search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* final.c (final_scan_insn): Make non-static again.
[official-gcc.git] / libjava / verify.cc
blobf91df81cde1090475ee77bb8a23399c2c2defe5f
1 // verify.cc - verify bytecode
2
3 /* Copyright (C) 2001, 2002, 2003 Free Software Foundation
4
5 This file is part of libgcj.
6
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
9 details. */
10
11 // Written by Tom Tromey <tromey@redhat.com>
12
13 // Define VERIFY_DEBUG to enable debugging output.
14
15 #include <config.h>
16
17 #include <jvm.h>
18 #include <gcj/cni.h>
19 #include <java-insns.h>
20 #include <java-interp.h>
21
22 #ifdef INTERPRETER
23
24 #include <java/lang/Class.h>
25 #include <java/lang/VerifyError.h>
26 #include <java/lang/Throwable.h>
27 #include <java/lang/reflect/Modifier.h>
28 #include <java/lang/StringBuffer.h>
29
30 #ifdef VERIFY_DEBUG
31 #include <stdio.h>
32 #endif /* VERIFY_DEBUG */
33
34
35 static void debug_print (const char *fmt, ...)
36 __attribute__ ((format (printf, 1, 2)));
37
38 static inline void
39 debug_print (const char *fmt, ...)
40 {
41 #ifdef VERIFY_DEBUG
42 va_list ap;
43 va_start (ap, fmt);
44 vfprintf (stderr, fmt, ap);
45 va_end (ap);
46 #endif /* VERIFY_DEBUG */
47 }
48
49 class _Jv_BytecodeVerifier
50 {
51 private:
52
53 static const int FLAG_INSN_START = 1;
54 static const int FLAG_BRANCH_TARGET = 2;
55
56 struct state;
57 struct type;
58 struct subr_info;
59 struct subr_entry_info;
60 struct linked_utf8;
61 struct ref_intersection;
62
63 // The current PC.
64 int PC;
65 // The PC corresponding to the start of the current instruction.
66 int start_PC;
67
68 // The current state of the stack, locals, etc.
69 state *current_state;
70
71 // We store the state at branch targets, for merging. This holds
72 // such states.
73 state **states;
74
75 // We keep a linked list of all the PCs which we must reverify.
76 // The link is done using the PC values. This is the head of the
77 // list.
78 int next_verify_pc;
79
80 // We keep some flags for each instruction. The values are the
81 // FLAG_* constants defined above.
82 char *flags;
83
84 // We need to keep track of which instructions can call a given
85 // subroutine. FIXME: this is inefficient. We keep a linked list
86 // of all calling `jsr's at at each jsr target.
87 subr_info **jsr_ptrs;
88
89 // We keep a linked list of entries which map each `ret' instruction
90 // to its unique subroutine entry point. We expect that there won't
91 // be many `ret' instructions, so a linked list is ok.
92 subr_entry_info *entry_points;
93
94 // The bytecode itself.
95 unsigned char *bytecode;
96 // The exceptions.
97 _Jv_InterpException *exception;
98
99 // Defining class.
100 jclass current_class;
101 // This method.
102 _Jv_InterpMethod *current_method;
103
104 // A linked list of utf8 objects we allocate. This is really ugly,
105 // but without this our utf8 objects would be collected.
106 linked_utf8 *utf8_list;
107
108 // A linked list of all ref_intersection objects we allocate.
109 ref_intersection *isect_list;
110
111 struct linked_utf8
112 {
113 _Jv_Utf8Const *val;
114 linked_utf8 *next;
115 };
116
117 _Jv_Utf8Const *make_utf8_const (char *s, int len)
118 {
119 _Jv_Utf8Const *val = _Jv_makeUtf8Const (s, len);
120 _Jv_Utf8Const *r = (_Jv_Utf8Const *) _Jv_Malloc (sizeof (_Jv_Utf8Const)
121 + val->length
122 + 1);
123 r->length = val->length;
124 r->hash = val->hash;
125 memcpy (r->data, val->data, val->length + 1);
126
127 linked_utf8 *lu = (linked_utf8 *) _Jv_Malloc (sizeof (linked_utf8));
128 lu->val = r;
129 lu->next = utf8_list;
130 utf8_list = lu;
131
132 return r;
133 }
134
135 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1)
136 {
137 using namespace java::lang;
138 StringBuffer *buf = new StringBuffer ();
139
140 buf->append (JvNewStringLatin1 ("verification failed"));
141 if (pc == -1)
142 pc = start_PC;
143 if (pc != -1)
144 {
145 buf->append (JvNewStringLatin1 (" at PC "));
146 buf->append (pc);
147 }
148
149 _Jv_InterpMethod *method = current_method;
150 buf->append (JvNewStringLatin1 (" in "));
151 buf->append (current_class->getName());
152 buf->append ((jchar) ':');
153 buf->append (JvNewStringUTF (method->get_method()->name->data));
154 buf->append ((jchar) '(');
155 buf->append (JvNewStringUTF (method->get_method()->signature->data));
156 buf->append ((jchar) ')');
157
158 buf->append (JvNewStringLatin1 (": "));
159 buf->append (JvNewStringLatin1 (s));
160 throw new java::lang::VerifyError (buf->toString ());
161 }
162
163 // This enum holds a list of tags for all the different types we
164 // need to handle. Reference types are treated specially by the
165 // type class.
166 enum type_val
167 {
168 void_type,
169
170 // The values for primitive types are chosen to correspond to values
171 // specified to newarray.
172 boolean_type = 4,
173 char_type = 5,
174 float_type = 6,
175 double_type = 7,
176 byte_type = 8,
177 short_type = 9,
178 int_type = 10,
179 long_type = 11,
180
181 // Used when overwriting second word of a double or long in the
182 // local variables. Also used after merging local variable states
183 // to indicate an unusable value.
184 unsuitable_type,
185 return_address_type,
186 continuation_type,
187
188 // There is an obscure special case which requires us to note when
189 // a local variable has not been used by a subroutine. See
190 // push_jump_merge for more information.
191 unused_by_subroutine_type,
192
193 // Everything after `reference_type' must be a reference type.
194 reference_type,
195 null_type,
196 uninitialized_reference_type
197 };
198
199 // This represents a merged class type. Some verifiers (including
200 // earlier versions of this one) will compute the intersection of
201 // two class types when merging states. However, this loses
202 // critical information about interfaces implemented by the various
203 // classes. So instead we keep track of all the actual classes that
204 // have been merged.
205 struct ref_intersection
206 {
207 // Whether or not this type has been resolved.
208 bool is_resolved;
209
210 // Actual type data.
211 union
212 {
213 // For a resolved reference type, this is a pointer to the class.
214 jclass klass;
215 // For other reference types, this it the name of the class.
216 _Jv_Utf8Const *name;
217 } data;
218
219 // Link to the next reference in the intersection.
220 ref_intersection *ref_next;
221
222 // This is used to keep track of all the allocated
223 // ref_intersection objects, so we can free them.
224 // FIXME: we should allocate these in chunks.
225 ref_intersection *alloc_next;
226
227 ref_intersection (jclass klass, _Jv_BytecodeVerifier *verifier)
228 : ref_next (NULL)
229 {
230 is_resolved = true;
231 data.klass = klass;
232 alloc_next = verifier->isect_list;
233 verifier->isect_list = this;
234 }
235
236 ref_intersection (_Jv_Utf8Const *name, _Jv_BytecodeVerifier *verifier)
237 : ref_next (NULL)
238 {
239 is_resolved = false;
240 data.name = name;
241 alloc_next = verifier->isect_list;
242 verifier->isect_list = this;
243 }
244
245 ref_intersection (ref_intersection *dup, ref_intersection *tail,
246 _Jv_BytecodeVerifier *verifier)
247 : ref_next (tail)
248 {
249 is_resolved = dup->is_resolved;
250 data = dup->data;
251 alloc_next = verifier->isect_list;
252 verifier->isect_list = this;
253 }
254
255 bool equals (ref_intersection *other, _Jv_BytecodeVerifier *verifier)
256 {
257 if (! is_resolved && ! other->is_resolved
258 && _Jv_equalUtf8Consts (data.name, other->data.name))
259 return true;
260 if (! is_resolved)
261 resolve (verifier);
262 if (! other->is_resolved)
263 other->resolve (verifier);
264 return data.klass == other->data.klass;
265 }
266
267 // Merge THIS type into OTHER, returning the result. This will
268 // return OTHER if all the classes in THIS already appear in
269 // OTHER.
270 ref_intersection *merge (ref_intersection *other,
271 _Jv_BytecodeVerifier *verifier)
272 {
273 ref_intersection *tail = other;
274 for (ref_intersection *self = this; self != NULL; self = self->ref_next)
275 {
276 bool add = true;
277 for (ref_intersection *iter = other; iter != NULL;
278 iter = iter->ref_next)
279 {
280 if (iter->equals (self, verifier))
281 {
282 add = false;
283 break;
284 }
285 }
286
287 if (add)
288 tail = new ref_intersection (self, tail, verifier);
289 }
290 return tail;
291 }
292
293 void resolve (_Jv_BytecodeVerifier *verifier)
294 {
295 if (is_resolved)
296 return;
297
298 using namespace java::lang;
299 java::lang::ClassLoader *loader
300 = verifier->current_class->getClassLoaderInternal();
301 // We might see either kind of name. Sigh.
302 if (data.name->data[0] == 'L'
303 && data.name->data[data.name->length - 1] == ';')
304 data.klass = _Jv_FindClassFromSignature (data.name->data, loader);
305 else
306 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
307 false, loader);
308 is_resolved = true;
309 }
310
311 // See if an object of type OTHER can be assigned to an object of
312 // type *THIS. This might resolve classes in one chain or the
313 // other.
314 bool compatible (ref_intersection *other,
315 _Jv_BytecodeVerifier *verifier)
316 {
317 ref_intersection *self = this;
318
319 for (; self != NULL; self = self->ref_next)
320 {
321 ref_intersection *other_iter = other;
322
323 for (; other_iter != NULL; other_iter = other_iter->ref_next)
324 {
325 // Avoid resolving if possible.
326 if (! self->is_resolved
327 && ! other_iter->is_resolved
328 && _Jv_equalUtf8Consts (self->data.name,
329 other_iter->data.name))
330 continue;
331
332 if (! self->is_resolved)
333 self->resolve(verifier);
334 if (! other_iter->is_resolved)
335 other_iter->resolve(verifier);
336
337 if (! is_assignable_from_slow (self->data.klass,
338 other_iter->data.klass))
339 return false;
340 }
341 }
342
343 return true;
344 }
345
346 bool isarray ()
347 {
348 // assert (ref_next == NULL);
349 if (is_resolved)
350 return data.klass->isArray ();
351 else
352 return data.name->data[0] == '[';
353 }
354
355 bool isinterface (_Jv_BytecodeVerifier *verifier)
356 {
357 // assert (ref_next == NULL);
358 if (! is_resolved)
359 resolve (verifier);
360 return data.klass->isInterface ();
361 }
362
363 bool isabstract (_Jv_BytecodeVerifier *verifier)
364 {
365 // assert (ref_next == NULL);
366 if (! is_resolved)
367 resolve (verifier);
368 using namespace java::lang::reflect;
369 return Modifier::isAbstract (data.klass->getModifiers ());
370 }
371
372 jclass getclass (_Jv_BytecodeVerifier *verifier)
373 {
374 if (! is_resolved)
375 resolve (verifier);
376 return data.klass;
377 }
378
379 int count_dimensions ()
380 {
381 int ndims = 0;
382 if (is_resolved)
383 {
384 jclass k = data.klass;
385 while (k->isArray ())
386 {
387 k = k->getComponentType ();
388 ++ndims;
389 }
390 }
391 else
392 {
393 char *p = data.name->data;
394 while (*p++ == '[')
395 ++ndims;
396 }
397 return ndims;
398 }
399
400 void *operator new (size_t bytes)
401 {
402 return _Jv_Malloc (bytes);
403 }
404
405 void operator delete (void *mem)
406 {
407 _Jv_Free (mem);
408 }
409 };
410
411 // Return the type_val corresponding to a primitive signature
412 // character. For instance `I' returns `int.class'.
413 type_val get_type_val_for_signature (jchar sig)
414 {
415 type_val rt;
416 switch (sig)
417 {
418 case 'Z':
419 rt = boolean_type;
420 break;
421 case 'B':
422 rt = byte_type;
423 break;
424 case 'C':
425 rt = char_type;
426 break;
427 case 'S':
428 rt = short_type;
429 break;
430 case 'I':
431 rt = int_type;
432 break;
433 case 'J':
434 rt = long_type;
435 break;
436 case 'F':
437 rt = float_type;
438 break;
439 case 'D':
440 rt = double_type;
441 break;
442 case 'V':
443 rt = void_type;
444 break;
445 default:
446 verify_fail ("invalid signature");
447 }
448 return rt;
449 }
450
451 // Return the type_val corresponding to a primitive class.
452 type_val get_type_val_for_signature (jclass k)
453 {
454 return get_type_val_for_signature ((jchar) k->method_count);
455 }
456
457 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
458 // TARGET haven't been prepared.
459 static bool is_assignable_from_slow (jclass target, jclass source)
460 {
461 // First, strip arrays.
462 while (target->isArray ())
463 {
464 // If target is array, source must be as well.
465 if (! source->isArray ())
466 return false;
467 target = target->getComponentType ();
468 source = source->getComponentType ();
469 }
470
471 // Quick success.
472 if (target == &java::lang::Object::class$)
473 return true;
474
475 do
476 {
477 if (source == target)
478 return true;
479
480 if (target->isPrimitive () || source->isPrimitive ())
481 return false;
482
483 if (target->isInterface ())
484 {
485 for (int i = 0; i < source->interface_count; ++i)
486 {
487 // We use a recursive call because we also need to
488 // check superinterfaces.
489 if (is_assignable_from_slow (target, source->interfaces[i]))
490 return true;
491 }
492 }
493 source = source->getSuperclass ();
494 }
495 while (source != NULL);
496
497 return false;
498 }
499
500 // This is used to keep track of which `jsr's correspond to a given
501 // jsr target.
502 struct subr_info
503 {
504 // PC of the instruction just after the jsr.
505 int pc;
506 // Link.
507 subr_info *next;
508 };
509
510 // This is used to keep track of which subroutine entry point
511 // corresponds to which `ret' instruction.
512 struct subr_entry_info
513 {
514 // PC of the subroutine entry point.
515 int pc;
516 // PC of the `ret' instruction.
517 int ret_pc;
518 // Link.
519 subr_entry_info *next;
520 };
521
522 // The `type' class is used to represent a single type in the
523 // verifier.
524 struct type
525 {
526 // The type key.
527 type_val key;
528
529 // For reference types, the representation of the type.
530 ref_intersection *klass;
531
532 // This is used when constructing a new object. It is the PC of the
533 // `new' instruction which created the object. We use the special
534 // value -2 to mean that this is uninitialized, and the special
535 // value -1 for the case where the current method is itself the
536 // <init> method.
537 int pc;
538
539 static const int UNINIT = -2;
540 static const int SELF = -1;
541
542 // Basic constructor.
543 type ()
544 {
545 key = unsuitable_type;
546 klass = NULL;
547 pc = UNINIT;
548 }
549
550 // Make a new instance given the type tag. We assume a generic
551 // `reference_type' means Object.
552 type (type_val k)
553 {
554 key = k;
555 // For reference_type, if KLASS==NULL then that means we are
556 // looking for a generic object of any kind, including an
557 // uninitialized reference.
558 klass = NULL;
559 pc = UNINIT;
560 }
561
562 // Make a new instance given a class.
563 type (jclass k, _Jv_BytecodeVerifier *verifier)
564 {
565 key = reference_type;
566 klass = new ref_intersection (k, verifier);
567 pc = UNINIT;
568 }
569
570 // Make a new instance given the name of a class.
571 type (_Jv_Utf8Const *n, _Jv_BytecodeVerifier *verifier)
572 {
573 key = reference_type;
574 klass = new ref_intersection (n, verifier);
575 pc = UNINIT;
576 }
577
578 // Copy constructor.
579 type (const type &t)
580 {
581 key = t.key;
582 klass = t.klass;
583 pc = t.pc;
584 }
585
586 // These operators are required because libgcj can't link in
587 // -lstdc++.
588 void *operator new[] (size_t bytes)
589 {
590 return _Jv_Malloc (bytes);
591 }
592
593 void operator delete[] (void *mem)
594 {
595 _Jv_Free (mem);
596 }
597
598 type& operator= (type_val k)
599 {
600 key = k;
601 klass = NULL;
602 pc = UNINIT;
603 return *this;
604 }
605
606 type& operator= (const type& t)
607 {
608 key = t.key;
609 klass = t.klass;
610 pc = t.pc;
611 return *this;
612 }
613
614 // Promote a numeric type.
615 type &promote ()
616 {
617 if (key == boolean_type || key == char_type
618 || key == byte_type || key == short_type)
619 key = int_type;
620 return *this;
621 }
622
623 // Mark this type as the uninitialized result of `new'.
624 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier)
625 {
626 if (key == reference_type)
627 key = uninitialized_reference_type;
628 else
629 verifier->verify_fail ("internal error in type::uninitialized");
630 pc = npc;
631 }
632
633 // Mark this type as now initialized.
634 void set_initialized (int npc)
635 {
636 if (npc != UNINIT && pc == npc && key == uninitialized_reference_type)
637 {
638 key = reference_type;
639 pc = UNINIT;
640 }
641 }
642
643
644 // Return true if an object of type K can be assigned to a variable
645 // of type *THIS. Handle various special cases too. Might modify
646 // *THIS or K. Note however that this does not perform numeric
647 // promotion.
648 bool compatible (type &k, _Jv_BytecodeVerifier *verifier)
649 {
650 // Any type is compatible with the unsuitable type.
651 if (key == unsuitable_type)
652 return true;
653
654 if (key < reference_type || k.key < reference_type)
655 return key == k.key;
656
657 // The `null' type is convertible to any initialized reference
658 // type.
659 if (key == null_type)
660 return k.key != uninitialized_reference_type;
661 if (k.key == null_type)
662 return key != uninitialized_reference_type;
663
664 // A special case for a generic reference.
665 if (klass == NULL)
666 return true;
667 if (k.klass == NULL)
668 verifier->verify_fail ("programmer error in type::compatible");
669
670 // An initialized type and an uninitialized type are not
671 // compatible.
672 if (isinitialized () != k.isinitialized ())
673 return false;
674
675 // Two uninitialized objects are compatible if either:
676 // * The PCs are identical, or
677 // * One PC is UNINIT.
678 if (! isinitialized ())
679 {
680 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
681 return false;
682 }
683
684 return klass->compatible(k.klass, verifier);
685 }
686
687 bool isvoid () const
688 {
689 return key == void_type;
690 }
691
692 bool iswide () const
693 {
694 return key == long_type || key == double_type;
695 }
696
697 // Return number of stack or local variable slots taken by this
698 // type.
699 int depth () const
700 {
701 return iswide () ? 2 : 1;
702 }
703
704 bool isarray () const
705 {
706 // We treat null_type as not an array. This is ok based on the
707 // current uses of this method.
708 if (key == reference_type)
709 return klass->isarray ();
710 return false;
711 }
712
713 bool isnull () const
714 {
715 return key == null_type;
716 }
717
718 bool isinterface (_Jv_BytecodeVerifier *verifier)
719 {
720 if (key != reference_type)
721 return false;
722 return klass->isinterface (verifier);
723 }
724
725 bool isabstract (_Jv_BytecodeVerifier *verifier)
726 {
727 if (key != reference_type)
728 return false;
729 return klass->isabstract (verifier);
730 }
731
732 // Return the element type of an array.
733 type element_type (_Jv_BytecodeVerifier *verifier)
734 {
735 if (key != reference_type)
736 verifier->verify_fail ("programmer error in type::element_type()", -1);
737
738 jclass k = klass->getclass (verifier)->getComponentType ();
739 if (k->isPrimitive ())
740 return type (verifier->get_type_val_for_signature (k));
741 return type (k, verifier);
742 }
743
744 // Return the array type corresponding to an initialized
745 // reference. We could expand this to work for other kinds of
746 // types, but currently we don't need to.
747 type to_array (_Jv_BytecodeVerifier *verifier)
748 {
749 if (key != reference_type)
750 verifier->verify_fail ("internal error in type::to_array()");
751
752 jclass k = klass->getclass (verifier);
753 return type (_Jv_GetArrayClass (k, k->getClassLoaderInternal()),
754 verifier);
755 }
756
757 bool isreference () const
758 {
759 return key >= reference_type;
760 }
761
762 int get_pc () const
763 {
764 return pc;
765 }
766
767 bool isinitialized () const
768 {
769 return key == reference_type || key == null_type;
770 }
771
772 bool isresolved () const
773 {
774 return (key == reference_type
775 || key == null_type
776 || key == uninitialized_reference_type);
777 }
778
779 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier)
780 {
781 // The way this is written, we don't need to check isarray().
782 if (key != reference_type)
783 verifier->verify_fail ("internal error in verify_dimensions: not a reference type");
784
785 if (klass->count_dimensions () < ndims)
786 verifier->verify_fail ("array type has fewer dimensions than required");
787 }
788
789 // Merge OLD_TYPE into this. On error throw exception.
790 bool merge (type& old_type, bool local_semantics,
791 _Jv_BytecodeVerifier *verifier)
792 {
793 bool changed = false;
794 bool refo = old_type.isreference ();
795 bool refn = isreference ();
796 if (refo && refn)
797 {
798 if (old_type.key == null_type)
799 ;
800 else if (key == null_type)
801 {
802 *this = old_type;
803 changed = true;
804 }
805 else if (isinitialized () != old_type.isinitialized ())
806 verifier->verify_fail ("merging initialized and uninitialized types");
807 else
808 {
809 if (! isinitialized ())
810 {
811 if (pc == UNINIT)
812 pc = old_type.pc;
813 else if (old_type.pc == UNINIT)
814 ;
815 else if (pc != old_type.pc)
816 verifier->verify_fail ("merging different uninitialized types");
817 }
818
819 ref_intersection *merged = old_type.klass->merge (klass,
820 verifier);
821 if (merged != klass)
822 {
823 klass = merged;
824 changed = true;
825 }
826 }
827 }
828 else if (refo || refn || key != old_type.key)
829 {
830 if (local_semantics)
831 {
832 // If we're merging into an "unused" slot, then we
833 // simply accept whatever we're merging from.
834 if (key == unused_by_subroutine_type)
835 {
836 *this = old_type;
837 changed = true;
838 }
839 else if (old_type.key == unused_by_subroutine_type)
840 {
841 // Do nothing.
842 }
843 // If we already have an `unsuitable' type, then we
844 // don't need to change again.
845 else if (key != unsuitable_type)
846 {
847 key = unsuitable_type;
848 changed = true;
849 }
850 }
851 else
852 verifier->verify_fail ("unmergeable type");
853 }
854 return changed;
855 }
856
857 #ifdef VERIFY_DEBUG
858 void print (void) const
859 {
860 char c = '?';
861 switch (key)
862 {
863 case boolean_type: c = 'Z'; break;
864 case byte_type: c = 'B'; break;
865 case char_type: c = 'C'; break;
866 case short_type: c = 'S'; break;
867 case int_type: c = 'I'; break;
868 case long_type: c = 'J'; break;
869 case float_type: c = 'F'; break;
870 case double_type: c = 'D'; break;
871 case void_type: c = 'V'; break;
872 case unsuitable_type: c = '-'; break;
873 case return_address_type: c = 'r'; break;
874 case continuation_type: c = '+'; break;
875 case unused_by_subroutine_type: c = '_'; break;
876 case reference_type: c = 'L'; break;
877 case null_type: c = '@'; break;
878 case uninitialized_reference_type: c = 'U'; break;
879 }
880 debug_print ("%c", c);
881 }
882 #endif /* VERIFY_DEBUG */
883 };
884
885 // This class holds all the state information we need for a given
886 // location.
887 struct state
888 {
889 // The current top of the stack, in terms of slots.
890 int stacktop;
891 // The current depth of the stack. This will be larger than
892 // STACKTOP when wide types are on the stack.
893 int stackdepth;
894 // The stack.
895 type *stack;
896 // The local variables.
897 type *locals;
898 // Flags are used in subroutines to keep track of which local
899 // variables have been accessed. They are also used after
900 char *flags;
901 // If not 0, then we are in a subroutine. The value is the PC of
902 // the subroutine's entry point. We can use 0 as an exceptional
903 // value because PC=0 can never be a subroutine.
904 int subroutine;
905 // This is used to keep a linked list of all the states which
906 // require re-verification. We use the PC to keep track.
907 int next;
908 // We keep track of the type of `this' specially. This is used to
909 // ensure that an instance initializer invokes another initializer
910 // on `this' before returning. We must keep track of this
911 // specially because otherwise we might be confused by code which
912 // assigns to locals[0] (overwriting `this') and then returns
913 // without really initializing.
914 type this_type;
915 // This is a list of all subroutines that have been seen at this
916 // point. Ordinarily this is NULL; it is only allocated and used
917 // in relatively weird situations involving non-ret exit from a
918 // subroutine. We have to keep track of this in this way to avoid
919 // endless recursion in these cases.
920 subr_info *seen_subrs;
921
922 // INVALID marks a state which is not on the linked list of states
923 // requiring reverification.
924 static const int INVALID = -1;
925 // NO_NEXT marks the state at the end of the reverification list.
926 static const int NO_NEXT = -2;
927
928 // This is used to mark the stack depth at the instruction just
929 // after a `jsr' when we haven't yet processed the corresponding
930 // `ret'. See handle_jsr_insn for more information.
931 static const int NO_STACK = -1;
932
933 // This flag indicates that the local was changed in this
934 // subroutine.
935 static const int FLAG_CHANGED = 1;
936 // This is set only on the flags of the state of an instruction
937 // directly following a "jsr". It indicates that the local
938 // variable was changed by the subroutine corresponding to the
939 // "jsr".
940 static const int FLAG_USED = 2;
941
942 state ()
943 : this_type ()
944 {
945 stack = NULL;
946 locals = NULL;
947 flags = NULL;
948 seen_subrs = NULL;
949 }
950
951 state (int max_stack, int max_locals)
952 : this_type ()
953 {
954 stacktop = 0;
955 stackdepth = 0;
956 stack = new type[max_stack];
957 for (int i = 0; i < max_stack; ++i)
958 stack[i] = unsuitable_type;
959 locals = new type[max_locals];
960 flags = (char *) _Jv_Malloc (sizeof (char) * max_locals);
961 seen_subrs = NULL;
962 for (int i = 0; i < max_locals; ++i)
963 {
964 locals[i] = unsuitable_type;
965 flags[i] = 0;
966 }
967 next = INVALID;
968 subroutine = 0;
969 }
970
971 state (const state *orig, int max_stack, int max_locals,
972 bool ret_semantics = false)
973 {
974 stack = new type[max_stack];
975 locals = new type[max_locals];
976 flags = (char *) _Jv_Malloc (sizeof (char) * max_locals);
977 seen_subrs = NULL;
978 copy (orig, max_stack, max_locals, ret_semantics);
979 next = INVALID;
980 }
981
982 ~state ()
983 {
984 if (stack)
985 delete[] stack;
986 if (locals)
987 delete[] locals;
988 if (flags)
989 _Jv_Free (flags);
990 clean_subrs ();
991 }
992
993 void *operator new[] (size_t bytes)
994 {
995 return _Jv_Malloc (bytes);
996 }
997
998 void operator delete[] (void *mem)
999 {
1000 _Jv_Free (mem);
1001 }
1002
1003 void *operator new (size_t bytes)
1004 {
1005 return _Jv_Malloc (bytes);
1006 }
1007
1008 void operator delete (void *mem)
1009 {
1010 _Jv_Free (mem);
1011 }
1012
1013 void clean_subrs ()
1014 {
1015 subr_info *info = seen_subrs;
1016 while (info != NULL)
1017 {
1018 subr_info *next = info->next;
1019 _Jv_Free (info);
1020 info = next;
1021 }
1022 seen_subrs = NULL;
1023 }
1024
1025 void copy (const state *copy, int max_stack, int max_locals,
1026 bool ret_semantics = false)
1027 {
1028 stacktop = copy->stacktop;
1029 stackdepth = copy->stackdepth;
1030 subroutine = copy->subroutine;
1031 for (int i = 0; i < max_stack; ++i)
1032 stack[i] = copy->stack[i];
1033 for (int i = 0; i < max_locals; ++i)
1034 {
1035 // See push_jump_merge to understand this case.
1036 if (ret_semantics)
1037 {
1038 if ((copy->flags[i] & FLAG_CHANGED))
1039 {
1040 // Changed in the subroutine, so we copy it here.
1041 locals[i] = copy->locals[i];
1042 flags[i] |= FLAG_USED;
1043 }
1044 else
1045 {
1046 // Not changed in the subroutine. Use a special
1047 // type so the coming merge will overwrite.
1048 locals[i] = type (unused_by_subroutine_type);
1049 }
1050 }
1051 else
1052 locals[i] = copy->locals[i];
1053
1054 // Clear the flag unconditionally just so printouts look ok,
1055 // then only set it if we're still in a subroutine and it
1056 // did in fact change.
1057 flags[i] &= ~FLAG_CHANGED;
1058 if (subroutine && (copy->flags[i] & FLAG_CHANGED) != 0)
1059 flags[i] |= FLAG_CHANGED;
1060 }
1061
1062 clean_subrs ();
1063 if (copy->seen_subrs)
1064 {
1065 for (subr_info *info = copy->seen_subrs;
1066 info != NULL; info = info->next)
1067 add_subr (info->pc);
1068 }
1069
1070 this_type = copy->this_type;
1071 // Don't modify `next'.
1072 }
1073
1074 // Modify this state to reflect entry to an exception handler.
1075 void set_exception (type t, int max_stack)
1076 {
1077 stackdepth = 1;
1078 stacktop = 1;
1079 stack[0] = t;
1080 for (int i = stacktop; i < max_stack; ++i)
1081 stack[i] = unsuitable_type;
1082 }
1083
1084 // Modify this state to reflect entry into a subroutine.
1085 void enter_subroutine (int npc, int max_locals)
1086 {
1087 subroutine = npc;
1088 // Mark all items as unchanged. Each subroutine needs to keep
1089 // track of its `changed' state independently. In the case of
1090 // nested subroutines, this information will be merged back into
1091 // parent by the `ret'.
1092 for (int i = 0; i < max_locals; ++i)
1093 flags[i] &= ~FLAG_CHANGED;
1094 }
1095
1096 // Indicate that we've been in this this subroutine.
1097 void add_subr (int pc)
1098 {
1099 subr_info *n = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1100 n->pc = pc;
1101 n->next = seen_subrs;
1102 seen_subrs = n;
1103 }
1104
1105 // Merge STATE_OLD into this state. Destructively modifies this
1106 // state. Returns true if the new state was in fact changed.
1107 // Will throw an exception if the states are not mergeable.
1108 bool merge (state *state_old, bool ret_semantics,
1109 int max_locals, _Jv_BytecodeVerifier *verifier,
1110 bool jsr_semantics = false)
1111 {
1112 bool changed = false;
1113
1114 // Special handling for `this'. If one or the other is
1115 // uninitialized, then the merge is uninitialized.
1116 if (this_type.isinitialized ())
1117 this_type = state_old->this_type;
1118
1119 // Merge subroutine states. Here we just keep track of what
1120 // subroutine we think we're in. We only check for a merge
1121 // (which is invalid) when we see a `ret'.
1122 if (subroutine == state_old->subroutine)
1123 {
1124 // Nothing.
1125 }
1126 else if (subroutine == 0)
1127 {
1128 subroutine = state_old->subroutine;
1129 changed = true;
1130 }
1131 else
1132 {
1133 // If the subroutines differ, and we haven't seen this
1134 // subroutine before, indicate that the state changed. This
1135 // is needed to detect when subroutines have merged.
1136 bool found = false;
1137 for (subr_info *info = seen_subrs; info != NULL; info = info->next)
1138 {
1139 if (info->pc == state_old->subroutine)
1140 {
1141 found = true;
1142 break;
1143 }
1144 }
1145 if (! found)
1146 {
1147 add_subr (state_old->subroutine);
1148 changed = true;
1149 }
1150 }
1151
1152 // Merge stacks, including special handling for NO_STACK case.
1153 // If the destination is NO_STACK, this means it is the
1154 // instruction following a "jsr" and has not yet been processed
1155 // in any way. In this situation, if we are currently
1156 // processing a "ret", then we must *copy* any locals changed in
1157 // the subroutine into the current state. Merging in this
1158 // situation is incorrect because the locals we've noted didn't
1159 // come real program flow, they are just an artifact of how
1160 // we've chosen to handle the post-jsr state.
1161 bool copy_in_locals = ret_semantics && stacktop == NO_STACK;
1162
1163 if (state_old->stacktop == NO_STACK)
1164 {
1165 // This can happen if we're doing a pass-through jsr merge.
1166 // Here we can just ignore the stack.
1167 }
1168 else if (stacktop == NO_STACK)
1169 {
1170 stacktop = state_old->stacktop;
1171 stackdepth = state_old->stackdepth;
1172 for (int i = 0; i < stacktop; ++i)
1173 stack[i] = state_old->stack[i];
1174 changed = true;
1175 }
1176 else if (state_old->stacktop != stacktop)
1177 verifier->verify_fail ("stack sizes differ");
1178 else
1179 {
1180 for (int i = 0; i < state_old->stacktop; ++i)
1181 {
1182 if (stack[i].merge (state_old->stack[i], false, verifier))
1183 changed = true;
1184 }
1185 }
1186
1187 // Merge local variables.
1188 for (int i = 0; i < max_locals; ++i)
1189 {
1190 // If we're not processing a `ret', then we merge every
1191 // local variable. If we are processing a `ret', then we
1192 // only merge locals which changed in the subroutine. When
1193 // processing a `ret', STATE_OLD is the state at the point
1194 // of the `ret', and THIS is the state just after the `jsr'.
1195 // See comment above for explanation of COPY_IN_LOCALS.
1196 if (copy_in_locals)
1197 {
1198 if ((state_old->flags[i] & FLAG_CHANGED) != 0)
1199 {
1200 locals[i] = state_old->locals[i];
1201 changed = true;
1202 // There's no point in calling note_variable here,
1203 // since we call it under the same condition before
1204 // the loop ends.
1205 }
1206 }
1207 else if (jsr_semantics && (flags[i] & FLAG_USED) != 0)
1208 {
1209 // We are processing the "pass-through" part of a jsr
1210 // statement. In this particular case, the local was
1211 // changed by the subroutine. So, we have no work to
1212 // do, as the pre-jsr value does not survive the
1213 // subroutine call.
1214 }
1215 else if (! ret_semantics
1216 || (state_old->flags[i] & FLAG_CHANGED) != 0)
1217 {
1218 // If we have ordinary (not ret) semantics, then we have
1219 // merging flow control, so we merge types. Or, we have
1220 // jsr pass-through semantics and the type survives the
1221 // subroutine (see above), so again we merge. Or,
1222 // finally, we have ret semantics and this value did
1223 // change, in which case we merge the change from the
1224 // subroutine into the post-jsr instruction.
1225 if (locals[i].merge (state_old->locals[i], true, verifier))
1226 {
1227 // Note that we don't call `note_variable' here.
1228 // This change doesn't represent a real change to a
1229 // local, but rather a merge artifact. If we're in
1230 // a subroutine which is called with two
1231 // incompatible types in a slot that is unused by
1232 // the subroutine, then we don't want to mark that
1233 // variable as having been modified.
1234 changed = true;
1235 }
1236 }
1237
1238 // If we're in a subroutine, we must compute the union of
1239 // all the changed local variables.
1240 if ((state_old->flags[i] & FLAG_CHANGED) != 0)
1241 note_variable (i);
1242
1243 // If we're returning from a subroutine, we must mark the
1244 // post-jsr instruction with information about what changed,
1245 // so that future "pass-through" jsr merges work correctly.
1246 if (ret_semantics && (state_old->flags[i] & FLAG_CHANGED) != 0)
1247 flags[i] |= FLAG_USED;
1248 }
1249
1250 return changed;
1251 }
1252
1253 // Throw an exception if there is an uninitialized object on the
1254 // stack or in a local variable. EXCEPTION_SEMANTICS controls
1255 // whether we're using backwards-branch or exception-handing
1256 // semantics.
1257 void check_no_uninitialized_objects (int max_locals,
1258 _Jv_BytecodeVerifier *verifier,
1259 bool exception_semantics = false)
1260 {
1261 if (! exception_semantics)
1262 {
1263 for (int i = 0; i < stacktop; ++i)
1264 if (stack[i].isreference () && ! stack[i].isinitialized ())
1265 verifier->verify_fail ("uninitialized object on stack");
1266 }
1267
1268 for (int i = 0; i < max_locals; ++i)
1269 if (locals[i].isreference () && ! locals[i].isinitialized ())
1270 verifier->verify_fail ("uninitialized object in local variable");
1271
1272 check_this_initialized (verifier);
1273 }
1274
1275 // Ensure that `this' has been initialized.
1276 void check_this_initialized (_Jv_BytecodeVerifier *verifier)
1277 {
1278 if (this_type.isreference () && ! this_type.isinitialized ())
1279 verifier->verify_fail ("`this' is uninitialized");
1280 }
1281
1282 // Set type of `this'.
1283 void set_this_type (const type &k)
1284 {
1285 this_type = k;
1286 }
1287
1288 // Note that a local variable was modified.
1289 void note_variable (int index)
1290 {
1291 if (subroutine > 0)
1292 flags[index] |= FLAG_CHANGED;
1293 }
1294
1295 // Mark each `new'd object we know of that was allocated at PC as
1296 // initialized.
1297 void set_initialized (int pc, int max_locals)
1298 {
1299 for (int i = 0; i < stacktop; ++i)
1300 stack[i].set_initialized (pc);
1301 for (int i = 0; i < max_locals; ++i)
1302 locals[i].set_initialized (pc);
1303 this_type.set_initialized (pc);
1304 }
1305
1306 // Return true if this state is the unmerged result of a `ret'.
1307 bool is_unmerged_ret_state (int max_locals) const
1308 {
1309 if (stacktop == NO_STACK)
1310 return true;
1311 for (int i = 0; i < max_locals; ++i)
1312 {
1313 if (locals[i].key == unused_by_subroutine_type)
1314 return true;
1315 }
1316 return false;
1317 }
1318
1319 #ifdef VERIFY_DEBUG
1320 void print (const char *leader, int pc,
1321 int max_stack, int max_locals) const
1322 {
1323 debug_print ("%s [%4d]: [stack] ", leader, pc);
1324 int i;
1325 for (i = 0; i < stacktop; ++i)
1326 stack[i].print ();
1327 for (; i < max_stack; ++i)
1328 debug_print (".");
1329 debug_print (" [local] ");
1330 for (i = 0; i < max_locals; ++i)
1331 {
1332 locals[i].print ();
1333 if ((flags[i] & FLAG_USED) != 0)
1334 debug_print ((flags[i] & FLAG_CHANGED) ? ">" : "<");
1335 else
1336 debug_print ((flags[i] & FLAG_CHANGED) ? "+" : " ");
1337 }
1338 if (subroutine == 0)
1339 debug_print (" | None");
1340 else
1341 debug_print (" | %4d", subroutine);
1342 debug_print (" | %p\n", this);
1343 }
1344 #else
1345 inline void print (const char *, int, int, int) const
1346 {
1347 }
1348 #endif /* VERIFY_DEBUG */
1349 };
1350
1351 type pop_raw ()
1352 {
1353 if (current_state->stacktop <= 0)
1354 verify_fail ("stack empty");
1355 type r = current_state->stack[--current_state->stacktop];
1356 current_state->stackdepth -= r.depth ();
1357 if (current_state->stackdepth < 0)
1358 verify_fail ("stack empty", start_PC);
1359 return r;
1360 }
1361
1362 type pop32 ()
1363 {
1364 type r = pop_raw ();
1365 if (r.iswide ())
1366 verify_fail ("narrow pop of wide type");
1367 return r;
1368 }
1369
1370 type pop_type (type match)
1371 {
1372 match.promote ();
1373 type t = pop_raw ();
1374 if (! match.compatible (t, this))
1375 verify_fail ("incompatible type on stack");
1376 return t;
1377 }
1378
1379 // Pop a reference which is guaranteed to be initialized. MATCH
1380 // doesn't have to be a reference type; in this case this acts like
1381 // pop_type.
1382 type pop_init_ref (type match)
1383 {
1384 type t = pop_raw ();
1385 if (t.isreference () && ! t.isinitialized ())
1386 verify_fail ("initialized reference required");
1387 else if (! match.compatible (t, this))
1388 verify_fail ("incompatible type on stack");
1389 return t;
1390 }
1391
1392 // Pop a reference type or a return address.
1393 type pop_ref_or_return ()
1394 {
1395 type t = pop_raw ();
1396 if (! t.isreference () && t.key != return_address_type)
1397 verify_fail ("expected reference or return address on stack");
1398 return t;
1399 }
1400
1401 void push_type (type t)
1402 {
1403 // If T is a numeric type like short, promote it to int.
1404 t.promote ();
1405
1406 int depth = t.depth ();
1407 if (current_state->stackdepth + depth > current_method->max_stack)
1408 verify_fail ("stack overflow");
1409 current_state->stack[current_state->stacktop++] = t;
1410 current_state->stackdepth += depth;
1411 }
1412
1413 void set_variable (int index, type t)
1414 {
1415 // If T is a numeric type like short, promote it to int.
1416 t.promote ();
1417
1418 int depth = t.depth ();
1419 if (index > current_method->max_locals - depth)
1420 verify_fail ("invalid local variable");
1421 current_state->locals[index] = t;
1422 current_state->note_variable (index);
1423
1424 if (depth == 2)
1425 {
1426 current_state->locals[index + 1] = continuation_type;
1427 current_state->note_variable (index + 1);
1428 }
1429 if (index > 0 && current_state->locals[index - 1].iswide ())
1430 {
1431 current_state->locals[index - 1] = unsuitable_type;
1432 // There's no need to call note_variable here.
1433 }
1434 }
1435
1436 type get_variable (int index, type t)
1437 {
1438 int depth = t.depth ();
1439 if (index > current_method->max_locals - depth)
1440 verify_fail ("invalid local variable");
1441 if (! t.compatible (current_state->locals[index], this))
1442 verify_fail ("incompatible type in local variable");
1443 if (depth == 2)
1444 {
1445 type t (continuation_type);
1446 if (! current_state->locals[index + 1].compatible (t, this))
1447 verify_fail ("invalid local variable");
1448 }
1449 return current_state->locals[index];
1450 }
1451
1452 // Make sure ARRAY is an array type and that its elements are
1453 // compatible with type ELEMENT. Returns the actual element type.
1454 type require_array_type (type array, type element)
1455 {
1456 // An odd case. Here we just pretend that everything went ok. If
1457 // the requested element type is some kind of reference, return
1458 // the null type instead.
1459 if (array.isnull ())
1460 return element.isreference () ? type (null_type) : element;
1461
1462 if (! array.isarray ())
1463 verify_fail ("array required");
1464
1465 type t = array.element_type (this);
1466 if (! element.compatible (t, this))
1467 {
1468 // Special case for byte arrays, which must also be boolean
1469 // arrays.
1470 bool ok = true;
1471 if (element.key == byte_type)
1472 {
1473 type e2 (boolean_type);
1474 ok = e2.compatible (t, this);
1475 }
1476 if (! ok)
1477 verify_fail ("incompatible array element type");
1478 }
1479
1480 // Return T and not ELEMENT, because T might be specialized.
1481 return t;
1482 }
1483
1484 jint get_byte ()
1485 {
1486 if (PC >= current_method->code_length)
1487 verify_fail ("premature end of bytecode");
1488 return (jint) bytecode[PC++] & 0xff;
1489 }
1490
1491 jint get_ushort ()
1492 {
1493 jint b1 = get_byte ();
1494 jint b2 = get_byte ();
1495 return (jint) ((b1 << 8) | b2) & 0xffff;
1496 }
1497
1498 jint get_short ()
1499 {
1500 jint b1 = get_byte ();
1501 jint b2 = get_byte ();
1502 jshort s = (b1 << 8) | b2;
1503 return (jint) s;
1504 }
1505
1506 jint get_int ()
1507 {
1508 jint b1 = get_byte ();
1509 jint b2 = get_byte ();
1510 jint b3 = get_byte ();
1511 jint b4 = get_byte ();
1512 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1513 }
1514
1515 int compute_jump (int offset)
1516 {
1517 int npc = start_PC + offset;
1518 if (npc < 0 || npc >= current_method->code_length)
1519 verify_fail ("branch out of range", start_PC);
1520 return npc;
1521 }
1522
1523 // Merge the indicated state into the state at the branch target and
1524 // schedule a new PC if there is a change. If RET_SEMANTICS is
1525 // true, then we are merging from a `ret' instruction into the
1526 // instruction after a `jsr'. This is a special case with its own
1527 // modified semantics. If JSR_SEMANTICS is true, then we're merging
1528 // some type information from a "jsr" instruction to the immediately
1529 // following instruction. In this situation we have to be careful
1530 // not to merge local variables whose values are modified by the
1531 // subroutine we're about to call.
1532 void push_jump_merge (int npc, state *nstate,
1533 bool ret_semantics = false,
1534 bool jsr_semantics = false)
1535 {
1536 bool changed = true;
1537 if (states[npc] == NULL)
1538 {
1539 // There's a weird situation here. If are examining the
1540 // branch that results from a `ret', and there is not yet a
1541 // state available at the branch target (the instruction just
1542 // after the `jsr'), then we have to construct a special kind
1543 // of state at that point for future merging. This special
1544 // state has the type `unused_by_subroutine_type' in each slot
1545 // which was not modified by the subroutine.
1546 states[npc] = new state (nstate, current_method->max_stack,
1547 current_method->max_locals, ret_semantics);
1548 debug_print ("== New state in push_jump_merge (ret_semantics = %s)\n",
1549 ret_semantics ? "true" : "false");
1550 states[npc]->print ("New", npc, current_method->max_stack,
1551 current_method->max_locals);
1552 }
1553 else
1554 {
1555 debug_print ("== Merge states in push_jump_merge\n");
1556 nstate->print ("Frm", start_PC, current_method->max_stack,
1557 current_method->max_locals);
1558 states[npc]->print (" To", npc, current_method->max_stack,
1559 current_method->max_locals);
1560 changed = states[npc]->merge (nstate, ret_semantics,
1561 current_method->max_locals, this,
1562 jsr_semantics);
1563 states[npc]->print ("New", npc, current_method->max_stack,
1564 current_method->max_locals);
1565 }
1566
1567 if (changed && states[npc]->next == state::INVALID)
1568 {
1569 // The merge changed the state, and the new PC isn't yet on our
1570 // list of PCs to re-verify.
1571 states[npc]->next = next_verify_pc;
1572 next_verify_pc = npc;
1573 }
1574 }
1575
1576 void push_jump (int offset)
1577 {
1578 int npc = compute_jump (offset);
1579 if (npc < PC)
1580 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1581 push_jump_merge (npc, current_state);
1582 }
1583
1584 void push_exception_jump (type t, int pc)
1585 {
1586 current_state->check_no_uninitialized_objects (current_method->max_locals,
1587 this, true);
1588 state s (current_state, current_method->max_stack,
1589 current_method->max_locals);
1590 if (current_method->max_stack < 1)
1591 verify_fail ("stack overflow at exception handler");
1592 s.set_exception (t, current_method->max_stack);
1593 push_jump_merge (pc, &s);
1594 }
1595
1596 int pop_jump ()
1597 {
1598 int *prev_loc = &next_verify_pc;
1599 int npc = next_verify_pc;
1600
1601 while (npc != state::NO_NEXT)
1602 {
1603 // If the next available PC is an unmerged `ret' state, then
1604 // we aren't yet ready to handle it. That's because we would
1605 // need all kind of special cases to do so. So instead we
1606 // defer this jump until after we've processed it via a
1607 // fall-through. This has to happen because the instruction
1608 // before this one must be a `jsr'.
1609 if (! states[npc]->is_unmerged_ret_state (current_method->max_locals))
1610 {
1611 *prev_loc = states[npc]->next;
1612 states[npc]->next = state::INVALID;
1613 return npc;
1614 }
1615
1616 prev_loc = &states[npc]->next;
1617 npc = states[npc]->next;
1618 }
1619
1620 // Note that we might have gotten here even when there are
1621 // remaining states to process. That can happen if we find a
1622 // `jsr' without a `ret'.
1623 return state::NO_NEXT;
1624 }
1625
1626 void invalidate_pc ()
1627 {
1628 PC = state::NO_NEXT;
1629 }
1630
1631 void note_branch_target (int pc, bool is_jsr_target = false)
1632 {
1633 // Don't check `pc <= PC', because we've advanced PC after
1634 // fetching the target and we haven't yet checked the next
1635 // instruction.
1636 if (pc < PC && ! (flags[pc] & FLAG_INSN_START))
1637 verify_fail ("branch not to instruction start", start_PC);
1638 flags[pc] |= FLAG_BRANCH_TARGET;
1639 if (is_jsr_target)
1640 {
1641 // Record the jsr which called this instruction.
1642 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1643 info->pc = PC;
1644 info->next = jsr_ptrs[pc];
1645 jsr_ptrs[pc] = info;
1646 }
1647 }
1648
1649 void skip_padding ()
1650 {
1651 while ((PC % 4) > 0)
1652 if (get_byte () != 0)
1653 verify_fail ("found nonzero padding byte");
1654 }
1655
1656 // Return the subroutine to which the instruction at PC belongs.
1657 int get_subroutine (int pc)
1658 {
1659 if (states[pc] == NULL)
1660 return 0;
1661 return states[pc]->subroutine;
1662 }
1663
1664 // Do the work for a `ret' instruction. INDEX is the index into the
1665 // local variables.
1666 void handle_ret_insn (int index)
1667 {
1668 get_variable (index, return_address_type);
1669
1670 int csub = current_state->subroutine;
1671 if (csub == 0)
1672 verify_fail ("no subroutine");
1673
1674 // Check to see if we've merged subroutines.
1675 subr_entry_info *entry;
1676 for (entry = entry_points; entry != NULL; entry = entry->next)
1677 {
1678 if (entry->ret_pc == start_PC)
1679 break;
1680 }
1681 if (entry == NULL)
1682 {
1683 entry = (subr_entry_info *) _Jv_Malloc (sizeof (subr_entry_info));
1684 entry->pc = csub;
1685 entry->ret_pc = start_PC;
1686 entry->next = entry_points;
1687 entry_points = entry;
1688 }
1689 else if (entry->pc != csub)
1690 verify_fail ("subroutines merged");
1691
1692 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next)
1693 {
1694 // We might be returning to a `jsr' that is at the end of the
1695 // bytecode. This is ok if we never return from the called
1696 // subroutine, but if we see this here it is an error.
1697 if (subr->pc >= current_method->code_length)
1698 verify_fail ("fell off end");
1699
1700 // Temporarily modify the current state so it looks like we're
1701 // in the enclosing context.
1702 current_state->subroutine = get_subroutine (subr->pc);
1703 if (subr->pc < PC)
1704 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1705 push_jump_merge (subr->pc, current_state, true);
1706 }
1707
1708 current_state->subroutine = csub;
1709 invalidate_pc ();
1710 }
1711
1712 // We're in the subroutine SUB, calling a subroutine at DEST. Make
1713 // sure this subroutine isn't already on the stack.
1714 void check_nonrecursive_call (int sub, int dest)
1715 {
1716 if (sub == 0)
1717 return;
1718 if (sub == dest)
1719 verify_fail ("recursive subroutine call");
1720 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next)
1721 check_nonrecursive_call (get_subroutine (info->pc), dest);
1722 }
1723
1724 void handle_jsr_insn (int offset)
1725 {
1726 int npc = compute_jump (offset);
1727
1728 if (npc < PC)
1729 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1730 check_nonrecursive_call (current_state->subroutine, npc);
1731
1732 // Modify our state as appropriate for entry into a subroutine.
1733 push_type (return_address_type);
1734 push_jump_merge (npc, current_state);
1735 // Clean up.
1736 pop_type (return_address_type);
1737
1738 // On entry to the subroutine, the subroutine number must be set
1739 // and the locals must be marked as cleared. We do this after
1740 // merging state so that we don't erroneously "notice" a variable
1741 // change merely on entry.
1742 states[npc]->enter_subroutine (npc, current_method->max_locals);
1743
1744 // Indicate that we don't know the stack depth of the instruction
1745 // following the `jsr'. The idea here is that we need to merge
1746 // the local variable state across the jsr, but the subroutine
1747 // might change the stack depth, so we can't make any assumptions
1748 // about it. So we have yet another special case. We know that
1749 // at this point PC points to the instruction after the jsr. Note
1750 // that it is ok to have a `jsr' at the end of the bytecode,
1751 // provided that the called subroutine never returns. So, we have
1752 // a special case here and another one when we handle the ret.
1753 if (PC < current_method->code_length)
1754 {
1755 current_state->stacktop = state::NO_STACK;
1756 push_jump_merge (PC, current_state, false, true);
1757 }
1758 invalidate_pc ();
1759 }
1760
1761 jclass construct_primitive_array_type (type_val prim)
1762 {
1763 jclass k = NULL;
1764 switch (prim)
1765 {
1766 case boolean_type:
1767 k = JvPrimClass (boolean);
1768 break;
1769 case char_type:
1770 k = JvPrimClass (char);
1771 break;
1772 case float_type:
1773 k = JvPrimClass (float);
1774 break;
1775 case double_type:
1776 k = JvPrimClass (double);
1777 break;
1778 case byte_type:
1779 k = JvPrimClass (byte);
1780 break;
1781 case short_type:
1782 k = JvPrimClass (short);
1783 break;
1784 case int_type:
1785 k = JvPrimClass (int);
1786 break;
1787 case long_type:
1788 k = JvPrimClass (long);
1789 break;
1790
1791 // These aren't used here but we call them out to avoid
1792 // warnings.
1793 case void_type:
1794 case unsuitable_type:
1795 case return_address_type:
1796 case continuation_type:
1797 case unused_by_subroutine_type:
1798 case reference_type:
1799 case null_type:
1800 case uninitialized_reference_type:
1801 default:
1802 verify_fail ("unknown type in construct_primitive_array_type");
1803 }
1804 k = _Jv_GetArrayClass (k, NULL);
1805 return k;
1806 }
1807
1808 // This pass computes the location of branch targets and also
1809 // instruction starts.
1810 void branch_prepass ()
1811 {
1812 flags = (char *) _Jv_Malloc (current_method->code_length);
1813 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *)
1814 * current_method->code_length);
1815
1816 for (int i = 0; i < current_method->code_length; ++i)
1817 {
1818 flags[i] = 0;
1819 jsr_ptrs[i] = NULL;
1820 }
1821
1822 bool last_was_jsr = false;
1823
1824 PC = 0;
1825 while (PC < current_method->code_length)
1826 {
1827 // Set `start_PC' early so that error checking can have the
1828 // correct value.
1829 start_PC = PC;
1830 flags[PC] |= FLAG_INSN_START;
1831
1832 // If the previous instruction was a jsr, then the next
1833 // instruction is a branch target -- the branch being the
1834 // corresponding `ret'.
1835 if (last_was_jsr)
1836 note_branch_target (PC);
1837 last_was_jsr = false;
1838
1839 java_opcode opcode = (java_opcode) bytecode[PC++];
1840 switch (opcode)
1841 {
1842 case op_nop:
1843 case op_aconst_null:
1844 case op_iconst_m1:
1845 case op_iconst_0:
1846 case op_iconst_1:
1847 case op_iconst_2:
1848 case op_iconst_3:
1849 case op_iconst_4:
1850 case op_iconst_5:
1851 case op_lconst_0:
1852 case op_lconst_1:
1853 case op_fconst_0:
1854 case op_fconst_1:
1855 case op_fconst_2:
1856 case op_dconst_0:
1857 case op_dconst_1:
1858 case op_iload_0:
1859 case op_iload_1:
1860 case op_iload_2:
1861 case op_iload_3:
1862 case op_lload_0:
1863 case op_lload_1:
1864 case op_lload_2:
1865 case op_lload_3:
1866 case op_fload_0:
1867 case op_fload_1:
1868 case op_fload_2:
1869 case op_fload_3:
1870 case op_dload_0:
1871 case op_dload_1:
1872 case op_dload_2:
1873 case op_dload_3:
1874 case op_aload_0:
1875 case op_aload_1:
1876 case op_aload_2:
1877 case op_aload_3:
1878 case op_iaload:
1879 case op_laload:
1880 case op_faload:
1881 case op_daload:
1882 case op_aaload:
1883 case op_baload:
1884 case op_caload:
1885 case op_saload:
1886 case op_istore_0:
1887 case op_istore_1:
1888 case op_istore_2:
1889 case op_istore_3:
1890 case op_lstore_0:
1891 case op_lstore_1:
1892 case op_lstore_2:
1893 case op_lstore_3:
1894 case op_fstore_0:
1895 case op_fstore_1:
1896 case op_fstore_2:
1897 case op_fstore_3:
1898 case op_dstore_0:
1899 case op_dstore_1:
1900 case op_dstore_2:
1901 case op_dstore_3:
1902 case op_astore_0:
1903 case op_astore_1:
1904 case op_astore_2:
1905 case op_astore_3:
1906 case op_iastore:
1907 case op_lastore:
1908 case op_fastore:
1909 case op_dastore:
1910 case op_aastore:
1911 case op_bastore:
1912 case op_castore:
1913 case op_sastore:
1914 case op_pop:
1915 case op_pop2:
1916 case op_dup:
1917 case op_dup_x1:
1918 case op_dup_x2:
1919 case op_dup2:
1920 case op_dup2_x1:
1921 case op_dup2_x2:
1922 case op_swap:
1923 case op_iadd:
1924 case op_isub:
1925 case op_imul:
1926 case op_idiv:
1927 case op_irem:
1928 case op_ishl:
1929 case op_ishr:
1930 case op_iushr:
1931 case op_iand:
1932 case op_ior:
1933 case op_ixor:
1934 case op_ladd:
1935 case op_lsub:
1936 case op_lmul:
1937 case op_ldiv:
1938 case op_lrem:
1939 case op_lshl:
1940 case op_lshr:
1941 case op_lushr:
1942 case op_land:
1943 case op_lor:
1944 case op_lxor:
1945 case op_fadd:
1946 case op_fsub:
1947 case op_fmul:
1948 case op_fdiv:
1949 case op_frem:
1950 case op_dadd:
1951 case op_dsub:
1952 case op_dmul:
1953 case op_ddiv:
1954 case op_drem:
1955 case op_ineg:
1956 case op_i2b:
1957 case op_i2c:
1958 case op_i2s:
1959 case op_lneg:
1960 case op_fneg:
1961 case op_dneg:
1962 case op_i2l:
1963 case op_i2f:
1964 case op_i2d:
1965 case op_l2i:
1966 case op_l2f:
1967 case op_l2d:
1968 case op_f2i:
1969 case op_f2l:
1970 case op_f2d:
1971 case op_d2i:
1972 case op_d2l:
1973 case op_d2f:
1974 case op_lcmp:
1975 case op_fcmpl:
1976 case op_fcmpg:
1977 case op_dcmpl:
1978 case op_dcmpg:
1979 case op_monitorenter:
1980 case op_monitorexit:
1981 case op_ireturn:
1982 case op_lreturn:
1983 case op_freturn:
1984 case op_dreturn:
1985 case op_areturn:
1986 case op_return:
1987 case op_athrow:
1988 case op_arraylength:
1989 break;
1990
1991 case op_bipush:
1992 case op_ldc:
1993 case op_iload:
1994 case op_lload:
1995 case op_fload:
1996 case op_dload:
1997 case op_aload:
1998 case op_istore:
1999 case op_lstore:
2000 case op_fstore:
2001 case op_dstore:
2002 case op_astore:
2003 case op_ret:
2004 case op_newarray:
2005 get_byte ();
2006 break;
2007
2008 case op_iinc:
2009 case op_sipush:
2010 case op_ldc_w:
2011 case op_ldc2_w:
2012 case op_getstatic:
2013 case op_getfield:
2014 case op_putfield:
2015 case op_putstatic:
2016 case op_new:
2017 case op_anewarray:
2018 case op_instanceof:
2019 case op_checkcast:
2020 case op_invokespecial:
2021 case op_invokestatic:
2022 case op_invokevirtual:
2023 get_short ();
2024 break;
2025
2026 case op_multianewarray:
2027 get_short ();
2028 get_byte ();
2029 break;
2030
2031 case op_jsr:
2032 last_was_jsr = true;
2033 // Fall through.
2034 case op_ifeq:
2035 case op_ifne:
2036 case op_iflt:
2037 case op_ifge:
2038 case op_ifgt:
2039 case op_ifle:
2040 case op_if_icmpeq:
2041 case op_if_icmpne:
2042 case op_if_icmplt:
2043 case op_if_icmpge:
2044 case op_if_icmpgt:
2045 case op_if_icmple:
2046 case op_if_acmpeq:
2047 case op_if_acmpne:
2048 case op_ifnull:
2049 case op_ifnonnull:
2050 case op_goto:
2051 note_branch_target (compute_jump (get_short ()), last_was_jsr);
2052 break;
2053
2054 case op_tableswitch:
2055 {
2056 skip_padding ();
2057 note_branch_target (compute_jump (get_int ()));
2058 jint low = get_int ();
2059 jint hi = get_int ();
2060 if (low > hi)
2061 verify_fail ("invalid tableswitch", start_PC);
2062 for (int i = low; i <= hi; ++i)
2063 note_branch_target (compute_jump (get_int ()));
2064 }
2065 break;
2066
2067 case op_lookupswitch:
2068 {
2069 skip_padding ();
2070 note_branch_target (compute_jump (get_int ()));
2071 int npairs = get_int ();
2072 if (npairs < 0)
2073 verify_fail ("too few pairs in lookupswitch", start_PC);
2074 while (npairs-- > 0)
2075 {
2076 get_int ();
2077 note_branch_target (compute_jump (get_int ()));
2078 }
2079 }
2080 break;
2081
2082 case op_invokeinterface:
2083 get_short ();
2084 get_byte ();
2085 get_byte ();
2086 break;
2087
2088 case op_wide:
2089 {
2090 opcode = (java_opcode) get_byte ();
2091 get_short ();
2092 if (opcode == op_iinc)
2093 get_short ();
2094 }
2095 break;
2096
2097 case op_jsr_w:
2098 last_was_jsr = true;
2099 // Fall through.
2100 case op_goto_w:
2101 note_branch_target (compute_jump (get_int ()), last_was_jsr);
2102 break;
2103
2104 // These are unused here, but we call them out explicitly
2105 // so that -Wswitch-enum doesn't complain.
2106 case op_putfield_1:
2107 case op_putfield_2:
2108 case op_putfield_4:
2109 case op_putfield_8:
2110 case op_putfield_a:
2111 case op_putstatic_1:
2112 case op_putstatic_2:
2113 case op_putstatic_4:
2114 case op_putstatic_8:
2115 case op_putstatic_a:
2116 case op_getfield_1:
2117 case op_getfield_2s:
2118 case op_getfield_2u:
2119 case op_getfield_4:
2120 case op_getfield_8:
2121 case op_getfield_a:
2122 case op_getstatic_1:
2123 case op_getstatic_2s:
2124 case op_getstatic_2u:
2125 case op_getstatic_4:
2126 case op_getstatic_8:
2127 case op_getstatic_a:
2128 default:
2129 verify_fail ("unrecognized instruction in branch_prepass",
2130 start_PC);
2131 }
2132
2133 // See if any previous branch tried to branch to the middle of
2134 // this instruction.
2135 for (int pc = start_PC + 1; pc < PC; ++pc)
2136 {
2137 if ((flags[pc] & FLAG_BRANCH_TARGET))
2138 verify_fail ("branch to middle of instruction", pc);
2139 }
2140 }
2141
2142 // Verify exception handlers.
2143 for (int i = 0; i < current_method->exc_count; ++i)
2144 {
2145 if (! (flags[exception[i].handler_pc.i] & FLAG_INSN_START))
2146 verify_fail ("exception handler not at instruction start",
2147 exception[i].handler_pc.i);
2148 if (! (flags[exception[i].start_pc.i] & FLAG_INSN_START))
2149 verify_fail ("exception start not at instruction start",
2150 exception[i].start_pc.i);
2151 if (exception[i].end_pc.i != current_method->code_length
2152 && ! (flags[exception[i].end_pc.i] & FLAG_INSN_START))
2153 verify_fail ("exception end not at instruction start",
2154 exception[i].end_pc.i);
2155
2156 flags[exception[i].handler_pc.i] |= FLAG_BRANCH_TARGET;
2157 }
2158 }
2159
2160 void check_pool_index (int index)
2161 {
2162 if (index < 0 || index >= current_class->constants.size)
2163 verify_fail ("constant pool index out of range", start_PC);
2164 }
2165
2166 type check_class_constant (int index)
2167 {
2168 check_pool_index (index);
2169 _Jv_Constants *pool = &current_class->constants;
2170 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
2171 return type (pool->data[index].clazz, this);
2172 else if (pool->tags[index] == JV_CONSTANT_Class)
2173 return type (pool->data[index].utf8, this);
2174 verify_fail ("expected class constant", start_PC);
2175 }
2176
2177 type check_constant (int index)
2178 {
2179 check_pool_index (index);
2180 _Jv_Constants *pool = &current_class->constants;
2181 if (pool->tags[index] == JV_CONSTANT_ResolvedString
2182 || pool->tags[index] == JV_CONSTANT_String)
2183 return type (&java::lang::String::class$, this);
2184 else if (pool->tags[index] == JV_CONSTANT_Integer)
2185 return type (int_type);
2186 else if (pool->tags[index] == JV_CONSTANT_Float)
2187 return type (float_type);
2188 verify_fail ("String, int, or float constant expected", start_PC);
2189 }
2190
2191 type check_wide_constant (int index)
2192 {
2193 check_pool_index (index);
2194 _Jv_Constants *pool = &current_class->constants;
2195 if (pool->tags[index] == JV_CONSTANT_Long)
2196 return type (long_type);
2197 else if (pool->tags[index] == JV_CONSTANT_Double)
2198 return type (double_type);
2199 verify_fail ("long or double constant expected", start_PC);
2200 }
2201
2202 // Helper for both field and method. These are laid out the same in
2203 // the constant pool.
2204 type handle_field_or_method (int index, int expected,
2205 _Jv_Utf8Const **name,
2206 _Jv_Utf8Const **fmtype)
2207 {
2208 check_pool_index (index);
2209 _Jv_Constants *pool = &current_class->constants;
2210 if (pool->tags[index] != expected)
2211 verify_fail ("didn't see expected constant", start_PC);
2212 // Once we know we have a Fieldref or Methodref we assume that it
2213 // is correctly laid out in the constant pool. I think the code
2214 // in defineclass.cc guarantees this.
2215 _Jv_ushort class_index, name_and_type_index;
2216 _Jv_loadIndexes (&pool->data[index],
2217 class_index,
2218 name_and_type_index);
2219 _Jv_ushort name_index, desc_index;
2220 _Jv_loadIndexes (&pool->data[name_and_type_index],
2221 name_index, desc_index);
2222
2223 *name = pool->data[name_index].utf8;
2224 *fmtype = pool->data[desc_index].utf8;
2225
2226 return check_class_constant (class_index);
2227 }
2228
2229 // Return field's type, compute class' type if requested.
2230 type check_field_constant (int index, type *class_type = NULL)
2231 {
2232 _Jv_Utf8Const *name, *field_type;
2233 type ct = handle_field_or_method (index,
2234 JV_CONSTANT_Fieldref,
2235 &name, &field_type);
2236 if (class_type)
2237 *class_type = ct;
2238 if (field_type->data[0] == '[' || field_type->data[0] == 'L')
2239 return type (field_type, this);
2240 return get_type_val_for_signature (field_type->data[0]);
2241 }
2242
2243 type check_method_constant (int index, bool is_interface,
2244 _Jv_Utf8Const **method_name,
2245 _Jv_Utf8Const **method_signature)
2246 {
2247 return handle_field_or_method (index,
2248 (is_interface
2249 ? JV_CONSTANT_InterfaceMethodref
2250 : JV_CONSTANT_Methodref),
2251 method_name, method_signature);
2252 }
2253
2254 type get_one_type (char *&p)
2255 {
2256 char *start = p;
2257
2258 int arraycount = 0;
2259 while (*p == '[')
2260 {
2261 ++arraycount;
2262 ++p;
2263 }
2264
2265 char v = *p++;
2266
2267 if (v == 'L')
2268 {
2269 while (*p != ';')
2270 ++p;
2271 ++p;
2272 _Jv_Utf8Const *name = make_utf8_const (start, p - start);
2273 return type (name, this);
2274 }
2275
2276 // Casting to jchar here is ok since we are looking at an ASCII
2277 // character.
2278 type_val rt = get_type_val_for_signature (jchar (v));
2279
2280 if (arraycount == 0)
2281 {
2282 // Callers of this function eventually push their arguments on
2283 // the stack. So, promote them here.
2284 return type (rt).promote ();
2285 }
2286
2287 jclass k = construct_primitive_array_type (rt);
2288 while (--arraycount > 0)
2289 k = _Jv_GetArrayClass (k, NULL);
2290 return type (k, this);
2291 }
2292
2293 void compute_argument_types (_Jv_Utf8Const *signature,
2294 type *types)
2295 {
2296 char *p = signature->data;
2297 // Skip `('.
2298 ++p;
2299
2300 int i = 0;
2301 while (*p != ')')
2302 types[i++] = get_one_type (p);
2303 }
2304
2305 type compute_return_type (_Jv_Utf8Const *signature)
2306 {
2307 char *p = signature->data;
2308 while (*p != ')')
2309 ++p;
2310 ++p;
2311 return get_one_type (p);
2312 }
2313
2314 void check_return_type (type onstack)
2315 {
2316 type rt = compute_return_type (current_method->self->signature);
2317 if (! rt.compatible (onstack, this))
2318 verify_fail ("incompatible return type");
2319 }
2320
2321 // Initialize the stack for the new method. Returns true if this
2322 // method is an instance initializer.
2323 bool initialize_stack ()
2324 {
2325 int var = 0;
2326 bool is_init = _Jv_equalUtf8Consts (current_method->self->name,
2327 gcj::init_name);
2328 bool is_clinit = _Jv_equalUtf8Consts (current_method->self->name,
2329 gcj::clinit_name);
2330
2331 using namespace java::lang::reflect;
2332 if (! Modifier::isStatic (current_method->self->accflags))
2333 {
2334 type kurr (current_class, this);
2335 if (is_init)
2336 {
2337 kurr.set_uninitialized (type::SELF, this);
2338 is_init = true;
2339 }
2340 else if (is_clinit)
2341 verify_fail ("<clinit> method must be static");
2342 set_variable (0, kurr);
2343 current_state->set_this_type (kurr);
2344 ++var;
2345 }
2346 else
2347 {
2348 if (is_init)
2349 verify_fail ("<init> method must be non-static");
2350 }
2351
2352 // We have to handle wide arguments specially here.
2353 int arg_count = _Jv_count_arguments (current_method->self->signature);
2354 type arg_types[arg_count];
2355 compute_argument_types (current_method->self->signature, arg_types);
2356 for (int i = 0; i < arg_count; ++i)
2357 {
2358 set_variable (var, arg_types[i]);
2359 ++var;
2360 if (arg_types[i].iswide ())
2361 ++var;
2362 }
2363
2364 return is_init;
2365 }
2366
2367 void verify_instructions_0 ()
2368 {
2369 current_state = new state (current_method->max_stack,
2370 current_method->max_locals);
2371
2372 PC = 0;
2373 start_PC = 0;
2374
2375 // True if we are verifying an instance initializer.
2376 bool this_is_init = initialize_stack ();
2377
2378 states = (state **) _Jv_Malloc (sizeof (state *)
2379 * current_method->code_length);
2380 for (int i = 0; i < current_method->code_length; ++i)
2381 states[i] = NULL;
2382
2383 next_verify_pc = state::NO_NEXT;
2384
2385 while (true)
2386 {
2387 // If the PC was invalidated, get a new one from the work list.
2388 if (PC == state::NO_NEXT)
2389 {
2390 PC = pop_jump ();
2391 if (PC == state::INVALID)
2392 verify_fail ("can't happen: saw state::INVALID");
2393 if (PC == state::NO_NEXT)
2394 break;
2395 debug_print ("== State pop from pending list\n");
2396 // Set up the current state.
2397 current_state->copy (states[PC], current_method->max_stack,
2398 current_method->max_locals);
2399 }
2400 else
2401 {
2402 // Control can't fall off the end of the bytecode. We
2403 // only need to check this in the fall-through case,
2404 // because branch bounds are checked when they are
2405 // pushed.
2406 if (PC >= current_method->code_length)
2407 verify_fail ("fell off end");
2408
2409 // We only have to do this checking in the situation where
2410 // control flow falls through from the previous
2411 // instruction. Otherwise merging is done at the time we
2412 // push the branch.
2413 if (states[PC] != NULL)
2414 {
2415 // We've already visited this instruction. So merge
2416 // the states together. If this yields no change then
2417 // we don't have to re-verify. However, if the new
2418 // state is an the result of an unmerged `ret', we
2419 // must continue through it.
2420 debug_print ("== Fall through merge\n");
2421 states[PC]->print ("Old", PC, current_method->max_stack,
2422 current_method->max_locals);
2423 current_state->print ("Cur", PC, current_method->max_stack,
2424 current_method->max_locals);
2425 if (! current_state->merge (states[PC], false,
2426 current_method->max_locals, this)
2427 && ! states[PC]->is_unmerged_ret_state (current_method->max_locals))
2428 {
2429 debug_print ("== Fall through optimization\n");
2430 invalidate_pc ();
2431 continue;
2432 }
2433 // Save a copy of it for later.
2434 states[PC]->copy (current_state, current_method->max_stack,
2435 current_method->max_locals);
2436 current_state->print ("New", PC, current_method->max_stack,
2437 current_method->max_locals);
2438 }
2439 }
2440
2441 // We only have to keep saved state at branch targets. If
2442 // we're at a branch target and the state here hasn't been set
2443 // yet, we set it now.
2444 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET))
2445 {
2446 states[PC] = new state (current_state, current_method->max_stack,
2447 current_method->max_locals);
2448 }
2449
2450 // Set this before handling exceptions so that debug output is
2451 // sane.
2452 start_PC = PC;
2453
2454 // Update states for all active exception handlers. Ordinarily
2455 // there are not many exception handlers. So we simply run
2456 // through them all.
2457 for (int i = 0; i < current_method->exc_count; ++i)
2458 {
2459 if (PC >= exception[i].start_pc.i && PC < exception[i].end_pc.i)
2460 {
2461 type handler (&java::lang::Throwable::class$, this);
2462 if (exception[i].handler_type.i != 0)
2463 handler = check_class_constant (exception[i].handler_type.i);
2464 push_exception_jump (handler, exception[i].handler_pc.i);
2465 }
2466 }
2467
2468 current_state->print (" ", PC, current_method->max_stack,
2469 current_method->max_locals);
2470 java_opcode opcode = (java_opcode) bytecode[PC++];
2471 switch (opcode)
2472 {
2473 case op_nop:
2474 break;
2475
2476 case op_aconst_null:
2477 push_type (null_type);
2478 break;
2479
2480 case op_iconst_m1:
2481 case op_iconst_0:
2482 case op_iconst_1:
2483 case op_iconst_2:
2484 case op_iconst_3:
2485 case op_iconst_4:
2486 case op_iconst_5:
2487 push_type (int_type);
2488 break;
2489
2490 case op_lconst_0:
2491 case op_lconst_1:
2492 push_type (long_type);
2493 break;
2494
2495 case op_fconst_0:
2496 case op_fconst_1:
2497 case op_fconst_2:
2498 push_type (float_type);
2499 break;
2500
2501 case op_dconst_0:
2502 case op_dconst_1:
2503 push_type (double_type);
2504 break;
2505
2506 case op_bipush:
2507 get_byte ();
2508 push_type (int_type);
2509 break;
2510
2511 case op_sipush:
2512 get_short ();
2513 push_type (int_type);
2514 break;
2515
2516 case op_ldc:
2517 push_type (check_constant (get_byte ()));
2518 break;
2519 case op_ldc_w:
2520 push_type (check_constant (get_ushort ()));
2521 break;
2522 case op_ldc2_w:
2523 push_type (check_wide_constant (get_ushort ()));
2524 break;
2525
2526 case op_iload:
2527 push_type (get_variable (get_byte (), int_type));
2528 break;
2529 case op_lload:
2530 push_type (get_variable (get_byte (), long_type));
2531 break;
2532 case op_fload:
2533 push_type (get_variable (get_byte (), float_type));
2534 break;
2535 case op_dload:
2536 push_type (get_variable (get_byte (), double_type));
2537 break;
2538 case op_aload:
2539 push_type (get_variable (get_byte (), reference_type));
2540 break;
2541
2542 case op_iload_0:
2543 case op_iload_1:
2544 case op_iload_2:
2545 case op_iload_3:
2546 push_type (get_variable (opcode - op_iload_0, int_type));
2547 break;
2548 case op_lload_0:
2549 case op_lload_1:
2550 case op_lload_2:
2551 case op_lload_3:
2552 push_type (get_variable (opcode - op_lload_0, long_type));
2553 break;
2554 case op_fload_0:
2555 case op_fload_1:
2556 case op_fload_2:
2557 case op_fload_3:
2558 push_type (get_variable (opcode - op_fload_0, float_type));
2559 break;
2560 case op_dload_0:
2561 case op_dload_1:
2562 case op_dload_2:
2563 case op_dload_3:
2564 push_type (get_variable (opcode - op_dload_0, double_type));
2565 break;
2566 case op_aload_0:
2567 case op_aload_1:
2568 case op_aload_2:
2569 case op_aload_3:
2570 push_type (get_variable (opcode - op_aload_0, reference_type));
2571 break;
2572 case op_iaload:
2573 pop_type (int_type);
2574 push_type (require_array_type (pop_init_ref (reference_type),
2575 int_type));
2576 break;
2577 case op_laload:
2578 pop_type (int_type);
2579 push_type (require_array_type (pop_init_ref (reference_type),
2580 long_type));
2581 break;
2582 case op_faload:
2583 pop_type (int_type);
2584 push_type (require_array_type (pop_init_ref (reference_type),
2585 float_type));
2586 break;
2587 case op_daload:
2588 pop_type (int_type);
2589 push_type (require_array_type (pop_init_ref (reference_type),
2590 double_type));
2591 break;
2592 case op_aaload:
2593 pop_type (int_type);
2594 push_type (require_array_type (pop_init_ref (reference_type),
2595 reference_type));
2596 break;
2597 case op_baload:
2598 pop_type (int_type);
2599 require_array_type (pop_init_ref (reference_type), byte_type);
2600 push_type (int_type);
2601 break;
2602 case op_caload:
2603 pop_type (int_type);
2604 require_array_type (pop_init_ref (reference_type), char_type);
2605 push_type (int_type);
2606 break;
2607 case op_saload:
2608 pop_type (int_type);
2609 require_array_type (pop_init_ref (reference_type), short_type);
2610 push_type (int_type);
2611 break;
2612 case op_istore:
2613 set_variable (get_byte (), pop_type (int_type));
2614 break;
2615 case op_lstore:
2616 set_variable (get_byte (), pop_type (long_type));
2617 break;
2618 case op_fstore:
2619 set_variable (get_byte (), pop_type (float_type));
2620 break;
2621 case op_dstore:
2622 set_variable (get_byte (), pop_type (double_type));
2623 break;
2624 case op_astore:
2625 set_variable (get_byte (), pop_ref_or_return ());
2626 break;
2627 case op_istore_0:
2628 case op_istore_1:
2629 case op_istore_2:
2630 case op_istore_3:
2631 set_variable (opcode - op_istore_0, pop_type (int_type));
2632 break;
2633 case op_lstore_0:
2634 case op_lstore_1:
2635 case op_lstore_2:
2636 case op_lstore_3:
2637 set_variable (opcode - op_lstore_0, pop_type (long_type));
2638 break;
2639 case op_fstore_0:
2640 case op_fstore_1:
2641 case op_fstore_2:
2642 case op_fstore_3:
2643 set_variable (opcode - op_fstore_0, pop_type (float_type));
2644 break;
2645 case op_dstore_0:
2646 case op_dstore_1:
2647 case op_dstore_2:
2648 case op_dstore_3:
2649 set_variable (opcode - op_dstore_0, pop_type (double_type));
2650 break;
2651 case op_astore_0:
2652 case op_astore_1:
2653 case op_astore_2:
2654 case op_astore_3:
2655 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2656 break;
2657 case op_iastore:
2658 pop_type (int_type);
2659 pop_type (int_type);
2660 require_array_type (pop_init_ref (reference_type), int_type);
2661 break;
2662 case op_lastore:
2663 pop_type (long_type);
2664 pop_type (int_type);
2665 require_array_type (pop_init_ref (reference_type), long_type);
2666 break;
2667 case op_fastore:
2668 pop_type (float_type);
2669 pop_type (int_type);
2670 require_array_type (pop_init_ref (reference_type), float_type);
2671 break;
2672 case op_dastore:
2673 pop_type (double_type);
2674 pop_type (int_type);
2675 require_array_type (pop_init_ref (reference_type), double_type);
2676 break;
2677 case op_aastore:
2678 pop_type (reference_type);
2679 pop_type (int_type);
2680 require_array_type (pop_init_ref (reference_type), reference_type);
2681 break;
2682 case op_bastore:
2683 pop_type (int_type);
2684 pop_type (int_type);
2685 require_array_type (pop_init_ref (reference_type), byte_type);
2686 break;
2687 case op_castore:
2688 pop_type (int_type);
2689 pop_type (int_type);
2690 require_array_type (pop_init_ref (reference_type), char_type);
2691 break;
2692 case op_sastore:
2693 pop_type (int_type);
2694 pop_type (int_type);
2695 require_array_type (pop_init_ref (reference_type), short_type);
2696 break;
2697 case op_pop:
2698 pop32 ();
2699 break;
2700 case op_pop2:
2701 {
2702 type t = pop_raw ();
2703 if (! t.iswide ())
2704 pop32 ();
2705 }
2706 break;
2707 case op_dup:
2708 {
2709 type t = pop32 ();
2710 push_type (t);
2711 push_type (t);
2712 }
2713 break;
2714 case op_dup_x1:
2715 {
2716 type t1 = pop32 ();
2717 type t2 = pop32 ();
2718 push_type (t1);
2719 push_type (t2);
2720 push_type (t1);
2721 }
2722 break;
2723 case op_dup_x2:
2724 {
2725 type t1 = pop32 ();
2726 type t2 = pop_raw ();
2727 if (! t2.iswide ())
2728 {
2729 type t3 = pop32 ();
2730 push_type (t1);
2731 push_type (t3);
2732 }
2733 else
2734 push_type (t1);
2735 push_type (t2);
2736 push_type (t1);
2737 }
2738 break;
2739 case op_dup2:
2740 {
2741 type t = pop_raw ();
2742 if (! t.iswide ())
2743 {
2744 type t2 = pop32 ();
2745 push_type (t2);
2746 push_type (t);
2747 push_type (t2);
2748 }
2749 else
2750 push_type (t);
2751 push_type (t);
2752 }
2753 break;
2754 case op_dup2_x1:
2755 {
2756 type t1 = pop_raw ();
2757 type t2 = pop32 ();
2758 if (! t1.iswide ())
2759 {
2760 type t3 = pop32 ();
2761 push_type (t2);
2762 push_type (t1);
2763 push_type (t3);
2764 }
2765 else
2766 push_type (t1);
2767 push_type (t2);
2768 push_type (t1);
2769 }
2770 break;
2771 case op_dup2_x2:
2772 {
2773 type t1 = pop_raw ();
2774 if (t1.iswide ())
2775 {
2776 type t2 = pop_raw ();
2777 if (t2.iswide ())
2778 {
2779 push_type (t1);
2780 push_type (t2);
2781 }
2782 else
2783 {
2784 type t3 = pop32 ();
2785 push_type (t1);
2786 push_type (t3);
2787 push_type (t2);
2788 }
2789 push_type (t1);
2790 }
2791 else
2792 {
2793 type t2 = pop32 ();
2794 type t3 = pop_raw ();
2795 if (t3.iswide ())
2796 {
2797 push_type (t2);
2798 push_type (t1);
2799 }
2800 else
2801 {
2802 type t4 = pop32 ();
2803 push_type (t2);
2804 push_type (t1);
2805 push_type (t4);
2806 }
2807 push_type (t3);
2808 push_type (t2);
2809 push_type (t1);
2810 }
2811 }
2812 break;
2813 case op_swap:
2814 {
2815 type t1 = pop32 ();
2816 type t2 = pop32 ();
2817 push_type (t1);
2818 push_type (t2);
2819 }
2820 break;
2821 case op_iadd:
2822 case op_isub:
2823 case op_imul:
2824 case op_idiv:
2825 case op_irem:
2826 case op_ishl:
2827 case op_ishr:
2828 case op_iushr:
2829 case op_iand:
2830 case op_ior:
2831 case op_ixor:
2832 pop_type (int_type);
2833 push_type (pop_type (int_type));
2834 break;
2835 case op_ladd:
2836 case op_lsub:
2837 case op_lmul:
2838 case op_ldiv:
2839 case op_lrem:
2840 case op_land:
2841 case op_lor:
2842 case op_lxor:
2843 pop_type (long_type);
2844 push_type (pop_type (long_type));
2845 break;
2846 case op_lshl:
2847 case op_lshr:
2848 case op_lushr:
2849 pop_type (int_type);
2850 push_type (pop_type (long_type));
2851 break;
2852 case op_fadd:
2853 case op_fsub:
2854 case op_fmul:
2855 case op_fdiv:
2856 case op_frem:
2857 pop_type (float_type);
2858 push_type (pop_type (float_type));
2859 break;
2860 case op_dadd:
2861 case op_dsub:
2862 case op_dmul:
2863 case op_ddiv:
2864 case op_drem:
2865 pop_type (double_type);
2866 push_type (pop_type (double_type));
2867 break;
2868 case op_ineg:
2869 case op_i2b:
2870 case op_i2c:
2871 case op_i2s:
2872 push_type (pop_type (int_type));
2873 break;
2874 case op_lneg:
2875 push_type (pop_type (long_type));
2876 break;
2877 case op_fneg:
2878 push_type (pop_type (float_type));
2879 break;
2880 case op_dneg:
2881 push_type (pop_type (double_type));
2882 break;
2883 case op_iinc:
2884 get_variable (get_byte (), int_type);
2885 get_byte ();
2886 break;
2887 case op_i2l:
2888 pop_type (int_type);
2889 push_type (long_type);
2890 break;
2891 case op_i2f:
2892 pop_type (int_type);
2893 push_type (float_type);
2894 break;
2895 case op_i2d:
2896 pop_type (int_type);
2897 push_type (double_type);
2898 break;
2899 case op_l2i:
2900 pop_type (long_type);
2901 push_type (int_type);
2902 break;
2903 case op_l2f:
2904 pop_type (long_type);
2905 push_type (float_type);
2906 break;
2907 case op_l2d:
2908 pop_type (long_type);
2909 push_type (double_type);
2910 break;
2911 case op_f2i:
2912 pop_type (float_type);
2913 push_type (int_type);
2914 break;
2915 case op_f2l:
2916 pop_type (float_type);
2917 push_type (long_type);
2918 break;
2919 case op_f2d:
2920 pop_type (float_type);
2921 push_type (double_type);
2922 break;
2923 case op_d2i:
2924 pop_type (double_type);
2925 push_type (int_type);
2926 break;
2927 case op_d2l:
2928 pop_type (double_type);
2929 push_type (long_type);
2930 break;
2931 case op_d2f:
2932 pop_type (double_type);
2933 push_type (float_type);
2934 break;
2935 case op_lcmp:
2936 pop_type (long_type);
2937 pop_type (long_type);
2938 push_type (int_type);
2939 break;
2940 case op_fcmpl:
2941 case op_fcmpg:
2942 pop_type (float_type);
2943 pop_type (float_type);
2944 push_type (int_type);
2945 break;
2946 case op_dcmpl:
2947 case op_dcmpg:
2948 pop_type (double_type);
2949 pop_type (double_type);
2950 push_type (int_type);
2951 break;
2952 case op_ifeq:
2953 case op_ifne:
2954 case op_iflt:
2955 case op_ifge:
2956 case op_ifgt:
2957 case op_ifle:
2958 pop_type (int_type);
2959 push_jump (get_short ());
2960 break;
2961 case op_if_icmpeq:
2962 case op_if_icmpne:
2963 case op_if_icmplt:
2964 case op_if_icmpge:
2965 case op_if_icmpgt:
2966 case op_if_icmple:
2967 pop_type (int_type);
2968 pop_type (int_type);
2969 push_jump (get_short ());
2970 break;
2971 case op_if_acmpeq:
2972 case op_if_acmpne:
2973 pop_type (reference_type);
2974 pop_type (reference_type);
2975 push_jump (get_short ());
2976 break;
2977 case op_goto:
2978 push_jump (get_short ());
2979 invalidate_pc ();
2980 break;
2981 case op_jsr:
2982 handle_jsr_insn (get_short ());
2983 break;
2984 case op_ret:
2985 handle_ret_insn (get_byte ());
2986 break;
2987 case op_tableswitch:
2988 {
2989 pop_type (int_type);
2990 skip_padding ();
2991 push_jump (get_int ());
2992 jint low = get_int ();
2993 jint high = get_int ();
2994 // Already checked LOW -vs- HIGH.
2995 for (int i = low; i <= high; ++i)
2996 push_jump (get_int ());
2997 invalidate_pc ();
2998 }
2999 break;
3000
3001 case op_lookupswitch:
3002 {
3003 pop_type (int_type);
3004 skip_padding ();
3005 push_jump (get_int ());
3006 jint npairs = get_int ();
3007 // Already checked NPAIRS >= 0.
3008 jint lastkey = 0;
3009 for (int i = 0; i < npairs; ++i)
3010 {
3011 jint key = get_int ();
3012 if (i > 0 && key <= lastkey)
3013 verify_fail ("lookupswitch pairs unsorted", start_PC);
3014 lastkey = key;
3015 push_jump (get_int ());
3016 }
3017 invalidate_pc ();
3018 }
3019 break;
3020 case op_ireturn:
3021 check_return_type (pop_type (int_type));
3022 invalidate_pc ();
3023 break;
3024 case op_lreturn:
3025 check_return_type (pop_type (long_type));
3026 invalidate_pc ();
3027 break;
3028 case op_freturn:
3029 check_return_type (pop_type (float_type));
3030 invalidate_pc ();
3031 break;
3032 case op_dreturn:
3033 check_return_type (pop_type (double_type));
3034 invalidate_pc ();
3035 break;
3036 case op_areturn:
3037 check_return_type (pop_init_ref (reference_type));
3038 invalidate_pc ();
3039 break;
3040 case op_return:
3041 // We only need to check this when the return type is
3042 // void, because all instance initializers return void.
3043 if (this_is_init)
3044 current_state->check_this_initialized (this);
3045 check_return_type (void_type);
3046 invalidate_pc ();
3047 break;
3048 case op_getstatic:
3049 push_type (check_field_constant (get_ushort ()));
3050 break;
3051 case op_putstatic:
3052 pop_type (check_field_constant (get_ushort ()));
3053 break;
3054 case op_getfield:
3055 {
3056 type klass;
3057 type field = check_field_constant (get_ushort (), &klass);
3058 pop_type (klass);
3059 push_type (field);
3060 }
3061 break;
3062 case op_putfield:
3063 {
3064 type klass;
3065 type field = check_field_constant (get_ushort (), &klass);
3066 pop_type (field);
3067
3068 // We have an obscure special case here: we can use
3069 // `putfield' on a field declared in this class, even if
3070 // `this' has not yet been initialized.
3071 if (! current_state->this_type.isinitialized ()
3072 && current_state->this_type.pc == type::SELF)
3073 klass.set_uninitialized (type::SELF, this);
3074 pop_type (klass);
3075 }
3076 break;
3077
3078 case op_invokevirtual:
3079 case op_invokespecial:
3080 case op_invokestatic:
3081 case op_invokeinterface:
3082 {
3083 _Jv_Utf8Const *method_name, *method_signature;
3084 type class_type
3085 = check_method_constant (get_ushort (),
3086 opcode == op_invokeinterface,
3087 &method_name,
3088 &method_signature);
3089 // NARGS is only used when we're processing
3090 // invokeinterface. It is simplest for us to compute it
3091 // here and then verify it later.
3092 int nargs = 0;
3093 if (opcode == op_invokeinterface)
3094 {
3095 nargs = get_byte ();
3096 if (get_byte () != 0)
3097 verify_fail ("invokeinterface dummy byte is wrong");
3098 }
3099
3100 bool is_init = false;
3101 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
3102 {
3103 is_init = true;
3104 if (opcode != op_invokespecial)
3105 verify_fail ("can't invoke <init>");
3106 }
3107 else if (method_name->data[0] == '<')
3108 verify_fail ("can't invoke method starting with `<'");
3109
3110 // Pop arguments and check types.
3111 int arg_count = _Jv_count_arguments (method_signature);
3112 type arg_types[arg_count];
3113 compute_argument_types (method_signature, arg_types);
3114 for (int i = arg_count - 1; i >= 0; --i)
3115 {
3116 // This is only used for verifying the byte for
3117 // invokeinterface.
3118 nargs -= arg_types[i].depth ();
3119 pop_init_ref (arg_types[i]);
3120 }
3121
3122 if (opcode == op_invokeinterface
3123 && nargs != 1)
3124 verify_fail ("wrong argument count for invokeinterface");
3125
3126 if (opcode != op_invokestatic)
3127 {
3128 type t = class_type;
3129 if (is_init)
3130 {
3131 // In this case the PC doesn't matter.
3132 t.set_uninitialized (type::UNINIT, this);
3133 // FIXME: check to make sure that the <init>
3134 // call is to the right class.
3135 // It must either be super or an exact class
3136 // match.
3137 }
3138 type raw = pop_raw ();
3139 if (! t.compatible (raw, this))
3140 verify_fail ("incompatible type on stack");
3141
3142 if (is_init)
3143 current_state->set_initialized (raw.get_pc (),
3144 current_method->max_locals);
3145 }
3146
3147 type rt = compute_return_type (method_signature);
3148 if (! rt.isvoid ())
3149 push_type (rt);
3150 }
3151 break;
3152
3153 case op_new:
3154 {
3155 type t = check_class_constant (get_ushort ());
3156 if (t.isarray () || t.isinterface (this) || t.isabstract (this))
3157 verify_fail ("type is array, interface, or abstract");
3158 t.set_uninitialized (start_PC, this);
3159 push_type (t);
3160 }
3161 break;
3162
3163 case op_newarray:
3164 {
3165 int atype = get_byte ();
3166 // We intentionally have chosen constants to make this
3167 // valid.
3168 if (atype < boolean_type || atype > long_type)
3169 verify_fail ("type not primitive", start_PC);
3170 pop_type (int_type);
3171 type t (construct_primitive_array_type (type_val (atype)), this);
3172 push_type (t);
3173 }
3174 break;
3175 case op_anewarray:
3176 pop_type (int_type);
3177 push_type (check_class_constant (get_ushort ()).to_array (this));
3178 break;
3179 case op_arraylength:
3180 {
3181 type t = pop_init_ref (reference_type);
3182 if (! t.isarray () && ! t.isnull ())
3183 verify_fail ("array type expected");
3184 push_type (int_type);
3185 }
3186 break;
3187 case op_athrow:
3188 pop_type (type (&java::lang::Throwable::class$, this));
3189 invalidate_pc ();
3190 break;
3191 case op_checkcast:
3192 pop_init_ref (reference_type);
3193 push_type (check_class_constant (get_ushort ()));
3194 break;
3195 case op_instanceof:
3196 pop_init_ref (reference_type);
3197 check_class_constant (get_ushort ());
3198 push_type (int_type);
3199 break;
3200 case op_monitorenter:
3201 pop_init_ref (reference_type);
3202 break;
3203 case op_monitorexit:
3204 pop_init_ref (reference_type);
3205 break;
3206 case op_wide:
3207 {
3208 switch (get_byte ())
3209 {
3210 case op_iload:
3211 push_type (get_variable (get_ushort (), int_type));
3212 break;
3213 case op_lload:
3214 push_type (get_variable (get_ushort (), long_type));
3215 break;
3216 case op_fload:
3217 push_type (get_variable (get_ushort (), float_type));
3218 break;
3219 case op_dload:
3220 push_type (get_variable (get_ushort (), double_type));
3221 break;
3222 case op_aload:
3223 push_type (get_variable (get_ushort (), reference_type));
3224 break;
3225 case op_istore:
3226 set_variable (get_ushort (), pop_type (int_type));
3227 break;
3228 case op_lstore:
3229 set_variable (get_ushort (), pop_type (long_type));
3230 break;
3231 case op_fstore:
3232 set_variable (get_ushort (), pop_type (float_type));
3233 break;
3234 case op_dstore:
3235 set_variable (get_ushort (), pop_type (double_type));
3236 break;
3237 case op_astore:
3238 set_variable (get_ushort (), pop_init_ref (reference_type));
3239 break;
3240 case op_ret:
3241 handle_ret_insn (get_short ());
3242 break;
3243 case op_iinc:
3244 get_variable (get_ushort (), int_type);
3245 get_short ();
3246 break;
3247 default:
3248 verify_fail ("unrecognized wide instruction", start_PC);
3249 }
3250 }
3251 break;
3252 case op_multianewarray:
3253 {
3254 type atype = check_class_constant (get_ushort ());
3255 int dim = get_byte ();
3256 if (dim < 1)
3257 verify_fail ("too few dimensions to multianewarray", start_PC);
3258 atype.verify_dimensions (dim, this);
3259 for (int i = 0; i < dim; ++i)
3260 pop_type (int_type);
3261 push_type (atype);
3262 }
3263 break;
3264 case op_ifnull:
3265 case op_ifnonnull:
3266 pop_type (reference_type);
3267 push_jump (get_short ());
3268 break;
3269 case op_goto_w:
3270 push_jump (get_int ());
3271 invalidate_pc ();
3272 break;
3273 case op_jsr_w:
3274 handle_jsr_insn (get_int ());
3275 break;
3276
3277 // These are unused here, but we call them out explicitly
3278 // so that -Wswitch-enum doesn't complain.
3279 case op_putfield_1:
3280 case op_putfield_2:
3281 case op_putfield_4:
3282 case op_putfield_8:
3283 case op_putfield_a:
3284 case op_putstatic_1:
3285 case op_putstatic_2:
3286 case op_putstatic_4:
3287 case op_putstatic_8:
3288 case op_putstatic_a:
3289 case op_getfield_1:
3290 case op_getfield_2s:
3291 case op_getfield_2u:
3292 case op_getfield_4:
3293 case op_getfield_8:
3294 case op_getfield_a:
3295 case op_getstatic_1:
3296 case op_getstatic_2s:
3297 case op_getstatic_2u:
3298 case op_getstatic_4:
3299 case op_getstatic_8:
3300 case op_getstatic_a:
3301 default:
3302 // Unrecognized opcode.
3303 verify_fail ("unrecognized instruction in verify_instructions_0",
3304 start_PC);
3305 }
3306 }
3307 }
3308
3309 public:
3310
3311 void verify_instructions ()
3312 {
3313 branch_prepass ();
3314 verify_instructions_0 ();
3315 }
3316
3317 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
3318 {
3319 // We just print the text as utf-8. This is just for debugging
3320 // anyway.
3321 debug_print ("--------------------------------\n");
3322 debug_print ("-- Verifying method `%s'\n", m->self->name->data);
3323
3324 current_method = m;
3325 bytecode = m->bytecode ();
3326 exception = m->exceptions ();
3327 current_class = m->defining_class;
3328
3329 states = NULL;
3330 flags = NULL;
3331 jsr_ptrs = NULL;
3332 utf8_list = NULL;
3333 isect_list = NULL;
3334 entry_points = NULL;
3335 }
3336
3337 ~_Jv_BytecodeVerifier ()
3338 {
3339 if (states)
3340 _Jv_Free (states);
3341 if (flags)
3342 _Jv_Free (flags);
3343
3344 if (jsr_ptrs)
3345 {
3346 for (int i = 0; i < current_method->code_length; ++i)
3347 {
3348 if (jsr_ptrs[i] != NULL)
3349 {
3350 subr_info *info = jsr_ptrs[i];
3351 while (info != NULL)
3352 {
3353 subr_info *next = info->next;
3354 _Jv_Free (info);
3355 info = next;
3356 }
3357 }
3358 }
3359 _Jv_Free (jsr_ptrs);
3360 }
3361
3362 while (utf8_list != NULL)
3363 {
3364 linked_utf8 *n = utf8_list->next;
3365 _Jv_Free (utf8_list->val);
3366 _Jv_Free (utf8_list);
3367 utf8_list = n;
3368 }
3369
3370 while (entry_points != NULL)
3371 {
3372 subr_entry_info *next = entry_points->next;
3373 _Jv_Free (entry_points);
3374 entry_points = next;
3375 }
3376
3377 while (isect_list != NULL)
3378 {
3379 ref_intersection *next = isect_list->alloc_next;
3380 delete isect_list;
3381 isect_list = next;
3382 }
3383 }
3384 };
3385
3386 void
3387 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
3388 {
3389 _Jv_BytecodeVerifier v (meth);
3390 v.verify_instructions ();
3391 }
3392 #endif /* INTERPRETER */
Mirror of the offical gcc git repository hosted at gcc.gnu.org