988 no_control_flow = false; break;
989 case Bytecodes::_f2i :
990 current_frame.pop_stack(
991 VerificationType::float_type(), CHECK_VERIFY(this));
992 current_frame.push_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 no_control_flow = false; break;
995 case Bytecodes::_f2l :
996 current_frame.pop_stack(
997 VerificationType::float_type(), CHECK_VERIFY(this));
998 current_frame.push_stack_2(
999 VerificationType::long_type(),
1000 VerificationType::long2_type(), CHECK_VERIFY(this));
1001 no_control_flow = false; break;
1002 case Bytecodes::_f2d :
1003 current_frame.pop_stack(
1004 VerificationType::float_type(), CHECK_VERIFY(this));
1005 current_frame.push_stack_2(
1006 VerificationType::double_type(),
1007 VerificationType::double2_type(), CHECK_VERIFY(this));
1008 no_control_flow = false; break;
1009 case Bytecodes::_d2i :
1010 current_frame.pop_stack_2(
1011 VerificationType::double2_type(),
1012 VerificationType::double_type(), CHECK_VERIFY(this));
1013 current_frame.push_stack(
1014 VerificationType::integer_type(), CHECK_VERIFY(this));
1015 no_control_flow = false; break;
1016 case Bytecodes::_d2l :
1017 current_frame.pop_stack_2(
1018 VerificationType::double2_type(),
1019 VerificationType::double_type(), CHECK_VERIFY(this));
1020 current_frame.push_stack_2(
1021 VerificationType::long_type(),
1022 VerificationType::long2_type(), CHECK_VERIFY(this));
1023 no_control_flow = false; break;
1024 case Bytecodes::_d2f :
1025 current_frame.pop_stack_2(
1026 VerificationType::double2_type(),
1027 VerificationType::double_type(), CHECK_VERIFY(this));
1028 current_frame.push_stack(
1029 VerificationType::float_type(), CHECK_VERIFY(this));
1030 no_control_flow = false; break;
1031 case Bytecodes::_i2b :
1032 case Bytecodes::_i2c :
1033 case Bytecodes::_i2s :
1034 current_frame.pop_stack(
1035 VerificationType::integer_type(), CHECK_VERIFY(this));
1036 current_frame.push_stack(
1037 VerificationType::integer_type(), CHECK_VERIFY(this));
1038 no_control_flow = false; break;
1039 case Bytecodes::_lcmp :
1040 current_frame.pop_stack_2(
1041 VerificationType::long2_type(),
1042 VerificationType::long_type(), CHECK_VERIFY(this));
1043 current_frame.pop_stack_2(
1044 VerificationType::long2_type(),
1045 VerificationType::long_type(), CHECK_VERIFY(this));
1046 current_frame.push_stack(
1047 VerificationType::integer_type(), CHECK_VERIFY(this));
1048 no_control_flow = false; break;
1049 case Bytecodes::_fcmpl :
1050 case Bytecodes::_fcmpg :
1051 current_frame.pop_stack(
1052 VerificationType::float_type(), CHECK_VERIFY(this));
1053 current_frame.pop_stack(
1054 VerificationType::float_type(), CHECK_VERIFY(this));
1055 current_frame.push_stack(
1056 VerificationType::integer_type(), CHECK_VERIFY(this));
1057 no_control_flow = false; break;
1058 case Bytecodes::_dcmpl :
1059 case Bytecodes::_dcmpg :
1060 current_frame.pop_stack_2(
1061 VerificationType::double2_type(),
1062 VerificationType::double_type(), CHECK_VERIFY(this));
1063 current_frame.pop_stack_2(
1064 VerificationType::double2_type(),
1065 VerificationType::double_type(), CHECK_VERIFY(this));
1066 current_frame.push_stack(
1067 VerificationType::integer_type(), CHECK_VERIFY(this));
1068 no_control_flow = false; break;
1069 case Bytecodes::_if_icmpeq:
1070 case Bytecodes::_if_icmpne:
1071 case Bytecodes::_if_icmplt:
1072 case Bytecodes::_if_icmpge:
1073 case Bytecodes::_if_icmpgt:
1074 case Bytecodes::_if_icmple:
1075 current_frame.pop_stack(
1076 VerificationType::integer_type(), CHECK_VERIFY(this));
1077 // fall through
1078 case Bytecodes::_ifeq:
1079 case Bytecodes::_ifne:
1080 case Bytecodes::_iflt:
1081 case Bytecodes::_ifge:
1082 case Bytecodes::_ifgt:
1083 case Bytecodes::_ifle:
1084 current_frame.pop_stack(
1085 VerificationType::integer_type(), CHECK_VERIFY(this));
1086 target = bcs.dest();
1087 stackmap_table.check_jump_target(
1088 ¤t_frame, target, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_if_acmpeq :
1091 case Bytecodes::_if_acmpne :
1092 current_frame.pop_stack(
1093 VerificationType::reference_check(), CHECK_VERIFY(this));
1094 // fall through
1095 case Bytecodes::_ifnull :
1096 case Bytecodes::_ifnonnull :
1097 current_frame.pop_stack(
1098 VerificationType::reference_check(), CHECK_VERIFY(this));
1099 target = bcs.dest();
1100 stackmap_table.check_jump_target
1101 (¤t_frame, target, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 case Bytecodes::_goto :
1104 target = bcs.dest();
1105 stackmap_table.check_jump_target(
1106 ¤t_frame, target, CHECK_VERIFY(this));
1107 no_control_flow = true; break;
1108 case Bytecodes::_goto_w :
1109 target = bcs.dest_w();
1110 stackmap_table.check_jump_target(
1111 ¤t_frame, target, CHECK_VERIFY(this));
1112 no_control_flow = true; break;
1113 case Bytecodes::_tableswitch :
1114 case Bytecodes::_lookupswitch :
1115 verify_switch(
1116 &bcs, code_length, code_data, ¤t_frame,
1117 &stackmap_table, CHECK_VERIFY(this));
1118 no_control_flow = true; break;
1119 case Bytecodes::_ireturn :
1120 type = current_frame.pop_stack(
1121 VerificationType::integer_type(), CHECK_VERIFY(this));
1122 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1123 no_control_flow = true; break;
1124 case Bytecodes::_lreturn :
1125 type2 = current_frame.pop_stack(
1126 VerificationType::long2_type(), CHECK_VERIFY(this));
1127 type = current_frame.pop_stack(
1128 VerificationType::long_type(), CHECK_VERIFY(this));
1129 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1130 no_control_flow = true; break;
1131 case Bytecodes::_freturn :
1132 type = current_frame.pop_stack(
1133 VerificationType::float_type(), CHECK_VERIFY(this));
1134 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1135 no_control_flow = true; break;
1136 case Bytecodes::_dreturn :
1137 type2 = current_frame.pop_stack(
1138 VerificationType::double2_type(), CHECK_VERIFY(this));
1139 type = current_frame.pop_stack(
1140 VerificationType::double_type(), CHECK_VERIFY(this));
1141 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1142 no_control_flow = true; break;
1143 case Bytecodes::_areturn :
1144 type = current_frame.pop_stack(
1145 VerificationType::reference_check(), CHECK_VERIFY(this));
1146 verify_return_value(return_type, type, bci, CHECK_VERIFY(this));
1147 no_control_flow = true; break;
1148 case Bytecodes::_return :
1149 if (return_type != VerificationType::bogus_type()) {
1150 verify_error(bci, "Method expects no return value");
1151 return;
1152 }
1153 // Make sure "this" has been initialized if current method is an
1154 // <init>
1155 if (_method->name() == vmSymbols::object_initializer_name() &&
1156 current_frame.flag_this_uninit()) {
1157 verify_error(bci,
1158 "Constructor must call super() or this() before return");
1159 return;
1160 }
1161 no_control_flow = true; break;
1162 case Bytecodes::_getstatic :
1163 case Bytecodes::_putstatic :
1164 case Bytecodes::_getfield :
1165 case Bytecodes::_putfield :
1166 verify_field_instructions(
1167 &bcs, ¤t_frame, cp, CHECK_VERIFY(this));
1168 no_control_flow = false; break;
1169 case Bytecodes::_invokevirtual :
1170 case Bytecodes::_invokespecial :
1171 case Bytecodes::_invokestatic :
1172 verify_invoke_instructions(
1173 &bcs, code_length, ¤t_frame,
1174 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1175 no_control_flow = false; break;
1176 case Bytecodes::_invokeinterface :
1177 verify_invoke_instructions(
1178 &bcs, code_length, ¤t_frame,
1179 &this_uninit, return_type, cp, CHECK_VERIFY(this));
1180 no_control_flow = false; break;
1181 case Bytecodes::_new :
1182 {
1183 index = bcs.get_index_big();
1184 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1185 VerificationType new_class_type =
1186 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1187 if (!new_class_type.is_object()) {
1188 verify_error(bci, "Illegal new instruction");
1189 return;
1190 }
1191 type = VerificationType::uninitialized_type(bci);
1192 current_frame.push_stack(type, CHECK_VERIFY(this));
1193 no_control_flow = false; break;
1194 }
1195 case Bytecodes::_newarray :
1196 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1197 current_frame.pop_stack(
1198 VerificationType::integer_type(), CHECK_VERIFY(this));
1199 current_frame.push_stack(type, CHECK_VERIFY(this));
1200 no_control_flow = false; break;
1201 case Bytecodes::_anewarray :
1202 verify_anewarray(
1203 bcs.get_index_big(), cp, ¤t_frame, CHECK_VERIFY(this));
1204 no_control_flow = false; break;
1205 case Bytecodes::_arraylength :
1206 type = current_frame.pop_stack(
1207 VerificationType::reference_check(), CHECK_VERIFY(this));
1208 if (!type.is_array()) {
1209 verify_error(bci, bad_type_msg, "arraylength");
1210 }
1211 current_frame.push_stack(
1212 VerificationType::integer_type(), CHECK_VERIFY(this));
1213 no_control_flow = false; break;
1214 case Bytecodes::_checkcast :
1215 {
1216 index = bcs.get_index_big();
1217 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1218 current_frame.pop_stack(
1219 VerificationType::reference_check(), CHECK_VERIFY(this));
1220 VerificationType klass_type = cp_index_to_type(
1221 index, cp, CHECK_VERIFY(this));
1222 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1223 no_control_flow = false; break;
1224 }
1225 case Bytecodes::_instanceof : {
1226 index = bcs.get_index_big();
1227 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1228 current_frame.pop_stack(
1229 VerificationType::reference_check(), CHECK_VERIFY(this));
1230 current_frame.push_stack(
1231 VerificationType::integer_type(), CHECK_VERIFY(this));
1232 no_control_flow = false; break;
1233 }
1234 case Bytecodes::_monitorenter :
1235 case Bytecodes::_monitorexit :
1236 current_frame.pop_stack(
1237 VerificationType::reference_check(), CHECK_VERIFY(this));
1238 no_control_flow = false; break;
1239 case Bytecodes::_multianewarray :
1240 {
1241 index = bcs.get_index_big();
1242 u2 dim = *(bcs.bcp()+3);
1243 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
1244 VerificationType new_array_type =
1245 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1246 if (!new_array_type.is_array()) {
1247 verify_error(bci,
1248 "Illegal constant pool index in multianewarray instruction");
1249 return;
1250 }
1251 if (dim < 1 || new_array_type.dimensions() < dim) {
1252 verify_error(bci,
1253 "Illegal dimension in multianewarray instruction");
1254 return;
1255 }
1256 for (int i = 0; i < dim; i++) {
1257 current_frame.pop_stack(
1258 VerificationType::integer_type(), CHECK_VERIFY(this));
1259 }
1260 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1261 no_control_flow = false; break;
1262 }
1263 case Bytecodes::_athrow :
1264 type = VerificationType::reference_type(
1265 vmSymbols::java_lang_Throwable());
1266 current_frame.pop_stack(type, CHECK_VERIFY(this));
1267 no_control_flow = true; break;
1268 default:
1269 // We only need to check the valid bytecodes in class file.
1270 // And jsr and ret are not in the new class file format in JDK1.5.
1271 verify_error(bci, "Bad instruction");
1272 no_control_flow = false;
1273 return;
1274 } // end switch
1275 } // end Merge with the next instruction
1276
1277 // Look for possible jump target in exception handlers and see if it
1278 // matches current_frame
1279 if (bci >= ex_min && bci < ex_max) {
1280 verify_exception_handler_targets(
1281 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1282 }
1283 } // end while
1284
1285 // Make sure that control flow does not fall through end of the method
1286 if (!no_control_flow) {
1287 verify_error(code_length, "Control flow falls through code end");
1288 return;
1289 }
1290 }
1291
1292 char* ClassVerifier::generate_code_data(methodHandle m, u4 code_length, TRAPS) {
1293 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1294 memset(code_data, 0, sizeof(char) * code_length);
1295 RawBytecodeStream bcs(m);
1296
1297 while (!bcs.is_last_bytecode()) {
1298 if (bcs.raw_next() != Bytecodes::_illegal) {
1299 int bci = bcs.bci();
1300 if (bcs.code() == Bytecodes::_new) {
1301 code_data[bci] = NEW_OFFSET;
1302 } else {
1303 code_data[bci] = BYTECODE_OFFSET;
1304 }
1305 } else {
1306 verify_error(bcs.bci(), "Bad instruction");
1307 return NULL;
1308 }
1309 }
1310
1311 return code_data;
1312 }
1313
1314 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1315 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1316 constantPoolHandle cp (THREAD, _method->constants());
1317
1318 if (exhandlers() != NULL) {
1319 for(int i = 0; i < exhandlers->length();) {
1320 u2 start_pc = exhandlers->int_at(i++);
1321 u2 end_pc = exhandlers->int_at(i++);
1322 u2 handler_pc = exhandlers->int_at(i++);
1323 if (start_pc >= code_length || code_data[start_pc] == 0) {
1324 class_format_error("Illegal exception table start_pc %d", start_pc);
1325 return;
1326 }
1327 if (end_pc != code_length) { // special case: end_pc == code_length
1328 if (end_pc > code_length || code_data[end_pc] == 0) {
1329 class_format_error("Illegal exception table end_pc %d", end_pc);
1330 return;
1331 }
1332 }
1333 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1334 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1335 return;
1336 }
1337 int catch_type_index = exhandlers->int_at(i++);
1338 if (catch_type_index != 0) {
1339 VerificationType catch_type = cp_index_to_type(
1340 catch_type_index, cp, CHECK_VERIFY(this));
1341 VerificationType throwable =
1342 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1343 bool is_subclass = throwable.is_assignable_from(
1344 catch_type, current_class(), CHECK_VERIFY(this));
1345 if (!is_subclass) {
1346 // 4286534: should throw VerifyError according to recent spec change
1347 verify_error(
1348 "Catch type is not a subclass of Throwable in handler %d",
1349 handler_pc);
1350 return;
1351 }
1352 }
1353 if (start_pc < min) min = start_pc;
1354 if (end_pc > max) max = end_pc;
1355 }
1356 }
1357 }
1358
1359 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1360 int localvariable_table_length = _method()->localvariable_table_length();
1361 if (localvariable_table_length > 0) {
1362 LocalVariableTableElement* table = _method()->localvariable_table_start();
1363 for (int i = 0; i < localvariable_table_length; i++) {
1364 u2 start_bci = table[i].start_bci;
1365 u2 length = table[i].length;
1366
1367 if (start_bci >= code_length || code_data[start_bci] == 0) {
1368 class_format_error(
1369 "Illegal local variable table start_pc %d", start_bci);
1370 return;
1371 }
1372 u4 end_bci = (u4)(start_bci + length);
1373 if (end_bci != code_length) {
1374 if (end_bci >= code_length || code_data[end_bci] == 0) {
1375 class_format_error( "Illegal local variable table length %d", length);
1376 return;
1377 }
1378 }
1379 }
1380 }
1381 }
1382
1383 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1384 StackMapFrame* current_frame,
1385 StackMapTable* stackmap_table,
1386 bool no_control_flow, TRAPS) {
1387 if (stackmap_index < stackmap_table->get_frame_count()) {
1388 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1389 if (no_control_flow && this_offset > bci) {
1390 verify_error(bci, "Expecting a stack map frame");
1391 return 0;
1392 }
1393 if (this_offset == bci) {
1394 // See if current stack map can be assigned to the frame in table.
1395 // current_frame is the stackmap frame got from the last instruction.
1396 // If matched, current_frame will be updated by this method.
1397 bool match = stackmap_table->match_stackmap(
1398 current_frame, this_offset, stackmap_index,
1399 !no_control_flow, true, CHECK_VERIFY_(this, 0));
1400 if (!match) {
1401 // report type error
1402 verify_error(bci, "Instruction type does not match stack map");
1403 return 0;
1404 }
1405 stackmap_index++;
1406 } else if (this_offset < bci) {
1407 // current_offset should have met this_offset.
1408 class_format_error("Bad stack map offset %d", this_offset);
1409 return 0;
1410 }
1411 } else if (no_control_flow) {
1412 verify_error(bci, "Expecting a stack map frame");
1413 return 0;
1414 }
1415 return stackmap_index;
1416 }
1417
1418 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, StackMapFrame* current_frame,
1419 StackMapTable* stackmap_table, TRAPS) {
1420 constantPoolHandle cp (THREAD, _method->constants());
1421 typeArrayHandle exhandlers (THREAD, _method->exception_table());
1422 if (exhandlers() != NULL) {
1423 for(int i = 0; i < exhandlers->length();) {
1424 u2 start_pc = exhandlers->int_at(i++);
1425 u2 end_pc = exhandlers->int_at(i++);
1426 u2 handler_pc = exhandlers->int_at(i++);
1427 int catch_type_index = exhandlers->int_at(i++);
1428 if(bci >= start_pc && bci < end_pc) {
1429 u1 flags = current_frame->flags();
1430 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1431
1432 ResourceMark rm(THREAD);
1433 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1434 if (catch_type_index != 0) {
1435 // We know that this index refers to a subclass of Throwable
1436 VerificationType catch_type = cp_index_to_type(
1437 catch_type_index, cp, CHECK_VERIFY(this));
1438 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1439 } else {
1440 VerificationType throwable =
1441 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1442 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1443 }
1444 bool match = stackmap_table->match_stackmap(
1445 new_frame, handler_pc, true, false, CHECK_VERIFY(this));
1446 if (!match) {
1447 verify_error(bci,
1448 "Stack map does not match the one at exception handler %d",
1449 handler_pc);
1450 return;
1451 }
1452 }
1453 }
1454 }
1455 }
1456
1457 void ClassVerifier::verify_cp_index(constantPoolHandle cp, int index, TRAPS) {
1458 int nconstants = cp->length();
1459 if ((index <= 0) || (index >= nconstants)) {
1460 verify_error("Illegal constant pool index %d in class %s",
1461 index, instanceKlass::cast(cp->pool_holder())->external_name());
1462 return;
1463 }
1464 }
1465
1466 void ClassVerifier::verify_cp_type(
1467 int index, constantPoolHandle cp, unsigned int types, TRAPS) {
1468
1469 // In some situations, bytecode rewriting may occur while we're verifying.
1470 // In this case, a constant pool cache exists and some indices refer to that
1471 // instead. Get the original index for the tag check
1472 constantPoolCacheOop cache = cp->cache();
1473 if (cache != NULL &&
1474 ((types == (1 << JVM_CONSTANT_InterfaceMethodref)) ||
1475 (types == (1 << JVM_CONSTANT_Methodref)) ||
1476 (types == (1 << JVM_CONSTANT_Fieldref)))) {
1477 int native_index = index;
1478 if (Bytes::is_Java_byte_ordering_different()) {
1479 native_index = Bytes::swap_u2(index);
1480 }
1481 assert((native_index >= 0) && (native_index < cache->length()),
1482 "Must be a legal index into the cp cache");
1483 index = cache->entry_at(native_index)->constant_pool_index();
1484 }
1485
1486 verify_cp_index(cp, index, CHECK_VERIFY(this));
1487 unsigned int tag = cp->tag_at(index).value();
1488 if ((types & (1 << tag)) == 0) {
1489 verify_error(
1490 "Illegal type at constant pool entry %d in class %s",
1491 index, instanceKlass::cast(cp->pool_holder())->external_name());
1492 return;
1493 }
1494 }
1495
1496 void ClassVerifier::verify_cp_class_type(
1497 int index, constantPoolHandle cp, TRAPS) {
1498 verify_cp_index(cp, index, CHECK_VERIFY(this));
1499 constantTag tag = cp->tag_at(index);
1500 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
1501 verify_error("Illegal type at constant pool entry %d in class %s",
1502 index, instanceKlass::cast(cp->pool_holder())->external_name());
1503 return;
1504 }
1505 }
1506
1507 void ClassVerifier::format_error_message(
1508 const char* fmt, int offset, va_list va) {
1509 ResourceMark rm(_thread);
1510 stringStream message(_message, _message_buffer_len);
1511 message.vprint(fmt, va);
1512 if (!_method.is_null()) {
1513 message.print(" in method %s", _method->name_and_sig_as_C_string());
1514 }
1515 if (offset != -1) {
1516 message.print(" at offset %d", offset);
1517 }
1518 }
1519
1520 void ClassVerifier::verify_error(u2 offset, const char* fmt, ...) {
1521 _exception_type = vmSymbols::java_lang_VerifyError();
1522 va_list va;
1523 va_start(va, fmt);
1524 format_error_message(fmt, offset, va);
1525 va_end(va);
1526 }
1527
1528 void ClassVerifier::verify_error(const char* fmt, ...) {
1529 _exception_type = vmSymbols::java_lang_VerifyError();
1530 va_list va;
1531 va_start(va, fmt);
1532 format_error_message(fmt, -1, va);
1533 va_end(va);
1534 }
1535
1536 void ClassVerifier::class_format_error(const char* msg, ...) {
1537 _exception_type = vmSymbols::java_lang_ClassFormatError();
1538 va_list va;
1539 va_start(va, msg);
1540 format_error_message(msg, -1, va);
1541 va_end(va);
1542 }
1543
1544 klassOop ClassVerifier::load_class(symbolHandle name, TRAPS) {
1545 // Get current loader and protection domain first.
1546 oop loader = current_class()->class_loader();
1547 oop protection_domain = current_class()->protection_domain();
1548
1549 return SystemDictionary::resolve_or_fail(
1550 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
1551 true, CHECK_NULL);
1552 }
1553
1554 bool ClassVerifier::is_protected_access(instanceKlassHandle this_class,
1555 klassOop target_class,
1556 symbolOop field_name,
1557 symbolOop field_sig,
1558 bool is_method) {
1559 No_Safepoint_Verifier nosafepoint;
1560
1561 // If target class isn't a super class of this class, we don't worry about this case
1562 if (!this_class->is_subclass_of(target_class)) {
1563 return false;
1564 }
1565 // Check if the specified method or field is protected
1566 instanceKlass* target_instance = instanceKlass::cast(target_class);
1567 fieldDescriptor fd;
1568 if (is_method) {
1569 methodOop m = target_instance->uncached_lookup_method(field_name, field_sig);
1570 if (m != NULL && m->is_protected()) {
1571 if (!this_class->is_same_class_package(m->method_holder())) {
1572 return true;
1573 }
1574 }
1575 } else {
1576 klassOop member_klass = target_instance->find_field(field_name, field_sig, &fd);
1577 if(member_klass != NULL && fd.is_protected()) {
1578 if (!this_class->is_same_class_package(member_klass)) {
1579 return true;
1580 }
1581 }
1582 }
1583 return false;
1584 }
1585
1586 void ClassVerifier::verify_ldc(
1587 int opcode, u2 index, StackMapFrame *current_frame,
1588 constantPoolHandle cp, u2 bci, TRAPS) {
1589 verify_cp_index(cp, index, CHECK_VERIFY(this));
1590 constantTag tag = cp->tag_at(index);
1591 unsigned int types;
1592 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
1593 if (!tag.is_unresolved_string() && !tag.is_unresolved_klass()) {
1594 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
1595 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class);
1596 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1597 }
1598 } else {
1599 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
1600 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1601 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1602 }
1603 if (tag.is_string() || tag.is_unresolved_string()) {
1604 current_frame->push_stack(
1605 VerificationType::reference_type(
1606 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
1607 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
1608 current_frame->push_stack(
1609 VerificationType::reference_type(
1610 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
1611 } else if (tag.is_int()) {
1612 current_frame->push_stack(
1613 VerificationType::integer_type(), CHECK_VERIFY(this));
1614 } else if (tag.is_float()) {
1615 current_frame->push_stack(
1616 VerificationType::float_type(), CHECK_VERIFY(this));
1617 } else if (tag.is_double()) {
1618 current_frame->push_stack_2(
1619 VerificationType::double_type(),
1620 VerificationType::double2_type(), CHECK_VERIFY(this));
1621 } else if (tag.is_long()) {
1622 current_frame->push_stack_2(
1623 VerificationType::long_type(),
1624 VerificationType::long2_type(), CHECK_VERIFY(this));
1625 } else {
1626 verify_error(bci, "Invalid index in ldc");
1627 return;
1628 }
1629 }
1630
1631 void ClassVerifier::verify_switch(
1632 RawBytecodeStream* bcs, u4 code_length, char* code_data,
1633 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
1634 int bci = bcs->bci();
1635 address bcp = bcs->bcp();
1636 address aligned_bcp = (address) round_to((intptr_t)(bcp + 1), jintSize);
1637
1638 // 4639449 & 4647081: padding bytes must be 0
1639 u2 padding_offset = 1;
1640 while ((bcp + padding_offset) < aligned_bcp) {
1641 if(*(bcp + padding_offset) != 0) {
1642 verify_error(bci, "Nonzero padding byte in lookswitch or tableswitch");
1643 return;
1644 }
1645 padding_offset++;
1646 }
1647 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
1648 int keys, delta;
1649 current_frame->pop_stack(
1650 VerificationType::integer_type(), CHECK_VERIFY(this));
1651 if (bcs->code() == Bytecodes::_tableswitch) {
1652 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
1653 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
1654 if (low > high) {
1655 verify_error(bci,
1656 "low must be less than or equal to high in tableswitch");
1657 return;
1658 }
1659 keys = high - low + 1;
1660 if (keys < 0) {
1661 verify_error(bci, "too many keys in tableswitch");
1662 return;
1663 }
1664 delta = 1;
1665 } else {
1666 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
1667 if (keys < 0) {
1668 verify_error(bci, "number of keys in lookupswitch less than 0");
1669 return;
1670 }
1671 delta = 2;
1672 // Make sure that the lookupswitch items are sorted
1673 for (int i = 0; i < (keys - 1); i++) {
1674 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
1675 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
1676 if (this_key >= next_key) {
1677 verify_error(bci, "Bad lookupswitch instruction");
1678 return;
1679 }
1680 }
1681 }
1682 int target = bci + default_offset;
1683 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
1684 for (int i = 0; i < keys; i++) {
1685 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
1686 stackmap_table->check_jump_target(
1687 current_frame, target, CHECK_VERIFY(this));
1688 }
1689 }
1690
1691 bool ClassVerifier::name_in_supers(
1692 symbolOop ref_name, instanceKlassHandle current) {
1693 klassOop super = current->super();
1694 while (super != NULL) {
1695 if (super->klass_part()->name() == ref_name) {
1696 return true;
1697 }
1698 super = super->klass_part()->super();
1699 }
1700 return false;
1701 }
1702
1703 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
1704 StackMapFrame* current_frame,
1705 constantPoolHandle cp,
1706 TRAPS) {
1707 u2 index = bcs->get_index_big();
1708 verify_cp_type(index, cp, 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
1709
1710 // Get field name and signature
1711 symbolHandle field_name = symbolHandle(THREAD, cp->name_ref_at(index));
1712 symbolHandle field_sig = symbolHandle(THREAD, cp->signature_ref_at(index));
1713
1714 if (!SignatureVerifier::is_valid_type_signature(field_sig)) {
1715 class_format_error(
1716 "Invalid signature for field in class %s referenced "
1717 "from constant pool index %d", _klass->external_name(), index);
1718 return;
1719 }
1720
1721 // Get referenced class type
1722 VerificationType ref_class_type = cp_ref_index_to_type(
1723 index, cp, CHECK_VERIFY(this));
1724 if (!ref_class_type.is_object()) {
1725 verify_error(
1726 "Expecting reference to class in class %s at constant pool index %d",
1727 _klass->external_name(), index);
1728 return;
1729 }
1730 VerificationType target_class_type = ref_class_type;
1731
1732 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1733 "buffer type must match VerificationType size");
1734 uintptr_t field_type_buffer[2];
1735 VerificationType* field_type = (VerificationType*)field_type_buffer;
1736 // If we make a VerificationType[2] array directly, the compiler calls
1737 // to the c-runtime library to do the allocation instead of just
1738 // stack allocating it. Plus it would run constructors. This shows up
1739 // in performance profiles.
1740
1741 SignatureStream sig_stream(field_sig, false);
1742 VerificationType stack_object_type;
1743 int n = change_sig_to_verificationType(
1744 &sig_stream, field_type, CHECK_VERIFY(this));
1745 u2 bci = bcs->bci();
1746 bool is_assignable;
1747 switch (bcs->code()) {
1748 case Bytecodes::_getstatic: {
1749 for (int i = 0; i < n; i++) {
1750 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1751 }
1752 break;
1753 }
1754 case Bytecodes::_putstatic: {
1755 for (int i = n - 1; i >= 0; i--) {
1756 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1757 }
1758 break;
1759 }
1760 case Bytecodes::_getfield: {
1761 stack_object_type = current_frame->pop_stack(
1762 target_class_type, CHECK_VERIFY(this));
1763 for (int i = 0; i < n; i++) {
1764 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
1765 }
1766 goto check_protected;
1767 }
1768 case Bytecodes::_putfield: {
1769 for (int i = n - 1; i >= 0; i--) {
1770 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
1771 }
1772 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
1773
1774 // The JVMS 2nd edition allows field initialization before the superclass
1775 // initializer, if the field is defined within the current class.
1776 fieldDescriptor fd;
1777 if (stack_object_type == VerificationType::uninitialized_this_type() &&
1778 target_class_type.equals(current_type()) &&
1779 _klass->find_local_field(field_name(), field_sig(), &fd)) {
1780 stack_object_type = current_type();
1781 }
1782 is_assignable = target_class_type.is_assignable_from(
1783 stack_object_type, current_class(), CHECK_VERIFY(this));
1784 if (!is_assignable) {
1785 verify_error(bci, "Bad type on operand stack in putfield");
1786 return;
1787 }
1788 }
1789 check_protected: {
1790 if (_this_type == stack_object_type)
1791 break; // stack_object_type must be assignable to _current_class_type
1792 symbolHandle ref_class_name = symbolHandle(THREAD,
1793 cp->klass_name_at(cp->klass_ref_index_at(index)));
1794 if (!name_in_supers(ref_class_name(), current_class()))
1795 // stack_object_type must be assignable to _current_class_type since:
1796 // 1. stack_object_type must be assignable to ref_class.
1797 // 2. ref_class must be _current_class or a subclass of it. It can't
1798 // be a superclass of it. See revised JVMS 5.4.4.
1799 break;
1800
1801 klassOop ref_class_oop = load_class(ref_class_name, CHECK);
1802 if (is_protected_access(current_class(), ref_class_oop, field_name(),
1803 field_sig(), false)) {
1804 // It's protected access, check if stack object is assignable to
1805 // current class.
1806 is_assignable = current_type().is_assignable_from(
1807 stack_object_type, current_class(), CHECK_VERIFY(this));
1808 if (!is_assignable) {
1809 verify_error(bci, "Bad access to protected data in getfield");
1810 return;
1811 }
1812 }
1813 break;
1814 }
1815 default: ShouldNotReachHere();
1816 }
1817 }
1818
1819 void ClassVerifier::verify_invoke_init(
1820 RawBytecodeStream* bcs, VerificationType ref_class_type,
1821 StackMapFrame* current_frame, u4 code_length, bool *this_uninit,
1822 constantPoolHandle cp, TRAPS) {
1823 u2 bci = bcs->bci();
1824 VerificationType type = current_frame->pop_stack(
1825 VerificationType::reference_check(), CHECK_VERIFY(this));
1826 if (type == VerificationType::uninitialized_this_type()) {
1827 // The method must be an <init> method of either this class, or one of its
1828 // superclasses
1829 klassOop oop = current_class()();
1830 Klass* klass = oop->klass_part();
1831 while (klass != NULL && ref_class_type.name() != klass->name()) {
1832 klass = klass->super()->klass_part();
1833 }
1834 if (klass == NULL) {
1835 verify_error(bci, "Bad <init> method call");
1836 return;
1837 }
1838 current_frame->initialize_object(type, current_type());
1839 *this_uninit = true;
1840 } else if (type.is_uninitialized()) {
1841 u2 new_offset = type.bci();
1842 address new_bcp = bcs->bcp() - bci + new_offset;
1843 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
1844 verify_error(new_offset, "Expecting new instruction");
1845 return;
1846 }
1847 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
1848 verify_cp_class_type(new_class_index, cp, CHECK_VERIFY(this));
1849
1850 // The method must be an <init> method of the indicated class
1851 VerificationType new_class_type = cp_index_to_type(
1852 new_class_index, cp, CHECK_VERIFY(this));
1853 if (!new_class_type.equals(ref_class_type)) {
1854 verify_error(bci, "Call to wrong <init> method");
1855 return;
1856 }
1857 // According to the VM spec, if the referent class is a superclass of the
1858 // current class, and is in a different runtime package, and the method is
1859 // protected, then the objectref must be the current class or a subclass
1860 // of the current class.
1861 VerificationType objectref_type = new_class_type;
1862 if (name_in_supers(ref_class_type.name(), current_class())) {
1863 klassOop ref_klass = load_class(
1864 ref_class_type.name(), CHECK_VERIFY(this));
1865 methodOop m = instanceKlass::cast(ref_klass)->uncached_lookup_method(
1866 vmSymbols::object_initializer_name(),
1867 cp->signature_ref_at(bcs->get_index_big()));
1868 instanceKlassHandle mh(THREAD, m->method_holder());
1869 if (m->is_protected() && !mh->is_same_class_package(_klass())) {
1870 bool assignable = current_type().is_assignable_from(
1871 objectref_type, current_class(), CHECK_VERIFY(this));
1872 if (!assignable) {
1873 verify_error(bci, "Bad access to protected <init> method");
1874 return;
1875 }
1876 }
1877 }
1878 current_frame->initialize_object(type, new_class_type);
1879 } else {
1880 verify_error(bci, "Bad operand type when invoking <init>");
1881 return;
1882 }
1883 }
1884
1885 void ClassVerifier::verify_invoke_instructions(
1886 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
1887 bool *this_uninit, VerificationType return_type,
1888 constantPoolHandle cp, TRAPS) {
1889 // Make sure the constant pool item is the right type
1890 u2 index = bcs->get_index_big();
1891 Bytecodes::Code opcode = bcs->code();
1892 unsigned int types = (opcode == Bytecodes::_invokeinterface
1893 ? 1 << JVM_CONSTANT_InterfaceMethodref
1894 : 1 << JVM_CONSTANT_Methodref);
1895 verify_cp_type(index, cp, types, CHECK_VERIFY(this));
1896
1897 // Get method name and signature
1898 symbolHandle method_name(THREAD, cp->name_ref_at(index));
1899 symbolHandle method_sig(THREAD, cp->signature_ref_at(index));
1900
1901 if (!SignatureVerifier::is_valid_method_signature(method_sig)) {
1902 class_format_error(
1903 "Invalid method signature in class %s referenced "
1904 "from constant pool index %d", _klass->external_name(), index);
1905 return;
1906 }
1907
1908 // Get referenced class type
1909 VerificationType ref_class_type = cp_ref_index_to_type(
1910 index, cp, CHECK_VERIFY(this));
1911
1912 // For a small signature length, we just allocate 128 bytes instead
1913 // of parsing the signature once to find its size.
1914 // -3 is for '(', ')' and return descriptor; multiply by 2 is for
1915 // longs/doubles to be consertive.
1916 assert(sizeof(VerificationType) == sizeof(uintptr_t),
1917 "buffer type must match VerificationType size");
1918 uintptr_t on_stack_sig_types_buffer[128];
1919 // If we make a VerificationType[128] array directly, the compiler calls
1920 // to the c-runtime library to do the allocation instead of just
1921 // stack allocating it. Plus it would run constructors. This shows up
1922 // in performance profiles.
1923
1924 VerificationType* sig_types;
1925 int size = (method_sig->utf8_length() - 3) * 2;
1926 if (size > 128) {
1927 // Long and double occupies two slots here.
1928 ArgumentSizeComputer size_it(method_sig);
1929 size = size_it.size();
1930 sig_types = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, VerificationType, size);
1931 } else{
1932 sig_types = (VerificationType*)on_stack_sig_types_buffer;
1933 }
1934 SignatureStream sig_stream(method_sig);
1935 int sig_i = 0;
1936 while (!sig_stream.at_return_type()) {
1937 sig_i += change_sig_to_verificationType(
1938 &sig_stream, &sig_types[sig_i], CHECK_VERIFY(this));
1939 sig_stream.next();
1940 }
1941 int nargs = sig_i;
1942
1943 #ifdef ASSERT
1944 {
1945 ArgumentSizeComputer size_it(method_sig);
1946 assert(nargs == size_it.size(), "Argument sizes do not match");
1947 assert(nargs <= (method_sig->utf8_length() - 3) * 2, "estimate of max size isn't conservative enough");
1948 }
1949 #endif
1950
1951 // Check instruction operands
1952 u2 bci = bcs->bci();
1953 if (opcode == Bytecodes::_invokeinterface) {
1954 address bcp = bcs->bcp();
1955 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
1956 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
1957 // the difference between the size of the operand stack before and after the instruction
1958 // executes.
1959 if (*(bcp+3) != (nargs+1)) {
1960 verify_error(bci, "Inconsistent args count operand in invokeinterface");
1961 return;
1962 }
1963 if (*(bcp+4) != 0) {
1964 verify_error(bci, "Fourth operand byte of invokeinterface must be zero");
1965 return;
1966 }
1967 }
1968
1969 if (method_name->byte_at(0) == '<') {
1970 // Make sure <init> can only be invoked by invokespecial
1971 if (opcode != Bytecodes::_invokespecial ||
1972 method_name() != vmSymbols::object_initializer_name()) {
1973 verify_error(bci, "Illegal call to internal method");
1974 return;
1975 }
1976 } else if (opcode == Bytecodes::_invokespecial
1977 && !ref_class_type.equals(current_type())
1978 && !ref_class_type.equals(VerificationType::reference_type(
1979 current_class()->super()->klass_part()->name()))) {
1980 bool subtype = ref_class_type.is_assignable_from(
1981 current_type(), current_class(), CHECK_VERIFY(this));
1982 if (!subtype) {
1983 verify_error(bci, "Bad invokespecial instruction: "
1984 "current class isn't assignable to reference class.");
1985 return;
1986 }
1987 }
1988 // Match method descriptor with operand stack
1989 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
1990 current_frame->pop_stack(sig_types[i], CHECK_VERIFY(this));
1991 }
1992 // Check objectref on operand stack
1993 if (opcode != Bytecodes::_invokestatic) {
1994 if (method_name() == vmSymbols::object_initializer_name()) { // <init> method
1995 verify_invoke_init(bcs, ref_class_type, current_frame,
1996 code_length, this_uninit, cp, CHECK_VERIFY(this));
1997 } else { // other methods
1998 // Ensures that target class is assignable to method class.
1999 if (opcode == Bytecodes::_invokespecial) {
2000 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2001 } else if (opcode == Bytecodes::_invokevirtual) {
2002 VerificationType stack_object_type =
2003 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2004 if (current_type() != stack_object_type) {
2005 assert(cp->cache() == NULL, "not rewritten yet");
2006 symbolHandle ref_class_name = symbolHandle(THREAD,
2007 cp->klass_name_at(cp->klass_ref_index_at(index)));
2008 // See the comments in verify_field_instructions() for
2009 // the rationale behind this.
2010 if (name_in_supers(ref_class_name(), current_class())) {
2011 klassOop ref_class = load_class(ref_class_name, CHECK);
2012 if (is_protected_access(
2013 _klass, ref_class, method_name(), method_sig(), true)) {
2014 // It's protected access, check if stack object is
2015 // assignable to current class.
2016 bool is_assignable = current_type().is_assignable_from(
2017 stack_object_type, current_class(), CHECK_VERIFY(this));
2018 if (!is_assignable) {
2019 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2020 && stack_object_type.is_array()
2021 && method_name() == vmSymbols::clone_name()) {
2022 // Special case: arrays pretend to implement public Object
2023 // clone().
2024 } else {
2025 verify_error(bci,
2026 "Bad access to protected data in invokevirtual");
2027 return;
2028 }
2029 }
2030 }
2031 }
2032 }
2033 } else {
2034 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2035 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2036 }
2037 }
2038 }
2039 // Push the result type.
2040 if (sig_stream.type() != T_VOID) {
2041 if (method_name() == vmSymbols::object_initializer_name()) {
2042 // <init> method must have a void return type
2043 verify_error(bci, "Return type must be void in <init> method");
2044 return;
2045 }
2046 VerificationType return_type[2];
2047 int n = change_sig_to_verificationType(
2048 &sig_stream, return_type, CHECK_VERIFY(this));
2049 for (int i = 0; i < n; i++) {
2050 current_frame->push_stack(return_type[i], CHECK_VERIFY(this)); // push types backwards
2051 }
2052 }
2053 }
2054
2055 VerificationType ClassVerifier::get_newarray_type(
2056 u2 index, u2 bci, TRAPS) {
2057 const char* from_bt[] = {
2058 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2059 };
2060 if (index < T_BOOLEAN || index > T_LONG) {
2061 verify_error(bci, "Illegal newarray instruction");
2062 return VerificationType::bogus_type();
2063 }
2064
2065 // from_bt[index] contains the array signature which has a length of 2
2066 symbolHandle sig = oopFactory::new_symbol_handle(
2067 from_bt[index], 2, CHECK_(VerificationType::bogus_type()));
2068 return VerificationType::reference_type(sig);
2069 }
2070
2071 void ClassVerifier::verify_anewarray(
2072 u2 index, constantPoolHandle cp, StackMapFrame* current_frame, TRAPS) {
2073 verify_cp_class_type(index, cp, CHECK_VERIFY(this));
2074 current_frame->pop_stack(
2075 VerificationType::integer_type(), CHECK_VERIFY(this));
2076
2077 VerificationType component_type =
2078 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2079 ResourceMark rm(THREAD);
2080 int length;
2081 char* arr_sig_str;
2082 if (component_type.is_array()) { // it's an array
2083 const char* component_name = component_type.name()->as_utf8();
2084 // add one dimension to component
2085 length = (int)strlen(component_name) + 1;
2086 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2087 arr_sig_str[0] = '[';
2088 strncpy(&arr_sig_str[1], component_name, length - 1);
2089 } else { // it's an object or interface
2090 const char* component_name = component_type.name()->as_utf8();
2091 // add one dimension to component with 'L' prepended and ';' postpended.
2092 length = (int)strlen(component_name) + 3;
2093 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length);
2094 arr_sig_str[0] = '[';
2095 arr_sig_str[1] = 'L';
2096 strncpy(&arr_sig_str[2], component_name, length - 2);
2097 arr_sig_str[length - 1] = ';';
2098 }
2099 symbolHandle arr_sig = oopFactory::new_symbol_handle(
2100 arr_sig_str, length, CHECK_VERIFY(this));
2101 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2102 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2103 }
2104
2105 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
2106 current_frame->get_local(
2107 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2108 current_frame->push_stack(
2109 VerificationType::integer_type(), CHECK_VERIFY(this));
2110 }
2111
2112 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
2113 current_frame->get_local_2(
2114 index, VerificationType::long_type(),
2115 VerificationType::long2_type(), CHECK_VERIFY(this));
2116 current_frame->push_stack_2(
2117 VerificationType::long_type(),
2118 VerificationType::long2_type(), CHECK_VERIFY(this));
2119 }
2120
2121 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
2122 current_frame->get_local(
2123 index, VerificationType::float_type(), CHECK_VERIFY(this));
2124 current_frame->push_stack(
2125 VerificationType::float_type(), CHECK_VERIFY(this));
2126 }
2127
2128 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
2129 current_frame->get_local_2(
2130 index, VerificationType::double_type(),
2131 VerificationType::double2_type(), CHECK_VERIFY(this));
2132 current_frame->push_stack_2(
2133 VerificationType::double_type(),
2134 VerificationType::double2_type(), CHECK_VERIFY(this));
2135 }
2136
2137 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
2138 VerificationType type = current_frame->get_local(
2139 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2140 current_frame->push_stack(type, CHECK_VERIFY(this));
2141 }
2142
2143 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
2144 current_frame->pop_stack(
2145 VerificationType::integer_type(), CHECK_VERIFY(this));
2146 current_frame->set_local(
2147 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2148 }
2149
2150 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2151 current_frame->pop_stack_2(
2152 VerificationType::long2_type(),
2153 VerificationType::long_type(), CHECK_VERIFY(this));
2154 current_frame->set_local_2(
2155 index, VerificationType::long_type(),
2156 VerificationType::long2_type(), CHECK_VERIFY(this));
2157 }
2158
2159 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2160 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2161 current_frame->set_local(
2162 index, VerificationType::float_type(), CHECK_VERIFY(this));
2163 }
2164
2165 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
2166 current_frame->pop_stack_2(
2167 VerificationType::double2_type(),
2168 VerificationType::double_type(), CHECK_VERIFY(this));
2169 current_frame->set_local_2(
2170 index, VerificationType::double_type(),
2171 VerificationType::double2_type(), CHECK_VERIFY(this));
2172 }
2173
2174 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
2175 VerificationType type = current_frame->pop_stack(
2176 VerificationType::reference_check(), CHECK_VERIFY(this));
2177 current_frame->set_local(index, type, CHECK_VERIFY(this));
2178 }
2179
2180 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
2181 VerificationType type = current_frame->get_local(
2182 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2183 current_frame->set_local(index, type, CHECK_VERIFY(this));
2184 }
2185
2186 void ClassVerifier::verify_return_value(
2187 VerificationType return_type, VerificationType type, u2 bci, TRAPS) {
2188 if (return_type == VerificationType::bogus_type()) {
2189 verify_error(bci, "Method expects a return value");
2190 return;
2191 }
2192 bool match = return_type.is_assignable_from(type, _klass, CHECK_VERIFY(this));
2193 if (!match) {
2194 verify_error(bci, "Bad return type");
2195 return;
2196 }
2197 }