1/* Copyright (C) 2001-2015 Free Software Foundation, Inc. 2 3 This file is part of libgcj. 4 5This software is copyrighted work licensed under the terms of the 6Libgcj License. Please consult the file "LIBGCJ_LICENSE" for 7details. */ 8 9/* Written by Tom Tromey <tromey@redhat.com> */ 10 11/* Uncomment this to enable debugging output. */ 12/* #define VERIFY_DEBUG */ 13 14#include "config.h" 15#include "system.h" 16#include "coretypes.h" 17 18#include "hash-set.h" 19#include "machmode.h" 20#include "vec.h" 21#include "double-int.h" 22#include "input.h" 23#include "alias.h" 24#include "symtab.h" 25#include "options.h" 26#include "wide-int.h" 27#include "inchash.h" 28#include "verify.h" 29 30/* Hack to work around namespace pollution from java-tree.h. */ 31#undef current_class 32 33/* This is used to mark states which are not scheduled for 34 verification. */ 35#define INVALID_STATE ((state *) -1) 36 37static void ATTRIBUTE_PRINTF_1 38debug_print (const char *fmt ATTRIBUTE_UNUSED, ...) 39{ 40#ifdef VERIFY_DEBUG 41 va_list ap; 42 va_start (ap, fmt); 43 vfprintf (stderr, fmt, ap); 44 va_end (ap); 45#endif /* VERIFY_DEBUG */ 46} 47 48/* This started as a fairly ordinary verifier, and for the most part 49 it remains so. It works in the obvious way, by modeling the effect 50 of each opcode as it is encountered. For most opcodes, this is a 51 straightforward operation. 52 53 This verifier does not do type merging. It used to, but this 54 results in difficulty verifying some relatively simple code 55 involving interfaces, and it pushed some verification work into the 56 interpreter. 57 58 Instead of merging reference types, when we reach a point where two 59 flows of control merge, we simply keep the union of reference types 60 from each branch. Then, when we need to verify a fact about a 61 reference on the stack (e.g., that it is compatible with the 62 argument type of a method), we check to ensure that all possible 63 types satisfy the requirement. 64 65 Another area this verifier differs from the norm is in its handling 66 of subroutines. The JVM specification has some confusing things to 67 say about subroutines. For instance, it makes claims about not 68 allowing subroutines to merge and it rejects recursive subroutines. 69 For the most part these are red herrings; we used to try to follow 70 these things but they lead to problems. For example, the notion of 71 "being in a subroutine" is not well-defined: is an exception 72 handler in a subroutine? If you never execute the `ret' but 73 instead `goto 1' do you remain in the subroutine? 74 75 For clarity on what is really required for type safety, read 76 "Simple Verification Technique for Complex Java Bytecode 77 Subroutines" by Alessandro Coglio. Among other things this paper 78 shows that recursive subroutines are not harmful to type safety. 79 We implement something similar to what he proposes. Note that this 80 means that this verifier will accept code that is rejected by some 81 other verifiers. 82 83 For those not wanting to read the paper, the basic observation is 84 that we can maintain split states in subroutines. We maintain one 85 state for each calling `jsr'. In other words, we re-verify a 86 subroutine once for each caller, using the exact types held by the 87 callers (as opposed to the old approach of merging types and 88 keeping a bitmap registering what did or did not change). This 89 approach lets us continue to verify correctly even when a 90 subroutine is exited via `goto' or `athrow' and not `ret'. 91 92 In some other areas the JVM specification is (mildly) incorrect, 93 so we diverge. For instance, you cannot 94 violate type safety by allocating an object with `new' and then 95 failing to initialize it, no matter how one branches or where one 96 stores the uninitialized reference. See "Improving the official 97 specification of Java bytecode verification" by Alessandro Coglio. 98 99 Note that there's no real point in enforcing that padding bytes or 100 the mystery byte of invokeinterface must be 0, but we do that 101 regardless. 102 103 The verifier is currently neither completely lazy nor eager when it 104 comes to loading classes. It tries to represent types by name when 105 possible, and then loads them when it needs to verify a fact about 106 the type. Checking types by name is valid because we only use 107 names which come from the current class' constant pool. Since all 108 such names are looked up using the same class loader, there is no 109 danger that we might be fooled into comparing different types with 110 the same name. 111 112 In the future we plan to allow for a completely lazy mode of 113 operation, where the verifier will construct a list of type 114 assertions to be checked later. 115 116 Some test cases for the verifier live in the "verify" module of the 117 Mauve test suite. However, some of these are presently 118 (2004-01-20) believed to be incorrect. (More precisely the notion 119 of "correct" is not well-defined, and this verifier differs from 120 others while remaining type-safe.) Some other tests live in the 121 libgcj test suite. 122 123 This verifier is also written to be pluggable. This means that it 124 is intended for use in a variety of environments, not just libgcj. 125 As a result the verifier expects a number of type and method 126 declarations to be declared in "verify.h". The intent is that you 127 recompile the verifier for your particular environment. This 128 approach was chosen so that operations could be inlined in verify.h 129 as much as possible. 130 131 See the verify.h that accompanies this copy of the verifier to see 132 what types, preprocessor defines, and functions must be declared. 133 The interface is ad hoc, but was defined so that it could be 134 implemented to connect to a pure C program. 135*/ 136 137#define FLAG_INSN_START 1 138#define FLAG_BRANCH_TARGET 2 139#define FLAG_INSN_SEEN 4 140 141struct state; 142struct type; 143struct ref_intersection; 144 145typedef struct state state; 146typedef struct type type; 147typedef struct ref_intersection ref_intersection; 148 149/*typedef struct state_list state_list;*/ 150 151typedef struct state_list 152{ 153 state *val; 154 struct state_list *next; 155} state_list; 156 157typedef struct vfy_string_list 158{ 159 vfy_string val; 160 struct vfy_string_list *next; 161} vfy_string_list; 162 163typedef struct verifier_context 164{ 165 /* The current PC. */ 166 int PC; 167 /* The PC corresponding to the start of the current instruction. */ 168 int start_PC; 169 170 /* The current state of the stack, locals, etc. */ 171 state *current_state; 172 173 /* At each branch target we keep a linked list of all the states we 174 can process at that point. We'll only have multiple states at a 175 given PC if they both have different return-address types in the 176 same stack or local slot. This array is indexed by PC and holds 177 the list of all such states. */ 178 state_list **states; 179 180 /* We keep a linked list of all the states which we must reverify. 181 This is the head of the list. */ 182 state *next_verify_state; 183 184 /* We keep some flags for each instruction. The values are the 185 FLAG_* constants defined above. This is an array indexed by PC. */ 186 char *flags; 187 188 /* The bytecode itself. */ 189 const unsigned char *bytecode; 190 /* The exceptions. */ 191 vfy_exception *exception; 192 193 /* Defining class. */ 194 vfy_jclass current_class; 195 /* This method. */ 196 vfy_method *current_method; 197 198 /* A linked list of utf8 objects we allocate. */ 199 vfy_string_list *utf8_list; 200 201 /* A linked list of all ref_intersection objects we allocate. */ 202 ref_intersection *isect_list; 203} verifier_context; 204 205/* The current verifier's state data. This is maintained by 206 {push/pop}_verifier_context to provide a shorthand form to access 207 the verification state. */ 208static GTY(()) verifier_context *vfr; 209 210/* Local function declarations. */ 211bool type_initialized (type *t); 212int ref_count_dimensions (ref_intersection *ref); 213 214static void 215verify_fail_pc (const char *s, int pc) 216{ 217 vfy_fail (s, pc, vfr->current_class, vfr->current_method); 218} 219 220static void 221verify_fail (const char *s) 222{ 223 verify_fail_pc (s, vfr->PC); 224} 225 226/* This enum holds a list of tags for all the different types we 227 need to handle. Reference types are treated specially by the 228 type class. */ 229typedef enum type_val 230{ 231 void_type, 232 233 /* The values for primitive types are chosen to correspond to values 234 specified to newarray. */ 235 boolean_type = 4, 236 char_type = 5, 237 float_type = 6, 238 double_type = 7, 239 byte_type = 8, 240 short_type = 9, 241 int_type = 10, 242 long_type = 11, 243 244 /* Used when overwriting second word of a double or long in the 245 local variables. Also used after merging local variable states 246 to indicate an unusable value. */ 247 unsuitable_type, 248 return_address_type, 249 /* This is the second word of a two-word value, i.e., a double or 250 a long. */ 251 continuation_type, 252 253 /* Everything after `reference_type' must be a reference type. */ 254 reference_type, 255 null_type, 256 uninitialized_reference_type 257} type_val; 258 259/* This represents a merged class type. Some verifiers (including 260 earlier versions of this one) will compute the intersection of 261 two class types when merging states. However, this loses 262 critical information about interfaces implemented by the various 263 classes. So instead we keep track of all the actual classes that 264 have been merged. */ 265struct ref_intersection 266{ 267 /* Whether or not this type has been resolved. */ 268 bool is_resolved; 269 270 /* Actual type data. */ 271 union 272 { 273 /* For a resolved reference type, this is a pointer to the class. */ 274 vfy_jclass klass; 275 /* For other reference types, this it the name of the class. */ 276 vfy_string name; 277 } data; 278 279 /* Link to the next reference in the intersection. */ 280 ref_intersection *ref_next; 281 282 /* This is used to keep track of all the allocated 283 ref_intersection objects, so we can free them. 284 FIXME: we should allocate these in chunks. */ 285 ref_intersection *alloc_next; 286}; 287 288static ref_intersection * 289make_ref (void) 290{ 291 ref_intersection *new_ref = 292 (ref_intersection *) vfy_alloc (sizeof (ref_intersection)); 293 294 new_ref->alloc_next = vfr->isect_list; 295 vfr->isect_list = new_ref; 296 return new_ref; 297} 298 299static ref_intersection * 300clone_ref (ref_intersection *dup) 301{ 302 ref_intersection *new_ref = make_ref (); 303 304 new_ref->is_resolved = dup->is_resolved; 305 new_ref->data = dup->data; 306 return new_ref; 307} 308 309static void 310resolve_ref (ref_intersection *ref) 311{ 312 if (ref->is_resolved) 313 return; 314 ref->data.klass = vfy_find_class (vfr->current_class, ref->data.name); 315 ref->is_resolved = true; 316} 317 318static bool 319refs_equal (ref_intersection *ref1, ref_intersection *ref2) 320{ 321 if (! ref1->is_resolved && ! ref2->is_resolved 322 && vfy_strings_equal (ref1->data.name, ref2->data.name)) 323 return true; 324 if (! ref1->is_resolved) 325 resolve_ref (ref1); 326 if (! ref2->is_resolved) 327 resolve_ref (ref2); 328 return ref1->data.klass == ref2->data.klass; 329} 330 331/* Merge REF1 type into REF2, returning the result. This will 332 return REF2 if all the classes in THIS already appear in 333 REF2. */ 334static ref_intersection * 335merge_refs (ref_intersection *ref1, ref_intersection *ref2) 336{ 337 ref_intersection *tail = ref2; 338 for (; ref1 != NULL; ref1 = ref1->ref_next) 339 { 340 bool add = true; 341 ref_intersection *iter; 342 for (iter = ref2; iter != NULL; iter = iter->ref_next) 343 { 344 if (refs_equal (ref1, iter)) 345 { 346 add = false; 347 break; 348 } 349 } 350 351 if (add) 352 { 353 ref_intersection *new_tail = clone_ref (ref1); 354 new_tail->ref_next = tail; 355 tail = new_tail; 356 } 357 } 358 return tail; 359} 360 361/* See if an object of type SOURCE can be assigned to an object of 362 type TARGET. This might resolve classes in one chain or the other. */ 363static bool 364ref_compatible (ref_intersection *target, ref_intersection *source) 365{ 366 for (; target != NULL; target = target->ref_next) 367 { 368 ref_intersection *source_iter = source; 369 370 for (; source_iter != NULL; source_iter = source_iter->ref_next) 371 { 372 /* Avoid resolving if possible. */ 373 if (! target->is_resolved 374 && ! source_iter->is_resolved 375 && vfy_strings_equal (target->data.name, 376 source_iter->data.name)) 377 continue; 378 379 if (! target->is_resolved) 380 resolve_ref (target); 381 if (! source_iter->is_resolved) 382 resolve_ref (source_iter); 383 384 if (! vfy_is_assignable_from (target->data.klass, 385 source_iter->data.klass)) 386 return false; 387 } 388 } 389 390 return true; 391} 392 393static bool 394ref_isarray (ref_intersection *ref) 395{ 396 /* assert (ref_next == NULL); */ 397 if (ref->is_resolved) 398 return vfy_is_array (ref->data.klass); 399 else 400 return vfy_string_bytes (ref->data.name)[0] == '['; 401} 402 403static bool 404ref_isinterface (ref_intersection *ref) 405{ 406 /* assert (ref_next == NULL); */ 407 if (! ref->is_resolved) 408 resolve_ref (ref); 409 return vfy_is_interface (ref->data.klass); 410} 411 412static bool 413ref_isabstract (ref_intersection *ref) 414{ 415 /* assert (ref_next == NULL); */ 416 if (! ref->is_resolved) 417 resolve_ref (ref); 418 return vfy_is_abstract (ref->data.klass); 419} 420 421static vfy_jclass 422ref_getclass (ref_intersection *ref) 423{ 424 if (! ref->is_resolved) 425 resolve_ref (ref); 426 return ref->data.klass; 427} 428 429int 430ref_count_dimensions (ref_intersection *ref) 431{ 432 int ndims = 0; 433 if (ref->is_resolved) 434 { 435 vfy_jclass k = ref->data.klass; 436 while (vfy_is_array (k)) 437 { 438 k = vfy_get_component_type (k); 439 ++ndims; 440 } 441 } 442 else 443 { 444 const char *p = vfy_string_bytes (ref->data.name); 445 while (*p++ == '[') 446 ++ndims; 447 } 448 return ndims; 449} 450 451/* Return the type_val corresponding to a primitive signature 452 character. For instance `I' returns `int.class'. */ 453static type_val 454get_type_val_for_signature (char sig) 455{ 456 type_val rt; 457 switch (sig) 458 { 459 case 'Z': 460 rt = boolean_type; 461 break; 462 case 'B': 463 rt = byte_type; 464 break; 465 case 'C': 466 rt = char_type; 467 break; 468 case 'S': 469 rt = short_type; 470 break; 471 case 'I': 472 rt = int_type; 473 break; 474 case 'J': 475 rt = long_type; 476 break; 477 case 'F': 478 rt = float_type; 479 break; 480 case 'D': 481 rt = double_type; 482 break; 483 case 'V': 484 rt = void_type; 485 break; 486 default: 487 verify_fail ("invalid signature"); 488 return null_type; 489 } 490 return rt; 491} 492 493/* Return the type_val corresponding to a primitive class. */ 494static type_val 495get_type_val_for_primtype (vfy_jclass k) 496{ 497 return get_type_val_for_signature (vfy_get_primitive_char (k)); 498} 499 500/* The `type' class is used to represent a single type in the verifier. */ 501struct type 502{ 503 /* The type key. */ 504 type_val key; 505 506 /* For reference types, the representation of the type. */ 507 ref_intersection *klass; 508 509 /* This is used in two situations. 510 511 First, when constructing a new object, it is the PC of the 512 `new' instruction which created the object. We use the special 513 value UNINIT to mean that this is uninitialized. The special 514 value SELF is used for the case where the current method is 515 itself the <init> method. the special value EITHER is used 516 when we may optionally allow either an uninitialized or 517 initialized reference to match. 518 519 Second, when the key is return_address_type, this holds the PC 520 of the instruction following the `jsr'. */ 521 int pc; 522 523#define UNINIT -2 524#define SELF -1 525#define EITHER -3 526}; 527 528/* Make a new instance given the type tag. We assume a generic 529 `reference_type' means Object. */ 530static void 531init_type_from_tag (type *t, type_val k) 532{ 533 t->key = k; 534 /* For reference_type, if KLASS==NULL then that means we are 535 looking for a generic object of any kind, including an 536 uninitialized reference. */ 537 t->klass = NULL; 538 t->pc = UNINIT; 539} 540 541/* Make a type for the given type_val tag K. */ 542static type 543make_type (type_val k) 544{ 545 type t; 546 init_type_from_tag (&t, k); 547 return t; 548} 549 550/* Make a new instance given a class. */ 551static void 552init_type_from_class (type *t, vfy_jclass k) 553{ 554 t->key = reference_type; 555 t->klass = make_ref (); 556 t->klass->is_resolved = true; 557 t->klass->data.klass = k; 558 t->klass->ref_next = NULL; 559 t->pc = UNINIT; 560} 561 562static type 563make_type_from_class (vfy_jclass k) 564{ 565 type t; 566 init_type_from_class (&t, k); 567 return t; 568} 569 570static void 571init_type_from_string (type *t, vfy_string n) 572{ 573 t->key = reference_type; 574 t->klass = make_ref (); 575 t->klass->is_resolved = false; 576 t->klass->data.name = n; 577 t->klass->ref_next = NULL; 578 t->pc = UNINIT; 579} 580 581static type 582make_type_from_string (vfy_string n) 583{ 584 type t; 585 init_type_from_string (&t, n); 586 return t; 587} 588 589/* Promote a numeric type. */ 590static void 591vfy_promote_type (type *t) 592{ 593 if (t->key == boolean_type || t->key == char_type 594 || t->key == byte_type || t->key == short_type) 595 t->key = int_type; 596} 597#define promote_type vfy_promote_type 598 599/* Mark this type as the uninitialized result of `new'. */ 600static void 601type_set_uninitialized (type *t, int npc) 602{ 603 if (t->key == reference_type) 604 t->key = uninitialized_reference_type; 605 else 606 verify_fail ("internal error in type::uninitialized"); 607 t->pc = npc; 608} 609 610/* Mark this type as now initialized. */ 611static void 612type_set_initialized (type *t, int npc) 613{ 614 if (npc != UNINIT && t->pc == npc && t->key == uninitialized_reference_type) 615 { 616 t->key = reference_type; 617 t->pc = UNINIT; 618 } 619} 620 621/* Mark this type as a particular return address. */ 622static void type_set_return_address (type *t, int npc) 623{ 624 t->pc = npc; 625} 626 627/* Return true if this type and type OTHER are considered 628 mergeable for the purposes of state merging. This is related 629 to subroutine handling. For this purpose two types are 630 considered unmergeable if they are both return-addresses but 631 have different PCs. */ 632static bool 633type_state_mergeable_p (type *t1, type *t2) 634{ 635 return (t1->key != return_address_type 636 || t2->key != return_address_type 637 || t1->pc == t2->pc); 638} 639 640/* Return true if an object of type K can be assigned to a variable 641 of type T. Handle various special cases too. Might modify 642 T or K. Note however that this does not perform numeric 643 promotion. */ 644static bool 645types_compatible (type *t, type *k) 646{ 647 /* Any type is compatible with the unsuitable type. */ 648 if (k->key == unsuitable_type) 649 return true; 650 651 if (t->key < reference_type || k->key < reference_type) 652 return t->key == k->key; 653 654 /* The `null' type is convertible to any initialized reference 655 type. */ 656 if (t->key == null_type) 657 return k->key != uninitialized_reference_type; 658 if (k->key == null_type) 659 return t->key != uninitialized_reference_type; 660 661 /* A special case for a generic reference. */ 662 if (t->klass == NULL) 663 return true; 664 if (k->klass == NULL) 665 verify_fail ("programmer error in type::compatible"); 666 667 /* Handle the special 'EITHER' case, which is only used in a 668 special case of 'putfield'. Note that we only need to handle 669 this on the LHS of a check. */ 670 if (! type_initialized (t) && t->pc == EITHER) 671 { 672 /* If the RHS is uninitialized, it must be an uninitialized 673 'this'. */ 674 if (! type_initialized (k) && k->pc != SELF) 675 return false; 676 } 677 else if (type_initialized (t) != type_initialized (k)) 678 { 679 /* An initialized type and an uninitialized type are not 680 otherwise compatible. */ 681 return false; 682 } 683 else 684 { 685 /* Two uninitialized objects are compatible if either: 686 * The PCs are identical, or 687 * One PC is UNINIT. */ 688 if (type_initialized (t)) 689 { 690 if (t->pc != k->pc && t->pc != UNINIT && k->pc != UNINIT) 691 return false; 692 } 693 } 694 695 return ref_compatible (t->klass, k->klass); 696} 697 698/* Return true if two types are equal. Only valid for reference 699 types. */ 700static bool 701types_equal (type *t1, type *t2) 702{ 703 if ((t1->key != reference_type && t1->key != uninitialized_reference_type) 704 || (t2->key != reference_type 705 && t2->key != uninitialized_reference_type)) 706 return false; 707 /* Only single-ref types are allowed. */ 708 if (t1->klass->ref_next || t2->klass->ref_next) 709 return false; 710 return refs_equal (t1->klass, t2->klass); 711} 712 713static bool 714type_isvoid (type *t) 715{ 716 return t->key == void_type; 717} 718 719static bool 720type_iswide (type *t) 721{ 722 return t->key == long_type || t->key == double_type; 723} 724 725/* Return number of stack or local variable slots taken by this type. */ 726static int 727type_depth (type *t) 728{ 729 return type_iswide (t) ? 2 : 1; 730} 731 732static bool 733type_isarray (type *t) 734{ 735 /* We treat null_type as not an array. This is ok based on the 736 current uses of this method. */ 737 if (t->key == reference_type) 738 return ref_isarray (t->klass); 739 return false; 740} 741 742static bool 743type_isnull (type *t) 744{ 745 return t->key == null_type; 746} 747 748static bool 749type_isinterface (type *t) 750{ 751 if (t->key != reference_type) 752 return false; 753 return ref_isinterface (t->klass); 754} 755 756static bool 757type_isabstract (type *t) 758{ 759 if (t->key != reference_type) 760 return false; 761 return ref_isabstract (t->klass); 762} 763 764/* Return the element type of an array. */ 765static type 766type_array_element (type *t) 767{ 768 type et; 769 vfy_jclass k; 770 771 if (t->key != reference_type) 772 verify_fail ("programmer error in type::element_type()"); 773 774 k = vfy_get_component_type (ref_getclass (t->klass)); 775 if (vfy_is_primitive (k)) 776 init_type_from_tag (&et, get_type_val_for_primtype (k)); 777 else 778 init_type_from_class (&et, k); 779 return et; 780} 781 782/* Return the array type corresponding to an initialized 783 reference. We could expand this to work for other kinds of 784 types, but currently we don't need to. */ 785static type 786type_to_array (type *t) 787{ 788 type at; 789 vfy_jclass k; 790 791 if (t->key != reference_type) 792 verify_fail ("internal error in type::to_array()"); 793 794 k = ref_getclass (t->klass); 795 init_type_from_class (&at, vfy_get_array_class (k)); 796 return at; 797} 798 799static bool 800type_isreference (type *t) 801{ 802 return t->key >= reference_type; 803} 804 805static int 806type_get_pc (type *t) 807{ 808 return t->pc; 809} 810 811bool 812type_initialized (type *t) 813{ 814 return t->key == reference_type || t->key == null_type; 815} 816 817static void 818type_verify_dimensions (type *t, int ndims) 819{ 820 /* The way this is written, we don't need to check isarray(). */ 821 if (t->key != reference_type) 822 verify_fail ("internal error in verify_dimensions:" 823 " not a reference type"); 824 825 if (ref_count_dimensions (t->klass) < ndims) 826 verify_fail ("array type has fewer dimensions" 827 " than required"); 828} 829 830/* Merge OLD_TYPE into this. On error throw exception. Return 831 true if the merge caused a type change. */ 832static bool 833merge_types (type *t, type *old_type, bool local_semantics) 834{ 835 bool changed = false; 836 bool refo = type_isreference (old_type); 837 bool refn = type_isreference (t); 838 if (refo && refn) 839 { 840 if (old_type->key == null_type) 841 ; 842 else if (t->key == null_type) 843 { 844 *t = *old_type; 845 changed = true; 846 } 847 else if (type_initialized (t) != type_initialized (old_type)) 848 verify_fail ("merging initialized and uninitialized types"); 849 else 850 { 851 ref_intersection *merged; 852 if (! type_initialized (t)) 853 { 854 if (t->pc == UNINIT) 855 t->pc = old_type->pc; 856 else if (old_type->pc == UNINIT) 857 ; 858 else if (t->pc != old_type->pc) 859 verify_fail ("merging different uninitialized types"); 860 } 861 862 merged = merge_refs (old_type->klass, t->klass); 863 if (merged != t->klass) 864 { 865 t->klass = merged; 866 changed = true; 867 } 868 } 869 } 870 else if (refo || refn || t->key != old_type->key) 871 { 872 if (local_semantics) 873 { 874 /* If we already have an `unsuitable' type, then we 875 don't need to change again. */ 876 if (t->key != unsuitable_type) 877 { 878 t->key = unsuitable_type; 879 changed = true; 880 } 881 } 882 else 883 verify_fail ("unmergeable type"); 884 } 885 return changed; 886} 887 888#ifdef VERIFY_DEBUG 889static void 890type_print (type *t) 891{ 892 char c = '?'; 893 switch (t->key) 894 { 895 case boolean_type: c = 'Z'; break; 896 case byte_type: c = 'B'; break; 897 case char_type: c = 'C'; break; 898 case short_type: c = 'S'; break; 899 case int_type: c = 'I'; break; 900 case long_type: c = 'J'; break; 901 case float_type: c = 'F'; break; 902 case double_type: c = 'D'; break; 903 case void_type: c = 'V'; break; 904 case unsuitable_type: c = '-'; break; 905 case return_address_type: c = 'r'; break; 906 case continuation_type: c = '+'; break; 907 case reference_type: c = 'L'; break; 908 case null_type: c = '@'; break; 909 case uninitialized_reference_type: c = 'U'; break; 910 } 911 debug_print ("%c", c); 912} 913#endif /* VERIFY_DEBUG */ 914 915/* This class holds all the state information we need for a given 916 location. */ 917struct state 918{ 919 /* The current top of the stack, in terms of slots. */ 920 int stacktop; 921 /* The current depth of the stack. This will be larger than 922 STACKTOP when wide types are on the stack. */ 923 int stackdepth; 924 /* The stack. */ 925 type *stack; 926 /* The local variables. */ 927 type *locals; 928 /* We keep track of the type of `this' specially. This is used to 929 ensure that an instance initializer invokes another initializer 930 on `this' before returning. We must keep track of this 931 specially because otherwise we might be confused by code which 932 assigns to locals[0] (overwriting `this') and then returns 933 without really initializing. */ 934 type this_type; 935 936 /* The PC for this state. This is only valid on states which are 937 permanently attached to a given PC. For an object like 938 `current_state', which is used transiently, this has no 939 meaning. */ 940 int pc; 941 /* We keep a linked list of all states requiring reverification. 942 If this is the special value INVALID_STATE then this state is 943 not on the list. NULL marks the end of the linked list. */ 944 state *next; 945}; 946 947/* NO_NEXT is the PC value meaning that a new state must be 948 acquired from the verification list. */ 949#define NO_NEXT -1 950 951static void 952init_state_with_stack (state *s, int max_stack, int max_locals) 953{ 954 int i; 955 s->stacktop = 0; 956 s->stackdepth = 0; 957 s->stack = (type *) vfy_alloc (max_stack * sizeof (type)); 958 for (i = 0; i < max_stack; ++i) 959 init_type_from_tag (&s->stack[i], unsuitable_type); 960 s->locals = (type *) vfy_alloc (max_locals * sizeof (type)); 961 for (i = 0; i < max_locals; ++i) 962 init_type_from_tag (&s->locals[i], unsuitable_type); 963 init_type_from_tag (&s->this_type, unsuitable_type); 964 s->pc = NO_NEXT; 965 s->next = INVALID_STATE; 966} 967 968static void 969copy_state (state *s, state *copy, int max_stack, int max_locals) 970{ 971 int i; 972 s->stacktop = copy->stacktop; 973 s->stackdepth = copy->stackdepth; 974 for (i = 0; i < max_stack; ++i) 975 s->stack[i] = copy->stack[i]; 976 for (i = 0; i < max_locals; ++i) 977 s->locals[i] = copy->locals[i]; 978 979 s->this_type = copy->this_type; 980 /* Don't modify `next' or `pc'. */ 981} 982 983static void 984copy_state_with_stack (state *s, state *orig, int max_stack, int max_locals) 985{ 986 init_state_with_stack (s, max_stack, max_locals); 987 copy_state (s, orig, max_stack, max_locals); 988} 989 990/* Allocate a new state, copying ORIG. */ 991static state * 992make_state_copy (state *orig, int max_stack, int max_locals) 993{ 994 state *s = (state *) vfy_alloc (sizeof (state)); 995 copy_state_with_stack (s, orig, max_stack, max_locals); 996 return s; 997} 998 999static state * 1000make_state (int max_stack, int max_locals) 1001{ 1002 state *s = (state *) vfy_alloc (sizeof (state)); 1003 init_state_with_stack (s, max_stack, max_locals); 1004 return s; 1005} 1006 1007static void 1008free_state (state *s) 1009{ 1010 if (s->stack != NULL) 1011 vfy_free (s->stack); 1012 if (s->locals != NULL) 1013 vfy_free (s->locals); 1014} 1015 1016/* Modify this state to reflect entry to an exception handler. */ 1017static void 1018state_set_exception (state *s, type *t, int max_stack) 1019{ 1020 int i; 1021 s->stackdepth = 1; 1022 s->stacktop = 1; 1023 s->stack[0] = *t; 1024 for (i = s->stacktop; i < max_stack; ++i) 1025 init_type_from_tag (&s->stack[i], unsuitable_type); 1026} 1027 1028/* Merge STATE_OLD into this state. Destructively modifies this 1029 state. Returns true if the new state was in fact changed. 1030 Will throw an exception if the states are not mergeable. */ 1031static bool 1032merge_states (state *s, state *state_old, int max_locals) 1033{ 1034 int i; 1035 bool changed = false; 1036 1037 /* Special handling for `this'. If one or the other is 1038 uninitialized, then the merge is uninitialized. */ 1039 if (type_initialized (&s->this_type)) 1040 s->this_type = state_old->this_type; 1041 1042 /* Merge stacks. */ 1043 if (state_old->stacktop != s->stacktop) /* FIXME stackdepth instead? */ 1044 verify_fail ("stack sizes differ"); 1045 for (i = 0; i < state_old->stacktop; ++i) 1046 { 1047 if (merge_types (&s->stack[i], &state_old->stack[i], false)) 1048 changed = true; 1049 } 1050 1051 /* Merge local variables. */ 1052 for (i = 0; i < max_locals; ++i) 1053 { 1054 if (merge_types (&s->locals[i], &state_old->locals[i], true)) 1055 changed = true; 1056 } 1057 1058 return changed; 1059} 1060 1061/* Ensure that `this' has been initialized. */ 1062static void 1063state_check_this_initialized (state *s) 1064{ 1065 if (type_isreference (&s->this_type) && ! type_initialized (&s->this_type)) 1066 verify_fail ("`this' is uninitialized"); 1067} 1068 1069/* Set type of `this'. */ 1070static void 1071state_set_this_type (state *s, type *k) 1072{ 1073 s->this_type = *k; 1074} 1075 1076/* Mark each `new'd object we know of that was allocated at PC as 1077 initialized. */ 1078static void 1079state_set_initialized (state *s, int pc, int max_locals) 1080{ 1081 int i; 1082 for (i = 0; i < s->stacktop; ++i) 1083 type_set_initialized (&s->stack[i], pc); 1084 for (i = 0; i < max_locals; ++i) 1085 type_set_initialized (&s->locals[i], pc); 1086 type_set_initialized (&s->this_type, pc); 1087} 1088 1089/* This tests to see whether two states can be considered "merge 1090 compatible". If both states have a return-address in the same 1091 slot, and the return addresses are different, then they are not 1092 compatible and we must not try to merge them. */ 1093static bool 1094state_mergeable_p (state *s, state *other, int max_locals) 1095 1096{ 1097 int i; 1098 1099 /* This is tricky: if the stack sizes differ, then not only are 1100 these not mergeable, but in fact we should give an error, as 1101 we've found two execution paths that reach a branch target 1102 with different stack depths. FIXME stackdepth instead? */ 1103 if (s->stacktop != other->stacktop) 1104 verify_fail ("stack sizes differ"); 1105 1106 for (i = 0; i < s->stacktop; ++i) 1107 if (! type_state_mergeable_p (&s->stack[i], &other->stack[i])) 1108 return false; 1109 for (i = 0; i < max_locals; ++i) 1110 if (! type_state_mergeable_p (&s->locals[i], &other->locals[i])) 1111 return false; 1112 return true; 1113} 1114 1115static void 1116state_reverify (state *s) 1117{ 1118 if (s->next == INVALID_STATE) 1119 { 1120 s->next = vfr->next_verify_state; 1121 vfr->next_verify_state = s; 1122 } 1123} 1124 1125#ifdef VERIFY_DEBUG 1126static void 1127debug_print_state (state *s, const char *leader, int pc, int max_stack, 1128 int max_locals) 1129{ 1130 int i; 1131 debug_print ("%s [%4d]: [stack] ", leader, pc); 1132 for (i = 0; i < s->stacktop; ++i) 1133 type_print (&s->stack[i]); 1134 for (; i < max_stack; ++i) 1135 debug_print ("."); 1136 debug_print (" [local] "); 1137 for (i = 0; i < max_locals; ++i) 1138 type_print (&s->locals[i]); 1139 debug_print (" | %p\n", s); 1140} 1141#else 1142static void 1143debug_print_state (state *s ATTRIBUTE_UNUSED, 1144 const char *leader ATTRIBUTE_UNUSED, 1145 int pc ATTRIBUTE_UNUSED, int max_stack ATTRIBUTE_UNUSED, 1146 int max_locals ATTRIBUTE_UNUSED) 1147{ 1148} 1149#endif /* VERIFY_DEBUG */ 1150 1151static type 1152pop_raw (void) 1153{ 1154 type r; 1155 state *s = vfr->current_state; 1156 if (s->stacktop <= 0) 1157 verify_fail ("stack empty"); 1158 r = s->stack[--s->stacktop]; 1159 s->stackdepth -= type_depth (&r); 1160 if (s->stackdepth < 0) 1161 verify_fail_pc ("stack empty", vfr->start_PC); 1162 return r; 1163} 1164 1165static type 1166pop32 (void) 1167{ 1168 type r = pop_raw (); 1169 if (type_iswide (&r)) 1170 verify_fail ("narrow pop of wide type"); 1171 return r; 1172} 1173 1174static type 1175vfy_pop_type_t (type match) 1176{ 1177 type t; 1178 vfy_promote_type (&match); 1179 t = pop_raw (); 1180 if (! types_compatible (&match, &t)) 1181 verify_fail ("incompatible type on stack"); 1182 return t; 1183} 1184 1185static type 1186vfy_pop_type (type_val match) 1187{ 1188 type t = make_type (match); 1189 return vfy_pop_type_t (t); 1190} 1191 1192#define pop_type vfy_pop_type 1193#define pop_type_t vfy_pop_type_t 1194 1195/* Pop a reference which is guaranteed to be initialized. MATCH 1196 doesn't have to be a reference type; in this case this acts like 1197 pop_type. */ 1198static type 1199pop_init_ref_t (type match) 1200{ 1201 type t = pop_raw (); 1202 if (type_isreference (&t) && ! type_initialized (&t)) 1203 verify_fail ("initialized reference required"); 1204 else if (! types_compatible (&match, &t)) 1205 verify_fail ("incompatible type on stack"); 1206 return t; 1207} 1208 1209static type 1210pop_init_ref (type_val match) 1211{ 1212 type t = make_type (match); 1213 return pop_init_ref_t (t); 1214} 1215 1216/* Pop a reference type or a return address. */ 1217static type 1218pop_ref_or_return (void) 1219{ 1220 type t = pop_raw (); 1221 if (! type_isreference (&t) && t.key != return_address_type) 1222 verify_fail ("expected reference or return address on stack"); 1223 return t; 1224} 1225 1226static void 1227vfy_push_type_t (type t) 1228{ 1229 int depth; 1230 state *s = vfr->current_state; 1231 /* If T is a numeric type like short, promote it to int. */ 1232 promote_type (&t); 1233 1234 depth = type_depth (&t); 1235 1236 if (s->stackdepth + depth > vfr->current_method->max_stack) 1237 verify_fail ("stack overflow"); 1238 s->stack[s->stacktop++] = t; 1239 s->stackdepth += depth; 1240} 1241 1242static void 1243vfy_push_type (type_val tval) 1244{ 1245 type t = make_type (tval); 1246 vfy_push_type_t (t); 1247} 1248 1249#define push_type vfy_push_type 1250#define push_type_t vfy_push_type_t 1251 1252static void 1253set_variable (int index, type t) 1254{ 1255 int depth; 1256 state *s = vfr->current_state; 1257 /* If T is a numeric type like short, promote it to int. */ 1258 promote_type (&t); 1259 1260 depth = type_depth (&t); 1261 if (index > vfr->current_method->max_locals - depth) 1262 verify_fail ("invalid local variable"); 1263 s->locals[index] = t; 1264 1265 if (depth == 2) 1266 init_type_from_tag (&s->locals[index + 1], continuation_type); 1267 if (index > 0 && type_iswide (&s->locals[index - 1])) 1268 init_type_from_tag (&s->locals[index - 1], unsuitable_type); 1269} 1270 1271static type 1272get_variable_t (int index, type *t) 1273{ 1274 state *s = vfr->current_state; 1275 int depth = type_depth (t); 1276 if (index > vfr->current_method->max_locals - depth) 1277 verify_fail ("invalid local variable"); 1278 if (! types_compatible (t, &s->locals[index])) 1279 verify_fail ("incompatible type in local variable"); 1280 if (depth == 2) 1281 { 1282 type cont = make_type (continuation_type); 1283 if (! types_compatible (&s->locals[index + 1], &cont)) 1284 verify_fail ("invalid local variable"); 1285 } 1286 return s->locals[index]; 1287} 1288 1289static type 1290get_variable (int index, type_val v) 1291{ 1292 type t = make_type (v); 1293 return get_variable_t (index, &t); 1294} 1295 1296/* Make sure ARRAY is an array type and that its elements are 1297 compatible with type ELEMENT. Returns the actual element type. */ 1298static type 1299require_array_type_t (type array, type element) 1300{ 1301 type t; 1302 /* An odd case. Here we just pretend that everything went ok. If 1303 the requested element type is some kind of reference, return 1304 the null type instead. */ 1305 if (type_isnull (&array)) 1306 return type_isreference (&element) ? make_type (null_type) : element; 1307 1308 if (! type_isarray (&array)) 1309 verify_fail ("array required"); 1310 1311 t = type_array_element (&array); 1312 if (! types_compatible (&element, &t)) 1313 { 1314 /* Special case for byte arrays, which must also be boolean 1315 arrays. */ 1316 bool ok = true; 1317 if (element.key == byte_type) 1318 { 1319 type e2 = make_type (boolean_type); 1320 ok = types_compatible (&e2, &t); 1321 } 1322 if (! ok) 1323 verify_fail ("incompatible array element type"); 1324 } 1325 1326 /* Return T and not ELEMENT, because T might be specialized. */ 1327 return t; 1328} 1329 1330static type 1331require_array_type (type array, type_val element) 1332{ 1333 type t = make_type (element); 1334 return require_array_type_t (array, t); 1335} 1336 1337static jint 1338get_byte (void) 1339{ 1340 if (vfr->PC >= vfr->current_method->code_length) 1341 verify_fail ("premature end of bytecode"); 1342 return (jint) vfr->bytecode[vfr->PC++] & 0xff; 1343} 1344 1345static jint 1346get_ushort (void) 1347{ 1348 jint b1 = get_byte (); 1349 jint b2 = get_byte (); 1350 return (jint) ((b1 << 8) | b2) & 0xffff; 1351} 1352 1353static jint 1354get_short (void) 1355{ 1356 signed char b1 = (signed char) get_byte (); 1357 jint b2 = get_byte (); 1358 jshort s = (b1 << 8) | b2; 1359 return (jint) s; 1360} 1361 1362static jint 1363get_int (void) 1364{ 1365 jint b1 = get_byte (); 1366 jint b2 = get_byte (); 1367 jint b3 = get_byte (); 1368 jint b4 = get_byte (); 1369 jword result = (b1 << 24) | (b2 << 16) | (b3 << 8) | b4; 1370 /* In the compiler, 'jint' might have more than 32 bits, so we must 1371 sign extend. */ 1372 return WORD_TO_INT (result); 1373} 1374 1375static int 1376compute_jump (int offset) 1377{ 1378 int npc = vfr->start_PC + offset; 1379 if (npc < 0 || npc >= vfr->current_method->code_length) 1380 verify_fail_pc ("branch out of range", vfr->start_PC); 1381 return npc; 1382} 1383 1384/* Add a new state to the state list at NPC. */ 1385static state * 1386add_new_state (int npc, state *old_state) 1387{ 1388 state_list *nlink; 1389 vfy_method *current_method = vfr->current_method; 1390 state *new_state = make_state_copy (old_state, current_method->max_stack, 1391 current_method->max_locals); 1392 debug_print ("== New state in add_new_state\n"); 1393 debug_print_state (new_state, "New", npc, current_method->max_stack, 1394 current_method->max_locals); 1395 1396 nlink = (state_list *) vfy_alloc (sizeof (state_list)); 1397 nlink->val = new_state; 1398 nlink->next = vfr->states[npc]; 1399 vfr->states[npc] = nlink; 1400 new_state->pc = npc; 1401 return new_state; 1402} 1403 1404/* Merge the indicated state into the state at the branch target and 1405 schedule a new PC if there is a change. NPC is the PC of the 1406 branch target, and FROM_STATE is the state at the source of the 1407 branch. This method returns true if the destination state 1408 changed and requires reverification, false otherwise. */ 1409static void 1410merge_into (int npc, state *from_state) 1411{ 1412 /* Iterate over all target states and merge our state into each, 1413 if applicable. FIXME one improvement we could make here is 1414 "state destruction". Merging a new state into an existing one 1415 might cause a return_address_type to be merged to 1416 unsuitable_type. In this case the resulting state may now be 1417 mergeable with other states currently held in parallel at this 1418 location. So in this situation we could pairwise compare and 1419 reduce the number of parallel states. */ 1420 state_list *iter; 1421 bool applicable = false; 1422 for (iter = vfr->states[npc]; iter != NULL; iter = iter->next) 1423 { 1424 state *new_state = iter->val; 1425 vfy_method *current_method = vfr->current_method; 1426 1427 if (state_mergeable_p (new_state, from_state, 1428 current_method->max_locals)) 1429 { 1430 bool changed; 1431 applicable = true; 1432 1433 debug_print ("== Merge states in merge_into\n"); 1434 debug_print_state (from_state, "Frm", vfr->start_PC, current_method->max_stack, 1435 current_method->max_locals); 1436 debug_print_state (new_state, " To", npc, current_method->max_stack, 1437 current_method->max_locals); 1438 changed = merge_states (new_state, from_state, 1439 current_method->max_locals); 1440 debug_print_state (new_state, "New", npc, current_method->max_stack, 1441 current_method->max_locals); 1442 1443 if (changed) 1444 state_reverify (new_state); 1445 } 1446 } 1447 1448 if (! applicable) 1449 { 1450 /* Either we don't yet have a state at NPC, or we have a 1451 return-address type that is in conflict with all existing 1452 state. So, we need to create a new entry. */ 1453 state *new_state = add_new_state (npc, from_state); 1454 /* A new state added in this way must always be reverified. */ 1455 state_reverify (new_state); 1456 } 1457} 1458 1459static void 1460push_jump (int offset) 1461{ 1462 int npc = compute_jump (offset); 1463 /* According to the JVM Spec, we need to check for uninitialized 1464 objects here. However, this does not actually affect type 1465 safety, and the Eclipse java compiler generates code that 1466 violates this constraint. */ 1467 merge_into (npc, vfr->current_state); 1468} 1469 1470static void 1471push_exception_jump (type t, int pc) 1472{ 1473 state s; 1474 /* According to the JVM Spec, we need to check for uninitialized 1475 objects here. However, this does not actually affect type 1476 safety, and the Eclipse java compiler generates code that 1477 violates this constraint. */ 1478 copy_state_with_stack (&s, vfr->current_state, 1479 vfr->current_method->max_stack, 1480 vfr->current_method->max_locals); 1481 if (vfr->current_method->max_stack < 1) 1482 verify_fail ("stack overflow at exception handler"); 1483 state_set_exception (&s, &t, vfr->current_method->max_stack); 1484 merge_into (pc, &s); 1485 /* FIXME: leak.. need free_state or GC */ 1486} 1487 1488static state * 1489pop_jump (void) 1490{ 1491 state *new_state = vfr->next_verify_state; 1492 if (new_state == INVALID_STATE) 1493 verify_fail ("programmer error in pop_jump"); 1494 if (new_state != NULL) 1495 { 1496 vfr->next_verify_state = new_state->next; 1497 new_state->next = INVALID_STATE; 1498 } 1499 return new_state; 1500} 1501 1502static void 1503invalidate_pc (void) 1504{ 1505 vfr->PC = NO_NEXT; 1506} 1507 1508static void 1509note_branch_target (int pc) 1510{ 1511 /* Don't check `pc <= PC', because we've advanced PC after 1512 fetching the target and we haven't yet checked the next 1513 instruction. */ 1514 if (pc < vfr->PC && ! (vfr->flags[pc] & FLAG_INSN_START)) 1515 verify_fail_pc ("branch not to instruction start", vfr->start_PC); 1516 vfr->flags[pc] |= FLAG_BRANCH_TARGET; 1517} 1518 1519static void 1520skip_padding (void) 1521{ 1522 while ((vfr->PC % 4) > 0) 1523 if (get_byte () != 0) 1524 verify_fail ("found nonzero padding byte"); 1525} 1526 1527/* Do the work for a `ret' instruction. INDEX is the index into the 1528 local variables. */ 1529static void 1530handle_ret_insn (int index) 1531{ 1532 type ret = make_type (return_address_type); 1533 type ret_addr = get_variable_t (index, &ret); 1534 /* It would be nice if we could do this. However, the JVM Spec 1535 doesn't say that this is what happens. It is implied that 1536 reusing a return address is invalid, but there's no actual 1537 prohibition against it. */ 1538 /* set_variable (index, unsuitable_type); */ 1539 1540 int npc = type_get_pc (&ret_addr); 1541 /* We might be returning to a `jsr' that is at the end of the 1542 bytecode. This is ok if we never return from the called 1543 subroutine, but if we see this here it is an error. */ 1544 if (npc >= vfr->current_method->code_length) 1545 verify_fail ("fell off end"); 1546 1547 /* According to the JVM Spec, we need to check for uninitialized 1548 objects here. However, this does not actually affect type 1549 safety, and the Eclipse java compiler generates code that 1550 violates this constraint. */ 1551 merge_into (npc, vfr->current_state); 1552 invalidate_pc (); 1553} 1554 1555static void handle_jsr_insn (int offset) 1556{ 1557 type ret_addr; 1558 int npc = compute_jump (offset); 1559 1560 /* According to the JVM Spec, we need to check for uninitialized 1561 objects here. However, this does not actually affect type 1562 safety, and the Eclipse java compiler generates code that 1563 violates this constraint. */ 1564 1565 /* Modify our state as appropriate for entry into a subroutine. */ 1566 ret_addr = make_type (return_address_type); 1567 type_set_return_address (&ret_addr, vfr->PC); 1568 vfy_push_type_t (ret_addr); 1569 merge_into (npc, vfr->current_state); 1570 invalidate_pc (); 1571} 1572 1573static vfy_jclass 1574construct_primitive_array_type (type_val prim) 1575{ 1576 vfy_jclass k = NULL; 1577 switch (prim) 1578 { 1579 case boolean_type: 1580 case char_type: 1581 case float_type: 1582 case double_type: 1583 case byte_type: 1584 case short_type: 1585 case int_type: 1586 case long_type: 1587 k = vfy_get_primitive_type ((int) prim); 1588 break; 1589 1590 /* These aren't used here but we call them out to avoid 1591 warnings. */ 1592 case void_type: 1593 case unsuitable_type: 1594 case return_address_type: 1595 case continuation_type: 1596 case reference_type: 1597 case null_type: 1598 case uninitialized_reference_type: 1599 default: 1600 verify_fail ("unknown type in construct_primitive_array_type"); 1601 } 1602 k = vfy_get_array_class (k); 1603 return k; 1604} 1605 1606/* This pass computes the location of branch targets and also 1607 instruction starts. */ 1608static void 1609branch_prepass (void) 1610{ 1611 int i, pc; 1612 vfr->flags = (char *) vfy_alloc (vfr->current_method->code_length); 1613 1614 for (i = 0; i < vfr->current_method->code_length; ++i) 1615 vfr->flags[i] = 0; 1616 1617 vfr->PC = 0; 1618 while (vfr->PC < vfr->current_method->code_length) 1619 { 1620 java_opcode opcode; 1621 /* Set `start_PC' early so that error checking can have the 1622 correct value. */ 1623 vfr->start_PC = vfr->PC; 1624 vfr->flags[vfr->PC] |= FLAG_INSN_START; 1625 1626 opcode = (java_opcode) vfr->bytecode[vfr->PC++]; 1627 switch (opcode) 1628 { 1629 case op_nop: 1630 case op_aconst_null: 1631 case op_iconst_m1: 1632 case op_iconst_0: 1633 case op_iconst_1: 1634 case op_iconst_2: 1635 case op_iconst_3: 1636 case op_iconst_4: 1637 case op_iconst_5: 1638 case op_lconst_0: 1639 case op_lconst_1: 1640 case op_fconst_0: 1641 case op_fconst_1: 1642 case op_fconst_2: 1643 case op_dconst_0: 1644 case op_dconst_1: 1645 case op_iload_0: 1646 case op_iload_1: 1647 case op_iload_2: 1648 case op_iload_3: 1649 case op_lload_0: 1650 case op_lload_1: 1651 case op_lload_2: 1652 case op_lload_3: 1653 case op_fload_0: 1654 case op_fload_1: 1655 case op_fload_2: 1656 case op_fload_3: 1657 case op_dload_0: 1658 case op_dload_1: 1659 case op_dload_2: 1660 case op_dload_3: 1661 case op_aload_0: 1662 case op_aload_1: 1663 case op_aload_2: 1664 case op_aload_3: 1665 case op_iaload: 1666 case op_laload: 1667 case op_faload: 1668 case op_daload: 1669 case op_aaload: 1670 case op_baload: 1671 case op_caload: 1672 case op_saload: 1673 case op_istore_0: 1674 case op_istore_1: 1675 case op_istore_2: 1676 case op_istore_3: 1677 case op_lstore_0: 1678 case op_lstore_1: 1679 case op_lstore_2: 1680 case op_lstore_3: 1681 case op_fstore_0: 1682 case op_fstore_1: 1683 case op_fstore_2: 1684 case op_fstore_3: 1685 case op_dstore_0: 1686 case op_dstore_1: 1687 case op_dstore_2: 1688 case op_dstore_3: 1689 case op_astore_0: 1690 case op_astore_1: 1691 case op_astore_2: 1692 case op_astore_3: 1693 case op_iastore: 1694 case op_lastore: 1695 case op_fastore: 1696 case op_dastore: 1697 case op_aastore: 1698 case op_bastore: 1699 case op_castore: 1700 case op_sastore: 1701 case op_pop: 1702 case op_pop2: 1703 case op_dup: 1704 case op_dup_x1: 1705 case op_dup_x2: 1706 case op_dup2: 1707 case op_dup2_x1: 1708 case op_dup2_x2: 1709 case op_swap: 1710 case op_iadd: 1711 case op_isub: 1712 case op_imul: 1713 case op_idiv: 1714 case op_irem: 1715 case op_ishl: 1716 case op_ishr: 1717 case op_iushr: 1718 case op_iand: 1719 case op_ior: 1720 case op_ixor: 1721 case op_ladd: 1722 case op_lsub: 1723 case op_lmul: 1724 case op_ldiv: 1725 case op_lrem: 1726 case op_lshl: 1727 case op_lshr: 1728 case op_lushr: 1729 case op_land: 1730 case op_lor: 1731 case op_lxor: 1732 case op_fadd: 1733 case op_fsub: 1734 case op_fmul: 1735 case op_fdiv: 1736 case op_frem: 1737 case op_dadd: 1738 case op_dsub: 1739 case op_dmul: 1740 case op_ddiv: 1741 case op_drem: 1742 case op_ineg: 1743 case op_i2b: 1744 case op_i2c: 1745 case op_i2s: 1746 case op_lneg: 1747 case op_fneg: 1748 case op_dneg: 1749 case op_i2l: 1750 case op_i2f: 1751 case op_i2d: 1752 case op_l2i: 1753 case op_l2f: 1754 case op_l2d: 1755 case op_f2i: 1756 case op_f2l: 1757 case op_f2d: 1758 case op_d2i: 1759 case op_d2l: 1760 case op_d2f: 1761 case op_lcmp: 1762 case op_fcmpl: 1763 case op_fcmpg: 1764 case op_dcmpl: 1765 case op_dcmpg: 1766 case op_monitorenter: 1767 case op_monitorexit: 1768 case op_ireturn: 1769 case op_lreturn: 1770 case op_freturn: 1771 case op_dreturn: 1772 case op_areturn: 1773 case op_return: 1774 case op_athrow: 1775 case op_arraylength: 1776 break; 1777 1778 case op_bipush: 1779 case op_ldc: 1780 case op_iload: 1781 case op_lload: 1782 case op_fload: 1783 case op_dload: 1784 case op_aload: 1785 case op_istore: 1786 case op_lstore: 1787 case op_fstore: 1788 case op_dstore: 1789 case op_astore: 1790 case op_ret: 1791 case op_newarray: 1792 get_byte (); 1793 break; 1794 1795 case op_iinc: 1796 case op_sipush: 1797 case op_ldc_w: 1798 case op_ldc2_w: 1799 case op_getstatic: 1800 case op_getfield: 1801 case op_putfield: 1802 case op_putstatic: 1803 case op_new: 1804 case op_anewarray: 1805 case op_instanceof: 1806 case op_checkcast: 1807 case op_invokespecial: 1808 case op_invokestatic: 1809 case op_invokevirtual: 1810 get_short (); 1811 break; 1812 1813 case op_multianewarray: 1814 get_short (); 1815 get_byte (); 1816 break; 1817 1818 case op_jsr: 1819 case op_ifeq: 1820 case op_ifne: 1821 case op_iflt: 1822 case op_ifge: 1823 case op_ifgt: 1824 case op_ifle: 1825 case op_if_icmpeq: 1826 case op_if_icmpne: 1827 case op_if_icmplt: 1828 case op_if_icmpge: 1829 case op_if_icmpgt: 1830 case op_if_icmple: 1831 case op_if_acmpeq: 1832 case op_if_acmpne: 1833 case op_ifnull: 1834 case op_ifnonnull: 1835 case op_goto: 1836 note_branch_target (compute_jump (get_short ())); 1837 break; 1838 1839 case op_tableswitch: 1840 { 1841 jint low, hi; 1842 skip_padding (); 1843 note_branch_target (compute_jump (get_int ())); 1844 low = get_int (); 1845 hi = get_int (); 1846 if (low > hi) 1847 verify_fail_pc ("invalid tableswitch", vfr->start_PC); 1848 for (i = low; i <= hi; ++i) 1849 note_branch_target (compute_jump (get_int ())); 1850 } 1851 break; 1852 1853 case op_lookupswitch: 1854 { 1855 int npairs; 1856 skip_padding (); 1857 note_branch_target (compute_jump (get_int ())); 1858 npairs = get_int (); 1859 if (npairs < 0) 1860 verify_fail_pc ("too few pairs in lookupswitch", vfr->start_PC); 1861 while (npairs-- > 0) 1862 { 1863 get_int (); 1864 note_branch_target (compute_jump (get_int ())); 1865 } 1866 } 1867 break; 1868 1869 case op_invokeinterface: 1870 get_short (); 1871 get_byte (); 1872 get_byte (); 1873 break; 1874 1875 case op_wide: 1876 { 1877 opcode = (java_opcode) get_byte (); 1878 get_short (); 1879 if (opcode == op_iinc) 1880 get_short (); 1881 } 1882 break; 1883 1884 case op_jsr_w: 1885 case op_goto_w: 1886 note_branch_target (compute_jump (get_int ())); 1887 break; 1888 1889#if 0 1890 /* These are unused here, but we call them out explicitly 1891 so that -Wswitch-enum doesn't complain. */ 1892 case op_putfield_1: 1893 case op_putfield_2: 1894 case op_putfield_4: 1895 case op_putfield_8: 1896 case op_putfield_a: 1897 case op_putstatic_1: 1898 case op_putstatic_2: 1899 case op_putstatic_4: 1900 case op_putstatic_8: 1901 case op_putstatic_a: 1902 case op_getfield_1: 1903 case op_getfield_2s: 1904 case op_getfield_2u: 1905 case op_getfield_4: 1906 case op_getfield_8: 1907 case op_getfield_a: 1908 case op_getstatic_1: 1909 case op_getstatic_2s: 1910 case op_getstatic_2u: 1911 case op_getstatic_4: 1912 case op_getstatic_8: 1913 case op_getstatic_a: 1914#endif /* VFY_FAST_OPCODES */ 1915 default: 1916 verify_fail_pc ("unrecognized instruction in branch_prepass", 1917 vfr->start_PC); 1918 } 1919 1920 /* See if any previous branch tried to branch to the middle of 1921 this instruction. */ 1922 for (pc = vfr->start_PC + 1; pc < vfr->PC; ++pc) 1923 { 1924 if ((vfr->flags[pc] & FLAG_BRANCH_TARGET)) 1925 verify_fail_pc ("branch to middle of instruction", pc); 1926 } 1927 } 1928 1929 /* Verify exception handlers. */ 1930 for (i = 0; i < vfr->current_method->exc_count; ++i) 1931 { 1932 int handler, start, end, htype; 1933 vfy_get_exception (vfr->exception, i, &handler, &start, &end, &htype); 1934 if (! (vfr->flags[handler] & FLAG_INSN_START)) 1935 verify_fail_pc ("exception handler not at instruction start", 1936 handler); 1937 if (! (vfr->flags[start] & FLAG_INSN_START)) 1938 verify_fail_pc ("exception start not at instruction start", start); 1939 if (end != vfr->current_method->code_length 1940 && ! (vfr->flags[end] & FLAG_INSN_START)) 1941 verify_fail_pc ("exception end not at instruction start", end); 1942 1943 vfr->flags[handler] |= FLAG_BRANCH_TARGET; 1944 } 1945} 1946 1947static void 1948check_pool_index (int index) 1949{ 1950 if (index < 0 || index >= vfy_get_constants_size (vfr->current_class)) 1951 verify_fail_pc ("constant pool index out of range", vfr->start_PC); 1952} 1953 1954static type 1955check_class_constant (int index) 1956{ 1957 type t = { (type_val) 0, 0, 0 }; 1958 vfy_constants *pool; 1959 1960 check_pool_index (index); 1961 pool = vfy_get_constants (vfr->current_class); 1962 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass) 1963 init_type_from_class (&t, vfy_get_pool_class (pool, index)); 1964 else if (vfy_tag (pool, index) == JV_CONSTANT_Class) 1965 init_type_from_string (&t, vfy_get_pool_string (pool, index)); 1966 else 1967 verify_fail_pc ("expected class constant", vfr->start_PC); 1968 return t; 1969} 1970 1971static type 1972check_constant (int index) 1973{ 1974 type t = { (type_val) 0, 0, 0 }; 1975 vfy_constants *pool; 1976 1977 check_pool_index (index); 1978 pool = vfy_get_constants (vfr->current_class); 1979 if (vfy_tag (pool, index) == JV_CONSTANT_ResolvedString 1980 || vfy_tag (pool, index) == JV_CONSTANT_String) 1981 init_type_from_class (&t, vfy_string_type ()); 1982 else if (vfy_tag (pool, index) == JV_CONSTANT_Integer) 1983 init_type_from_tag (&t, int_type); 1984 else if (vfy_tag (pool, index) == JV_CONSTANT_Float) 1985 init_type_from_tag (&t, float_type); 1986 else if (vfy_tag (pool, index) == JV_CONSTANT_Class 1987 || vfy_tag (pool, index) == JV_CONSTANT_ResolvedClass) 1988 /* FIXME: should only allow this for 1.5 bytecode. */ 1989 init_type_from_class (&t, vfy_class_type ()); 1990 else 1991 verify_fail_pc ("String, int, or float constant expected", vfr->start_PC); 1992 return t; 1993} 1994 1995static type 1996check_wide_constant (int index) 1997{ 1998 type t = { (type_val) 0, 0, 0 }; 1999 vfy_constants *pool; 2000 2001 check_pool_index (index); 2002 pool = vfy_get_constants (vfr->current_class); 2003 if (vfy_tag (pool, index) == JV_CONSTANT_Long) 2004 init_type_from_tag (&t, long_type); 2005 else if (vfy_tag (pool, index) == JV_CONSTANT_Double) 2006 init_type_from_tag (&t, double_type); 2007 else 2008 verify_fail_pc ("long or double constant expected", vfr->start_PC); 2009 return t; 2010} 2011 2012/* Helper for both field and method. These are laid out the same in 2013 the constant pool. */ 2014static type 2015handle_field_or_method (int index, int expected, 2016 vfy_string *name, vfy_string *fmtype) 2017{ 2018 vfy_uint_16 class_index, name_and_type_index; 2019 vfy_uint_16 name_index, desc_index; 2020 vfy_constants *pool; 2021 2022 check_pool_index (index); 2023 pool = vfy_get_constants (vfr->current_class); 2024 if (vfy_tag (pool, index) != expected) 2025 verify_fail_pc ("didn't see expected constant", vfr->start_PC); 2026 /* Once we know we have a Fieldref or Methodref we assume that it 2027 is correctly laid out in the constant pool. I think the code 2028 in defineclass.cc guarantees this. */ 2029 vfy_load_indexes (pool, index, &class_index, &name_and_type_index); 2030 vfy_load_indexes (pool, name_and_type_index, &name_index, &desc_index); 2031 2032 *name = vfy_get_pool_string (pool, name_index); 2033 *fmtype = vfy_get_pool_string (pool, desc_index); 2034 2035 return check_class_constant (class_index); 2036} 2037 2038/* Return field's type, compute class' type if requested. If 2039 PUTFIELD is true, use the special 'putfield' semantics. */ 2040static type 2041check_field_constant (int index, type *class_type, bool putfield) 2042{ 2043 vfy_string name, field_type; 2044 const char *typec; 2045 type t; 2046 2047 type ct = handle_field_or_method (index, 2048 JV_CONSTANT_Fieldref, 2049 &name, &field_type); 2050 if (class_type) 2051 *class_type = ct; 2052 typec = vfy_string_bytes (field_type); 2053 if (typec[0] == '[' || typec[0] == 'L') 2054 init_type_from_string (&t, field_type); 2055 else 2056 init_type_from_tag (&t, get_type_val_for_signature (typec[0])); 2057 2058 /* We have an obscure special case here: we can use `putfield' on a 2059 field declared in this class, even if `this' has not yet been 2060 initialized. */ 2061 if (putfield 2062 && ! type_initialized (&vfr->current_state->this_type) 2063 && vfr->current_state->this_type.pc == SELF 2064 && types_equal (&vfr->current_state->this_type, &ct) 2065 && vfy_class_has_field (vfr->current_class, name, field_type)) 2066 /* Note that we don't actually know whether we're going to match 2067 against 'this' or some other object of the same type. So, 2068 here we set things up so that it doesn't matter. This relies 2069 on knowing what our caller is up to. */ 2070 type_set_uninitialized (class_type, EITHER); 2071 2072 return t; 2073} 2074 2075static type 2076check_method_constant (int index, bool is_interface, 2077 vfy_string *method_name, 2078 vfy_string *method_signature) 2079{ 2080 return handle_field_or_method (index, 2081 (is_interface 2082 ? JV_CONSTANT_InterfaceMethodref 2083 : JV_CONSTANT_Methodref), 2084 method_name, method_signature); 2085} 2086 2087static const char * 2088get_one_type (const char *p, type *t) 2089{ 2090 const char *start = p; 2091 vfy_jclass k; 2092 type_val rt; 2093 char v; 2094 2095 int arraycount = 0; 2096 while (*p == '[') 2097 { 2098 ++arraycount; 2099 ++p; 2100 } 2101 2102 v = *p++; 2103 2104 if (v == 'L') 2105 { 2106 vfy_string name; 2107 while (*p != ';') 2108 ++p; 2109 ++p; 2110 name = vfy_get_string (start, p - start); 2111 *t = make_type_from_string (name); 2112 return p; 2113 } 2114 2115 /* Casting to jchar here is ok since we are looking at an ASCII 2116 character. */ 2117 rt = get_type_val_for_signature (v); 2118 2119 if (arraycount == 0) 2120 { 2121 /* Callers of this function eventually push their arguments on 2122 the stack. So, promote them here. */ 2123 type new_t = make_type (rt); 2124 vfy_promote_type (&new_t); 2125 *t = new_t; 2126 return p; 2127 } 2128 2129 k = construct_primitive_array_type (rt); 2130 while (--arraycount > 0) 2131 k = vfy_get_array_class (k); 2132 *t = make_type_from_class (k); 2133 return p; 2134} 2135 2136static void 2137compute_argument_types (vfy_string signature, type *types) 2138{ 2139 int i; 2140 const char *p = vfy_string_bytes (signature); 2141 2142 /* Skip `('. */ 2143 ++p; 2144 2145 i = 0; 2146 while (*p != ')') 2147 p = get_one_type (p, &types[i++]); 2148} 2149 2150static type 2151compute_return_type (vfy_string signature) 2152{ 2153 const char *p = vfy_string_bytes (signature); 2154 type t; 2155 while (*p != ')') 2156 ++p; 2157 ++p; 2158 get_one_type (p, &t); 2159 return t; 2160} 2161 2162static void 2163check_return_type (type onstack) 2164{ 2165 type rt = compute_return_type (vfy_get_signature (vfr->current_method)); 2166 if (! types_compatible (&rt, &onstack)) 2167 verify_fail ("incompatible return type"); 2168} 2169 2170/* Initialize the stack for the new method. Returns true if this 2171 method is an instance initializer. */ 2172static bool 2173initialize_stack (void) 2174{ 2175 int arg_count, i; 2176 int var = 0; 2177 bool is_init = vfy_strings_equal (vfy_get_method_name (vfr->current_method), 2178 vfy_init_name()); 2179 bool is_clinit = vfy_strings_equal (vfy_get_method_name (vfr->current_method), 2180 vfy_clinit_name()); 2181 2182 if (! vfy_is_static (vfr->current_method)) 2183 { 2184 type kurr = make_type_from_class (vfr->current_class); 2185 if (is_init) 2186 { 2187 type_set_uninitialized (&kurr, SELF); 2188 is_init = true; 2189 } 2190 else if (is_clinit) 2191 verify_fail ("<clinit> method must be static"); 2192 set_variable (0, kurr); 2193 state_set_this_type (vfr->current_state, &kurr); 2194 ++var; 2195 } 2196 else 2197 { 2198 if (is_init) 2199 verify_fail ("<init> method must be non-static"); 2200 } 2201 2202 /* We have to handle wide arguments specially here. */ 2203 arg_count = vfy_count_arguments (vfy_get_signature (vfr->current_method)); 2204 { 2205 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type)); 2206 compute_argument_types (vfy_get_signature (vfr->current_method), arg_types); 2207 for (i = 0; i < arg_count; ++i) 2208 { 2209 set_variable (var, arg_types[i]); 2210 ++var; 2211 if (type_iswide (&arg_types[i])) 2212 ++var; 2213 } 2214 vfy_free (arg_types); 2215 } 2216 2217 return is_init; 2218} 2219 2220static void 2221verify_instructions_0 (void) 2222{ 2223 int i; 2224 bool this_is_init; 2225 2226 vfr->current_state = make_state (vfr->current_method->max_stack, 2227 vfr->current_method->max_locals); 2228 2229 vfr->PC = 0; 2230 vfr->start_PC = 0; 2231 2232 /* True if we are verifying an instance initializer. */ 2233 this_is_init = initialize_stack (); 2234 2235 vfr->states = (state_list **) vfy_alloc (sizeof (state_list *) 2236 * vfr->current_method->code_length); 2237 2238 for (i = 0; i < vfr->current_method->code_length; ++i) 2239 vfr->states[i] = NULL; 2240 2241 vfr->next_verify_state = NULL; 2242 2243 while (true) 2244 { 2245 java_opcode opcode; 2246 2247 /* If the PC was invalidated, get a new one from the work list. */ 2248 if (vfr->PC == NO_NEXT) 2249 { 2250 state *new_state = pop_jump (); 2251 /* If it is null, we're done. */ 2252 if (new_state == NULL) 2253 break; 2254 2255 vfr->PC = new_state->pc; 2256 debug_print ("== State pop from pending list\n"); 2257 /* Set up the current state. */ 2258 copy_state (vfr->current_state, new_state, 2259 vfr->current_method->max_stack, vfr->current_method->max_locals); 2260 } 2261 else 2262 { 2263 /* We only have to do this checking in the situation where 2264 control flow falls through from the previous instruction. 2265 Otherwise merging is done at the time we push the branch. 2266 Note that we'll catch the off-the-end problem just 2267 below. */ 2268 if (vfr->PC < vfr->current_method->code_length 2269 && vfr->states[vfr->PC] != NULL) 2270 { 2271 /* We've already visited this instruction. So merge 2272 the states together. It is simplest, but not most 2273 efficient, to just always invalidate the PC here. */ 2274 merge_into (vfr->PC, vfr->current_state); 2275 invalidate_pc (); 2276 continue; 2277 } 2278 } 2279 2280 /* Control can't fall off the end of the bytecode. We need to 2281 check this in both cases, not just the fall-through case, 2282 because we don't check to see whether a `jsr' appears at 2283 the end of the bytecode until we process a `ret'. */ 2284 if (vfr->PC >= vfr->current_method->code_length) 2285 verify_fail ("fell off end"); 2286 vfr->flags[vfr->PC] |= FLAG_INSN_SEEN; 2287 2288 /* We only have to keep saved state at branch targets. If 2289 we're at a branch target and the state here hasn't been set 2290 yet, we set it now. You might notice that `ret' targets 2291 won't necessarily have FLAG_BRANCH_TARGET set. This 2292 doesn't matter, since those states will be filled in by 2293 merge_into. */ 2294 /* Note that other parts of the compiler assume that there is a 2295 label with a type map at PC=0. */ 2296 if (vfr->states[vfr->PC] == NULL 2297 && (vfr->PC == 0 || (vfr->flags[vfr->PC] & FLAG_BRANCH_TARGET) != 0)) 2298 add_new_state (vfr->PC, vfr->current_state); 2299 2300 /* Set this before handling exceptions so that debug output is 2301 sane. */ 2302 vfr->start_PC = vfr->PC; 2303 2304 /* Update states for all active exception handlers. Ordinarily 2305 there are not many exception handlers. So we simply run 2306 through them all. */ 2307 for (i = 0; i < vfr->current_method->exc_count; ++i) 2308 { 2309 int hpc, start, end, htype; 2310 vfy_get_exception (vfr->exception, i, &hpc, &start, &end, &htype); 2311 if (vfr->PC >= start && vfr->PC < end) 2312 { 2313 type handler = make_type_from_class (vfy_throwable_type ()); 2314 if (htype != 0) 2315 handler = check_class_constant (htype); 2316 push_exception_jump (handler, hpc); 2317 } 2318 } 2319 2320 2321 debug_print_state (vfr->current_state, " ", vfr->PC, 2322 vfr->current_method->max_stack, 2323 vfr->current_method->max_locals); 2324 opcode = (java_opcode) vfr->bytecode[vfr->PC++]; 2325 switch (opcode) 2326 { 2327 case op_nop: 2328 break; 2329 2330 case op_aconst_null: 2331 push_type (null_type); 2332 break; 2333 2334 case op_iconst_m1: 2335 case op_iconst_0: 2336 case op_iconst_1: 2337 case op_iconst_2: 2338 case op_iconst_3: 2339 case op_iconst_4: 2340 case op_iconst_5: 2341 push_type (int_type); 2342 break; 2343 2344 case op_lconst_0: 2345 case op_lconst_1: 2346 push_type (long_type); 2347 break; 2348 2349 case op_fconst_0: 2350 case op_fconst_1: 2351 case op_fconst_2: 2352 push_type (float_type); 2353 break; 2354 2355 case op_dconst_0: 2356 case op_dconst_1: 2357 push_type (double_type); 2358 break; 2359 2360 case op_bipush: 2361 get_byte (); 2362 push_type (int_type); 2363 break; 2364 2365 case op_sipush: 2366 get_short (); 2367 push_type (int_type); 2368 break; 2369 2370 case op_ldc: 2371 push_type_t (check_constant (get_byte ())); 2372 break; 2373 case op_ldc_w: 2374 push_type_t (check_constant (get_ushort ())); 2375 break; 2376 case op_ldc2_w: 2377 push_type_t (check_wide_constant (get_ushort ())); 2378 break; 2379 2380 case op_iload: 2381 push_type_t (get_variable (get_byte (), int_type)); 2382 break; 2383 case op_lload: 2384 push_type_t (get_variable (get_byte (), long_type)); 2385 break; 2386 case op_fload: 2387 push_type_t (get_variable (get_byte (), float_type)); 2388 break; 2389 case op_dload: 2390 push_type_t (get_variable (get_byte (), double_type)); 2391 break; 2392 case op_aload: 2393 push_type_t (get_variable (get_byte (), reference_type)); 2394 break; 2395 2396 case op_iload_0: 2397 case op_iload_1: 2398 case op_iload_2: 2399 case op_iload_3: 2400 push_type_t (get_variable (opcode - op_iload_0, int_type)); 2401 break; 2402 case op_lload_0: 2403 case op_lload_1: 2404 case op_lload_2: 2405 case op_lload_3: 2406 push_type_t (get_variable (opcode - op_lload_0, long_type)); 2407 break; 2408 case op_fload_0: 2409 case op_fload_1: 2410 case op_fload_2: 2411 case op_fload_3: 2412 push_type_t (get_variable (opcode - op_fload_0, float_type)); 2413 break; 2414 case op_dload_0: 2415 case op_dload_1: 2416 case op_dload_2: 2417 case op_dload_3: 2418 push_type_t (get_variable (opcode - op_dload_0, double_type)); 2419 break; 2420 case op_aload_0: 2421 case op_aload_1: 2422 case op_aload_2: 2423 case op_aload_3: 2424 push_type_t (get_variable (opcode - op_aload_0, reference_type)); 2425 break; 2426 case op_iaload: 2427 pop_type (int_type); 2428 push_type_t (require_array_type (pop_init_ref (reference_type), 2429 int_type)); 2430 break; 2431 case op_laload: 2432 pop_type (int_type); 2433 push_type_t (require_array_type (pop_init_ref (reference_type), 2434 long_type)); 2435 break; 2436 case op_faload: 2437 pop_type (int_type); 2438 push_type_t (require_array_type (pop_init_ref (reference_type), 2439 float_type)); 2440 break; 2441 case op_daload: 2442 pop_type (int_type); 2443 push_type_t (require_array_type (pop_init_ref (reference_type), 2444 double_type)); 2445 break; 2446 case op_aaload: 2447 pop_type (int_type); 2448 push_type_t (require_array_type (pop_init_ref (reference_type), 2449 reference_type)); 2450 break; 2451 case op_baload: 2452 pop_type (int_type); 2453 require_array_type (pop_init_ref (reference_type), byte_type); 2454 push_type (int_type); 2455 break; 2456 case op_caload: 2457 pop_type (int_type); 2458 require_array_type (pop_init_ref (reference_type), char_type); 2459 push_type (int_type); 2460 break; 2461 case op_saload: 2462 pop_type (int_type); 2463 require_array_type (pop_init_ref (reference_type), short_type); 2464 push_type (int_type); 2465 break; 2466 case op_istore: 2467 set_variable (get_byte (), pop_type (int_type)); 2468 break; 2469 case op_lstore: 2470 set_variable (get_byte (), pop_type (long_type)); 2471 break; 2472 case op_fstore: 2473 set_variable (get_byte (), pop_type (float_type)); 2474 break; 2475 case op_dstore: 2476 set_variable (get_byte (), pop_type (double_type)); 2477 break; 2478 case op_astore: 2479 set_variable (get_byte (), pop_ref_or_return ()); 2480 break; 2481 case op_istore_0: 2482 case op_istore_1: 2483 case op_istore_2: 2484 case op_istore_3: 2485 set_variable (opcode - op_istore_0, pop_type (int_type)); 2486 break; 2487 case op_lstore_0: 2488 case op_lstore_1: 2489 case op_lstore_2: 2490 case op_lstore_3: 2491 set_variable (opcode - op_lstore_0, pop_type (long_type)); 2492 break; 2493 case op_fstore_0: 2494 case op_fstore_1: 2495 case op_fstore_2: 2496 case op_fstore_3: 2497 set_variable (opcode - op_fstore_0, pop_type (float_type)); 2498 break; 2499 case op_dstore_0: 2500 case op_dstore_1: 2501 case op_dstore_2: 2502 case op_dstore_3: 2503 set_variable (opcode - op_dstore_0, pop_type (double_type)); 2504 break; 2505 case op_astore_0: 2506 case op_astore_1: 2507 case op_astore_2: 2508 case op_astore_3: 2509 set_variable (opcode - op_astore_0, pop_ref_or_return ()); 2510 break; 2511 case op_iastore: 2512 pop_type (int_type); 2513 pop_type (int_type); 2514 require_array_type (pop_init_ref (reference_type), int_type); 2515 break; 2516 case op_lastore: 2517 pop_type (long_type); 2518 pop_type (int_type); 2519 require_array_type (pop_init_ref (reference_type), long_type); 2520 break; 2521 case op_fastore: 2522 pop_type (float_type); 2523 pop_type (int_type); 2524 require_array_type (pop_init_ref (reference_type), float_type); 2525 break; 2526 case op_dastore: 2527 pop_type (double_type); 2528 pop_type (int_type); 2529 require_array_type (pop_init_ref (reference_type), double_type); 2530 break; 2531 case op_aastore: 2532 pop_type (reference_type); 2533 pop_type (int_type); 2534 require_array_type (pop_init_ref (reference_type), reference_type); 2535 break; 2536 case op_bastore: 2537 pop_type (int_type); 2538 pop_type (int_type); 2539 require_array_type (pop_init_ref (reference_type), byte_type); 2540 break; 2541 case op_castore: 2542 pop_type (int_type); 2543 pop_type (int_type); 2544 require_array_type (pop_init_ref (reference_type), char_type); 2545 break; 2546 case op_sastore: 2547 pop_type (int_type); 2548 pop_type (int_type); 2549 require_array_type (pop_init_ref (reference_type), short_type); 2550 break; 2551 case op_pop: 2552 pop32 (); 2553 break; 2554 case op_pop2: 2555 { 2556 type t = pop_raw (); 2557 if (! type_iswide (&t)) 2558 pop32 (); 2559 } 2560 break; 2561 case op_dup: 2562 { 2563 type t = pop32 (); 2564 push_type_t (t); 2565 push_type_t (t); 2566 } 2567 break; 2568 case op_dup_x1: 2569 { 2570 type t1 = pop32 (); 2571 type t2 = pop32 (); 2572 push_type_t (t1); 2573 push_type_t (t2); 2574 push_type_t (t1); 2575 } 2576 break; 2577 case op_dup_x2: 2578 { 2579 type t1 = pop32 (); 2580 type t2 = pop_raw (); 2581 if (! type_iswide (&t2)) 2582 { 2583 type t3 = pop32 (); 2584 push_type_t (t1); 2585 push_type_t (t3); 2586 } 2587 else 2588 push_type_t (t1); 2589 push_type_t (t2); 2590 push_type_t (t1); 2591 } 2592 break; 2593 case op_dup2: 2594 { 2595 type t = pop_raw (); 2596 if (! type_iswide (&t)) 2597 { 2598 type t2 = pop32 (); 2599 push_type_t (t2); 2600 push_type_t (t); 2601 push_type_t (t2); 2602 } 2603 else 2604 push_type_t (t); 2605 push_type_t (t); 2606 } 2607 break; 2608 case op_dup2_x1: 2609 { 2610 type t1 = pop_raw (); 2611 type t2 = pop32 (); 2612 if (! type_iswide (&t1)) 2613 { 2614 type t3 = pop32 (); 2615 push_type_t (t2); 2616 push_type_t (t1); 2617 push_type_t (t3); 2618 } 2619 else 2620 push_type_t (t1); 2621 push_type_t (t2); 2622 push_type_t (t1); 2623 } 2624 break; 2625 case op_dup2_x2: 2626 { 2627 type t1 = pop_raw (); 2628 if (type_iswide (&t1)) 2629 { 2630 type t2 = pop_raw (); 2631 if (type_iswide (&t2)) 2632 { 2633 push_type_t (t1); 2634 push_type_t (t2); 2635 } 2636 else 2637 { 2638 type t3 = pop32 (); 2639 push_type_t (t1); 2640 push_type_t (t3); 2641 push_type_t (t2); 2642 } 2643 push_type_t (t1); 2644 } 2645 else 2646 { 2647 type t2 = pop32 (); 2648 type t3 = pop_raw (); 2649 if (type_iswide (&t3)) 2650 { 2651 push_type_t (t2); 2652 push_type_t (t1); 2653 } 2654 else 2655 { 2656 type t4 = pop32 (); 2657 push_type_t (t2); 2658 push_type_t (t1); 2659 push_type_t (t4); 2660 } 2661 push_type_t (t3); 2662 push_type_t (t2); 2663 push_type_t (t1); 2664 } 2665 } 2666 break; 2667 case op_swap: 2668 { 2669 type t1 = pop32 (); 2670 type t2 = pop32 (); 2671 push_type_t (t1); 2672 push_type_t (t2); 2673 } 2674 break; 2675 case op_iadd: 2676 case op_isub: 2677 case op_imul: 2678 case op_idiv: 2679 case op_irem: 2680 case op_ishl: 2681 case op_ishr: 2682 case op_iushr: 2683 case op_iand: 2684 case op_ior: 2685 case op_ixor: 2686 pop_type (int_type); 2687 push_type_t (pop_type (int_type)); 2688 break; 2689 case op_ladd: 2690 case op_lsub: 2691 case op_lmul: 2692 case op_ldiv: 2693 case op_lrem: 2694 case op_land: 2695 case op_lor: 2696 case op_lxor: 2697 pop_type (long_type); 2698 push_type_t (pop_type (long_type)); 2699 break; 2700 case op_lshl: 2701 case op_lshr: 2702 case op_lushr: 2703 pop_type (int_type); 2704 push_type_t (pop_type (long_type)); 2705 break; 2706 case op_fadd: 2707 case op_fsub: 2708 case op_fmul: 2709 case op_fdiv: 2710 case op_frem: 2711 pop_type (float_type); 2712 push_type_t (pop_type (float_type)); 2713 break; 2714 case op_dadd: 2715 case op_dsub: 2716 case op_dmul: 2717 case op_ddiv: 2718 case op_drem: 2719 pop_type (double_type); 2720 push_type_t (pop_type (double_type)); 2721 break; 2722 case op_ineg: 2723 case op_i2b: 2724 case op_i2c: 2725 case op_i2s: 2726 push_type_t (pop_type (int_type)); 2727 break; 2728 case op_lneg: 2729 push_type_t (pop_type (long_type)); 2730 break; 2731 case op_fneg: 2732 push_type_t (pop_type (float_type)); 2733 break; 2734 case op_dneg: 2735 push_type_t (pop_type (double_type)); 2736 break; 2737 case op_iinc: 2738 get_variable (get_byte (), int_type); 2739 get_byte (); 2740 break; 2741 case op_i2l: 2742 pop_type (int_type); 2743 push_type (long_type); 2744 break; 2745 case op_i2f: 2746 pop_type (int_type); 2747 push_type (float_type); 2748 break; 2749 case op_i2d: 2750 pop_type (int_type); 2751 push_type (double_type); 2752 break; 2753 case op_l2i: 2754 pop_type (long_type); 2755 push_type (int_type); 2756 break; 2757 case op_l2f: 2758 pop_type (long_type); 2759 push_type (float_type); 2760 break; 2761 case op_l2d: 2762 pop_type (long_type); 2763 push_type (double_type); 2764 break; 2765 case op_f2i: 2766 pop_type (float_type); 2767 push_type (int_type); 2768 break; 2769 case op_f2l: 2770 pop_type (float_type); 2771 push_type (long_type); 2772 break; 2773 case op_f2d: 2774 pop_type (float_type); 2775 push_type (double_type); 2776 break; 2777 case op_d2i: 2778 pop_type (double_type); 2779 push_type (int_type); 2780 break; 2781 case op_d2l: 2782 pop_type (double_type); 2783 push_type (long_type); 2784 break; 2785 case op_d2f: 2786 pop_type (double_type); 2787 push_type (float_type); 2788 break; 2789 case op_lcmp: 2790 pop_type (long_type); 2791 pop_type (long_type); 2792 push_type (int_type); 2793 break; 2794 case op_fcmpl: 2795 case op_fcmpg: 2796 pop_type (float_type); 2797 pop_type (float_type); 2798 push_type (int_type); 2799 break; 2800 case op_dcmpl: 2801 case op_dcmpg: 2802 pop_type (double_type); 2803 pop_type (double_type); 2804 push_type (int_type); 2805 break; 2806 case op_ifeq: 2807 case op_ifne: 2808 case op_iflt: 2809 case op_ifge: 2810 case op_ifgt: 2811 case op_ifle: 2812 pop_type (int_type); 2813 push_jump (get_short ()); 2814 break; 2815 case op_if_icmpeq: 2816 case op_if_icmpne: 2817 case op_if_icmplt: 2818 case op_if_icmpge: 2819 case op_if_icmpgt: 2820 case op_if_icmple: 2821 pop_type (int_type); 2822 pop_type (int_type); 2823 push_jump (get_short ()); 2824 break; 2825 case op_if_acmpeq: 2826 case op_if_acmpne: 2827 pop_type (reference_type); 2828 pop_type (reference_type); 2829 push_jump (get_short ()); 2830 break; 2831 case op_goto: 2832 push_jump (get_short ()); 2833 invalidate_pc (); 2834 break; 2835 case op_jsr: 2836 handle_jsr_insn (get_short ()); 2837 break; 2838 case op_ret: 2839 handle_ret_insn (get_byte ()); 2840 break; 2841 case op_tableswitch: 2842 { 2843 int i; 2844 jint low, high; 2845 pop_type (int_type); 2846 skip_padding (); 2847 push_jump (get_int ()); 2848 low = get_int (); 2849 high = get_int (); 2850 /* Already checked LOW -vs- HIGH. */ 2851 for (i = low; i <= high; ++i) 2852 push_jump (get_int ()); 2853 invalidate_pc (); 2854 } 2855 break; 2856 2857 case op_lookupswitch: 2858 { 2859 int i; 2860 jint npairs, lastkey; 2861 2862 pop_type (int_type); 2863 skip_padding (); 2864 push_jump (get_int ()); 2865 npairs = get_int (); 2866 /* Already checked NPAIRS >= 0. */ 2867 lastkey = 0; 2868 for (i = 0; i < npairs; ++i) 2869 { 2870 jint key = get_int (); 2871 if (i > 0 && key <= lastkey) 2872 verify_fail_pc ("lookupswitch pairs unsorted", vfr->start_PC); 2873 lastkey = key; 2874 push_jump (get_int ()); 2875 } 2876 invalidate_pc (); 2877 } 2878 break; 2879 case op_ireturn: 2880 check_return_type (pop_type (int_type)); 2881 invalidate_pc (); 2882 break; 2883 case op_lreturn: 2884 check_return_type (pop_type (long_type)); 2885 invalidate_pc (); 2886 break; 2887 case op_freturn: 2888 check_return_type (pop_type (float_type)); 2889 invalidate_pc (); 2890 break; 2891 case op_dreturn: 2892 check_return_type (pop_type (double_type)); 2893 invalidate_pc (); 2894 break; 2895 case op_areturn: 2896 check_return_type (pop_init_ref (reference_type)); 2897 invalidate_pc (); 2898 break; 2899 case op_return: 2900 /* We only need to check this when the return type is void, 2901 because all instance initializers return void. We also 2902 need to special-case Object constructors, as they can't 2903 call a superclass <init>. */ 2904 if (this_is_init && vfr->current_class != vfy_object_type ()) 2905 state_check_this_initialized (vfr->current_state); 2906 check_return_type (make_type (void_type)); 2907 invalidate_pc (); 2908 break; 2909 case op_getstatic: 2910 push_type_t (check_field_constant (get_ushort (), NULL, false)); 2911 break; 2912 case op_putstatic: 2913 pop_type_t (check_field_constant (get_ushort (), NULL, false)); 2914 break; 2915 case op_getfield: 2916 { 2917 type klass; 2918 type field = check_field_constant (get_ushort (), &klass, false); 2919 pop_type_t (klass); 2920 push_type_t (field); 2921 } 2922 break; 2923 case op_putfield: 2924 { 2925 type klass; 2926 type field = check_field_constant (get_ushort (), &klass, true); 2927 pop_type_t (field); 2928 pop_type_t (klass); 2929 } 2930 break; 2931 2932 case op_invokevirtual: 2933 case op_invokespecial: 2934 case op_invokestatic: 2935 case op_invokeinterface: 2936 { 2937 vfy_string method_name, method_signature; 2938 const char *namec; 2939 int i, arg_count; 2940 type rt; 2941 bool is_init = false; 2942 2943 type class_type 2944 = check_method_constant (get_ushort (), 2945 opcode == op_invokeinterface, 2946 &method_name, 2947 &method_signature); 2948 /* NARGS is only used when we're processing 2949 invokeinterface. It is simplest for us to compute it 2950 here and then verify it later. */ 2951 int nargs = 0; 2952 if (opcode == op_invokeinterface) 2953 { 2954 nargs = get_byte (); 2955 if (get_byte () != 0) 2956 verify_fail ("invokeinterface dummy byte is wrong"); 2957 } 2958 2959 namec = vfy_string_bytes (method_name); 2960 2961 if (vfy_strings_equal (method_name, vfy_init_name())) 2962 { 2963 is_init = true; 2964 if (opcode != op_invokespecial) 2965 verify_fail ("can't invoke <init>"); 2966 } 2967 else if (namec[0] == '<') 2968 verify_fail ("can't invoke method starting with `<'"); 2969 2970 arg_count = vfy_count_arguments (method_signature); 2971 { 2972 /* Pop arguments and check types. */ 2973 type *arg_types = (type *) vfy_alloc (arg_count * sizeof (type)); 2974 2975 compute_argument_types (method_signature, arg_types); 2976 for (i = arg_count - 1; i >= 0; --i) 2977 { 2978 /* This is only used for verifying the byte for 2979 invokeinterface. */ 2980 nargs -= type_depth (&arg_types[i]); 2981 pop_init_ref_t (arg_types[i]); 2982 } 2983 2984 vfy_free (arg_types); 2985 } 2986 2987 if (opcode == op_invokeinterface 2988 && nargs != 1) 2989 verify_fail ("wrong argument count for invokeinterface"); 2990 2991 if (opcode != op_invokestatic) 2992 { 2993 type raw; 2994 type t = class_type; 2995 if (is_init) 2996 { 2997 /* In this case the PC doesn't matter. */ 2998 type_set_uninitialized (&t, UNINIT); 2999 /* FIXME: check to make sure that the <init> 3000 call is to the right class. 3001 It must either be super or an exact class 3002 match. */ 3003 } 3004 raw = pop_raw (); 3005 if (! types_compatible (&t, &raw)) 3006 verify_fail ("incompatible type on stack"); 3007 3008 if (is_init) 3009 state_set_initialized (vfr->current_state, 3010 type_get_pc (&raw), vfr->current_method->max_locals); 3011 } 3012 3013 rt = compute_return_type (method_signature); 3014 if (! type_isvoid (&rt)) 3015 push_type_t (rt); 3016 } 3017 break; 3018 3019 case op_new: 3020 { 3021 type t = check_class_constant (get_ushort ()); 3022 if (type_isarray (&t) || type_isinterface (&t) 3023 || type_isabstract (&t)) 3024 verify_fail ("type is array, interface, or abstract"); 3025 type_set_uninitialized (&t, vfr->start_PC); 3026 push_type_t (t); 3027 } 3028 break; 3029 3030 case op_newarray: 3031 { 3032 int atype = get_byte (); 3033 vfy_jclass k; 3034 type t; 3035 /* We intentionally have chosen constants to make this 3036 valid. */ 3037 if (atype < boolean_type || atype > long_type) 3038 verify_fail_pc ("type not primitive", vfr->start_PC); 3039 pop_type (int_type); 3040 k = construct_primitive_array_type ((type_val) atype); 3041 init_type_from_class (&t, k); 3042 push_type_t (t); 3043 } 3044 break; 3045 case op_anewarray: 3046 { 3047 type t; 3048 pop_type (int_type); 3049 t = check_class_constant (get_ushort ()); 3050 push_type_t (type_to_array (&t)); 3051 } 3052 break; 3053 case op_arraylength: 3054 { 3055 type t = pop_init_ref (reference_type); 3056 if (! type_isarray (&t) && ! type_isnull (&t)) 3057 verify_fail ("array type expected"); 3058 push_type (int_type); 3059 } 3060 break; 3061 case op_athrow: 3062 pop_type_t (make_type_from_class (vfy_throwable_type ())); 3063 invalidate_pc (); 3064 break; 3065 case op_checkcast: 3066 pop_init_ref (reference_type); 3067 push_type_t (check_class_constant (get_ushort ())); 3068 break; 3069 case op_instanceof: 3070 pop_init_ref (reference_type); 3071 check_class_constant (get_ushort ()); 3072 push_type (int_type); 3073 break; 3074 case op_monitorenter: 3075 pop_init_ref (reference_type); 3076 break; 3077 case op_monitorexit: 3078 pop_init_ref (reference_type); 3079 break; 3080 case op_wide: 3081 { 3082 switch (get_byte ()) 3083 { 3084 case op_iload: 3085 push_type_t (get_variable (get_ushort (), int_type)); 3086 break; 3087 case op_lload: 3088 push_type_t (get_variable (get_ushort (), long_type)); 3089 break; 3090 case op_fload: 3091 push_type_t (get_variable (get_ushort (), float_type)); 3092 break; 3093 case op_dload: 3094 push_type_t (get_variable (get_ushort (), double_type)); 3095 break; 3096 case op_aload: 3097 push_type_t (get_variable (get_ushort (), reference_type)); 3098 break; 3099 case op_istore: 3100 set_variable (get_ushort (), pop_type (int_type)); 3101 break; 3102 case op_lstore: 3103 set_variable (get_ushort (), pop_type (long_type)); 3104 break; 3105 case op_fstore: 3106 set_variable (get_ushort (), pop_type (float_type)); 3107 break; 3108 case op_dstore: 3109 set_variable (get_ushort (), pop_type (double_type)); 3110 break; 3111 case op_astore: 3112 set_variable (get_ushort (), pop_init_ref (reference_type)); 3113 break; 3114 case op_ret: 3115 handle_ret_insn (get_short ()); 3116 break; 3117 case op_iinc: 3118 get_variable (get_ushort (), int_type); 3119 get_short (); 3120 break; 3121 default: 3122 verify_fail_pc ("unrecognized wide instruction", vfr->start_PC); 3123 } 3124 } 3125 break; 3126 case op_multianewarray: 3127 { 3128 int i; 3129 type atype = check_class_constant (get_ushort ()); 3130 int dim = get_byte (); 3131 if (dim < 1) 3132 verify_fail_pc ("too few dimensions to multianewarray", vfr->start_PC); 3133 type_verify_dimensions (&atype, dim); 3134 for (i = 0; i < dim; ++i) 3135 pop_type (int_type); 3136 push_type_t (atype); 3137 } 3138 break; 3139 case op_ifnull: 3140 case op_ifnonnull: 3141 pop_type (reference_type); 3142 push_jump (get_short ()); 3143 break; 3144 case op_goto_w: 3145 push_jump (get_int ()); 3146 invalidate_pc (); 3147 break; 3148 case op_jsr_w: 3149 handle_jsr_insn (get_int ()); 3150 break; 3151 3152 default: 3153 /* Unrecognized opcode. */ 3154 verify_fail_pc ("unrecognized instruction in verify_instructions_0", 3155 vfr->start_PC); 3156 } 3157 } 3158} 3159 3160/* This turns a `type' into something suitable for use by the type map 3161 in the other parts of the compiler. In particular, reference types 3162 are mapped to Object, primitive types are unchanged, and other 3163 types are mapped using special functions declared in verify.h. */ 3164static vfy_jclass 3165collapse_type (type *t) 3166{ 3167 switch (t->key) 3168 { 3169 case void_type: 3170 case boolean_type: 3171 case char_type: 3172 case float_type: 3173 case double_type: 3174 case byte_type: 3175 case short_type: 3176 case int_type: 3177 case long_type: 3178 return vfy_get_primitive_type (t->key); 3179 3180 case unsuitable_type: 3181 case continuation_type: 3182 return vfy_unsuitable_type (); 3183 3184 case return_address_type: 3185 return vfy_return_address_type (); 3186 3187 case null_type: 3188 return vfy_null_type (); 3189 3190 case reference_type: 3191 case uninitialized_reference_type: 3192 return vfy_object_type (); 3193 } 3194 3195 gcc_unreachable (); 3196} 3197 3198static void 3199verify_instructions (void) 3200{ 3201 int i; 3202 3203 branch_prepass (); 3204 verify_instructions_0 (); 3205 3206 /* Now tell the rest of the compiler about the types we've found. */ 3207 for (i = 0; i < vfr->current_method->code_length; ++i) 3208 { 3209 int j, slot; 3210 struct state *curr; 3211 3212 if ((vfr->flags[i] & FLAG_INSN_SEEN) != 0) 3213 vfy_note_instruction_seen (i); 3214 3215 if (! vfr->states[i]) 3216 continue; 3217 3218 curr = vfr->states[i]->val; 3219 vfy_note_stack_depth (vfr->current_method, i, curr->stackdepth); 3220 3221 /* Tell the compiler about each local variable. */ 3222 for (j = 0; j < vfr->current_method->max_locals; ++j) 3223 vfy_note_local_type (vfr->current_method, i, j, 3224 collapse_type (&curr->locals[j])); 3225 /* Tell the compiler about each stack slot. */ 3226 for (slot = j = 0; j < curr->stacktop; ++j, ++slot) 3227 { 3228 vfy_note_stack_type (vfr->current_method, i, slot, 3229 collapse_type (&curr->stack[j])); 3230 if (type_iswide (&curr->stack[j])) 3231 { 3232 ++slot; 3233 vfy_note_stack_type (vfr->current_method, i, slot, 3234 vfy_unsuitable_type ()); 3235 } 3236 } 3237 gcc_assert (slot == curr->stackdepth); 3238 } 3239} 3240 3241static void 3242make_verifier_context (vfy_method *m) 3243{ 3244 vfr = (verifier_context *) vfy_alloc (sizeof (struct verifier_context)); 3245 3246 vfr->current_method = m; 3247 vfr->bytecode = vfy_get_bytecode (m); 3248 vfr->exception = vfy_get_exceptions (m); 3249 vfr->current_class = m->defining_class; 3250 3251 vfr->states = NULL; 3252 vfr->flags = NULL; 3253 vfr->utf8_list = NULL; 3254 vfr->isect_list = NULL; 3255} 3256 3257static void 3258free_verifier_context (void) 3259{ 3260 vfy_string_list *utf8_list; 3261 ref_intersection *isect_list; 3262 3263 if (vfr->flags) 3264 vfy_free (vfr->flags); 3265 3266 utf8_list = vfr->utf8_list; 3267 while (utf8_list != NULL) 3268 { 3269 vfy_string_list *n = utf8_list->next; 3270 vfy_free (utf8_list); 3271 utf8_list = n; 3272 } 3273 3274 isect_list = vfr->isect_list; 3275 while (isect_list != NULL) 3276 { 3277 ref_intersection *next = isect_list->alloc_next; 3278 vfy_free (isect_list); 3279 isect_list = next; 3280 } 3281 3282 if (vfr->states != NULL) 3283 { 3284 int i; 3285 for (i = 0; i < vfr->current_method->code_length; ++i) 3286 { 3287 state_list *iter = vfr->states[i]; 3288 while (iter != NULL) 3289 { 3290 state_list *next = iter->next; 3291 free_state (iter->val); 3292 vfy_free (iter->val); 3293 vfy_free (iter); 3294 iter = next; 3295 } 3296 } 3297 vfy_free (vfr->states); 3298 } 3299 3300 vfy_free (vfr); 3301} 3302 3303int 3304verify_method (vfy_method *meth) 3305{ 3306 debug_print ("verify_method (%s) %i\n", vfy_string_bytes (meth->name), 3307 meth->code_length); 3308 3309 if (vfr != NULL) 3310 verify_fail ("verifier re-entered"); 3311 3312 make_verifier_context (meth); 3313 verify_instructions (); 3314 free_verifier_context (); 3315 vfr = NULL; 3316 3317 return 1; 3318} 3319