search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* combine.c (expand_compound_operation) <ZERO_EXTRACT>: Add
[official-gcc.git] / gcc / java / verify-impl.c
blobf48797892b2a1c553abe086b57acd69c1d8a7f48
1 /* Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation
2
3 This file is part of libgcj.
4
5 This software is copyrighted work licensed under the terms of the
6 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
7 details. */
8
9 /* Written by Tom Tromey <tromey@redhat.com> */
10
11 /* Uncomment this to enable debugging output. */
12 /* #define VERIFY_DEBUG */
13
14 #include "config.h"
15
16 #include "verify.h"
17
18 /* Hack to work around namespace pollution from java-tree.h. */
19 #undef current_class
20
21 #ifdef VERIFY_DEBUG
22 #include <stdio.h>
23 #endif /* VERIFY_DEBUG */
24
25 /* This is used to mark states which are not scheduled for
26 verification. */
27 #define INVALID_STATE ((state *) -1)
28
29 #ifdef VERIFY_DEBUG
30 static void
31 debug_print (const char *fmt, ...)
32 {
33 va_list ap;
34 va_start (ap, fmt);
35 vfprintf (stderr, fmt, ap);
36 va_end (ap);
37 }
38 #else
39 static void
40 debug_print (const char *fmt ATTRIBUTE_UNUSED, ...)
41 {
42 }
43 #endif /* VERIFY_DEBUG */
44
45 #if 0
46 static void debug_print (const char *fmt, ...)
47 __attribute__ ((format (printf, 1, 2)));
48
49 static void
50 debug_print (const char *fmt, ...)
51 {
52 #ifdef VERIFY_DEBUG
53 va_list ap;
54 va_start (ap, fmt);
55 vfprintf (stderr, fmt, ap);
56 va_end (ap);
57 #endif /* VERIFY_DEBUG */
58 }
59 #endif
60
61 /* This started as a fairly ordinary verifier, and for the most part
62 it remains so. It works in the obvious way, by modeling the effect
63 of each opcode as it is encountered. For most opcodes, this is a
64 straightforward operation.
65
66 This verifier does not do type merging. It used to, but this
67 results in difficulty verifying some relatively simple code
68 involving interfaces, and it pushed some verification work into the
69 interpreter.
70
71 Instead of merging reference types, when we reach a point where two
72 flows of control merge, we simply keep the union of reference types
73 from each branch. Then, when we need to verify a fact about a
74 reference on the stack (e.g., that it is compatible with the
75 argument type of a method), we check to ensure that all possible
76 types satisfy the requirement.
77
78 Another area this verifier differs from the norm is in its handling
79 of subroutines. The JVM specification has some confusing things to
80 say about subroutines. For instance, it makes claims about not
81 allowing subroutines to merge and it rejects recursive subroutines.
82 For the most part these are red herrings; we used to try to follow
83 these things but they lead to problems. For example, the notion of
84 "being in a subroutine" is not well-defined: is an exception
85 handler in a subroutine? If you never execute the `ret' but
86 instead `goto 1' do you remain in the subroutine?
87
88 For clarity on what is really required for type safety, read
89 "Simple Verification Technique for Complex Java Bytecode
90 Subroutines" by Alessandro Coglio. Among other things this paper
91 shows that recursive subroutines are not harmful to type safety.
92 We implement something similar to what he proposes. Note that this
93 means that this verifier will accept code that is rejected by some
94 other verifiers.
95
96 For those not wanting to read the paper, the basic observation is
97 that we can maintain split states in subroutines. We maintain one
98 state for each calling `jsr'. In other words, we re-verify a
99 subroutine once for each caller, using the exact types held by the
100 callers (as opposed to the old approach of merging types and
101 keeping a bitmap registering what did or did not change). This
102 approach lets us continue to verify correctly even when a
103 subroutine is exited via `goto' or `athrow' and not `ret'.
104
105 In some other areas the JVM specification is (mildly) incorrect,
106 so we diverge. For instance, you cannot
107 violate type safety by allocating an object with `new' and then
108 failing to initialize it, no matter how one branches or where one
109 stores the uninitialized reference. See "Improving the official
110 specification of Java bytecode verification" by Alessandro Coglio.
111
112 Note that there's no real point in enforcing that padding bytes or
113 the mystery byte of invokeinterface must be 0, but we do that
114 regardless.
115
116 The verifier is currently neither completely lazy nor eager when it
117 comes to loading classes. It tries to represent types by name when
118 possible, and then loads them when it needs to verify a fact about
119 the type. Checking types by name is valid because we only use
120 names which come from the current class' constant pool. Since all
121 such names are looked up using the same class loader, there is no
122 danger that we might be fooled into comparing different types with
123 the same name.
124
125 In the future we plan to allow for a completely lazy mode of
126 operation, where the verifier will construct a list of type
127 assertions to be checked later.
128
129 Some test cases for the verifier live in the "verify" module of the
130 Mauve test suite. However, some of these are presently
131 (2004-01-20) believed to be incorrect. (More precisely the notion
132 of "correct" is not well-defined, and this verifier differs from
133 others while remaining type-safe.) Some other tests live in the
134 libgcj test suite.
135
136 This verifier is also written to be pluggable. This means that it
137 is intended for use in a variety of environments, not just libgcj.
138 As a result the verifier expects a number of type and method
139 declarations to be declared in "verify.h". The intent is that you
140 recompile the verifier for your particular environment. This
141 approach was chosen so that operations could be inlined in verify.h
142 as much as possible.
143
144 See the verify.h that accompanies this copy of the verifier to see
145 what types, preprocessor defines, and functions must be declared.
146 The interface is ad hoc, but was defined so that it could be
147 implemented to connect to a pure C program.
148 */
149
150 #define FLAG_INSN_START 1
151 #define FLAG_BRANCH_TARGET 2
152 #define FLAG_INSN_SEEN 4
153
154 struct state;
155 struct type;
156 struct ref_intersection;
157
158 typedef struct state state;
159 typedef struct type type;
160 typedef struct ref_intersection ref_intersection;
161
162 /*typedef struct state_list state_list;*/
163
164 typedef struct state_list
165 {
166 state *val;
167 struct state_list *next;
168 } state_list;
169
170 typedef struct vfy_string_list
171 {
172 vfy_string val;
173 struct vfy_string_list *next;
174 } vfy_string_list;
175
176 typedef struct verifier_context
177 {
178 /* The current PC. */
179 int PC;
180 /* The PC corresponding to the start of the current instruction. */
181 int start_PC;
182
183 /* The current state of the stack, locals, etc. */
184 state *current_state;
185
186 /* At each branch target we keep a linked list of all the states we
187 can process at that point. We'll only have multiple states at a
188 given PC if they both have different return-address types in the
189 same stack or local slot. This array is indexed by PC and holds
190 the list of all such states. */
191 state_list **states;
192
193 /* We keep a linked list of all the states which we must reverify.
194 This is the head of the list. */
195 state *next_verify_state;
196
197 /* We keep some flags for each instruction. The values are the
198 FLAG_* constants defined above. This is an array indexed by PC. */
199 char *flags;
200
201 /* The bytecode itself. */
202 const unsigned char *bytecode;
203 /* The exceptions. */
204 vfy_exception *exception;
205
206 /* Defining class. */
207 vfy_jclass current_class;
208 /* This method. */
209 vfy_method *current_method;
210
211 /* A linked list of utf8 objects we allocate. */
212 vfy_string_list *utf8_list;
213
214 /* A linked list of all ref_intersection objects we allocate. */
215 ref_intersection *isect_list;
216 } verifier_context;
217
218 /* The current verifier's state data. This is maintained by
219 {push/pop}_verifier_context to provide a shorthand form to access
220 the verification state. */
221 static GTY(()) verifier_context *vfr;
222
223 /* Local function declarations. */
224 bool type_initialized (type *t);
225 int ref_count_dimensions (ref_intersection *ref);
226
227 #if 0
228 /* Create a new Utf-8 constant and return it. We do this to avoid
229 having our Utf-8 constants prematurely collected. */
230 static vfy_string
231 make_utf8_const (const char *s, int len)
232 {
233 vfy_string val = vfy_make_string (s, len);
234 vfy_string_list *lu = vfy_alloc (sizeof (vfy_string_list));
235 lu->val = val;
236 lu->next = vfr->utf8_list;
237 vfr->utf8_list = lu;
238
239 return val;
240 }
241 #endif
242
243 static void
244 verify_fail_pc (const char *s, int pc)
245 {
246 vfy_fail (s, pc, vfr->current_class, vfr->current_method);
247 }
248
249 static void
250 verify_fail (const char *s)
251 {
252 verify_fail_pc (s, -1);
253 }
254
255 /* This enum holds a list of tags for all the different types we
256 need to handle. Reference types are treated specially by the
257 type class. */
258 typedef enum type_val
259 {
260 void_type,
261
262 /* The values for primitive types are chosen to correspond to values
263 specified to newarray. */
264 boolean_type = 4,
265 char_type = 5,
266 float_type = 6,
267 double_type = 7,
268 byte_type = 8,
269 short_type = 9,
270 int_type = 10,
271 long_type = 11,
272
273 /* Used when overwriting second word of a double or long in the
274 local variables. Also used after merging local variable states
275 to indicate an unusable value. */
276 unsuitable_type,
277 return_address_type,
278 /* This is the second word of a two-word value, i.e., a double or
279 a long. */
280 continuation_type,
281
282 /* Everything after `reference_type' must be a reference type. */
283 reference_type,
284 null_type,
285 uninitialized_reference_type
286 } type_val;
287
288 /* This represents a merged class type. Some verifiers (including
289 earlier versions of this one) will compute the intersection of
290 two class types when merging states. However, this loses
291 critical information about interfaces implemented by the various
292 classes. So instead we keep track of all the actual classes that
293 have been merged. */
294 struct ref_intersection
295 {
296 /* Whether or not this type has been resolved. */
297 bool is_resolved;
298
299 /* Actual type data. */
300 union
301 {
302 /* For a resolved reference type, this is a pointer to the class. */
303 vfy_jclass klass;
304 /* For other reference types, this it the name of the class. */
305 vfy_string name;
306 } data;
307
308 /* Link to the next reference in the intersection. */
309 ref_intersection *ref_next;
310
311 /* This is used to keep track of all the allocated
312 ref_intersection objects, so we can free them.
313 FIXME: we should allocate these in chunks. */
314 ref_intersection *alloc_next;
315 };
316
317 static ref_intersection *
318 make_ref (void)
319 {
320 ref_intersection *new_ref =
321 (ref_intersection *) vfy_alloc (sizeof (ref_intersection));
322
323 new_ref->alloc_next = vfr->isect_list;
324 vfr->isect_list = new_ref;
325 return new_ref;
326 }
327
328 static ref_intersection *
329 clone_ref (ref_intersection *dup)
330 {
331 ref_intersection *new_ref = make_ref ();
332
333 new_ref->is_resolved = dup->is_resolved;
334 new_ref->data = dup->data;
335 return new_ref;
336 }
337
338 static void
339 resolve_ref (ref_intersection *ref)
340 {
341 if (ref->is_resolved)
342 return;
343 ref->data.klass = vfy_find_class (vfr->current_class, ref->data.name);
344 ref->is_resolved = true;
345 }
346
347 static bool
348 refs_equal (ref_intersection *ref1, ref_intersection *ref2)
349 {
350 if (! ref1->is_resolved && ! ref2->is_resolved
351 && vfy_strings_equal (ref1->data.name, ref2->data.name))
352 return true;
353 if (! ref1->is_resolved)
354 resolve_ref (ref1);
355 if (! ref2->is_resolved)
356 resolve_ref (ref2);
357 return ref1->data.klass == ref2->data.klass;
358 }
359
360 /* Merge REF1 type into REF2, returning the result. This will
361 return REF2 if all the classes in THIS already appear in
362 REF2. */
363 static ref_intersection *
364 merge_refs (ref_intersection *ref1, ref_intersection *ref2)
365 {
366 ref_intersection *tail = ref2;
367 for (; ref1 != NULL; ref1 = ref1->ref_next)
368 {
369 bool add = true;
370 ref_intersection *iter;
371 for (iter = ref2; iter != NULL; iter = iter->ref_next)
372 {
373 if (refs_equal (ref1, iter))
374 {
375 add = false;
376 break;
377 }
378 }
379
380 if (add)
381 {
382 ref_intersection *new_tail = clone_ref (ref1);
383 new_tail->ref_next = tail;
384 tail = new_tail;
385 }
386 }
387 return tail;
388 }
389
390 /* See if an object of type SOURCE can be assigned to an object of
391 type TARGET. This might resolve classes in one chain or the other. */
392 static bool
393 ref_compatible (ref_intersection *target, ref_intersection *source)
394 {
395 for (; target != NULL; target = target->ref_next)
396 {
397 ref_intersection *source_iter = source;
398
399 for (; source_iter != NULL; source_iter = source_iter->ref_next)
400 {
401 /* Avoid resolving if possible. */
402 if (! target->is_resolved
403 && ! source_iter->is_resolved
404 && vfy_strings_equal (target->data.name,
405 source_iter->data.name))
406 continue;
407
408 if (! target->is_resolved)
409 resolve_ref (target);
410 if (! source_iter->is_resolved)
411 resolve_ref (source_iter);
412
413 if (! vfy_is_assignable_from (target->data.klass,
414 source_iter->data.klass))
415 return false;
416 }
417 }
418
419 return true;
420 }
421
422 static bool
423 ref_isarray (ref_intersection *ref)
424 {
425 /* assert (ref_next == NULL); */
426 if (ref->is_resolved)
427 return vfy_is_array (ref->data.klass);
428 else
429 return vfy_string_bytes (ref->data.name)[0] == '[';
430 }
431
432 static bool
433 ref_isinterface (ref_intersection *ref)
434 {
435 /* assert (ref_next == NULL); */
436 if (! ref->is_resolved)
437 resolve_ref (ref);
438 return vfy_is_interface (ref->data.klass);
439 }
440
441 static bool
442 ref_isabstract (ref_intersection *ref)
443 {
444 /* assert (ref_next == NULL); */
445 if (! ref->is_resolved)
446 resolve_ref (ref);
447 return vfy_is_abstract (ref->data.klass);
448 }
449
450 static vfy_jclass
451 ref_getclass (ref_intersection *ref)
452 {
453 if (! ref->is_resolved)
454 resolve_ref (ref);
455 return ref->data.klass;
456 }
457
458 int
459 ref_count_dimensions (ref_intersection *ref)
460 {
461 int ndims = 0;
462 if (ref->is_resolved)
463 {
464 vfy_jclass k = ref->data.klass;
465 while (vfy_is_array (k))
466 {
467 k = vfy_get_component_type (k);
468 ++ndims;
469 }
470 }
471 else
472 {
473 const char *p = vfy_string_bytes (ref->data.name);
474 while (*p++ == '[')
475 ++ndims;
476 }
477 return ndims;
478 }
479
480 /* Return the type_val corresponding to a primitive signature
481 character. For instance `I' returns `int.class'. */
482 static type_val
483 get_type_val_for_signature (char sig)
484 {
485 type_val rt;
486 switch (sig)
487 {
488 case 'Z':
489 rt = boolean_type;
490 break;
491 case 'B':
492 rt = byte_type;
493 break;
494 case 'C':
495 rt = char_type;
496 break;
497 case 'S':
498 rt = short_type;
499 break;
500 case 'I':
501 rt = int_type;
502 break;
503 case 'J':
504 rt = long_type;
505 break;
506 case 'F':
507 rt = float_type;
508 break;
509 case 'D':
510 rt = double_type;
511 break;
512 case 'V':
513 rt = void_type;
514 break;
515 default:
516 verify_fail ("invalid signature");
517 return null_type;
518 }
519 return rt;
520 }
521
522 /* Return the type_val corresponding to a primitive class. */
523 static type_val
524 get_type_val_for_primtype (vfy_jclass k)
525 {
526 return get_type_val_for_signature (vfy_get_primitive_char (k));
527 }
528
529 /* The `type' class is used to represent a single type in the verifier. */
530 struct type
531 {
532 /* The type key. */
533 type_val key;
534
535 /* For reference types, the representation of the type. */
536 ref_intersection *klass;
537
538 /* This is used in two situations.
539
540 First, when constructing a new object, it is the PC of the
541 `new' instruction which created the object. We use the special
542 value UNINIT to mean that this is uninitialized, and the
543 special value SELF for the case where the current method is
544 itself the <init> method.
545
546 Second, when the key is return_address_type, this holds the PC
547 of the instruction following the `jsr'. */
548 int pc;
549
550 #define UNINIT -2
551 #define SELF -1
552 };
553
554 #if 0
555 /* Basic constructor. */
556 static void
557 init_type (type *t)
558 {
559 t->key = unsuitable_type;
560 t->klass = NULL;
561 t->pc = UNINIT;
562 }
563 #endif
564
565 /* Make a new instance given the type tag. We assume a generic
566 `reference_type' means Object. */
567 static void
568 init_type_from_tag (type *t, type_val k)
569 {
570 t->key = k;
571 /* For reference_type, if KLASS==NULL then that means we are
572 looking for a generic object of any kind, including an
573 uninitialized reference. */
574 t->klass = NULL;
575 t->pc = UNINIT;
576 }
577
578 /* Make a type for the given type_val tag K. */
579 static type
580 make_type (type_val k)
581 {
582 type t;
583 init_type_from_tag (&t, k);
584 return t;
585 }
586
587 /* Make a new instance given a class. */
588 static void
589 init_type_from_class (type *t, vfy_jclass k)
590 {
591 t->key = reference_type;
592 t->klass = make_ref ();
593 t->klass->is_resolved = true;
594 t->klass->data.klass = k;
595 t->klass->ref_next = NULL;
596 t->pc = UNINIT;
597 }
598
599 static type
600 make_type_from_class (vfy_jclass k)
601 {
602 type t;
603 init_type_from_class (&t, k);
604 return t;
605 }
606
607 static void
608 init_type_from_string (type *t, vfy_string n)
609 {
610 t->key = reference_type;
611 t->klass = make_ref ();
612 t->klass->is_resolved = false;
613 t->klass->data.name = n;
614 t->klass->ref_next = NULL;
615 t->pc = UNINIT;
616 }
617
618 static type
619 make_type_from_string (vfy_string n)
620 {
621 type t;
622 init_type_from_string (&t, n);
623 return t;
624 }
625
626 #if 0
627 /* Make a new instance given the name of a class. */
628 type (vfy_string n)
629 {
630 key = reference_type;
631 klass = new ref_intersection (n, verifier);
632 pc = UNINIT;
633 }
634
635 /* Copy constructor. */
636 static type copy_type (type *t)
637 {
638 type copy;
639 copy.key = t->key;
640 copy.klass = t->klass;
641 copy.pc = t->pc;
642 return copy;
643 }
644 #endif
645
646 /* Promote a numeric type. */
647 static void
648 vfy_promote_type (type *t)
649 {
650 if (t->key == boolean_type || t->key == char_type
651 || t->key == byte_type || t->key == short_type)
652 t->key = int_type;
653 }
654 #define promote_type vfy_promote_type
655
656 /* Mark this type as the uninitialized result of `new'. */
657 static void
658 type_set_uninitialized (type *t, int npc)
659 {
660 if (t->key == reference_type)
661 t->key = uninitialized_reference_type;
662 else
663 verify_fail ("internal error in type::uninitialized");
664 t->pc = npc;
665 }
666
667 /* Mark this type as now initialized. */
668 static void
669 type_set_initialized (type *t, int npc)
670 {
671 if (npc != UNINIT && t->pc == npc && t->key == uninitialized_reference_type)
672 {
673 t->key = reference_type;
674 t->pc = UNINIT;
675 }
676 }
677
678 /* Mark this type as a particular return address. */
679 static void type_set_return_address (type *t, int npc)
680 {
681 t->pc = npc;
682 }
683
684 /* Return true if this type and type OTHER are considered
685 mergeable for the purposes of state merging. This is related
686 to subroutine handling. For this purpose two types are
687 considered unmergeable if they are both return-addresses but
688 have different PCs. */
689 static bool
690 type_state_mergeable_p (type *t1, type *t2)
691 {
692 return (t1->key != return_address_type
693 || t2->key != return_address_type
694 || t1->pc == t2->pc);
695 }
696
697 /* Return true if an object of type K can be assigned to a variable
698 of type T. Handle various special cases too. Might modify
699 T or K. Note however that this does not perform numeric
700 promotion. */
701 static bool
702 types_compatible (type *t, type *k)
703 {
704 /* Any type is compatible with the unsuitable type. */
705 if (k->key == unsuitable_type)
706 return true;
707
708 if (t->key < reference_type || k->key < reference_type)
709 return t->key == k->key;
710
711 /* The `null' type is convertible to any initialized reference
712 type. */
713 if (t->key == null_type)
714 return k->key != uninitialized_reference_type;
715 if (k->key == null_type)
716 return t->key != uninitialized_reference_type;
717
718 /* A special case for a generic reference. */
719 if (t->klass == NULL)
720 return true;
721 if (k->klass == NULL)
722 verify_fail ("programmer error in type::compatible");
723
724 /* An initialized type and an uninitialized type are not
725 compatible. */
726 if (type_initialized (t) != type_initialized (k))
727 return false;
728
729 /* Two uninitialized objects are compatible if either:
730 * The PCs are identical, or
731 * One PC is UNINIT. */
732 if (type_initialized (t))
733 {
734 if (t->pc != k->pc && t->pc != UNINIT && k->pc != UNINIT)
735 return false;
736 }
737
738 return ref_compatible (t->klass, k->klass);
739 }
740
741 static bool
742 type_isvoid (type *t)
743 {
744 return t->key == void_type;
745 }
746
747 static bool
748 type_iswide (type *t)
749 {
750 return t->key == long_type || t->key == double_type;
751 }
752
753 /* Return number of stack or local variable slots taken by this type. */
754 static int
755 type_depth (type *t)
756 {
757 return type_iswide (t) ? 2 : 1;
758 }
759
760 static bool
761 type_isarray (type *t)
762 {
763 /* We treat null_type as not an array. This is ok based on the
764 current uses of this method. */
765 if (t->key == reference_type)
766 return ref_isarray (t->klass);
767 return false;
768 }
769
770 static bool
771 type_isnull (type *t)
772 {
773 return t->key == null_type;
774 }
775
776 static bool
777 type_isinterface (type *t)
778 {
779 if (t->key != reference_type)
780 return false;
781 return ref_isinterface (t->klass);
782 }
783
784 static bool
785 type_isabstract (type *t)
786 {
787 if (t->key != reference_type)
788 return false;
789 return ref_isabstract (t->klass);
790 }
791
792 /* Return the element type of an array. */
793 static type
794 type_array_element (type *t)
795 {
796 type et;
797 vfy_jclass k;
798
799 if (t->key != reference_type)
800 verify_fail ("programmer error in type::element_type()");
801
802 k = vfy_get_component_type (ref_getclass (t->klass));
803 if (vfy_is_primitive (k))
804 init_type_from_tag (&et, get_type_val_for_primtype (k));
805 else
806 init_type_from_class (&et, k);
807 return et;
808 }
809
810 /* Return the array type corresponding to an initialized
811 reference. We could expand this to work for other kinds of
812 types, but currently we don't need to. */
813 static type
814 type_to_array (type *t)
815 {
816 type at;
817 vfy_jclass k;
818
819 if (t->key != reference_type)
820 verify_fail ("internal error in type::to_array()");
821
822 k = ref_getclass (t->klass);
823 init_type_from_class (&at, vfy_get_array_class (k));
824 return at;
825 }
826
827 static bool
828 type_isreference (type *t)
829 {
830 return t->key >= reference_type;
831 }
832
833 static int
834 type_get_pc (type *t)
835 {
836 return t->pc;
837 }
838
839 bool
840 type_initialized (type *t)
841 {
842 return t->key == reference_type || t->key == null_type;
843 }
844
845 #if 0
846 static bool
847 type_isresolved (type *t)
848 {
849 return (t->key == reference_type
850 || t->key == null_type
851 || t->key == uninitialized_reference_type);
852 }
853 #endif
854
855 static void
856 type_verify_dimensions (type *t, int ndims)
857 {
858 /* The way this is written, we don't need to check isarray(). */
859 if (t->key != reference_type)
860 verify_fail ("internal error in verify_dimensions:"
861 " not a reference type");
862
863 if (ref_count_dimensions (t->klass) < ndims)
864 verify_fail ("array type has fewer dimensions"
865 " than required");
866 }
867
868 /* Merge OLD_TYPE into this. On error throw exception. Return
869 true if the merge caused a type change. */
870 static bool
871 merge_types (type *t, type *old_type, bool local_semantics)
872 {
873 bool changed = false;
874 bool refo = type_isreference (old_type);
875 bool refn = type_isreference (t);
876 if (refo && refn)
877 {
878 if (old_type->key == null_type)
879 ;
880 else if (t->key == null_type)
881 {
882 *t = *old_type;
883 changed = true;
884 }
885 else if (type_initialized (t) != type_initialized (old_type))
886 verify_fail ("merging initialized and uninitialized types");
887 else
888 {
889 ref_intersection *merged;
890 if (! type_initialized (t))
891 {
892 if (t->pc == UNINIT)
893 t->pc = old_type->pc;
894 else if (old_type->pc == UNINIT)
895 ;
896 else if (t->pc != old_type->pc)
897 verify_fail ("merging different uninitialized types");
898 }
899
900 merged = merge_refs (old_type->klass, t->klass);
901 if (merged != t->klass)
902 {
903 t->klass = merged;
904 changed = true;
905 }
906 }
907 }
908 else if (refo || refn || t->key != old_type->key)
909 {
910 if (local_semantics)
911 {
912 /* If we already have an `unsuitable' type, then we
913 don't need to change again. */
914 if (t->key != unsuitable_type)
915 {
916 t->key = unsuitable_type;
917 changed = true;
918 }
919 }
920 else
921 verify_fail ("unmergeable type");
922 }
923 return changed;
924 }
925
926 #ifdef VERIFY_DEBUG
927 static void
928 type_print (type *t)
929 {
930 char c = '?';
931 switch (t->key)
932 {
933 case boolean_type: c = 'Z'; break;
934 case byte_type: c = 'B'; break;
935 case char_type: c = 'C'; break;
936 case short_type: c = 'S'; break;
937 case int_type: c = 'I'; break;
938 case long_type: c = 'J'; break;
939 case float_type: c = 'F'; break;
940 case double_type: c = 'D'; break;
941 case void_type: c = 'V'; break;
942 case unsuitable_type: c = '-'; break;
943 case return_address_type: c = 'r'; break;
944 case continuation_type: c = '+'; break;
945 case reference_type: c = 'L'; break;
946 case null_type: c = '@'; break;
947 case uninitialized_reference_type: c = 'U'; break;
948 }
949 debug_print ("%c", c);
950 }
951 #endif /* VERIFY_DEBUG */
952
953 /* This class holds all the state information we need for a given
954 location. */
955 struct state
956 {
957 /* The current top of the stack, in terms of slots. */
958 int stacktop;
959 /* The current depth of the stack. This will be larger than
960 STACKTOP when wide types are on the stack. */
961 int stackdepth;
962 /* The stack. */
963 type *stack;
964 /* The local variables. */
965 type *locals;
966 /* We keep track of the type of `this' specially. This is used to
967 ensure that an instance initializer invokes another initializer
968 on `this' before returning. We must keep track of this
969 specially because otherwise we might be confused by code which
970 assigns to locals[0] (overwriting `this') and then returns
971 without really initializing. */
972 type this_type;
973
974 /* The PC for this state. This is only valid on states which are
975 permanently attached to a given PC. For an object like
976 `current_state', which is used transiently, this has no
977 meaning. */
978 int pc;
979 /* We keep a linked list of all states requiring reverification.
980 If this is the special value INVALID_STATE then this state is
981 not on the list. NULL marks the end of the linked list. */
982 state *next;
983 };
984
985 /* NO_NEXT is the PC value meaning that a new state must be
986 acquired from the verification list. */
987 #define NO_NEXT -1
988
989 #if 0
990 static void
991 init_state (state *s)
992 {
993 s->stack = NULL;
994 s->locals = NULL;
995 s->next = INVALID_STATE;
996 }
997 #endif
998
999 static void
1000 init_state_with_stack (state *s, int max_stack, int max_locals)
1001 {
1002 int i;
1003 s->stacktop = 0;
1004 s->stackdepth = 0;
1005 s->stack = (type *) vfy_alloc (max_stack * sizeof (type));
1006 for (i = 0; i < max_stack; ++i)
1007 init_type_from_tag (&s->stack[i], unsuitable_type);
1008 s->locals = (type *) vfy_alloc (max_locals * sizeof (type));
1009 for (i = 0; i < max_locals; ++i)
1010 init_type_from_tag (&s->locals[i], unsuitable_type);
1011 init_type_from_tag (&s->this_type, unsuitable_type);
1012 s->pc = NO_NEXT;
1013 s->next = INVALID_STATE;
1014 }
1015
1016 static void
1017 copy_state (state *s, state *copy, int max_stack, int max_locals)
1018 {
1019 int i;
1020 s->stacktop = copy->stacktop;
1021 s->stackdepth = copy->stackdepth;
1022 for (i = 0; i < max_stack; ++i)
1023 s->stack[i] = copy->stack[i];
1024 for (i = 0; i < max_locals; ++i)
1025 s->locals[i] = copy->locals[i];
1026
1027 s->this_type = copy->this_type;
1028 /* Don't modify `next' or `pc'. */
1029 }
1030
1031 static void
1032 copy_state_with_stack (state *s, state *orig, int max_stack, int max_locals)
1033 {
1034 init_state_with_stack (s, max_stack, max_locals);
1035 copy_state (s, orig, max_stack, max_locals);
1036 }
1037
1038 /* Allocate a new state, copying ORIG. */
1039 static state *
1040 make_state_copy (state *orig, int max_stack, int max_locals)
1041 {
1042 state *s = vfy_alloc (sizeof (state));
1043 copy_state_with_stack (s, orig, max_stack, max_locals);
1044 return s;
1045 }
1046
1047 static state *
1048 make_state (int max_stack, int max_locals)
1049 {
1050 state *s = vfy_alloc (sizeof (state));
1051 init_state_with_stack (s, max_stack, max_locals);
1052 return s;
1053 }
1054
1055 #if 0
1056 static void
1057 free_state (state *s)
1058 {
1059 if (s->stack != NULL)
1060 vfy_free (s->stack);
1061 if (s->locals != NULL)
1062 vfy_free (s->locals);
1063 }
1064 #endif
1065
1066 #if 0
1067 void *operator new[] (size_t bytes)
1068 {
1069 return vfy_alloc (bytes);
1070 }
1071
1072 void operator delete[] (void *mem)
1073 {
1074 vfy_free (mem);
1075 }
1076
1077 void *operator new (size_t bytes)
1078 {
1079 return vfy_alloc (bytes);
1080 }
1081
1082 void operator delete (void *mem)
1083 {
1084 vfy_free (mem);
1085 }
1086 #endif
1087
1088 /* Modify this state to reflect entry to an exception handler. */
1089 static void
1090 state_set_exception (state *s, type *t, int max_stack)
1091 {
1092 int i;
1093 s->stackdepth = 1;
1094 s->stacktop = 1;
1095 s->stack[0] = *t;
1096 for (i = s->stacktop; i < max_stack; ++i)
1097 init_type_from_tag (&s->stack[i], unsuitable_type);
1098 }
1099
1100 static int
1101 state_get_pc (state *s)
1102 {
1103 return s->pc;
1104 }
1105
1106 #if 0
1107 static void
1108 set_pc (state *s, int npc)
1109 {
1110 s->pc = npc;
1111 }
1112 #endif
1113
1114 /* Merge STATE_OLD into this state. Destructively modifies this
1115 state. Returns true if the new state was in fact changed.
1116 Will throw an exception if the states are not mergeable. */
1117 static bool
1118 merge_states (state *s, state *state_old, int max_locals)
1119 {
1120 int i;
1121 bool changed = false;
1122
1123 /* Special handling for `this'. If one or the other is
1124 uninitialized, then the merge is uninitialized. */
1125 if (type_initialized (&s->this_type))
1126 s->this_type = state_old->this_type;
1127
1128 /* Merge stacks. */
1129 if (state_old->stacktop != s->stacktop) /* FIXME stackdepth instead? */
1130 verify_fail ("stack sizes differ");
1131 for (i = 0; i < state_old->stacktop; ++i)
1132 {
1133 if (merge_types (&s->stack[i], &state_old->stack[i], false))
1134 changed = true;
1135 }
1136
1137 /* Merge local variables. */
1138 for (i = 0; i < max_locals; ++i)
1139 {
1140 if (merge_types (&s->locals[i], &state_old->locals[i], true))
1141 changed = true;
1142 }
1143
1144 return changed;
1145 }
1146
1147 /* Ensure that `this' has been initialized. */
1148 static void
1149 state_check_this_initialized (state *s)
1150 {
1151 if (type_isreference (&s->this_type) && ! type_initialized (&s->this_type))
1152 verify_fail ("`this' is uninitialized");
1153 }
1154
1155 /* Set type of `this'. */
1156 static void
1157 state_set_this_type (state *s, type *k)
1158 {
1159 s->this_type = *k;
1160 }
1161
1162 /* Mark each `new'd object we know of that was allocated at PC as
1163 initialized. */
1164 static void
1165 state_set_initialized (state *s, int pc, int max_locals)
1166 {
1167 int i;
1168 for (i = 0; i < s->stacktop; ++i)
1169 type_set_initialized (&s->stack[i], pc);
1170 for (i = 0; i < max_locals; ++i)
1171 type_set_initialized (&s->locals[i], pc);
1172 type_set_initialized (&s->this_type, pc);
1173 }
1174
1175 /* This tests to see whether two states can be considered "merge
1176 compatible". If both states have a return-address in the same
1177 slot, and the return addresses are different, then they are not
1178 compatible and we must not try to merge them. */
1179 static bool
1180 state_mergeable_p (state *s, state *other, int max_locals)
1181
1182 {
1183 int i;
1184
1185 /* This is tricky: if the stack sizes differ, then not only are
1186 these not mergeable, but in fact we should give an error, as
1187 we've found two execution paths that reach a branch target
1188 with different stack depths. FIXME stackdepth instead? */
1189 if (s->stacktop != other->stacktop)
1190 verify_fail ("stack sizes differ");
1191
1192 for (i = 0; i < s->stacktop; ++i)
1193 if (! type_state_mergeable_p (&s->stack[i], &other->stack[i]))
1194 return false;
1195 for (i = 0; i < max_locals; ++i)
1196 if (! type_state_mergeable_p (&s->locals[i], &other->locals[i]))
1197 return false;
1198 return true;
1199 }
1200
1201 static void
1202 state_reverify (state *s)
1203 {
1204 if (s->next == INVALID_STATE)
1205 {
1206 s->next = vfr->next_verify_state;
1207 vfr->next_verify_state = s;
1208 }
1209 }
1210
1211 #ifdef VERIFY_DEBUG
1212 static void
1213 debug_print_state (state *s, const char *leader, int pc, int max_stack,
1214 int max_locals)
1215 {
1216 int i;
1217 debug_print ("%s [%4d]: [stack] ", leader, pc);
1218 for (i = 0; i < s->stacktop; ++i)
1219 type_print (&s->stack[i]);
1220 for (; i < max_stack; ++i)
1221 debug_print (".");
1222 debug_print (" [local] ");
1223 for (i = 0; i < max_locals; ++i)
1224 type_print (&s->locals[i]);
1225 debug_print (" | %p\n", s);
1226 }
1227 #else
1228 static void
1229 debug_print_state (state *s ATTRIBUTE_UNUSED,
1230 const char *leader ATTRIBUTE_UNUSED,
1231 int pc ATTRIBUTE_UNUSED, int max_stack ATTRIBUTE_UNUSED,
1232 int max_locals ATTRIBUTE_UNUSED)
1233 {
1234 }
1235 #endif /* VERIFY_DEBUG */
1236
1237 static type
1238 pop_raw (void)
1239 {
1240 type r;
1241 state *s = vfr->current_state;
1242 if (s->stacktop <= 0)
1243 verify_fail ("stack empty");
1244 r = s->stack[--s->stacktop];
1245 s->stackdepth -= type_depth (&r);
1246 if (s->stackdepth < 0)
1247 verify_fail_pc ("stack empty", vfr->start_PC);
1248 return r;
1249 }
1250
1251 static type
1252 pop32 (void)
1253 {
1254 type r = pop_raw ();
1255 if (type_iswide (&r))
1256 verify_fail ("narrow pop of wide type");
1257 return r;
1258 }
1259
1260 static type
1261 vfy_pop_type_t (type match)
1262 {
1263 type t;
1264 vfy_promote_type (&match);
1265 t = pop_raw ();
1266 if (! types_compatible (&match, &t))
1267 verify_fail ("incompatible type on stack");
1268 return t;
1269 }
1270
1271 static type
1272 vfy_pop_type (type_val match)
1273 {
1274 type t = make_type (match);
1275 return vfy_pop_type_t (t);
1276 }
1277
1278 #define pop_type vfy_pop_type
1279 #define pop_type_t vfy_pop_type_t
1280
1281 /* Pop a reference which is guaranteed to be initialized. MATCH
1282 doesn't have to be a reference type; in this case this acts like
1283 pop_type. */
1284 static type
1285 pop_init_ref_t (type match)
1286 {
1287 type t = pop_raw ();
1288 if (type_isreference (&t) && ! type_initialized (&t))
1289 verify_fail ("initialized reference required");
1290 else if (! types_compatible (&match, &t))
1291 verify_fail ("incompatible type on stack");
1292 return t;
1293 }
1294
1295 static type
1296 pop_init_ref (type_val match)
1297 {
1298 type t = make_type (match);
1299 return pop_init_ref_t (t);
1300 }
1301
1302 /* Pop a reference type or a return address. */
1303 static type
1304 pop_ref_or_return (void)
1305 {
1306 type t = pop_raw ();
1307 if (! type_isreference (&t) && t.key != return_address_type)
1308 verify_fail ("expected reference or return address on stack");
1309 return t;
1310 }
1311
1312 static void
1313 vfy_push_type_t (type t)
1314 {
1315 int depth;
1316 state *s = vfr->current_state;
1317 /* If T is a numeric type like short, promote it to int. */
1318 promote_type (&t);
1319
1320 depth = type_depth (&t);
1321
1322 if (s->stackdepth + depth > vfr->current_method->max_stack)
1323 verify_fail ("stack overflow");
1324 s->stack[s->stacktop++] = t;
1325 s->stackdepth += depth;
1326 }
1327
1328 static void
1329 vfy_push_type (type_val tval)
1330 {
1331 type t = make_type (tval);
1332 vfy_push_type_t (t);
1333 }
1334
1335 #define push_type vfy_push_type
1336 #define push_type_t vfy_push_type_t
1337
1338 static void
1339 set_variable (int index, type t)
1340 {
1341 int depth;
1342 state *s = vfr->current_state;
1343 /* If T is a numeric type like short, promote it to int. */
1344 promote_type (&t);
1345
1346 depth = type_depth (&t);
1347 if (index > vfr->current_method->max_locals - depth)
1348 verify_fail ("invalid local variable");
1349 s->locals[index] = t;
1350
1351 if (depth == 2)
1352 init_type_from_tag (&s->locals[index + 1], continuation_type);
1353 if (index > 0 && type_iswide (&s->locals[index - 1]))
1354 init_type_from_tag (&s->locals[index - 1], unsuitable_type);
1355 }
1356
1357 static type
1358 get_variable_t (int index, type *t)
1359 {
1360 state *s = vfr->current_state;
1361 int depth = type_depth (t);
1362 if (index > vfr->current_method->max_locals - depth)
1363 verify_fail ("invalid local variable");
1364 if (! types_compatible (t, &s->locals[index]))
1365 verify_fail ("incompatible type in local variable");
1366 if (depth == 2)
1367 {
1368 type cont = make_type (continuation_type);
1369 if (! types_compatible (&s->locals[index + 1], &cont))
1370 verify_fail ("invalid local variable");
1371 }
1372 return s->locals[index];
1373 }
1374
1375 static type
1376 get_variable (int index, type_val v)
1377 {
1378 type t = make_type (v);
1379 return get_variable_t (index, &t);
1380 }
1381
1382 /* Make sure ARRAY is an array type and that its elements are
1383 compatible with type ELEMENT. Returns the actual element type. */
1384 static type
1385 require_array_type_t (type array, type element)
1386 {
1387 type t;
1388 /* An odd case. Here we just pretend that everything went ok. If
1389 the requested element type is some kind of reference, return
1390 the null type instead. */
1391 if (type_isnull (&array))
1392 return type_isreference (&element) ? make_type (null_type) : element;
1393
1394 if (! type_isarray (&array))
1395 verify_fail ("array required");
1396
1397 t = type_array_element (&array);
1398 if (! types_compatible (&element, &t))
1399 {
1400 /* Special case for byte arrays, which must also be boolean
1401 arrays. */
1402 bool ok = true;
1403 if (element.key == byte_type)
1404 {
1405 type e2 = make_type (boolean_type);
1406 ok = types_compatible (&e2, &t);
1407 }
1408 if (! ok)
1409 verify_fail ("incompatible array element type");
1410 }
1411
1412 /* Return T and not ELEMENT, because T might be specialized. */
1413 return t;
1414 }
1415
1416 static type
1417 require_array_type (type array, type_val element)
1418 {
1419 type t = make_type (element);
1420 return require_array_type_t (array, t);
1421 }
1422
1423 static jint
1424 get_byte (void)
1425 {
1426 if (vfr->PC >= vfr->current_method->code_length)
1427 verify_fail ("premature end of bytecode");
1428 return (jint) vfr->bytecode[vfr->PC++] & 0xff;
1429 }
1430
1431 static jint
1432 get_ushort (void)
1433 {
1434 jint b1 = get_byte ();
1435 jint b2 = get_byte ();
1436 return (jint) ((b1 << 8) | b2) & 0xffff;
1437 }
1438
1439 static jint
1440 get_short (void)
1441 {
1442 jint b1 = get_byte ();
1443 jint b2 = get_byte ();
1444 jshort s = (b1 << 8) | b2;
1445 return (jint) s;
1446 }
1447
1448 static jint
1449 get_int (void)
1450 {
1451 jint b1 = get_byte ();
1452 jint b2 = get_byte ();
1453 jint b3 = get_byte ();
1454 jint b4 = get_byte ();
1455 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1456 }
1457
1458 static int
1459 compute_jump (int offset)
1460 {
1461 int npc = vfr->start_PC + offset;
1462 if (npc < 0 || npc >= vfr->current_method->code_length)
1463 verify_fail_pc ("branch out of range", vfr->start_PC);
1464 return npc;
1465 }
1466
1467 /* Add a new state to the state list at NPC. */
1468 static state *
1469 add_new_state (int npc, state *old_state)
1470 {
1471 state_list *nlink;
1472 vfy_method *current_method = vfr->current_method;
1473 state *new_state = make_state_copy (old_state, current_method->max_stack,
1474 current_method->max_locals);
1475 debug_print ("== New state in add_new_state\n");
1476 debug_print_state (new_state, "New", npc, current_method->max_stack,
1477 current_method->max_locals);
1478
1479 nlink = vfy_alloc (sizeof (state_list));
1480 nlink->val = new_state;
1481 nlink->next = vfr->states[npc];
1482 vfr->states[npc] = nlink;
1483 new_state->pc = npc;
1484 return new_state;
1485 }
1486
1487 /* Merge the indicated state into the state at the branch target and
1488 schedule a new PC if there is a change. NPC is the PC of the
1489 branch target, and FROM_STATE is the state at the source of the
1490 branch. This method returns true if the destination state
1491 changed and requires reverification, false otherwise. */
1492 static void
1493 merge_into (int npc, state *from_state)
1494 {
1495 /* Iterate over all target states and merge our state into each,
1496 if applicable. FIXME one improvement we could make here is
1497 "state destruction". Merging a new state into an existing one
1498 might cause a return_address_type to be merged to
1499 unsuitable_type. In this case the resulting state may now be
1500 mergeable with other states currently held in parallel at this
1501 location. So in this situation we could pairwise compare and
1502 reduce the number of parallel states. */
1503 state_list *iter;
1504 bool applicable = false;
1505 for (iter = vfr->states[npc]; iter != NULL; iter = iter->next)
1506 {
1507 state *new_state = iter->val;
1508 vfy_method *current_method = vfr->current_method;
1509
1510 if (state_mergeable_p (new_state, from_state,
1511 current_method->max_locals))
1512 {
1513 bool changed;
1514 applicable = true;
1515
1516 debug_print ("== Merge states in merge_into\n");
1517 debug_print_state (from_state, "Frm", vfr->start_PC, current_method->max_stack,
1518 current_method->max_locals);
1519 debug_print_state (new_state, " To", npc, current_method->max_stack,
1520 current_method->max_locals);
1521 changed = merge_states (new_state, from_state,
1522 current_method->max_locals);
1523 debug_print_state (new_state, "New", npc, current_method->max_stack,
1524 current_method->max_locals);
1525
1526 if (changed)
1527 state_reverify (new_state);
1528 }
1529 }
1530
1531 if (! applicable)
1532 {
1533 /* Either we don't yet have a state at NPC, or we have a
1534 return-address type that is in conflict with all existing
1535 state. So, we need to create a new entry. */
1536 state *new_state = add_new_state (npc, from_state);
1537 /* A new state added in this way must always be reverified. */
1538 state_reverify (new_state);
1539 }
1540 }
1541
1542 static void
1543 push_jump (int offset)
1544 {
1545 int npc = compute_jump (offset);
1546 /* According to the JVM Spec, we need to check for uninitialized
1547 objects here. However, this does not actually affect type
1548 safety, and the Eclipse java compiler generates code that
1549 violates this constraint. */
1550 merge_into (npc, vfr->current_state);
1551 }
1552
1553 static void
1554 push_exception_jump (type t, int pc)
1555 {
1556 state s;
1557 /* According to the JVM Spec, we need to check for uninitialized
1558 objects here. However, this does not actually affect type
1559 safety, and the Eclipse java compiler generates code that
1560 violates this constraint. */
1561 copy_state_with_stack (&s, vfr->current_state,
1562 vfr->current_method->max_stack,
1563 vfr->current_method->max_locals);
1564 if (vfr->current_method->max_stack < 1)
1565 verify_fail ("stack overflow at exception handler");
1566 state_set_exception (&s, &t, vfr->current_method->max_stack);
1567 merge_into (pc, &s);
1568 /* FIXME: leak.. need free_state or GC */
1569 }
1570
1571 static state *
1572 pop_jump (void)
1573 {
1574 state *new_state = vfr->next_verify_state;
1575 if (new_state == INVALID_STATE)
1576 verify_fail ("programmer error in pop_jump");
1577 if (new_state != NULL)
1578 {
1579 vfr->next_verify_state = new_state->next;
1580 new_state->next = INVALID_STATE;
1581 }
1582 return new_state;
1583 }
1584
1585 static void
1586 invalidate_pc (void)
1587 {
1588 vfr->PC = NO_NEXT;
1589 }
1590
1591 static void
1592 note_branch_target (int pc)
1593 {
1594 /* Don't check `pc <= PC', because we've advanced PC after
1595 fetching the target and we haven't yet checked the next
1596 instruction. */
1597 if (pc < vfr->PC && ! (vfr->flags[pc] & FLAG_INSN_START))
1598 verify_fail_pc ("branch not to instruction start", vfr->start_PC);
1599 vfr->flags[pc] |= FLAG_BRANCH_TARGET;
1600 }
1601
1602 static void
1603 skip_padding (void)
1604 {
1605 while ((vfr->PC % 4) > 0)
1606 if (get_byte () != 0)
1607 verify_fail ("found nonzero padding byte");
1608 }
1609
1610 /* Do the work for a `ret' instruction. INDEX is the index into the
1611 local variables. */
1612 static void
1613 handle_ret_insn (int index)
1614 {
1615 type ret = make_type (return_address_type);
1616 type ret_addr = get_variable_t (index, &ret);
1617 /* It would be nice if we could do this. However, the JVM Spec
1618 doesn't say that this is what happens. It is implied that
1619 reusing a return address is invalid, but there's no actual
1620 prohibition against it. */
1621 /* set_variable (index, unsuitable_type); */
1622
1623 int npc = type_get_pc (&ret_addr);
1624 /* We might be returning to a `jsr' that is at the end of the
1625 bytecode. This is ok if we never return from the called
1626 subroutine, but if we see this here it is an error. */
1627 if (npc >= vfr->current_method->code_length)
1628 verify_fail ("fell off end");
1629
1630 /* According to the JVM Spec, we need to check for uninitialized
1631 objects here. However, this does not actually affect type
1632 safety, and the Eclipse java compiler generates code that
1633 violates this constraint. */
1634 merge_into (npc, vfr->current_state);
1635 invalidate_pc ();
1636 }
1637
1638 static void handle_jsr_insn (int offset)
1639 {
1640 type ret_addr;
1641 int npc = compute_jump (offset);
1642
1643 /* According to the JVM Spec, we need to check for uninitialized
1644 objects here. However, this does not actually affect type
1645 safety, and the Eclipse java compiler generates code that
1646 violates this constraint. */
1647
1648 /* Modify our state as appropriate for entry into a subroutine. */
1649 ret_addr = make_type (return_address_type);
1650 type_set_return_address (&ret_addr, vfr->PC);
1651 vfy_push_type_t (ret_addr);
1652 merge_into (npc, vfr->current_state);
1653 invalidate_pc ();
1654 }
1655
1656 static vfy_jclass
1657 construct_primitive_array_type (type_val prim)
1658 {
1659 vfy_jclass k = NULL;
1660 switch (prim)
1661 {
1662 case boolean_type:
1663 case char_type:
1664 case float_type:
1665 case double_type:
1666 case byte_type:
1667 case short_type:
1668 case int_type:
1669 case long_type:
1670 k = vfy_get_primitive_type ((int) prim);
1671 break;
1672
1673 /* These aren't used here but we call them out to avoid
1674 warnings. */
1675 case void_type:
1676 case unsuitable_type:
1677 case return_address_type:
1678 case continuation_type:
1679 case reference_type:
1680 case null_type:
1681 case uninitialized_reference_type:
1682 default:
1683 verify_fail ("unknown type in construct_primitive_array_type");
1684 }
1685 k = vfy_get_array_class (k);
1686 return k;
1687 }
1688
1689 /* This pass computes the location of branch targets and also
1690 instruction starts. */
1691 static void
1692 branch_prepass (void)
1693 {
1694 int i, pc;
1695 vfr->flags = (char *) vfy_alloc (vfr->current_method->code_length);
1696
1697 for (i = 0; i < vfr->current_method->code_length; ++i)
1698 vfr->flags[i] = 0;
1699
1700 vfr->PC = 0;
1701 while (vfr->PC < vfr->current_method->code_length)
1702 {
1703 java_opcode opcode;
1704 /* Set `start_PC' early so that error checking can have the
1705 correct value. */
1706 vfr->start_PC = vfr->PC;
1707 vfr->flags[vfr->PC] |= FLAG_INSN_START;
1708
1709 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
1710 switch (opcode)
1711 {
1712 case op_nop:
1713 case op_aconst_null:
1714 case op_iconst_m1:
1715 case op_iconst_0:
1716 case op_iconst_1:
1717 case op_iconst_2:
1718 case op_iconst_3:
1719 case op_iconst_4:
1720 case op_iconst_5:
1721 case op_lconst_0:
1722 case op_lconst_1:
1723 case op_fconst_0:
1724 case op_fconst_1:
1725 case op_fconst_2:
1726 case op_dconst_0:
1727 case op_dconst_1:
1728 case op_iload_0:
1729 case op_iload_1:
1730 case op_iload_2:
1731 case op_iload_3:
1732 case op_lload_0:
1733 case op_lload_1:
1734 case op_lload_2:
1735 case op_lload_3:
1736 case op_fload_0:
1737 case op_fload_1:
1738 case op_fload_2:
1739 case op_fload_3:
1740 case op_dload_0:
1741 case op_dload_1:
1742 case op_dload_2:
1743 case op_dload_3:
1744 case op_aload_0:
1745 case op_aload_1:
1746 case op_aload_2:
1747 case op_aload_3:
1748 case op_iaload:
1749 case op_laload:
1750 case op_faload:
1751 case op_daload:
1752 case op_aaload:
1753 case op_baload:
1754 case op_caload:
1755 case op_saload:
1756 case op_istore_0:
1757 case op_istore_1:
1758 case op_istore_2:
1759 case op_istore_3:
1760 case op_lstore_0:
1761 case op_lstore_1:
1762 case op_lstore_2:
1763 case op_lstore_3:
1764 case op_fstore_0:
1765 case op_fstore_1:
1766 case op_fstore_2:
1767 case op_fstore_3:
1768 case op_dstore_0:
1769 case op_dstore_1:
1770 case op_dstore_2:
1771 case op_dstore_3:
1772 case op_astore_0:
1773 case op_astore_1:
1774 case op_astore_2:
1775 case op_astore_3:
1776 case op_iastore:
1777 case op_lastore:
1778 case op_fastore:
1779 case op_dastore:
1780 case op_aastore:
1781 case op_bastore:
1782 case op_castore:
1783 case op_sastore:
1784 case op_pop:
1785 case op_pop2:
1786 case op_dup:
1787 case op_dup_x1:
1788 case op_dup_x2:
1789 case op_dup2:
1790 case op_dup2_x1:
1791 case op_dup2_x2:
1792 case op_swap:
1793 case op_iadd:
1794 case op_isub:
1795 case op_imul:
1796 case op_idiv:
1797 case op_irem:
1798 case op_ishl:
1799 case op_ishr:
1800 case op_iushr:
1801 case op_iand:
1802 case op_ior:
1803 case op_ixor:
1804 case op_ladd:
1805 case op_lsub:
1806 case op_lmul:
1807 case op_ldiv:
1808 case op_lrem:
1809 case op_lshl:
1810 case op_lshr:
1811 case op_lushr:
1812 case op_land:
1813 case op_lor:
1814 case op_lxor:
1815 case op_fadd:
1816 case op_fsub:
1817 case op_fmul:
1818 case op_fdiv:
1819 case op_frem:
1820 case op_dadd:
1821 case op_dsub:
1822 case op_dmul:
1823 case op_ddiv:
1824 case op_drem:
1825 case op_ineg:
1826 case op_i2b:
1827 case op_i2c:
1828 case op_i2s:
1829 case op_lneg:
1830 case op_fneg:
1831 case op_dneg:
1832 case op_i2l:
1833 case op_i2f:
1834 case op_i2d:
1835 case op_l2i:
1836 case op_l2f:
1837 case op_l2d:
1838 case op_f2i:
1839 case op_f2l:
1840 case op_f2d:
1841 case op_d2i:
1842 case op_d2l:
1843 case op_d2f:
1844 case op_lcmp:
1845 case op_fcmpl:
1846 case op_fcmpg:
1847 case op_dcmpl:
1848 case op_dcmpg:
1849 case op_monitorenter:
1850 case op_monitorexit:
1851 case op_ireturn:
1852 case op_lreturn:
1853 case op_freturn:
1854 case op_dreturn:
1855 case op_areturn:
1856 case op_return:
1857 case op_athrow:
1858 case op_arraylength:
1859 break;
1860
1861 case op_bipush:
1862 case op_ldc:
1863 case op_iload:
1864 case op_lload:
1865 case op_fload:
1866 case op_dload:
1867 case op_aload:
1868 case op_istore:
1869 case op_lstore:
1870 case op_fstore:
1871 case op_dstore:
1872 case op_astore:
1873 case op_ret:
1874 case op_newarray:
1875 get_byte ();
1876 break;
1877
1878 case op_iinc:
1879 case op_sipush:
1880 case op_ldc_w:
1881 case op_ldc2_w:
1882 case op_getstatic:
1883 case op_getfield:
1884 case op_putfield:
1885 case op_putstatic:
1886 case op_new:
1887 case op_anewarray:
1888 case op_instanceof:
1889 case op_checkcast:
1890 case op_invokespecial:
1891 case op_invokestatic:
1892 case op_invokevirtual:
1893 get_short ();
1894 break;
1895
1896 case op_multianewarray:
1897 get_short ();
1898 get_byte ();
1899 break;
1900
1901 case op_jsr:
1902 case op_ifeq:
1903 case op_ifne:
1904 case op_iflt:
1905 case op_ifge:
1906 case op_ifgt:
1907 case op_ifle:
1908 case op_if_icmpeq:
1909 case op_if_icmpne:
1910 case op_if_icmplt:
1911 case op_if_icmpge:
1912 case op_if_icmpgt:
1913 case op_if_icmple:
1914 case op_if_acmpeq:
1915 case op_if_acmpne:
1916 case op_ifnull:
1917 case op_ifnonnull:
1918 case op_goto:
1919 note_branch_target (compute_jump (get_short ()));
1920 break;
1921
1922 case op_tableswitch:
1923 {
1924 jint low, hi;
1925 skip_padding ();
1926 note_branch_target (compute_jump (get_int ()));
1927 low = get_int ();
1928 hi = get_int ();
1929 if (low > hi)
1930 verify_fail_pc ("invalid tableswitch", vfr->start_PC);
1931 for (i = low; i <= hi; ++i)
1932 note_branch_target (compute_jump (get_int ()));
1933 }
1934 break;
1935
1936 case op_lookupswitch:
1937 {
1938 int npairs;
1939 skip_padding ();
1940 note_branch_target (compute_jump (get_int ()));
1941 npairs = get_int ();
1942 if (npairs < 0)
1943 verify_fail_pc ("too few pairs in lookupswitch", vfr->start_PC);
1944 while (npairs-- > 0)
1945 {
1946 get_int ();
1947 note_branch_target (compute_jump (get_int ()));
1948 }
1949 }
1950 break;
1951
1952 case op_invokeinterface:
1953 get_short ();
1954 get_byte ();
1955 get_byte ();
1956 break;
1957
1958 case op_wide:
1959 {
1960 opcode = (java_opcode) get_byte ();
1961 get_short ();
1962 if (opcode == op_iinc)
1963 get_short ();
1964 }
1965 break;
1966
1967 case op_jsr_w:
1968 case op_goto_w:
1969 note_branch_target (compute_jump (get_int ()));
1970 break;
1971
1972 #if 0
1973 /* These are unused here, but we call them out explicitly
1974 so that -Wswitch-enum doesn't complain. */
1975 case op_putfield_1:
1976 case op_putfield_2:
1977 case op_putfield_4:
1978 case op_putfield_8:
1979 case op_putfield_a:
1980 case op_putstatic_1:
1981 case op_putstatic_2:
1982 case op_putstatic_4:
1983 case op_putstatic_8:
1984 case op_putstatic_a:
1985 case op_getfield_1:
1986 case op_getfield_2s:
1987 case op_getfield_2u:
1988 case op_getfield_4:
1989 case op_getfield_8:
1990 case op_getfield_a:
1991 case op_getstatic_1:
1992 case op_getstatic_2s:
1993 case op_getstatic_2u:
1994 case op_getstatic_4:
1995 case op_getstatic_8:
1996 case op_getstatic_a:
1997 #endif /* VFY_FAST_OPCODES */
1998 default:
1999 verify_fail_pc ("unrecognized instruction in branch_prepass",
2000 vfr->start_PC);
2001 }
2002
2003 /* See if any previous branch tried to branch to the middle of
2004 this instruction. */
2005 for (pc = vfr->start_PC + 1; pc < vfr->PC; ++pc)
2006 {
2007 if ((vfr->flags[pc] & FLAG_BRANCH_TARGET))
2008 verify_fail_pc ("branch to middle of instruction", pc);
2009 }
2010 }
2011
2012 /* Verify exception handlers. */
2013 for (i = 0; i < vfr->current_method->exc_count; ++i)
2014 {
2015 int handler, start, end, htype;
2016 vfy_get_exception (vfr->exception, i, &handler, &start, &end, &htype);
2017 if (! (vfr->flags[handler] & FLAG_INSN_START))
2018 verify_fail_pc ("exception handler not at instruction start",
2019 handler);
2020 if (! (vfr->flags[start] & FLAG_INSN_START))
2021 verify_fail_pc ("exception start not at instruction start", start);
2022 if (end != vfr->current_method->code_length
2023 && ! (vfr->flags[end] & FLAG_INSN_START))
2024 verify_fail_pc ("exception end not at instruction start", end);
2025
2026 vfr->flags[handler] |= FLAG_BRANCH_TARGET;
2027 }
2028 }
2029
2030 static void
2031 check_pool_index (int index)
2032 {
2033 if (index < 0 || index >= vfy_get_constants_size (vfr->current_class))
2034 verify_fail_pc ("constant pool index out of range", vfr->start_PC);
2035 }
2036
2037 static type
2038 check_class_constant (int index)
2039 {
2040 type t;
2041 vfy_constants *pool;
2042
2043 check_pool_index (index);
2044 pool = vfy_get_constants (vfr->current_class);
2045 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
2046 init_type_from_class (&t, vfy_get_pool_class (pool, index));
2047 else if (vfy_tag (pool, index) == JV_CONSTANT_Class)
2048 init_type_from_string (&t, vfy_get_pool_string (pool, index));
2049 else
2050 verify_fail_pc ("expected class constant", vfr->start_PC);
2051 return t;
2052 }
2053
2054 static type
2055 check_constant (int index)
2056 {
2057 type t;
2058 vfy_constants *pool;
2059
2060 check_pool_index (index);
2061 pool = vfy_get_constants (vfr->current_class);
2062 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedString
2063 || vfy_tag (pool, index) == JV_CONSTANT_String)
2064 init_type_from_class (&t, vfy_string_type ());
2065 else if (vfy_tag (pool, index) == JV_CONSTANT_Integer)
2066 init_type_from_tag (&t, int_type);
2067 else if (vfy_tag (pool, index) == JV_CONSTANT_Float)
2068 init_type_from_tag (&t, float_type);
2069 else
2070 verify_fail_pc ("String, int, or float constant expected", vfr->start_PC);
2071 return t;
2072 }
2073
2074 static type
2075 check_wide_constant (int index)
2076 {
2077 type t;
2078 vfy_constants *pool;
2079
2080 check_pool_index (index);
2081 pool = vfy_get_constants (vfr->current_class);
2082 if (vfy_tag (pool, index) == JV_CONSTANT_Long)
2083 init_type_from_tag (&t, long_type);
2084 else if (vfy_tag (pool, index) == JV_CONSTANT_Double)
2085 init_type_from_tag (&t, double_type);
2086 else
2087 verify_fail_pc ("long or double constant expected", vfr->start_PC);
2088 return t;
2089 }
2090
2091 /* Helper for both field and method. These are laid out the same in
2092 the constant pool. */
2093 static type
2094 handle_field_or_method (int index, int expected,
2095 vfy_string *name, vfy_string *fmtype)
2096 {
2097 vfy_uint_16 class_index, name_and_type_index;
2098 vfy_uint_16 name_index, desc_index;
2099 vfy_constants *pool;
2100
2101 check_pool_index (index);
2102 pool = vfy_get_constants (vfr->current_class);
2103 if (vfy_tag (pool, index) != expected)
2104 verify_fail_pc ("didn't see expected constant", vfr->start_PC);
2105 /* Once we know we have a Fieldref or Methodref we assume that it
2106 is correctly laid out in the constant pool. I think the code
2107 in defineclass.cc guarantees this. */
2108 vfy_load_indexes (pool, index, &class_index, &name_and_type_index);
2109 vfy_load_indexes (pool, name_and_type_index, &name_index, &desc_index);
2110
2111 *name = vfy_get_pool_string (pool, name_index);
2112 *fmtype = vfy_get_pool_string (pool, desc_index);
2113
2114 return check_class_constant (class_index);
2115 }
2116
2117 /* Return field's type, compute class' type if requested. */
2118 static type
2119 check_field_constant (int index, type *class_type)
2120 {
2121 vfy_string name, field_type;
2122 const char *typec;
2123 int len;
2124 type t;
2125
2126 type ct = handle_field_or_method (index,
2127 JV_CONSTANT_Fieldref,
2128 &name, &field_type);
2129 if (class_type)
2130 *class_type = ct;
2131 typec = vfy_string_bytes (field_type);
2132 len = vfy_string_length (field_type);
2133 if (typec[0] == '[' || typec[0] == 'L')
2134 init_type_from_string (&t, field_type);
2135 else
2136 init_type_from_tag (&t, get_type_val_for_signature (typec[0]));
2137 return t;
2138 }
2139
2140 static type
2141 check_method_constant (int index, bool is_interface,
2142 vfy_string *method_name,
2143 vfy_string *method_signature)
2144 {
2145 return handle_field_or_method (index,
2146 (is_interface
2147 ? JV_CONSTANT_InterfaceMethodref
2148 : JV_CONSTANT_Methodref),
2149 method_name, method_signature);
2150 }
2151
2152 static char *
2153 get_one_type (char *p, type *t)
2154 {
2155 const char *start = p;
2156 vfy_jclass k;
2157 type_val rt;
2158 char v;
2159
2160 int arraycount = 0;
2161 while (*p == '[')
2162 {
2163 ++arraycount;
2164 ++p;
2165 }
2166
2167 v = *p++;
2168
2169 if (v == 'L')
2170 {
2171 vfy_string name;
2172 while (*p != ';')
2173 ++p;
2174 ++p;
2175 name = vfy_get_string (start, p - start);
2176 *t = make_type_from_string (name);
2177 return p;
2178 }
2179
2180 /* Casting to jchar here is ok since we are looking at an ASCII
2181 character. */
2182 rt = get_type_val_for_signature (v);
2183
2184 if (arraycount == 0)
2185 {
2186 /* Callers of this function eventually push their arguments on
2187 the stack. So, promote them here. */
2188 type new_t = make_type (rt);
2189 vfy_promote_type (&new_t);
2190 *t = new_t;
2191 return p;
2192 }
2193
2194 k = construct_primitive_array_type (rt);
2195 while (--arraycount > 0)
2196 k = vfy_get_array_class (k);
2197 *t = make_type_from_class (k);
2198 return p;
2199 }
2200
2201 static void
2202 compute_argument_types (vfy_string signature, type *types)
2203 {
2204 int i;
2205 char *p = (char *) vfy_string_bytes (signature);
2206
2207 /* Skip `('. */
2208 ++p;
2209
2210 i = 0;
2211 while (*p != ')')
2212 p = get_one_type (p, &types[i++]);
2213 }
2214
2215 static type
2216 compute_return_type (vfy_string signature)
2217 {
2218 char *p = (char *) vfy_string_bytes (signature);
2219 type t;
2220 while (*p != ')')
2221 ++p;
2222 ++p;
2223 get_one_type (p, &t);
2224 return t;
2225 }
2226
2227 static void
2228 check_return_type (type onstack)
2229 {
2230 type rt = compute_return_type (vfy_get_signature (vfr->current_method));
2231 if (! types_compatible (&rt, &onstack))
2232 verify_fail ("incompatible return type");
2233 }
2234
2235 /* Initialize the stack for the new method. Returns true if this
2236 method is an instance initializer. */
2237 static bool
2238 initialize_stack (void)
2239 {
2240 int arg_count, i;
2241 int var = 0;
2242 bool is_init = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2243 vfy_init_name());
2244 bool is_clinit = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2245 vfy_clinit_name());
2246
2247 if (! vfy_is_static (vfr->current_method))
2248 {
2249 type kurr = make_type_from_class (vfr->current_class);
2250 if (is_init)
2251 {
2252 type_set_uninitialized (&kurr, SELF);
2253 is_init = true;
2254 }
2255 else if (is_clinit)
2256 verify_fail ("<clinit> method must be static");
2257 set_variable (0, kurr);
2258 state_set_this_type (vfr->current_state, &kurr);
2259 ++var;
2260 }
2261 else
2262 {
2263 if (is_init)
2264 verify_fail ("<init> method must be non-static");
2265 }
2266
2267 /* We have to handle wide arguments specially here. */
2268 arg_count = vfy_count_arguments (vfy_get_signature (vfr->current_method));
2269 {
2270 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2271 compute_argument_types (vfy_get_signature (vfr->current_method), arg_types);
2272 for (i = 0; i < arg_count; ++i)
2273 {
2274 set_variable (var, arg_types[i]);
2275 ++var;
2276 if (type_iswide (&arg_types[i]))
2277 ++var;
2278 }
2279 vfy_free (arg_types);
2280 }
2281
2282 return is_init;
2283 }
2284
2285 static void
2286 verify_instructions_0 (void)
2287 {
2288 int i;
2289 bool this_is_init;
2290
2291 vfr->current_state = make_state (vfr->current_method->max_stack,
2292 vfr->current_method->max_locals);
2293
2294 vfr->PC = 0;
2295 vfr->start_PC = 0;
2296
2297 /* True if we are verifying an instance initializer. */
2298 this_is_init = initialize_stack ();
2299
2300 vfr->states = (state_list **) vfy_alloc (sizeof (state_list *)
2301 * vfr->current_method->code_length);
2302
2303 for (i = 0; i < vfr->current_method->code_length; ++i)
2304 vfr->states[i] = NULL;
2305
2306 vfr->next_verify_state = NULL;
2307
2308 while (true)
2309 {
2310 java_opcode opcode;
2311
2312 /* If the PC was invalidated, get a new one from the work list. */
2313 if (vfr->PC == NO_NEXT)
2314 {
2315 state *new_state = pop_jump ();
2316 /* If it is null, we're done. */
2317 if (new_state == NULL)
2318 break;
2319
2320 vfr->PC = state_get_pc (new_state);
2321 debug_print ("== State pop from pending list\n");
2322 /* Set up the current state. */
2323 copy_state (vfr->current_state, new_state,
2324 vfr->current_method->max_stack, vfr->current_method->max_locals);
2325 }
2326 else
2327 {
2328 /* We only have to do this checking in the situation where
2329 control flow falls through from the previous
2330 instruction. Otherwise merging is done at the time we
2331 push the branch. */
2332 if (vfr->states[vfr->PC] != NULL)
2333 {
2334 /* We've already visited this instruction. So merge
2335 the states together. It is simplest, but not most
2336 efficient, to just always invalidate the PC here. */
2337 merge_into (vfr->PC, vfr->current_state);
2338 invalidate_pc ();
2339 continue;
2340 }
2341 }
2342
2343 /* Control can't fall off the end of the bytecode. We need to
2344 check this in both cases, not just the fall-through case,
2345 because we don't check to see whether a `jsr' appears at
2346 the end of the bytecode until we process a `ret'. */
2347 if (vfr->PC >= vfr->current_method->code_length)
2348 verify_fail ("fell off end");
2349 vfr->flags[vfr->PC] |= FLAG_INSN_SEEN;
2350
2351 /* We only have to keep saved state at branch targets. If
2352 we're at a branch target and the state here hasn't been set
2353 yet, we set it now. You might notice that `ret' targets
2354 won't necessarily have FLAG_BRANCH_TARGET set. This
2355 doesn't matter, since those states will be filled in by
2356 merge_into. */
2357 /* Note that other parts of the compiler assume that there is a
2358 label with a type map at PC=0. */
2359 if (vfr->states[vfr->PC] == NULL
2360 && (vfr->PC == 0 || (vfr->flags[vfr->PC] & FLAG_BRANCH_TARGET) != 0))
2361 add_new_state (vfr->PC, vfr->current_state);
2362
2363 /* Set this before handling exceptions so that debug output is
2364 sane. */
2365 vfr->start_PC = vfr->PC;
2366
2367 /* Update states for all active exception handlers. Ordinarily
2368 there are not many exception handlers. So we simply run
2369 through them all. */
2370 for (i = 0; i < vfr->current_method->exc_count; ++i)
2371 {
2372 int hpc, start, end, htype;
2373 vfy_get_exception (vfr->exception, i, &hpc, &start, &end, &htype);
2374 if (vfr->PC >= start && vfr->PC < end)
2375 {
2376 type handler = make_type_from_class (vfy_throwable_type ());
2377 if (htype != 0)
2378 handler = check_class_constant (htype);
2379 push_exception_jump (handler, hpc);
2380 }
2381 }
2382
2383
2384 debug_print_state (vfr->current_state, " ", vfr->PC,
2385 vfr->current_method->max_stack,
2386 vfr->current_method->max_locals);
2387 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
2388 switch (opcode)
2389 {
2390 case op_nop:
2391 break;
2392
2393 case op_aconst_null:
2394 push_type (null_type);
2395 break;
2396
2397 case op_iconst_m1:
2398 case op_iconst_0:
2399 case op_iconst_1:
2400 case op_iconst_2:
2401 case op_iconst_3:
2402 case op_iconst_4:
2403 case op_iconst_5:
2404 push_type (int_type);
2405 break;
2406
2407 case op_lconst_0:
2408 case op_lconst_1:
2409 push_type (long_type);
2410 break;
2411
2412 case op_fconst_0:
2413 case op_fconst_1:
2414 case op_fconst_2:
2415 push_type (float_type);
2416 break;
2417
2418 case op_dconst_0:
2419 case op_dconst_1:
2420 push_type (double_type);
2421 break;
2422
2423 case op_bipush:
2424 get_byte ();
2425 push_type (int_type);
2426 break;
2427
2428 case op_sipush:
2429 get_short ();
2430 push_type (int_type);
2431 break;
2432
2433 case op_ldc:
2434 push_type_t (check_constant (get_byte ()));
2435 break;
2436 case op_ldc_w:
2437 push_type_t (check_constant (get_ushort ()));
2438 break;
2439 case op_ldc2_w:
2440 push_type_t (check_wide_constant (get_ushort ()));
2441 break;
2442
2443 case op_iload:
2444 push_type_t (get_variable (get_byte (), int_type));
2445 break;
2446 case op_lload:
2447 push_type_t (get_variable (get_byte (), long_type));
2448 break;
2449 case op_fload:
2450 push_type_t (get_variable (get_byte (), float_type));
2451 break;
2452 case op_dload:
2453 push_type_t (get_variable (get_byte (), double_type));
2454 break;
2455 case op_aload:
2456 push_type_t (get_variable (get_byte (), reference_type));
2457 break;
2458
2459 case op_iload_0:
2460 case op_iload_1:
2461 case op_iload_2:
2462 case op_iload_3:
2463 push_type_t (get_variable (opcode - op_iload_0, int_type));
2464 break;
2465 case op_lload_0:
2466 case op_lload_1:
2467 case op_lload_2:
2468 case op_lload_3:
2469 push_type_t (get_variable (opcode - op_lload_0, long_type));
2470 break;
2471 case op_fload_0:
2472 case op_fload_1:
2473 case op_fload_2:
2474 case op_fload_3:
2475 push_type_t (get_variable (opcode - op_fload_0, float_type));
2476 break;
2477 case op_dload_0:
2478 case op_dload_1:
2479 case op_dload_2:
2480 case op_dload_3:
2481 push_type_t (get_variable (opcode - op_dload_0, double_type));
2482 break;
2483 case op_aload_0:
2484 case op_aload_1:
2485 case op_aload_2:
2486 case op_aload_3:
2487 push_type_t (get_variable (opcode - op_aload_0, reference_type));
2488 break;
2489 case op_iaload:
2490 pop_type (int_type);
2491 push_type_t (require_array_type (pop_init_ref (reference_type),
2492 int_type));
2493 break;
2494 case op_laload:
2495 pop_type (int_type);
2496 push_type_t (require_array_type (pop_init_ref (reference_type),
2497 long_type));
2498 break;
2499 case op_faload:
2500 pop_type (int_type);
2501 push_type_t (require_array_type (pop_init_ref (reference_type),
2502 float_type));
2503 break;
2504 case op_daload:
2505 pop_type (int_type);
2506 push_type_t (require_array_type (pop_init_ref (reference_type),
2507 double_type));
2508 break;
2509 case op_aaload:
2510 pop_type (int_type);
2511 push_type_t (require_array_type (pop_init_ref (reference_type),
2512 reference_type));
2513 break;
2514 case op_baload:
2515 pop_type (int_type);
2516 require_array_type (pop_init_ref (reference_type), byte_type);
2517 push_type (int_type);
2518 break;
2519 case op_caload:
2520 pop_type (int_type);
2521 require_array_type (pop_init_ref (reference_type), char_type);
2522 push_type (int_type);
2523 break;
2524 case op_saload:
2525 pop_type (int_type);
2526 require_array_type (pop_init_ref (reference_type), short_type);
2527 push_type (int_type);
2528 break;
2529 case op_istore:
2530 set_variable (get_byte (), pop_type (int_type));
2531 break;
2532 case op_lstore:
2533 set_variable (get_byte (), pop_type (long_type));
2534 break;
2535 case op_fstore:
2536 set_variable (get_byte (), pop_type (float_type));
2537 break;
2538 case op_dstore:
2539 set_variable (get_byte (), pop_type (double_type));
2540 break;
2541 case op_astore:
2542 set_variable (get_byte (), pop_ref_or_return ());
2543 break;
2544 case op_istore_0:
2545 case op_istore_1:
2546 case op_istore_2:
2547 case op_istore_3:
2548 set_variable (opcode - op_istore_0, pop_type (int_type));
2549 break;
2550 case op_lstore_0:
2551 case op_lstore_1:
2552 case op_lstore_2:
2553 case op_lstore_3:
2554 set_variable (opcode - op_lstore_0, pop_type (long_type));
2555 break;
2556 case op_fstore_0:
2557 case op_fstore_1:
2558 case op_fstore_2:
2559 case op_fstore_3:
2560 set_variable (opcode - op_fstore_0, pop_type (float_type));
2561 break;
2562 case op_dstore_0:
2563 case op_dstore_1:
2564 case op_dstore_2:
2565 case op_dstore_3:
2566 set_variable (opcode - op_dstore_0, pop_type (double_type));
2567 break;
2568 case op_astore_0:
2569 case op_astore_1:
2570 case op_astore_2:
2571 case op_astore_3:
2572 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2573 break;
2574 case op_iastore:
2575 pop_type (int_type);
2576 pop_type (int_type);
2577 require_array_type (pop_init_ref (reference_type), int_type);
2578 break;
2579 case op_lastore:
2580 pop_type (long_type);
2581 pop_type (int_type);
2582 require_array_type (pop_init_ref (reference_type), long_type);
2583 break;
2584 case op_fastore:
2585 pop_type (float_type);
2586 pop_type (int_type);
2587 require_array_type (pop_init_ref (reference_type), float_type);
2588 break;
2589 case op_dastore:
2590 pop_type (double_type);
2591 pop_type (int_type);
2592 require_array_type (pop_init_ref (reference_type), double_type);
2593 break;
2594 case op_aastore:
2595 pop_type (reference_type);
2596 pop_type (int_type);
2597 require_array_type (pop_init_ref (reference_type), reference_type);
2598 break;
2599 case op_bastore:
2600 pop_type (int_type);
2601 pop_type (int_type);
2602 require_array_type (pop_init_ref (reference_type), byte_type);
2603 break;
2604 case op_castore:
2605 pop_type (int_type);
2606 pop_type (int_type);
2607 require_array_type (pop_init_ref (reference_type), char_type);
2608 break;
2609 case op_sastore:
2610 pop_type (int_type);
2611 pop_type (int_type);
2612 require_array_type (pop_init_ref (reference_type), short_type);
2613 break;
2614 case op_pop:
2615 pop32 ();
2616 break;
2617 case op_pop2:
2618 {
2619 type t = pop_raw ();
2620 if (! type_iswide (&t))
2621 pop32 ();
2622 }
2623 break;
2624 case op_dup:
2625 {
2626 type t = pop32 ();
2627 push_type_t (t);
2628 push_type_t (t);
2629 }
2630 break;
2631 case op_dup_x1:
2632 {
2633 type t1 = pop32 ();
2634 type t2 = pop32 ();
2635 push_type_t (t1);
2636 push_type_t (t2);
2637 push_type_t (t1);
2638 }
2639 break;
2640 case op_dup_x2:
2641 {
2642 type t1 = pop32 ();
2643 type t2 = pop_raw ();
2644 if (! type_iswide (&t2))
2645 {
2646 type t3 = pop32 ();
2647 push_type_t (t1);
2648 push_type_t (t3);
2649 }
2650 else
2651 push_type_t (t1);
2652 push_type_t (t2);
2653 push_type_t (t1);
2654 }
2655 break;
2656 case op_dup2:
2657 {
2658 type t = pop_raw ();
2659 if (! type_iswide (&t))
2660 {
2661 type t2 = pop32 ();
2662 push_type_t (t2);
2663 push_type_t (t);
2664 push_type_t (t2);
2665 }
2666 else
2667 push_type_t (t);
2668 push_type_t (t);
2669 }
2670 break;
2671 case op_dup2_x1:
2672 {
2673 type t1 = pop_raw ();
2674 type t2 = pop32 ();
2675 if (! type_iswide (&t1))
2676 {
2677 type t3 = pop32 ();
2678 push_type_t (t2);
2679 push_type_t (t1);
2680 push_type_t (t3);
2681 }
2682 else
2683 push_type_t (t1);
2684 push_type_t (t2);
2685 push_type_t (t1);
2686 }
2687 break;
2688 case op_dup2_x2:
2689 {
2690 type t1 = pop_raw ();
2691 if (type_iswide (&t1))
2692 {
2693 type t2 = pop_raw ();
2694 if (type_iswide (&t2))
2695 {
2696 push_type_t (t1);
2697 push_type_t (t2);
2698 }
2699 else
2700 {
2701 type t3 = pop32 ();
2702 push_type_t (t1);
2703 push_type_t (t3);
2704 push_type_t (t2);
2705 }
2706 push_type_t (t1);
2707 }
2708 else
2709 {
2710 type t2 = pop32 ();
2711 type t3 = pop_raw ();
2712 if (type_iswide (&t3))
2713 {
2714 push_type_t (t2);
2715 push_type_t (t1);
2716 }
2717 else
2718 {
2719 type t4 = pop32 ();
2720 push_type_t (t2);
2721 push_type_t (t1);
2722 push_type_t (t4);
2723 }
2724 push_type_t (t3);
2725 push_type_t (t2);
2726 push_type_t (t1);
2727 }
2728 }
2729 break;
2730 case op_swap:
2731 {
2732 type t1 = pop32 ();
2733 type t2 = pop32 ();
2734 push_type_t (t1);
2735 push_type_t (t2);
2736 }
2737 break;
2738 case op_iadd:
2739 case op_isub:
2740 case op_imul:
2741 case op_idiv:
2742 case op_irem:
2743 case op_ishl:
2744 case op_ishr:
2745 case op_iushr:
2746 case op_iand:
2747 case op_ior:
2748 case op_ixor:
2749 pop_type (int_type);
2750 push_type_t (pop_type (int_type));
2751 break;
2752 case op_ladd:
2753 case op_lsub:
2754 case op_lmul:
2755 case op_ldiv:
2756 case op_lrem:
2757 case op_land:
2758 case op_lor:
2759 case op_lxor:
2760 pop_type (long_type);
2761 push_type_t (pop_type (long_type));
2762 break;
2763 case op_lshl:
2764 case op_lshr:
2765 case op_lushr:
2766 pop_type (int_type);
2767 push_type_t (pop_type (long_type));
2768 break;
2769 case op_fadd:
2770 case op_fsub:
2771 case op_fmul:
2772 case op_fdiv:
2773 case op_frem:
2774 pop_type (float_type);
2775 push_type_t (pop_type (float_type));
2776 break;
2777 case op_dadd:
2778 case op_dsub:
2779 case op_dmul:
2780 case op_ddiv:
2781 case op_drem:
2782 pop_type (double_type);
2783 push_type_t (pop_type (double_type));
2784 break;
2785 case op_ineg:
2786 case op_i2b:
2787 case op_i2c:
2788 case op_i2s:
2789 push_type_t (pop_type (int_type));
2790 break;
2791 case op_lneg:
2792 push_type_t (pop_type (long_type));
2793 break;
2794 case op_fneg:
2795 push_type_t (pop_type (float_type));
2796 break;
2797 case op_dneg:
2798 push_type_t (pop_type (double_type));
2799 break;
2800 case op_iinc:
2801 get_variable (get_byte (), int_type);
2802 get_byte ();
2803 break;
2804 case op_i2l:
2805 pop_type (int_type);
2806 push_type (long_type);
2807 break;
2808 case op_i2f:
2809 pop_type (int_type);
2810 push_type (float_type);
2811 break;
2812 case op_i2d:
2813 pop_type (int_type);
2814 push_type (double_type);
2815 break;
2816 case op_l2i:
2817 pop_type (long_type);
2818 push_type (int_type);
2819 break;
2820 case op_l2f:
2821 pop_type (long_type);
2822 push_type (float_type);
2823 break;
2824 case op_l2d:
2825 pop_type (long_type);
2826 push_type (double_type);
2827 break;
2828 case op_f2i:
2829 pop_type (float_type);
2830 push_type (int_type);
2831 break;
2832 case op_f2l:
2833 pop_type (float_type);
2834 push_type (long_type);
2835 break;
2836 case op_f2d:
2837 pop_type (float_type);
2838 push_type (double_type);
2839 break;
2840 case op_d2i:
2841 pop_type (double_type);
2842 push_type (int_type);
2843 break;
2844 case op_d2l:
2845 pop_type (double_type);
2846 push_type (long_type);
2847 break;
2848 case op_d2f:
2849 pop_type (double_type);
2850 push_type (float_type);
2851 break;
2852 case op_lcmp:
2853 pop_type (long_type);
2854 pop_type (long_type);
2855 push_type (int_type);
2856 break;
2857 case op_fcmpl:
2858 case op_fcmpg:
2859 pop_type (float_type);
2860 pop_type (float_type);
2861 push_type (int_type);
2862 break;
2863 case op_dcmpl:
2864 case op_dcmpg:
2865 pop_type (double_type);
2866 pop_type (double_type);
2867 push_type (int_type);
2868 break;
2869 case op_ifeq:
2870 case op_ifne:
2871 case op_iflt:
2872 case op_ifge:
2873 case op_ifgt:
2874 case op_ifle:
2875 pop_type (int_type);
2876 push_jump (get_short ());
2877 break;
2878 case op_if_icmpeq:
2879 case op_if_icmpne:
2880 case op_if_icmplt:
2881 case op_if_icmpge:
2882 case op_if_icmpgt:
2883 case op_if_icmple:
2884 pop_type (int_type);
2885 pop_type (int_type);
2886 push_jump (get_short ());
2887 break;
2888 case op_if_acmpeq:
2889 case op_if_acmpne:
2890 pop_type (reference_type);
2891 pop_type (reference_type);
2892 push_jump (get_short ());
2893 break;
2894 case op_goto:
2895 push_jump (get_short ());
2896 invalidate_pc ();
2897 break;
2898 case op_jsr:
2899 handle_jsr_insn (get_short ());
2900 break;
2901 case op_ret:
2902 handle_ret_insn (get_byte ());
2903 break;
2904 case op_tableswitch:
2905 {
2906 int i;
2907 jint low, high;
2908 pop_type (int_type);
2909 skip_padding ();
2910 push_jump (get_int ());
2911 low = get_int ();
2912 high = get_int ();
2913 /* Already checked LOW -vs- HIGH. */
2914 for (i = low; i <= high; ++i)
2915 push_jump (get_int ());
2916 invalidate_pc ();
2917 }
2918 break;
2919
2920 case op_lookupswitch:
2921 {
2922 int i;
2923 jint npairs, lastkey;
2924
2925 pop_type (int_type);
2926 skip_padding ();
2927 push_jump (get_int ());
2928 npairs = get_int ();
2929 /* Already checked NPAIRS >= 0. */
2930 lastkey = 0;
2931 for (i = 0; i < npairs; ++i)
2932 {
2933 jint key = get_int ();
2934 if (i > 0 && key <= lastkey)
2935 verify_fail_pc ("lookupswitch pairs unsorted", vfr->start_PC);
2936 lastkey = key;
2937 push_jump (get_int ());
2938 }
2939 invalidate_pc ();
2940 }
2941 break;
2942 case op_ireturn:
2943 check_return_type (pop_type (int_type));
2944 invalidate_pc ();
2945 break;
2946 case op_lreturn:
2947 check_return_type (pop_type (long_type));
2948 invalidate_pc ();
2949 break;
2950 case op_freturn:
2951 check_return_type (pop_type (float_type));
2952 invalidate_pc ();
2953 break;
2954 case op_dreturn:
2955 check_return_type (pop_type (double_type));
2956 invalidate_pc ();
2957 break;
2958 case op_areturn:
2959 check_return_type (pop_init_ref (reference_type));
2960 invalidate_pc ();
2961 break;
2962 case op_return:
2963 /* We only need to check this when the return type is
2964 void, because all instance initializers return void. */
2965 if (this_is_init)
2966 state_check_this_initialized (vfr->current_state);
2967 check_return_type (make_type (void_type));
2968 invalidate_pc ();
2969 break;
2970 case op_getstatic:
2971 push_type_t (check_field_constant (get_ushort (), NULL));
2972 break;
2973 case op_putstatic:
2974 pop_type_t (check_field_constant (get_ushort (), NULL));
2975 break;
2976 case op_getfield:
2977 {
2978 type klass;
2979 type field = check_field_constant (get_ushort (), &klass);
2980 pop_type_t (klass);
2981 push_type_t (field);
2982 }
2983 break;
2984 case op_putfield:
2985 {
2986 type klass;
2987 type field = check_field_constant (get_ushort (), &klass);
2988 pop_type_t (field);
2989
2990 /* We have an obscure special case here: we can use
2991 `putfield' on a field declared in this class, even if
2992 `this' has not yet been initialized. */
2993 if (! type_initialized (&vfr->current_state->this_type)
2994 && vfr->current_state->this_type.pc == SELF)
2995 type_set_uninitialized (&klass, SELF);
2996 pop_type_t (klass);
2997 }
2998 break;
2999
3000 case op_invokevirtual:
3001 case op_invokespecial:
3002 case op_invokestatic:
3003 case op_invokeinterface:
3004 {
3005 vfy_string method_name, method_signature;
3006 const char *namec;
3007 int i, arg_count;
3008 type rt;
3009 bool is_init = false;
3010
3011 type class_type
3012 = check_method_constant (get_ushort (),
3013 opcode == op_invokeinterface,
3014 &method_name,
3015 &method_signature);
3016 /* NARGS is only used when we're processing
3017 invokeinterface. It is simplest for us to compute it
3018 here and then verify it later. */
3019 int nargs = 0;
3020 if (opcode == op_invokeinterface)
3021 {
3022 nargs = get_byte ();
3023 if (get_byte () != 0)
3024 verify_fail ("invokeinterface dummy byte is wrong");
3025 }
3026
3027 namec = vfy_string_bytes (method_name);
3028
3029 if (vfy_strings_equal (method_name, vfy_init_name()))
3030 {
3031 is_init = true;
3032 if (opcode != op_invokespecial)
3033 verify_fail ("can't invoke <init>");
3034 }
3035 else if (namec[0] == '<')
3036 verify_fail ("can't invoke method starting with `<'");
3037
3038 arg_count = vfy_count_arguments (method_signature);
3039 {
3040 /* Pop arguments and check types. */
3041 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
3042
3043 compute_argument_types (method_signature, arg_types);
3044 for (i = arg_count - 1; i >= 0; --i)
3045 {
3046 /* This is only used for verifying the byte for
3047 invokeinterface. */
3048 nargs -= type_depth (&arg_types[i]);
3049 pop_init_ref_t (arg_types[i]);
3050 }
3051
3052 vfy_free (arg_types);
3053 }
3054
3055 if (opcode == op_invokeinterface
3056 && nargs != 1)
3057 verify_fail ("wrong argument count for invokeinterface");
3058
3059 if (opcode != op_invokestatic)
3060 {
3061 type raw;
3062 type t = class_type;
3063 if (is_init)
3064 {
3065 /* In this case the PC doesn't matter. */
3066 type_set_uninitialized (&t, UNINIT);
3067 /* FIXME: check to make sure that the <init>
3068 call is to the right class.
3069 It must either be super or an exact class
3070 match. */
3071 }
3072 raw = pop_raw ();
3073 if (! types_compatible (&t, &raw))
3074 verify_fail ("incompatible type on stack");
3075
3076 if (is_init)
3077 state_set_initialized (vfr->current_state,
3078 type_get_pc (&raw), vfr->current_method->max_locals);
3079 }
3080
3081 rt = compute_return_type (method_signature);
3082 if (! type_isvoid (&rt))
3083 push_type_t (rt);
3084 }
3085 break;
3086
3087 case op_new:
3088 {
3089 type t = check_class_constant (get_ushort ());
3090 if (type_isarray (&t) || type_isinterface (&t)
3091 || type_isabstract (&t))
3092 verify_fail ("type is array, interface, or abstract");
3093 type_set_uninitialized (&t, vfr->start_PC);
3094 push_type_t (t);
3095 }
3096 break;
3097
3098 case op_newarray:
3099 {
3100 int atype = get_byte ();
3101 type t;
3102 /* We intentionally have chosen constants to make this
3103 valid. */
3104 if (atype < boolean_type || atype > long_type)
3105 verify_fail_pc ("type not primitive", vfr->start_PC);
3106 pop_type (int_type);
3107 init_type_from_class (&t, construct_primitive_array_type (atype));
3108 push_type_t (t);
3109 }
3110 break;
3111 case op_anewarray:
3112 {
3113 type t;
3114 pop_type (int_type);
3115 t = check_class_constant (get_ushort ());
3116 push_type_t (type_to_array (&t));
3117 }
3118 break;
3119 case op_arraylength:
3120 {
3121 type t = pop_init_ref (reference_type);
3122 if (! type_isarray (&t) && ! type_isnull (&t))
3123 verify_fail ("array type expected");
3124 push_type (int_type);
3125 }
3126 break;
3127 case op_athrow:
3128 pop_type_t (make_type_from_class (vfy_throwable_type ()));
3129 invalidate_pc ();
3130 break;
3131 case op_checkcast:
3132 pop_init_ref (reference_type);
3133 push_type_t (check_class_constant (get_ushort ()));
3134 break;
3135 case op_instanceof:
3136 pop_init_ref (reference_type);
3137 check_class_constant (get_ushort ());
3138 push_type (int_type);
3139 break;
3140 case op_monitorenter:
3141 pop_init_ref (reference_type);
3142 break;
3143 case op_monitorexit:
3144 pop_init_ref (reference_type);
3145 break;
3146 case op_wide:
3147 {
3148 switch (get_byte ())
3149 {
3150 case op_iload:
3151 push_type_t (get_variable (get_ushort (), int_type));
3152 break;
3153 case op_lload:
3154 push_type_t (get_variable (get_ushort (), long_type));
3155 break;
3156 case op_fload:
3157 push_type_t (get_variable (get_ushort (), float_type));
3158 break;
3159 case op_dload:
3160 push_type_t (get_variable (get_ushort (), double_type));
3161 break;
3162 case op_aload:
3163 push_type_t (get_variable (get_ushort (), reference_type));
3164 break;
3165 case op_istore:
3166 set_variable (get_ushort (), pop_type (int_type));
3167 break;
3168 case op_lstore:
3169 set_variable (get_ushort (), pop_type (long_type));
3170 break;
3171 case op_fstore:
3172 set_variable (get_ushort (), pop_type (float_type));
3173 break;
3174 case op_dstore:
3175 set_variable (get_ushort (), pop_type (double_type));
3176 break;
3177 case op_astore:
3178 set_variable (get_ushort (), pop_init_ref (reference_type));
3179 break;
3180 case op_ret:
3181 handle_ret_insn (get_short ());
3182 break;
3183 case op_iinc:
3184 get_variable (get_ushort (), int_type);
3185 get_short ();
3186 break;
3187 default:
3188 verify_fail_pc ("unrecognized wide instruction", vfr->start_PC);
3189 }
3190 }
3191 break;
3192 case op_multianewarray:
3193 {
3194 int i;
3195 type atype = check_class_constant (get_ushort ());
3196 int dim = get_byte ();
3197 if (dim < 1)
3198 verify_fail_pc ("too few dimensions to multianewarray", vfr->start_PC);
3199 type_verify_dimensions (&atype, dim);
3200 for (i = 0; i < dim; ++i)
3201 pop_type (int_type);
3202 push_type_t (atype);
3203 }
3204 break;
3205 case op_ifnull:
3206 case op_ifnonnull:
3207 pop_type (reference_type);
3208 push_jump (get_short ());
3209 break;
3210 case op_goto_w:
3211 push_jump (get_int ());
3212 invalidate_pc ();
3213 break;
3214 case op_jsr_w:
3215 handle_jsr_insn (get_int ());
3216 break;
3217
3218 #if 0
3219 /* These are unused here, but we call them out explicitly
3220 so that -Wswitch-enum doesn't complain. */
3221 case op_putfield_1:
3222 case op_putfield_2:
3223 case op_putfield_4:
3224 case op_putfield_8:
3225 case op_putfield_a:
3226 case op_putstatic_1:
3227 case op_putstatic_2:
3228 case op_putstatic_4:
3229 case op_putstatic_8:
3230 case op_putstatic_a:
3231 case op_getfield_1:
3232 case op_getfield_2s:
3233 case op_getfield_2u:
3234 case op_getfield_4:
3235 case op_getfield_8:
3236 case op_getfield_a:
3237 case op_getstatic_1:
3238 case op_getstatic_2s:
3239 case op_getstatic_2u:
3240 case op_getstatic_4:
3241 case op_getstatic_8:
3242 case op_getstatic_a:
3243 #endif
3244 default:
3245 /* Unrecognized opcode. */
3246 verify_fail_pc ("unrecognized instruction in verify_instructions_0",
3247 vfr->start_PC);
3248 }
3249 }
3250 }
3251
3252 /* This turns a `type' into something suitable for use by the type map
3253 in the other parts of the compiler. In particular, reference types
3254 are mapped to Object, primitive types are unchanged, and other
3255 types are mapped using special functions declared in verify.h. */
3256 static vfy_jclass
3257 collapse_type (type *t)
3258 {
3259 switch (t->key)
3260 {
3261 case void_type:
3262 case boolean_type:
3263 case char_type:
3264 case float_type:
3265 case double_type:
3266 case byte_type:
3267 case short_type:
3268 case int_type:
3269 case long_type:
3270 return vfy_get_primitive_type (t->key);
3271
3272 case unsuitable_type:
3273 case continuation_type:
3274 return vfy_unsuitable_type ();
3275
3276 case return_address_type:
3277 return vfy_return_address_type ();
3278
3279 case null_type:
3280 return vfy_null_type ();
3281
3282 case reference_type:
3283 case uninitialized_reference_type:
3284 return vfy_object_type ();
3285 }
3286
3287 abort ();
3288 }
3289
3290 static void
3291 verify_instructions (void)
3292 {
3293 int i;
3294
3295 branch_prepass ();
3296 verify_instructions_0 ();
3297
3298 /* Now tell the rest of the compiler about the types we've found. */
3299 for (i = 0; i < vfr->current_method->code_length; ++i)
3300 {
3301 int j, slot;
3302 struct state *curr;
3303
3304 if ((vfr->flags[i] & FLAG_INSN_SEEN) != 0)
3305 vfy_note_instruction_seen (i);
3306
3307 if (! vfr->states[i])
3308 continue;
3309
3310 curr = vfr->states[i]->val;
3311 vfy_note_stack_depth (vfr->current_method, i, curr->stackdepth);
3312
3313 /* Tell the compiler about each local variable. */
3314 for (j = 0; j < vfr->current_method->max_locals; ++j)
3315 vfy_note_local_type (vfr->current_method, i, j,
3316 collapse_type (&curr->locals[j]));
3317 /* Tell the compiler about each stack slot. */
3318 for (slot = j = 0; j < curr->stacktop; ++j, ++slot)
3319 {
3320 vfy_note_stack_type (vfr->current_method, i, slot,
3321 collapse_type (&curr->stack[j]));
3322 if (type_iswide (&curr->stack[j]))
3323 {
3324 ++slot;
3325 vfy_note_stack_type (vfr->current_method, i, slot,
3326 vfy_unsuitable_type ());
3327 }
3328 }
3329 if (slot != curr->stackdepth)
3330 abort ();
3331 }
3332 }
3333
3334 #if 0
3335 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
3336 {
3337 /* We just print the text as utf-8. This is just for debugging
3338 anyway. */
3339 debug_print ("--------------------------------\n");
3340 debug_print ("-- Verifying method `%s'\n", m->self->name->chars());
3341
3342 }
3343 #endif
3344
3345 static void
3346 make_verifier_context (vfy_method *m)
3347 {
3348 vfr = (verifier_context *) vfy_alloc (sizeof (struct verifier_context));
3349
3350 vfr->current_method = m;
3351 vfr->bytecode = vfy_get_bytecode (m);
3352 vfr->exception = vfy_get_exceptions (m);
3353 vfr->current_class = m->defining_class;
3354
3355 vfr->states = NULL;
3356 vfr->flags = NULL;
3357 vfr->utf8_list = NULL;
3358 vfr->isect_list = NULL;
3359 }
3360
3361 static void
3362 free_verifier_context (void)
3363 {
3364 vfy_string_list *utf8_list;
3365 ref_intersection *isect_list;
3366
3367 if (vfr->flags)
3368 vfy_free (vfr->flags);
3369
3370 utf8_list = vfr->utf8_list;
3371 while (utf8_list != NULL)
3372 {
3373 vfy_string_list *n = utf8_list->next;
3374 vfy_free (utf8_list);
3375 utf8_list = n;
3376 }
3377
3378 isect_list = vfr->isect_list;
3379 while (isect_list != NULL)
3380 {
3381 ref_intersection *next = isect_list->alloc_next;
3382 vfy_free (isect_list);
3383 isect_list = next;
3384 }
3385
3386 if (vfr->states != NULL)
3387 {
3388 int i;
3389 for (i = 0; i < vfr->current_method->code_length; ++i)
3390 {
3391 state_list *iter = vfr->states[i];
3392 while (iter != NULL)
3393 {
3394 state_list *next = iter->next;
3395 vfy_free (iter->val);
3396 vfy_free (iter);
3397 iter = next;
3398 }
3399 }
3400 vfy_free (vfr->states);
3401 }
3402
3403 vfy_free (vfr);
3404 }
3405
3406 int
3407 verify_method (vfy_method *meth)
3408 {
3409 debug_print ("verify_method (%s) %i\n", vfy_string_bytes (meth->name),
3410 meth->code_length);
3411
3412 if (vfr != NULL)
3413 verify_fail ("verifier re-entered");
3414
3415 make_verifier_context (meth);
3416 verify_instructions ();
3417 free_verifier_context ();
3418 vfr = NULL;
3419
3420 return 1;
3421 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org