1 /*
2 * Copyright (c) 1994, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 #define MAX_ARRAY_DIMENSIONS 255
94 /* align byte code */
95 #ifndef ALIGN_UP
96 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
97 #endif /* ALIGN_UP */
98 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
99
100 #ifdef DEBUG
101
102 int verify_verbose = 0;
103 static struct context_type *GlobalContext;
104 #endif
105
106 enum {
107 ITEM_Bogus,
108 ITEM_Void, /* only as a function return value */
109 ITEM_Integer,
110 ITEM_Float,
111 ITEM_Double,
112 ITEM_Double_2, /* 2nd word of double in register */
113 ITEM_Long,
114 ITEM_Long_2, /* 2nd word of long in register */
115 ITEM_Array,
116 ITEM_Object, /* Extra info field gives name. */
117 ITEM_NewObject, /* Like object, but uninitialized. */
118 ITEM_InitObject, /* "this" is init method, before call
119 to super() */
120 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
121 /* The following three are only used within array types.
122 * Normally, we use ITEM_Integer, instead. */
123 ITEM_Byte,
124 ITEM_Short,
125 ITEM_Char
126 };
127
128
129 #define UNKNOWN_STACK_SIZE -1
130 #define UNKNOWN_REGISTER_COUNT -1
131 #define UNKNOWN_RET_INSTRUCTION -1
132
133 #undef MAX
134 #undef MIN
135 #define MAX(a, b) ((a) > (b) ? (a) : (b))
136 #define MIN(a, b) ((a) < (b) ? (a) : (b))
137
138 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
139 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
140 ((unsigned)1 << ((i) % BITS_PER_INT)))
141 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
142 ((unsigned)1 << ((i) % BITS_PER_INT)))
143
144 typedef unsigned int fullinfo_type;
145 typedef unsigned int *bitvector;
146
147 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
148 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
149 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
150 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
151 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
152
153 #define MAKE_FULLINFO(type, indirect, extra) \
154 ((type) + ((indirect) << 5) + ((extra) << 16))
155
156 #define MAKE_Object_ARRAY(indirect) \
157 (context->object_info + ((indirect) << 5))
158
159 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
160
161 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
162 #define JVM_OPC_invokeinit 0x100
163
164 /* A hash mechanism used by the verifier.
165 * Maps class names to unique 16 bit integers.
166 */
167
168 #define HASH_TABLE_SIZE 503
169
170 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
171 * row (256 buckets) at a time to minimize fragmentation. Rows are
172 * allocated on demand so that we don't waste too much space.
173 */
174
175 #define MAX_HASH_ENTRIES 65536
176 #define HASH_ROW_SIZE 256
177
178 typedef struct hash_bucket_type {
179 char *name;
180 unsigned int hash;
181 jclass class;
182 unsigned short ID;
183 unsigned short next;
184 unsigned loadable:1; /* from context->class loader */
185 } hash_bucket_type;
186
187 typedef struct {
188 hash_bucket_type **buckets;
189 unsigned short *table;
190 int entries_used;
191 } hash_table_type;
192
193 #define GET_BUCKET(class_hash, ID)\
194 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
195
196 /*
197 * There are currently two types of resources that we need to keep
198 * track of (in addition to the CCalloc pool).
199 */
200 enum {
201 VM_STRING_UTF, /* VM-allocated UTF strings */
202 VM_MALLOC_BLK /* malloc'ed blocks */
203 };
204
205 #define LDC_CLASS_MAJOR_VERSION 49
206
207 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
208
209 #define ALLOC_STACK_SIZE 16 /* big enough */
210
211 typedef struct alloc_stack_type {
212 void *ptr;
213 int kind;
214 struct alloc_stack_type *next;
215 } alloc_stack_type;
216
217 /* The context type encapsulates the current invocation of the byte
218 * code verifier.
219 */
220 struct context_type {
221
222 JNIEnv *env; /* current JNIEnv */
223
224 /* buffers etc. */
225 char *message;
226 jint message_buf_len;
227 jboolean err_code;
228
229 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
230 had a chance to free */
231 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
232 blocks here, to save mallocs. */
233 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
234 int alloc_stack_top;
235
236 /* these fields are per class */
237 jclass class; /* current class */
238 jint major_version;
239 jint nconstants;
240 unsigned char *constant_types;
241 hash_table_type class_hash;
242
243 fullinfo_type object_info; /* fullinfo for java/lang/Object */
244 fullinfo_type string_info; /* fullinfo for java/lang/String */
245 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
246 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
247 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
248
249 fullinfo_type currentclass_info; /* fullinfo for context->class */
250 fullinfo_type superclass_info; /* fullinfo for superclass */
251
252 /* these fields are per method */
253 int method_index; /* current method */
254 unsigned short *exceptions; /* exceptions */
255 unsigned char *code; /* current code object */
256 jint code_length;
257 int *code_data; /* offset to instruction number */
258 struct instruction_data_type *instruction_data; /* info about each */
259 struct handler_info_type *handler_info;
260 fullinfo_type *superclasses; /* null terminated superclasses */
261 int instruction_count; /* number of instructions */
262 fullinfo_type return_type; /* function return type */
263 fullinfo_type swap_table[4]; /* used for passing information */
264 int bitmask_size; /* words needed to hold bitmap of arguments */
265
266 /* these fields are per field */
267 int field_index;
268
269 /* Used by the space allocator */
270 struct CCpool *CCroot, *CCcurrent;
271 char *CCfree_ptr;
272 int CCfree_size;
273
274 /* Jump here on any error. */
275 jmp_buf jump_buffer;
276
277 #ifdef DEBUG
278 /* keep track of how many global refs are allocated. */
279 int n_globalrefs;
280 #endif
281 };
282
283 struct stack_info_type {
284 struct stack_item_type *stack;
285 int stack_size;
286 };
287
288 struct register_info_type {
289 int register_count; /* number of registers used */
290 fullinfo_type *registers;
291 int mask_count; /* number of masks in the following */
292 struct mask_type *masks;
293 };
294
295 struct mask_type {
296 int entry;
297 int *modifies;
298 };
299
300 typedef unsigned short flag_type;
301
302 struct instruction_data_type {
303 int opcode; /* may turn into "canonical" opcode */
304 unsigned changed:1; /* has it changed */
305 unsigned protected:1; /* must accessor be a subclass of "this" */
306 union {
307 int i; /* operand to the opcode */
308 int *ip;
309 fullinfo_type fi;
310 } operand, operand2;
311 fullinfo_type p;
312 struct stack_info_type stack_info;
313 struct register_info_type register_info;
314 #define FLAG_REACHED 0x01 /* instruction reached */
315 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
316 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
317 flag_type or_flags; /* true for at least one path to this inst */
318 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
319 flag_type and_flags; /* true for all paths to this instruction */
320 };
321
322 struct handler_info_type {
323 int start, end, handler;
324 struct stack_info_type stack_info;
325 };
326
327 struct stack_item_type {
328 fullinfo_type item;
329 struct stack_item_type *next;
330 };
331
332 typedef struct context_type context_type;
333 typedef struct instruction_data_type instruction_data_type;
334 typedef struct stack_item_type stack_item_type;
335 typedef struct register_info_type register_info_type;
336 typedef struct stack_info_type stack_info_type;
337 typedef struct mask_type mask_type;
338
339 static void read_all_code(context_type *context, jclass cb, int num_methods,
340 int** code_lengths, unsigned char*** code);
341 static void verify_method(context_type *context, jclass cb, int index,
342 int code_length, unsigned char* code);
343 static void free_all_code(context_type* context, int num_methods,
344 unsigned char** code);
345 static void verify_field(context_type *context, jclass cb, int index);
346
347 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
348 static void set_protected(context_type *, unsigned int inumber, int key, int);
349 static jboolean is_superclass(context_type *, fullinfo_type);
350
351 static void initialize_exception_table(context_type *);
352 static int instruction_length(unsigned char *iptr, unsigned char *end);
353 static jboolean isLegalTarget(context_type *, int offset);
354 static void verify_constant_pool_type(context_type *, int, unsigned);
355
356 static void initialize_dataflow(context_type *);
357 static void run_dataflow(context_type *context);
358 static void check_register_values(context_type *context, unsigned int inumber);
359 static void check_flags(context_type *context, unsigned int inumber);
360 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
361 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
362 static void update_flags(context_type *, unsigned int inumber,
363 flag_type *new_and_flags, flag_type *new_or_flags);
364 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
365
366 static void merge_into_successors(context_type *, unsigned int inumber,
367 register_info_type *register_info,
368 stack_info_type *stack_info,
369 flag_type and_flags, flag_type or_flags);
370 static void merge_into_one_successor(context_type *context,
371 unsigned int from_inumber,
372 unsigned int inumber,
373 register_info_type *register_info,
374 stack_info_type *stack_info,
375 flag_type and_flags, flag_type or_flags,
376 jboolean isException);
377 static void merge_stack(context_type *, unsigned int inumber,
378 unsigned int to_inumber, stack_info_type *);
379 static void merge_registers(context_type *, unsigned int inumber,
380 unsigned int to_inumber,
381 register_info_type *);
382 static void merge_flags(context_type *context, unsigned int from_inumber,
383 unsigned int to_inumber,
384 flag_type new_and_flags, flag_type new_or_flags);
385
386 static stack_item_type *copy_stack(context_type *, stack_item_type *);
387 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
388 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
389
390 static fullinfo_type decrement_indirection(fullinfo_type);
391
392 static fullinfo_type merge_fullinfo_types(context_type *context,
393 fullinfo_type a,
394 fullinfo_type b,
395 jboolean assignment);
396 static jboolean isAssignableTo(context_type *,
397 fullinfo_type a,
398 fullinfo_type b);
399
400 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
401
402
403 #define NEW(type, count) \
404 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
405 #define ZNEW(type, count) \
406 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
407
408 static void CCinit(context_type *context);
409 static void CCreinit(context_type *context);
410 static void CCdestroy(context_type *context);
411 static void *CCalloc(context_type *context, int size, jboolean zero);
412
413 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
414
415 static char signature_to_fieldtype(context_type *context,
416 const char **signature_p, fullinfo_type *info);
417
418 static void CCerror (context_type *, char *format, ...);
419 static void CFerror (context_type *, char *format, ...);
420 static void CCout_of_memory (context_type *);
421
422 /* Because we can longjmp any time, we need to be very careful about
423 * remembering what needs to be freed. */
424
425 static void check_and_push(context_type *context, const void *ptr, int kind);
426 static void pop_and_free(context_type *context);
427
428 static int signature_to_args_size(const char *method_signature);
429
430 #ifdef DEBUG
431 static void print_stack (context_type *, stack_info_type *stack_info);
432 static void print_registers(context_type *, register_info_type *register_info);
433 static void print_flags(context_type *, flag_type, flag_type);
434 static void print_formatted_fieldname(context_type *context, int index);
435 static void print_formatted_methodname(context_type *context, int index);
436 #endif
437
438 void initialize_class_hash(context_type *context)
439 {
440 hash_table_type *class_hash = &(context->class_hash);
441 class_hash->buckets = (hash_bucket_type **)
442 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
443 class_hash->table = (unsigned short *)
444 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
445 if (class_hash->buckets == 0 ||
446 class_hash->table == 0)
447 CCout_of_memory(context);
448 class_hash->entries_used = 0;
449 }
450
451 static void finalize_class_hash(context_type *context)
452 {
453 hash_table_type *class_hash = &(context->class_hash);
454 JNIEnv *env = context->env;
455 int i;
456 /* 4296677: bucket index starts from 1. */
457 for (i=1;i<=class_hash->entries_used;i++) {
458 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
459 assert(bucket != NULL);
460 free(bucket->name);
461 if (bucket->class) {
462 (*env)->DeleteGlobalRef(env, bucket->class);
463 #ifdef DEBUG
464 context->n_globalrefs--;
465 #endif
466 }
467 }
468 if (class_hash->buckets) {
469 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
470 if (class_hash->buckets[i] == 0)
471 break;
472 free(class_hash->buckets[i]);
473 }
474 }
475 free(class_hash->buckets);
476 free(class_hash->table);
477 }
478
479 static hash_bucket_type *
480 new_bucket(context_type *context, unsigned short *pID)
481 {
482 hash_table_type *class_hash = &(context->class_hash);
483 int i = *pID = class_hash->entries_used + 1;
484 int row = i / HASH_ROW_SIZE;
485 if (i >= MAX_HASH_ENTRIES)
486 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
487 if (class_hash->buckets[row] == 0) {
488 class_hash->buckets[row] = (hash_bucket_type*)
489 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
490 if (class_hash->buckets[row] == 0)
491 CCout_of_memory(context);
492 }
493 class_hash->entries_used++; /* only increment when we are sure there
494 is no overflow. */
495 return GET_BUCKET(class_hash, i);
496 }
497
498 static unsigned int
499 class_hash_fun(const char *s)
500 {
501 int i;
502 unsigned raw_hash;
503 for (raw_hash = 0; (i = *s) != '\0'; ++s)
504 raw_hash = raw_hash * 37 + i;
505 return raw_hash;
506 }
507
508 /*
509 * Find a class using the defining loader of the current class
510 * and return a local reference to it.
511 */
512 static jclass load_class_local(context_type *context,const char *classname)
513 {
514 jclass cb = JVM_FindClassFromClass(context->env, classname,
515 JNI_FALSE, context->class);
516 if (cb == 0)
517 CCerror(context, "Cannot find class %s", classname);
518 return cb;
519 }
520
521 /*
522 * Find a class using the defining loader of the current class
523 * and return a global reference to it.
524 */
525 static jclass load_class_global(context_type *context, const char *classname)
526 {
527 JNIEnv *env = context->env;
528 jclass local, global;
529
530 local = load_class_local(context, classname);
531 global = (*env)->NewGlobalRef(env, local);
532 if (global == 0)
533 CCout_of_memory(context);
534 #ifdef DEBUG
535 context->n_globalrefs++;
536 #endif
537 (*env)->DeleteLocalRef(env, local);
538 return global;
539 }
540
541 /*
542 * Return a unique ID given a local class reference. The loadable
543 * flag is true if the defining class loader of context->class
544 * is known to be capable of loading the class.
545 */
546 static unsigned short
547 class_to_ID(context_type *context, jclass cb, jboolean loadable)
548 {
549 JNIEnv *env = context->env;
550 hash_table_type *class_hash = &(context->class_hash);
551 unsigned int hash;
552 hash_bucket_type *bucket;
553 unsigned short *pID;
554 const char *name = JVM_GetClassNameUTF(env, cb);
555
556 check_and_push(context, name, VM_STRING_UTF);
557 hash = class_hash_fun(name);
558 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
559 while (*pID) {
560 bucket = GET_BUCKET(class_hash, *pID);
561 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
562 /*
563 * There is an unresolved entry with our name
564 * so we're forced to load it in case it matches us.
565 */
566 if (bucket->class == 0) {
567 assert(bucket->loadable == JNI_TRUE);
568 bucket->class = load_class_global(context, name);
569 }
570
571 /*
572 * It's already in the table. Update the loadable
573 * state if it's known and then we're done.
574 */
575 if ((*env)->IsSameObject(env, cb, bucket->class)) {
576 if (loadable && !bucket->loadable)
577 bucket->loadable = JNI_TRUE;
578 goto done;
579 }
580 }
581 pID = &bucket->next;
582 }
583 bucket = new_bucket(context, pID);
584 bucket->next = 0;
585 bucket->hash = hash;
586 bucket->name = malloc(strlen(name) + 1);
587 if (bucket->name == 0)
588 CCout_of_memory(context);
589 strcpy(bucket->name, name);
590 bucket->loadable = loadable;
591 bucket->class = (*env)->NewGlobalRef(env, cb);
592 if (bucket->class == 0)
593 CCout_of_memory(context);
594 #ifdef DEBUG
595 context->n_globalrefs++;
596 #endif
597
598 done:
599 pop_and_free(context);
600 return *pID;
601 }
602
603 /*
604 * Return a unique ID given a class name from the constant pool.
605 * All classes are lazily loaded from the defining loader of
606 * context->class.
607 */
608 static unsigned short
609 class_name_to_ID(context_type *context, const char *name)
610 {
611 hash_table_type *class_hash = &(context->class_hash);
612 unsigned int hash = class_hash_fun(name);
613 hash_bucket_type *bucket;
614 unsigned short *pID;
615 jboolean force_load = JNI_FALSE;
616
617 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
618 while (*pID) {
619 bucket = GET_BUCKET(class_hash, *pID);
620 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
621 if (bucket->loadable)
622 goto done;
623 force_load = JNI_TRUE;
624 }
625 pID = &bucket->next;
626 }
627
628 if (force_load) {
629 /*
630 * We found at least one matching named entry for a class that
631 * was not known to be loadable through the defining class loader
632 * of context->class. We must load our named class and update
633 * the hash table in case one these entries matches our class.
634 */
635 JNIEnv *env = context->env;
636 jclass cb = load_class_local(context, name);
637 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
638 (*env)->DeleteLocalRef(env, cb);
639 return id;
640 }
641
642 bucket = new_bucket(context, pID);
643 bucket->next = 0;
644 bucket->class = 0;
645 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
646 bucket->hash = hash;
647 bucket->name = malloc(strlen(name) + 1);
648 if (bucket->name == 0)
649 CCout_of_memory(context);
650 strcpy(bucket->name, name);
651
652 done:
653 return *pID;
654 }
655
656 static const char *
657 ID_to_class_name(context_type *context, unsigned short ID)
658 {
659 hash_table_type *class_hash = &(context->class_hash);
660 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
661 return bucket->name;
662 }
663
664 static jclass
665 ID_to_class(context_type *context, unsigned short ID)
666 {
667 hash_table_type *class_hash = &(context->class_hash);
668 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
669 if (bucket->class == 0) {
670 assert(bucket->loadable == JNI_TRUE);
671 bucket->class = load_class_global(context, bucket->name);
672 }
673 return bucket->class;
674 }
675
676 static fullinfo_type
677 make_loadable_class_info(context_type *context, jclass cb)
678 {
679 return MAKE_FULLINFO(ITEM_Object, 0,
680 class_to_ID(context, cb, JNI_TRUE));
681 }
682
683 static fullinfo_type
684 make_class_info(context_type *context, jclass cb)
685 {
686 return MAKE_FULLINFO(ITEM_Object, 0,
687 class_to_ID(context, cb, JNI_FALSE));
688 }
689
690 static fullinfo_type
691 make_class_info_from_name(context_type *context, const char *name)
692 {
693 return MAKE_FULLINFO(ITEM_Object, 0,
694 class_name_to_ID(context, name));
695 }
696
697 /* RETURNS
698 * 1: on success chosen to be consistent with previous VerifyClass
699 * 0: verify error
700 * 2: out of memory
701 * 3: class format error
702 *
703 * Called by verify_class. Verify the code of each of the methods
704 * in a class. Note that this function apparently can't be JNICALL,
705 * because if it is the dynamic linker doesn't appear to be able to
706 * find it on Win32.
707 */
708
709 #define CC_OK 1
710 #define CC_VerifyError 0
711 #define CC_OutOfMemory 2
712 #define CC_ClassFormatError 3
713
714 JNIEXPORT jboolean
715 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
716 jint major_version)
717 {
718 context_type context_structure;
719 context_type *context = &context_structure;
720 jboolean result = CC_OK;
721 int i;
722 int num_methods;
723 int* code_lengths;
724 unsigned char** code;
725
726 #ifdef DEBUG
727 GlobalContext = context;
728 #endif
729
730 memset(context, 0, sizeof(context_type));
731 context->message = buffer;
732 context->message_buf_len = len;
733
734 context->env = env;
735 context->class = cb;
736
737 /* Set invalid method/field index of the context, in case anyone
738 calls CCerror */
739 context->method_index = -1;
740 context->field_index = -1;
741
742 /* Don't call CCerror or anything that can call it above the setjmp! */
743 if (!setjmp(context->jump_buffer)) {
744 jclass super;
745
746 CCinit(context); /* initialize heap; may throw */
747
748 initialize_class_hash(context);
749
750 context->major_version = major_version;
751 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
752 context->constant_types = (unsigned char *)
753 malloc(sizeof(unsigned char) * context->nconstants + 1);
754
755 if (context->constant_types == 0)
756 CCout_of_memory(context);
757
758 JVM_GetClassCPTypes(env, cb, context->constant_types);
759
760 if (context->constant_types == 0)
761 CCout_of_memory(context);
762
763 context->object_info =
764 make_class_info_from_name(context, "java/lang/Object");
765 context->string_info =
766 make_class_info_from_name(context, "java/lang/String");
767 context->throwable_info =
768 make_class_info_from_name(context, "java/lang/Throwable");
769 context->cloneable_info =
770 make_class_info_from_name(context, "java/lang/Cloneable");
771 context->serializable_info =
772 make_class_info_from_name(context, "java/io/Serializable");
773
774 context->currentclass_info = make_loadable_class_info(context, cb);
775
776 super = (*env)->GetSuperclass(env, cb);
777
778 if (super != 0) {
779 fullinfo_type *gptr;
780 int i = 0;
781
782 context->superclass_info = make_loadable_class_info(context, super);
783
784 while(super != 0) {
785 jclass tmp_cb = (*env)->GetSuperclass(env, super);
786 (*env)->DeleteLocalRef(env, super);
787 super = tmp_cb;
788 i++;
789 }
790 (*env)->DeleteLocalRef(env, super);
791 super = 0;
792
793 /* Can't go on context heap since it survives more than
794 one method */
795 context->superclasses = gptr =
796 malloc(sizeof(fullinfo_type)*(i + 1));
797 if (gptr == 0) {
798 CCout_of_memory(context);
799 }
800
801 super = (*env)->GetSuperclass(env, context->class);
802 while(super != 0) {
803 jclass tmp_cb;
804 *gptr++ = make_class_info(context, super);
805 tmp_cb = (*env)->GetSuperclass(env, super);
806 (*env)->DeleteLocalRef(env, super);
807 super = tmp_cb;
808 }
809 *gptr = 0;
810 } else {
811 context->superclass_info = 0;
812 }
813
814 (*env)->DeleteLocalRef(env, super);
815
816 /* Look at each method */
817 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
818 verify_field(context, cb, i);
819 num_methods = JVM_GetClassMethodsCount(env, cb);
820 read_all_code(context, cb, num_methods, &code_lengths, &code);
821 for (i = num_methods - 1; i >= 0; --i)
822 verify_method(context, cb, i, code_lengths[i], code[i]);
823 free_all_code(context, num_methods, code);
824 result = CC_OK;
825 } else {
826 result = context->err_code;
827 }
828
829 /* Cleanup */
830 finalize_class_hash(context);
831
832 while(context->allocated_memory)
833 pop_and_free(context);
834
835 #ifdef DEBUG
836 GlobalContext = 0;
837 #endif
838
839 if (context->exceptions)
840 free(context->exceptions);
841
842 if (context->constant_types)
843 free(context->constant_types);
844
845 if (context->superclasses)
846 free(context->superclasses);
847
848 #ifdef DEBUG
849 /* Make sure all global refs created in the verifier are freed */
850 assert(context->n_globalrefs == 0);
851 #endif
852
853 CCdestroy(context); /* destroy heap */
854 return result;
855 }
856
857 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
858
859 JNIEXPORT jboolean
860 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
861 {
862 static int warned = 0;
863 if (!warned) {
864 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
865 warned = 1;
866 }
867 return VerifyClassForMajorVersion(env, cb, buffer, len,
868 OLD_FORMAT_MAX_MAJOR_VERSION);
869 }
870
871 static void
872 verify_field(context_type *context, jclass cb, int field_index)
873 {
874 JNIEnv *env = context->env;
875 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
876 context->field_index = field_index;
877
878 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
879 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
880 CCerror(context, "Inconsistent access bits.");
881 }
882 context->field_index = -1;
883 }
884
885
886 /**
887 * We read all of the class's methods' code because it is possible that
888 * the verification of one method could resulting in linking further
889 * down the stack (due to class loading), which could end up rewriting
890 * some of the bytecode of methods we haven't verified yet. Since we
891 * don't want to see the rewritten bytecode, cache all the code and
892 * operate only on that.
893 */
894 static void
895 read_all_code(context_type* context, jclass cb, int num_methods,
896 int** lengths_addr, unsigned char*** code_addr)
897 {
898 int* lengths;
899 unsigned char** code;
900 int i;
901
902 lengths = malloc(sizeof(int) * num_methods);
903 check_and_push(context, lengths, VM_MALLOC_BLK);
904
905 code = malloc(sizeof(unsigned char*) * num_methods);
906 check_and_push(context, code, VM_MALLOC_BLK);
907
908 *(lengths_addr) = lengths;
909 *(code_addr) = code;
910
911 for (i = 0; i < num_methods; ++i) {
912 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
913 if (lengths[i] > 0) {
914 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
915 check_and_push(context, code[i], VM_MALLOC_BLK);
916 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
917 } else {
918 code[i] = NULL;
919 }
920 }
921 }
922
923 static void
924 free_all_code(context_type* context, int num_methods, unsigned char** code)
925 {
926 int i;
927 for (i = 0; i < num_methods; ++i) {
928 if (code[i] != NULL) {
929 pop_and_free(context);
930 }
931 }
932 pop_and_free(context); /* code */
933 pop_and_free(context); /* lengths */
934 }
935
936 /* Verify the code of one method */
937 static void
938 verify_method(context_type *context, jclass cb, int method_index,
939 int code_length, unsigned char* code)
940 {
941 JNIEnv *env = context->env;
942 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
943 int *code_data;
944 instruction_data_type *idata = 0;
945 int instruction_count;
946 int i, offset;
947 unsigned int inumber;
948 jint nexceptions;
949
950 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
951 /* not much to do for abstract and native methods */
952 return;
953 }
954
955 context->code_length = code_length;
956 context->code = code;
957
958 /* CCerror can give method-specific info once this is set */
959 context->method_index = method_index;
960
961 CCreinit(context); /* initial heap */
962 code_data = NEW(int, code_length);
963
964 #ifdef DEBUG
965 if (verify_verbose) {
966 const char *classname = JVM_GetClassNameUTF(env, cb);
967 const char *methodname =
968 JVM_GetMethodIxNameUTF(env, cb, method_index);
969 const char *signature =
970 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
971 jio_fprintf(stdout, "Looking at %s.%s%s\n",
972 (classname ? classname : ""),
973 (methodname ? methodname : ""),
974 (signature ? signature : ""));
975 JVM_ReleaseUTF(classname);
976 JVM_ReleaseUTF(methodname);
977 JVM_ReleaseUTF(signature);
978 }
979 #endif
980
981 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
982 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
983 CCerror(context, "Inconsistent access bits.");
984 }
985
986 /* Run through the code. Mark the start of each instruction, and give
987 * the instruction a number */
988 for (i = 0, offset = 0; offset < code_length; i++) {
989 int length = instruction_length(&code[offset], code + code_length);
990 int next_offset = offset + length;
991 if (length <= 0)
992 CCerror(context, "Illegal instruction found at offset %d", offset);
993 if (next_offset > code_length)
994 CCerror(context, "Code stops in the middle of instruction "
995 " starting at offset %d", offset);
996 code_data[offset] = i;
997 while (++offset < next_offset)
998 code_data[offset] = -1; /* illegal location */
999 }
1000 instruction_count = i; /* number of instructions in code */
1001
1002 /* Allocate a structure to hold info about each instruction. */
1003 idata = NEW(instruction_data_type, instruction_count);
1004
1005 /* Initialize the heap, and other info in the context structure. */
1006 context->code = code;
1007 context->instruction_data = idata;
1008 context->code_data = code_data;
1009 context->instruction_count = instruction_count;
1010 context->handler_info =
1011 NEW(struct handler_info_type,
1012 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1013 context->bitmask_size =
1014 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1015 + (BITS_PER_INT - 1))/BITS_PER_INT;
1016
1017 if (instruction_count == 0)
1018 CCerror(context, "Empty code");
1019
1020 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1021 int length = instruction_length(&code[offset], code + code_length);
1022 instruction_data_type *this_idata = &idata[inumber];
1023 this_idata->opcode = code[offset];
1024 this_idata->stack_info.stack = NULL;
1025 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1026 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1027 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1028 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1029 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1030 this_idata->or_flags = 0; /* "bottom" or value*/
1031 /* This also sets up this_data->operand. It also makes the
1032 * xload_x and xstore_x instructions look like the generic form. */
1033 verify_opcode_operands(context, inumber, offset);
1034 offset += length;
1035 }
1036
1037
1038 /* make sure exception table is reasonable. */
1039 initialize_exception_table(context);
1040 /* Set up first instruction, and start of exception handlers. */
1041 initialize_dataflow(context);
1042 /* Run data flow analysis on the instructions. */
1043 run_dataflow(context);
1044
1045 /* verify checked exceptions, if any */
1046 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1047 context->exceptions = (unsigned short *)
1048 malloc(sizeof(unsigned short) * nexceptions + 1);
1049 if (context->exceptions == 0)
1050 CCout_of_memory(context);
1051 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1052 context->exceptions);
1053 for (i = 0; i < nexceptions; i++) {
1054 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1055 verify_constant_pool_type(context, (int)context->exceptions[i],
1056 1 << JVM_CONSTANT_Class);
1057 }
1058 free(context->exceptions);
1059 context->exceptions = 0;
1060 context->code = 0;
1061 context->method_index = -1;
1062 }
1063
1064
1065 /* Look at a single instruction, and verify its operands. Also, for
1066 * simplicity, move the operand into the ->operand field.
1067 * Make sure that branches don't go into the middle of nowhere.
1068 */
1069
1070 static jint _ck_ntohl(jint n)
1071 {
1072 unsigned char *p = (unsigned char *)&n;
1073 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1074 }
1075
1076 static void
1077 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1078 {
1079 JNIEnv *env = context->env;
1080 instruction_data_type *idata = context->instruction_data;
1081 instruction_data_type *this_idata = &idata[inumber];
1082 int *code_data = context->code_data;
1083 int mi = context->method_index;
1084 unsigned char *code = context->code;
1085 int opcode = this_idata->opcode;
1086 int var;
1087
1088 /*
1089 * Set the ip fields to 0 not the i fields because the ip fields
1090 * are 64 bits on 64 bit architectures, the i field is only 32
1091 */
1092 this_idata->operand.ip = 0;
1093 this_idata->operand2.ip = 0;
1094
1095 switch (opcode) {
1096
1097 case JVM_OPC_jsr:
1098 /* instruction of ret statement */
1099 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1100 /* FALLTHROUGH */
1101 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1102 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1103 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1104 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1105 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1106 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1107 case JVM_OPC_goto: {
1108 /* Set the ->operand to be the instruction number of the target. */
1109 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1110 int target = offset + jump;
1111 if (!isLegalTarget(context, target))
1112 CCerror(context, "Illegal target of jump or branch");
1113 this_idata->operand.i = code_data[target];
1114 break;
1115 }
1116
1117 case JVM_OPC_jsr_w:
1118 /* instruction of ret statement */
1119 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1120 /* FALLTHROUGH */
1121 case JVM_OPC_goto_w: {
1122 /* Set the ->operand to be the instruction number of the target. */
1123 int jump = (((signed char)(code[offset+1])) << 24) +
1124 (code[offset+2] << 16) + (code[offset+3] << 8) +
1125 (code[offset + 4]);
1126 int target = offset + jump;
1127 if (!isLegalTarget(context, target))
1128 CCerror(context, "Illegal target of jump or branch");
1129 this_idata->operand.i = code_data[target];
1130 break;
1131 }
1132
1133 case JVM_OPC_tableswitch:
1134 case JVM_OPC_lookupswitch: {
1135 /* Set the ->operand to be a table of possible instruction targets. */
1136 int *lpc = (int *) UCALIGN(code + offset + 1);
1137 int *lptr;
1138 int *saved_operand;
1139 int keys;
1140 int k, delta;
1141 /* 4639449, 4647081: Padding bytes must be zero. */
1142 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1143 for (; bptr < (unsigned char*)lpc; bptr++) {
1144 if (*bptr != 0) {
1145 CCerror(context, "Non zero padding bytes in switch");
1146 }
1147 }
1148 if (opcode == JVM_OPC_tableswitch) {
1149 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1150 delta = 1;
1151 } else {
1152 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1153 delta = 2;
1154 /* Make sure that the tableswitch items are sorted */
1155 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1156 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1157 int next_key = _ck_ntohl(lptr[2]);
1158 if (this_key >= next_key) {
1159 CCerror(context, "Unsorted lookup switch");
1160 }
1161 }
1162 }
1163 saved_operand = NEW(int, keys + 2);
1164 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1165 CCerror(context, "Illegal default target in switch");
1166 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1167 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1168 int target = offset + _ck_ntohl(lptr[0]);
1169 if (!isLegalTarget(context, target))
1170 CCerror(context, "Illegal branch in tableswitch");
1171 saved_operand[k + 1] = code_data[target];
1172 }
1173 saved_operand[0] = keys + 1; /* number of successors */
1174 this_idata->operand.ip = saved_operand;
1175 break;
1176 }
1177
1178 case JVM_OPC_ldc: {
1179 /* Make sure the constant pool item is the right type. */
1180 int key = code[offset + 1];
1181 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1182 (1 << JVM_CONSTANT_String);
1183 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1184 types |= 1 << JVM_CONSTANT_Class;
1185 }
1186 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1187 types |= (1 << JVM_CONSTANT_MethodHandle) |
1188 (1 << JVM_CONSTANT_MethodType);
1189 }
1190 this_idata->operand.i = key;
1191 verify_constant_pool_type(context, key, types);
1192 break;
1193 }
1194
1195 case JVM_OPC_ldc_w: {
1196 /* Make sure the constant pool item is the right type. */
1197 int key = (code[offset + 1] << 8) + code[offset + 2];
1198 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1199 (1 << JVM_CONSTANT_String);
1200 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1201 types |= 1 << JVM_CONSTANT_Class;
1202 }
1203 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1204 types |= (1 << JVM_CONSTANT_MethodHandle) |
1205 (1 << JVM_CONSTANT_MethodType);
1206 }
1207 this_idata->operand.i = key;
1208 verify_constant_pool_type(context, key, types);
1209 break;
1210 }
1211
1212 case JVM_OPC_ldc2_w: {
1213 /* Make sure the constant pool item is the right type. */
1214 int key = (code[offset + 1] << 8) + code[offset + 2];
1215 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1216 this_idata->operand.i = key;
1217 verify_constant_pool_type(context, key, types);
1218 break;
1219 }
1220
1221 case JVM_OPC_getfield: case JVM_OPC_putfield:
1222 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1223 /* Make sure the constant pool item is the right type. */
1224 int key = (code[offset + 1] << 8) + code[offset + 2];
1225 this_idata->operand.i = key;
1226 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1227 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1228 set_protected(context, inumber, key, opcode);
1229 break;
1230 }
1231
1232 case JVM_OPC_invokevirtual:
1233 case JVM_OPC_invokespecial:
1234 case JVM_OPC_invokestatic:
1235 case JVM_OPC_invokedynamic:
1236 case JVM_OPC_invokeinterface: {
1237 /* Make sure the constant pool item is the right type. */
1238 int key = (code[offset + 1] << 8) + code[offset + 2];
1239 const char *methodname;
1240 jclass cb = context->class;
1241 fullinfo_type clazz_info;
1242 int is_constructor, is_internal, is_invokedynamic;
1243 int kind = (opcode == JVM_OPC_invokeinterface
1244 ? 1 << JVM_CONSTANT_InterfaceMethodref
1245 : opcode == JVM_OPC_invokedynamic
1246 ? 1 << JVM_CONSTANT_NameAndType
1247 : 1 << JVM_CONSTANT_Methodref);
1248 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1249 /* Make sure the constant pool item is the right type. */
1250 verify_constant_pool_type(context, key, kind);
1251 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1252 check_and_push(context, methodname, VM_STRING_UTF);
1253 is_constructor = !strcmp(methodname, "<init>");
1254 is_internal = methodname[0] == '<';
1255 pop_and_free(context);
1256
1257 if (is_invokedynamic)
1258 clazz_info = context->object_info; // anything will do
1259 else
1260 clazz_info = cp_index_to_class_fullinfo(context, key,
1261 JVM_CONSTANT_Methodref);
1262 this_idata->operand.i = key;
1263 this_idata->operand2.fi = clazz_info;
1264 if (is_constructor) {
1265 if (opcode != JVM_OPC_invokespecial) {
1266 CCerror(context,
1267 "Must call initializers using invokespecial");
1268 }
1269 this_idata->opcode = JVM_OPC_invokeinit;
1270 } else {
1271 if (is_internal) {
1272 CCerror(context, "Illegal call to internal method");
1273 }
1274 if (opcode == JVM_OPC_invokespecial
1275 && clazz_info != context->currentclass_info
1276 && clazz_info != context->superclass_info) {
1277 int not_found = 1;
1278
1279 jclass super = (*env)->GetSuperclass(env, context->class);
1280 while(super != 0) {
1281 jclass tmp_cb;
1282 fullinfo_type new_info = make_class_info(context, super);
1283 if (clazz_info == new_info) {
1284 not_found = 0;
1285 break;
1286 }
1287 tmp_cb = (*env)->GetSuperclass(env, super);
1288 (*env)->DeleteLocalRef(env, super);
1289 super = tmp_cb;
1290 }
1291 (*env)->DeleteLocalRef(env, super);
1292
1293 /* The optimizer make cause this to happen on local code */
1294 if (not_found) {
1295 #ifdef BROKEN_JAVAC
1296 jobject loader = JVM_GetClassLoader(env, context->class);
1297 int has_loader = (loader != 0);
1298 (*env)->DeleteLocalRef(env, loader);
1299 if (has_loader)
1300 #endif /* BROKEN_JAVAC */
1301 CCerror(context,
1302 "Illegal use of nonvirtual function call");
1303 }
1304 }
1305 }
1306 if (opcode == JVM_OPC_invokeinterface) {
1307 unsigned int args1;
1308 unsigned int args2;
1309 const char *signature =
1310 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1311 check_and_push(context, signature, VM_STRING_UTF);
1312 args1 = signature_to_args_size(signature) + 1;
1313 args2 = code[offset + 3];
1314 if (args1 != args2) {
1315 CCerror(context,
1316 "Inconsistent args_size for invokeinterface");
1317 }
1318 if (code[offset + 4] != 0) {
1319 CCerror(context,
1320 "Fourth operand byte of invokeinterface must be zero");
1321 }
1322 pop_and_free(context);
1323 } else if (opcode == JVM_OPC_invokedynamic) {
1324 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1325 CCerror(context,
1326 "Third and fourth operand bytes of invokedynamic must be zero");
1327 }
1328 } else if (opcode == JVM_OPC_invokevirtual
1329 || opcode == JVM_OPC_invokespecial)
1330 set_protected(context, inumber, key, opcode);
1331 break;
1332 }
1333
1334
1335 case JVM_OPC_instanceof:
1336 case JVM_OPC_checkcast:
1337 case JVM_OPC_new:
1338 case JVM_OPC_anewarray:
1339 case JVM_OPC_multianewarray: {
1340 /* Make sure the constant pool item is a class */
1341 int key = (code[offset + 1] << 8) + code[offset + 2];
1342 fullinfo_type target;
1343 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1344 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1345 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1346 CCerror(context, "Illegal type");
1347 switch(opcode) {
1348 case JVM_OPC_anewarray:
1349 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1350 CCerror(context, "Array with too many dimensions");
1351 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1352 GET_INDIRECTION(target) + 1,
1353 GET_EXTRA_INFO(target));
1354 break;
1355 case JVM_OPC_new:
1356 if (WITH_ZERO_EXTRA_INFO(target) !=
1357 MAKE_FULLINFO(ITEM_Object, 0, 0))
1358 CCerror(context, "Illegal creation of multi-dimensional array");
1359 /* operand gets set to the "unitialized object". operand2 gets
1360 * set to what the value will be after it's initialized. */
1361 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1362 this_idata->operand2.fi = target;
1363 break;
1364 case JVM_OPC_multianewarray:
1365 this_idata->operand.fi = target;
1366 this_idata->operand2.i = code[offset + 3];
1367 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1368 || (this_idata->operand2.i == 0))
1369 CCerror(context, "Illegal dimension argument");
1370 break;
1371 default:
1372 this_idata->operand.fi = target;
1373 }
1374 break;
1375 }
1376
1377 case JVM_OPC_newarray: {
1378 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1379 fullinfo_type full_info;
1380 switch (code[offset + 1]) {
1381 case JVM_T_INT:
1382 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1383 case JVM_T_LONG:
1384 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1385 case JVM_T_FLOAT:
1386 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1387 case JVM_T_DOUBLE:
1388 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1389 case JVM_T_BYTE: case JVM_T_BOOLEAN:
1390 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1391 case JVM_T_CHAR:
1392 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1393 case JVM_T_SHORT:
1394 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1395 default:
1396 full_info = 0; /* Keep lint happy */
1397 CCerror(context, "Bad type passed to newarray");
1398 }
1399 this_idata->operand.fi = full_info;
1400 break;
1401 }
1402
1403 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1404 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1405 this_idata->opcode = JVM_OPC_iload;
1406 var = opcode - JVM_OPC_iload_0;
1407 goto check_local_variable;
1408
1409 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1410 this_idata->opcode = JVM_OPC_fload;
1411 var = opcode - JVM_OPC_fload_0;
1412 goto check_local_variable;
1413
1414 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1415 this_idata->opcode = JVM_OPC_aload;
1416 var = opcode - JVM_OPC_aload_0;
1417 goto check_local_variable;
1418
1419 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1420 this_idata->opcode = JVM_OPC_lload;
1421 var = opcode - JVM_OPC_lload_0;
1422 goto check_local_variable2;
1423
1424 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1425 this_idata->opcode = JVM_OPC_dload;
1426 var = opcode - JVM_OPC_dload_0;
1427 goto check_local_variable2;
1428
1429 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1430 this_idata->opcode = JVM_OPC_istore;
1431 var = opcode - JVM_OPC_istore_0;
1432 goto check_local_variable;
1433
1434 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1435 this_idata->opcode = JVM_OPC_fstore;
1436 var = opcode - JVM_OPC_fstore_0;
1437 goto check_local_variable;
1438
1439 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1440 this_idata->opcode = JVM_OPC_astore;
1441 var = opcode - JVM_OPC_astore_0;
1442 goto check_local_variable;
1443
1444 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1445 this_idata->opcode = JVM_OPC_lstore;
1446 var = opcode - JVM_OPC_lstore_0;
1447 goto check_local_variable2;
1448
1449 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1450 this_idata->opcode = JVM_OPC_dstore;
1451 var = opcode - JVM_OPC_dstore_0;
1452 goto check_local_variable2;
1453
1454 case JVM_OPC_wide:
1455 this_idata->opcode = code[offset + 1];
1456 var = (code[offset + 2] << 8) + code[offset + 3];
1457 switch(this_idata->opcode) {
1458 case JVM_OPC_lload: case JVM_OPC_dload:
1459 case JVM_OPC_lstore: case JVM_OPC_dstore:
1460 goto check_local_variable2;
1461 default:
1462 goto check_local_variable;
1463 }
1464
1465 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1466 case JVM_OPC_ret:
1467 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1468 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1469 var = code[offset + 1];
1470 check_local_variable:
1471 /* Make sure that the variable number isn't illegal. */
1472 this_idata->operand.i = var;
1473 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1474 CCerror(context, "Illegal local variable number");
1475 break;
1476
1477 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1478 var = code[offset + 1];
1479 check_local_variable2:
1480 /* Make sure that the variable number isn't illegal. */
1481 this_idata->operand.i = var;
1482 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1483 CCerror(context, "Illegal local variable number");
1484 break;
1485
1486 default:
1487 if (opcode > JVM_OPC_MAX)
1488 CCerror(context, "Quick instructions shouldn't appear yet.");
1489 break;
1490 } /* of switch */
1491 }
1492
1493
1494 static void
1495 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1496 {
1497 JNIEnv *env = context->env;
1498 fullinfo_type clazz_info;
1499 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1500 clazz_info = cp_index_to_class_fullinfo(context, key,
1501 JVM_CONSTANT_Fieldref);
1502 } else {
1503 clazz_info = cp_index_to_class_fullinfo(context, key,
1504 JVM_CONSTANT_Methodref);
1505 }
1506 if (is_superclass(context, clazz_info)) {
1507 jclass calledClass =
1508 object_fullinfo_to_classclass(context, clazz_info);
1509 int access;
1510 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1511 searches the referenced field or method in calledClass. The following
1512 while loop is added to search up the superclass chain to make this
1513 symbolic resolution consistent with the field/method resolution
1514 specified in VM spec 5.4.3. */
1515 calledClass = (*env)->NewLocalRef(env, calledClass);
1516 do {
1517 jclass tmp_cb;
1518 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1519 access = JVM_GetCPFieldModifiers
1520 (env, context->class, key, calledClass);
1521 } else {
1522 access = JVM_GetCPMethodModifiers
1523 (env, context->class, key, calledClass);
1524 }
1525 if (access != -1) {
1526 break;
1527 }
1528 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1529 (*env)->DeleteLocalRef(env, calledClass);
1530 calledClass = tmp_cb;
1531 } while (calledClass != 0);
1532
1533 if (access == -1) {
1534 /* field/method not found, detected at runtime. */
1535 } else if (access & JVM_ACC_PROTECTED) {
1536 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1537 context->instruction_data[inumber].protected = JNI_TRUE;
1538 }
1539 (*env)->DeleteLocalRef(env, calledClass);
1540 }
1541 }
1542
1543
1544 static jboolean
1545 is_superclass(context_type *context, fullinfo_type clazz_info) {
1546 fullinfo_type *fptr = context->superclasses;
1547
1548 if (fptr == 0)
1549 return JNI_FALSE;
1550 for (; *fptr != 0; fptr++) {
1551 if (*fptr == clazz_info)
1552 return JNI_TRUE;
1553 }
1554 return JNI_FALSE;
1555 }
1556
1557
1558 /* Look through each item on the exception table. Each of the fields must
1559 * refer to a legal instruction.
1560 */
1561 static void
1562 initialize_exception_table(context_type *context)
1563 {
1564 JNIEnv *env = context->env;
1565 int mi = context->method_index;
1566 struct handler_info_type *handler_info = context->handler_info;
1567 int *code_data = context->code_data;
1568 int code_length = context->code_length;
1569 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1570 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1571 if (max_stack_size < 1 && i > 0) {
1572 // If the method contains exception handlers, it must have room
1573 // on the expression stack for the exception that the VM could push
1574 CCerror(context, "Stack size too large");
1575 }
1576 for (; --i >= 0; handler_info++) {
1577 JVM_ExceptionTableEntryType einfo;
1578 stack_item_type *stack_item = NEW(stack_item_type, 1);
1579
1580 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1581 i, &einfo);
1582
1583 if (!(einfo.start_pc < einfo.end_pc &&
1584 einfo.start_pc >= 0 &&
1585 isLegalTarget(context, einfo.start_pc) &&
1586 (einfo.end_pc == code_length ||
1587 isLegalTarget(context, einfo.end_pc)))) {
1588 CFerror(context, "Illegal exception table range");
1589 }
1590 if (!((einfo.handler_pc > 0) &&
1591 isLegalTarget(context, einfo.handler_pc))) {
1592 CFerror(context, "Illegal exception table handler");
1593 }
1594
1595 handler_info->start = code_data[einfo.start_pc];
1596 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1597 handler_info->end = (einfo.end_pc == context->code_length) ?
1598 context->instruction_count : code_data[einfo.end_pc];
1599 handler_info->handler = code_data[einfo.handler_pc];
1600 handler_info->stack_info.stack = stack_item;
1601 handler_info->stack_info.stack_size = 1;
1602 stack_item->next = NULL;
1603 if (einfo.catchType != 0) {
1604 const char *classname;
1605 /* Constant pool entry type has been checked in format checker */
1606 classname = JVM_GetCPClassNameUTF(env,
1607 context->class,
1608 einfo.catchType);
1609 check_and_push(context, classname, VM_STRING_UTF);
1610 stack_item->item = make_class_info_from_name(context, classname);
1611 if (!isAssignableTo(context,
1612 stack_item->item,
1613 context->throwable_info))
1614 CCerror(context, "catch_type not a subclass of Throwable");
1615 pop_and_free(context);
1616 } else {
1617 stack_item->item = context->throwable_info;
1618 }
1619 }
1620 }
1621
1622
1623 /* Given a pointer to an instruction, return its length. Use the table
1624 * opcode_length[] which is automatically built.
1625 */
1626 static int instruction_length(unsigned char *iptr, unsigned char *end)
1627 {
1628 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1629 int instruction = *iptr;
1630 switch (instruction) {
1631 case JVM_OPC_tableswitch: {
1632 int *lpc = (int *)UCALIGN(iptr + 1);
1633 int index;
1634 if (lpc + 2 >= (int *)end) {
1635 return -1; /* do not read pass the end */
1636 }
1637 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1638 if ((index < 0) || (index > 65535)) {
1639 return -1; /* illegal */
1640 } else {
1641 return (unsigned char *)(&lpc[index + 4]) - iptr;
1642 }
1643 }
1644
1645 case JVM_OPC_lookupswitch: {
1646 int *lpc = (int *) UCALIGN(iptr + 1);
1647 int npairs;
1648 if (lpc + 1 >= (int *)end)
1649 return -1; /* do not read pass the end */
1650 npairs = _ck_ntohl(lpc[1]);
1651 /* There can't be more than 64K labels because of the limit
1652 * on per-method byte code length.
1653 */
1654 if (npairs < 0 || npairs >= 65536)
1655 return -1;
1656 else
1657 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1658 }
1659
1660 case JVM_OPC_wide:
1661 if (iptr + 1 >= end)
1662 return -1; /* do not read pass the end */
1663 switch(iptr[1]) {
1664 case JVM_OPC_ret:
1665 case JVM_OPC_iload: case JVM_OPC_istore:
1666 case JVM_OPC_fload: case JVM_OPC_fstore:
1667 case JVM_OPC_aload: case JVM_OPC_astore:
1668 case JVM_OPC_lload: case JVM_OPC_lstore:
1669 case JVM_OPC_dload: case JVM_OPC_dstore:
1670 return 4;
1671 case JVM_OPC_iinc:
1672 return 6;
1673 default:
1674 return -1;
1675 }
1676
1677 default: {
1678 /* A length of 0 indicates an error. */
1679 int length = opcode_length[instruction];
1680 return (length <= 0) ? -1 : length;
1681 }
1682 }
1683 }
1684
1685
1686 /* Given the target of a branch, make sure that it's a legal target. */
1687 static jboolean
1688 isLegalTarget(context_type *context, int offset)
1689 {
1690 int code_length = context->code_length;
1691 int *code_data = context->code_data;
1692 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1693 }
1694
1695
1696 /* Make sure that an element of the constant pool really is of the indicated
1697 * type.
1698 */
1699 static void
1700 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1701 {
1702 int nconstants = context->nconstants;
1703 unsigned char *type_table = context->constant_types;
1704 unsigned type;
1705
1706 if ((index <= 0) || (index >= nconstants))
1707 CCerror(context, "Illegal constant pool index");
1708
1709 type = type_table[index];
1710 if ((mask & (1 << type)) == 0)
1711 CCerror(context, "Illegal type in constant pool");
1712 }
1713
1714
1715 static void
1716 initialize_dataflow(context_type *context)
1717 {
1718 JNIEnv *env = context->env;
1719 instruction_data_type *idata = context->instruction_data;
1720 int mi = context->method_index;
1721 jclass cb = context->class;
1722 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1723 fullinfo_type *reg_ptr;
1724 fullinfo_type full_info;
1725 const char *p;
1726 const char *signature;
1727
1728 /* Initialize the function entry, since we know everything about it. */
1729 idata[0].stack_info.stack_size = 0;
1730 idata[0].stack_info.stack = NULL;
1731 idata[0].register_info.register_count = args_size;
1732 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1733 idata[0].register_info.mask_count = 0;
1734 idata[0].register_info.masks = NULL;
1735 idata[0].and_flags = 0; /* nothing needed */
1736 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1737 reg_ptr = idata[0].register_info.registers;
1738
1739 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1740 /* A non static method. If this is an <init> method, the first
1741 * argument is an uninitialized object. Otherwise it is an object of
1742 * the given class type. java.lang.Object.<init> is special since
1743 * we don't call its superclass <init> method.
1744 */
1745 if (JVM_IsConstructorIx(env, cb, mi)
1746 && context->currentclass_info != context->object_info) {
1747 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1748 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1749 } else {
1750 *reg_ptr++ = context->currentclass_info;
1751 }
1752 }
1753 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1754 check_and_push(context, signature, VM_STRING_UTF);
1755 /* Fill in each of the arguments into the registers. */
1756 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1757 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1758 switch (fieldchar) {
1759 case 'D': case 'L':
1760 *reg_ptr++ = full_info;
1761 *reg_ptr++ = full_info + 1;
1762 break;
1763 default:
1764 *reg_ptr++ = full_info;
1765 break;
1766 }
1767 }
1768 p++; /* skip over right parenthesis */
1769 if (*p == 'V') {
1770 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1771 } else {
1772 signature_to_fieldtype(context, &p, &full_info);
1773 context->return_type = full_info;
1774 }
1775 pop_and_free(context);
1776 /* Indicate that we need to look at the first instruction. */
1777 idata[0].changed = JNI_TRUE;
1778 }
1779
1780
1781 /* Run the data flow analysis, as long as there are things to change. */
1782 static void
1783 run_dataflow(context_type *context) {
1784 JNIEnv *env = context->env;
1785 int mi = context->method_index;
1786 jclass cb = context->class;
1787 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1788 instruction_data_type *idata = context->instruction_data;
1789 unsigned int icount = context->instruction_count;
1790 jboolean work_to_do = JNI_TRUE;
1791 unsigned int inumber;
1792
1793 /* Run through the loop, until there is nothing left to do. */
1794 while (work_to_do) {
1795 work_to_do = JNI_FALSE;
1796 for (inumber = 0; inumber < icount; inumber++) {
1797 instruction_data_type *this_idata = &idata[inumber];
1798 if (this_idata->changed) {
1799 register_info_type new_register_info;
1800 stack_info_type new_stack_info;
1801 flag_type new_and_flags, new_or_flags;
1802
1803 this_idata->changed = JNI_FALSE;
1804 work_to_do = JNI_TRUE;
1805 #ifdef DEBUG
1806 if (verify_verbose) {
1807 int opcode = this_idata->opcode;
1808 jio_fprintf(stdout, "Instruction %d: ", inumber);
1809 print_stack(context, &this_idata->stack_info);
1810 print_registers(context, &this_idata->register_info);
1811 print_flags(context,
1812 this_idata->and_flags, this_idata->or_flags);
1813 fflush(stdout);
1814 }
1815 #endif
1816 /* Make sure the registers and flags are appropriate */
1817 check_register_values(context, inumber);
1818 check_flags(context, inumber);
1819
1820 /* Make sure the stack can deal with this instruction */
1821 pop_stack(context, inumber, &new_stack_info);
1822
1823 /* Update the registers and flags */
1824 update_registers(context, inumber, &new_register_info);
1825 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1826
1827 /* Update the stack. */
1828 push_stack(context, inumber, &new_stack_info);
1829
1830 if (new_stack_info.stack_size > max_stack_size)
1831 CCerror(context, "Stack size too large");
1832 #ifdef DEBUG
1833 if (verify_verbose) {
1834 jio_fprintf(stdout, " ");
1835 print_stack(context, &new_stack_info);
1836 print_registers(context, &new_register_info);
1837 print_flags(context, new_and_flags, new_or_flags);
1838 fflush(stdout);
1839 }
1840 #endif
1841 /* Add the new stack and register information to any
1842 * instructions that can follow this instruction. */
1843 merge_into_successors(context, inumber,
1844 &new_register_info, &new_stack_info,
1845 new_and_flags, new_or_flags);
1846 }
1847 }
1848 }
1849 }
1850
1851
1852 /* Make sure that the registers contain a legitimate value for the given
1853 * instruction.
1854 */
1855
1856 static void
1857 check_register_values(context_type *context, unsigned int inumber)
1858 {
1859 instruction_data_type *idata = context->instruction_data;
1860 instruction_data_type *this_idata = &idata[inumber];
1861 int opcode = this_idata->opcode;
1862 int operand = this_idata->operand.i;
1863 int register_count = this_idata->register_info.register_count;
1864 fullinfo_type *registers = this_idata->register_info.registers;
1865 jboolean double_word = JNI_FALSE; /* default value */
1866 int type;
1867
1868 switch (opcode) {
1869 default:
1870 return;
1871 case JVM_OPC_iload: case JVM_OPC_iinc:
1872 type = ITEM_Integer; break;
1873 case JVM_OPC_fload:
1874 type = ITEM_Float; break;
1875 case JVM_OPC_aload:
1876 type = ITEM_Object; break;
1877 case JVM_OPC_ret:
1878 type = ITEM_ReturnAddress; break;
1879 case JVM_OPC_lload:
1880 type = ITEM_Long; double_word = JNI_TRUE; break;
1881 case JVM_OPC_dload:
1882 type = ITEM_Double; double_word = JNI_TRUE; break;
1883 }
1884 if (!double_word) {
1885 fullinfo_type reg;
1886 /* Make sure we don't have an illegal register or one with wrong type */
1887 if (operand >= register_count) {
1888 CCerror(context,
1889 "Accessing value from uninitialized register %d", operand);
1890 }
1891 reg = registers[operand];
1892
1893 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1894 /* the register is obviously of the given type */
1895 return;
1896 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1897 /* address type stuff be used on all arrays */
1898 return;
1899 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1900 CCerror(context, "Cannot load return address from register %d",
1901 operand);
1902 /* alternatively
1903 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1904 && (opcode == JVM_OPC_iload)
1905 && (type == ITEM_Object || type == ITEM_Integer)
1906 but this never occurs
1907 */
1908 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1909 return;
1910 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1911 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1912 type == ITEM_Object) {
1913 return;
1914 } else {
1915 CCerror(context, "Register %d contains wrong type", operand);
1916 }
1917 } else {
1918 /* Make sure we don't have an illegal register or one with wrong type */
1919 if ((operand + 1) >= register_count) {
1920 CCerror(context,
1921 "Accessing value from uninitialized register pair %d/%d",
1922 operand, operand+1);
1923 } else {
1924 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1925 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1926 return;
1927 } else {
1928 CCerror(context, "Register pair %d/%d contains wrong type",
1929 operand, operand+1);
1930 }
1931 }
1932 }
1933 }
1934
1935
1936 /* Make sure the flags contain legitimate values for this instruction.
1937 */
1938
1939 static void
1940 check_flags(context_type *context, unsigned int inumber)
1941 {
1942 instruction_data_type *idata = context->instruction_data;
1943 instruction_data_type *this_idata = &idata[inumber];
1944 int opcode = this_idata->opcode;
1945 switch (opcode) {
1946 case JVM_OPC_return:
1947 /* We need a constructor, but we aren't guaranteed it's called */
1948 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
1949 !(this_idata->and_flags & FLAG_CONSTRUCTED))
1950 CCerror(context, "Constructor must call super() or this()");
1951 /* fall through */
1952 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
1953 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
1954 if (this_idata->or_flags & FLAG_NO_RETURN)
1955 /* This method cannot exit normally */
1956 CCerror(context, "Cannot return normally");
1957 default:
1958 break; /* nothing to do. */
1959 }
1960 }
1961
1962 /* Make sure that the top of the stack contains reasonable values for the
1963 * given instruction. The post-pop values of the stack and its size are
1964 * returned in *new_stack_info.
1965 */
1966
1967 static void
1968 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
1969 {
1970 instruction_data_type *idata = context->instruction_data;
1971 instruction_data_type *this_idata = &idata[inumber];
1972 int opcode = this_idata->opcode;
1973 stack_item_type *stack = this_idata->stack_info.stack;
1974 int stack_size = this_idata->stack_info.stack_size;
1975 char *stack_operands, *p;
1976 char buffer[257]; /* for holding manufactured argument lists */
1977 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
1978 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
1979 fullinfo_type full_info; /* only used in case of invoke instructions */
1980 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
1981
1982 switch(opcode) {
1983 default:
1984 /* For most instructions, we just use a built-in table */
1985 stack_operands = opcode_in_out[opcode][0];
1986 break;
1987
1988 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
1989 /* The top thing on the stack depends on the signature of
1990 * the object. */
1991 int operand = this_idata->operand.i;
1992 const char *signature =
1993 JVM_GetCPFieldSignatureUTF(context->env,
1994 context->class,
1995 operand);
1996 char *ip = buffer;
1997 check_and_push(context, signature, VM_STRING_UTF);
1998 #ifdef DEBUG
1999 if (verify_verbose) {
2000 print_formatted_fieldname(context, operand);
2001 }
2002 #endif
2003 if (opcode == JVM_OPC_putfield)
2004 *ip++ = 'A'; /* object for putfield */
2005 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2006 *ip = '\0';
2007 stack_operands = buffer;
2008 pop_and_free(context);
2009 break;
2010 }
2011
2012 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2013 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2014 case JVM_OPC_invokedynamic:
2015 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2016 /* The top stuff on the stack depends on the method signature */
2017 int operand = this_idata->operand.i;
2018 const char *signature =
2019 JVM_GetCPMethodSignatureUTF(context->env,
2020 context->class,
2021 operand);
2022 char *ip = buffer;
2023 const char *p;
2024 check_and_push(context, signature, VM_STRING_UTF);
2025 #ifdef DEBUG
2026 if (verify_verbose) {
2027 print_formatted_methodname(context, operand);
2028 }
2029 #endif
2030 if (opcode != JVM_OPC_invokestatic &&
2031 opcode != JVM_OPC_invokedynamic)
2032 /* First, push the object */
2033 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2034 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2035 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2036 if (ip >= buffer + sizeof(buffer) - 1)
2037 CCerror(context, "Signature %s has too many arguments",
2038 signature);
2039 }
2040 *ip = 0;
2041 stack_operands = buffer;
2042 pop_and_free(context);
2043 break;
2044 }
2045
2046 case JVM_OPC_multianewarray: {
2047 /* Count can't be larger than 255. So can't overflow buffer */
2048 int count = this_idata->operand2.i; /* number of ints on stack */
2049 memset(buffer, 'I', count);
2050 buffer[count] = '\0';
2051 stack_operands = buffer;
2052 break;
2053 }
2054
2055 } /* of switch */
2056
2057 /* Run through the list of operands >>backwards<< */
2058 for ( p = stack_operands + strlen(stack_operands);
2059 p > stack_operands;
2060 stack = stack->next) {
2061 int type = *--p;
2062 fullinfo_type top_type = stack ? stack->item : 0;
2063 int size = (type == 'D' || type == 'L') ? 2 : 1;
2064 *--stack_extra_info = top_type;
2065 if (stack == NULL)
2066 CCerror(context, "Unable to pop operand off an empty stack");
2067
2068 switch (type) {
2069 case 'I':
2070 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2071 CCerror(context, "Expecting to find integer on stack");
2072 break;
2073
2074 case 'F':
2075 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2076 CCerror(context, "Expecting to find float on stack");
2077 break;
2078
2079 case 'A': /* object or array */
2080 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2081 && (GET_INDIRECTION(top_type) == 0)) {
2082 /* The thing isn't an object or an array. Let's see if it's
2083 * one of the special cases */
2084 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2085 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2086 && (opcode == JVM_OPC_astore))
2087 break;
2088 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2089 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2090 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2091 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2092 break;
2093 /* The 2nd edition VM of the specification allows field
2094 * initializations before the superclass initializer,
2095 * if the field is defined within the current class.
2096 */
2097 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2098 && (opcode == JVM_OPC_putfield)) {
2099 int operand = this_idata->operand.i;
2100 int access_bits = JVM_GetCPFieldModifiers(context->env,
2101 context->class,
2102 operand,
2103 context->class);
2104 /* Note: This relies on the fact that
2105 * JVM_GetCPFieldModifiers retrieves only local fields,
2106 * and does not respect inheritance.
2107 */
2108 if (access_bits != -1) {
2109 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2110 context->currentclass_info ) {
2111 top_type = context->currentclass_info;
2112 *stack_extra_info = top_type;
2113 break;
2114 }
2115 }
2116 }
2117 CCerror(context, "Expecting to find object/array on stack");
2118 }
2119 break;
2120
2121 case '@': { /* unitialized object, for call to <init> */
2122 int item_type = GET_ITEM_TYPE(top_type);
2123 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2124 CCerror(context,
2125 "Expecting to find unitialized object on stack");
2126 break;
2127 }
2128
2129 case 'O': /* object, not array */
2130 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2131 MAKE_FULLINFO(ITEM_Object, 0, 0))
2132 CCerror(context, "Expecting to find object on stack");
2133 break;
2134
2135 case 'a': /* integer, object, or array */
2136 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2137 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2138 && (GET_INDIRECTION(top_type) == 0))
2139 CCerror(context,
2140 "Expecting to find object, array, or int on stack");
2141 break;
2142
2143 case 'D': /* double */
2144 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2145 CCerror(context, "Expecting to find double on stack");
2146 break;
2147
2148 case 'L': /* long */
2149 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2150 CCerror(context, "Expecting to find long on stack");
2151 break;
2152
2153 case ']': /* array of some type */
2154 if (top_type == NULL_FULLINFO) {
2155 /* do nothing */
2156 } else switch(p[-1]) {
2157 case 'I': /* array of integers */
2158 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2159 top_type != NULL_FULLINFO)
2160 CCerror(context,
2161 "Expecting to find array of ints on stack");
2162 break;
2163
2164 case 'L': /* array of longs */
2165 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2166 CCerror(context,
2167 "Expecting to find array of longs on stack");
2168 break;
2169
2170 case 'F': /* array of floats */
2171 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2172 CCerror(context,
2173 "Expecting to find array of floats on stack");
2174 break;
2175
2176 case 'D': /* array of doubles */
2177 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2178 CCerror(context,
2179 "Expecting to find array of doubles on stack");
2180 break;
2181
2182 case 'A': { /* array of addresses (arrays or objects) */
2183 int indirection = GET_INDIRECTION(top_type);
2184 if ((indirection == 0) ||
2185 ((indirection == 1) &&
2186 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2187 CCerror(context,
2188 "Expecting to find array of objects or arrays "
2189 "on stack");
2190 break;
2191 }
2192
2193 case 'B': /* array of bytes */
2194 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0))
2195 CCerror(context,
2196 "Expecting to find array of bytes on stack");
2197 break;
2198
2199 case 'C': /* array of characters */
2200 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2201 CCerror(context,
2202 "Expecting to find array of chars on stack");
2203 break;
2204
2205 case 'S': /* array of shorts */
2206 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2207 CCerror(context,
2208 "Expecting to find array of shorts on stack");
2209 break;
2210
2211 case '?': /* any type of array is okay */
2212 if (GET_INDIRECTION(top_type) == 0)
2213 CCerror(context,
2214 "Expecting to find array on stack");
2215 break;
2216
2217 default:
2218 CCerror(context, "Internal error #1");
2219 break;
2220 }
2221 p -= 2; /* skip over [ <char> */
2222 break;
2223
2224 case '1': case '2': case '3': case '4': /* stack swapping */
2225 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2226 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2227 if ((p > stack_operands) && (p[-1] == '+')) {
2228 context->swap_table[type - '1'] = top_type + 1;
2229 context->swap_table[p[-2] - '1'] = top_type;
2230 size = 2;
2231 p -= 2;
2232 } else {
2233 CCerror(context,
2234 "Attempt to split long or double on the stack");
2235 }
2236 } else {
2237 context->swap_table[type - '1'] = stack->item;
2238 if ((p > stack_operands) && (p[-1] == '+'))
2239 p--; /* ignore */
2240 }
2241 break;
2242 case '+': /* these should have been caught. */
2243 default:
2244 CCerror(context, "Internal error #2");
2245 }
2246 stack_size -= size;
2247 }
2248
2249 /* For many of the opcodes that had an "A" in their field, we really
2250 * need to go back and do a little bit more accurate testing. We can, of
2251 * course, assume that the minimal type checking has already been done.
2252 */
2253 switch (opcode) {
2254 default: break;
2255 case JVM_OPC_aastore: { /* array index object */
2256 fullinfo_type array_type = stack_extra_info[0];
2257 fullinfo_type object_type = stack_extra_info[2];
2258 fullinfo_type target_type = decrement_indirection(array_type);
2259 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2260 && (GET_INDIRECTION(object_type) == 0)) {
2261 CCerror(context, "Expecting reference type on operand stack in aastore");
2262 }
2263 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2264 && (GET_INDIRECTION(target_type) == 0)) {
2265 CCerror(context, "Component type of the array must be reference type in aastore");
2266 }
2267 break;
2268 }
2269
2270 case JVM_OPC_putfield:
2271 case JVM_OPC_getfield:
2272 case JVM_OPC_putstatic: {
2273 int operand = this_idata->operand.i;
2274 fullinfo_type stack_object = stack_extra_info[0];
2275 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2276 if (!isAssignableTo
2277 (context,
2278 stack_object,
2279 cp_index_to_class_fullinfo
2280 (context, operand, JVM_CONSTANT_Fieldref))) {
2281 CCerror(context,
2282 "Incompatible type for getting or setting field");
2283 }
2284 if (this_idata->protected &&
2285 !isAssignableTo(context, stack_object,
2286 context->currentclass_info)) {
2287 CCerror(context, "Bad access to protected data");
2288 }
2289 }
2290 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2291 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2292 if (!isAssignableTo(context,
2293 stack_extra_info[item], put_full_info)) {
2294 CCerror(context, "Bad type in putfield/putstatic");
2295 }
2296 }
2297 break;
2298 }
2299
2300 case JVM_OPC_athrow:
2301 if (!isAssignableTo(context, stack_extra_info[0],
2302 context->throwable_info)) {
2303 CCerror(context, "Can only throw Throwable objects");
2304 }
2305 break;
2306
2307 case JVM_OPC_aaload: { /* array index */
2308 /* We need to pass the information to the stack updater */
2309 fullinfo_type array_type = stack_extra_info[0];
2310 context->swap_table[0] = decrement_indirection(array_type);
2311 break;
2312 }
2313
2314 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2315 case JVM_OPC_invokeinit:
2316 case JVM_OPC_invokedynamic:
2317 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2318 int operand = this_idata->operand.i;
2319 const char *signature =
2320 JVM_GetCPMethodSignatureUTF(context->env,
2321 context->class,
2322 operand);
2323 int item;
2324 const char *p;
2325 check_and_push(context, signature, VM_STRING_UTF);
2326 if (opcode == JVM_OPC_invokestatic ||
2327 opcode == JVM_OPC_invokedynamic) {
2328 item = 0;
2329 } else if (opcode == JVM_OPC_invokeinit) {
2330 fullinfo_type init_type = this_idata->operand2.fi;
2331 fullinfo_type object_type = stack_extra_info[0];
2332 context->swap_table[0] = object_type; /* save value */
2333 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2334 /* We better be calling the appropriate init. Find the
2335 * inumber of the "JVM_OPC_new" instruction", and figure
2336 * out what the type really is.
2337 */
2338 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2339 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2340 context->swap_table[1] = target_type;
2341
2342 if (target_type != init_type) {
2343 CCerror(context, "Call to wrong initialization method");
2344 }
2345 if (this_idata->protected
2346 && context->major_version > LDC_CLASS_MAJOR_VERSION
2347 && !isAssignableTo(context, object_type,
2348 context->currentclass_info)) {
2349 CCerror(context, "Bad access to protected data");
2350 }
2351 } else {
2352 /* We better be calling super() or this(). */
2353 if (init_type != context->superclass_info &&
2354 init_type != context->currentclass_info) {
2355 CCerror(context, "Call to wrong initialization method");
2356 }
2357 context->swap_table[1] = context->currentclass_info;
2358 }
2359 item = 1;
2360 } else {
2361 fullinfo_type target_type = this_idata->operand2.fi;
2362 fullinfo_type object_type = stack_extra_info[0];
2363 if (!isAssignableTo(context, object_type, target_type)){
2364 CCerror(context,
2365 "Incompatible object argument for function call");
2366 }
2367 if (opcode == JVM_OPC_invokespecial
2368 && !isAssignableTo(context, object_type,
2369 context->currentclass_info)) {
2370 /* Make sure object argument is assignment compatible to current class */
2371 CCerror(context,
2372 "Incompatible object argument for invokespecial");
2373 }
2374 if (this_idata->protected
2375 && !isAssignableTo(context, object_type,
2376 context->currentclass_info)) {
2377 /* This is ugly. Special dispensation. Arrays pretend to
2378 implement public Object clone() even though they don't */
2379 const char *utfName =
2380 JVM_GetCPMethodNameUTF(context->env,
2381 context->class,
2382 this_idata->operand.i);
2383 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2384 JVM_ReleaseUTF(utfName);
2385
2386 if ((target_type == context->object_info) &&
2387 (GET_INDIRECTION(object_type) > 0) &&
2388 is_clone) {
2389 } else {
2390 CCerror(context, "Bad access to protected data");
2391 }
2392 }
2393 item = 1;
2394 }
2395 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2396 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2397 if (!isAssignableTo(context,
2398 stack_extra_info[item], full_info)) {
2399 CCerror(context, "Incompatible argument to function");
2400 }
2401 }
2402
2403 pop_and_free(context);
2404 break;
2405 }
2406
2407 case JVM_OPC_return:
2408 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2409 CCerror(context, "Wrong return type in function");
2410 break;
2411
2412 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2413 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2414 fullinfo_type target_type = context->return_type;
2415 fullinfo_type object_type = stack_extra_info[0];
2416 if (!isAssignableTo(context, object_type, target_type)) {
2417 CCerror(context, "Wrong return type in function");
2418 }
2419 break;
2420 }
2421
2422 case JVM_OPC_new: {
2423 /* Make sure that nothing on the stack already looks like what
2424 * we want to create. I can't image how this could possibly happen
2425 * but we should test for it anyway, since if it could happen, the
2426 * result would be an unitialized object being able to masquerade
2427 * as an initialized one.
2428 */
2429 stack_item_type *item;
2430 for (item = stack; item != NULL; item = item->next) {
2431 if (item->item == this_idata->operand.fi) {
2432 CCerror(context,
2433 "Uninitialized object on stack at creating point");
2434 }
2435 }
2436 /* Info for update_registers */
2437 context->swap_table[0] = this_idata->operand.fi;
2438 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2439
2440 break;
2441 }
2442 }
2443 new_stack_info->stack = stack;
2444 new_stack_info->stack_size = stack_size;
2445 }
2446
2447
2448 /* We've already determined that the instruction is legal. Perform the
2449 * operation on the registers, and return the updated results in
2450 * new_register_count_p and new_registers.
2451 */
2452
2453 static void
2454 update_registers(context_type *context, unsigned int inumber,
2455 register_info_type *new_register_info)
2456 {
2457 instruction_data_type *idata = context->instruction_data;
2458 instruction_data_type *this_idata = &idata[inumber];
2459 int opcode = this_idata->opcode;
2460 int operand = this_idata->operand.i;
2461 int register_count = this_idata->register_info.register_count;
2462 fullinfo_type *registers = this_idata->register_info.registers;
2463 stack_item_type *stack = this_idata->stack_info.stack;
2464 int mask_count = this_idata->register_info.mask_count;
2465 mask_type *masks = this_idata->register_info.masks;
2466
2467 /* Use these as default new values. */
2468 int new_register_count = register_count;
2469 int new_mask_count = mask_count;
2470 fullinfo_type *new_registers = registers;
2471 mask_type *new_masks = masks;
2472
2473 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2474 int i;
2475
2476 /* Remember, we've already verified the type at the top of the stack. */
2477 switch (opcode) {
2478 default: break;
2479 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2480 access = ACCESS_SINGLE;
2481 goto continue_store;
2482
2483 case JVM_OPC_lstore: case JVM_OPC_dstore:
2484 access = ACCESS_DOUBLE;
2485 goto continue_store;
2486
2487 continue_store: {
2488 /* We have a modification to the registers. Copy them if needed. */
2489 fullinfo_type stack_top_type = stack->item;
2490 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2491
2492 if ( max_operand < register_count
2493 && registers[operand] == stack_top_type
2494 && ((access == ACCESS_SINGLE) ||
2495 (registers[operand + 1]== stack_top_type + 1)))
2496 /* No changes have been made to the registers. */
2497 break;
2498 new_register_count = MAX(max_operand + 1, register_count);
2499 new_registers = NEW(fullinfo_type, new_register_count);
2500 for (i = 0; i < register_count; i++)
2501 new_registers[i] = registers[i];
2502 for (i = register_count; i < new_register_count; i++)
2503 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2504 new_registers[operand] = stack_top_type;
2505 if (access == ACCESS_DOUBLE)
2506 new_registers[operand + 1] = stack_top_type + 1;
2507 break;
2508 }
2509
2510 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2511 case JVM_OPC_iinc: case JVM_OPC_ret:
2512 access = ACCESS_SINGLE;
2513 break;
2514
2515 case JVM_OPC_lload: case JVM_OPC_dload:
2516 access = ACCESS_DOUBLE;
2517 break;
2518
2519 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2520 for (i = 0; i < new_mask_count; i++)
2521 if (new_masks[i].entry == operand)
2522 CCerror(context, "Recursive call to jsr entry");
2523 new_masks = add_to_masks(context, masks, mask_count, operand);
2524 new_mask_count++;
2525 break;
2526
2527 case JVM_OPC_invokeinit:
2528 case JVM_OPC_new: {
2529 /* For invokeinit, an uninitialized object has been initialized.
2530 * For new, all previous occurrences of an uninitialized object
2531 * from the same instruction must be made bogus.
2532 * We find all occurrences of swap_table[0] in the registers, and
2533 * replace them with swap_table[1];
2534 */
2535 fullinfo_type from = context->swap_table[0];
2536 fullinfo_type to = context->swap_table[1];
2537
2538 int i;
2539 for (i = 0; i < register_count; i++) {
2540 if (new_registers[i] == from) {
2541 /* Found a match */
2542 break;
2543 }
2544 }
2545 if (i < register_count) { /* We broke out loop for match */
2546 /* We have to change registers, and possibly a mask */
2547 jboolean copied_mask = JNI_FALSE;
2548 int k;
2549 new_registers = NEW(fullinfo_type, register_count);
2550 memcpy(new_registers, registers,
2551 register_count * sizeof(registers[0]));
2552 for ( ; i < register_count; i++) {
2553 if (new_registers[i] == from) {
2554 new_registers[i] = to;
2555 for (k = 0; k < new_mask_count; k++) {
2556 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2557 if (!copied_mask) {
2558 new_masks = copy_masks(context, new_masks,
2559 mask_count);
2560 copied_mask = JNI_TRUE;
2561 }
2562 SET_BIT(new_masks[k].modifies, i);
2563 }
2564 }
2565 }
2566 }
2567 }
2568 break;
2569 }
2570 } /* of switch */
2571
2572 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2573 int i, j;
2574 for (i = 0; i < new_mask_count; i++) {
2575 int *mask = new_masks[i].modifies;
2576 if ((!IS_BIT_SET(mask, operand)) ||
2577 ((access == ACCESS_DOUBLE) &&
2578 !IS_BIT_SET(mask, operand + 1))) {
2579 new_masks = copy_masks(context, new_masks, mask_count);
2580 for (j = i; j < new_mask_count; j++) {
2581 SET_BIT(new_masks[j].modifies, operand);
2582 if (access == ACCESS_DOUBLE)
2583 SET_BIT(new_masks[j].modifies, operand + 1);
2584 }
2585 break;
2586 }
2587 }
2588 }
2589
2590 new_register_info->register_count = new_register_count;
2591 new_register_info->registers = new_registers;
2592 new_register_info->masks = new_masks;
2593 new_register_info->mask_count = new_mask_count;
2594 }
2595
2596
2597
2598 /* We've already determined that the instruction is legal, and have updated
2599 * the registers. Update the flags, too.
2600 */
2601
2602
2603 static void
2604 update_flags(context_type *context, unsigned int inumber,
2605 flag_type *new_and_flags, flag_type *new_or_flags)
2606
2607 {
2608 instruction_data_type *idata = context->instruction_data;
2609 instruction_data_type *this_idata = &idata[inumber];
2610 flag_type and_flags = this_idata->and_flags;
2611 flag_type or_flags = this_idata->or_flags;
2612
2613 /* Set the "we've done a constructor" flag */
2614 if (this_idata->opcode == JVM_OPC_invokeinit) {
2615 fullinfo_type from = context->swap_table[0];
2616 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2617 and_flags |= FLAG_CONSTRUCTED;
2618 }
2619 *new_and_flags = and_flags;
2620 *new_or_flags = or_flags;
2621 }
2622
2623
2624
2625 /* We've already determined that the instruction is legal. Perform the
2626 * operation on the stack;
2627 *
2628 * new_stack_size_p and new_stack_p point to the results after the pops have
2629 * already been done. Do the pushes, and then put the results back there.
2630 */
2631
2632 static void
2633 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2634 {
2635 instruction_data_type *idata = context->instruction_data;
2636 instruction_data_type *this_idata = &idata[inumber];
2637 int opcode = this_idata->opcode;
2638 int operand = this_idata->operand.i;
2639
2640 int stack_size = new_stack_info->stack_size;
2641 stack_item_type *stack = new_stack_info->stack;
2642 char *stack_results;
2643
2644 fullinfo_type full_info = 0;
2645 char buffer[5], *p; /* actually [2] is big enough */
2646
2647 /* We need to look at all those opcodes in which either we can't tell the
2648 * value pushed onto the stack from the opcode, or in which the value
2649 * pushed onto the stack is an object or array. For the latter, we need
2650 * to make sure that full_info is set to the right value.
2651 */
2652 switch(opcode) {
2653 default:
2654 stack_results = opcode_in_out[opcode][1];
2655 break;
2656
2657 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2658 /* Look to constant pool to determine correct result. */
2659 unsigned char *type_table = context->constant_types;
2660 switch (type_table[operand]) {
2661 case JVM_CONSTANT_Integer:
2662 stack_results = "I"; break;
2663 case JVM_CONSTANT_Float:
2664 stack_results = "F"; break;
2665 case JVM_CONSTANT_Double:
2666 stack_results = "D"; break;
2667 case JVM_CONSTANT_Long:
2668 stack_results = "L"; break;
2669 case JVM_CONSTANT_String:
2670 stack_results = "A";
2671 full_info = context->string_info;
2672 break;
2673 case JVM_CONSTANT_Class:
2674 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2675 CCerror(context, "Internal error #3");
2676 stack_results = "A";
2677 full_info = make_class_info_from_name(context,
2678 "java/lang/Class");
2679 break;
2680 case JVM_CONSTANT_MethodHandle:
2681 case JVM_CONSTANT_MethodType:
2682 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2683 CCerror(context, "Internal error #3");
2684 stack_results = "A";
2685 switch (type_table[operand]) {
2686 case JVM_CONSTANT_MethodType:
2687 full_info = make_class_info_from_name(context,
2688 "java/lang/invoke/MethodType");
2689 break;
2690 default: //JVM_CONSTANT_MethodHandle
2691 full_info = make_class_info_from_name(context,
2692 "java/lang/invoke/MethodHandle");
2693 break;
2694 }
2695 break;
2696 default:
2697 CCerror(context, "Internal error #3");
2698 stack_results = ""; /* Never reached: keep lint happy */
2699 }
2700 break;
2701 }
2702
2703 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2704 /* Look to signature to determine correct result. */
2705 int operand = this_idata->operand.i;
2706 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2707 context->class,
2708 operand);
2709 check_and_push(context, signature, VM_STRING_UTF);
2710 #ifdef DEBUG
2711 if (verify_verbose) {
2712 print_formatted_fieldname(context, operand);
2713 }
2714 #endif
2715 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2716 buffer[1] = '\0';
2717 stack_results = buffer;
2718 pop_and_free(context);
2719 break;
2720 }
2721
2722 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2723 case JVM_OPC_invokeinit:
2724 case JVM_OPC_invokedynamic:
2725 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2726 /* Look to signature to determine correct result. */
2727 int operand = this_idata->operand.i;
2728 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2729 context->class,
2730 operand);
2731 const char *result_signature;
2732 check_and_push(context, signature, VM_STRING_UTF);
2733 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2734 if (result_signature++ == NULL) {
2735 CCerror(context, "Illegal signature %s", signature);
2736 }
2737 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2738 stack_results = "";
2739 } else {
2740 buffer[0] = signature_to_fieldtype(context, &result_signature,
2741 &full_info);
2742 buffer[1] = '\0';
2743 stack_results = buffer;
2744 }
2745 pop_and_free(context);
2746 break;
2747 }
2748
2749 case JVM_OPC_aconst_null:
2750 stack_results = opcode_in_out[opcode][1];
2751 full_info = NULL_FULLINFO; /* special NULL */
2752 break;
2753
2754 case JVM_OPC_new:
2755 case JVM_OPC_checkcast:
2756 case JVM_OPC_newarray:
2757 case JVM_OPC_anewarray:
2758 case JVM_OPC_multianewarray:
2759 stack_results = opcode_in_out[opcode][1];
2760 /* Conveniently, this result type is stored here */
2761 full_info = this_idata->operand.fi;
2762 break;
2763
2764 case JVM_OPC_aaload:
2765 stack_results = opcode_in_out[opcode][1];
2766 /* pop_stack() saved value for us. */
2767 full_info = context->swap_table[0];
2768 break;
2769
2770 case JVM_OPC_aload:
2771 stack_results = opcode_in_out[opcode][1];
2772 /* The register hasn't been modified, so we can use its value. */
2773 full_info = this_idata->register_info.registers[operand];
2774 break;
2775 } /* of switch */
2776
2777 for (p = stack_results; *p != 0; p++) {
2778 int type = *p;
2779 stack_item_type *new_item = NEW(stack_item_type, 1);
2780 new_item->next = stack;
2781 stack = new_item;
2782 switch (type) {
2783 case 'I':
2784 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2785 case 'F':
2786 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2787 case 'D':
2788 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2789 stack_size++; break;
2790 case 'L':
2791 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2792 stack_size++; break;
2793 case 'R':
2794 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2795 break;
2796 case '1': case '2': case '3': case '4': {
2797 /* Get the info saved in the swap_table */
2798 fullinfo_type stype = context->swap_table[type - '1'];
2799 stack->item = stype;
2800 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2801 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2802 stack_size++; p++;
2803 }
2804 break;
2805 }
2806 case 'A':
2807 /* full_info should have the appropriate value. */
2808 assert(full_info != 0);
2809 stack->item = full_info;
2810 break;
2811 default:
2812 CCerror(context, "Internal error #4");
2813
2814 } /* switch type */
2815 stack_size++;
2816 } /* outer for loop */
2817
2818 if (opcode == JVM_OPC_invokeinit) {
2819 /* If there are any instances of "from" on the stack, we need to
2820 * replace it with "to", since calling <init> initializes all versions
2821 * of the object, obviously. */
2822 fullinfo_type from = context->swap_table[0];
2823 stack_item_type *ptr;
2824 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2825 if (ptr->item == from) {
2826 fullinfo_type to = context->swap_table[1];
2827 stack = copy_stack(context, stack);
2828 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2829 if (ptr->item == from) ptr->item = to;
2830 break;
2831 }
2832 }
2833 }
2834
2835 new_stack_info->stack_size = stack_size;
2836 new_stack_info->stack = stack;
2837 }
2838
2839
2840 /* We've performed an instruction, and determined the new registers and stack
2841 * value. Look at all of the possibly subsequent instructions, and merge
2842 * this stack value into theirs.
2843 */
2844
2845 static void
2846 merge_into_successors(context_type *context, unsigned int inumber,
2847 register_info_type *register_info,
2848 stack_info_type *stack_info,
2849 flag_type and_flags, flag_type or_flags)
2850 {
2851 instruction_data_type *idata = context->instruction_data;
2852 instruction_data_type *this_idata = &idata[inumber];
2853 int opcode = this_idata->opcode;
2854 int operand = this_idata->operand.i;
2855 struct handler_info_type *handler_info = context->handler_info;
2856 int handler_info_length =
2857 JVM_GetMethodIxExceptionTableLength(context->env,
2858 context->class,
2859 context->method_index);
2860
2861
2862 int buffer[2]; /* default value for successors */
2863 int *successors = buffer; /* table of successors */
2864 int successors_count;
2865 int i;
2866
2867 switch (opcode) {
2868 default:
2869 successors_count = 1;
2870 buffer[0] = inumber + 1;
2871 break;
2872
2873 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2874 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2875 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2876 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2877 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2878 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2879 successors_count = 2;
2880 buffer[0] = inumber + 1;
2881 buffer[1] = operand;
2882 break;
2883
2884 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2885 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2886 idata[this_idata->operand2.i].changed = JNI_TRUE;
2887 /* FALLTHROUGH */
2888 case JVM_OPC_goto: case JVM_OPC_goto_w:
2889 successors_count = 1;
2890 buffer[0] = operand;
2891 break;
2892
2893
2894 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2895 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2896 case JVM_OPC_athrow:
2897 /* The testing for the returns is handled in pop_stack() */
2898 successors_count = 0;
2899 break;
2900
2901 case JVM_OPC_ret: {
2902 /* This is slightly slow, but good enough for a seldom used instruction.
2903 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2904 * address of the first instruction of the subroutine. We can return
2905 * to 1 after any instruction that jsr's to that instruction.
2906 */
2907 if (this_idata->operand2.ip == NULL) {
2908 fullinfo_type *registers = this_idata->register_info.registers;
2909 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2910 int i, count, *ptr;;
2911 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2912 if (((idata[i].opcode == JVM_OPC_jsr) ||
2913 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2914 (idata[i].operand.i == called_instruction))
2915 count++;
2916 }
2917 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2918 *ptr++ = count;
2919 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2920 if (((idata[i].opcode == JVM_OPC_jsr) ||
2921 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2922 (idata[i].operand.i == called_instruction))
2923 *ptr++ = i + 1;
2924 }
2925 }
2926 successors = this_idata->operand2.ip; /* use this instead */
2927 successors_count = *successors++;
2928 break;
2929
2930 }
2931
2932 case JVM_OPC_tableswitch:
2933 case JVM_OPC_lookupswitch:
2934 successors = this_idata->operand.ip; /* use this instead */
2935 successors_count = *successors++;
2936 break;
2937 }
2938
2939 #ifdef DEBUG
2940 if (verify_verbose) {
2941 jio_fprintf(stdout, " [");
2942 for (i = handler_info_length; --i >= 0; handler_info++)
2943 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
2944 jio_fprintf(stdout, "%d* ", handler_info->handler);
2945 for (i = 0; i < successors_count; i++)
2946 jio_fprintf(stdout, "%d ", successors[i]);
2947 jio_fprintf(stdout, "]\n");
2948 }
2949 #endif
2950
2951 handler_info = context->handler_info;
2952 for (i = handler_info_length; --i >= 0; handler_info++) {
2953 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
2954 int handler = handler_info->handler;
2955 if (opcode != JVM_OPC_invokeinit) {
2956 merge_into_one_successor(context, inumber, handler,
2957 &this_idata->register_info, /* old */
2958 &handler_info->stack_info,
2959 (flag_type) (and_flags
2960 & this_idata->and_flags),
2961 (flag_type) (or_flags
2962 | this_idata->or_flags),
2963 JNI_TRUE);
2964 } else {
2965 /* We need to be a little bit more careful with this
2966 * instruction. Things could either be in the state before
2967 * the instruction or in the state afterwards */
2968 fullinfo_type from = context->swap_table[0];
2969 flag_type temp_or_flags = or_flags;
2970 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2971 temp_or_flags |= FLAG_NO_RETURN;
2972 merge_into_one_successor(context, inumber, handler,
2973 &this_idata->register_info, /* old */
2974 &handler_info->stack_info,
2975 this_idata->and_flags,
2976 this_idata->or_flags,
2977 JNI_TRUE);
2978 merge_into_one_successor(context, inumber, handler,
2979 register_info,
2980 &handler_info->stack_info,
2981 and_flags, temp_or_flags, JNI_TRUE);
2982 }
2983 }
2984 }
2985 for (i = 0; i < successors_count; i++) {
2986 int target = successors[i];
2987 if (target >= context->instruction_count)
2988 CCerror(context, "Falling off the end of the code");
2989 merge_into_one_successor(context, inumber, target,
2990 register_info, stack_info, and_flags, or_flags,
2991 JNI_FALSE);
2992 }
2993 }
2994
2995 /* We have a new set of registers and stack values for a given instruction.
2996 * Merge this new set into the values that are already there.
2997 */
2998
2999 static void
3000 merge_into_one_successor(context_type *context,
3001 unsigned int from_inumber, unsigned int to_inumber,
3002 register_info_type *new_register_info,
3003 stack_info_type *new_stack_info,
3004 flag_type new_and_flags, flag_type new_or_flags,
3005 jboolean isException)
3006 {
3007 instruction_data_type *idata = context->instruction_data;
3008 register_info_type register_info_buf;
3009 stack_info_type stack_info_buf;
3010 #ifdef DEBUG
3011 instruction_data_type *this_idata = &idata[to_inumber];
3012 register_info_type old_reg_info;
3013 stack_info_type old_stack_info;
3014 flag_type old_and_flags = 0;
3015 flag_type old_or_flags = 0;
3016 #endif
3017
3018 #ifdef DEBUG
3019 if (verify_verbose) {
3020 old_reg_info = this_idata->register_info;
3021 old_stack_info = this_idata->stack_info;
3022 old_and_flags = this_idata->and_flags;
3023 old_or_flags = this_idata->or_flags;
3024 }
3025 #endif
3026
3027 /* All uninitialized objects are set to "bogus" when jsr and
3028 * ret are executed. Thus uninitialized objects can't propagate
3029 * into or out of a subroutine.
3030 */
3031 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3032 idata[from_inumber].opcode == JVM_OPC_jsr ||
3033 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3034 int new_register_count = new_register_info->register_count;
3035 fullinfo_type *new_registers = new_register_info->registers;
3036 int i;
3037 stack_item_type *item;
3038
3039 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3040 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3041 /* This check only succeeds for hand-contrived code.
3042 * Efficiency is not an issue.
3043 */
3044 stack_info_buf.stack = copy_stack(context,
3045 new_stack_info->stack);
3046 stack_info_buf.stack_size = new_stack_info->stack_size;
3047 new_stack_info = &stack_info_buf;
3048 for (item = new_stack_info->stack; item != NULL;
3049 item = item->next) {
3050 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3051 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3052 }
3053 }
3054 break;
3055 }
3056 }
3057 for (i = 0; i < new_register_count; i++) {
3058 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3059 /* This check only succeeds for hand-contrived code.
3060 * Efficiency is not an issue.
3061 */
3062 fullinfo_type *new_set = NEW(fullinfo_type,
3063 new_register_count);
3064 for (i = 0; i < new_register_count; i++) {
3065 fullinfo_type t = new_registers[i];
3066 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3067 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3068 }
3069 register_info_buf.register_count = new_register_count;
3070 register_info_buf.registers = new_set;
3071 register_info_buf.mask_count = new_register_info->mask_count;
3072 register_info_buf.masks = new_register_info->masks;
3073 new_register_info = ®ister_info_buf;
3074 break;
3075 }
3076 }
3077 }
3078
3079 /* Returning from a subroutine is somewhat ugly. The actual thing
3080 * that needs to get merged into the new instruction is a joining
3081 * of info from the ret instruction with stuff in the jsr instruction
3082 */
3083 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3084 int new_register_count = new_register_info->register_count;
3085 fullinfo_type *new_registers = new_register_info->registers;
3086 int new_mask_count = new_register_info->mask_count;
3087 mask_type *new_masks = new_register_info->masks;
3088 int operand = idata[from_inumber].operand.i;
3089 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3090 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3091 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3092 if (jsr_idata->operand2.i != (int)from_inumber) {
3093 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3094 CCerror(context, "Multiple returns to single jsr");
3095 jsr_idata->operand2.i = from_inumber;
3096 }
3097 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3098 /* We don't want to handle the returned-to instruction until
3099 * we've dealt with the jsr instruction. When we get to the
3100 * jsr instruction (if ever), we'll re-mark the ret instruction
3101 */
3102 ;
3103 } else {
3104 int register_count = jsr_reginfo->register_count;
3105 fullinfo_type *registers = jsr_reginfo->registers;
3106 int max_registers = MAX(register_count, new_register_count);
3107 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3108 int *return_mask;
3109 struct register_info_type new_new_register_info;
3110 int i;
3111 /* Make sure the place we're returning from is legal! */
3112 for (i = new_mask_count; --i >= 0; )
3113 if (new_masks[i].entry == called_instruction)
3114 break;
3115 if (i < 0)
3116 CCerror(context, "Illegal return from subroutine");
3117 /* pop the masks down to the indicated one. Remember the mask
3118 * we're popping off. */
3119 return_mask = new_masks[i].modifies;
3120 new_mask_count = i;
3121 for (i = 0; i < max_registers; i++) {
3122 if (IS_BIT_SET(return_mask, i))
3123 new_set[i] = i < new_register_count ?
3124 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3125 else
3126 new_set[i] = i < register_count ?
3127 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3128 }
3129 new_new_register_info.register_count = max_registers;
3130 new_new_register_info.registers = new_set;
3131 new_new_register_info.mask_count = new_mask_count;
3132 new_new_register_info.masks = new_masks;
3133
3134
3135 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3136 merge_registers(context, to_inumber - 1, to_inumber,
3137 &new_new_register_info);
3138 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3139 }
3140 } else {
3141 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3142 merge_registers(context, from_inumber, to_inumber, new_register_info);
3143 merge_flags(context, from_inumber, to_inumber,
3144 new_and_flags, new_or_flags);
3145 }
3146
3147 #ifdef DEBUG
3148 if (verify_verbose && idata[to_inumber].changed) {
3149 register_info_type *register_info = &this_idata->register_info;
3150 stack_info_type *stack_info = &this_idata->stack_info;
3151 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3152 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3153 (old_and_flags != this_idata->and_flags) ||
3154 (old_or_flags != this_idata->or_flags)) {
3155 jio_fprintf(stdout, " %2d:", to_inumber);
3156 print_stack(context, &old_stack_info);
3157 print_registers(context, &old_reg_info);
3158 print_flags(context, old_and_flags, old_or_flags);
3159 jio_fprintf(stdout, " => ");
3160 print_stack(context, &this_idata->stack_info);
3161 print_registers(context, &this_idata->register_info);
3162 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3163 jio_fprintf(stdout, "\n");
3164 }
3165 }
3166 #endif
3167
3168 }
3169
3170 static void
3171 merge_stack(context_type *context, unsigned int from_inumber,
3172 unsigned int to_inumber, stack_info_type *new_stack_info)
3173 {
3174 instruction_data_type *idata = context->instruction_data;
3175 instruction_data_type *this_idata = &idata[to_inumber];
3176
3177 int new_stack_size = new_stack_info->stack_size;
3178 stack_item_type *new_stack = new_stack_info->stack;
3179
3180 int stack_size = this_idata->stack_info.stack_size;
3181
3182 if (stack_size == UNKNOWN_STACK_SIZE) {
3183 /* First time at this instruction. Just copy. */
3184 this_idata->stack_info.stack_size = new_stack_size;
3185 this_idata->stack_info.stack = new_stack;
3186 this_idata->changed = JNI_TRUE;
3187 } else if (new_stack_size != stack_size) {
3188 CCerror(context, "Inconsistent stack height %d != %d",
3189 new_stack_size, stack_size);
3190 } else {
3191 stack_item_type *stack = this_idata->stack_info.stack;
3192 stack_item_type *old, *new;
3193 jboolean change = JNI_FALSE;
3194 for (old = stack, new = new_stack; old != NULL;
3195 old = old->next, new = new->next) {
3196 if (!isAssignableTo(context, new->item, old->item)) {
3197 change = JNI_TRUE;
3198 break;
3199 }
3200 }
3201 if (change) {
3202 stack = copy_stack(context, stack);
3203 for (old = stack, new = new_stack; old != NULL;
3204 old = old->next, new = new->next) {
3205 if (new == NULL) {
3206 break;
3207 }
3208 old->item = merge_fullinfo_types(context, old->item, new->item,
3209 JNI_FALSE);
3210 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3211 CCerror(context, "Mismatched stack types");
3212 }
3213 }
3214 if (old != NULL || new != NULL) {
3215 CCerror(context, "Mismatched stack types");
3216 }
3217 this_idata->stack_info.stack = stack;
3218 this_idata->changed = JNI_TRUE;
3219 }
3220 }
3221 }
3222
3223 static void
3224 merge_registers(context_type *context, unsigned int from_inumber,
3225 unsigned int to_inumber, register_info_type *new_register_info)
3226 {
3227 instruction_data_type *idata = context->instruction_data;
3228 instruction_data_type *this_idata = &idata[to_inumber];
3229 register_info_type *this_reginfo = &this_idata->register_info;
3230
3231 int new_register_count = new_register_info->register_count;
3232 fullinfo_type *new_registers = new_register_info->registers;
3233 int new_mask_count = new_register_info->mask_count;
3234 mask_type *new_masks = new_register_info->masks;
3235
3236
3237 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3238 this_reginfo->register_count = new_register_count;
3239 this_reginfo->registers = new_registers;
3240 this_reginfo->mask_count = new_mask_count;
3241 this_reginfo->masks = new_masks;
3242 this_idata->changed = JNI_TRUE;
3243 } else {
3244 /* See if we've got new information on the register set. */
3245 int register_count = this_reginfo->register_count;
3246 fullinfo_type *registers = this_reginfo->registers;
3247 int mask_count = this_reginfo->mask_count;
3248 mask_type *masks = this_reginfo->masks;
3249
3250 jboolean copy = JNI_FALSE;
3251 int i, j;
3252 if (register_count > new_register_count) {
3253 /* Any register larger than new_register_count is now bogus */
3254 this_reginfo->register_count = new_register_count;
3255 register_count = new_register_count;
3256 this_idata->changed = JNI_TRUE;
3257 }
3258 for (i = 0; i < register_count; i++) {
3259 fullinfo_type prev_value = registers[i];
3260 if ((i < new_register_count)
3261 ? (!isAssignableTo(context, new_registers[i], prev_value))
3262 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3263 copy = JNI_TRUE;
3264 break;
3265 }
3266 }
3267
3268 if (copy) {
3269 /* We need a copy. So do it. */
3270 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3271 for (j = 0; j < i; j++)
3272 new_set[j] = registers[j];
3273 for (j = i; j < register_count; j++) {
3274 if (i >= new_register_count)
3275 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3276 else
3277 new_set[j] = merge_fullinfo_types(context,
3278 new_registers[j],
3279 registers[j], JNI_FALSE);
3280 }
3281 /* Some of the end items might now be bogus. This step isn't
3282 * necessary, but it may save work later. */
3283 while ( register_count > 0
3284 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3285 register_count--;
3286 this_reginfo->register_count = register_count;
3287 this_reginfo->registers = new_set;
3288 this_idata->changed = JNI_TRUE;
3289 }
3290 if (mask_count > 0) {
3291 /* If the target instruction already has a sequence of masks, then
3292 * we need to merge new_masks into it. We want the entries on
3293 * the mask to be the longest common substring of the two.
3294 * (e.g. a->b->d merged with a->c->d should give a->d)
3295 * The bits set in the mask should be the or of the corresponding
3296 * entries in each of the original masks.
3297 */
3298 int i, j, k;
3299 int matches = 0;
3300 int last_match = -1;
3301 jboolean copy_needed = JNI_FALSE;
3302 for (i = 0; i < mask_count; i++) {
3303 int entry = masks[i].entry;
3304 for (j = last_match + 1; j < new_mask_count; j++) {
3305 if (new_masks[j].entry == entry) {
3306 /* We have a match */
3307 int *prev = masks[i].modifies;
3308 int *new = new_masks[j].modifies;
3309 matches++;
3310 /* See if new_mask has bits set for "entry" that
3311 * weren't set for mask. If so, need to copy. */
3312 for (k = context->bitmask_size - 1;
3313 !copy_needed && k >= 0;
3314 k--)
3315 if (~prev[k] & new[k])
3316 copy_needed = JNI_TRUE;
3317 last_match = j;
3318 break;
3319 }
3320 }
3321 }
3322 if ((matches < mask_count) || copy_needed) {
3323 /* We need to make a copy for the new item, since either the
3324 * size has decreased, or new bits are set. */
3325 mask_type *copy = NEW(mask_type, matches);
3326 for (i = 0; i < matches; i++) {
3327 copy[i].modifies = NEW(int, context->bitmask_size);
3328 }
3329 this_reginfo->masks = copy;
3330 this_reginfo->mask_count = matches;
3331 this_idata->changed = JNI_TRUE;
3332 matches = 0;
3333 last_match = -1;
3334 for (i = 0; i < mask_count; i++) {
3335 int entry = masks[i].entry;
3336 for (j = last_match + 1; j < new_mask_count; j++) {
3337 if (new_masks[j].entry == entry) {
3338 int *prev1 = masks[i].modifies;
3339 int *prev2 = new_masks[j].modifies;
3340 int *new = copy[matches].modifies;
3341 copy[matches].entry = entry;
3342 for (k = context->bitmask_size - 1; k >= 0; k--)
3343 new[k] = prev1[k] | prev2[k];
3344 matches++;
3345 last_match = j;
3346 break;
3347 }
3348 }
3349 }
3350 }
3351 }
3352 }
3353 }
3354
3355
3356 static void
3357 merge_flags(context_type *context, unsigned int from_inumber,
3358 unsigned int to_inumber,
3359 flag_type new_and_flags, flag_type new_or_flags)
3360 {
3361 /* Set this_idata->and_flags &= new_and_flags
3362 this_idata->or_flags |= new_or_flags
3363 */
3364 instruction_data_type *idata = context->instruction_data;
3365 instruction_data_type *this_idata = &idata[to_inumber];
3366 flag_type this_and_flags = this_idata->and_flags;
3367 flag_type this_or_flags = this_idata->or_flags;
3368 flag_type merged_and = this_and_flags & new_and_flags;
3369 flag_type merged_or = this_or_flags | new_or_flags;
3370
3371 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3372 this_idata->and_flags = merged_and;
3373 this_idata->or_flags = merged_or;
3374 this_idata->changed = JNI_TRUE;
3375 }
3376 }
3377
3378
3379 /* Make a copy of a stack */
3380
3381 static stack_item_type *
3382 copy_stack(context_type *context, stack_item_type *stack)
3383 {
3384 int length;
3385 stack_item_type *ptr;
3386
3387 /* Find the length */
3388 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3389
3390 if (length > 0) {
3391 stack_item_type *new_stack = NEW(stack_item_type, length);
3392 stack_item_type *new_ptr;
3393 for ( ptr = stack, new_ptr = new_stack;
3394 ptr != NULL;
3395 ptr = ptr->next, new_ptr++) {
3396 new_ptr->item = ptr->item;
3397 new_ptr->next = new_ptr + 1;
3398 }
3399 new_stack[length - 1].next = NULL;
3400 return new_stack;
3401 } else {
3402 return NULL;
3403 }
3404 }
3405
3406
3407 static mask_type *
3408 copy_masks(context_type *context, mask_type *masks, int mask_count)
3409 {
3410 mask_type *result = NEW(mask_type, mask_count);
3411 int bitmask_size = context->bitmask_size;
3412 int *bitmaps = NEW(int, mask_count * bitmask_size);
3413 int i;
3414 for (i = 0; i < mask_count; i++) {
3415 result[i].entry = masks[i].entry;
3416 result[i].modifies = &bitmaps[i * bitmask_size];
3417 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3418 }
3419 return result;
3420 }
3421
3422
3423 static mask_type *
3424 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3425 {
3426 mask_type *result = NEW(mask_type, mask_count + 1);
3427 int bitmask_size = context->bitmask_size;
3428 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3429 int i;
3430 for (i = 0; i < mask_count; i++) {
3431 result[i].entry = masks[i].entry;
3432 result[i].modifies = &bitmaps[i * bitmask_size];
3433 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3434 }
3435 result[mask_count].entry = d;
3436 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3437 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3438 return result;
3439 }
3440
3441
3442
3443 /* We create our own storage manager, since we malloc lots of little items,
3444 * and I don't want to keep trace of when they become free. I sure wish that
3445 * we had heaps, and I could just free the heap when done.
3446 */
3447
3448 #define CCSegSize 2000
3449
3450 struct CCpool { /* a segment of allocated memory in the pool */
3451 struct CCpool *next;
3452 int segSize; /* almost always CCSegSize */
3453 int poolPad;
3454 char space[CCSegSize];
3455 };
3456
3457 /* Initialize the context's heap. */
3458 static void CCinit(context_type *context)
3459 {
3460 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3461 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3462 context->CCroot = context->CCcurrent = new;
3463 if (new == 0) {
3464 CCout_of_memory(context);
3465 }
3466 new->next = NULL;
3467 new->segSize = CCSegSize;
3468 context->CCfree_size = CCSegSize;
3469 context->CCfree_ptr = &new->space[0];
3470 }
3471
3472
3473 /* Reuse all the space that we have in the context's heap. */
3474 static void CCreinit(context_type *context)
3475 {
3476 struct CCpool *first = context->CCroot;
3477 context->CCcurrent = first;
3478 context->CCfree_size = CCSegSize;
3479 context->CCfree_ptr = &first->space[0];
3480 }
3481
3482 /* Destroy the context's heap. */
3483 static void CCdestroy(context_type *context)
3484 {
3485 struct CCpool *this = context->CCroot;
3486 while (this) {
3487 struct CCpool *next = this->next;
3488 free(this);
3489 this = next;
3490 }
3491 /* These two aren't necessary. But can't hurt either */
3492 context->CCroot = context->CCcurrent = NULL;
3493 context->CCfree_ptr = 0;
3494 }
3495
3496 /* Allocate an object of the given size from the context's heap. */
3497 static void *
3498 CCalloc(context_type *context, int size, jboolean zero)
3499 {
3500
3501 register char *p;
3502 /* Round CC to the size of a pointer */
3503 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3504
3505 if (context->CCfree_size < size) {
3506 struct CCpool *current = context->CCcurrent;
3507 struct CCpool *new;
3508 if (size > CCSegSize) { /* we need to allocate a special block */
3509 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3510 (size - CCSegSize));
3511 if (new == 0) {
3512 CCout_of_memory(context);
3513 }
3514 new->next = current->next;
3515 new->segSize = size;
3516 current->next = new;
3517 } else {
3518 new = current->next;
3519 if (new == NULL) {
3520 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3521 if (new == 0) {
3522 CCout_of_memory(context);
3523 }
3524 current->next = new;
3525 new->next = NULL;
3526 new->segSize = CCSegSize;
3527 }
3528 }
3529 context->CCcurrent = new;
3530 context->CCfree_ptr = &new->space[0];
3531 context->CCfree_size = new->segSize;
3532 }
3533 p = context->CCfree_ptr;
3534 context->CCfree_ptr += size;
3535 context->CCfree_size -= size;
3536 if (zero)
3537 memset(p, 0, size);
3538 return p;
3539 }
3540
3541 /* Get the class associated with a particular field or method or class in the
3542 * constant pool. If is_field is true, we've got a field or method. If
3543 * false, we've got a class.
3544 */
3545 static fullinfo_type
3546 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3547 {
3548 JNIEnv *env = context->env;
3549 fullinfo_type result;
3550 const char *classname;
3551 switch (kind) {
3552 case JVM_CONSTANT_Class:
3553 classname = JVM_GetCPClassNameUTF(env,
3554 context->class,
3555 cp_index);
3556 break;
3557 case JVM_CONSTANT_Methodref:
3558 classname = JVM_GetCPMethodClassNameUTF(env,
3559 context->class,
3560 cp_index);
3561 break;
3562 case JVM_CONSTANT_Fieldref:
3563 classname = JVM_GetCPFieldClassNameUTF(env,
3564 context->class,
3565 cp_index);
3566 break;
3567 default:
3568 classname = NULL;
3569 CCerror(context, "Internal error #5");
3570 }
3571
3572 check_and_push(context, classname, VM_STRING_UTF);
3573 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3574 /* This make recursively call us, in case of a class array */
3575 signature_to_fieldtype(context, &classname, &result);
3576 } else {
3577 result = make_class_info_from_name(context, classname);
3578 }
3579 pop_and_free(context);
3580 return result;
3581 }
3582
3583
3584 static int
3585 print_CCerror_info(context_type *context)
3586 {
3587 JNIEnv *env = context->env;
3588 jclass cb = context->class;
3589 const char *classname = JVM_GetClassNameUTF(env, cb);
3590 const char *name = 0;
3591 const char *signature = 0;
3592 int n = 0;
3593 if (context->method_index != -1) {
3594 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3595 signature =
3596 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3597 n += jio_snprintf(context->message, context->message_buf_len,
3598 "(class: %s, method: %s signature: %s) ",
3599 (classname ? classname : ""),
3600 (name ? name : ""),
3601 (signature ? signature : ""));
3602 } else if (context->field_index != -1 ) {
3603 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3604 n += jio_snprintf(context->message, context->message_buf_len,
3605 "(class: %s, field: %s) ",
3606 (classname ? classname : 0),
3607 (name ? name : 0));
3608 } else {
3609 n += jio_snprintf(context->message, context->message_buf_len,
3610 "(class: %s) ", classname ? classname : "");
3611 }
3612 JVM_ReleaseUTF(classname);
3613 JVM_ReleaseUTF(name);
3614 JVM_ReleaseUTF(signature);
3615 return n;
3616 }
3617
3618 static void
3619 CCerror (context_type *context, char *format, ...)
3620 {
3621 int n = print_CCerror_info(context);
3622 va_list args;
3623 if (n >= 0 && n < context->message_buf_len) {
3624 va_start(args, format);
3625 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3626 format, args);
3627 va_end(args);
3628 }
3629 context->err_code = CC_VerifyError;
3630 longjmp(context->jump_buffer, 1);
3631 }
3632
3633 static void
3634 CCout_of_memory(context_type *context)
3635 {
3636 int n = print_CCerror_info(context);
3637 context->err_code = CC_OutOfMemory;
3638 longjmp(context->jump_buffer, 1);
3639 }
3640
3641 static void
3642 CFerror(context_type *context, char *format, ...)
3643 {
3644 int n = print_CCerror_info(context);
3645 va_list args;
3646 if (n >= 0 && n < context->message_buf_len) {
3647 va_start(args, format);
3648 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3649 format, args);
3650 va_end(args);
3651 }
3652 context->err_code = CC_ClassFormatError;
3653 longjmp(context->jump_buffer, 1);
3654 }
3655
3656 static char
3657 signature_to_fieldtype(context_type *context,
3658 const char **signature_p, fullinfo_type *full_info_p)
3659 {
3660 const char *p = *signature_p;
3661 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3662 char result;
3663 int array_depth = 0;
3664
3665 for (;;) {
3666 switch(*p++) {
3667 default:
3668 result = 0;
3669 break;
3670
3671 case JVM_SIGNATURE_BOOLEAN: case JVM_SIGNATURE_BYTE:
3672 full_info = (array_depth > 0)
3673 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3674 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3675 result = 'I';
3676 break;
3677
3678 case JVM_SIGNATURE_CHAR:
3679 full_info = (array_depth > 0)
3680 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3681 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3682 result = 'I';
3683 break;
3684
3685 case JVM_SIGNATURE_SHORT:
3686 full_info = (array_depth > 0)
3687 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3688 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3689 result = 'I';
3690 break;
3691
3692 case JVM_SIGNATURE_INT:
3693 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3694 result = 'I';
3695 break;
3696
3697 case JVM_SIGNATURE_FLOAT:
3698 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3699 result = 'F';
3700 break;
3701
3702 case JVM_SIGNATURE_DOUBLE:
3703 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3704 result = 'D';
3705 break;
3706
3707 case JVM_SIGNATURE_LONG:
3708 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3709 result = 'L';
3710 break;
3711
3712 case JVM_SIGNATURE_ARRAY:
3713 array_depth++;
3714 continue; /* only time we ever do the loop > 1 */
3715
3716 case JVM_SIGNATURE_CLASS: {
3717 char buffer_space[256];
3718 char *buffer = buffer_space;
3719 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3720 int length;
3721 if (finish == NULL) {
3722 /* Signature must have ';' after the class name.
3723 * If it does not, return 0 and ITEM_Bogus in full_info. */
3724 result = 0;
3725 break;
3726 }
3727 length = finish - p;
3728 if (length + 1 > (int)sizeof(buffer_space)) {
3729 buffer = malloc(length + 1);
3730 check_and_push(context, buffer, VM_MALLOC_BLK);
3731 }
3732 memcpy(buffer, p, length);
3733 buffer[length] = '\0';
3734 full_info = make_class_info_from_name(context, buffer);
3735 result = 'A';
3736 p = finish + 1;
3737 if (buffer != buffer_space)
3738 pop_and_free(context);
3739 break;
3740 }
3741 } /* end of switch */
3742 break;
3743 }
3744 *signature_p = p;
3745 if (array_depth == 0 || result == 0) {
3746 /* either not an array, or result is bogus */
3747 *full_info_p = full_info;
3748 return result;
3749 } else {
3750 if (array_depth > MAX_ARRAY_DIMENSIONS)
3751 CCerror(context, "Array with too many dimensions");
3752 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3753 array_depth,
3754 GET_EXTRA_INFO(full_info));
3755 return 'A';
3756 }
3757 }
3758
3759
3760 /* Given an array type, create the type that has one less level of
3761 * indirection.
3762 */
3763
3764 static fullinfo_type
3765 decrement_indirection(fullinfo_type array_info)
3766 {
3767 if (array_info == NULL_FULLINFO) {
3768 return NULL_FULLINFO;
3769 } else {
3770 int type = GET_ITEM_TYPE(array_info);
3771 int indirection = GET_INDIRECTION(array_info) - 1;
3772 int extra_info = GET_EXTRA_INFO(array_info);
3773 if ( (indirection == 0)
3774 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Char)))
3775 type = ITEM_Integer;
3776 return MAKE_FULLINFO(type, indirection, extra_info);
3777 }
3778 }
3779
3780
3781 /* See if we can assign an object of the "from" type to an object
3782 * of the "to" type.
3783 */
3784
3785 static jboolean isAssignableTo(context_type *context,
3786 fullinfo_type from, fullinfo_type to)
3787 {
3788 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3789 }
3790
3791 /* Given two fullinfo_type's, find their lowest common denominator. If
3792 * the assignable_p argument is non-null, we're really just calling to find
3793 * out if "<target> := <value>" is a legitimate assignment.
3794 *
3795 * We treat all interfaces as if they were of type java/lang/Object, since the
3796 * runtime will do the full checking.
3797 */
3798 static fullinfo_type
3799 merge_fullinfo_types(context_type *context,
3800 fullinfo_type value, fullinfo_type target,
3801 jboolean for_assignment)
3802 {
3803 JNIEnv *env = context->env;
3804 if (value == target) {
3805 /* If they're identical, clearly just return what we've got */
3806 return value;
3807 }
3808
3809 /* Both must be either arrays or objects to go further */
3810 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3811 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3812 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3813 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3814
3815 /* If either is NULL, return the other. */
3816 if (value == NULL_FULLINFO)
3817 return target;
3818 else if (target == NULL_FULLINFO)
3819 return value;
3820
3821 /* If either is java/lang/Object, that's the result. */
3822 if (target == context->object_info)
3823 return target;
3824 else if (value == context->object_info) {
3825 /* Minor hack. For assignments, Interface := Object, return Interface
3826 * rather than Object, so that isAssignableTo() will get the right
3827 * result. */
3828 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3829 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3830 jclass cb = object_fullinfo_to_classclass(context,
3831 target);
3832 int is_interface = cb && JVM_IsInterface(env, cb);
3833 if (is_interface)
3834 return target;
3835 }
3836 return value;
3837 }
3838 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3839 /* At least one is an array. Neither is java/lang/Object or NULL.
3840 * Moreover, the types are not identical.
3841 * The result must either be Object, or an array of some object type.
3842 */
3843 fullinfo_type value_base, target_base;
3844 int dimen_value = GET_INDIRECTION(value);
3845 int dimen_target = GET_INDIRECTION(target);
3846
3847 if (target == context->cloneable_info ||
3848 target == context->serializable_info) {
3849 return target;
3850 }
3851
3852 if (value == context->cloneable_info ||
3853 value == context->serializable_info) {
3854 return value;
3855 }
3856
3857 /* First, if either item's base type isn't ITEM_Object, promote it up
3858 * to an object or array of object. If either is elemental, we can
3859 * punt.
3860 */
3861 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3862 if (dimen_value == 0)
3863 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3864 dimen_value--;
3865 value = MAKE_Object_ARRAY(dimen_value);
3866
3867 }
3868 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3869 if (dimen_target == 0)
3870 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3871 dimen_target--;
3872 target = MAKE_Object_ARRAY(dimen_target);
3873 }
3874 /* Both are now objects or arrays of some sort of object type */
3875 value_base = WITH_ZERO_INDIRECTION(value);
3876 target_base = WITH_ZERO_INDIRECTION(target);
3877 if (dimen_value == dimen_target) {
3878 /* Arrays of the same dimension. Merge their base types. */
3879 fullinfo_type result_base =
3880 merge_fullinfo_types(context, value_base, target_base,
3881 for_assignment);
3882 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3883 /* bogus in, bogus out */
3884 return result_base;
3885 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3886 GET_EXTRA_INFO(result_base));
3887 } else {
3888 /* Arrays of different sizes. If the smaller dimension array's base
3889 * type is java/lang/Cloneable or java/io/Serializable, return it.
3890 * Otherwise return java/lang/Object with a dimension of the smaller
3891 * of the two */
3892 if (dimen_value < dimen_target) {
3893 if (value_base == context->cloneable_info ||
3894 value_base == context ->serializable_info) {
3895 return value;
3896 }
3897 return MAKE_Object_ARRAY(dimen_value);
3898 } else {
3899 if (target_base == context->cloneable_info ||
3900 target_base == context->serializable_info) {
3901 return target;
3902 }
3903 return MAKE_Object_ARRAY(dimen_target);
3904 }
3905 }
3906 } else {
3907 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3908 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3909 fullinfo_type result_info;
3910
3911 /* Let's get the classes corresponding to each of these. Treat
3912 * interfaces as if they were java/lang/Object. See hack note above. */
3913 cb_target = object_fullinfo_to_classclass(context, target);
3914 if (cb_target == 0)
3915 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3916 if (JVM_IsInterface(env, cb_target))
3917 return for_assignment ? target : context->object_info;
3918 cb_value = object_fullinfo_to_classclass(context, value);
3919 if (cb_value == 0)
3920 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3921 if (JVM_IsInterface(env, cb_value))
3922 return context->object_info;
3923
3924 /* If this is for assignment of target := value, we just need to see if
3925 * cb_target is a superclass of cb_value. Save ourselves a lot of
3926 * work.
3927 */
3928 if (for_assignment) {
3929 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3930 while (cb_super_value != 0) {
3931 jclass tmp_cb;
3932 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3933 (*env)->DeleteLocalRef(env, cb_super_value);
3934 return target;
3935 }
3936 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3937 (*env)->DeleteLocalRef(env, cb_super_value);
3938 cb_super_value = tmp_cb;
3939 }
3940 (*env)->DeleteLocalRef(env, cb_super_value);
3941 return context->object_info;
3942 }
3943
3944 /* Find out whether cb_value or cb_target is deeper in the class
3945 * tree by moving both toward the root, and seeing who gets there
3946 * first. */
3947 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3948 cb_super_target = (*env)->GetSuperclass(env, cb_target);
3949 while((cb_super_value != 0) &&
3950 (cb_super_target != 0)) {
3951 jclass tmp_cb;
3952 /* Optimization. If either hits the other when going up looking
3953 * for a parent, then might as well return the parent immediately */
3954 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3955 (*env)->DeleteLocalRef(env, cb_super_value);
3956 (*env)->DeleteLocalRef(env, cb_super_target);
3957 return target;
3958 }
3959 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
3960 (*env)->DeleteLocalRef(env, cb_super_value);
3961 (*env)->DeleteLocalRef(env, cb_super_target);
3962 return value;
3963 }
3964 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3965 (*env)->DeleteLocalRef(env, cb_super_value);
3966 cb_super_value = tmp_cb;
3967
3968 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
3969 (*env)->DeleteLocalRef(env, cb_super_target);
3970 cb_super_target = tmp_cb;
3971 }
3972 cb_value = (*env)->NewLocalRef(env, cb_value);
3973 cb_target = (*env)->NewLocalRef(env, cb_target);
3974 /* At most one of the following two while clauses will be executed.
3975 * Bring the deeper of cb_target and cb_value to the depth of the
3976 * shallower one.
3977 */
3978 while (cb_super_value != 0) {
3979 /* cb_value is deeper */
3980 jclass cb_tmp;
3981
3982 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
3983 (*env)->DeleteLocalRef(env, cb_super_value);
3984 cb_super_value = cb_tmp;
3985
3986 cb_tmp = (*env)->GetSuperclass(env, cb_value);
3987 (*env)->DeleteLocalRef(env, cb_value);
3988 cb_value = cb_tmp;
3989 }
3990 while (cb_super_target != 0) {
3991 /* cb_target is deeper */
3992 jclass cb_tmp;
3993
3994 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
3995 (*env)->DeleteLocalRef(env, cb_super_target);
3996 cb_super_target = cb_tmp;
3997
3998 cb_tmp = (*env)->GetSuperclass(env, cb_target);
3999 (*env)->DeleteLocalRef(env, cb_target);
4000 cb_target = cb_tmp;
4001 }
4002
4003 /* Walk both up, maintaining equal depth, until a join is found. We
4004 * know that we will find one. */
4005 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4006 jclass cb_tmp;
4007 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4008 (*env)->DeleteLocalRef(env, cb_value);
4009 cb_value = cb_tmp;
4010 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4011 (*env)->DeleteLocalRef(env, cb_target);
4012 cb_target = cb_tmp;
4013 }
4014 result_info = make_class_info(context, cb_value);
4015 (*env)->DeleteLocalRef(env, cb_value);
4016 (*env)->DeleteLocalRef(env, cb_super_value);
4017 (*env)->DeleteLocalRef(env, cb_target);
4018 (*env)->DeleteLocalRef(env, cb_super_target);
4019 return result_info;
4020 } /* both items are classes */
4021 }
4022
4023
4024 /* Given a fullinfo_type corresponding to an Object, return the jclass
4025 * of that type.
4026 *
4027 * This function always returns a global reference!
4028 */
4029
4030 static jclass
4031 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4032 {
4033 unsigned short info = GET_EXTRA_INFO(classinfo);
4034 return ID_to_class(context, info);
4035 }
4036
4037 static void free_block(void *ptr, int kind)
4038 {
4039 switch (kind) {
4040 case VM_STRING_UTF:
4041 JVM_ReleaseUTF(ptr);
4042 break;
4043 case VM_MALLOC_BLK:
4044 free(ptr);
4045 break;
4046 }
4047 }
4048
4049 static void check_and_push(context_type *context, const void *ptr, int kind)
4050 {
4051 alloc_stack_type *p;
4052 if (ptr == 0)
4053 CCout_of_memory(context);
4054 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4055 p = &(context->alloc_stack[context->alloc_stack_top++]);
4056 else {
4057 /* Otherwise we have to malloc */
4058 p = malloc(sizeof(alloc_stack_type));
4059 if (p == 0) {
4060 /* Make sure we clean up. */
4061 free_block((void *)ptr, kind);
4062 CCout_of_memory(context);
4063 }
4064 }
4065 p->kind = kind;
4066 p->ptr = (void *)ptr;
4067 p->next = context->allocated_memory;
4068 context->allocated_memory = p;
4069 }
4070
4071 static void pop_and_free(context_type *context)
4072 {
4073 alloc_stack_type *p = context->allocated_memory;
4074 context->allocated_memory = p->next;
4075 free_block(p->ptr, p->kind);
4076 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4077 p >= context->alloc_stack)
4078 context->alloc_stack_top--;
4079 else
4080 free(p);
4081 }
4082
4083 static int signature_to_args_size(const char *method_signature)
4084 {
4085 const char *p;
4086 int args_size = 0;
4087 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4088 switch (*p) {
4089 case JVM_SIGNATURE_BOOLEAN:
4090 case JVM_SIGNATURE_BYTE:
4091 case JVM_SIGNATURE_CHAR:
4092 case JVM_SIGNATURE_SHORT:
4093 case JVM_SIGNATURE_INT:
4094 case JVM_SIGNATURE_FLOAT:
4095 args_size += 1;
4096 break;
4097 case JVM_SIGNATURE_CLASS:
4098 args_size += 1;
4099 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4100 break;
4101 case JVM_SIGNATURE_ARRAY:
4102 args_size += 1;
4103 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4104 /* If an array of classes, skip over class name, too. */
4105 if (*p == JVM_SIGNATURE_CLASS) {
4106 while (*p != JVM_SIGNATURE_ENDCLASS)
4107 p++;
4108 }
4109 break;
4110 case JVM_SIGNATURE_DOUBLE:
4111 case JVM_SIGNATURE_LONG:
4112 args_size += 2;
4113 break;
4114 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4115 break;
4116 default:
4117 /* Indicate an error. */
4118 return 0;
4119 }
4120 }
4121 return args_size;
4122 }
4123
4124 #ifdef DEBUG
4125
4126 /* Below are for debugging. */
4127
4128 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4129
4130 static void
4131 print_stack(context_type *context, stack_info_type *stack_info)
4132 {
4133 stack_item_type *stack = stack_info->stack;
4134 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4135 jio_fprintf(stdout, "x");
4136 } else {
4137 jio_fprintf(stdout, "(");
4138 for ( ; stack != 0; stack = stack->next)
4139 print_fullinfo_type(context, stack->item,
4140 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4141 jio_fprintf(stdout, ")");
4142 }
4143 }
4144
4145 static void
4146 print_registers(context_type *context, register_info_type *register_info)
4147 {
4148 int register_count = register_info->register_count;
4149 if (register_count == UNKNOWN_REGISTER_COUNT) {
4150 jio_fprintf(stdout, "x");
4151 } else {
4152 fullinfo_type *registers = register_info->registers;
4153 int mask_count = register_info->mask_count;
4154 mask_type *masks = register_info->masks;
4155 int i, j;
4156
4157 jio_fprintf(stdout, "{");
4158 for (i = 0; i < register_count; i++)
4159 print_fullinfo_type(context, registers[i],
4160 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4161 jio_fprintf(stdout, "}");
4162 for (i = 0; i < mask_count; i++) {
4163 char *separator = "";
4164 int *modifies = masks[i].modifies;
4165 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4166 for (j = 0;
4167 j < JVM_GetMethodIxLocalsCount(context->env,
4168 context->class,
4169 context->method_index);
4170 j++)
4171 if (IS_BIT_SET(modifies, j)) {
4172 jio_fprintf(stdout, "%s%d", separator, j);
4173 separator = ",";
4174 }
4175 jio_fprintf(stdout, ">");
4176 }
4177 }
4178 }
4179
4180
4181 static void
4182 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4183 {
4184 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4185 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4186 }
4187 }
4188
4189 static void
4190 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4191 {
4192 int i;
4193 int indirection = GET_INDIRECTION(type);
4194 for (i = indirection; i-- > 0; )
4195 jio_fprintf(stdout, "[");
4196 switch (GET_ITEM_TYPE(type)) {
4197 case ITEM_Integer:
4198 jio_fprintf(stdout, "I"); break;
4199 case ITEM_Float:
4200 jio_fprintf(stdout, "F"); break;
4201 case ITEM_Double:
4202 jio_fprintf(stdout, "D"); break;
4203 case ITEM_Double_2:
4204 jio_fprintf(stdout, "d"); break;
4205 case ITEM_Long:
4206 jio_fprintf(stdout, "L"); break;
4207 case ITEM_Long_2:
4208 jio_fprintf(stdout, "l"); break;
4209 case ITEM_ReturnAddress:
4210 jio_fprintf(stdout, "a"); break;
4211 case ITEM_Object:
4212 if (!verbose) {
4213 jio_fprintf(stdout, "A");
4214 } else {
4215 unsigned short extra = GET_EXTRA_INFO(type);
4216 if (extra == 0) {
4217 jio_fprintf(stdout, "/Null/");
4218 } else {
4219 const char *name = ID_to_class_name(context, extra);
4220 const char *name2 = strrchr(name, '/');
4221 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4222 }
4223 }
4224 break;
4225 case ITEM_Char:
4226 jio_fprintf(stdout, "C"); break;
4227 case ITEM_Short:
4228 jio_fprintf(stdout, "S"); break;
4229 case ITEM_Byte:
4230 jio_fprintf(stdout, "B"); break;
4231 case ITEM_NewObject:
4232 if (!verbose) {
4233 jio_fprintf(stdout, "@");
4234 } else {
4235 int inum = GET_EXTRA_INFO(type);
4236 fullinfo_type real_type =
4237 context->instruction_data[inum].operand2.fi;
4238 jio_fprintf(stdout, ">");
4239 print_fullinfo_type(context, real_type, JNI_TRUE);
4240 jio_fprintf(stdout, "<");
4241 }
4242 break;
4243 case ITEM_InitObject:
4244 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4245 break;
4246
4247 default:
4248 jio_fprintf(stdout, "?"); break;
4249 }
4250 for (i = indirection; i-- > 0; )
4251 jio_fprintf(stdout, "]");
4252 }
4253
4254
4255 static void
4256 print_formatted_fieldname(context_type *context, int index)
4257 {
4258 JNIEnv *env = context->env;
4259 jclass cb = context->class;
4260 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4261 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4262 jio_fprintf(stdout, " <%s.%s>",
4263 classname ? classname : "", fieldname ? fieldname : "");
4264 JVM_ReleaseUTF(classname);
4265 JVM_ReleaseUTF(fieldname);
4266 }
4267
4268 static void
4269 print_formatted_methodname(context_type *context, int index)
4270 {
4271 JNIEnv *env = context->env;
4272 jclass cb = context->class;
4273 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4274 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4275 jio_fprintf(stdout, " <%s.%s>",
4276 classname ? classname : "", methodname ? methodname : "");
4277 JVM_ReleaseUTF(classname);
4278 JVM_ReleaseUTF(methodname);
4279 }
4280
4281 #endif /*DEBUG*/