1 /*
2 * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
94 * but the code here does not handles it. So we wrap the methods and return non-NULL
95 * pointers even if we allocate 0 bytes.
96 */
97 #ifdef _AIX
98 static int aix_dummy;
99 static void* aix_malloc(size_t len) {
100 if (len == 0) {
101 return &aix_dummy;
102 }
103 return malloc(len);
104 }
105
106 static void* aix_calloc(size_t n, size_t size) {
107 if (n == 0) {
108 return &aix_dummy;
109 }
110 return calloc(n, size);
111 }
112
113 static void aix_free(void* p) {
114 if (p == &aix_dummy) {
115 return;
116 }
117 free(p);
118 }
119
120 #undef malloc
121 #undef calloc
122 #undef free
123 #define malloc aix_malloc
124 #define calloc aix_calloc
125 #define free aix_free
126 #endif
127
128 #ifdef __APPLE__
129 /* use setjmp/longjmp versions that do not save/restore the signal mask */
130 #define setjmp _setjmp
131 #define longjmp _longjmp
132 #endif
133
134 #define MAX_ARRAY_DIMENSIONS 255
135 /* align byte code */
136 #ifndef ALIGN_UP
137 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
138 #endif /* ALIGN_UP */
139 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
140
141 #ifdef DEBUG
142
143 int verify_verbose = 0;
144 static struct context_type *GlobalContext;
145 #endif
146
147 enum {
148 ITEM_Bogus,
149 ITEM_Void, /* only as a function return value */
150 ITEM_Integer,
151 ITEM_Float,
152 ITEM_Double,
153 ITEM_Double_2, /* 2nd word of double in register */
154 ITEM_Long,
155 ITEM_Long_2, /* 2nd word of long in register */
156 ITEM_Array,
157 ITEM_Object, /* Extra info field gives name. */
158 ITEM_NewObject, /* Like object, but uninitialized. */
159 ITEM_InitObject, /* "this" is init method, before call
160 to super() */
161 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
162 /* The following three are only used within array types.
163 * Normally, we use ITEM_Integer, instead. */
164 ITEM_Byte,
165 ITEM_Short,
166 ITEM_Char
167 };
168
169
170 #define UNKNOWN_STACK_SIZE -1
171 #define UNKNOWN_REGISTER_COUNT -1
172 #define UNKNOWN_RET_INSTRUCTION -1
173
174 #undef MAX
175 #undef MIN
176 #define MAX(a, b) ((a) > (b) ? (a) : (b))
177 #define MIN(a, b) ((a) < (b) ? (a) : (b))
178
179 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
180 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
181 ((unsigned)1 << ((i) % BITS_PER_INT)))
182 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
183 ((unsigned)1 << ((i) % BITS_PER_INT)))
184
185 typedef unsigned int fullinfo_type;
186 typedef unsigned int *bitvector;
187
188 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
189 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
190 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
191 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
192 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
193
194 #define MAKE_FULLINFO(type, indirect, extra) \
195 ((type) + ((indirect) << 5) + ((extra) << 16))
196
197 #define MAKE_Object_ARRAY(indirect) \
198 (context->object_info + ((indirect) << 5))
199
200 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
201
202 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
203 #define JVM_OPC_invokeinit 0x100
204
205 /* A hash mechanism used by the verifier.
206 * Maps class names to unique 16 bit integers.
207 */
208
209 #define HASH_TABLE_SIZE 503
210
211 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
212 * row (256 buckets) at a time to minimize fragmentation. Rows are
213 * allocated on demand so that we don't waste too much space.
214 */
215
216 #define MAX_HASH_ENTRIES 65536
217 #define HASH_ROW_SIZE 256
218
219 typedef struct hash_bucket_type {
220 char *name;
221 unsigned int hash;
222 jclass class;
223 unsigned short ID;
224 unsigned short next;
225 unsigned loadable:1; /* from context->class loader */
226 } hash_bucket_type;
227
228 typedef struct {
229 hash_bucket_type **buckets;
230 unsigned short *table;
231 int entries_used;
232 } hash_table_type;
233
234 #define GET_BUCKET(class_hash, ID)\
235 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
236
237 /*
238 * There are currently two types of resources that we need to keep
239 * track of (in addition to the CCalloc pool).
240 */
241 enum {
242 VM_STRING_UTF, /* VM-allocated UTF strings */
243 VM_MALLOC_BLK /* malloc'ed blocks */
244 };
245
246 #define LDC_CLASS_MAJOR_VERSION 49
247
248 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
249
250 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
251
252 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
253
254 #define ALLOC_STACK_SIZE 16 /* big enough */
255
256 typedef struct alloc_stack_type {
257 void *ptr;
258 int kind;
259 struct alloc_stack_type *next;
260 } alloc_stack_type;
261
262 /* The context type encapsulates the current invocation of the byte
263 * code verifier.
264 */
265 struct context_type {
266
267 JNIEnv *env; /* current JNIEnv */
268
269 /* buffers etc. */
270 char *message;
271 jint message_buf_len;
272 jboolean err_code;
273
274 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
275 had a chance to free */
276 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
277 blocks here, to save mallocs. */
278 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
279 int alloc_stack_top;
280
281 /* these fields are per class */
282 jclass class; /* current class */
283 jint major_version;
284 jint nconstants;
285 unsigned char *constant_types;
286 hash_table_type class_hash;
287
288 fullinfo_type object_info; /* fullinfo for java/lang/Object */
289 fullinfo_type string_info; /* fullinfo for java/lang/String */
290 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
291 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
292 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
293
294 fullinfo_type currentclass_info; /* fullinfo for context->class */
295 fullinfo_type superclass_info; /* fullinfo for superclass */
296
297 /* these fields are per method */
298 int method_index; /* current method */
299 unsigned short *exceptions; /* exceptions */
300 unsigned char *code; /* current code object */
301 jint code_length;
302 int *code_data; /* offset to instruction number */
303 struct instruction_data_type *instruction_data; /* info about each */
304 struct handler_info_type *handler_info;
305 fullinfo_type *superclasses; /* null terminated superclasses */
306 int instruction_count; /* number of instructions */
307 fullinfo_type return_type; /* function return type */
308 fullinfo_type swap_table[4]; /* used for passing information */
309 int bitmask_size; /* words needed to hold bitmap of arguments */
310
311 /* these fields are per field */
312 int field_index;
313
314 /* Used by the space allocator */
315 struct CCpool *CCroot, *CCcurrent;
316 char *CCfree_ptr;
317 int CCfree_size;
318
319 /* Jump here on any error. */
320 jmp_buf jump_buffer;
321
322 #ifdef DEBUG
323 /* keep track of how many global refs are allocated. */
324 int n_globalrefs;
325 #endif
326 };
327
328 struct stack_info_type {
329 struct stack_item_type *stack;
330 int stack_size;
331 };
332
333 struct register_info_type {
334 int register_count; /* number of registers used */
335 fullinfo_type *registers;
336 int mask_count; /* number of masks in the following */
337 struct mask_type *masks;
338 };
339
340 struct mask_type {
341 int entry;
342 int *modifies;
343 };
344
345 typedef unsigned short flag_type;
346
347 struct instruction_data_type {
348 int opcode; /* may turn into "canonical" opcode */
349 unsigned changed:1; /* has it changed */
350 unsigned protected:1; /* must accessor be a subclass of "this" */
351 union {
352 int i; /* operand to the opcode */
353 int *ip;
354 fullinfo_type fi;
355 } operand, operand2;
356 fullinfo_type p;
357 struct stack_info_type stack_info;
358 struct register_info_type register_info;
359 #define FLAG_REACHED 0x01 /* instruction reached */
360 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
361 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
362 flag_type or_flags; /* true for at least one path to this inst */
363 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
364 flag_type and_flags; /* true for all paths to this instruction */
365 };
366
367 struct handler_info_type {
368 int start, end, handler;
369 struct stack_info_type stack_info;
370 };
371
372 struct stack_item_type {
373 fullinfo_type item;
374 struct stack_item_type *next;
375 };
376
377 typedef struct context_type context_type;
378 typedef struct instruction_data_type instruction_data_type;
379 typedef struct stack_item_type stack_item_type;
380 typedef struct register_info_type register_info_type;
381 typedef struct stack_info_type stack_info_type;
382 typedef struct mask_type mask_type;
383
384 static void read_all_code(context_type *context, jclass cb, int num_methods,
385 int** code_lengths, unsigned char*** code);
386 static void verify_method(context_type *context, jclass cb, int index,
387 int code_length, unsigned char* code);
388 static void free_all_code(context_type* context, int num_methods,
389 unsigned char** code);
390 static void verify_field(context_type *context, jclass cb, int index);
391
392 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
393 static void set_protected(context_type *, unsigned int inumber, int key, int);
394 static jboolean is_superclass(context_type *, fullinfo_type);
395
396 static void initialize_exception_table(context_type *);
397 static int instruction_length(unsigned char *iptr, unsigned char *end);
398 static jboolean isLegalTarget(context_type *, int offset);
399 static void verify_constant_pool_type(context_type *, int, unsigned);
400
401 static void initialize_dataflow(context_type *);
402 static void run_dataflow(context_type *context);
403 static void check_register_values(context_type *context, unsigned int inumber);
404 static void check_flags(context_type *context, unsigned int inumber);
405 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
406 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
407 static void update_flags(context_type *, unsigned int inumber,
408 flag_type *new_and_flags, flag_type *new_or_flags);
409 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
410
411 static void merge_into_successors(context_type *, unsigned int inumber,
412 register_info_type *register_info,
413 stack_info_type *stack_info,
414 flag_type and_flags, flag_type or_flags);
415 static void merge_into_one_successor(context_type *context,
416 unsigned int from_inumber,
417 unsigned int inumber,
418 register_info_type *register_info,
419 stack_info_type *stack_info,
420 flag_type and_flags, flag_type or_flags,
421 jboolean isException);
422 static void merge_stack(context_type *, unsigned int inumber,
423 unsigned int to_inumber, stack_info_type *);
424 static void merge_registers(context_type *, unsigned int inumber,
425 unsigned int to_inumber,
426 register_info_type *);
427 static void merge_flags(context_type *context, unsigned int from_inumber,
428 unsigned int to_inumber,
429 flag_type new_and_flags, flag_type new_or_flags);
430
431 static stack_item_type *copy_stack(context_type *, stack_item_type *);
432 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
433 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
434
435 static fullinfo_type decrement_indirection(fullinfo_type);
436
437 static fullinfo_type merge_fullinfo_types(context_type *context,
438 fullinfo_type a,
439 fullinfo_type b,
440 jboolean assignment);
441 static jboolean isAssignableTo(context_type *,
442 fullinfo_type a,
443 fullinfo_type b);
444
445 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
446
447
448 #define NEW(type, count) \
449 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
450 #define ZNEW(type, count) \
451 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
452
453 static void CCinit(context_type *context);
454 static void CCreinit(context_type *context);
455 static void CCdestroy(context_type *context);
456 static void *CCalloc(context_type *context, int size, jboolean zero);
457
458 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
459
460 static char signature_to_fieldtype(context_type *context,
461 const char **signature_p, fullinfo_type *info);
462
463 static void CCerror (context_type *, char *format, ...);
464 static void CFerror (context_type *, char *format, ...);
465 static void CCout_of_memory (context_type *);
466
467 /* Because we can longjmp any time, we need to be very careful about
468 * remembering what needs to be freed. */
469
470 static void check_and_push(context_type *context, const void *ptr, int kind);
471 static void pop_and_free(context_type *context);
472
473 static int signature_to_args_size(const char *method_signature);
474
475 #ifdef DEBUG
476 static void print_stack (context_type *, stack_info_type *stack_info);
477 static void print_registers(context_type *, register_info_type *register_info);
478 static void print_flags(context_type *, flag_type, flag_type);
479 static void print_formatted_fieldname(context_type *context, int index);
480 static void print_formatted_methodname(context_type *context, int index);
481 #endif
482
483 void initialize_class_hash(context_type *context)
484 {
485 hash_table_type *class_hash = &(context->class_hash);
486 class_hash->buckets = (hash_bucket_type **)
487 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
488 class_hash->table = (unsigned short *)
489 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
490 if (class_hash->buckets == 0 ||
491 class_hash->table == 0)
492 CCout_of_memory(context);
493 class_hash->entries_used = 0;
494 }
495
496 static void finalize_class_hash(context_type *context)
497 {
498 hash_table_type *class_hash = &(context->class_hash);
499 JNIEnv *env = context->env;
500 int i;
501 /* 4296677: bucket index starts from 1. */
502 for (i=1;i<=class_hash->entries_used;i++) {
503 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
504 assert(bucket != NULL);
505 free(bucket->name);
506 if (bucket->class) {
507 (*env)->DeleteGlobalRef(env, bucket->class);
508 #ifdef DEBUG
509 context->n_globalrefs--;
510 #endif
511 }
512 }
513 if (class_hash->buckets) {
514 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
515 if (class_hash->buckets[i] == 0)
516 break;
517 free(class_hash->buckets[i]);
518 }
519 }
520 free(class_hash->buckets);
521 free(class_hash->table);
522 }
523
524 static hash_bucket_type *
525 new_bucket(context_type *context, unsigned short *pID)
526 {
527 hash_table_type *class_hash = &(context->class_hash);
528 int i = *pID = class_hash->entries_used + 1;
529 int row = i / HASH_ROW_SIZE;
530 if (i >= MAX_HASH_ENTRIES)
531 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
532 if (class_hash->buckets[row] == 0) {
533 class_hash->buckets[row] = (hash_bucket_type*)
534 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
535 if (class_hash->buckets[row] == 0)
536 CCout_of_memory(context);
537 }
538 class_hash->entries_used++; /* only increment when we are sure there
539 is no overflow. */
540 return GET_BUCKET(class_hash, i);
541 }
542
543 static unsigned int
544 class_hash_fun(const char *s)
545 {
546 int i;
547 unsigned raw_hash;
548 for (raw_hash = 0; (i = *s) != '\0'; ++s)
549 raw_hash = raw_hash * 37 + i;
550 return raw_hash;
551 }
552
553 /*
554 * Find a class using the defining loader of the current class
555 * and return a local reference to it.
556 */
557 static jclass load_class_local(context_type *context,const char *classname)
558 {
559 jclass cb = JVM_FindClassFromClass(context->env, classname,
560 JNI_FALSE, context->class);
561 if (cb == 0)
562 CCerror(context, "Cannot find class %s", classname);
563 return cb;
564 }
565
566 /*
567 * Find a class using the defining loader of the current class
568 * and return a global reference to it.
569 */
570 static jclass load_class_global(context_type *context, const char *classname)
571 {
572 JNIEnv *env = context->env;
573 jclass local, global;
574
575 local = load_class_local(context, classname);
576 global = (*env)->NewGlobalRef(env, local);
577 if (global == 0)
578 CCout_of_memory(context);
579 #ifdef DEBUG
580 context->n_globalrefs++;
581 #endif
582 (*env)->DeleteLocalRef(env, local);
583 return global;
584 }
585
586 /*
587 * Return a unique ID given a local class reference. The loadable
588 * flag is true if the defining class loader of context->class
589 * is known to be capable of loading the class.
590 */
591 static unsigned short
592 class_to_ID(context_type *context, jclass cb, jboolean loadable)
593 {
594 JNIEnv *env = context->env;
595 hash_table_type *class_hash = &(context->class_hash);
596 unsigned int hash;
597 hash_bucket_type *bucket;
598 unsigned short *pID;
599 const char *name = JVM_GetClassNameUTF(env, cb);
600
601 check_and_push(context, name, VM_STRING_UTF);
602 hash = class_hash_fun(name);
603 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
604 while (*pID) {
605 bucket = GET_BUCKET(class_hash, *pID);
606 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
607 /*
608 * There is an unresolved entry with our name
609 * so we're forced to load it in case it matches us.
610 */
611 if (bucket->class == 0) {
612 assert(bucket->loadable == JNI_TRUE);
613 bucket->class = load_class_global(context, name);
614 }
615
616 /*
617 * It's already in the table. Update the loadable
618 * state if it's known and then we're done.
619 */
620 if ((*env)->IsSameObject(env, cb, bucket->class)) {
621 if (loadable && !bucket->loadable)
622 bucket->loadable = JNI_TRUE;
623 goto done;
624 }
625 }
626 pID = &bucket->next;
627 }
628 bucket = new_bucket(context, pID);
629 bucket->next = 0;
630 bucket->hash = hash;
631 bucket->name = malloc(strlen(name) + 1);
632 if (bucket->name == 0)
633 CCout_of_memory(context);
634 strcpy(bucket->name, name);
635 bucket->loadable = loadable;
636 bucket->class = (*env)->NewGlobalRef(env, cb);
637 if (bucket->class == 0)
638 CCout_of_memory(context);
639 #ifdef DEBUG
640 context->n_globalrefs++;
641 #endif
642
643 done:
644 pop_and_free(context);
645 return *pID;
646 }
647
648 /*
649 * Return a unique ID given a class name from the constant pool.
650 * All classes are lazily loaded from the defining loader of
651 * context->class.
652 */
653 static unsigned short
654 class_name_to_ID(context_type *context, const char *name)
655 {
656 hash_table_type *class_hash = &(context->class_hash);
657 unsigned int hash = class_hash_fun(name);
658 hash_bucket_type *bucket;
659 unsigned short *pID;
660 jboolean force_load = JNI_FALSE;
661
662 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
663 while (*pID) {
664 bucket = GET_BUCKET(class_hash, *pID);
665 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
666 if (bucket->loadable)
667 goto done;
668 force_load = JNI_TRUE;
669 }
670 pID = &bucket->next;
671 }
672
673 if (force_load) {
674 /*
675 * We found at least one matching named entry for a class that
676 * was not known to be loadable through the defining class loader
677 * of context->class. We must load our named class and update
678 * the hash table in case one these entries matches our class.
679 */
680 JNIEnv *env = context->env;
681 jclass cb = load_class_local(context, name);
682 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
683 (*env)->DeleteLocalRef(env, cb);
684 return id;
685 }
686
687 bucket = new_bucket(context, pID);
688 bucket->next = 0;
689 bucket->class = 0;
690 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
691 bucket->hash = hash;
692 bucket->name = malloc(strlen(name) + 1);
693 if (bucket->name == 0)
694 CCout_of_memory(context);
695 strcpy(bucket->name, name);
696
697 done:
698 return *pID;
699 }
700
701 static const char *
702 ID_to_class_name(context_type *context, unsigned short ID)
703 {
704 hash_table_type *class_hash = &(context->class_hash);
705 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
706 return bucket->name;
707 }
708
709 static jclass
710 ID_to_class(context_type *context, unsigned short ID)
711 {
712 hash_table_type *class_hash = &(context->class_hash);
713 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
714 if (bucket->class == 0) {
715 assert(bucket->loadable == JNI_TRUE);
716 bucket->class = load_class_global(context, bucket->name);
717 }
718 return bucket->class;
719 }
720
721 static fullinfo_type
722 make_loadable_class_info(context_type *context, jclass cb)
723 {
724 return MAKE_FULLINFO(ITEM_Object, 0,
725 class_to_ID(context, cb, JNI_TRUE));
726 }
727
728 static fullinfo_type
729 make_class_info(context_type *context, jclass cb)
730 {
731 return MAKE_FULLINFO(ITEM_Object, 0,
732 class_to_ID(context, cb, JNI_FALSE));
733 }
734
735 static fullinfo_type
736 make_class_info_from_name(context_type *context, const char *name)
737 {
738 return MAKE_FULLINFO(ITEM_Object, 0,
739 class_name_to_ID(context, name));
740 }
741
742 /* RETURNS
743 * 1: on success chosen to be consistent with previous VerifyClass
744 * 0: verify error
745 * 2: out of memory
746 * 3: class format error
747 *
748 * Called by verify_class. Verify the code of each of the methods
749 * in a class. Note that this function apparently can't be JNICALL,
750 * because if it is the dynamic linker doesn't appear to be able to
751 * find it on Win32.
752 */
753
754 #define CC_OK 1
755 #define CC_VerifyError 0
756 #define CC_OutOfMemory 2
757 #define CC_ClassFormatError 3
758
759 JNIEXPORT jboolean
760 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
761 jint major_version)
762 {
763 context_type context_structure;
764 context_type *context = &context_structure;
765 jboolean result = CC_OK;
766 int i;
767 int num_methods;
768 int* code_lengths;
769 unsigned char** code;
770
771 #ifdef DEBUG
772 GlobalContext = context;
773 #endif
774
775 memset(context, 0, sizeof(context_type));
776 context->message = buffer;
777 context->message_buf_len = len;
778
779 context->env = env;
780 context->class = cb;
781
782 /* Set invalid method/field index of the context, in case anyone
783 calls CCerror */
784 context->method_index = -1;
785 context->field_index = -1;
786
787 /* Don't call CCerror or anything that can call it above the setjmp! */
788 if (!setjmp(context->jump_buffer)) {
789 jclass super;
790
791 CCinit(context); /* initialize heap; may throw */
792
793 initialize_class_hash(context);
794
795 context->major_version = major_version;
796 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
797 context->constant_types = (unsigned char *)
798 malloc(sizeof(unsigned char) * context->nconstants + 1);
799
800 if (context->constant_types == 0)
801 CCout_of_memory(context);
802
803 JVM_GetClassCPTypes(env, cb, context->constant_types);
804
805 if (context->constant_types == 0)
806 CCout_of_memory(context);
807
808 context->object_info =
809 make_class_info_from_name(context, "java/lang/Object");
810 context->string_info =
811 make_class_info_from_name(context, "java/lang/String");
812 context->throwable_info =
813 make_class_info_from_name(context, "java/lang/Throwable");
814 context->cloneable_info =
815 make_class_info_from_name(context, "java/lang/Cloneable");
816 context->serializable_info =
817 make_class_info_from_name(context, "java/io/Serializable");
818
819 context->currentclass_info = make_loadable_class_info(context, cb);
820
821 super = (*env)->GetSuperclass(env, cb);
822
823 if (super != 0) {
824 fullinfo_type *gptr;
825 int i = 0;
826
827 context->superclass_info = make_loadable_class_info(context, super);
828
829 while(super != 0) {
830 jclass tmp_cb = (*env)->GetSuperclass(env, super);
831 (*env)->DeleteLocalRef(env, super);
832 super = tmp_cb;
833 i++;
834 }
835 (*env)->DeleteLocalRef(env, super);
836 super = 0;
837
838 /* Can't go on context heap since it survives more than
839 one method */
840 context->superclasses = gptr =
841 malloc(sizeof(fullinfo_type)*(i + 1));
842 if (gptr == 0) {
843 CCout_of_memory(context);
844 }
845
846 super = (*env)->GetSuperclass(env, context->class);
847 while(super != 0) {
848 jclass tmp_cb;
849 *gptr++ = make_class_info(context, super);
850 tmp_cb = (*env)->GetSuperclass(env, super);
851 (*env)->DeleteLocalRef(env, super);
852 super = tmp_cb;
853 }
854 *gptr = 0;
855 } else {
856 context->superclass_info = 0;
857 }
858
859 (*env)->DeleteLocalRef(env, super);
860
861 /* Look at each method */
862 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
863 verify_field(context, cb, i);
864 num_methods = JVM_GetClassMethodsCount(env, cb);
865 read_all_code(context, cb, num_methods, &code_lengths, &code);
866 for (i = num_methods - 1; i >= 0; --i)
867 verify_method(context, cb, i, code_lengths[i], code[i]);
868 free_all_code(context, num_methods, code);
869 result = CC_OK;
870 } else {
871 result = context->err_code;
872 }
873
874 /* Cleanup */
875 finalize_class_hash(context);
876
877 while(context->allocated_memory)
878 pop_and_free(context);
879
880 #ifdef DEBUG
881 GlobalContext = 0;
882 #endif
883
884 if (context->exceptions)
885 free(context->exceptions);
886
887 if (context->constant_types)
888 free(context->constant_types);
889
890 if (context->superclasses)
891 free(context->superclasses);
892
893 #ifdef DEBUG
894 /* Make sure all global refs created in the verifier are freed */
895 assert(context->n_globalrefs == 0);
896 #endif
897
898 CCdestroy(context); /* destroy heap */
899 return result;
900 }
901
902 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
903
904 JNIEXPORT jboolean
905 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
906 {
907 static int warned = 0;
908 if (!warned) {
909 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
910 warned = 1;
911 }
912 return VerifyClassForMajorVersion(env, cb, buffer, len,
913 OLD_FORMAT_MAX_MAJOR_VERSION);
914 }
915
916 static void
917 verify_field(context_type *context, jclass cb, int field_index)
918 {
919 JNIEnv *env = context->env;
920 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
921 context->field_index = field_index;
922
923 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
924 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
925 CCerror(context, "Inconsistent access bits.");
926 }
927 context->field_index = -1;
928 }
929
930
931 /**
932 * We read all of the class's methods' code because it is possible that
933 * the verification of one method could resulting in linking further
934 * down the stack (due to class loading), which could end up rewriting
935 * some of the bytecode of methods we haven't verified yet. Since we
936 * don't want to see the rewritten bytecode, cache all the code and
937 * operate only on that.
938 */
939 static void
940 read_all_code(context_type* context, jclass cb, int num_methods,
941 int** lengths_addr, unsigned char*** code_addr)
942 {
943 int* lengths;
944 unsigned char** code;
945 int i;
946
947 lengths = malloc(sizeof(int) * num_methods);
948 check_and_push(context, lengths, VM_MALLOC_BLK);
949
950 code = malloc(sizeof(unsigned char*) * num_methods);
951 check_and_push(context, code, VM_MALLOC_BLK);
952
953 *(lengths_addr) = lengths;
954 *(code_addr) = code;
955
956 for (i = 0; i < num_methods; ++i) {
957 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
958 if (lengths[i] > 0) {
959 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
960 check_and_push(context, code[i], VM_MALLOC_BLK);
961 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
962 } else {
963 code[i] = NULL;
964 }
965 }
966 }
967
968 static void
969 free_all_code(context_type* context, int num_methods, unsigned char** code)
970 {
971 int i;
972 for (i = 0; i < num_methods; ++i) {
973 if (code[i] != NULL) {
974 pop_and_free(context);
975 }
976 }
977 pop_and_free(context); /* code */
978 pop_and_free(context); /* lengths */
979 }
980
981 /* Verify the code of one method */
982 static void
983 verify_method(context_type *context, jclass cb, int method_index,
984 int code_length, unsigned char* code)
985 {
986 JNIEnv *env = context->env;
987 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
988 int *code_data;
989 instruction_data_type *idata = 0;
990 int instruction_count;
991 int i, offset;
992 unsigned int inumber;
993 jint nexceptions;
994
995 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
996 /* not much to do for abstract and native methods */
997 return;
998 }
999
1000 context->code_length = code_length;
1001 context->code = code;
1002
1003 /* CCerror can give method-specific info once this is set */
1004 context->method_index = method_index;
1005
1006 CCreinit(context); /* initial heap */
1007 code_data = NEW(int, code_length);
1008
1009 #ifdef DEBUG
1010 if (verify_verbose) {
1011 const char *classname = JVM_GetClassNameUTF(env, cb);
1012 const char *methodname =
1013 JVM_GetMethodIxNameUTF(env, cb, method_index);
1014 const char *signature =
1015 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1016 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1017 (classname ? classname : ""),
1018 (methodname ? methodname : ""),
1019 (signature ? signature : ""));
1020 JVM_ReleaseUTF(classname);
1021 JVM_ReleaseUTF(methodname);
1022 JVM_ReleaseUTF(signature);
1023 }
1024 #endif
1025
1026 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1027 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1028 CCerror(context, "Inconsistent access bits.");
1029 }
1030
1031 // If this method is an overpass method, which is generated by the VM,
1032 // we trust the code and no check needs to be done.
1033 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1034 return;
1035 }
1036
1037 /* Run through the code. Mark the start of each instruction, and give
1038 * the instruction a number */
1039 for (i = 0, offset = 0; offset < code_length; i++) {
1040 int length = instruction_length(&code[offset], code + code_length);
1041 int next_offset = offset + length;
1042 if (length <= 0)
1043 CCerror(context, "Illegal instruction found at offset %d", offset);
1044 if (next_offset > code_length)
1045 CCerror(context, "Code stops in the middle of instruction "
1046 " starting at offset %d", offset);
1047 code_data[offset] = i;
1048 while (++offset < next_offset)
1049 code_data[offset] = -1; /* illegal location */
1050 }
1051 instruction_count = i; /* number of instructions in code */
1052
1053 /* Allocate a structure to hold info about each instruction. */
1054 idata = NEW(instruction_data_type, instruction_count);
1055
1056 /* Initialize the heap, and other info in the context structure. */
1057 context->code = code;
1058 context->instruction_data = idata;
1059 context->code_data = code_data;
1060 context->instruction_count = instruction_count;
1061 context->handler_info =
1062 NEW(struct handler_info_type,
1063 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1064 context->bitmask_size =
1065 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1066 + (BITS_PER_INT - 1))/BITS_PER_INT;
1067
1068 if (instruction_count == 0)
1069 CCerror(context, "Empty code");
1070
1071 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1072 int length = instruction_length(&code[offset], code + code_length);
1073 instruction_data_type *this_idata = &idata[inumber];
1074 this_idata->opcode = code[offset];
1075 this_idata->stack_info.stack = NULL;
1076 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1077 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1078 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1079 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1080 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1081 this_idata->or_flags = 0; /* "bottom" or value*/
1082 /* This also sets up this_data->operand. It also makes the
1083 * xload_x and xstore_x instructions look like the generic form. */
1084 verify_opcode_operands(context, inumber, offset);
1085 offset += length;
1086 }
1087
1088
1089 /* make sure exception table is reasonable. */
1090 initialize_exception_table(context);
1091 /* Set up first instruction, and start of exception handlers. */
1092 initialize_dataflow(context);
1093 /* Run data flow analysis on the instructions. */
1094 run_dataflow(context);
1095
1096 /* verify checked exceptions, if any */
1097 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1098 context->exceptions = (unsigned short *)
1099 malloc(sizeof(unsigned short) * nexceptions + 1);
1100 if (context->exceptions == 0)
1101 CCout_of_memory(context);
1102 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1103 context->exceptions);
1104 for (i = 0; i < nexceptions; i++) {
1105 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1106 verify_constant_pool_type(context, (int)context->exceptions[i],
1107 1 << JVM_CONSTANT_Class);
1108 }
1109 free(context->exceptions);
1110 context->exceptions = 0;
1111 context->code = 0;
1112 context->method_index = -1;
1113 }
1114
1115
1116 /* Look at a single instruction, and verify its operands. Also, for
1117 * simplicity, move the operand into the ->operand field.
1118 * Make sure that branches don't go into the middle of nowhere.
1119 */
1120
1121 static jint _ck_ntohl(jint n)
1122 {
1123 unsigned char *p = (unsigned char *)&n;
1124 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1125 }
1126
1127 static void
1128 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1129 {
1130 JNIEnv *env = context->env;
1131 instruction_data_type *idata = context->instruction_data;
1132 instruction_data_type *this_idata = &idata[inumber];
1133 int *code_data = context->code_data;
1134 int mi = context->method_index;
1135 unsigned char *code = context->code;
1136 int opcode = this_idata->opcode;
1137 int var;
1138
1139 /*
1140 * Set the ip fields to 0 not the i fields because the ip fields
1141 * are 64 bits on 64 bit architectures, the i field is only 32
1142 */
1143 this_idata->operand.ip = 0;
1144 this_idata->operand2.ip = 0;
1145
1146 switch (opcode) {
1147
1148 case JVM_OPC_jsr:
1149 /* instruction of ret statement */
1150 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1151 /* FALLTHROUGH */
1152 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1153 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1154 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1155 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1156 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1157 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1158 case JVM_OPC_goto: {
1159 /* Set the ->operand to be the instruction number of the target. */
1160 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1161 int target = offset + jump;
1162 if (!isLegalTarget(context, target))
1163 CCerror(context, "Illegal target of jump or branch");
1164 this_idata->operand.i = code_data[target];
1165 break;
1166 }
1167
1168 case JVM_OPC_jsr_w:
1169 /* instruction of ret statement */
1170 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1171 /* FALLTHROUGH */
1172 case JVM_OPC_goto_w: {
1173 /* Set the ->operand to be the instruction number of the target. */
1174 int jump = (((signed char)(code[offset+1])) << 24) +
1175 (code[offset+2] << 16) + (code[offset+3] << 8) +
1176 (code[offset + 4]);
1177 int target = offset + jump;
1178 if (!isLegalTarget(context, target))
1179 CCerror(context, "Illegal target of jump or branch");
1180 this_idata->operand.i = code_data[target];
1181 break;
1182 }
1183
1184 case JVM_OPC_tableswitch:
1185 case JVM_OPC_lookupswitch: {
1186 /* Set the ->operand to be a table of possible instruction targets. */
1187 int *lpc = (int *) UCALIGN(code + offset + 1);
1188 int *lptr;
1189 int *saved_operand;
1190 int keys;
1191 int k, delta;
1192
1193 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1194 /* 4639449, 4647081: Padding bytes must be zero. */
1195 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1196 for (; bptr < (unsigned char*)lpc; bptr++) {
1197 if (*bptr != 0) {
1198 CCerror(context, "Non zero padding bytes in switch");
1199 }
1200 }
1201 }
1202 if (opcode == JVM_OPC_tableswitch) {
1203 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1204 delta = 1;
1205 } else {
1206 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1207 delta = 2;
1208 /* Make sure that the tableswitch items are sorted */
1209 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1210 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1211 int next_key = _ck_ntohl(lptr[2]);
1212 if (this_key >= next_key) {
1213 CCerror(context, "Unsorted lookup switch");
1214 }
1215 }
1216 }
1217 saved_operand = NEW(int, keys + 2);
1218 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1219 CCerror(context, "Illegal default target in switch");
1220 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1221 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1222 int target = offset + _ck_ntohl(lptr[0]);
1223 if (!isLegalTarget(context, target))
1224 CCerror(context, "Illegal branch in tableswitch");
1225 saved_operand[k + 1] = code_data[target];
1226 }
1227 saved_operand[0] = keys + 1; /* number of successors */
1228 this_idata->operand.ip = saved_operand;
1229 break;
1230 }
1231
1232 case JVM_OPC_ldc: {
1233 /* Make sure the constant pool item is the right type. */
1234 int key = code[offset + 1];
1235 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1236 (1 << JVM_CONSTANT_String);
1237 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1238 types |= 1 << JVM_CONSTANT_Class;
1239 }
1240 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1241 types |= (1 << JVM_CONSTANT_MethodHandle) |
1242 (1 << JVM_CONSTANT_MethodType);
1243 }
1244 this_idata->operand.i = key;
1245 verify_constant_pool_type(context, key, types);
1246 break;
1247 }
1248
1249 case JVM_OPC_ldc_w: {
1250 /* Make sure the constant pool item is the right type. */
1251 int key = (code[offset + 1] << 8) + code[offset + 2];
1252 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1253 (1 << JVM_CONSTANT_String);
1254 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1255 types |= 1 << JVM_CONSTANT_Class;
1256 }
1257 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1258 types |= (1 << JVM_CONSTANT_MethodHandle) |
1259 (1 << JVM_CONSTANT_MethodType);
1260 }
1261 this_idata->operand.i = key;
1262 verify_constant_pool_type(context, key, types);
1263 break;
1264 }
1265
1266 case JVM_OPC_ldc2_w: {
1267 /* Make sure the constant pool item is the right type. */
1268 int key = (code[offset + 1] << 8) + code[offset + 2];
1269 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1270 this_idata->operand.i = key;
1271 verify_constant_pool_type(context, key, types);
1272 break;
1273 }
1274
1275 case JVM_OPC_getfield: case JVM_OPC_putfield:
1276 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1277 /* Make sure the constant pool item is the right type. */
1278 int key = (code[offset + 1] << 8) + code[offset + 2];
1279 this_idata->operand.i = key;
1280 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1281 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1282 set_protected(context, inumber, key, opcode);
1283 break;
1284 }
1285
1286 case JVM_OPC_invokevirtual:
1287 case JVM_OPC_invokespecial:
1288 case JVM_OPC_invokestatic:
1289 case JVM_OPC_invokedynamic:
1290 case JVM_OPC_invokeinterface: {
1291 /* Make sure the constant pool item is the right type. */
1292 int key = (code[offset + 1] << 8) + code[offset + 2];
1293 const char *methodname;
1294 jclass cb = context->class;
1295 fullinfo_type clazz_info;
1296 int is_constructor, is_internal, is_invokedynamic;
1297 int kind;
1298
1299 switch (opcode ) {
1300 case JVM_OPC_invokestatic:
1301 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1302 ? (1 << JVM_CONSTANT_Methodref)
1303 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1304 break;
1305 case JVM_OPC_invokedynamic:
1306 kind = 1 << JVM_CONSTANT_NameAndType;
1307 break;
1308 case JVM_OPC_invokeinterface:
1309 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1310 break;
1311 default:
1312 kind = 1 << JVM_CONSTANT_Methodref;
1313 }
1314
1315 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1316 /* Make sure the constant pool item is the right type. */
1317 verify_constant_pool_type(context, key, kind);
1318 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1319 check_and_push(context, methodname, VM_STRING_UTF);
1320 is_constructor = !strcmp(methodname, "<init>");
1321 is_internal = methodname[0] == '<';
1322 pop_and_free(context);
1323
1324 if (is_invokedynamic)
1325 clazz_info = context->object_info; // anything will do
1326 else
1327 clazz_info = cp_index_to_class_fullinfo(context, key,
1328 JVM_CONSTANT_Methodref);
1329 this_idata->operand.i = key;
1330 this_idata->operand2.fi = clazz_info;
1331 if (is_constructor) {
1332 if (opcode != JVM_OPC_invokespecial) {
1333 CCerror(context,
1334 "Must call initializers using invokespecial");
1335 }
1336 this_idata->opcode = JVM_OPC_invokeinit;
1337 } else {
1338 if (is_internal) {
1339 CCerror(context, "Illegal call to internal method");
1340 }
1341 if (opcode == JVM_OPC_invokespecial
1342 && clazz_info != context->currentclass_info
1343 && clazz_info != context->superclass_info) {
1344 int not_found = 1;
1345
1346 jclass super = (*env)->GetSuperclass(env, context->class);
1347 while(super != 0) {
1348 jclass tmp_cb;
1349 fullinfo_type new_info = make_class_info(context, super);
1350 if (clazz_info == new_info) {
1351 not_found = 0;
1352 break;
1353 }
1354 tmp_cb = (*env)->GetSuperclass(env, super);
1355 (*env)->DeleteLocalRef(env, super);
1356 super = tmp_cb;
1357 }
1358 (*env)->DeleteLocalRef(env, super);
1359
1360 /* The optimizer make cause this to happen on local code */
1361 if (not_found) {
1362 #ifdef BROKEN_JAVAC
1363 jobject loader = JVM_GetClassLoader(env, context->class);
1364 int has_loader = (loader != 0);
1365 (*env)->DeleteLocalRef(env, loader);
1366 if (has_loader)
1367 #endif /* BROKEN_JAVAC */
1368 CCerror(context,
1369 "Illegal use of nonvirtual function call");
1370 }
1371 }
1372 }
1373 if (opcode == JVM_OPC_invokeinterface) {
1374 unsigned int args1;
1375 unsigned int args2;
1376 const char *signature =
1377 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1378 check_and_push(context, signature, VM_STRING_UTF);
1379 args1 = signature_to_args_size(signature) + 1;
1380 args2 = code[offset + 3];
1381 if (args1 != args2) {
1382 CCerror(context,
1383 "Inconsistent args_size for invokeinterface");
1384 }
1385 if (code[offset + 4] != 0) {
1386 CCerror(context,
1387 "Fourth operand byte of invokeinterface must be zero");
1388 }
1389 pop_and_free(context);
1390 } else if (opcode == JVM_OPC_invokedynamic) {
1391 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1392 CCerror(context,
1393 "Third and fourth operand bytes of invokedynamic must be zero");
1394 }
1395 } else if (opcode == JVM_OPC_invokevirtual
1396 || opcode == JVM_OPC_invokespecial)
1397 set_protected(context, inumber, key, opcode);
1398 break;
1399 }
1400
1401
1402 case JVM_OPC_instanceof:
1403 case JVM_OPC_checkcast:
1404 case JVM_OPC_new:
1405 case JVM_OPC_anewarray:
1406 case JVM_OPC_multianewarray: {
1407 /* Make sure the constant pool item is a class */
1408 int key = (code[offset + 1] << 8) + code[offset + 2];
1409 fullinfo_type target;
1410 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1411 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1412 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1413 CCerror(context, "Illegal type");
1414 switch(opcode) {
1415 case JVM_OPC_anewarray:
1416 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1417 CCerror(context, "Array with too many dimensions");
1418 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1419 GET_INDIRECTION(target) + 1,
1420 GET_EXTRA_INFO(target));
1421 break;
1422 case JVM_OPC_new:
1423 if (WITH_ZERO_EXTRA_INFO(target) !=
1424 MAKE_FULLINFO(ITEM_Object, 0, 0))
1425 CCerror(context, "Illegal creation of multi-dimensional array");
1426 /* operand gets set to the "unitialized object". operand2 gets
1427 * set to what the value will be after it's initialized. */
1428 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1429 this_idata->operand2.fi = target;
1430 break;
1431 case JVM_OPC_multianewarray:
1432 this_idata->operand.fi = target;
1433 this_idata->operand2.i = code[offset + 3];
1434 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1435 || (this_idata->operand2.i == 0))
1436 CCerror(context, "Illegal dimension argument");
1437 break;
1438 default:
1439 this_idata->operand.fi = target;
1440 }
1441 break;
1442 }
1443
1444 case JVM_OPC_newarray: {
1445 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1446 fullinfo_type full_info;
1447 switch (code[offset + 1]) {
1448 case JVM_T_INT:
1449 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1450 case JVM_T_LONG:
1451 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1452 case JVM_T_FLOAT:
1453 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1454 case JVM_T_DOUBLE:
1455 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1456 case JVM_T_BYTE: case JVM_T_BOOLEAN:
1457 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1458 case JVM_T_CHAR:
1459 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1460 case JVM_T_SHORT:
1461 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1462 default:
1463 full_info = 0; /* Keep lint happy */
1464 CCerror(context, "Bad type passed to newarray");
1465 }
1466 this_idata->operand.fi = full_info;
1467 break;
1468 }
1469
1470 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1471 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1472 this_idata->opcode = JVM_OPC_iload;
1473 var = opcode - JVM_OPC_iload_0;
1474 goto check_local_variable;
1475
1476 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1477 this_idata->opcode = JVM_OPC_fload;
1478 var = opcode - JVM_OPC_fload_0;
1479 goto check_local_variable;
1480
1481 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1482 this_idata->opcode = JVM_OPC_aload;
1483 var = opcode - JVM_OPC_aload_0;
1484 goto check_local_variable;
1485
1486 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1487 this_idata->opcode = JVM_OPC_lload;
1488 var = opcode - JVM_OPC_lload_0;
1489 goto check_local_variable2;
1490
1491 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1492 this_idata->opcode = JVM_OPC_dload;
1493 var = opcode - JVM_OPC_dload_0;
1494 goto check_local_variable2;
1495
1496 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1497 this_idata->opcode = JVM_OPC_istore;
1498 var = opcode - JVM_OPC_istore_0;
1499 goto check_local_variable;
1500
1501 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1502 this_idata->opcode = JVM_OPC_fstore;
1503 var = opcode - JVM_OPC_fstore_0;
1504 goto check_local_variable;
1505
1506 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1507 this_idata->opcode = JVM_OPC_astore;
1508 var = opcode - JVM_OPC_astore_0;
1509 goto check_local_variable;
1510
1511 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1512 this_idata->opcode = JVM_OPC_lstore;
1513 var = opcode - JVM_OPC_lstore_0;
1514 goto check_local_variable2;
1515
1516 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1517 this_idata->opcode = JVM_OPC_dstore;
1518 var = opcode - JVM_OPC_dstore_0;
1519 goto check_local_variable2;
1520
1521 case JVM_OPC_wide:
1522 this_idata->opcode = code[offset + 1];
1523 var = (code[offset + 2] << 8) + code[offset + 3];
1524 switch(this_idata->opcode) {
1525 case JVM_OPC_lload: case JVM_OPC_dload:
1526 case JVM_OPC_lstore: case JVM_OPC_dstore:
1527 goto check_local_variable2;
1528 default:
1529 goto check_local_variable;
1530 }
1531
1532 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1533 case JVM_OPC_ret:
1534 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1535 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1536 var = code[offset + 1];
1537 check_local_variable:
1538 /* Make sure that the variable number isn't illegal. */
1539 this_idata->operand.i = var;
1540 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1541 CCerror(context, "Illegal local variable number");
1542 break;
1543
1544 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1545 var = code[offset + 1];
1546 check_local_variable2:
1547 /* Make sure that the variable number isn't illegal. */
1548 this_idata->operand.i = var;
1549 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1550 CCerror(context, "Illegal local variable number");
1551 break;
1552
1553 default:
1554 if (opcode > JVM_OPC_MAX)
1555 CCerror(context, "Quick instructions shouldn't appear yet.");
1556 break;
1557 } /* of switch */
1558 }
1559
1560
1561 static void
1562 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1563 {
1564 JNIEnv *env = context->env;
1565 fullinfo_type clazz_info;
1566 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1567 clazz_info = cp_index_to_class_fullinfo(context, key,
1568 JVM_CONSTANT_Fieldref);
1569 } else {
1570 clazz_info = cp_index_to_class_fullinfo(context, key,
1571 JVM_CONSTANT_Methodref);
1572 }
1573 if (is_superclass(context, clazz_info)) {
1574 jclass calledClass =
1575 object_fullinfo_to_classclass(context, clazz_info);
1576 int access;
1577 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1578 searches the referenced field or method in calledClass. The following
1579 while loop is added to search up the superclass chain to make this
1580 symbolic resolution consistent with the field/method resolution
1581 specified in VM spec 5.4.3. */
1582 calledClass = (*env)->NewLocalRef(env, calledClass);
1583 do {
1584 jclass tmp_cb;
1585 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1586 access = JVM_GetCPFieldModifiers
1587 (env, context->class, key, calledClass);
1588 } else {
1589 access = JVM_GetCPMethodModifiers
1590 (env, context->class, key, calledClass);
1591 }
1592 if (access != -1) {
1593 break;
1594 }
1595 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1596 (*env)->DeleteLocalRef(env, calledClass);
1597 calledClass = tmp_cb;
1598 } while (calledClass != 0);
1599
1600 if (access == -1) {
1601 /* field/method not found, detected at runtime. */
1602 } else if (access & JVM_ACC_PROTECTED) {
1603 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1604 context->instruction_data[inumber].protected = JNI_TRUE;
1605 }
1606 (*env)->DeleteLocalRef(env, calledClass);
1607 }
1608 }
1609
1610
1611 static jboolean
1612 is_superclass(context_type *context, fullinfo_type clazz_info) {
1613 fullinfo_type *fptr = context->superclasses;
1614
1615 if (fptr == 0)
1616 return JNI_FALSE;
1617 for (; *fptr != 0; fptr++) {
1618 if (*fptr == clazz_info)
1619 return JNI_TRUE;
1620 }
1621 return JNI_FALSE;
1622 }
1623
1624
1625 /* Look through each item on the exception table. Each of the fields must
1626 * refer to a legal instruction.
1627 */
1628 static void
1629 initialize_exception_table(context_type *context)
1630 {
1631 JNIEnv *env = context->env;
1632 int mi = context->method_index;
1633 struct handler_info_type *handler_info = context->handler_info;
1634 int *code_data = context->code_data;
1635 int code_length = context->code_length;
1636 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1637 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1638 if (max_stack_size < 1 && i > 0) {
1639 // If the method contains exception handlers, it must have room
1640 // on the expression stack for the exception that the VM could push
1641 CCerror(context, "Stack size too large");
1642 }
1643 for (; --i >= 0; handler_info++) {
1644 JVM_ExceptionTableEntryType einfo;
1645 stack_item_type *stack_item = NEW(stack_item_type, 1);
1646
1647 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1648 i, &einfo);
1649
1650 if (!(einfo.start_pc < einfo.end_pc &&
1651 einfo.start_pc >= 0 &&
1652 isLegalTarget(context, einfo.start_pc) &&
1653 (einfo.end_pc == code_length ||
1654 isLegalTarget(context, einfo.end_pc)))) {
1655 CFerror(context, "Illegal exception table range");
1656 }
1657 if (!((einfo.handler_pc > 0) &&
1658 isLegalTarget(context, einfo.handler_pc))) {
1659 CFerror(context, "Illegal exception table handler");
1660 }
1661
1662 handler_info->start = code_data[einfo.start_pc];
1663 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1664 handler_info->end = (einfo.end_pc == context->code_length) ?
1665 context->instruction_count : code_data[einfo.end_pc];
1666 handler_info->handler = code_data[einfo.handler_pc];
1667 handler_info->stack_info.stack = stack_item;
1668 handler_info->stack_info.stack_size = 1;
1669 stack_item->next = NULL;
1670 if (einfo.catchType != 0) {
1671 const char *classname;
1672 /* Constant pool entry type has been checked in format checker */
1673 classname = JVM_GetCPClassNameUTF(env,
1674 context->class,
1675 einfo.catchType);
1676 check_and_push(context, classname, VM_STRING_UTF);
1677 stack_item->item = make_class_info_from_name(context, classname);
1678 if (!isAssignableTo(context,
1679 stack_item->item,
1680 context->throwable_info))
1681 CCerror(context, "catch_type not a subclass of Throwable");
1682 pop_and_free(context);
1683 } else {
1684 stack_item->item = context->throwable_info;
1685 }
1686 }
1687 }
1688
1689
1690 /* Given a pointer to an instruction, return its length. Use the table
1691 * opcode_length[] which is automatically built.
1692 */
1693 static int instruction_length(unsigned char *iptr, unsigned char *end)
1694 {
1695 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1696 int instruction = *iptr;
1697 switch (instruction) {
1698 case JVM_OPC_tableswitch: {
1699 int *lpc = (int *)UCALIGN(iptr + 1);
1700 int index;
1701 if (lpc + 2 >= (int *)end) {
1702 return -1; /* do not read pass the end */
1703 }
1704 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1705 if ((index < 0) || (index > 65535)) {
1706 return -1; /* illegal */
1707 } else {
1708 return (unsigned char *)(&lpc[index + 4]) - iptr;
1709 }
1710 }
1711
1712 case JVM_OPC_lookupswitch: {
1713 int *lpc = (int *) UCALIGN(iptr + 1);
1714 int npairs;
1715 if (lpc + 1 >= (int *)end)
1716 return -1; /* do not read pass the end */
1717 npairs = _ck_ntohl(lpc[1]);
1718 /* There can't be more than 64K labels because of the limit
1719 * on per-method byte code length.
1720 */
1721 if (npairs < 0 || npairs >= 65536)
1722 return -1;
1723 else
1724 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1725 }
1726
1727 case JVM_OPC_wide:
1728 if (iptr + 1 >= end)
1729 return -1; /* do not read pass the end */
1730 switch(iptr[1]) {
1731 case JVM_OPC_ret:
1732 case JVM_OPC_iload: case JVM_OPC_istore:
1733 case JVM_OPC_fload: case JVM_OPC_fstore:
1734 case JVM_OPC_aload: case JVM_OPC_astore:
1735 case JVM_OPC_lload: case JVM_OPC_lstore:
1736 case JVM_OPC_dload: case JVM_OPC_dstore:
1737 return 4;
1738 case JVM_OPC_iinc:
1739 return 6;
1740 default:
1741 return -1;
1742 }
1743
1744 default: {
1745 /* A length of 0 indicates an error. */
1746 int length = opcode_length[instruction];
1747 return (length <= 0) ? -1 : length;
1748 }
1749 }
1750 }
1751
1752
1753 /* Given the target of a branch, make sure that it's a legal target. */
1754 static jboolean
1755 isLegalTarget(context_type *context, int offset)
1756 {
1757 int code_length = context->code_length;
1758 int *code_data = context->code_data;
1759 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1760 }
1761
1762
1763 /* Make sure that an element of the constant pool really is of the indicated
1764 * type.
1765 */
1766 static void
1767 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1768 {
1769 int nconstants = context->nconstants;
1770 unsigned char *type_table = context->constant_types;
1771 unsigned type;
1772
1773 if ((index <= 0) || (index >= nconstants))
1774 CCerror(context, "Illegal constant pool index");
1775
1776 type = type_table[index];
1777 if ((mask & (1 << type)) == 0)
1778 CCerror(context, "Illegal type in constant pool");
1779 }
1780
1781
1782 static void
1783 initialize_dataflow(context_type *context)
1784 {
1785 JNIEnv *env = context->env;
1786 instruction_data_type *idata = context->instruction_data;
1787 int mi = context->method_index;
1788 jclass cb = context->class;
1789 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1790 fullinfo_type *reg_ptr;
1791 fullinfo_type full_info;
1792 const char *p;
1793 const char *signature;
1794
1795 /* Initialize the function entry, since we know everything about it. */
1796 idata[0].stack_info.stack_size = 0;
1797 idata[0].stack_info.stack = NULL;
1798 idata[0].register_info.register_count = args_size;
1799 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1800 idata[0].register_info.mask_count = 0;
1801 idata[0].register_info.masks = NULL;
1802 idata[0].and_flags = 0; /* nothing needed */
1803 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1804 reg_ptr = idata[0].register_info.registers;
1805
1806 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1807 /* A non static method. If this is an <init> method, the first
1808 * argument is an uninitialized object. Otherwise it is an object of
1809 * the given class type. java.lang.Object.<init> is special since
1810 * we don't call its superclass <init> method.
1811 */
1812 if (JVM_IsConstructorIx(env, cb, mi)
1813 && context->currentclass_info != context->object_info) {
1814 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1815 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1816 } else {
1817 *reg_ptr++ = context->currentclass_info;
1818 }
1819 }
1820 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1821 check_and_push(context, signature, VM_STRING_UTF);
1822 /* Fill in each of the arguments into the registers. */
1823 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1824 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1825 switch (fieldchar) {
1826 case 'D': case 'L':
1827 *reg_ptr++ = full_info;
1828 *reg_ptr++ = full_info + 1;
1829 break;
1830 default:
1831 *reg_ptr++ = full_info;
1832 break;
1833 }
1834 }
1835 p++; /* skip over right parenthesis */
1836 if (*p == 'V') {
1837 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1838 } else {
1839 signature_to_fieldtype(context, &p, &full_info);
1840 context->return_type = full_info;
1841 }
1842 pop_and_free(context);
1843 /* Indicate that we need to look at the first instruction. */
1844 idata[0].changed = JNI_TRUE;
1845 }
1846
1847
1848 /* Run the data flow analysis, as long as there are things to change. */
1849 static void
1850 run_dataflow(context_type *context) {
1851 JNIEnv *env = context->env;
1852 int mi = context->method_index;
1853 jclass cb = context->class;
1854 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1855 instruction_data_type *idata = context->instruction_data;
1856 unsigned int icount = context->instruction_count;
1857 jboolean work_to_do = JNI_TRUE;
1858 unsigned int inumber;
1859
1860 /* Run through the loop, until there is nothing left to do. */
1861 while (work_to_do) {
1862 work_to_do = JNI_FALSE;
1863 for (inumber = 0; inumber < icount; inumber++) {
1864 instruction_data_type *this_idata = &idata[inumber];
1865 if (this_idata->changed) {
1866 register_info_type new_register_info;
1867 stack_info_type new_stack_info;
1868 flag_type new_and_flags, new_or_flags;
1869
1870 this_idata->changed = JNI_FALSE;
1871 work_to_do = JNI_TRUE;
1872 #ifdef DEBUG
1873 if (verify_verbose) {
1874 int opcode = this_idata->opcode;
1875 jio_fprintf(stdout, "Instruction %d: ", inumber);
1876 print_stack(context, &this_idata->stack_info);
1877 print_registers(context, &this_idata->register_info);
1878 print_flags(context,
1879 this_idata->and_flags, this_idata->or_flags);
1880 fflush(stdout);
1881 }
1882 #endif
1883 /* Make sure the registers and flags are appropriate */
1884 check_register_values(context, inumber);
1885 check_flags(context, inumber);
1886
1887 /* Make sure the stack can deal with this instruction */
1888 pop_stack(context, inumber, &new_stack_info);
1889
1890 /* Update the registers and flags */
1891 update_registers(context, inumber, &new_register_info);
1892 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1893
1894 /* Update the stack. */
1895 push_stack(context, inumber, &new_stack_info);
1896
1897 if (new_stack_info.stack_size > max_stack_size)
1898 CCerror(context, "Stack size too large");
1899 #ifdef DEBUG
1900 if (verify_verbose) {
1901 jio_fprintf(stdout, " ");
1902 print_stack(context, &new_stack_info);
1903 print_registers(context, &new_register_info);
1904 print_flags(context, new_and_flags, new_or_flags);
1905 fflush(stdout);
1906 }
1907 #endif
1908 /* Add the new stack and register information to any
1909 * instructions that can follow this instruction. */
1910 merge_into_successors(context, inumber,
1911 &new_register_info, &new_stack_info,
1912 new_and_flags, new_or_flags);
1913 }
1914 }
1915 }
1916 }
1917
1918
1919 /* Make sure that the registers contain a legitimate value for the given
1920 * instruction.
1921 */
1922
1923 static void
1924 check_register_values(context_type *context, unsigned int inumber)
1925 {
1926 instruction_data_type *idata = context->instruction_data;
1927 instruction_data_type *this_idata = &idata[inumber];
1928 int opcode = this_idata->opcode;
1929 int operand = this_idata->operand.i;
1930 int register_count = this_idata->register_info.register_count;
1931 fullinfo_type *registers = this_idata->register_info.registers;
1932 jboolean double_word = JNI_FALSE; /* default value */
1933 int type;
1934
1935 switch (opcode) {
1936 default:
1937 return;
1938 case JVM_OPC_iload: case JVM_OPC_iinc:
1939 type = ITEM_Integer; break;
1940 case JVM_OPC_fload:
1941 type = ITEM_Float; break;
1942 case JVM_OPC_aload:
1943 type = ITEM_Object; break;
1944 case JVM_OPC_ret:
1945 type = ITEM_ReturnAddress; break;
1946 case JVM_OPC_lload:
1947 type = ITEM_Long; double_word = JNI_TRUE; break;
1948 case JVM_OPC_dload:
1949 type = ITEM_Double; double_word = JNI_TRUE; break;
1950 }
1951 if (!double_word) {
1952 fullinfo_type reg;
1953 /* Make sure we don't have an illegal register or one with wrong type */
1954 if (operand >= register_count) {
1955 CCerror(context,
1956 "Accessing value from uninitialized register %d", operand);
1957 }
1958 reg = registers[operand];
1959
1960 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1961 /* the register is obviously of the given type */
1962 return;
1963 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1964 /* address type stuff be used on all arrays */
1965 return;
1966 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1967 CCerror(context, "Cannot load return address from register %d",
1968 operand);
1969 /* alternatively
1970 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1971 && (opcode == JVM_OPC_iload)
1972 && (type == ITEM_Object || type == ITEM_Integer)
1973 but this never occurs
1974 */
1975 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1976 return;
1977 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1978 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1979 type == ITEM_Object) {
1980 return;
1981 } else {
1982 CCerror(context, "Register %d contains wrong type", operand);
1983 }
1984 } else {
1985 /* Make sure we don't have an illegal register or one with wrong type */
1986 if ((operand + 1) >= register_count) {
1987 CCerror(context,
1988 "Accessing value from uninitialized register pair %d/%d",
1989 operand, operand+1);
1990 } else {
1991 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1992 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1993 return;
1994 } else {
1995 CCerror(context, "Register pair %d/%d contains wrong type",
1996 operand, operand+1);
1997 }
1998 }
1999 }
2000 }
2001
2002
2003 /* Make sure the flags contain legitimate values for this instruction.
2004 */
2005
2006 static void
2007 check_flags(context_type *context, unsigned int inumber)
2008 {
2009 instruction_data_type *idata = context->instruction_data;
2010 instruction_data_type *this_idata = &idata[inumber];
2011 int opcode = this_idata->opcode;
2012 switch (opcode) {
2013 case JVM_OPC_return:
2014 /* We need a constructor, but we aren't guaranteed it's called */
2015 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2016 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2017 CCerror(context, "Constructor must call super() or this()");
2018 /* fall through */
2019 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2020 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2021 if (this_idata->or_flags & FLAG_NO_RETURN)
2022 /* This method cannot exit normally */
2023 CCerror(context, "Cannot return normally");
2024 default:
2025 break; /* nothing to do. */
2026 }
2027 }
2028
2029 /* Make sure that the top of the stack contains reasonable values for the
2030 * given instruction. The post-pop values of the stack and its size are
2031 * returned in *new_stack_info.
2032 */
2033
2034 static void
2035 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2036 {
2037 instruction_data_type *idata = context->instruction_data;
2038 instruction_data_type *this_idata = &idata[inumber];
2039 int opcode = this_idata->opcode;
2040 stack_item_type *stack = this_idata->stack_info.stack;
2041 int stack_size = this_idata->stack_info.stack_size;
2042 char *stack_operands, *p;
2043 char buffer[257]; /* for holding manufactured argument lists */
2044 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2045 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2046 fullinfo_type full_info; /* only used in case of invoke instructions */
2047 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2048
2049 switch(opcode) {
2050 default:
2051 /* For most instructions, we just use a built-in table */
2052 stack_operands = opcode_in_out[opcode][0];
2053 break;
2054
2055 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2056 /* The top thing on the stack depends on the signature of
2057 * the object. */
2058 int operand = this_idata->operand.i;
2059 const char *signature =
2060 JVM_GetCPFieldSignatureUTF(context->env,
2061 context->class,
2062 operand);
2063 char *ip = buffer;
2064 check_and_push(context, signature, VM_STRING_UTF);
2065 #ifdef DEBUG
2066 if (verify_verbose) {
2067 print_formatted_fieldname(context, operand);
2068 }
2069 #endif
2070 if (opcode == JVM_OPC_putfield)
2071 *ip++ = 'A'; /* object for putfield */
2072 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2073 *ip = '\0';
2074 stack_operands = buffer;
2075 pop_and_free(context);
2076 break;
2077 }
2078
2079 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2080 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2081 case JVM_OPC_invokedynamic:
2082 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2083 /* The top stuff on the stack depends on the method signature */
2084 int operand = this_idata->operand.i;
2085 const char *signature =
2086 JVM_GetCPMethodSignatureUTF(context->env,
2087 context->class,
2088 operand);
2089 char *ip = buffer;
2090 const char *p;
2091 check_and_push(context, signature, VM_STRING_UTF);
2092 #ifdef DEBUG
2093 if (verify_verbose) {
2094 print_formatted_methodname(context, operand);
2095 }
2096 #endif
2097 if (opcode != JVM_OPC_invokestatic &&
2098 opcode != JVM_OPC_invokedynamic)
2099 /* First, push the object */
2100 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2101 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2102 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2103 if (ip >= buffer + sizeof(buffer) - 1)
2104 CCerror(context, "Signature %s has too many arguments",
2105 signature);
2106 }
2107 *ip = 0;
2108 stack_operands = buffer;
2109 pop_and_free(context);
2110 break;
2111 }
2112
2113 case JVM_OPC_multianewarray: {
2114 /* Count can't be larger than 255. So can't overflow buffer */
2115 int count = this_idata->operand2.i; /* number of ints on stack */
2116 memset(buffer, 'I', count);
2117 buffer[count] = '\0';
2118 stack_operands = buffer;
2119 break;
2120 }
2121
2122 } /* of switch */
2123
2124 /* Run through the list of operands >>backwards<< */
2125 for ( p = stack_operands + strlen(stack_operands);
2126 p > stack_operands;
2127 stack = stack->next) {
2128 int type = *--p;
2129 fullinfo_type top_type = stack ? stack->item : 0;
2130 int size = (type == 'D' || type == 'L') ? 2 : 1;
2131 *--stack_extra_info = top_type;
2132 if (stack == NULL)
2133 CCerror(context, "Unable to pop operand off an empty stack");
2134
2135 switch (type) {
2136 case 'I':
2137 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2138 CCerror(context, "Expecting to find integer on stack");
2139 break;
2140
2141 case 'F':
2142 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2143 CCerror(context, "Expecting to find float on stack");
2144 break;
2145
2146 case 'A': /* object or array */
2147 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2148 && (GET_INDIRECTION(top_type) == 0)) {
2149 /* The thing isn't an object or an array. Let's see if it's
2150 * one of the special cases */
2151 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2152 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2153 && (opcode == JVM_OPC_astore))
2154 break;
2155 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2156 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2157 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2158 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2159 break;
2160 /* The 2nd edition VM of the specification allows field
2161 * initializations before the superclass initializer,
2162 * if the field is defined within the current class.
2163 */
2164 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2165 && (opcode == JVM_OPC_putfield)) {
2166 int operand = this_idata->operand.i;
2167 int access_bits = JVM_GetCPFieldModifiers(context->env,
2168 context->class,
2169 operand,
2170 context->class);
2171 /* Note: This relies on the fact that
2172 * JVM_GetCPFieldModifiers retrieves only local fields,
2173 * and does not respect inheritance.
2174 */
2175 if (access_bits != -1) {
2176 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2177 context->currentclass_info ) {
2178 top_type = context->currentclass_info;
2179 *stack_extra_info = top_type;
2180 break;
2181 }
2182 }
2183 }
2184 CCerror(context, "Expecting to find object/array on stack");
2185 }
2186 break;
2187
2188 case '@': { /* unitialized object, for call to <init> */
2189 int item_type = GET_ITEM_TYPE(top_type);
2190 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2191 CCerror(context,
2192 "Expecting to find unitialized object on stack");
2193 break;
2194 }
2195
2196 case 'O': /* object, not array */
2197 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2198 MAKE_FULLINFO(ITEM_Object, 0, 0))
2199 CCerror(context, "Expecting to find object on stack");
2200 break;
2201
2202 case 'a': /* integer, object, or array */
2203 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2204 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2205 && (GET_INDIRECTION(top_type) == 0))
2206 CCerror(context,
2207 "Expecting to find object, array, or int on stack");
2208 break;
2209
2210 case 'D': /* double */
2211 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2212 CCerror(context, "Expecting to find double on stack");
2213 break;
2214
2215 case 'L': /* long */
2216 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2217 CCerror(context, "Expecting to find long on stack");
2218 break;
2219
2220 case ']': /* array of some type */
2221 if (top_type == NULL_FULLINFO) {
2222 /* do nothing */
2223 } else switch(p[-1]) {
2224 case 'I': /* array of integers */
2225 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2226 top_type != NULL_FULLINFO)
2227 CCerror(context,
2228 "Expecting to find array of ints on stack");
2229 break;
2230
2231 case 'L': /* array of longs */
2232 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2233 CCerror(context,
2234 "Expecting to find array of longs on stack");
2235 break;
2236
2237 case 'F': /* array of floats */
2238 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2239 CCerror(context,
2240 "Expecting to find array of floats on stack");
2241 break;
2242
2243 case 'D': /* array of doubles */
2244 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2245 CCerror(context,
2246 "Expecting to find array of doubles on stack");
2247 break;
2248
2249 case 'A': { /* array of addresses (arrays or objects) */
2250 int indirection = GET_INDIRECTION(top_type);
2251 if ((indirection == 0) ||
2252 ((indirection == 1) &&
2253 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2254 CCerror(context,
2255 "Expecting to find array of objects or arrays "
2256 "on stack");
2257 break;
2258 }
2259
2260 case 'B': /* array of bytes */
2261 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0))
2262 CCerror(context,
2263 "Expecting to find array of bytes on stack");
2264 break;
2265
2266 case 'C': /* array of characters */
2267 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2268 CCerror(context,
2269 "Expecting to find array of chars on stack");
2270 break;
2271
2272 case 'S': /* array of shorts */
2273 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2274 CCerror(context,
2275 "Expecting to find array of shorts on stack");
2276 break;
2277
2278 case '?': /* any type of array is okay */
2279 if (GET_INDIRECTION(top_type) == 0)
2280 CCerror(context,
2281 "Expecting to find array on stack");
2282 break;
2283
2284 default:
2285 CCerror(context, "Internal error #1");
2286 break;
2287 }
2288 p -= 2; /* skip over [ <char> */
2289 break;
2290
2291 case '1': case '2': case '3': case '4': /* stack swapping */
2292 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2293 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2294 if ((p > stack_operands) && (p[-1] == '+')) {
2295 context->swap_table[type - '1'] = top_type + 1;
2296 context->swap_table[p[-2] - '1'] = top_type;
2297 size = 2;
2298 p -= 2;
2299 } else {
2300 CCerror(context,
2301 "Attempt to split long or double on the stack");
2302 }
2303 } else {
2304 context->swap_table[type - '1'] = stack->item;
2305 if ((p > stack_operands) && (p[-1] == '+'))
2306 p--; /* ignore */
2307 }
2308 break;
2309 case '+': /* these should have been caught. */
2310 default:
2311 CCerror(context, "Internal error #2");
2312 }
2313 stack_size -= size;
2314 }
2315
2316 /* For many of the opcodes that had an "A" in their field, we really
2317 * need to go back and do a little bit more accurate testing. We can, of
2318 * course, assume that the minimal type checking has already been done.
2319 */
2320 switch (opcode) {
2321 default: break;
2322 case JVM_OPC_aastore: { /* array index object */
2323 fullinfo_type array_type = stack_extra_info[0];
2324 fullinfo_type object_type = stack_extra_info[2];
2325 fullinfo_type target_type = decrement_indirection(array_type);
2326 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2327 && (GET_INDIRECTION(object_type) == 0)) {
2328 CCerror(context, "Expecting reference type on operand stack in aastore");
2329 }
2330 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2331 && (GET_INDIRECTION(target_type) == 0)) {
2332 CCerror(context, "Component type of the array must be reference type in aastore");
2333 }
2334 break;
2335 }
2336
2337 case JVM_OPC_putfield:
2338 case JVM_OPC_getfield:
2339 case JVM_OPC_putstatic: {
2340 int operand = this_idata->operand.i;
2341 fullinfo_type stack_object = stack_extra_info[0];
2342 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2343 if (!isAssignableTo
2344 (context,
2345 stack_object,
2346 cp_index_to_class_fullinfo
2347 (context, operand, JVM_CONSTANT_Fieldref))) {
2348 CCerror(context,
2349 "Incompatible type for getting or setting field");
2350 }
2351 if (this_idata->protected &&
2352 !isAssignableTo(context, stack_object,
2353 context->currentclass_info)) {
2354 CCerror(context, "Bad access to protected data");
2355 }
2356 }
2357 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2358 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2359 if (!isAssignableTo(context,
2360 stack_extra_info[item], put_full_info)) {
2361 CCerror(context, "Bad type in putfield/putstatic");
2362 }
2363 }
2364 break;
2365 }
2366
2367 case JVM_OPC_athrow:
2368 if (!isAssignableTo(context, stack_extra_info[0],
2369 context->throwable_info)) {
2370 CCerror(context, "Can only throw Throwable objects");
2371 }
2372 break;
2373
2374 case JVM_OPC_aaload: { /* array index */
2375 /* We need to pass the information to the stack updater */
2376 fullinfo_type array_type = stack_extra_info[0];
2377 context->swap_table[0] = decrement_indirection(array_type);
2378 break;
2379 }
2380
2381 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2382 case JVM_OPC_invokeinit:
2383 case JVM_OPC_invokedynamic:
2384 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2385 int operand = this_idata->operand.i;
2386 const char *signature =
2387 JVM_GetCPMethodSignatureUTF(context->env,
2388 context->class,
2389 operand);
2390 int item;
2391 const char *p;
2392 check_and_push(context, signature, VM_STRING_UTF);
2393 if (opcode == JVM_OPC_invokestatic ||
2394 opcode == JVM_OPC_invokedynamic) {
2395 item = 0;
2396 } else if (opcode == JVM_OPC_invokeinit) {
2397 fullinfo_type init_type = this_idata->operand2.fi;
2398 fullinfo_type object_type = stack_extra_info[0];
2399 context->swap_table[0] = object_type; /* save value */
2400 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2401 /* We better be calling the appropriate init. Find the
2402 * inumber of the "JVM_OPC_new" instruction", and figure
2403 * out what the type really is.
2404 */
2405 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2406 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2407 context->swap_table[1] = target_type;
2408
2409 if (target_type != init_type) {
2410 CCerror(context, "Call to wrong initialization method");
2411 }
2412 if (this_idata->protected
2413 && context->major_version > LDC_CLASS_MAJOR_VERSION
2414 && !isAssignableTo(context, object_type,
2415 context->currentclass_info)) {
2416 CCerror(context, "Bad access to protected data");
2417 }
2418 } else {
2419 /* We better be calling super() or this(). */
2420 if (init_type != context->superclass_info &&
2421 init_type != context->currentclass_info) {
2422 CCerror(context, "Call to wrong initialization method");
2423 }
2424 context->swap_table[1] = context->currentclass_info;
2425 }
2426 item = 1;
2427 } else {
2428 fullinfo_type target_type = this_idata->operand2.fi;
2429 fullinfo_type object_type = stack_extra_info[0];
2430 if (!isAssignableTo(context, object_type, target_type)){
2431 CCerror(context,
2432 "Incompatible object argument for function call");
2433 }
2434 if (opcode == JVM_OPC_invokespecial
2435 && !isAssignableTo(context, object_type,
2436 context->currentclass_info)) {
2437 /* Make sure object argument is assignment compatible to current class */
2438 CCerror(context,
2439 "Incompatible object argument for invokespecial");
2440 }
2441 if (this_idata->protected
2442 && !isAssignableTo(context, object_type,
2443 context->currentclass_info)) {
2444 /* This is ugly. Special dispensation. Arrays pretend to
2445 implement public Object clone() even though they don't */
2446 const char *utfName =
2447 JVM_GetCPMethodNameUTF(context->env,
2448 context->class,
2449 this_idata->operand.i);
2450 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2451 JVM_ReleaseUTF(utfName);
2452
2453 if ((target_type == context->object_info) &&
2454 (GET_INDIRECTION(object_type) > 0) &&
2455 is_clone) {
2456 } else {
2457 CCerror(context, "Bad access to protected data");
2458 }
2459 }
2460 item = 1;
2461 }
2462 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2463 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2464 if (!isAssignableTo(context,
2465 stack_extra_info[item], full_info)) {
2466 CCerror(context, "Incompatible argument to function");
2467 }
2468 }
2469
2470 pop_and_free(context);
2471 break;
2472 }
2473
2474 case JVM_OPC_return:
2475 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2476 CCerror(context, "Wrong return type in function");
2477 break;
2478
2479 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2480 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2481 fullinfo_type target_type = context->return_type;
2482 fullinfo_type object_type = stack_extra_info[0];
2483 if (!isAssignableTo(context, object_type, target_type)) {
2484 CCerror(context, "Wrong return type in function");
2485 }
2486 break;
2487 }
2488
2489 case JVM_OPC_new: {
2490 /* Make sure that nothing on the stack already looks like what
2491 * we want to create. I can't image how this could possibly happen
2492 * but we should test for it anyway, since if it could happen, the
2493 * result would be an unitialized object being able to masquerade
2494 * as an initialized one.
2495 */
2496 stack_item_type *item;
2497 for (item = stack; item != NULL; item = item->next) {
2498 if (item->item == this_idata->operand.fi) {
2499 CCerror(context,
2500 "Uninitialized object on stack at creating point");
2501 }
2502 }
2503 /* Info for update_registers */
2504 context->swap_table[0] = this_idata->operand.fi;
2505 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2506
2507 break;
2508 }
2509 }
2510 new_stack_info->stack = stack;
2511 new_stack_info->stack_size = stack_size;
2512 }
2513
2514
2515 /* We've already determined that the instruction is legal. Perform the
2516 * operation on the registers, and return the updated results in
2517 * new_register_count_p and new_registers.
2518 */
2519
2520 static void
2521 update_registers(context_type *context, unsigned int inumber,
2522 register_info_type *new_register_info)
2523 {
2524 instruction_data_type *idata = context->instruction_data;
2525 instruction_data_type *this_idata = &idata[inumber];
2526 int opcode = this_idata->opcode;
2527 int operand = this_idata->operand.i;
2528 int register_count = this_idata->register_info.register_count;
2529 fullinfo_type *registers = this_idata->register_info.registers;
2530 stack_item_type *stack = this_idata->stack_info.stack;
2531 int mask_count = this_idata->register_info.mask_count;
2532 mask_type *masks = this_idata->register_info.masks;
2533
2534 /* Use these as default new values. */
2535 int new_register_count = register_count;
2536 int new_mask_count = mask_count;
2537 fullinfo_type *new_registers = registers;
2538 mask_type *new_masks = masks;
2539
2540 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2541 int i;
2542
2543 /* Remember, we've already verified the type at the top of the stack. */
2544 switch (opcode) {
2545 default: break;
2546 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2547 access = ACCESS_SINGLE;
2548 goto continue_store;
2549
2550 case JVM_OPC_lstore: case JVM_OPC_dstore:
2551 access = ACCESS_DOUBLE;
2552 goto continue_store;
2553
2554 continue_store: {
2555 /* We have a modification to the registers. Copy them if needed. */
2556 fullinfo_type stack_top_type = stack->item;
2557 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2558
2559 if ( max_operand < register_count
2560 && registers[operand] == stack_top_type
2561 && ((access == ACCESS_SINGLE) ||
2562 (registers[operand + 1]== stack_top_type + 1)))
2563 /* No changes have been made to the registers. */
2564 break;
2565 new_register_count = MAX(max_operand + 1, register_count);
2566 new_registers = NEW(fullinfo_type, new_register_count);
2567 for (i = 0; i < register_count; i++)
2568 new_registers[i] = registers[i];
2569 for (i = register_count; i < new_register_count; i++)
2570 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2571 new_registers[operand] = stack_top_type;
2572 if (access == ACCESS_DOUBLE)
2573 new_registers[operand + 1] = stack_top_type + 1;
2574 break;
2575 }
2576
2577 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2578 case JVM_OPC_iinc: case JVM_OPC_ret:
2579 access = ACCESS_SINGLE;
2580 break;
2581
2582 case JVM_OPC_lload: case JVM_OPC_dload:
2583 access = ACCESS_DOUBLE;
2584 break;
2585
2586 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2587 for (i = 0; i < new_mask_count; i++)
2588 if (new_masks[i].entry == operand)
2589 CCerror(context, "Recursive call to jsr entry");
2590 new_masks = add_to_masks(context, masks, mask_count, operand);
2591 new_mask_count++;
2592 break;
2593
2594 case JVM_OPC_invokeinit:
2595 case JVM_OPC_new: {
2596 /* For invokeinit, an uninitialized object has been initialized.
2597 * For new, all previous occurrences of an uninitialized object
2598 * from the same instruction must be made bogus.
2599 * We find all occurrences of swap_table[0] in the registers, and
2600 * replace them with swap_table[1];
2601 */
2602 fullinfo_type from = context->swap_table[0];
2603 fullinfo_type to = context->swap_table[1];
2604
2605 int i;
2606 for (i = 0; i < register_count; i++) {
2607 if (new_registers[i] == from) {
2608 /* Found a match */
2609 break;
2610 }
2611 }
2612 if (i < register_count) { /* We broke out loop for match */
2613 /* We have to change registers, and possibly a mask */
2614 jboolean copied_mask = JNI_FALSE;
2615 int k;
2616 new_registers = NEW(fullinfo_type, register_count);
2617 memcpy(new_registers, registers,
2618 register_count * sizeof(registers[0]));
2619 for ( ; i < register_count; i++) {
2620 if (new_registers[i] == from) {
2621 new_registers[i] = to;
2622 for (k = 0; k < new_mask_count; k++) {
2623 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2624 if (!copied_mask) {
2625 new_masks = copy_masks(context, new_masks,
2626 mask_count);
2627 copied_mask = JNI_TRUE;
2628 }
2629 SET_BIT(new_masks[k].modifies, i);
2630 }
2631 }
2632 }
2633 }
2634 }
2635 break;
2636 }
2637 } /* of switch */
2638
2639 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2640 int i, j;
2641 for (i = 0; i < new_mask_count; i++) {
2642 int *mask = new_masks[i].modifies;
2643 if ((!IS_BIT_SET(mask, operand)) ||
2644 ((access == ACCESS_DOUBLE) &&
2645 !IS_BIT_SET(mask, operand + 1))) {
2646 new_masks = copy_masks(context, new_masks, mask_count);
2647 for (j = i; j < new_mask_count; j++) {
2648 SET_BIT(new_masks[j].modifies, operand);
2649 if (access == ACCESS_DOUBLE)
2650 SET_BIT(new_masks[j].modifies, operand + 1);
2651 }
2652 break;
2653 }
2654 }
2655 }
2656
2657 new_register_info->register_count = new_register_count;
2658 new_register_info->registers = new_registers;
2659 new_register_info->masks = new_masks;
2660 new_register_info->mask_count = new_mask_count;
2661 }
2662
2663
2664
2665 /* We've already determined that the instruction is legal, and have updated
2666 * the registers. Update the flags, too.
2667 */
2668
2669
2670 static void
2671 update_flags(context_type *context, unsigned int inumber,
2672 flag_type *new_and_flags, flag_type *new_or_flags)
2673
2674 {
2675 instruction_data_type *idata = context->instruction_data;
2676 instruction_data_type *this_idata = &idata[inumber];
2677 flag_type and_flags = this_idata->and_flags;
2678 flag_type or_flags = this_idata->or_flags;
2679
2680 /* Set the "we've done a constructor" flag */
2681 if (this_idata->opcode == JVM_OPC_invokeinit) {
2682 fullinfo_type from = context->swap_table[0];
2683 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2684 and_flags |= FLAG_CONSTRUCTED;
2685 }
2686 *new_and_flags = and_flags;
2687 *new_or_flags = or_flags;
2688 }
2689
2690
2691
2692 /* We've already determined that the instruction is legal. Perform the
2693 * operation on the stack;
2694 *
2695 * new_stack_size_p and new_stack_p point to the results after the pops have
2696 * already been done. Do the pushes, and then put the results back there.
2697 */
2698
2699 static void
2700 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2701 {
2702 instruction_data_type *idata = context->instruction_data;
2703 instruction_data_type *this_idata = &idata[inumber];
2704 int opcode = this_idata->opcode;
2705 int operand = this_idata->operand.i;
2706
2707 int stack_size = new_stack_info->stack_size;
2708 stack_item_type *stack = new_stack_info->stack;
2709 char *stack_results;
2710
2711 fullinfo_type full_info = 0;
2712 char buffer[5], *p; /* actually [2] is big enough */
2713
2714 /* We need to look at all those opcodes in which either we can't tell the
2715 * value pushed onto the stack from the opcode, or in which the value
2716 * pushed onto the stack is an object or array. For the latter, we need
2717 * to make sure that full_info is set to the right value.
2718 */
2719 switch(opcode) {
2720 default:
2721 stack_results = opcode_in_out[opcode][1];
2722 break;
2723
2724 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2725 /* Look to constant pool to determine correct result. */
2726 unsigned char *type_table = context->constant_types;
2727 switch (type_table[operand]) {
2728 case JVM_CONSTANT_Integer:
2729 stack_results = "I"; break;
2730 case JVM_CONSTANT_Float:
2731 stack_results = "F"; break;
2732 case JVM_CONSTANT_Double:
2733 stack_results = "D"; break;
2734 case JVM_CONSTANT_Long:
2735 stack_results = "L"; break;
2736 case JVM_CONSTANT_String:
2737 stack_results = "A";
2738 full_info = context->string_info;
2739 break;
2740 case JVM_CONSTANT_Class:
2741 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2742 CCerror(context, "Internal error #3");
2743 stack_results = "A";
2744 full_info = make_class_info_from_name(context,
2745 "java/lang/Class");
2746 break;
2747 case JVM_CONSTANT_MethodHandle:
2748 case JVM_CONSTANT_MethodType:
2749 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2750 CCerror(context, "Internal error #3");
2751 stack_results = "A";
2752 switch (type_table[operand]) {
2753 case JVM_CONSTANT_MethodType:
2754 full_info = make_class_info_from_name(context,
2755 "java/lang/invoke/MethodType");
2756 break;
2757 default: //JVM_CONSTANT_MethodHandle
2758 full_info = make_class_info_from_name(context,
2759 "java/lang/invoke/MethodHandle");
2760 break;
2761 }
2762 break;
2763 default:
2764 CCerror(context, "Internal error #3");
2765 stack_results = ""; /* Never reached: keep lint happy */
2766 }
2767 break;
2768 }
2769
2770 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2771 /* Look to signature to determine correct result. */
2772 int operand = this_idata->operand.i;
2773 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2774 context->class,
2775 operand);
2776 check_and_push(context, signature, VM_STRING_UTF);
2777 #ifdef DEBUG
2778 if (verify_verbose) {
2779 print_formatted_fieldname(context, operand);
2780 }
2781 #endif
2782 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2783 buffer[1] = '\0';
2784 stack_results = buffer;
2785 pop_and_free(context);
2786 break;
2787 }
2788
2789 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2790 case JVM_OPC_invokeinit:
2791 case JVM_OPC_invokedynamic:
2792 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2793 /* Look to signature to determine correct result. */
2794 int operand = this_idata->operand.i;
2795 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2796 context->class,
2797 operand);
2798 const char *result_signature;
2799 check_and_push(context, signature, VM_STRING_UTF);
2800 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2801 if (result_signature++ == NULL) {
2802 CCerror(context, "Illegal signature %s", signature);
2803 }
2804 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2805 stack_results = "";
2806 } else {
2807 buffer[0] = signature_to_fieldtype(context, &result_signature,
2808 &full_info);
2809 buffer[1] = '\0';
2810 stack_results = buffer;
2811 }
2812 pop_and_free(context);
2813 break;
2814 }
2815
2816 case JVM_OPC_aconst_null:
2817 stack_results = opcode_in_out[opcode][1];
2818 full_info = NULL_FULLINFO; /* special NULL */
2819 break;
2820
2821 case JVM_OPC_new:
2822 case JVM_OPC_checkcast:
2823 case JVM_OPC_newarray:
2824 case JVM_OPC_anewarray:
2825 case JVM_OPC_multianewarray:
2826 stack_results = opcode_in_out[opcode][1];
2827 /* Conveniently, this result type is stored here */
2828 full_info = this_idata->operand.fi;
2829 break;
2830
2831 case JVM_OPC_aaload:
2832 stack_results = opcode_in_out[opcode][1];
2833 /* pop_stack() saved value for us. */
2834 full_info = context->swap_table[0];
2835 break;
2836
2837 case JVM_OPC_aload:
2838 stack_results = opcode_in_out[opcode][1];
2839 /* The register hasn't been modified, so we can use its value. */
2840 full_info = this_idata->register_info.registers[operand];
2841 break;
2842 } /* of switch */
2843
2844 for (p = stack_results; *p != 0; p++) {
2845 int type = *p;
2846 stack_item_type *new_item = NEW(stack_item_type, 1);
2847 new_item->next = stack;
2848 stack = new_item;
2849 switch (type) {
2850 case 'I':
2851 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2852 case 'F':
2853 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2854 case 'D':
2855 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2856 stack_size++; break;
2857 case 'L':
2858 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2859 stack_size++; break;
2860 case 'R':
2861 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2862 break;
2863 case '1': case '2': case '3': case '4': {
2864 /* Get the info saved in the swap_table */
2865 fullinfo_type stype = context->swap_table[type - '1'];
2866 stack->item = stype;
2867 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2868 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2869 stack_size++; p++;
2870 }
2871 break;
2872 }
2873 case 'A':
2874 /* full_info should have the appropriate value. */
2875 assert(full_info != 0);
2876 stack->item = full_info;
2877 break;
2878 default:
2879 CCerror(context, "Internal error #4");
2880
2881 } /* switch type */
2882 stack_size++;
2883 } /* outer for loop */
2884
2885 if (opcode == JVM_OPC_invokeinit) {
2886 /* If there are any instances of "from" on the stack, we need to
2887 * replace it with "to", since calling <init> initializes all versions
2888 * of the object, obviously. */
2889 fullinfo_type from = context->swap_table[0];
2890 stack_item_type *ptr;
2891 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2892 if (ptr->item == from) {
2893 fullinfo_type to = context->swap_table[1];
2894 stack = copy_stack(context, stack);
2895 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2896 if (ptr->item == from) ptr->item = to;
2897 break;
2898 }
2899 }
2900 }
2901
2902 new_stack_info->stack_size = stack_size;
2903 new_stack_info->stack = stack;
2904 }
2905
2906
2907 /* We've performed an instruction, and determined the new registers and stack
2908 * value. Look at all of the possibly subsequent instructions, and merge
2909 * this stack value into theirs.
2910 */
2911
2912 static void
2913 merge_into_successors(context_type *context, unsigned int inumber,
2914 register_info_type *register_info,
2915 stack_info_type *stack_info,
2916 flag_type and_flags, flag_type or_flags)
2917 {
2918 instruction_data_type *idata = context->instruction_data;
2919 instruction_data_type *this_idata = &idata[inumber];
2920 int opcode = this_idata->opcode;
2921 int operand = this_idata->operand.i;
2922 struct handler_info_type *handler_info = context->handler_info;
2923 int handler_info_length =
2924 JVM_GetMethodIxExceptionTableLength(context->env,
2925 context->class,
2926 context->method_index);
2927
2928
2929 int buffer[2]; /* default value for successors */
2930 int *successors = buffer; /* table of successors */
2931 int successors_count;
2932 int i;
2933
2934 switch (opcode) {
2935 default:
2936 successors_count = 1;
2937 buffer[0] = inumber + 1;
2938 break;
2939
2940 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2941 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2942 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2943 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2944 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2945 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2946 successors_count = 2;
2947 buffer[0] = inumber + 1;
2948 buffer[1] = operand;
2949 break;
2950
2951 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2952 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2953 idata[this_idata->operand2.i].changed = JNI_TRUE;
2954 /* FALLTHROUGH */
2955 case JVM_OPC_goto: case JVM_OPC_goto_w:
2956 successors_count = 1;
2957 buffer[0] = operand;
2958 break;
2959
2960
2961 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2962 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2963 case JVM_OPC_athrow:
2964 /* The testing for the returns is handled in pop_stack() */
2965 successors_count = 0;
2966 break;
2967
2968 case JVM_OPC_ret: {
2969 /* This is slightly slow, but good enough for a seldom used instruction.
2970 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2971 * address of the first instruction of the subroutine. We can return
2972 * to 1 after any instruction that jsr's to that instruction.
2973 */
2974 if (this_idata->operand2.ip == NULL) {
2975 fullinfo_type *registers = this_idata->register_info.registers;
2976 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2977 int i, count, *ptr;;
2978 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2979 if (((idata[i].opcode == JVM_OPC_jsr) ||
2980 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2981 (idata[i].operand.i == called_instruction))
2982 count++;
2983 }
2984 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2985 *ptr++ = count;
2986 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2987 if (((idata[i].opcode == JVM_OPC_jsr) ||
2988 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2989 (idata[i].operand.i == called_instruction))
2990 *ptr++ = i + 1;
2991 }
2992 }
2993 successors = this_idata->operand2.ip; /* use this instead */
2994 successors_count = *successors++;
2995 break;
2996
2997 }
2998
2999 case JVM_OPC_tableswitch:
3000 case JVM_OPC_lookupswitch:
3001 successors = this_idata->operand.ip; /* use this instead */
3002 successors_count = *successors++;
3003 break;
3004 }
3005
3006 #ifdef DEBUG
3007 if (verify_verbose) {
3008 jio_fprintf(stdout, " [");
3009 for (i = handler_info_length; --i >= 0; handler_info++)
3010 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3011 jio_fprintf(stdout, "%d* ", handler_info->handler);
3012 for (i = 0; i < successors_count; i++)
3013 jio_fprintf(stdout, "%d ", successors[i]);
3014 jio_fprintf(stdout, "]\n");
3015 }
3016 #endif
3017
3018 handler_info = context->handler_info;
3019 for (i = handler_info_length; --i >= 0; handler_info++) {
3020 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3021 int handler = handler_info->handler;
3022 if (opcode != JVM_OPC_invokeinit) {
3023 merge_into_one_successor(context, inumber, handler,
3024 &this_idata->register_info, /* old */
3025 &handler_info->stack_info,
3026 (flag_type) (and_flags
3027 & this_idata->and_flags),
3028 (flag_type) (or_flags
3029 | this_idata->or_flags),
3030 JNI_TRUE);
3031 } else {
3032 /* We need to be a little bit more careful with this
3033 * instruction. Things could either be in the state before
3034 * the instruction or in the state afterwards */
3035 fullinfo_type from = context->swap_table[0];
3036 flag_type temp_or_flags = or_flags;
3037 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3038 temp_or_flags |= FLAG_NO_RETURN;
3039 merge_into_one_successor(context, inumber, handler,
3040 &this_idata->register_info, /* old */
3041 &handler_info->stack_info,
3042 this_idata->and_flags,
3043 this_idata->or_flags,
3044 JNI_TRUE);
3045 merge_into_one_successor(context, inumber, handler,
3046 register_info,
3047 &handler_info->stack_info,
3048 and_flags, temp_or_flags, JNI_TRUE);
3049 }
3050 }
3051 }
3052 for (i = 0; i < successors_count; i++) {
3053 int target = successors[i];
3054 if (target >= context->instruction_count)
3055 CCerror(context, "Falling off the end of the code");
3056 merge_into_one_successor(context, inumber, target,
3057 register_info, stack_info, and_flags, or_flags,
3058 JNI_FALSE);
3059 }
3060 }
3061
3062 /* We have a new set of registers and stack values for a given instruction.
3063 * Merge this new set into the values that are already there.
3064 */
3065
3066 static void
3067 merge_into_one_successor(context_type *context,
3068 unsigned int from_inumber, unsigned int to_inumber,
3069 register_info_type *new_register_info,
3070 stack_info_type *new_stack_info,
3071 flag_type new_and_flags, flag_type new_or_flags,
3072 jboolean isException)
3073 {
3074 instruction_data_type *idata = context->instruction_data;
3075 register_info_type register_info_buf;
3076 stack_info_type stack_info_buf;
3077 #ifdef DEBUG
3078 instruction_data_type *this_idata = &idata[to_inumber];
3079 register_info_type old_reg_info;
3080 stack_info_type old_stack_info;
3081 flag_type old_and_flags = 0;
3082 flag_type old_or_flags = 0;
3083 #endif
3084
3085 #ifdef DEBUG
3086 if (verify_verbose) {
3087 old_reg_info = this_idata->register_info;
3088 old_stack_info = this_idata->stack_info;
3089 old_and_flags = this_idata->and_flags;
3090 old_or_flags = this_idata->or_flags;
3091 }
3092 #endif
3093
3094 /* All uninitialized objects are set to "bogus" when jsr and
3095 * ret are executed. Thus uninitialized objects can't propagate
3096 * into or out of a subroutine.
3097 */
3098 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3099 idata[from_inumber].opcode == JVM_OPC_jsr ||
3100 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3101 int new_register_count = new_register_info->register_count;
3102 fullinfo_type *new_registers = new_register_info->registers;
3103 int i;
3104 stack_item_type *item;
3105
3106 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3107 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3108 /* This check only succeeds for hand-contrived code.
3109 * Efficiency is not an issue.
3110 */
3111 stack_info_buf.stack = copy_stack(context,
3112 new_stack_info->stack);
3113 stack_info_buf.stack_size = new_stack_info->stack_size;
3114 new_stack_info = &stack_info_buf;
3115 for (item = new_stack_info->stack; item != NULL;
3116 item = item->next) {
3117 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3118 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3119 }
3120 }
3121 break;
3122 }
3123 }
3124 for (i = 0; i < new_register_count; i++) {
3125 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3126 /* This check only succeeds for hand-contrived code.
3127 * Efficiency is not an issue.
3128 */
3129 fullinfo_type *new_set = NEW(fullinfo_type,
3130 new_register_count);
3131 for (i = 0; i < new_register_count; i++) {
3132 fullinfo_type t = new_registers[i];
3133 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3134 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3135 }
3136 register_info_buf.register_count = new_register_count;
3137 register_info_buf.registers = new_set;
3138 register_info_buf.mask_count = new_register_info->mask_count;
3139 register_info_buf.masks = new_register_info->masks;
3140 new_register_info = ®ister_info_buf;
3141 break;
3142 }
3143 }
3144 }
3145
3146 /* Returning from a subroutine is somewhat ugly. The actual thing
3147 * that needs to get merged into the new instruction is a joining
3148 * of info from the ret instruction with stuff in the jsr instruction
3149 */
3150 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3151 int new_register_count = new_register_info->register_count;
3152 fullinfo_type *new_registers = new_register_info->registers;
3153 int new_mask_count = new_register_info->mask_count;
3154 mask_type *new_masks = new_register_info->masks;
3155 int operand = idata[from_inumber].operand.i;
3156 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3157 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3158 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3159 if (jsr_idata->operand2.i != (int)from_inumber) {
3160 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3161 CCerror(context, "Multiple returns to single jsr");
3162 jsr_idata->operand2.i = from_inumber;
3163 }
3164 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3165 /* We don't want to handle the returned-to instruction until
3166 * we've dealt with the jsr instruction. When we get to the
3167 * jsr instruction (if ever), we'll re-mark the ret instruction
3168 */
3169 ;
3170 } else {
3171 int register_count = jsr_reginfo->register_count;
3172 fullinfo_type *registers = jsr_reginfo->registers;
3173 int max_registers = MAX(register_count, new_register_count);
3174 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3175 int *return_mask;
3176 struct register_info_type new_new_register_info;
3177 int i;
3178 /* Make sure the place we're returning from is legal! */
3179 for (i = new_mask_count; --i >= 0; )
3180 if (new_masks[i].entry == called_instruction)
3181 break;
3182 if (i < 0)
3183 CCerror(context, "Illegal return from subroutine");
3184 /* pop the masks down to the indicated one. Remember the mask
3185 * we're popping off. */
3186 return_mask = new_masks[i].modifies;
3187 new_mask_count = i;
3188 for (i = 0; i < max_registers; i++) {
3189 if (IS_BIT_SET(return_mask, i))
3190 new_set[i] = i < new_register_count ?
3191 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3192 else
3193 new_set[i] = i < register_count ?
3194 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3195 }
3196 new_new_register_info.register_count = max_registers;
3197 new_new_register_info.registers = new_set;
3198 new_new_register_info.mask_count = new_mask_count;
3199 new_new_register_info.masks = new_masks;
3200
3201
3202 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3203 merge_registers(context, to_inumber - 1, to_inumber,
3204 &new_new_register_info);
3205 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3206 }
3207 } else {
3208 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3209 merge_registers(context, from_inumber, to_inumber, new_register_info);
3210 merge_flags(context, from_inumber, to_inumber,
3211 new_and_flags, new_or_flags);
3212 }
3213
3214 #ifdef DEBUG
3215 if (verify_verbose && idata[to_inumber].changed) {
3216 register_info_type *register_info = &this_idata->register_info;
3217 stack_info_type *stack_info = &this_idata->stack_info;
3218 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3219 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3220 (old_and_flags != this_idata->and_flags) ||
3221 (old_or_flags != this_idata->or_flags)) {
3222 jio_fprintf(stdout, " %2d:", to_inumber);
3223 print_stack(context, &old_stack_info);
3224 print_registers(context, &old_reg_info);
3225 print_flags(context, old_and_flags, old_or_flags);
3226 jio_fprintf(stdout, " => ");
3227 print_stack(context, &this_idata->stack_info);
3228 print_registers(context, &this_idata->register_info);
3229 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3230 jio_fprintf(stdout, "\n");
3231 }
3232 }
3233 #endif
3234
3235 }
3236
3237 static void
3238 merge_stack(context_type *context, unsigned int from_inumber,
3239 unsigned int to_inumber, stack_info_type *new_stack_info)
3240 {
3241 instruction_data_type *idata = context->instruction_data;
3242 instruction_data_type *this_idata = &idata[to_inumber];
3243
3244 int new_stack_size = new_stack_info->stack_size;
3245 stack_item_type *new_stack = new_stack_info->stack;
3246
3247 int stack_size = this_idata->stack_info.stack_size;
3248
3249 if (stack_size == UNKNOWN_STACK_SIZE) {
3250 /* First time at this instruction. Just copy. */
3251 this_idata->stack_info.stack_size = new_stack_size;
3252 this_idata->stack_info.stack = new_stack;
3253 this_idata->changed = JNI_TRUE;
3254 } else if (new_stack_size != stack_size) {
3255 CCerror(context, "Inconsistent stack height %d != %d",
3256 new_stack_size, stack_size);
3257 } else {
3258 stack_item_type *stack = this_idata->stack_info.stack;
3259 stack_item_type *old, *new;
3260 jboolean change = JNI_FALSE;
3261 for (old = stack, new = new_stack; old != NULL;
3262 old = old->next, new = new->next) {
3263 if (!isAssignableTo(context, new->item, old->item)) {
3264 change = JNI_TRUE;
3265 break;
3266 }
3267 }
3268 if (change) {
3269 stack = copy_stack(context, stack);
3270 for (old = stack, new = new_stack; old != NULL;
3271 old = old->next, new = new->next) {
3272 if (new == NULL) {
3273 break;
3274 }
3275 old->item = merge_fullinfo_types(context, old->item, new->item,
3276 JNI_FALSE);
3277 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3278 CCerror(context, "Mismatched stack types");
3279 }
3280 }
3281 if (old != NULL || new != NULL) {
3282 CCerror(context, "Mismatched stack types");
3283 }
3284 this_idata->stack_info.stack = stack;
3285 this_idata->changed = JNI_TRUE;
3286 }
3287 }
3288 }
3289
3290 static void
3291 merge_registers(context_type *context, unsigned int from_inumber,
3292 unsigned int to_inumber, register_info_type *new_register_info)
3293 {
3294 instruction_data_type *idata = context->instruction_data;
3295 instruction_data_type *this_idata = &idata[to_inumber];
3296 register_info_type *this_reginfo = &this_idata->register_info;
3297
3298 int new_register_count = new_register_info->register_count;
3299 fullinfo_type *new_registers = new_register_info->registers;
3300 int new_mask_count = new_register_info->mask_count;
3301 mask_type *new_masks = new_register_info->masks;
3302
3303
3304 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3305 this_reginfo->register_count = new_register_count;
3306 this_reginfo->registers = new_registers;
3307 this_reginfo->mask_count = new_mask_count;
3308 this_reginfo->masks = new_masks;
3309 this_idata->changed = JNI_TRUE;
3310 } else {
3311 /* See if we've got new information on the register set. */
3312 int register_count = this_reginfo->register_count;
3313 fullinfo_type *registers = this_reginfo->registers;
3314 int mask_count = this_reginfo->mask_count;
3315 mask_type *masks = this_reginfo->masks;
3316
3317 jboolean copy = JNI_FALSE;
3318 int i, j;
3319 if (register_count > new_register_count) {
3320 /* Any register larger than new_register_count is now bogus */
3321 this_reginfo->register_count = new_register_count;
3322 register_count = new_register_count;
3323 this_idata->changed = JNI_TRUE;
3324 }
3325 for (i = 0; i < register_count; i++) {
3326 fullinfo_type prev_value = registers[i];
3327 if ((i < new_register_count)
3328 ? (!isAssignableTo(context, new_registers[i], prev_value))
3329 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3330 copy = JNI_TRUE;
3331 break;
3332 }
3333 }
3334
3335 if (copy) {
3336 /* We need a copy. So do it. */
3337 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3338 for (j = 0; j < i; j++)
3339 new_set[j] = registers[j];
3340 for (j = i; j < register_count; j++) {
3341 if (i >= new_register_count)
3342 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3343 else
3344 new_set[j] = merge_fullinfo_types(context,
3345 new_registers[j],
3346 registers[j], JNI_FALSE);
3347 }
3348 /* Some of the end items might now be bogus. This step isn't
3349 * necessary, but it may save work later. */
3350 while ( register_count > 0
3351 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3352 register_count--;
3353 this_reginfo->register_count = register_count;
3354 this_reginfo->registers = new_set;
3355 this_idata->changed = JNI_TRUE;
3356 }
3357 if (mask_count > 0) {
3358 /* If the target instruction already has a sequence of masks, then
3359 * we need to merge new_masks into it. We want the entries on
3360 * the mask to be the longest common substring of the two.
3361 * (e.g. a->b->d merged with a->c->d should give a->d)
3362 * The bits set in the mask should be the or of the corresponding
3363 * entries in each of the original masks.
3364 */
3365 int i, j, k;
3366 int matches = 0;
3367 int last_match = -1;
3368 jboolean copy_needed = JNI_FALSE;
3369 for (i = 0; i < mask_count; i++) {
3370 int entry = masks[i].entry;
3371 for (j = last_match + 1; j < new_mask_count; j++) {
3372 if (new_masks[j].entry == entry) {
3373 /* We have a match */
3374 int *prev = masks[i].modifies;
3375 int *new = new_masks[j].modifies;
3376 matches++;
3377 /* See if new_mask has bits set for "entry" that
3378 * weren't set for mask. If so, need to copy. */
3379 for (k = context->bitmask_size - 1;
3380 !copy_needed && k >= 0;
3381 k--)
3382 if (~prev[k] & new[k])
3383 copy_needed = JNI_TRUE;
3384 last_match = j;
3385 break;
3386 }
3387 }
3388 }
3389 if ((matches < mask_count) || copy_needed) {
3390 /* We need to make a copy for the new item, since either the
3391 * size has decreased, or new bits are set. */
3392 mask_type *copy = NEW(mask_type, matches);
3393 for (i = 0; i < matches; i++) {
3394 copy[i].modifies = NEW(int, context->bitmask_size);
3395 }
3396 this_reginfo->masks = copy;
3397 this_reginfo->mask_count = matches;
3398 this_idata->changed = JNI_TRUE;
3399 matches = 0;
3400 last_match = -1;
3401 for (i = 0; i < mask_count; i++) {
3402 int entry = masks[i].entry;
3403 for (j = last_match + 1; j < new_mask_count; j++) {
3404 if (new_masks[j].entry == entry) {
3405 int *prev1 = masks[i].modifies;
3406 int *prev2 = new_masks[j].modifies;
3407 int *new = copy[matches].modifies;
3408 copy[matches].entry = entry;
3409 for (k = context->bitmask_size - 1; k >= 0; k--)
3410 new[k] = prev1[k] | prev2[k];
3411 matches++;
3412 last_match = j;
3413 break;
3414 }
3415 }
3416 }
3417 }
3418 }
3419 }
3420 }
3421
3422
3423 static void
3424 merge_flags(context_type *context, unsigned int from_inumber,
3425 unsigned int to_inumber,
3426 flag_type new_and_flags, flag_type new_or_flags)
3427 {
3428 /* Set this_idata->and_flags &= new_and_flags
3429 this_idata->or_flags |= new_or_flags
3430 */
3431 instruction_data_type *idata = context->instruction_data;
3432 instruction_data_type *this_idata = &idata[to_inumber];
3433 flag_type this_and_flags = this_idata->and_flags;
3434 flag_type this_or_flags = this_idata->or_flags;
3435 flag_type merged_and = this_and_flags & new_and_flags;
3436 flag_type merged_or = this_or_flags | new_or_flags;
3437
3438 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3439 this_idata->and_flags = merged_and;
3440 this_idata->or_flags = merged_or;
3441 this_idata->changed = JNI_TRUE;
3442 }
3443 }
3444
3445
3446 /* Make a copy of a stack */
3447
3448 static stack_item_type *
3449 copy_stack(context_type *context, stack_item_type *stack)
3450 {
3451 int length;
3452 stack_item_type *ptr;
3453
3454 /* Find the length */
3455 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3456
3457 if (length > 0) {
3458 stack_item_type *new_stack = NEW(stack_item_type, length);
3459 stack_item_type *new_ptr;
3460 for ( ptr = stack, new_ptr = new_stack;
3461 ptr != NULL;
3462 ptr = ptr->next, new_ptr++) {
3463 new_ptr->item = ptr->item;
3464 new_ptr->next = new_ptr + 1;
3465 }
3466 new_stack[length - 1].next = NULL;
3467 return new_stack;
3468 } else {
3469 return NULL;
3470 }
3471 }
3472
3473
3474 static mask_type *
3475 copy_masks(context_type *context, mask_type *masks, int mask_count)
3476 {
3477 mask_type *result = NEW(mask_type, mask_count);
3478 int bitmask_size = context->bitmask_size;
3479 int *bitmaps = NEW(int, mask_count * bitmask_size);
3480 int i;
3481 for (i = 0; i < mask_count; i++) {
3482 result[i].entry = masks[i].entry;
3483 result[i].modifies = &bitmaps[i * bitmask_size];
3484 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3485 }
3486 return result;
3487 }
3488
3489
3490 static mask_type *
3491 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3492 {
3493 mask_type *result = NEW(mask_type, mask_count + 1);
3494 int bitmask_size = context->bitmask_size;
3495 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3496 int i;
3497 for (i = 0; i < mask_count; i++) {
3498 result[i].entry = masks[i].entry;
3499 result[i].modifies = &bitmaps[i * bitmask_size];
3500 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3501 }
3502 result[mask_count].entry = d;
3503 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3504 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3505 return result;
3506 }
3507
3508
3509
3510 /* We create our own storage manager, since we malloc lots of little items,
3511 * and I don't want to keep trace of when they become free. I sure wish that
3512 * we had heaps, and I could just free the heap when done.
3513 */
3514
3515 #define CCSegSize 2000
3516
3517 struct CCpool { /* a segment of allocated memory in the pool */
3518 struct CCpool *next;
3519 int segSize; /* almost always CCSegSize */
3520 int poolPad;
3521 char space[CCSegSize];
3522 };
3523
3524 /* Initialize the context's heap. */
3525 static void CCinit(context_type *context)
3526 {
3527 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3528 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3529 context->CCroot = context->CCcurrent = new;
3530 if (new == 0) {
3531 CCout_of_memory(context);
3532 }
3533 new->next = NULL;
3534 new->segSize = CCSegSize;
3535 context->CCfree_size = CCSegSize;
3536 context->CCfree_ptr = &new->space[0];
3537 }
3538
3539
3540 /* Reuse all the space that we have in the context's heap. */
3541 static void CCreinit(context_type *context)
3542 {
3543 struct CCpool *first = context->CCroot;
3544 context->CCcurrent = first;
3545 context->CCfree_size = CCSegSize;
3546 context->CCfree_ptr = &first->space[0];
3547 }
3548
3549 /* Destroy the context's heap. */
3550 static void CCdestroy(context_type *context)
3551 {
3552 struct CCpool *this = context->CCroot;
3553 while (this) {
3554 struct CCpool *next = this->next;
3555 free(this);
3556 this = next;
3557 }
3558 /* These two aren't necessary. But can't hurt either */
3559 context->CCroot = context->CCcurrent = NULL;
3560 context->CCfree_ptr = 0;
3561 }
3562
3563 /* Allocate an object of the given size from the context's heap. */
3564 static void *
3565 CCalloc(context_type *context, int size, jboolean zero)
3566 {
3567
3568 register char *p;
3569 /* Round CC to the size of a pointer */
3570 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3571
3572 if (context->CCfree_size < size) {
3573 struct CCpool *current = context->CCcurrent;
3574 struct CCpool *new;
3575 if (size > CCSegSize) { /* we need to allocate a special block */
3576 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3577 (size - CCSegSize));
3578 if (new == 0) {
3579 CCout_of_memory(context);
3580 }
3581 new->next = current->next;
3582 new->segSize = size;
3583 current->next = new;
3584 } else {
3585 new = current->next;
3586 if (new == NULL) {
3587 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3588 if (new == 0) {
3589 CCout_of_memory(context);
3590 }
3591 current->next = new;
3592 new->next = NULL;
3593 new->segSize = CCSegSize;
3594 }
3595 }
3596 context->CCcurrent = new;
3597 context->CCfree_ptr = &new->space[0];
3598 context->CCfree_size = new->segSize;
3599 }
3600 p = context->CCfree_ptr;
3601 context->CCfree_ptr += size;
3602 context->CCfree_size -= size;
3603 if (zero)
3604 memset(p, 0, size);
3605 return p;
3606 }
3607
3608 /* Get the class associated with a particular field or method or class in the
3609 * constant pool. If is_field is true, we've got a field or method. If
3610 * false, we've got a class.
3611 */
3612 static fullinfo_type
3613 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3614 {
3615 JNIEnv *env = context->env;
3616 fullinfo_type result;
3617 const char *classname;
3618 switch (kind) {
3619 case JVM_CONSTANT_Class:
3620 classname = JVM_GetCPClassNameUTF(env,
3621 context->class,
3622 cp_index);
3623 break;
3624 case JVM_CONSTANT_Methodref:
3625 classname = JVM_GetCPMethodClassNameUTF(env,
3626 context->class,
3627 cp_index);
3628 break;
3629 case JVM_CONSTANT_Fieldref:
3630 classname = JVM_GetCPFieldClassNameUTF(env,
3631 context->class,
3632 cp_index);
3633 break;
3634 default:
3635 classname = NULL;
3636 CCerror(context, "Internal error #5");
3637 }
3638
3639 check_and_push(context, classname, VM_STRING_UTF);
3640 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3641 /* This make recursively call us, in case of a class array */
3642 signature_to_fieldtype(context, &classname, &result);
3643 } else {
3644 result = make_class_info_from_name(context, classname);
3645 }
3646 pop_and_free(context);
3647 return result;
3648 }
3649
3650
3651 static int
3652 print_CCerror_info(context_type *context)
3653 {
3654 JNIEnv *env = context->env;
3655 jclass cb = context->class;
3656 const char *classname = JVM_GetClassNameUTF(env, cb);
3657 const char *name = 0;
3658 const char *signature = 0;
3659 int n = 0;
3660 if (context->method_index != -1) {
3661 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3662 signature =
3663 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3664 n += jio_snprintf(context->message, context->message_buf_len,
3665 "(class: %s, method: %s signature: %s) ",
3666 (classname ? classname : ""),
3667 (name ? name : ""),
3668 (signature ? signature : ""));
3669 } else if (context->field_index != -1 ) {
3670 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3671 n += jio_snprintf(context->message, context->message_buf_len,
3672 "(class: %s, field: %s) ",
3673 (classname ? classname : 0),
3674 (name ? name : 0));
3675 } else {
3676 n += jio_snprintf(context->message, context->message_buf_len,
3677 "(class: %s) ", classname ? classname : "");
3678 }
3679 JVM_ReleaseUTF(classname);
3680 JVM_ReleaseUTF(name);
3681 JVM_ReleaseUTF(signature);
3682 return n;
3683 }
3684
3685 static void
3686 CCerror (context_type *context, char *format, ...)
3687 {
3688 int n = print_CCerror_info(context);
3689 va_list args;
3690 if (n >= 0 && n < context->message_buf_len) {
3691 va_start(args, format);
3692 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3693 format, args);
3694 va_end(args);
3695 }
3696 context->err_code = CC_VerifyError;
3697 longjmp(context->jump_buffer, 1);
3698 }
3699
3700 static void
3701 CCout_of_memory(context_type *context)
3702 {
3703 int n = print_CCerror_info(context);
3704 context->err_code = CC_OutOfMemory;
3705 longjmp(context->jump_buffer, 1);
3706 }
3707
3708 static void
3709 CFerror(context_type *context, char *format, ...)
3710 {
3711 int n = print_CCerror_info(context);
3712 va_list args;
3713 if (n >= 0 && n < context->message_buf_len) {
3714 va_start(args, format);
3715 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3716 format, args);
3717 va_end(args);
3718 }
3719 context->err_code = CC_ClassFormatError;
3720 longjmp(context->jump_buffer, 1);
3721 }
3722
3723 static char
3724 signature_to_fieldtype(context_type *context,
3725 const char **signature_p, fullinfo_type *full_info_p)
3726 {
3727 const char *p = *signature_p;
3728 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3729 char result;
3730 int array_depth = 0;
3731
3732 for (;;) {
3733 switch(*p++) {
3734 default:
3735 result = 0;
3736 break;
3737
3738 case JVM_SIGNATURE_BOOLEAN: case JVM_SIGNATURE_BYTE:
3739 full_info = (array_depth > 0)
3740 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3741 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3742 result = 'I';
3743 break;
3744
3745 case JVM_SIGNATURE_CHAR:
3746 full_info = (array_depth > 0)
3747 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3748 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3749 result = 'I';
3750 break;
3751
3752 case JVM_SIGNATURE_SHORT:
3753 full_info = (array_depth > 0)
3754 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3755 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3756 result = 'I';
3757 break;
3758
3759 case JVM_SIGNATURE_INT:
3760 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3761 result = 'I';
3762 break;
3763
3764 case JVM_SIGNATURE_FLOAT:
3765 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3766 result = 'F';
3767 break;
3768
3769 case JVM_SIGNATURE_DOUBLE:
3770 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3771 result = 'D';
3772 break;
3773
3774 case JVM_SIGNATURE_LONG:
3775 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3776 result = 'L';
3777 break;
3778
3779 case JVM_SIGNATURE_ARRAY:
3780 array_depth++;
3781 continue; /* only time we ever do the loop > 1 */
3782
3783 case JVM_SIGNATURE_CLASS: {
3784 char buffer_space[256];
3785 char *buffer = buffer_space;
3786 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3787 int length;
3788 if (finish == NULL) {
3789 /* Signature must have ';' after the class name.
3790 * If it does not, return 0 and ITEM_Bogus in full_info. */
3791 result = 0;
3792 break;
3793 }
3794 length = finish - p;
3795 if (length + 1 > (int)sizeof(buffer_space)) {
3796 buffer = malloc(length + 1);
3797 check_and_push(context, buffer, VM_MALLOC_BLK);
3798 }
3799 memcpy(buffer, p, length);
3800 buffer[length] = '\0';
3801 full_info = make_class_info_from_name(context, buffer);
3802 result = 'A';
3803 p = finish + 1;
3804 if (buffer != buffer_space)
3805 pop_and_free(context);
3806 break;
3807 }
3808 } /* end of switch */
3809 break;
3810 }
3811 *signature_p = p;
3812 if (array_depth == 0 || result == 0) {
3813 /* either not an array, or result is bogus */
3814 *full_info_p = full_info;
3815 return result;
3816 } else {
3817 if (array_depth > MAX_ARRAY_DIMENSIONS)
3818 CCerror(context, "Array with too many dimensions");
3819 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3820 array_depth,
3821 GET_EXTRA_INFO(full_info));
3822 return 'A';
3823 }
3824 }
3825
3826
3827 /* Given an array type, create the type that has one less level of
3828 * indirection.
3829 */
3830
3831 static fullinfo_type
3832 decrement_indirection(fullinfo_type array_info)
3833 {
3834 if (array_info == NULL_FULLINFO) {
3835 return NULL_FULLINFO;
3836 } else {
3837 int type = GET_ITEM_TYPE(array_info);
3838 int indirection = GET_INDIRECTION(array_info) - 1;
3839 int extra_info = GET_EXTRA_INFO(array_info);
3840 if ( (indirection == 0)
3841 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Char)))
3842 type = ITEM_Integer;
3843 return MAKE_FULLINFO(type, indirection, extra_info);
3844 }
3845 }
3846
3847
3848 /* See if we can assign an object of the "from" type to an object
3849 * of the "to" type.
3850 */
3851
3852 static jboolean isAssignableTo(context_type *context,
3853 fullinfo_type from, fullinfo_type to)
3854 {
3855 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3856 }
3857
3858 /* Given two fullinfo_type's, find their lowest common denominator. If
3859 * the assignable_p argument is non-null, we're really just calling to find
3860 * out if "<target> := <value>" is a legitimate assignment.
3861 *
3862 * We treat all interfaces as if they were of type java/lang/Object, since the
3863 * runtime will do the full checking.
3864 */
3865 static fullinfo_type
3866 merge_fullinfo_types(context_type *context,
3867 fullinfo_type value, fullinfo_type target,
3868 jboolean for_assignment)
3869 {
3870 JNIEnv *env = context->env;
3871 if (value == target) {
3872 /* If they're identical, clearly just return what we've got */
3873 return value;
3874 }
3875
3876 /* Both must be either arrays or objects to go further */
3877 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3878 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3879 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3880 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3881
3882 /* If either is NULL, return the other. */
3883 if (value == NULL_FULLINFO)
3884 return target;
3885 else if (target == NULL_FULLINFO)
3886 return value;
3887
3888 /* If either is java/lang/Object, that's the result. */
3889 if (target == context->object_info)
3890 return target;
3891 else if (value == context->object_info) {
3892 /* Minor hack. For assignments, Interface := Object, return Interface
3893 * rather than Object, so that isAssignableTo() will get the right
3894 * result. */
3895 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3896 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3897 jclass cb = object_fullinfo_to_classclass(context,
3898 target);
3899 int is_interface = cb && JVM_IsInterface(env, cb);
3900 if (is_interface)
3901 return target;
3902 }
3903 return value;
3904 }
3905 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3906 /* At least one is an array. Neither is java/lang/Object or NULL.
3907 * Moreover, the types are not identical.
3908 * The result must either be Object, or an array of some object type.
3909 */
3910 fullinfo_type value_base, target_base;
3911 int dimen_value = GET_INDIRECTION(value);
3912 int dimen_target = GET_INDIRECTION(target);
3913
3914 if (target == context->cloneable_info ||
3915 target == context->serializable_info) {
3916 return target;
3917 }
3918
3919 if (value == context->cloneable_info ||
3920 value == context->serializable_info) {
3921 return value;
3922 }
3923
3924 /* First, if either item's base type isn't ITEM_Object, promote it up
3925 * to an object or array of object. If either is elemental, we can
3926 * punt.
3927 */
3928 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3929 if (dimen_value == 0)
3930 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3931 dimen_value--;
3932 value = MAKE_Object_ARRAY(dimen_value);
3933
3934 }
3935 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3936 if (dimen_target == 0)
3937 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3938 dimen_target--;
3939 target = MAKE_Object_ARRAY(dimen_target);
3940 }
3941 /* Both are now objects or arrays of some sort of object type */
3942 value_base = WITH_ZERO_INDIRECTION(value);
3943 target_base = WITH_ZERO_INDIRECTION(target);
3944 if (dimen_value == dimen_target) {
3945 /* Arrays of the same dimension. Merge their base types. */
3946 fullinfo_type result_base =
3947 merge_fullinfo_types(context, value_base, target_base,
3948 for_assignment);
3949 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3950 /* bogus in, bogus out */
3951 return result_base;
3952 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3953 GET_EXTRA_INFO(result_base));
3954 } else {
3955 /* Arrays of different sizes. If the smaller dimension array's base
3956 * type is java/lang/Cloneable or java/io/Serializable, return it.
3957 * Otherwise return java/lang/Object with a dimension of the smaller
3958 * of the two */
3959 if (dimen_value < dimen_target) {
3960 if (value_base == context->cloneable_info ||
3961 value_base == context ->serializable_info) {
3962 return value;
3963 }
3964 return MAKE_Object_ARRAY(dimen_value);
3965 } else {
3966 if (target_base == context->cloneable_info ||
3967 target_base == context->serializable_info) {
3968 return target;
3969 }
3970 return MAKE_Object_ARRAY(dimen_target);
3971 }
3972 }
3973 } else {
3974 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3975 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3976 fullinfo_type result_info;
3977
3978 /* Let's get the classes corresponding to each of these. Treat
3979 * interfaces as if they were java/lang/Object. See hack note above. */
3980 cb_target = object_fullinfo_to_classclass(context, target);
3981 if (cb_target == 0)
3982 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3983 if (JVM_IsInterface(env, cb_target))
3984 return for_assignment ? target : context->object_info;
3985 cb_value = object_fullinfo_to_classclass(context, value);
3986 if (cb_value == 0)
3987 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3988 if (JVM_IsInterface(env, cb_value))
3989 return context->object_info;
3990
3991 /* If this is for assignment of target := value, we just need to see if
3992 * cb_target is a superclass of cb_value. Save ourselves a lot of
3993 * work.
3994 */
3995 if (for_assignment) {
3996 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3997 while (cb_super_value != 0) {
3998 jclass tmp_cb;
3999 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4000 (*env)->DeleteLocalRef(env, cb_super_value);
4001 return target;
4002 }
4003 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4004 (*env)->DeleteLocalRef(env, cb_super_value);
4005 cb_super_value = tmp_cb;
4006 }
4007 (*env)->DeleteLocalRef(env, cb_super_value);
4008 return context->object_info;
4009 }
4010
4011 /* Find out whether cb_value or cb_target is deeper in the class
4012 * tree by moving both toward the root, and seeing who gets there
4013 * first. */
4014 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4015 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4016 while((cb_super_value != 0) &&
4017 (cb_super_target != 0)) {
4018 jclass tmp_cb;
4019 /* Optimization. If either hits the other when going up looking
4020 * for a parent, then might as well return the parent immediately */
4021 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4022 (*env)->DeleteLocalRef(env, cb_super_value);
4023 (*env)->DeleteLocalRef(env, cb_super_target);
4024 return target;
4025 }
4026 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4027 (*env)->DeleteLocalRef(env, cb_super_value);
4028 (*env)->DeleteLocalRef(env, cb_super_target);
4029 return value;
4030 }
4031 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4032 (*env)->DeleteLocalRef(env, cb_super_value);
4033 cb_super_value = tmp_cb;
4034
4035 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4036 (*env)->DeleteLocalRef(env, cb_super_target);
4037 cb_super_target = tmp_cb;
4038 }
4039 cb_value = (*env)->NewLocalRef(env, cb_value);
4040 cb_target = (*env)->NewLocalRef(env, cb_target);
4041 /* At most one of the following two while clauses will be executed.
4042 * Bring the deeper of cb_target and cb_value to the depth of the
4043 * shallower one.
4044 */
4045 while (cb_super_value != 0) {
4046 /* cb_value is deeper */
4047 jclass cb_tmp;
4048
4049 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4050 (*env)->DeleteLocalRef(env, cb_super_value);
4051 cb_super_value = cb_tmp;
4052
4053 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4054 (*env)->DeleteLocalRef(env, cb_value);
4055 cb_value = cb_tmp;
4056 }
4057 while (cb_super_target != 0) {
4058 /* cb_target is deeper */
4059 jclass cb_tmp;
4060
4061 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4062 (*env)->DeleteLocalRef(env, cb_super_target);
4063 cb_super_target = cb_tmp;
4064
4065 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4066 (*env)->DeleteLocalRef(env, cb_target);
4067 cb_target = cb_tmp;
4068 }
4069
4070 /* Walk both up, maintaining equal depth, until a join is found. We
4071 * know that we will find one. */
4072 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4073 jclass cb_tmp;
4074 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4075 (*env)->DeleteLocalRef(env, cb_value);
4076 cb_value = cb_tmp;
4077 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4078 (*env)->DeleteLocalRef(env, cb_target);
4079 cb_target = cb_tmp;
4080 }
4081 result_info = make_class_info(context, cb_value);
4082 (*env)->DeleteLocalRef(env, cb_value);
4083 (*env)->DeleteLocalRef(env, cb_super_value);
4084 (*env)->DeleteLocalRef(env, cb_target);
4085 (*env)->DeleteLocalRef(env, cb_super_target);
4086 return result_info;
4087 } /* both items are classes */
4088 }
4089
4090
4091 /* Given a fullinfo_type corresponding to an Object, return the jclass
4092 * of that type.
4093 *
4094 * This function always returns a global reference!
4095 */
4096
4097 static jclass
4098 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4099 {
4100 unsigned short info = GET_EXTRA_INFO(classinfo);
4101 return ID_to_class(context, info);
4102 }
4103
4104 static void free_block(void *ptr, int kind)
4105 {
4106 switch (kind) {
4107 case VM_STRING_UTF:
4108 JVM_ReleaseUTF(ptr);
4109 break;
4110 case VM_MALLOC_BLK:
4111 free(ptr);
4112 break;
4113 }
4114 }
4115
4116 static void check_and_push(context_type *context, const void *ptr, int kind)
4117 {
4118 alloc_stack_type *p;
4119 if (ptr == 0)
4120 CCout_of_memory(context);
4121 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4122 p = &(context->alloc_stack[context->alloc_stack_top++]);
4123 else {
4124 /* Otherwise we have to malloc */
4125 p = malloc(sizeof(alloc_stack_type));
4126 if (p == 0) {
4127 /* Make sure we clean up. */
4128 free_block((void *)ptr, kind);
4129 CCout_of_memory(context);
4130 }
4131 }
4132 p->kind = kind;
4133 p->ptr = (void *)ptr;
4134 p->next = context->allocated_memory;
4135 context->allocated_memory = p;
4136 }
4137
4138 static void pop_and_free(context_type *context)
4139 {
4140 alloc_stack_type *p = context->allocated_memory;
4141 context->allocated_memory = p->next;
4142 free_block(p->ptr, p->kind);
4143 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4144 p >= context->alloc_stack)
4145 context->alloc_stack_top--;
4146 else
4147 free(p);
4148 }
4149
4150 static int signature_to_args_size(const char *method_signature)
4151 {
4152 const char *p;
4153 int args_size = 0;
4154 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4155 switch (*p) {
4156 case JVM_SIGNATURE_BOOLEAN:
4157 case JVM_SIGNATURE_BYTE:
4158 case JVM_SIGNATURE_CHAR:
4159 case JVM_SIGNATURE_SHORT:
4160 case JVM_SIGNATURE_INT:
4161 case JVM_SIGNATURE_FLOAT:
4162 args_size += 1;
4163 break;
4164 case JVM_SIGNATURE_CLASS:
4165 args_size += 1;
4166 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4167 break;
4168 case JVM_SIGNATURE_ARRAY:
4169 args_size += 1;
4170 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4171 /* If an array of classes, skip over class name, too. */
4172 if (*p == JVM_SIGNATURE_CLASS) {
4173 while (*p != JVM_SIGNATURE_ENDCLASS)
4174 p++;
4175 }
4176 break;
4177 case JVM_SIGNATURE_DOUBLE:
4178 case JVM_SIGNATURE_LONG:
4179 args_size += 2;
4180 break;
4181 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4182 break;
4183 default:
4184 /* Indicate an error. */
4185 return 0;
4186 }
4187 }
4188 return args_size;
4189 }
4190
4191 #ifdef DEBUG
4192
4193 /* Below are for debugging. */
4194
4195 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4196
4197 static void
4198 print_stack(context_type *context, stack_info_type *stack_info)
4199 {
4200 stack_item_type *stack = stack_info->stack;
4201 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4202 jio_fprintf(stdout, "x");
4203 } else {
4204 jio_fprintf(stdout, "(");
4205 for ( ; stack != 0; stack = stack->next)
4206 print_fullinfo_type(context, stack->item,
4207 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4208 jio_fprintf(stdout, ")");
4209 }
4210 }
4211
4212 static void
4213 print_registers(context_type *context, register_info_type *register_info)
4214 {
4215 int register_count = register_info->register_count;
4216 if (register_count == UNKNOWN_REGISTER_COUNT) {
4217 jio_fprintf(stdout, "x");
4218 } else {
4219 fullinfo_type *registers = register_info->registers;
4220 int mask_count = register_info->mask_count;
4221 mask_type *masks = register_info->masks;
4222 int i, j;
4223
4224 jio_fprintf(stdout, "{");
4225 for (i = 0; i < register_count; i++)
4226 print_fullinfo_type(context, registers[i],
4227 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4228 jio_fprintf(stdout, "}");
4229 for (i = 0; i < mask_count; i++) {
4230 char *separator = "";
4231 int *modifies = masks[i].modifies;
4232 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4233 for (j = 0;
4234 j < JVM_GetMethodIxLocalsCount(context->env,
4235 context->class,
4236 context->method_index);
4237 j++)
4238 if (IS_BIT_SET(modifies, j)) {
4239 jio_fprintf(stdout, "%s%d", separator, j);
4240 separator = ",";
4241 }
4242 jio_fprintf(stdout, ">");
4243 }
4244 }
4245 }
4246
4247
4248 static void
4249 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4250 {
4251 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4252 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4253 }
4254 }
4255
4256 static void
4257 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4258 {
4259 int i;
4260 int indirection = GET_INDIRECTION(type);
4261 for (i = indirection; i-- > 0; )
4262 jio_fprintf(stdout, "[");
4263 switch (GET_ITEM_TYPE(type)) {
4264 case ITEM_Integer:
4265 jio_fprintf(stdout, "I"); break;
4266 case ITEM_Float:
4267 jio_fprintf(stdout, "F"); break;
4268 case ITEM_Double:
4269 jio_fprintf(stdout, "D"); break;
4270 case ITEM_Double_2:
4271 jio_fprintf(stdout, "d"); break;
4272 case ITEM_Long:
4273 jio_fprintf(stdout, "L"); break;
4274 case ITEM_Long_2:
4275 jio_fprintf(stdout, "l"); break;
4276 case ITEM_ReturnAddress:
4277 jio_fprintf(stdout, "a"); break;
4278 case ITEM_Object:
4279 if (!verbose) {
4280 jio_fprintf(stdout, "A");
4281 } else {
4282 unsigned short extra = GET_EXTRA_INFO(type);
4283 if (extra == 0) {
4284 jio_fprintf(stdout, "/Null/");
4285 } else {
4286 const char *name = ID_to_class_name(context, extra);
4287 const char *name2 = strrchr(name, '/');
4288 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4289 }
4290 }
4291 break;
4292 case ITEM_Char:
4293 jio_fprintf(stdout, "C"); break;
4294 case ITEM_Short:
4295 jio_fprintf(stdout, "S"); break;
4296 case ITEM_Byte:
4297 jio_fprintf(stdout, "B"); break;
4298 case ITEM_NewObject:
4299 if (!verbose) {
4300 jio_fprintf(stdout, "@");
4301 } else {
4302 int inum = GET_EXTRA_INFO(type);
4303 fullinfo_type real_type =
4304 context->instruction_data[inum].operand2.fi;
4305 jio_fprintf(stdout, ">");
4306 print_fullinfo_type(context, real_type, JNI_TRUE);
4307 jio_fprintf(stdout, "<");
4308 }
4309 break;
4310 case ITEM_InitObject:
4311 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4312 break;
4313
4314 default:
4315 jio_fprintf(stdout, "?"); break;
4316 }
4317 for (i = indirection; i-- > 0; )
4318 jio_fprintf(stdout, "]");
4319 }
4320
4321
4322 static void
4323 print_formatted_fieldname(context_type *context, int index)
4324 {
4325 JNIEnv *env = context->env;
4326 jclass cb = context->class;
4327 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4328 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4329 jio_fprintf(stdout, " <%s.%s>",
4330 classname ? classname : "", fieldname ? fieldname : "");
4331 JVM_ReleaseUTF(classname);
4332 JVM_ReleaseUTF(fieldname);
4333 }
4334
4335 static void
4336 print_formatted_methodname(context_type *context, int index)
4337 {
4338 JNIEnv *env = context->env;
4339 jclass cb = context->class;
4340 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4341 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4342 jio_fprintf(stdout, " <%s.%s>",
4343 classname ? classname : "", methodname ? methodname : "");
4344 JVM_ReleaseUTF(classname);
4345 JVM_ReleaseUTF(methodname);
4346 }
4347
4348 #endif /*DEBUG*/