search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* config/darwin.c (darwin_assemble_visibility): Treat
[official-gcc.git] / gcc / java / verify-impl.c
blob8841da1e3c7d113eb35f6a031471d99d9689a595
1 /* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
2 Free Software Foundation
3
4 This file is part of libgcj.
5
6 This software is copyrighted work licensed under the terms of the
7 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
8 details. */
9
10 /* Written by Tom Tromey <tromey@redhat.com> */
11
12 /* Uncomment this to enable debugging output. */
13 /* #define VERIFY_DEBUG */
14
15 #include "config.h"
16 #include "system.h"
17 #include "coretypes.h"
18
19 #include "verify.h"
20
21 /* Hack to work around namespace pollution from java-tree.h. */
22 #undef current_class
23
24 /* This is used to mark states which are not scheduled for
25 verification. */
26 #define INVALID_STATE ((state *) -1)
27
28 static void ATTRIBUTE_PRINTF_1
29 debug_print (const char *fmt ATTRIBUTE_UNUSED, ...)
30 {
31 #ifdef VERIFY_DEBUG
32 va_list ap;
33 va_start (ap, fmt);
34 vfprintf (stderr, fmt, ap);
35 va_end (ap);
36 #endif /* VERIFY_DEBUG */
37 }
38
39 /* This started as a fairly ordinary verifier, and for the most part
40 it remains so. It works in the obvious way, by modeling the effect
41 of each opcode as it is encountered. For most opcodes, this is a
42 straightforward operation.
43
44 This verifier does not do type merging. It used to, but this
45 results in difficulty verifying some relatively simple code
46 involving interfaces, and it pushed some verification work into the
47 interpreter.
48
49 Instead of merging reference types, when we reach a point where two
50 flows of control merge, we simply keep the union of reference types
51 from each branch. Then, when we need to verify a fact about a
52 reference on the stack (e.g., that it is compatible with the
53 argument type of a method), we check to ensure that all possible
54 types satisfy the requirement.
55
56 Another area this verifier differs from the norm is in its handling
57 of subroutines. The JVM specification has some confusing things to
58 say about subroutines. For instance, it makes claims about not
59 allowing subroutines to merge and it rejects recursive subroutines.
60 For the most part these are red herrings; we used to try to follow
61 these things but they lead to problems. For example, the notion of
62 "being in a subroutine" is not well-defined: is an exception
63 handler in a subroutine? If you never execute the `ret' but
64 instead `goto 1' do you remain in the subroutine?
65
66 For clarity on what is really required for type safety, read
67 "Simple Verification Technique for Complex Java Bytecode
68 Subroutines" by Alessandro Coglio. Among other things this paper
69 shows that recursive subroutines are not harmful to type safety.
70 We implement something similar to what he proposes. Note that this
71 means that this verifier will accept code that is rejected by some
72 other verifiers.
73
74 For those not wanting to read the paper, the basic observation is
75 that we can maintain split states in subroutines. We maintain one
76 state for each calling `jsr'. In other words, we re-verify a
77 subroutine once for each caller, using the exact types held by the
78 callers (as opposed to the old approach of merging types and
79 keeping a bitmap registering what did or did not change). This
80 approach lets us continue to verify correctly even when a
81 subroutine is exited via `goto' or `athrow' and not `ret'.
82
83 In some other areas the JVM specification is (mildly) incorrect,
84 so we diverge. For instance, you cannot
85 violate type safety by allocating an object with `new' and then
86 failing to initialize it, no matter how one branches or where one
87 stores the uninitialized reference. See "Improving the official
88 specification of Java bytecode verification" by Alessandro Coglio.
89
90 Note that there's no real point in enforcing that padding bytes or
91 the mystery byte of invokeinterface must be 0, but we do that
92 regardless.
93
94 The verifier is currently neither completely lazy nor eager when it
95 comes to loading classes. It tries to represent types by name when
96 possible, and then loads them when it needs to verify a fact about
97 the type. Checking types by name is valid because we only use
98 names which come from the current class' constant pool. Since all
99 such names are looked up using the same class loader, there is no
100 danger that we might be fooled into comparing different types with
101 the same name.
102
103 In the future we plan to allow for a completely lazy mode of
104 operation, where the verifier will construct a list of type
105 assertions to be checked later.
106
107 Some test cases for the verifier live in the "verify" module of the
108 Mauve test suite. However, some of these are presently
109 (2004-01-20) believed to be incorrect. (More precisely the notion
110 of "correct" is not well-defined, and this verifier differs from
111 others while remaining type-safe.) Some other tests live in the
112 libgcj test suite.
113
114 This verifier is also written to be pluggable. This means that it
115 is intended for use in a variety of environments, not just libgcj.
116 As a result the verifier expects a number of type and method
117 declarations to be declared in "verify.h". The intent is that you
118 recompile the verifier for your particular environment. This
119 approach was chosen so that operations could be inlined in verify.h
120 as much as possible.
121
122 See the verify.h that accompanies this copy of the verifier to see
123 what types, preprocessor defines, and functions must be declared.
124 The interface is ad hoc, but was defined so that it could be
125 implemented to connect to a pure C program.
126 */
127
128 #define FLAG_INSN_START 1
129 #define FLAG_BRANCH_TARGET 2
130 #define FLAG_INSN_SEEN 4
131
132 struct state;
133 struct type;
134 struct ref_intersection;
135
136 typedef struct state state;
137 typedef struct type type;
138 typedef struct ref_intersection ref_intersection;
139
140 /*typedef struct state_list state_list;*/
141
142 typedef struct state_list
143 {
144 state *val;
145 struct state_list *next;
146 } state_list;
147
148 typedef struct vfy_string_list
149 {
150 vfy_string val;
151 struct vfy_string_list *next;
152 } vfy_string_list;
153
154 typedef struct verifier_context
155 {
156 /* The current PC. */
157 int PC;
158 /* The PC corresponding to the start of the current instruction. */
159 int start_PC;
160
161 /* The current state of the stack, locals, etc. */
162 state *current_state;
163
164 /* At each branch target we keep a linked list of all the states we
165 can process at that point. We'll only have multiple states at a
166 given PC if they both have different return-address types in the
167 same stack or local slot. This array is indexed by PC and holds
168 the list of all such states. */
169 state_list **states;
170
171 /* We keep a linked list of all the states which we must reverify.
172 This is the head of the list. */
173 state *next_verify_state;
174
175 /* We keep some flags for each instruction. The values are the
176 FLAG_* constants defined above. This is an array indexed by PC. */
177 char *flags;
178
179 /* The bytecode itself. */
180 const unsigned char *bytecode;
181 /* The exceptions. */
182 vfy_exception *exception;
183
184 /* Defining class. */
185 vfy_jclass current_class;
186 /* This method. */
187 vfy_method *current_method;
188
189 /* A linked list of utf8 objects we allocate. */
190 vfy_string_list *utf8_list;
191
192 /* A linked list of all ref_intersection objects we allocate. */
193 ref_intersection *isect_list;
194 } verifier_context;
195
196 /* The current verifier's state data. This is maintained by
197 {push/pop}_verifier_context to provide a shorthand form to access
198 the verification state. */
199 static GTY(()) verifier_context *vfr;
200
201 /* Local function declarations. */
202 bool type_initialized (type *t);
203 int ref_count_dimensions (ref_intersection *ref);
204
205 static void
206 verify_fail_pc (const char *s, int pc)
207 {
208 vfy_fail (s, pc, vfr->current_class, vfr->current_method);
209 }
210
211 static void
212 verify_fail (const char *s)
213 {
214 verify_fail_pc (s, vfr->PC);
215 }
216
217 /* This enum holds a list of tags for all the different types we
218 need to handle. Reference types are treated specially by the
219 type class. */
220 typedef enum type_val
221 {
222 void_type,
223
224 /* The values for primitive types are chosen to correspond to values
225 specified to newarray. */
226 boolean_type = 4,
227 char_type = 5,
228 float_type = 6,
229 double_type = 7,
230 byte_type = 8,
231 short_type = 9,
232 int_type = 10,
233 long_type = 11,
234
235 /* Used when overwriting second word of a double or long in the
236 local variables. Also used after merging local variable states
237 to indicate an unusable value. */
238 unsuitable_type,
239 return_address_type,
240 /* This is the second word of a two-word value, i.e., a double or
241 a long. */
242 continuation_type,
243
244 /* Everything after `reference_type' must be a reference type. */
245 reference_type,
246 null_type,
247 uninitialized_reference_type
248 } type_val;
249
250 /* This represents a merged class type. Some verifiers (including
251 earlier versions of this one) will compute the intersection of
252 two class types when merging states. However, this loses
253 critical information about interfaces implemented by the various
254 classes. So instead we keep track of all the actual classes that
255 have been merged. */
256 struct ref_intersection
257 {
258 /* Whether or not this type has been resolved. */
259 bool is_resolved;
260
261 /* Actual type data. */
262 union
263 {
264 /* For a resolved reference type, this is a pointer to the class. */
265 vfy_jclass klass;
266 /* For other reference types, this it the name of the class. */
267 vfy_string name;
268 } data;
269
270 /* Link to the next reference in the intersection. */
271 ref_intersection *ref_next;
272
273 /* This is used to keep track of all the allocated
274 ref_intersection objects, so we can free them.
275 FIXME: we should allocate these in chunks. */
276 ref_intersection *alloc_next;
277 };
278
279 static ref_intersection *
280 make_ref (void)
281 {
282 ref_intersection *new_ref =
283 (ref_intersection *) vfy_alloc (sizeof (ref_intersection));
284
285 new_ref->alloc_next = vfr->isect_list;
286 vfr->isect_list = new_ref;
287 return new_ref;
288 }
289
290 static ref_intersection *
291 clone_ref (ref_intersection *dup)
292 {
293 ref_intersection *new_ref = make_ref ();
294
295 new_ref->is_resolved = dup->is_resolved;
296 new_ref->data = dup->data;
297 return new_ref;
298 }
299
300 static void
301 resolve_ref (ref_intersection *ref)
302 {
303 if (ref->is_resolved)
304 return;
305 ref->data.klass = vfy_find_class (vfr->current_class, ref->data.name);
306 ref->is_resolved = true;
307 }
308
309 static bool
310 refs_equal (ref_intersection *ref1, ref_intersection *ref2)
311 {
312 if (! ref1->is_resolved && ! ref2->is_resolved
313 && vfy_strings_equal (ref1->data.name, ref2->data.name))
314 return true;
315 if (! ref1->is_resolved)
316 resolve_ref (ref1);
317 if (! ref2->is_resolved)
318 resolve_ref (ref2);
319 return ref1->data.klass == ref2->data.klass;
320 }
321
322 /* Merge REF1 type into REF2, returning the result. This will
323 return REF2 if all the classes in THIS already appear in
324 REF2. */
325 static ref_intersection *
326 merge_refs (ref_intersection *ref1, ref_intersection *ref2)
327 {
328 ref_intersection *tail = ref2;
329 for (; ref1 != NULL; ref1 = ref1->ref_next)
330 {
331 bool add = true;
332 ref_intersection *iter;
333 for (iter = ref2; iter != NULL; iter = iter->ref_next)
334 {
335 if (refs_equal (ref1, iter))
336 {
337 add = false;
338 break;
339 }
340 }
341
342 if (add)
343 {
344 ref_intersection *new_tail = clone_ref (ref1);
345 new_tail->ref_next = tail;
346 tail = new_tail;
347 }
348 }
349 return tail;
350 }
351
352 /* See if an object of type SOURCE can be assigned to an object of
353 type TARGET. This might resolve classes in one chain or the other. */
354 static bool
355 ref_compatible (ref_intersection *target, ref_intersection *source)
356 {
357 for (; target != NULL; target = target->ref_next)
358 {
359 ref_intersection *source_iter = source;
360
361 for (; source_iter != NULL; source_iter = source_iter->ref_next)
362 {
363 /* Avoid resolving if possible. */
364 if (! target->is_resolved
365 && ! source_iter->is_resolved
366 && vfy_strings_equal (target->data.name,
367 source_iter->data.name))
368 continue;
369
370 if (! target->is_resolved)
371 resolve_ref (target);
372 if (! source_iter->is_resolved)
373 resolve_ref (source_iter);
374
375 if (! vfy_is_assignable_from (target->data.klass,
376 source_iter->data.klass))
377 return false;
378 }
379 }
380
381 return true;
382 }
383
384 static bool
385 ref_isarray (ref_intersection *ref)
386 {
387 /* assert (ref_next == NULL); */
388 if (ref->is_resolved)
389 return vfy_is_array (ref->data.klass);
390 else
391 return vfy_string_bytes (ref->data.name)[0] == '[';
392 }
393
394 static bool
395 ref_isinterface (ref_intersection *ref)
396 {
397 /* assert (ref_next == NULL); */
398 if (! ref->is_resolved)
399 resolve_ref (ref);
400 return vfy_is_interface (ref->data.klass);
401 }
402
403 static bool
404 ref_isabstract (ref_intersection *ref)
405 {
406 /* assert (ref_next == NULL); */
407 if (! ref->is_resolved)
408 resolve_ref (ref);
409 return vfy_is_abstract (ref->data.klass);
410 }
411
412 static vfy_jclass
413 ref_getclass (ref_intersection *ref)
414 {
415 if (! ref->is_resolved)
416 resolve_ref (ref);
417 return ref->data.klass;
418 }
419
420 int
421 ref_count_dimensions (ref_intersection *ref)
422 {
423 int ndims = 0;
424 if (ref->is_resolved)
425 {
426 vfy_jclass k = ref->data.klass;
427 while (vfy_is_array (k))
428 {
429 k = vfy_get_component_type (k);
430 ++ndims;
431 }
432 }
433 else
434 {
435 const char *p = vfy_string_bytes (ref->data.name);
436 while (*p++ == '[')
437 ++ndims;
438 }
439 return ndims;
440 }
441
442 /* Return the type_val corresponding to a primitive signature
443 character. For instance `I' returns `int.class'. */
444 static type_val
445 get_type_val_for_signature (char sig)
446 {
447 type_val rt;
448 switch (sig)
449 {
450 case 'Z':
451 rt = boolean_type;
452 break;
453 case 'B':
454 rt = byte_type;
455 break;
456 case 'C':
457 rt = char_type;
458 break;
459 case 'S':
460 rt = short_type;
461 break;
462 case 'I':
463 rt = int_type;
464 break;
465 case 'J':
466 rt = long_type;
467 break;
468 case 'F':
469 rt = float_type;
470 break;
471 case 'D':
472 rt = double_type;
473 break;
474 case 'V':
475 rt = void_type;
476 break;
477 default:
478 verify_fail ("invalid signature");
479 return null_type;
480 }
481 return rt;
482 }
483
484 /* Return the type_val corresponding to a primitive class. */
485 static type_val
486 get_type_val_for_primtype (vfy_jclass k)
487 {
488 return get_type_val_for_signature (vfy_get_primitive_char (k));
489 }
490
491 /* The `type' class is used to represent a single type in the verifier. */
492 struct type
493 {
494 /* The type key. */
495 type_val key;
496
497 /* For reference types, the representation of the type. */
498 ref_intersection *klass;
499
500 /* This is used in two situations.
501
502 First, when constructing a new object, it is the PC of the
503 `new' instruction which created the object. We use the special
504 value UNINIT to mean that this is uninitialized. The special
505 value SELF is used for the case where the current method is
506 itself the <init> method. the special value EITHER is used
507 when we may optionally allow either an uninitialized or
508 initialized reference to match.
509
510 Second, when the key is return_address_type, this holds the PC
511 of the instruction following the `jsr'. */
512 int pc;
513
514 #define UNINIT -2
515 #define SELF -1
516 #define EITHER -3
517 };
518
519 /* Make a new instance given the type tag. We assume a generic
520 `reference_type' means Object. */
521 static void
522 init_type_from_tag (type *t, type_val k)
523 {
524 t->key = k;
525 /* For reference_type, if KLASS==NULL then that means we are
526 looking for a generic object of any kind, including an
527 uninitialized reference. */
528 t->klass = NULL;
529 t->pc = UNINIT;
530 }
531
532 /* Make a type for the given type_val tag K. */
533 static type
534 make_type (type_val k)
535 {
536 type t;
537 init_type_from_tag (&t, k);
538 return t;
539 }
540
541 /* Make a new instance given a class. */
542 static void
543 init_type_from_class (type *t, vfy_jclass k)
544 {
545 t->key = reference_type;
546 t->klass = make_ref ();
547 t->klass->is_resolved = true;
548 t->klass->data.klass = k;
549 t->klass->ref_next = NULL;
550 t->pc = UNINIT;
551 }
552
553 static type
554 make_type_from_class (vfy_jclass k)
555 {
556 type t;
557 init_type_from_class (&t, k);
558 return t;
559 }
560
561 static void
562 init_type_from_string (type *t, vfy_string n)
563 {
564 t->key = reference_type;
565 t->klass = make_ref ();
566 t->klass->is_resolved = false;
567 t->klass->data.name = n;
568 t->klass->ref_next = NULL;
569 t->pc = UNINIT;
570 }
571
572 static type
573 make_type_from_string (vfy_string n)
574 {
575 type t;
576 init_type_from_string (&t, n);
577 return t;
578 }
579
580 /* Promote a numeric type. */
581 static void
582 vfy_promote_type (type *t)
583 {
584 if (t->key == boolean_type || t->key == char_type
585 || t->key == byte_type || t->key == short_type)
586 t->key = int_type;
587 }
588 #define promote_type vfy_promote_type
589
590 /* Mark this type as the uninitialized result of `new'. */
591 static void
592 type_set_uninitialized (type *t, int npc)
593 {
594 if (t->key == reference_type)
595 t->key = uninitialized_reference_type;
596 else
597 verify_fail ("internal error in type::uninitialized");
598 t->pc = npc;
599 }
600
601 /* Mark this type as now initialized. */
602 static void
603 type_set_initialized (type *t, int npc)
604 {
605 if (npc != UNINIT && t->pc == npc && t->key == uninitialized_reference_type)
606 {
607 t->key = reference_type;
608 t->pc = UNINIT;
609 }
610 }
611
612 /* Mark this type as a particular return address. */
613 static void type_set_return_address (type *t, int npc)
614 {
615 t->pc = npc;
616 }
617
618 /* Return true if this type and type OTHER are considered
619 mergeable for the purposes of state merging. This is related
620 to subroutine handling. For this purpose two types are
621 considered unmergeable if they are both return-addresses but
622 have different PCs. */
623 static bool
624 type_state_mergeable_p (type *t1, type *t2)
625 {
626 return (t1->key != return_address_type
627 || t2->key != return_address_type
628 || t1->pc == t2->pc);
629 }
630
631 /* Return true if an object of type K can be assigned to a variable
632 of type T. Handle various special cases too. Might modify
633 T or K. Note however that this does not perform numeric
634 promotion. */
635 static bool
636 types_compatible (type *t, type *k)
637 {
638 /* Any type is compatible with the unsuitable type. */
639 if (k->key == unsuitable_type)
640 return true;
641
642 if (t->key < reference_type || k->key < reference_type)
643 return t->key == k->key;
644
645 /* The `null' type is convertible to any initialized reference
646 type. */
647 if (t->key == null_type)
648 return k->key != uninitialized_reference_type;
649 if (k->key == null_type)
650 return t->key != uninitialized_reference_type;
651
652 /* A special case for a generic reference. */
653 if (t->klass == NULL)
654 return true;
655 if (k->klass == NULL)
656 verify_fail ("programmer error in type::compatible");
657
658 /* Handle the special 'EITHER' case, which is only used in a
659 special case of 'putfield'. Note that we only need to handle
660 this on the LHS of a check. */
661 if (! type_initialized (t) && t->pc == EITHER)
662 {
663 /* If the RHS is uninitialized, it must be an uninitialized
664 'this'. */
665 if (! type_initialized (k) && k->pc != SELF)
666 return false;
667 }
668 else if (type_initialized (t) != type_initialized (k))
669 {
670 /* An initialized type and an uninitialized type are not
671 otherwise compatible. */
672 return false;
673 }
674 else
675 {
676 /* Two uninitialized objects are compatible if either:
677 * The PCs are identical, or
678 * One PC is UNINIT. */
679 if (type_initialized (t))
680 {
681 if (t->pc != k->pc && t->pc != UNINIT && k->pc != UNINIT)
682 return false;
683 }
684 }
685
686 return ref_compatible (t->klass, k->klass);
687 }
688
689 /* Return true if two types are equal. Only valid for reference
690 types. */
691 static bool
692 types_equal (type *t1, type *t2)
693 {
694 if ((t1->key != reference_type && t1->key != uninitialized_reference_type)
695 || (t2->key != reference_type
696 && t2->key != uninitialized_reference_type))
697 return false;
698 /* Only single-ref types are allowed. */
699 if (t1->klass->ref_next || t2->klass->ref_next)
700 return false;
701 return refs_equal (t1->klass, t2->klass);
702 }
703
704 static bool
705 type_isvoid (type *t)
706 {
707 return t->key == void_type;
708 }
709
710 static bool
711 type_iswide (type *t)
712 {
713 return t->key == long_type || t->key == double_type;
714 }
715
716 /* Return number of stack or local variable slots taken by this type. */
717 static int
718 type_depth (type *t)
719 {
720 return type_iswide (t) ? 2 : 1;
721 }
722
723 static bool
724 type_isarray (type *t)
725 {
726 /* We treat null_type as not an array. This is ok based on the
727 current uses of this method. */
728 if (t->key == reference_type)
729 return ref_isarray (t->klass);
730 return false;
731 }
732
733 static bool
734 type_isnull (type *t)
735 {
736 return t->key == null_type;
737 }
738
739 static bool
740 type_isinterface (type *t)
741 {
742 if (t->key != reference_type)
743 return false;
744 return ref_isinterface (t->klass);
745 }
746
747 static bool
748 type_isabstract (type *t)
749 {
750 if (t->key != reference_type)
751 return false;
752 return ref_isabstract (t->klass);
753 }
754
755 /* Return the element type of an array. */
756 static type
757 type_array_element (type *t)
758 {
759 type et;
760 vfy_jclass k;
761
762 if (t->key != reference_type)
763 verify_fail ("programmer error in type::element_type()");
764
765 k = vfy_get_component_type (ref_getclass (t->klass));
766 if (vfy_is_primitive (k))
767 init_type_from_tag (&et, get_type_val_for_primtype (k));
768 else
769 init_type_from_class (&et, k);
770 return et;
771 }
772
773 /* Return the array type corresponding to an initialized
774 reference. We could expand this to work for other kinds of
775 types, but currently we don't need to. */
776 static type
777 type_to_array (type *t)
778 {
779 type at;
780 vfy_jclass k;
781
782 if (t->key != reference_type)
783 verify_fail ("internal error in type::to_array()");
784
785 k = ref_getclass (t->klass);
786 init_type_from_class (&at, vfy_get_array_class (k));
787 return at;
788 }
789
790 static bool
791 type_isreference (type *t)
792 {
793 return t->key >= reference_type;
794 }
795
796 static int
797 type_get_pc (type *t)
798 {
799 return t->pc;
800 }
801
802 bool
803 type_initialized (type *t)
804 {
805 return t->key == reference_type || t->key == null_type;
806 }
807
808 static void
809 type_verify_dimensions (type *t, int ndims)
810 {
811 /* The way this is written, we don't need to check isarray(). */
812 if (t->key != reference_type)
813 verify_fail ("internal error in verify_dimensions:"
814 " not a reference type");
815
816 if (ref_count_dimensions (t->klass) < ndims)
817 verify_fail ("array type has fewer dimensions"
818 " than required");
819 }
820
821 /* Merge OLD_TYPE into this. On error throw exception. Return
822 true if the merge caused a type change. */
823 static bool
824 merge_types (type *t, type *old_type, bool local_semantics)
825 {
826 bool changed = false;
827 bool refo = type_isreference (old_type);
828 bool refn = type_isreference (t);
829 if (refo && refn)
830 {
831 if (old_type->key == null_type)
832 ;
833 else if (t->key == null_type)
834 {
835 *t = *old_type;
836 changed = true;
837 }
838 else if (type_initialized (t) != type_initialized (old_type))
839 verify_fail ("merging initialized and uninitialized types");
840 else
841 {
842 ref_intersection *merged;
843 if (! type_initialized (t))
844 {
845 if (t->pc == UNINIT)
846 t->pc = old_type->pc;
847 else if (old_type->pc == UNINIT)
848 ;
849 else if (t->pc != old_type->pc)
850 verify_fail ("merging different uninitialized types");
851 }
852
853 merged = merge_refs (old_type->klass, t->klass);
854 if (merged != t->klass)
855 {
856 t->klass = merged;
857 changed = true;
858 }
859 }
860 }
861 else if (refo || refn || t->key != old_type->key)
862 {
863 if (local_semantics)
864 {
865 /* If we already have an `unsuitable' type, then we
866 don't need to change again. */
867 if (t->key != unsuitable_type)
868 {
869 t->key = unsuitable_type;
870 changed = true;
871 }
872 }
873 else
874 verify_fail ("unmergeable type");
875 }
876 return changed;
877 }
878
879 #ifdef VERIFY_DEBUG
880 static void
881 type_print (type *t)
882 {
883 char c = '?';
884 switch (t->key)
885 {
886 case boolean_type: c = 'Z'; break;
887 case byte_type: c = 'B'; break;
888 case char_type: c = 'C'; break;
889 case short_type: c = 'S'; break;
890 case int_type: c = 'I'; break;
891 case long_type: c = 'J'; break;
892 case float_type: c = 'F'; break;
893 case double_type: c = 'D'; break;
894 case void_type: c = 'V'; break;
895 case unsuitable_type: c = '-'; break;
896 case return_address_type: c = 'r'; break;
897 case continuation_type: c = '+'; break;
898 case reference_type: c = 'L'; break;
899 case null_type: c = '@'; break;
900 case uninitialized_reference_type: c = 'U'; break;
901 }
902 debug_print ("%c", c);
903 }
904 #endif /* VERIFY_DEBUG */
905
906 /* This class holds all the state information we need for a given
907 location. */
908 struct state
909 {
910 /* The current top of the stack, in terms of slots. */
911 int stacktop;
912 /* The current depth of the stack. This will be larger than
913 STACKTOP when wide types are on the stack. */
914 int stackdepth;
915 /* The stack. */
916 type *stack;
917 /* The local variables. */
918 type *locals;
919 /* We keep track of the type of `this' specially. This is used to
920 ensure that an instance initializer invokes another initializer
921 on `this' before returning. We must keep track of this
922 specially because otherwise we might be confused by code which
923 assigns to locals[0] (overwriting `this') and then returns
924 without really initializing. */
925 type this_type;
926
927 /* The PC for this state. This is only valid on states which are
928 permanently attached to a given PC. For an object like
929 `current_state', which is used transiently, this has no
930 meaning. */
931 int pc;
932 /* We keep a linked list of all states requiring reverification.
933 If this is the special value INVALID_STATE then this state is
934 not on the list. NULL marks the end of the linked list. */
935 state *next;
936 };
937
938 /* NO_NEXT is the PC value meaning that a new state must be
939 acquired from the verification list. */
940 #define NO_NEXT -1
941
942 static void
943 init_state_with_stack (state *s, int max_stack, int max_locals)
944 {
945 int i;
946 s->stacktop = 0;
947 s->stackdepth = 0;
948 s->stack = (type *) vfy_alloc (max_stack * sizeof (type));
949 for (i = 0; i < max_stack; ++i)
950 init_type_from_tag (&s->stack[i], unsuitable_type);
951 s->locals = (type *) vfy_alloc (max_locals * sizeof (type));
952 for (i = 0; i < max_locals; ++i)
953 init_type_from_tag (&s->locals[i], unsuitable_type);
954 init_type_from_tag (&s->this_type, unsuitable_type);
955 s->pc = NO_NEXT;
956 s->next = INVALID_STATE;
957 }
958
959 static void
960 copy_state (state *s, state *copy, int max_stack, int max_locals)
961 {
962 int i;
963 s->stacktop = copy->stacktop;
964 s->stackdepth = copy->stackdepth;
965 for (i = 0; i < max_stack; ++i)
966 s->stack[i] = copy->stack[i];
967 for (i = 0; i < max_locals; ++i)
968 s->locals[i] = copy->locals[i];
969
970 s->this_type = copy->this_type;
971 /* Don't modify `next' or `pc'. */
972 }
973
974 static void
975 copy_state_with_stack (state *s, state *orig, int max_stack, int max_locals)
976 {
977 init_state_with_stack (s, max_stack, max_locals);
978 copy_state (s, orig, max_stack, max_locals);
979 }
980
981 /* Allocate a new state, copying ORIG. */
982 static state *
983 make_state_copy (state *orig, int max_stack, int max_locals)
984 {
985 state *s = (state *) vfy_alloc (sizeof (state));
986 copy_state_with_stack (s, orig, max_stack, max_locals);
987 return s;
988 }
989
990 static state *
991 make_state (int max_stack, int max_locals)
992 {
993 state *s = (state *) vfy_alloc (sizeof (state));
994 init_state_with_stack (s, max_stack, max_locals);
995 return s;
996 }
997
998 static void
999 free_state (state *s)
1000 {
1001 if (s->stack != NULL)
1002 vfy_free (s->stack);
1003 if (s->locals != NULL)
1004 vfy_free (s->locals);
1005 }
1006
1007 /* Modify this state to reflect entry to an exception handler. */
1008 static void
1009 state_set_exception (state *s, type *t, int max_stack)
1010 {
1011 int i;
1012 s->stackdepth = 1;
1013 s->stacktop = 1;
1014 s->stack[0] = *t;
1015 for (i = s->stacktop; i < max_stack; ++i)
1016 init_type_from_tag (&s->stack[i], unsuitable_type);
1017 }
1018
1019 /* Merge STATE_OLD into this state. Destructively modifies this
1020 state. Returns true if the new state was in fact changed.
1021 Will throw an exception if the states are not mergeable. */
1022 static bool
1023 merge_states (state *s, state *state_old, int max_locals)
1024 {
1025 int i;
1026 bool changed = false;
1027
1028 /* Special handling for `this'. If one or the other is
1029 uninitialized, then the merge is uninitialized. */
1030 if (type_initialized (&s->this_type))
1031 s->this_type = state_old->this_type;
1032
1033 /* Merge stacks. */
1034 if (state_old->stacktop != s->stacktop) /* FIXME stackdepth instead? */
1035 verify_fail ("stack sizes differ");
1036 for (i = 0; i < state_old->stacktop; ++i)
1037 {
1038 if (merge_types (&s->stack[i], &state_old->stack[i], false))
1039 changed = true;
1040 }
1041
1042 /* Merge local variables. */
1043 for (i = 0; i < max_locals; ++i)
1044 {
1045 if (merge_types (&s->locals[i], &state_old->locals[i], true))
1046 changed = true;
1047 }
1048
1049 return changed;
1050 }
1051
1052 /* Ensure that `this' has been initialized. */
1053 static void
1054 state_check_this_initialized (state *s)
1055 {
1056 if (type_isreference (&s->this_type) && ! type_initialized (&s->this_type))
1057 verify_fail ("`this' is uninitialized");
1058 }
1059
1060 /* Set type of `this'. */
1061 static void
1062 state_set_this_type (state *s, type *k)
1063 {
1064 s->this_type = *k;
1065 }
1066
1067 /* Mark each `new'd object we know of that was allocated at PC as
1068 initialized. */
1069 static void
1070 state_set_initialized (state *s, int pc, int max_locals)
1071 {
1072 int i;
1073 for (i = 0; i < s->stacktop; ++i)
1074 type_set_initialized (&s->stack[i], pc);
1075 for (i = 0; i < max_locals; ++i)
1076 type_set_initialized (&s->locals[i], pc);
1077 type_set_initialized (&s->this_type, pc);
1078 }
1079
1080 /* This tests to see whether two states can be considered "merge
1081 compatible". If both states have a return-address in the same
1082 slot, and the return addresses are different, then they are not
1083 compatible and we must not try to merge them. */
1084 static bool
1085 state_mergeable_p (state *s, state *other, int max_locals)
1086
1087 {
1088 int i;
1089
1090 /* This is tricky: if the stack sizes differ, then not only are
1091 these not mergeable, but in fact we should give an error, as
1092 we've found two execution paths that reach a branch target
1093 with different stack depths. FIXME stackdepth instead? */
1094 if (s->stacktop != other->stacktop)
1095 verify_fail ("stack sizes differ");
1096
1097 for (i = 0; i < s->stacktop; ++i)
1098 if (! type_state_mergeable_p (&s->stack[i], &other->stack[i]))
1099 return false;
1100 for (i = 0; i < max_locals; ++i)
1101 if (! type_state_mergeable_p (&s->locals[i], &other->locals[i]))
1102 return false;
1103 return true;
1104 }
1105
1106 static void
1107 state_reverify (state *s)
1108 {
1109 if (s->next == INVALID_STATE)
1110 {
1111 s->next = vfr->next_verify_state;
1112 vfr->next_verify_state = s;
1113 }
1114 }
1115
1116 #ifdef VERIFY_DEBUG
1117 static void
1118 debug_print_state (state *s, const char *leader, int pc, int max_stack,
1119 int max_locals)
1120 {
1121 int i;
1122 debug_print ("%s [%4d]: [stack] ", leader, pc);
1123 for (i = 0; i < s->stacktop; ++i)
1124 type_print (&s->stack[i]);
1125 for (; i < max_stack; ++i)
1126 debug_print (".");
1127 debug_print (" [local] ");
1128 for (i = 0; i < max_locals; ++i)
1129 type_print (&s->locals[i]);
1130 debug_print (" | %p\n", s);
1131 }
1132 #else
1133 static void
1134 debug_print_state (state *s ATTRIBUTE_UNUSED,
1135 const char *leader ATTRIBUTE_UNUSED,
1136 int pc ATTRIBUTE_UNUSED, int max_stack ATTRIBUTE_UNUSED,
1137 int max_locals ATTRIBUTE_UNUSED)
1138 {
1139 }
1140 #endif /* VERIFY_DEBUG */
1141
1142 static type
1143 pop_raw (void)
1144 {
1145 type r;
1146 state *s = vfr->current_state;
1147 if (s->stacktop <= 0)
1148 verify_fail ("stack empty");
1149 r = s->stack[--s->stacktop];
1150 s->stackdepth -= type_depth (&r);
1151 if (s->stackdepth < 0)
1152 verify_fail_pc ("stack empty", vfr->start_PC);
1153 return r;
1154 }
1155
1156 static type
1157 pop32 (void)
1158 {
1159 type r = pop_raw ();
1160 if (type_iswide (&r))
1161 verify_fail ("narrow pop of wide type");
1162 return r;
1163 }
1164
1165 static type
1166 vfy_pop_type_t (type match)
1167 {
1168 type t;
1169 vfy_promote_type (&match);
1170 t = pop_raw ();
1171 if (! types_compatible (&match, &t))
1172 verify_fail ("incompatible type on stack");
1173 return t;
1174 }
1175
1176 static type
1177 vfy_pop_type (type_val match)
1178 {
1179 type t = make_type (match);
1180 return vfy_pop_type_t (t);
1181 }
1182
1183 #define pop_type vfy_pop_type
1184 #define pop_type_t vfy_pop_type_t
1185
1186 /* Pop a reference which is guaranteed to be initialized. MATCH
1187 doesn't have to be a reference type; in this case this acts like
1188 pop_type. */
1189 static type
1190 pop_init_ref_t (type match)
1191 {
1192 type t = pop_raw ();
1193 if (type_isreference (&t) && ! type_initialized (&t))
1194 verify_fail ("initialized reference required");
1195 else if (! types_compatible (&match, &t))
1196 verify_fail ("incompatible type on stack");
1197 return t;
1198 }
1199
1200 static type
1201 pop_init_ref (type_val match)
1202 {
1203 type t = make_type (match);
1204 return pop_init_ref_t (t);
1205 }
1206
1207 /* Pop a reference type or a return address. */
1208 static type
1209 pop_ref_or_return (void)
1210 {
1211 type t = pop_raw ();
1212 if (! type_isreference (&t) && t.key != return_address_type)
1213 verify_fail ("expected reference or return address on stack");
1214 return t;
1215 }
1216
1217 static void
1218 vfy_push_type_t (type t)
1219 {
1220 int depth;
1221 state *s = vfr->current_state;
1222 /* If T is a numeric type like short, promote it to int. */
1223 promote_type (&t);
1224
1225 depth = type_depth (&t);
1226
1227 if (s->stackdepth + depth > vfr->current_method->max_stack)
1228 verify_fail ("stack overflow");
1229 s->stack[s->stacktop++] = t;
1230 s->stackdepth += depth;
1231 }
1232
1233 static void
1234 vfy_push_type (type_val tval)
1235 {
1236 type t = make_type (tval);
1237 vfy_push_type_t (t);
1238 }
1239
1240 #define push_type vfy_push_type
1241 #define push_type_t vfy_push_type_t
1242
1243 static void
1244 set_variable (int index, type t)
1245 {
1246 int depth;
1247 state *s = vfr->current_state;
1248 /* If T is a numeric type like short, promote it to int. */
1249 promote_type (&t);
1250
1251 depth = type_depth (&t);
1252 if (index > vfr->current_method->max_locals - depth)
1253 verify_fail ("invalid local variable");
1254 s->locals[index] = t;
1255
1256 if (depth == 2)
1257 init_type_from_tag (&s->locals[index + 1], continuation_type);
1258 if (index > 0 && type_iswide (&s->locals[index - 1]))
1259 init_type_from_tag (&s->locals[index - 1], unsuitable_type);
1260 }
1261
1262 static type
1263 get_variable_t (int index, type *t)
1264 {
1265 state *s = vfr->current_state;
1266 int depth = type_depth (t);
1267 if (index > vfr->current_method->max_locals - depth)
1268 verify_fail ("invalid local variable");
1269 if (! types_compatible (t, &s->locals[index]))
1270 verify_fail ("incompatible type in local variable");
1271 if (depth == 2)
1272 {
1273 type cont = make_type (continuation_type);
1274 if (! types_compatible (&s->locals[index + 1], &cont))
1275 verify_fail ("invalid local variable");
1276 }
1277 return s->locals[index];
1278 }
1279
1280 static type
1281 get_variable (int index, type_val v)
1282 {
1283 type t = make_type (v);
1284 return get_variable_t (index, &t);
1285 }
1286
1287 /* Make sure ARRAY is an array type and that its elements are
1288 compatible with type ELEMENT. Returns the actual element type. */
1289 static type
1290 require_array_type_t (type array, type element)
1291 {
1292 type t;
1293 /* An odd case. Here we just pretend that everything went ok. If
1294 the requested element type is some kind of reference, return
1295 the null type instead. */
1296 if (type_isnull (&array))
1297 return type_isreference (&element) ? make_type (null_type) : element;
1298
1299 if (! type_isarray (&array))
1300 verify_fail ("array required");
1301
1302 t = type_array_element (&array);
1303 if (! types_compatible (&element, &t))
1304 {
1305 /* Special case for byte arrays, which must also be boolean
1306 arrays. */
1307 bool ok = true;
1308 if (element.key == byte_type)
1309 {
1310 type e2 = make_type (boolean_type);
1311 ok = types_compatible (&e2, &t);
1312 }
1313 if (! ok)
1314 verify_fail ("incompatible array element type");
1315 }
1316
1317 /* Return T and not ELEMENT, because T might be specialized. */
1318 return t;
1319 }
1320
1321 static type
1322 require_array_type (type array, type_val element)
1323 {
1324 type t = make_type (element);
1325 return require_array_type_t (array, t);
1326 }
1327
1328 static jint
1329 get_byte (void)
1330 {
1331 if (vfr->PC >= vfr->current_method->code_length)
1332 verify_fail ("premature end of bytecode");
1333 return (jint) vfr->bytecode[vfr->PC++] & 0xff;
1334 }
1335
1336 static jint
1337 get_ushort (void)
1338 {
1339 jint b1 = get_byte ();
1340 jint b2 = get_byte ();
1341 return (jint) ((b1 << 8) | b2) & 0xffff;
1342 }
1343
1344 static jint
1345 get_short (void)
1346 {
1347 signed char b1 = (signed char) get_byte ();
1348 jint b2 = get_byte ();
1349 jshort s = (b1 << 8) | b2;
1350 return (jint) s;
1351 }
1352
1353 static jint
1354 get_int (void)
1355 {
1356 jint b1 = get_byte ();
1357 jint b2 = get_byte ();
1358 jint b3 = get_byte ();
1359 jint b4 = get_byte ();
1360 jword result = (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1361 /* In the compiler, 'jint' might have more than 32 bits, so we must
1362 sign extend. */
1363 return WORD_TO_INT (result);
1364 }
1365
1366 static int
1367 compute_jump (int offset)
1368 {
1369 int npc = vfr->start_PC + offset;
1370 if (npc < 0 || npc >= vfr->current_method->code_length)
1371 verify_fail_pc ("branch out of range", vfr->start_PC);
1372 return npc;
1373 }
1374
1375 /* Add a new state to the state list at NPC. */
1376 static state *
1377 add_new_state (int npc, state *old_state)
1378 {
1379 state_list *nlink;
1380 vfy_method *current_method = vfr->current_method;
1381 state *new_state = make_state_copy (old_state, current_method->max_stack,
1382 current_method->max_locals);
1383 debug_print ("== New state in add_new_state\n");
1384 debug_print_state (new_state, "New", npc, current_method->max_stack,
1385 current_method->max_locals);
1386
1387 nlink = (state_list *) vfy_alloc (sizeof (state_list));
1388 nlink->val = new_state;
1389 nlink->next = vfr->states[npc];
1390 vfr->states[npc] = nlink;
1391 new_state->pc = npc;
1392 return new_state;
1393 }
1394
1395 /* Merge the indicated state into the state at the branch target and
1396 schedule a new PC if there is a change. NPC is the PC of the
1397 branch target, and FROM_STATE is the state at the source of the
1398 branch. This method returns true if the destination state
1399 changed and requires reverification, false otherwise. */
1400 static void
1401 merge_into (int npc, state *from_state)
1402 {
1403 /* Iterate over all target states and merge our state into each,
1404 if applicable. FIXME one improvement we could make here is
1405 "state destruction". Merging a new state into an existing one
1406 might cause a return_address_type to be merged to
1407 unsuitable_type. In this case the resulting state may now be
1408 mergeable with other states currently held in parallel at this
1409 location. So in this situation we could pairwise compare and
1410 reduce the number of parallel states. */
1411 state_list *iter;
1412 bool applicable = false;
1413 for (iter = vfr->states[npc]; iter != NULL; iter = iter->next)
1414 {
1415 state *new_state = iter->val;
1416 vfy_method *current_method = vfr->current_method;
1417
1418 if (state_mergeable_p (new_state, from_state,
1419 current_method->max_locals))
1420 {
1421 bool changed;
1422 applicable = true;
1423
1424 debug_print ("== Merge states in merge_into\n");
1425 debug_print_state (from_state, "Frm", vfr->start_PC, current_method->max_stack,
1426 current_method->max_locals);
1427 debug_print_state (new_state, " To", npc, current_method->max_stack,
1428 current_method->max_locals);
1429 changed = merge_states (new_state, from_state,
1430 current_method->max_locals);
1431 debug_print_state (new_state, "New", npc, current_method->max_stack,
1432 current_method->max_locals);
1433
1434 if (changed)
1435 state_reverify (new_state);
1436 }
1437 }
1438
1439 if (! applicable)
1440 {
1441 /* Either we don't yet have a state at NPC, or we have a
1442 return-address type that is in conflict with all existing
1443 state. So, we need to create a new entry. */
1444 state *new_state = add_new_state (npc, from_state);
1445 /* A new state added in this way must always be reverified. */
1446 state_reverify (new_state);
1447 }
1448 }
1449
1450 static void
1451 push_jump (int offset)
1452 {
1453 int npc = compute_jump (offset);
1454 /* According to the JVM Spec, we need to check for uninitialized
1455 objects here. However, this does not actually affect type
1456 safety, and the Eclipse java compiler generates code that
1457 violates this constraint. */
1458 merge_into (npc, vfr->current_state);
1459 }
1460
1461 static void
1462 push_exception_jump (type t, int pc)
1463 {
1464 state s;
1465 /* According to the JVM Spec, we need to check for uninitialized
1466 objects here. However, this does not actually affect type
1467 safety, and the Eclipse java compiler generates code that
1468 violates this constraint. */
1469 copy_state_with_stack (&s, vfr->current_state,
1470 vfr->current_method->max_stack,
1471 vfr->current_method->max_locals);
1472 if (vfr->current_method->max_stack < 1)
1473 verify_fail ("stack overflow at exception handler");
1474 state_set_exception (&s, &t, vfr->current_method->max_stack);
1475 merge_into (pc, &s);
1476 /* FIXME: leak.. need free_state or GC */
1477 }
1478
1479 static state *
1480 pop_jump (void)
1481 {
1482 state *new_state = vfr->next_verify_state;
1483 if (new_state == INVALID_STATE)
1484 verify_fail ("programmer error in pop_jump");
1485 if (new_state != NULL)
1486 {
1487 vfr->next_verify_state = new_state->next;
1488 new_state->next = INVALID_STATE;
1489 }
1490 return new_state;
1491 }
1492
1493 static void
1494 invalidate_pc (void)
1495 {
1496 vfr->PC = NO_NEXT;
1497 }
1498
1499 static void
1500 note_branch_target (int pc)
1501 {
1502 /* Don't check `pc <= PC', because we've advanced PC after
1503 fetching the target and we haven't yet checked the next
1504 instruction. */
1505 if (pc < vfr->PC && ! (vfr->flags[pc] & FLAG_INSN_START))
1506 verify_fail_pc ("branch not to instruction start", vfr->start_PC);
1507 vfr->flags[pc] |= FLAG_BRANCH_TARGET;
1508 }
1509
1510 static void
1511 skip_padding (void)
1512 {
1513 while ((vfr->PC % 4) > 0)
1514 if (get_byte () != 0)
1515 verify_fail ("found nonzero padding byte");
1516 }
1517
1518 /* Do the work for a `ret' instruction. INDEX is the index into the
1519 local variables. */
1520 static void
1521 handle_ret_insn (int index)
1522 {
1523 type ret = make_type (return_address_type);
1524 type ret_addr = get_variable_t (index, &ret);
1525 /* It would be nice if we could do this. However, the JVM Spec
1526 doesn't say that this is what happens. It is implied that
1527 reusing a return address is invalid, but there's no actual
1528 prohibition against it. */
1529 /* set_variable (index, unsuitable_type); */
1530
1531 int npc = type_get_pc (&ret_addr);
1532 /* We might be returning to a `jsr' that is at the end of the
1533 bytecode. This is ok if we never return from the called
1534 subroutine, but if we see this here it is an error. */
1535 if (npc >= vfr->current_method->code_length)
1536 verify_fail ("fell off end");
1537
1538 /* According to the JVM Spec, we need to check for uninitialized
1539 objects here. However, this does not actually affect type
1540 safety, and the Eclipse java compiler generates code that
1541 violates this constraint. */
1542 merge_into (npc, vfr->current_state);
1543 invalidate_pc ();
1544 }
1545
1546 static void handle_jsr_insn (int offset)
1547 {
1548 type ret_addr;
1549 int npc = compute_jump (offset);
1550
1551 /* According to the JVM Spec, we need to check for uninitialized
1552 objects here. However, this does not actually affect type
1553 safety, and the Eclipse java compiler generates code that
1554 violates this constraint. */
1555
1556 /* Modify our state as appropriate for entry into a subroutine. */
1557 ret_addr = make_type (return_address_type);
1558 type_set_return_address (&ret_addr, vfr->PC);
1559 vfy_push_type_t (ret_addr);
1560 merge_into (npc, vfr->current_state);
1561 invalidate_pc ();
1562 }
1563
1564 static vfy_jclass
1565 construct_primitive_array_type (type_val prim)
1566 {
1567 vfy_jclass k = NULL;
1568 switch (prim)
1569 {
1570 case boolean_type:
1571 case char_type:
1572 case float_type:
1573 case double_type:
1574 case byte_type:
1575 case short_type:
1576 case int_type:
1577 case long_type:
1578 k = vfy_get_primitive_type ((int) prim);
1579 break;
1580
1581 /* These aren't used here but we call them out to avoid
1582 warnings. */
1583 case void_type:
1584 case unsuitable_type:
1585 case return_address_type:
1586 case continuation_type:
1587 case reference_type:
1588 case null_type:
1589 case uninitialized_reference_type:
1590 default:
1591 verify_fail ("unknown type in construct_primitive_array_type");
1592 }
1593 k = vfy_get_array_class (k);
1594 return k;
1595 }
1596
1597 /* This pass computes the location of branch targets and also
1598 instruction starts. */
1599 static void
1600 branch_prepass (void)
1601 {
1602 int i, pc;
1603 vfr->flags = (char *) vfy_alloc (vfr->current_method->code_length);
1604
1605 for (i = 0; i < vfr->current_method->code_length; ++i)
1606 vfr->flags[i] = 0;
1607
1608 vfr->PC = 0;
1609 while (vfr->PC < vfr->current_method->code_length)
1610 {
1611 java_opcode opcode;
1612 /* Set `start_PC' early so that error checking can have the
1613 correct value. */
1614 vfr->start_PC = vfr->PC;
1615 vfr->flags[vfr->PC] |= FLAG_INSN_START;
1616
1617 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
1618 switch (opcode)
1619 {
1620 case op_nop:
1621 case op_aconst_null:
1622 case op_iconst_m1:
1623 case op_iconst_0:
1624 case op_iconst_1:
1625 case op_iconst_2:
1626 case op_iconst_3:
1627 case op_iconst_4:
1628 case op_iconst_5:
1629 case op_lconst_0:
1630 case op_lconst_1:
1631 case op_fconst_0:
1632 case op_fconst_1:
1633 case op_fconst_2:
1634 case op_dconst_0:
1635 case op_dconst_1:
1636 case op_iload_0:
1637 case op_iload_1:
1638 case op_iload_2:
1639 case op_iload_3:
1640 case op_lload_0:
1641 case op_lload_1:
1642 case op_lload_2:
1643 case op_lload_3:
1644 case op_fload_0:
1645 case op_fload_1:
1646 case op_fload_2:
1647 case op_fload_3:
1648 case op_dload_0:
1649 case op_dload_1:
1650 case op_dload_2:
1651 case op_dload_3:
1652 case op_aload_0:
1653 case op_aload_1:
1654 case op_aload_2:
1655 case op_aload_3:
1656 case op_iaload:
1657 case op_laload:
1658 case op_faload:
1659 case op_daload:
1660 case op_aaload:
1661 case op_baload:
1662 case op_caload:
1663 case op_saload:
1664 case op_istore_0:
1665 case op_istore_1:
1666 case op_istore_2:
1667 case op_istore_3:
1668 case op_lstore_0:
1669 case op_lstore_1:
1670 case op_lstore_2:
1671 case op_lstore_3:
1672 case op_fstore_0:
1673 case op_fstore_1:
1674 case op_fstore_2:
1675 case op_fstore_3:
1676 case op_dstore_0:
1677 case op_dstore_1:
1678 case op_dstore_2:
1679 case op_dstore_3:
1680 case op_astore_0:
1681 case op_astore_1:
1682 case op_astore_2:
1683 case op_astore_3:
1684 case op_iastore:
1685 case op_lastore:
1686 case op_fastore:
1687 case op_dastore:
1688 case op_aastore:
1689 case op_bastore:
1690 case op_castore:
1691 case op_sastore:
1692 case op_pop:
1693 case op_pop2:
1694 case op_dup:
1695 case op_dup_x1:
1696 case op_dup_x2:
1697 case op_dup2:
1698 case op_dup2_x1:
1699 case op_dup2_x2:
1700 case op_swap:
1701 case op_iadd:
1702 case op_isub:
1703 case op_imul:
1704 case op_idiv:
1705 case op_irem:
1706 case op_ishl:
1707 case op_ishr:
1708 case op_iushr:
1709 case op_iand:
1710 case op_ior:
1711 case op_ixor:
1712 case op_ladd:
1713 case op_lsub:
1714 case op_lmul:
1715 case op_ldiv:
1716 case op_lrem:
1717 case op_lshl:
1718 case op_lshr:
1719 case op_lushr:
1720 case op_land:
1721 case op_lor:
1722 case op_lxor:
1723 case op_fadd:
1724 case op_fsub:
1725 case op_fmul:
1726 case op_fdiv:
1727 case op_frem:
1728 case op_dadd:
1729 case op_dsub:
1730 case op_dmul:
1731 case op_ddiv:
1732 case op_drem:
1733 case op_ineg:
1734 case op_i2b:
1735 case op_i2c:
1736 case op_i2s:
1737 case op_lneg:
1738 case op_fneg:
1739 case op_dneg:
1740 case op_i2l:
1741 case op_i2f:
1742 case op_i2d:
1743 case op_l2i:
1744 case op_l2f:
1745 case op_l2d:
1746 case op_f2i:
1747 case op_f2l:
1748 case op_f2d:
1749 case op_d2i:
1750 case op_d2l:
1751 case op_d2f:
1752 case op_lcmp:
1753 case op_fcmpl:
1754 case op_fcmpg:
1755 case op_dcmpl:
1756 case op_dcmpg:
1757 case op_monitorenter:
1758 case op_monitorexit:
1759 case op_ireturn:
1760 case op_lreturn:
1761 case op_freturn:
1762 case op_dreturn:
1763 case op_areturn:
1764 case op_return:
1765 case op_athrow:
1766 case op_arraylength:
1767 break;
1768
1769 case op_bipush:
1770 case op_ldc:
1771 case op_iload:
1772 case op_lload:
1773 case op_fload:
1774 case op_dload:
1775 case op_aload:
1776 case op_istore:
1777 case op_lstore:
1778 case op_fstore:
1779 case op_dstore:
1780 case op_astore:
1781 case op_ret:
1782 case op_newarray:
1783 get_byte ();
1784 break;
1785
1786 case op_iinc:
1787 case op_sipush:
1788 case op_ldc_w:
1789 case op_ldc2_w:
1790 case op_getstatic:
1791 case op_getfield:
1792 case op_putfield:
1793 case op_putstatic:
1794 case op_new:
1795 case op_anewarray:
1796 case op_instanceof:
1797 case op_checkcast:
1798 case op_invokespecial:
1799 case op_invokestatic:
1800 case op_invokevirtual:
1801 get_short ();
1802 break;
1803
1804 case op_multianewarray:
1805 get_short ();
1806 get_byte ();
1807 break;
1808
1809 case op_jsr:
1810 case op_ifeq:
1811 case op_ifne:
1812 case op_iflt:
1813 case op_ifge:
1814 case op_ifgt:
1815 case op_ifle:
1816 case op_if_icmpeq:
1817 case op_if_icmpne:
1818 case op_if_icmplt:
1819 case op_if_icmpge:
1820 case op_if_icmpgt:
1821 case op_if_icmple:
1822 case op_if_acmpeq:
1823 case op_if_acmpne:
1824 case op_ifnull:
1825 case op_ifnonnull:
1826 case op_goto:
1827 note_branch_target (compute_jump (get_short ()));
1828 break;
1829
1830 case op_tableswitch:
1831 {
1832 jint low, hi;
1833 skip_padding ();
1834 note_branch_target (compute_jump (get_int ()));
1835 low = get_int ();
1836 hi = get_int ();
1837 if (low > hi)
1838 verify_fail_pc ("invalid tableswitch", vfr->start_PC);
1839 for (i = low; i <= hi; ++i)
1840 note_branch_target (compute_jump (get_int ()));
1841 }
1842 break;
1843
1844 case op_lookupswitch:
1845 {
1846 int npairs;
1847 skip_padding ();
1848 note_branch_target (compute_jump (get_int ()));
1849 npairs = get_int ();
1850 if (npairs < 0)
1851 verify_fail_pc ("too few pairs in lookupswitch", vfr->start_PC);
1852 while (npairs-- > 0)
1853 {
1854 get_int ();
1855 note_branch_target (compute_jump (get_int ()));
1856 }
1857 }
1858 break;
1859
1860 case op_invokeinterface:
1861 get_short ();
1862 get_byte ();
1863 get_byte ();
1864 break;
1865
1866 case op_wide:
1867 {
1868 opcode = (java_opcode) get_byte ();
1869 get_short ();
1870 if (opcode == op_iinc)
1871 get_short ();
1872 }
1873 break;
1874
1875 case op_jsr_w:
1876 case op_goto_w:
1877 note_branch_target (compute_jump (get_int ()));
1878 break;
1879
1880 #if 0
1881 /* These are unused here, but we call them out explicitly
1882 so that -Wswitch-enum doesn't complain. */
1883 case op_putfield_1:
1884 case op_putfield_2:
1885 case op_putfield_4:
1886 case op_putfield_8:
1887 case op_putfield_a:
1888 case op_putstatic_1:
1889 case op_putstatic_2:
1890 case op_putstatic_4:
1891 case op_putstatic_8:
1892 case op_putstatic_a:
1893 case op_getfield_1:
1894 case op_getfield_2s:
1895 case op_getfield_2u:
1896 case op_getfield_4:
1897 case op_getfield_8:
1898 case op_getfield_a:
1899 case op_getstatic_1:
1900 case op_getstatic_2s:
1901 case op_getstatic_2u:
1902 case op_getstatic_4:
1903 case op_getstatic_8:
1904 case op_getstatic_a:
1905 #endif /* VFY_FAST_OPCODES */
1906 default:
1907 verify_fail_pc ("unrecognized instruction in branch_prepass",
1908 vfr->start_PC);
1909 }
1910
1911 /* See if any previous branch tried to branch to the middle of
1912 this instruction. */
1913 for (pc = vfr->start_PC + 1; pc < vfr->PC; ++pc)
1914 {
1915 if ((vfr->flags[pc] & FLAG_BRANCH_TARGET))
1916 verify_fail_pc ("branch to middle of instruction", pc);
1917 }
1918 }
1919
1920 /* Verify exception handlers. */
1921 for (i = 0; i < vfr->current_method->exc_count; ++i)
1922 {
1923 int handler, start, end, htype;
1924 vfy_get_exception (vfr->exception, i, &handler, &start, &end, &htype);
1925 if (! (vfr->flags[handler] & FLAG_INSN_START))
1926 verify_fail_pc ("exception handler not at instruction start",
1927 handler);
1928 if (! (vfr->flags[start] & FLAG_INSN_START))
1929 verify_fail_pc ("exception start not at instruction start", start);
1930 if (end != vfr->current_method->code_length
1931 && ! (vfr->flags[end] & FLAG_INSN_START))
1932 verify_fail_pc ("exception end not at instruction start", end);
1933
1934 vfr->flags[handler] |= FLAG_BRANCH_TARGET;
1935 }
1936 }
1937
1938 static void
1939 check_pool_index (int index)
1940 {
1941 if (index < 0 || index >= vfy_get_constants_size (vfr->current_class))
1942 verify_fail_pc ("constant pool index out of range", vfr->start_PC);
1943 }
1944
1945 static type
1946 check_class_constant (int index)
1947 {
1948 type t = { (type_val) 0, 0, 0 };
1949 vfy_constants *pool;
1950
1951 check_pool_index (index);
1952 pool = vfy_get_constants (vfr->current_class);
1953 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1954 init_type_from_class (&t, vfy_get_pool_class (pool, index));
1955 else if (vfy_tag (pool, index) == JV_CONSTANT_Class)
1956 init_type_from_string (&t, vfy_get_pool_string (pool, index));
1957 else
1958 verify_fail_pc ("expected class constant", vfr->start_PC);
1959 return t;
1960 }
1961
1962 static type
1963 check_constant (int index)
1964 {
1965 type t = { (type_val) 0, 0, 0 };
1966 vfy_constants *pool;
1967
1968 check_pool_index (index);
1969 pool = vfy_get_constants (vfr->current_class);
1970 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedString
1971 || vfy_tag (pool, index) == JV_CONSTANT_String)
1972 init_type_from_class (&t, vfy_string_type ());
1973 else if (vfy_tag (pool, index) == JV_CONSTANT_Integer)
1974 init_type_from_tag (&t, int_type);
1975 else if (vfy_tag (pool, index) == JV_CONSTANT_Float)
1976 init_type_from_tag (&t, float_type);
1977 else if (vfy_tag (pool, index) == JV_CONSTANT_Class
1978 || vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1979 /* FIXME: should only allow this for 1.5 bytecode. */
1980 init_type_from_class (&t, vfy_class_type ());
1981 else
1982 verify_fail_pc ("String, int, or float constant expected", vfr->start_PC);
1983 return t;
1984 }
1985
1986 static type
1987 check_wide_constant (int index)
1988 {
1989 type t = { (type_val) 0, 0, 0 };
1990 vfy_constants *pool;
1991
1992 check_pool_index (index);
1993 pool = vfy_get_constants (vfr->current_class);
1994 if (vfy_tag (pool, index) == JV_CONSTANT_Long)
1995 init_type_from_tag (&t, long_type);
1996 else if (vfy_tag (pool, index) == JV_CONSTANT_Double)
1997 init_type_from_tag (&t, double_type);
1998 else
1999 verify_fail_pc ("long or double constant expected", vfr->start_PC);
2000 return t;
2001 }
2002
2003 /* Helper for both field and method. These are laid out the same in
2004 the constant pool. */
2005 static type
2006 handle_field_or_method (int index, int expected,
2007 vfy_string *name, vfy_string *fmtype)
2008 {
2009 vfy_uint_16 class_index, name_and_type_index;
2010 vfy_uint_16 name_index, desc_index;
2011 vfy_constants *pool;
2012
2013 check_pool_index (index);
2014 pool = vfy_get_constants (vfr->current_class);
2015 if (vfy_tag (pool, index) != expected)
2016 verify_fail_pc ("didn't see expected constant", vfr->start_PC);
2017 /* Once we know we have a Fieldref or Methodref we assume that it
2018 is correctly laid out in the constant pool. I think the code
2019 in defineclass.cc guarantees this. */
2020 vfy_load_indexes (pool, index, &class_index, &name_and_type_index);
2021 vfy_load_indexes (pool, name_and_type_index, &name_index, &desc_index);
2022
2023 *name = vfy_get_pool_string (pool, name_index);
2024 *fmtype = vfy_get_pool_string (pool, desc_index);
2025
2026 return check_class_constant (class_index);
2027 }
2028
2029 /* Return field's type, compute class' type if requested. If
2030 PUTFIELD is true, use the special 'putfield' semantics. */
2031 static type
2032 check_field_constant (int index, type *class_type, bool putfield)
2033 {
2034 vfy_string name, field_type;
2035 const char *typec;
2036 type t;
2037
2038 type ct = handle_field_or_method (index,
2039 JV_CONSTANT_Fieldref,
2040 &name, &field_type);
2041 if (class_type)
2042 *class_type = ct;
2043 typec = vfy_string_bytes (field_type);
2044 if (typec[0] == '[' || typec[0] == 'L')
2045 init_type_from_string (&t, field_type);
2046 else
2047 init_type_from_tag (&t, get_type_val_for_signature (typec[0]));
2048
2049 /* We have an obscure special case here: we can use `putfield' on a
2050 field declared in this class, even if `this' has not yet been
2051 initialized. */
2052 if (putfield
2053 && ! type_initialized (&vfr->current_state->this_type)
2054 && vfr->current_state->this_type.pc == SELF
2055 && types_equal (&vfr->current_state->this_type, &ct)
2056 && vfy_class_has_field (vfr->current_class, name, field_type))
2057 /* Note that we don't actually know whether we're going to match
2058 against 'this' or some other object of the same type. So,
2059 here we set things up so that it doesn't matter. This relies
2060 on knowing what our caller is up to. */
2061 type_set_uninitialized (class_type, EITHER);
2062
2063 return t;
2064 }
2065
2066 static type
2067 check_method_constant (int index, bool is_interface,
2068 vfy_string *method_name,
2069 vfy_string *method_signature)
2070 {
2071 return handle_field_or_method (index,
2072 (is_interface
2073 ? JV_CONSTANT_InterfaceMethodref
2074 : JV_CONSTANT_Methodref),
2075 method_name, method_signature);
2076 }
2077
2078 static const char *
2079 get_one_type (const char *p, type *t)
2080 {
2081 const char *start = p;
2082 vfy_jclass k;
2083 type_val rt;
2084 char v;
2085
2086 int arraycount = 0;
2087 while (*p == '[')
2088 {
2089 ++arraycount;
2090 ++p;
2091 }
2092
2093 v = *p++;
2094
2095 if (v == 'L')
2096 {
2097 vfy_string name;
2098 while (*p != ';')
2099 ++p;
2100 ++p;
2101 name = vfy_get_string (start, p - start);
2102 *t = make_type_from_string (name);
2103 return p;
2104 }
2105
2106 /* Casting to jchar here is ok since we are looking at an ASCII
2107 character. */
2108 rt = get_type_val_for_signature (v);
2109
2110 if (arraycount == 0)
2111 {
2112 /* Callers of this function eventually push their arguments on
2113 the stack. So, promote them here. */
2114 type new_t = make_type (rt);
2115 vfy_promote_type (&new_t);
2116 *t = new_t;
2117 return p;
2118 }
2119
2120 k = construct_primitive_array_type (rt);
2121 while (--arraycount > 0)
2122 k = vfy_get_array_class (k);
2123 *t = make_type_from_class (k);
2124 return p;
2125 }
2126
2127 static void
2128 compute_argument_types (vfy_string signature, type *types)
2129 {
2130 int i;
2131 const char *p = vfy_string_bytes (signature);
2132
2133 /* Skip `('. */
2134 ++p;
2135
2136 i = 0;
2137 while (*p != ')')
2138 p = get_one_type (p, &types[i++]);
2139 }
2140
2141 static type
2142 compute_return_type (vfy_string signature)
2143 {
2144 const char *p = vfy_string_bytes (signature);
2145 type t;
2146 while (*p != ')')
2147 ++p;
2148 ++p;
2149 get_one_type (p, &t);
2150 return t;
2151 }
2152
2153 static void
2154 check_return_type (type onstack)
2155 {
2156 type rt = compute_return_type (vfy_get_signature (vfr->current_method));
2157 if (! types_compatible (&rt, &onstack))
2158 verify_fail ("incompatible return type");
2159 }
2160
2161 /* Initialize the stack for the new method. Returns true if this
2162 method is an instance initializer. */
2163 static bool
2164 initialize_stack (void)
2165 {
2166 int arg_count, i;
2167 int var = 0;
2168 bool is_init = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2169 vfy_init_name());
2170 bool is_clinit = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2171 vfy_clinit_name());
2172
2173 if (! vfy_is_static (vfr->current_method))
2174 {
2175 type kurr = make_type_from_class (vfr->current_class);
2176 if (is_init)
2177 {
2178 type_set_uninitialized (&kurr, SELF);
2179 is_init = true;
2180 }
2181 else if (is_clinit)
2182 verify_fail ("<clinit> method must be static");
2183 set_variable (0, kurr);
2184 state_set_this_type (vfr->current_state, &kurr);
2185 ++var;
2186 }
2187 else
2188 {
2189 if (is_init)
2190 verify_fail ("<init> method must be non-static");
2191 }
2192
2193 /* We have to handle wide arguments specially here. */
2194 arg_count = vfy_count_arguments (vfy_get_signature (vfr->current_method));
2195 {
2196 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2197 compute_argument_types (vfy_get_signature (vfr->current_method), arg_types);
2198 for (i = 0; i < arg_count; ++i)
2199 {
2200 set_variable (var, arg_types[i]);
2201 ++var;
2202 if (type_iswide (&arg_types[i]))
2203 ++var;
2204 }
2205 vfy_free (arg_types);
2206 }
2207
2208 return is_init;
2209 }
2210
2211 static void
2212 verify_instructions_0 (void)
2213 {
2214 int i;
2215 bool this_is_init;
2216
2217 vfr->current_state = make_state (vfr->current_method->max_stack,
2218 vfr->current_method->max_locals);
2219
2220 vfr->PC = 0;
2221 vfr->start_PC = 0;
2222
2223 /* True if we are verifying an instance initializer. */
2224 this_is_init = initialize_stack ();
2225
2226 vfr->states = (state_list **) vfy_alloc (sizeof (state_list *)
2227 * vfr->current_method->code_length);
2228
2229 for (i = 0; i < vfr->current_method->code_length; ++i)
2230 vfr->states[i] = NULL;
2231
2232 vfr->next_verify_state = NULL;
2233
2234 while (true)
2235 {
2236 java_opcode opcode;
2237
2238 /* If the PC was invalidated, get a new one from the work list. */
2239 if (vfr->PC == NO_NEXT)
2240 {
2241 state *new_state = pop_jump ();
2242 /* If it is null, we're done. */
2243 if (new_state == NULL)
2244 break;
2245
2246 vfr->PC = new_state->pc;
2247 debug_print ("== State pop from pending list\n");
2248 /* Set up the current state. */
2249 copy_state (vfr->current_state, new_state,
2250 vfr->current_method->max_stack, vfr->current_method->max_locals);
2251 }
2252 else
2253 {
2254 /* We only have to do this checking in the situation where
2255 control flow falls through from the previous instruction.
2256 Otherwise merging is done at the time we push the branch.
2257 Note that we'll catch the off-the-end problem just
2258 below. */
2259 if (vfr->PC < vfr->current_method->code_length
2260 && vfr->states[vfr->PC] != NULL)
2261 {
2262 /* We've already visited this instruction. So merge
2263 the states together. It is simplest, but not most
2264 efficient, to just always invalidate the PC here. */
2265 merge_into (vfr->PC, vfr->current_state);
2266 invalidate_pc ();
2267 continue;
2268 }
2269 }
2270
2271 /* Control can't fall off the end of the bytecode. We need to
2272 check this in both cases, not just the fall-through case,
2273 because we don't check to see whether a `jsr' appears at
2274 the end of the bytecode until we process a `ret'. */
2275 if (vfr->PC >= vfr->current_method->code_length)
2276 verify_fail ("fell off end");
2277 vfr->flags[vfr->PC] |= FLAG_INSN_SEEN;
2278
2279 /* We only have to keep saved state at branch targets. If
2280 we're at a branch target and the state here hasn't been set
2281 yet, we set it now. You might notice that `ret' targets
2282 won't necessarily have FLAG_BRANCH_TARGET set. This
2283 doesn't matter, since those states will be filled in by
2284 merge_into. */
2285 /* Note that other parts of the compiler assume that there is a
2286 label with a type map at PC=0. */
2287 if (vfr->states[vfr->PC] == NULL
2288 && (vfr->PC == 0 || (vfr->flags[vfr->PC] & FLAG_BRANCH_TARGET) != 0))
2289 add_new_state (vfr->PC, vfr->current_state);
2290
2291 /* Set this before handling exceptions so that debug output is
2292 sane. */
2293 vfr->start_PC = vfr->PC;
2294
2295 /* Update states for all active exception handlers. Ordinarily
2296 there are not many exception handlers. So we simply run
2297 through them all. */
2298 for (i = 0; i < vfr->current_method->exc_count; ++i)
2299 {
2300 int hpc, start, end, htype;
2301 vfy_get_exception (vfr->exception, i, &hpc, &start, &end, &htype);
2302 if (vfr->PC >= start && vfr->PC < end)
2303 {
2304 type handler = make_type_from_class (vfy_throwable_type ());
2305 if (htype != 0)
2306 handler = check_class_constant (htype);
2307 push_exception_jump (handler, hpc);
2308 }
2309 }
2310
2311
2312 debug_print_state (vfr->current_state, " ", vfr->PC,
2313 vfr->current_method->max_stack,
2314 vfr->current_method->max_locals);
2315 opcode = (java_opcode) vfr->bytecode[vfr->PC++];
2316 switch (opcode)
2317 {
2318 case op_nop:
2319 break;
2320
2321 case op_aconst_null:
2322 push_type (null_type);
2323 break;
2324
2325 case op_iconst_m1:
2326 case op_iconst_0:
2327 case op_iconst_1:
2328 case op_iconst_2:
2329 case op_iconst_3:
2330 case op_iconst_4:
2331 case op_iconst_5:
2332 push_type (int_type);
2333 break;
2334
2335 case op_lconst_0:
2336 case op_lconst_1:
2337 push_type (long_type);
2338 break;
2339
2340 case op_fconst_0:
2341 case op_fconst_1:
2342 case op_fconst_2:
2343 push_type (float_type);
2344 break;
2345
2346 case op_dconst_0:
2347 case op_dconst_1:
2348 push_type (double_type);
2349 break;
2350
2351 case op_bipush:
2352 get_byte ();
2353 push_type (int_type);
2354 break;
2355
2356 case op_sipush:
2357 get_short ();
2358 push_type (int_type);
2359 break;
2360
2361 case op_ldc:
2362 push_type_t (check_constant (get_byte ()));
2363 break;
2364 case op_ldc_w:
2365 push_type_t (check_constant (get_ushort ()));
2366 break;
2367 case op_ldc2_w:
2368 push_type_t (check_wide_constant (get_ushort ()));
2369 break;
2370
2371 case op_iload:
2372 push_type_t (get_variable (get_byte (), int_type));
2373 break;
2374 case op_lload:
2375 push_type_t (get_variable (get_byte (), long_type));
2376 break;
2377 case op_fload:
2378 push_type_t (get_variable (get_byte (), float_type));
2379 break;
2380 case op_dload:
2381 push_type_t (get_variable (get_byte (), double_type));
2382 break;
2383 case op_aload:
2384 push_type_t (get_variable (get_byte (), reference_type));
2385 break;
2386
2387 case op_iload_0:
2388 case op_iload_1:
2389 case op_iload_2:
2390 case op_iload_3:
2391 push_type_t (get_variable (opcode - op_iload_0, int_type));
2392 break;
2393 case op_lload_0:
2394 case op_lload_1:
2395 case op_lload_2:
2396 case op_lload_3:
2397 push_type_t (get_variable (opcode - op_lload_0, long_type));
2398 break;
2399 case op_fload_0:
2400 case op_fload_1:
2401 case op_fload_2:
2402 case op_fload_3:
2403 push_type_t (get_variable (opcode - op_fload_0, float_type));
2404 break;
2405 case op_dload_0:
2406 case op_dload_1:
2407 case op_dload_2:
2408 case op_dload_3:
2409 push_type_t (get_variable (opcode - op_dload_0, double_type));
2410 break;
2411 case op_aload_0:
2412 case op_aload_1:
2413 case op_aload_2:
2414 case op_aload_3:
2415 push_type_t (get_variable (opcode - op_aload_0, reference_type));
2416 break;
2417 case op_iaload:
2418 pop_type (int_type);
2419 push_type_t (require_array_type (pop_init_ref (reference_type),
2420 int_type));
2421 break;
2422 case op_laload:
2423 pop_type (int_type);
2424 push_type_t (require_array_type (pop_init_ref (reference_type),
2425 long_type));
2426 break;
2427 case op_faload:
2428 pop_type (int_type);
2429 push_type_t (require_array_type (pop_init_ref (reference_type),
2430 float_type));
2431 break;
2432 case op_daload:
2433 pop_type (int_type);
2434 push_type_t (require_array_type (pop_init_ref (reference_type),
2435 double_type));
2436 break;
2437 case op_aaload:
2438 pop_type (int_type);
2439 push_type_t (require_array_type (pop_init_ref (reference_type),
2440 reference_type));
2441 break;
2442 case op_baload:
2443 pop_type (int_type);
2444 require_array_type (pop_init_ref (reference_type), byte_type);
2445 push_type (int_type);
2446 break;
2447 case op_caload:
2448 pop_type (int_type);
2449 require_array_type (pop_init_ref (reference_type), char_type);
2450 push_type (int_type);
2451 break;
2452 case op_saload:
2453 pop_type (int_type);
2454 require_array_type (pop_init_ref (reference_type), short_type);
2455 push_type (int_type);
2456 break;
2457 case op_istore:
2458 set_variable (get_byte (), pop_type (int_type));
2459 break;
2460 case op_lstore:
2461 set_variable (get_byte (), pop_type (long_type));
2462 break;
2463 case op_fstore:
2464 set_variable (get_byte (), pop_type (float_type));
2465 break;
2466 case op_dstore:
2467 set_variable (get_byte (), pop_type (double_type));
2468 break;
2469 case op_astore:
2470 set_variable (get_byte (), pop_ref_or_return ());
2471 break;
2472 case op_istore_0:
2473 case op_istore_1:
2474 case op_istore_2:
2475 case op_istore_3:
2476 set_variable (opcode - op_istore_0, pop_type (int_type));
2477 break;
2478 case op_lstore_0:
2479 case op_lstore_1:
2480 case op_lstore_2:
2481 case op_lstore_3:
2482 set_variable (opcode - op_lstore_0, pop_type (long_type));
2483 break;
2484 case op_fstore_0:
2485 case op_fstore_1:
2486 case op_fstore_2:
2487 case op_fstore_3:
2488 set_variable (opcode - op_fstore_0, pop_type (float_type));
2489 break;
2490 case op_dstore_0:
2491 case op_dstore_1:
2492 case op_dstore_2:
2493 case op_dstore_3:
2494 set_variable (opcode - op_dstore_0, pop_type (double_type));
2495 break;
2496 case op_astore_0:
2497 case op_astore_1:
2498 case op_astore_2:
2499 case op_astore_3:
2500 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2501 break;
2502 case op_iastore:
2503 pop_type (int_type);
2504 pop_type (int_type);
2505 require_array_type (pop_init_ref (reference_type), int_type);
2506 break;
2507 case op_lastore:
2508 pop_type (long_type);
2509 pop_type (int_type);
2510 require_array_type (pop_init_ref (reference_type), long_type);
2511 break;
2512 case op_fastore:
2513 pop_type (float_type);
2514 pop_type (int_type);
2515 require_array_type (pop_init_ref (reference_type), float_type);
2516 break;
2517 case op_dastore:
2518 pop_type (double_type);
2519 pop_type (int_type);
2520 require_array_type (pop_init_ref (reference_type), double_type);
2521 break;
2522 case op_aastore:
2523 pop_type (reference_type);
2524 pop_type (int_type);
2525 require_array_type (pop_init_ref (reference_type), reference_type);
2526 break;
2527 case op_bastore:
2528 pop_type (int_type);
2529 pop_type (int_type);
2530 require_array_type (pop_init_ref (reference_type), byte_type);
2531 break;
2532 case op_castore:
2533 pop_type (int_type);
2534 pop_type (int_type);
2535 require_array_type (pop_init_ref (reference_type), char_type);
2536 break;
2537 case op_sastore:
2538 pop_type (int_type);
2539 pop_type (int_type);
2540 require_array_type (pop_init_ref (reference_type), short_type);
2541 break;
2542 case op_pop:
2543 pop32 ();
2544 break;
2545 case op_pop2:
2546 {
2547 type t = pop_raw ();
2548 if (! type_iswide (&t))
2549 pop32 ();
2550 }
2551 break;
2552 case op_dup:
2553 {
2554 type t = pop32 ();
2555 push_type_t (t);
2556 push_type_t (t);
2557 }
2558 break;
2559 case op_dup_x1:
2560 {
2561 type t1 = pop32 ();
2562 type t2 = pop32 ();
2563 push_type_t (t1);
2564 push_type_t (t2);
2565 push_type_t (t1);
2566 }
2567 break;
2568 case op_dup_x2:
2569 {
2570 type t1 = pop32 ();
2571 type t2 = pop_raw ();
2572 if (! type_iswide (&t2))
2573 {
2574 type t3 = pop32 ();
2575 push_type_t (t1);
2576 push_type_t (t3);
2577 }
2578 else
2579 push_type_t (t1);
2580 push_type_t (t2);
2581 push_type_t (t1);
2582 }
2583 break;
2584 case op_dup2:
2585 {
2586 type t = pop_raw ();
2587 if (! type_iswide (&t))
2588 {
2589 type t2 = pop32 ();
2590 push_type_t (t2);
2591 push_type_t (t);
2592 push_type_t (t2);
2593 }
2594 else
2595 push_type_t (t);
2596 push_type_t (t);
2597 }
2598 break;
2599 case op_dup2_x1:
2600 {
2601 type t1 = pop_raw ();
2602 type t2 = pop32 ();
2603 if (! type_iswide (&t1))
2604 {
2605 type t3 = pop32 ();
2606 push_type_t (t2);
2607 push_type_t (t1);
2608 push_type_t (t3);
2609 }
2610 else
2611 push_type_t (t1);
2612 push_type_t (t2);
2613 push_type_t (t1);
2614 }
2615 break;
2616 case op_dup2_x2:
2617 {
2618 type t1 = pop_raw ();
2619 if (type_iswide (&t1))
2620 {
2621 type t2 = pop_raw ();
2622 if (type_iswide (&t2))
2623 {
2624 push_type_t (t1);
2625 push_type_t (t2);
2626 }
2627 else
2628 {
2629 type t3 = pop32 ();
2630 push_type_t (t1);
2631 push_type_t (t3);
2632 push_type_t (t2);
2633 }
2634 push_type_t (t1);
2635 }
2636 else
2637 {
2638 type t2 = pop32 ();
2639 type t3 = pop_raw ();
2640 if (type_iswide (&t3))
2641 {
2642 push_type_t (t2);
2643 push_type_t (t1);
2644 }
2645 else
2646 {
2647 type t4 = pop32 ();
2648 push_type_t (t2);
2649 push_type_t (t1);
2650 push_type_t (t4);
2651 }
2652 push_type_t (t3);
2653 push_type_t (t2);
2654 push_type_t (t1);
2655 }
2656 }
2657 break;
2658 case op_swap:
2659 {
2660 type t1 = pop32 ();
2661 type t2 = pop32 ();
2662 push_type_t (t1);
2663 push_type_t (t2);
2664 }
2665 break;
2666 case op_iadd:
2667 case op_isub:
2668 case op_imul:
2669 case op_idiv:
2670 case op_irem:
2671 case op_ishl:
2672 case op_ishr:
2673 case op_iushr:
2674 case op_iand:
2675 case op_ior:
2676 case op_ixor:
2677 pop_type (int_type);
2678 push_type_t (pop_type (int_type));
2679 break;
2680 case op_ladd:
2681 case op_lsub:
2682 case op_lmul:
2683 case op_ldiv:
2684 case op_lrem:
2685 case op_land:
2686 case op_lor:
2687 case op_lxor:
2688 pop_type (long_type);
2689 push_type_t (pop_type (long_type));
2690 break;
2691 case op_lshl:
2692 case op_lshr:
2693 case op_lushr:
2694 pop_type (int_type);
2695 push_type_t (pop_type (long_type));
2696 break;
2697 case op_fadd:
2698 case op_fsub:
2699 case op_fmul:
2700 case op_fdiv:
2701 case op_frem:
2702 pop_type (float_type);
2703 push_type_t (pop_type (float_type));
2704 break;
2705 case op_dadd:
2706 case op_dsub:
2707 case op_dmul:
2708 case op_ddiv:
2709 case op_drem:
2710 pop_type (double_type);
2711 push_type_t (pop_type (double_type));
2712 break;
2713 case op_ineg:
2714 case op_i2b:
2715 case op_i2c:
2716 case op_i2s:
2717 push_type_t (pop_type (int_type));
2718 break;
2719 case op_lneg:
2720 push_type_t (pop_type (long_type));
2721 break;
2722 case op_fneg:
2723 push_type_t (pop_type (float_type));
2724 break;
2725 case op_dneg:
2726 push_type_t (pop_type (double_type));
2727 break;
2728 case op_iinc:
2729 get_variable (get_byte (), int_type);
2730 get_byte ();
2731 break;
2732 case op_i2l:
2733 pop_type (int_type);
2734 push_type (long_type);
2735 break;
2736 case op_i2f:
2737 pop_type (int_type);
2738 push_type (float_type);
2739 break;
2740 case op_i2d:
2741 pop_type (int_type);
2742 push_type (double_type);
2743 break;
2744 case op_l2i:
2745 pop_type (long_type);
2746 push_type (int_type);
2747 break;
2748 case op_l2f:
2749 pop_type (long_type);
2750 push_type (float_type);
2751 break;
2752 case op_l2d:
2753 pop_type (long_type);
2754 push_type (double_type);
2755 break;
2756 case op_f2i:
2757 pop_type (float_type);
2758 push_type (int_type);
2759 break;
2760 case op_f2l:
2761 pop_type (float_type);
2762 push_type (long_type);
2763 break;
2764 case op_f2d:
2765 pop_type (float_type);
2766 push_type (double_type);
2767 break;
2768 case op_d2i:
2769 pop_type (double_type);
2770 push_type (int_type);
2771 break;
2772 case op_d2l:
2773 pop_type (double_type);
2774 push_type (long_type);
2775 break;
2776 case op_d2f:
2777 pop_type (double_type);
2778 push_type (float_type);
2779 break;
2780 case op_lcmp:
2781 pop_type (long_type);
2782 pop_type (long_type);
2783 push_type (int_type);
2784 break;
2785 case op_fcmpl:
2786 case op_fcmpg:
2787 pop_type (float_type);
2788 pop_type (float_type);
2789 push_type (int_type);
2790 break;
2791 case op_dcmpl:
2792 case op_dcmpg:
2793 pop_type (double_type);
2794 pop_type (double_type);
2795 push_type (int_type);
2796 break;
2797 case op_ifeq:
2798 case op_ifne:
2799 case op_iflt:
2800 case op_ifge:
2801 case op_ifgt:
2802 case op_ifle:
2803 pop_type (int_type);
2804 push_jump (get_short ());
2805 break;
2806 case op_if_icmpeq:
2807 case op_if_icmpne:
2808 case op_if_icmplt:
2809 case op_if_icmpge:
2810 case op_if_icmpgt:
2811 case op_if_icmple:
2812 pop_type (int_type);
2813 pop_type (int_type);
2814 push_jump (get_short ());
2815 break;
2816 case op_if_acmpeq:
2817 case op_if_acmpne:
2818 pop_type (reference_type);
2819 pop_type (reference_type);
2820 push_jump (get_short ());
2821 break;
2822 case op_goto:
2823 push_jump (get_short ());
2824 invalidate_pc ();
2825 break;
2826 case op_jsr:
2827 handle_jsr_insn (get_short ());
2828 break;
2829 case op_ret:
2830 handle_ret_insn (get_byte ());
2831 break;
2832 case op_tableswitch:
2833 {
2834 int i;
2835 jint low, high;
2836 pop_type (int_type);
2837 skip_padding ();
2838 push_jump (get_int ());
2839 low = get_int ();
2840 high = get_int ();
2841 /* Already checked LOW -vs- HIGH. */
2842 for (i = low; i <= high; ++i)
2843 push_jump (get_int ());
2844 invalidate_pc ();
2845 }
2846 break;
2847
2848 case op_lookupswitch:
2849 {
2850 int i;
2851 jint npairs, lastkey;
2852
2853 pop_type (int_type);
2854 skip_padding ();
2855 push_jump (get_int ());
2856 npairs = get_int ();
2857 /* Already checked NPAIRS >= 0. */
2858 lastkey = 0;
2859 for (i = 0; i < npairs; ++i)
2860 {
2861 jint key = get_int ();
2862 if (i > 0 && key <= lastkey)
2863 verify_fail_pc ("lookupswitch pairs unsorted", vfr->start_PC);
2864 lastkey = key;
2865 push_jump (get_int ());
2866 }
2867 invalidate_pc ();
2868 }
2869 break;
2870 case op_ireturn:
2871 check_return_type (pop_type (int_type));
2872 invalidate_pc ();
2873 break;
2874 case op_lreturn:
2875 check_return_type (pop_type (long_type));
2876 invalidate_pc ();
2877 break;
2878 case op_freturn:
2879 check_return_type (pop_type (float_type));
2880 invalidate_pc ();
2881 break;
2882 case op_dreturn:
2883 check_return_type (pop_type (double_type));
2884 invalidate_pc ();
2885 break;
2886 case op_areturn:
2887 check_return_type (pop_init_ref (reference_type));
2888 invalidate_pc ();
2889 break;
2890 case op_return:
2891 /* We only need to check this when the return type is void,
2892 because all instance initializers return void. We also
2893 need to special-case Object constructors, as they can't
2894 call a superclass <init>. */
2895 if (this_is_init && vfr->current_class != vfy_object_type ())
2896 state_check_this_initialized (vfr->current_state);
2897 check_return_type (make_type (void_type));
2898 invalidate_pc ();
2899 break;
2900 case op_getstatic:
2901 push_type_t (check_field_constant (get_ushort (), NULL, false));
2902 break;
2903 case op_putstatic:
2904 pop_type_t (check_field_constant (get_ushort (), NULL, false));
2905 break;
2906 case op_getfield:
2907 {
2908 type klass;
2909 type field = check_field_constant (get_ushort (), &klass, false);
2910 pop_type_t (klass);
2911 push_type_t (field);
2912 }
2913 break;
2914 case op_putfield:
2915 {
2916 type klass;
2917 type field = check_field_constant (get_ushort (), &klass, true);
2918 pop_type_t (field);
2919 pop_type_t (klass);
2920 }
2921 break;
2922
2923 case op_invokevirtual:
2924 case op_invokespecial:
2925 case op_invokestatic:
2926 case op_invokeinterface:
2927 {
2928 vfy_string method_name, method_signature;
2929 const char *namec;
2930 int i, arg_count;
2931 type rt;
2932 bool is_init = false;
2933
2934 type class_type
2935 = check_method_constant (get_ushort (),
2936 opcode == op_invokeinterface,
2937 &method_name,
2938 &method_signature);
2939 /* NARGS is only used when we're processing
2940 invokeinterface. It is simplest for us to compute it
2941 here and then verify it later. */
2942 int nargs = 0;
2943 if (opcode == op_invokeinterface)
2944 {
2945 nargs = get_byte ();
2946 if (get_byte () != 0)
2947 verify_fail ("invokeinterface dummy byte is wrong");
2948 }
2949
2950 namec = vfy_string_bytes (method_name);
2951
2952 if (vfy_strings_equal (method_name, vfy_init_name()))
2953 {
2954 is_init = true;
2955 if (opcode != op_invokespecial)
2956 verify_fail ("can't invoke <init>");
2957 }
2958 else if (namec[0] == '<')
2959 verify_fail ("can't invoke method starting with `<'");
2960
2961 arg_count = vfy_count_arguments (method_signature);
2962 {
2963 /* Pop arguments and check types. */
2964 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2965
2966 compute_argument_types (method_signature, arg_types);
2967 for (i = arg_count - 1; i >= 0; --i)
2968 {
2969 /* This is only used for verifying the byte for
2970 invokeinterface. */
2971 nargs -= type_depth (&arg_types[i]);
2972 pop_init_ref_t (arg_types[i]);
2973 }
2974
2975 vfy_free (arg_types);
2976 }
2977
2978 if (opcode == op_invokeinterface
2979 && nargs != 1)
2980 verify_fail ("wrong argument count for invokeinterface");
2981
2982 if (opcode != op_invokestatic)
2983 {
2984 type raw;
2985 type t = class_type;
2986 if (is_init)
2987 {
2988 /* In this case the PC doesn't matter. */
2989 type_set_uninitialized (&t, UNINIT);
2990 /* FIXME: check to make sure that the <init>
2991 call is to the right class.
2992 It must either be super or an exact class
2993 match. */
2994 }
2995 raw = pop_raw ();
2996 if (! types_compatible (&t, &raw))
2997 verify_fail ("incompatible type on stack");
2998
2999 if (is_init)
3000 state_set_initialized (vfr->current_state,
3001 type_get_pc (&raw), vfr->current_method->max_locals);
3002 }
3003
3004 rt = compute_return_type (method_signature);
3005 if (! type_isvoid (&rt))
3006 push_type_t (rt);
3007 }
3008 break;
3009
3010 case op_new:
3011 {
3012 type t = check_class_constant (get_ushort ());
3013 if (type_isarray (&t) || type_isinterface (&t)
3014 || type_isabstract (&t))
3015 verify_fail ("type is array, interface, or abstract");
3016 type_set_uninitialized (&t, vfr->start_PC);
3017 push_type_t (t);
3018 }
3019 break;
3020
3021 case op_newarray:
3022 {
3023 int atype = get_byte ();
3024 vfy_jclass k;
3025 type t;
3026 /* We intentionally have chosen constants to make this
3027 valid. */
3028 if (atype < boolean_type || atype > long_type)
3029 verify_fail_pc ("type not primitive", vfr->start_PC);
3030 pop_type (int_type);
3031 k = construct_primitive_array_type ((type_val) atype);
3032 init_type_from_class (&t, k);
3033 push_type_t (t);
3034 }
3035 break;
3036 case op_anewarray:
3037 {
3038 type t;
3039 pop_type (int_type);
3040 t = check_class_constant (get_ushort ());
3041 push_type_t (type_to_array (&t));
3042 }
3043 break;
3044 case op_arraylength:
3045 {
3046 type t = pop_init_ref (reference_type);
3047 if (! type_isarray (&t) && ! type_isnull (&t))
3048 verify_fail ("array type expected");
3049 push_type (int_type);
3050 }
3051 break;
3052 case op_athrow:
3053 pop_type_t (make_type_from_class (vfy_throwable_type ()));
3054 invalidate_pc ();
3055 break;
3056 case op_checkcast:
3057 pop_init_ref (reference_type);
3058 push_type_t (check_class_constant (get_ushort ()));
3059 break;
3060 case op_instanceof:
3061 pop_init_ref (reference_type);
3062 check_class_constant (get_ushort ());
3063 push_type (int_type);
3064 break;
3065 case op_monitorenter:
3066 pop_init_ref (reference_type);
3067 break;
3068 case op_monitorexit:
3069 pop_init_ref (reference_type);
3070 break;
3071 case op_wide:
3072 {
3073 switch (get_byte ())
3074 {
3075 case op_iload:
3076 push_type_t (get_variable (get_ushort (), int_type));
3077 break;
3078 case op_lload:
3079 push_type_t (get_variable (get_ushort (), long_type));
3080 break;
3081 case op_fload:
3082 push_type_t (get_variable (get_ushort (), float_type));
3083 break;
3084 case op_dload:
3085 push_type_t (get_variable (get_ushort (), double_type));
3086 break;
3087 case op_aload:
3088 push_type_t (get_variable (get_ushort (), reference_type));
3089 break;
3090 case op_istore:
3091 set_variable (get_ushort (), pop_type (int_type));
3092 break;
3093 case op_lstore:
3094 set_variable (get_ushort (), pop_type (long_type));
3095 break;
3096 case op_fstore:
3097 set_variable (get_ushort (), pop_type (float_type));
3098 break;
3099 case op_dstore:
3100 set_variable (get_ushort (), pop_type (double_type));
3101 break;
3102 case op_astore:
3103 set_variable (get_ushort (), pop_init_ref (reference_type));
3104 break;
3105 case op_ret:
3106 handle_ret_insn (get_short ());
3107 break;
3108 case op_iinc:
3109 get_variable (get_ushort (), int_type);
3110 get_short ();
3111 break;
3112 default:
3113 verify_fail_pc ("unrecognized wide instruction", vfr->start_PC);
3114 }
3115 }
3116 break;
3117 case op_multianewarray:
3118 {
3119 int i;
3120 type atype = check_class_constant (get_ushort ());
3121 int dim = get_byte ();
3122 if (dim < 1)
3123 verify_fail_pc ("too few dimensions to multianewarray", vfr->start_PC);
3124 type_verify_dimensions (&atype, dim);
3125 for (i = 0; i < dim; ++i)
3126 pop_type (int_type);
3127 push_type_t (atype);
3128 }
3129 break;
3130 case op_ifnull:
3131 case op_ifnonnull:
3132 pop_type (reference_type);
3133 push_jump (get_short ());
3134 break;
3135 case op_goto_w:
3136 push_jump (get_int ());
3137 invalidate_pc ();
3138 break;
3139 case op_jsr_w:
3140 handle_jsr_insn (get_int ());
3141 break;
3142
3143 default:
3144 /* Unrecognized opcode. */
3145 verify_fail_pc ("unrecognized instruction in verify_instructions_0",
3146 vfr->start_PC);
3147 }
3148 }
3149 }
3150
3151 /* This turns a `type' into something suitable for use by the type map
3152 in the other parts of the compiler. In particular, reference types
3153 are mapped to Object, primitive types are unchanged, and other
3154 types are mapped using special functions declared in verify.h. */
3155 static vfy_jclass
3156 collapse_type (type *t)
3157 {
3158 switch (t->key)
3159 {
3160 case void_type:
3161 case boolean_type:
3162 case char_type:
3163 case float_type:
3164 case double_type:
3165 case byte_type:
3166 case short_type:
3167 case int_type:
3168 case long_type:
3169 return vfy_get_primitive_type (t->key);
3170
3171 case unsuitable_type:
3172 case continuation_type:
3173 return vfy_unsuitable_type ();
3174
3175 case return_address_type:
3176 return vfy_return_address_type ();
3177
3178 case null_type:
3179 return vfy_null_type ();
3180
3181 case reference_type:
3182 case uninitialized_reference_type:
3183 return vfy_object_type ();
3184 }
3185
3186 gcc_unreachable ();
3187 }
3188
3189 static void
3190 verify_instructions (void)
3191 {
3192 int i;
3193
3194 branch_prepass ();
3195 verify_instructions_0 ();
3196
3197 /* Now tell the rest of the compiler about the types we've found. */
3198 for (i = 0; i < vfr->current_method->code_length; ++i)
3199 {
3200 int j, slot;
3201 struct state *curr;
3202
3203 if ((vfr->flags[i] & FLAG_INSN_SEEN) != 0)
3204 vfy_note_instruction_seen (i);
3205
3206 if (! vfr->states[i])
3207 continue;
3208
3209 curr = vfr->states[i]->val;
3210 vfy_note_stack_depth (vfr->current_method, i, curr->stackdepth);
3211
3212 /* Tell the compiler about each local variable. */
3213 for (j = 0; j < vfr->current_method->max_locals; ++j)
3214 vfy_note_local_type (vfr->current_method, i, j,
3215 collapse_type (&curr->locals[j]));
3216 /* Tell the compiler about each stack slot. */
3217 for (slot = j = 0; j < curr->stacktop; ++j, ++slot)
3218 {
3219 vfy_note_stack_type (vfr->current_method, i, slot,
3220 collapse_type (&curr->stack[j]));
3221 if (type_iswide (&curr->stack[j]))
3222 {
3223 ++slot;
3224 vfy_note_stack_type (vfr->current_method, i, slot,
3225 vfy_unsuitable_type ());
3226 }
3227 }
3228 gcc_assert (slot == curr->stackdepth);
3229 }
3230 }
3231
3232 static void
3233 make_verifier_context (vfy_method *m)
3234 {
3235 vfr = (verifier_context *) vfy_alloc (sizeof (struct verifier_context));
3236
3237 vfr->current_method = m;
3238 vfr->bytecode = vfy_get_bytecode (m);
3239 vfr->exception = vfy_get_exceptions (m);
3240 vfr->current_class = m->defining_class;
3241
3242 vfr->states = NULL;
3243 vfr->flags = NULL;
3244 vfr->utf8_list = NULL;
3245 vfr->isect_list = NULL;
3246 }
3247
3248 static void
3249 free_verifier_context (void)
3250 {
3251 vfy_string_list *utf8_list;
3252 ref_intersection *isect_list;
3253
3254 if (vfr->flags)
3255 vfy_free (vfr->flags);
3256
3257 utf8_list = vfr->utf8_list;
3258 while (utf8_list != NULL)
3259 {
3260 vfy_string_list *n = utf8_list->next;
3261 vfy_free (utf8_list);
3262 utf8_list = n;
3263 }
3264
3265 isect_list = vfr->isect_list;
3266 while (isect_list != NULL)
3267 {
3268 ref_intersection *next = isect_list->alloc_next;
3269 vfy_free (isect_list);
3270 isect_list = next;
3271 }
3272
3273 if (vfr->states != NULL)
3274 {
3275 int i;
3276 for (i = 0; i < vfr->current_method->code_length; ++i)
3277 {
3278 state_list *iter = vfr->states[i];
3279 while (iter != NULL)
3280 {
3281 state_list *next = iter->next;
3282 free_state (iter->val);
3283 vfy_free (iter->val);
3284 vfy_free (iter);
3285 iter = next;
3286 }
3287 }
3288 vfy_free (vfr->states);
3289 }
3290
3291 vfy_free (vfr);
3292 }
3293
3294 int
3295 verify_method (vfy_method *meth)
3296 {
3297 debug_print ("verify_method (%s) %i\n", vfy_string_bytes (meth->name),
3298 meth->code_length);
3299
3300 if (vfr != NULL)
3301 verify_fail ("verifier re-entered");
3302
3303 make_verifier_context (meth);
3304 verify_instructions ();
3305 free_verifier_context ();
3306 vfr = NULL;
3307
3308 return 1;
3309 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org