search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Daily bump.
[official-gcc.git] / gcc / java / verify-impl.c
blob1ca2d9fd66b5b0787d012138fe7932a3049ae3e0
1 /* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
2 Free Software Foundation
3
4 This file is part of libgcj.
5
6 This software is copyrighted work licensed under the terms of the
7 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
8 details. */
9
10 /* Written by Tom Tromey <tromey@redhat.com> */
11
12 /* Uncomment this to enable debugging output. */
13 /* #define VERIFY_DEBUG */
14
15 #include "config.h"
16
17 #include "verify.h"
18
19 /* Hack to work around namespace pollution from java-tree.h. */
20 #undef current_class
21
22 /* This is used to mark states which are not scheduled for
23 verification. */
24 #define INVALID_STATE ((state *) -1)
25
26 static void ATTRIBUTE_PRINTF_1
27 debug_print (const char *fmt ATTRIBUTE_UNUSED, ...)
28 {
29 #ifdef VERIFY_DEBUG
30 va_list ap;
31 va_start (ap, fmt);
32 vfprintf (stderr, fmt, ap);
33 va_end (ap);
34 #endif /* VERIFY_DEBUG */
35 }
36
37 /* This started as a fairly ordinary verifier, and for the most part
38 it remains so. It works in the obvious way, by modeling the effect
39 of each opcode as it is encountered. For most opcodes, this is a
40 straightforward operation.
41
42 This verifier does not do type merging. It used to, but this
43 results in difficulty verifying some relatively simple code
44 involving interfaces, and it pushed some verification work into the
45 interpreter.
46
47 Instead of merging reference types, when we reach a point where two
48 flows of control merge, we simply keep the union of reference types
49 from each branch. Then, when we need to verify a fact about a
50 reference on the stack (e.g., that it is compatible with the
51 argument type of a method), we check to ensure that all possible
52 types satisfy the requirement.
53
54 Another area this verifier differs from the norm is in its handling
55 of subroutines. The JVM specification has some confusing things to
56 say about subroutines. For instance, it makes claims about not
57 allowing subroutines to merge and it rejects recursive subroutines.
58 For the most part these are red herrings; we used to try to follow
59 these things but they lead to problems. For example, the notion of
60 "being in a subroutine" is not well-defined: is an exception
61 handler in a subroutine? If you never execute the `ret' but
62 instead `goto 1' do you remain in the subroutine?
63
64 For clarity on what is really required for type safety, read
65 "Simple Verification Technique for Complex Java Bytecode
66 Subroutines" by Alessandro Coglio. Among other things this paper
67 shows that recursive subroutines are not harmful to type safety.
68 We implement something similar to what he proposes. Note that this
69 means that this verifier will accept code that is rejected by some
70 other verifiers.
71
72 For those not wanting to read the paper, the basic observation is
73 that we can maintain split states in subroutines. We maintain one
74 state for each calling `jsr'. In other words, we re-verify a
75 subroutine once for each caller, using the exact types held by the
76 callers (as opposed to the old approach of merging types and
77 keeping a bitmap registering what did or did not change). This
78 approach lets us continue to verify correctly even when a
79 subroutine is exited via `goto' or `athrow' and not `ret'.
80
81 In some other areas the JVM specification is (mildly) incorrect,
82 so we diverge. For instance, you cannot
83 violate type safety by allocating an object with `new' and then
84 failing to initialize it, no matter how one branches or where one
85 stores the uninitialized reference. See "Improving the official
86 specification of Java bytecode verification" by Alessandro Coglio.
87
88 Note that there's no real point in enforcing that padding bytes or
89 the mystery byte of invokeinterface must be 0, but we do that
90 regardless.
91
92 The verifier is currently neither completely lazy nor eager when it
93 comes to loading classes. It tries to represent types by name when
94 possible, and then loads them when it needs to verify a fact about
95 the type. Checking types by name is valid because we only use
96 names which come from the current class' constant pool. Since all
97 such names are looked up using the same class loader, there is no
98 danger that we might be fooled into comparing different types with
99 the same name.
100
101 In the future we plan to allow for a completely lazy mode of
102 operation, where the verifier will construct a list of type
103 assertions to be checked later.
104
105 Some test cases for the verifier live in the "verify" module of the
106 Mauve test suite. However, some of these are presently
107 (2004-01-20) believed to be incorrect. (More precisely the notion
108 of "correct" is not well-defined, and this verifier differs from
109 others while remaining type-safe.) Some other tests live in the
110 libgcj test suite.
111
112 This verifier is also written to be pluggable. This means that it
113 is intended for use in a variety of environments, not just libgcj.
114 As a result the verifier expects a number of type and method
115 declarations to be declared in "verify.h". The intent is that you
116 recompile the verifier for your particular environment. This
117 approach was chosen so that operations could be inlined in verify.h
118 as much as possible.
119
120 See the verify.h that accompanies this copy of the verifier to see
121 what types, preprocessor defines, and functions must be declared.
122 The interface is ad hoc, but was defined so that it could be
123 implemented to connect to a pure C program.
124 */
125
126 #define FLAG_INSN_START 1
127 #define FLAG_BRANCH_TARGET 2
128 #define FLAG_INSN_SEEN 4
129
130 struct state;
131 struct type;
132 struct ref_intersection;
133
134 typedef struct state state;
135 typedef struct type type;
136 typedef struct ref_intersection ref_intersection;
137
138 /*typedef struct state_list state_list;*/
139
140 typedef struct state_list
141 {
142 state *val;
143 struct state_list *next;
144 } state_list;
145
146 typedef struct vfy_string_list
147 {
148 vfy_string val;
149 struct vfy_string_list *next;
150 } vfy_string_list;
151
152 typedef struct verifier_context
153 {
154 /* The current PC. */
155 int PC;
156 /* The PC corresponding to the start of the current instruction. */
157 int start_PC;
158
159 /* The current state of the stack, locals, etc. */
160 state *current_state;
161
162 /* At each branch target we keep a linked list of all the states we
163 can process at that point. We'll only have multiple states at a
164 given PC if they both have different return-address types in the
165 same stack or local slot. This array is indexed by PC and holds
166 the list of all such states. */
167 state_list **states;
168
169 /* We keep a linked list of all the states which we must reverify.
170 This is the head of the list. */
171 state *next_verify_state;
172
173 /* We keep some flags for each instruction. The values are the
174 FLAG_* constants defined above. This is an array indexed by PC. */
175 char *flags;
176
177 /* The bytecode itself. */
178 const unsigned char *bytecode;
179 /* The exceptions. */
180 vfy_exception *exception;
181
182 /* Defining class. */
183 vfy_jclass current_class;
184 /* This method. */
185 vfy_method *current_method;
186
187 /* A linked list of utf8 objects we allocate. */
188 vfy_string_list *utf8_list;
189
190 /* A linked list of all ref_intersection objects we allocate. */
191 ref_intersection *isect_list;
192 } verifier_context;
193
194 /* The current verifier's state data. This is maintained by
195 {push/pop}_verifier_context to provide a shorthand form to access
196 the verification state. */
197 static GTY(()) verifier_context *vfr;
198
199 /* Local function declarations. */
200 bool type_initialized (type *t);
201 int ref_count_dimensions (ref_intersection *ref);
202
203 static void
204 verify_fail_pc (const char *s, int pc)
205 {
206 vfy_fail (s, pc, vfr->current_class, vfr->current_method);
207 }
208
209 static void
210 verify_fail (const char *s)
211 {
212 verify_fail_pc (s, vfr->PC);
213 }
214
215 /* This enum holds a list of tags for all the different types we
216 need to handle. Reference types are treated specially by the
217 type class. */
218 typedef enum type_val
219 {
220 void_type,
221
222 /* The values for primitive types are chosen to correspond to values
223 specified to newarray. */
224 boolean_type = 4,
225 char_type = 5,
226 float_type = 6,
227 double_type = 7,
228 byte_type = 8,
229 short_type = 9,
230 int_type = 10,
231 long_type = 11,
232
233 /* Used when overwriting second word of a double or long in the
234 local variables. Also used after merging local variable states
235 to indicate an unusable value. */
236 unsuitable_type,
237 return_address_type,
238 /* This is the second word of a two-word value, i.e., a double or
239 a long. */
240 continuation_type,
241
242 /* Everything after `reference_type' must be a reference type. */
243 reference_type,
244 null_type,
245 uninitialized_reference_type
246 } type_val;
247
248 /* This represents a merged class type. Some verifiers (including
249 earlier versions of this one) will compute the intersection of
250 two class types when merging states. However, this loses
251 critical information about interfaces implemented by the various
252 classes. So instead we keep track of all the actual classes that
253 have been merged. */
254 struct ref_intersection
255 {
256 /* Whether or not this type has been resolved. */
257 bool is_resolved;
258
259 /* Actual type data. */
260 union
261 {
262 /* For a resolved reference type, this is a pointer to the class. */
263 vfy_jclass klass;
264 /* For other reference types, this it the name of the class. */
265 vfy_string name;
266 } data;
267
268 /* Link to the next reference in the intersection. */
269 ref_intersection *ref_next;
270
271 /* This is used to keep track of all the allocated
272 ref_intersection objects, so we can free them.
273 FIXME: we should allocate these in chunks. */
274 ref_intersection *alloc_next;
275 };
276
277 static ref_intersection *
278 make_ref (void)
279 {
280 ref_intersection *new_ref =
281 (ref_intersection *) vfy_alloc (sizeof (ref_intersection));
282
283 new_ref->alloc_next = vfr->isect_list;
284 vfr->isect_list = new_ref;
285 return new_ref;
286 }
287
288 static ref_intersection *
289 clone_ref (ref_intersection *dup)
290 {
291 ref_intersection *new_ref = make_ref ();
292
293 new_ref->is_resolved = dup->is_resolved;
294 new_ref->data = dup->data;
295 return new_ref;
296 }
297
298 static void
299 resolve_ref (ref_intersection *ref)
300 {
301 if (ref->is_resolved)
302 return;
303 ref->data.klass = vfy_find_class (vfr->current_class, ref->data.name);
304 ref->is_resolved = true;
305 }
306
307 static bool
308 refs_equal (ref_intersection *ref1, ref_intersection *ref2)
309 {
310 if (! ref1->is_resolved && ! ref2->is_resolved
311 && vfy_strings_equal (ref1->data.name, ref2->data.name))
312 return true;
313 if (! ref1->is_resolved)
314 resolve_ref (ref1);
315 if (! ref2->is_resolved)
316 resolve_ref (ref2);
317 return ref1->data.klass == ref2->data.klass;
318 }
319
320 /* Merge REF1 type into REF2, returning the result. This will
321 return REF2 if all the classes in THIS already appear in
322 REF2. */
323 static ref_intersection *
324 merge_refs (ref_intersection *ref1, ref_intersection *ref2)
325 {
326 ref_intersection *tail = ref2;
327 for (; ref1 != NULL; ref1 = ref1->ref_next)
328 {
329 bool add = true;
330 ref_intersection *iter;
331 for (iter = ref2; iter != NULL; iter = iter->ref_next)
332 {
333 if (refs_equal (ref1, iter))
334 {
335 add = false;
336 break;
337 }
338 }
339
340 if (add)
341 {
342 ref_intersection *new_tail = clone_ref (ref1);
343 new_tail->ref_next = tail;
344 tail = new_tail;
345 }
346 }
347 return tail;
348 }
349
350 /* See if an object of type SOURCE can be assigned to an object of
351 type TARGET. This might resolve classes in one chain or the other. */
352 static bool
353 ref_compatible (ref_intersection *target, ref_intersection *source)
354 {
355 for (; target != NULL; target = target->ref_next)
356 {
357 ref_intersection *source_iter = source;
358
359 for (; source_iter != NULL; source_iter = source_iter->ref_next)
360 {
361 /* Avoid resolving if possible. */
362 if (! target->is_resolved
363 && ! source_iter->is_resolved
364 && vfy_strings_equal (target->data.name,
365 source_iter->data.name))
366 continue;
367
368 if (! target->is_resolved)
369 resolve_ref (target);
370 if (! source_iter->is_resolved)
371 resolve_ref (source_iter);
372
373 if (! vfy_is_assignable_from (target->data.klass,
374 source_iter->data.klass))
375 return false;
376 }
377 }
378
379 return true;
380 }
381
382 static bool
383 ref_isarray (ref_intersection *ref)
384 {
385 /* assert (ref_next == NULL); */
386 if (ref->is_resolved)
387 return vfy_is_array (ref->data.klass);
388 else
389 return vfy_string_bytes (ref->data.name)[0] == '[';
390 }
391
392 static bool
393 ref_isinterface (ref_intersection *ref)
394 {
395 /* assert (ref_next == NULL); */
396 if (! ref->is_resolved)
397 resolve_ref (ref);
398 return vfy_is_interface (ref->data.klass);
399 }
400
401 static bool
402 ref_isabstract (ref_intersection *ref)
403 {
404 /* assert (ref_next == NULL); */
405 if (! ref->is_resolved)
406 resolve_ref (ref);
407 return vfy_is_abstract (ref->data.klass);
408 }
409
410 static vfy_jclass
411 ref_getclass (ref_intersection *ref)
412 {
413 if (! ref->is_resolved)
414 resolve_ref (ref);
415 return ref->data.klass;
416 }
417
418 int
419 ref_count_dimensions (ref_intersection *ref)
420 {
421 int ndims = 0;
422 if (ref->is_resolved)
423 {
424 vfy_jclass k = ref->data.klass;
425 while (vfy_is_array (k))
426 {
427 k = vfy_get_component_type (k);
428 ++ndims;
429 }
430 }
431 else
432 {
433 const char *p = vfy_string_bytes (ref->data.name);
434 while (*p++ == '[')
435 ++ndims;
436 }
437 return ndims;
438 }
439
440 /* Return the type_val corresponding to a primitive signature
441 character. For instance `I' returns `int.class'. */
442 static type_val
443 get_type_val_for_signature (char sig)
444 {
445 type_val rt;
446 switch (sig)
447 {
448 case 'Z':
449 rt = boolean_type;
450 break;
451 case 'B':
452 rt = byte_type;
453 break;
454 case 'C':
455 rt = char_type;
456 break;
457 case 'S':
458 rt = short_type;
459 break;
460 case 'I':
461 rt = int_type;
462 break;
463 case 'J':
464 rt = long_type;
465 break;
466 case 'F':
467 rt = float_type;
468 break;
469 case 'D':
470 rt = double_type;
471 break;
472 case 'V':
473 rt = void_type;
474 break;
475 default:
476 verify_fail ("invalid signature");
477 return null_type;
478 }
479 return rt;
480 }
481
482 /* Return the type_val corresponding to a primitive class. */
483 static type_val
484 get_type_val_for_primtype (vfy_jclass k)
485 {
486 return get_type_val_for_signature (vfy_get_primitive_char (k));
487 }
488
489 /* The `type' class is used to represent a single type in the verifier. */
490 struct type
491 {
492 /* The type key. */
493 type_val key;
494
495 /* For reference types, the representation of the type. */
496 ref_intersection *klass;
497
498 /* This is used in two situations.
499
500 First, when constructing a new object, it is the PC of the
501 `new' instruction which created the object. We use the special
502 value UNINIT to mean that this is uninitialized. The special
503 value SELF is used for the case where the current method is
504 itself the <init> method. the special value EITHER is used
505 when we may optionally allow either an uninitialized or
506 initialized reference to match.
507
508 Second, when the key is return_address_type, this holds the PC
509 of the instruction following the `jsr'. */
510 int pc;
511
512 #define UNINIT -2
513 #define SELF -1
514 #define EITHER -3
515 };
516
517 /* Make a new instance given the type tag. We assume a generic
518 `reference_type' means Object. */
519 static void
520 init_type_from_tag (type *t, type_val k)
521 {
522 t->key = k;
523 /* For reference_type, if KLASS==NULL then that means we are
524 looking for a generic object of any kind, including an
525 uninitialized reference. */
526 t->klass = NULL;
527 t->pc = UNINIT;
528 }
529
530 /* Make a type for the given type_val tag K. */
531 static type
532 make_type (type_val k)
533 {
534 type t;
535 init_type_from_tag (&t, k);
536 return t;
537 }
538
539 /* Make a new instance given a class. */
540 static void
541 init_type_from_class (type *t, vfy_jclass k)
542 {
543 t->key = reference_type;
544 t->klass = make_ref ();
545 t->klass->is_resolved = true;
546 t->klass->data.klass = k;
547 t->klass->ref_next = NULL;
548 t->pc = UNINIT;
549 }
550
551 static type
552 make_type_from_class (vfy_jclass k)
553 {
554 type t;
555 init_type_from_class (&t, k);
556 return t;
557 }
558
559 static void
560 init_type_from_string (type *t, vfy_string n)
561 {
562 t->key = reference_type;
563 t->klass = make_ref ();
564 t->klass->is_resolved = false;
565 t->klass->data.name = n;
566 t->klass->ref_next = NULL;
567 t->pc = UNINIT;
568 }
569
570 static type
571 make_type_from_string (vfy_string n)
572 {
573 type t;
574 init_type_from_string (&t, n);
575 return t;
576 }
577
578 /* Promote a numeric type. */
579 static void
580 vfy_promote_type (type *t)
581 {
582 if (t->key == boolean_type || t->key == char_type
583 || t->key == byte_type || t->key == short_type)
584 t->key = int_type;
585 }
586 #define promote_type vfy_promote_type
587
588 /* Mark this type as the uninitialized result of `new'. */
589 static void
590 type_set_uninitialized (type *t, int npc)
591 {
592 if (t->key == reference_type)
593 t->key = uninitialized_reference_type;
594 else
595 verify_fail ("internal error in type::uninitialized");
596 t->pc = npc;
597 }
598
599 /* Mark this type as now initialized. */
600 static void
601 type_set_initialized (type *t, int npc)
602 {
603 if (npc != UNINIT && t->pc == npc && t->key == uninitialized_reference_type)
604 {
605 t->key = reference_type;
606 t->pc = UNINIT;
607 }
608 }
609
610 /* Mark this type as a particular return address. */
611 static void type_set_return_address (type *t, int npc)
612 {
613 t->pc = npc;
614 }
615
616 /* Return true if this type and type OTHER are considered
617 mergeable for the purposes of state merging. This is related
618 to subroutine handling. For this purpose two types are
619 considered unmergeable if they are both return-addresses but
620 have different PCs. */
621 static bool
622 type_state_mergeable_p (type *t1, type *t2)
623 {
624 return (t1->key != return_address_type
625 || t2->key != return_address_type
626 || t1->pc == t2->pc);
627 }
628
629 /* Return true if an object of type K can be assigned to a variable
630 of type T. Handle various special cases too. Might modify
631 T or K. Note however that this does not perform numeric
632 promotion. */
633 static bool
634 types_compatible (type *t, type *k)
635 {
636 /* Any type is compatible with the unsuitable type. */
637 if (k->key == unsuitable_type)
638 return true;
639
640 if (t->key < reference_type || k->key < reference_type)
641 return t->key == k->key;
642
643 /* The `null' type is convertible to any initialized reference
644 type. */
645 if (t->key == null_type)
646 return k->key != uninitialized_reference_type;
647 if (k->key == null_type)
648 return t->key != uninitialized_reference_type;
649
650 /* A special case for a generic reference. */
651 if (t->klass == NULL)
652 return true;
653 if (k->klass == NULL)
654 verify_fail ("programmer error in type::compatible");
655
656 /* Handle the special 'EITHER' case, which is only used in a
657 special case of 'putfield'. Note that we only need to handle
658 this on the LHS of a check. */
659 if (! type_initialized (t) && t->pc == EITHER)
660 {
661 /* If the RHS is uninitialized, it must be an uninitialized
662 'this'. */
663 if (! type_initialized (k) && k->pc != SELF)
664 return false;
665 }
666 else if (type_initialized (t) != type_initialized (k))
667 {
668 /* An initialized type and an uninitialized type are not
669 otherwise compatible. */
670 return false;
671 }
672 else
673 {
674 /* Two uninitialized objects are compatible if either:
675 * The PCs are identical, or
676 * One PC is UNINIT. */
677 if (type_initialized (t))
678 {
679 if (t->pc != k->pc && t->pc != UNINIT && k->pc != UNINIT)
680 return false;
681 }
682 }
683
684 return ref_compatible (t->klass, k->klass);
685 }
686
687 /* Return true if two types are equal. Only valid for reference
688 types. */
689 static bool
690 types_equal (type *t1, type *t2)
691 {
692 if ((t1->key != reference_type && t1->key != uninitialized_reference_type)
693 || (t2->key != reference_type
694 && t2->key != uninitialized_reference_type))
695 return false;
696 /* Only single-ref types are allowed. */
697 if (t1->klass->ref_next || t2->klass->ref_next)
698 return false;
699 return refs_equal (t1->klass, t2->klass);
700 }
701
702 static bool
703 type_isvoid (type *t)
704 {
705 return t->key == void_type;
706 }
707
708 static bool
709 type_iswide (type *t)
710 {
711 return t->key == long_type || t->key == double_type;
712 }
713
714 /* Return number of stack or local variable slots taken by this type. */
715 static int
716 type_depth (type *t)
717 {
718 return type_iswide (t) ? 2 : 1;
719 }
720
721 static bool
722 type_isarray (type *t)
723 {
724 /* We treat null_type as not an array. This is ok based on the
725 current uses of this method. */
726 if (t->key == reference_type)
727 return ref_isarray (t->klass);
728 return false;
729 }
730
731 static bool
732 type_isnull (type *t)
733 {
734 return t->key == null_type;
735 }
736
737 static bool
738 type_isinterface (type *t)
739 {
740 if (t->key != reference_type)
741 return false;
742 return ref_isinterface (t->klass);
743 }
744
745 static bool
746 type_isabstract (type *t)
747 {
748 if (t->key != reference_type)
749 return false;
750 return ref_isabstract (t->klass);
751 }
752
753 /* Return the element type of an array. */
754 static type
755 type_array_element (type *t)
756 {
757 type et;
758 vfy_jclass k;
759
760 if (t->key != reference_type)
761 verify_fail ("programmer error in type::element_type()");
762
763 k = vfy_get_component_type (ref_getclass (t->klass));
764 if (vfy_is_primitive (k))
765 init_type_from_tag (&et, get_type_val_for_primtype (k));
766 else
767 init_type_from_class (&et, k);
768 return et;
769 }
770
771 /* Return the array type corresponding to an initialized
772 reference. We could expand this to work for other kinds of
773 types, but currently we don't need to. */
774 static type
775 type_to_array (type *t)
776 {
777 type at;
778 vfy_jclass k;
779
780 if (t->key != reference_type)
781 verify_fail ("internal error in type::to_array()");
782
783 k = ref_getclass (t->klass);
784 init_type_from_class (&at, vfy_get_array_class (k));
785 return at;
786 }
787
788 static bool
789 type_isreference (type *t)
790 {
791 return t->key >= reference_type;
792 }
793
794 static int
795 type_get_pc (type *t)
796 {
797 return t->pc;
798 }
799
800 bool
801 type_initialized (type *t)
802 {
803 return t->key == reference_type || t->key == null_type;
804 }
805
806 static void
807 type_verify_dimensions (type *t, int ndims)
808 {
809 /* The way this is written, we don't need to check isarray(). */
810 if (t->key != reference_type)
811 verify_fail ("internal error in verify_dimensions:"
812 " not a reference type");
813
814 if (ref_count_dimensions (t->klass) < ndims)
815 verify_fail ("array type has fewer dimensions"
816 " than required");
817 }
818
819 /* Merge OLD_TYPE into this. On error throw exception. Return
820 true if the merge caused a type change. */
821 static bool
822 merge_types (type *t, type *old_type, bool local_semantics)
823 {
824 bool changed = false;
825 bool refo = type_isreference (old_type);
826 bool refn = type_isreference (t);
827 if (refo && refn)
828 {
829 if (old_type->key == null_type)
830 ;
831 else if (t->key == null_type)
832 {
833 *t = *old_type;
834 changed = true;
835 }
836 else if (type_initialized (t) != type_initialized (old_type))
837 verify_fail ("merging initialized and uninitialized types");
838 else
839 {
840 ref_intersection *merged;
841 if (! type_initialized (t))
842 {
843 if (t->pc == UNINIT)
844 t->pc = old_type->pc;
845 else if (old_type->pc == UNINIT)
846 ;
847 else if (t->pc != old_type->pc)
848 verify_fail ("merging different uninitialized types");
849 }
850
851 merged = merge_refs (old_type->klass, t->klass);
852 if (merged != t->klass)
853 {
854 t->klass = merged;
855 changed = true;
856 }
857 }
858 }
859 else if (refo || refn || t->key != old_type->key)
860 {
861 if (local_semantics)
862 {
863 /* If we already have an `unsuitable' type, then we
864 don't need to change again. */
865 if (t->key != unsuitable_type)
866 {
867 t->key = unsuitable_type;
868 changed = true;
869 }
870 }
871 else
872 verify_fail ("unmergeable type");
873 }
874 return changed;
875 }
876
877 #ifdef VERIFY_DEBUG
878 static void
879 type_print (type *t)
880 {
881 char c = '?';
882 switch (t->key)
883 {
884 case boolean_type: c = 'Z'; break;
885 case byte_type: c = 'B'; break;
886 case char_type: c = 'C'; break;
887 case short_type: c = 'S'; break;
888 case int_type: c = 'I'; break;
889 case long_type: c = 'J'; break;
890 case float_type: c = 'F'; break;
891 case double_type: c = 'D'; break;
892 case void_type: c = 'V'; break;
893 case unsuitable_type: c = '-'; break;
894 case return_address_type: c = 'r'; break;
895 case continuation_type: c = '+'; break;
896 case reference_type: c = 'L'; break;
897 case null_type: c = '@'; break;
898 case uninitialized_reference_type: c = 'U'; break;
899 }
900 debug_print ("%c", c);
901 }
902 #endif /* VERIFY_DEBUG */
903
904 /* This class holds all the state information we need for a given
905 location. */
906 struct state
907 {
908 /* The current top of the stack, in terms of slots. */
909 int stacktop;
910 /* The current depth of the stack. This will be larger than
911 STACKTOP when wide types are on the stack. */
912 int stackdepth;
913 /* The stack. */
914 type *stack;
915 /* The local variables. */
916 type *locals;
917 /* We keep track of the type of `this' specially. This is used to
918 ensure that an instance initializer invokes another initializer
919 on `this' before returning. We must keep track of this
920 specially because otherwise we might be confused by code which
921 assigns to locals[0] (overwriting `this') and then returns
922 without really initializing. */
923 type this_type;
924
925 /* The PC for this state. This is only valid on states which are
926 permanently attached to a given PC. For an object like
927 `current_state', which is used transiently, this has no
928 meaning. */
929 int pc;
930 /* We keep a linked list of all states requiring reverification.
931 If this is the special value INVALID_STATE then this state is
932 not on the list. NULL marks the end of the linked list. */
933 state *next;
934 };
935
936 /* NO_NEXT is the PC value meaning that a new state must be
937 acquired from the verification list. */
938 #define NO_NEXT -1
939
940 static void
941 init_state_with_stack (state *s, int max_stack, int max_locals)
942 {
943 int i;
944 s->stacktop = 0;
945 s->stackdepth = 0;
946 s->stack = (type *) vfy_alloc (max_stack * sizeof (type));
947 for (i = 0; i < max_stack; ++i)
948 init_type_from_tag (&s->stack[i], unsuitable_type);
949 s->locals = (type *) vfy_alloc (max_locals * sizeof (type));
950 for (i = 0; i < max_locals; ++i)
951 init_type_from_tag (&s->locals[i], unsuitable_type);
952 init_type_from_tag (&s->this_type, unsuitable_type);
953 s->pc = NO_NEXT;
954 s->next = INVALID_STATE;
955 }
956
957 static void
958 copy_state (state *s, state *copy, int max_stack, int max_locals)
959 {
960 int i;
961 s->stacktop = copy->stacktop;
962 s->stackdepth = copy->stackdepth;
963 for (i = 0; i < max_stack; ++i)
964 s->stack[i] = copy->stack[i];
965 for (i = 0; i < max_locals; ++i)
966 s->locals[i] = copy->locals[i];
967
968 s->this_type = copy->this_type;
969 /* Don't modify `next' or `pc'. */
970 }
971
972 static void
973 copy_state_with_stack (state *s, state *orig, int max_stack, int max_locals)
974 {
975 init_state_with_stack (s, max_stack, max_locals);
976 copy_state (s, orig, max_stack, max_locals);
977 }
978
979 /* Allocate a new state, copying ORIG. */
980 static state *
981 make_state_copy (state *orig, int max_stack, int max_locals)
982 {
983 state *s = (state *) vfy_alloc (sizeof (state));
984 copy_state_with_stack (s, orig, max_stack, max_locals);
985 return s;
986 }
987
988 static state *
989 make_state (int max_stack, int max_locals)
990 {
991 state *s = (state *) vfy_alloc (sizeof (state));
992 init_state_with_stack (s, max_stack, max_locals);
993 return s;
994 }
995
996 static void
997 free_state (state *s)
998 {
999 if (s->stack != NULL)
1000 vfy_free (s->stack);
1001 if (s->locals != NULL)
1002 vfy_free (s->locals);
1003 }
1004
1005 /* Modify this state to reflect entry to an exception handler. */
1006 static void
1007 state_set_exception (state *s, type *t, int max_stack)
1008 {
1009 int i;
1010 s->stackdepth = 1;
1011 s->stacktop = 1;
1012 s->stack[0] = *t;
1013 for (i = s->stacktop; i < max_stack; ++i)
1014 init_type_from_tag (&s->stack[i], unsuitable_type);
1015 }
1016
1017 /* Merge STATE_OLD into this state. Destructively modifies this
1018 state. Returns true if the new state was in fact changed.
1019 Will throw an exception if the states are not mergeable. */
1020 static bool
1021 merge_states (state *s, state *state_old, int max_locals)
1022 {
1023 int i;
1024 bool changed = false;
1025
1026 /* Special handling for `this'. If one or the other is
1027 uninitialized, then the merge is uninitialized. */
1028 if (type_initialized (&s->this_type))
1029 s->this_type = state_old->this_type;
1030
1031 /* Merge stacks. */
1032 if (state_old->stacktop != s->stacktop) /* FIXME stackdepth instead? */
1033 verify_fail ("stack sizes differ");
1034 for (i = 0; i < state_old->stacktop; ++i)
1035 {
1036 if (merge_types (&s->stack[i], &state_old->stack[i], false))
1037 changed = true;
1038 }
1039
1040 /* Merge local variables. */
1041 for (i = 0; i < max_locals; ++i)
1042 {
1043 if (merge_types (&s->locals[i], &state_old->locals[i], true))
1044 changed = true;
1045 }
1046
1047 return changed;
1048 }
1049
1050 /* Ensure that `this' has been initialized. */
1051 static void
1052 state_check_this_initialized (state *s)
1053 {
1054 if (type_isreference (&s->this_type) && ! type_initialized (&s->this_type))
1055 verify_fail ("`this' is uninitialized");
1056 }
1057
1058 /* Set type of `this'. */
1059 static void
1060 state_set_this_type (state *s, type *k)
1061 {
1062 s->this_type = *k;
1063 }
1064
1065 /* Mark each `new'd object we know of that was allocated at PC as
1066 initialized. */
1067 static void
1068 state_set_initialized (state *s, int pc, int max_locals)
1069 {
1070 int i;
1071 for (i = 0; i < s->stacktop; ++i)
1072 type_set_initialized (&s->stack[i], pc);
1073 for (i = 0; i < max_locals; ++i)
1074 type_set_initialized (&s->locals[i], pc);
1075 type_set_initialized (&s->this_type, pc);
1076 }
1077
1078 /* This tests to see whether two states can be considered "merge
1079 compatible". If both states have a return-address in the same
1080 slot, and the return addresses are different, then they are not
1081 compatible and we must not try to merge them. */
1082 static bool
1083 state_mergeable_p (state *s, state *other, int max_locals)
1084
1085 {
1086 int i;
1087
1088 /* This is tricky: if the stack sizes differ, then not only are
1089 these not mergeable, but in fact we should give an error, as
1090 we've found two execution paths that reach a branch target
1091 with different stack depths. FIXME stackdepth instead? */
1092 if (s->stacktop != other->stacktop)
1093 verify_fail ("stack sizes differ");
1094
1095 for (i = 0; i < s->stacktop; ++i)
1096 if (! type_state_mergeable_p (&s->stack[i], &other->stack[i]))
1097 return false;
1098 for (i = 0; i < max_locals; ++i)
1099 if (! type_state_mergeable_p (&s->locals[i], &other->locals[i]))
1100 return false;
1101 return true;
1102 }
1103
1104 static void
1105 state_reverify (state *s)
1106 {
1107 if (s->next == INVALID_STATE)
1108 {
1109 s->next = vfr->next_verify_state;
1110 vfr->next_verify_state = s;
1111 }
1112 }
1113
1114 #ifdef VERIFY_DEBUG
1115 static void
1116 debug_print_state (state *s, const char *leader, int pc, int max_stack,
1117 int max_locals)
1118 {
1119 int i;
1120 debug_print ("%s [%4d]: [stack] ", leader, pc);
1121 for (i = 0; i < s->stacktop; ++i)
1122 type_print (&s->stack[i]);
1123 for (; i < max_stack; ++i)
1124 debug_print (".");
1125 debug_print (" [local] ");
1126 for (i = 0; i < max_locals; ++i)
1127 type_print (&s->locals[i]);
1128 debug_print (" | %p\n", s);
1129 }
1130 #else
1131 static void
1132 debug_print_state (state *s ATTRIBUTE_UNUSED,
1133 const char *leader ATTRIBUTE_UNUSED,
1134 int pc ATTRIBUTE_UNUSED, int max_stack ATTRIBUTE_UNUSED,
1135 int max_locals ATTRIBUTE_UNUSED)
1136 {
1137 }
1138 #endif /* VERIFY_DEBUG */
1139
1140 static type
1141 pop_raw (void)
1142 {
1143 type r;
1144 state *s = vfr->current_state;
1145 if (s->stacktop <= 0)
1146 verify_fail ("stack empty");
1147 r = s->stack[--s->stacktop];
1148 s->stackdepth -= type_depth (&r);
1149 if (s->stackdepth < 0)
1150 verify_fail_pc ("stack empty", vfr->start_PC);
1151 return r;
1152 }
1153
1154 static type
1155 pop32 (void)
1156 {
1157 type r = pop_raw ();
1158 if (type_iswide (&r))
1159 verify_fail ("narrow pop of wide type");
1160 return r;
1161 }
1162
1163 static type
1164 vfy_pop_type_t (type match)
1165 {
1166 type t;
1167 vfy_promote_type (&match);
1168 t = pop_raw ();
1169 if (! types_compatible (&match, &t))
1170 verify_fail ("incompatible type on stack");
1171 return t;
1172 }
1173
1174 static type
1175 vfy_pop_type (type_val match)
1176 {
1177 type t = make_type (match);
1178 return vfy_pop_type_t (t);
1179 }
1180
1181 #define pop_type vfy_pop_type
1182 #define pop_type_t vfy_pop_type_t
1183
1184 /* Pop a reference which is guaranteed to be initialized. MATCH
1185 doesn't have to be a reference type; in this case this acts like
1186 pop_type. */
1187 static type
1188 pop_init_ref_t (type match)
1189 {
1190 type t = pop_raw ();
1191 if (type_isreference (&t) && ! type_initialized (&t))
1192 verify_fail ("initialized reference required");
1193 else if (! types_compatible (&match, &t))
1194 verify_fail ("incompatible type on stack");
1195 return t;
1196 }
1197
1198 static type
1199 pop_init_ref (type_val match)
1200 {
1201 type t = make_type (match);
1202 return pop_init_ref_t (t);
1203 }
1204
1205 /* Pop a reference type or a return address. */
1206 static type
1207 pop_ref_or_return (void)
1208 {
1209 type t = pop_raw ();
1210 if (! type_isreference (&t) && t.key != return_address_type)
1211 verify_fail ("expected reference or return address on stack");
1212 return t;
1213 }
1214
1215 static void
1216 vfy_push_type_t (type t)
1217 {
1218 int depth;
1219 state *s = vfr->current_state;
1220 /* If T is a numeric type like short, promote it to int. */
1221 promote_type (&t);
1222
1223 depth = type_depth (&t);
1224
1225 if (s->stackdepth + depth > vfr->current_method->max_stack)
1226 verify_fail ("stack overflow");
1227 s->stack[s->stacktop++] = t;
1228 s->stackdepth += depth;
1229 }
1230
1231 static void
1232 vfy_push_type (type_val tval)
1233 {
1234 type t = make_type (tval);
1235 vfy_push_type_t (t);
1236 }
1237
1238 #define push_type vfy_push_type
1239 #define push_type_t vfy_push_type_t
1240
1241 static void
1242 set_variable (int index, type t)
1243 {
1244 int depth;
1245 state *s = vfr->current_state;
1246 /* If T is a numeric type like short, promote it to int. */
1247 promote_type (&t);
1248
1249 depth = type_depth (&t);
1250 if (index > vfr->current_method->max_locals - depth)
1251 verify_fail ("invalid local variable");
1252 s->locals[index] = t;
1253
1254 if (depth == 2)
1255 init_type_from_tag (&s->locals[index + 1], continuation_type);
1256 if (index > 0 && type_iswide (&s->locals[index - 1]))
1257 init_type_from_tag (&s->locals[index - 1], unsuitable_type);
1258 }
1259
1260 static type
1261 get_variable_t (int index, type *t)
1262 {
1263 state *s = vfr->current_state;
1264 int depth = type_depth (t);
1265 if (index > vfr->current_method->max_locals - depth)
1266 verify_fail ("invalid local variable");
1267 if (! types_compatible (t, &s->locals[index]))
1268 verify_fail ("incompatible type in local variable");
1269 if (depth == 2)
1270 {
1271 type cont = make_type (continuation_type);
1272 if (! types_compatible (&s->locals[index + 1], &cont))
1273 verify_fail ("invalid local variable");
1274 }
1275 return s->locals[index];
1276 }
1277
1278 static type
1279 get_variable (int index, type_val v)
1280 {
1281 type t = make_type (v);
1282 return get_variable_t (index, &t);
1283 }
1284
1285 /* Make sure ARRAY is an array type and that its elements are
1286 compatible with type ELEMENT. Returns the actual element type. */
1287 static type
1288 require_array_type_t (type array, type element)
1289 {
1290 type t;
1291 /* An odd case. Here we just pretend that everything went ok. If
1292 the requested element type is some kind of reference, return
1293 the null type instead. */
1294 if (type_isnull (&array))
1295 return type_isreference (&element) ? make_type (null_type) : element;
1296
1297 if (! type_isarray (&array))
1298 verify_fail ("array required");
1299
1300 t = type_array_element (&array);
1301 if (! types_compatible (&element, &t))
1302 {
1303 /* Special case for byte arrays, which must also be boolean
1304 arrays. */
1305 bool ok = true;
1306 if (element.key == byte_type)
1307 {
1308 type e2 = make_type (boolean_type);
1309 ok = types_compatible (&e2, &t);
1310 }
1311 if (! ok)
1312 verify_fail ("incompatible array element type");
1313 }
1314
1315 /* Return T and not ELEMENT, because T might be specialized. */
1316 return t;
1317 }
1318
1319 static type
1320 require_array_type (type array, type_val element)
1321 {
1322 type t = make_type (element);
1323 return require_array_type_t (array, t);
1324 }
1325
1326 static jint
1327 get_byte (void)
1328 {
1329 if (vfr->PC >= vfr->current_method->code_length)
1330 verify_fail ("premature end of bytecode");
1331 return (jint) vfr->bytecode[vfr->PC++] & 0xff;
1332 }
1333
1334 static jint
1335 get_ushort (void)
1336 {
1337 jint b1 = get_byte ();
1338 jint b2 = get_byte ();
1339 return (jint) ((b1 << 8) | b2) & 0xffff;
1340 }
1341
1342 static jint
1343 get_short (void)
1344 {
1345 signed char b1 = (signed char) get_byte ();
1346 jint b2 = get_byte ();
1347 jshort s = (b1 << 8) | b2;
1348 return (jint) s;
1349 }
1350
1351 static jint
1352 get_int (void)
1353 {
1354 jint b1 = get_byte ();
1355 jint b2 = get_byte ();
1356 jint b3 = get_byte ();
1357 jint b4 = get_byte ();
1358 jword result = (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1359 /* In the compiler, 'jint' might have more than 32 bits, so we must
1360 sign extend. */
1361 return WORD_TO_INT (result);
1362 }
1363
1364 static int
1365 compute_jump (int offset)
1366 {
1367 int npc = vfr->start_PC + offset;
1368 if (npc < 0 || npc >= vfr->current_method->code_length)
1369 verify_fail_pc ("branch out of range", vfr->start_PC);
1370 return npc;
1371 }
1372
1373 /* Add a new state to the state list at NPC. */
1374 static state *
1375 add_new_state (int npc, state *old_state)
1376 {
1377 state_list *nlink;
1378 vfy_method *current_method = vfr->current_method;
1379 state *new_state = make_state_copy (old_state, current_method->max_stack,
1380 current_method->max_locals);
1381 debug_print ("== New state in add_new_state\n");
1382 debug_print_state (new_state, "New", npc, current_method->max_stack,
1383 current_method->max_locals);
1384
1385 nlink = (state_list *) vfy_alloc (sizeof (state_list));
1386 nlink->val = new_state;
1387 nlink->next = vfr->states[npc];
1388 vfr->states[npc] = nlink;
1389 new_state->pc = npc;
1390 return new_state;
1391 }
1392
1393 /* Merge the indicated state into the state at the branch target and
1394 schedule a new PC if there is a change. NPC is the PC of the
1395 branch target, and FROM_STATE is the state at the source of the
1396 branch. This method returns true if the destination state
1397 changed and requires reverification, false otherwise. */
1398 static void
1399 merge_into (int npc, state *from_state)
1400 {
1401 /* Iterate over all target states and merge our state into each,
1402 if applicable. FIXME one improvement we could make here is
1403 "state destruction". Merging a new state into an existing one
1404 might cause a return_address_type to be merged to
1405 unsuitable_type. In this case the resulting state may now be
1406 mergeable with other states currently held in parallel at this
1407 location. So in this situation we could pairwise compare and
1408 reduce the number of parallel states. */
1409 state_list *iter;
1410 bool applicable = false;
1411 for (iter = vfr->states[npc]; iter != NULL; iter = iter->next)
1412 {
1413 state *new_state = iter->val;
1414 vfy_method *current_method = vfr->current_method;
1415
1416 if (state_mergeable_p (new_state, from_state,
1417 current_method->max_locals))
1418 {
1419 bool changed;
1420 applicable = true;
1421
1422 debug_print ("== Merge states in merge_into\n");
1423 debug_print_state (from_state, "Frm", vfr->start_PC, current_method->max_stack,
1424 current_method->max_locals);
1425 debug_print_state (new_state, " To", npc, current_method->max_stack,
1426 current_method->max_locals);
1427 changed = merge_states (new_state, from_state,
1428 current_method->max_locals);
1429 debug_print_state (new_state, "New", npc, current_method->max_stack,
1430 current_method->max_locals);
1431
1432 if (changed)
1433 state_reverify (new_state);
1434 }
1435 }
1436
1437 if (! applicable)
1438 {
1439 /* Either we don't yet have a state at NPC, or we have a
1440 return-address type that is in conflict with all existing
1441 state. So, we need to create a new entry. */
1442 state *new_state = add_new_state (npc, from_state);
1443 /* A new state added in this way must always be reverified. */
1444 state_reverify (new_state);
1445 }
1446 }
1447
1448 static void
1449 push_jump (int offset)
1450 {
1451 int npc = compute_jump (offset);
1452 /* According to the JVM Spec, we need to check for uninitialized
1453 objects here. However, this does not actually affect type
1454 safety, and the Eclipse java compiler generates code that
1455 violates this constraint. */
1456 merge_into (npc, vfr->current_state);
1457 }
1458
1459 static void
1460 push_exception_jump (type t, int pc)
1461 {
1462 state s;
1463 /* According to the JVM Spec, we need to check for uninitialized
1464 objects here. However, this does not actually affect type
1465 safety, and the Eclipse java compiler generates code that
1466 violates this constraint. */
1467 copy_state_with_stack (&s, vfr->current_state,
1468 vfr->current_method->max_stack,
1469 vfr->current_method->max_locals);
1470 if (vfr->current_method->max_stack < 1)
1471 verify_fail ("stack overflow at exception handler");
1472 state_set_exception (&s, &t, vfr->current_method->max_stack);
1473 merge_into (pc, &s);
1474 /* FIXME: leak.. need free_state or GC */
1475 }
1476
1477 static state *
1478 pop_jump (void)
1479 {
1480 state *new_state = vfr->next_verify_state;
1481 if (new_state == INVALID_STATE)
1482 verify_fail ("programmer error in pop_jump");
1483 if (new_state != NULL)
1484 {
1485 vfr->next_verify_state = new_state->next;
1486 new_state->next = INVALID_STATE;
1487 }
1488 return new_state;
1489 }
1490
1491 static void
1492 invalidate_pc (void)
1493 {
1494 vfr->PC = NO_NEXT;
1495 }
1496
1497 static void
1498 note_branch_target (int pc)
1499 {
1500 /* Don't check `pc <= PC', because we've advanced PC after
1501 fetching the target and we haven't yet checked the next
1502 instruction. */
1503 if (pc < vfr->PC && ! (vfr->flags[pc] & FLAG_INSN_START))
1504 verify_fail_pc ("branch not to instruction start", vfr->start_PC);
1505 vfr->flags[pc] |= FLAG_BRANCH_TARGET;
1506 }
1507
1508 static void
1509 skip_padding (void)
1510 {
1511 while ((vfr->PC % 4) > 0)
1512 if (get_byte () != 0)
1513 verify_fail ("found nonzero padding byte");
1514 }
1515
1516 /* Do the work for a `ret' instruction. INDEX is the index into the
1517 local variables. */
1518 static void
1519 handle_ret_insn (int index)
1520 {
1521 type ret = make_type (return_address_type);
1522 type ret_addr = get_variable_t (index, &ret);
1523 /* It would be nice if we could do this. However, the JVM Spec
1524 doesn't say that this is what happens. It is implied that
1525 reusing a return address is invalid, but there's no actual
1526 prohibition against it. */
1527 /* set_variable (index, unsuitable_type); */
1528
1529 int npc = type_get_pc (&ret_addr);
1530 /* We might be returning to a `jsr' that is at the end of the
1531 bytecode. This is ok if we never return from the called
1532 subroutine, but if we see this here it is an error. */
1533 if (npc >= vfr->current_method->code_length)
1534 verify_fail ("fell off end");
1535
1536 /* According to the JVM Spec, we need to check for uninitialized
1537 objects here. However, this does not actually affect type
1538 safety, and the Eclipse java compiler generates code that
1539 violates this constraint. */
1540 merge_into (npc, vfr->current_state);
1541 invalidate_pc ();
1542 }
1543
1544 static void handle_jsr_insn (int offset)
1545 {
1546 type ret_addr;
1547 int npc = compute_jump (offset);
1548
1549 /* According to the JVM Spec, we need to check for uninitialized
1550 objects here. However, this does not actually affect type
1551 safety, and the Eclipse java compiler generates code that
1552 violates this constraint. */
1553
1554 /* Modify our state as appropriate for entry into a subroutine. */
1555 ret_addr = make_type (return_address_type);
1556 type_set_return_address (&ret_addr, vfr->PC);
1557 vfy_push_type_t (ret_addr);
1558 merge_into (npc, vfr->current_state);
1559 invalidate_pc ();
1560 }
1561
1562 static vfy_jclass
1563 construct_primitive_array_type (type_val prim)
1564 {
1565 vfy_jclass k = NULL;
1566 switch (prim)
1567 {
1568 case boolean_type:
1569 case char_type:
1570 case float_type:
1571 case double_type:
1572 case byte_type:
1573 case short_type:
1574 case int_type:
1575 case long_type:
1576 k = vfy_get_primitive_type ((int) prim);
1577 break;
1578
1579 /* These aren't used here but we call them out to avoid
1580 warnings. */
1581 case void_type:
1582 case unsuitable_type:
1583 case return_address_type:
1584 case continuation_type:
1585 case reference_type:
1586 case null_type:
1587 case uninitialized_reference_type:
1588 default:
1589 verify_fail ("unknown type in construct_primitive_array_type");
1590 }
1591 k = vfy_get_array_class (k);
1592 return k;
1593 }
1594
1595 /* This pass computes the location of branch targets and also
1596 instruction starts. */
1597 static void
1598 branch_prepass (void)
1599 {
1600 int i, pc;
1601 vfr->flags = (char *) vfy_alloc (vfr->current_method->code_length);
1602
1603 for (i = 0; i < vfr->current_method->code_length; ++i)
1604 vfr->flags[i] = 0;
1605
1606 vfr->PC = 0;
1607 while (vfr->PC < vfr->current_method->code_length)
1608 {
1609 java_opcode opcode;
1610 /* Set `start_PC' early so that error checking can have the
1611 correct value. */
1612 vfr->start_PC = vfr->PC;
1613 vfr->flags[vfr->PC] |= FLAG_INSN_START;
1614
1615 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
1616 switch (opcode)
1617 {
1618 case op_nop:
1619 case op_aconst_null:
1620 case op_iconst_m1:
1621 case op_iconst_0:
1622 case op_iconst_1:
1623 case op_iconst_2:
1624 case op_iconst_3:
1625 case op_iconst_4:
1626 case op_iconst_5:
1627 case op_lconst_0:
1628 case op_lconst_1:
1629 case op_fconst_0:
1630 case op_fconst_1:
1631 case op_fconst_2:
1632 case op_dconst_0:
1633 case op_dconst_1:
1634 case op_iload_0:
1635 case op_iload_1:
1636 case op_iload_2:
1637 case op_iload_3:
1638 case op_lload_0:
1639 case op_lload_1:
1640 case op_lload_2:
1641 case op_lload_3:
1642 case op_fload_0:
1643 case op_fload_1:
1644 case op_fload_2:
1645 case op_fload_3:
1646 case op_dload_0:
1647 case op_dload_1:
1648 case op_dload_2:
1649 case op_dload_3:
1650 case op_aload_0:
1651 case op_aload_1:
1652 case op_aload_2:
1653 case op_aload_3:
1654 case op_iaload:
1655 case op_laload:
1656 case op_faload:
1657 case op_daload:
1658 case op_aaload:
1659 case op_baload:
1660 case op_caload:
1661 case op_saload:
1662 case op_istore_0:
1663 case op_istore_1:
1664 case op_istore_2:
1665 case op_istore_3:
1666 case op_lstore_0:
1667 case op_lstore_1:
1668 case op_lstore_2:
1669 case op_lstore_3:
1670 case op_fstore_0:
1671 case op_fstore_1:
1672 case op_fstore_2:
1673 case op_fstore_3:
1674 case op_dstore_0:
1675 case op_dstore_1:
1676 case op_dstore_2:
1677 case op_dstore_3:
1678 case op_astore_0:
1679 case op_astore_1:
1680 case op_astore_2:
1681 case op_astore_3:
1682 case op_iastore:
1683 case op_lastore:
1684 case op_fastore:
1685 case op_dastore:
1686 case op_aastore:
1687 case op_bastore:
1688 case op_castore:
1689 case op_sastore:
1690 case op_pop:
1691 case op_pop2:
1692 case op_dup:
1693 case op_dup_x1:
1694 case op_dup_x2:
1695 case op_dup2:
1696 case op_dup2_x1:
1697 case op_dup2_x2:
1698 case op_swap:
1699 case op_iadd:
1700 case op_isub:
1701 case op_imul:
1702 case op_idiv:
1703 case op_irem:
1704 case op_ishl:
1705 case op_ishr:
1706 case op_iushr:
1707 case op_iand:
1708 case op_ior:
1709 case op_ixor:
1710 case op_ladd:
1711 case op_lsub:
1712 case op_lmul:
1713 case op_ldiv:
1714 case op_lrem:
1715 case op_lshl:
1716 case op_lshr:
1717 case op_lushr:
1718 case op_land:
1719 case op_lor:
1720 case op_lxor:
1721 case op_fadd:
1722 case op_fsub:
1723 case op_fmul:
1724 case op_fdiv:
1725 case op_frem:
1726 case op_dadd:
1727 case op_dsub:
1728 case op_dmul:
1729 case op_ddiv:
1730 case op_drem:
1731 case op_ineg:
1732 case op_i2b:
1733 case op_i2c:
1734 case op_i2s:
1735 case op_lneg:
1736 case op_fneg:
1737 case op_dneg:
1738 case op_i2l:
1739 case op_i2f:
1740 case op_i2d:
1741 case op_l2i:
1742 case op_l2f:
1743 case op_l2d:
1744 case op_f2i:
1745 case op_f2l:
1746 case op_f2d:
1747 case op_d2i:
1748 case op_d2l:
1749 case op_d2f:
1750 case op_lcmp:
1751 case op_fcmpl:
1752 case op_fcmpg:
1753 case op_dcmpl:
1754 case op_dcmpg:
1755 case op_monitorenter:
1756 case op_monitorexit:
1757 case op_ireturn:
1758 case op_lreturn:
1759 case op_freturn:
1760 case op_dreturn:
1761 case op_areturn:
1762 case op_return:
1763 case op_athrow:
1764 case op_arraylength:
1765 break;
1766
1767 case op_bipush:
1768 case op_ldc:
1769 case op_iload:
1770 case op_lload:
1771 case op_fload:
1772 case op_dload:
1773 case op_aload:
1774 case op_istore:
1775 case op_lstore:
1776 case op_fstore:
1777 case op_dstore:
1778 case op_astore:
1779 case op_ret:
1780 case op_newarray:
1781 get_byte ();
1782 break;
1783
1784 case op_iinc:
1785 case op_sipush:
1786 case op_ldc_w:
1787 case op_ldc2_w:
1788 case op_getstatic:
1789 case op_getfield:
1790 case op_putfield:
1791 case op_putstatic:
1792 case op_new:
1793 case op_anewarray:
1794 case op_instanceof:
1795 case op_checkcast:
1796 case op_invokespecial:
1797 case op_invokestatic:
1798 case op_invokevirtual:
1799 get_short ();
1800 break;
1801
1802 case op_multianewarray:
1803 get_short ();
1804 get_byte ();
1805 break;
1806
1807 case op_jsr:
1808 case op_ifeq:
1809 case op_ifne:
1810 case op_iflt:
1811 case op_ifge:
1812 case op_ifgt:
1813 case op_ifle:
1814 case op_if_icmpeq:
1815 case op_if_icmpne:
1816 case op_if_icmplt:
1817 case op_if_icmpge:
1818 case op_if_icmpgt:
1819 case op_if_icmple:
1820 case op_if_acmpeq:
1821 case op_if_acmpne:
1822 case op_ifnull:
1823 case op_ifnonnull:
1824 case op_goto:
1825 note_branch_target (compute_jump (get_short ()));
1826 break;
1827
1828 case op_tableswitch:
1829 {
1830 jint low, hi;
1831 skip_padding ();
1832 note_branch_target (compute_jump (get_int ()));
1833 low = get_int ();
1834 hi = get_int ();
1835 if (low > hi)
1836 verify_fail_pc ("invalid tableswitch", vfr->start_PC);
1837 for (i = low; i <= hi; ++i)
1838 note_branch_target (compute_jump (get_int ()));
1839 }
1840 break;
1841
1842 case op_lookupswitch:
1843 {
1844 int npairs;
1845 skip_padding ();
1846 note_branch_target (compute_jump (get_int ()));
1847 npairs = get_int ();
1848 if (npairs < 0)
1849 verify_fail_pc ("too few pairs in lookupswitch", vfr->start_PC);
1850 while (npairs-- > 0)
1851 {
1852 get_int ();
1853 note_branch_target (compute_jump (get_int ()));
1854 }
1855 }
1856 break;
1857
1858 case op_invokeinterface:
1859 get_short ();
1860 get_byte ();
1861 get_byte ();
1862 break;
1863
1864 case op_wide:
1865 {
1866 opcode = (java_opcode) get_byte ();
1867 get_short ();
1868 if (opcode == op_iinc)
1869 get_short ();
1870 }
1871 break;
1872
1873 case op_jsr_w:
1874 case op_goto_w:
1875 note_branch_target (compute_jump (get_int ()));
1876 break;
1877
1878 #if 0
1879 /* These are unused here, but we call them out explicitly
1880 so that -Wswitch-enum doesn't complain. */
1881 case op_putfield_1:
1882 case op_putfield_2:
1883 case op_putfield_4:
1884 case op_putfield_8:
1885 case op_putfield_a:
1886 case op_putstatic_1:
1887 case op_putstatic_2:
1888 case op_putstatic_4:
1889 case op_putstatic_8:
1890 case op_putstatic_a:
1891 case op_getfield_1:
1892 case op_getfield_2s:
1893 case op_getfield_2u:
1894 case op_getfield_4:
1895 case op_getfield_8:
1896 case op_getfield_a:
1897 case op_getstatic_1:
1898 case op_getstatic_2s:
1899 case op_getstatic_2u:
1900 case op_getstatic_4:
1901 case op_getstatic_8:
1902 case op_getstatic_a:
1903 #endif /* VFY_FAST_OPCODES */
1904 default:
1905 verify_fail_pc ("unrecognized instruction in branch_prepass",
1906 vfr->start_PC);
1907 }
1908
1909 /* See if any previous branch tried to branch to the middle of
1910 this instruction. */
1911 for (pc = vfr->start_PC + 1; pc < vfr->PC; ++pc)
1912 {
1913 if ((vfr->flags[pc] & FLAG_BRANCH_TARGET))
1914 verify_fail_pc ("branch to middle of instruction", pc);
1915 }
1916 }
1917
1918 /* Verify exception handlers. */
1919 for (i = 0; i < vfr->current_method->exc_count; ++i)
1920 {
1921 int handler, start, end, htype;
1922 vfy_get_exception (vfr->exception, i, &handler, &start, &end, &htype);
1923 if (! (vfr->flags[handler] & FLAG_INSN_START))
1924 verify_fail_pc ("exception handler not at instruction start",
1925 handler);
1926 if (! (vfr->flags[start] & FLAG_INSN_START))
1927 verify_fail_pc ("exception start not at instruction start", start);
1928 if (end != vfr->current_method->code_length
1929 && ! (vfr->flags[end] & FLAG_INSN_START))
1930 verify_fail_pc ("exception end not at instruction start", end);
1931
1932 vfr->flags[handler] |= FLAG_BRANCH_TARGET;
1933 }
1934 }
1935
1936 static void
1937 check_pool_index (int index)
1938 {
1939 if (index < 0 || index >= vfy_get_constants_size (vfr->current_class))
1940 verify_fail_pc ("constant pool index out of range", vfr->start_PC);
1941 }
1942
1943 static type
1944 check_class_constant (int index)
1945 {
1946 type t = { (type_val) 0, 0, 0 };
1947 vfy_constants *pool;
1948
1949 check_pool_index (index);
1950 pool = vfy_get_constants (vfr->current_class);
1951 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1952 init_type_from_class (&t, vfy_get_pool_class (pool, index));
1953 else if (vfy_tag (pool, index) == JV_CONSTANT_Class)
1954 init_type_from_string (&t, vfy_get_pool_string (pool, index));
1955 else
1956 verify_fail_pc ("expected class constant", vfr->start_PC);
1957 return t;
1958 }
1959
1960 static type
1961 check_constant (int index)
1962 {
1963 type t = { (type_val) 0, 0, 0 };
1964 vfy_constants *pool;
1965
1966 check_pool_index (index);
1967 pool = vfy_get_constants (vfr->current_class);
1968 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedString
1969 || vfy_tag (pool, index) == JV_CONSTANT_String)
1970 init_type_from_class (&t, vfy_string_type ());
1971 else if (vfy_tag (pool, index) == JV_CONSTANT_Integer)
1972 init_type_from_tag (&t, int_type);
1973 else if (vfy_tag (pool, index) == JV_CONSTANT_Float)
1974 init_type_from_tag (&t, float_type);
1975 else if (vfy_tag (pool, index) == JV_CONSTANT_Class
1976 || vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1977 /* FIXME: should only allow this for 1.5 bytecode. */
1978 init_type_from_class (&t, vfy_class_type ());
1979 else
1980 verify_fail_pc ("String, int, or float constant expected", vfr->start_PC);
1981 return t;
1982 }
1983
1984 static type
1985 check_wide_constant (int index)
1986 {
1987 type t = { (type_val) 0, 0, 0 };
1988 vfy_constants *pool;
1989
1990 check_pool_index (index);
1991 pool = vfy_get_constants (vfr->current_class);
1992 if (vfy_tag (pool, index) == JV_CONSTANT_Long)
1993 init_type_from_tag (&t, long_type);
1994 else if (vfy_tag (pool, index) == JV_CONSTANT_Double)
1995 init_type_from_tag (&t, double_type);
1996 else
1997 verify_fail_pc ("long or double constant expected", vfr->start_PC);
1998 return t;
1999 }
2000
2001 /* Helper for both field and method. These are laid out the same in
2002 the constant pool. */
2003 static type
2004 handle_field_or_method (int index, int expected,
2005 vfy_string *name, vfy_string *fmtype)
2006 {
2007 vfy_uint_16 class_index, name_and_type_index;
2008 vfy_uint_16 name_index, desc_index;
2009 vfy_constants *pool;
2010
2011 check_pool_index (index);
2012 pool = vfy_get_constants (vfr->current_class);
2013 if (vfy_tag (pool, index) != expected)
2014 verify_fail_pc ("didn't see expected constant", vfr->start_PC);
2015 /* Once we know we have a Fieldref or Methodref we assume that it
2016 is correctly laid out in the constant pool. I think the code
2017 in defineclass.cc guarantees this. */
2018 vfy_load_indexes (pool, index, &class_index, &name_and_type_index);
2019 vfy_load_indexes (pool, name_and_type_index, &name_index, &desc_index);
2020
2021 *name = vfy_get_pool_string (pool, name_index);
2022 *fmtype = vfy_get_pool_string (pool, desc_index);
2023
2024 return check_class_constant (class_index);
2025 }
2026
2027 /* Return field's type, compute class' type if requested. If
2028 PUTFIELD is true, use the special 'putfield' semantics. */
2029 static type
2030 check_field_constant (int index, type *class_type, bool putfield)
2031 {
2032 vfy_string name, field_type;
2033 const char *typec;
2034 type t;
2035
2036 type ct = handle_field_or_method (index,
2037 JV_CONSTANT_Fieldref,
2038 &name, &field_type);
2039 if (class_type)
2040 *class_type = ct;
2041 typec = vfy_string_bytes (field_type);
2042 if (typec[0] == '[' || typec[0] == 'L')
2043 init_type_from_string (&t, field_type);
2044 else
2045 init_type_from_tag (&t, get_type_val_for_signature (typec[0]));
2046
2047 /* We have an obscure special case here: we can use `putfield' on a
2048 field declared in this class, even if `this' has not yet been
2049 initialized. */
2050 if (putfield
2051 && ! type_initialized (&vfr->current_state->this_type)
2052 && vfr->current_state->this_type.pc == SELF
2053 && types_equal (&vfr->current_state->this_type, &ct)
2054 && vfy_class_has_field (vfr->current_class, name, field_type))
2055 /* Note that we don't actually know whether we're going to match
2056 against 'this' or some other object of the same type. So,
2057 here we set things up so that it doesn't matter. This relies
2058 on knowing what our caller is up to. */
2059 type_set_uninitialized (class_type, EITHER);
2060
2061 return t;
2062 }
2063
2064 static type
2065 check_method_constant (int index, bool is_interface,
2066 vfy_string *method_name,
2067 vfy_string *method_signature)
2068 {
2069 return handle_field_or_method (index,
2070 (is_interface
2071 ? JV_CONSTANT_InterfaceMethodref
2072 : JV_CONSTANT_Methodref),
2073 method_name, method_signature);
2074 }
2075
2076 static const char *
2077 get_one_type (const char *p, type *t)
2078 {
2079 const char *start = p;
2080 vfy_jclass k;
2081 type_val rt;
2082 char v;
2083
2084 int arraycount = 0;
2085 while (*p == '[')
2086 {
2087 ++arraycount;
2088 ++p;
2089 }
2090
2091 v = *p++;
2092
2093 if (v == 'L')
2094 {
2095 vfy_string name;
2096 while (*p != ';')
2097 ++p;
2098 ++p;
2099 name = vfy_get_string (start, p - start);
2100 *t = make_type_from_string (name);
2101 return p;
2102 }
2103
2104 /* Casting to jchar here is ok since we are looking at an ASCII
2105 character. */
2106 rt = get_type_val_for_signature (v);
2107
2108 if (arraycount == 0)
2109 {
2110 /* Callers of this function eventually push their arguments on
2111 the stack. So, promote them here. */
2112 type new_t = make_type (rt);
2113 vfy_promote_type (&new_t);
2114 *t = new_t;
2115 return p;
2116 }
2117
2118 k = construct_primitive_array_type (rt);
2119 while (--arraycount > 0)
2120 k = vfy_get_array_class (k);
2121 *t = make_type_from_class (k);
2122 return p;
2123 }
2124
2125 static void
2126 compute_argument_types (vfy_string signature, type *types)
2127 {
2128 int i;
2129 const char *p = vfy_string_bytes (signature);
2130
2131 /* Skip `('. */
2132 ++p;
2133
2134 i = 0;
2135 while (*p != ')')
2136 p = get_one_type (p, &types[i++]);
2137 }
2138
2139 static type
2140 compute_return_type (vfy_string signature)
2141 {
2142 const char *p = vfy_string_bytes (signature);
2143 type t;
2144 while (*p != ')')
2145 ++p;
2146 ++p;
2147 get_one_type (p, &t);
2148 return t;
2149 }
2150
2151 static void
2152 check_return_type (type onstack)
2153 {
2154 type rt = compute_return_type (vfy_get_signature (vfr->current_method));
2155 if (! types_compatible (&rt, &onstack))
2156 verify_fail ("incompatible return type");
2157 }
2158
2159 /* Initialize the stack for the new method. Returns true if this
2160 method is an instance initializer. */
2161 static bool
2162 initialize_stack (void)
2163 {
2164 int arg_count, i;
2165 int var = 0;
2166 bool is_init = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2167 vfy_init_name());
2168 bool is_clinit = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2169 vfy_clinit_name());
2170
2171 if (! vfy_is_static (vfr->current_method))
2172 {
2173 type kurr = make_type_from_class (vfr->current_class);
2174 if (is_init)
2175 {
2176 type_set_uninitialized (&kurr, SELF);
2177 is_init = true;
2178 }
2179 else if (is_clinit)
2180 verify_fail ("<clinit> method must be static");
2181 set_variable (0, kurr);
2182 state_set_this_type (vfr->current_state, &kurr);
2183 ++var;
2184 }
2185 else
2186 {
2187 if (is_init)
2188 verify_fail ("<init> method must be non-static");
2189 }
2190
2191 /* We have to handle wide arguments specially here. */
2192 arg_count = vfy_count_arguments (vfy_get_signature (vfr->current_method));
2193 {
2194 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2195 compute_argument_types (vfy_get_signature (vfr->current_method), arg_types);
2196 for (i = 0; i < arg_count; ++i)
2197 {
2198 set_variable (var, arg_types[i]);
2199 ++var;
2200 if (type_iswide (&arg_types[i]))
2201 ++var;
2202 }
2203 vfy_free (arg_types);
2204 }
2205
2206 return is_init;
2207 }
2208
2209 static void
2210 verify_instructions_0 (void)
2211 {
2212 int i;
2213 bool this_is_init;
2214
2215 vfr->current_state = make_state (vfr->current_method->max_stack,
2216 vfr->current_method->max_locals);
2217
2218 vfr->PC = 0;
2219 vfr->start_PC = 0;
2220
2221 /* True if we are verifying an instance initializer. */
2222 this_is_init = initialize_stack ();
2223
2224 vfr->states = (state_list **) vfy_alloc (sizeof (state_list *)
2225 * vfr->current_method->code_length);
2226
2227 for (i = 0; i < vfr->current_method->code_length; ++i)
2228 vfr->states[i] = NULL;
2229
2230 vfr->next_verify_state = NULL;
2231
2232 while (true)
2233 {
2234 java_opcode opcode;
2235
2236 /* If the PC was invalidated, get a new one from the work list. */
2237 if (vfr->PC == NO_NEXT)
2238 {
2239 state *new_state = pop_jump ();
2240 /* If it is null, we're done. */
2241 if (new_state == NULL)
2242 break;
2243
2244 vfr->PC = new_state->pc;
2245 debug_print ("== State pop from pending list\n");
2246 /* Set up the current state. */
2247 copy_state (vfr->current_state, new_state,
2248 vfr->current_method->max_stack, vfr->current_method->max_locals);
2249 }
2250 else
2251 {
2252 /* We only have to do this checking in the situation where
2253 control flow falls through from the previous instruction.
2254 Otherwise merging is done at the time we push the branch.
2255 Note that we'll catch the off-the-end problem just
2256 below. */
2257 if (vfr->PC < vfr->current_method->code_length
2258 && vfr->states[vfr->PC] != NULL)
2259 {
2260 /* We've already visited this instruction. So merge
2261 the states together. It is simplest, but not most
2262 efficient, to just always invalidate the PC here. */
2263 merge_into (vfr->PC, vfr->current_state);
2264 invalidate_pc ();
2265 continue;
2266 }
2267 }
2268
2269 /* Control can't fall off the end of the bytecode. We need to
2270 check this in both cases, not just the fall-through case,
2271 because we don't check to see whether a `jsr' appears at
2272 the end of the bytecode until we process a `ret'. */
2273 if (vfr->PC >= vfr->current_method->code_length)
2274 verify_fail ("fell off end");
2275 vfr->flags[vfr->PC] |= FLAG_INSN_SEEN;
2276
2277 /* We only have to keep saved state at branch targets. If
2278 we're at a branch target and the state here hasn't been set
2279 yet, we set it now. You might notice that `ret' targets
2280 won't necessarily have FLAG_BRANCH_TARGET set. This
2281 doesn't matter, since those states will be filled in by
2282 merge_into. */
2283 /* Note that other parts of the compiler assume that there is a
2284 label with a type map at PC=0. */
2285 if (vfr->states[vfr->PC] == NULL
2286 && (vfr->PC == 0 || (vfr->flags[vfr->PC] & FLAG_BRANCH_TARGET) != 0))
2287 add_new_state (vfr->PC, vfr->current_state);
2288
2289 /* Set this before handling exceptions so that debug output is
2290 sane. */
2291 vfr->start_PC = vfr->PC;
2292
2293 /* Update states for all active exception handlers. Ordinarily
2294 there are not many exception handlers. So we simply run
2295 through them all. */
2296 for (i = 0; i < vfr->current_method->exc_count; ++i)
2297 {
2298 int hpc, start, end, htype;
2299 vfy_get_exception (vfr->exception, i, &hpc, &start, &end, &htype);
2300 if (vfr->PC >= start && vfr->PC < end)
2301 {
2302 type handler = make_type_from_class (vfy_throwable_type ());
2303 if (htype != 0)
2304 handler = check_class_constant (htype);
2305 push_exception_jump (handler, hpc);
2306 }
2307 }
2308
2309
2310 debug_print_state (vfr->current_state, " ", vfr->PC,
2311 vfr->current_method->max_stack,
2312 vfr->current_method->max_locals);
2313 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
2314 switch (opcode)
2315 {
2316 case op_nop:
2317 break;
2318
2319 case op_aconst_null:
2320 push_type (null_type);
2321 break;
2322
2323 case op_iconst_m1:
2324 case op_iconst_0:
2325 case op_iconst_1:
2326 case op_iconst_2:
2327 case op_iconst_3:
2328 case op_iconst_4:
2329 case op_iconst_5:
2330 push_type (int_type);
2331 break;
2332
2333 case op_lconst_0:
2334 case op_lconst_1:
2335 push_type (long_type);
2336 break;
2337
2338 case op_fconst_0:
2339 case op_fconst_1:
2340 case op_fconst_2:
2341 push_type (float_type);
2342 break;
2343
2344 case op_dconst_0:
2345 case op_dconst_1:
2346 push_type (double_type);
2347 break;
2348
2349 case op_bipush:
2350 get_byte ();
2351 push_type (int_type);
2352 break;
2353
2354 case op_sipush:
2355 get_short ();
2356 push_type (int_type);
2357 break;
2358
2359 case op_ldc:
2360 push_type_t (check_constant (get_byte ()));
2361 break;
2362 case op_ldc_w:
2363 push_type_t (check_constant (get_ushort ()));
2364 break;
2365 case op_ldc2_w:
2366 push_type_t (check_wide_constant (get_ushort ()));
2367 break;
2368
2369 case op_iload:
2370 push_type_t (get_variable (get_byte (), int_type));
2371 break;
2372 case op_lload:
2373 push_type_t (get_variable (get_byte (), long_type));
2374 break;
2375 case op_fload:
2376 push_type_t (get_variable (get_byte (), float_type));
2377 break;
2378 case op_dload:
2379 push_type_t (get_variable (get_byte (), double_type));
2380 break;
2381 case op_aload:
2382 push_type_t (get_variable (get_byte (), reference_type));
2383 break;
2384
2385 case op_iload_0:
2386 case op_iload_1:
2387 case op_iload_2:
2388 case op_iload_3:
2389 push_type_t (get_variable (opcode - op_iload_0, int_type));
2390 break;
2391 case op_lload_0:
2392 case op_lload_1:
2393 case op_lload_2:
2394 case op_lload_3:
2395 push_type_t (get_variable (opcode - op_lload_0, long_type));
2396 break;
2397 case op_fload_0:
2398 case op_fload_1:
2399 case op_fload_2:
2400 case op_fload_3:
2401 push_type_t (get_variable (opcode - op_fload_0, float_type));
2402 break;
2403 case op_dload_0:
2404 case op_dload_1:
2405 case op_dload_2:
2406 case op_dload_3:
2407 push_type_t (get_variable (opcode - op_dload_0, double_type));
2408 break;
2409 case op_aload_0:
2410 case op_aload_1:
2411 case op_aload_2:
2412 case op_aload_3:
2413 push_type_t (get_variable (opcode - op_aload_0, reference_type));
2414 break;
2415 case op_iaload:
2416 pop_type (int_type);
2417 push_type_t (require_array_type (pop_init_ref (reference_type),
2418 int_type));
2419 break;
2420 case op_laload:
2421 pop_type (int_type);
2422 push_type_t (require_array_type (pop_init_ref (reference_type),
2423 long_type));
2424 break;
2425 case op_faload:
2426 pop_type (int_type);
2427 push_type_t (require_array_type (pop_init_ref (reference_type),
2428 float_type));
2429 break;
2430 case op_daload:
2431 pop_type (int_type);
2432 push_type_t (require_array_type (pop_init_ref (reference_type),
2433 double_type));
2434 break;
2435 case op_aaload:
2436 pop_type (int_type);
2437 push_type_t (require_array_type (pop_init_ref (reference_type),
2438 reference_type));
2439 break;
2440 case op_baload:
2441 pop_type (int_type);
2442 require_array_type (pop_init_ref (reference_type), byte_type);
2443 push_type (int_type);
2444 break;
2445 case op_caload:
2446 pop_type (int_type);
2447 require_array_type (pop_init_ref (reference_type), char_type);
2448 push_type (int_type);
2449 break;
2450 case op_saload:
2451 pop_type (int_type);
2452 require_array_type (pop_init_ref (reference_type), short_type);
2453 push_type (int_type);
2454 break;
2455 case op_istore:
2456 set_variable (get_byte (), pop_type (int_type));
2457 break;
2458 case op_lstore:
2459 set_variable (get_byte (), pop_type (long_type));
2460 break;
2461 case op_fstore:
2462 set_variable (get_byte (), pop_type (float_type));
2463 break;
2464 case op_dstore:
2465 set_variable (get_byte (), pop_type (double_type));
2466 break;
2467 case op_astore:
2468 set_variable (get_byte (), pop_ref_or_return ());
2469 break;
2470 case op_istore_0:
2471 case op_istore_1:
2472 case op_istore_2:
2473 case op_istore_3:
2474 set_variable (opcode - op_istore_0, pop_type (int_type));
2475 break;
2476 case op_lstore_0:
2477 case op_lstore_1:
2478 case op_lstore_2:
2479 case op_lstore_3:
2480 set_variable (opcode - op_lstore_0, pop_type (long_type));
2481 break;
2482 case op_fstore_0:
2483 case op_fstore_1:
2484 case op_fstore_2:
2485 case op_fstore_3:
2486 set_variable (opcode - op_fstore_0, pop_type (float_type));
2487 break;
2488 case op_dstore_0:
2489 case op_dstore_1:
2490 case op_dstore_2:
2491 case op_dstore_3:
2492 set_variable (opcode - op_dstore_0, pop_type (double_type));
2493 break;
2494 case op_astore_0:
2495 case op_astore_1:
2496 case op_astore_2:
2497 case op_astore_3:
2498 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2499 break;
2500 case op_iastore:
2501 pop_type (int_type);
2502 pop_type (int_type);
2503 require_array_type (pop_init_ref (reference_type), int_type);
2504 break;
2505 case op_lastore:
2506 pop_type (long_type);
2507 pop_type (int_type);
2508 require_array_type (pop_init_ref (reference_type), long_type);
2509 break;
2510 case op_fastore:
2511 pop_type (float_type);
2512 pop_type (int_type);
2513 require_array_type (pop_init_ref (reference_type), float_type);
2514 break;
2515 case op_dastore:
2516 pop_type (double_type);
2517 pop_type (int_type);
2518 require_array_type (pop_init_ref (reference_type), double_type);
2519 break;
2520 case op_aastore:
2521 pop_type (reference_type);
2522 pop_type (int_type);
2523 require_array_type (pop_init_ref (reference_type), reference_type);
2524 break;
2525 case op_bastore:
2526 pop_type (int_type);
2527 pop_type (int_type);
2528 require_array_type (pop_init_ref (reference_type), byte_type);
2529 break;
2530 case op_castore:
2531 pop_type (int_type);
2532 pop_type (int_type);
2533 require_array_type (pop_init_ref (reference_type), char_type);
2534 break;
2535 case op_sastore:
2536 pop_type (int_type);
2537 pop_type (int_type);
2538 require_array_type (pop_init_ref (reference_type), short_type);
2539 break;
2540 case op_pop:
2541 pop32 ();
2542 break;
2543 case op_pop2:
2544 {
2545 type t = pop_raw ();
2546 if (! type_iswide (&t))
2547 pop32 ();
2548 }
2549 break;
2550 case op_dup:
2551 {
2552 type t = pop32 ();
2553 push_type_t (t);
2554 push_type_t (t);
2555 }
2556 break;
2557 case op_dup_x1:
2558 {
2559 type t1 = pop32 ();
2560 type t2 = pop32 ();
2561 push_type_t (t1);
2562 push_type_t (t2);
2563 push_type_t (t1);
2564 }
2565 break;
2566 case op_dup_x2:
2567 {
2568 type t1 = pop32 ();
2569 type t2 = pop_raw ();
2570 if (! type_iswide (&t2))
2571 {
2572 type t3 = pop32 ();
2573 push_type_t (t1);
2574 push_type_t (t3);
2575 }
2576 else
2577 push_type_t (t1);
2578 push_type_t (t2);
2579 push_type_t (t1);
2580 }
2581 break;
2582 case op_dup2:
2583 {
2584 type t = pop_raw ();
2585 if (! type_iswide (&t))
2586 {
2587 type t2 = pop32 ();
2588 push_type_t (t2);
2589 push_type_t (t);
2590 push_type_t (t2);
2591 }
2592 else
2593 push_type_t (t);
2594 push_type_t (t);
2595 }
2596 break;
2597 case op_dup2_x1:
2598 {
2599 type t1 = pop_raw ();
2600 type t2 = pop32 ();
2601 if (! type_iswide (&t1))
2602 {
2603 type t3 = pop32 ();
2604 push_type_t (t2);
2605 push_type_t (t1);
2606 push_type_t (t3);
2607 }
2608 else
2609 push_type_t (t1);
2610 push_type_t (t2);
2611 push_type_t (t1);
2612 }
2613 break;
2614 case op_dup2_x2:
2615 {
2616 type t1 = pop_raw ();
2617 if (type_iswide (&t1))
2618 {
2619 type t2 = pop_raw ();
2620 if (type_iswide (&t2))
2621 {
2622 push_type_t (t1);
2623 push_type_t (t2);
2624 }
2625 else
2626 {
2627 type t3 = pop32 ();
2628 push_type_t (t1);
2629 push_type_t (t3);
2630 push_type_t (t2);
2631 }
2632 push_type_t (t1);
2633 }
2634 else
2635 {
2636 type t2 = pop32 ();
2637 type t3 = pop_raw ();
2638 if (type_iswide (&t3))
2639 {
2640 push_type_t (t2);
2641 push_type_t (t1);
2642 }
2643 else
2644 {
2645 type t4 = pop32 ();
2646 push_type_t (t2);
2647 push_type_t (t1);
2648 push_type_t (t4);
2649 }
2650 push_type_t (t3);
2651 push_type_t (t2);
2652 push_type_t (t1);
2653 }
2654 }
2655 break;
2656 case op_swap:
2657 {
2658 type t1 = pop32 ();
2659 type t2 = pop32 ();
2660 push_type_t (t1);
2661 push_type_t (t2);
2662 }
2663 break;
2664 case op_iadd:
2665 case op_isub:
2666 case op_imul:
2667 case op_idiv:
2668 case op_irem:
2669 case op_ishl:
2670 case op_ishr:
2671 case op_iushr:
2672 case op_iand:
2673 case op_ior:
2674 case op_ixor:
2675 pop_type (int_type);
2676 push_type_t (pop_type (int_type));
2677 break;
2678 case op_ladd:
2679 case op_lsub:
2680 case op_lmul:
2681 case op_ldiv:
2682 case op_lrem:
2683 case op_land:
2684 case op_lor:
2685 case op_lxor:
2686 pop_type (long_type);
2687 push_type_t (pop_type (long_type));
2688 break;
2689 case op_lshl:
2690 case op_lshr:
2691 case op_lushr:
2692 pop_type (int_type);
2693 push_type_t (pop_type (long_type));
2694 break;
2695 case op_fadd:
2696 case op_fsub:
2697 case op_fmul:
2698 case op_fdiv:
2699 case op_frem:
2700 pop_type (float_type);
2701 push_type_t (pop_type (float_type));
2702 break;
2703 case op_dadd:
2704 case op_dsub:
2705 case op_dmul:
2706 case op_ddiv:
2707 case op_drem:
2708 pop_type (double_type);
2709 push_type_t (pop_type (double_type));
2710 break;
2711 case op_ineg:
2712 case op_i2b:
2713 case op_i2c:
2714 case op_i2s:
2715 push_type_t (pop_type (int_type));
2716 break;
2717 case op_lneg:
2718 push_type_t (pop_type (long_type));
2719 break;
2720 case op_fneg:
2721 push_type_t (pop_type (float_type));
2722 break;
2723 case op_dneg:
2724 push_type_t (pop_type (double_type));
2725 break;
2726 case op_iinc:
2727 get_variable (get_byte (), int_type);
2728 get_byte ();
2729 break;
2730 case op_i2l:
2731 pop_type (int_type);
2732 push_type (long_type);
2733 break;
2734 case op_i2f:
2735 pop_type (int_type);
2736 push_type (float_type);
2737 break;
2738 case op_i2d:
2739 pop_type (int_type);
2740 push_type (double_type);
2741 break;
2742 case op_l2i:
2743 pop_type (long_type);
2744 push_type (int_type);
2745 break;
2746 case op_l2f:
2747 pop_type (long_type);
2748 push_type (float_type);
2749 break;
2750 case op_l2d:
2751 pop_type (long_type);
2752 push_type (double_type);
2753 break;
2754 case op_f2i:
2755 pop_type (float_type);
2756 push_type (int_type);
2757 break;
2758 case op_f2l:
2759 pop_type (float_type);
2760 push_type (long_type);
2761 break;
2762 case op_f2d:
2763 pop_type (float_type);
2764 push_type (double_type);
2765 break;
2766 case op_d2i:
2767 pop_type (double_type);
2768 push_type (int_type);
2769 break;
2770 case op_d2l:
2771 pop_type (double_type);
2772 push_type (long_type);
2773 break;
2774 case op_d2f:
2775 pop_type (double_type);
2776 push_type (float_type);
2777 break;
2778 case op_lcmp:
2779 pop_type (long_type);
2780 pop_type (long_type);
2781 push_type (int_type);
2782 break;
2783 case op_fcmpl:
2784 case op_fcmpg:
2785 pop_type (float_type);
2786 pop_type (float_type);
2787 push_type (int_type);
2788 break;
2789 case op_dcmpl:
2790 case op_dcmpg:
2791 pop_type (double_type);
2792 pop_type (double_type);
2793 push_type (int_type);
2794 break;
2795 case op_ifeq:
2796 case op_ifne:
2797 case op_iflt:
2798 case op_ifge:
2799 case op_ifgt:
2800 case op_ifle:
2801 pop_type (int_type);
2802 push_jump (get_short ());
2803 break;
2804 case op_if_icmpeq:
2805 case op_if_icmpne:
2806 case op_if_icmplt:
2807 case op_if_icmpge:
2808 case op_if_icmpgt:
2809 case op_if_icmple:
2810 pop_type (int_type);
2811 pop_type (int_type);
2812 push_jump (get_short ());
2813 break;
2814 case op_if_acmpeq:
2815 case op_if_acmpne:
2816 pop_type (reference_type);
2817 pop_type (reference_type);
2818 push_jump (get_short ());
2819 break;
2820 case op_goto:
2821 push_jump (get_short ());
2822 invalidate_pc ();
2823 break;
2824 case op_jsr:
2825 handle_jsr_insn (get_short ());
2826 break;
2827 case op_ret:
2828 handle_ret_insn (get_byte ());
2829 break;
2830 case op_tableswitch:
2831 {
2832 int i;
2833 jint low, high;
2834 pop_type (int_type);
2835 skip_padding ();
2836 push_jump (get_int ());
2837 low = get_int ();
2838 high = get_int ();
2839 /* Already checked LOW -vs- HIGH. */
2840 for (i = low; i <= high; ++i)
2841 push_jump (get_int ());
2842 invalidate_pc ();
2843 }
2844 break;
2845
2846 case op_lookupswitch:
2847 {
2848 int i;
2849 jint npairs, lastkey;
2850
2851 pop_type (int_type);
2852 skip_padding ();
2853 push_jump (get_int ());
2854 npairs = get_int ();
2855 /* Already checked NPAIRS >= 0. */
2856 lastkey = 0;
2857 for (i = 0; i < npairs; ++i)
2858 {
2859 jint key = get_int ();
2860 if (i > 0 && key <= lastkey)
2861 verify_fail_pc ("lookupswitch pairs unsorted", vfr->start_PC);
2862 lastkey = key;
2863 push_jump (get_int ());
2864 }
2865 invalidate_pc ();
2866 }
2867 break;
2868 case op_ireturn:
2869 check_return_type (pop_type (int_type));
2870 invalidate_pc ();
2871 break;
2872 case op_lreturn:
2873 check_return_type (pop_type (long_type));
2874 invalidate_pc ();
2875 break;
2876 case op_freturn:
2877 check_return_type (pop_type (float_type));
2878 invalidate_pc ();
2879 break;
2880 case op_dreturn:
2881 check_return_type (pop_type (double_type));
2882 invalidate_pc ();
2883 break;
2884 case op_areturn:
2885 check_return_type (pop_init_ref (reference_type));
2886 invalidate_pc ();
2887 break;
2888 case op_return:
2889 /* We only need to check this when the return type is void,
2890 because all instance initializers return void. We also
2891 need to special-case Object constructors, as they can't
2892 call a superclass <init>. */
2893 if (this_is_init && vfr->current_class != vfy_object_type ())
2894 state_check_this_initialized (vfr->current_state);
2895 check_return_type (make_type (void_type));
2896 invalidate_pc ();
2897 break;
2898 case op_getstatic:
2899 push_type_t (check_field_constant (get_ushort (), NULL, false));
2900 break;
2901 case op_putstatic:
2902 pop_type_t (check_field_constant (get_ushort (), NULL, false));
2903 break;
2904 case op_getfield:
2905 {
2906 type klass;
2907 type field = check_field_constant (get_ushort (), &klass, false);
2908 pop_type_t (klass);
2909 push_type_t (field);
2910 }
2911 break;
2912 case op_putfield:
2913 {
2914 type klass;
2915 type field = check_field_constant (get_ushort (), &klass, true);
2916 pop_type_t (field);
2917 pop_type_t (klass);
2918 }
2919 break;
2920
2921 case op_invokevirtual:
2922 case op_invokespecial:
2923 case op_invokestatic:
2924 case op_invokeinterface:
2925 {
2926 vfy_string method_name, method_signature;
2927 const char *namec;
2928 int i, arg_count;
2929 type rt;
2930 bool is_init = false;
2931
2932 type class_type
2933 = check_method_constant (get_ushort (),
2934 opcode == op_invokeinterface,
2935 &method_name,
2936 &method_signature);
2937 /* NARGS is only used when we're processing
2938 invokeinterface. It is simplest for us to compute it
2939 here and then verify it later. */
2940 int nargs = 0;
2941 if (opcode == op_invokeinterface)
2942 {
2943 nargs = get_byte ();
2944 if (get_byte () != 0)
2945 verify_fail ("invokeinterface dummy byte is wrong");
2946 }
2947
2948 namec = vfy_string_bytes (method_name);
2949
2950 if (vfy_strings_equal (method_name, vfy_init_name()))
2951 {
2952 is_init = true;
2953 if (opcode != op_invokespecial)
2954 verify_fail ("can't invoke <init>");
2955 }
2956 else if (namec[0] == '<')
2957 verify_fail ("can't invoke method starting with `<'");
2958
2959 arg_count = vfy_count_arguments (method_signature);
2960 {
2961 /* Pop arguments and check types. */
2962 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2963
2964 compute_argument_types (method_signature, arg_types);
2965 for (i = arg_count - 1; i >= 0; --i)
2966 {
2967 /* This is only used for verifying the byte for
2968 invokeinterface. */
2969 nargs -= type_depth (&arg_types[i]);
2970 pop_init_ref_t (arg_types[i]);
2971 }
2972
2973 vfy_free (arg_types);
2974 }
2975
2976 if (opcode == op_invokeinterface
2977 && nargs != 1)
2978 verify_fail ("wrong argument count for invokeinterface");
2979
2980 if (opcode != op_invokestatic)
2981 {
2982 type raw;
2983 type t = class_type;
2984 if (is_init)
2985 {
2986 /* In this case the PC doesn't matter. */
2987 type_set_uninitialized (&t, UNINIT);
2988 /* FIXME: check to make sure that the <init>
2989 call is to the right class.
2990 It must either be super or an exact class
2991 match. */
2992 }
2993 raw = pop_raw ();
2994 if (! types_compatible (&t, &raw))
2995 verify_fail ("incompatible type on stack");
2996
2997 if (is_init)
2998 state_set_initialized (vfr->current_state,
2999 type_get_pc (&raw), vfr->current_method->max_locals);
3000 }
3001
3002 rt = compute_return_type (method_signature);
3003 if (! type_isvoid (&rt))
3004 push_type_t (rt);
3005 }
3006 break;
3007
3008 case op_new:
3009 {
3010 type t = check_class_constant (get_ushort ());
3011 if (type_isarray (&t) || type_isinterface (&t)
3012 || type_isabstract (&t))
3013 verify_fail ("type is array, interface, or abstract");
3014 type_set_uninitialized (&t, vfr->start_PC);
3015 push_type_t (t);
3016 }
3017 break;
3018
3019 case op_newarray:
3020 {
3021 int atype = get_byte ();
3022 vfy_jclass k;
3023 type t;
3024 /* We intentionally have chosen constants to make this
3025 valid. */
3026 if (atype < boolean_type || atype > long_type)
3027 verify_fail_pc ("type not primitive", vfr->start_PC);
3028 pop_type (int_type);
3029 k = construct_primitive_array_type ((type_val) atype);
3030 init_type_from_class (&t, k);
3031 push_type_t (t);
3032 }
3033 break;
3034 case op_anewarray:
3035 {
3036 type t;
3037 pop_type (int_type);
3038 t = check_class_constant (get_ushort ());
3039 push_type_t (type_to_array (&t));
3040 }
3041 break;
3042 case op_arraylength:
3043 {
3044 type t = pop_init_ref (reference_type);
3045 if (! type_isarray (&t) && ! type_isnull (&t))
3046 verify_fail ("array type expected");
3047 push_type (int_type);
3048 }
3049 break;
3050 case op_athrow:
3051 pop_type_t (make_type_from_class (vfy_throwable_type ()));
3052 invalidate_pc ();
3053 break;
3054 case op_checkcast:
3055 pop_init_ref (reference_type);
3056 push_type_t (check_class_constant (get_ushort ()));
3057 break;
3058 case op_instanceof:
3059 pop_init_ref (reference_type);
3060 check_class_constant (get_ushort ());
3061 push_type (int_type);
3062 break;
3063 case op_monitorenter:
3064 pop_init_ref (reference_type);
3065 break;
3066 case op_monitorexit:
3067 pop_init_ref (reference_type);
3068 break;
3069 case op_wide:
3070 {
3071 switch (get_byte ())
3072 {
3073 case op_iload:
3074 push_type_t (get_variable (get_ushort (), int_type));
3075 break;
3076 case op_lload:
3077 push_type_t (get_variable (get_ushort (), long_type));
3078 break;
3079 case op_fload:
3080 push_type_t (get_variable (get_ushort (), float_type));
3081 break;
3082 case op_dload:
3083 push_type_t (get_variable (get_ushort (), double_type));
3084 break;
3085 case op_aload:
3086 push_type_t (get_variable (get_ushort (), reference_type));
3087 break;
3088 case op_istore:
3089 set_variable (get_ushort (), pop_type (int_type));
3090 break;
3091 case op_lstore:
3092 set_variable (get_ushort (), pop_type (long_type));
3093 break;
3094 case op_fstore:
3095 set_variable (get_ushort (), pop_type (float_type));
3096 break;
3097 case op_dstore:
3098 set_variable (get_ushort (), pop_type (double_type));
3099 break;
3100 case op_astore:
3101 set_variable (get_ushort (), pop_init_ref (reference_type));
3102 break;
3103 case op_ret:
3104 handle_ret_insn (get_short ());
3105 break;
3106 case op_iinc:
3107 get_variable (get_ushort (), int_type);
3108 get_short ();
3109 break;
3110 default:
3111 verify_fail_pc ("unrecognized wide instruction", vfr->start_PC);
3112 }
3113 }
3114 break;
3115 case op_multianewarray:
3116 {
3117 int i;
3118 type atype = check_class_constant (get_ushort ());
3119 int dim = get_byte ();
3120 if (dim < 1)
3121 verify_fail_pc ("too few dimensions to multianewarray", vfr->start_PC);
3122 type_verify_dimensions (&atype, dim);
3123 for (i = 0; i < dim; ++i)
3124 pop_type (int_type);
3125 push_type_t (atype);
3126 }
3127 break;
3128 case op_ifnull:
3129 case op_ifnonnull:
3130 pop_type (reference_type);
3131 push_jump (get_short ());
3132 break;
3133 case op_goto_w:
3134 push_jump (get_int ());
3135 invalidate_pc ();
3136 break;
3137 case op_jsr_w:
3138 handle_jsr_insn (get_int ());
3139 break;
3140
3141 default:
3142 /* Unrecognized opcode. */
3143 verify_fail_pc ("unrecognized instruction in verify_instructions_0",
3144 vfr->start_PC);
3145 }
3146 }
3147 }
3148
3149 /* This turns a `type' into something suitable for use by the type map
3150 in the other parts of the compiler. In particular, reference types
3151 are mapped to Object, primitive types are unchanged, and other
3152 types are mapped using special functions declared in verify.h. */
3153 static vfy_jclass
3154 collapse_type (type *t)
3155 {
3156 switch (t->key)
3157 {
3158 case void_type:
3159 case boolean_type:
3160 case char_type:
3161 case float_type:
3162 case double_type:
3163 case byte_type:
3164 case short_type:
3165 case int_type:
3166 case long_type:
3167 return vfy_get_primitive_type (t->key);
3168
3169 case unsuitable_type:
3170 case continuation_type:
3171 return vfy_unsuitable_type ();
3172
3173 case return_address_type:
3174 return vfy_return_address_type ();
3175
3176 case null_type:
3177 return vfy_null_type ();
3178
3179 case reference_type:
3180 case uninitialized_reference_type:
3181 return vfy_object_type ();
3182 }
3183
3184 gcc_unreachable ();
3185 }
3186
3187 static void
3188 verify_instructions (void)
3189 {
3190 int i;
3191
3192 branch_prepass ();
3193 verify_instructions_0 ();
3194
3195 /* Now tell the rest of the compiler about the types we've found. */
3196 for (i = 0; i < vfr->current_method->code_length; ++i)
3197 {
3198 int j, slot;
3199 struct state *curr;
3200
3201 if ((vfr->flags[i] & FLAG_INSN_SEEN) != 0)
3202 vfy_note_instruction_seen (i);
3203
3204 if (! vfr->states[i])
3205 continue;
3206
3207 curr = vfr->states[i]->val;
3208 vfy_note_stack_depth (vfr->current_method, i, curr->stackdepth);
3209
3210 /* Tell the compiler about each local variable. */
3211 for (j = 0; j < vfr->current_method->max_locals; ++j)
3212 vfy_note_local_type (vfr->current_method, i, j,
3213 collapse_type (&curr->locals[j]));
3214 /* Tell the compiler about each stack slot. */
3215 for (slot = j = 0; j < curr->stacktop; ++j, ++slot)
3216 {
3217 vfy_note_stack_type (vfr->current_method, i, slot,
3218 collapse_type (&curr->stack[j]));
3219 if (type_iswide (&curr->stack[j]))
3220 {
3221 ++slot;
3222 vfy_note_stack_type (vfr->current_method, i, slot,
3223 vfy_unsuitable_type ());
3224 }
3225 }
3226 gcc_assert (slot == curr->stackdepth);
3227 }
3228 }
3229
3230 static void
3231 make_verifier_context (vfy_method *m)
3232 {
3233 vfr = (verifier_context *) vfy_alloc (sizeof (struct verifier_context));
3234
3235 vfr->current_method = m;
3236 vfr->bytecode = vfy_get_bytecode (m);
3237 vfr->exception = vfy_get_exceptions (m);
3238 vfr->current_class = m->defining_class;
3239
3240 vfr->states = NULL;
3241 vfr->flags = NULL;
3242 vfr->utf8_list = NULL;
3243 vfr->isect_list = NULL;
3244 }
3245
3246 static void
3247 free_verifier_context (void)
3248 {
3249 vfy_string_list *utf8_list;
3250 ref_intersection *isect_list;
3251
3252 if (vfr->flags)
3253 vfy_free (vfr->flags);
3254
3255 utf8_list = vfr->utf8_list;
3256 while (utf8_list != NULL)
3257 {
3258 vfy_string_list *n = utf8_list->next;
3259 vfy_free (utf8_list);
3260 utf8_list = n;
3261 }
3262
3263 isect_list = vfr->isect_list;
3264 while (isect_list != NULL)
3265 {
3266 ref_intersection *next = isect_list->alloc_next;
3267 vfy_free (isect_list);
3268 isect_list = next;
3269 }
3270
3271 if (vfr->states != NULL)
3272 {
3273 int i;
3274 for (i = 0; i < vfr->current_method->code_length; ++i)
3275 {
3276 state_list *iter = vfr->states[i];
3277 while (iter != NULL)
3278 {
3279 state_list *next = iter->next;
3280 free_state (iter->val);
3281 vfy_free (iter->val);
3282 vfy_free (iter);
3283 iter = next;
3284 }
3285 }
3286 vfy_free (vfr->states);
3287 }
3288
3289 vfy_free (vfr);
3290 }
3291
3292 int
3293 verify_method (vfy_method *meth)
3294 {
3295 debug_print ("verify_method (%s) %i\n", vfy_string_bytes (meth->name),
3296 meth->code_length);
3297
3298 if (vfr != NULL)
3299 verify_fail ("verifier re-entered");
3300
3301 make_verifier_context (meth);
3302 verify_instructions ();
3303 free_verifier_context ();
3304 vfr = NULL;
3305
3306 return 1;
3307 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org