search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2004-12-08 Kelley Cook <kcook@gcc.gnu.org>
[official-gcc.git] / libjava / verify.cc
blob988b5aab67ee6139a0d83a2ee383cb83e178cd33
1 // verify.cc - verify bytecode
2
3 /* Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation
4
5 This file is part of libgcj.
6
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
9 details. */
10
11 // Written by Tom Tromey <tromey@redhat.com>
12
13 // Define VERIFY_DEBUG to enable debugging output.
14
15 #include <config.h>
16
17 #include <jvm.h>
18 #include <gcj/cni.h>
19 #include <java-insns.h>
20 #include <java-interp.h>
21
22 // On Solaris 10/x86, <signal.h> indirectly includes <ia32/sys/reg.h>, which
23 // defines PC since g++ predefines __EXTENSIONS__. Undef here to avoid clash
24 // with PC member of class _Jv_BytecodeVerifier below.
25 #undef PC
26
27 #ifdef INTERPRETER
28
29 #include <java/lang/Class.h>
30 #include <java/lang/VerifyError.h>
31 #include <java/lang/Throwable.h>
32 #include <java/lang/reflect/Modifier.h>
33 #include <java/lang/StringBuffer.h>
34
35 #ifdef VERIFY_DEBUG
36 #include <stdio.h>
37 #endif /* VERIFY_DEBUG */
38
39
40 // This is used to mark states which are not scheduled for
41 // verification.
42 #define INVALID_STATE ((state *) -1)
43
44 static void debug_print (const char *fmt, ...)
45 __attribute__ ((format (printf, 1, 2)));
46
47 static inline void
48 debug_print (MAYBE_UNUSED const char *fmt, ...)
49 {
50 #ifdef VERIFY_DEBUG
51 va_list ap;
52 va_start (ap, fmt);
53 vfprintf (stderr, fmt, ap);
54 va_end (ap);
55 #endif /* VERIFY_DEBUG */
56 }
57
58 // This started as a fairly ordinary verifier, and for the most part
59 // it remains so. It works in the obvious way, by modeling the effect
60 // of each opcode as it is encountered. For most opcodes, this is a
61 // straightforward operation.
62 //
63 // This verifier does not do type merging. It used to, but this
64 // results in difficulty verifying some relatively simple code
65 // involving interfaces, and it pushed some verification work into the
66 // interpreter.
67 //
68 // Instead of merging reference types, when we reach a point where two
69 // flows of control merge, we simply keep the union of reference types
70 // from each branch. Then, when we need to verify a fact about a
71 // reference on the stack (e.g., that it is compatible with the
72 // argument type of a method), we check to ensure that all possible
73 // types satisfy the requirement.
74 //
75 // Another area this verifier differs from the norm is in its handling
76 // of subroutines. The JVM specification has some confusing things to
77 // say about subroutines. For instance, it makes claims about not
78 // allowing subroutines to merge and it rejects recursive subroutines.
79 // For the most part these are red herrings; we used to try to follow
80 // these things but they lead to problems. For example, the notion of
81 // "being in a subroutine" is not well-defined: is an exception
82 // handler in a subroutine? If you never execute the `ret' but
83 // instead `goto 1' do you remain in the subroutine?
84 //
85 // For clarity on what is really required for type safety, read
86 // "Simple Verification Technique for Complex Java Bytecode
87 // Subroutines" by Alessandro Coglio. Among other things this paper
88 // shows that recursive subroutines are not harmful to type safety.
89 // We implement something similar to what he proposes. Note that this
90 // means that this verifier will accept code that is rejected by some
91 // other verifiers.
92 //
93 // For those not wanting to read the paper, the basic observation is
94 // that we can maintain split states in subroutines. We maintain one
95 // state for each calling `jsr'. In other words, we re-verify a
96 // subroutine once for each caller, using the exact types held by the
97 // callers (as opposed to the old approach of merging types and
98 // keeping a bitmap registering what did or did not change). This
99 // approach lets us continue to verify correctly even when a
100 // subroutine is exited via `goto' or `athrow' and not `ret'.
101 //
102 // In some other areas the JVM specification is (mildly) incorrect,
103 // so we diverge. For instance, you cannot
104 // violate type safety by allocating an object with `new' and then
105 // failing to initialize it, no matter how one branches or where one
106 // stores the uninitialized reference. See "Improving the official
107 // specification of Java bytecode verification" by Alessandro Coglio.
108 //
109 // Note that there's no real point in enforcing that padding bytes or
110 // the mystery byte of invokeinterface must be 0, but we do that
111 // regardless.
112 //
113 // The verifier is currently neither completely lazy nor eager when it
114 // comes to loading classes. It tries to represent types by name when
115 // possible, and then loads them when it needs to verify a fact about
116 // the type. Checking types by name is valid because we only use
117 // names which come from the current class' constant pool. Since all
118 // such names are looked up using the same class loader, there is no
119 // danger that we might be fooled into comparing different types with
120 // the same name.
121 //
122 // In the future we plan to allow for a completely lazy mode of
123 // operation, where the verifier will construct a list of type
124 // assertions to be checked later.
125 //
126 // Some test cases for the verifier live in the "verify" module of the
127 // Mauve test suite. However, some of these are presently
128 // (2004-01-20) believed to be incorrect. (More precisely the notion
129 // of "correct" is not well-defined, and this verifier differs from
130 // others while remaining type-safe.) Some other tests live in the
131 // libgcj test suite.
132 class _Jv_BytecodeVerifier
133 {
134 private:
135
136 static const int FLAG_INSN_START = 1;
137 static const int FLAG_BRANCH_TARGET = 2;
138
139 struct state;
140 struct type;
141 struct linked_utf8;
142 struct ref_intersection;
143
144 template<typename T>
145 struct linked
146 {
147 T *val;
148 linked<T> *next;
149 };
150
151 // The current PC.
152 int PC;
153 // The PC corresponding to the start of the current instruction.
154 int start_PC;
155
156 // The current state of the stack, locals, etc.
157 state *current_state;
158
159 // At each branch target we keep a linked list of all the states we
160 // can process at that point. We'll only have multiple states at a
161 // given PC if they both have different return-address types in the
162 // same stack or local slot. This array is indexed by PC and holds
163 // the list of all such states.
164 linked<state> **states;
165
166 // We keep a linked list of all the states which we must reverify.
167 // This is the head of the list.
168 state *next_verify_state;
169
170 // We keep some flags for each instruction. The values are the
171 // FLAG_* constants defined above. This is an array indexed by PC.
172 char *flags;
173
174 // The bytecode itself.
175 unsigned char *bytecode;
176 // The exceptions.
177 _Jv_InterpException *exception;
178
179 // Defining class.
180 jclass current_class;
181 // This method.
182 _Jv_InterpMethod *current_method;
183
184 // A linked list of utf8 objects we allocate.
185 linked<_Jv_Utf8Const> *utf8_list;
186
187 // A linked list of all ref_intersection objects we allocate.
188 ref_intersection *isect_list;
189
190 // Create a new Utf-8 constant and return it. We do this to avoid
191 // having our Utf-8 constants prematurely collected.
192 _Jv_Utf8Const *make_utf8_const (char *s, int len)
193 {
194 linked<_Jv_Utf8Const> *lu = (linked<_Jv_Utf8Const> *)
195 _Jv_Malloc (sizeof (linked<_Jv_Utf8Const>)
196 + _Jv_Utf8Const::space_needed(s, len));
197 _Jv_Utf8Const *r = (_Jv_Utf8Const *) (lu + 1);
198 r->init(s, len);
199 lu->val = r;
200 lu->next = utf8_list;
201 utf8_list = lu;
202
203 return r;
204 }
205
206 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1)
207 {
208 using namespace java::lang;
209 StringBuffer *buf = new StringBuffer ();
210
211 buf->append (JvNewStringLatin1 ("verification failed"));
212 if (pc == -1)
213 pc = start_PC;
214 if (pc != -1)
215 {
216 buf->append (JvNewStringLatin1 (" at PC "));
217 buf->append (pc);
218 }
219
220 _Jv_InterpMethod *method = current_method;
221 buf->append (JvNewStringLatin1 (" in "));
222 buf->append (current_class->getName());
223 buf->append ((jchar) ':');
224 buf->append (method->get_method()->name->toString());
225 buf->append ((jchar) '(');
226 buf->append (method->get_method()->signature->toString());
227 buf->append ((jchar) ')');
228
229 buf->append (JvNewStringLatin1 (": "));
230 buf->append (JvNewStringLatin1 (s));
231 throw new java::lang::VerifyError (buf->toString ());
232 }
233
234 // This enum holds a list of tags for all the different types we
235 // need to handle. Reference types are treated specially by the
236 // type class.
237 enum type_val
238 {
239 void_type,
240
241 // The values for primitive types are chosen to correspond to values
242 // specified to newarray.
243 boolean_type = 4,
244 char_type = 5,
245 float_type = 6,
246 double_type = 7,
247 byte_type = 8,
248 short_type = 9,
249 int_type = 10,
250 long_type = 11,
251
252 // Used when overwriting second word of a double or long in the
253 // local variables. Also used after merging local variable states
254 // to indicate an unusable value.
255 unsuitable_type,
256 return_address_type,
257 // This is the second word of a two-word value, i.e., a double or
258 // a long.
259 continuation_type,
260
261 // Everything after `reference_type' must be a reference type.
262 reference_type,
263 null_type,
264 uninitialized_reference_type
265 };
266
267 // This represents a merged class type. Some verifiers (including
268 // earlier versions of this one) will compute the intersection of
269 // two class types when merging states. However, this loses
270 // critical information about interfaces implemented by the various
271 // classes. So instead we keep track of all the actual classes that
272 // have been merged.
273 struct ref_intersection
274 {
275 // Whether or not this type has been resolved.
276 bool is_resolved;
277
278 // Actual type data.
279 union
280 {
281 // For a resolved reference type, this is a pointer to the class.
282 jclass klass;
283 // For other reference types, this it the name of the class.
284 _Jv_Utf8Const *name;
285 } data;
286
287 // Link to the next reference in the intersection.
288 ref_intersection *ref_next;
289
290 // This is used to keep track of all the allocated
291 // ref_intersection objects, so we can free them.
292 // FIXME: we should allocate these in chunks.
293 ref_intersection *alloc_next;
294
295 ref_intersection (jclass klass, _Jv_BytecodeVerifier *verifier)
296 : ref_next (NULL)
297 {
298 is_resolved = true;
299 data.klass = klass;
300 alloc_next = verifier->isect_list;
301 verifier->isect_list = this;
302 }
303
304 ref_intersection (_Jv_Utf8Const *name, _Jv_BytecodeVerifier *verifier)
305 : ref_next (NULL)
306 {
307 is_resolved = false;
308 data.name = name;
309 alloc_next = verifier->isect_list;
310 verifier->isect_list = this;
311 }
312
313 ref_intersection (ref_intersection *dup, ref_intersection *tail,
314 _Jv_BytecodeVerifier *verifier)
315 : ref_next (tail)
316 {
317 is_resolved = dup->is_resolved;
318 data = dup->data;
319 alloc_next = verifier->isect_list;
320 verifier->isect_list = this;
321 }
322
323 bool equals (ref_intersection *other, _Jv_BytecodeVerifier *verifier)
324 {
325 if (! is_resolved && ! other->is_resolved
326 && _Jv_equalUtf8Consts (data.name, other->data.name))
327 return true;
328 if (! is_resolved)
329 resolve (verifier);
330 if (! other->is_resolved)
331 other->resolve (verifier);
332 return data.klass == other->data.klass;
333 }
334
335 // Merge THIS type into OTHER, returning the result. This will
336 // return OTHER if all the classes in THIS already appear in
337 // OTHER.
338 ref_intersection *merge (ref_intersection *other,
339 _Jv_BytecodeVerifier *verifier)
340 {
341 ref_intersection *tail = other;
342 for (ref_intersection *self = this; self != NULL; self = self->ref_next)
343 {
344 bool add = true;
345 for (ref_intersection *iter = other; iter != NULL;
346 iter = iter->ref_next)
347 {
348 if (iter->equals (self, verifier))
349 {
350 add = false;
351 break;
352 }
353 }
354
355 if (add)
356 tail = new ref_intersection (self, tail, verifier);
357 }
358 return tail;
359 }
360
361 void resolve (_Jv_BytecodeVerifier *verifier)
362 {
363 if (is_resolved)
364 return;
365
366 using namespace java::lang;
367 java::lang::ClassLoader *loader
368 = verifier->current_class->getClassLoaderInternal();
369 // We might see either kind of name. Sigh.
370 if (data.name->first() == 'L' && data.name->limit()[-1] == ';')
371 data.klass = _Jv_FindClassFromSignature (data.name->chars(), loader);
372 else
373 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
374 false, loader);
375 is_resolved = true;
376 }
377
378 // See if an object of type OTHER can be assigned to an object of
379 // type *THIS. This might resolve classes in one chain or the
380 // other.
381 bool compatible (ref_intersection *other,
382 _Jv_BytecodeVerifier *verifier)
383 {
384 ref_intersection *self = this;
385
386 for (; self != NULL; self = self->ref_next)
387 {
388 ref_intersection *other_iter = other;
389
390 for (; other_iter != NULL; other_iter = other_iter->ref_next)
391 {
392 // Avoid resolving if possible.
393 if (! self->is_resolved
394 && ! other_iter->is_resolved
395 && _Jv_equalUtf8Consts (self->data.name,
396 other_iter->data.name))
397 continue;
398
399 if (! self->is_resolved)
400 self->resolve(verifier);
401 if (! other_iter->is_resolved)
402 other_iter->resolve(verifier);
403
404 if (! is_assignable_from_slow (self->data.klass,
405 other_iter->data.klass))
406 return false;
407 }
408 }
409
410 return true;
411 }
412
413 bool isarray ()
414 {
415 // assert (ref_next == NULL);
416 if (is_resolved)
417 return data.klass->isArray ();
418 else
419 return data.name->first() == '[';
420 }
421
422 bool isinterface (_Jv_BytecodeVerifier *verifier)
423 {
424 // assert (ref_next == NULL);
425 if (! is_resolved)
426 resolve (verifier);
427 return data.klass->isInterface ();
428 }
429
430 bool isabstract (_Jv_BytecodeVerifier *verifier)
431 {
432 // assert (ref_next == NULL);
433 if (! is_resolved)
434 resolve (verifier);
435 using namespace java::lang::reflect;
436 return Modifier::isAbstract (data.klass->getModifiers ());
437 }
438
439 jclass getclass (_Jv_BytecodeVerifier *verifier)
440 {
441 if (! is_resolved)
442 resolve (verifier);
443 return data.klass;
444 }
445
446 int count_dimensions ()
447 {
448 int ndims = 0;
449 if (is_resolved)
450 {
451 jclass k = data.klass;
452 while (k->isArray ())
453 {
454 k = k->getComponentType ();
455 ++ndims;
456 }
457 }
458 else
459 {
460 char *p = data.name->chars();
461 while (*p++ == '[')
462 ++ndims;
463 }
464 return ndims;
465 }
466
467 void *operator new (size_t bytes)
468 {
469 return _Jv_Malloc (bytes);
470 }
471
472 void operator delete (void *mem)
473 {
474 _Jv_Free (mem);
475 }
476 };
477
478 // Return the type_val corresponding to a primitive signature
479 // character. For instance `I' returns `int.class'.
480 type_val get_type_val_for_signature (jchar sig)
481 {
482 type_val rt;
483 switch (sig)
484 {
485 case 'Z':
486 rt = boolean_type;
487 break;
488 case 'B':
489 rt = byte_type;
490 break;
491 case 'C':
492 rt = char_type;
493 break;
494 case 'S':
495 rt = short_type;
496 break;
497 case 'I':
498 rt = int_type;
499 break;
500 case 'J':
501 rt = long_type;
502 break;
503 case 'F':
504 rt = float_type;
505 break;
506 case 'D':
507 rt = double_type;
508 break;
509 case 'V':
510 rt = void_type;
511 break;
512 default:
513 verify_fail ("invalid signature");
514 }
515 return rt;
516 }
517
518 // Return the type_val corresponding to a primitive class.
519 type_val get_type_val_for_signature (jclass k)
520 {
521 return get_type_val_for_signature ((jchar) k->method_count);
522 }
523
524 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
525 // TARGET haven't been prepared.
526 static bool is_assignable_from_slow (jclass target, jclass source)
527 {
528 // First, strip arrays.
529 while (target->isArray ())
530 {
531 // If target is array, source must be as well.
532 if (! source->isArray ())
533 return false;
534 target = target->getComponentType ();
535 source = source->getComponentType ();
536 }
537
538 // Quick success.
539 if (target == &java::lang::Object::class$)
540 return true;
541
542 do
543 {
544 if (source == target)
545 return true;
546
547 if (target->isPrimitive () || source->isPrimitive ())
548 return false;
549
550 if (target->isInterface ())
551 {
552 for (int i = 0; i < source->interface_count; ++i)
553 {
554 // We use a recursive call because we also need to
555 // check superinterfaces.
556 if (is_assignable_from_slow (target, source->getInterface (i)))
557 return true;
558 }
559 }
560 source = source->getSuperclass ();
561 }
562 while (source != NULL);
563
564 return false;
565 }
566
567 // The `type' class is used to represent a single type in the
568 // verifier.
569 struct type
570 {
571 // The type key.
572 type_val key;
573
574 // For reference types, the representation of the type.
575 ref_intersection *klass;
576
577 // This is used in two situations.
578 //
579 // First, when constructing a new object, it is the PC of the
580 // `new' instruction which created the object. We use the special
581 // value UNINIT to mean that this is uninitialized, and the
582 // special value SELF for the case where the current method is
583 // itself the <init> method.
584 //
585 // Second, when the key is return_address_type, this holds the PC
586 // of the instruction following the `jsr'.
587 int pc;
588
589 static const int UNINIT = -2;
590 static const int SELF = -1;
591
592 // Basic constructor.
593 type ()
594 {
595 key = unsuitable_type;
596 klass = NULL;
597 pc = UNINIT;
598 }
599
600 // Make a new instance given the type tag. We assume a generic
601 // `reference_type' means Object.
602 type (type_val k)
603 {
604 key = k;
605 // For reference_type, if KLASS==NULL then that means we are
606 // looking for a generic object of any kind, including an
607 // uninitialized reference.
608 klass = NULL;
609 pc = UNINIT;
610 }
611
612 // Make a new instance given a class.
613 type (jclass k, _Jv_BytecodeVerifier *verifier)
614 {
615 key = reference_type;
616 klass = new ref_intersection (k, verifier);
617 pc = UNINIT;
618 }
619
620 // Make a new instance given the name of a class.
621 type (_Jv_Utf8Const *n, _Jv_BytecodeVerifier *verifier)
622 {
623 key = reference_type;
624 klass = new ref_intersection (n, verifier);
625 pc = UNINIT;
626 }
627
628 // Copy constructor.
629 type (const type &t)
630 {
631 key = t.key;
632 klass = t.klass;
633 pc = t.pc;
634 }
635
636 // These operators are required because libgcj can't link in
637 // -lstdc++.
638 void *operator new[] (size_t bytes)
639 {
640 return _Jv_Malloc (bytes);
641 }
642
643 void operator delete[] (void *mem)
644 {
645 _Jv_Free (mem);
646 }
647
648 type& operator= (type_val k)
649 {
650 key = k;
651 klass = NULL;
652 pc = UNINIT;
653 return *this;
654 }
655
656 type& operator= (const type& t)
657 {
658 key = t.key;
659 klass = t.klass;
660 pc = t.pc;
661 return *this;
662 }
663
664 // Promote a numeric type.
665 type &promote ()
666 {
667 if (key == boolean_type || key == char_type
668 || key == byte_type || key == short_type)
669 key = int_type;
670 return *this;
671 }
672
673 // Mark this type as the uninitialized result of `new'.
674 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier)
675 {
676 if (key == reference_type)
677 key = uninitialized_reference_type;
678 else
679 verifier->verify_fail ("internal error in type::uninitialized");
680 pc = npc;
681 }
682
683 // Mark this type as now initialized.
684 void set_initialized (int npc)
685 {
686 if (npc != UNINIT && pc == npc && key == uninitialized_reference_type)
687 {
688 key = reference_type;
689 pc = UNINIT;
690 }
691 }
692
693 // Mark this type as a particular return address.
694 void set_return_address (int npc)
695 {
696 pc = npc;
697 }
698
699 // Return true if this type and type OTHER are considered
700 // mergeable for the purposes of state merging. This is related
701 // to subroutine handling. For this purpose two types are
702 // considered unmergeable if they are both return-addresses but
703 // have different PCs.
704 bool state_mergeable_p (const type &other) const
705 {
706 return (key != return_address_type
707 || other.key != return_address_type
708 || pc == other.pc);
709 }
710
711 // Return true if an object of type K can be assigned to a variable
712 // of type *THIS. Handle various special cases too. Might modify
713 // *THIS or K. Note however that this does not perform numeric
714 // promotion.
715 bool compatible (type &k, _Jv_BytecodeVerifier *verifier)
716 {
717 // Any type is compatible with the unsuitable type.
718 if (key == unsuitable_type)
719 return true;
720
721 if (key < reference_type || k.key < reference_type)
722 return key == k.key;
723
724 // The `null' type is convertible to any initialized reference
725 // type.
726 if (key == null_type)
727 return k.key != uninitialized_reference_type;
728 if (k.key == null_type)
729 return key != uninitialized_reference_type;
730
731 // A special case for a generic reference.
732 if (klass == NULL)
733 return true;
734 if (k.klass == NULL)
735 verifier->verify_fail ("programmer error in type::compatible");
736
737 // An initialized type and an uninitialized type are not
738 // compatible.
739 if (isinitialized () != k.isinitialized ())
740 return false;
741
742 // Two uninitialized objects are compatible if either:
743 // * The PCs are identical, or
744 // * One PC is UNINIT.
745 if (! isinitialized ())
746 {
747 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
748 return false;
749 }
750
751 return klass->compatible(k.klass, verifier);
752 }
753
754 bool isvoid () const
755 {
756 return key == void_type;
757 }
758
759 bool iswide () const
760 {
761 return key == long_type || key == double_type;
762 }
763
764 // Return number of stack or local variable slots taken by this
765 // type.
766 int depth () const
767 {
768 return iswide () ? 2 : 1;
769 }
770
771 bool isarray () const
772 {
773 // We treat null_type as not an array. This is ok based on the
774 // current uses of this method.
775 if (key == reference_type)
776 return klass->isarray ();
777 return false;
778 }
779
780 bool isnull () const
781 {
782 return key == null_type;
783 }
784
785 bool isinterface (_Jv_BytecodeVerifier *verifier)
786 {
787 if (key != reference_type)
788 return false;
789 return klass->isinterface (verifier);
790 }
791
792 bool isabstract (_Jv_BytecodeVerifier *verifier)
793 {
794 if (key != reference_type)
795 return false;
796 return klass->isabstract (verifier);
797 }
798
799 // Return the element type of an array.
800 type element_type (_Jv_BytecodeVerifier *verifier)
801 {
802 if (key != reference_type)
803 verifier->verify_fail ("programmer error in type::element_type()", -1);
804
805 jclass k = klass->getclass (verifier)->getComponentType ();
806 if (k->isPrimitive ())
807 return type (verifier->get_type_val_for_signature (k));
808 return type (k, verifier);
809 }
810
811 // Return the array type corresponding to an initialized
812 // reference. We could expand this to work for other kinds of
813 // types, but currently we don't need to.
814 type to_array (_Jv_BytecodeVerifier *verifier)
815 {
816 if (key != reference_type)
817 verifier->verify_fail ("internal error in type::to_array()");
818
819 jclass k = klass->getclass (verifier);
820 return type (_Jv_GetArrayClass (k, k->getClassLoaderInternal()),
821 verifier);
822 }
823
824 bool isreference () const
825 {
826 return key >= reference_type;
827 }
828
829 int get_pc () const
830 {
831 return pc;
832 }
833
834 bool isinitialized () const
835 {
836 return key == reference_type || key == null_type;
837 }
838
839 bool isresolved () const
840 {
841 return (key == reference_type
842 || key == null_type
843 || key == uninitialized_reference_type);
844 }
845
846 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier)
847 {
848 // The way this is written, we don't need to check isarray().
849 if (key != reference_type)
850 verifier->verify_fail ("internal error in verify_dimensions:"
851 " not a reference type");
852
853 if (klass->count_dimensions () < ndims)
854 verifier->verify_fail ("array type has fewer dimensions"
855 " than required");
856 }
857
858 // Merge OLD_TYPE into this. On error throw exception. Return
859 // true if the merge caused a type change.
860 bool merge (type& old_type, bool local_semantics,
861 _Jv_BytecodeVerifier *verifier)
862 {
863 bool changed = false;
864 bool refo = old_type.isreference ();
865 bool refn = isreference ();
866 if (refo && refn)
867 {
868 if (old_type.key == null_type)
869 ;
870 else if (key == null_type)
871 {
872 *this = old_type;
873 changed = true;
874 }
875 else if (isinitialized () != old_type.isinitialized ())
876 verifier->verify_fail ("merging initialized and uninitialized types");
877 else
878 {
879 if (! isinitialized ())
880 {
881 if (pc == UNINIT)
882 pc = old_type.pc;
883 else if (old_type.pc == UNINIT)
884 ;
885 else if (pc != old_type.pc)
886 verifier->verify_fail ("merging different uninitialized types");
887 }
888
889 ref_intersection *merged = old_type.klass->merge (klass,
890 verifier);
891 if (merged != klass)
892 {
893 klass = merged;
894 changed = true;
895 }
896 }
897 }
898 else if (refo || refn || key != old_type.key)
899 {
900 if (local_semantics)
901 {
902 // If we already have an `unsuitable' type, then we
903 // don't need to change again.
904 if (key != unsuitable_type)
905 {
906 key = unsuitable_type;
907 changed = true;
908 }
909 }
910 else
911 verifier->verify_fail ("unmergeable type");
912 }
913 return changed;
914 }
915
916 #ifdef VERIFY_DEBUG
917 void print (void) const
918 {
919 char c = '?';
920 switch (key)
921 {
922 case boolean_type: c = 'Z'; break;
923 case byte_type: c = 'B'; break;
924 case char_type: c = 'C'; break;
925 case short_type: c = 'S'; break;
926 case int_type: c = 'I'; break;
927 case long_type: c = 'J'; break;
928 case float_type: c = 'F'; break;
929 case double_type: c = 'D'; break;
930 case void_type: c = 'V'; break;
931 case unsuitable_type: c = '-'; break;
932 case return_address_type: c = 'r'; break;
933 case continuation_type: c = '+'; break;
934 case reference_type: c = 'L'; break;
935 case null_type: c = '@'; break;
936 case uninitialized_reference_type: c = 'U'; break;
937 }
938 debug_print ("%c", c);
939 }
940 #endif /* VERIFY_DEBUG */
941 };
942
943 // This class holds all the state information we need for a given
944 // location.
945 struct state
946 {
947 // The current top of the stack, in terms of slots.
948 int stacktop;
949 // The current depth of the stack. This will be larger than
950 // STACKTOP when wide types are on the stack.
951 int stackdepth;
952 // The stack.
953 type *stack;
954 // The local variables.
955 type *locals;
956 // We keep track of the type of `this' specially. This is used to
957 // ensure that an instance initializer invokes another initializer
958 // on `this' before returning. We must keep track of this
959 // specially because otherwise we might be confused by code which
960 // assigns to locals[0] (overwriting `this') and then returns
961 // without really initializing.
962 type this_type;
963
964 // The PC for this state. This is only valid on states which are
965 // permanently attached to a given PC. For an object like
966 // `current_state', which is used transiently, this has no
967 // meaning.
968 int pc;
969 // We keep a linked list of all states requiring reverification.
970 // If this is the special value INVALID_STATE then this state is
971 // not on the list. NULL marks the end of the linked list.
972 state *next;
973
974 // NO_NEXT is the PC value meaning that a new state must be
975 // acquired from the verification list.
976 static const int NO_NEXT = -1;
977
978 state ()
979 : this_type ()
980 {
981 stack = NULL;
982 locals = NULL;
983 next = INVALID_STATE;
984 }
985
986 state (int max_stack, int max_locals)
987 : this_type ()
988 {
989 stacktop = 0;
990 stackdepth = 0;
991 stack = new type[max_stack];
992 for (int i = 0; i < max_stack; ++i)
993 stack[i] = unsuitable_type;
994 locals = new type[max_locals];
995 for (int i = 0; i < max_locals; ++i)
996 locals[i] = unsuitable_type;
997 pc = NO_NEXT;
998 next = INVALID_STATE;
999 }
1000
1001 state (const state *orig, int max_stack, int max_locals)
1002 {
1003 stack = new type[max_stack];
1004 locals = new type[max_locals];
1005 copy (orig, max_stack, max_locals);
1006 pc = NO_NEXT;
1007 next = INVALID_STATE;
1008 }
1009
1010 ~state ()
1011 {
1012 if (stack)
1013 delete[] stack;
1014 if (locals)
1015 delete[] locals;
1016 }
1017
1018 void *operator new[] (size_t bytes)
1019 {
1020 return _Jv_Malloc (bytes);
1021 }
1022
1023 void operator delete[] (void *mem)
1024 {
1025 _Jv_Free (mem);
1026 }
1027
1028 void *operator new (size_t bytes)
1029 {
1030 return _Jv_Malloc (bytes);
1031 }
1032
1033 void operator delete (void *mem)
1034 {
1035 _Jv_Free (mem);
1036 }
1037
1038 void copy (const state *copy, int max_stack, int max_locals)
1039 {
1040 stacktop = copy->stacktop;
1041 stackdepth = copy->stackdepth;
1042 for (int i = 0; i < max_stack; ++i)
1043 stack[i] = copy->stack[i];
1044 for (int i = 0; i < max_locals; ++i)
1045 locals[i] = copy->locals[i];
1046
1047 this_type = copy->this_type;
1048 // Don't modify `next' or `pc'.
1049 }
1050
1051 // Modify this state to reflect entry to an exception handler.
1052 void set_exception (type t, int max_stack)
1053 {
1054 stackdepth = 1;
1055 stacktop = 1;
1056 stack[0] = t;
1057 for (int i = stacktop; i < max_stack; ++i)
1058 stack[i] = unsuitable_type;
1059 }
1060
1061 inline int get_pc () const
1062 {
1063 return pc;
1064 }
1065
1066 void set_pc (int npc)
1067 {
1068 pc = npc;
1069 }
1070
1071 // Merge STATE_OLD into this state. Destructively modifies this
1072 // state. Returns true if the new state was in fact changed.
1073 // Will throw an exception if the states are not mergeable.
1074 bool merge (state *state_old, int max_locals,
1075 _Jv_BytecodeVerifier *verifier)
1076 {
1077 bool changed = false;
1078
1079 // Special handling for `this'. If one or the other is
1080 // uninitialized, then the merge is uninitialized.
1081 if (this_type.isinitialized ())
1082 this_type = state_old->this_type;
1083
1084 // Merge stacks.
1085 if (state_old->stacktop != stacktop) // FIXME stackdepth instead?
1086 verifier->verify_fail ("stack sizes differ");
1087 for (int i = 0; i < state_old->stacktop; ++i)
1088 {
1089 if (stack[i].merge (state_old->stack[i], false, verifier))
1090 changed = true;
1091 }
1092
1093 // Merge local variables.
1094 for (int i = 0; i < max_locals; ++i)
1095 {
1096 if (locals[i].merge (state_old->locals[i], true, verifier))
1097 changed = true;
1098 }
1099
1100 return changed;
1101 }
1102
1103 // Ensure that `this' has been initialized.
1104 void check_this_initialized (_Jv_BytecodeVerifier *verifier)
1105 {
1106 if (this_type.isreference () && ! this_type.isinitialized ())
1107 verifier->verify_fail ("`this' is uninitialized");
1108 }
1109
1110 // Set type of `this'.
1111 void set_this_type (const type &k)
1112 {
1113 this_type = k;
1114 }
1115
1116 // Mark each `new'd object we know of that was allocated at PC as
1117 // initialized.
1118 void set_initialized (int pc, int max_locals)
1119 {
1120 for (int i = 0; i < stacktop; ++i)
1121 stack[i].set_initialized (pc);
1122 for (int i = 0; i < max_locals; ++i)
1123 locals[i].set_initialized (pc);
1124 this_type.set_initialized (pc);
1125 }
1126
1127 // This tests to see whether two states can be considered "merge
1128 // compatible". If both states have a return-address in the same
1129 // slot, and the return addresses are different, then they are not
1130 // compatible and we must not try to merge them.
1131 bool state_mergeable_p (state *other, int max_locals,
1132 _Jv_BytecodeVerifier *verifier)
1133 {
1134 // This is tricky: if the stack sizes differ, then not only are
1135 // these not mergeable, but in fact we should give an error, as
1136 // we've found two execution paths that reach a branch target
1137 // with different stack depths. FIXME stackdepth instead?
1138 if (stacktop != other->stacktop)
1139 verifier->verify_fail ("stack sizes differ");
1140
1141 for (int i = 0; i < stacktop; ++i)
1142 if (! stack[i].state_mergeable_p (other->stack[i]))
1143 return false;
1144 for (int i = 0; i < max_locals; ++i)
1145 if (! locals[i].state_mergeable_p (other->locals[i]))
1146 return false;
1147 return true;
1148 }
1149
1150 void reverify (_Jv_BytecodeVerifier *verifier)
1151 {
1152 if (next == INVALID_STATE)
1153 {
1154 next = verifier->next_verify_state;
1155 verifier->next_verify_state = this;
1156 }
1157 }
1158
1159 #ifdef VERIFY_DEBUG
1160 void print (const char *leader, int pc,
1161 int max_stack, int max_locals) const
1162 {
1163 debug_print ("%s [%4d]: [stack] ", leader, pc);
1164 int i;
1165 for (i = 0; i < stacktop; ++i)
1166 stack[i].print ();
1167 for (; i < max_stack; ++i)
1168 debug_print (".");
1169 debug_print (" [local] ");
1170 for (i = 0; i < max_locals; ++i)
1171 locals[i].print ();
1172 debug_print (" | %p\n", this);
1173 }
1174 #else
1175 inline void print (const char *, int, int, int) const
1176 {
1177 }
1178 #endif /* VERIFY_DEBUG */
1179 };
1180
1181 type pop_raw ()
1182 {
1183 if (current_state->stacktop <= 0)
1184 verify_fail ("stack empty");
1185 type r = current_state->stack[--current_state->stacktop];
1186 current_state->stackdepth -= r.depth ();
1187 if (current_state->stackdepth < 0)
1188 verify_fail ("stack empty", start_PC);
1189 return r;
1190 }
1191
1192 type pop32 ()
1193 {
1194 type r = pop_raw ();
1195 if (r.iswide ())
1196 verify_fail ("narrow pop of wide type");
1197 return r;
1198 }
1199
1200 type pop_type (type match)
1201 {
1202 match.promote ();
1203 type t = pop_raw ();
1204 if (! match.compatible (t, this))
1205 verify_fail ("incompatible type on stack");
1206 return t;
1207 }
1208
1209 // Pop a reference which is guaranteed to be initialized. MATCH
1210 // doesn't have to be a reference type; in this case this acts like
1211 // pop_type.
1212 type pop_init_ref (type match)
1213 {
1214 type t = pop_raw ();
1215 if (t.isreference () && ! t.isinitialized ())
1216 verify_fail ("initialized reference required");
1217 else if (! match.compatible (t, this))
1218 verify_fail ("incompatible type on stack");
1219 return t;
1220 }
1221
1222 // Pop a reference type or a return address.
1223 type pop_ref_or_return ()
1224 {
1225 type t = pop_raw ();
1226 if (! t.isreference () && t.key != return_address_type)
1227 verify_fail ("expected reference or return address on stack");
1228 return t;
1229 }
1230
1231 void push_type (type t)
1232 {
1233 // If T is a numeric type like short, promote it to int.
1234 t.promote ();
1235
1236 int depth = t.depth ();
1237 if (current_state->stackdepth + depth > current_method->max_stack)
1238 verify_fail ("stack overflow");
1239 current_state->stack[current_state->stacktop++] = t;
1240 current_state->stackdepth += depth;
1241 }
1242
1243 void set_variable (int index, type t)
1244 {
1245 // If T is a numeric type like short, promote it to int.
1246 t.promote ();
1247
1248 int depth = t.depth ();
1249 if (index > current_method->max_locals - depth)
1250 verify_fail ("invalid local variable");
1251 current_state->locals[index] = t;
1252
1253 if (depth == 2)
1254 current_state->locals[index + 1] = continuation_type;
1255 if (index > 0 && current_state->locals[index - 1].iswide ())
1256 current_state->locals[index - 1] = unsuitable_type;
1257 }
1258
1259 type get_variable (int index, type t)
1260 {
1261 int depth = t.depth ();
1262 if (index > current_method->max_locals - depth)
1263 verify_fail ("invalid local variable");
1264 if (! t.compatible (current_state->locals[index], this))
1265 verify_fail ("incompatible type in local variable");
1266 if (depth == 2)
1267 {
1268 type t (continuation_type);
1269 if (! current_state->locals[index + 1].compatible (t, this))
1270 verify_fail ("invalid local variable");
1271 }
1272 return current_state->locals[index];
1273 }
1274
1275 // Make sure ARRAY is an array type and that its elements are
1276 // compatible with type ELEMENT. Returns the actual element type.
1277 type require_array_type (type array, type element)
1278 {
1279 // An odd case. Here we just pretend that everything went ok. If
1280 // the requested element type is some kind of reference, return
1281 // the null type instead.
1282 if (array.isnull ())
1283 return element.isreference () ? type (null_type) : element;
1284
1285 if (! array.isarray ())
1286 verify_fail ("array required");
1287
1288 type t = array.element_type (this);
1289 if (! element.compatible (t, this))
1290 {
1291 // Special case for byte arrays, which must also be boolean
1292 // arrays.
1293 bool ok = true;
1294 if (element.key == byte_type)
1295 {
1296 type e2 (boolean_type);
1297 ok = e2.compatible (t, this);
1298 }
1299 if (! ok)
1300 verify_fail ("incompatible array element type");
1301 }
1302
1303 // Return T and not ELEMENT, because T might be specialized.
1304 return t;
1305 }
1306
1307 jint get_byte ()
1308 {
1309 if (PC >= current_method->code_length)
1310 verify_fail ("premature end of bytecode");
1311 return (jint) bytecode[PC++] & 0xff;
1312 }
1313
1314 jint get_ushort ()
1315 {
1316 jint b1 = get_byte ();
1317 jint b2 = get_byte ();
1318 return (jint) ((b1 << 8) | b2) & 0xffff;
1319 }
1320
1321 jint get_short ()
1322 {
1323 jint b1 = get_byte ();
1324 jint b2 = get_byte ();
1325 jshort s = (b1 << 8) | b2;
1326 return (jint) s;
1327 }
1328
1329 jint get_int ()
1330 {
1331 jint b1 = get_byte ();
1332 jint b2 = get_byte ();
1333 jint b3 = get_byte ();
1334 jint b4 = get_byte ();
1335 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1336 }
1337
1338 int compute_jump (int offset)
1339 {
1340 int npc = start_PC + offset;
1341 if (npc < 0 || npc >= current_method->code_length)
1342 verify_fail ("branch out of range", start_PC);
1343 return npc;
1344 }
1345
1346 // Add a new state to the state list at NPC.
1347 state *add_new_state (int npc, state *old_state)
1348 {
1349 state *new_state = new state (old_state, current_method->max_stack,
1350 current_method->max_locals);
1351 debug_print ("== New state in add_new_state\n");
1352 new_state->print ("New", npc, current_method->max_stack,
1353 current_method->max_locals);
1354 linked<state> *nlink
1355 = (linked<state> *) _Jv_Malloc (sizeof (linked<state>));
1356 nlink->val = new_state;
1357 nlink->next = states[npc];
1358 states[npc] = nlink;
1359 new_state->set_pc (npc);
1360 return new_state;
1361 }
1362
1363 // Merge the indicated state into the state at the branch target and
1364 // schedule a new PC if there is a change. NPC is the PC of the
1365 // branch target, and FROM_STATE is the state at the source of the
1366 // branch. This method returns true if the destination state
1367 // changed and requires reverification, false otherwise.
1368 void merge_into (int npc, state *from_state)
1369 {
1370 // Iterate over all target states and merge our state into each,
1371 // if applicable. FIXME one improvement we could make here is
1372 // "state destruction". Merging a new state into an existing one
1373 // might cause a return_address_type to be merged to
1374 // unsuitable_type. In this case the resulting state may now be
1375 // mergeable with other states currently held in parallel at this
1376 // location. So in this situation we could pairwise compare and
1377 // reduce the number of parallel states.
1378 bool applicable = false;
1379 for (linked<state> *iter = states[npc]; iter != NULL; iter = iter->next)
1380 {
1381 state *new_state = iter->val;
1382 if (new_state->state_mergeable_p (from_state,
1383 current_method->max_locals, this))
1384 {
1385 applicable = true;
1386
1387 debug_print ("== Merge states in merge_into\n");
1388 from_state->print ("Frm", start_PC, current_method->max_stack,
1389 current_method->max_locals);
1390 new_state->print (" To", npc, current_method->max_stack,
1391 current_method->max_locals);
1392 bool changed = new_state->merge (from_state,
1393 current_method->max_locals,
1394 this);
1395 new_state->print ("New", npc, current_method->max_stack,
1396 current_method->max_locals);
1397
1398 if (changed)
1399 new_state->reverify (this);
1400 }
1401 }
1402
1403 if (! applicable)
1404 {
1405 // Either we don't yet have a state at NPC, or we have a
1406 // return-address type that is in conflict with all existing
1407 // state. So, we need to create a new entry.
1408 state *new_state = add_new_state (npc, from_state);
1409 // A new state added in this way must always be reverified.
1410 new_state->reverify (this);
1411 }
1412 }
1413
1414 void push_jump (int offset)
1415 {
1416 int npc = compute_jump (offset);
1417 // According to the JVM Spec, we need to check for uninitialized
1418 // objects here. However, this does not actually affect type
1419 // safety, and the Eclipse java compiler generates code that
1420 // violates this constraint.
1421 merge_into (npc, current_state);
1422 }
1423
1424 void push_exception_jump (type t, int pc)
1425 {
1426 // According to the JVM Spec, we need to check for uninitialized
1427 // objects here. However, this does not actually affect type
1428 // safety, and the Eclipse java compiler generates code that
1429 // violates this constraint.
1430 state s (current_state, current_method->max_stack,
1431 current_method->max_locals);
1432 if (current_method->max_stack < 1)
1433 verify_fail ("stack overflow at exception handler");
1434 s.set_exception (t, current_method->max_stack);
1435 merge_into (pc, &s);
1436 }
1437
1438 state *pop_jump ()
1439 {
1440 state *new_state = next_verify_state;
1441 if (new_state == INVALID_STATE)
1442 verify_fail ("programmer error in pop_jump");
1443 if (new_state != NULL)
1444 {
1445 next_verify_state = new_state->next;
1446 new_state->next = INVALID_STATE;
1447 }
1448 return new_state;
1449 }
1450
1451 void invalidate_pc ()
1452 {
1453 PC = state::NO_NEXT;
1454 }
1455
1456 void note_branch_target (int pc)
1457 {
1458 // Don't check `pc <= PC', because we've advanced PC after
1459 // fetching the target and we haven't yet checked the next
1460 // instruction.
1461 if (pc < PC && ! (flags[pc] & FLAG_INSN_START))
1462 verify_fail ("branch not to instruction start", start_PC);
1463 flags[pc] |= FLAG_BRANCH_TARGET;
1464 }
1465
1466 void skip_padding ()
1467 {
1468 while ((PC % 4) > 0)
1469 if (get_byte () != 0)
1470 verify_fail ("found nonzero padding byte");
1471 }
1472
1473 // Do the work for a `ret' instruction. INDEX is the index into the
1474 // local variables.
1475 void handle_ret_insn (int index)
1476 {
1477 type ret_addr = get_variable (index, return_address_type);
1478 // It would be nice if we could do this. However, the JVM Spec
1479 // doesn't say that this is what happens. It is implied that
1480 // reusing a return address is invalid, but there's no actual
1481 // prohibition against it.
1482 // set_variable (index, unsuitable_type);
1483
1484 int npc = ret_addr.get_pc ();
1485 // We might be returning to a `jsr' that is at the end of the
1486 // bytecode. This is ok if we never return from the called
1487 // subroutine, but if we see this here it is an error.
1488 if (npc >= current_method->code_length)
1489 verify_fail ("fell off end");
1490
1491 // According to the JVM Spec, we need to check for uninitialized
1492 // objects here. However, this does not actually affect type
1493 // safety, and the Eclipse java compiler generates code that
1494 // violates this constraint.
1495 merge_into (npc, current_state);
1496 invalidate_pc ();
1497 }
1498
1499 void handle_jsr_insn (int offset)
1500 {
1501 int npc = compute_jump (offset);
1502
1503 // According to the JVM Spec, we need to check for uninitialized
1504 // objects here. However, this does not actually affect type
1505 // safety, and the Eclipse java compiler generates code that
1506 // violates this constraint.
1507
1508 // Modify our state as appropriate for entry into a subroutine.
1509 type ret_addr (return_address_type);
1510 ret_addr.set_return_address (PC);
1511 push_type (ret_addr);
1512 merge_into (npc, current_state);
1513 invalidate_pc ();
1514 }
1515
1516 jclass construct_primitive_array_type (type_val prim)
1517 {
1518 jclass k = NULL;
1519 switch (prim)
1520 {
1521 case boolean_type:
1522 k = JvPrimClass (boolean);
1523 break;
1524 case char_type:
1525 k = JvPrimClass (char);
1526 break;
1527 case float_type:
1528 k = JvPrimClass (float);
1529 break;
1530 case double_type:
1531 k = JvPrimClass (double);
1532 break;
1533 case byte_type:
1534 k = JvPrimClass (byte);
1535 break;
1536 case short_type:
1537 k = JvPrimClass (short);
1538 break;
1539 case int_type:
1540 k = JvPrimClass (int);
1541 break;
1542 case long_type:
1543 k = JvPrimClass (long);
1544 break;
1545
1546 // These aren't used here but we call them out to avoid
1547 // warnings.
1548 case void_type:
1549 case unsuitable_type:
1550 case return_address_type:
1551 case continuation_type:
1552 case reference_type:
1553 case null_type:
1554 case uninitialized_reference_type:
1555 default:
1556 verify_fail ("unknown type in construct_primitive_array_type");
1557 }
1558 k = _Jv_GetArrayClass (k, NULL);
1559 return k;
1560 }
1561
1562 // This pass computes the location of branch targets and also
1563 // instruction starts.
1564 void branch_prepass ()
1565 {
1566 flags = (char *) _Jv_Malloc (current_method->code_length);
1567
1568 for (int i = 0; i < current_method->code_length; ++i)
1569 flags[i] = 0;
1570
1571 PC = 0;
1572 while (PC < current_method->code_length)
1573 {
1574 // Set `start_PC' early so that error checking can have the
1575 // correct value.
1576 start_PC = PC;
1577 flags[PC] |= FLAG_INSN_START;
1578
1579 java_opcode opcode = (java_opcode) bytecode[PC++];
1580 switch (opcode)
1581 {
1582 case op_nop:
1583 case op_aconst_null:
1584 case op_iconst_m1:
1585 case op_iconst_0:
1586 case op_iconst_1:
1587 case op_iconst_2:
1588 case op_iconst_3:
1589 case op_iconst_4:
1590 case op_iconst_5:
1591 case op_lconst_0:
1592 case op_lconst_1:
1593 case op_fconst_0:
1594 case op_fconst_1:
1595 case op_fconst_2:
1596 case op_dconst_0:
1597 case op_dconst_1:
1598 case op_iload_0:
1599 case op_iload_1:
1600 case op_iload_2:
1601 case op_iload_3:
1602 case op_lload_0:
1603 case op_lload_1:
1604 case op_lload_2:
1605 case op_lload_3:
1606 case op_fload_0:
1607 case op_fload_1:
1608 case op_fload_2:
1609 case op_fload_3:
1610 case op_dload_0:
1611 case op_dload_1:
1612 case op_dload_2:
1613 case op_dload_3:
1614 case op_aload_0:
1615 case op_aload_1:
1616 case op_aload_2:
1617 case op_aload_3:
1618 case op_iaload:
1619 case op_laload:
1620 case op_faload:
1621 case op_daload:
1622 case op_aaload:
1623 case op_baload:
1624 case op_caload:
1625 case op_saload:
1626 case op_istore_0:
1627 case op_istore_1:
1628 case op_istore_2:
1629 case op_istore_3:
1630 case op_lstore_0:
1631 case op_lstore_1:
1632 case op_lstore_2:
1633 case op_lstore_3:
1634 case op_fstore_0:
1635 case op_fstore_1:
1636 case op_fstore_2:
1637 case op_fstore_3:
1638 case op_dstore_0:
1639 case op_dstore_1:
1640 case op_dstore_2:
1641 case op_dstore_3:
1642 case op_astore_0:
1643 case op_astore_1:
1644 case op_astore_2:
1645 case op_astore_3:
1646 case op_iastore:
1647 case op_lastore:
1648 case op_fastore:
1649 case op_dastore:
1650 case op_aastore:
1651 case op_bastore:
1652 case op_castore:
1653 case op_sastore:
1654 case op_pop:
1655 case op_pop2:
1656 case op_dup:
1657 case op_dup_x1:
1658 case op_dup_x2:
1659 case op_dup2:
1660 case op_dup2_x1:
1661 case op_dup2_x2:
1662 case op_swap:
1663 case op_iadd:
1664 case op_isub:
1665 case op_imul:
1666 case op_idiv:
1667 case op_irem:
1668 case op_ishl:
1669 case op_ishr:
1670 case op_iushr:
1671 case op_iand:
1672 case op_ior:
1673 case op_ixor:
1674 case op_ladd:
1675 case op_lsub:
1676 case op_lmul:
1677 case op_ldiv:
1678 case op_lrem:
1679 case op_lshl:
1680 case op_lshr:
1681 case op_lushr:
1682 case op_land:
1683 case op_lor:
1684 case op_lxor:
1685 case op_fadd:
1686 case op_fsub:
1687 case op_fmul:
1688 case op_fdiv:
1689 case op_frem:
1690 case op_dadd:
1691 case op_dsub:
1692 case op_dmul:
1693 case op_ddiv:
1694 case op_drem:
1695 case op_ineg:
1696 case op_i2b:
1697 case op_i2c:
1698 case op_i2s:
1699 case op_lneg:
1700 case op_fneg:
1701 case op_dneg:
1702 case op_i2l:
1703 case op_i2f:
1704 case op_i2d:
1705 case op_l2i:
1706 case op_l2f:
1707 case op_l2d:
1708 case op_f2i:
1709 case op_f2l:
1710 case op_f2d:
1711 case op_d2i:
1712 case op_d2l:
1713 case op_d2f:
1714 case op_lcmp:
1715 case op_fcmpl:
1716 case op_fcmpg:
1717 case op_dcmpl:
1718 case op_dcmpg:
1719 case op_monitorenter:
1720 case op_monitorexit:
1721 case op_ireturn:
1722 case op_lreturn:
1723 case op_freturn:
1724 case op_dreturn:
1725 case op_areturn:
1726 case op_return:
1727 case op_athrow:
1728 case op_arraylength:
1729 break;
1730
1731 case op_bipush:
1732 case op_ldc:
1733 case op_iload:
1734 case op_lload:
1735 case op_fload:
1736 case op_dload:
1737 case op_aload:
1738 case op_istore:
1739 case op_lstore:
1740 case op_fstore:
1741 case op_dstore:
1742 case op_astore:
1743 case op_ret:
1744 case op_newarray:
1745 get_byte ();
1746 break;
1747
1748 case op_iinc:
1749 case op_sipush:
1750 case op_ldc_w:
1751 case op_ldc2_w:
1752 case op_getstatic:
1753 case op_getfield:
1754 case op_putfield:
1755 case op_putstatic:
1756 case op_new:
1757 case op_anewarray:
1758 case op_instanceof:
1759 case op_checkcast:
1760 case op_invokespecial:
1761 case op_invokestatic:
1762 case op_invokevirtual:
1763 get_short ();
1764 break;
1765
1766 case op_multianewarray:
1767 get_short ();
1768 get_byte ();
1769 break;
1770
1771 case op_jsr:
1772 case op_ifeq:
1773 case op_ifne:
1774 case op_iflt:
1775 case op_ifge:
1776 case op_ifgt:
1777 case op_ifle:
1778 case op_if_icmpeq:
1779 case op_if_icmpne:
1780 case op_if_icmplt:
1781 case op_if_icmpge:
1782 case op_if_icmpgt:
1783 case op_if_icmple:
1784 case op_if_acmpeq:
1785 case op_if_acmpne:
1786 case op_ifnull:
1787 case op_ifnonnull:
1788 case op_goto:
1789 note_branch_target (compute_jump (get_short ()));
1790 break;
1791
1792 case op_tableswitch:
1793 {
1794 skip_padding ();
1795 note_branch_target (compute_jump (get_int ()));
1796 jint low = get_int ();
1797 jint hi = get_int ();
1798 if (low > hi)
1799 verify_fail ("invalid tableswitch", start_PC);
1800 for (int i = low; i <= hi; ++i)
1801 note_branch_target (compute_jump (get_int ()));
1802 }
1803 break;
1804
1805 case op_lookupswitch:
1806 {
1807 skip_padding ();
1808 note_branch_target (compute_jump (get_int ()));
1809 int npairs = get_int ();
1810 if (npairs < 0)
1811 verify_fail ("too few pairs in lookupswitch", start_PC);
1812 while (npairs-- > 0)
1813 {
1814 get_int ();
1815 note_branch_target (compute_jump (get_int ()));
1816 }
1817 }
1818 break;
1819
1820 case op_invokeinterface:
1821 get_short ();
1822 get_byte ();
1823 get_byte ();
1824 break;
1825
1826 case op_wide:
1827 {
1828 opcode = (java_opcode) get_byte ();
1829 get_short ();
1830 if (opcode == op_iinc)
1831 get_short ();
1832 }
1833 break;
1834
1835 case op_jsr_w:
1836 case op_goto_w:
1837 note_branch_target (compute_jump (get_int ()));
1838 break;
1839
1840 // These are unused here, but we call them out explicitly
1841 // so that -Wswitch-enum doesn't complain.
1842 case op_putfield_1:
1843 case op_putfield_2:
1844 case op_putfield_4:
1845 case op_putfield_8:
1846 case op_putfield_a:
1847 case op_putstatic_1:
1848 case op_putstatic_2:
1849 case op_putstatic_4:
1850 case op_putstatic_8:
1851 case op_putstatic_a:
1852 case op_getfield_1:
1853 case op_getfield_2s:
1854 case op_getfield_2u:
1855 case op_getfield_4:
1856 case op_getfield_8:
1857 case op_getfield_a:
1858 case op_getstatic_1:
1859 case op_getstatic_2s:
1860 case op_getstatic_2u:
1861 case op_getstatic_4:
1862 case op_getstatic_8:
1863 case op_getstatic_a:
1864 default:
1865 verify_fail ("unrecognized instruction in branch_prepass",
1866 start_PC);
1867 }
1868
1869 // See if any previous branch tried to branch to the middle of
1870 // this instruction.
1871 for (int pc = start_PC + 1; pc < PC; ++pc)
1872 {
1873 if ((flags[pc] & FLAG_BRANCH_TARGET))
1874 verify_fail ("branch to middle of instruction", pc);
1875 }
1876 }
1877
1878 // Verify exception handlers.
1879 for (int i = 0; i < current_method->exc_count; ++i)
1880 {
1881 if (! (flags[exception[i].handler_pc.i] & FLAG_INSN_START))
1882 verify_fail ("exception handler not at instruction start",
1883 exception[i].handler_pc.i);
1884 if (! (flags[exception[i].start_pc.i] & FLAG_INSN_START))
1885 verify_fail ("exception start not at instruction start",
1886 exception[i].start_pc.i);
1887 if (exception[i].end_pc.i != current_method->code_length
1888 && ! (flags[exception[i].end_pc.i] & FLAG_INSN_START))
1889 verify_fail ("exception end not at instruction start",
1890 exception[i].end_pc.i);
1891
1892 flags[exception[i].handler_pc.i] |= FLAG_BRANCH_TARGET;
1893 }
1894 }
1895
1896 void check_pool_index (int index)
1897 {
1898 if (index < 0 || index >= current_class->constants.size)
1899 verify_fail ("constant pool index out of range", start_PC);
1900 }
1901
1902 type check_class_constant (int index)
1903 {
1904 check_pool_index (index);
1905 _Jv_Constants *pool = &current_class->constants;
1906 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
1907 return type (pool->data[index].clazz, this);
1908 else if (pool->tags[index] == JV_CONSTANT_Class)
1909 return type (pool->data[index].utf8, this);
1910 verify_fail ("expected class constant", start_PC);
1911 }
1912
1913 type check_constant (int index)
1914 {
1915 check_pool_index (index);
1916 _Jv_Constants *pool = &current_class->constants;
1917 if (pool->tags[index] == JV_CONSTANT_ResolvedString
1918 || pool->tags[index] == JV_CONSTANT_String)
1919 return type (&java::lang::String::class$, this);
1920 else if (pool->tags[index] == JV_CONSTANT_Integer)
1921 return type (int_type);
1922 else if (pool->tags[index] == JV_CONSTANT_Float)
1923 return type (float_type);
1924 verify_fail ("String, int, or float constant expected", start_PC);
1925 }
1926
1927 type check_wide_constant (int index)
1928 {
1929 check_pool_index (index);
1930 _Jv_Constants *pool = &current_class->constants;
1931 if (pool->tags[index] == JV_CONSTANT_Long)
1932 return type (long_type);
1933 else if (pool->tags[index] == JV_CONSTANT_Double)
1934 return type (double_type);
1935 verify_fail ("long or double constant expected", start_PC);
1936 }
1937
1938 // Helper for both field and method. These are laid out the same in
1939 // the constant pool.
1940 type handle_field_or_method (int index, int expected,
1941 _Jv_Utf8Const **name,
1942 _Jv_Utf8Const **fmtype)
1943 {
1944 check_pool_index (index);
1945 _Jv_Constants *pool = &current_class->constants;
1946 if (pool->tags[index] != expected)
1947 verify_fail ("didn't see expected constant", start_PC);
1948 // Once we know we have a Fieldref or Methodref we assume that it
1949 // is correctly laid out in the constant pool. I think the code
1950 // in defineclass.cc guarantees this.
1951 _Jv_ushort class_index, name_and_type_index;
1952 _Jv_loadIndexes (&pool->data[index],
1953 class_index,
1954 name_and_type_index);
1955 _Jv_ushort name_index, desc_index;
1956 _Jv_loadIndexes (&pool->data[name_and_type_index],
1957 name_index, desc_index);
1958
1959 *name = pool->data[name_index].utf8;
1960 *fmtype = pool->data[desc_index].utf8;
1961
1962 return check_class_constant (class_index);
1963 }
1964
1965 // Return field's type, compute class' type if requested.
1966 type check_field_constant (int index, type *class_type = NULL)
1967 {
1968 _Jv_Utf8Const *name, *field_type;
1969 type ct = handle_field_or_method (index,
1970 JV_CONSTANT_Fieldref,
1971 &name, &field_type);
1972 if (class_type)
1973 *class_type = ct;
1974 if (field_type->first() == '[' || field_type->first() == 'L')
1975 return type (field_type, this);
1976 return get_type_val_for_signature (field_type->first());
1977 }
1978
1979 type check_method_constant (int index, bool is_interface,
1980 _Jv_Utf8Const **method_name,
1981 _Jv_Utf8Const **method_signature)
1982 {
1983 return handle_field_or_method (index,
1984 (is_interface
1985 ? JV_CONSTANT_InterfaceMethodref
1986 : JV_CONSTANT_Methodref),
1987 method_name, method_signature);
1988 }
1989
1990 type get_one_type (char *&p)
1991 {
1992 char *start = p;
1993
1994 int arraycount = 0;
1995 while (*p == '[')
1996 {
1997 ++arraycount;
1998 ++p;
1999 }
2000
2001 char v = *p++;
2002
2003 if (v == 'L')
2004 {
2005 while (*p != ';')
2006 ++p;
2007 ++p;
2008 _Jv_Utf8Const *name = make_utf8_const (start, p - start);
2009 return type (name, this);
2010 }
2011
2012 // Casting to jchar here is ok since we are looking at an ASCII
2013 // character.
2014 type_val rt = get_type_val_for_signature (jchar (v));
2015
2016 if (arraycount == 0)
2017 {
2018 // Callers of this function eventually push their arguments on
2019 // the stack. So, promote them here.
2020 return type (rt).promote ();
2021 }
2022
2023 jclass k = construct_primitive_array_type (rt);
2024 while (--arraycount > 0)
2025 k = _Jv_GetArrayClass (k, NULL);
2026 return type (k, this);
2027 }
2028
2029 void compute_argument_types (_Jv_Utf8Const *signature,
2030 type *types)
2031 {
2032 char *p = signature->chars();
2033
2034 // Skip `('.
2035 ++p;
2036
2037 int i = 0;
2038 while (*p != ')')
2039 types[i++] = get_one_type (p);
2040 }
2041
2042 type compute_return_type (_Jv_Utf8Const *signature)
2043 {
2044 char *p = signature->chars();
2045 while (*p != ')')
2046 ++p;
2047 ++p;
2048 return get_one_type (p);
2049 }
2050
2051 void check_return_type (type onstack)
2052 {
2053 type rt = compute_return_type (current_method->self->signature);
2054 if (! rt.compatible (onstack, this))
2055 verify_fail ("incompatible return type");
2056 }
2057
2058 // Initialize the stack for the new method. Returns true if this
2059 // method is an instance initializer.
2060 bool initialize_stack ()
2061 {
2062 int var = 0;
2063 bool is_init = _Jv_equalUtf8Consts (current_method->self->name,
2064 gcj::init_name);
2065 bool is_clinit = _Jv_equalUtf8Consts (current_method->self->name,
2066 gcj::clinit_name);
2067
2068 using namespace java::lang::reflect;
2069 if (! Modifier::isStatic (current_method->self->accflags))
2070 {
2071 type kurr (current_class, this);
2072 if (is_init)
2073 {
2074 kurr.set_uninitialized (type::SELF, this);
2075 is_init = true;
2076 }
2077 else if (is_clinit)
2078 verify_fail ("<clinit> method must be static");
2079 set_variable (0, kurr);
2080 current_state->set_this_type (kurr);
2081 ++var;
2082 }
2083 else
2084 {
2085 if (is_init)
2086 verify_fail ("<init> method must be non-static");
2087 }
2088
2089 // We have to handle wide arguments specially here.
2090 int arg_count = _Jv_count_arguments (current_method->self->signature);
2091 type arg_types[arg_count];
2092 compute_argument_types (current_method->self->signature, arg_types);
2093 for (int i = 0; i < arg_count; ++i)
2094 {
2095 set_variable (var, arg_types[i]);
2096 ++var;
2097 if (arg_types[i].iswide ())
2098 ++var;
2099 }
2100
2101 return is_init;
2102 }
2103
2104 void verify_instructions_0 ()
2105 {
2106 current_state = new state (current_method->max_stack,
2107 current_method->max_locals);
2108
2109 PC = 0;
2110 start_PC = 0;
2111
2112 // True if we are verifying an instance initializer.
2113 bool this_is_init = initialize_stack ();
2114
2115 states = (linked<state> **) _Jv_Malloc (sizeof (linked<state> *)
2116 * current_method->code_length);
2117 for (int i = 0; i < current_method->code_length; ++i)
2118 states[i] = NULL;
2119
2120 next_verify_state = NULL;
2121
2122 while (true)
2123 {
2124 // If the PC was invalidated, get a new one from the work list.
2125 if (PC == state::NO_NEXT)
2126 {
2127 state *new_state = pop_jump ();
2128 // If it is null, we're done.
2129 if (new_state == NULL)
2130 break;
2131
2132 PC = new_state->get_pc ();
2133 debug_print ("== State pop from pending list\n");
2134 // Set up the current state.
2135 current_state->copy (new_state, current_method->max_stack,
2136 current_method->max_locals);
2137 }
2138 else
2139 {
2140 // We only have to do this checking in the situation where
2141 // control flow falls through from the previous
2142 // instruction. Otherwise merging is done at the time we
2143 // push the branch.
2144 if (states[PC] != NULL)
2145 {
2146 // We've already visited this instruction. So merge
2147 // the states together. It is simplest, but not most
2148 // efficient, to just always invalidate the PC here.
2149 merge_into (PC, current_state);
2150 invalidate_pc ();
2151 continue;
2152 }
2153 }
2154
2155 // Control can't fall off the end of the bytecode. We need to
2156 // check this in both cases, not just the fall-through case,
2157 // because we don't check to see whether a `jsr' appears at
2158 // the end of the bytecode until we process a `ret'.
2159 if (PC >= current_method->code_length)
2160 verify_fail ("fell off end");
2161
2162 // We only have to keep saved state at branch targets. If
2163 // we're at a branch target and the state here hasn't been set
2164 // yet, we set it now. You might notice that `ret' targets
2165 // won't necessarily have FLAG_BRANCH_TARGET set. This
2166 // doesn't matter, since those states will be filled in by
2167 // merge_into.
2168 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET))
2169 add_new_state (PC, current_state);
2170
2171 // Set this before handling exceptions so that debug output is
2172 // sane.
2173 start_PC = PC;
2174
2175 // Update states for all active exception handlers. Ordinarily
2176 // there are not many exception handlers. So we simply run
2177 // through them all.
2178 for (int i = 0; i < current_method->exc_count; ++i)
2179 {
2180 if (PC >= exception[i].start_pc.i && PC < exception[i].end_pc.i)
2181 {
2182 type handler (&java::lang::Throwable::class$, this);
2183 if (exception[i].handler_type.i != 0)
2184 handler = check_class_constant (exception[i].handler_type.i);
2185 push_exception_jump (handler, exception[i].handler_pc.i);
2186 }
2187 }
2188
2189 current_state->print (" ", PC, current_method->max_stack,
2190 current_method->max_locals);
2191 java_opcode opcode = (java_opcode) bytecode[PC++];
2192 switch (opcode)
2193 {
2194 case op_nop:
2195 break;
2196
2197 case op_aconst_null:
2198 push_type (null_type);
2199 break;
2200
2201 case op_iconst_m1:
2202 case op_iconst_0:
2203 case op_iconst_1:
2204 case op_iconst_2:
2205 case op_iconst_3:
2206 case op_iconst_4:
2207 case op_iconst_5:
2208 push_type (int_type);
2209 break;
2210
2211 case op_lconst_0:
2212 case op_lconst_1:
2213 push_type (long_type);
2214 break;
2215
2216 case op_fconst_0:
2217 case op_fconst_1:
2218 case op_fconst_2:
2219 push_type (float_type);
2220 break;
2221
2222 case op_dconst_0:
2223 case op_dconst_1:
2224 push_type (double_type);
2225 break;
2226
2227 case op_bipush:
2228 get_byte ();
2229 push_type (int_type);
2230 break;
2231
2232 case op_sipush:
2233 get_short ();
2234 push_type (int_type);
2235 break;
2236
2237 case op_ldc:
2238 push_type (check_constant (get_byte ()));
2239 break;
2240 case op_ldc_w:
2241 push_type (check_constant (get_ushort ()));
2242 break;
2243 case op_ldc2_w:
2244 push_type (check_wide_constant (get_ushort ()));
2245 break;
2246
2247 case op_iload:
2248 push_type (get_variable (get_byte (), int_type));
2249 break;
2250 case op_lload:
2251 push_type (get_variable (get_byte (), long_type));
2252 break;
2253 case op_fload:
2254 push_type (get_variable (get_byte (), float_type));
2255 break;
2256 case op_dload:
2257 push_type (get_variable (get_byte (), double_type));
2258 break;
2259 case op_aload:
2260 push_type (get_variable (get_byte (), reference_type));
2261 break;
2262
2263 case op_iload_0:
2264 case op_iload_1:
2265 case op_iload_2:
2266 case op_iload_3:
2267 push_type (get_variable (opcode - op_iload_0, int_type));
2268 break;
2269 case op_lload_0:
2270 case op_lload_1:
2271 case op_lload_2:
2272 case op_lload_3:
2273 push_type (get_variable (opcode - op_lload_0, long_type));
2274 break;
2275 case op_fload_0:
2276 case op_fload_1:
2277 case op_fload_2:
2278 case op_fload_3:
2279 push_type (get_variable (opcode - op_fload_0, float_type));
2280 break;
2281 case op_dload_0:
2282 case op_dload_1:
2283 case op_dload_2:
2284 case op_dload_3:
2285 push_type (get_variable (opcode - op_dload_0, double_type));
2286 break;
2287 case op_aload_0:
2288 case op_aload_1:
2289 case op_aload_2:
2290 case op_aload_3:
2291 push_type (get_variable (opcode - op_aload_0, reference_type));
2292 break;
2293 case op_iaload:
2294 pop_type (int_type);
2295 push_type (require_array_type (pop_init_ref (reference_type),
2296 int_type));
2297 break;
2298 case op_laload:
2299 pop_type (int_type);
2300 push_type (require_array_type (pop_init_ref (reference_type),
2301 long_type));
2302 break;
2303 case op_faload:
2304 pop_type (int_type);
2305 push_type (require_array_type (pop_init_ref (reference_type),
2306 float_type));
2307 break;
2308 case op_daload:
2309 pop_type (int_type);
2310 push_type (require_array_type (pop_init_ref (reference_type),
2311 double_type));
2312 break;
2313 case op_aaload:
2314 pop_type (int_type);
2315 push_type (require_array_type (pop_init_ref (reference_type),
2316 reference_type));
2317 break;
2318 case op_baload:
2319 pop_type (int_type);
2320 require_array_type (pop_init_ref (reference_type), byte_type);
2321 push_type (int_type);
2322 break;
2323 case op_caload:
2324 pop_type (int_type);
2325 require_array_type (pop_init_ref (reference_type), char_type);
2326 push_type (int_type);
2327 break;
2328 case op_saload:
2329 pop_type (int_type);
2330 require_array_type (pop_init_ref (reference_type), short_type);
2331 push_type (int_type);
2332 break;
2333 case op_istore:
2334 set_variable (get_byte (), pop_type (int_type));
2335 break;
2336 case op_lstore:
2337 set_variable (get_byte (), pop_type (long_type));
2338 break;
2339 case op_fstore:
2340 set_variable (get_byte (), pop_type (float_type));
2341 break;
2342 case op_dstore:
2343 set_variable (get_byte (), pop_type (double_type));
2344 break;
2345 case op_astore:
2346 set_variable (get_byte (), pop_ref_or_return ());
2347 break;
2348 case op_istore_0:
2349 case op_istore_1:
2350 case op_istore_2:
2351 case op_istore_3:
2352 set_variable (opcode - op_istore_0, pop_type (int_type));
2353 break;
2354 case op_lstore_0:
2355 case op_lstore_1:
2356 case op_lstore_2:
2357 case op_lstore_3:
2358 set_variable (opcode - op_lstore_0, pop_type (long_type));
2359 break;
2360 case op_fstore_0:
2361 case op_fstore_1:
2362 case op_fstore_2:
2363 case op_fstore_3:
2364 set_variable (opcode - op_fstore_0, pop_type (float_type));
2365 break;
2366 case op_dstore_0:
2367 case op_dstore_1:
2368 case op_dstore_2:
2369 case op_dstore_3:
2370 set_variable (opcode - op_dstore_0, pop_type (double_type));
2371 break;
2372 case op_astore_0:
2373 case op_astore_1:
2374 case op_astore_2:
2375 case op_astore_3:
2376 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2377 break;
2378 case op_iastore:
2379 pop_type (int_type);
2380 pop_type (int_type);
2381 require_array_type (pop_init_ref (reference_type), int_type);
2382 break;
2383 case op_lastore:
2384 pop_type (long_type);
2385 pop_type (int_type);
2386 require_array_type (pop_init_ref (reference_type), long_type);
2387 break;
2388 case op_fastore:
2389 pop_type (float_type);
2390 pop_type (int_type);
2391 require_array_type (pop_init_ref (reference_type), float_type);
2392 break;
2393 case op_dastore:
2394 pop_type (double_type);
2395 pop_type (int_type);
2396 require_array_type (pop_init_ref (reference_type), double_type);
2397 break;
2398 case op_aastore:
2399 pop_type (reference_type);
2400 pop_type (int_type);
2401 require_array_type (pop_init_ref (reference_type), reference_type);
2402 break;
2403 case op_bastore:
2404 pop_type (int_type);
2405 pop_type (int_type);
2406 require_array_type (pop_init_ref (reference_type), byte_type);
2407 break;
2408 case op_castore:
2409 pop_type (int_type);
2410 pop_type (int_type);
2411 require_array_type (pop_init_ref (reference_type), char_type);
2412 break;
2413 case op_sastore:
2414 pop_type (int_type);
2415 pop_type (int_type);
2416 require_array_type (pop_init_ref (reference_type), short_type);
2417 break;
2418 case op_pop:
2419 pop32 ();
2420 break;
2421 case op_pop2:
2422 {
2423 type t = pop_raw ();
2424 if (! t.iswide ())
2425 pop32 ();
2426 }
2427 break;
2428 case op_dup:
2429 {
2430 type t = pop32 ();
2431 push_type (t);
2432 push_type (t);
2433 }
2434 break;
2435 case op_dup_x1:
2436 {
2437 type t1 = pop32 ();
2438 type t2 = pop32 ();
2439 push_type (t1);
2440 push_type (t2);
2441 push_type (t1);
2442 }
2443 break;
2444 case op_dup_x2:
2445 {
2446 type t1 = pop32 ();
2447 type t2 = pop_raw ();
2448 if (! t2.iswide ())
2449 {
2450 type t3 = pop32 ();
2451 push_type (t1);
2452 push_type (t3);
2453 }
2454 else
2455 push_type (t1);
2456 push_type (t2);
2457 push_type (t1);
2458 }
2459 break;
2460 case op_dup2:
2461 {
2462 type t = pop_raw ();
2463 if (! t.iswide ())
2464 {
2465 type t2 = pop32 ();
2466 push_type (t2);
2467 push_type (t);
2468 push_type (t2);
2469 }
2470 else
2471 push_type (t);
2472 push_type (t);
2473 }
2474 break;
2475 case op_dup2_x1:
2476 {
2477 type t1 = pop_raw ();
2478 type t2 = pop32 ();
2479 if (! t1.iswide ())
2480 {
2481 type t3 = pop32 ();
2482 push_type (t2);
2483 push_type (t1);
2484 push_type (t3);
2485 }
2486 else
2487 push_type (t1);
2488 push_type (t2);
2489 push_type (t1);
2490 }
2491 break;
2492 case op_dup2_x2:
2493 {
2494 type t1 = pop_raw ();
2495 if (t1.iswide ())
2496 {
2497 type t2 = pop_raw ();
2498 if (t2.iswide ())
2499 {
2500 push_type (t1);
2501 push_type (t2);
2502 }
2503 else
2504 {
2505 type t3 = pop32 ();
2506 push_type (t1);
2507 push_type (t3);
2508 push_type (t2);
2509 }
2510 push_type (t1);
2511 }
2512 else
2513 {
2514 type t2 = pop32 ();
2515 type t3 = pop_raw ();
2516 if (t3.iswide ())
2517 {
2518 push_type (t2);
2519 push_type (t1);
2520 }
2521 else
2522 {
2523 type t4 = pop32 ();
2524 push_type (t2);
2525 push_type (t1);
2526 push_type (t4);
2527 }
2528 push_type (t3);
2529 push_type (t2);
2530 push_type (t1);
2531 }
2532 }
2533 break;
2534 case op_swap:
2535 {
2536 type t1 = pop32 ();
2537 type t2 = pop32 ();
2538 push_type (t1);
2539 push_type (t2);
2540 }
2541 break;
2542 case op_iadd:
2543 case op_isub:
2544 case op_imul:
2545 case op_idiv:
2546 case op_irem:
2547 case op_ishl:
2548 case op_ishr:
2549 case op_iushr:
2550 case op_iand:
2551 case op_ior:
2552 case op_ixor:
2553 pop_type (int_type);
2554 push_type (pop_type (int_type));
2555 break;
2556 case op_ladd:
2557 case op_lsub:
2558 case op_lmul:
2559 case op_ldiv:
2560 case op_lrem:
2561 case op_land:
2562 case op_lor:
2563 case op_lxor:
2564 pop_type (long_type);
2565 push_type (pop_type (long_type));
2566 break;
2567 case op_lshl:
2568 case op_lshr:
2569 case op_lushr:
2570 pop_type (int_type);
2571 push_type (pop_type (long_type));
2572 break;
2573 case op_fadd:
2574 case op_fsub:
2575 case op_fmul:
2576 case op_fdiv:
2577 case op_frem:
2578 pop_type (float_type);
2579 push_type (pop_type (float_type));
2580 break;
2581 case op_dadd:
2582 case op_dsub:
2583 case op_dmul:
2584 case op_ddiv:
2585 case op_drem:
2586 pop_type (double_type);
2587 push_type (pop_type (double_type));
2588 break;
2589 case op_ineg:
2590 case op_i2b:
2591 case op_i2c:
2592 case op_i2s:
2593 push_type (pop_type (int_type));
2594 break;
2595 case op_lneg:
2596 push_type (pop_type (long_type));
2597 break;
2598 case op_fneg:
2599 push_type (pop_type (float_type));
2600 break;
2601 case op_dneg:
2602 push_type (pop_type (double_type));
2603 break;
2604 case op_iinc:
2605 get_variable (get_byte (), int_type);
2606 get_byte ();
2607 break;
2608 case op_i2l:
2609 pop_type (int_type);
2610 push_type (long_type);
2611 break;
2612 case op_i2f:
2613 pop_type (int_type);
2614 push_type (float_type);
2615 break;
2616 case op_i2d:
2617 pop_type (int_type);
2618 push_type (double_type);
2619 break;
2620 case op_l2i:
2621 pop_type (long_type);
2622 push_type (int_type);
2623 break;
2624 case op_l2f:
2625 pop_type (long_type);
2626 push_type (float_type);
2627 break;
2628 case op_l2d:
2629 pop_type (long_type);
2630 push_type (double_type);
2631 break;
2632 case op_f2i:
2633 pop_type (float_type);
2634 push_type (int_type);
2635 break;
2636 case op_f2l:
2637 pop_type (float_type);
2638 push_type (long_type);
2639 break;
2640 case op_f2d:
2641 pop_type (float_type);
2642 push_type (double_type);
2643 break;
2644 case op_d2i:
2645 pop_type (double_type);
2646 push_type (int_type);
2647 break;
2648 case op_d2l:
2649 pop_type (double_type);
2650 push_type (long_type);
2651 break;
2652 case op_d2f:
2653 pop_type (double_type);
2654 push_type (float_type);
2655 break;
2656 case op_lcmp:
2657 pop_type (long_type);
2658 pop_type (long_type);
2659 push_type (int_type);
2660 break;
2661 case op_fcmpl:
2662 case op_fcmpg:
2663 pop_type (float_type);
2664 pop_type (float_type);
2665 push_type (int_type);
2666 break;
2667 case op_dcmpl:
2668 case op_dcmpg:
2669 pop_type (double_type);
2670 pop_type (double_type);
2671 push_type (int_type);
2672 break;
2673 case op_ifeq:
2674 case op_ifne:
2675 case op_iflt:
2676 case op_ifge:
2677 case op_ifgt:
2678 case op_ifle:
2679 pop_type (int_type);
2680 push_jump (get_short ());
2681 break;
2682 case op_if_icmpeq:
2683 case op_if_icmpne:
2684 case op_if_icmplt:
2685 case op_if_icmpge:
2686 case op_if_icmpgt:
2687 case op_if_icmple:
2688 pop_type (int_type);
2689 pop_type (int_type);
2690 push_jump (get_short ());
2691 break;
2692 case op_if_acmpeq:
2693 case op_if_acmpne:
2694 pop_type (reference_type);
2695 pop_type (reference_type);
2696 push_jump (get_short ());
2697 break;
2698 case op_goto:
2699 push_jump (get_short ());
2700 invalidate_pc ();
2701 break;
2702 case op_jsr:
2703 handle_jsr_insn (get_short ());
2704 break;
2705 case op_ret:
2706 handle_ret_insn (get_byte ());
2707 break;
2708 case op_tableswitch:
2709 {
2710 pop_type (int_type);
2711 skip_padding ();
2712 push_jump (get_int ());
2713 jint low = get_int ();
2714 jint high = get_int ();
2715 // Already checked LOW -vs- HIGH.
2716 for (int i = low; i <= high; ++i)
2717 push_jump (get_int ());
2718 invalidate_pc ();
2719 }
2720 break;
2721
2722 case op_lookupswitch:
2723 {
2724 pop_type (int_type);
2725 skip_padding ();
2726 push_jump (get_int ());
2727 jint npairs = get_int ();
2728 // Already checked NPAIRS >= 0.
2729 jint lastkey = 0;
2730 for (int i = 0; i < npairs; ++i)
2731 {
2732 jint key = get_int ();
2733 if (i > 0 && key <= lastkey)
2734 verify_fail ("lookupswitch pairs unsorted", start_PC);
2735 lastkey = key;
2736 push_jump (get_int ());
2737 }
2738 invalidate_pc ();
2739 }
2740 break;
2741 case op_ireturn:
2742 check_return_type (pop_type (int_type));
2743 invalidate_pc ();
2744 break;
2745 case op_lreturn:
2746 check_return_type (pop_type (long_type));
2747 invalidate_pc ();
2748 break;
2749 case op_freturn:
2750 check_return_type (pop_type (float_type));
2751 invalidate_pc ();
2752 break;
2753 case op_dreturn:
2754 check_return_type (pop_type (double_type));
2755 invalidate_pc ();
2756 break;
2757 case op_areturn:
2758 check_return_type (pop_init_ref (reference_type));
2759 invalidate_pc ();
2760 break;
2761 case op_return:
2762 // We only need to check this when the return type is
2763 // void, because all instance initializers return void.
2764 if (this_is_init)
2765 current_state->check_this_initialized (this);
2766 check_return_type (void_type);
2767 invalidate_pc ();
2768 break;
2769 case op_getstatic:
2770 push_type (check_field_constant (get_ushort ()));
2771 break;
2772 case op_putstatic:
2773 pop_type (check_field_constant (get_ushort ()));
2774 break;
2775 case op_getfield:
2776 {
2777 type klass;
2778 type field = check_field_constant (get_ushort (), &klass);
2779 pop_type (klass);
2780 push_type (field);
2781 }
2782 break;
2783 case op_putfield:
2784 {
2785 type klass;
2786 type field = check_field_constant (get_ushort (), &klass);
2787 pop_type (field);
2788
2789 // We have an obscure special case here: we can use
2790 // `putfield' on a field declared in this class, even if
2791 // `this' has not yet been initialized.
2792 if (! current_state->this_type.isinitialized ()
2793 && current_state->this_type.pc == type::SELF)
2794 klass.set_uninitialized (type::SELF, this);
2795 pop_type (klass);
2796 }
2797 break;
2798
2799 case op_invokevirtual:
2800 case op_invokespecial:
2801 case op_invokestatic:
2802 case op_invokeinterface:
2803 {
2804 _Jv_Utf8Const *method_name, *method_signature;
2805 type class_type
2806 = check_method_constant (get_ushort (),
2807 opcode == op_invokeinterface,
2808 &method_name,
2809 &method_signature);
2810 // NARGS is only used when we're processing
2811 // invokeinterface. It is simplest for us to compute it
2812 // here and then verify it later.
2813 int nargs = 0;
2814 if (opcode == op_invokeinterface)
2815 {
2816 nargs = get_byte ();
2817 if (get_byte () != 0)
2818 verify_fail ("invokeinterface dummy byte is wrong");
2819 }
2820
2821 bool is_init = false;
2822 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
2823 {
2824 is_init = true;
2825 if (opcode != op_invokespecial)
2826 verify_fail ("can't invoke <init>");
2827 }
2828 else if (method_name->first() == '<')
2829 verify_fail ("can't invoke method starting with `<'");
2830
2831 // Pop arguments and check types.
2832 int arg_count = _Jv_count_arguments (method_signature);
2833 type arg_types[arg_count];
2834 compute_argument_types (method_signature, arg_types);
2835 for (int i = arg_count - 1; i >= 0; --i)
2836 {
2837 // This is only used for verifying the byte for
2838 // invokeinterface.
2839 nargs -= arg_types[i].depth ();
2840 pop_init_ref (arg_types[i]);
2841 }
2842
2843 if (opcode == op_invokeinterface
2844 && nargs != 1)
2845 verify_fail ("wrong argument count for invokeinterface");
2846
2847 if (opcode != op_invokestatic)
2848 {
2849 type t = class_type;
2850 if (is_init)
2851 {
2852 // In this case the PC doesn't matter.
2853 t.set_uninitialized (type::UNINIT, this);
2854 // FIXME: check to make sure that the <init>
2855 // call is to the right class.
2856 // It must either be super or an exact class
2857 // match.
2858 }
2859 type raw = pop_raw ();
2860 if (! t.compatible (raw, this))
2861 verify_fail ("incompatible type on stack");
2862
2863 if (is_init)
2864 current_state->set_initialized (raw.get_pc (),
2865 current_method->max_locals);
2866 }
2867
2868 type rt = compute_return_type (method_signature);
2869 if (! rt.isvoid ())
2870 push_type (rt);
2871 }
2872 break;
2873
2874 case op_new:
2875 {
2876 type t = check_class_constant (get_ushort ());
2877 if (t.isarray () || t.isinterface (this) || t.isabstract (this))
2878 verify_fail ("type is array, interface, or abstract");
2879 t.set_uninitialized (start_PC, this);
2880 push_type (t);
2881 }
2882 break;
2883
2884 case op_newarray:
2885 {
2886 int atype = get_byte ();
2887 // We intentionally have chosen constants to make this
2888 // valid.
2889 if (atype < boolean_type || atype > long_type)
2890 verify_fail ("type not primitive", start_PC);
2891 pop_type (int_type);
2892 type t (construct_primitive_array_type (type_val (atype)), this);
2893 push_type (t);
2894 }
2895 break;
2896 case op_anewarray:
2897 pop_type (int_type);
2898 push_type (check_class_constant (get_ushort ()).to_array (this));
2899 break;
2900 case op_arraylength:
2901 {
2902 type t = pop_init_ref (reference_type);
2903 if (! t.isarray () && ! t.isnull ())
2904 verify_fail ("array type expected");
2905 push_type (int_type);
2906 }
2907 break;
2908 case op_athrow:
2909 pop_type (type (&java::lang::Throwable::class$, this));
2910 invalidate_pc ();
2911 break;
2912 case op_checkcast:
2913 pop_init_ref (reference_type);
2914 push_type (check_class_constant (get_ushort ()));
2915 break;
2916 case op_instanceof:
2917 pop_init_ref (reference_type);
2918 check_class_constant (get_ushort ());
2919 push_type (int_type);
2920 break;
2921 case op_monitorenter:
2922 pop_init_ref (reference_type);
2923 break;
2924 case op_monitorexit:
2925 pop_init_ref (reference_type);
2926 break;
2927 case op_wide:
2928 {
2929 switch (get_byte ())
2930 {
2931 case op_iload:
2932 push_type (get_variable (get_ushort (), int_type));
2933 break;
2934 case op_lload:
2935 push_type (get_variable (get_ushort (), long_type));
2936 break;
2937 case op_fload:
2938 push_type (get_variable (get_ushort (), float_type));
2939 break;
2940 case op_dload:
2941 push_type (get_variable (get_ushort (), double_type));
2942 break;
2943 case op_aload:
2944 push_type (get_variable (get_ushort (), reference_type));
2945 break;
2946 case op_istore:
2947 set_variable (get_ushort (), pop_type (int_type));
2948 break;
2949 case op_lstore:
2950 set_variable (get_ushort (), pop_type (long_type));
2951 break;
2952 case op_fstore:
2953 set_variable (get_ushort (), pop_type (float_type));
2954 break;
2955 case op_dstore:
2956 set_variable (get_ushort (), pop_type (double_type));
2957 break;
2958 case op_astore:
2959 set_variable (get_ushort (), pop_init_ref (reference_type));
2960 break;
2961 case op_ret:
2962 handle_ret_insn (get_short ());
2963 break;
2964 case op_iinc:
2965 get_variable (get_ushort (), int_type);
2966 get_short ();
2967 break;
2968 default:
2969 verify_fail ("unrecognized wide instruction", start_PC);
2970 }
2971 }
2972 break;
2973 case op_multianewarray:
2974 {
2975 type atype = check_class_constant (get_ushort ());
2976 int dim = get_byte ();
2977 if (dim < 1)
2978 verify_fail ("too few dimensions to multianewarray", start_PC);
2979 atype.verify_dimensions (dim, this);
2980 for (int i = 0; i < dim; ++i)
2981 pop_type (int_type);
2982 push_type (atype);
2983 }
2984 break;
2985 case op_ifnull:
2986 case op_ifnonnull:
2987 pop_type (reference_type);
2988 push_jump (get_short ());
2989 break;
2990 case op_goto_w:
2991 push_jump (get_int ());
2992 invalidate_pc ();
2993 break;
2994 case op_jsr_w:
2995 handle_jsr_insn (get_int ());
2996 break;
2997
2998 // These are unused here, but we call them out explicitly
2999 // so that -Wswitch-enum doesn't complain.
3000 case op_putfield_1:
3001 case op_putfield_2:
3002 case op_putfield_4:
3003 case op_putfield_8:
3004 case op_putfield_a:
3005 case op_putstatic_1:
3006 case op_putstatic_2:
3007 case op_putstatic_4:
3008 case op_putstatic_8:
3009 case op_putstatic_a:
3010 case op_getfield_1:
3011 case op_getfield_2s:
3012 case op_getfield_2u:
3013 case op_getfield_4:
3014 case op_getfield_8:
3015 case op_getfield_a:
3016 case op_getstatic_1:
3017 case op_getstatic_2s:
3018 case op_getstatic_2u:
3019 case op_getstatic_4:
3020 case op_getstatic_8:
3021 case op_getstatic_a:
3022 default:
3023 // Unrecognized opcode.
3024 verify_fail ("unrecognized instruction in verify_instructions_0",
3025 start_PC);
3026 }
3027 }
3028 }
3029
3030 public:
3031
3032 void verify_instructions ()
3033 {
3034 branch_prepass ();
3035 verify_instructions_0 ();
3036 }
3037
3038 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
3039 {
3040 // We just print the text as utf-8. This is just for debugging
3041 // anyway.
3042 debug_print ("--------------------------------\n");
3043 debug_print ("-- Verifying method `%s'\n", m->self->name->chars());
3044
3045 current_method = m;
3046 bytecode = m->bytecode ();
3047 exception = m->exceptions ();
3048 current_class = m->defining_class;
3049
3050 states = NULL;
3051 flags = NULL;
3052 utf8_list = NULL;
3053 isect_list = NULL;
3054 }
3055
3056 ~_Jv_BytecodeVerifier ()
3057 {
3058 if (flags)
3059 _Jv_Free (flags);
3060
3061 while (utf8_list != NULL)
3062 {
3063 linked<_Jv_Utf8Const> *n = utf8_list->next;
3064 _Jv_Free (utf8_list);
3065 utf8_list = n;
3066 }
3067
3068 while (isect_list != NULL)
3069 {
3070 ref_intersection *next = isect_list->alloc_next;
3071 delete isect_list;
3072 isect_list = next;
3073 }
3074
3075 if (states)
3076 {
3077 for (int i = 0; i < current_method->code_length; ++i)
3078 {
3079 linked<state> *iter = states[i];
3080 while (iter != NULL)
3081 {
3082 linked<state> *next = iter->next;
3083 delete iter->val;
3084 _Jv_Free (iter);
3085 iter = next;
3086 }
3087 }
3088 _Jv_Free (states);
3089 }
3090 }
3091 };
3092
3093 void
3094 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
3095 {
3096 _Jv_BytecodeVerifier v (meth);
3097 v.verify_instructions ();
3098 }
3099
3100 #endif /* INTERPRETER */
Mirror of the offical gcc git repository hosted at gcc.gnu.org