|
54328
|
1 |
/*
|
|
|
2 |
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation.
|
|
|
8 |
*
|
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
13 |
* accompanied this code).
|
|
|
14 |
*
|
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
18 |
*
|
|
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
20 |
* or visit www.oracle.com if you need additional information or have any
|
|
|
21 |
* questions.
|
|
|
22 |
*/
|
|
|
23 |
|
|
|
24 |
|
|
|
25 |
package org.graalvm.compiler.core.test;
|
|
|
26 |
|
|
|
27 |
import static java.lang.reflect.Modifier.isProtected;
|
|
|
28 |
import static java.lang.reflect.Modifier.isPublic;
|
|
|
29 |
|
|
|
30 |
import java.lang.reflect.Field;
|
|
|
31 |
|
|
|
32 |
import org.graalvm.compiler.core.common.type.TypeReference;
|
|
|
33 |
import org.graalvm.compiler.nodes.StructuredGraph;
|
|
|
34 |
import org.graalvm.compiler.nodes.java.InstanceOfNode;
|
|
|
35 |
import org.graalvm.compiler.nodes.java.MethodCallTargetNode;
|
|
55509
|
36 |
import org.graalvm.compiler.nodes.spi.CoreProviders;
|
|
54328
|
37 |
import org.graalvm.compiler.phases.VerifyPhase;
|
|
|
38 |
import org.graalvm.compiler.serviceprovider.GraalUnsafeAccess;
|
|
|
39 |
|
|
|
40 |
import jdk.vm.ci.meta.MetaAccessProvider;
|
|
|
41 |
import jdk.vm.ci.meta.ResolvedJavaMethod;
|
|
|
42 |
import jdk.vm.ci.meta.ResolvedJavaType;
|
|
|
43 |
import sun.misc.Unsafe;
|
|
|
44 |
|
|
|
45 |
/**
|
|
|
46 |
* Checks that the {@link Unsafe} singleton instance is only accessed via well known classes such as
|
|
|
47 |
* {@link GraalUnsafeAccess}.
|
|
|
48 |
*/
|
|
55509
|
49 |
public class VerifyUnsafeAccess extends VerifyPhase<CoreProviders> {
|
|
54328
|
50 |
|
|
|
51 |
@Override
|
|
55509
|
52 |
protected void verify(StructuredGraph graph, CoreProviders context) {
|
|
54328
|
53 |
MetaAccessProvider metaAccess = context.getMetaAccess();
|
|
|
54 |
final ResolvedJavaType unsafeType = metaAccess.lookupJavaType(Unsafe.class);
|
|
|
55 |
|
|
|
56 |
ResolvedJavaMethod caller = graph.method();
|
|
|
57 |
String holderQualified = caller.format("%H");
|
|
|
58 |
String holderUnqualified = caller.format("%h");
|
|
|
59 |
String packageName = holderQualified.equals(holderUnqualified) ? "" : holderQualified.substring(0, holderQualified.length() - holderUnqualified.length() - 1);
|
|
|
60 |
if ((holderQualified.equals(GraalUnsafeAccess.class.getName()) ||
|
|
|
61 |
holderQualified.equals("jdk.vm.ci.hotspot.UnsafeAccess")) &&
|
|
|
62 |
caller.getName().equals("initUnsafe")) {
|
|
|
63 |
// This is the blessed way access Unsafe in Graal and JVMCI
|
|
|
64 |
return;
|
|
|
65 |
} else if (packageName.startsWith("com.oracle.truffle") || packageName.startsWith("org.graalvm.compiler.truffle.runtime")) {
|
|
|
66 |
// Truffle and GraalTruffleRuntime do not depend on Graal and so cannot use
|
|
|
67 |
// GraalUnsafeAccess
|
|
|
68 |
return;
|
|
|
69 |
}
|
|
|
70 |
|
|
|
71 |
if (caller.getSignature().getReturnType(caller.getDeclaringClass()).equals(unsafeType)) {
|
|
|
72 |
if (caller.isPublic()) {
|
|
|
73 |
if (holderQualified.equals(GraalUnsafeAccess.class.getName()) && caller.getName().equals("getUnsafe")) {
|
|
|
74 |
// pass
|
|
|
75 |
} else {
|
|
|
76 |
throw new VerificationError("Cannot leak Unsafe from public method %s",
|
|
|
77 |
caller.format("%H.%n(%p)"));
|
|
|
78 |
}
|
|
|
79 |
}
|
|
|
80 |
}
|
|
|
81 |
|
|
|
82 |
for (InstanceOfNode node : graph.getNodes().filter(InstanceOfNode.class)) {
|
|
|
83 |
TypeReference typeRef = node.type();
|
|
|
84 |
if (typeRef != null) {
|
|
|
85 |
if (unsafeType.isAssignableFrom(typeRef.getType())) {
|
|
|
86 |
throw new VerificationError("Cast to %s in %s is prohibited as it implies accessing Unsafe.theUnsafe via reflection. Use %s.getUnsafe() instead.",
|
|
|
87 |
unsafeType.toJavaName(),
|
|
|
88 |
caller.format("%H.%n(%p)"),
|
|
|
89 |
GraalUnsafeAccess.class.getName());
|
|
|
90 |
|
|
|
91 |
}
|
|
|
92 |
}
|
|
|
93 |
}
|
|
|
94 |
for (MethodCallTargetNode t : graph.getNodes(MethodCallTargetNode.TYPE)) {
|
|
|
95 |
ResolvedJavaMethod callee = t.targetMethod();
|
|
|
96 |
if (callee.getDeclaringClass().equals(unsafeType)) {
|
|
|
97 |
if (callee.getName().equals("getUnsafe")) {
|
|
|
98 |
throw new VerificationError("Call to %s at callsite %s is prohibited. Use %s.getUnsafe() instead.",
|
|
|
99 |
callee.format("%H.%n(%p)"),
|
|
|
100 |
caller.format("%H.%n(%p)"),
|
|
|
101 |
GraalUnsafeAccess.class.getName());
|
|
|
102 |
}
|
|
|
103 |
}
|
|
|
104 |
}
|
|
|
105 |
}
|
|
|
106 |
|
|
|
107 |
@Override
|
|
|
108 |
public void verifyClass(Class<?> c, MetaAccessProvider metaAccess) {
|
|
|
109 |
for (Field field : c.getDeclaredFields()) {
|
|
|
110 |
int modifiers = field.getModifiers();
|
|
|
111 |
if (field.getType() == Unsafe.class && (isPublic(modifiers) || isProtected(modifiers))) {
|
|
|
112 |
throw new VerificationError("Field of type %s must be private or package-private: %s", Unsafe.class.getName(), field);
|
|
|
113 |
}
|
|
|
114 |
}
|
|
|
115 |
}
|
|
|
116 |
}
|