5 * Mono Project (http://www.mono-project.com)
7 * Copyright 2001-2003 Ximian, Inc (http://www.ximian.com)
8 * Copyright 2004-2009 Novell, Inc (http://www.novell.com)
12 #include <mono/metadata/object-internals.h>
13 #include <mono/metadata/verify.h>
14 #include <mono/metadata/verify-internals.h>
15 #include <mono/metadata/opcodes.h>
16 #include <mono/metadata/tabledefs.h>
17 #include <mono/metadata/reflection.h>
18 #include <mono/metadata/debug-helpers.h>
19 #include <mono/metadata/mono-endian.h>
20 #include <mono/metadata/metadata.h>
21 #include <mono/metadata/metadata-internals.h>
22 #include <mono/metadata/class-internals.h>
23 #include <mono/metadata/security-manager.h>
24 #include <mono/metadata/security-core-clr.h>
25 #include <mono/metadata/tokentype.h>
26 #include <mono/metadata/mono-basic-block.h>
27 #include <mono/utils/mono-counters.h>
28 #include <mono/utils/monobitset.h>
33 static MiniVerifierMode verifier_mode
= MONO_VERIFIER_MODE_OFF
;
34 static gboolean verify_all
= FALSE
;
37 * Set the desired level of checks for the verfier.
41 mono_verifier_set_mode (MiniVerifierMode mode
)
47 mono_verifier_enable_verify_all ()
52 #ifndef DISABLE_VERIFIER
54 * Pull the list of opcodes
56 #define OPDEF(a,b,c,d,e,f,g,h,i,j) \
60 #include "mono/cil/opcode.def"
65 #ifdef MONO_VERIFIER_DEBUG
66 #define VERIFIER_DEBUG(code) do { code } while (0)
68 #define VERIFIER_DEBUG(code)
71 //////////////////////////////////////////////////////////////////
72 #define IS_STRICT_MODE(ctx) (((ctx)->level & MONO_VERIFY_NON_STRICT) == 0)
73 #define IS_FAIL_FAST_MODE(ctx) (((ctx)->level & MONO_VERIFY_FAIL_FAST) == MONO_VERIFY_FAIL_FAST)
74 #define IS_SKIP_VISIBILITY(ctx) (((ctx)->level & MONO_VERIFY_SKIP_VISIBILITY) == MONO_VERIFY_SKIP_VISIBILITY)
75 #define IS_REPORT_ALL_ERRORS(ctx) (((ctx)->level & MONO_VERIFY_REPORT_ALL_ERRORS) == MONO_VERIFY_REPORT_ALL_ERRORS)
76 #define CLEAR_PREFIX(ctx, prefix) do { (ctx)->prefix_set &= ~(prefix); } while (0)
77 #define ADD_VERIFY_INFO(__ctx, __msg, __status, __exception) \
79 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
80 vinfo->info.status = __status; \
81 vinfo->info.message = ( __msg ); \
82 vinfo->exception_type = (__exception); \
83 (__ctx)->list = g_slist_prepend ((__ctx)->list, vinfo); \
86 //TODO support MONO_VERIFY_REPORT_ALL_ERRORS
87 #define ADD_VERIFY_ERROR(__ctx, __msg) \
89 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, MONO_EXCEPTION_INVALID_PROGRAM); \
93 #define CODE_NOT_VERIFIABLE(__ctx, __msg) \
95 if ((__ctx)->verifiable || IS_REPORT_ALL_ERRORS (__ctx)) { \
96 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, MONO_EXCEPTION_UNVERIFIABLE_IL); \
97 (__ctx)->verifiable = 0; \
98 if (IS_FAIL_FAST_MODE (__ctx)) \
103 #define ADD_VERIFY_ERROR2(__ctx, __msg, __exception) \
105 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, __exception); \
106 (__ctx)->valid = 0; \
109 #define CODE_NOT_VERIFIABLE2(__ctx, __msg, __exception) \
111 if ((__ctx)->verifiable || IS_REPORT_ALL_ERRORS (__ctx)) { \
112 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, __exception); \
113 (__ctx)->verifiable = 0; \
114 if (IS_FAIL_FAST_MODE (__ctx)) \
115 (__ctx)->valid = 0; \
119 #define CHECK_ADD4_OVERFLOW_UN(a, b) ((guint32)(0xFFFFFFFFU) - (guint32)(b) < (guint32)(a))
120 #define CHECK_ADD8_OVERFLOW_UN(a, b) ((guint64)(0xFFFFFFFFFFFFFFFFUL) - (guint64)(b) < (guint64)(a))
122 #if SIZEOF_VOID_P == 4
123 #define CHECK_ADDP_OVERFLOW_UN(a,b) CHECK_ADD4_OVERFLOW_UN(a, b)
125 #define CHECK_ADDP_OVERFLOW_UN(a,b) CHECK_ADD8_OVERFLOW_UN(a, b)
128 #define ADDP_IS_GREATER_OR_OVF(a, b, c) (((a) + (b) > (c)) || CHECK_ADDP_OVERFLOW_UN (a, b))
129 #define ADD_IS_GREATER_OR_OVF(a, b, c) (((a) + (b) > (c)) || CHECK_ADD4_OVERFLOW_UN (a, b))
131 /*Flags to be used with ILCodeDesc::flags */
133 /*Instruction has not been processed.*/
134 IL_CODE_FLAG_NOT_PROCESSED
= 0,
135 /*Instruction was decoded by mono_method_verify loop.*/
136 IL_CODE_FLAG_SEEN
= 1,
137 /*Instruction was target of a branch or is at a protected block boundary.*/
138 IL_CODE_FLAG_WAS_TARGET
= 2,
139 /*Used by stack_init to avoid double initialize each entry.*/
140 IL_CODE_FLAG_STACK_INITED
= 4,
141 /*Used by merge_stacks to decide if it should just copy the eval stack.*/
142 IL_CODE_STACK_MERGED
= 8,
143 /*This instruction is part of the delegate construction sequence, it cannot be target of a branch.*/
144 IL_CODE_DELEGATE_SEQUENCE
= 0x10,
145 /*This is a delegate created from a ldftn to a non final virtual method*/
146 IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL
= 0x20,
147 /*This is a call to a non final virtual method*/
148 IL_CODE_CALL_NONFINAL_VIRTUAL
= 0x40,
166 guint16 size
, max_size
;
183 /*Allocated fnptr MonoType that should be freed by us.*/
185 /*Type dup'ed exception types from catch blocks.*/
186 GSList
*exception_types
;
191 /*TODO get rid of target here, need_merge in mono_method_verify and hoist the merging code in the branching code*/
195 MonoMethodSignature
*signature
;
196 MonoMethodHeader
*header
;
198 MonoGenericContext
*generic_context
;
202 /*This flag helps solving a corner case of delegate verification in that you cannot have a "starg 0"
203 *on a method that creates a delegate for a non-final virtual method using ldftn*/
204 gboolean has_this_store
;
206 /*This flag is used to control if the contructor of the parent class has been called.
207 *If the this pointer is pushed on the eval stack and it's a reference type constructor and
208 * super_ctor_called is false, the uninitialized flag is set on the pushed value.
210 * Poping an uninitialized this ptr from the eval stack is an unverifiable operation unless
211 * the safe variant is used. Only a few opcodes can use it : dup, pop, ldfld, stfld and call to a constructor.
213 gboolean super_ctor_called
;
217 MonoType
*constrained_type
;
221 merge_stacks (VerifyContext
*ctx
, ILCodeDesc
*from
, ILCodeDesc
*to
, gboolean start
, gboolean external
);
224 get_stack_type (MonoType
*type
);
227 mono_delegate_signature_equal (MonoMethodSignature
*delegate_sig
, MonoMethodSignature
*method_sig
, gboolean is_static_ldftn
);
230 mono_class_is_valid_generic_instantiation (VerifyContext
*ctx
, MonoClass
*klass
);
233 mono_method_is_valid_generic_instantiation (VerifyContext
*ctx
, MonoMethod
*method
);
235 static MonoGenericParam
*
236 verifier_get_generic_param_from_type (VerifyContext
*ctx
, MonoType
*type
);
239 verifier_class_is_assignable_from (MonoClass
*target
, MonoClass
*candidate
);
240 //////////////////////////////////////////////////////////////////
245 TYPE_INV
= 0, /* leave at 0. */
250 /* Used by operator tables to resolve pointer types (managed & unmanaged) and by unmanaged pointer types*/
252 /* value types and classes */
254 /* Number of types, used to define the size of the tables*/
257 /* Used by tables to signal that a result is not verifiable*/
258 NON_VERIFIABLE_RESULT
= 0x80,
260 /*Mask used to extract just the type, excluding flags */
263 /* The stack type is a managed pointer, unmask the value to res */
264 POINTER_MASK
= 0x100,
266 /*Stack type with the pointer mask*/
267 RAW_TYPE_MASK
= 0x10F,
269 /* Controlled Mutability Manager Pointer */
272 /* The stack type is a null literal*/
273 NULL_LITERAL_MASK
= 0x400,
275 /**Used by ldarg.0 and family to let delegate verification happens.*/
276 THIS_POINTER_MASK
= 0x800,
278 /**Signals that this is a boxed value type*/
281 /*This is an unitialized this ref*/
282 UNINIT_THIS_MASK
= 0x2000,
285 static const char* const
286 type_names
[TYPE_MAX
+ 1] = {
297 PREFIX_UNALIGNED
= 1,
300 PREFIX_CONSTRAINED
= 8,
303 //////////////////////////////////////////////////////////////////
305 #ifdef ENABLE_VERIFIER_STATS
307 #define MEM_ALLOC(amt) do { allocated_memory += (amt); working_set += (amt); } while (0)
308 #define MEM_FREE(amt) do { working_set -= (amt); } while (0)
310 static int allocated_memory
;
311 static int working_set
;
312 static int max_allocated_memory
;
313 static int max_working_set
;
314 static int total_allocated_memory
;
317 finish_collect_stats (void)
319 max_allocated_memory
= MAX (max_allocated_memory
, allocated_memory
);
320 max_working_set
= MAX (max_working_set
, working_set
);
321 total_allocated_memory
+= allocated_memory
;
322 allocated_memory
= working_set
= 0;
326 init_verifier_stats (void)
328 static gboolean inited
;
331 mono_counters_register ("Maximum memory allocated during verification", MONO_COUNTER_METADATA
| MONO_COUNTER_INT
, &max_allocated_memory
);
332 mono_counters_register ("Maximum memory used during verification", MONO_COUNTER_METADATA
| MONO_COUNTER_INT
, &max_working_set
);
333 mono_counters_register ("Total memory allocated for verification", MONO_COUNTER_METADATA
| MONO_COUNTER_INT
, &total_allocated_memory
);
339 #define MEM_ALLOC(amt) do {} while (0)
340 #define MEM_FREE(amt) do { } while (0)
342 #define finish_collect_stats()
343 #define init_verifier_stats()
348 //////////////////////////////////////////////////////////////////
351 /*Token validation macros and functions */
352 #define IS_MEMBER_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_MEMBERREF)
353 #define IS_METHOD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_METHOD)
354 #define IS_METHOD_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_METHODSPEC)
355 #define IS_FIELD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_FIELD)
357 #define IS_TYPE_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEREF)
358 #define IS_TYPE_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEDEF)
359 #define IS_TYPE_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPESPEC)
360 #define IS_METHOD_DEF_OR_REF_OR_SPEC(token) (IS_METHOD_DEF (token) || IS_MEMBER_REF (token) || IS_METHOD_SPEC (token))
361 #define IS_TYPE_DEF_OR_REF_OR_SPEC(token) (IS_TYPE_DEF (token) || IS_TYPE_REF (token) || IS_TYPE_SPEC (token))
362 #define IS_FIELD_DEF_OR_REF(token) (IS_FIELD_DEF (token) || IS_MEMBER_REF (token))
365 * Verify if @token refers to a valid row on int's table.
368 token_bounds_check (MonoImage
*image
, guint32 token
)
371 return mono_reflection_is_valid_dynamic_token ((MonoDynamicImage
*)image
, token
);
372 return image
->tables
[mono_metadata_token_table (token
)].rows
>= mono_metadata_token_index (token
) && mono_metadata_token_index (token
) > 0;
376 mono_type_create_fnptr_from_mono_method (VerifyContext
*ctx
, MonoMethod
*method
)
378 MonoType
*res
= g_new0 (MonoType
, 1);
379 MEM_ALLOC (sizeof (MonoType
));
381 //FIXME use mono_method_get_signature_full
382 res
->data
.method
= mono_method_signature (method
);
383 res
->type
= MONO_TYPE_FNPTR
;
384 ctx
->funptrs
= g_slist_prepend (ctx
->funptrs
, res
);
389 * mono_type_is_enum_type:
391 * Returns TRUE if @type is an enum type.
394 mono_type_is_enum_type (MonoType
*type
)
396 if (type
->type
== MONO_TYPE_VALUETYPE
&& type
->data
.klass
->enumtype
)
398 if (type
->type
== MONO_TYPE_GENERICINST
&& type
->data
.generic_class
->container_class
->enumtype
)
404 * mono_type_is_value_type:
406 * Returns TRUE if @type is named after @namespace.@name.
410 mono_type_is_value_type (MonoType
*type
, const char *namespace, const char *name
)
412 return type
->type
== MONO_TYPE_VALUETYPE
&&
413 !strcmp (namespace, type
->data
.klass
->name_space
) &&
414 !strcmp (name
, type
->data
.klass
->name
);
418 * Returns TURE if @type is VAR or MVAR
421 mono_type_is_generic_argument (MonoType
*type
)
423 return type
->type
== MONO_TYPE_VAR
|| type
->type
== MONO_TYPE_MVAR
;
427 * mono_type_get_underlying_type_any:
429 * This functions is just like mono_type_get_underlying_type but it doesn't care if the type is byref.
431 * Returns the underlying type of @type regardless if it is byref or not.
434 mono_type_get_underlying_type_any (MonoType
*type
)
436 if (type
->type
== MONO_TYPE_VALUETYPE
&& type
->data
.klass
->enumtype
)
437 return mono_class_enum_basetype (type
->data
.klass
);
438 if (type
->type
== MONO_TYPE_GENERICINST
&& type
->data
.generic_class
->container_class
->enumtype
)
439 return mono_class_enum_basetype (type
->data
.generic_class
->container_class
);
443 static G_GNUC_UNUSED
const char*
444 mono_type_get_stack_name (MonoType
*type
)
446 return type_names
[get_stack_type (type
) & TYPE_MASK
];
449 #define CTOR_REQUIRED_FLAGS (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_RT_SPECIAL_NAME)
450 #define CTOR_INVALID_FLAGS (METHOD_ATTRIBUTE_STATIC)
453 mono_method_is_constructor (MonoMethod
*method
)
455 return ((method
->flags
& CTOR_REQUIRED_FLAGS
) == CTOR_REQUIRED_FLAGS
&&
456 !(method
->flags
& CTOR_INVALID_FLAGS
) &&
457 !strcmp (".ctor", method
->name
));
461 mono_class_has_default_constructor (MonoClass
*klass
)
466 mono_class_setup_methods (klass
);
467 if (klass
->exception_type
)
470 for (i
= 0; i
< klass
->method
.count
; ++i
) {
471 method
= klass
->methods
[i
];
472 if (mono_method_is_constructor (method
) &&
473 mono_method_signature (method
) &&
474 mono_method_signature (method
)->param_count
== 0 &&
475 (method
->flags
& METHOD_ATTRIBUTE_MEMBER_ACCESS_MASK
) == METHOD_ATTRIBUTE_PUBLIC
)
482 * Verify if @type is valid for the given @ctx verification context.
483 * this function checks for VAR and MVAR types that are invalid under the current verifier,
486 mono_type_is_valid_type_in_context_full (MonoType
*type
, MonoGenericContext
*context
, gboolean check_gtd
)
489 MonoGenericInst
*inst
;
491 switch (type
->type
) {
496 inst
= type
->type
== MONO_TYPE_VAR
? context
->class_inst
: context
->method_inst
;
497 if (!inst
|| mono_type_get_generic_param_num (type
) >= inst
->type_argc
)
500 case MONO_TYPE_SZARRAY
:
501 return mono_type_is_valid_type_in_context_full (&type
->data
.klass
->byval_arg
, context
, check_gtd
);
502 case MONO_TYPE_ARRAY
:
503 return mono_type_is_valid_type_in_context_full (&type
->data
.array
->eklass
->byval_arg
, context
, check_gtd
);
505 return mono_type_is_valid_type_in_context_full (type
->data
.type
, context
, check_gtd
);
506 case MONO_TYPE_GENERICINST
:
507 inst
= type
->data
.generic_class
->context
.class_inst
;
510 for (i
= 0; i
< inst
->type_argc
; ++i
)
511 if (!mono_type_is_valid_type_in_context_full (inst
->type_argv
[i
], context
, check_gtd
))
514 case MONO_TYPE_CLASS
:
515 case MONO_TYPE_VALUETYPE
: {
516 MonoClass
*klass
= type
->data
.klass
;
518 * It's possible to encode generic'sh types in such a way that they disguise themselves as class or valuetype.
519 * Fixing the type decoding is really tricky since under some cases this behavior is needed, for example, to
520 * have a 'class' type pointing to a 'genericinst' class.
522 * For the runtime these non canonical (weird) encodings work fine, they worst they can cause is some
523 * reflection oddities which are harmless - to security at least.
525 if (klass
->byval_arg
.type
!= type
->type
)
526 return mono_type_is_valid_type_in_context_full (&klass
->byval_arg
, context
, check_gtd
);
528 if (check_gtd
&& klass
->generic_container
)
537 mono_type_is_valid_type_in_context (MonoType
*type
, MonoGenericContext
*context
)
539 return mono_type_is_valid_type_in_context_full (type
, context
, FALSE
);
542 /*This function returns NULL if the type is not instantiatable*/
544 verifier_inflate_type (VerifyContext
*ctx
, MonoType
*type
, MonoGenericContext
*context
)
549 result
= mono_class_inflate_generic_type_checked (type
, context
, &error
);
550 if (!mono_error_ok (&error
)) {
551 mono_error_cleanup (&error
);
557 /*A side note here. We don't need to check if arguments are broken since this
558 is only need to be done by the runtime before realizing the type.
561 is_valid_generic_instantiation (MonoGenericContainer
*gc
, MonoGenericContext
*context
, MonoGenericInst
*ginst
)
566 if (ginst
->type_argc
!= gc
->type_argc
)
569 for (i
= 0; i
< gc
->type_argc
; ++i
) {
570 MonoGenericParamInfo
*param_info
= mono_generic_container_get_param_info (gc
, i
);
571 MonoClass
*paramClass
;
572 MonoClass
**constraints
;
573 MonoType
*param_type
= ginst
->type_argv
[i
];
575 /*it's not our job to validate type variables*/
576 if (mono_type_is_generic_argument (param_type
))
579 paramClass
= mono_class_from_mono_type (param_type
);
582 /* A GTD can't be a generic argument.
584 * Due to how types are encoded we must check for the case of a genericinst MonoType and GTD MonoClass.
585 * This happens in cases such as: class Foo<T> { void X() { new Bar<T> (); } }
587 * Open instantiations can have GTDs as this happens when one type is instantiated with others params
588 * and the former has an expansion into the later. For example:
590 * class A<T>: B<K> {}
591 * The type A <K> has a parent B<K>, that is inflated into the GTD B<>.
592 * Since A<K> is open, thus not instantiatable, this is valid.
594 if (paramClass
->generic_container
&& param_type
->type
!= MONO_TYPE_GENERICINST
&& !ginst
->is_open
)
597 /*it's not safe to call mono_class_init from here*/
598 if (paramClass
->generic_class
&& !paramClass
->inited
) {
599 if (!mono_class_is_valid_generic_instantiation (NULL
, paramClass
))
603 if (!param_info
->constraints
&& !(param_info
->flags
& GENERIC_PARAMETER_ATTRIBUTE_SPECIAL_CONSTRAINTS_MASK
))
606 if ((param_info
->flags
& GENERIC_PARAMETER_ATTRIBUTE_VALUE_TYPE_CONSTRAINT
) && (!paramClass
->valuetype
|| mono_class_is_nullable (paramClass
)))
609 if ((param_info
->flags
& GENERIC_PARAMETER_ATTRIBUTE_REFERENCE_TYPE_CONSTRAINT
) && paramClass
->valuetype
)
612 if ((param_info
->flags
& GENERIC_PARAMETER_ATTRIBUTE_CONSTRUCTOR_CONSTRAINT
) && !paramClass
->valuetype
&& !mono_class_has_default_constructor (paramClass
))
615 if (!param_info
->constraints
)
618 for (constraints
= param_info
->constraints
; *constraints
; ++constraints
) {
619 MonoClass
*ctr
= *constraints
;
622 inflated
= mono_class_inflate_generic_type_checked (&ctr
->byval_arg
, context
, &error
);
623 if (!mono_error_ok (&error
)) {
624 mono_error_cleanup (&error
);
627 ctr
= mono_class_from_mono_type (inflated
);
628 mono_metadata_free_type (inflated
);
630 /*FIXME maybe we need the same this as verifier_class_is_assignable_from*/
631 if (!mono_class_is_assignable_from_slow (ctr
, paramClass
))
639 * Return true if @candidate is constraint compatible with @target.
641 * This means that @candidate constraints are a super set of @target constaints
644 mono_generic_param_is_constraint_compatible (VerifyContext
*ctx
, MonoGenericParam
*target
, MonoGenericParam
*candidate
, MonoClass
*candidate_param_class
, MonoGenericContext
*context
)
646 MonoGenericParamInfo
*tinfo
= mono_generic_param_info (target
);
647 MonoGenericParamInfo
*cinfo
= mono_generic_param_info (candidate
);
649 int tmask
= tinfo
->flags
& GENERIC_PARAMETER_ATTRIBUTE_SPECIAL_CONSTRAINTS_MASK
;
650 int cmask
= cinfo
->flags
& GENERIC_PARAMETER_ATTRIBUTE_SPECIAL_CONSTRAINTS_MASK
;
651 if ((tmask
& cmask
) != tmask
)
654 if (tinfo
->constraints
) {
655 MonoClass
**target_class
, **candidate_class
;
656 for (target_class
= tinfo
->constraints
; *target_class
; ++target_class
) {
658 MonoType
*inflated
= verifier_inflate_type (ctx
, &(*target_class
)->byval_arg
, context
);
661 tc
= mono_class_from_mono_type (inflated
);
662 mono_metadata_free_type (inflated
);
665 * A constraint from @target might inflate into @candidate itself and in that case we don't need
666 * check it's constraints since it satisfy the constraint by itself.
668 if (mono_metadata_type_equal (&tc
->byval_arg
, &candidate_param_class
->byval_arg
))
671 if (!cinfo
->constraints
)
674 for (candidate_class
= cinfo
->constraints
; *candidate_class
; ++candidate_class
) {
676 inflated
= verifier_inflate_type (ctx
, &(*candidate_class
)->byval_arg
, ctx
->generic_context
);
679 cc
= mono_class_from_mono_type (inflated
);
680 mono_metadata_free_type (inflated
);
682 if (verifier_class_is_assignable_from (tc
, cc
))
686 * This happens when we have the following:
688 * Bar<K> where K : IFace
689 * Foo<T, U> where T : U where U : IFace
691 * Bar<T> <- T here satisfy K constraint transitively through to U's constraint
694 if (mono_type_is_generic_argument (&cc
->byval_arg
)) {
695 MonoGenericParam
*other_candidate
= verifier_get_generic_param_from_type (ctx
, &cc
->byval_arg
);
697 if (mono_generic_param_is_constraint_compatible (ctx
, target
, other_candidate
, cc
, context
)) {
702 if (!*candidate_class
)
709 static MonoGenericParam
*
710 verifier_get_generic_param_from_type (VerifyContext
*ctx
, MonoType
*type
)
712 MonoGenericContainer
*gc
;
713 MonoMethod
*method
= ctx
->method
;
716 num
= mono_type_get_generic_param_num (type
);
718 if (type
->type
== MONO_TYPE_VAR
) {
719 MonoClass
*gtd
= method
->klass
;
720 if (gtd
->generic_class
)
721 gtd
= gtd
->generic_class
->container_class
;
722 gc
= gtd
->generic_container
;
724 MonoMethod
*gmd
= method
;
725 if (method
->is_inflated
)
726 gmd
= ((MonoMethodInflated
*)method
)->declaring
;
727 gc
= mono_method_get_generic_container (gmd
);
731 return mono_generic_container_get_param (gc
, num
);
737 * Verify if @type is valid for the given @ctx verification context.
738 * this function checks for VAR and MVAR types that are invalid under the current verifier,
739 * This means that it either
742 is_valid_type_in_context (VerifyContext
*ctx
, MonoType
*type
)
744 return mono_type_is_valid_type_in_context (type
, ctx
->generic_context
);
748 is_valid_generic_instantiation_in_context (VerifyContext
*ctx
, MonoGenericInst
*ginst
)
751 for (i
= 0; i
< ginst
->type_argc
; ++i
) {
752 MonoType
*type
= ginst
->type_argv
[i
];
753 if (!is_valid_type_in_context (ctx
, type
))
760 generic_arguments_respect_constraints (VerifyContext
*ctx
, MonoGenericContainer
*gc
, MonoGenericContext
*context
, MonoGenericInst
*ginst
)
763 for (i
= 0; i
< ginst
->type_argc
; ++i
) {
764 MonoType
*type
= ginst
->type_argv
[i
];
765 MonoGenericParam
*target
= mono_generic_container_get_param (gc
, i
);
766 MonoGenericParam
*candidate
;
767 MonoClass
*candidate_class
;
769 if (!mono_type_is_generic_argument (type
))
772 if (!is_valid_type_in_context (ctx
, type
))
775 candidate
= verifier_get_generic_param_from_type (ctx
, type
);
776 candidate_class
= mono_class_from_mono_type (type
);
778 if (!mono_generic_param_is_constraint_compatible (ctx
, target
, candidate
, candidate_class
, context
))
785 mono_method_repect_method_constraints (VerifyContext
*ctx
, MonoMethod
*method
)
787 MonoMethodInflated
*gmethod
= (MonoMethodInflated
*)method
;
788 MonoGenericInst
*ginst
= gmethod
->context
.method_inst
;
789 MonoGenericContainer
*gc
= mono_method_get_generic_container (gmethod
->declaring
);
790 return !gc
|| generic_arguments_respect_constraints (ctx
, gc
, &gmethod
->context
, ginst
);
794 mono_class_repect_method_constraints (VerifyContext
*ctx
, MonoClass
*klass
)
796 MonoGenericClass
*gklass
= klass
->generic_class
;
797 MonoGenericInst
*ginst
= gklass
->context
.class_inst
;
798 MonoGenericContainer
*gc
= gklass
->container_class
->generic_container
;
799 return !gc
|| generic_arguments_respect_constraints (ctx
, gc
, &gklass
->context
, ginst
);
803 mono_method_is_valid_generic_instantiation (VerifyContext
*ctx
, MonoMethod
*method
)
805 MonoMethodInflated
*gmethod
= (MonoMethodInflated
*)method
;
806 MonoGenericInst
*ginst
= gmethod
->context
.method_inst
;
807 MonoGenericContainer
*gc
= mono_method_get_generic_container (gmethod
->declaring
);
808 if (!gc
) /*non-generic inflated method - it's part of a generic type */
810 if (ctx
&& !is_valid_generic_instantiation_in_context (ctx
, ginst
))
812 return is_valid_generic_instantiation (gc
, &gmethod
->context
, ginst
);
817 mono_class_is_valid_generic_instantiation (VerifyContext
*ctx
, MonoClass
*klass
)
819 MonoGenericClass
*gklass
= klass
->generic_class
;
820 MonoGenericInst
*ginst
= gklass
->context
.class_inst
;
821 MonoGenericContainer
*gc
= gklass
->container_class
->generic_container
;
822 if (ctx
&& !is_valid_generic_instantiation_in_context (ctx
, ginst
))
824 return is_valid_generic_instantiation (gc
, &gklass
->context
, ginst
);
828 mono_type_is_valid_in_context (VerifyContext
*ctx
, MonoType
*type
)
833 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid null type at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
837 if (!is_valid_type_in_context (ctx
, type
)) {
838 char *str
= mono_type_full_name (type
);
839 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid generic type (%s%s) (argument out of range or %s is not generic) at 0x%04x",
840 type
->type
== MONO_TYPE_VAR
? "!" : "!!",
842 type
->type
== MONO_TYPE_VAR
? "class" : "method",
844 MONO_EXCEPTION_BAD_IMAGE
);
849 klass
= mono_class_from_mono_type (type
);
850 mono_class_init (klass
);
851 if (mono_loader_get_last_error () || klass
->exception_type
!= MONO_EXCEPTION_NONE
) {
852 if (klass
->generic_class
&& !mono_class_is_valid_generic_instantiation (NULL
, klass
))
853 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid generic instantiation of type %s.%s at 0x%04x", klass
->name_space
, klass
->name
, ctx
->ip_offset
), MONO_EXCEPTION_TYPE_LOAD
);
855 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Could not load type %s.%s at 0x%04x", klass
->name_space
, klass
->name
, ctx
->ip_offset
), MONO_EXCEPTION_TYPE_LOAD
);
856 mono_loader_clear_error ();
860 if (klass
->generic_class
&& klass
->generic_class
->container_class
->exception_type
!= MONO_EXCEPTION_NONE
) {
861 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Could not load type %s.%s at 0x%04x", klass
->name_space
, klass
->name
, ctx
->ip_offset
), MONO_EXCEPTION_TYPE_LOAD
);
865 if (!klass
->generic_class
)
868 if (!mono_class_is_valid_generic_instantiation (ctx
, klass
)) {
869 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid generic type instantiation of type %s.%s at 0x%04x", klass
->name_space
, klass
->name
, ctx
->ip_offset
), MONO_EXCEPTION_TYPE_LOAD
);
873 if (!mono_class_repect_method_constraints (ctx
, klass
)) {
874 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid generic type instantiation of type %s.%s (generic args don't respect target's constraints) at 0x%04x", klass
->name_space
, klass
->name
, ctx
->ip_offset
), MONO_EXCEPTION_TYPE_LOAD
);
881 static verify_result_t
882 mono_method_is_valid_in_context (VerifyContext
*ctx
, MonoMethod
*method
)
884 if (!mono_type_is_valid_in_context (ctx
, &method
->klass
->byval_arg
))
885 return RESULT_INVALID
;
887 if (!method
->is_inflated
)
890 if (!mono_method_is_valid_generic_instantiation (ctx
, method
)) {
891 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid generic method instantiation of method %s.%s::%s at 0x%04x", method
->klass
->name_space
, method
->klass
->name
, method
->name
, ctx
->ip_offset
), MONO_EXCEPTION_UNVERIFIABLE_IL
);
892 return RESULT_INVALID
;
895 if (!mono_method_repect_method_constraints (ctx
, method
)) {
896 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid generic method instantiation of method %s.%s::%s (generic args don't respect target's constraints) at 0x%04x", method
->klass
->name_space
, method
->klass
->name
, method
->name
, ctx
->ip_offset
));
897 return RESULT_UNVERIFIABLE
;
903 static MonoClassField
*
904 verifier_load_field (VerifyContext
*ctx
, int token
, MonoClass
**out_klass
, const char *opcode
) {
905 MonoClassField
*field
;
906 MonoClass
*klass
= NULL
;
908 if (ctx
->method
->wrapper_type
!= MONO_WRAPPER_NONE
) {
909 field
= mono_method_get_wrapper_data (ctx
->method
, (guint32
)token
);
910 klass
= field
? field
->parent
: NULL
;
912 if (!IS_FIELD_DEF_OR_REF (token
) || !token_bounds_check (ctx
->image
, token
)) {
913 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid field token 0x%08x for %s at 0x%04x", token
, opcode
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
917 field
= mono_field_from_token (ctx
->image
, token
, &klass
, ctx
->generic_context
);
920 if (!field
|| !field
->parent
|| !klass
|| mono_loader_get_last_error ()) {
921 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Cannot load field from token 0x%08x for %s at 0x%04x", token
, opcode
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
922 mono_loader_clear_error ();
926 if (!mono_type_is_valid_in_context (ctx
, &klass
->byval_arg
))
929 if (mono_field_get_flags (field
) & FIELD_ATTRIBUTE_LITERAL
) {
930 char *type_name
= mono_type_get_full_name (field
->parent
);
931 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Cannot reference literal field %s::%s at 0x%04x", type_name
, field
->name
, ctx
->ip_offset
));
941 verifier_load_method (VerifyContext
*ctx
, int token
, const char *opcode
) {
944 if (ctx
->method
->wrapper_type
!= MONO_WRAPPER_NONE
) {
945 method
= mono_method_get_wrapper_data (ctx
->method
, (guint32
)token
);
947 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token
) || !token_bounds_check (ctx
->image
, token
)) {
948 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid method token 0x%08x for %s at 0x%04x", token
, opcode
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
952 method
= mono_get_method_full (ctx
->image
, token
, NULL
, ctx
->generic_context
);
955 if (!method
|| mono_loader_get_last_error ()) {
956 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Cannot load method from token 0x%08x for %s at 0x%04x", token
, opcode
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
957 mono_loader_clear_error ();
961 if (mono_method_is_valid_in_context (ctx
, method
) == RESULT_INVALID
)
968 verifier_load_type (VerifyContext
*ctx
, int token
, const char *opcode
) {
971 if (ctx
->method
->wrapper_type
!= MONO_WRAPPER_NONE
) {
972 MonoClass
*class = mono_method_get_wrapper_data (ctx
->method
, (guint32
)token
);
973 type
= class ? &class->byval_arg
: NULL
;
975 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token
) || !token_bounds_check (ctx
->image
, token
)) {
976 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid type token 0x%08x at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
979 type
= mono_type_get_full (ctx
->image
, token
, ctx
->generic_context
);
982 if (!type
|| mono_loader_get_last_error ()) {
983 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Cannot load type from token 0x%08x for %s at 0x%04x", token
, opcode
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
984 mono_loader_clear_error ();
988 if (!mono_type_is_valid_in_context (ctx
, type
))
995 /* stack_slot_get_type:
997 * Returns the stack type of @value. This value includes POINTER_MASK.
999 * Use this function to checks that account for a managed pointer.
1002 stack_slot_get_type (ILStackDesc
*value
)
1004 return value
->stype
& RAW_TYPE_MASK
;
1007 /* stack_slot_get_underlying_type:
1009 * Returns the stack type of @value. This value does not include POINTER_MASK.
1011 * Use this function is cases where the fact that the value could be a managed pointer is
1012 * irrelevant. For example, field load doesn't care about this fact of type on stack.
1015 stack_slot_get_underlying_type (ILStackDesc
*value
)
1017 return value
->stype
& TYPE_MASK
;
1020 /* stack_slot_is_managed_pointer:
1022 * Returns TRUE is @value is a managed pointer.
1025 stack_slot_is_managed_pointer (ILStackDesc
*value
)
1027 return (value
->stype
& POINTER_MASK
) == POINTER_MASK
;
1030 /* stack_slot_is_managed_mutability_pointer:
1032 * Returns TRUE is @value is a managed mutability pointer.
1034 static G_GNUC_UNUSED gboolean
1035 stack_slot_is_managed_mutability_pointer (ILStackDesc
*value
)
1037 return (value
->stype
& CMMP_MASK
) == CMMP_MASK
;
1040 /* stack_slot_is_null_literal:
1042 * Returns TRUE is @value is the null literal.
1045 stack_slot_is_null_literal (ILStackDesc
*value
)
1047 return (value
->stype
& NULL_LITERAL_MASK
) == NULL_LITERAL_MASK
;
1051 /* stack_slot_is_this_pointer:
1053 * Returns TRUE is @value is the this literal
1056 stack_slot_is_this_pointer (ILStackDesc
*value
)
1058 return (value
->stype
& THIS_POINTER_MASK
) == THIS_POINTER_MASK
;
1061 /* stack_slot_is_boxed_value:
1063 * Returns TRUE is @value is a boxed value
1066 stack_slot_is_boxed_value (ILStackDesc
*value
)
1068 return (value
->stype
& BOXED_MASK
) == BOXED_MASK
;
1072 stack_slot_get_name (ILStackDesc
*value
)
1074 return type_names
[value
->stype
& TYPE_MASK
];
1077 #define APPEND_WITH_PREDICATE(PRED,NAME) do {\
1078 if (PRED (value)) { \
1080 g_string_append (str, ", "); \
1081 g_string_append (str, NAME); \
1086 stack_slot_stack_type_full_name (ILStackDesc
*value
)
1088 GString
*str
= g_string_new ("");
1090 gboolean has_pred
= FALSE
, first
= TRUE
;
1092 if ((value
->stype
& TYPE_MASK
) != value
->stype
) {
1093 g_string_append(str
, "[");
1094 APPEND_WITH_PREDICATE (stack_slot_is_this_pointer
, "this");
1095 APPEND_WITH_PREDICATE (stack_slot_is_boxed_value
, "boxed");
1096 APPEND_WITH_PREDICATE (stack_slot_is_null_literal
, "null");
1097 APPEND_WITH_PREDICATE (stack_slot_is_managed_mutability_pointer
, "cmmp");
1098 APPEND_WITH_PREDICATE (stack_slot_is_managed_pointer
, "mp");
1102 if (mono_type_is_generic_argument (value
->type
) && !stack_slot_is_boxed_value (value
)) {
1104 g_string_append(str
, "[");
1106 g_string_append (str
, ", ");
1107 g_string_append (str
, "unboxed");
1112 g_string_append(str
, "] ");
1114 g_string_append (str
, stack_slot_get_name (value
));
1116 g_string_free (str
, FALSE
);
1121 stack_slot_full_name (ILStackDesc
*value
)
1123 char *type_name
= mono_type_full_name (value
->type
);
1124 char *stack_name
= stack_slot_stack_type_full_name (value
);
1125 char *res
= g_strdup_printf ("%s (%s)", type_name
, stack_name
);
1127 g_free (stack_name
);
1131 //////////////////////////////////////////////////////////////////
1133 mono_free_verify_list (GSList
*list
)
1135 MonoVerifyInfoExtended
*info
;
1138 for (tmp
= list
; tmp
; tmp
= tmp
->next
) {
1140 g_free (info
->info
.message
);
1143 g_slist_free (list
);
1146 #define ADD_ERROR(list,msg) \
1148 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
1149 vinfo->info.status = MONO_VERIFY_ERROR; \
1150 vinfo->info.message = (msg); \
1151 (list) = g_slist_prepend ((list), vinfo); \
1154 #define ADD_WARN(list,code,msg) \
1156 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
1157 vinfo->info.status = (code); \
1158 vinfo->info.message = (msg); \
1159 (list) = g_slist_prepend ((list), vinfo); \
1162 #define ADD_INVALID(list,msg) \
1164 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
1165 vinfo->status = MONO_VERIFY_ERROR; \
1166 vinfo->message = (msg); \
1167 (list) = g_slist_prepend ((list), vinfo); \
1168 /*G_BREAKPOINT ();*/ \
1172 #define CHECK_STACK_UNDERFLOW(num) \
1174 if (cur_stack < (num)) \
1175 ADD_INVALID (list, g_strdup_printf ("Stack underflow at 0x%04x (%d items instead of %d)", ip_offset, cur_stack, (num))); \
1178 #define CHECK_STACK_OVERFLOW() \
1180 if (cur_stack >= max_stack) \
1181 ADD_INVALID (list, g_strdup_printf ("Maxstack exceeded at 0x%04x", ip_offset)); \
1186 in_any_block (MonoMethodHeader
*header
, guint offset
)
1189 MonoExceptionClause
*clause
;
1191 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1192 clause
= &header
->clauses
[i
];
1193 if (MONO_OFFSET_IN_CLAUSE (clause
, offset
))
1195 if (MONO_OFFSET_IN_HANDLER (clause
, offset
))
1197 if (MONO_OFFSET_IN_FILTER (clause
, offset
))
1204 * in_any_exception_block:
1206 * Returns TRUE is @offset is part of any exception clause (filter, handler, catch, finally or fault).
1209 in_any_exception_block (MonoMethodHeader
*header
, guint offset
)
1212 MonoExceptionClause
*clause
;
1214 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1215 clause
= &header
->clauses
[i
];
1216 if (MONO_OFFSET_IN_HANDLER (clause
, offset
))
1218 if (MONO_OFFSET_IN_FILTER (clause
, offset
))
1225 * is_valid_branch_instruction:
1227 * Verify if it's valid to perform a branch from @offset to @target.
1228 * This should be used with br and brtrue/false.
1229 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1230 * The major diferent from other similiar functions is that branching into a
1231 * finally/fault block is invalid instead of just unverifiable.
1234 is_valid_branch_instruction (MonoMethodHeader
*header
, guint offset
, guint target
)
1237 MonoExceptionClause
*clause
;
1239 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1240 clause
= &header
->clauses
[i
];
1241 /*branching into a finally block is invalid*/
1242 if ((clause
->flags
== MONO_EXCEPTION_CLAUSE_FINALLY
|| clause
->flags
== MONO_EXCEPTION_CLAUSE_FAULT
) &&
1243 !MONO_OFFSET_IN_HANDLER (clause
, offset
) &&
1244 MONO_OFFSET_IN_HANDLER (clause
, target
))
1247 if (clause
->try_offset
!= target
&& (MONO_OFFSET_IN_CLAUSE (clause
, offset
) ^ MONO_OFFSET_IN_CLAUSE (clause
, target
)))
1249 if (MONO_OFFSET_IN_HANDLER (clause
, offset
) ^ MONO_OFFSET_IN_HANDLER (clause
, target
))
1251 if (MONO_OFFSET_IN_FILTER (clause
, offset
) ^ MONO_OFFSET_IN_FILTER (clause
, target
))
1258 * is_valid_cmp_branch_instruction:
1260 * Verify if it's valid to perform a branch from @offset to @target.
1261 * This should be used with binary comparison branching instruction, like beq, bge and similars.
1262 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1264 * The major diferences from other similar functions are that most errors lead to invalid
1265 * code and only branching out of finally, filter or fault clauses is unverifiable.
1268 is_valid_cmp_branch_instruction (MonoMethodHeader
*header
, guint offset
, guint target
)
1271 MonoExceptionClause
*clause
;
1273 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1274 clause
= &header
->clauses
[i
];
1275 /*branching out of a handler or finally*/
1276 if (clause
->flags
!= MONO_EXCEPTION_CLAUSE_NONE
&&
1277 MONO_OFFSET_IN_HANDLER (clause
, offset
) &&
1278 !MONO_OFFSET_IN_HANDLER (clause
, target
))
1281 if (clause
->try_offset
!= target
&& (MONO_OFFSET_IN_CLAUSE (clause
, offset
) ^ MONO_OFFSET_IN_CLAUSE (clause
, target
)))
1283 if (MONO_OFFSET_IN_HANDLER (clause
, offset
) ^ MONO_OFFSET_IN_HANDLER (clause
, target
))
1285 if (MONO_OFFSET_IN_FILTER (clause
, offset
) ^ MONO_OFFSET_IN_FILTER (clause
, target
))
1292 * A leave can't escape a finally block
1295 is_correct_leave (MonoMethodHeader
*header
, guint offset
, guint target
)
1298 MonoExceptionClause
*clause
;
1300 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1301 clause
= &header
->clauses
[i
];
1302 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FINALLY
&& MONO_OFFSET_IN_HANDLER (clause
, offset
) && !MONO_OFFSET_IN_HANDLER (clause
, target
))
1304 if (MONO_OFFSET_IN_FILTER (clause
, offset
))
1311 * A rethrow can't happen outside of a catch handler.
1314 is_correct_rethrow (MonoMethodHeader
*header
, guint offset
)
1317 MonoExceptionClause
*clause
;
1319 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1320 clause
= &header
->clauses
[i
];
1321 if (MONO_OFFSET_IN_HANDLER (clause
, offset
))
1323 if (MONO_OFFSET_IN_FILTER (clause
, offset
))
1330 * An endfinally can't happen outside of a finally/fault handler.
1333 is_correct_endfinally (MonoMethodHeader
*header
, guint offset
)
1336 MonoExceptionClause
*clause
;
1338 for (i
= 0; i
< header
->num_clauses
; ++i
) {
1339 clause
= &header
->clauses
[i
];
1340 if (MONO_OFFSET_IN_HANDLER (clause
, offset
) && (clause
->flags
== MONO_EXCEPTION_CLAUSE_FAULT
|| clause
->flags
== MONO_EXCEPTION_CLAUSE_FINALLY
))
1348 * An endfilter can only happens inside a filter clause.
1349 * In non-strict mode filter is allowed inside the handler clause too
1351 static MonoExceptionClause
*
1352 is_correct_endfilter (VerifyContext
*ctx
, guint offset
)
1355 MonoExceptionClause
*clause
;
1357 for (i
= 0; i
< ctx
->header
->num_clauses
; ++i
) {
1358 clause
= &ctx
->header
->clauses
[i
];
1359 if (clause
->flags
!= MONO_EXCEPTION_CLAUSE_FILTER
)
1361 if (MONO_OFFSET_IN_FILTER (clause
, offset
))
1363 if (!IS_STRICT_MODE (ctx
) && MONO_OFFSET_IN_HANDLER (clause
, offset
))
1371 * Non-strict endfilter can happens inside a try block or any handler block
1374 is_unverifiable_endfilter (VerifyContext
*ctx
, guint offset
)
1377 MonoExceptionClause
*clause
;
1379 for (i
= 0; i
< ctx
->header
->num_clauses
; ++i
) {
1380 clause
= &ctx
->header
->clauses
[i
];
1381 if (MONO_OFFSET_IN_CLAUSE (clause
, offset
))
1388 is_valid_bool_arg (ILStackDesc
*arg
)
1390 if (stack_slot_is_managed_pointer (arg
) || stack_slot_is_boxed_value (arg
) || stack_slot_is_null_literal (arg
))
1394 switch (stack_slot_get_underlying_type (arg
)) {
1397 case TYPE_NATIVE_INT
:
1401 g_assert (arg
->type
);
1402 switch (arg
->type
->type
) {
1403 case MONO_TYPE_CLASS
:
1404 case MONO_TYPE_STRING
:
1405 case MONO_TYPE_OBJECT
:
1406 case MONO_TYPE_SZARRAY
:
1407 case MONO_TYPE_ARRAY
:
1408 case MONO_TYPE_FNPTR
:
1411 case MONO_TYPE_GENERICINST
:
1412 /*We need to check if the container class
1413 * of the generic type is a valuetype, iow:
1414 * is it a "class Foo<T>" or a "struct Foo<T>"?
1416 return !arg
->type
->data
.generic_class
->container_class
->valuetype
;
1424 /*Type manipulation helper*/
1426 /*Returns the byref version of the supplied MonoType*/
1428 mono_type_get_type_byref (MonoType
*type
)
1432 return &mono_class_from_mono_type (type
)->this_arg
;
1436 /*Returns the byval version of the supplied MonoType*/
1438 mono_type_get_type_byval (MonoType
*type
)
1442 return &mono_class_from_mono_type (type
)->byval_arg
;
1446 mono_type_from_stack_slot (ILStackDesc
*slot
)
1448 if (stack_slot_is_managed_pointer (slot
))
1449 return mono_type_get_type_byref (slot
->type
);
1453 /*Stack manipulation code*/
1456 ensure_stack_size (ILCodeDesc
*stack
, int required
)
1461 if (required
< stack
->max_size
)
1464 /* We don't have to worry about the exponential growth since stack_copy prune unused space */
1465 new_size
= MAX (8, MAX (required
, stack
->max_size
* 2));
1467 g_assert (new_size
>= stack
->size
);
1468 g_assert (new_size
>= required
);
1470 tmp
= g_new0 (ILStackDesc
, new_size
);
1471 MEM_ALLOC (sizeof (ILStackDesc
) * new_size
);
1475 memcpy (tmp
, stack
->stack
, stack
->size
* sizeof (ILStackDesc
));
1476 g_free (stack
->stack
);
1477 MEM_FREE (sizeof (ILStackDesc
) * stack
->max_size
);
1481 stack
->max_size
= new_size
;
1485 stack_init (VerifyContext
*ctx
, ILCodeDesc
*state
)
1487 if (state
->flags
& IL_CODE_FLAG_STACK_INITED
)
1489 state
->size
= state
->max_size
= 0;
1490 state
->flags
|= IL_CODE_FLAG_STACK_INITED
;
1494 stack_copy (ILCodeDesc
*to
, ILCodeDesc
*from
)
1496 ensure_stack_size (to
, from
->size
);
1497 to
->size
= from
->size
;
1499 /*stack copy happens at merge points, which have small stacks*/
1501 memcpy (to
->stack
, from
->stack
, sizeof (ILStackDesc
) * from
->size
);
1505 copy_stack_value (ILStackDesc
*to
, ILStackDesc
*from
)
1507 to
->stype
= from
->stype
;
1508 to
->type
= from
->type
;
1509 to
->method
= from
->method
;
1513 check_underflow (VerifyContext
*ctx
, int size
)
1515 if (ctx
->eval
.size
< size
) {
1516 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Stack underflow, required %d, but have %d at 0x%04x", size
, ctx
->eval
.size
, ctx
->ip_offset
));
1523 check_overflow (VerifyContext
*ctx
)
1525 if (ctx
->eval
.size
>= ctx
->max_stack
) {
1526 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Method doesn't have stack-depth %d at 0x%04x", ctx
->eval
.size
+ 1, ctx
->ip_offset
));
1532 /*This reject out PTR, FNPTR and TYPEDBYREF*/
1534 check_unmanaged_pointer (VerifyContext
*ctx
, ILStackDesc
*value
)
1536 if (stack_slot_get_type (value
) == TYPE_PTR
) {
1537 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx
->ip_offset
));
1543 /*TODO verify if MONO_TYPE_TYPEDBYREF is not allowed here as well.*/
1545 check_unverifiable_type (VerifyContext
*ctx
, MonoType
*type
)
1547 if (type
->type
== MONO_TYPE_PTR
|| type
->type
== MONO_TYPE_FNPTR
) {
1548 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx
->ip_offset
));
1554 static ILStackDesc
*
1555 stack_push (VerifyContext
*ctx
)
1557 g_assert (ctx
->eval
.size
< ctx
->max_stack
);
1558 g_assert (ctx
->eval
.size
<= ctx
->eval
.max_size
);
1560 ensure_stack_size (&ctx
->eval
, ctx
->eval
.size
+ 1);
1562 return & ctx
->eval
.stack
[ctx
->eval
.size
++];
1565 static ILStackDesc
*
1566 stack_push_val (VerifyContext
*ctx
, int stype
, MonoType
*type
)
1568 ILStackDesc
*top
= stack_push (ctx
);
1574 static ILStackDesc
*
1575 stack_pop (VerifyContext
*ctx
)
1578 g_assert (ctx
->eval
.size
> 0);
1579 ret
= ctx
->eval
.stack
+ --ctx
->eval
.size
;
1580 if ((ret
->stype
& UNINIT_THIS_MASK
) == UNINIT_THIS_MASK
)
1581 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Found use of uninitialized 'this ptr' ref at 0x%04x", ctx
->ip_offset
));
1585 /* This function allows to safely pop an unititialized this ptr from
1586 * the eval stack without marking the method as unverifiable.
1588 static ILStackDesc
*
1589 stack_pop_safe (VerifyContext
*ctx
)
1591 g_assert (ctx
->eval
.size
> 0);
1592 return ctx
->eval
.stack
+ --ctx
->eval
.size
;
1595 /*Positive number distance from stack top. [0] is stack top, [1] is the one below*/
1597 stack_peek (VerifyContext
*ctx
, int distance
)
1599 g_assert (ctx
->eval
.size
- distance
> 0);
1600 return ctx
->eval
.stack
+ (ctx
->eval
.size
- 1 - distance
);
1603 static ILStackDesc
*
1604 stack_push_stack_val (VerifyContext
*ctx
, ILStackDesc
*value
)
1606 ILStackDesc
*top
= stack_push (ctx
);
1607 copy_stack_value (top
, value
);
1611 /* Returns the MonoType associated with the token, or NULL if it is invalid.
1613 * A boxable type can be either a reference or value type, but cannot be a byref type or an unmanaged pointer
1616 get_boxable_mono_type (VerifyContext
* ctx
, int token
, const char *opcode
)
1621 if (!(type
= verifier_load_type (ctx
, token
, opcode
)))
1624 if (type
->byref
&& type
->type
!= MONO_TYPE_TYPEDBYREF
) {
1625 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid use of byref type for %s at 0x%04x", opcode
, ctx
->ip_offset
));
1629 if (type
->type
== MONO_TYPE_VOID
) {
1630 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid use of void type for %s at 0x%04x", opcode
, ctx
->ip_offset
));
1634 if (type
->type
== MONO_TYPE_TYPEDBYREF
)
1635 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid use of typedbyref for %s at 0x%04x", opcode
, ctx
->ip_offset
));
1637 if (!(class = mono_class_from_mono_type (type
)))
1638 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Could not retrieve type token for %s at 0x%04x", opcode
, ctx
->ip_offset
));
1640 if (class->generic_container
&& type
->type
!= MONO_TYPE_GENERICINST
)
1641 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use the generic type definition in a boxable type position for %s at 0x%04x", opcode
, ctx
->ip_offset
));
1643 check_unverifiable_type (ctx
, type
);
1648 /*operation result tables */
1650 static const unsigned char bin_op_table
[TYPE_MAX
][TYPE_MAX
] = {
1651 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1652 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1653 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1654 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_R8
, TYPE_INV
, TYPE_INV
},
1655 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1656 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1659 static const unsigned char add_table
[TYPE_MAX
][TYPE_MAX
] = {
1660 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1661 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1662 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1663 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_R8
, TYPE_INV
, TYPE_INV
},
1664 {TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1665 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1668 static const unsigned char sub_table
[TYPE_MAX
][TYPE_MAX
] = {
1669 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1670 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1671 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1672 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_R8
, TYPE_INV
, TYPE_INV
},
1673 {TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_NATIVE_INT
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1674 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1677 static const unsigned char int_bin_op_table
[TYPE_MAX
][TYPE_MAX
] = {
1678 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1679 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1680 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1681 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1682 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1683 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1686 static const unsigned char shift_op_table
[TYPE_MAX
][TYPE_MAX
] = {
1687 {TYPE_I4
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1688 {TYPE_I8
, TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1689 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1690 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1691 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1692 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1695 static const unsigned char cmp_br_op
[TYPE_MAX
][TYPE_MAX
] = {
1696 {TYPE_I4
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1697 {TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1698 {TYPE_I4
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1699 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
},
1700 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_I4
, TYPE_INV
},
1701 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1704 static const unsigned char cmp_br_eq_op
[TYPE_MAX
][TYPE_MAX
] = {
1705 {TYPE_I4
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1706 {TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1707 {TYPE_I4
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_I4
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1708 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_I4
, TYPE_INV
, TYPE_INV
},
1709 {TYPE_INV
, TYPE_INV
, TYPE_I4
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_I4
, TYPE_INV
},
1710 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_I4
},
1713 static const unsigned char add_ovf_un_table
[TYPE_MAX
][TYPE_MAX
] = {
1714 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1715 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1716 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1717 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1718 {TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1719 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1722 static const unsigned char sub_ovf_un_table
[TYPE_MAX
][TYPE_MAX
] = {
1723 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1724 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1725 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1726 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1727 {TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_PTR
| NON_VERIFIABLE_RESULT
, TYPE_INV
, TYPE_NATIVE_INT
| NON_VERIFIABLE_RESULT
, TYPE_INV
},
1728 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1731 static const unsigned char bin_ovf_table
[TYPE_MAX
][TYPE_MAX
] = {
1732 {TYPE_I4
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1733 {TYPE_INV
, TYPE_I8
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1734 {TYPE_NATIVE_INT
, TYPE_INV
, TYPE_NATIVE_INT
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1735 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1736 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1737 {TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
, TYPE_INV
},
1740 #ifdef MONO_VERIFIER_DEBUG
1744 dump_stack_value (ILStackDesc
*value
)
1746 printf ("[(%x)(%x)", value
->type
->type
, value
->stype
);
1748 if (stack_slot_is_this_pointer (value
))
1751 if (stack_slot_is_boxed_value (value
))
1752 printf ("[boxed] ");
1754 if (stack_slot_is_null_literal (value
))
1757 if (stack_slot_is_managed_mutability_pointer (value
))
1758 printf ("Controled Mutability MP: ");
1760 if (stack_slot_is_managed_pointer (value
))
1761 printf ("Managed Pointer to: ");
1763 switch (stack_slot_get_underlying_type (value
)) {
1765 printf ("invalid type]");
1773 case TYPE_NATIVE_INT
:
1774 printf ("native int]");
1777 printf ("float64]");
1780 printf ("unmanaged pointer]");
1783 switch (value
->type
->type
) {
1784 case MONO_TYPE_CLASS
:
1785 case MONO_TYPE_VALUETYPE
:
1786 printf ("complex] (%s)", value
->type
->data
.klass
->name
);
1788 case MONO_TYPE_STRING
:
1789 printf ("complex] (string)");
1791 case MONO_TYPE_OBJECT
:
1792 printf ("complex] (object)");
1794 case MONO_TYPE_SZARRAY
:
1795 printf ("complex] (%s [])", value
->type
->data
.klass
->name
);
1797 case MONO_TYPE_ARRAY
:
1798 printf ("complex] (%s [%d %d %d])",
1799 value
->type
->data
.array
->eklass
->name
,
1800 value
->type
->data
.array
->rank
,
1801 value
->type
->data
.array
->numsizes
,
1802 value
->type
->data
.array
->numlobounds
);
1804 case MONO_TYPE_GENERICINST
:
1805 printf ("complex] (inst of %s )", value
->type
->data
.generic_class
->container_class
->name
);
1808 printf ("complex] (type generic param !%d - %s) ", value
->type
->data
.generic_param
->num
, mono_generic_param_info (value
->type
->data
.generic_param
)->name
);
1810 case MONO_TYPE_MVAR
:
1811 printf ("complex] (method generic param !!%d - %s) ", value
->type
->data
.generic_param
->num
, mono_generic_param_info (value
->type
->data
.generic_param
)->name
);
1814 //should be a boxed value
1815 char * name
= mono_type_full_name (value
->type
);
1816 printf ("complex] %s", name
);
1822 printf ("unknown stack %x type]\n", value
->stype
);
1823 g_assert_not_reached ();
1828 dump_stack_state (ILCodeDesc
*state
)
1832 printf ("(%d) ", state
->size
);
1833 for (i
= 0; i
< state
->size
; ++i
)
1834 dump_stack_value (state
->stack
+ i
);
1839 /*Returns TRUE if candidate array type can be assigned to target.
1840 *Both parameters MUST be of type MONO_TYPE_ARRAY (target->type == MONO_TYPE_ARRAY)
1843 is_array_type_compatible (MonoType
*target
, MonoType
*candidate
)
1845 MonoArrayType
*left
= target
->data
.array
;
1846 MonoArrayType
*right
= candidate
->data
.array
;
1848 g_assert (target
->type
== MONO_TYPE_ARRAY
);
1849 g_assert (candidate
->type
== MONO_TYPE_ARRAY
);
1851 if (left
->rank
!= right
->rank
)
1854 return verifier_class_is_assignable_from (left
->eklass
, right
->eklass
);
1858 get_stack_type (MonoType
*type
)
1861 int type_kind
= type
->type
;
1863 mask
= POINTER_MASK
;
1864 /*TODO handle CMMP_MASK */
1867 switch (type_kind
) {
1870 case MONO_TYPE_BOOLEAN
:
1873 case MONO_TYPE_CHAR
:
1876 return TYPE_I4
| mask
;
1880 return TYPE_NATIVE_INT
| mask
;
1882 /* FIXME: the spec says that you cannot have a pointer to method pointer, do we need to check this here? */
1883 case MONO_TYPE_FNPTR
:
1885 case MONO_TYPE_TYPEDBYREF
:
1886 return TYPE_PTR
| mask
;
1889 case MONO_TYPE_MVAR
:
1891 case MONO_TYPE_CLASS
:
1892 case MONO_TYPE_STRING
:
1893 case MONO_TYPE_OBJECT
:
1894 case MONO_TYPE_SZARRAY
:
1895 case MONO_TYPE_ARRAY
:
1896 return TYPE_COMPLEX
| mask
;
1900 return TYPE_I8
| mask
;
1904 return TYPE_R8
| mask
;
1906 case MONO_TYPE_GENERICINST
:
1907 case MONO_TYPE_VALUETYPE
:
1908 if (mono_type_is_enum_type (type
)) {
1909 type
= mono_type_get_underlying_type_any (type
);
1912 type_kind
= type
->type
;
1915 return TYPE_COMPLEX
| mask
;
1923 /* convert MonoType to ILStackDesc format (stype) */
1925 set_stack_value (VerifyContext
*ctx
, ILStackDesc
*stack
, MonoType
*type
, int take_addr
)
1928 int type_kind
= type
->type
;
1930 if (type
->byref
|| take_addr
)
1931 mask
= POINTER_MASK
;
1932 /* TODO handle CMMP_MASK */
1937 switch (type_kind
) {
1940 case MONO_TYPE_BOOLEAN
:
1943 case MONO_TYPE_CHAR
:
1946 stack
->stype
= TYPE_I4
| mask
;
1950 stack
->stype
= TYPE_NATIVE_INT
| mask
;
1953 /*FIXME: Do we need to check if it's a pointer to the method pointer? The spec says it' illegal to have that.*/
1954 case MONO_TYPE_FNPTR
:
1956 case MONO_TYPE_TYPEDBYREF
:
1957 stack
->stype
= TYPE_PTR
| mask
;
1960 case MONO_TYPE_CLASS
:
1961 case MONO_TYPE_STRING
:
1962 case MONO_TYPE_OBJECT
:
1963 case MONO_TYPE_SZARRAY
:
1964 case MONO_TYPE_ARRAY
:
1967 case MONO_TYPE_MVAR
:
1968 stack
->stype
= TYPE_COMPLEX
| mask
;
1973 stack
->stype
= TYPE_I8
| mask
;
1977 stack
->stype
= TYPE_R8
| mask
;
1979 case MONO_TYPE_GENERICINST
:
1980 case MONO_TYPE_VALUETYPE
:
1981 if (mono_type_is_enum_type (type
)) {
1982 MonoType
*utype
= mono_type_get_underlying_type_any (type
);
1984 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Could not resolve underlying type of %x at %d", type
->type
, ctx
->ip_offset
));
1988 type_kind
= type
->type
;
1991 stack
->stype
= TYPE_COMPLEX
| mask
;
1995 VERIFIER_DEBUG ( printf ("unknown type 0x%02x in eval stack type\n", type
->type
); );
1996 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Illegal value set on stack 0x%02x at %d", type
->type
, ctx
->ip_offset
));
2003 * init_stack_with_value_at_exception_boundary:
2005 * Initialize the stack and push a given type.
2006 * The instruction is marked as been on the exception boundary.
2009 init_stack_with_value_at_exception_boundary (VerifyContext
*ctx
, ILCodeDesc
*code
, MonoClass
*klass
)
2012 MonoType
*type
= mono_class_inflate_generic_type_checked (&klass
->byval_arg
, ctx
->generic_context
, &error
);
2014 if (!mono_error_ok (&error
)) {
2015 char *name
= mono_type_get_full_name (klass
);
2016 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid class %s used for exception", name
));
2018 mono_error_cleanup (&error
);
2022 if (!ctx
->max_stack
) {
2023 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Stack overflow at 0x%04x", ctx
->ip_offset
));
2027 stack_init (ctx
, code
);
2028 ensure_stack_size (code
, 1);
2029 set_stack_value (ctx
, code
->stack
, type
, FALSE
);
2030 ctx
->exception_types
= g_slist_prepend (ctx
->exception_types
, type
);
2032 code
->flags
|= IL_CODE_FLAG_WAS_TARGET
;
2033 if (mono_type_is_generic_argument (type
))
2034 code
->stack
->stype
|= BOXED_MASK
;
2038 verifier_class_is_assignable_from (MonoClass
*target
, MonoClass
*candidate
)
2040 static MonoClass
* generic_icollection_class
= NULL
;
2041 static MonoClass
* generic_ienumerable_class
= NULL
;
2042 MonoClass
*iface_gtd
;
2044 if (mono_class_is_assignable_from (target
, candidate
))
2047 if (!MONO_CLASS_IS_INTERFACE (target
) || !target
->generic_class
|| candidate
->rank
!= 1)
2050 if (generic_icollection_class
== NULL
) {
2051 generic_icollection_class
= mono_class_from_name (mono_defaults
.corlib
,
2052 "System.Collections.Generic", "ICollection`1");
2053 generic_ienumerable_class
= mono_class_from_name (mono_defaults
.corlib
,
2054 "System.Collections.Generic", "IEnumerable`1");
2056 iface_gtd
= target
->generic_class
->container_class
;
2057 if (iface_gtd
!= mono_defaults
.generic_ilist_class
&& iface_gtd
!= generic_icollection_class
&& iface_gtd
!= generic_ienumerable_class
)
2060 target
= mono_class_from_mono_type (target
->generic_class
->context
.class_inst
->type_argv
[0]);
2061 candidate
= candidate
->element_class
;
2062 return mono_class_is_assignable_from (target
, candidate
);
2065 /*Verify if type 'candidate' can be stored in type 'target'.
2067 * If strict, check for the underlying type and not the verification stack types
2070 verify_type_compatibility_full (VerifyContext
*ctx
, MonoType
*target
, MonoType
*candidate
, gboolean strict
)
2072 #define IS_ONE_OF3(T, A, B, C) (T == A || T == B || T == C)
2073 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
2075 MonoType
*original_candidate
= candidate
;
2076 VERIFIER_DEBUG ( printf ("checking type compatibility %s x %s strict %d\n", mono_type_full_name (target
), mono_type_full_name (candidate
), strict
); );
2078 /*only one is byref */
2079 if (candidate
->byref
^ target
->byref
) {
2080 /* converting from native int to byref*/
2081 if (get_stack_type (candidate
) == TYPE_NATIVE_INT
&& target
->byref
) {
2082 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("using byref native int at 0x%04x", ctx
->ip_offset
));
2087 strict
|= target
->byref
;
2088 /*From now on we don't care about byref anymore, so it's ok to discard it here*/
2089 candidate
= mono_type_get_underlying_type_any (candidate
);
2092 switch (target
->type
) {
2093 case MONO_TYPE_VOID
:
2094 return candidate
->type
== MONO_TYPE_VOID
;
2097 case MONO_TYPE_BOOLEAN
:
2099 return IS_ONE_OF3 (candidate
->type
, MONO_TYPE_I1
, MONO_TYPE_U1
, MONO_TYPE_BOOLEAN
);
2102 case MONO_TYPE_CHAR
:
2104 return IS_ONE_OF3 (candidate
->type
, MONO_TYPE_I2
, MONO_TYPE_U2
, MONO_TYPE_CHAR
);
2106 case MONO_TYPE_U4
: {
2107 gboolean is_native_int
= IS_ONE_OF2 (candidate
->type
, MONO_TYPE_I
, MONO_TYPE_U
);
2108 gboolean is_int4
= IS_ONE_OF2 (candidate
->type
, MONO_TYPE_I4
, MONO_TYPE_U4
);
2110 return is_native_int
|| is_int4
;
2111 return is_native_int
|| get_stack_type (candidate
) == TYPE_I4
;
2116 return IS_ONE_OF2 (candidate
->type
, MONO_TYPE_I8
, MONO_TYPE_U8
);
2121 return candidate
->type
== target
->type
;
2122 return IS_ONE_OF2 (candidate
->type
, MONO_TYPE_R4
, MONO_TYPE_R8
);
2126 gboolean is_native_int
= IS_ONE_OF2 (candidate
->type
, MONO_TYPE_I
, MONO_TYPE_U
);
2127 gboolean is_int4
= IS_ONE_OF2 (candidate
->type
, MONO_TYPE_I4
, MONO_TYPE_U4
);
2129 return is_native_int
|| is_int4
;
2130 return is_native_int
|| get_stack_type (candidate
) == TYPE_I4
;
2134 if (candidate
->type
!= MONO_TYPE_PTR
)
2136 /* check the underlying type */
2137 return verify_type_compatibility_full (ctx
, target
->data
.type
, candidate
->data
.type
, TRUE
);
2139 case MONO_TYPE_FNPTR
: {
2140 MonoMethodSignature
*left
, *right
;
2141 if (candidate
->type
!= MONO_TYPE_FNPTR
)
2144 left
= mono_type_get_signature (target
);
2145 right
= mono_type_get_signature (candidate
);
2146 return mono_metadata_signature_equal (left
, right
) && left
->call_convention
== right
->call_convention
;
2149 case MONO_TYPE_GENERICINST
: {
2150 MonoClass
*target_klass
;
2151 MonoClass
*candidate_klass
;
2152 if (mono_type_is_enum_type (target
)) {
2153 target
= mono_type_get_underlying_type_any (target
);
2159 * VAR / MVAR compatibility must be checked by verify_stack_type_compatibility
2160 * to take boxing status into account.
2162 if (mono_type_is_generic_argument (original_candidate
))
2165 target_klass
= mono_class_from_mono_type (target
);
2166 candidate_klass
= mono_class_from_mono_type (candidate
);
2167 if (mono_class_is_nullable (target_klass
)) {
2168 if (!mono_class_is_nullable (candidate_klass
))
2170 return target_klass
== candidate_klass
;
2172 return verifier_class_is_assignable_from (target_klass
, candidate_klass
);
2175 case MONO_TYPE_STRING
:
2176 return candidate
->type
== MONO_TYPE_STRING
;
2178 case MONO_TYPE_CLASS
:
2180 * VAR / MVAR compatibility must be checked by verify_stack_type_compatibility
2181 * to take boxing status into account.
2183 if (mono_type_is_generic_argument (original_candidate
))
2186 if (candidate
->type
== MONO_TYPE_VALUETYPE
)
2189 /* If candidate is an enum it should return true for System.Enum and supertypes.
2190 * That's why here we use the original type and not the underlying type.
2192 return verifier_class_is_assignable_from (target
->data
.klass
, mono_class_from_mono_type (original_candidate
));
2194 case MONO_TYPE_OBJECT
:
2195 return MONO_TYPE_IS_REFERENCE (candidate
);
2197 case MONO_TYPE_SZARRAY
: {
2200 if (candidate
->type
!= MONO_TYPE_SZARRAY
)
2203 left
= mono_class_from_mono_type (target
);
2204 right
= mono_class_from_mono_type (candidate
);
2206 return verifier_class_is_assignable_from (left
, right
);
2209 case MONO_TYPE_ARRAY
:
2210 if (candidate
->type
!= MONO_TYPE_ARRAY
)
2212 return is_array_type_compatible (target
, candidate
);
2214 case MONO_TYPE_TYPEDBYREF
:
2215 return candidate
->type
== MONO_TYPE_TYPEDBYREF
;
2217 case MONO_TYPE_VALUETYPE
: {
2218 MonoClass
*target_klass
;
2219 MonoClass
*candidate_klass
;
2221 if (candidate
->type
== MONO_TYPE_CLASS
)
2224 target_klass
= mono_class_from_mono_type (target
);
2225 candidate_klass
= mono_class_from_mono_type (candidate
);
2226 if (target_klass
== candidate_klass
)
2228 if (mono_type_is_enum_type (target
)) {
2229 target
= mono_type_get_underlying_type_any (target
);
2238 if (candidate
->type
!= MONO_TYPE_VAR
)
2240 return mono_type_get_generic_param_num (candidate
) == mono_type_get_generic_param_num (target
);
2242 case MONO_TYPE_MVAR
:
2243 if (candidate
->type
!= MONO_TYPE_MVAR
)
2245 return mono_type_get_generic_param_num (candidate
) == mono_type_get_generic_param_num (target
);
2248 VERIFIER_DEBUG ( printf ("unknown store type %d\n", target
->type
); );
2249 g_assert_not_reached ();
2258 verify_type_compatibility (VerifyContext
*ctx
, MonoType
*target
, MonoType
*candidate
)
2260 return verify_type_compatibility_full (ctx
, target
, candidate
, FALSE
);
2264 * Returns the generic param bound to the context been verified.
2267 static MonoGenericParam
*
2268 get_generic_param (VerifyContext
*ctx
, MonoType
*param
)
2270 guint16 param_num
= mono_type_get_generic_param_num (param
);
2271 if (param
->type
== MONO_TYPE_VAR
) {
2272 if (!ctx
->generic_context
->class_inst
|| ctx
->generic_context
->class_inst
->type_argc
<= param_num
) {
2273 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid generic type argument %d", param_num
));
2276 return ctx
->generic_context
->class_inst
->type_argv
[param_num
]->data
.generic_param
;
2279 /*param must be a MVAR */
2280 if (!ctx
->generic_context
->method_inst
|| ctx
->generic_context
->method_inst
->type_argc
<= param_num
) {
2281 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid generic method argument %d", param_num
));
2284 return ctx
->generic_context
->method_inst
->type_argv
[param_num
]->data
.generic_param
;
2289 recursive_boxed_constraint_type_check (VerifyContext
*ctx
, MonoType
*type
, MonoClass
*constraint_class
, int recursion_level
)
2291 MonoType
*constraint_type
= &constraint_class
->byval_arg
;
2292 if (recursion_level
<= 0)
2295 if (verify_type_compatibility_full (ctx
, type
, mono_type_get_type_byval (constraint_type
), FALSE
))
2298 if (mono_type_is_generic_argument (constraint_type
)) {
2299 MonoGenericParam
*param
= get_generic_param (ctx
, constraint_type
);
2303 for (class = mono_generic_param_info (param
)->constraints
; class && *class; ++class) {
2304 if (recursive_boxed_constraint_type_check (ctx
, type
, *class, recursion_level
- 1))
2312 * is_compatible_boxed_valuetype:
2314 * Returns TRUE if @candidate / @stack is a valid boxed valuetype.
2316 * @type The source type. It it tested to be of the proper type.
2317 * @candidate type of the boxed valuetype.
2318 * @stack stack slot of the boxed valuetype, separate from @candidade since one could be changed before calling this function
2319 * @strict if TRUE candidate must be boxed compatible to the target type
2323 is_compatible_boxed_valuetype (VerifyContext
*ctx
, MonoType
*type
, MonoType
*candidate
, ILStackDesc
*stack
, gboolean strict
)
2325 if (!stack_slot_is_boxed_value (stack
))
2327 if (type
->byref
|| candidate
->byref
)
2330 if (mono_type_is_generic_argument (candidate
)) {
2331 MonoGenericParam
*param
= get_generic_param (ctx
, candidate
);
2336 for (class = mono_generic_param_info (param
)->constraints
; class && *class; ++class) {
2337 /*256 should be enough since there can't be more than 255 generic arguments.*/
2338 if (recursive_boxed_constraint_type_check (ctx
, type
, *class, 256))
2343 if (mono_type_is_generic_argument (type
))
2349 return MONO_TYPE_IS_REFERENCE (type
) && verifier_class_is_assignable_from (mono_class_from_mono_type (type
), mono_class_from_mono_type (candidate
));
2353 verify_stack_type_compatibility_full (VerifyContext
*ctx
, MonoType
*type
, ILStackDesc
*stack
, gboolean drop_byref
, gboolean valuetype_must_be_boxed
)
2355 MonoType
*candidate
= mono_type_from_stack_slot (stack
);
2356 if (MONO_TYPE_IS_REFERENCE (type
) && !type
->byref
&& stack_slot_is_null_literal (stack
))
2359 if (is_compatible_boxed_valuetype (ctx
, type
, candidate
, stack
, TRUE
))
2362 if (valuetype_must_be_boxed
&& !stack_slot_is_boxed_value (stack
) && !MONO_TYPE_IS_REFERENCE (candidate
))
2365 if (!valuetype_must_be_boxed
&& stack_slot_is_boxed_value (stack
))
2369 return verify_type_compatibility_full (ctx
, type
, mono_type_get_type_byval (candidate
), FALSE
);
2371 return verify_type_compatibility_full (ctx
, type
, candidate
, FALSE
);
2375 verify_stack_type_compatibility (VerifyContext
*ctx
, MonoType
*type
, ILStackDesc
*stack
)
2377 return verify_stack_type_compatibility_full (ctx
, type
, stack
, FALSE
, FALSE
);
2381 mono_delegate_type_equal (MonoType
*target
, MonoType
*candidate
)
2383 if (candidate
->byref
^ target
->byref
)
2386 switch (target
->type
) {
2387 case MONO_TYPE_VOID
:
2390 case MONO_TYPE_BOOLEAN
:
2393 case MONO_TYPE_CHAR
:
2402 case MONO_TYPE_STRING
:
2403 case MONO_TYPE_TYPEDBYREF
:
2404 return candidate
->type
== target
->type
;
2407 if (candidate
->type
!= MONO_TYPE_PTR
)
2409 return mono_delegate_type_equal (target
->data
.type
, candidate
->data
.type
);
2411 case MONO_TYPE_FNPTR
:
2412 if (candidate
->type
!= MONO_TYPE_FNPTR
)
2414 return mono_delegate_signature_equal (mono_type_get_signature (target
), mono_type_get_signature (candidate
), FALSE
);
2416 case MONO_TYPE_GENERICINST
: {
2417 MonoClass
*target_klass
;
2418 MonoClass
*candidate_klass
;
2419 target_klass
= mono_class_from_mono_type (target
);
2420 candidate_klass
= mono_class_from_mono_type (candidate
);
2421 /*FIXME handle nullables and enum*/
2422 return verifier_class_is_assignable_from (target_klass
, candidate_klass
);
2424 case MONO_TYPE_OBJECT
:
2425 return MONO_TYPE_IS_REFERENCE (candidate
);
2427 case MONO_TYPE_CLASS
:
2428 return verifier_class_is_assignable_from(target
->data
.klass
, mono_class_from_mono_type (candidate
));
2430 case MONO_TYPE_SZARRAY
:
2431 if (candidate
->type
!= MONO_TYPE_SZARRAY
)
2433 return verifier_class_is_assignable_from (mono_class_from_mono_type (target
)->element_class
, mono_class_from_mono_type (candidate
)->element_class
);
2435 case MONO_TYPE_ARRAY
:
2436 if (candidate
->type
!= MONO_TYPE_ARRAY
)
2438 return is_array_type_compatible (target
, candidate
);
2440 case MONO_TYPE_VALUETYPE
:
2441 /*FIXME handle nullables and enum*/
2442 return mono_class_from_mono_type (candidate
) == mono_class_from_mono_type (target
);
2445 return candidate
->type
== MONO_TYPE_VAR
&& mono_type_get_generic_param_num (target
) == mono_type_get_generic_param_num (candidate
);
2448 case MONO_TYPE_MVAR
:
2449 return candidate
->type
== MONO_TYPE_MVAR
&& mono_type_get_generic_param_num (target
) == mono_type_get_generic_param_num (candidate
);
2453 VERIFIER_DEBUG ( printf ("Unknown type %d. Implement me!\n", target
->type
); );
2454 g_assert_not_reached ();
2460 mono_delegate_param_equal (MonoType
*delegate
, MonoType
*method
)
2462 if (mono_metadata_type_equal_full (delegate
, method
, TRUE
))
2465 return mono_delegate_type_equal (method
, delegate
);
2469 mono_delegate_ret_equal (MonoType
*delegate
, MonoType
*method
)
2471 if (mono_metadata_type_equal_full (delegate
, method
, TRUE
))
2474 return mono_delegate_type_equal (delegate
, method
);
2478 * mono_delegate_signature_equal:
2480 * Compare two signatures in the way expected by delegates.
2482 * This function only exists due to the fact that it should ignore the 'has_this' part of the signature.
2484 * FIXME can this function be eliminated and proper metadata functionality be used?
2487 mono_delegate_signature_equal (MonoMethodSignature
*delegate_sig
, MonoMethodSignature
*method_sig
, gboolean is_static_ldftn
)
2490 int method_offset
= is_static_ldftn
? 1 : 0;
2492 if (delegate_sig
->param_count
+ method_offset
!= method_sig
->param_count
)
2495 if (delegate_sig
->call_convention
!= method_sig
->call_convention
)
2498 for (i
= 0; i
< delegate_sig
->param_count
; i
++) {
2499 MonoType
*p1
= delegate_sig
->params
[i
];
2500 MonoType
*p2
= method_sig
->params
[i
+ method_offset
];
2502 if (!mono_delegate_param_equal (p1
, p2
))
2506 if (!mono_delegate_ret_equal (delegate_sig
->ret
, method_sig
->ret
))
2513 mono_verifier_is_signature_compatible (MonoMethodSignature
*target
, MonoMethodSignature
*candidate
)
2515 return mono_delegate_signature_equal (target
, candidate
, FALSE
);
2519 * verify_ldftn_delegate:
2521 * Verify properties of ldftn based delegates.
2524 verify_ldftn_delegate (VerifyContext
*ctx
, MonoClass
*delegate
, ILStackDesc
*value
, ILStackDesc
*funptr
)
2526 MonoMethod
*method
= funptr
->method
;
2528 /*ldftn non-final virtuals only allowed if method is not static,
2529 * the object is a this arg (comes from a ldarg.0), and there is no starg.0.
2530 * This rules doesn't apply if the object on stack is a boxed valuetype.
2532 if ((method
->flags
& METHOD_ATTRIBUTE_VIRTUAL
) && !(method
->flags
& METHOD_ATTRIBUTE_FINAL
) && !(method
->klass
->flags
& TYPE_ATTRIBUTE_SEALED
) && !stack_slot_is_boxed_value (value
)) {
2533 /*A stdarg 0 must not happen, we fail here only in fail fast mode to avoid double error reports*/
2534 if (IS_FAIL_FAST_MODE (ctx
) && ctx
->has_this_store
)
2535 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", ctx
->ip_offset
));
2537 /*current method must not be static*/
2538 if (ctx
->method
->flags
& METHOD_ATTRIBUTE_STATIC
)
2539 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid ldftn with virtual function at 0x%04x", ctx
->ip_offset
));
2541 /*value is the this pointer, loaded using ldarg.0 */
2542 if (!stack_slot_is_this_pointer (value
))
2543 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid object argument, it is not the this pointer, to ldftn with virtual method at 0x%04x", ctx
->ip_offset
));
2545 ctx
->code
[ctx
->ip_offset
].flags
|= IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL
;
2550 * verify_delegate_compatibility:
2552 * Verify delegate creation sequence.
2556 verify_delegate_compatibility (VerifyContext
*ctx
, MonoClass
*delegate
, ILStackDesc
*value
, ILStackDesc
*funptr
)
2558 #define IS_VALID_OPCODE(offset, opcode) (ip [ip_offset - offset] == opcode && (ctx->code [ip_offset - offset].flags & IL_CODE_FLAG_SEEN))
2559 #define IS_LOAD_FUN_PTR(kind) (IS_VALID_OPCODE (6, CEE_PREFIX1) && ip [ip_offset - 5] == kind)
2561 MonoMethod
*invoke
, *method
;
2562 const guint8
*ip
= ctx
->header
->code
;
2563 guint32 ip_offset
= ctx
->ip_offset
;
2564 gboolean is_static_ldftn
= FALSE
, is_first_arg_bound
= FALSE
;
2566 if (stack_slot_get_type (funptr
) != TYPE_PTR
|| !funptr
->method
) {
2567 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid function pointer parameter for delegate constructor at 0x%04x", ctx
->ip_offset
));
2571 invoke
= mono_get_delegate_invoke (delegate
);
2572 method
= funptr
->method
;
2574 if (!method
|| !mono_method_signature (method
)) {
2575 char *name
= mono_type_get_full_name (delegate
);
2576 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid method on stack to create delegate %s construction at 0x%04x", name
, ctx
->ip_offset
));
2581 if (!invoke
|| !mono_method_signature (invoke
)) {
2582 char *name
= mono_type_get_full_name (delegate
);
2583 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Delegate type %s with bad Invoke method at 0x%04x", name
, ctx
->ip_offset
));
2588 is_static_ldftn
= (ip_offset
> 5 && IS_LOAD_FUN_PTR (CEE_LDFTN
)) && method
->flags
& METHOD_ATTRIBUTE_STATIC
;
2590 if (is_static_ldftn
)
2591 is_first_arg_bound
= mono_method_signature (invoke
)->param_count
+ 1 == mono_method_signature (method
)->param_count
;
2593 if (!mono_delegate_signature_equal (mono_method_signature (invoke
), mono_method_signature (method
), is_first_arg_bound
)) {
2594 char *fun_sig
= mono_signature_get_desc (mono_method_signature (method
), FALSE
);
2595 char *invoke_sig
= mono_signature_get_desc (mono_method_signature (invoke
), FALSE
);
2596 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Function pointer signature '%s' doesn't match delegate's signature '%s' at 0x%04x", fun_sig
, invoke_sig
, ctx
->ip_offset
));
2598 g_free (invoke_sig
);
2602 * Delegate code sequences:
2608 * [-6] ldvirtftn token
2612 if (ip_offset
> 5 && IS_LOAD_FUN_PTR (CEE_LDFTN
)) {
2613 verify_ldftn_delegate (ctx
, delegate
, value
, funptr
);
2614 } else if (ip_offset
> 6 && IS_VALID_OPCODE (7, CEE_DUP
) && IS_LOAD_FUN_PTR (CEE_LDVIRTFTN
)) {
2615 ctx
->code
[ip_offset
- 6].flags
|= IL_CODE_DELEGATE_SEQUENCE
;
2617 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid code sequence for delegate creation at 0x%04x", ctx
->ip_offset
));
2619 ctx
->code
[ip_offset
].flags
|= IL_CODE_DELEGATE_SEQUENCE
;
2622 if (is_first_arg_bound
) {
2623 if (mono_method_signature (method
)->param_count
== 0 || !verify_stack_type_compatibility_full (ctx
, mono_method_signature (method
)->params
[0], value
, FALSE
, TRUE
))
2624 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx
->ip_offset
));
2626 if (method
->flags
& METHOD_ATTRIBUTE_STATIC
) {
2627 if (!stack_slot_is_null_literal (value
) && !is_first_arg_bound
)
2628 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Non-null this args used with static function for delegate creation at 0x%04x", ctx
->ip_offset
));
2630 if (!verify_stack_type_compatibility_full (ctx
, &method
->klass
->byval_arg
, value
, FALSE
, TRUE
) && !stack_slot_is_null_literal (value
))
2631 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx
->ip_offset
));
2635 if (stack_slot_get_type (value
) != TYPE_COMPLEX
)
2636 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid first parameter for delegate creation at 0x%04x", ctx
->ip_offset
));
2638 #undef IS_VALID_OPCODE
2639 #undef IS_LOAD_FUN_PTR
2642 /* implement the opcode checks*/
2644 push_arg (VerifyContext
*ctx
, unsigned int arg
, int take_addr
)
2648 if (arg
>= ctx
->max_args
) {
2650 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Method doesn't have argument %d", arg
+ 1));
2652 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Method doesn't have argument %d", arg
+ 1));
2653 if (check_overflow (ctx
)) //FIXME: what sane value could we ever push?
2654 stack_push_val (ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
2656 } else if (check_overflow (ctx
)) {
2657 /*We must let the value be pushed, otherwise we would get an underflow error*/
2658 check_unverifiable_type (ctx
, ctx
->params
[arg
]);
2659 if (ctx
->params
[arg
]->byref
&& take_addr
)
2660 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx
->ip_offset
));
2661 top
= stack_push (ctx
);
2662 if (!set_stack_value (ctx
, top
, ctx
->params
[arg
], take_addr
))
2665 if (arg
== 0 && !(ctx
->method
->flags
& METHOD_ATTRIBUTE_STATIC
)) {
2667 ctx
->has_this_store
= TRUE
;
2669 top
->stype
|= THIS_POINTER_MASK
;
2670 if (mono_method_is_constructor (ctx
->method
) && !ctx
->super_ctor_called
&& !ctx
->method
->klass
->valuetype
)
2671 top
->stype
|= UNINIT_THIS_MASK
;
2677 push_local (VerifyContext
*ctx
, guint32 arg
, int take_addr
)
2679 if (arg
>= ctx
->num_locals
) {
2680 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Method doesn't have local %d", arg
+ 1));
2681 } else if (check_overflow (ctx
)) {
2682 /*We must let the value be pushed, otherwise we would get an underflow error*/
2683 check_unverifiable_type (ctx
, ctx
->locals
[arg
]);
2684 if (ctx
->locals
[arg
]->byref
&& take_addr
)
2685 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx
->ip_offset
));
2687 set_stack_value (ctx
, stack_push (ctx
), ctx
->locals
[arg
], take_addr
);
2692 store_arg (VerifyContext
*ctx
, guint32 arg
)
2696 if (arg
>= ctx
->max_args
) {
2697 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Method doesn't have argument %d at 0x%04x", arg
+ 1, ctx
->ip_offset
));
2698 if (check_underflow (ctx
, 1))
2703 if (check_underflow (ctx
, 1)) {
2704 value
= stack_pop (ctx
);
2705 if (!verify_stack_type_compatibility (ctx
, ctx
->params
[arg
], value
)) {
2706 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible type %s in argument store at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
2709 if (arg
== 0 && !(ctx
->method
->flags
& METHOD_ATTRIBUTE_STATIC
))
2710 ctx
->has_this_store
= 1;
2714 store_local (VerifyContext
*ctx
, guint32 arg
)
2717 if (arg
>= ctx
->num_locals
) {
2718 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Method doesn't have local var %d at 0x%04x", arg
+ 1, ctx
->ip_offset
));
2722 /*TODO verify definite assigment */
2723 if (check_underflow (ctx
, 1)) {
2724 value
= stack_pop(ctx
);
2725 if (!verify_stack_type_compatibility (ctx
, ctx
->locals
[arg
], value
)) {
2726 char *expected
= mono_type_full_name (ctx
->locals
[arg
]);
2727 char *found
= stack_slot_full_name (value
);
2728 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible type '%s' on stack cannot be stored to local %d with type '%s' at 0x%04x",
2739 /*FIXME add and sub needs special care here*/
2741 do_binop (VerifyContext
*ctx
, unsigned int opcode
, const unsigned char table
[TYPE_MAX
][TYPE_MAX
])
2743 ILStackDesc
*a
, *b
, *top
;
2744 int idxa
, idxb
, complexMerge
= 0;
2747 if (!check_underflow (ctx
, 2))
2749 b
= stack_pop (ctx
);
2750 a
= stack_pop (ctx
);
2752 idxa
= stack_slot_get_underlying_type (a
);
2753 if (stack_slot_is_managed_pointer (a
)) {
2758 idxb
= stack_slot_get_underlying_type (b
);
2759 if (stack_slot_is_managed_pointer (b
)) {
2766 res
= table
[idxa
][idxb
];
2768 VERIFIER_DEBUG ( printf ("binop res %d\n", res
); );
2769 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa
, idxb
); );
2771 top
= stack_push (ctx
);
2772 if (res
== TYPE_INV
) {
2773 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Binary instruction applyed to ill formed stack (%s x %s)", stack_slot_get_name (a
), stack_slot_get_name (b
)));
2774 copy_stack_value (top
, a
);
2778 if (res
& NON_VERIFIABLE_RESULT
) {
2779 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Binary instruction is not verifiable (%s x %s)", stack_slot_get_name (a
), stack_slot_get_name (b
)));
2781 res
= res
& ~NON_VERIFIABLE_RESULT
;
2784 if (complexMerge
&& res
== TYPE_PTR
) {
2785 if (complexMerge
== 1)
2786 copy_stack_value (top
, a
);
2787 else if (complexMerge
== 2)
2788 copy_stack_value (top
, b
);
2790 * There is no need to merge the type of two pointers.
2791 * The only valid operation is subtraction, that returns a native
2792 * int as result and can be used with any 2 pointer kinds.
2793 * This is valid acording to Patition III 1.1.4
2802 do_boolean_branch_op (VerifyContext
*ctx
, int delta
)
2804 int target
= ctx
->ip_offset
+ delta
;
2807 VERIFIER_DEBUG ( printf ("boolean branch offset %d delta %d target %d\n", ctx
->ip_offset
, delta
, target
); );
2809 if (target
< 0 || target
>= ctx
->code_size
) {
2810 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Boolean branch target out of code at 0x%04x", ctx
->ip_offset
));
2814 switch (is_valid_branch_instruction (ctx
->header
, ctx
->ip_offset
, target
)) {
2816 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
2819 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
2823 ctx
->target
= target
;
2825 if (!check_underflow (ctx
, 1))
2828 top
= stack_pop (ctx
);
2829 if (!is_valid_bool_arg (top
))
2830 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Argument type %s not valid for brtrue/brfalse at 0x%04x", stack_slot_get_name (top
), ctx
->ip_offset
));
2832 check_unmanaged_pointer (ctx
, top
);
2836 stack_slot_is_complex_type_not_reference_type (ILStackDesc
*slot
)
2838 return stack_slot_get_type (slot
) == TYPE_COMPLEX
&& !MONO_TYPE_IS_REFERENCE (slot
->type
) && !stack_slot_is_boxed_value (slot
);
2842 do_branch_op (VerifyContext
*ctx
, signed int delta
, const unsigned char table
[TYPE_MAX
][TYPE_MAX
])
2847 int target
= ctx
->ip_offset
+ delta
;
2849 VERIFIER_DEBUG ( printf ("branch offset %d delta %d target %d\n", ctx
->ip_offset
, delta
, target
); );
2851 if (target
< 0 || target
>= ctx
->code_size
) {
2852 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Branch target out of code at 0x%04x", ctx
->ip_offset
));
2856 switch (is_valid_cmp_branch_instruction (ctx
->header
, ctx
->ip_offset
, target
)) {
2857 case 1: /*FIXME use constants and not magic numbers.*/
2858 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
2861 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
2865 ctx
->target
= target
;
2867 if (!check_underflow (ctx
, 2))
2870 b
= stack_pop (ctx
);
2871 a
= stack_pop (ctx
);
2873 idxa
= stack_slot_get_underlying_type (a
);
2874 if (stack_slot_is_managed_pointer (a
))
2877 idxb
= stack_slot_get_underlying_type (b
);
2878 if (stack_slot_is_managed_pointer (b
))
2881 if (stack_slot_is_complex_type_not_reference_type (a
) || stack_slot_is_complex_type_not_reference_type (b
)) {
2886 res
= table
[idxa
][idxb
];
2889 VERIFIER_DEBUG ( printf ("branch res %d\n", res
); );
2890 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa
, idxb
); );
2892 if (res
== TYPE_INV
) {
2893 CODE_NOT_VERIFIABLE (ctx
,
2894 g_strdup_printf ("Compare and Branch instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a
), stack_slot_get_name (b
), ctx
->ip_offset
));
2895 } else if (res
& NON_VERIFIABLE_RESULT
) {
2896 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Compare and Branch instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a
), stack_slot_get_name (b
), ctx
->ip_offset
));
2897 res
= res
& ~NON_VERIFIABLE_RESULT
;
2902 do_cmp_op (VerifyContext
*ctx
, const unsigned char table
[TYPE_MAX
][TYPE_MAX
], guint32 opcode
)
2908 if (!check_underflow (ctx
, 2))
2910 b
= stack_pop (ctx
);
2911 a
= stack_pop (ctx
);
2913 if (opcode
== CEE_CGT_UN
) {
2914 if (stack_slot_get_type (a
) == TYPE_COMPLEX
&& stack_slot_get_type (b
) == TYPE_COMPLEX
) {
2915 stack_push_val (ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
2920 idxa
= stack_slot_get_underlying_type (a
);
2921 if (stack_slot_is_managed_pointer (a
))
2924 idxb
= stack_slot_get_underlying_type (b
);
2925 if (stack_slot_is_managed_pointer (b
))
2928 if (stack_slot_is_complex_type_not_reference_type (a
) || stack_slot_is_complex_type_not_reference_type (b
)) {
2933 res
= table
[idxa
][idxb
];
2936 if(res
== TYPE_INV
) {
2937 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf("Compare instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a
), stack_slot_get_name (b
), ctx
->ip_offset
));
2938 } else if (res
& NON_VERIFIABLE_RESULT
) {
2939 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Compare instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a
), stack_slot_get_name (b
), ctx
->ip_offset
));
2940 res
= res
& ~NON_VERIFIABLE_RESULT
;
2942 stack_push_val (ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
2946 do_ret (VerifyContext
*ctx
)
2948 MonoType
*ret
= ctx
->signature
->ret
;
2949 VERIFIER_DEBUG ( printf ("checking ret\n"); );
2950 if (ret
->type
!= MONO_TYPE_VOID
) {
2952 if (!check_underflow (ctx
, 1))
2955 top
= stack_pop(ctx
);
2957 if (!verify_stack_type_compatibility (ctx
, ctx
->signature
->ret
, top
)) {
2958 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible return value on stack with method signature ret at 0x%04x", ctx
->ip_offset
));
2962 if (ret
->byref
|| ret
->type
== MONO_TYPE_TYPEDBYREF
|| mono_type_is_value_type (ret
, "System", "ArgIterator") || mono_type_is_value_type (ret
, "System", "RuntimeArgumentHandle"))
2963 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Method returns byref, TypedReference, ArgIterator or RuntimeArgumentHandle at 0x%04x", ctx
->ip_offset
));
2966 if (ctx
->eval
.size
> 0) {
2967 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Stack not empty (%d) after ret at 0x%04x", ctx
->eval
.size
, ctx
->ip_offset
));
2969 if (in_any_block (ctx
->header
, ctx
->ip_offset
))
2970 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("ret cannot escape exception blocks at 0x%04x", ctx
->ip_offset
));
2974 * FIXME we need to fix the case of a non-virtual instance method defined in the parent but call using a token pointing to a subclass.
2975 * This is illegal but mono_get_method_full decoded it.
2976 * TODO handle calling .ctor outside one or calling the .ctor for other class but super
2979 do_invoke_method (VerifyContext
*ctx
, int method_token
, gboolean
virtual)
2982 MonoMethodSignature
*sig
;
2985 gboolean virt_check_this
= FALSE
;
2986 gboolean constrained
= ctx
->prefix_set
& PREFIX_CONSTRAINED
;
2988 if (!(method
= verifier_load_method (ctx
, method_token
, virtual ? "callvirt" : "call")))
2992 CLEAR_PREFIX (ctx
, PREFIX_CONSTRAINED
);
2994 if (method
->klass
->valuetype
) // && !constrained ???
2995 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use callvirtual with valuetype method at 0x%04x", ctx
->ip_offset
));
2997 if ((method
->flags
& METHOD_ATTRIBUTE_STATIC
))
2998 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use callvirtual with static method at 0x%04x", ctx
->ip_offset
));
3001 if (method
->flags
& METHOD_ATTRIBUTE_ABSTRACT
)
3002 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use call with an abstract method at 0x%04x", ctx
->ip_offset
));
3004 if ((method
->flags
& METHOD_ATTRIBUTE_VIRTUAL
) && !(method
->flags
& METHOD_ATTRIBUTE_FINAL
) && !(method
->klass
->flags
& TYPE_ATTRIBUTE_SEALED
)) {
3005 virt_check_this
= TRUE
;
3006 ctx
->code
[ctx
->ip_offset
].flags
|= IL_CODE_CALL_NONFINAL_VIRTUAL
;
3010 if (!(sig
= mono_method_get_signature_full (method
, ctx
->image
, method_token
, ctx
->generic_context
)))
3011 sig
= mono_method_get_signature (method
, ctx
->image
, method_token
);
3014 char *name
= mono_type_get_full_name (method
->klass
);
3015 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Could not resolve signature of %s:%s at 0x%04x", name
, method
->name
, ctx
->ip_offset
));
3020 param_count
= sig
->param_count
+ sig
->hasthis
;
3021 if (!check_underflow (ctx
, param_count
))
3024 for (i
= sig
->param_count
- 1; i
>= 0; --i
) {
3025 VERIFIER_DEBUG ( printf ("verifying argument %d\n", i
); );
3026 value
= stack_pop (ctx
);
3027 if (!verify_stack_type_compatibility (ctx
, sig
->params
[i
], value
)) {
3028 char *stack_name
= stack_slot_full_name (value
);
3029 char *sig_name
= mono_type_full_name (sig
->params
[i
]);
3030 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible parameter with function signature: Calling method with signature (%s) but for argument %d there is a (%s) on stack at 0x%04x", sig_name
, i
, stack_name
, ctx
->ip_offset
));
3031 g_free (stack_name
);
3035 if (stack_slot_is_managed_mutability_pointer (value
))
3036 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer as argument of %s at 0x%04x", virtual ? "callvirt" : "call", ctx
->ip_offset
));
3038 if ((ctx
->prefix_set
& PREFIX_TAIL
) && stack_slot_is_managed_pointer (value
)) {
3039 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Cannot pass a byref argument to a tail %s at 0x%04x", virtual ? "callvirt" : "call", ctx
->ip_offset
));
3045 MonoType
*type
= &method
->klass
->byval_arg
;
3048 if (mono_method_is_constructor (method
) && !method
->klass
->valuetype
) {
3049 if (!mono_method_is_constructor (ctx
->method
))
3050 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot call a constructor outside one at 0x%04x", ctx
->ip_offset
));
3051 if (method
->klass
!= ctx
->method
->klass
->parent
&& method
->klass
!= ctx
->method
->klass
)
3052 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot call a constructor to a type diferent that this or super at 0x%04x", ctx
->ip_offset
));
3054 ctx
->super_ctor_called
= TRUE
;
3055 value
= stack_pop_safe (ctx
);
3056 if ((value
->stype
& THIS_POINTER_MASK
) != THIS_POINTER_MASK
)
3057 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid 'this ptr' argument for constructor at 0x%04x", ctx
->ip_offset
));
3059 value
= stack_pop (ctx
);
3062 copy_stack_value (©
, value
);
3063 //TODO we should extract this to a 'drop_byref_argument' and use everywhere
3064 //Other parts of the code suffer from the same issue of
3065 copy
.type
= mono_type_get_type_byval (copy
.type
);
3066 copy
.stype
&= ~POINTER_MASK
;
3068 if (virt_check_this
&& !stack_slot_is_this_pointer (value
) && !(method
->klass
->valuetype
|| stack_slot_is_boxed_value (value
)))
3069 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use the call opcode with a non-final virtual method on an object diferent thant the this pointer at 0x%04x", ctx
->ip_offset
));
3071 if (constrained
&& virtual) {
3072 if (!stack_slot_is_managed_pointer (value
))
3073 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Object is not a managed pointer for a constrained call at 0x%04x", ctx
->ip_offset
));
3074 if (!mono_metadata_type_equal_full (mono_type_get_type_byval (value
->type
), ctx
->constrained_type
, TRUE
))
3075 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Object not compatible with constrained type at 0x%04x", ctx
->ip_offset
));
3076 copy
.stype
|= BOXED_MASK
;
3078 if (stack_slot_is_managed_pointer (value
) && !mono_class_from_mono_type (value
->type
)->valuetype
)
3079 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot call a reference type using a managed pointer to the this arg at 0x%04x", ctx
->ip_offset
));
3081 if (!virtual && mono_class_from_mono_type (value
->type
)->valuetype
&& !method
->klass
->valuetype
&& !stack_slot_is_boxed_value (value
))
3082 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot call a valuetype baseclass at 0x%04x", ctx
->ip_offset
));
3084 if (virtual && mono_class_from_mono_type (value
->type
)->valuetype
&& !stack_slot_is_boxed_value (value
))
3085 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a valuetype with callvirt at 0x%04x", ctx
->ip_offset
));
3087 if (method
->klass
->valuetype
&& (stack_slot_is_boxed_value (value
) || !stack_slot_is_managed_pointer (value
)))
3088 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a boxed or literal valuetype to call a valuetype method at 0x%04x", ctx
->ip_offset
));
3090 if (!verify_stack_type_compatibility (ctx
, type
, ©
)) {
3091 char *expected
= mono_type_full_name (type
);
3092 char *effective
= stack_slot_full_name (©
);
3093 char *method_name
= mono_method_full_name (method
, TRUE
);
3094 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible this argument on stack with method signature expected '%s' but got '%s' for a call to '%s' at 0x%04x",
3095 expected
, effective
, method_name
, ctx
->ip_offset
));
3096 g_free (method_name
);
3101 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_method_full (ctx
->method
, method
, mono_class_from_mono_type (value
->type
))) {
3102 char *name
= mono_method_full_name (method
, TRUE
);
3103 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Method %s is not accessible at 0x%04x", name
, ctx
->ip_offset
), MONO_EXCEPTION_METHOD_ACCESS
);
3107 } else if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_method_full (ctx
->method
, method
, NULL
)) {
3108 char *name
= mono_method_full_name (method
, TRUE
);
3109 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Method %s is not accessible at 0x%04x", name
, ctx
->ip_offset
), MONO_EXCEPTION_METHOD_ACCESS
);
3113 if (sig
->ret
->type
!= MONO_TYPE_VOID
) {
3114 if (!mono_type_is_valid_in_context (ctx
, sig
->ret
))
3117 if (check_overflow (ctx
)) {
3118 value
= stack_push (ctx
);
3119 set_stack_value (ctx
, value
, sig
->ret
, FALSE
);
3120 if ((ctx
->prefix_set
& PREFIX_READONLY
) && method
->klass
->rank
&& !strcmp (method
->name
, "Address")) {
3121 ctx
->prefix_set
&= ~PREFIX_READONLY
;
3122 value
->stype
|= CMMP_MASK
;
3127 if ((ctx
->prefix_set
& PREFIX_TAIL
)) {
3128 if (!mono_delegate_ret_equal (mono_method_signature (ctx
->method
)->ret
, sig
->ret
))
3129 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Tail call with incompatible return type at 0x%04x", ctx
->ip_offset
));
3130 if (ctx
->header
->code
[ctx
->ip_offset
+ 5] != CEE_RET
)
3131 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Tail call not followed by ret at 0x%04x", ctx
->ip_offset
));
3137 do_push_static_field (VerifyContext
*ctx
, int token
, gboolean take_addr
)
3139 MonoClassField
*field
;
3141 if (!check_overflow (ctx
))
3144 CLEAR_PREFIX (ctx
, PREFIX_VOLATILE
);
3146 if (!(field
= verifier_load_field (ctx
, token
, &klass
, take_addr
? "ldsflda" : "ldsfld")))
3149 if (!(field
->type
->attrs
& FIELD_ATTRIBUTE_STATIC
)) {
3150 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Cannot load non static field at 0x%04x", ctx
->ip_offset
));
3153 /*taking the address of initonly field only works from the static constructor */
3154 if (take_addr
&& (field
->type
->attrs
& FIELD_ATTRIBUTE_INIT_ONLY
) &&
3155 !(field
->parent
== ctx
->method
->klass
&& (ctx
->method
->flags
& (METHOD_ATTRIBUTE_SPECIAL_NAME
| METHOD_ATTRIBUTE_STATIC
)) && !strcmp (".cctor", ctx
->method
->name
)))
3156 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx
->ip_offset
));
3158 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_field_full (ctx
->method
, field
, NULL
))
3159 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_FIELD_ACCESS
);
3161 set_stack_value (ctx
, stack_push (ctx
), field
->type
, take_addr
);
3165 do_store_static_field (VerifyContext
*ctx
, int token
) {
3166 MonoClassField
*field
;
3169 CLEAR_PREFIX (ctx
, PREFIX_VOLATILE
);
3171 if (!check_underflow (ctx
, 1))
3174 value
= stack_pop (ctx
);
3176 if (!(field
= verifier_load_field (ctx
, token
, &klass
, "stsfld")))
3179 if (!(field
->type
->attrs
& FIELD_ATTRIBUTE_STATIC
)) {
3180 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Cannot store non static field at 0x%04x", ctx
->ip_offset
));
3184 if (field
->type
->type
== MONO_TYPE_TYPEDBYREF
) {
3185 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Typedbyref field is an unverfiable type in store static field at 0x%04x", ctx
->ip_offset
));
3189 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_field_full (ctx
->method
, field
, NULL
))
3190 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_FIELD_ACCESS
);
3192 if (!verify_stack_type_compatibility (ctx
, field
->type
, value
)) {
3193 char *stack_name
= stack_slot_full_name (value
);
3194 char *field_name
= mono_type_full_name (field
->type
);
3195 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible type in static field store expected '%s' but found '%s' at 0x%04x",
3196 field_name
, stack_name
, ctx
->ip_offset
));
3197 g_free (field_name
);
3198 g_free (stack_name
);
3203 check_is_valid_type_for_field_ops (VerifyContext
*ctx
, int token
, ILStackDesc
*obj
, MonoClassField
**ret_field
, const char *opcode
)
3205 MonoClassField
*field
;
3207 gboolean is_pointer
;
3209 /*must be a reference type, a managed pointer, an unamanaged pointer, or a valuetype*/
3210 if (!(field
= verifier_load_field (ctx
, token
, &klass
, opcode
)))
3214 //the value on stack is going to be used as a pointer
3215 is_pointer
= stack_slot_get_type (obj
) == TYPE_PTR
|| (stack_slot_get_type (obj
) == TYPE_NATIVE_INT
&& !get_stack_type (&field
->parent
->byval_arg
));
3217 if (field
->type
->type
== MONO_TYPE_TYPEDBYREF
) {
3218 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Typedbyref field is an unverfiable type at 0x%04x", ctx
->ip_offset
));
3221 g_assert (obj
->type
);
3223 /*The value on the stack must be a subclass of the defining type of the field*/
3224 /* we need to check if we can load the field from the stack value*/
3226 if (stack_slot_get_underlying_type (obj
) == TYPE_NATIVE_INT
)
3227 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Native int is not a verifiable type to reference a field at 0x%04x", ctx
->ip_offset
));
3229 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_field_full (ctx
->method
, field
, NULL
))
3230 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_FIELD_ACCESS
);
3232 if (!field
->parent
->valuetype
&& stack_slot_is_managed_pointer (obj
))
3233 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type at stack is a managed pointer to a reference type and is not compatible to reference the field at 0x%04x", ctx
->ip_offset
));
3235 /*a value type can be loaded from a value or a managed pointer, but not a boxed object*/
3236 if (field
->parent
->valuetype
&& stack_slot_is_boxed_value (obj
))
3237 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type at stack is a boxed valuetype and is not compatible to reference the field at 0x%04x", ctx
->ip_offset
));
3239 if (!stack_slot_is_null_literal (obj
) && !verify_stack_type_compatibility_full (ctx
, &field
->parent
->byval_arg
, obj
, TRUE
, FALSE
)) {
3240 char *found
= stack_slot_full_name (obj
);
3241 char *expected
= mono_type_full_name (&field
->parent
->byval_arg
);
3242 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Expected type '%s' but found '%s' referencing the 'this' argument at 0x%04x", expected
, found
, ctx
->ip_offset
));
3247 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_field_full (ctx
->method
, field
, mono_class_from_mono_type (obj
->type
)))
3248 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_FIELD_ACCESS
);
3251 check_unmanaged_pointer (ctx
, obj
);
3256 do_push_field (VerifyContext
*ctx
, int token
, gboolean take_addr
)
3259 MonoClassField
*field
;
3262 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3264 if (!check_underflow (ctx
, 1))
3266 obj
= stack_pop_safe (ctx
);
3268 if (!check_is_valid_type_for_field_ops (ctx
, token
, obj
, &field
, take_addr
? "ldflda" : "ldfld"))
3271 if (take_addr
&& field
->parent
->valuetype
&& !stack_slot_is_managed_pointer (obj
))
3272 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot take the address of a temporary value-type at 0x%04x", ctx
->ip_offset
));
3274 if (take_addr
&& (field
->type
->attrs
& FIELD_ATTRIBUTE_INIT_ONLY
) &&
3275 !(field
->parent
== ctx
->method
->klass
&& mono_method_is_constructor (ctx
->method
)))
3276 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx
->ip_offset
));
3278 set_stack_value (ctx
, stack_push (ctx
), field
->type
, take_addr
);
3282 do_store_field (VerifyContext
*ctx
, int token
)
3284 ILStackDesc
*value
, *obj
;
3285 MonoClassField
*field
;
3286 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3288 if (!check_underflow (ctx
, 2))
3291 value
= stack_pop (ctx
);
3292 obj
= stack_pop_safe (ctx
);
3294 if (!check_is_valid_type_for_field_ops (ctx
, token
, obj
, &field
, "stfld"))
3297 if (!verify_stack_type_compatibility (ctx
, field
->type
, value
))
3298 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible type %s in field store at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3301 /*TODO proper handle for Nullable<T>*/
3303 do_box_value (VerifyContext
*ctx
, int klass_token
)
3306 MonoType
*type
= get_boxable_mono_type (ctx
, klass_token
, "box");
3312 if (!check_underflow (ctx
, 1))
3315 value
= stack_pop (ctx
);
3316 /*box is a nop for reference types*/
3318 if (stack_slot_get_underlying_type (value
) == TYPE_COMPLEX
&& MONO_TYPE_IS_REFERENCE (value
->type
) && MONO_TYPE_IS_REFERENCE (type
)) {
3319 stack_push_stack_val (ctx
, value
)->stype
|= BOXED_MASK
;
3324 if (!verify_stack_type_compatibility (ctx
, type
, value
))
3325 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type at stack for boxing operation at 0x%04x", ctx
->ip_offset
));
3327 klass
= mono_class_from_mono_type (type
);
3328 if (mono_class_is_nullable (klass
))
3329 type
= &mono_class_get_nullable_param (klass
)->byval_arg
;
3330 stack_push_val (ctx
, TYPE_COMPLEX
| BOXED_MASK
, type
);
3334 do_unbox_value (VerifyContext
*ctx
, int klass_token
)
3337 MonoType
*type
= get_boxable_mono_type (ctx
, klass_token
, "unbox");
3342 if (!check_underflow (ctx
, 1))
3345 if (!mono_class_from_mono_type (type
)->valuetype
)
3346 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid reference type for unbox at 0x%04x", ctx
->ip_offset
));
3348 value
= stack_pop (ctx
);
3350 /*Value should be: a boxed valuetype or a reference type*/
3351 if (!(stack_slot_get_type (value
) == TYPE_COMPLEX
&&
3352 (stack_slot_is_boxed_value (value
) || !mono_class_from_mono_type (value
->type
)->valuetype
)))
3353 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type %s at stack for unbox operation at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3355 set_stack_value (ctx
, value
= stack_push (ctx
), mono_type_get_type_byref (type
), FALSE
);
3356 value
->stype
|= CMMP_MASK
;
3360 do_unbox_any (VerifyContext
*ctx
, int klass_token
)
3363 MonoType
*type
= get_boxable_mono_type (ctx
, klass_token
, "unbox.any");
3368 if (!check_underflow (ctx
, 1))
3371 value
= stack_pop (ctx
);
3373 /*Value should be: a boxed valuetype or a reference type*/
3374 if (!(stack_slot_get_type (value
) == TYPE_COMPLEX
&&
3375 (stack_slot_is_boxed_value (value
) || !mono_class_from_mono_type (value
->type
)->valuetype
)))
3376 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type %s at stack for unbox.any operation at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3378 set_stack_value (ctx
, stack_push (ctx
), type
, FALSE
);
3382 do_unary_math_op (VerifyContext
*ctx
, int op
)
3385 if (!check_underflow (ctx
, 1))
3387 value
= stack_pop (ctx
);
3388 switch (stack_slot_get_type (value
)) {
3391 case TYPE_NATIVE_INT
:
3396 case TYPE_COMPLEX
: /*only enums are ok*/
3397 if (mono_type_is_enum_type (value
->type
))
3400 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type at stack for unary not at 0x%04x", ctx
->ip_offset
));
3402 stack_push_stack_val (ctx
, value
);
3406 do_conversion (VerifyContext
*ctx
, int kind
)
3409 if (!check_underflow (ctx
, 1))
3411 value
= stack_pop (ctx
);
3413 switch (stack_slot_get_type (value
)) {
3416 case TYPE_NATIVE_INT
:
3420 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type (%s) at stack for conversion operation. Numeric type expected at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3425 stack_push_val (ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
3428 stack_push_val (ctx
,TYPE_I8
, &mono_defaults
.int64_class
->byval_arg
);
3431 stack_push_val (ctx
, TYPE_R8
, &mono_defaults
.double_class
->byval_arg
);
3433 case TYPE_NATIVE_INT
:
3434 stack_push_val (ctx
, TYPE_NATIVE_INT
, &mono_defaults
.int_class
->byval_arg
);
3437 g_error ("unknown type %02x in conversion", kind
);
3443 do_load_token (VerifyContext
*ctx
, int token
)
3446 MonoClass
*handle_class
;
3447 if (!check_overflow (ctx
))
3450 if (ctx
->method
->wrapper_type
!= MONO_WRAPPER_NONE
) {
3451 handle
= mono_method_get_wrapper_data (ctx
->method
, token
);
3452 handle_class
= mono_method_get_wrapper_data (ctx
->method
, token
+ 1);
3453 if (handle_class
== mono_defaults
.typehandle_class
)
3454 handle
= &((MonoClass
*)handle
)->byval_arg
;
3456 switch (token
& 0xff000000) {
3457 case MONO_TOKEN_TYPE_DEF
:
3458 case MONO_TOKEN_TYPE_REF
:
3459 case MONO_TOKEN_TYPE_SPEC
:
3460 case MONO_TOKEN_FIELD_DEF
:
3461 case MONO_TOKEN_METHOD_DEF
:
3462 case MONO_TOKEN_METHOD_SPEC
:
3463 case MONO_TOKEN_MEMBER_REF
:
3464 if (!token_bounds_check (ctx
->image
, token
)) {
3465 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Table index out of range 0x%x for token %x for ldtoken at 0x%04x", mono_metadata_token_index (token
), token
, ctx
->ip_offset
));
3470 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid table 0x%x for token 0x%x for ldtoken at 0x%04x", mono_metadata_token_table (token
), token
, ctx
->ip_offset
));
3474 handle
= mono_ldtoken (ctx
->image
, token
, &handle_class
, ctx
->generic_context
);
3478 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid token 0x%x for ldtoken at 0x%04x", token
, ctx
->ip_offset
));
3481 if (handle_class
== mono_defaults
.typehandle_class
) {
3482 mono_type_is_valid_in_context (ctx
, (MonoType
*)handle
);
3483 } else if (handle_class
== mono_defaults
.methodhandle_class
) {
3484 mono_method_is_valid_in_context (ctx
, (MonoMethod
*)handle
);
3485 } else if (handle_class
== mono_defaults
.fieldhandle_class
) {
3486 mono_type_is_valid_in_context (ctx
, &((MonoClassField
*)handle
)->parent
->byval_arg
);
3488 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid ldtoken type %x at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
3490 stack_push_val (ctx
, TYPE_COMPLEX
, mono_class_get_type (handle_class
));
3494 do_ldobj_value (VerifyContext
*ctx
, int token
)
3497 MonoType
*type
= get_boxable_mono_type (ctx
, token
, "ldobj");
3498 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3503 if (!check_underflow (ctx
, 1))
3506 value
= stack_pop (ctx
);
3507 if (!stack_slot_is_managed_pointer (value
)
3508 && stack_slot_get_type (value
) != TYPE_NATIVE_INT
3509 && !(stack_slot_get_type (value
) == TYPE_PTR
&& value
->type
->type
!= MONO_TYPE_FNPTR
)) {
3510 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid argument %s to ldobj at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3514 if (stack_slot_get_type (value
) == TYPE_NATIVE_INT
)
3515 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Using native pointer to ldobj at 0x%04x", ctx
->ip_offset
));
3517 /*We have a byval on the stack, but the comparison must be strict. */
3518 if (!verify_type_compatibility_full (ctx
, type
, mono_type_get_type_byval (value
->type
), TRUE
))
3519 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type at stack for ldojb operation at 0x%04x", ctx
->ip_offset
));
3521 set_stack_value (ctx
, stack_push (ctx
), type
, FALSE
);
3525 do_stobj (VerifyContext
*ctx
, int token
)
3527 ILStackDesc
*dest
, *src
;
3528 MonoType
*type
= get_boxable_mono_type (ctx
, token
, "stobj");
3529 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3534 if (!check_underflow (ctx
, 2))
3537 src
= stack_pop (ctx
);
3538 dest
= stack_pop (ctx
);
3540 if (stack_slot_is_managed_mutability_pointer (dest
))
3541 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer with stobj at 0x%04x", ctx
->ip_offset
));
3543 if (!stack_slot_is_managed_pointer (dest
))
3544 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid destination of stobj operation at 0x%04x", ctx
->ip_offset
));
3546 if (stack_slot_is_boxed_value (src
) && !MONO_TYPE_IS_REFERENCE (src
->type
) && !MONO_TYPE_IS_REFERENCE (type
))
3547 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use stobj with a boxed source value that is not a reference type at 0x%04x", ctx
->ip_offset
));
3549 if (!verify_stack_type_compatibility (ctx
, type
, src
)) {
3550 char *type_name
= mono_type_full_name (type
);
3551 char *src_name
= stack_slot_full_name (src
);
3552 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Token '%s' and source '%s' of stobj don't match ' at 0x%04x", type_name
, src_name
, ctx
->ip_offset
));
3557 if (!verify_type_compatibility (ctx
, mono_type_get_type_byval (dest
->type
), type
))
3558 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Destination and token types of stobj don't match at 0x%04x", ctx
->ip_offset
));
3562 do_cpobj (VerifyContext
*ctx
, int token
)
3564 ILStackDesc
*dest
, *src
;
3565 MonoType
*type
= get_boxable_mono_type (ctx
, token
, "cpobj");
3569 if (!check_underflow (ctx
, 2))
3572 src
= stack_pop (ctx
);
3573 dest
= stack_pop (ctx
);
3575 if (!stack_slot_is_managed_pointer (src
))
3576 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid source of cpobj operation at 0x%04x", ctx
->ip_offset
));
3578 if (!stack_slot_is_managed_pointer (dest
))
3579 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid destination of cpobj operation at 0x%04x", ctx
->ip_offset
));
3581 if (stack_slot_is_managed_mutability_pointer (dest
))
3582 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer with cpobj at 0x%04x", ctx
->ip_offset
));
3584 if (!verify_type_compatibility (ctx
, type
, mono_type_get_type_byval (src
->type
)))
3585 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Token and source types of cpobj don't match at 0x%04x", ctx
->ip_offset
));
3587 if (!verify_type_compatibility (ctx
, mono_type_get_type_byval (dest
->type
), type
))
3588 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Destination and token types of cpobj don't match at 0x%04x", ctx
->ip_offset
));
3592 do_initobj (VerifyContext
*ctx
, int token
)
3595 MonoType
*stack
, *type
= get_boxable_mono_type (ctx
, token
, "initobj");
3599 if (!check_underflow (ctx
, 1))
3602 obj
= stack_pop (ctx
);
3604 if (!stack_slot_is_managed_pointer (obj
))
3605 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid object address for initobj at 0x%04x", ctx
->ip_offset
));
3607 if (stack_slot_is_managed_mutability_pointer (obj
))
3608 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer with initobj at 0x%04x", ctx
->ip_offset
));
3610 stack
= mono_type_get_type_byval (obj
->type
);
3611 if (MONO_TYPE_IS_REFERENCE (stack
)) {
3612 if (!verify_type_compatibility (ctx
, stack
, type
))
3613 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx
->ip_offset
));
3614 else if (IS_STRICT_MODE (ctx
) && !mono_metadata_type_equal (type
, stack
))
3615 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx
->ip_offset
));
3616 } else if (!verify_type_compatibility (ctx
, stack
, type
)) {
3617 char *expected_name
= mono_type_full_name (type
);
3618 char *stack_name
= mono_type_full_name (stack
);
3620 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Initobj %s not compatible with value on stack %s at 0x%04x", expected_name
, stack_name
, ctx
->ip_offset
));
3621 g_free (expected_name
);
3622 g_free (stack_name
);
3627 do_newobj (VerifyContext
*ctx
, int token
)
3631 MonoMethodSignature
*sig
;
3633 gboolean is_delegate
= FALSE
;
3635 if (!(method
= verifier_load_method (ctx
, token
, "newobj")))
3638 if (!mono_method_is_constructor (method
)) {
3639 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Method from token 0x%08x not a constructor at 0x%04x", token
, ctx
->ip_offset
));
3643 if (method
->klass
->flags
& (TYPE_ATTRIBUTE_ABSTRACT
| TYPE_ATTRIBUTE_INTERFACE
))
3644 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Trying to instantiate an abstract or interface type at 0x%04x", ctx
->ip_offset
));
3646 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_method_full (ctx
->method
, method
, NULL
)) {
3647 char *from
= mono_method_full_name (ctx
->method
, TRUE
);
3648 char *to
= mono_method_full_name (method
, TRUE
);
3649 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Constructor %s not visible from %s at 0x%04x", to
, from
, ctx
->ip_offset
), MONO_EXCEPTION_METHOD_ACCESS
);
3654 //FIXME use mono_method_get_signature_full
3655 sig
= mono_method_signature (method
);
3657 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid constructor signature to newobj at 0x%04x", ctx
->ip_offset
));
3661 if (!sig
->hasthis
) {
3662 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid constructor signature missing hasthis at 0x%04x", ctx
->ip_offset
));
3666 if (!check_underflow (ctx
, sig
->param_count
))
3669 is_delegate
= method
->klass
->parent
== mono_defaults
.multicastdelegate_class
;
3672 ILStackDesc
*funptr
;
3673 //first arg is object, second arg is fun ptr
3674 if (sig
->param_count
!= 2) {
3675 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid delegate constructor at 0x%04x", ctx
->ip_offset
));
3678 funptr
= stack_pop (ctx
);
3679 value
= stack_pop (ctx
);
3680 verify_delegate_compatibility (ctx
, method
->klass
, value
, funptr
);
3682 for (i
= sig
->param_count
- 1; i
>= 0; --i
) {
3683 VERIFIER_DEBUG ( printf ("verifying constructor argument %d\n", i
); );
3684 value
= stack_pop (ctx
);
3685 if (!verify_stack_type_compatibility (ctx
, sig
->params
[i
], value
)) {
3686 char *stack_name
= stack_slot_full_name (value
);
3687 char *sig_name
= mono_type_full_name (sig
->params
[i
]);
3688 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Incompatible parameter value with constructor signature: %s X %s at 0x%04x", sig_name
, stack_name
, ctx
->ip_offset
));
3689 g_free (stack_name
);
3693 if (stack_slot_is_managed_mutability_pointer (value
))
3694 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer as argument of newobj at 0x%04x", ctx
->ip_offset
));
3698 if (check_overflow (ctx
))
3699 set_stack_value (ctx
, stack_push (ctx
), &method
->klass
->byval_arg
, FALSE
);
3703 do_cast (VerifyContext
*ctx
, int token
, const char *opcode
) {
3709 if (!check_underflow (ctx
, 1))
3712 if (!(type
= get_boxable_mono_type (ctx
, token
, opcode
)))
3716 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid %s type at 0x%04x", opcode
, ctx
->ip_offset
));
3720 value
= stack_pop (ctx
);
3721 is_boxed
= stack_slot_is_boxed_value (value
);
3723 if (stack_slot_is_managed_pointer (value
))
3724 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode
, ctx
->ip_offset
));
3725 else if (!MONO_TYPE_IS_REFERENCE (value
->type
) && !is_boxed
) {
3726 char *name
= stack_slot_full_name (value
);
3727 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Expected a reference type on stack for %s but found %s at 0x%04x", opcode
, name
, ctx
->ip_offset
));
3731 switch (value
->type
->type
) {
3732 case MONO_TYPE_FNPTR
:
3734 case MONO_TYPE_TYPEDBYREF
:
3735 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode
, ctx
->ip_offset
));
3738 do_box
= is_boxed
|| mono_type_is_generic_argument(type
) || mono_class_from_mono_type (type
)->valuetype
;
3739 stack_push_val (ctx
, TYPE_COMPLEX
| (do_box
? BOXED_MASK
: 0), type
);
3743 mono_type_from_opcode (int opcode
) {
3751 return &mono_defaults
.sbyte_class
->byval_arg
;
3759 return &mono_defaults
.int16_class
->byval_arg
;
3767 return &mono_defaults
.int32_class
->byval_arg
;
3773 return &mono_defaults
.int64_class
->byval_arg
;
3779 return &mono_defaults
.single_class
->byval_arg
;
3785 return &mono_defaults
.double_class
->byval_arg
;
3791 return &mono_defaults
.int_class
->byval_arg
;
3795 case CEE_LDELEM_REF
:
3796 case CEE_STELEM_REF
:
3797 return &mono_defaults
.object_class
->byval_arg
;
3800 g_error ("unknown opcode %02x in mono_type_from_opcode ", opcode
);
3806 do_load_indirect (VerifyContext
*ctx
, int opcode
)
3809 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3811 if (!check_underflow (ctx
, 1))
3814 value
= stack_pop (ctx
);
3815 if (!stack_slot_is_managed_pointer (value
)) {
3816 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Load indirect not using a manager pointer at 0x%04x", ctx
->ip_offset
));
3817 set_stack_value (ctx
, stack_push (ctx
), mono_type_from_opcode (opcode
), FALSE
);
3821 if (opcode
== CEE_LDIND_REF
) {
3822 if (stack_slot_get_underlying_type (value
) != TYPE_COMPLEX
|| mono_class_from_mono_type (value
->type
)->valuetype
)
3823 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type at stack for ldind_ref expected object byref operation at 0x%04x", ctx
->ip_offset
));
3824 set_stack_value (ctx
, stack_push (ctx
), mono_type_get_type_byval (value
->type
), FALSE
);
3826 if (!verify_type_compatibility_full (ctx
, mono_type_from_opcode (opcode
), mono_type_get_type_byval (value
->type
), TRUE
))
3827 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type at stack for ldind 0x%x operation at 0x%04x", opcode
, ctx
->ip_offset
));
3828 set_stack_value (ctx
, stack_push (ctx
), mono_type_from_opcode (opcode
), FALSE
);
3833 do_store_indirect (VerifyContext
*ctx
, int opcode
)
3835 ILStackDesc
*addr
, *val
;
3836 CLEAR_PREFIX (ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
3838 if (!check_underflow (ctx
, 2))
3841 val
= stack_pop (ctx
);
3842 addr
= stack_pop (ctx
);
3844 check_unmanaged_pointer (ctx
, addr
);
3846 if (!stack_slot_is_managed_pointer (addr
) && stack_slot_get_type (addr
) != TYPE_PTR
) {
3847 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid non-pointer argument to stind at 0x%04x", ctx
->ip_offset
));
3851 if (stack_slot_is_managed_mutability_pointer (addr
)) {
3852 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer with stind at 0x%04x", ctx
->ip_offset
));
3856 if (!verify_type_compatibility_full (ctx
, mono_type_from_opcode (opcode
), mono_type_get_type_byval (addr
->type
), TRUE
))
3857 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid addr type at stack for stind 0x%x operation at 0x%04x", opcode
, ctx
->ip_offset
));
3859 if (!verify_stack_type_compatibility (ctx
, mono_type_from_opcode (opcode
), val
))
3860 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid value type at stack for stind 0x%x operation at 0x%04x", opcode
, ctx
->ip_offset
));
3864 do_newarr (VerifyContext
*ctx
, int token
)
3867 MonoType
*type
= get_boxable_mono_type (ctx
, token
, "newarr");
3872 if (!check_underflow (ctx
, 1))
3875 value
= stack_pop (ctx
);
3876 if (stack_slot_get_type (value
) != TYPE_I4
&& stack_slot_get_type (value
) != TYPE_NATIVE_INT
)
3877 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Array size type on stack (%s) is not a verifiable type at 0x%04x", stack_slot_get_name (value
), ctx
->ip_offset
));
3879 set_stack_value (ctx
, stack_push (ctx
), mono_class_get_type (mono_array_class_get (mono_class_from_mono_type (type
), 1)), FALSE
);
3882 /*FIXME handle arrays that are not 0-indexed*/
3884 do_ldlen (VerifyContext
*ctx
)
3888 if (!check_underflow (ctx
, 1))
3891 value
= stack_pop (ctx
);
3893 if (stack_slot_get_type (value
) != TYPE_COMPLEX
|| value
->type
->type
!= MONO_TYPE_SZARRAY
)
3894 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type for ldlen at 0x%04x", ctx
->ip_offset
));
3896 stack_push_val (ctx
, TYPE_NATIVE_INT
, &mono_defaults
.int_class
->byval_arg
);
3899 /*FIXME handle arrays that are not 0-indexed*/
3900 /*FIXME handle readonly prefix and CMMP*/
3902 do_ldelema (VerifyContext
*ctx
, int klass_token
)
3904 ILStackDesc
*index
, *array
, *res
;
3905 MonoType
*type
= get_boxable_mono_type (ctx
, klass_token
, "ldelema");
3911 if (!check_underflow (ctx
, 2))
3914 index
= stack_pop (ctx
);
3915 array
= stack_pop (ctx
);
3917 if (stack_slot_get_type (index
) != TYPE_I4
&& stack_slot_get_type (index
) != TYPE_NATIVE_INT
)
3918 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Index type(%s) for ldelema is not an int or a native int at 0x%04x", stack_slot_get_name (index
), ctx
->ip_offset
));
3920 if (!stack_slot_is_null_literal (array
)) {
3921 if (stack_slot_get_type (array
) != TYPE_COMPLEX
|| array
->type
->type
!= MONO_TYPE_SZARRAY
)
3922 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type(%s) for ldelema at 0x%04x", stack_slot_get_name (array
), ctx
->ip_offset
));
3924 if (get_stack_type (type
) == TYPE_I4
|| get_stack_type (type
) == TYPE_NATIVE_INT
) {
3925 valid
= verify_type_compatibility_full (ctx
, type
, &array
->type
->data
.klass
->byval_arg
, TRUE
);
3927 valid
= mono_metadata_type_equal (type
, &array
->type
->data
.klass
->byval_arg
);
3930 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type on stack for ldelema at 0x%04x", ctx
->ip_offset
));
3934 res
= stack_push (ctx
);
3935 set_stack_value (ctx
, res
, type
, TRUE
);
3936 if (ctx
->prefix_set
& PREFIX_READONLY
) {
3937 ctx
->prefix_set
&= ~PREFIX_READONLY
;
3938 res
->stype
|= CMMP_MASK
;
3943 * FIXME handle arrays that are not 0-indexed
3944 * FIXME handle readonly prefix and CMMP
3947 do_ldelem (VerifyContext
*ctx
, int opcode
, int token
)
3949 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
3950 ILStackDesc
*index
, *array
;
3952 if (!check_underflow (ctx
, 2))
3955 if (opcode
== CEE_LDELEM
) {
3956 if (!(type
= verifier_load_type (ctx
, token
, "ldelem.any"))) {
3957 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token
, ctx
->ip_offset
));
3961 type
= mono_type_from_opcode (opcode
);
3964 index
= stack_pop (ctx
);
3965 array
= stack_pop (ctx
);
3967 if (stack_slot_get_type (index
) != TYPE_I4
&& stack_slot_get_type (index
) != TYPE_NATIVE_INT
)
3968 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Index type(%s) for ldelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index
), ctx
->ip_offset
));
3970 if (!stack_slot_is_null_literal (array
)) {
3971 if (stack_slot_get_type (array
) != TYPE_COMPLEX
|| array
->type
->type
!= MONO_TYPE_SZARRAY
)
3972 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type(%s) for ldelem.X at 0x%04x", stack_slot_get_name (array
), ctx
->ip_offset
));
3974 if (opcode
== CEE_LDELEM_REF
) {
3975 if (array
->type
->data
.klass
->valuetype
)
3976 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type is not a reference type for ldelem.ref 0x%04x", ctx
->ip_offset
));
3977 type
= &array
->type
->data
.klass
->byval_arg
;
3979 MonoType
*candidate
= &array
->type
->data
.klass
->byval_arg
;
3980 if (IS_STRICT_MODE (ctx
)) {
3981 MonoType
*underlying_type
= mono_type_get_underlying_type_any (type
);
3982 MonoType
*underlying_candidate
= mono_type_get_underlying_type_any (candidate
);
3983 if ((IS_ONE_OF2 (underlying_type
->type
, MONO_TYPE_I4
, MONO_TYPE_U4
) && IS_ONE_OF2 (underlying_candidate
->type
, MONO_TYPE_I
, MONO_TYPE_U
)) ||
3984 (IS_ONE_OF2 (underlying_candidate
->type
, MONO_TYPE_I4
, MONO_TYPE_U4
) && IS_ONE_OF2 (underlying_type
->type
, MONO_TYPE_I
, MONO_TYPE_U
)))
3985 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx
->ip_offset
));
3987 if (!verify_type_compatibility_full (ctx
, type
, candidate
, TRUE
))
3988 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx
->ip_offset
));
3993 set_stack_value (ctx
, stack_push (ctx
), type
, FALSE
);
3998 * FIXME handle arrays that are not 0-indexed
4001 do_stelem (VerifyContext
*ctx
, int opcode
, int token
)
4003 ILStackDesc
*index
, *array
, *value
;
4005 if (!check_underflow (ctx
, 3))
4008 if (opcode
== CEE_STELEM
) {
4009 if (!(type
= verifier_load_type (ctx
, token
, "stelem.any"))) {
4010 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token
, ctx
->ip_offset
));
4014 type
= mono_type_from_opcode (opcode
);
4017 value
= stack_pop (ctx
);
4018 index
= stack_pop (ctx
);
4019 array
= stack_pop (ctx
);
4021 if (stack_slot_get_type (index
) != TYPE_I4
&& stack_slot_get_type (index
) != TYPE_NATIVE_INT
)
4022 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Index type(%s) for stdelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index
), ctx
->ip_offset
));
4024 if (!stack_slot_is_null_literal (array
)) {
4025 if (stack_slot_get_type (array
) != TYPE_COMPLEX
|| array
->type
->type
!= MONO_TYPE_SZARRAY
) {
4026 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type(%s) for stelem.X at 0x%04x", stack_slot_get_name (array
), ctx
->ip_offset
));
4028 if (opcode
== CEE_STELEM_REF
) {
4029 if (array
->type
->data
.klass
->valuetype
)
4030 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type is not a reference type for stelem.ref 0x%04x", ctx
->ip_offset
));
4031 } else if (!verify_type_compatibility_full (ctx
, &array
->type
->data
.klass
->byval_arg
, type
, TRUE
)) {
4032 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid array type on stack for stdelem.X at 0x%04x", ctx
->ip_offset
));
4036 if (opcode
== CEE_STELEM_REF
) {
4037 if (!stack_slot_is_boxed_value (value
) && mono_class_from_mono_type (value
->type
)->valuetype
)
4038 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid value is not a reference type for stelem.ref 0x%04x", ctx
->ip_offset
));
4039 } else if (opcode
!= CEE_STELEM_REF
) {
4040 if (!verify_stack_type_compatibility (ctx
, type
, value
))
4041 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid value on stack for stdelem.X at 0x%04x", ctx
->ip_offset
));
4043 if (stack_slot_is_boxed_value (value
) && !MONO_TYPE_IS_REFERENCE (value
->type
) && !MONO_TYPE_IS_REFERENCE (type
))
4044 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use stobj with a boxed source value that is not a reference type at 0x%04x", ctx
->ip_offset
));
4050 do_throw (VerifyContext
*ctx
)
4052 ILStackDesc
*exception
;
4053 if (!check_underflow (ctx
, 1))
4055 exception
= stack_pop (ctx
);
4057 if (!stack_slot_is_null_literal (exception
) && !(stack_slot_get_type (exception
) == TYPE_COMPLEX
&& !mono_class_from_mono_type (exception
->type
)->valuetype
))
4058 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type on stack for throw, expected reference type at 0x%04x", ctx
->ip_offset
));
4060 if (mono_type_is_generic_argument (exception
->type
) && !stack_slot_is_boxed_value (exception
)) {
4061 char *name
= mono_type_full_name (exception
->type
);
4062 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid type on stack for throw, expected reference type but found unboxed %s at 0x%04x ", name
, ctx
->ip_offset
));
4065 /*The stack is left empty after a throw*/
4071 do_endfilter (VerifyContext
*ctx
)
4073 MonoExceptionClause
*clause
;
4075 if (IS_STRICT_MODE (ctx
)) {
4076 if (ctx
->eval
.size
!= 1)
4077 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Stack size must have one item for endfilter at 0x%04x", ctx
->ip_offset
));
4079 if (ctx
->eval
.size
>= 1 && stack_slot_get_type (stack_pop (ctx
)) != TYPE_I4
)
4080 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Stack item type is not an int32 for endfilter at 0x%04x", ctx
->ip_offset
));
4083 if ((clause
= is_correct_endfilter (ctx
, ctx
->ip_offset
))) {
4084 if (IS_STRICT_MODE (ctx
)) {
4085 if (ctx
->ip_offset
!= clause
->handler_offset
- 2)
4086 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx
->ip_offset
));
4088 if ((ctx
->ip_offset
!= clause
->handler_offset
- 2) && !MONO_OFFSET_IN_HANDLER (clause
, ctx
->ip_offset
))
4089 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx
->ip_offset
));
4092 if (IS_STRICT_MODE (ctx
) && !is_unverifiable_endfilter (ctx
, ctx
->ip_offset
))
4093 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx
->ip_offset
));
4095 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx
->ip_offset
));
4102 do_leave (VerifyContext
*ctx
, int delta
)
4104 int target
= ((gint32
)ctx
->ip_offset
) + delta
;
4105 if (target
>= ctx
->code_size
|| target
< 0)
4106 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Branch target out of code at 0x%04x", ctx
->ip_offset
));
4108 if (!is_correct_leave (ctx
->header
, ctx
->ip_offset
, target
))
4109 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Leave not allowed in finally block at 0x%04x", ctx
->ip_offset
));
4111 ctx
->target
= target
;
4117 * Verify br and br.s opcodes.
4120 do_static_branch (VerifyContext
*ctx
, int delta
)
4122 int target
= ctx
->ip_offset
+ delta
;
4123 if (target
< 0 || target
>= ctx
->code_size
) {
4124 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("branch target out of code at 0x%04x", ctx
->ip_offset
));
4128 switch (is_valid_branch_instruction (ctx
->header
, ctx
->ip_offset
, target
)) {
4130 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
4133 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx
->ip_offset
));
4137 ctx
->target
= target
;
4141 do_switch (VerifyContext
*ctx
, int count
, const unsigned char *data
)
4143 int i
, base
= ctx
->ip_offset
+ 5 + count
* 4;
4146 if (!check_underflow (ctx
, 1))
4149 value
= stack_pop (ctx
);
4151 if (stack_slot_get_type (value
) != TYPE_I4
&& stack_slot_get_type (value
) != TYPE_NATIVE_INT
)
4152 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid argument to switch at 0x%04x", ctx
->ip_offset
));
4154 for (i
= 0; i
< count
; ++i
) {
4155 int target
= base
+ read32 (data
+ i
* 4);
4157 if (target
< 0 || target
>= ctx
->code_size
) {
4158 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Switch target %x out of code at 0x%04x", i
, ctx
->ip_offset
));
4162 switch (is_valid_branch_instruction (ctx
->header
, ctx
->ip_offset
, target
)) {
4164 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i
, ctx
->ip_offset
));
4167 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i
, ctx
->ip_offset
));
4170 merge_stacks (ctx
, &ctx
->eval
, &ctx
->code
[target
], FALSE
, TRUE
);
4175 do_load_function_ptr (VerifyContext
*ctx
, guint32 token
, gboolean
virtual)
4180 if (virtual && !check_underflow (ctx
, 1))
4183 if (!virtual && !check_overflow (ctx
))
4186 if (ctx
->method
->wrapper_type
!= MONO_WRAPPER_NONE
) {
4187 method
= mono_method_get_wrapper_data (ctx
->method
, (guint32
)token
);
4189 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid token %x for ldftn at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
4193 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token
) || !token_bounds_check (ctx
->image
, token
)) {
4194 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid token %x for ldftn at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
4198 if (!(method
= verifier_load_method (ctx
, token
, virtual ? "ldvirtfrn" : "ldftn")))
4202 if (mono_method_is_constructor (method
))
4203 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use ldftn with a constructor at 0x%04x", ctx
->ip_offset
));
4206 ILStackDesc
*top
= stack_pop (ctx
);
4208 if (stack_slot_get_type (top
) != TYPE_COMPLEX
|| top
->type
->type
== MONO_TYPE_VALUETYPE
)
4209 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Invalid argument to ldvirtftn at 0x%04x", ctx
->ip_offset
));
4211 if (method
->flags
& METHOD_ATTRIBUTE_STATIC
)
4212 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use ldvirtftn with a constructor at 0x%04x", ctx
->ip_offset
));
4214 if (!verify_stack_type_compatibility (ctx
, &method
->klass
->byval_arg
, top
))
4215 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Unexpected object for ldvirtftn at 0x%04x", ctx
->ip_offset
));
4218 if (!IS_SKIP_VISIBILITY (ctx
) && !mono_method_can_access_method_full (ctx
->method
, method
, NULL
))
4219 CODE_NOT_VERIFIABLE2 (ctx
, g_strdup_printf ("Loaded method is not visible for ldftn/ldvirtftn at 0x%04x", ctx
->ip_offset
), MONO_EXCEPTION_METHOD_ACCESS
);
4221 top
= stack_push_val(ctx
, TYPE_PTR
, mono_type_create_fnptr_from_mono_method (ctx
, method
));
4222 top
->method
= method
;
4226 do_sizeof (VerifyContext
*ctx
, int token
)
4230 if (!(type
= verifier_load_type (ctx
, token
, "sizeof")))
4233 if (type
->byref
&& type
->type
!= MONO_TYPE_TYPEDBYREF
) {
4234 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid use of byref type at 0x%04x", ctx
->ip_offset
));
4238 if (type
->type
== MONO_TYPE_VOID
) {
4239 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Invalid use of void type at 0x%04x", ctx
->ip_offset
));
4243 if (check_overflow (ctx
))
4244 set_stack_value (ctx
, stack_push (ctx
), &mono_defaults
.uint32_class
->byval_arg
, FALSE
);
4247 /* Stack top can be of any type, the runtime doesn't care and treat everything as an int. */
4249 do_localloc (VerifyContext
*ctx
)
4253 if (ctx
->eval
.size
!= 1) {
4254 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx
->ip_offset
));
4258 if (in_any_exception_block (ctx
->header
, ctx
->ip_offset
)) {
4259 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx
->ip_offset
));
4263 /*TODO verify top type*/
4264 top
= stack_pop (ctx
);
4266 set_stack_value (ctx
, stack_push (ctx
), &mono_defaults
.int_class
->byval_arg
, FALSE
);
4267 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Instruction localloc in never verifiable at 0x%04x", ctx
->ip_offset
));
4271 do_ldstr (VerifyContext
*ctx
, guint32 token
)
4273 GSList
*error
= NULL
;
4274 if (ctx
->method
->wrapper_type
== MONO_WRAPPER_NONE
&& !ctx
->image
->dynamic
) {
4275 if (mono_metadata_token_code (token
) != MONO_TOKEN_STRING
) {
4276 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid string token %x at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
4280 if (!mono_verifier_verify_string_signature (ctx
->image
, mono_metadata_token_index (token
), &error
)) {
4282 ctx
->list
= g_slist_concat (ctx
->list
, error
);
4283 ADD_VERIFY_ERROR2 (ctx
, g_strdup_printf ("Invalid string index %x at 0x%04x", token
, ctx
->ip_offset
), MONO_EXCEPTION_BAD_IMAGE
);
4288 if (check_overflow (ctx
))
4289 stack_push_val (ctx
, TYPE_COMPLEX
, &mono_defaults
.string_class
->byval_arg
);
4293 do_refanyval (VerifyContext
*ctx
, int token
)
4297 if (!check_underflow (ctx
, 1))
4300 if (!(type
= get_boxable_mono_type (ctx
, token
, "refanyval")))
4303 top
= stack_pop (ctx
);
4305 if (top
->stype
!= TYPE_PTR
|| top
->type
->type
!= MONO_TYPE_TYPEDBYREF
)
4306 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Expected a typedref as argument for refanyval, but found %s at 0x%04x", stack_slot_get_name (top
), ctx
->ip_offset
));
4308 set_stack_value (ctx
, stack_push (ctx
), type
, TRUE
);
4312 do_refanytype (VerifyContext
*ctx
)
4316 if (!check_underflow (ctx
, 1))
4319 top
= stack_pop (ctx
);
4321 if (top
->stype
!= TYPE_PTR
|| top
->type
->type
!= MONO_TYPE_TYPEDBYREF
)
4322 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Expected a typedref as argument for refanytype, but found %s at 0x%04x", stack_slot_get_name (top
), ctx
->ip_offset
));
4324 set_stack_value (ctx
, stack_push (ctx
), &mono_defaults
.typehandle_class
->byval_arg
, FALSE
);
4329 do_mkrefany (VerifyContext
*ctx
, int token
)
4333 if (!check_underflow (ctx
, 1))
4336 if (!(type
= get_boxable_mono_type (ctx
, token
, "refanyval")))
4339 top
= stack_pop (ctx
);
4341 if (stack_slot_is_managed_mutability_pointer (top
))
4342 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot use a readonly pointer with mkrefany at 0x%04x", ctx
->ip_offset
));
4344 if (!stack_slot_is_managed_pointer (top
)) {
4345 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Expected a managed pointer for mkrefany, but found %s at 0x%04x", stack_slot_get_name (top
), ctx
->ip_offset
));
4347 MonoType
*stack_type
= mono_type_get_type_byval (top
->type
);
4348 if (MONO_TYPE_IS_REFERENCE (type
) && !mono_metadata_type_equal (type
, stack_type
))
4349 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx
->ip_offset
));
4351 if (!MONO_TYPE_IS_REFERENCE (type
) && !verify_type_compatibility_full (ctx
, type
, stack_type
, TRUE
))
4352 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx
->ip_offset
));
4355 set_stack_value (ctx
, stack_push (ctx
), &mono_defaults
.typed_reference_class
->byval_arg
, FALSE
);
4359 do_ckfinite (VerifyContext
*ctx
)
4362 if (!check_underflow (ctx
, 1))
4365 top
= stack_pop (ctx
);
4367 if (stack_slot_get_underlying_type (top
) != TYPE_R8
)
4368 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Expected float32 or float64 on stack for ckfinit but found %s at 0x%04x", stack_slot_get_name (top
), ctx
->ip_offset
));
4369 stack_push_stack_val (ctx
, top
);
4373 * Merge the stacks and perform compat checks. The merge check if types of @from are mergeable with type of @to
4375 * @from holds new values for a given control path
4376 * @to holds the current values of a given control path
4378 * TODO we can eliminate the from argument as all callers pass &ctx->eval
4381 merge_stacks (VerifyContext
*ctx
, ILCodeDesc
*from
, ILCodeDesc
*to
, gboolean start
, gboolean external
)
4385 stack_init (ctx
, to
);
4388 if (to
->flags
== IL_CODE_FLAG_NOT_PROCESSED
)
4391 stack_copy (&ctx
->eval
, to
);
4393 } else if (!(to
->flags
& IL_CODE_STACK_MERGED
)) {
4394 stack_copy (to
, &ctx
->eval
);
4397 VERIFIER_DEBUG ( printf ("performing stack merge %d x %d\n", from
->size
, to
->size
); );
4399 if (from
->size
!= to
->size
) {
4400 VERIFIER_DEBUG ( printf ("different stack sizes %d x %d at 0x%04x\n", from
->size
, to
->size
, ctx
->ip_offset
); );
4401 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Could not merge stacks, different sizes (%d x %d) at 0x%04x", from
->size
, to
->size
, ctx
->ip_offset
));
4405 //FIXME we need to preserve CMMP attributes
4406 //FIXME we must take null literals into consideration.
4407 for (i
= 0; i
< from
->size
; ++i
) {
4408 ILStackDesc
*new_slot
= from
->stack
+ i
;
4409 ILStackDesc
*old_slot
= to
->stack
+ i
;
4410 MonoType
*new_type
= mono_type_from_stack_slot (new_slot
);
4411 MonoType
*old_type
= mono_type_from_stack_slot (old_slot
);
4412 MonoClass
*old_class
= mono_class_from_mono_type (old_type
);
4413 MonoClass
*new_class
= mono_class_from_mono_type (new_type
);
4414 MonoClass
*match_class
= NULL
;
4416 // S := T then U = S (new value is compatible with current value, keep current)
4417 if (verify_stack_type_compatibility (ctx
, old_type
, new_slot
)) {
4418 copy_stack_value (new_slot
, old_slot
);
4422 // T := S then U = T (old value is compatible with current value, use new)
4423 if (verify_stack_type_compatibility (ctx
, new_type
, old_slot
)) {
4424 copy_stack_value (old_slot
, new_slot
);
4428 if (mono_type_is_generic_argument (old_type
) || mono_type_is_generic_argument (new_type
)) {
4429 char *old_name
= stack_slot_full_name (old_slot
);
4430 char *new_name
= stack_slot_full_name (new_slot
);
4431 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Could not merge stack at depth %d, types not compatible: %s X %s at 0x%04x", i
, old_name
, new_name
, ctx
->ip_offset
));
4437 //both are reference types, use closest common super type
4438 if (!mono_class_from_mono_type (old_type
)->valuetype
4439 && !mono_class_from_mono_type (new_type
)->valuetype
4440 && !stack_slot_is_managed_pointer (old_slot
)
4441 && !stack_slot_is_managed_pointer (new_slot
)) {
4443 mono_class_setup_supertypes (old_class
);
4444 mono_class_setup_supertypes (new_class
);
4446 for (j
= MIN (old_class
->idepth
, new_class
->idepth
) - 1; j
> 0; --j
) {
4447 if (mono_metadata_type_equal (&old_class
->supertypes
[j
]->byval_arg
, &new_class
->supertypes
[j
]->byval_arg
)) {
4448 match_class
= old_class
->supertypes
[j
];
4453 mono_class_setup_interfaces (old_class
, &error
);
4454 if (!mono_error_ok (&error
)) {
4455 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Cannot merge stacks due to a TypeLoadException %s at 0x%04x", mono_error_get_message (&error
), ctx
->ip_offset
));
4456 mono_error_cleanup (&error
);
4459 for (j
= 0; j
< old_class
->interface_count
; ++j
) {
4460 for (k
= 0; k
< new_class
->interface_count
; ++k
) {
4461 if (mono_metadata_type_equal (&old_class
->interfaces
[j
]->byval_arg
, &new_class
->interfaces
[k
]->byval_arg
)) {
4462 match_class
= old_class
->interfaces
[j
];
4468 //No decent super type found, use object
4469 match_class
= mono_defaults
.object_class
;
4471 } else if (is_compatible_boxed_valuetype (ctx
,old_type
, new_type
, new_slot
, FALSE
) || is_compatible_boxed_valuetype (ctx
, new_type
, old_type
, old_slot
, FALSE
)) {
4472 match_class
= mono_defaults
.object_class
;
4477 char *old_name
= stack_slot_full_name (old_slot
);
4478 char *new_name
= stack_slot_full_name (new_slot
);
4479 CODE_NOT_VERIFIABLE (ctx
, g_strdup_printf ("Could not merge stack at depth %d, types not compatible: %s X %s at 0x%04x", i
, old_name
, new_name
, ctx
->ip_offset
));
4483 set_stack_value (ctx
, old_slot
, &new_class
->byval_arg
, stack_slot_is_managed_pointer (old_slot
));
4487 g_assert (match_class
);
4488 set_stack_value (ctx
, old_slot
, &match_class
->byval_arg
, stack_slot_is_managed_pointer (old_slot
));
4489 set_stack_value (ctx
, new_slot
, &match_class
->byval_arg
, stack_slot_is_managed_pointer (old_slot
));
4495 to
->flags
|= IL_CODE_FLAG_WAS_TARGET
;
4496 to
->flags
|= IL_CODE_STACK_MERGED
;
4499 #define HANDLER_START(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER ? (clause)->data.filter_offset : clause->handler_offset)
4500 #define IS_CATCH_OR_FILTER(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER || (clause)->flags == MONO_EXCEPTION_CLAUSE_NONE)
4503 * is_clause_in_range :
4505 * Returns TRUE if either the protected block or the handler of @clause is in the @start - @end range.
4508 is_clause_in_range (MonoExceptionClause
*clause
, guint32 start
, guint32 end
)
4510 if (clause
->try_offset
>= start
&& clause
->try_offset
< end
)
4512 if (HANDLER_START (clause
) >= start
&& HANDLER_START (clause
) < end
)
4518 * is_clause_inside_range :
4520 * Returns TRUE if @clause lies completely inside the @start - @end range.
4523 is_clause_inside_range (MonoExceptionClause
*clause
, guint32 start
, guint32 end
)
4525 if (clause
->try_offset
< start
|| (clause
->try_offset
+ clause
->try_len
) > end
)
4527 if (HANDLER_START (clause
) < start
|| (clause
->handler_offset
+ clause
->handler_len
) > end
)
4533 * is_clause_nested :
4535 * Returns TRUE if @nested is nested in @clause.
4538 is_clause_nested (MonoExceptionClause
*clause
, MonoExceptionClause
*nested
)
4540 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
&& is_clause_inside_range (nested
, clause
->data
.filter_offset
, clause
->handler_offset
))
4542 return is_clause_inside_range (nested
, clause
->try_offset
, clause
->try_offset
+ clause
->try_len
) ||
4543 is_clause_inside_range (nested
, clause
->handler_offset
, clause
->handler_offset
+ clause
->handler_len
);
4546 /* Test the relationship between 2 exception clauses. Follow P.1 12.4.2.7 of ECMA
4547 * the each pair of exception must have the following properties:
4548 * - one is fully nested on another (the outer must not be a filter clause) (the nested one must come earlier)
4549 * - completely disjoin (none of the 3 regions of each entry overlap with the other 3)
4550 * - mutual protection (protected block is EXACT the same, handlers are disjoin and all handler are catch or all handler are filter)
4553 verify_clause_relationship (VerifyContext
*ctx
, MonoExceptionClause
*clause
, MonoExceptionClause
*to_test
)
4555 /*clause is nested*/
4556 if (to_test
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
&& is_clause_inside_range (clause
, to_test
->data
.filter_offset
, to_test
->handler_offset
)) {
4557 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Exception clause inside filter"));
4561 /*wrong nesting order.*/
4562 if (is_clause_nested (clause
, to_test
)) {
4563 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Nested exception clause appears after enclosing clause"));
4567 /*mutual protection*/
4568 if (clause
->try_offset
== to_test
->try_offset
&& clause
->try_len
== to_test
->try_len
) {
4569 /*handlers are not disjoint*/
4570 if (is_clause_in_range (to_test
, HANDLER_START (clause
), clause
->handler_offset
+ clause
->handler_len
)) {
4571 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Exception handlers overlap"));
4574 /* handlers are not catch or filter */
4575 if (!IS_CATCH_OR_FILTER (clause
) || !IS_CATCH_OR_FILTER (to_test
)) {
4576 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Exception clauses with shared protected block are neither catch or filter"));
4583 /*not completelly disjoint*/
4584 if ((is_clause_in_range (to_test
, clause
->try_offset
, clause
->try_offset
+ clause
->try_len
) ||
4585 is_clause_in_range (to_test
, HANDLER_START (clause
), clause
->handler_offset
+ clause
->handler_len
)) && !is_clause_nested (to_test
, clause
))
4586 ADD_VERIFY_ERROR (ctx
, g_strdup_printf ("Exception clauses overlap"));
4589 #define code_bounds_check(size) \
4590 if (ADDP_IS_GREATER_OR_OVF (ip, size, end)) {\
4591 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Code overrun starting with 0x%x at 0x%04x", *ip, ctx.ip_offset)); \
4596 mono_opcode_is_prefix (int op
)
4599 case MONO_CEE_UNALIGNED_
:
4600 case MONO_CEE_VOLATILE_
:
4601 case MONO_CEE_TAIL_
:
4602 case MONO_CEE_CONSTRAINED_
:
4603 case MONO_CEE_READONLY_
:
4610 * FIXME: need to distinguish between valid and verifiable.
4611 * Need to keep track of types on the stack.
4612 * Verify types for opcodes.
4615 mono_method_verify (MonoMethod
*method
, int level
)
4618 const unsigned char *ip
, *code_start
;
4619 const unsigned char *end
;
4620 MonoSimpleBasicBlock
*bb
= NULL
, *original_bb
= NULL
;
4622 int i
, n
, need_merge
= 0, start
= 0;
4623 guint token
, ip_offset
= 0, prefix
= 0;
4624 MonoGenericContext
*generic_context
= NULL
;
4628 VERIFIER_DEBUG ( printf ("Verify IL for method %s %s %s\n", method
->klass
->name_space
, method
->klass
->name
, method
->name
); );
4630 init_verifier_stats ();
4632 if (method
->iflags
& (METHOD_IMPL_ATTRIBUTE_INTERNAL_CALL
| METHOD_IMPL_ATTRIBUTE_RUNTIME
) ||
4633 (method
->flags
& (METHOD_ATTRIBUTE_PINVOKE_IMPL
| METHOD_ATTRIBUTE_ABSTRACT
))) {
4637 memset (&ctx
, 0, sizeof (VerifyContext
));
4639 //FIXME use mono_method_get_signature_full
4640 ctx
.signature
= mono_method_signature (method
);
4641 if (!ctx
.signature
) {
4642 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Could not decode method signature"));
4644 finish_collect_stats ();
4647 if (!method
->is_generic
&& !method
->klass
->is_generic
&& ctx
.signature
->has_type_parameters
) {
4648 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Method and signature don't match in terms of genericity"));
4649 finish_collect_stats ();
4653 ctx
.header
= mono_method_get_header (method
);
4655 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Could not decode method header"));
4656 finish_collect_stats ();
4659 ctx
.method
= method
;
4660 code_start
= ip
= ctx
.header
->code
;
4661 end
= ip
+ ctx
.header
->code_size
;
4662 ctx
.image
= image
= method
->klass
->image
;
4665 ctx
.max_args
= ctx
.signature
->param_count
+ ctx
.signature
->hasthis
;
4666 ctx
.max_stack
= ctx
.header
->max_stack
;
4667 ctx
.verifiable
= ctx
.valid
= 1;
4670 ctx
.code
= g_new (ILCodeDesc
, ctx
.header
->code_size
);
4671 ctx
.code_size
= ctx
.header
->code_size
;
4672 MEM_ALLOC (sizeof (ILCodeDesc
) * ctx
.header
->code_size
);
4674 memset(ctx
.code
, 0, sizeof (ILCodeDesc
) * ctx
.header
->code_size
);
4676 ctx
.num_locals
= ctx
.header
->num_locals
;
4677 ctx
.locals
= g_memdup (ctx
.header
->locals
, sizeof (MonoType
*) * ctx
.header
->num_locals
);
4678 MEM_ALLOC (sizeof (MonoType
*) * ctx
.header
->num_locals
);
4680 if (ctx
.num_locals
> 0 && !ctx
.header
->init_locals
)
4681 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Method with locals variable but without init locals set"));
4683 ctx
.params
= g_new (MonoType
*, ctx
.max_args
);
4684 MEM_ALLOC (sizeof (MonoType
*) * ctx
.max_args
);
4686 if (ctx
.signature
->hasthis
)
4687 ctx
.params
[0] = method
->klass
->valuetype
? &method
->klass
->this_arg
: &method
->klass
->byval_arg
;
4688 memcpy (ctx
.params
+ ctx
.signature
->hasthis
, ctx
.signature
->params
, sizeof (MonoType
*) * ctx
.signature
->param_count
);
4690 if (ctx
.signature
->is_inflated
)
4691 ctx
.generic_context
= generic_context
= mono_method_get_context (method
);
4693 if (!generic_context
&& (method
->klass
->generic_container
|| method
->is_generic
)) {
4694 if (method
->is_generic
)
4695 ctx
.generic_context
= generic_context
= &(mono_method_get_generic_container (method
)->context
);
4697 ctx
.generic_context
= generic_context
= &method
->klass
->generic_container
->context
;
4700 for (i
= 0; i
< ctx
.num_locals
; ++i
) {
4701 MonoType
*uninflated
= ctx
.locals
[i
];
4702 ctx
.locals
[i
] = mono_class_inflate_generic_type_checked (ctx
.locals
[i
], ctx
.generic_context
, &error
);
4703 if (!mono_error_ok (&error
)) {
4704 char *name
= mono_type_full_name (ctx
.locals
[i
] ? ctx
.locals
[i
] : uninflated
);
4705 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid local %d of type %s", i
, name
));
4707 mono_error_cleanup (&error
);
4708 /* we must not free (in cleanup) what was not yet allocated (but only copied) */
4714 for (i
= 0; i
< ctx
.max_args
; ++i
) {
4715 MonoType
*uninflated
= ctx
.params
[i
];
4716 ctx
.params
[i
] = mono_class_inflate_generic_type_checked (ctx
.params
[i
], ctx
.generic_context
, &error
);
4717 if (!mono_error_ok (&error
)) {
4718 char *name
= mono_type_full_name (ctx
.params
[i
] ? ctx
.params
[i
] : uninflated
);
4719 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid parameter %d of type %s", i
, name
));
4721 mono_error_cleanup (&error
);
4722 /* we must not free (in cleanup) what was not yet allocated (but only copied) */
4727 stack_init (&ctx
, &ctx
.eval
);
4729 for (i
= 0; i
< ctx
.num_locals
; ++i
) {
4730 if (!mono_type_is_valid_in_context (&ctx
, ctx
.locals
[i
]))
4732 if (get_stack_type (ctx
.locals
[i
]) == TYPE_INV
) {
4733 char *name
= mono_type_full_name (ctx
.locals
[i
]);
4734 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid local %i of type %s", i
, name
));
4741 for (i
= 0; i
< ctx
.max_args
; ++i
) {
4742 if (!mono_type_is_valid_in_context (&ctx
, ctx
.params
[i
]))
4745 if (get_stack_type (ctx
.params
[i
]) == TYPE_INV
) {
4746 char *name
= mono_type_full_name (ctx
.params
[i
]);
4747 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid parameter %i of type %s", i
, name
));
4756 for (i
= 0; i
< ctx
.header
->num_clauses
&& ctx
.valid
; ++i
) {
4757 MonoExceptionClause
*clause
= ctx
.header
->clauses
+ i
;
4758 VERIFIER_DEBUG (printf ("clause try %x len %x filter at %x handler at %x len %x\n", clause
->try_offset
, clause
->try_len
, clause
->data
.filter_offset
, clause
->handler_offset
, clause
->handler_len
); );
4760 if (clause
->try_offset
> ctx
.code_size
|| ADD_IS_GREATER_OR_OVF (clause
->try_offset
, clause
->try_len
, ctx
.code_size
))
4761 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("try clause out of bounds at 0x%04x", clause
->try_offset
));
4763 if (clause
->try_len
<= 0)
4764 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause
->try_offset
));
4766 if (clause
->handler_offset
> ctx
.code_size
|| ADD_IS_GREATER_OR_OVF (clause
->handler_offset
, clause
->handler_len
, ctx
.code_size
))
4767 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("handler clause out of bounds at 0x%04x", clause
->try_offset
));
4769 if (clause
->handler_len
<= 0)
4770 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("handler clause len <= 0 at 0x%04x", clause
->try_offset
));
4772 if (clause
->try_offset
< clause
->handler_offset
&& ADD_IS_GREATER_OR_OVF (clause
->try_offset
, clause
->try_len
, HANDLER_START (clause
)))
4773 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("try block (at 0x%04x) includes handler block (at 0x%04x)", clause
->try_offset
, clause
->handler_offset
));
4775 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
) {
4776 if (clause
->data
.filter_offset
> ctx
.code_size
)
4777 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("filter clause out of bounds at 0x%04x", clause
->try_offset
));
4779 if (clause
->data
.filter_offset
>= clause
->handler_offset
)
4780 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("filter clause must come before the handler clause at 0x%04x", clause
->data
.filter_offset
));
4783 for (n
= i
+ 1; n
< ctx
.header
->num_clauses
&& ctx
.valid
; ++n
)
4784 verify_clause_relationship (&ctx
, clause
, ctx
.header
->clauses
+ n
);
4789 ctx
.code
[clause
->try_offset
].flags
|= IL_CODE_FLAG_WAS_TARGET
;
4790 if (clause
->try_offset
+ clause
->try_len
< ctx
.code_size
)
4791 ctx
.code
[clause
->try_offset
+ clause
->try_len
].flags
|= IL_CODE_FLAG_WAS_TARGET
;
4792 if (clause
->handler_offset
+ clause
->handler_len
< ctx
.code_size
)
4793 ctx
.code
[clause
->handler_offset
+ clause
->handler_len
].flags
|= IL_CODE_FLAG_WAS_TARGET
;
4795 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_NONE
) {
4796 if (!clause
->data
.catch_class
) {
4797 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Catch clause %d with invalid type", i
));
4801 init_stack_with_value_at_exception_boundary (&ctx
, ctx
.code
+ clause
->handler_offset
, clause
->data
.catch_class
);
4803 else if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
) {
4804 init_stack_with_value_at_exception_boundary (&ctx
, ctx
.code
+ clause
->data
.filter_offset
, mono_defaults
.exception_class
);
4805 init_stack_with_value_at_exception_boundary (&ctx
, ctx
.code
+ clause
->handler_offset
, mono_defaults
.exception_class
);
4809 original_bb
= bb
= mono_basic_block_split (method
, &error
);
4810 if (!mono_error_ok (&error
)) {
4811 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid branch target: %s", mono_error_get_message (&error
)));
4812 mono_error_cleanup (&error
);
4817 while (ip
< end
&& ctx
.valid
) {
4819 ip_offset
= ip
- code_start
;
4821 const unsigned char *ip_copy
= ip
;
4824 if (ip_offset
> bb
->end
) {
4825 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Branch or EH block at [0x%04x] targets middle instruction at 0x%04x", bb
->end
, ip_offset
));
4829 if (ip_offset
== bb
->end
)
4832 op_size
= mono_opcode_value_and_size (&ip_copy
, end
, &op
);
4833 if (op_size
== -1) {
4834 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction %x at 0x%04x", *ip
, ip_offset
));
4838 if (ADD_IS_GREATER_OR_OVF (ip_offset
, op_size
, bb
->end
)) {
4839 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Branch or EH block targets middle of instruction at 0x%04x", ip_offset
));
4843 /*Last Instruction*/
4844 if (ip_offset
+ op_size
== bb
->end
&& mono_opcode_is_prefix (op
)) {
4845 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Branch or EH block targets between prefix '%s' and instruction at 0x%04x", mono_opcode_name (op
), ip_offset
));
4850 ctx
.ip_offset
= ip_offset
= ip
- code_start
;
4852 /*We need to check against fallthrou in and out of protected blocks.
4853 * For fallout we check the once a protected block ends, if the start flag is not set.
4854 * Likewise for fallthru in, we check if ip is the start of a protected block and start is not set
4855 * TODO convert these checks to be done using flags and not this loop
4857 for (i
= 0; i
< ctx
.header
->num_clauses
&& ctx
.valid
; ++i
) {
4858 MonoExceptionClause
*clause
= ctx
.header
->clauses
+ i
;
4860 if ((clause
->try_offset
+ clause
->try_len
== ip_offset
) && start
== 0) {
4861 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("fallthru off try block at 0x%04x", ip_offset
));
4865 if ((clause
->handler_offset
+ clause
->handler_len
== ip_offset
) && start
== 0) {
4866 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
)
4867 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset
));
4869 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset
));
4873 if (clause
->flags
== MONO_EXCEPTION_CLAUSE_FILTER
&& clause
->handler_offset
== ip_offset
&& start
== 0) {
4874 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("fallout of filter block at 0x%04x", ip_offset
));
4878 if (clause
->handler_offset
== ip_offset
&& start
== 0) {
4879 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("fallthru handler block at 0x%04x", ip_offset
));
4883 if (clause
->try_offset
== ip_offset
&& ctx
.eval
.size
> 0 && start
== 0) {
4884 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Try to enter try block with a non-empty stack at 0x%04x", ip_offset
));
4889 /*This must be done after fallthru detection otherwise it won't happen.*/
4891 /*FIXME remove this once we move all bad branch checking code to use BB only*/
4892 ctx
.code
[ip_offset
].flags
|= IL_CODE_FLAG_SEEN
;
4901 VERIFIER_DEBUG ( printf ("extra merge needed! 0x%04x \n", ctx
.target
); );
4902 merge_stacks (&ctx
, &ctx
.eval
, &ctx
.code
[ctx
.target
], FALSE
, TRUE
);
4905 merge_stacks (&ctx
, &ctx
.eval
, &ctx
.code
[ip_offset
], start
, FALSE
);
4908 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
4909 #ifdef MONO_VERIFIER_DEBUG
4912 discode
= mono_disasm_code_one (NULL
, method
, ip
, NULL
);
4913 discode
[strlen (discode
) - 1] = 0; /* no \n */
4914 g_print ("[%d] %-29s (%d)\n", ip_offset
, discode
, ctx
.eval
.size
);
4917 dump_stack_state (&ctx
.code
[ip_offset
]);
4918 dump_stack_state (&ctx
.eval
);
4931 push_arg (&ctx
, *ip
- CEE_LDARG_0
, FALSE
);
4937 code_bounds_check (2);
4938 push_arg (&ctx
, ip
[1], *ip
== CEE_LDARGA_S
);
4942 case CEE_ADD_OVF_UN
:
4943 do_binop (&ctx
, *ip
, add_ovf_un_table
);
4947 case CEE_SUB_OVF_UN
:
4948 do_binop (&ctx
, *ip
, sub_ovf_un_table
);
4955 case CEE_MUL_OVF_UN
:
4956 do_binop (&ctx
, *ip
, bin_ovf_table
);
4961 do_binop (&ctx
, *ip
, add_table
);
4966 do_binop (&ctx
, *ip
, sub_table
);
4973 do_binop (&ctx
, *ip
, bin_op_table
);
4982 do_binop (&ctx
, *ip
, int_bin_op_table
);
4989 do_binop (&ctx
, *ip
, shift_op_table
);
4994 if (!check_underflow (&ctx
, 1))
4996 stack_pop_safe (&ctx
);
5010 /*TODO support definite assignment verification? */
5011 push_local (&ctx
, *ip
- CEE_LDLOC_0
, FALSE
);
5019 store_local (&ctx
, *ip
- CEE_STLOC_0
);
5024 code_bounds_check (2);
5025 store_local (&ctx
, ip
[1]);
5030 code_bounds_check (2);
5031 store_arg (&ctx
, ip
[1]);
5045 if (check_overflow (&ctx
))
5046 stack_push_val (&ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
5051 code_bounds_check (2);
5052 if (check_overflow (&ctx
))
5053 stack_push_val (&ctx
, TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
5058 code_bounds_check (5);
5059 if (check_overflow (&ctx
))
5060 stack_push_val (&ctx
,TYPE_I4
, &mono_defaults
.int32_class
->byval_arg
);
5065 code_bounds_check (9);
5066 if (check_overflow (&ctx
))
5067 stack_push_val (&ctx
,TYPE_I8
, &mono_defaults
.int64_class
->byval_arg
);
5072 code_bounds_check (5);
5073 if (check_overflow (&ctx
))
5074 stack_push_val (&ctx
, TYPE_R8
, &mono_defaults
.double_class
->byval_arg
);
5079 code_bounds_check (9);
5080 if (check_overflow (&ctx
))
5081 stack_push_val (&ctx
, TYPE_R8
, &mono_defaults
.double_class
->byval_arg
);
5086 if (check_overflow (&ctx
))
5087 stack_push_val (&ctx
, TYPE_COMPLEX
| NULL_LITERAL_MASK
, &mono_defaults
.object_class
->byval_arg
);
5093 code_bounds_check (2);
5094 do_branch_op (&ctx
, (signed char)ip
[1] + 2, cmp_br_eq_op
);
5107 code_bounds_check (2);
5108 do_branch_op (&ctx
, (signed char)ip
[1] + 2, cmp_br_op
);
5115 code_bounds_check (5);
5116 do_branch_op (&ctx
, (gint32
)read32 (ip
+ 1) + 5, cmp_br_eq_op
);
5129 code_bounds_check (5);
5130 do_branch_op (&ctx
, (gint32
)read32 (ip
+ 1) + 5, cmp_br_op
);
5137 code_bounds_check (2);
5138 push_local (&ctx
, ip
[1], *ip
== CEE_LDLOCA_S
);
5143 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Use of the `unused' opcode"));
5149 if (!check_underflow (&ctx
, 1))
5151 if (!check_overflow (&ctx
))
5153 top
= stack_push (&ctx
);
5154 copy_stack_value (top
, stack_peek (&ctx
, 1));
5160 code_bounds_check (5);
5162 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Eval stack must be empty in jmp at 0x%04x", ip_offset
));
5163 token
= read32 (ip
+ 1);
5164 if (in_any_block (ctx
.header
, ip_offset
))
5165 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("jmp cannot escape exception blocks at 0x%04x", ip_offset
));
5167 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Intruction jmp is not verifiable at 0x%04x", ctx
.ip_offset
));
5169 * FIXME: check signature, retval, arguments etc.
5175 code_bounds_check (5);
5176 do_invoke_method (&ctx
, read32 (ip
+ 1), *ip
== CEE_CALLVIRT
);
5181 code_bounds_check (5);
5182 token
= read32 (ip
+ 1);
5184 * FIXME: check signature, retval, arguments etc.
5185 * FIXME: check requirements for tail call
5187 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Intruction calli is not verifiable at 0x%04x", ctx
.ip_offset
));
5191 code_bounds_check (2);
5192 do_static_branch (&ctx
, (signed char)ip
[1] + 2);
5200 code_bounds_check (2);
5201 do_boolean_branch_op (&ctx
, (signed char)ip
[1] + 2);
5207 code_bounds_check (5);
5208 do_static_branch (&ctx
, (gint32
)read32 (ip
+ 1) + 5);
5216 code_bounds_check (5);
5217 do_boolean_branch_op (&ctx
, (gint32
)read32 (ip
+ 1) + 5);
5224 code_bounds_check (5);
5225 entries
= read32 (ip
+ 1);
5227 if (entries
> 0xFFFFFFFFU
/ sizeof (guint32
))
5228 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Too many switch entries %x at 0x%04x", entries
, ctx
.ip_offset
));
5231 code_bounds_check (sizeof (guint32
) * entries
);
5233 do_switch (&ctx
, entries
, ip
);
5234 ip
+= sizeof (guint32
) * entries
;
5248 do_load_indirect (&ctx
, *ip
);
5260 do_store_indirect (&ctx
, *ip
);
5266 do_unary_math_op (&ctx
, *ip
);
5276 do_conversion (&ctx
, TYPE_I4
);
5282 do_conversion (&ctx
, TYPE_I8
);
5289 do_conversion (&ctx
, TYPE_R8
);
5295 do_conversion (&ctx
, TYPE_NATIVE_INT
);
5300 code_bounds_check (5);
5301 do_cpobj (&ctx
, read32 (ip
+ 1));
5306 code_bounds_check (5);
5307 do_ldobj_value (&ctx
, read32 (ip
+ 1));
5312 code_bounds_check (5);
5313 do_ldstr (&ctx
, read32 (ip
+ 1));
5318 code_bounds_check (5);
5319 do_newobj (&ctx
, read32 (ip
+ 1));
5325 code_bounds_check (5);
5326 do_cast (&ctx
, read32 (ip
+ 1), *ip
== CEE_CASTCLASS
? "castclass" : "isinst");
5332 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Use of the `unused' opcode"));
5337 code_bounds_check (5);
5338 do_unbox_value (&ctx
, read32 (ip
+ 1));
5350 code_bounds_check (5);
5351 do_push_field (&ctx
, read32 (ip
+ 1), *ip
== CEE_LDFLDA
);
5357 code_bounds_check (5);
5358 do_push_static_field (&ctx
, read32 (ip
+ 1), *ip
== CEE_LDSFLDA
);
5363 code_bounds_check (5);
5364 do_store_field (&ctx
, read32 (ip
+ 1));
5369 code_bounds_check (5);
5370 do_store_static_field (&ctx
, read32 (ip
+ 1));
5375 code_bounds_check (5);
5376 do_stobj (&ctx
, read32 (ip
+ 1));
5380 case CEE_CONV_OVF_I1_UN
:
5381 case CEE_CONV_OVF_I2_UN
:
5382 case CEE_CONV_OVF_I4_UN
:
5383 case CEE_CONV_OVF_U1_UN
:
5384 case CEE_CONV_OVF_U2_UN
:
5385 case CEE_CONV_OVF_U4_UN
:
5386 do_conversion (&ctx
, TYPE_I4
);
5390 case CEE_CONV_OVF_I8_UN
:
5391 case CEE_CONV_OVF_U8_UN
:
5392 do_conversion (&ctx
, TYPE_I8
);
5396 case CEE_CONV_OVF_I_UN
:
5397 case CEE_CONV_OVF_U_UN
:
5398 do_conversion (&ctx
, TYPE_NATIVE_INT
);
5403 code_bounds_check (5);
5404 do_box_value (&ctx
, read32 (ip
+ 1));
5409 code_bounds_check (5);
5410 do_newarr (&ctx
, read32 (ip
+ 1));
5420 code_bounds_check (5);
5421 do_ldelema (&ctx
, read32 (ip
+ 1));
5435 case CEE_LDELEM_REF
:
5436 do_ldelem (&ctx
, *ip
, 0);
5447 case CEE_STELEM_REF
:
5448 do_stelem (&ctx
, *ip
, 0);
5453 code_bounds_check (5);
5454 do_ldelem (&ctx
, *ip
, read32 (ip
+ 1));
5459 code_bounds_check (5);
5460 do_stelem (&ctx
, *ip
, read32 (ip
+ 1));
5465 code_bounds_check (5);
5466 do_unbox_any (&ctx
, read32 (ip
+ 1));
5470 case CEE_CONV_OVF_I1
:
5471 case CEE_CONV_OVF_U1
:
5472 case CEE_CONV_OVF_I2
:
5473 case CEE_CONV_OVF_U2
:
5474 case CEE_CONV_OVF_I4
:
5475 case CEE_CONV_OVF_U4
:
5476 do_conversion (&ctx
, TYPE_I4
);
5480 case CEE_CONV_OVF_I8
:
5481 case CEE_CONV_OVF_U8
:
5482 do_conversion (&ctx
, TYPE_I8
);
5486 case CEE_CONV_OVF_I
:
5487 case CEE_CONV_OVF_U
:
5488 do_conversion (&ctx
, TYPE_NATIVE_INT
);
5493 code_bounds_check (5);
5494 do_refanyval (&ctx
, read32 (ip
+ 1));
5504 code_bounds_check (5);
5505 do_mkrefany (&ctx
, read32 (ip
+ 1));
5510 code_bounds_check (5);
5511 do_load_token (&ctx
, read32 (ip
+ 1));
5515 case CEE_ENDFINALLY
:
5516 if (!is_correct_endfinally (ctx
.header
, ip_offset
))
5517 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("endfinally must be used inside a finally/fault handler at 0x%04x", ctx
.ip_offset
));
5524 code_bounds_check (5);
5525 do_leave (&ctx
, read32 (ip
+ 1) + 5);
5532 code_bounds_check (2);
5533 do_leave (&ctx
, (signed char)ip
[1] + 2);
5540 code_bounds_check (2);
5544 code_bounds_check (3);
5545 store_local (&ctx
, read16 (ip
+ 1));
5550 do_cmp_op (&ctx
, cmp_br_eq_op
, *ip
);
5558 do_cmp_op (&ctx
, cmp_br_op
, *ip
);
5563 code_bounds_check (3);
5564 store_arg (&ctx
, read16 (ip
+ 1) );
5570 if (!check_overflow (&ctx
))
5572 if (ctx
.signature
->call_convention
!= MONO_CALL_VARARG
)
5573 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Cannot use arglist on method without VARGARG calling convention at 0x%04x", ctx
.ip_offset
));
5574 set_stack_value (&ctx
, stack_push (&ctx
), &mono_defaults
.argumenthandle_class
->byval_arg
, FALSE
);
5579 code_bounds_check (5);
5580 do_load_function_ptr (&ctx
, read32 (ip
+ 1), FALSE
);
5585 code_bounds_check (5);
5586 do_load_function_ptr (&ctx
, read32 (ip
+ 1), TRUE
);
5592 code_bounds_check (3);
5593 push_arg (&ctx
, read16 (ip
+ 1), *ip
== CEE_LDARGA
);
5599 code_bounds_check (3);
5600 push_local (&ctx
, read16 (ip
+ 1), *ip
== CEE_LDLOCA
);
5613 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Use of the `unused' opcode"));
5617 do_endfilter (&ctx
);
5621 case CEE_UNALIGNED_
:
5622 code_bounds_check (2);
5623 prefix
|= PREFIX_UNALIGNED
;
5627 prefix
|= PREFIX_VOLATILE
;
5631 prefix
|= PREFIX_TAIL
;
5633 if (ip
< end
&& (*ip
!= CEE_CALL
&& *ip
!= CEE_CALLI
&& *ip
!= CEE_CALLVIRT
))
5634 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("tail prefix must be used only with call opcodes at 0x%04x", ip_offset
));
5638 code_bounds_check (5);
5639 do_initobj (&ctx
, read32 (ip
+ 1));
5643 case CEE_CONSTRAINED_
:
5644 code_bounds_check (5);
5645 ctx
.constrained_type
= get_boxable_mono_type (&ctx
, read32 (ip
+ 1), "constrained.");
5646 prefix
|= PREFIX_CONSTRAINED
;
5651 prefix
|= PREFIX_READONLY
;
5656 CLEAR_PREFIX (&ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
5657 if (!check_underflow (&ctx
, 3))
5659 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Instruction cpblk is not verifiable at 0x%04x", ctx
.ip_offset
));
5664 CLEAR_PREFIX (&ctx
, PREFIX_UNALIGNED
| PREFIX_VOLATILE
);
5665 if (!check_underflow (&ctx
, 3))
5667 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Instruction initblk is not verifiable at 0x%04x", ctx
.ip_offset
));
5675 if (!is_correct_rethrow (ctx
.header
, ip_offset
))
5676 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("rethrow must be used inside a catch handler at 0x%04x", ctx
.ip_offset
));
5683 code_bounds_check (5);
5684 do_sizeof (&ctx
, read32 (ip
+ 1));
5688 case CEE_REFANYTYPE
:
5689 do_refanytype (&ctx
);
5694 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction FE %x at 0x%04x", *ip
, ctx
.ip_offset
));
5700 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction %x at 0x%04x", *ip
, ctx
.ip_offset
));
5704 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
5706 if (!ctx
.prefix_set
) //first prefix
5707 ctx
.code
[ctx
.ip_offset
].flags
|= IL_CODE_FLAG_SEEN
;
5708 ctx
.prefix_set
|= prefix
;
5709 ctx
.has_flags
= TRUE
;
5713 ctx
.code
[ctx
.ip_offset
].flags
|= IL_CODE_FLAG_SEEN
;
5715 if (ctx
.prefix_set
& PREFIX_CONSTRAINED
)
5716 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction after constrained prefix at 0x%04x", ctx
.ip_offset
));
5717 if (ctx
.prefix_set
& PREFIX_READONLY
)
5718 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction after readonly prefix at 0x%04x", ctx
.ip_offset
));
5719 if (ctx
.prefix_set
& PREFIX_VOLATILE
)
5720 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction after volatile prefix at 0x%04x", ctx
.ip_offset
));
5721 if (ctx
.prefix_set
& PREFIX_UNALIGNED
)
5722 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Invalid instruction after unaligned prefix at 0x%04x", ctx
.ip_offset
));
5723 ctx
.prefix_set
= prefix
= 0;
5724 ctx
.has_flags
= FALSE
;
5728 * if ip != end we overflowed: mark as error.
5730 if ((ip
!= end
|| !start
) && ctx
.verifiable
&& !ctx
.list
) {
5731 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Run ahead of method code at 0x%04x", ip_offset
));
5734 /*We should guard against the last decoded opcode, otherwise we might add errors that doesn't make sense.*/
5735 for (i
= 0; i
< ctx
.code_size
&& i
< ip_offset
; ++i
) {
5736 if (ctx
.code
[i
].flags
& IL_CODE_FLAG_WAS_TARGET
) {
5737 if (!(ctx
.code
[i
].flags
& IL_CODE_FLAG_SEEN
))
5738 ADD_VERIFY_ERROR (&ctx
, g_strdup_printf ("Branch or exception block target middle of intruction at 0x%04x", i
));
5740 if (ctx
.code
[i
].flags
& IL_CODE_DELEGATE_SEQUENCE
)
5741 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Branch to delegate code sequence at 0x%04x", i
));
5743 if ((ctx
.code
[i
].flags
& IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL
) && ctx
.has_this_store
)
5744 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", i
));
5746 if ((ctx
.code
[i
].flags
& IL_CODE_CALL_NONFINAL_VIRTUAL
) && ctx
.has_this_store
)
5747 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Invalid call to a non-final virtual function in method with stdarg.0 or ldarga.0 at 0x%04x", i
));
5750 if (mono_method_is_constructor (ctx
.method
) && !ctx
.super_ctor_called
&& !ctx
.method
->klass
->valuetype
&& ctx
.method
->klass
!= mono_defaults
.object_class
) {
5751 char *method_name
= mono_method_full_name (ctx
.method
, TRUE
);
5752 char *type
= mono_type_get_full_name (ctx
.method
->klass
);
5753 if (ctx
.method
->klass
->parent
&& ctx
.method
->klass
->parent
->exception_type
!= MONO_EXCEPTION_NONE
)
5754 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Constructor %s for type %s not calling base type ctor due to a TypeLoadException on base type.", method_name
, type
));
5756 CODE_NOT_VERIFIABLE (&ctx
, g_strdup_printf ("Constructor %s for type %s not calling base type ctor.", method_name
, type
));
5757 g_free (method_name
);
5763 for (i
= 0; i
< ctx
.header
->code_size
; ++i
) {
5764 if (ctx
.code
[i
].stack
)
5765 g_free (ctx
.code
[i
].stack
);
5769 for (tmp
= ctx
.funptrs
; tmp
; tmp
= tmp
->next
)
5771 g_slist_free (ctx
.funptrs
);
5773 for (tmp
= ctx
.exception_types
; tmp
; tmp
= tmp
->next
)
5774 mono_metadata_free_type (tmp
->data
);
5775 g_slist_free (ctx
.exception_types
);
5777 for (i
= 0; i
< ctx
.num_locals
; ++i
) {
5779 mono_metadata_free_type (ctx
.locals
[i
]);
5781 for (i
= 0; i
< ctx
.max_args
; ++i
) {
5783 mono_metadata_free_type (ctx
.params
[i
]);
5787 g_free (ctx
.eval
.stack
);
5790 g_free (ctx
.locals
);
5791 g_free (ctx
.params
);
5792 mono_basic_block_free (original_bb
);
5793 mono_metadata_free_mh (ctx
.header
);
5795 finish_collect_stats ();
5800 mono_verify_corlib ()
5802 /* This is a public API function so cannot be removed */
5807 * Returns true if @method needs to be verified.
5811 mono_verifier_is_enabled_for_method (MonoMethod
*method
)
5813 return mono_verifier_is_enabled_for_class (method
->klass
) && (method
->wrapper_type
== MONO_WRAPPER_NONE
|| method
->wrapper_type
== MONO_WRAPPER_DYNAMIC_METHOD
);
5817 * Returns true if @klass need to be verified.
5821 mono_verifier_is_enabled_for_class (MonoClass
*klass
)
5823 return verify_all
|| (verifier_mode
> MONO_VERIFIER_MODE_OFF
&& !(klass
->image
->assembly
&& klass
->image
->assembly
->in_gac
) && klass
->image
!= mono_defaults
.corlib
);
5827 mono_verifier_is_enabled_for_image (MonoImage
*image
)
5829 return verify_all
|| verifier_mode
> MONO_VERIFIER_MODE_OFF
;
5833 * Dynamic methods are not considered full trust since if the user is trusted and need to
5834 * generate unsafe code, make the method skip verification - this is a known good way to do it.
5837 mono_verifier_is_method_full_trust (MonoMethod
*method
)
5839 return mono_verifier_is_class_full_trust (method
->klass
) && !method
->dynamic
;
5843 * Returns if @klass is under full trust or not.
5845 * TODO This code doesn't take CAS into account.
5847 * Under verify_all all user code must be verifiable if no security option was set
5851 mono_verifier_is_class_full_trust (MonoClass
*klass
)
5853 /* under CoreCLR code is trusted if it is part of the "platform" otherwise all code inside the GAC is trusted */
5854 gboolean trusted_location
= (mono_security_get_mode () != MONO_SECURITY_MODE_CORE_CLR
) ?
5855 (klass
->image
->assembly
&& klass
->image
->assembly
->in_gac
) : mono_security_core_clr_is_platform_image (klass
->image
);
5857 if (verify_all
&& verifier_mode
== MONO_VERIFIER_MODE_OFF
)
5858 return trusted_location
|| klass
->image
== mono_defaults
.corlib
;
5859 return verifier_mode
< MONO_VERIFIER_MODE_VERIFIABLE
|| trusted_location
|| klass
->image
== mono_defaults
.corlib
;
5863 mono_method_verify_with_current_settings (MonoMethod
*method
, gboolean skip_visibility
)
5865 return mono_method_verify (method
,
5866 (verifier_mode
!= MONO_VERIFIER_MODE_STRICT
? MONO_VERIFY_NON_STRICT
: 0)
5867 | (!mono_verifier_is_method_full_trust (method
) ? MONO_VERIFY_FAIL_FAST
: 0)
5868 | (skip_visibility
? MONO_VERIFY_SKIP_VISIBILITY
: 0));
5872 get_field_end (MonoClassField
*field
)
5875 int size
= mono_type_size (field
->type
, &align
);
5877 size
= 4; /*FIXME Is this a safe bet?*/
5878 return size
+ field
->offset
;
5882 verify_class_for_overlapping_reference_fields (MonoClass
*class)
5885 gpointer iter
= NULL
;
5886 MonoClassField
*field
;
5887 gboolean is_fulltrust
= mono_verifier_is_class_full_trust (class);
5888 /*We can't skip types with !has_references since this is calculated after we have run.*/
5889 if (!((class->flags
& TYPE_ATTRIBUTE_LAYOUT_MASK
) == TYPE_ATTRIBUTE_EXPLICIT_LAYOUT
))
5893 /*We must check for stuff overlapping reference fields.
5894 The outer loop uses mono_class_get_fields to ensure that MonoClass:fields get inited.
5896 while ((field
= mono_class_get_fields (class, &iter
))) {
5897 int fieldEnd
= get_field_end (field
);
5898 gboolean is_valuetype
= !MONO_TYPE_IS_REFERENCE (field
->type
);
5901 if (mono_field_is_deleted (field
) || (field
->type
->attrs
& FIELD_ATTRIBUTE_STATIC
))
5904 for (j
= i
; j
< class->field
.count
; ++j
) {
5905 MonoClassField
*other
= &class->fields
[j
];
5906 int otherEnd
= get_field_end (other
);
5907 if (mono_field_is_deleted (other
) || (is_valuetype
&& !MONO_TYPE_IS_REFERENCE (other
->type
)) || (other
->type
->attrs
& FIELD_ATTRIBUTE_STATIC
))
5910 if (!is_valuetype
&& MONO_TYPE_IS_REFERENCE (other
->type
) && field
->offset
== other
->offset
&& is_fulltrust
)
5913 if ((otherEnd
> field
->offset
&& otherEnd
<= fieldEnd
) || (other
->offset
>= field
->offset
&& other
->offset
< fieldEnd
))
5921 field_hash (gconstpointer key
)
5923 const MonoClassField
*field
= key
;
5924 return g_str_hash (field
->name
) ^ mono_metadata_type_hash (field
->type
); /**/
5928 field_equals (gconstpointer _a
, gconstpointer _b
)
5930 const MonoClassField
*a
= _a
;
5931 const MonoClassField
*b
= _b
;
5932 return !strcmp (a
->name
, b
->name
) && mono_metadata_type_equal (a
->type
, b
->type
);
5937 verify_class_fields (MonoClass
*class)
5939 gpointer iter
= NULL
;
5940 MonoClassField
*field
;
5941 MonoGenericContext
*context
= mono_class_get_context (class);
5942 GHashTable
*unique_fields
= g_hash_table_new_full (&field_hash
, &field_equals
, NULL
, NULL
);
5943 if (class->generic_container
)
5944 context
= &class->generic_container
->context
;
5946 while ((field
= mono_class_get_fields (class, &iter
)) != NULL
) {
5947 if (!mono_type_is_valid_type_in_context (field
->type
, context
)) {
5948 g_hash_table_destroy (unique_fields
);
5951 if (g_hash_table_lookup (unique_fields
, field
)) {
5952 g_hash_table_destroy (unique_fields
);
5955 g_hash_table_insert (unique_fields
, field
, field
);
5957 g_hash_table_destroy (unique_fields
);
5962 verify_interfaces (MonoClass
*class)
5965 for (i
= 0; i
< class->interface_count
; ++i
) {
5966 MonoClass
*iface
= class->interfaces
[i
];
5967 if (!(iface
->flags
& TYPE_ATTRIBUTE_INTERFACE
))
5974 verify_valuetype_layout_with_target (MonoClass
*class, MonoClass
*target_class
)
5977 gpointer iter
= NULL
;
5978 MonoClassField
*field
;
5979 MonoClass
*field_class
;
5981 if (!class->valuetype
)
5984 type
= class->byval_arg
.type
;
5985 /*primitive type fields are not properly decoded*/
5986 if ((type
>= MONO_TYPE_BOOLEAN
&& type
<= MONO_TYPE_R8
) || (type
>= MONO_TYPE_I
&& type
<= MONO_TYPE_U
))
5989 while ((field
= mono_class_get_fields (class, &iter
)) != NULL
) {
5993 if (field
->type
->attrs
& (FIELD_ATTRIBUTE_STATIC
| FIELD_ATTRIBUTE_HAS_FIELD_RVA
))
5996 field_class
= mono_class_get_generic_type_definition (mono_class_from_mono_type (field
->type
));
5998 if (field_class
== target_class
|| class == field_class
|| !verify_valuetype_layout_with_target (field_class
, target_class
))
6006 verify_valuetype_layout (MonoClass
*class)
6009 res
= verify_valuetype_layout_with_target (class, class);
6014 recursive_mark_constraint_args (MonoBitSet
*used_args
, MonoGenericContainer
*gc
, MonoType
*type
)
6017 MonoClass
**constraints
;
6018 MonoGenericParamInfo
*param_info
;
6020 g_assert (mono_type_is_generic_argument (type
));
6022 idx
= mono_type_get_generic_param_num (type
);
6023 if (mono_bitset_test_fast (used_args
, idx
))
6026 mono_bitset_set_fast (used_args
, idx
);
6027 param_info
= mono_generic_container_get_param_info (gc
, idx
);
6029 if (!param_info
->constraints
)
6032 for (constraints
= param_info
->constraints
; *constraints
; ++constraints
) {
6033 MonoClass
*ctr
= *constraints
;
6034 MonoType
*constraint_type
= &ctr
->byval_arg
;
6036 if (mono_type_is_generic_argument (constraint_type
) && !recursive_mark_constraint_args (used_args
, gc
, constraint_type
))
6043 verify_generic_parameters (MonoClass
*class)
6046 MonoGenericContainer
*gc
= class->generic_container
;
6047 MonoBitSet
*used_args
= mono_bitset_new (gc
->type_argc
, 0);
6049 for (i
= 0; i
< gc
->type_argc
; ++i
) {
6050 MonoGenericParamInfo
*param_info
= mono_generic_container_get_param_info (gc
, i
);
6051 MonoClass
**constraints
;
6053 if (!param_info
->constraints
)
6056 mono_bitset_clear_all (used_args
);
6057 mono_bitset_set_fast (used_args
, i
);
6059 for (constraints
= param_info
->constraints
; *constraints
; ++constraints
) {
6060 MonoClass
*ctr
= *constraints
;
6061 MonoType
*constraint_type
= &ctr
->byval_arg
;
6063 if (!mono_type_is_valid_type_in_context (constraint_type
, &gc
->context
))
6066 if (mono_type_is_generic_argument (constraint_type
) && !recursive_mark_constraint_args (used_args
, gc
, constraint_type
))
6068 if (ctr
->generic_class
&& !mono_class_is_valid_generic_instantiation (NULL
, ctr
))
6072 mono_bitset_free (used_args
);
6076 mono_bitset_free (used_args
);
6081 * Check if the class is verifiable.
6083 * Right now there are no conditions that make a class a valid but not verifiable. Both overlapping reference
6084 * field and invalid generic instantiation are fatal errors.
6086 * This method must be safe to be called from mono_class_init and all code must be carefull about that.
6090 mono_verifier_verify_class (MonoClass
*class)
6092 /*Neither <Module>, object or ifaces have parent.*/
6093 if (!class->parent
&&
6094 class != mono_defaults
.object_class
&&
6095 !MONO_CLASS_IS_INTERFACE (class) &&
6096 (!class->image
->dynamic
&& class->type_token
!= 0x2000001)) /*<Module> is the first type in the assembly*/
6098 if (class->parent
) {
6099 if (MONO_CLASS_IS_INTERFACE (class->parent
))
6101 if (!class->generic_class
&& class->parent
->generic_container
)
6104 if (class->generic_container
&& (class->flags
& TYPE_ATTRIBUTE_LAYOUT_MASK
) == TYPE_ATTRIBUTE_EXPLICIT_LAYOUT
)
6106 if (class->generic_container
&& !verify_generic_parameters (class))
6108 if (!verify_class_for_overlapping_reference_fields (class))
6110 if (class->generic_class
&& !mono_class_is_valid_generic_instantiation (NULL
, class))
6112 if (class->generic_class
== NULL
&& !verify_class_fields (class))
6114 if (class->valuetype
&& !verify_valuetype_layout (class))
6116 if (!verify_interfaces (class))
6122 mono_verifier_class_is_valid_generic_instantiation (MonoClass
*class)
6124 return mono_class_is_valid_generic_instantiation (NULL
, class);
6128 mono_verifier_is_method_valid_generic_instantiation (MonoMethod
*method
)
6130 if (!method
->is_inflated
)
6132 return mono_method_is_valid_generic_instantiation (NULL
, method
);
6138 mono_verifier_verify_class (MonoClass
*class)
6140 /* The verifier was disabled at compile time */
6145 mono_method_verify_with_current_settings (MonoMethod
*method
, gboolean skip_visibility
)
6147 /* The verifier was disabled at compile time */
6152 mono_verifier_is_class_full_trust (MonoClass
*klass
)
6154 /* The verifier was disabled at compile time */
6159 mono_verifier_is_method_full_trust (MonoMethod
*method
)
6161 /* The verifier was disabled at compile time */
6166 mono_verifier_is_enabled_for_image (MonoImage
*image
)
6168 /* The verifier was disabled at compile time */
6173 mono_verifier_is_enabled_for_class (MonoClass
*klass
)
6175 /* The verifier was disabled at compile time */
6180 mono_verifier_is_enabled_for_method (MonoMethod
*method
)
6182 /* The verifier was disabled at compile time */
6187 mono_method_verify (MonoMethod
*method
, int level
)
6189 /* The verifier was disabled at compile time */
6194 mono_free_verify_list (GSList
*list
)
6196 /* The verifier was disabled at compile time */
6197 /* will always be null if verifier is disabled */
6201 mono_verifier_class_is_valid_generic_instantiation (MonoClass
*class)
6207 mono_verifier_is_method_valid_generic_instantiation (MonoMethod
*method
)