OpenCores
URL https://opencores.org/ocsvn/openrisc_me/openrisc_me/trunk

Subversion Repositories openrisc_me

[/] [openrisc/] [trunk/] [gnu-src/] [gcc-4.5.1/] [gcc/] [java/] [verify-impl.c] - Blame information for rev 438

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 287 jeremybenn
/* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009
2
   Free Software Foundation
3
 
4
   This file is part of libgcj.
5
 
6
This software is copyrighted work licensed under the terms of the
7
Libgcj License.  Please consult the file "LIBGCJ_LICENSE" for
8
details.  */
9
 
10
/* Written by Tom Tromey <tromey@redhat.com>  */
11
 
12
/* Uncomment this to enable debugging output.  */
13
/* #define VERIFY_DEBUG */
14
 
15
#include "config.h"
16
 
17
#include "verify.h"
18
 
19
/* Hack to work around namespace pollution from java-tree.h.  */
20
#undef current_class
21
 
22
#ifdef VERIFY_DEBUG
23
#include <stdio.h>
24
#endif /* VERIFY_DEBUG */
25
 
26
/* This is used to mark states which are not scheduled for
27
   verification. */
28
#define INVALID_STATE ((state *) -1)
29
 
30
static void ATTRIBUTE_PRINTF_1
31
debug_print (const char *fmt ATTRIBUTE_UNUSED, ...)
32
{
33
#ifdef VERIFY_DEBUG
34
  va_list ap;
35
  va_start (ap, fmt);
36
  vfprintf (stderr, fmt, ap);
37
  va_end (ap);
38
#endif /* VERIFY_DEBUG */
39
}
40
 
41
/* This started as a fairly ordinary verifier, and for the most part
42
   it remains so.  It works in the obvious way, by modeling the effect
43
   of each opcode as it is encountered.  For most opcodes, this is a
44
   straightforward operation.
45
 
46
   This verifier does not do type merging.  It used to, but this
47
   results in difficulty verifying some relatively simple code
48
   involving interfaces, and it pushed some verification work into the
49
   interpreter.
50
 
51
   Instead of merging reference types, when we reach a point where two
52
   flows of control merge, we simply keep the union of reference types
53
   from each branch.  Then, when we need to verify a fact about a
54
   reference on the stack (e.g., that it is compatible with the
55
   argument type of a method), we check to ensure that all possible
56
   types satisfy the requirement.
57
 
58
   Another area this verifier differs from the norm is in its handling
59
   of subroutines.  The JVM specification has some confusing things to
60
   say about subroutines.  For instance, it makes claims about not
61
   allowing subroutines to merge and it rejects recursive subroutines.
62
   For the most part these are red herrings; we used to try to follow
63
   these things but they lead to problems.  For example, the notion of
64
   "being in a subroutine" is not well-defined: is an exception
65
   handler in a subroutine?  If you never execute the `ret' but
66
   instead `goto 1' do you remain in the subroutine?
67
 
68
   For clarity on what is really required for type safety, read
69
   "Simple Verification Technique for Complex Java Bytecode
70
   Subroutines" by Alessandro Coglio.  Among other things this paper
71
   shows that recursive subroutines are not harmful to type safety.
72
   We implement something similar to what he proposes.  Note that this
73
   means that this verifier will accept code that is rejected by some
74
   other verifiers.
75
 
76
   For those not wanting to read the paper, the basic observation is
77
   that we can maintain split states in subroutines.  We maintain one
78
   state for each calling `jsr'.  In other words, we re-verify a
79
   subroutine once for each caller, using the exact types held by the
80
   callers (as opposed to the old approach of merging types and
81
   keeping a bitmap registering what did or did not change).  This
82
   approach lets us continue to verify correctly even when a
83
   subroutine is exited via `goto' or `athrow' and not `ret'.
84
 
85
   In some other areas the JVM specification is (mildly) incorrect,
86
   so we diverge.  For instance, you cannot
87
   violate type safety by allocating an object with `new' and then
88
   failing to initialize it, no matter how one branches or where one
89
   stores the uninitialized reference.  See "Improving the official
90
   specification of Java bytecode verification" by Alessandro Coglio.
91
 
92
   Note that there's no real point in enforcing that padding bytes or
93
   the mystery byte of invokeinterface must be 0, but we do that
94
   regardless.
95
 
96
   The verifier is currently neither completely lazy nor eager when it
97
   comes to loading classes.  It tries to represent types by name when
98
   possible, and then loads them when it needs to verify a fact about
99
   the type.  Checking types by name is valid because we only use
100
   names which come from the current class' constant pool.  Since all
101
   such names are looked up using the same class loader, there is no
102
   danger that we might be fooled into comparing different types with
103
   the same name.
104
 
105
   In the future we plan to allow for a completely lazy mode of
106
   operation, where the verifier will construct a list of type
107
   assertions to be checked later.
108
 
109
   Some test cases for the verifier live in the "verify" module of the
110
   Mauve test suite.  However, some of these are presently
111
   (2004-01-20) believed to be incorrect.  (More precisely the notion
112
   of "correct" is not well-defined, and this verifier differs from
113
   others while remaining type-safe.)  Some other tests live in the
114
   libgcj test suite.
115
 
116
   This verifier is also written to be pluggable.  This means that it
117
   is intended for use in a variety of environments, not just libgcj.
118
   As a result the verifier expects a number of type and method
119
   declarations to be declared in "verify.h".  The intent is that you
120
   recompile the verifier for your particular environment.  This
121
   approach was chosen so that operations could be inlined in verify.h
122
   as much as possible.
123
 
124
   See the verify.h that accompanies this copy of the verifier to see
125
   what types, preprocessor defines, and functions must be declared.
126
   The interface is ad hoc, but was defined so that it could be
127
   implemented to connect to a pure C program.
128
*/
129
 
130
#define FLAG_INSN_START 1
131
#define FLAG_BRANCH_TARGET 2
132
#define FLAG_INSN_SEEN 4
133
 
134
struct state;
135
struct type;
136
struct ref_intersection;
137
 
138
typedef struct state state;
139
typedef struct type type;
140
typedef struct ref_intersection ref_intersection;
141
 
142
/*typedef struct state_list state_list;*/
143
 
144
typedef struct state_list
145
{
146
  state *val;
147
  struct state_list *next;
148
} state_list;
149
 
150
typedef struct vfy_string_list
151
{
152
  vfy_string val;
153
  struct vfy_string_list *next;
154
} vfy_string_list;
155
 
156
typedef struct verifier_context
157
{
158
  /* The current PC.  */
159
  int PC;
160
  /* The PC corresponding to the start of the current instruction.  */
161
  int start_PC;
162
 
163
  /* The current state of the stack, locals, etc.  */
164
  state *current_state;
165
 
166
  /* At each branch target we keep a linked list of all the states we
167
     can process at that point.  We'll only have multiple states at a
168
     given PC if they both have different return-address types in the
169
     same stack or local slot.  This array is indexed by PC and holds
170
     the list of all such states.  */
171
  state_list **states;
172
 
173
  /* We keep a linked list of all the states which we must reverify.
174
     This is the head of the list.  */
175
  state *next_verify_state;
176
 
177
  /* We keep some flags for each instruction.  The values are the
178
     FLAG_* constants defined above.  This is an array indexed by PC.  */
179
  char *flags;
180
 
181
  /* The bytecode itself.  */
182
  const unsigned char *bytecode;
183
  /* The exceptions.  */
184
  vfy_exception *exception;
185
 
186
  /* Defining class.  */
187
  vfy_jclass current_class;
188
  /* This method.  */
189
  vfy_method *current_method;
190
 
191
  /* A linked list of utf8 objects we allocate.  */
192
  vfy_string_list *utf8_list;
193
 
194
  /* A linked list of all ref_intersection objects we allocate.  */
195
  ref_intersection *isect_list;
196
} verifier_context;
197
 
198
/* The current verifier's state data. This is maintained by
199
   {push/pop}_verifier_context to provide a shorthand form to access
200
   the verification state. */
201
static GTY(()) verifier_context *vfr;
202
 
203
/* Local function declarations.  */
204
bool type_initialized (type *t);
205
int ref_count_dimensions (ref_intersection *ref);
206
 
207
static void
208
verify_fail_pc (const char *s, int pc)
209
{
210
  vfy_fail (s, pc, vfr->current_class, vfr->current_method);
211
}
212
 
213
static void
214
verify_fail (const char *s)
215
{
216
  verify_fail_pc (s, vfr->PC);
217
}
218
 
219
/* This enum holds a list of tags for all the different types we
220
   need to handle.  Reference types are treated specially by the
221
   type class.  */
222
typedef enum type_val
223
{
224
  void_type,
225
 
226
  /* The values for primitive types are chosen to correspond to values
227
     specified to newarray. */
228
  boolean_type = 4,
229
  char_type = 5,
230
  float_type = 6,
231
  double_type = 7,
232
  byte_type = 8,
233
  short_type = 9,
234
  int_type = 10,
235
  long_type = 11,
236
 
237
  /* Used when overwriting second word of a double or long in the
238
     local variables.  Also used after merging local variable states
239
     to indicate an unusable value.  */
240
  unsuitable_type,
241
  return_address_type,
242
  /* This is the second word of a two-word value, i.e., a double or
243
     a long.  */
244
  continuation_type,
245
 
246
  /* Everything after `reference_type' must be a reference type.  */
247
  reference_type,
248
  null_type,
249
  uninitialized_reference_type
250
} type_val;
251
 
252
/* This represents a merged class type.  Some verifiers (including
253
   earlier versions of this one) will compute the intersection of
254
   two class types when merging states.  However, this loses
255
   critical information about interfaces implemented by the various
256
   classes.  So instead we keep track of all the actual classes that
257
   have been merged.  */
258
struct ref_intersection
259
{
260
  /* Whether or not this type has been resolved.  */
261
  bool is_resolved;
262
 
263
  /* Actual type data.  */
264
  union
265
  {
266
    /* For a resolved reference type, this is a pointer to the class.  */
267
    vfy_jclass klass;
268
    /* For other reference types, this it the name of the class.  */
269
    vfy_string name;
270
  } data;
271
 
272
  /* Link to the next reference in the intersection.  */
273
  ref_intersection *ref_next;
274
 
275
  /* This is used to keep track of all the allocated
276
     ref_intersection objects, so we can free them.
277
     FIXME: we should allocate these in chunks.  */
278
  ref_intersection *alloc_next;
279
};
280
 
281
static ref_intersection *
282
make_ref (void)
283
{
284
  ref_intersection *new_ref =
285
    (ref_intersection *) vfy_alloc (sizeof (ref_intersection));
286
 
287
  new_ref->alloc_next = vfr->isect_list;
288
  vfr->isect_list = new_ref;
289
  return new_ref;
290
}
291
 
292
static ref_intersection *
293
clone_ref (ref_intersection *dup)
294
{
295
  ref_intersection *new_ref = make_ref ();
296
 
297
  new_ref->is_resolved = dup->is_resolved;
298
  new_ref->data = dup->data;
299
  return new_ref;
300
}
301
 
302
static void
303
resolve_ref (ref_intersection *ref)
304
{
305
  if (ref->is_resolved)
306
    return;
307
  ref->data.klass = vfy_find_class (vfr->current_class, ref->data.name);
308
  ref->is_resolved = true;
309
}
310
 
311
static bool
312
refs_equal (ref_intersection *ref1, ref_intersection *ref2)
313
{
314
  if (! ref1->is_resolved && ! ref2->is_resolved
315
      && vfy_strings_equal (ref1->data.name, ref2->data.name))
316
    return true;
317
  if (! ref1->is_resolved)
318
    resolve_ref (ref1);
319
  if (! ref2->is_resolved)
320
    resolve_ref (ref2);
321
  return ref1->data.klass == ref2->data.klass;
322
}
323
 
324
/* Merge REF1 type into REF2, returning the result.  This will
325
   return REF2 if all the classes in THIS already appear in
326
   REF2.  */
327
static ref_intersection *
328
merge_refs (ref_intersection *ref1, ref_intersection *ref2)
329
{
330
  ref_intersection *tail = ref2;
331
  for (; ref1 != NULL; ref1 = ref1->ref_next)
332
    {
333
      bool add = true;
334
      ref_intersection *iter;
335
      for (iter = ref2; iter != NULL; iter = iter->ref_next)
336
        {
337
          if (refs_equal (ref1, iter))
338
            {
339
              add = false;
340
              break;
341
            }
342
        }
343
 
344
      if (add)
345
        {
346
          ref_intersection *new_tail = clone_ref (ref1);
347
          new_tail->ref_next = tail;
348
          tail = new_tail;
349
        }
350
    }
351
  return tail;
352
}
353
 
354
/* See if an object of type SOURCE can be assigned to an object of
355
   type TARGET.  This might resolve classes in one chain or the other.  */
356
static bool
357
ref_compatible (ref_intersection *target, ref_intersection *source)
358
{
359
  for (; target != NULL; target = target->ref_next)
360
    {
361
      ref_intersection *source_iter = source;
362
 
363
      for (; source_iter != NULL; source_iter = source_iter->ref_next)
364
        {
365
          /* Avoid resolving if possible.  */
366
          if (! target->is_resolved
367
              && ! source_iter->is_resolved
368
              && vfy_strings_equal (target->data.name,
369
                                    source_iter->data.name))
370
            continue;
371
 
372
          if (! target->is_resolved)
373
            resolve_ref (target);
374
          if (! source_iter->is_resolved)
375
            resolve_ref (source_iter);
376
 
377
          if (! vfy_is_assignable_from (target->data.klass,
378
                                        source_iter->data.klass))
379
            return false;
380
        }
381
    }
382
 
383
  return true;
384
}
385
 
386
static bool
387
ref_isarray (ref_intersection *ref)
388
{
389
  /* assert (ref_next == NULL);  */
390
  if (ref->is_resolved)
391
    return vfy_is_array (ref->data.klass);
392
  else
393
    return vfy_string_bytes (ref->data.name)[0] == '[';
394
}
395
 
396
static bool
397
ref_isinterface (ref_intersection *ref)
398
{
399
  /* assert (ref_next == NULL);  */
400
  if (! ref->is_resolved)
401
    resolve_ref (ref);
402
  return vfy_is_interface (ref->data.klass);
403
}
404
 
405
static bool
406
ref_isabstract (ref_intersection *ref)
407
{
408
  /* assert (ref_next == NULL); */
409
  if (! ref->is_resolved)
410
    resolve_ref (ref);
411
  return vfy_is_abstract (ref->data.klass);
412
}
413
 
414
static vfy_jclass
415
ref_getclass (ref_intersection *ref)
416
{
417
  if (! ref->is_resolved)
418
    resolve_ref (ref);
419
  return ref->data.klass;
420
}
421
 
422
int
423
ref_count_dimensions (ref_intersection *ref)
424
{
425
  int ndims = 0;
426
  if (ref->is_resolved)
427
    {
428
      vfy_jclass k = ref->data.klass;
429
      while (vfy_is_array (k))
430
        {
431
          k = vfy_get_component_type (k);
432
          ++ndims;
433
        }
434
    }
435
  else
436
    {
437
      const char *p = vfy_string_bytes (ref->data.name);
438
      while (*p++ == '[')
439
        ++ndims;
440
    }
441
  return ndims;
442
}
443
 
444
/* Return the type_val corresponding to a primitive signature
445
   character.  For instance `I' returns `int.class'.  */
446
static type_val
447
get_type_val_for_signature (char sig)
448
{
449
  type_val rt;
450
  switch (sig)
451
    {
452
    case 'Z':
453
      rt = boolean_type;
454
      break;
455
    case 'B':
456
      rt = byte_type;
457
      break;
458
    case 'C':
459
      rt = char_type;
460
      break;
461
    case 'S':
462
      rt = short_type;
463
      break;
464
    case 'I':
465
      rt = int_type;
466
      break;
467
    case 'J':
468
      rt = long_type;
469
      break;
470
    case 'F':
471
      rt = float_type;
472
      break;
473
    case 'D':
474
      rt = double_type;
475
      break;
476
    case 'V':
477
      rt = void_type;
478
      break;
479
    default:
480
      verify_fail ("invalid signature");
481
      return null_type;
482
    }
483
  return rt;
484
}
485
 
486
/* Return the type_val corresponding to a primitive class.  */
487
static type_val
488
get_type_val_for_primtype (vfy_jclass k)
489
{
490
  return get_type_val_for_signature (vfy_get_primitive_char (k));
491
}
492
 
493
/* The `type' class is used to represent a single type in the verifier.  */
494
struct type
495
{
496
  /* The type key.  */
497
  type_val key;
498
 
499
  /* For reference types, the representation of the type.  */
500
  ref_intersection *klass;
501
 
502
  /* This is used in two situations.
503
 
504
     First, when constructing a new object, it is the PC of the
505
     `new' instruction which created the object.  We use the special
506
     value UNINIT to mean that this is uninitialized.  The special
507
     value SELF is used for the case where the current method is
508
     itself the <init> method.  the special value EITHER is used
509
     when we may optionally allow either an uninitialized or
510
     initialized reference to match.
511
 
512
     Second, when the key is return_address_type, this holds the PC
513
     of the instruction following the `jsr'.  */
514
  int pc;
515
 
516
#define UNINIT -2
517
#define SELF -1
518
#define EITHER -3
519
};
520
 
521
/* Make a new instance given the type tag.  We assume a generic
522
   `reference_type' means Object.  */
523
static void
524
init_type_from_tag (type *t, type_val k)
525
{
526
  t->key = k;
527
  /* For reference_type, if KLASS==NULL then that means we are
528
     looking for a generic object of any kind, including an
529
     uninitialized reference.  */
530
  t->klass = NULL;
531
  t->pc = UNINIT;
532
}
533
 
534
/* Make a type for the given type_val tag K.  */
535
static type
536
make_type (type_val k)
537
{
538
  type t;
539
  init_type_from_tag (&t, k);
540
  return t;
541
}
542
 
543
/* Make a new instance given a class.  */
544
static void
545
init_type_from_class (type *t, vfy_jclass k)
546
{
547
  t->key = reference_type;
548
  t->klass = make_ref ();
549
  t->klass->is_resolved = true;
550
  t->klass->data.klass = k;
551
  t->klass->ref_next = NULL;
552
  t->pc = UNINIT;
553
}
554
 
555
static type
556
make_type_from_class (vfy_jclass k)
557
{
558
  type t;
559
  init_type_from_class (&t, k);
560
  return t;
561
}
562
 
563
static void
564
init_type_from_string (type *t, vfy_string n)
565
{
566
  t->key = reference_type;
567
  t->klass = make_ref ();
568
  t->klass->is_resolved = false;
569
  t->klass->data.name = n;
570
  t->klass->ref_next = NULL;
571
  t->pc = UNINIT;
572
}
573
 
574
static type
575
make_type_from_string (vfy_string n)
576
{
577
  type t;
578
  init_type_from_string (&t, n);
579
  return t;
580
}
581
 
582
/* Promote a numeric type.  */
583
static void
584
vfy_promote_type (type *t)
585
{
586
  if (t->key == boolean_type || t->key == char_type
587
      || t->key == byte_type || t->key == short_type)
588
    t->key = int_type;
589
}
590
#define promote_type vfy_promote_type
591
 
592
/* Mark this type as the uninitialized result of `new'.  */
593
static void
594
type_set_uninitialized (type *t, int npc)
595
{
596
  if (t->key == reference_type)
597
    t->key = uninitialized_reference_type;
598
  else
599
    verify_fail ("internal error in type::uninitialized");
600
  t->pc = npc;
601
}
602
 
603
/* Mark this type as now initialized.  */
604
static void
605
type_set_initialized (type *t, int npc)
606
{
607
  if (npc != UNINIT && t->pc == npc && t->key == uninitialized_reference_type)
608
    {
609
      t->key = reference_type;
610
      t->pc = UNINIT;
611
    }
612
}
613
 
614
/* Mark this type as a particular return address.  */
615
static void type_set_return_address (type *t, int npc)
616
{
617
  t->pc = npc;
618
}
619
 
620
/* Return true if this type and type OTHER are considered
621
   mergeable for the purposes of state merging.  This is related
622
   to subroutine handling.  For this purpose two types are
623
   considered unmergeable if they are both return-addresses but
624
   have different PCs.  */
625
static bool
626
type_state_mergeable_p (type *t1, type *t2)
627
{
628
  return (t1->key != return_address_type
629
          || t2->key != return_address_type
630
          || t1->pc == t2->pc);
631
}
632
 
633
/* Return true if an object of type K can be assigned to a variable
634
   of type T.  Handle various special cases too.  Might modify
635
   T or K.  Note however that this does not perform numeric
636
   promotion.  */
637
static bool
638
types_compatible (type *t, type *k)
639
{
640
  /* Any type is compatible with the unsuitable type.  */
641
  if (k->key == unsuitable_type)
642
    return true;
643
 
644
  if (t->key < reference_type || k->key < reference_type)
645
    return t->key == k->key;
646
 
647
  /* The `null' type is convertible to any initialized reference
648
     type.  */
649
  if (t->key == null_type)
650
    return k->key != uninitialized_reference_type;
651
  if (k->key == null_type)
652
    return t->key != uninitialized_reference_type;
653
 
654
  /* A special case for a generic reference.  */
655
  if (t->klass == NULL)
656
    return true;
657
  if (k->klass == NULL)
658
    verify_fail ("programmer error in type::compatible");
659
 
660
  /* Handle the special 'EITHER' case, which is only used in a
661
     special case of 'putfield'.  Note that we only need to handle
662
     this on the LHS of a check.  */
663
  if (! type_initialized (t) && t->pc == EITHER)
664
    {
665
      /* If the RHS is uninitialized, it must be an uninitialized
666
         'this'.  */
667
      if (! type_initialized (k) && k->pc != SELF)
668
        return false;
669
    }
670
  else if (type_initialized (t) != type_initialized (k))
671
    {
672
      /* An initialized type and an uninitialized type are not
673
         otherwise compatible.  */
674
      return false;
675
    }
676
  else
677
    {
678
      /* Two uninitialized objects are compatible if either:
679
       * The PCs are identical, or
680
       * One PC is UNINIT.  */
681
      if (type_initialized (t))
682
        {
683
          if (t->pc != k->pc && t->pc != UNINIT && k->pc != UNINIT)
684
            return false;
685
        }
686
    }
687
 
688
  return ref_compatible (t->klass, k->klass);
689
}
690
 
691
/* Return true if two types are equal.  Only valid for reference
692
   types.  */
693
static bool
694
types_equal (type *t1, type *t2)
695
{
696
  if ((t1->key != reference_type && t1->key != uninitialized_reference_type)
697
      || (t2->key != reference_type
698
          && t2->key != uninitialized_reference_type))
699
    return false;
700
  /* Only single-ref types are allowed.  */
701
  if (t1->klass->ref_next || t2->klass->ref_next)
702
    return false;
703
  return refs_equal (t1->klass, t2->klass);
704
}
705
 
706
static bool
707
type_isvoid (type *t)
708
{
709
  return t->key == void_type;
710
}
711
 
712
static bool
713
type_iswide (type *t)
714
{
715
  return t->key == long_type || t->key == double_type;
716
}
717
 
718
/* Return number of stack or local variable slots taken by this type.  */
719
static int
720
type_depth (type *t)
721
{
722
  return type_iswide (t) ? 2 : 1;
723
}
724
 
725
static bool
726
type_isarray (type *t)
727
{
728
  /* We treat null_type as not an array.  This is ok based on the
729
     current uses of this method.  */
730
  if (t->key == reference_type)
731
    return ref_isarray (t->klass);
732
  return false;
733
}
734
 
735
static bool
736
type_isnull (type *t)
737
{
738
  return t->key == null_type;
739
}
740
 
741
static bool
742
type_isinterface (type *t)
743
{
744
  if (t->key != reference_type)
745
    return false;
746
  return ref_isinterface (t->klass);
747
}
748
 
749
static bool
750
type_isabstract (type *t)
751
{
752
  if (t->key != reference_type)
753
    return false;
754
  return ref_isabstract (t->klass);
755
}
756
 
757
/* Return the element type of an array.  */
758
static type
759
type_array_element (type *t)
760
{
761
  type et;
762
  vfy_jclass k;
763
 
764
  if (t->key != reference_type)
765
    verify_fail ("programmer error in type::element_type()");
766
 
767
  k = vfy_get_component_type (ref_getclass (t->klass));
768
  if (vfy_is_primitive (k))
769
    init_type_from_tag (&et, get_type_val_for_primtype (k));
770
  else
771
    init_type_from_class (&et, k);
772
  return et;
773
}
774
 
775
/* Return the array type corresponding to an initialized
776
   reference.  We could expand this to work for other kinds of
777
   types, but currently we don't need to.  */
778
static type
779
type_to_array (type *t)
780
{
781
  type at;
782
  vfy_jclass k;
783
 
784
  if (t->key != reference_type)
785
    verify_fail ("internal error in type::to_array()");
786
 
787
  k = ref_getclass (t->klass);
788
  init_type_from_class (&at, vfy_get_array_class (k));
789
  return at;
790
}
791
 
792
static bool
793
type_isreference (type *t)
794
{
795
  return t->key >= reference_type;
796
}
797
 
798
static int
799
type_get_pc (type *t)
800
{
801
  return t->pc;
802
}
803
 
804
bool
805
type_initialized (type *t)
806
{
807
  return t->key == reference_type || t->key == null_type;
808
}
809
 
810
static void
811
type_verify_dimensions (type *t, int ndims)
812
{
813
  /* The way this is written, we don't need to check isarray().  */
814
  if (t->key != reference_type)
815
    verify_fail ("internal error in verify_dimensions:"
816
                           " not a reference type");
817
 
818
  if (ref_count_dimensions (t->klass) < ndims)
819
    verify_fail ("array type has fewer dimensions"
820
                           " than required");
821
}
822
 
823
/* Merge OLD_TYPE into this.  On error throw exception.  Return
824
   true if the merge caused a type change.  */
825
static bool
826
merge_types (type *t, type *old_type, bool local_semantics)
827
{
828
  bool changed = false;
829
  bool refo = type_isreference (old_type);
830
  bool refn = type_isreference (t);
831
  if (refo && refn)
832
    {
833
      if (old_type->key == null_type)
834
        ;
835
      else if (t->key == null_type)
836
        {
837
          *t = *old_type;
838
          changed = true;
839
        }
840
      else if (type_initialized (t) != type_initialized (old_type))
841
        verify_fail ("merging initialized and uninitialized types");
842
      else
843
        {
844
          ref_intersection *merged;
845
          if (! type_initialized (t))
846
            {
847
              if (t->pc == UNINIT)
848
                t->pc = old_type->pc;
849
              else if (old_type->pc == UNINIT)
850
                ;
851
              else if (t->pc != old_type->pc)
852
                verify_fail ("merging different uninitialized types");
853
            }
854
 
855
          merged = merge_refs (old_type->klass, t->klass);
856
          if (merged != t->klass)
857
            {
858
              t->klass = merged;
859
              changed = true;
860
            }
861
        }
862
    }
863
  else if (refo || refn || t->key != old_type->key)
864
    {
865
      if (local_semantics)
866
        {
867
          /* If we already have an `unsuitable' type, then we
868
             don't need to change again.  */
869
          if (t->key != unsuitable_type)
870
            {
871
              t->key = unsuitable_type;
872
              changed = true;
873
            }
874
        }
875
      else
876
        verify_fail ("unmergeable type");
877
    }
878
  return changed;
879
}
880
 
881
#ifdef VERIFY_DEBUG
882
static void
883
type_print (type *t)
884
{
885
  char c = '?';
886
  switch (t->key)
887
    {
888
    case boolean_type: c = 'Z'; break;
889
    case byte_type: c = 'B'; break;
890
    case char_type: c = 'C'; break;
891
    case short_type: c = 'S'; break;
892
    case int_type: c = 'I'; break;
893
    case long_type: c = 'J'; break;
894
    case float_type: c = 'F'; break;
895
    case double_type: c = 'D'; break;
896
    case void_type: c = 'V'; break;
897
    case unsuitable_type: c = '-'; break;
898
    case return_address_type: c = 'r'; break;
899
    case continuation_type: c = '+'; break;
900
    case reference_type: c = 'L'; break;
901
    case null_type: c = '@'; break;
902
    case uninitialized_reference_type: c = 'U'; break;
903
    }
904
  debug_print ("%c", c);
905
}
906
#endif /* VERIFY_DEBUG */
907
 
908
/* This class holds all the state information we need for a given
909
   location. */
910
struct state
911
{
912
  /* The current top of the stack, in terms of slots.  */
913
  int stacktop;
914
  /* The current depth of the stack.  This will be larger than
915
     STACKTOP when wide types are on the stack.  */
916
  int stackdepth;
917
  /* The stack.  */
918
  type *stack;
919
  /* The local variables.  */
920
  type *locals;
921
  /* We keep track of the type of `this' specially.  This is used to
922
     ensure that an instance initializer invokes another initializer
923
     on `this' before returning.  We must keep track of this
924
     specially because otherwise we might be confused by code which
925
     assigns to locals[0] (overwriting `this') and then returns
926
     without really initializing.  */
927
  type this_type;
928
 
929
  /* The PC for this state.  This is only valid on states which are
930
     permanently attached to a given PC.  For an object like
931
     `current_state', which is used transiently, this has no
932
     meaning.  */
933
  int pc;
934
  /* We keep a linked list of all states requiring reverification.
935
     If this is the special value INVALID_STATE then this state is
936
     not on the list.  NULL marks the end of the linked list.  */
937
  state *next;
938
};
939
 
940
/* NO_NEXT is the PC value meaning that a new state must be
941
   acquired from the verification list.  */
942
#define NO_NEXT -1
943
 
944
static void
945
init_state_with_stack (state *s, int max_stack, int max_locals)
946
{
947
  int i;
948
  s->stacktop = 0;
949
  s->stackdepth = 0;
950
  s->stack = (type *) vfy_alloc (max_stack * sizeof (type));
951
  for (i = 0; i < max_stack; ++i)
952
    init_type_from_tag (&s->stack[i], unsuitable_type);
953
  s->locals = (type *) vfy_alloc (max_locals * sizeof (type));
954
  for (i = 0; i < max_locals; ++i)
955
    init_type_from_tag (&s->locals[i], unsuitable_type);
956
  init_type_from_tag (&s->this_type, unsuitable_type);
957
  s->pc = NO_NEXT;
958
  s->next = INVALID_STATE;
959
}
960
 
961
static void
962
copy_state (state *s, state *copy, int max_stack, int max_locals)
963
{
964
  int i;
965
  s->stacktop = copy->stacktop;
966
  s->stackdepth = copy->stackdepth;
967
  for (i = 0; i < max_stack; ++i)
968
    s->stack[i] = copy->stack[i];
969
  for (i = 0; i < max_locals; ++i)
970
    s->locals[i] = copy->locals[i];
971
 
972
  s->this_type = copy->this_type;
973
  /* Don't modify `next' or `pc'. */
974
}
975
 
976
static void
977
copy_state_with_stack (state *s, state *orig, int max_stack, int max_locals)
978
{
979
  init_state_with_stack (s, max_stack, max_locals);
980
  copy_state (s, orig, max_stack, max_locals);
981
}
982
 
983
/* Allocate a new state, copying ORIG. */
984
static state *
985
make_state_copy (state *orig, int max_stack, int max_locals)
986
{
987
  state *s = (state *) vfy_alloc (sizeof (state));
988
  copy_state_with_stack (s, orig, max_stack, max_locals);
989
  return s;
990
}
991
 
992
static state *
993
make_state (int max_stack, int max_locals)
994
{
995
  state *s = (state *) vfy_alloc (sizeof (state));
996
  init_state_with_stack (s, max_stack, max_locals);
997
  return s;
998
}
999
 
1000
static void
1001
free_state (state *s)
1002
{
1003
  if (s->stack != NULL)
1004
    vfy_free (s->stack);
1005
  if (s->locals != NULL)
1006
    vfy_free (s->locals);
1007
}
1008
 
1009
/* Modify this state to reflect entry to an exception handler.  */
1010
static void
1011
state_set_exception (state *s, type *t, int max_stack)
1012
{
1013
  int i;
1014
  s->stackdepth = 1;
1015
  s->stacktop = 1;
1016
  s->stack[0] = *t;
1017
  for (i = s->stacktop; i < max_stack; ++i)
1018
    init_type_from_tag (&s->stack[i], unsuitable_type);
1019
}
1020
 
1021
/* Merge STATE_OLD into this state.  Destructively modifies this
1022
   state.  Returns true if the new state was in fact changed.
1023
   Will throw an exception if the states are not mergeable.  */
1024
static bool
1025
merge_states (state *s, state *state_old, int max_locals)
1026
{
1027
  int i;
1028
  bool changed = false;
1029
 
1030
  /* Special handling for `this'.  If one or the other is
1031
     uninitialized, then the merge is uninitialized.  */
1032
  if (type_initialized (&s->this_type))
1033
    s->this_type = state_old->this_type;
1034
 
1035
  /* Merge stacks.  */
1036
  if (state_old->stacktop != s->stacktop)  /* FIXME stackdepth instead?  */
1037
    verify_fail ("stack sizes differ");
1038
  for (i = 0; i < state_old->stacktop; ++i)
1039
    {
1040
      if (merge_types (&s->stack[i], &state_old->stack[i], false))
1041
        changed = true;
1042
    }
1043
 
1044
  /* Merge local variables.  */
1045
  for (i = 0; i < max_locals; ++i)
1046
    {
1047
      if (merge_types (&s->locals[i], &state_old->locals[i], true))
1048
        changed = true;
1049
    }
1050
 
1051
  return changed;
1052
}
1053
 
1054
/* Ensure that `this' has been initialized.  */
1055
static void
1056
state_check_this_initialized (state *s)
1057
{
1058
  if (type_isreference (&s->this_type) && ! type_initialized (&s->this_type))
1059
    verify_fail ("`this' is uninitialized");
1060
}
1061
 
1062
/* Set type of `this'.  */
1063
static void
1064
state_set_this_type (state *s, type *k)
1065
{
1066
  s->this_type = *k;
1067
}
1068
 
1069
/* Mark each `new'd object we know of that was allocated at PC as
1070
   initialized.  */
1071
static void
1072
state_set_initialized (state *s, int pc, int max_locals)
1073
{
1074
  int i;
1075
  for (i = 0; i < s->stacktop; ++i)
1076
    type_set_initialized (&s->stack[i], pc);
1077
  for (i = 0; i < max_locals; ++i)
1078
    type_set_initialized (&s->locals[i], pc);
1079
  type_set_initialized (&s->this_type, pc);
1080
}
1081
 
1082
/* This tests to see whether two states can be considered "merge
1083
   compatible".  If both states have a return-address in the same
1084
   slot, and the return addresses are different, then they are not
1085
   compatible and we must not try to merge them.  */
1086
static bool
1087
state_mergeable_p (state *s, state *other, int max_locals)
1088
 
1089
{
1090
  int i;
1091
 
1092
  /* This is tricky: if the stack sizes differ, then not only are
1093
     these not mergeable, but in fact we should give an error, as
1094
     we've found two execution paths that reach a branch target
1095
     with different stack depths.  FIXME stackdepth instead?  */
1096
  if (s->stacktop != other->stacktop)
1097
    verify_fail ("stack sizes differ");
1098
 
1099
  for (i = 0; i < s->stacktop; ++i)
1100
    if (! type_state_mergeable_p (&s->stack[i], &other->stack[i]))
1101
      return false;
1102
  for (i = 0; i < max_locals; ++i)
1103
    if (! type_state_mergeable_p (&s->locals[i], &other->locals[i]))
1104
      return false;
1105
  return true;
1106
}
1107
 
1108
static void
1109
state_reverify (state *s)
1110
{
1111
  if (s->next == INVALID_STATE)
1112
    {
1113
      s->next = vfr->next_verify_state;
1114
      vfr->next_verify_state = s;
1115
    }
1116
}
1117
 
1118
#ifdef VERIFY_DEBUG
1119
static void
1120
debug_print_state (state *s, const char *leader, int pc, int max_stack,
1121
                   int max_locals)
1122
{
1123
  int i;
1124
  debug_print ("%s [%4d]:   [stack] ", leader, pc);
1125
  for (i = 0; i < s->stacktop; ++i)
1126
    type_print (&s->stack[i]);
1127
  for (; i < max_stack; ++i)
1128
    debug_print (".");
1129
  debug_print ("    [local] ");
1130
  for (i = 0; i < max_locals; ++i)
1131
    type_print (&s->locals[i]);
1132
  debug_print (" | %p\n", s);
1133
}
1134
#else
1135
static void
1136
debug_print_state (state *s ATTRIBUTE_UNUSED,
1137
                   const char *leader ATTRIBUTE_UNUSED,
1138
                   int pc ATTRIBUTE_UNUSED, int max_stack ATTRIBUTE_UNUSED,
1139
                   int max_locals ATTRIBUTE_UNUSED)
1140
{
1141
}
1142
#endif /* VERIFY_DEBUG */
1143
 
1144
static type
1145
pop_raw (void)
1146
{
1147
  type r;
1148
  state *s = vfr->current_state;
1149
  if (s->stacktop <= 0)
1150
    verify_fail ("stack empty");
1151
  r = s->stack[--s->stacktop];
1152
  s->stackdepth -= type_depth (&r);
1153
  if (s->stackdepth < 0)
1154
    verify_fail_pc ("stack empty", vfr->start_PC);
1155
  return r;
1156
}
1157
 
1158
static type
1159
pop32 (void)
1160
{
1161
  type r = pop_raw ();
1162
  if (type_iswide (&r))
1163
    verify_fail ("narrow pop of wide type");
1164
  return r;
1165
}
1166
 
1167
static type
1168
vfy_pop_type_t (type match)
1169
{
1170
  type t;
1171
  vfy_promote_type (&match);
1172
  t = pop_raw ();
1173
  if (! types_compatible (&match, &t))
1174
    verify_fail ("incompatible type on stack");
1175
  return t;
1176
}
1177
 
1178
static type
1179
vfy_pop_type (type_val match)
1180
{
1181
  type t = make_type (match);
1182
  return vfy_pop_type_t (t);
1183
}
1184
 
1185
#define pop_type vfy_pop_type
1186
#define pop_type_t vfy_pop_type_t
1187
 
1188
/* Pop a reference which is guaranteed to be initialized.  MATCH
1189
   doesn't have to be a reference type; in this case this acts like
1190
   pop_type.  */
1191
static type
1192
pop_init_ref_t (type match)
1193
{
1194
  type t = pop_raw ();
1195
  if (type_isreference (&t) && ! type_initialized (&t))
1196
    verify_fail ("initialized reference required");
1197
  else if (! types_compatible (&match, &t))
1198
    verify_fail ("incompatible type on stack");
1199
  return t;
1200
}
1201
 
1202
static type
1203
pop_init_ref (type_val match)
1204
{
1205
  type t = make_type (match);
1206
  return pop_init_ref_t (t);
1207
}
1208
 
1209
/* Pop a reference type or a return address.  */
1210
static type
1211
pop_ref_or_return (void)
1212
{
1213
  type t = pop_raw ();
1214
  if (! type_isreference (&t) && t.key != return_address_type)
1215
    verify_fail ("expected reference or return address on stack");
1216
  return t;
1217
}
1218
 
1219
static void
1220
vfy_push_type_t (type t)
1221
{
1222
  int depth;
1223
  state *s = vfr->current_state;
1224
  /* If T is a numeric type like short, promote it to int.  */
1225
  promote_type (&t);
1226
 
1227
  depth = type_depth (&t);
1228
 
1229
  if (s->stackdepth + depth > vfr->current_method->max_stack)
1230
    verify_fail ("stack overflow");
1231
  s->stack[s->stacktop++] = t;
1232
  s->stackdepth += depth;
1233
}
1234
 
1235
static void
1236
vfy_push_type (type_val tval)
1237
{
1238
  type t = make_type (tval);
1239
  vfy_push_type_t (t);
1240
}
1241
 
1242
#define push_type vfy_push_type
1243
#define push_type_t vfy_push_type_t
1244
 
1245
static void
1246
set_variable (int index, type t)
1247
{
1248
  int depth;
1249
  state *s = vfr->current_state;
1250
  /* If T is a numeric type like short, promote it to int.  */
1251
  promote_type (&t);
1252
 
1253
  depth = type_depth (&t);
1254
  if (index > vfr->current_method->max_locals - depth)
1255
    verify_fail ("invalid local variable");
1256
  s->locals[index] = t;
1257
 
1258
  if (depth == 2)
1259
    init_type_from_tag (&s->locals[index + 1], continuation_type);
1260
  if (index > 0 && type_iswide (&s->locals[index - 1]))
1261
    init_type_from_tag (&s->locals[index - 1], unsuitable_type);
1262
}
1263
 
1264
static type
1265
get_variable_t (int index, type *t)
1266
{
1267
  state *s = vfr->current_state;
1268
  int depth = type_depth (t);
1269
  if (index > vfr->current_method->max_locals - depth)
1270
    verify_fail ("invalid local variable");
1271
  if (! types_compatible (t, &s->locals[index]))
1272
    verify_fail ("incompatible type in local variable");
1273
  if (depth == 2)
1274
    {
1275
      type cont = make_type (continuation_type);
1276
      if (! types_compatible (&s->locals[index + 1], &cont))
1277
        verify_fail ("invalid local variable");
1278
    }
1279
  return s->locals[index];
1280
}
1281
 
1282
static type
1283
get_variable (int index, type_val v)
1284
{
1285
  type t = make_type (v);
1286
  return get_variable_t (index, &t);
1287
}
1288
 
1289
/* Make sure ARRAY is an array type and that its elements are
1290
   compatible with type ELEMENT.  Returns the actual element type.  */
1291
static type
1292
require_array_type_t (type array, type element)
1293
{
1294
  type t;
1295
  /* An odd case.  Here we just pretend that everything went ok.  If
1296
     the requested element type is some kind of reference, return
1297
     the null type instead.  */
1298
  if (type_isnull (&array))
1299
    return type_isreference (&element) ? make_type (null_type) : element;
1300
 
1301
  if (! type_isarray (&array))
1302
    verify_fail ("array required");
1303
 
1304
  t = type_array_element (&array);
1305
  if (! types_compatible (&element, &t))
1306
    {
1307
      /* Special case for byte arrays, which must also be boolean
1308
         arrays.  */
1309
      bool ok = true;
1310
      if (element.key == byte_type)
1311
        {
1312
          type e2 = make_type (boolean_type);
1313
          ok = types_compatible (&e2, &t);
1314
        }
1315
      if (! ok)
1316
        verify_fail ("incompatible array element type");
1317
    }
1318
 
1319
  /* Return T and not ELEMENT, because T might be specialized.  */
1320
  return t;
1321
}
1322
 
1323
static type
1324
require_array_type (type array, type_val element)
1325
{
1326
  type t = make_type (element);
1327
  return require_array_type_t (array, t);
1328
}
1329
 
1330
static jint
1331
get_byte (void)
1332
{
1333
  if (vfr->PC >= vfr->current_method->code_length)
1334
    verify_fail ("premature end of bytecode");
1335
  return (jint) vfr->bytecode[vfr->PC++] & 0xff;
1336
}
1337
 
1338
static jint
1339
get_ushort (void)
1340
{
1341
  jint b1 = get_byte ();
1342
  jint b2 = get_byte ();
1343
  return (jint) ((b1 << 8) | b2) & 0xffff;
1344
}
1345
 
1346
static jint
1347
get_short (void)
1348
{
1349
  signed char b1 = (signed char) get_byte ();
1350
  jint b2 = get_byte ();
1351
  jshort s = (b1 << 8) | b2;
1352
  return (jint) s;
1353
}
1354
 
1355
static jint
1356
get_int (void)
1357
{
1358
  jint b1 = get_byte ();
1359
  jint b2 = get_byte ();
1360
  jint b3 = get_byte ();
1361
  jint b4 = get_byte ();
1362
  jword result = (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1363
  /* In the compiler, 'jint' might have more than 32 bits, so we must
1364
     sign extend.  */
1365
  return WORD_TO_INT (result);
1366
}
1367
 
1368
static int
1369
compute_jump (int offset)
1370
{
1371
  int npc = vfr->start_PC + offset;
1372
  if (npc < 0 || npc >= vfr->current_method->code_length)
1373
    verify_fail_pc ("branch out of range", vfr->start_PC);
1374
  return npc;
1375
}
1376
 
1377
/* Add a new state to the state list at NPC.  */
1378
static state *
1379
add_new_state (int npc, state *old_state)
1380
{
1381
  state_list *nlink;
1382
  vfy_method *current_method = vfr->current_method;
1383
  state *new_state = make_state_copy (old_state, current_method->max_stack,
1384
                                      current_method->max_locals);
1385
  debug_print ("== New state in add_new_state\n");
1386
  debug_print_state (new_state, "New", npc, current_method->max_stack,
1387
                    current_method->max_locals);
1388
 
1389
  nlink = (state_list *) vfy_alloc (sizeof (state_list));
1390
  nlink->val = new_state;
1391
  nlink->next = vfr->states[npc];
1392
  vfr->states[npc] = nlink;
1393
  new_state->pc = npc;
1394
  return new_state;
1395
}
1396
 
1397
/* Merge the indicated state into the state at the branch target and
1398
   schedule a new PC if there is a change.  NPC is the PC of the
1399
   branch target, and FROM_STATE is the state at the source of the
1400
   branch.  This method returns true if the destination state
1401
   changed and requires reverification, false otherwise.  */
1402
static void
1403
merge_into (int npc, state *from_state)
1404
{
1405
  /* Iterate over all target states and merge our state into each,
1406
     if applicable.  FIXME one improvement we could make here is
1407
     "state destruction".  Merging a new state into an existing one
1408
     might cause a return_address_type to be merged to
1409
     unsuitable_type.  In this case the resulting state may now be
1410
     mergeable with other states currently held in parallel at this
1411
     location.  So in this situation we could pairwise compare and
1412
     reduce the number of parallel states.  */
1413
  state_list *iter;
1414
  bool applicable = false;
1415
  for (iter = vfr->states[npc]; iter != NULL; iter = iter->next)
1416
    {
1417
      state *new_state = iter->val;
1418
      vfy_method *current_method = vfr->current_method;
1419
 
1420
      if (state_mergeable_p (new_state, from_state,
1421
                                        current_method->max_locals))
1422
        {
1423
          bool changed;
1424
          applicable = true;
1425
 
1426
          debug_print ("== Merge states in merge_into\n");
1427
          debug_print_state (from_state, "Frm", vfr->start_PC, current_method->max_stack,
1428
                             current_method->max_locals);
1429
          debug_print_state (new_state, " To", npc, current_method->max_stack,
1430
                            current_method->max_locals);
1431
          changed = merge_states (new_state, from_state,
1432
                                  current_method->max_locals);
1433
          debug_print_state (new_state, "New", npc, current_method->max_stack,
1434
                            current_method->max_locals);
1435
 
1436
          if (changed)
1437
            state_reverify (new_state);
1438
        }
1439
    }
1440
 
1441
  if (! applicable)
1442
    {
1443
      /* Either we don't yet have a state at NPC, or we have a
1444
         return-address type that is in conflict with all existing
1445
         state.  So, we need to create a new entry.  */
1446
      state *new_state = add_new_state (npc, from_state);
1447
      /* A new state added in this way must always be reverified.  */
1448
      state_reverify (new_state);
1449
    }
1450
}
1451
 
1452
static void
1453
push_jump (int offset)
1454
{
1455
  int npc = compute_jump (offset);
1456
  /* According to the JVM Spec, we need to check for uninitialized
1457
     objects here.  However, this does not actually affect type
1458
     safety, and the Eclipse java compiler generates code that
1459
     violates this constraint.  */
1460
  merge_into (npc, vfr->current_state);
1461
}
1462
 
1463
static void
1464
push_exception_jump (type t, int pc)
1465
{
1466
  state s;
1467
  /* According to the JVM Spec, we need to check for uninitialized
1468
     objects here.  However, this does not actually affect type
1469
     safety, and the Eclipse java compiler generates code that
1470
     violates this constraint.  */
1471
  copy_state_with_stack (&s, vfr->current_state,
1472
                         vfr->current_method->max_stack,
1473
                         vfr->current_method->max_locals);
1474
  if (vfr->current_method->max_stack < 1)
1475
    verify_fail ("stack overflow at exception handler");
1476
  state_set_exception (&s, &t, vfr->current_method->max_stack);
1477
  merge_into (pc, &s);
1478
  /* FIXME: leak.. need free_state or GC */
1479
}
1480
 
1481
static state *
1482
pop_jump (void)
1483
{
1484
  state *new_state = vfr->next_verify_state;
1485
  if (new_state == INVALID_STATE)
1486
    verify_fail ("programmer error in pop_jump");
1487
  if (new_state != NULL)
1488
    {
1489
      vfr->next_verify_state = new_state->next;
1490
      new_state->next = INVALID_STATE;
1491
    }
1492
  return new_state;
1493
}
1494
 
1495
static void
1496
invalidate_pc (void)
1497
{
1498
  vfr->PC = NO_NEXT;
1499
}
1500
 
1501
static void
1502
note_branch_target (int pc)
1503
{
1504
  /* Don't check `pc <= PC', because we've advanced PC after
1505
     fetching the target and we haven't yet checked the next
1506
     instruction.  */
1507
  if (pc < vfr->PC && ! (vfr->flags[pc] & FLAG_INSN_START))
1508
    verify_fail_pc ("branch not to instruction start", vfr->start_PC);
1509
  vfr->flags[pc] |= FLAG_BRANCH_TARGET;
1510
}
1511
 
1512
static void
1513
skip_padding (void)
1514
{
1515
  while ((vfr->PC % 4) > 0)
1516
    if (get_byte () != 0)
1517
      verify_fail ("found nonzero padding byte");
1518
}
1519
 
1520
/* Do the work for a `ret' instruction.  INDEX is the index into the
1521
   local variables.  */
1522
static void
1523
handle_ret_insn (int index)
1524
{
1525
  type ret = make_type (return_address_type);
1526
  type ret_addr = get_variable_t (index, &ret);
1527
  /* It would be nice if we could do this.  However, the JVM Spec
1528
     doesn't say that this is what happens.  It is implied that
1529
     reusing a return address is invalid, but there's no actual
1530
     prohibition against it.  */
1531
  /* set_variable (index, unsuitable_type); */
1532
 
1533
  int npc = type_get_pc (&ret_addr);
1534
  /* We might be returning to a `jsr' that is at the end of the
1535
     bytecode.  This is ok if we never return from the called
1536
     subroutine, but if we see this here it is an error.  */
1537
  if (npc >= vfr->current_method->code_length)
1538
    verify_fail ("fell off end");
1539
 
1540
  /* According to the JVM Spec, we need to check for uninitialized
1541
     objects here.  However, this does not actually affect type
1542
     safety, and the Eclipse java compiler generates code that
1543
     violates this constraint.  */
1544
  merge_into (npc, vfr->current_state);
1545
  invalidate_pc ();
1546
}
1547
 
1548
static void handle_jsr_insn (int offset)
1549
{
1550
  type ret_addr;
1551
  int npc = compute_jump (offset);
1552
 
1553
  /* According to the JVM Spec, we need to check for uninitialized
1554
     objects here.  However, this does not actually affect type
1555
     safety, and the Eclipse java compiler generates code that
1556
     violates this constraint.  */
1557
 
1558
  /* Modify our state as appropriate for entry into a subroutine.  */
1559
  ret_addr = make_type (return_address_type);
1560
  type_set_return_address (&ret_addr, vfr->PC);
1561
  vfy_push_type_t (ret_addr);
1562
  merge_into (npc, vfr->current_state);
1563
  invalidate_pc ();
1564
}
1565
 
1566
static vfy_jclass
1567
construct_primitive_array_type (type_val prim)
1568
{
1569
  vfy_jclass k = NULL;
1570
  switch (prim)
1571
    {
1572
    case boolean_type:
1573
    case char_type:
1574
    case float_type:
1575
    case double_type:
1576
    case byte_type:
1577
    case short_type:
1578
    case int_type:
1579
    case long_type:
1580
      k = vfy_get_primitive_type ((int) prim);
1581
      break;
1582
 
1583
    /* These aren't used here but we call them out to avoid
1584
       warnings.  */
1585
    case void_type:
1586
    case unsuitable_type:
1587
    case return_address_type:
1588
    case continuation_type:
1589
    case reference_type:
1590
    case null_type:
1591
    case uninitialized_reference_type:
1592
    default:
1593
      verify_fail ("unknown type in construct_primitive_array_type");
1594
    }
1595
  k = vfy_get_array_class (k);
1596
  return k;
1597
}
1598
 
1599
/* This pass computes the location of branch targets and also
1600
   instruction starts.  */
1601
static void
1602
branch_prepass (void)
1603
{
1604
  int i, pc;
1605
  vfr->flags = (char *) vfy_alloc (vfr->current_method->code_length);
1606
 
1607
  for (i = 0; i < vfr->current_method->code_length; ++i)
1608
    vfr->flags[i] = 0;
1609
 
1610
  vfr->PC = 0;
1611
  while (vfr->PC < vfr->current_method->code_length)
1612
    {
1613
      java_opcode opcode;
1614
      /* Set `start_PC' early so that error checking can have the
1615
         correct value.  */
1616
      vfr->start_PC = vfr->PC;
1617
      vfr->flags[vfr->PC] |= FLAG_INSN_START;
1618
 
1619
      opcode = (java_opcode) vfr->bytecode[vfr->PC++];
1620
      switch (opcode)
1621
        {
1622
        case op_nop:
1623
        case op_aconst_null:
1624
        case op_iconst_m1:
1625
        case op_iconst_0:
1626
        case op_iconst_1:
1627
        case op_iconst_2:
1628
        case op_iconst_3:
1629
        case op_iconst_4:
1630
        case op_iconst_5:
1631
        case op_lconst_0:
1632
        case op_lconst_1:
1633
        case op_fconst_0:
1634
        case op_fconst_1:
1635
        case op_fconst_2:
1636
        case op_dconst_0:
1637
        case op_dconst_1:
1638
        case op_iload_0:
1639
        case op_iload_1:
1640
        case op_iload_2:
1641
        case op_iload_3:
1642
        case op_lload_0:
1643
        case op_lload_1:
1644
        case op_lload_2:
1645
        case op_lload_3:
1646
        case op_fload_0:
1647
        case op_fload_1:
1648
        case op_fload_2:
1649
        case op_fload_3:
1650
        case op_dload_0:
1651
        case op_dload_1:
1652
        case op_dload_2:
1653
        case op_dload_3:
1654
        case op_aload_0:
1655
        case op_aload_1:
1656
        case op_aload_2:
1657
        case op_aload_3:
1658
        case op_iaload:
1659
        case op_laload:
1660
        case op_faload:
1661
        case op_daload:
1662
        case op_aaload:
1663
        case op_baload:
1664
        case op_caload:
1665
        case op_saload:
1666
        case op_istore_0:
1667
        case op_istore_1:
1668
        case op_istore_2:
1669
        case op_istore_3:
1670
        case op_lstore_0:
1671
        case op_lstore_1:
1672
        case op_lstore_2:
1673
        case op_lstore_3:
1674
        case op_fstore_0:
1675
        case op_fstore_1:
1676
        case op_fstore_2:
1677
        case op_fstore_3:
1678
        case op_dstore_0:
1679
        case op_dstore_1:
1680
        case op_dstore_2:
1681
        case op_dstore_3:
1682
        case op_astore_0:
1683
        case op_astore_1:
1684
        case op_astore_2:
1685
        case op_astore_3:
1686
        case op_iastore:
1687
        case op_lastore:
1688
        case op_fastore:
1689
        case op_dastore:
1690
        case op_aastore:
1691
        case op_bastore:
1692
        case op_castore:
1693
        case op_sastore:
1694
        case op_pop:
1695
        case op_pop2:
1696
        case op_dup:
1697
        case op_dup_x1:
1698
        case op_dup_x2:
1699
        case op_dup2:
1700
        case op_dup2_x1:
1701
        case op_dup2_x2:
1702
        case op_swap:
1703
        case op_iadd:
1704
        case op_isub:
1705
        case op_imul:
1706
        case op_idiv:
1707
        case op_irem:
1708
        case op_ishl:
1709
        case op_ishr:
1710
        case op_iushr:
1711
        case op_iand:
1712
        case op_ior:
1713
        case op_ixor:
1714
        case op_ladd:
1715
        case op_lsub:
1716
        case op_lmul:
1717
        case op_ldiv:
1718
        case op_lrem:
1719
        case op_lshl:
1720
        case op_lshr:
1721
        case op_lushr:
1722
        case op_land:
1723
        case op_lor:
1724
        case op_lxor:
1725
        case op_fadd:
1726
        case op_fsub:
1727
        case op_fmul:
1728
        case op_fdiv:
1729
        case op_frem:
1730
        case op_dadd:
1731
        case op_dsub:
1732
        case op_dmul:
1733
        case op_ddiv:
1734
        case op_drem:
1735
        case op_ineg:
1736
        case op_i2b:
1737
        case op_i2c:
1738
        case op_i2s:
1739
        case op_lneg:
1740
        case op_fneg:
1741
        case op_dneg:
1742
        case op_i2l:
1743
        case op_i2f:
1744
        case op_i2d:
1745
        case op_l2i:
1746
        case op_l2f:
1747
        case op_l2d:
1748
        case op_f2i:
1749
        case op_f2l:
1750
        case op_f2d:
1751
        case op_d2i:
1752
        case op_d2l:
1753
        case op_d2f:
1754
        case op_lcmp:
1755
        case op_fcmpl:
1756
        case op_fcmpg:
1757
        case op_dcmpl:
1758
        case op_dcmpg:
1759
        case op_monitorenter:
1760
        case op_monitorexit:
1761
        case op_ireturn:
1762
        case op_lreturn:
1763
        case op_freturn:
1764
        case op_dreturn:
1765
        case op_areturn:
1766
        case op_return:
1767
        case op_athrow:
1768
        case op_arraylength:
1769
          break;
1770
 
1771
        case op_bipush:
1772
        case op_ldc:
1773
        case op_iload:
1774
        case op_lload:
1775
        case op_fload:
1776
        case op_dload:
1777
        case op_aload:
1778
        case op_istore:
1779
        case op_lstore:
1780
        case op_fstore:
1781
        case op_dstore:
1782
        case op_astore:
1783
        case op_ret:
1784
        case op_newarray:
1785
          get_byte ();
1786
          break;
1787
 
1788
        case op_iinc:
1789
        case op_sipush:
1790
        case op_ldc_w:
1791
        case op_ldc2_w:
1792
        case op_getstatic:
1793
        case op_getfield:
1794
        case op_putfield:
1795
        case op_putstatic:
1796
        case op_new:
1797
        case op_anewarray:
1798
        case op_instanceof:
1799
        case op_checkcast:
1800
        case op_invokespecial:
1801
        case op_invokestatic:
1802
        case op_invokevirtual:
1803
          get_short ();
1804
          break;
1805
 
1806
        case op_multianewarray:
1807
          get_short ();
1808
          get_byte ();
1809
          break;
1810
 
1811
        case op_jsr:
1812
        case op_ifeq:
1813
        case op_ifne:
1814
        case op_iflt:
1815
        case op_ifge:
1816
        case op_ifgt:
1817
        case op_ifle:
1818
        case op_if_icmpeq:
1819
        case op_if_icmpne:
1820
        case op_if_icmplt:
1821
        case op_if_icmpge:
1822
        case op_if_icmpgt:
1823
        case op_if_icmple:
1824
        case op_if_acmpeq:
1825
        case op_if_acmpne:
1826
        case op_ifnull:
1827
        case op_ifnonnull:
1828
        case op_goto:
1829
          note_branch_target (compute_jump (get_short ()));
1830
          break;
1831
 
1832
        case op_tableswitch:
1833
          {
1834
            jint low, hi;
1835
            skip_padding ();
1836
            note_branch_target (compute_jump (get_int ()));
1837
            low = get_int ();
1838
            hi = get_int ();
1839
            if (low > hi)
1840
              verify_fail_pc ("invalid tableswitch", vfr->start_PC);
1841
            for (i = low; i <= hi; ++i)
1842
              note_branch_target (compute_jump (get_int ()));
1843
          }
1844
          break;
1845
 
1846
        case op_lookupswitch:
1847
          {
1848
            int npairs;
1849
            skip_padding ();
1850
            note_branch_target (compute_jump (get_int ()));
1851
            npairs = get_int ();
1852
            if (npairs < 0)
1853
              verify_fail_pc ("too few pairs in lookupswitch", vfr->start_PC);
1854
            while (npairs-- > 0)
1855
              {
1856
                get_int ();
1857
                note_branch_target (compute_jump (get_int ()));
1858
              }
1859
          }
1860
          break;
1861
 
1862
        case op_invokeinterface:
1863
          get_short ();
1864
          get_byte ();
1865
          get_byte ();
1866
          break;
1867
 
1868
        case op_wide:
1869
          {
1870
            opcode = (java_opcode) get_byte ();
1871
            get_short ();
1872
            if (opcode == op_iinc)
1873
              get_short ();
1874
          }
1875
          break;
1876
 
1877
        case op_jsr_w:
1878
        case op_goto_w:
1879
          note_branch_target (compute_jump (get_int ()));
1880
          break;
1881
 
1882
#if 0
1883
        /* These are unused here, but we call them out explicitly
1884
           so that -Wswitch-enum doesn't complain.  */
1885
        case op_putfield_1:
1886
        case op_putfield_2:
1887
        case op_putfield_4:
1888
        case op_putfield_8:
1889
        case op_putfield_a:
1890
        case op_putstatic_1:
1891
        case op_putstatic_2:
1892
        case op_putstatic_4:
1893
        case op_putstatic_8:
1894
        case op_putstatic_a:
1895
        case op_getfield_1:
1896
        case op_getfield_2s:
1897
        case op_getfield_2u:
1898
        case op_getfield_4:
1899
        case op_getfield_8:
1900
        case op_getfield_a:
1901
        case op_getstatic_1:
1902
        case op_getstatic_2s:
1903
        case op_getstatic_2u:
1904
        case op_getstatic_4:
1905
        case op_getstatic_8:
1906
        case op_getstatic_a:
1907
#endif /* VFY_FAST_OPCODES  */
1908
        default:
1909
          verify_fail_pc ("unrecognized instruction in branch_prepass",
1910
                          vfr->start_PC);
1911
        }
1912
 
1913
      /* See if any previous branch tried to branch to the middle of
1914
         this instruction.  */
1915
      for (pc = vfr->start_PC + 1; pc < vfr->PC; ++pc)
1916
        {
1917
          if ((vfr->flags[pc] & FLAG_BRANCH_TARGET))
1918
            verify_fail_pc ("branch to middle of instruction", pc);
1919
        }
1920
    }
1921
 
1922
  /* Verify exception handlers.  */
1923
  for (i = 0; i < vfr->current_method->exc_count; ++i)
1924
    {
1925
      int handler, start, end, htype;
1926
      vfy_get_exception (vfr->exception, i, &handler, &start, &end, &htype);
1927
      if (! (vfr->flags[handler] & FLAG_INSN_START))
1928
        verify_fail_pc ("exception handler not at instruction start",
1929
                        handler);
1930
      if (! (vfr->flags[start] & FLAG_INSN_START))
1931
        verify_fail_pc ("exception start not at instruction start", start);
1932
      if (end != vfr->current_method->code_length
1933
          && ! (vfr->flags[end] & FLAG_INSN_START))
1934
        verify_fail_pc ("exception end not at instruction start", end);
1935
 
1936
      vfr->flags[handler] |= FLAG_BRANCH_TARGET;
1937
    }
1938
}
1939
 
1940
static void
1941
check_pool_index (int index)
1942
{
1943
  if (index < 0 || index >= vfy_get_constants_size (vfr->current_class))
1944
    verify_fail_pc ("constant pool index out of range", vfr->start_PC);
1945
}
1946
 
1947
static type
1948
check_class_constant (int index)
1949
{
1950
  type t = { (type_val) 0, 0, 0 };
1951
  vfy_constants *pool;
1952
 
1953
  check_pool_index (index);
1954
  pool = vfy_get_constants (vfr->current_class);
1955
  if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1956
    init_type_from_class (&t, vfy_get_pool_class (pool, index));
1957
  else if (vfy_tag (pool, index) == JV_CONSTANT_Class)
1958
    init_type_from_string (&t, vfy_get_pool_string (pool, index));
1959
  else
1960
    verify_fail_pc ("expected class constant", vfr->start_PC);
1961
  return t;
1962
}
1963
 
1964
static type
1965
check_constant (int index)
1966
{
1967
  type t = { (type_val) 0, 0, 0 };
1968
  vfy_constants *pool;
1969
 
1970
  check_pool_index (index);
1971
  pool = vfy_get_constants (vfr->current_class);
1972
  if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedString
1973
      || vfy_tag (pool, index) == JV_CONSTANT_String)
1974
    init_type_from_class (&t, vfy_string_type ());
1975
  else if (vfy_tag (pool, index) == JV_CONSTANT_Integer)
1976
    init_type_from_tag (&t, int_type);
1977
  else if (vfy_tag (pool, index) == JV_CONSTANT_Float)
1978
    init_type_from_tag (&t, float_type);
1979
  else if (vfy_tag (pool, index) == JV_CONSTANT_Class
1980
           || vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass)
1981
    /* FIXME: should only allow this for 1.5 bytecode.  */
1982
    init_type_from_class (&t, vfy_class_type ());
1983
  else
1984
    verify_fail_pc ("String, int, or float constant expected", vfr->start_PC);
1985
  return t;
1986
}
1987
 
1988
static type
1989
check_wide_constant (int index)
1990
{
1991
  type t = { (type_val) 0, 0, 0 };
1992
  vfy_constants *pool;
1993
 
1994
  check_pool_index (index);
1995
  pool = vfy_get_constants (vfr->current_class);
1996
  if (vfy_tag (pool, index) == JV_CONSTANT_Long)
1997
    init_type_from_tag (&t, long_type);
1998
  else if (vfy_tag (pool, index) == JV_CONSTANT_Double)
1999
    init_type_from_tag (&t, double_type);
2000
  else
2001
    verify_fail_pc ("long or double constant expected", vfr->start_PC);
2002
  return t;
2003
}
2004
 
2005
/* Helper for both field and method.  These are laid out the same in
2006
   the constant pool.  */
2007
static type
2008
handle_field_or_method (int index, int expected,
2009
                        vfy_string *name, vfy_string *fmtype)
2010
{
2011
  vfy_uint_16 class_index, name_and_type_index;
2012
  vfy_uint_16 name_index, desc_index;
2013
  vfy_constants *pool;
2014
 
2015
  check_pool_index (index);
2016
  pool = vfy_get_constants (vfr->current_class);
2017
  if (vfy_tag (pool, index) != expected)
2018
    verify_fail_pc ("didn't see expected constant", vfr->start_PC);
2019
  /* Once we know we have a Fieldref or Methodref we assume that it
2020
     is correctly laid out in the constant pool.  I think the code
2021
     in defineclass.cc guarantees this.  */
2022
  vfy_load_indexes (pool, index, &class_index, &name_and_type_index);
2023
  vfy_load_indexes (pool, name_and_type_index, &name_index, &desc_index);
2024
 
2025
  *name = vfy_get_pool_string (pool, name_index);
2026
  *fmtype = vfy_get_pool_string (pool, desc_index);
2027
 
2028
  return check_class_constant (class_index);
2029
}
2030
 
2031
/* Return field's type, compute class' type if requested.  If
2032
   PUTFIELD is true, use the special 'putfield' semantics.  */
2033
static type
2034
check_field_constant (int index, type *class_type, bool putfield)
2035
{
2036
  vfy_string name, field_type;
2037
  const char *typec;
2038
  type t;
2039
 
2040
  type ct = handle_field_or_method (index,
2041
                                    JV_CONSTANT_Fieldref,
2042
                                    &name, &field_type);
2043
  if (class_type)
2044
    *class_type = ct;
2045
  typec = vfy_string_bytes (field_type);
2046
  if (typec[0] == '[' || typec[0] == 'L')
2047
    init_type_from_string (&t, field_type);
2048
  else
2049
    init_type_from_tag (&t, get_type_val_for_signature (typec[0]));
2050
 
2051
  /* We have an obscure special case here: we can use `putfield' on a
2052
     field declared in this class, even if `this' has not yet been
2053
     initialized.  */
2054
  if (putfield
2055
      && ! type_initialized (&vfr->current_state->this_type)
2056
      && vfr->current_state->this_type.pc == SELF
2057
      && types_equal (&vfr->current_state->this_type, &ct)
2058
      && vfy_class_has_field (vfr->current_class, name, field_type))
2059
    /* Note that we don't actually know whether we're going to match
2060
       against 'this' or some other object of the same type.  So,
2061
       here we set things up so that it doesn't matter.  This relies
2062
       on knowing what our caller is up to.  */
2063
    type_set_uninitialized (class_type, EITHER);
2064
 
2065
  return t;
2066
}
2067
 
2068
static type
2069
check_method_constant (int index, bool is_interface,
2070
                            vfy_string *method_name,
2071
                            vfy_string *method_signature)
2072
{
2073
  return handle_field_or_method (index,
2074
                                 (is_interface
2075
                                  ? JV_CONSTANT_InterfaceMethodref
2076
                                  : JV_CONSTANT_Methodref),
2077
                                 method_name, method_signature);
2078
}
2079
 
2080
static const char *
2081
get_one_type (const char *p, type *t)
2082
{
2083
  const char *start = p;
2084
  vfy_jclass k;
2085
  type_val rt;
2086
  char v;
2087
 
2088
  int arraycount = 0;
2089
  while (*p == '[')
2090
    {
2091
      ++arraycount;
2092
      ++p;
2093
    }
2094
 
2095
  v = *p++;
2096
 
2097
  if (v == 'L')
2098
    {
2099
      vfy_string name;
2100
      while (*p != ';')
2101
        ++p;
2102
      ++p;
2103
      name = vfy_get_string (start, p - start);
2104
      *t = make_type_from_string (name);
2105
      return p;
2106
    }
2107
 
2108
  /* Casting to jchar here is ok since we are looking at an ASCII
2109
     character.  */
2110
  rt = get_type_val_for_signature (v);
2111
 
2112
  if (arraycount == 0)
2113
    {
2114
      /* Callers of this function eventually push their arguments on
2115
         the stack.  So, promote them here.  */
2116
      type new_t = make_type (rt);
2117
      vfy_promote_type (&new_t);
2118
      *t = new_t;
2119
      return p;
2120
    }
2121
 
2122
  k = construct_primitive_array_type (rt);
2123
  while (--arraycount > 0)
2124
    k = vfy_get_array_class (k);
2125
  *t = make_type_from_class (k);
2126
  return p;
2127
}
2128
 
2129
static void
2130
compute_argument_types (vfy_string signature, type *types)
2131
{
2132
  int i;
2133
  const char *p = vfy_string_bytes (signature);
2134
 
2135
  /* Skip `('.  */
2136
  ++p;
2137
 
2138
  i = 0;
2139
  while (*p != ')')
2140
    p = get_one_type (p, &types[i++]);
2141
}
2142
 
2143
static type
2144
compute_return_type (vfy_string signature)
2145
{
2146
  const char *p = vfy_string_bytes (signature);
2147
  type t;
2148
  while (*p != ')')
2149
    ++p;
2150
  ++p;
2151
  get_one_type (p, &t);
2152
  return t;
2153
}
2154
 
2155
static void
2156
check_return_type (type onstack)
2157
{
2158
  type rt = compute_return_type (vfy_get_signature (vfr->current_method));
2159
  if (! types_compatible (&rt, &onstack))
2160
    verify_fail ("incompatible return type");
2161
}
2162
 
2163
/* Initialize the stack for the new method.  Returns true if this
2164
   method is an instance initializer.  */
2165
static bool
2166
initialize_stack (void)
2167
{
2168
  int arg_count, i;
2169
  int var = 0;
2170
  bool is_init = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2171
                                    vfy_init_name());
2172
  bool is_clinit = vfy_strings_equal (vfy_get_method_name (vfr->current_method),
2173
                                      vfy_clinit_name());
2174
 
2175
  if (! vfy_is_static (vfr->current_method))
2176
    {
2177
      type kurr = make_type_from_class (vfr->current_class);
2178
      if (is_init)
2179
        {
2180
          type_set_uninitialized (&kurr, SELF);
2181
          is_init = true;
2182
        }
2183
      else if (is_clinit)
2184
        verify_fail ("<clinit> method must be static");
2185
      set_variable (0, kurr);
2186
      state_set_this_type (vfr->current_state, &kurr);
2187
      ++var;
2188
    }
2189
  else
2190
    {
2191
      if (is_init)
2192
        verify_fail ("<init> method must be non-static");
2193
    }
2194
 
2195
  /* We have to handle wide arguments specially here.  */
2196
  arg_count = vfy_count_arguments (vfy_get_signature (vfr->current_method));
2197
  {
2198
    type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2199
    compute_argument_types (vfy_get_signature (vfr->current_method), arg_types);
2200
    for (i = 0; i < arg_count; ++i)
2201
      {
2202
        set_variable (var, arg_types[i]);
2203
        ++var;
2204
        if (type_iswide (&arg_types[i]))
2205
          ++var;
2206
      }
2207
    vfy_free (arg_types);
2208
  }
2209
 
2210
  return is_init;
2211
}
2212
 
2213
static void
2214
verify_instructions_0 (void)
2215
{
2216
  int i;
2217
  bool this_is_init;
2218
 
2219
  vfr->current_state = make_state (vfr->current_method->max_stack,
2220
                                   vfr->current_method->max_locals);
2221
 
2222
  vfr->PC = 0;
2223
  vfr->start_PC = 0;
2224
 
2225
  /*  True if we are verifying an instance initializer.  */
2226
  this_is_init = initialize_stack ();
2227
 
2228
  vfr->states = (state_list **) vfy_alloc (sizeof (state_list *)
2229
                                      * vfr->current_method->code_length);
2230
 
2231
  for (i = 0; i < vfr->current_method->code_length; ++i)
2232
    vfr->states[i] = NULL;
2233
 
2234
  vfr->next_verify_state = NULL;
2235
 
2236
  while (true)
2237
    {
2238
      java_opcode opcode;
2239
 
2240
      /* If the PC was invalidated, get a new one from the work list.  */
2241
      if (vfr->PC == NO_NEXT)
2242
        {
2243
          state *new_state = pop_jump ();
2244
          /* If it is null, we're done.  */
2245
          if (new_state == NULL)
2246
            break;
2247
 
2248
          vfr->PC = new_state->pc;
2249
          debug_print ("== State pop from pending list\n");
2250
          /* Set up the current state.  */
2251
          copy_state (vfr->current_state, new_state,
2252
            vfr->current_method->max_stack, vfr->current_method->max_locals);
2253
        }
2254
      else
2255
        {
2256
          /* We only have to do this checking in the situation where
2257
             control flow falls through from the previous instruction.
2258
             Otherwise merging is done at the time we push the branch.
2259
             Note that we'll catch the off-the-end problem just
2260
             below.  */
2261
          if (vfr->PC < vfr->current_method->code_length
2262
              && vfr->states[vfr->PC] != NULL)
2263
            {
2264
              /* We've already visited this instruction.  So merge
2265
                 the states together.  It is simplest, but not most
2266
                 efficient, to just always invalidate the PC here.  */
2267
              merge_into (vfr->PC, vfr->current_state);
2268
              invalidate_pc ();
2269
              continue;
2270
            }
2271
        }
2272
 
2273
      /* Control can't fall off the end of the bytecode.  We need to
2274
         check this in both cases, not just the fall-through case,
2275
         because we don't check to see whether a `jsr' appears at
2276
         the end of the bytecode until we process a `ret'.  */
2277
      if (vfr->PC >= vfr->current_method->code_length)
2278
        verify_fail ("fell off end");
2279
      vfr->flags[vfr->PC] |= FLAG_INSN_SEEN;
2280
 
2281
      /* We only have to keep saved state at branch targets.  If
2282
         we're at a branch target and the state here hasn't been set
2283
         yet, we set it now.  You might notice that `ret' targets
2284
         won't necessarily have FLAG_BRANCH_TARGET set.  This
2285
         doesn't matter, since those states will be filled in by
2286
         merge_into.  */
2287
      /* Note that other parts of the compiler assume that there is a
2288
         label with a type map at PC=0.  */
2289
      if (vfr->states[vfr->PC] == NULL
2290
          && (vfr->PC == 0 || (vfr->flags[vfr->PC] & FLAG_BRANCH_TARGET) != 0))
2291
        add_new_state (vfr->PC, vfr->current_state);
2292
 
2293
      /* Set this before handling exceptions so that debug output is
2294
         sane.  */
2295
      vfr->start_PC = vfr->PC;
2296
 
2297
      /* Update states for all active exception handlers.  Ordinarily
2298
         there are not many exception handlers.  So we simply run
2299
         through them all.  */
2300
      for (i = 0; i < vfr->current_method->exc_count; ++i)
2301
        {
2302
          int hpc, start, end, htype;
2303
          vfy_get_exception (vfr->exception, i, &hpc, &start, &end, &htype);
2304
          if (vfr->PC >= start && vfr->PC < end)
2305
            {
2306
              type handler = make_type_from_class (vfy_throwable_type ());
2307
              if (htype != 0)
2308
                handler = check_class_constant (htype);
2309
              push_exception_jump (handler, hpc);
2310
            }
2311
        }
2312
 
2313
 
2314
      debug_print_state (vfr->current_state, "   ", vfr->PC,
2315
                         vfr->current_method->max_stack,
2316
                         vfr->current_method->max_locals);
2317
      opcode = (java_opcode) vfr->bytecode[vfr->PC++];
2318
      switch (opcode)
2319
        {
2320
        case op_nop:
2321
          break;
2322
 
2323
        case op_aconst_null:
2324
          push_type (null_type);
2325
          break;
2326
 
2327
        case op_iconst_m1:
2328
        case op_iconst_0:
2329
        case op_iconst_1:
2330
        case op_iconst_2:
2331
        case op_iconst_3:
2332
        case op_iconst_4:
2333
        case op_iconst_5:
2334
          push_type (int_type);
2335
          break;
2336
 
2337
        case op_lconst_0:
2338
        case op_lconst_1:
2339
          push_type (long_type);
2340
          break;
2341
 
2342
        case op_fconst_0:
2343
        case op_fconst_1:
2344
        case op_fconst_2:
2345
          push_type (float_type);
2346
          break;
2347
 
2348
        case op_dconst_0:
2349
        case op_dconst_1:
2350
          push_type (double_type);
2351
          break;
2352
 
2353
        case op_bipush:
2354
          get_byte ();
2355
          push_type (int_type);
2356
          break;
2357
 
2358
        case op_sipush:
2359
          get_short ();
2360
          push_type (int_type);
2361
          break;
2362
 
2363
        case op_ldc:
2364
          push_type_t (check_constant (get_byte ()));
2365
          break;
2366
        case op_ldc_w:
2367
          push_type_t (check_constant (get_ushort ()));
2368
          break;
2369
        case op_ldc2_w:
2370
          push_type_t (check_wide_constant (get_ushort ()));
2371
          break;
2372
 
2373
        case op_iload:
2374
          push_type_t (get_variable (get_byte (), int_type));
2375
          break;
2376
        case op_lload:
2377
          push_type_t (get_variable (get_byte (), long_type));
2378
          break;
2379
        case op_fload:
2380
          push_type_t (get_variable (get_byte (), float_type));
2381
          break;
2382
        case op_dload:
2383
          push_type_t (get_variable (get_byte (), double_type));
2384
          break;
2385
        case op_aload:
2386
          push_type_t (get_variable (get_byte (), reference_type));
2387
          break;
2388
 
2389
        case op_iload_0:
2390
        case op_iload_1:
2391
        case op_iload_2:
2392
        case op_iload_3:
2393
          push_type_t (get_variable (opcode - op_iload_0, int_type));
2394
          break;
2395
        case op_lload_0:
2396
        case op_lload_1:
2397
        case op_lload_2:
2398
        case op_lload_3:
2399
          push_type_t (get_variable (opcode - op_lload_0, long_type));
2400
          break;
2401
        case op_fload_0:
2402
        case op_fload_1:
2403
        case op_fload_2:
2404
        case op_fload_3:
2405
          push_type_t (get_variable (opcode - op_fload_0, float_type));
2406
          break;
2407
        case op_dload_0:
2408
        case op_dload_1:
2409
        case op_dload_2:
2410
        case op_dload_3:
2411
          push_type_t (get_variable (opcode - op_dload_0, double_type));
2412
          break;
2413
        case op_aload_0:
2414
        case op_aload_1:
2415
        case op_aload_2:
2416
        case op_aload_3:
2417
          push_type_t (get_variable (opcode - op_aload_0, reference_type));
2418
          break;
2419
        case op_iaload:
2420
          pop_type (int_type);
2421
          push_type_t (require_array_type (pop_init_ref (reference_type),
2422
                                         int_type));
2423
          break;
2424
        case op_laload:
2425
          pop_type (int_type);
2426
          push_type_t (require_array_type (pop_init_ref (reference_type),
2427
                                         long_type));
2428
          break;
2429
        case op_faload:
2430
          pop_type (int_type);
2431
          push_type_t (require_array_type (pop_init_ref (reference_type),
2432
                                         float_type));
2433
          break;
2434
        case op_daload:
2435
          pop_type (int_type);
2436
          push_type_t (require_array_type (pop_init_ref (reference_type),
2437
                                         double_type));
2438
          break;
2439
        case op_aaload:
2440
          pop_type (int_type);
2441
          push_type_t (require_array_type (pop_init_ref (reference_type),
2442
                                         reference_type));
2443
          break;
2444
        case op_baload:
2445
          pop_type (int_type);
2446
          require_array_type (pop_init_ref (reference_type), byte_type);
2447
          push_type (int_type);
2448
          break;
2449
        case op_caload:
2450
          pop_type (int_type);
2451
          require_array_type (pop_init_ref (reference_type), char_type);
2452
          push_type (int_type);
2453
          break;
2454
        case op_saload:
2455
          pop_type (int_type);
2456
          require_array_type (pop_init_ref (reference_type), short_type);
2457
          push_type (int_type);
2458
          break;
2459
        case op_istore:
2460
          set_variable (get_byte (), pop_type (int_type));
2461
          break;
2462
        case op_lstore:
2463
          set_variable (get_byte (), pop_type (long_type));
2464
          break;
2465
        case op_fstore:
2466
          set_variable (get_byte (), pop_type (float_type));
2467
          break;
2468
        case op_dstore:
2469
          set_variable (get_byte (), pop_type (double_type));
2470
          break;
2471
        case op_astore:
2472
          set_variable (get_byte (), pop_ref_or_return ());
2473
          break;
2474
        case op_istore_0:
2475
        case op_istore_1:
2476
        case op_istore_2:
2477
        case op_istore_3:
2478
          set_variable (opcode - op_istore_0, pop_type (int_type));
2479
          break;
2480
        case op_lstore_0:
2481
        case op_lstore_1:
2482
        case op_lstore_2:
2483
        case op_lstore_3:
2484
          set_variable (opcode - op_lstore_0, pop_type (long_type));
2485
          break;
2486
        case op_fstore_0:
2487
        case op_fstore_1:
2488
        case op_fstore_2:
2489
        case op_fstore_3:
2490
          set_variable (opcode - op_fstore_0, pop_type (float_type));
2491
          break;
2492
        case op_dstore_0:
2493
        case op_dstore_1:
2494
        case op_dstore_2:
2495
        case op_dstore_3:
2496
          set_variable (opcode - op_dstore_0, pop_type (double_type));
2497
          break;
2498
        case op_astore_0:
2499
        case op_astore_1:
2500
        case op_astore_2:
2501
        case op_astore_3:
2502
          set_variable (opcode - op_astore_0, pop_ref_or_return ());
2503
          break;
2504
        case op_iastore:
2505
          pop_type (int_type);
2506
          pop_type (int_type);
2507
          require_array_type (pop_init_ref (reference_type), int_type);
2508
          break;
2509
        case op_lastore:
2510
          pop_type (long_type);
2511
          pop_type (int_type);
2512
          require_array_type (pop_init_ref (reference_type), long_type);
2513
          break;
2514
        case op_fastore:
2515
          pop_type (float_type);
2516
          pop_type (int_type);
2517
          require_array_type (pop_init_ref (reference_type), float_type);
2518
          break;
2519
        case op_dastore:
2520
          pop_type (double_type);
2521
          pop_type (int_type);
2522
          require_array_type (pop_init_ref (reference_type), double_type);
2523
          break;
2524
        case op_aastore:
2525
          pop_type (reference_type);
2526
          pop_type (int_type);
2527
          require_array_type (pop_init_ref (reference_type), reference_type);
2528
          break;
2529
        case op_bastore:
2530
          pop_type (int_type);
2531
          pop_type (int_type);
2532
          require_array_type (pop_init_ref (reference_type), byte_type);
2533
          break;
2534
        case op_castore:
2535
          pop_type (int_type);
2536
          pop_type (int_type);
2537
          require_array_type (pop_init_ref (reference_type), char_type);
2538
          break;
2539
        case op_sastore:
2540
          pop_type (int_type);
2541
          pop_type (int_type);
2542
          require_array_type (pop_init_ref (reference_type), short_type);
2543
          break;
2544
        case op_pop:
2545
          pop32 ();
2546
          break;
2547
        case op_pop2:
2548
          {
2549
            type t = pop_raw ();
2550
            if (! type_iswide (&t))
2551
              pop32 ();
2552
          }
2553
          break;
2554
        case op_dup:
2555
          {
2556
            type t = pop32 ();
2557
            push_type_t (t);
2558
            push_type_t (t);
2559
          }
2560
          break;
2561
        case op_dup_x1:
2562
          {
2563
            type t1 = pop32 ();
2564
            type t2 = pop32 ();
2565
            push_type_t (t1);
2566
            push_type_t (t2);
2567
            push_type_t (t1);
2568
          }
2569
          break;
2570
        case op_dup_x2:
2571
          {
2572
            type t1 = pop32 ();
2573
            type t2 = pop_raw ();
2574
            if (! type_iswide (&t2))
2575
              {
2576
                type t3 = pop32 ();
2577
                push_type_t (t1);
2578
                push_type_t (t3);
2579
              }
2580
            else
2581
              push_type_t (t1);
2582
            push_type_t (t2);
2583
            push_type_t (t1);
2584
          }
2585
          break;
2586
        case op_dup2:
2587
          {
2588
            type t = pop_raw ();
2589
            if (! type_iswide (&t))
2590
              {
2591
                type t2 = pop32 ();
2592
                push_type_t (t2);
2593
                push_type_t (t);
2594
                push_type_t (t2);
2595
              }
2596
            else
2597
              push_type_t (t);
2598
            push_type_t (t);
2599
          }
2600
          break;
2601
        case op_dup2_x1:
2602
          {
2603
            type t1 = pop_raw ();
2604
            type t2 = pop32 ();
2605
            if (! type_iswide (&t1))
2606
              {
2607
                type t3 = pop32 ();
2608
                push_type_t (t2);
2609
                push_type_t (t1);
2610
                push_type_t (t3);
2611
              }
2612
            else
2613
              push_type_t (t1);
2614
            push_type_t (t2);
2615
            push_type_t (t1);
2616
          }
2617
          break;
2618
        case op_dup2_x2:
2619
          {
2620
            type t1 = pop_raw ();
2621
            if (type_iswide (&t1))
2622
              {
2623
                type t2 = pop_raw ();
2624
                if (type_iswide (&t2))
2625
                  {
2626
                    push_type_t (t1);
2627
                    push_type_t (t2);
2628
                  }
2629
                else
2630
                  {
2631
                    type t3 = pop32 ();
2632
                    push_type_t (t1);
2633
                    push_type_t (t3);
2634
                    push_type_t (t2);
2635
                  }
2636
                push_type_t (t1);
2637
              }
2638
            else
2639
              {
2640
                type t2 = pop32 ();
2641
                type t3 = pop_raw ();
2642
                if (type_iswide (&t3))
2643
                  {
2644
                    push_type_t (t2);
2645
                    push_type_t (t1);
2646
                  }
2647
                else
2648
                  {
2649
                    type t4 = pop32 ();
2650
                    push_type_t (t2);
2651
                    push_type_t (t1);
2652
                    push_type_t (t4);
2653
                  }
2654
                push_type_t (t3);
2655
                push_type_t (t2);
2656
                push_type_t (t1);
2657
              }
2658
          }
2659
          break;
2660
        case op_swap:
2661
          {
2662
            type t1 = pop32 ();
2663
            type t2 = pop32 ();
2664
            push_type_t (t1);
2665
            push_type_t (t2);
2666
          }
2667
          break;
2668
        case op_iadd:
2669
        case op_isub:
2670
        case op_imul:
2671
        case op_idiv:
2672
        case op_irem:
2673
        case op_ishl:
2674
        case op_ishr:
2675
        case op_iushr:
2676
        case op_iand:
2677
        case op_ior:
2678
        case op_ixor:
2679
          pop_type (int_type);
2680
          push_type_t (pop_type (int_type));
2681
          break;
2682
        case op_ladd:
2683
        case op_lsub:
2684
        case op_lmul:
2685
        case op_ldiv:
2686
        case op_lrem:
2687
        case op_land:
2688
        case op_lor:
2689
        case op_lxor:
2690
          pop_type (long_type);
2691
          push_type_t (pop_type (long_type));
2692
          break;
2693
        case op_lshl:
2694
        case op_lshr:
2695
        case op_lushr:
2696
          pop_type (int_type);
2697
          push_type_t (pop_type (long_type));
2698
          break;
2699
        case op_fadd:
2700
        case op_fsub:
2701
        case op_fmul:
2702
        case op_fdiv:
2703
        case op_frem:
2704
          pop_type (float_type);
2705
          push_type_t (pop_type (float_type));
2706
          break;
2707
        case op_dadd:
2708
        case op_dsub:
2709
        case op_dmul:
2710
        case op_ddiv:
2711
        case op_drem:
2712
          pop_type (double_type);
2713
          push_type_t (pop_type (double_type));
2714
          break;
2715
        case op_ineg:
2716
        case op_i2b:
2717
        case op_i2c:
2718
        case op_i2s:
2719
          push_type_t (pop_type (int_type));
2720
          break;
2721
        case op_lneg:
2722
          push_type_t (pop_type (long_type));
2723
          break;
2724
        case op_fneg:
2725
          push_type_t (pop_type (float_type));
2726
          break;
2727
        case op_dneg:
2728
          push_type_t (pop_type (double_type));
2729
          break;
2730
        case op_iinc:
2731
          get_variable (get_byte (), int_type);
2732
          get_byte ();
2733
          break;
2734
        case op_i2l:
2735
          pop_type (int_type);
2736
          push_type (long_type);
2737
          break;
2738
        case op_i2f:
2739
          pop_type (int_type);
2740
          push_type (float_type);
2741
          break;
2742
        case op_i2d:
2743
          pop_type (int_type);
2744
          push_type (double_type);
2745
          break;
2746
        case op_l2i:
2747
          pop_type (long_type);
2748
          push_type (int_type);
2749
          break;
2750
        case op_l2f:
2751
          pop_type (long_type);
2752
          push_type (float_type);
2753
          break;
2754
        case op_l2d:
2755
          pop_type (long_type);
2756
          push_type (double_type);
2757
          break;
2758
        case op_f2i:
2759
          pop_type (float_type);
2760
          push_type (int_type);
2761
          break;
2762
        case op_f2l:
2763
          pop_type (float_type);
2764
          push_type (long_type);
2765
          break;
2766
        case op_f2d:
2767
          pop_type (float_type);
2768
          push_type (double_type);
2769
          break;
2770
        case op_d2i:
2771
          pop_type (double_type);
2772
          push_type (int_type);
2773
          break;
2774
        case op_d2l:
2775
          pop_type (double_type);
2776
          push_type (long_type);
2777
          break;
2778
        case op_d2f:
2779
          pop_type (double_type);
2780
          push_type (float_type);
2781
          break;
2782
        case op_lcmp:
2783
          pop_type (long_type);
2784
          pop_type (long_type);
2785
          push_type (int_type);
2786
          break;
2787
        case op_fcmpl:
2788
        case op_fcmpg:
2789
          pop_type (float_type);
2790
          pop_type (float_type);
2791
          push_type (int_type);
2792
          break;
2793
        case op_dcmpl:
2794
        case op_dcmpg:
2795
          pop_type (double_type);
2796
          pop_type (double_type);
2797
          push_type (int_type);
2798
          break;
2799
        case op_ifeq:
2800
        case op_ifne:
2801
        case op_iflt:
2802
        case op_ifge:
2803
        case op_ifgt:
2804
        case op_ifle:
2805
          pop_type (int_type);
2806
          push_jump (get_short ());
2807
          break;
2808
        case op_if_icmpeq:
2809
        case op_if_icmpne:
2810
        case op_if_icmplt:
2811
        case op_if_icmpge:
2812
        case op_if_icmpgt:
2813
        case op_if_icmple:
2814
          pop_type (int_type);
2815
          pop_type (int_type);
2816
          push_jump (get_short ());
2817
          break;
2818
        case op_if_acmpeq:
2819
        case op_if_acmpne:
2820
          pop_type (reference_type);
2821
          pop_type (reference_type);
2822
          push_jump (get_short ());
2823
          break;
2824
        case op_goto:
2825
          push_jump (get_short ());
2826
          invalidate_pc ();
2827
          break;
2828
        case op_jsr:
2829
          handle_jsr_insn (get_short ());
2830
          break;
2831
        case op_ret:
2832
          handle_ret_insn (get_byte ());
2833
          break;
2834
        case op_tableswitch:
2835
          {
2836
            int i;
2837
            jint low, high;
2838
            pop_type (int_type);
2839
            skip_padding ();
2840
            push_jump (get_int ());
2841
            low = get_int ();
2842
            high = get_int ();
2843
            /* Already checked LOW -vs- HIGH.  */
2844
            for (i = low; i <= high; ++i)
2845
              push_jump (get_int ());
2846
            invalidate_pc ();
2847
          }
2848
          break;
2849
 
2850
        case op_lookupswitch:
2851
          {
2852
            int i;
2853
            jint npairs, lastkey;
2854
 
2855
            pop_type (int_type);
2856
            skip_padding ();
2857
            push_jump (get_int ());
2858
            npairs = get_int ();
2859
            /* Already checked NPAIRS >= 0.  */
2860
            lastkey = 0;
2861
            for (i = 0; i < npairs; ++i)
2862
              {
2863
                jint key = get_int ();
2864
                if (i > 0 && key <= lastkey)
2865
                  verify_fail_pc ("lookupswitch pairs unsorted", vfr->start_PC);
2866
                lastkey = key;
2867
                push_jump (get_int ());
2868
              }
2869
            invalidate_pc ();
2870
          }
2871
          break;
2872
        case op_ireturn:
2873
          check_return_type (pop_type (int_type));
2874
          invalidate_pc ();
2875
          break;
2876
        case op_lreturn:
2877
          check_return_type (pop_type (long_type));
2878
          invalidate_pc ();
2879
          break;
2880
        case op_freturn:
2881
          check_return_type (pop_type (float_type));
2882
          invalidate_pc ();
2883
          break;
2884
        case op_dreturn:
2885
          check_return_type (pop_type (double_type));
2886
          invalidate_pc ();
2887
          break;
2888
        case op_areturn:
2889
          check_return_type (pop_init_ref (reference_type));
2890
          invalidate_pc ();
2891
          break;
2892
        case op_return:
2893
          /* We only need to check this when the return type is void,
2894
             because all instance initializers return void.  We also
2895
             need to special-case Object constructors, as they can't
2896
             call a superclass <init>.  */
2897
          if (this_is_init && vfr->current_class != vfy_object_type ())
2898
            state_check_this_initialized (vfr->current_state);
2899
          check_return_type (make_type (void_type));
2900
          invalidate_pc ();
2901
          break;
2902
        case op_getstatic:
2903
          push_type_t (check_field_constant (get_ushort (), NULL, false));
2904
          break;
2905
        case op_putstatic:
2906
          pop_type_t (check_field_constant (get_ushort (), NULL, false));
2907
          break;
2908
        case op_getfield:
2909
          {
2910
            type klass;
2911
            type field = check_field_constant (get_ushort (), &klass, false);
2912
            pop_type_t (klass);
2913
            push_type_t (field);
2914
          }
2915
          break;
2916
        case op_putfield:
2917
          {
2918
            type klass;
2919
            type field = check_field_constant (get_ushort (), &klass, true);
2920
            pop_type_t (field);
2921
            pop_type_t (klass);
2922
          }
2923
          break;
2924
 
2925
        case op_invokevirtual:
2926
        case op_invokespecial:
2927
        case op_invokestatic:
2928
        case op_invokeinterface:
2929
          {
2930
            vfy_string method_name, method_signature;
2931
            const char *namec;
2932
            int i, arg_count;
2933
            type rt;
2934
            bool is_init = false;
2935
 
2936
            type class_type
2937
              = check_method_constant (get_ushort (),
2938
                                       opcode == op_invokeinterface,
2939
                                       &method_name,
2940
                                       &method_signature);
2941
            /* NARGS is only used when we're processing
2942
               invokeinterface.  It is simplest for us to compute it
2943
               here and then verify it later.  */
2944
            int nargs = 0;
2945
            if (opcode == op_invokeinterface)
2946
              {
2947
                nargs = get_byte ();
2948
                if (get_byte () != 0)
2949
                  verify_fail ("invokeinterface dummy byte is wrong");
2950
              }
2951
 
2952
            namec = vfy_string_bytes (method_name);
2953
 
2954
            if (vfy_strings_equal (method_name, vfy_init_name()))
2955
              {
2956
                is_init = true;
2957
                if (opcode != op_invokespecial)
2958
                  verify_fail ("can't invoke <init>");
2959
              }
2960
            else if (namec[0] == '<')
2961
              verify_fail ("can't invoke method starting with `<'");
2962
 
2963
            arg_count = vfy_count_arguments (method_signature);
2964
            {
2965
              /* Pop arguments and check types.  */
2966
              type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type));
2967
 
2968
              compute_argument_types (method_signature, arg_types);
2969
              for (i = arg_count - 1; i >= 0; --i)
2970
                {
2971
                  /* This is only used for verifying the byte for
2972
                     invokeinterface.  */
2973
                  nargs -= type_depth (&arg_types[i]);
2974
                  pop_init_ref_t (arg_types[i]);
2975
                }
2976
 
2977
              vfy_free (arg_types);
2978
            }
2979
 
2980
            if (opcode == op_invokeinterface
2981
                && nargs != 1)
2982
              verify_fail ("wrong argument count for invokeinterface");
2983
 
2984
            if (opcode != op_invokestatic)
2985
              {
2986
                type raw;
2987
                type t = class_type;
2988
                if (is_init)
2989
                  {
2990
                    /* In this case the PC doesn't matter.  */
2991
                    type_set_uninitialized (&t, UNINIT);
2992
                    /* FIXME: check to make sure that the <init>
2993
                       call is to the right class.
2994
                       It must either be super or an exact class
2995
                       match.  */
2996
                  }
2997
                raw = pop_raw ();
2998
                if (! types_compatible (&t, &raw))
2999
                  verify_fail ("incompatible type on stack");
3000
 
3001
                if (is_init)
3002
                  state_set_initialized (vfr->current_state,
3003
                    type_get_pc (&raw), vfr->current_method->max_locals);
3004
              }
3005
 
3006
            rt = compute_return_type (method_signature);
3007
            if (! type_isvoid (&rt))
3008
              push_type_t (rt);
3009
          }
3010
          break;
3011
 
3012
        case op_new:
3013
          {
3014
            type t = check_class_constant (get_ushort ());
3015
            if (type_isarray (&t) || type_isinterface (&t)
3016
                || type_isabstract (&t))
3017
              verify_fail ("type is array, interface, or abstract");
3018
            type_set_uninitialized (&t, vfr->start_PC);
3019
            push_type_t (t);
3020
          }
3021
          break;
3022
 
3023
        case op_newarray:
3024
          {
3025
            int atype = get_byte ();
3026
            vfy_jclass k;
3027
            type t;
3028
            /* We intentionally have chosen constants to make this
3029
               valid.  */
3030
            if (atype < boolean_type || atype > long_type)
3031
              verify_fail_pc ("type not primitive", vfr->start_PC);
3032
            pop_type (int_type);
3033
            k = construct_primitive_array_type ((type_val) atype);
3034
            init_type_from_class (&t, k);
3035
            push_type_t (t);
3036
          }
3037
          break;
3038
        case op_anewarray:
3039
          {
3040
            type t;
3041
            pop_type (int_type);
3042
            t = check_class_constant (get_ushort ());
3043
            push_type_t (type_to_array (&t));
3044
          }
3045
          break;
3046
        case op_arraylength:
3047
          {
3048
            type t = pop_init_ref (reference_type);
3049
            if (! type_isarray (&t) && ! type_isnull (&t))
3050
              verify_fail ("array type expected");
3051
            push_type (int_type);
3052
          }
3053
          break;
3054
        case op_athrow:
3055
          pop_type_t (make_type_from_class (vfy_throwable_type ()));
3056
          invalidate_pc ();
3057
          break;
3058
        case op_checkcast:
3059
          pop_init_ref (reference_type);
3060
          push_type_t (check_class_constant (get_ushort ()));
3061
          break;
3062
        case op_instanceof:
3063
          pop_init_ref (reference_type);
3064
          check_class_constant (get_ushort ());
3065
          push_type (int_type);
3066
          break;
3067
        case op_monitorenter:
3068
          pop_init_ref (reference_type);
3069
          break;
3070
        case op_monitorexit:
3071
          pop_init_ref (reference_type);
3072
          break;
3073
        case op_wide:
3074
          {
3075
            switch (get_byte ())
3076
              {
3077
              case op_iload:
3078
                push_type_t (get_variable (get_ushort (), int_type));
3079
                break;
3080
              case op_lload:
3081
                push_type_t (get_variable (get_ushort (), long_type));
3082
                break;
3083
              case op_fload:
3084
                push_type_t (get_variable (get_ushort (), float_type));
3085
                break;
3086
              case op_dload:
3087
                push_type_t (get_variable (get_ushort (), double_type));
3088
                break;
3089
              case op_aload:
3090
                push_type_t (get_variable (get_ushort (), reference_type));
3091
                break;
3092
              case op_istore:
3093
                set_variable (get_ushort (), pop_type (int_type));
3094
                break;
3095
              case op_lstore:
3096
                set_variable (get_ushort (), pop_type (long_type));
3097
                break;
3098
              case op_fstore:
3099
                set_variable (get_ushort (), pop_type (float_type));
3100
                break;
3101
              case op_dstore:
3102
                set_variable (get_ushort (), pop_type (double_type));
3103
                break;
3104
              case op_astore:
3105
                set_variable (get_ushort (), pop_init_ref (reference_type));
3106
                break;
3107
              case op_ret:
3108
                handle_ret_insn (get_short ());
3109
                break;
3110
              case op_iinc:
3111
                get_variable (get_ushort (), int_type);
3112
                get_short ();
3113
                break;
3114
              default:
3115
                verify_fail_pc ("unrecognized wide instruction", vfr->start_PC);
3116
              }
3117
          }
3118
          break;
3119
        case op_multianewarray:
3120
          {
3121
            int i;
3122
            type atype = check_class_constant (get_ushort ());
3123
            int dim = get_byte ();
3124
            if (dim < 1)
3125
              verify_fail_pc ("too few dimensions to multianewarray", vfr->start_PC);
3126
            type_verify_dimensions (&atype, dim);
3127
            for (i = 0; i < dim; ++i)
3128
              pop_type (int_type);
3129
            push_type_t (atype);
3130
          }
3131
          break;
3132
        case op_ifnull:
3133
        case op_ifnonnull:
3134
          pop_type (reference_type);
3135
          push_jump (get_short ());
3136
          break;
3137
        case op_goto_w:
3138
          push_jump (get_int ());
3139
          invalidate_pc ();
3140
          break;
3141
        case op_jsr_w:
3142
          handle_jsr_insn (get_int ());
3143
          break;
3144
 
3145
        default:
3146
          /* Unrecognized opcode.  */
3147
          verify_fail_pc ("unrecognized instruction in verify_instructions_0",
3148
                       vfr->start_PC);
3149
        }
3150
    }
3151
}
3152
 
3153
/* This turns a `type' into something suitable for use by the type map
3154
   in the other parts of the compiler.  In particular, reference types
3155
   are mapped to Object, primitive types are unchanged, and other
3156
   types are mapped using special functions declared in verify.h.  */
3157
static vfy_jclass
3158
collapse_type (type *t)
3159
{
3160
  switch (t->key)
3161
    {
3162
    case void_type:
3163
    case boolean_type:
3164
    case char_type:
3165
    case float_type:
3166
    case double_type:
3167
    case byte_type:
3168
    case short_type:
3169
    case int_type:
3170
    case long_type:
3171
      return vfy_get_primitive_type (t->key);
3172
 
3173
    case unsuitable_type:
3174
    case continuation_type:
3175
      return vfy_unsuitable_type ();
3176
 
3177
    case return_address_type:
3178
      return vfy_return_address_type ();
3179
 
3180
    case null_type:
3181
      return vfy_null_type ();
3182
 
3183
    case reference_type:
3184
    case uninitialized_reference_type:
3185
      return vfy_object_type ();
3186
    }
3187
 
3188
  gcc_unreachable ();
3189
}
3190
 
3191
static void
3192
verify_instructions (void)
3193
{
3194
  int i;
3195
 
3196
  branch_prepass ();
3197
  verify_instructions_0 ();
3198
 
3199
  /* Now tell the rest of the compiler about the types we've found.  */
3200
  for (i = 0; i < vfr->current_method->code_length; ++i)
3201
    {
3202
      int j, slot;
3203
      struct state *curr;
3204
 
3205
      if ((vfr->flags[i] & FLAG_INSN_SEEN) != 0)
3206
        vfy_note_instruction_seen (i);
3207
 
3208
      if (! vfr->states[i])
3209
        continue;
3210
 
3211
      curr = vfr->states[i]->val;
3212
      vfy_note_stack_depth (vfr->current_method, i, curr->stackdepth);
3213
 
3214
      /* Tell the compiler about each local variable.  */
3215
      for (j = 0; j < vfr->current_method->max_locals; ++j)
3216
        vfy_note_local_type (vfr->current_method, i, j,
3217
                             collapse_type (&curr->locals[j]));
3218
      /* Tell the compiler about each stack slot.  */
3219
      for (slot = j = 0; j < curr->stacktop; ++j, ++slot)
3220
        {
3221
          vfy_note_stack_type (vfr->current_method, i, slot,
3222
                               collapse_type (&curr->stack[j]));
3223
          if (type_iswide (&curr->stack[j]))
3224
            {
3225
              ++slot;
3226
              vfy_note_stack_type (vfr->current_method, i, slot,
3227
                                   vfy_unsuitable_type ());
3228
            }
3229
        }
3230
      gcc_assert (slot == curr->stackdepth);
3231
    }
3232
}
3233
 
3234
static void
3235
make_verifier_context (vfy_method *m)
3236
{
3237
  vfr = (verifier_context *) vfy_alloc (sizeof (struct verifier_context));
3238
 
3239
  vfr->current_method = m;
3240
  vfr->bytecode = vfy_get_bytecode (m);
3241
  vfr->exception = vfy_get_exceptions (m);
3242
  vfr->current_class = m->defining_class;
3243
 
3244
  vfr->states = NULL;
3245
  vfr->flags = NULL;
3246
  vfr->utf8_list = NULL;
3247
  vfr->isect_list = NULL;
3248
}
3249
 
3250
static void
3251
free_verifier_context (void)
3252
{
3253
  vfy_string_list *utf8_list;
3254
  ref_intersection *isect_list;
3255
 
3256
  if (vfr->flags)
3257
    vfy_free (vfr->flags);
3258
 
3259
  utf8_list = vfr->utf8_list;
3260
  while (utf8_list != NULL)
3261
    {
3262
      vfy_string_list *n = utf8_list->next;
3263
      vfy_free (utf8_list);
3264
      utf8_list = n;
3265
    }
3266
 
3267
  isect_list = vfr->isect_list;
3268
  while (isect_list != NULL)
3269
    {
3270
      ref_intersection *next = isect_list->alloc_next;
3271
      vfy_free (isect_list);
3272
      isect_list = next;
3273
    }
3274
 
3275
  if (vfr->states != NULL)
3276
    {
3277
      int i;
3278
      for (i = 0; i < vfr->current_method->code_length; ++i)
3279
        {
3280
          state_list *iter = vfr->states[i];
3281
          while (iter != NULL)
3282
            {
3283
              state_list *next = iter->next;
3284
              free_state (iter->val);
3285
              vfy_free (iter->val);
3286
              vfy_free (iter);
3287
              iter = next;
3288
            }
3289
        }
3290
      vfy_free (vfr->states);
3291
    }
3292
 
3293
  vfy_free (vfr);
3294
}
3295
 
3296
int
3297
verify_method (vfy_method *meth)
3298
{
3299
  debug_print ("verify_method (%s) %i\n", vfy_string_bytes (meth->name),
3300
               meth->code_length);
3301
 
3302
  if (vfr != NULL)
3303
    verify_fail ("verifier re-entered");
3304
 
3305
  make_verifier_context (meth);
3306
  verify_instructions ();
3307
  free_verifier_context ();
3308
  vfr = NULL;
3309
 
3310
  return 1;
3311
}

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.