1 /*
2 * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 #define MAX_ARRAY_DIMENSIONS 255
94 /* align byte code */
95 #ifndef ALIGN_UP
96 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
97 #endif /* ALIGN_UP */
98 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
99
100 #ifdef DEBUG
101
102 int verify_verbose = 0;
103 static struct context_type *GlobalContext;
104 #endif
105
106 enum {
107 ITEM_Bogus,
108 ITEM_Void, /* only as a function return value */
109 ITEM_Integer,
110 ITEM_Float,
111 ITEM_Double,
112 ITEM_Double_2, /* 2nd word of double in register */
113 ITEM_Long,
114 ITEM_Long_2, /* 2nd word of long in register */
115 ITEM_Array,
116 ITEM_Object, /* Extra info field gives name. */
117 ITEM_NewObject, /* Like object, but uninitialized. */
118 ITEM_InitObject, /* "this" is init method, before call
119 to super() */
120 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
121 /* The following three are only used within array types.
122 * Normally, we use ITEM_Integer, instead. */
123 ITEM_Byte,
124 ITEM_Short,
125 ITEM_Char
126 };
127
128
129 #define UNKNOWN_STACK_SIZE -1
130 #define UNKNOWN_REGISTER_COUNT -1
131 #define UNKNOWN_RET_INSTRUCTION -1
132
133 #undef MAX
134 #undef MIN
135 #define MAX(a, b) ((a) > (b) ? (a) : (b))
136 #define MIN(a, b) ((a) < (b) ? (a) : (b))
137
138 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
139 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
140 ((unsigned)1 << ((i) % BITS_PER_INT)))
141 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
142 ((unsigned)1 << ((i) % BITS_PER_INT)))
143
144 typedef unsigned int fullinfo_type;
145 typedef unsigned int *bitvector;
146
147 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
148 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
149 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
150 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
151 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
152
153 #define MAKE_FULLINFO(type, indirect, extra) \
154 ((type) + ((indirect) << 5) + ((extra) << 16))
155
156 #define MAKE_Object_ARRAY(indirect) \
157 (context->object_info + ((indirect) << 5))
158
159 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
160
161 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
162 #define JVM_OPC_invokeinit 0x100
163
164 /* A hash mechanism used by the verifier.
165 * Maps class names to unique 16 bit integers.
166 */
167
168 #define HASH_TABLE_SIZE 503
169
170 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
171 * row (256 buckets) at a time to minimize fragmentation. Rows are
172 * allocated on demand so that we don't waste too much space.
173 */
174
175 #define MAX_HASH_ENTRIES 65536
176 #define HASH_ROW_SIZE 256
177
178 typedef struct hash_bucket_type {
179 char *name;
180 unsigned int hash;
181 jclass class;
182 unsigned short ID;
183 unsigned short next;
184 unsigned loadable:1; /* from context->class loader */
185 } hash_bucket_type;
186
187 typedef struct {
188 hash_bucket_type **buckets;
189 unsigned short *table;
190 int entries_used;
191 } hash_table_type;
192
193 #define GET_BUCKET(class_hash, ID)\
194 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
195
196 /*
197 * There are currently two types of resources that we need to keep
198 * track of (in addition to the CCalloc pool).
199 */
200 enum {
201 VM_STRING_UTF, /* VM-allocated UTF strings */
202 VM_MALLOC_BLK /* malloc'ed blocks */
203 };
204
205 #define LDC_CLASS_MAJOR_VERSION 49
206
207 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
208
209 #define ALLOC_STACK_SIZE 16 /* big enough */
210
211 typedef struct alloc_stack_type {
212 void *ptr;
213 int kind;
214 struct alloc_stack_type *next;
215 } alloc_stack_type;
216
217 /* The context type encapsulates the current invocation of the byte
218 * code verifier.
219 */
220 struct context_type {
221
222 JNIEnv *env; /* current JNIEnv */
223
224 /* buffers etc. */
225 char *message;
226 jint message_buf_len;
227 jboolean err_code;
228
229 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
230 had a chance to free */
231 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
232 blocks here, to save mallocs. */
233 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
234 int alloc_stack_top;
235
236 /* these fields are per class */
237 jclass class; /* current class */
238 jint major_version;
239 jint nconstants;
240 unsigned char *constant_types;
241 hash_table_type class_hash;
242
243 fullinfo_type object_info; /* fullinfo for java/lang/Object */
244 fullinfo_type string_info; /* fullinfo for java/lang/String */
245 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
246 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
247 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
248
249 fullinfo_type currentclass_info; /* fullinfo for context->class */
250 fullinfo_type superclass_info; /* fullinfo for superclass */
251
252 /* these fields are per method */
253 int method_index; /* current method */
254 unsigned short *exceptions; /* exceptions */
255 unsigned char *code; /* current code object */
256 jint code_length;
257 int *code_data; /* offset to instruction number */
258 struct instruction_data_type *instruction_data; /* info about each */
259 struct handler_info_type *handler_info;
260 fullinfo_type *superclasses; /* null terminated superclasses */
261 int instruction_count; /* number of instructions */
262 fullinfo_type return_type; /* function return type */
263 fullinfo_type swap_table[4]; /* used for passing information */
264 int bitmask_size; /* words needed to hold bitmap of arguments */
265
266 /* these fields are per field */
267 int field_index;
268
269 /* Used by the space allocator */
270 struct CCpool *CCroot, *CCcurrent;
271 char *CCfree_ptr;
272 int CCfree_size;
273
274 /* Jump here on any error. */
275 jmp_buf jump_buffer;
276
277 #ifdef DEBUG
278 /* keep track of how many global refs are allocated. */
279 int n_globalrefs;
280 #endif
281 };
282
283 struct stack_info_type {
284 struct stack_item_type *stack;
285 int stack_size;
286 };
287
288 struct register_info_type {
289 int register_count; /* number of registers used */
290 fullinfo_type *registers;
291 int mask_count; /* number of masks in the following */
292 struct mask_type *masks;
293 };
294
295 struct mask_type {
296 int entry;
297 int *modifies;
298 };
299
300 typedef unsigned short flag_type;
301
302 struct instruction_data_type {
303 int opcode; /* may turn into "canonical" opcode */
304 unsigned changed:1; /* has it changed */
305 unsigned protected:1; /* must accessor be a subclass of "this" */
306 union {
307 int i; /* operand to the opcode */
308 int *ip;
309 fullinfo_type fi;
310 } operand, operand2;
311 fullinfo_type p;
312 struct stack_info_type stack_info;
313 struct register_info_type register_info;
314 #define FLAG_REACHED 0x01 /* instruction reached */
315 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
316 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
317 flag_type or_flags; /* true for at least one path to this inst */
318 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
319 flag_type and_flags; /* true for all paths to this instruction */
320 };
321
322 struct handler_info_type {
323 int start, end, handler;
324 struct stack_info_type stack_info;
325 };
326
327 struct stack_item_type {
328 fullinfo_type item;
329 struct stack_item_type *next;
330 };
331
332 typedef struct context_type context_type;
333 typedef struct instruction_data_type instruction_data_type;
334 typedef struct stack_item_type stack_item_type;
335 typedef struct register_info_type register_info_type;
336 typedef struct stack_info_type stack_info_type;
337 typedef struct mask_type mask_type;
338
339 static void read_all_code(context_type *context, jclass cb, int num_methods,
340 int** code_lengths, unsigned char*** code);
341 static void verify_method(context_type *context, jclass cb, int index,
342 int code_length, unsigned char* code);
343 static void free_all_code(context_type* context, int num_methods,
344 unsigned char** code);
345 static void verify_field(context_type *context, jclass cb, int index);
346
347 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
348 static void set_protected(context_type *, unsigned int inumber, int key, int);
349 static jboolean is_superclass(context_type *, fullinfo_type);
350
351 static void initialize_exception_table(context_type *);
352 static int instruction_length(unsigned char *iptr, unsigned char *end);
353 static jboolean isLegalTarget(context_type *, int offset);
354 static void verify_constant_pool_type(context_type *, int, unsigned);
355
356 static void initialize_dataflow(context_type *);
357 static void run_dataflow(context_type *context);
358 static void check_register_values(context_type *context, unsigned int inumber);
359 static void check_flags(context_type *context, unsigned int inumber);
360 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
361 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
362 static void update_flags(context_type *, unsigned int inumber,
363 flag_type *new_and_flags, flag_type *new_or_flags);
364 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
365
366 static void merge_into_successors(context_type *, unsigned int inumber,
367 register_info_type *register_info,
368 stack_info_type *stack_info,
369 flag_type and_flags, flag_type or_flags);
370 static void merge_into_one_successor(context_type *context,
371 unsigned int from_inumber,
372 unsigned int inumber,
373 register_info_type *register_info,
374 stack_info_type *stack_info,
375 flag_type and_flags, flag_type or_flags,
376 jboolean isException);
377 static void merge_stack(context_type *, unsigned int inumber,
378 unsigned int to_inumber, stack_info_type *);
379 static void merge_registers(context_type *, unsigned int inumber,
380 unsigned int to_inumber,
381 register_info_type *);
382 static void merge_flags(context_type *context, unsigned int from_inumber,
383 unsigned int to_inumber,
384 flag_type new_and_flags, flag_type new_or_flags);
385
386 static stack_item_type *copy_stack(context_type *, stack_item_type *);
387 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
388 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
389
390 static fullinfo_type decrement_indirection(fullinfo_type);
391
392 static fullinfo_type merge_fullinfo_types(context_type *context,
393 fullinfo_type a,
394 fullinfo_type b,
395 jboolean assignment);
396 static jboolean isAssignableTo(context_type *,
397 fullinfo_type a,
398 fullinfo_type b);
399
400 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
401
402
403 #define NEW(type, count) \
404 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
405 #define ZNEW(type, count) \
406 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
407
408 static void CCinit(context_type *context);
409 static void CCreinit(context_type *context);
410 static void CCdestroy(context_type *context);
411 static void *CCalloc(context_type *context, int size, jboolean zero);
412
413 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
414
415 static char signature_to_fieldtype(context_type *context,
416 const char **signature_p, fullinfo_type *info);
417
418 static void CCerror (context_type *, char *format, ...);
419 static void CFerror (context_type *, char *format, ...);
420 static void CCout_of_memory (context_type *);
421
422 /* Because we can longjmp any time, we need to be very careful about
423 * remembering what needs to be freed. */
424
425 static void check_and_push(context_type *context, const void *ptr, int kind);
426 static void pop_and_free(context_type *context);
427
428 static int signature_to_args_size(const char *method_signature);
429
430 #ifdef DEBUG
431 static void print_stack (context_type *, stack_info_type *stack_info);
432 static void print_registers(context_type *, register_info_type *register_info);
433 static void print_flags(context_type *, flag_type, flag_type);
434 static void print_formatted_fieldname(context_type *context, int index);
435 static void print_formatted_methodname(context_type *context, int index);
436 #endif
437
438 void initialize_class_hash(context_type *context)
439 {
440 hash_table_type *class_hash = &(context->class_hash);
441 class_hash->buckets = (hash_bucket_type **)
442 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
443 class_hash->table = (unsigned short *)
444 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
445 if (class_hash->buckets == 0 ||
446 class_hash->table == 0)
447 CCout_of_memory(context);
448 class_hash->entries_used = 0;
449 }
450
451 static void finalize_class_hash(context_type *context)
452 {
453 hash_table_type *class_hash = &(context->class_hash);
454 JNIEnv *env = context->env;
455 int i;
456 /* 4296677: bucket index starts from 1. */
457 for (i=1;i<=class_hash->entries_used;i++) {
458 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
459 assert(bucket != NULL);
460 free(bucket->name);
461 if (bucket->class) {
462 (*env)->DeleteGlobalRef(env, bucket->class);
463 #ifdef DEBUG
464 context->n_globalrefs--;
465 #endif
466 }
467 }
468 if (class_hash->buckets) {
469 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
470 if (class_hash->buckets[i] == 0)
471 break;
472 free(class_hash->buckets[i]);
473 }
474 }
475 free(class_hash->buckets);
476 free(class_hash->table);
477 }
478
479 static hash_bucket_type *
480 new_bucket(context_type *context, unsigned short *pID)
481 {
482 hash_table_type *class_hash = &(context->class_hash);
483 int i = *pID = class_hash->entries_used + 1;
484 int row = i / HASH_ROW_SIZE;
485 if (i >= MAX_HASH_ENTRIES)
486 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
487 if (class_hash->buckets[row] == 0) {
488 class_hash->buckets[row] = (hash_bucket_type*)
489 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
490 if (class_hash->buckets[row] == 0)
491 CCout_of_memory(context);
492 }
493 class_hash->entries_used++; /* only increment when we are sure there
494 is no overflow. */
495 return GET_BUCKET(class_hash, i);
496 }
497
498 static unsigned int
499 class_hash_fun(const char *s)
500 {
501 int i;
502 unsigned raw_hash;
503 for (raw_hash = 0; (i = *s) != '\0'; ++s)
504 raw_hash = raw_hash * 37 + i;
505 return raw_hash;
506 }
507
508 /*
509 * Find a class using the defining loader of the current class
510 * and return a local reference to it.
511 */
512 static jclass load_class_local(context_type *context,const char *classname)
513 {
514 jclass cb = JVM_FindClassFromClass(context->env, classname,
515 JNI_FALSE, context->class);
516 if (cb == 0)
517 CCerror(context, "Cannot find class %s", classname);
518 return cb;
519 }
520
521 /*
522 * Find a class using the defining loader of the current class
523 * and return a global reference to it.
524 */
525 static jclass load_class_global(context_type *context, const char *classname)
526 {
527 JNIEnv *env = context->env;
528 jclass local, global;
529
530 local = load_class_local(context, classname);
531 global = (*env)->NewGlobalRef(env, local);
532 if (global == 0)
533 CCout_of_memory(context);
534 #ifdef DEBUG
535 context->n_globalrefs++;
536 #endif
537 (*env)->DeleteLocalRef(env, local);
538 return global;
539 }
540
541 /*
542 * Return a unique ID given a local class reference. The loadable
543 * flag is true if the defining class loader of context->class
544 * is known to be capable of loading the class.
545 */
546 static unsigned short
547 class_to_ID(context_type *context, jclass cb, jboolean loadable)
548 {
549 JNIEnv *env = context->env;
550 hash_table_type *class_hash = &(context->class_hash);
551 unsigned int hash;
552 hash_bucket_type *bucket;
553 unsigned short *pID;
554 const char *name = JVM_GetClassNameUTF(env, cb);
555
556 check_and_push(context, name, VM_STRING_UTF);
557 hash = class_hash_fun(name);
558 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
559 while (*pID) {
560 bucket = GET_BUCKET(class_hash, *pID);
561 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
562 /*
563 * There is an unresolved entry with our name
564 * so we're forced to load it in case it matches us.
565 */
566 if (bucket->class == 0) {
567 assert(bucket->loadable == JNI_TRUE);
568 bucket->class = load_class_global(context, name);
569 }
570
571 /*
572 * It's already in the table. Update the loadable
573 * state if it's known and then we're done.
574 */
575 if ((*env)->IsSameObject(env, cb, bucket->class)) {
576 if (loadable && !bucket->loadable)
577 bucket->loadable = JNI_TRUE;
578 goto done;
579 }
580 }
581 pID = &bucket->next;
582 }
583 bucket = new_bucket(context, pID);
584 bucket->next = 0;
585 bucket->hash = hash;
586 bucket->name = malloc(strlen(name) + 1);
587 if (bucket->name == 0)
588 CCout_of_memory(context);
589 strcpy(bucket->name, name);
590 bucket->loadable = loadable;
591 bucket->class = (*env)->NewGlobalRef(env, cb);
592 if (bucket->class == 0)
593 CCout_of_memory(context);
594 #ifdef DEBUG
595 context->n_globalrefs++;
596 #endif
597
598 done:
599 pop_and_free(context);
600 return *pID;
601 }
602
603 /*
604 * Return a unique ID given a class name from the constant pool.
605 * All classes are lazily loaded from the defining loader of
606 * context->class.
607 */
608 static unsigned short
609 class_name_to_ID(context_type *context, const char *name)
610 {
611 hash_table_type *class_hash = &(context->class_hash);
612 unsigned int hash = class_hash_fun(name);
613 hash_bucket_type *bucket;
614 unsigned short *pID;
615 jboolean force_load = JNI_FALSE;
616
617 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
618 while (*pID) {
619 bucket = GET_BUCKET(class_hash, *pID);
620 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
621 if (bucket->loadable)
622 goto done;
623 force_load = JNI_TRUE;
624 }
625 pID = &bucket->next;
626 }
627
628 if (force_load) {
629 /*
630 * We found at least one matching named entry for a class that
631 * was not known to be loadable through the defining class loader
632 * of context->class. We must load our named class and update
633 * the hash table in case one these entries matches our class.
634 */
635 JNIEnv *env = context->env;
636 jclass cb = load_class_local(context, name);
637 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
638 (*env)->DeleteLocalRef(env, cb);
639 return id;
640 }
641
642 bucket = new_bucket(context, pID);
643 bucket->next = 0;
644 bucket->class = 0;
645 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
646 bucket->hash = hash;
647 bucket->name = malloc(strlen(name) + 1);
648 if (bucket->name == 0)
649 CCout_of_memory(context);
650 strcpy(bucket->name, name);
651
652 done:
653 return *pID;
654 }
655
656 static const char *
657 ID_to_class_name(context_type *context, unsigned short ID)
658 {
659 hash_table_type *class_hash = &(context->class_hash);
660 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
661 return bucket->name;
662 }
663
664 static jclass
665 ID_to_class(context_type *context, unsigned short ID)
666 {
667 hash_table_type *class_hash = &(context->class_hash);
668 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
669 if (bucket->class == 0) {
670 assert(bucket->loadable == JNI_TRUE);
671 bucket->class = load_class_global(context, bucket->name);
672 }
673 return bucket->class;
674 }
675
676 static fullinfo_type
677 make_loadable_class_info(context_type *context, jclass cb)
678 {
679 return MAKE_FULLINFO(ITEM_Object, 0,
680 class_to_ID(context, cb, JNI_TRUE));
681 }
682
683 static fullinfo_type
684 make_class_info(context_type *context, jclass cb)
685 {
686 return MAKE_FULLINFO(ITEM_Object, 0,
687 class_to_ID(context, cb, JNI_FALSE));
688 }
689
690 static fullinfo_type
691 make_class_info_from_name(context_type *context, const char *name)
692 {
693 return MAKE_FULLINFO(ITEM_Object, 0,
694 class_name_to_ID(context, name));
695 }
696
697 /* RETURNS
698 * 1: on success chosen to be consistent with previous VerifyClass
699 * 0: verify error
700 * 2: out of memory
701 * 3: class format error
702 *
703 * Called by verify_class. Verify the code of each of the methods
704 * in a class. Note that this function apparently can't be JNICALL,
705 * because if it is the dynamic linker doesn't appear to be able to
706 * find it on Win32.
707 */
708
709 #define CC_OK 1
710 #define CC_VerifyError 0
711 #define CC_OutOfMemory 2
712 #define CC_ClassFormatError 3
713
714 JNIEXPORT jboolean
715 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
716 jint major_version)
717 {
718 context_type context_structure;
719 context_type *context = &context_structure;
720 jboolean result = CC_OK;
721 int i;
722 int num_methods;
723 int* code_lengths;
724 unsigned char** code;
725
726 #ifdef DEBUG
727 GlobalContext = context;
728 #endif
729
730 memset(context, 0, sizeof(context_type));
731 context->message = buffer;
732 context->message_buf_len = len;
733
734 context->env = env;
735 context->class = cb;
736
737 /* Set invalid method/field index of the context, in case anyone
738 calls CCerror */
739 context->method_index = -1;
740 context->field_index = -1;
741
742 /* Don't call CCerror or anything that can call it above the setjmp! */
743 if (!setjmp(context->jump_buffer)) {
744 jclass super;
745
746 CCinit(context); /* initialize heap; may throw */
747
748 initialize_class_hash(context);
749
750 context->major_version = major_version;
751 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
752 context->constant_types = (unsigned char *)
753 malloc(sizeof(unsigned char) * context->nconstants + 1);
754
755 if (context->constant_types == 0)
756 CCout_of_memory(context);
757
758 JVM_GetClassCPTypes(env, cb, context->constant_types);
759
760 if (context->constant_types == 0)
761 CCout_of_memory(context);
762
763 context->object_info =
764 make_class_info_from_name(context, "java/lang/Object");
765 context->string_info =
766 make_class_info_from_name(context, "java/lang/String");
767 context->throwable_info =
768 make_class_info_from_name(context, "java/lang/Throwable");
769 context->cloneable_info =
770 make_class_info_from_name(context, "java/lang/Cloneable");
771 context->serializable_info =
772 make_class_info_from_name(context, "java/io/Serializable");
773
774 context->currentclass_info = make_loadable_class_info(context, cb);
775
776 super = (*env)->GetSuperclass(env, cb);
777
778 if (super != 0) {
779 fullinfo_type *gptr;
780 int i = 0;
781
782 context->superclass_info = make_loadable_class_info(context, super);
783
784 while(super != 0) {
785 jclass tmp_cb = (*env)->GetSuperclass(env, super);
786 (*env)->DeleteLocalRef(env, super);
787 super = tmp_cb;
788 i++;
789 }
790 (*env)->DeleteLocalRef(env, super);
791 super = 0;
792
793 /* Can't go on context heap since it survives more than
794 one method */
795 context->superclasses = gptr =
796 malloc(sizeof(fullinfo_type)*(i + 1));
797 if (gptr == 0) {
798 CCout_of_memory(context);
799 }
800
801 super = (*env)->GetSuperclass(env, context->class);
802 while(super != 0) {
803 jclass tmp_cb;
804 *gptr++ = make_class_info(context, super);
805 tmp_cb = (*env)->GetSuperclass(env, super);
806 (*env)->DeleteLocalRef(env, super);
807 super = tmp_cb;
808 }
809 *gptr = 0;
810 } else {
811 context->superclass_info = 0;
812 }
813
814 (*env)->DeleteLocalRef(env, super);
815
816 /* Look at each method */
817 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
818 verify_field(context, cb, i);
819 num_methods = JVM_GetClassMethodsCount(env, cb);
820 read_all_code(context, cb, num_methods, &code_lengths, &code);
821 for (i = num_methods - 1; i >= 0; --i)
822 verify_method(context, cb, i, code_lengths[i], code[i]);
823 free_all_code(context, num_methods, code);
824 result = CC_OK;
825 } else {
826 result = context->err_code;
827 }
828
829 /* Cleanup */
830 finalize_class_hash(context);
831
832 while(context->allocated_memory)
833 pop_and_free(context);
834
835 #ifdef DEBUG
836 GlobalContext = 0;
837 #endif
838
839 if (context->exceptions)
840 free(context->exceptions);
841
842 if (context->constant_types)
843 free(context->constant_types);
844
845 if (context->superclasses)
846 free(context->superclasses);
847
848 #ifdef DEBUG
849 /* Make sure all global refs created in the verifier are freed */
850 assert(context->n_globalrefs == 0);
851 #endif
852
853 CCdestroy(context); /* destroy heap */
854 return result;
855 }
856
857 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
858
859 JNIEXPORT jboolean
860 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
861 {
862 static int warned = 0;
863 if (!warned) {
864 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
865 warned = 1;
866 }
867 return VerifyClassForMajorVersion(env, cb, buffer, len,
868 OLD_FORMAT_MAX_MAJOR_VERSION);
869 }
870
871 static void
872 verify_field(context_type *context, jclass cb, int field_index)
873 {
874 JNIEnv *env = context->env;
875 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
876 context->field_index = field_index;
877
878 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
879 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
880 CCerror(context, "Inconsistent access bits.");
881 }
882 context->field_index = -1;
883 }
884
885
886 /**
887 * We read all of the class's methods' code because it is possible that
888 * the verification of one method could resulting in linking further
889 * down the stack (due to class loading), which could end up rewriting
890 * some of the bytecode of methods we haven't verified yet. Since we
891 * don't want to see the rewritten bytecode, cache all the code and
892 * operate only on that.
893 */
894 static void
895 read_all_code(context_type* context, jclass cb, int num_methods,
896 int** lengths_addr, unsigned char*** code_addr)
897 {
898 int* lengths;
899 unsigned char** code;
900 int i;
901
902 lengths = malloc(sizeof(int) * num_methods);
903 check_and_push(context, lengths, VM_MALLOC_BLK);
904
905 code = malloc(sizeof(unsigned char*) * num_methods);
906 check_and_push(context, code, VM_MALLOC_BLK);
907
908 *(lengths_addr) = lengths;
909 *(code_addr) = code;
910
911 for (i = 0; i < num_methods; ++i) {
912 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
913 if (lengths[i] > 0) {
914 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
915 check_and_push(context, code[i], VM_MALLOC_BLK);
916 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
917 } else {
918 code[i] = NULL;
919 }
920 }
921 }
922
923 static void
924 free_all_code(context_type* context, int num_methods, unsigned char** code)
925 {
926 int i;
927 for (i = 0; i < num_methods; ++i) {
928 if (code[i] != NULL) {
929 pop_and_free(context);
930 }
931 }
932 pop_and_free(context); /* code */
933 pop_and_free(context); /* lengths */
934 }
935
936 /* Verify the code of one method */
937 static void
938 verify_method(context_type *context, jclass cb, int method_index,
939 int code_length, unsigned char* code)
940 {
941 JNIEnv *env = context->env;
942 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
943 int *code_data;
944 instruction_data_type *idata = 0;
945 int instruction_count;
946 int i, offset;
947 unsigned int inumber;
948 jint nexceptions;
949
950 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
951 /* not much to do for abstract and native methods */
952 return;
953 }
954
955 context->code_length = code_length;
956 context->code = code;
957
958 /* CCerror can give method-specific info once this is set */
959 context->method_index = method_index;
960
961 CCreinit(context); /* initial heap */
962 code_data = NEW(int, code_length);
963
964 #ifdef DEBUG
965 if (verify_verbose) {
966 const char *classname = JVM_GetClassNameUTF(env, cb);
967 const char *methodname =
968 JVM_GetMethodIxNameUTF(env, cb, method_index);
969 const char *signature =
970 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
971 jio_fprintf(stdout, "Looking at %s.%s%s\n",
972 (classname ? classname : ""),
973 (methodname ? methodname : ""),
974 (signature ? signature : ""));
975 JVM_ReleaseUTF(classname);
976 JVM_ReleaseUTF(methodname);
977 JVM_ReleaseUTF(signature);
978 }
979 #endif
980
981 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
982 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
983 CCerror(context, "Inconsistent access bits.");
984 }
985
986 // If this method is an overpass method, which is generated by the VM,
987 // we trust the code and no check needs to be done.
988 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
989 return;
990 }
991
992 /* Run through the code. Mark the start of each instruction, and give
993 * the instruction a number */
994 for (i = 0, offset = 0; offset < code_length; i++) {
995 int length = instruction_length(&code[offset], code + code_length);
996 int next_offset = offset + length;
997 if (length <= 0)
998 CCerror(context, "Illegal instruction found at offset %d", offset);
999 if (next_offset > code_length)
1000 CCerror(context, "Code stops in the middle of instruction "
1001 " starting at offset %d", offset);
1002 code_data[offset] = i;
1003 while (++offset < next_offset)
1004 code_data[offset] = -1; /* illegal location */
1005 }
1006 instruction_count = i; /* number of instructions in code */
1007
1008 /* Allocate a structure to hold info about each instruction. */
1009 idata = NEW(instruction_data_type, instruction_count);
1010
1011 /* Initialize the heap, and other info in the context structure. */
1012 context->code = code;
1013 context->instruction_data = idata;
1014 context->code_data = code_data;
1015 context->instruction_count = instruction_count;
1016 context->handler_info =
1017 NEW(struct handler_info_type,
1018 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1019 context->bitmask_size =
1020 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1021 + (BITS_PER_INT - 1))/BITS_PER_INT;
1022
1023 if (instruction_count == 0)
1024 CCerror(context, "Empty code");
1025
1026 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1027 int length = instruction_length(&code[offset], code + code_length);
1028 instruction_data_type *this_idata = &idata[inumber];
1029 this_idata->opcode = code[offset];
1030 this_idata->stack_info.stack = NULL;
1031 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1032 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1033 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1034 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1035 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1036 this_idata->or_flags = 0; /* "bottom" or value*/
1037 /* This also sets up this_data->operand. It also makes the
1038 * xload_x and xstore_x instructions look like the generic form. */
1039 verify_opcode_operands(context, inumber, offset);
1040 offset += length;
1041 }
1042
1043
1044 /* make sure exception table is reasonable. */
1045 initialize_exception_table(context);
1046 /* Set up first instruction, and start of exception handlers. */
1047 initialize_dataflow(context);
1048 /* Run data flow analysis on the instructions. */
1049 run_dataflow(context);
1050
1051 /* verify checked exceptions, if any */
1052 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1053 context->exceptions = (unsigned short *)
1054 malloc(sizeof(unsigned short) * nexceptions + 1);
1055 if (context->exceptions == 0)
1056 CCout_of_memory(context);
1057 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1058 context->exceptions);
1059 for (i = 0; i < nexceptions; i++) {
1060 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1061 verify_constant_pool_type(context, (int)context->exceptions[i],
1062 1 << JVM_CONSTANT_Class);
1063 }
1064 free(context->exceptions);
1065 context->exceptions = 0;
1066 context->code = 0;
1067 context->method_index = -1;
1068 }
1069
1070
1071 /* Look at a single instruction, and verify its operands. Also, for
1072 * simplicity, move the operand into the ->operand field.
1073 * Make sure that branches don't go into the middle of nowhere.
1074 */
1075
1076 static jint _ck_ntohl(jint n)
1077 {
1078 unsigned char *p = (unsigned char *)&n;
1079 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1080 }
1081
1082 static void
1083 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1084 {
1085 JNIEnv *env = context->env;
1086 instruction_data_type *idata = context->instruction_data;
1087 instruction_data_type *this_idata = &idata[inumber];
1088 int *code_data = context->code_data;
1089 int mi = context->method_index;
1090 unsigned char *code = context->code;
1091 int opcode = this_idata->opcode;
1092 int var;
1093
1094 /*
1095 * Set the ip fields to 0 not the i fields because the ip fields
1096 * are 64 bits on 64 bit architectures, the i field is only 32
1097 */
1098 this_idata->operand.ip = 0;
1099 this_idata->operand2.ip = 0;
1100
1101 switch (opcode) {
1102
1103 case JVM_OPC_jsr:
1104 /* instruction of ret statement */
1105 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1106 /* FALLTHROUGH */
1107 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1108 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1109 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1110 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1111 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1112 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1113 case JVM_OPC_goto: {
1114 /* Set the ->operand to be the instruction number of the target. */
1115 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1116 int target = offset + jump;
1117 if (!isLegalTarget(context, target))
1118 CCerror(context, "Illegal target of jump or branch");
1119 this_idata->operand.i = code_data[target];
1120 break;
1121 }
1122
1123 case JVM_OPC_jsr_w:
1124 /* instruction of ret statement */
1125 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1126 /* FALLTHROUGH */
1127 case JVM_OPC_goto_w: {
1128 /* Set the ->operand to be the instruction number of the target. */
1129 int jump = (((signed char)(code[offset+1])) << 24) +
1130 (code[offset+2] << 16) + (code[offset+3] << 8) +
1131 (code[offset + 4]);
1132 int target = offset + jump;
1133 if (!isLegalTarget(context, target))
1134 CCerror(context, "Illegal target of jump or branch");
1135 this_idata->operand.i = code_data[target];
1136 break;
1137 }
1138
1139 case JVM_OPC_tableswitch:
1140 case JVM_OPC_lookupswitch: {
1141 /* Set the ->operand to be a table of possible instruction targets. */
1142 int *lpc = (int *) UCALIGN(code + offset + 1);
1143 int *lptr;
1144 int *saved_operand;
1145 int keys;
1146 int k, delta;
1147 /* 4639449, 4647081: Padding bytes must be zero. */
1148 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1149 for (; bptr < (unsigned char*)lpc; bptr++) {
1150 if (*bptr != 0) {
1151 CCerror(context, "Non zero padding bytes in switch");
1152 }
1153 }
1154 if (opcode == JVM_OPC_tableswitch) {
1155 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1156 delta = 1;
1157 } else {
1158 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1159 delta = 2;
1160 /* Make sure that the tableswitch items are sorted */
1161 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1162 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1163 int next_key = _ck_ntohl(lptr[2]);
1164 if (this_key >= next_key) {
1165 CCerror(context, "Unsorted lookup switch");
1166 }
1167 }
1168 }
1169 saved_operand = NEW(int, keys + 2);
1170 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1171 CCerror(context, "Illegal default target in switch");
1172 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1173 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1174 int target = offset + _ck_ntohl(lptr[0]);
1175 if (!isLegalTarget(context, target))
1176 CCerror(context, "Illegal branch in tableswitch");
1177 saved_operand[k + 1] = code_data[target];
1178 }
1179 saved_operand[0] = keys + 1; /* number of successors */
1180 this_idata->operand.ip = saved_operand;
1181 break;
1182 }
1183
1184 case JVM_OPC_ldc: {
1185 /* Make sure the constant pool item is the right type. */
1186 int key = code[offset + 1];
1187 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1188 (1 << JVM_CONSTANT_String);
1189 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1190 types |= 1 << JVM_CONSTANT_Class;
1191 }
1192 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1193 types |= (1 << JVM_CONSTANT_MethodHandle) |
1194 (1 << JVM_CONSTANT_MethodType);
1195 }
1196 this_idata->operand.i = key;
1197 verify_constant_pool_type(context, key, types);
1198 break;
1199 }
1200
1201 case JVM_OPC_ldc_w: {
1202 /* Make sure the constant pool item is the right type. */
1203 int key = (code[offset + 1] << 8) + code[offset + 2];
1204 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1205 (1 << JVM_CONSTANT_String);
1206 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1207 types |= 1 << JVM_CONSTANT_Class;
1208 }
1209 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1210 types |= (1 << JVM_CONSTANT_MethodHandle) |
1211 (1 << JVM_CONSTANT_MethodType);
1212 }
1213 this_idata->operand.i = key;
1214 verify_constant_pool_type(context, key, types);
1215 break;
1216 }
1217
1218 case JVM_OPC_ldc2_w: {
1219 /* Make sure the constant pool item is the right type. */
1220 int key = (code[offset + 1] << 8) + code[offset + 2];
1221 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1222 this_idata->operand.i = key;
1223 verify_constant_pool_type(context, key, types);
1224 break;
1225 }
1226
1227 case JVM_OPC_getfield: case JVM_OPC_putfield:
1228 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1229 /* Make sure the constant pool item is the right type. */
1230 int key = (code[offset + 1] << 8) + code[offset + 2];
1231 this_idata->operand.i = key;
1232 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1233 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1234 set_protected(context, inumber, key, opcode);
1235 break;
1236 }
1237
1238 case JVM_OPC_invokevirtual:
1239 case JVM_OPC_invokespecial:
1240 case JVM_OPC_invokestatic:
1241 case JVM_OPC_invokedynamic:
1242 case JVM_OPC_invokeinterface: {
1243 /* Make sure the constant pool item is the right type. */
1244 int key = (code[offset + 1] << 8) + code[offset + 2];
1245 const char *methodname;
1246 jclass cb = context->class;
1247 fullinfo_type clazz_info;
1248 int is_constructor, is_internal, is_invokedynamic;
1249 int kind = (opcode == JVM_OPC_invokeinterface
1250 ? 1 << JVM_CONSTANT_InterfaceMethodref
1251 : opcode == JVM_OPC_invokedynamic
1252 ? 1 << JVM_CONSTANT_NameAndType
1253 : 1 << JVM_CONSTANT_Methodref);
1254 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1255 /* Make sure the constant pool item is the right type. */
1256 verify_constant_pool_type(context, key, kind);
1257 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1258 check_and_push(context, methodname, VM_STRING_UTF);
1259 is_constructor = !strcmp(methodname, "<init>");
1260 is_internal = methodname[0] == '<';
1261 pop_and_free(context);
1262
1263 if (is_invokedynamic)
1264 clazz_info = context->object_info; // anything will do
1265 else
1266 clazz_info = cp_index_to_class_fullinfo(context, key,
1267 JVM_CONSTANT_Methodref);
1268 this_idata->operand.i = key;
1269 this_idata->operand2.fi = clazz_info;
1270 if (is_constructor) {
1271 if (opcode != JVM_OPC_invokespecial) {
1272 CCerror(context,
1273 "Must call initializers using invokespecial");
1274 }
1275 this_idata->opcode = JVM_OPC_invokeinit;
1276 } else {
1277 if (is_internal) {
1278 CCerror(context, "Illegal call to internal method");
1279 }
1280 if (opcode == JVM_OPC_invokespecial
1281 && clazz_info != context->currentclass_info
1282 && clazz_info != context->superclass_info) {
1283 int not_found = 1;
1284
1285 jclass super = (*env)->GetSuperclass(env, context->class);
1286 while(super != 0) {
1287 jclass tmp_cb;
1288 fullinfo_type new_info = make_class_info(context, super);
1289 if (clazz_info == new_info) {
1290 not_found = 0;
1291 break;
1292 }
1293 tmp_cb = (*env)->GetSuperclass(env, super);
1294 (*env)->DeleteLocalRef(env, super);
1295 super = tmp_cb;
1296 }
1297 (*env)->DeleteLocalRef(env, super);
1298
1299 /* The optimizer make cause this to happen on local code */
1300 if (not_found) {
1301 #ifdef BROKEN_JAVAC
1302 jobject loader = JVM_GetClassLoader(env, context->class);
1303 int has_loader = (loader != 0);
1304 (*env)->DeleteLocalRef(env, loader);
1305 if (has_loader)
1306 #endif /* BROKEN_JAVAC */
1307 CCerror(context,
1308 "Illegal use of nonvirtual function call");
1309 }
1310 }
1311 }
1312 if (opcode == JVM_OPC_invokeinterface) {
1313 unsigned int args1;
1314 unsigned int args2;
1315 const char *signature =
1316 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1317 check_and_push(context, signature, VM_STRING_UTF);
1318 args1 = signature_to_args_size(signature) + 1;
1319 args2 = code[offset + 3];
1320 if (args1 != args2) {
1321 CCerror(context,
1322 "Inconsistent args_size for invokeinterface");
1323 }
1324 if (code[offset + 4] != 0) {
1325 CCerror(context,
1326 "Fourth operand byte of invokeinterface must be zero");
1327 }
1328 pop_and_free(context);
1329 } else if (opcode == JVM_OPC_invokedynamic) {
1330 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1331 CCerror(context,
1332 "Third and fourth operand bytes of invokedynamic must be zero");
1333 }
1334 } else if (opcode == JVM_OPC_invokevirtual
1335 || opcode == JVM_OPC_invokespecial)
1336 set_protected(context, inumber, key, opcode);
1337 break;
1338 }
1339
1340
1341 case JVM_OPC_instanceof:
1342 case JVM_OPC_checkcast:
1343 case JVM_OPC_new:
1344 case JVM_OPC_anewarray:
1345 case JVM_OPC_multianewarray: {
1346 /* Make sure the constant pool item is a class */
1347 int key = (code[offset + 1] << 8) + code[offset + 2];
1348 fullinfo_type target;
1349 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1350 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1351 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1352 CCerror(context, "Illegal type");
1353 switch(opcode) {
1354 case JVM_OPC_anewarray:
1355 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1356 CCerror(context, "Array with too many dimensions");
1357 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1358 GET_INDIRECTION(target) + 1,
1359 GET_EXTRA_INFO(target));
1360 break;
1361 case JVM_OPC_new:
1362 if (WITH_ZERO_EXTRA_INFO(target) !=
1363 MAKE_FULLINFO(ITEM_Object, 0, 0))
1364 CCerror(context, "Illegal creation of multi-dimensional array");
1365 /* operand gets set to the "unitialized object". operand2 gets
1366 * set to what the value will be after it's initialized. */
1367 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1368 this_idata->operand2.fi = target;
1369 break;
1370 case JVM_OPC_multianewarray:
1371 this_idata->operand.fi = target;
1372 this_idata->operand2.i = code[offset + 3];
1373 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1374 || (this_idata->operand2.i == 0))
1375 CCerror(context, "Illegal dimension argument");
1376 break;
1377 default:
1378 this_idata->operand.fi = target;
1379 }
1380 break;
1381 }
1382
1383 case JVM_OPC_newarray: {
1384 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1385 fullinfo_type full_info;
1386 switch (code[offset + 1]) {
1387 case JVM_T_INT:
1388 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1389 case JVM_T_LONG:
1390 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1391 case JVM_T_FLOAT:
1392 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1393 case JVM_T_DOUBLE:
1394 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1395 case JVM_T_BYTE: case JVM_T_BOOLEAN:
1396 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1397 case JVM_T_CHAR:
1398 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1399 case JVM_T_SHORT:
1400 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1401 default:
1402 full_info = 0; /* Keep lint happy */
1403 CCerror(context, "Bad type passed to newarray");
1404 }
1405 this_idata->operand.fi = full_info;
1406 break;
1407 }
1408
1409 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1410 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1411 this_idata->opcode = JVM_OPC_iload;
1412 var = opcode - JVM_OPC_iload_0;
1413 goto check_local_variable;
1414
1415 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1416 this_idata->opcode = JVM_OPC_fload;
1417 var = opcode - JVM_OPC_fload_0;
1418 goto check_local_variable;
1419
1420 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1421 this_idata->opcode = JVM_OPC_aload;
1422 var = opcode - JVM_OPC_aload_0;
1423 goto check_local_variable;
1424
1425 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1426 this_idata->opcode = JVM_OPC_lload;
1427 var = opcode - JVM_OPC_lload_0;
1428 goto check_local_variable2;
1429
1430 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1431 this_idata->opcode = JVM_OPC_dload;
1432 var = opcode - JVM_OPC_dload_0;
1433 goto check_local_variable2;
1434
1435 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1436 this_idata->opcode = JVM_OPC_istore;
1437 var = opcode - JVM_OPC_istore_0;
1438 goto check_local_variable;
1439
1440 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1441 this_idata->opcode = JVM_OPC_fstore;
1442 var = opcode - JVM_OPC_fstore_0;
1443 goto check_local_variable;
1444
1445 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1446 this_idata->opcode = JVM_OPC_astore;
1447 var = opcode - JVM_OPC_astore_0;
1448 goto check_local_variable;
1449
1450 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1451 this_idata->opcode = JVM_OPC_lstore;
1452 var = opcode - JVM_OPC_lstore_0;
1453 goto check_local_variable2;
1454
1455 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1456 this_idata->opcode = JVM_OPC_dstore;
1457 var = opcode - JVM_OPC_dstore_0;
1458 goto check_local_variable2;
1459
1460 case JVM_OPC_wide:
1461 this_idata->opcode = code[offset + 1];
1462 var = (code[offset + 2] << 8) + code[offset + 3];
1463 switch(this_idata->opcode) {
1464 case JVM_OPC_lload: case JVM_OPC_dload:
1465 case JVM_OPC_lstore: case JVM_OPC_dstore:
1466 goto check_local_variable2;
1467 default:
1468 goto check_local_variable;
1469 }
1470
1471 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1472 case JVM_OPC_ret:
1473 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1474 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1475 var = code[offset + 1];
1476 check_local_variable:
1477 /* Make sure that the variable number isn't illegal. */
1478 this_idata->operand.i = var;
1479 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1480 CCerror(context, "Illegal local variable number");
1481 break;
1482
1483 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1484 var = code[offset + 1];
1485 check_local_variable2:
1486 /* Make sure that the variable number isn't illegal. */
1487 this_idata->operand.i = var;
1488 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1489 CCerror(context, "Illegal local variable number");
1490 break;
1491
1492 default:
1493 if (opcode > JVM_OPC_MAX)
1494 CCerror(context, "Quick instructions shouldn't appear yet.");
1495 break;
1496 } /* of switch */
1497 }
1498
1499
1500 static void
1501 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1502 {
1503 JNIEnv *env = context->env;
1504 fullinfo_type clazz_info;
1505 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1506 clazz_info = cp_index_to_class_fullinfo(context, key,
1507 JVM_CONSTANT_Fieldref);
1508 } else {
1509 clazz_info = cp_index_to_class_fullinfo(context, key,
1510 JVM_CONSTANT_Methodref);
1511 }
1512 if (is_superclass(context, clazz_info)) {
1513 jclass calledClass =
1514 object_fullinfo_to_classclass(context, clazz_info);
1515 int access;
1516 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1517 searches the referenced field or method in calledClass. The following
1518 while loop is added to search up the superclass chain to make this
1519 symbolic resolution consistent with the field/method resolution
1520 specified in VM spec 5.4.3. */
1521 calledClass = (*env)->NewLocalRef(env, calledClass);
1522 do {
1523 jclass tmp_cb;
1524 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1525 access = JVM_GetCPFieldModifiers
1526 (env, context->class, key, calledClass);
1527 } else {
1528 access = JVM_GetCPMethodModifiers
1529 (env, context->class, key, calledClass);
1530 }
1531 if (access != -1) {
1532 break;
1533 }
1534 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1535 (*env)->DeleteLocalRef(env, calledClass);
1536 calledClass = tmp_cb;
1537 } while (calledClass != 0);
1538
1539 if (access == -1) {
1540 /* field/method not found, detected at runtime. */
1541 } else if (access & JVM_ACC_PROTECTED) {
1542 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1543 context->instruction_data[inumber].protected = JNI_TRUE;
1544 }
1545 (*env)->DeleteLocalRef(env, calledClass);
1546 }
1547 }
1548
1549
1550 static jboolean
1551 is_superclass(context_type *context, fullinfo_type clazz_info) {
1552 fullinfo_type *fptr = context->superclasses;
1553
1554 if (fptr == 0)
1555 return JNI_FALSE;
1556 for (; *fptr != 0; fptr++) {
1557 if (*fptr == clazz_info)
1558 return JNI_TRUE;
1559 }
1560 return JNI_FALSE;
1561 }
1562
1563
1564 /* Look through each item on the exception table. Each of the fields must
1565 * refer to a legal instruction.
1566 */
1567 static void
1568 initialize_exception_table(context_type *context)
1569 {
1570 JNIEnv *env = context->env;
1571 int mi = context->method_index;
1572 struct handler_info_type *handler_info = context->handler_info;
1573 int *code_data = context->code_data;
1574 int code_length = context->code_length;
1575 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1576 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1577 if (max_stack_size < 1 && i > 0) {
1578 // If the method contains exception handlers, it must have room
1579 // on the expression stack for the exception that the VM could push
1580 CCerror(context, "Stack size too large");
1581 }
1582 for (; --i >= 0; handler_info++) {
1583 JVM_ExceptionTableEntryType einfo;
1584 stack_item_type *stack_item = NEW(stack_item_type, 1);
1585
1586 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1587 i, &einfo);
1588
1589 if (!(einfo.start_pc < einfo.end_pc &&
1590 einfo.start_pc >= 0 &&
1591 isLegalTarget(context, einfo.start_pc) &&
1592 (einfo.end_pc == code_length ||
1593 isLegalTarget(context, einfo.end_pc)))) {
1594 CFerror(context, "Illegal exception table range");
1595 }
1596 if (!((einfo.handler_pc > 0) &&
1597 isLegalTarget(context, einfo.handler_pc))) {
1598 CFerror(context, "Illegal exception table handler");
1599 }
1600
1601 handler_info->start = code_data[einfo.start_pc];
1602 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1603 handler_info->end = (einfo.end_pc == context->code_length) ?
1604 context->instruction_count : code_data[einfo.end_pc];
1605 handler_info->handler = code_data[einfo.handler_pc];
1606 handler_info->stack_info.stack = stack_item;
1607 handler_info->stack_info.stack_size = 1;
1608 stack_item->next = NULL;
1609 if (einfo.catchType != 0) {
1610 const char *classname;
1611 /* Constant pool entry type has been checked in format checker */
1612 classname = JVM_GetCPClassNameUTF(env,
1613 context->class,
1614 einfo.catchType);
1615 check_and_push(context, classname, VM_STRING_UTF);
1616 stack_item->item = make_class_info_from_name(context, classname);
1617 if (!isAssignableTo(context,
1618 stack_item->item,
1619 context->throwable_info))
1620 CCerror(context, "catch_type not a subclass of Throwable");
1621 pop_and_free(context);
1622 } else {
1623 stack_item->item = context->throwable_info;
1624 }
1625 }
1626 }
1627
1628
1629 /* Given a pointer to an instruction, return its length. Use the table
1630 * opcode_length[] which is automatically built.
1631 */
1632 static int instruction_length(unsigned char *iptr, unsigned char *end)
1633 {
1634 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1635 int instruction = *iptr;
1636 switch (instruction) {
1637 case JVM_OPC_tableswitch: {
1638 int *lpc = (int *)UCALIGN(iptr + 1);
1639 int index;
1640 if (lpc + 2 >= (int *)end) {
1641 return -1; /* do not read pass the end */
1642 }
1643 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1644 if ((index < 0) || (index > 65535)) {
1645 return -1; /* illegal */
1646 } else {
1647 return (unsigned char *)(&lpc[index + 4]) - iptr;
1648 }
1649 }
1650
1651 case JVM_OPC_lookupswitch: {
1652 int *lpc = (int *) UCALIGN(iptr + 1);
1653 int npairs;
1654 if (lpc + 1 >= (int *)end)
1655 return -1; /* do not read pass the end */
1656 npairs = _ck_ntohl(lpc[1]);
1657 /* There can't be more than 64K labels because of the limit
1658 * on per-method byte code length.
1659 */
1660 if (npairs < 0 || npairs >= 65536)
1661 return -1;
1662 else
1663 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1664 }
1665
1666 case JVM_OPC_wide:
1667 if (iptr + 1 >= end)
1668 return -1; /* do not read pass the end */
1669 switch(iptr[1]) {
1670 case JVM_OPC_ret:
1671 case JVM_OPC_iload: case JVM_OPC_istore:
1672 case JVM_OPC_fload: case JVM_OPC_fstore:
1673 case JVM_OPC_aload: case JVM_OPC_astore:
1674 case JVM_OPC_lload: case JVM_OPC_lstore:
1675 case JVM_OPC_dload: case JVM_OPC_dstore:
1676 return 4;
1677 case JVM_OPC_iinc:
1678 return 6;
1679 default:
1680 return -1;
1681 }
1682
1683 default: {
1684 /* A length of 0 indicates an error. */
1685 int length = opcode_length[instruction];
1686 return (length <= 0) ? -1 : length;
1687 }
1688 }
1689 }
1690
1691
1692 /* Given the target of a branch, make sure that it's a legal target. */
1693 static jboolean
1694 isLegalTarget(context_type *context, int offset)
1695 {
1696 int code_length = context->code_length;
1697 int *code_data = context->code_data;
1698 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1699 }
1700
1701
1702 /* Make sure that an element of the constant pool really is of the indicated
1703 * type.
1704 */
1705 static void
1706 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1707 {
1708 int nconstants = context->nconstants;
1709 unsigned char *type_table = context->constant_types;
1710 unsigned type;
1711
1712 if ((index <= 0) || (index >= nconstants))
1713 CCerror(context, "Illegal constant pool index");
1714
1715 type = type_table[index];
1716 if ((mask & (1 << type)) == 0)
1717 CCerror(context, "Illegal type in constant pool");
1718 }
1719
1720
1721 static void
1722 initialize_dataflow(context_type *context)
1723 {
1724 JNIEnv *env = context->env;
1725 instruction_data_type *idata = context->instruction_data;
1726 int mi = context->method_index;
1727 jclass cb = context->class;
1728 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1729 fullinfo_type *reg_ptr;
1730 fullinfo_type full_info;
1731 const char *p;
1732 const char *signature;
1733
1734 /* Initialize the function entry, since we know everything about it. */
1735 idata[0].stack_info.stack_size = 0;
1736 idata[0].stack_info.stack = NULL;
1737 idata[0].register_info.register_count = args_size;
1738 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1739 idata[0].register_info.mask_count = 0;
1740 idata[0].register_info.masks = NULL;
1741 idata[0].and_flags = 0; /* nothing needed */
1742 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1743 reg_ptr = idata[0].register_info.registers;
1744
1745 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1746 /* A non static method. If this is an <init> method, the first
1747 * argument is an uninitialized object. Otherwise it is an object of
1748 * the given class type. java.lang.Object.<init> is special since
1749 * we don't call its superclass <init> method.
1750 */
1751 if (JVM_IsConstructorIx(env, cb, mi)
1752 && context->currentclass_info != context->object_info) {
1753 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1754 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1755 } else {
1756 *reg_ptr++ = context->currentclass_info;
1757 }
1758 }
1759 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1760 check_and_push(context, signature, VM_STRING_UTF);
1761 /* Fill in each of the arguments into the registers. */
1762 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1763 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1764 switch (fieldchar) {
1765 case 'D': case 'L':
1766 *reg_ptr++ = full_info;
1767 *reg_ptr++ = full_info + 1;
1768 break;
1769 default:
1770 *reg_ptr++ = full_info;
1771 break;
1772 }
1773 }
1774 p++; /* skip over right parenthesis */
1775 if (*p == 'V') {
1776 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1777 } else {
1778 signature_to_fieldtype(context, &p, &full_info);
1779 context->return_type = full_info;
1780 }
1781 pop_and_free(context);
1782 /* Indicate that we need to look at the first instruction. */
1783 idata[0].changed = JNI_TRUE;
1784 }
1785
1786
1787 /* Run the data flow analysis, as long as there are things to change. */
1788 static void
1789 run_dataflow(context_type *context) {
1790 JNIEnv *env = context->env;
1791 int mi = context->method_index;
1792 jclass cb = context->class;
1793 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1794 instruction_data_type *idata = context->instruction_data;
1795 unsigned int icount = context->instruction_count;
1796 jboolean work_to_do = JNI_TRUE;
1797 unsigned int inumber;
1798
1799 /* Run through the loop, until there is nothing left to do. */
1800 while (work_to_do) {
1801 work_to_do = JNI_FALSE;
1802 for (inumber = 0; inumber < icount; inumber++) {
1803 instruction_data_type *this_idata = &idata[inumber];
1804 if (this_idata->changed) {
1805 register_info_type new_register_info;
1806 stack_info_type new_stack_info;
1807 flag_type new_and_flags, new_or_flags;
1808
1809 this_idata->changed = JNI_FALSE;
1810 work_to_do = JNI_TRUE;
1811 #ifdef DEBUG
1812 if (verify_verbose) {
1813 int opcode = this_idata->opcode;
1814 jio_fprintf(stdout, "Instruction %d: ", inumber);
1815 print_stack(context, &this_idata->stack_info);
1816 print_registers(context, &this_idata->register_info);
1817 print_flags(context,
1818 this_idata->and_flags, this_idata->or_flags);
1819 fflush(stdout);
1820 }
1821 #endif
1822 /* Make sure the registers and flags are appropriate */
1823 check_register_values(context, inumber);
1824 check_flags(context, inumber);
1825
1826 /* Make sure the stack can deal with this instruction */
1827 pop_stack(context, inumber, &new_stack_info);
1828
1829 /* Update the registers and flags */
1830 update_registers(context, inumber, &new_register_info);
1831 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1832
1833 /* Update the stack. */
1834 push_stack(context, inumber, &new_stack_info);
1835
1836 if (new_stack_info.stack_size > max_stack_size)
1837 CCerror(context, "Stack size too large");
1838 #ifdef DEBUG
1839 if (verify_verbose) {
1840 jio_fprintf(stdout, " ");
1841 print_stack(context, &new_stack_info);
1842 print_registers(context, &new_register_info);
1843 print_flags(context, new_and_flags, new_or_flags);
1844 fflush(stdout);
1845 }
1846 #endif
1847 /* Add the new stack and register information to any
1848 * instructions that can follow this instruction. */
1849 merge_into_successors(context, inumber,
1850 &new_register_info, &new_stack_info,
1851 new_and_flags, new_or_flags);
1852 }
1853 }
1854 }
1855 }
1856
1857
1858 /* Make sure that the registers contain a legitimate value for the given
1859 * instruction.
1860 */
1861
1862 static void
1863 check_register_values(context_type *context, unsigned int inumber)
1864 {
1865 instruction_data_type *idata = context->instruction_data;
1866 instruction_data_type *this_idata = &idata[inumber];
1867 int opcode = this_idata->opcode;
1868 int operand = this_idata->operand.i;
1869 int register_count = this_idata->register_info.register_count;
1870 fullinfo_type *registers = this_idata->register_info.registers;
1871 jboolean double_word = JNI_FALSE; /* default value */
1872 int type;
1873
1874 switch (opcode) {
1875 default:
1876 return;
1877 case JVM_OPC_iload: case JVM_OPC_iinc:
1878 type = ITEM_Integer; break;
1879 case JVM_OPC_fload:
1880 type = ITEM_Float; break;
1881 case JVM_OPC_aload:
1882 type = ITEM_Object; break;
1883 case JVM_OPC_ret:
1884 type = ITEM_ReturnAddress; break;
1885 case JVM_OPC_lload:
1886 type = ITEM_Long; double_word = JNI_TRUE; break;
1887 case JVM_OPC_dload:
1888 type = ITEM_Double; double_word = JNI_TRUE; break;
1889 }
1890 if (!double_word) {
1891 fullinfo_type reg;
1892 /* Make sure we don't have an illegal register or one with wrong type */
1893 if (operand >= register_count) {
1894 CCerror(context,
1895 "Accessing value from uninitialized register %d", operand);
1896 }
1897 reg = registers[operand];
1898
1899 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1900 /* the register is obviously of the given type */
1901 return;
1902 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1903 /* address type stuff be used on all arrays */
1904 return;
1905 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1906 CCerror(context, "Cannot load return address from register %d",
1907 operand);
1908 /* alternatively
1909 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1910 && (opcode == JVM_OPC_iload)
1911 && (type == ITEM_Object || type == ITEM_Integer)
1912 but this never occurs
1913 */
1914 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1915 return;
1916 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1917 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1918 type == ITEM_Object) {
1919 return;
1920 } else {
1921 CCerror(context, "Register %d contains wrong type", operand);
1922 }
1923 } else {
1924 /* Make sure we don't have an illegal register or one with wrong type */
1925 if ((operand + 1) >= register_count) {
1926 CCerror(context,
1927 "Accessing value from uninitialized register pair %d/%d",
1928 operand, operand+1);
1929 } else {
1930 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1931 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1932 return;
1933 } else {
1934 CCerror(context, "Register pair %d/%d contains wrong type",
1935 operand, operand+1);
1936 }
1937 }
1938 }
1939 }
1940
1941
1942 /* Make sure the flags contain legitimate values for this instruction.
1943 */
1944
1945 static void
1946 check_flags(context_type *context, unsigned int inumber)
1947 {
1948 instruction_data_type *idata = context->instruction_data;
1949 instruction_data_type *this_idata = &idata[inumber];
1950 int opcode = this_idata->opcode;
1951 switch (opcode) {
1952 case JVM_OPC_return:
1953 /* We need a constructor, but we aren't guaranteed it's called */
1954 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
1955 !(this_idata->and_flags & FLAG_CONSTRUCTED))
1956 CCerror(context, "Constructor must call super() or this()");
1957 /* fall through */
1958 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
1959 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
1960 if (this_idata->or_flags & FLAG_NO_RETURN)
1961 /* This method cannot exit normally */
1962 CCerror(context, "Cannot return normally");
1963 default:
1964 break; /* nothing to do. */
1965 }
1966 }
1967
1968 /* Make sure that the top of the stack contains reasonable values for the
1969 * given instruction. The post-pop values of the stack and its size are
1970 * returned in *new_stack_info.
1971 */
1972
1973 static void
1974 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
1975 {
1976 instruction_data_type *idata = context->instruction_data;
1977 instruction_data_type *this_idata = &idata[inumber];
1978 int opcode = this_idata->opcode;
1979 stack_item_type *stack = this_idata->stack_info.stack;
1980 int stack_size = this_idata->stack_info.stack_size;
1981 char *stack_operands, *p;
1982 char buffer[257]; /* for holding manufactured argument lists */
1983 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
1984 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
1985 fullinfo_type full_info; /* only used in case of invoke instructions */
1986 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
1987
1988 switch(opcode) {
1989 default:
1990 /* For most instructions, we just use a built-in table */
1991 stack_operands = opcode_in_out[opcode][0];
1992 break;
1993
1994 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
1995 /* The top thing on the stack depends on the signature of
1996 * the object. */
1997 int operand = this_idata->operand.i;
1998 const char *signature =
1999 JVM_GetCPFieldSignatureUTF(context->env,
2000 context->class,
2001 operand);
2002 char *ip = buffer;
2003 check_and_push(context, signature, VM_STRING_UTF);
2004 #ifdef DEBUG
2005 if (verify_verbose) {
2006 print_formatted_fieldname(context, operand);
2007 }
2008 #endif
2009 if (opcode == JVM_OPC_putfield)
2010 *ip++ = 'A'; /* object for putfield */
2011 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2012 *ip = '\0';
2013 stack_operands = buffer;
2014 pop_and_free(context);
2015 break;
2016 }
2017
2018 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2019 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2020 case JVM_OPC_invokedynamic:
2021 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2022 /* The top stuff on the stack depends on the method signature */
2023 int operand = this_idata->operand.i;
2024 const char *signature =
2025 JVM_GetCPMethodSignatureUTF(context->env,
2026 context->class,
2027 operand);
2028 char *ip = buffer;
2029 const char *p;
2030 check_and_push(context, signature, VM_STRING_UTF);
2031 #ifdef DEBUG
2032 if (verify_verbose) {
2033 print_formatted_methodname(context, operand);
2034 }
2035 #endif
2036 if (opcode != JVM_OPC_invokestatic &&
2037 opcode != JVM_OPC_invokedynamic)
2038 /* First, push the object */
2039 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2040 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2041 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2042 if (ip >= buffer + sizeof(buffer) - 1)
2043 CCerror(context, "Signature %s has too many arguments",
2044 signature);
2045 }
2046 *ip = 0;
2047 stack_operands = buffer;
2048 pop_and_free(context);
2049 break;
2050 }
2051
2052 case JVM_OPC_multianewarray: {
2053 /* Count can't be larger than 255. So can't overflow buffer */
2054 int count = this_idata->operand2.i; /* number of ints on stack */
2055 memset(buffer, 'I', count);
2056 buffer[count] = '\0';
2057 stack_operands = buffer;
2058 break;
2059 }
2060
2061 } /* of switch */
2062
2063 /* Run through the list of operands >>backwards<< */
2064 for ( p = stack_operands + strlen(stack_operands);
2065 p > stack_operands;
2066 stack = stack->next) {
2067 int type = *--p;
2068 fullinfo_type top_type = stack ? stack->item : 0;
2069 int size = (type == 'D' || type == 'L') ? 2 : 1;
2070 *--stack_extra_info = top_type;
2071 if (stack == NULL)
2072 CCerror(context, "Unable to pop operand off an empty stack");
2073
2074 switch (type) {
2075 case 'I':
2076 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2077 CCerror(context, "Expecting to find integer on stack");
2078 break;
2079
2080 case 'F':
2081 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2082 CCerror(context, "Expecting to find float on stack");
2083 break;
2084
2085 case 'A': /* object or array */
2086 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2087 && (GET_INDIRECTION(top_type) == 0)) {
2088 /* The thing isn't an object or an array. Let's see if it's
2089 * one of the special cases */
2090 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2091 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2092 && (opcode == JVM_OPC_astore))
2093 break;
2094 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2095 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2096 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2097 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2098 break;
2099 /* The 2nd edition VM of the specification allows field
2100 * initializations before the superclass initializer,
2101 * if the field is defined within the current class.
2102 */
2103 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2104 && (opcode == JVM_OPC_putfield)) {
2105 int operand = this_idata->operand.i;
2106 int access_bits = JVM_GetCPFieldModifiers(context->env,
2107 context->class,
2108 operand,
2109 context->class);
2110 /* Note: This relies on the fact that
2111 * JVM_GetCPFieldModifiers retrieves only local fields,
2112 * and does not respect inheritance.
2113 */
2114 if (access_bits != -1) {
2115 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2116 context->currentclass_info ) {
2117 top_type = context->currentclass_info;
2118 *stack_extra_info = top_type;
2119 break;
2120 }
2121 }
2122 }
2123 CCerror(context, "Expecting to find object/array on stack");
2124 }
2125 break;
2126
2127 case '@': { /* unitialized object, for call to <init> */
2128 int item_type = GET_ITEM_TYPE(top_type);
2129 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2130 CCerror(context,
2131 "Expecting to find unitialized object on stack");
2132 break;
2133 }
2134
2135 case 'O': /* object, not array */
2136 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2137 MAKE_FULLINFO(ITEM_Object, 0, 0))
2138 CCerror(context, "Expecting to find object on stack");
2139 break;
2140
2141 case 'a': /* integer, object, or array */
2142 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2143 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2144 && (GET_INDIRECTION(top_type) == 0))
2145 CCerror(context,
2146 "Expecting to find object, array, or int on stack");
2147 break;
2148
2149 case 'D': /* double */
2150 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2151 CCerror(context, "Expecting to find double on stack");
2152 break;
2153
2154 case 'L': /* long */
2155 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2156 CCerror(context, "Expecting to find long on stack");
2157 break;
2158
2159 case ']': /* array of some type */
2160 if (top_type == NULL_FULLINFO) {
2161 /* do nothing */
2162 } else switch(p[-1]) {
2163 case 'I': /* array of integers */
2164 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2165 top_type != NULL_FULLINFO)
2166 CCerror(context,
2167 "Expecting to find array of ints on stack");
2168 break;
2169
2170 case 'L': /* array of longs */
2171 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2172 CCerror(context,
2173 "Expecting to find array of longs on stack");
2174 break;
2175
2176 case 'F': /* array of floats */
2177 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2178 CCerror(context,
2179 "Expecting to find array of floats on stack");
2180 break;
2181
2182 case 'D': /* array of doubles */
2183 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2184 CCerror(context,
2185 "Expecting to find array of doubles on stack");
2186 break;
2187
2188 case 'A': { /* array of addresses (arrays or objects) */
2189 int indirection = GET_INDIRECTION(top_type);
2190 if ((indirection == 0) ||
2191 ((indirection == 1) &&
2192 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2193 CCerror(context,
2194 "Expecting to find array of objects or arrays "
2195 "on stack");
2196 break;
2197 }
2198
2199 case 'B': /* array of bytes */
2200 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0))
2201 CCerror(context,
2202 "Expecting to find array of bytes on stack");
2203 break;
2204
2205 case 'C': /* array of characters */
2206 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2207 CCerror(context,
2208 "Expecting to find array of chars on stack");
2209 break;
2210
2211 case 'S': /* array of shorts */
2212 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2213 CCerror(context,
2214 "Expecting to find array of shorts on stack");
2215 break;
2216
2217 case '?': /* any type of array is okay */
2218 if (GET_INDIRECTION(top_type) == 0)
2219 CCerror(context,
2220 "Expecting to find array on stack");
2221 break;
2222
2223 default:
2224 CCerror(context, "Internal error #1");
2225 break;
2226 }
2227 p -= 2; /* skip over [ <char> */
2228 break;
2229
2230 case '1': case '2': case '3': case '4': /* stack swapping */
2231 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2232 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2233 if ((p > stack_operands) && (p[-1] == '+')) {
2234 context->swap_table[type - '1'] = top_type + 1;
2235 context->swap_table[p[-2] - '1'] = top_type;
2236 size = 2;
2237 p -= 2;
2238 } else {
2239 CCerror(context,
2240 "Attempt to split long or double on the stack");
2241 }
2242 } else {
2243 context->swap_table[type - '1'] = stack->item;
2244 if ((p > stack_operands) && (p[-1] == '+'))
2245 p--; /* ignore */
2246 }
2247 break;
2248 case '+': /* these should have been caught. */
2249 default:
2250 CCerror(context, "Internal error #2");
2251 }
2252 stack_size -= size;
2253 }
2254
2255 /* For many of the opcodes that had an "A" in their field, we really
2256 * need to go back and do a little bit more accurate testing. We can, of
2257 * course, assume that the minimal type checking has already been done.
2258 */
2259 switch (opcode) {
2260 default: break;
2261 case JVM_OPC_aastore: { /* array index object */
2262 fullinfo_type array_type = stack_extra_info[0];
2263 fullinfo_type object_type = stack_extra_info[2];
2264 fullinfo_type target_type = decrement_indirection(array_type);
2265 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2266 && (GET_INDIRECTION(object_type) == 0)) {
2267 CCerror(context, "Expecting reference type on operand stack in aastore");
2268 }
2269 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2270 && (GET_INDIRECTION(target_type) == 0)) {
2271 CCerror(context, "Component type of the array must be reference type in aastore");
2272 }
2273 break;
2274 }
2275
2276 case JVM_OPC_putfield:
2277 case JVM_OPC_getfield:
2278 case JVM_OPC_putstatic: {
2279 int operand = this_idata->operand.i;
2280 fullinfo_type stack_object = stack_extra_info[0];
2281 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2282 if (!isAssignableTo
2283 (context,
2284 stack_object,
2285 cp_index_to_class_fullinfo
2286 (context, operand, JVM_CONSTANT_Fieldref))) {
2287 CCerror(context,
2288 "Incompatible type for getting or setting field");
2289 }
2290 if (this_idata->protected &&
2291 !isAssignableTo(context, stack_object,
2292 context->currentclass_info)) {
2293 CCerror(context, "Bad access to protected data");
2294 }
2295 }
2296 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2297 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2298 if (!isAssignableTo(context,
2299 stack_extra_info[item], put_full_info)) {
2300 CCerror(context, "Bad type in putfield/putstatic");
2301 }
2302 }
2303 break;
2304 }
2305
2306 case JVM_OPC_athrow:
2307 if (!isAssignableTo(context, stack_extra_info[0],
2308 context->throwable_info)) {
2309 CCerror(context, "Can only throw Throwable objects");
2310 }
2311 break;
2312
2313 case JVM_OPC_aaload: { /* array index */
2314 /* We need to pass the information to the stack updater */
2315 fullinfo_type array_type = stack_extra_info[0];
2316 context->swap_table[0] = decrement_indirection(array_type);
2317 break;
2318 }
2319
2320 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2321 case JVM_OPC_invokeinit:
2322 case JVM_OPC_invokedynamic:
2323 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2324 int operand = this_idata->operand.i;
2325 const char *signature =
2326 JVM_GetCPMethodSignatureUTF(context->env,
2327 context->class,
2328 operand);
2329 int item;
2330 const char *p;
2331 check_and_push(context, signature, VM_STRING_UTF);
2332 if (opcode == JVM_OPC_invokestatic ||
2333 opcode == JVM_OPC_invokedynamic) {
2334 item = 0;
2335 } else if (opcode == JVM_OPC_invokeinit) {
2336 fullinfo_type init_type = this_idata->operand2.fi;
2337 fullinfo_type object_type = stack_extra_info[0];
2338 context->swap_table[0] = object_type; /* save value */
2339 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2340 /* We better be calling the appropriate init. Find the
2341 * inumber of the "JVM_OPC_new" instruction", and figure
2342 * out what the type really is.
2343 */
2344 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2345 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2346 context->swap_table[1] = target_type;
2347
2348 if (target_type != init_type) {
2349 CCerror(context, "Call to wrong initialization method");
2350 }
2351 if (this_idata->protected
2352 && context->major_version > LDC_CLASS_MAJOR_VERSION
2353 && !isAssignableTo(context, object_type,
2354 context->currentclass_info)) {
2355 CCerror(context, "Bad access to protected data");
2356 }
2357 } else {
2358 /* We better be calling super() or this(). */
2359 if (init_type != context->superclass_info &&
2360 init_type != context->currentclass_info) {
2361 CCerror(context, "Call to wrong initialization method");
2362 }
2363 context->swap_table[1] = context->currentclass_info;
2364 }
2365 item = 1;
2366 } else {
2367 fullinfo_type target_type = this_idata->operand2.fi;
2368 fullinfo_type object_type = stack_extra_info[0];
2369 if (!isAssignableTo(context, object_type, target_type)){
2370 CCerror(context,
2371 "Incompatible object argument for function call");
2372 }
2373 if (opcode == JVM_OPC_invokespecial
2374 && !isAssignableTo(context, object_type,
2375 context->currentclass_info)) {
2376 /* Make sure object argument is assignment compatible to current class */
2377 CCerror(context,
2378 "Incompatible object argument for invokespecial");
2379 }
2380 if (this_idata->protected
2381 && !isAssignableTo(context, object_type,
2382 context->currentclass_info)) {
2383 /* This is ugly. Special dispensation. Arrays pretend to
2384 implement public Object clone() even though they don't */
2385 const char *utfName =
2386 JVM_GetCPMethodNameUTF(context->env,
2387 context->class,
2388 this_idata->operand.i);
2389 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2390 JVM_ReleaseUTF(utfName);
2391
2392 if ((target_type == context->object_info) &&
2393 (GET_INDIRECTION(object_type) > 0) &&
2394 is_clone) {
2395 } else {
2396 CCerror(context, "Bad access to protected data");
2397 }
2398 }
2399 item = 1;
2400 }
2401 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2402 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2403 if (!isAssignableTo(context,
2404 stack_extra_info[item], full_info)) {
2405 CCerror(context, "Incompatible argument to function");
2406 }
2407 }
2408
2409 pop_and_free(context);
2410 break;
2411 }
2412
2413 case JVM_OPC_return:
2414 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2415 CCerror(context, "Wrong return type in function");
2416 break;
2417
2418 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2419 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2420 fullinfo_type target_type = context->return_type;
2421 fullinfo_type object_type = stack_extra_info[0];
2422 if (!isAssignableTo(context, object_type, target_type)) {
2423 CCerror(context, "Wrong return type in function");
2424 }
2425 break;
2426 }
2427
2428 case JVM_OPC_new: {
2429 /* Make sure that nothing on the stack already looks like what
2430 * we want to create. I can't image how this could possibly happen
2431 * but we should test for it anyway, since if it could happen, the
2432 * result would be an unitialized object being able to masquerade
2433 * as an initialized one.
2434 */
2435 stack_item_type *item;
2436 for (item = stack; item != NULL; item = item->next) {
2437 if (item->item == this_idata->operand.fi) {
2438 CCerror(context,
2439 "Uninitialized object on stack at creating point");
2440 }
2441 }
2442 /* Info for update_registers */
2443 context->swap_table[0] = this_idata->operand.fi;
2444 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2445
2446 break;
2447 }
2448 }
2449 new_stack_info->stack = stack;
2450 new_stack_info->stack_size = stack_size;
2451 }
2452
2453
2454 /* We've already determined that the instruction is legal. Perform the
2455 * operation on the registers, and return the updated results in
2456 * new_register_count_p and new_registers.
2457 */
2458
2459 static void
2460 update_registers(context_type *context, unsigned int inumber,
2461 register_info_type *new_register_info)
2462 {
2463 instruction_data_type *idata = context->instruction_data;
2464 instruction_data_type *this_idata = &idata[inumber];
2465 int opcode = this_idata->opcode;
2466 int operand = this_idata->operand.i;
2467 int register_count = this_idata->register_info.register_count;
2468 fullinfo_type *registers = this_idata->register_info.registers;
2469 stack_item_type *stack = this_idata->stack_info.stack;
2470 int mask_count = this_idata->register_info.mask_count;
2471 mask_type *masks = this_idata->register_info.masks;
2472
2473 /* Use these as default new values. */
2474 int new_register_count = register_count;
2475 int new_mask_count = mask_count;
2476 fullinfo_type *new_registers = registers;
2477 mask_type *new_masks = masks;
2478
2479 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2480 int i;
2481
2482 /* Remember, we've already verified the type at the top of the stack. */
2483 switch (opcode) {
2484 default: break;
2485 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2486 access = ACCESS_SINGLE;
2487 goto continue_store;
2488
2489 case JVM_OPC_lstore: case JVM_OPC_dstore:
2490 access = ACCESS_DOUBLE;
2491 goto continue_store;
2492
2493 continue_store: {
2494 /* We have a modification to the registers. Copy them if needed. */
2495 fullinfo_type stack_top_type = stack->item;
2496 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2497
2498 if ( max_operand < register_count
2499 && registers[operand] == stack_top_type
2500 && ((access == ACCESS_SINGLE) ||
2501 (registers[operand + 1]== stack_top_type + 1)))
2502 /* No changes have been made to the registers. */
2503 break;
2504 new_register_count = MAX(max_operand + 1, register_count);
2505 new_registers = NEW(fullinfo_type, new_register_count);
2506 for (i = 0; i < register_count; i++)
2507 new_registers[i] = registers[i];
2508 for (i = register_count; i < new_register_count; i++)
2509 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2510 new_registers[operand] = stack_top_type;
2511 if (access == ACCESS_DOUBLE)
2512 new_registers[operand + 1] = stack_top_type + 1;
2513 break;
2514 }
2515
2516 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2517 case JVM_OPC_iinc: case JVM_OPC_ret:
2518 access = ACCESS_SINGLE;
2519 break;
2520
2521 case JVM_OPC_lload: case JVM_OPC_dload:
2522 access = ACCESS_DOUBLE;
2523 break;
2524
2525 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2526 for (i = 0; i < new_mask_count; i++)
2527 if (new_masks[i].entry == operand)
2528 CCerror(context, "Recursive call to jsr entry");
2529 new_masks = add_to_masks(context, masks, mask_count, operand);
2530 new_mask_count++;
2531 break;
2532
2533 case JVM_OPC_invokeinit:
2534 case JVM_OPC_new: {
2535 /* For invokeinit, an uninitialized object has been initialized.
2536 * For new, all previous occurrences of an uninitialized object
2537 * from the same instruction must be made bogus.
2538 * We find all occurrences of swap_table[0] in the registers, and
2539 * replace them with swap_table[1];
2540 */
2541 fullinfo_type from = context->swap_table[0];
2542 fullinfo_type to = context->swap_table[1];
2543
2544 int i;
2545 for (i = 0; i < register_count; i++) {
2546 if (new_registers[i] == from) {
2547 /* Found a match */
2548 break;
2549 }
2550 }
2551 if (i < register_count) { /* We broke out loop for match */
2552 /* We have to change registers, and possibly a mask */
2553 jboolean copied_mask = JNI_FALSE;
2554 int k;
2555 new_registers = NEW(fullinfo_type, register_count);
2556 memcpy(new_registers, registers,
2557 register_count * sizeof(registers[0]));
2558 for ( ; i < register_count; i++) {
2559 if (new_registers[i] == from) {
2560 new_registers[i] = to;
2561 for (k = 0; k < new_mask_count; k++) {
2562 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2563 if (!copied_mask) {
2564 new_masks = copy_masks(context, new_masks,
2565 mask_count);
2566 copied_mask = JNI_TRUE;
2567 }
2568 SET_BIT(new_masks[k].modifies, i);
2569 }
2570 }
2571 }
2572 }
2573 }
2574 break;
2575 }
2576 } /* of switch */
2577
2578 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2579 int i, j;
2580 for (i = 0; i < new_mask_count; i++) {
2581 int *mask = new_masks[i].modifies;
2582 if ((!IS_BIT_SET(mask, operand)) ||
2583 ((access == ACCESS_DOUBLE) &&
2584 !IS_BIT_SET(mask, operand + 1))) {
2585 new_masks = copy_masks(context, new_masks, mask_count);
2586 for (j = i; j < new_mask_count; j++) {
2587 SET_BIT(new_masks[j].modifies, operand);
2588 if (access == ACCESS_DOUBLE)
2589 SET_BIT(new_masks[j].modifies, operand + 1);
2590 }
2591 break;
2592 }
2593 }
2594 }
2595
2596 new_register_info->register_count = new_register_count;
2597 new_register_info->registers = new_registers;
2598 new_register_info->masks = new_masks;
2599 new_register_info->mask_count = new_mask_count;
2600 }
2601
2602
2603
2604 /* We've already determined that the instruction is legal, and have updated
2605 * the registers. Update the flags, too.
2606 */
2607
2608
2609 static void
2610 update_flags(context_type *context, unsigned int inumber,
2611 flag_type *new_and_flags, flag_type *new_or_flags)
2612
2613 {
2614 instruction_data_type *idata = context->instruction_data;
2615 instruction_data_type *this_idata = &idata[inumber];
2616 flag_type and_flags = this_idata->and_flags;
2617 flag_type or_flags = this_idata->or_flags;
2618
2619 /* Set the "we've done a constructor" flag */
2620 if (this_idata->opcode == JVM_OPC_invokeinit) {
2621 fullinfo_type from = context->swap_table[0];
2622 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2623 and_flags |= FLAG_CONSTRUCTED;
2624 }
2625 *new_and_flags = and_flags;
2626 *new_or_flags = or_flags;
2627 }
2628
2629
2630
2631 /* We've already determined that the instruction is legal. Perform the
2632 * operation on the stack;
2633 *
2634 * new_stack_size_p and new_stack_p point to the results after the pops have
2635 * already been done. Do the pushes, and then put the results back there.
2636 */
2637
2638 static void
2639 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2640 {
2641 instruction_data_type *idata = context->instruction_data;
2642 instruction_data_type *this_idata = &idata[inumber];
2643 int opcode = this_idata->opcode;
2644 int operand = this_idata->operand.i;
2645
2646 int stack_size = new_stack_info->stack_size;
2647 stack_item_type *stack = new_stack_info->stack;
2648 char *stack_results;
2649
2650 fullinfo_type full_info = 0;
2651 char buffer[5], *p; /* actually [2] is big enough */
2652
2653 /* We need to look at all those opcodes in which either we can't tell the
2654 * value pushed onto the stack from the opcode, or in which the value
2655 * pushed onto the stack is an object or array. For the latter, we need
2656 * to make sure that full_info is set to the right value.
2657 */
2658 switch(opcode) {
2659 default:
2660 stack_results = opcode_in_out[opcode][1];
2661 break;
2662
2663 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2664 /* Look to constant pool to determine correct result. */
2665 unsigned char *type_table = context->constant_types;
2666 switch (type_table[operand]) {
2667 case JVM_CONSTANT_Integer:
2668 stack_results = "I"; break;
2669 case JVM_CONSTANT_Float:
2670 stack_results = "F"; break;
2671 case JVM_CONSTANT_Double:
2672 stack_results = "D"; break;
2673 case JVM_CONSTANT_Long:
2674 stack_results = "L"; break;
2675 case JVM_CONSTANT_String:
2676 stack_results = "A";
2677 full_info = context->string_info;
2678 break;
2679 case JVM_CONSTANT_Class:
2680 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2681 CCerror(context, "Internal error #3");
2682 stack_results = "A";
2683 full_info = make_class_info_from_name(context,
2684 "java/lang/Class");
2685 break;
2686 case JVM_CONSTANT_MethodHandle:
2687 case JVM_CONSTANT_MethodType:
2688 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2689 CCerror(context, "Internal error #3");
2690 stack_results = "A";
2691 switch (type_table[operand]) {
2692 case JVM_CONSTANT_MethodType:
2693 full_info = make_class_info_from_name(context,
2694 "java/lang/invoke/MethodType");
2695 break;
2696 default: //JVM_CONSTANT_MethodHandle
2697 full_info = make_class_info_from_name(context,
2698 "java/lang/invoke/MethodHandle");
2699 break;
2700 }
2701 break;
2702 default:
2703 CCerror(context, "Internal error #3");
2704 stack_results = ""; /* Never reached: keep lint happy */
2705 }
2706 break;
2707 }
2708
2709 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2710 /* Look to signature to determine correct result. */
2711 int operand = this_idata->operand.i;
2712 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2713 context->class,
2714 operand);
2715 check_and_push(context, signature, VM_STRING_UTF);
2716 #ifdef DEBUG
2717 if (verify_verbose) {
2718 print_formatted_fieldname(context, operand);
2719 }
2720 #endif
2721 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2722 buffer[1] = '\0';
2723 stack_results = buffer;
2724 pop_and_free(context);
2725 break;
2726 }
2727
2728 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2729 case JVM_OPC_invokeinit:
2730 case JVM_OPC_invokedynamic:
2731 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2732 /* Look to signature to determine correct result. */
2733 int operand = this_idata->operand.i;
2734 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2735 context->class,
2736 operand);
2737 const char *result_signature;
2738 check_and_push(context, signature, VM_STRING_UTF);
2739 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2740 if (result_signature++ == NULL) {
2741 CCerror(context, "Illegal signature %s", signature);
2742 }
2743 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2744 stack_results = "";
2745 } else {
2746 buffer[0] = signature_to_fieldtype(context, &result_signature,
2747 &full_info);
2748 buffer[1] = '\0';
2749 stack_results = buffer;
2750 }
2751 pop_and_free(context);
2752 break;
2753 }
2754
2755 case JVM_OPC_aconst_null:
2756 stack_results = opcode_in_out[opcode][1];
2757 full_info = NULL_FULLINFO; /* special NULL */
2758 break;
2759
2760 case JVM_OPC_new:
2761 case JVM_OPC_checkcast:
2762 case JVM_OPC_newarray:
2763 case JVM_OPC_anewarray:
2764 case JVM_OPC_multianewarray:
2765 stack_results = opcode_in_out[opcode][1];
2766 /* Conveniently, this result type is stored here */
2767 full_info = this_idata->operand.fi;
2768 break;
2769
2770 case JVM_OPC_aaload:
2771 stack_results = opcode_in_out[opcode][1];
2772 /* pop_stack() saved value for us. */
2773 full_info = context->swap_table[0];
2774 break;
2775
2776 case JVM_OPC_aload:
2777 stack_results = opcode_in_out[opcode][1];
2778 /* The register hasn't been modified, so we can use its value. */
2779 full_info = this_idata->register_info.registers[operand];
2780 break;
2781 } /* of switch */
2782
2783 for (p = stack_results; *p != 0; p++) {
2784 int type = *p;
2785 stack_item_type *new_item = NEW(stack_item_type, 1);
2786 new_item->next = stack;
2787 stack = new_item;
2788 switch (type) {
2789 case 'I':
2790 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2791 case 'F':
2792 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2793 case 'D':
2794 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2795 stack_size++; break;
2796 case 'L':
2797 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2798 stack_size++; break;
2799 case 'R':
2800 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2801 break;
2802 case '1': case '2': case '3': case '4': {
2803 /* Get the info saved in the swap_table */
2804 fullinfo_type stype = context->swap_table[type - '1'];
2805 stack->item = stype;
2806 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2807 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2808 stack_size++; p++;
2809 }
2810 break;
2811 }
2812 case 'A':
2813 /* full_info should have the appropriate value. */
2814 assert(full_info != 0);
2815 stack->item = full_info;
2816 break;
2817 default:
2818 CCerror(context, "Internal error #4");
2819
2820 } /* switch type */
2821 stack_size++;
2822 } /* outer for loop */
2823
2824 if (opcode == JVM_OPC_invokeinit) {
2825 /* If there are any instances of "from" on the stack, we need to
2826 * replace it with "to", since calling <init> initializes all versions
2827 * of the object, obviously. */
2828 fullinfo_type from = context->swap_table[0];
2829 stack_item_type *ptr;
2830 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2831 if (ptr->item == from) {
2832 fullinfo_type to = context->swap_table[1];
2833 stack = copy_stack(context, stack);
2834 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2835 if (ptr->item == from) ptr->item = to;
2836 break;
2837 }
2838 }
2839 }
2840
2841 new_stack_info->stack_size = stack_size;
2842 new_stack_info->stack = stack;
2843 }
2844
2845
2846 /* We've performed an instruction, and determined the new registers and stack
2847 * value. Look at all of the possibly subsequent instructions, and merge
2848 * this stack value into theirs.
2849 */
2850
2851 static void
2852 merge_into_successors(context_type *context, unsigned int inumber,
2853 register_info_type *register_info,
2854 stack_info_type *stack_info,
2855 flag_type and_flags, flag_type or_flags)
2856 {
2857 instruction_data_type *idata = context->instruction_data;
2858 instruction_data_type *this_idata = &idata[inumber];
2859 int opcode = this_idata->opcode;
2860 int operand = this_idata->operand.i;
2861 struct handler_info_type *handler_info = context->handler_info;
2862 int handler_info_length =
2863 JVM_GetMethodIxExceptionTableLength(context->env,
2864 context->class,
2865 context->method_index);
2866
2867
2868 int buffer[2]; /* default value for successors */
2869 int *successors = buffer; /* table of successors */
2870 int successors_count;
2871 int i;
2872
2873 switch (opcode) {
2874 default:
2875 successors_count = 1;
2876 buffer[0] = inumber + 1;
2877 break;
2878
2879 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2880 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2881 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2882 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2883 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2884 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2885 successors_count = 2;
2886 buffer[0] = inumber + 1;
2887 buffer[1] = operand;
2888 break;
2889
2890 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2891 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2892 idata[this_idata->operand2.i].changed = JNI_TRUE;
2893 /* FALLTHROUGH */
2894 case JVM_OPC_goto: case JVM_OPC_goto_w:
2895 successors_count = 1;
2896 buffer[0] = operand;
2897 break;
2898
2899
2900 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2901 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2902 case JVM_OPC_athrow:
2903 /* The testing for the returns is handled in pop_stack() */
2904 successors_count = 0;
2905 break;
2906
2907 case JVM_OPC_ret: {
2908 /* This is slightly slow, but good enough for a seldom used instruction.
2909 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2910 * address of the first instruction of the subroutine. We can return
2911 * to 1 after any instruction that jsr's to that instruction.
2912 */
2913 if (this_idata->operand2.ip == NULL) {
2914 fullinfo_type *registers = this_idata->register_info.registers;
2915 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2916 int i, count, *ptr;;
2917 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2918 if (((idata[i].opcode == JVM_OPC_jsr) ||
2919 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2920 (idata[i].operand.i == called_instruction))
2921 count++;
2922 }
2923 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2924 *ptr++ = count;
2925 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2926 if (((idata[i].opcode == JVM_OPC_jsr) ||
2927 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2928 (idata[i].operand.i == called_instruction))
2929 *ptr++ = i + 1;
2930 }
2931 }
2932 successors = this_idata->operand2.ip; /* use this instead */
2933 successors_count = *successors++;
2934 break;
2935
2936 }
2937
2938 case JVM_OPC_tableswitch:
2939 case JVM_OPC_lookupswitch:
2940 successors = this_idata->operand.ip; /* use this instead */
2941 successors_count = *successors++;
2942 break;
2943 }
2944
2945 #ifdef DEBUG
2946 if (verify_verbose) {
2947 jio_fprintf(stdout, " [");
2948 for (i = handler_info_length; --i >= 0; handler_info++)
2949 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
2950 jio_fprintf(stdout, "%d* ", handler_info->handler);
2951 for (i = 0; i < successors_count; i++)
2952 jio_fprintf(stdout, "%d ", successors[i]);
2953 jio_fprintf(stdout, "]\n");
2954 }
2955 #endif
2956
2957 handler_info = context->handler_info;
2958 for (i = handler_info_length; --i >= 0; handler_info++) {
2959 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
2960 int handler = handler_info->handler;
2961 if (opcode != JVM_OPC_invokeinit) {
2962 merge_into_one_successor(context, inumber, handler,
2963 &this_idata->register_info, /* old */
2964 &handler_info->stack_info,
2965 (flag_type) (and_flags
2966 & this_idata->and_flags),
2967 (flag_type) (or_flags
2968 | this_idata->or_flags),
2969 JNI_TRUE);
2970 } else {
2971 /* We need to be a little bit more careful with this
2972 * instruction. Things could either be in the state before
2973 * the instruction or in the state afterwards */
2974 fullinfo_type from = context->swap_table[0];
2975 flag_type temp_or_flags = or_flags;
2976 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2977 temp_or_flags |= FLAG_NO_RETURN;
2978 merge_into_one_successor(context, inumber, handler,
2979 &this_idata->register_info, /* old */
2980 &handler_info->stack_info,
2981 this_idata->and_flags,
2982 this_idata->or_flags,
2983 JNI_TRUE);
2984 merge_into_one_successor(context, inumber, handler,
2985 register_info,
2986 &handler_info->stack_info,
2987 and_flags, temp_or_flags, JNI_TRUE);
2988 }
2989 }
2990 }
2991 for (i = 0; i < successors_count; i++) {
2992 int target = successors[i];
2993 if (target >= context->instruction_count)
2994 CCerror(context, "Falling off the end of the code");
2995 merge_into_one_successor(context, inumber, target,
2996 register_info, stack_info, and_flags, or_flags,
2997 JNI_FALSE);
2998 }
2999 }
3000
3001 /* We have a new set of registers and stack values for a given instruction.
3002 * Merge this new set into the values that are already there.
3003 */
3004
3005 static void
3006 merge_into_one_successor(context_type *context,
3007 unsigned int from_inumber, unsigned int to_inumber,
3008 register_info_type *new_register_info,
3009 stack_info_type *new_stack_info,
3010 flag_type new_and_flags, flag_type new_or_flags,
3011 jboolean isException)
3012 {
3013 instruction_data_type *idata = context->instruction_data;
3014 register_info_type register_info_buf;
3015 stack_info_type stack_info_buf;
3016 #ifdef DEBUG
3017 instruction_data_type *this_idata = &idata[to_inumber];
3018 register_info_type old_reg_info;
3019 stack_info_type old_stack_info;
3020 flag_type old_and_flags = 0;
3021 flag_type old_or_flags = 0;
3022 #endif
3023
3024 #ifdef DEBUG
3025 if (verify_verbose) {
3026 old_reg_info = this_idata->register_info;
3027 old_stack_info = this_idata->stack_info;
3028 old_and_flags = this_idata->and_flags;
3029 old_or_flags = this_idata->or_flags;
3030 }
3031 #endif
3032
3033 /* All uninitialized objects are set to "bogus" when jsr and
3034 * ret are executed. Thus uninitialized objects can't propagate
3035 * into or out of a subroutine.
3036 */
3037 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3038 idata[from_inumber].opcode == JVM_OPC_jsr ||
3039 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3040 int new_register_count = new_register_info->register_count;
3041 fullinfo_type *new_registers = new_register_info->registers;
3042 int i;
3043 stack_item_type *item;
3044
3045 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3046 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3047 /* This check only succeeds for hand-contrived code.
3048 * Efficiency is not an issue.
3049 */
3050 stack_info_buf.stack = copy_stack(context,
3051 new_stack_info->stack);
3052 stack_info_buf.stack_size = new_stack_info->stack_size;
3053 new_stack_info = &stack_info_buf;
3054 for (item = new_stack_info->stack; item != NULL;
3055 item = item->next) {
3056 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3057 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3058 }
3059 }
3060 break;
3061 }
3062 }
3063 for (i = 0; i < new_register_count; i++) {
3064 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3065 /* This check only succeeds for hand-contrived code.
3066 * Efficiency is not an issue.
3067 */
3068 fullinfo_type *new_set = NEW(fullinfo_type,
3069 new_register_count);
3070 for (i = 0; i < new_register_count; i++) {
3071 fullinfo_type t = new_registers[i];
3072 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3073 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3074 }
3075 register_info_buf.register_count = new_register_count;
3076 register_info_buf.registers = new_set;
3077 register_info_buf.mask_count = new_register_info->mask_count;
3078 register_info_buf.masks = new_register_info->masks;
3079 new_register_info = ®ister_info_buf;
3080 break;
3081 }
3082 }
3083 }
3084
3085 /* Returning from a subroutine is somewhat ugly. The actual thing
3086 * that needs to get merged into the new instruction is a joining
3087 * of info from the ret instruction with stuff in the jsr instruction
3088 */
3089 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3090 int new_register_count = new_register_info->register_count;
3091 fullinfo_type *new_registers = new_register_info->registers;
3092 int new_mask_count = new_register_info->mask_count;
3093 mask_type *new_masks = new_register_info->masks;
3094 int operand = idata[from_inumber].operand.i;
3095 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3096 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3097 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3098 if (jsr_idata->operand2.i != (int)from_inumber) {
3099 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3100 CCerror(context, "Multiple returns to single jsr");
3101 jsr_idata->operand2.i = from_inumber;
3102 }
3103 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3104 /* We don't want to handle the returned-to instruction until
3105 * we've dealt with the jsr instruction. When we get to the
3106 * jsr instruction (if ever), we'll re-mark the ret instruction
3107 */
3108 ;
3109 } else {
3110 int register_count = jsr_reginfo->register_count;
3111 fullinfo_type *registers = jsr_reginfo->registers;
3112 int max_registers = MAX(register_count, new_register_count);
3113 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3114 int *return_mask;
3115 struct register_info_type new_new_register_info;
3116 int i;
3117 /* Make sure the place we're returning from is legal! */
3118 for (i = new_mask_count; --i >= 0; )
3119 if (new_masks[i].entry == called_instruction)
3120 break;
3121 if (i < 0)
3122 CCerror(context, "Illegal return from subroutine");
3123 /* pop the masks down to the indicated one. Remember the mask
3124 * we're popping off. */
3125 return_mask = new_masks[i].modifies;
3126 new_mask_count = i;
3127 for (i = 0; i < max_registers; i++) {
3128 if (IS_BIT_SET(return_mask, i))
3129 new_set[i] = i < new_register_count ?
3130 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3131 else
3132 new_set[i] = i < register_count ?
3133 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3134 }
3135 new_new_register_info.register_count = max_registers;
3136 new_new_register_info.registers = new_set;
3137 new_new_register_info.mask_count = new_mask_count;
3138 new_new_register_info.masks = new_masks;
3139
3140
3141 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3142 merge_registers(context, to_inumber - 1, to_inumber,
3143 &new_new_register_info);
3144 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3145 }
3146 } else {
3147 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3148 merge_registers(context, from_inumber, to_inumber, new_register_info);
3149 merge_flags(context, from_inumber, to_inumber,
3150 new_and_flags, new_or_flags);
3151 }
3152
3153 #ifdef DEBUG
3154 if (verify_verbose && idata[to_inumber].changed) {
3155 register_info_type *register_info = &this_idata->register_info;
3156 stack_info_type *stack_info = &this_idata->stack_info;
3157 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3158 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3159 (old_and_flags != this_idata->and_flags) ||
3160 (old_or_flags != this_idata->or_flags)) {
3161 jio_fprintf(stdout, " %2d:", to_inumber);
3162 print_stack(context, &old_stack_info);
3163 print_registers(context, &old_reg_info);
3164 print_flags(context, old_and_flags, old_or_flags);
3165 jio_fprintf(stdout, " => ");
3166 print_stack(context, &this_idata->stack_info);
3167 print_registers(context, &this_idata->register_info);
3168 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3169 jio_fprintf(stdout, "\n");
3170 }
3171 }
3172 #endif
3173
3174 }
3175
3176 static void
3177 merge_stack(context_type *context, unsigned int from_inumber,
3178 unsigned int to_inumber, stack_info_type *new_stack_info)
3179 {
3180 instruction_data_type *idata = context->instruction_data;
3181 instruction_data_type *this_idata = &idata[to_inumber];
3182
3183 int new_stack_size = new_stack_info->stack_size;
3184 stack_item_type *new_stack = new_stack_info->stack;
3185
3186 int stack_size = this_idata->stack_info.stack_size;
3187
3188 if (stack_size == UNKNOWN_STACK_SIZE) {
3189 /* First time at this instruction. Just copy. */
3190 this_idata->stack_info.stack_size = new_stack_size;
3191 this_idata->stack_info.stack = new_stack;
3192 this_idata->changed = JNI_TRUE;
3193 } else if (new_stack_size != stack_size) {
3194 CCerror(context, "Inconsistent stack height %d != %d",
3195 new_stack_size, stack_size);
3196 } else {
3197 stack_item_type *stack = this_idata->stack_info.stack;
3198 stack_item_type *old, *new;
3199 jboolean change = JNI_FALSE;
3200 for (old = stack, new = new_stack; old != NULL;
3201 old = old->next, new = new->next) {
3202 if (!isAssignableTo(context, new->item, old->item)) {
3203 change = JNI_TRUE;
3204 break;
3205 }
3206 }
3207 if (change) {
3208 stack = copy_stack(context, stack);
3209 for (old = stack, new = new_stack; old != NULL;
3210 old = old->next, new = new->next) {
3211 if (new == NULL) {
3212 break;
3213 }
3214 old->item = merge_fullinfo_types(context, old->item, new->item,
3215 JNI_FALSE);
3216 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3217 CCerror(context, "Mismatched stack types");
3218 }
3219 }
3220 if (old != NULL || new != NULL) {
3221 CCerror(context, "Mismatched stack types");
3222 }
3223 this_idata->stack_info.stack = stack;
3224 this_idata->changed = JNI_TRUE;
3225 }
3226 }
3227 }
3228
3229 static void
3230 merge_registers(context_type *context, unsigned int from_inumber,
3231 unsigned int to_inumber, register_info_type *new_register_info)
3232 {
3233 instruction_data_type *idata = context->instruction_data;
3234 instruction_data_type *this_idata = &idata[to_inumber];
3235 register_info_type *this_reginfo = &this_idata->register_info;
3236
3237 int new_register_count = new_register_info->register_count;
3238 fullinfo_type *new_registers = new_register_info->registers;
3239 int new_mask_count = new_register_info->mask_count;
3240 mask_type *new_masks = new_register_info->masks;
3241
3242
3243 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3244 this_reginfo->register_count = new_register_count;
3245 this_reginfo->registers = new_registers;
3246 this_reginfo->mask_count = new_mask_count;
3247 this_reginfo->masks = new_masks;
3248 this_idata->changed = JNI_TRUE;
3249 } else {
3250 /* See if we've got new information on the register set. */
3251 int register_count = this_reginfo->register_count;
3252 fullinfo_type *registers = this_reginfo->registers;
3253 int mask_count = this_reginfo->mask_count;
3254 mask_type *masks = this_reginfo->masks;
3255
3256 jboolean copy = JNI_FALSE;
3257 int i, j;
3258 if (register_count > new_register_count) {
3259 /* Any register larger than new_register_count is now bogus */
3260 this_reginfo->register_count = new_register_count;
3261 register_count = new_register_count;
3262 this_idata->changed = JNI_TRUE;
3263 }
3264 for (i = 0; i < register_count; i++) {
3265 fullinfo_type prev_value = registers[i];
3266 if ((i < new_register_count)
3267 ? (!isAssignableTo(context, new_registers[i], prev_value))
3268 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3269 copy = JNI_TRUE;
3270 break;
3271 }
3272 }
3273
3274 if (copy) {
3275 /* We need a copy. So do it. */
3276 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3277 for (j = 0; j < i; j++)
3278 new_set[j] = registers[j];
3279 for (j = i; j < register_count; j++) {
3280 if (i >= new_register_count)
3281 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3282 else
3283 new_set[j] = merge_fullinfo_types(context,
3284 new_registers[j],
3285 registers[j], JNI_FALSE);
3286 }
3287 /* Some of the end items might now be bogus. This step isn't
3288 * necessary, but it may save work later. */
3289 while ( register_count > 0
3290 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3291 register_count--;
3292 this_reginfo->register_count = register_count;
3293 this_reginfo->registers = new_set;
3294 this_idata->changed = JNI_TRUE;
3295 }
3296 if (mask_count > 0) {
3297 /* If the target instruction already has a sequence of masks, then
3298 * we need to merge new_masks into it. We want the entries on
3299 * the mask to be the longest common substring of the two.
3300 * (e.g. a->b->d merged with a->c->d should give a->d)
3301 * The bits set in the mask should be the or of the corresponding
3302 * entries in each of the original masks.
3303 */
3304 int i, j, k;
3305 int matches = 0;
3306 int last_match = -1;
3307 jboolean copy_needed = JNI_FALSE;
3308 for (i = 0; i < mask_count; i++) {
3309 int entry = masks[i].entry;
3310 for (j = last_match + 1; j < new_mask_count; j++) {
3311 if (new_masks[j].entry == entry) {
3312 /* We have a match */
3313 int *prev = masks[i].modifies;
3314 int *new = new_masks[j].modifies;
3315 matches++;
3316 /* See if new_mask has bits set for "entry" that
3317 * weren't set for mask. If so, need to copy. */
3318 for (k = context->bitmask_size - 1;
3319 !copy_needed && k >= 0;
3320 k--)
3321 if (~prev[k] & new[k])
3322 copy_needed = JNI_TRUE;
3323 last_match = j;
3324 break;
3325 }
3326 }
3327 }
3328 if ((matches < mask_count) || copy_needed) {
3329 /* We need to make a copy for the new item, since either the
3330 * size has decreased, or new bits are set. */
3331 mask_type *copy = NEW(mask_type, matches);
3332 for (i = 0; i < matches; i++) {
3333 copy[i].modifies = NEW(int, context->bitmask_size);
3334 }
3335 this_reginfo->masks = copy;
3336 this_reginfo->mask_count = matches;
3337 this_idata->changed = JNI_TRUE;
3338 matches = 0;
3339 last_match = -1;
3340 for (i = 0; i < mask_count; i++) {
3341 int entry = masks[i].entry;
3342 for (j = last_match + 1; j < new_mask_count; j++) {
3343 if (new_masks[j].entry == entry) {
3344 int *prev1 = masks[i].modifies;
3345 int *prev2 = new_masks[j].modifies;
3346 int *new = copy[matches].modifies;
3347 copy[matches].entry = entry;
3348 for (k = context->bitmask_size - 1; k >= 0; k--)
3349 new[k] = prev1[k] | prev2[k];
3350 matches++;
3351 last_match = j;
3352 break;
3353 }
3354 }
3355 }
3356 }
3357 }
3358 }
3359 }
3360
3361
3362 static void
3363 merge_flags(context_type *context, unsigned int from_inumber,
3364 unsigned int to_inumber,
3365 flag_type new_and_flags, flag_type new_or_flags)
3366 {
3367 /* Set this_idata->and_flags &= new_and_flags
3368 this_idata->or_flags |= new_or_flags
3369 */
3370 instruction_data_type *idata = context->instruction_data;
3371 instruction_data_type *this_idata = &idata[to_inumber];
3372 flag_type this_and_flags = this_idata->and_flags;
3373 flag_type this_or_flags = this_idata->or_flags;
3374 flag_type merged_and = this_and_flags & new_and_flags;
3375 flag_type merged_or = this_or_flags | new_or_flags;
3376
3377 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3378 this_idata->and_flags = merged_and;
3379 this_idata->or_flags = merged_or;
3380 this_idata->changed = JNI_TRUE;
3381 }
3382 }
3383
3384
3385 /* Make a copy of a stack */
3386
3387 static stack_item_type *
3388 copy_stack(context_type *context, stack_item_type *stack)
3389 {
3390 int length;
3391 stack_item_type *ptr;
3392
3393 /* Find the length */
3394 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3395
3396 if (length > 0) {
3397 stack_item_type *new_stack = NEW(stack_item_type, length);
3398 stack_item_type *new_ptr;
3399 for ( ptr = stack, new_ptr = new_stack;
3400 ptr != NULL;
3401 ptr = ptr->next, new_ptr++) {
3402 new_ptr->item = ptr->item;
3403 new_ptr->next = new_ptr + 1;
3404 }
3405 new_stack[length - 1].next = NULL;
3406 return new_stack;
3407 } else {
3408 return NULL;
3409 }
3410 }
3411
3412
3413 static mask_type *
3414 copy_masks(context_type *context, mask_type *masks, int mask_count)
3415 {
3416 mask_type *result = NEW(mask_type, mask_count);
3417 int bitmask_size = context->bitmask_size;
3418 int *bitmaps = NEW(int, mask_count * bitmask_size);
3419 int i;
3420 for (i = 0; i < mask_count; i++) {
3421 result[i].entry = masks[i].entry;
3422 result[i].modifies = &bitmaps[i * bitmask_size];
3423 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3424 }
3425 return result;
3426 }
3427
3428
3429 static mask_type *
3430 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3431 {
3432 mask_type *result = NEW(mask_type, mask_count + 1);
3433 int bitmask_size = context->bitmask_size;
3434 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3435 int i;
3436 for (i = 0; i < mask_count; i++) {
3437 result[i].entry = masks[i].entry;
3438 result[i].modifies = &bitmaps[i * bitmask_size];
3439 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3440 }
3441 result[mask_count].entry = d;
3442 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3443 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3444 return result;
3445 }
3446
3447
3448
3449 /* We create our own storage manager, since we malloc lots of little items,
3450 * and I don't want to keep trace of when they become free. I sure wish that
3451 * we had heaps, and I could just free the heap when done.
3452 */
3453
3454 #define CCSegSize 2000
3455
3456 struct CCpool { /* a segment of allocated memory in the pool */
3457 struct CCpool *next;
3458 int segSize; /* almost always CCSegSize */
3459 int poolPad;
3460 char space[CCSegSize];
3461 };
3462
3463 /* Initialize the context's heap. */
3464 static void CCinit(context_type *context)
3465 {
3466 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3467 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3468 context->CCroot = context->CCcurrent = new;
3469 if (new == 0) {
3470 CCout_of_memory(context);
3471 }
3472 new->next = NULL;
3473 new->segSize = CCSegSize;
3474 context->CCfree_size = CCSegSize;
3475 context->CCfree_ptr = &new->space[0];
3476 }
3477
3478
3479 /* Reuse all the space that we have in the context's heap. */
3480 static void CCreinit(context_type *context)
3481 {
3482 struct CCpool *first = context->CCroot;
3483 context->CCcurrent = first;
3484 context->CCfree_size = CCSegSize;
3485 context->CCfree_ptr = &first->space[0];
3486 }
3487
3488 /* Destroy the context's heap. */
3489 static void CCdestroy(context_type *context)
3490 {
3491 struct CCpool *this = context->CCroot;
3492 while (this) {
3493 struct CCpool *next = this->next;
3494 free(this);
3495 this = next;
3496 }
3497 /* These two aren't necessary. But can't hurt either */
3498 context->CCroot = context->CCcurrent = NULL;
3499 context->CCfree_ptr = 0;
3500 }
3501
3502 /* Allocate an object of the given size from the context's heap. */
3503 static void *
3504 CCalloc(context_type *context, int size, jboolean zero)
3505 {
3506
3507 register char *p;
3508 /* Round CC to the size of a pointer */
3509 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3510
3511 if (context->CCfree_size < size) {
3512 struct CCpool *current = context->CCcurrent;
3513 struct CCpool *new;
3514 if (size > CCSegSize) { /* we need to allocate a special block */
3515 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3516 (size - CCSegSize));
3517 if (new == 0) {
3518 CCout_of_memory(context);
3519 }
3520 new->next = current->next;
3521 new->segSize = size;
3522 current->next = new;
3523 } else {
3524 new = current->next;
3525 if (new == NULL) {
3526 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3527 if (new == 0) {
3528 CCout_of_memory(context);
3529 }
3530 current->next = new;
3531 new->next = NULL;
3532 new->segSize = CCSegSize;
3533 }
3534 }
3535 context->CCcurrent = new;
3536 context->CCfree_ptr = &new->space[0];
3537 context->CCfree_size = new->segSize;
3538 }
3539 p = context->CCfree_ptr;
3540 context->CCfree_ptr += size;
3541 context->CCfree_size -= size;
3542 if (zero)
3543 memset(p, 0, size);
3544 return p;
3545 }
3546
3547 /* Get the class associated with a particular field or method or class in the
3548 * constant pool. If is_field is true, we've got a field or method. If
3549 * false, we've got a class.
3550 */
3551 static fullinfo_type
3552 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3553 {
3554 JNIEnv *env = context->env;
3555 fullinfo_type result;
3556 const char *classname;
3557 switch (kind) {
3558 case JVM_CONSTANT_Class:
3559 classname = JVM_GetCPClassNameUTF(env,
3560 context->class,
3561 cp_index);
3562 break;
3563 case JVM_CONSTANT_Methodref:
3564 classname = JVM_GetCPMethodClassNameUTF(env,
3565 context->class,
3566 cp_index);
3567 break;
3568 case JVM_CONSTANT_Fieldref:
3569 classname = JVM_GetCPFieldClassNameUTF(env,
3570 context->class,
3571 cp_index);
3572 break;
3573 default:
3574 classname = NULL;
3575 CCerror(context, "Internal error #5");
3576 }
3577
3578 check_and_push(context, classname, VM_STRING_UTF);
3579 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3580 /* This make recursively call us, in case of a class array */
3581 signature_to_fieldtype(context, &classname, &result);
3582 } else {
3583 result = make_class_info_from_name(context, classname);
3584 }
3585 pop_and_free(context);
3586 return result;
3587 }
3588
3589
3590 static int
3591 print_CCerror_info(context_type *context)
3592 {
3593 JNIEnv *env = context->env;
3594 jclass cb = context->class;
3595 const char *classname = JVM_GetClassNameUTF(env, cb);
3596 const char *name = 0;
3597 const char *signature = 0;
3598 int n = 0;
3599 if (context->method_index != -1) {
3600 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3601 signature =
3602 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3603 n += jio_snprintf(context->message, context->message_buf_len,
3604 "(class: %s, method: %s signature: %s) ",
3605 (classname ? classname : ""),
3606 (name ? name : ""),
3607 (signature ? signature : ""));
3608 } else if (context->field_index != -1 ) {
3609 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3610 n += jio_snprintf(context->message, context->message_buf_len,
3611 "(class: %s, field: %s) ",
3612 (classname ? classname : 0),
3613 (name ? name : 0));
3614 } else {
3615 n += jio_snprintf(context->message, context->message_buf_len,
3616 "(class: %s) ", classname ? classname : "");
3617 }
3618 JVM_ReleaseUTF(classname);
3619 JVM_ReleaseUTF(name);
3620 JVM_ReleaseUTF(signature);
3621 return n;
3622 }
3623
3624 static void
3625 CCerror (context_type *context, char *format, ...)
3626 {
3627 int n = print_CCerror_info(context);
3628 va_list args;
3629 if (n >= 0 && n < context->message_buf_len) {
3630 va_start(args, format);
3631 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3632 format, args);
3633 va_end(args);
3634 }
3635 context->err_code = CC_VerifyError;
3636 longjmp(context->jump_buffer, 1);
3637 }
3638
3639 static void
3640 CCout_of_memory(context_type *context)
3641 {
3642 int n = print_CCerror_info(context);
3643 context->err_code = CC_OutOfMemory;
3644 longjmp(context->jump_buffer, 1);
3645 }
3646
3647 static void
3648 CFerror(context_type *context, char *format, ...)
3649 {
3650 int n = print_CCerror_info(context);
3651 va_list args;
3652 if (n >= 0 && n < context->message_buf_len) {
3653 va_start(args, format);
3654 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3655 format, args);
3656 va_end(args);
3657 }
3658 context->err_code = CC_ClassFormatError;
3659 longjmp(context->jump_buffer, 1);
3660 }
3661
3662 static char
3663 signature_to_fieldtype(context_type *context,
3664 const char **signature_p, fullinfo_type *full_info_p)
3665 {
3666 const char *p = *signature_p;
3667 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3668 char result;
3669 int array_depth = 0;
3670
3671 for (;;) {
3672 switch(*p++) {
3673 default:
3674 result = 0;
3675 break;
3676
3677 case JVM_SIGNATURE_BOOLEAN: case JVM_SIGNATURE_BYTE:
3678 full_info = (array_depth > 0)
3679 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3680 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3681 result = 'I';
3682 break;
3683
3684 case JVM_SIGNATURE_CHAR:
3685 full_info = (array_depth > 0)
3686 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3687 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3688 result = 'I';
3689 break;
3690
3691 case JVM_SIGNATURE_SHORT:
3692 full_info = (array_depth > 0)
3693 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3694 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3695 result = 'I';
3696 break;
3697
3698 case JVM_SIGNATURE_INT:
3699 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3700 result = 'I';
3701 break;
3702
3703 case JVM_SIGNATURE_FLOAT:
3704 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3705 result = 'F';
3706 break;
3707
3708 case JVM_SIGNATURE_DOUBLE:
3709 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3710 result = 'D';
3711 break;
3712
3713 case JVM_SIGNATURE_LONG:
3714 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3715 result = 'L';
3716 break;
3717
3718 case JVM_SIGNATURE_ARRAY:
3719 array_depth++;
3720 continue; /* only time we ever do the loop > 1 */
3721
3722 case JVM_SIGNATURE_CLASS: {
3723 char buffer_space[256];
3724 char *buffer = buffer_space;
3725 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3726 int length;
3727 if (finish == NULL) {
3728 /* Signature must have ';' after the class name.
3729 * If it does not, return 0 and ITEM_Bogus in full_info. */
3730 result = 0;
3731 break;
3732 }
3733 length = finish - p;
3734 if (length + 1 > (int)sizeof(buffer_space)) {
3735 buffer = malloc(length + 1);
3736 check_and_push(context, buffer, VM_MALLOC_BLK);
3737 }
3738 memcpy(buffer, p, length);
3739 buffer[length] = '\0';
3740 full_info = make_class_info_from_name(context, buffer);
3741 result = 'A';
3742 p = finish + 1;
3743 if (buffer != buffer_space)
3744 pop_and_free(context);
3745 break;
3746 }
3747 } /* end of switch */
3748 break;
3749 }
3750 *signature_p = p;
3751 if (array_depth == 0 || result == 0) {
3752 /* either not an array, or result is bogus */
3753 *full_info_p = full_info;
3754 return result;
3755 } else {
3756 if (array_depth > MAX_ARRAY_DIMENSIONS)
3757 CCerror(context, "Array with too many dimensions");
3758 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3759 array_depth,
3760 GET_EXTRA_INFO(full_info));
3761 return 'A';
3762 }
3763 }
3764
3765
3766 /* Given an array type, create the type that has one less level of
3767 * indirection.
3768 */
3769
3770 static fullinfo_type
3771 decrement_indirection(fullinfo_type array_info)
3772 {
3773 if (array_info == NULL_FULLINFO) {
3774 return NULL_FULLINFO;
3775 } else {
3776 int type = GET_ITEM_TYPE(array_info);
3777 int indirection = GET_INDIRECTION(array_info) - 1;
3778 int extra_info = GET_EXTRA_INFO(array_info);
3779 if ( (indirection == 0)
3780 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Char)))
3781 type = ITEM_Integer;
3782 return MAKE_FULLINFO(type, indirection, extra_info);
3783 }
3784 }
3785
3786
3787 /* See if we can assign an object of the "from" type to an object
3788 * of the "to" type.
3789 */
3790
3791 static jboolean isAssignableTo(context_type *context,
3792 fullinfo_type from, fullinfo_type to)
3793 {
3794 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3795 }
3796
3797 /* Given two fullinfo_type's, find their lowest common denominator. If
3798 * the assignable_p argument is non-null, we're really just calling to find
3799 * out if "<target> := <value>" is a legitimate assignment.
3800 *
3801 * We treat all interfaces as if they were of type java/lang/Object, since the
3802 * runtime will do the full checking.
3803 */
3804 static fullinfo_type
3805 merge_fullinfo_types(context_type *context,
3806 fullinfo_type value, fullinfo_type target,
3807 jboolean for_assignment)
3808 {
3809 JNIEnv *env = context->env;
3810 if (value == target) {
3811 /* If they're identical, clearly just return what we've got */
3812 return value;
3813 }
3814
3815 /* Both must be either arrays or objects to go further */
3816 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3817 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3818 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3819 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3820
3821 /* If either is NULL, return the other. */
3822 if (value == NULL_FULLINFO)
3823 return target;
3824 else if (target == NULL_FULLINFO)
3825 return value;
3826
3827 /* If either is java/lang/Object, that's the result. */
3828 if (target == context->object_info)
3829 return target;
3830 else if (value == context->object_info) {
3831 /* Minor hack. For assignments, Interface := Object, return Interface
3832 * rather than Object, so that isAssignableTo() will get the right
3833 * result. */
3834 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3835 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3836 jclass cb = object_fullinfo_to_classclass(context,
3837 target);
3838 int is_interface = cb && JVM_IsInterface(env, cb);
3839 if (is_interface)
3840 return target;
3841 }
3842 return value;
3843 }
3844 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3845 /* At least one is an array. Neither is java/lang/Object or NULL.
3846 * Moreover, the types are not identical.
3847 * The result must either be Object, or an array of some object type.
3848 */
3849 fullinfo_type value_base, target_base;
3850 int dimen_value = GET_INDIRECTION(value);
3851 int dimen_target = GET_INDIRECTION(target);
3852
3853 if (target == context->cloneable_info ||
3854 target == context->serializable_info) {
3855 return target;
3856 }
3857
3858 if (value == context->cloneable_info ||
3859 value == context->serializable_info) {
3860 return value;
3861 }
3862
3863 /* First, if either item's base type isn't ITEM_Object, promote it up
3864 * to an object or array of object. If either is elemental, we can
3865 * punt.
3866 */
3867 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3868 if (dimen_value == 0)
3869 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3870 dimen_value--;
3871 value = MAKE_Object_ARRAY(dimen_value);
3872
3873 }
3874 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3875 if (dimen_target == 0)
3876 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3877 dimen_target--;
3878 target = MAKE_Object_ARRAY(dimen_target);
3879 }
3880 /* Both are now objects or arrays of some sort of object type */
3881 value_base = WITH_ZERO_INDIRECTION(value);
3882 target_base = WITH_ZERO_INDIRECTION(target);
3883 if (dimen_value == dimen_target) {
3884 /* Arrays of the same dimension. Merge their base types. */
3885 fullinfo_type result_base =
3886 merge_fullinfo_types(context, value_base, target_base,
3887 for_assignment);
3888 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3889 /* bogus in, bogus out */
3890 return result_base;
3891 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3892 GET_EXTRA_INFO(result_base));
3893 } else {
3894 /* Arrays of different sizes. If the smaller dimension array's base
3895 * type is java/lang/Cloneable or java/io/Serializable, return it.
3896 * Otherwise return java/lang/Object with a dimension of the smaller
3897 * of the two */
3898 if (dimen_value < dimen_target) {
3899 if (value_base == context->cloneable_info ||
3900 value_base == context ->serializable_info) {
3901 return value;
3902 }
3903 return MAKE_Object_ARRAY(dimen_value);
3904 } else {
3905 if (target_base == context->cloneable_info ||
3906 target_base == context->serializable_info) {
3907 return target;
3908 }
3909 return MAKE_Object_ARRAY(dimen_target);
3910 }
3911 }
3912 } else {
3913 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3914 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3915 fullinfo_type result_info;
3916
3917 /* Let's get the classes corresponding to each of these. Treat
3918 * interfaces as if they were java/lang/Object. See hack note above. */
3919 cb_target = object_fullinfo_to_classclass(context, target);
3920 if (cb_target == 0)
3921 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3922 if (JVM_IsInterface(env, cb_target))
3923 return for_assignment ? target : context->object_info;
3924 cb_value = object_fullinfo_to_classclass(context, value);
3925 if (cb_value == 0)
3926 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3927 if (JVM_IsInterface(env, cb_value))
3928 return context->object_info;
3929
3930 /* If this is for assignment of target := value, we just need to see if
3931 * cb_target is a superclass of cb_value. Save ourselves a lot of
3932 * work.
3933 */
3934 if (for_assignment) {
3935 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3936 while (cb_super_value != 0) {
3937 jclass tmp_cb;
3938 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3939 (*env)->DeleteLocalRef(env, cb_super_value);
3940 return target;
3941 }
3942 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3943 (*env)->DeleteLocalRef(env, cb_super_value);
3944 cb_super_value = tmp_cb;
3945 }
3946 (*env)->DeleteLocalRef(env, cb_super_value);
3947 return context->object_info;
3948 }
3949
3950 /* Find out whether cb_value or cb_target is deeper in the class
3951 * tree by moving both toward the root, and seeing who gets there
3952 * first. */
3953 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3954 cb_super_target = (*env)->GetSuperclass(env, cb_target);
3955 while((cb_super_value != 0) &&
3956 (cb_super_target != 0)) {
3957 jclass tmp_cb;
3958 /* Optimization. If either hits the other when going up looking
3959 * for a parent, then might as well return the parent immediately */
3960 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3961 (*env)->DeleteLocalRef(env, cb_super_value);
3962 (*env)->DeleteLocalRef(env, cb_super_target);
3963 return target;
3964 }
3965 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
3966 (*env)->DeleteLocalRef(env, cb_super_value);
3967 (*env)->DeleteLocalRef(env, cb_super_target);
3968 return value;
3969 }
3970 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3971 (*env)->DeleteLocalRef(env, cb_super_value);
3972 cb_super_value = tmp_cb;
3973
3974 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
3975 (*env)->DeleteLocalRef(env, cb_super_target);
3976 cb_super_target = tmp_cb;
3977 }
3978 cb_value = (*env)->NewLocalRef(env, cb_value);
3979 cb_target = (*env)->NewLocalRef(env, cb_target);
3980 /* At most one of the following two while clauses will be executed.
3981 * Bring the deeper of cb_target and cb_value to the depth of the
3982 * shallower one.
3983 */
3984 while (cb_super_value != 0) {
3985 /* cb_value is deeper */
3986 jclass cb_tmp;
3987
3988 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
3989 (*env)->DeleteLocalRef(env, cb_super_value);
3990 cb_super_value = cb_tmp;
3991
3992 cb_tmp = (*env)->GetSuperclass(env, cb_value);
3993 (*env)->DeleteLocalRef(env, cb_value);
3994 cb_value = cb_tmp;
3995 }
3996 while (cb_super_target != 0) {
3997 /* cb_target is deeper */
3998 jclass cb_tmp;
3999
4000 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4001 (*env)->DeleteLocalRef(env, cb_super_target);
4002 cb_super_target = cb_tmp;
4003
4004 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4005 (*env)->DeleteLocalRef(env, cb_target);
4006 cb_target = cb_tmp;
4007 }
4008
4009 /* Walk both up, maintaining equal depth, until a join is found. We
4010 * know that we will find one. */
4011 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4012 jclass cb_tmp;
4013 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4014 (*env)->DeleteLocalRef(env, cb_value);
4015 cb_value = cb_tmp;
4016 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4017 (*env)->DeleteLocalRef(env, cb_target);
4018 cb_target = cb_tmp;
4019 }
4020 result_info = make_class_info(context, cb_value);
4021 (*env)->DeleteLocalRef(env, cb_value);
4022 (*env)->DeleteLocalRef(env, cb_super_value);
4023 (*env)->DeleteLocalRef(env, cb_target);
4024 (*env)->DeleteLocalRef(env, cb_super_target);
4025 return result_info;
4026 } /* both items are classes */
4027 }
4028
4029
4030 /* Given a fullinfo_type corresponding to an Object, return the jclass
4031 * of that type.
4032 *
4033 * This function always returns a global reference!
4034 */
4035
4036 static jclass
4037 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4038 {
4039 unsigned short info = GET_EXTRA_INFO(classinfo);
4040 return ID_to_class(context, info);
4041 }
4042
4043 static void free_block(void *ptr, int kind)
4044 {
4045 switch (kind) {
4046 case VM_STRING_UTF:
4047 JVM_ReleaseUTF(ptr);
4048 break;
4049 case VM_MALLOC_BLK:
4050 free(ptr);
4051 break;
4052 }
4053 }
4054
4055 static void check_and_push(context_type *context, const void *ptr, int kind)
4056 {
4057 alloc_stack_type *p;
4058 if (ptr == 0)
4059 CCout_of_memory(context);
4060 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4061 p = &(context->alloc_stack[context->alloc_stack_top++]);
4062 else {
4063 /* Otherwise we have to malloc */
4064 p = malloc(sizeof(alloc_stack_type));
4065 if (p == 0) {
4066 /* Make sure we clean up. */
4067 free_block((void *)ptr, kind);
4068 CCout_of_memory(context);
4069 }
4070 }
4071 p->kind = kind;
4072 p->ptr = (void *)ptr;
4073 p->next = context->allocated_memory;
4074 context->allocated_memory = p;
4075 }
4076
4077 static void pop_and_free(context_type *context)
4078 {
4079 alloc_stack_type *p = context->allocated_memory;
4080 context->allocated_memory = p->next;
4081 free_block(p->ptr, p->kind);
4082 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4083 p >= context->alloc_stack)
4084 context->alloc_stack_top--;
4085 else
4086 free(p);
4087 }
4088
4089 static int signature_to_args_size(const char *method_signature)
4090 {
4091 const char *p;
4092 int args_size = 0;
4093 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4094 switch (*p) {
4095 case JVM_SIGNATURE_BOOLEAN:
4096 case JVM_SIGNATURE_BYTE:
4097 case JVM_SIGNATURE_CHAR:
4098 case JVM_SIGNATURE_SHORT:
4099 case JVM_SIGNATURE_INT:
4100 case JVM_SIGNATURE_FLOAT:
4101 args_size += 1;
4102 break;
4103 case JVM_SIGNATURE_CLASS:
4104 args_size += 1;
4105 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4106 break;
4107 case JVM_SIGNATURE_ARRAY:
4108 args_size += 1;
4109 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4110 /* If an array of classes, skip over class name, too. */
4111 if (*p == JVM_SIGNATURE_CLASS) {
4112 while (*p != JVM_SIGNATURE_ENDCLASS)
4113 p++;
4114 }
4115 break;
4116 case JVM_SIGNATURE_DOUBLE:
4117 case JVM_SIGNATURE_LONG:
4118 args_size += 2;
4119 break;
4120 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4121 break;
4122 default:
4123 /* Indicate an error. */
4124 return 0;
4125 }
4126 }
4127 return args_size;
4128 }
4129
4130 #ifdef DEBUG
4131
4132 /* Below are for debugging. */
4133
4134 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4135
4136 static void
4137 print_stack(context_type *context, stack_info_type *stack_info)
4138 {
4139 stack_item_type *stack = stack_info->stack;
4140 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4141 jio_fprintf(stdout, "x");
4142 } else {
4143 jio_fprintf(stdout, "(");
4144 for ( ; stack != 0; stack = stack->next)
4145 print_fullinfo_type(context, stack->item,
4146 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4147 jio_fprintf(stdout, ")");
4148 }
4149 }
4150
4151 static void
4152 print_registers(context_type *context, register_info_type *register_info)
4153 {
4154 int register_count = register_info->register_count;
4155 if (register_count == UNKNOWN_REGISTER_COUNT) {
4156 jio_fprintf(stdout, "x");
4157 } else {
4158 fullinfo_type *registers = register_info->registers;
4159 int mask_count = register_info->mask_count;
4160 mask_type *masks = register_info->masks;
4161 int i, j;
4162
4163 jio_fprintf(stdout, "{");
4164 for (i = 0; i < register_count; i++)
4165 print_fullinfo_type(context, registers[i],
4166 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4167 jio_fprintf(stdout, "}");
4168 for (i = 0; i < mask_count; i++) {
4169 char *separator = "";
4170 int *modifies = masks[i].modifies;
4171 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4172 for (j = 0;
4173 j < JVM_GetMethodIxLocalsCount(context->env,
4174 context->class,
4175 context->method_index);
4176 j++)
4177 if (IS_BIT_SET(modifies, j)) {
4178 jio_fprintf(stdout, "%s%d", separator, j);
4179 separator = ",";
4180 }
4181 jio_fprintf(stdout, ">");
4182 }
4183 }
4184 }
4185
4186
4187 static void
4188 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4189 {
4190 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4191 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4192 }
4193 }
4194
4195 static void
4196 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4197 {
4198 int i;
4199 int indirection = GET_INDIRECTION(type);
4200 for (i = indirection; i-- > 0; )
4201 jio_fprintf(stdout, "[");
4202 switch (GET_ITEM_TYPE(type)) {
4203 case ITEM_Integer:
4204 jio_fprintf(stdout, "I"); break;
4205 case ITEM_Float:
4206 jio_fprintf(stdout, "F"); break;
4207 case ITEM_Double:
4208 jio_fprintf(stdout, "D"); break;
4209 case ITEM_Double_2:
4210 jio_fprintf(stdout, "d"); break;
4211 case ITEM_Long:
4212 jio_fprintf(stdout, "L"); break;
4213 case ITEM_Long_2:
4214 jio_fprintf(stdout, "l"); break;
4215 case ITEM_ReturnAddress:
4216 jio_fprintf(stdout, "a"); break;
4217 case ITEM_Object:
4218 if (!verbose) {
4219 jio_fprintf(stdout, "A");
4220 } else {
4221 unsigned short extra = GET_EXTRA_INFO(type);
4222 if (extra == 0) {
4223 jio_fprintf(stdout, "/Null/");
4224 } else {
4225 const char *name = ID_to_class_name(context, extra);
4226 const char *name2 = strrchr(name, '/');
4227 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4228 }
4229 }
4230 break;
4231 case ITEM_Char:
4232 jio_fprintf(stdout, "C"); break;
4233 case ITEM_Short:
4234 jio_fprintf(stdout, "S"); break;
4235 case ITEM_Byte:
4236 jio_fprintf(stdout, "B"); break;
4237 case ITEM_NewObject:
4238 if (!verbose) {
4239 jio_fprintf(stdout, "@");
4240 } else {
4241 int inum = GET_EXTRA_INFO(type);
4242 fullinfo_type real_type =
4243 context->instruction_data[inum].operand2.fi;
4244 jio_fprintf(stdout, ">");
4245 print_fullinfo_type(context, real_type, JNI_TRUE);
4246 jio_fprintf(stdout, "<");
4247 }
4248 break;
4249 case ITEM_InitObject:
4250 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4251 break;
4252
4253 default:
4254 jio_fprintf(stdout, "?"); break;
4255 }
4256 for (i = indirection; i-- > 0; )
4257 jio_fprintf(stdout, "]");
4258 }
4259
4260
4261 static void
4262 print_formatted_fieldname(context_type *context, int index)
4263 {
4264 JNIEnv *env = context->env;
4265 jclass cb = context->class;
4266 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4267 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4268 jio_fprintf(stdout, " <%s.%s>",
4269 classname ? classname : "", fieldname ? fieldname : "");
4270 JVM_ReleaseUTF(classname);
4271 JVM_ReleaseUTF(fieldname);
4272 }
4273
4274 static void
4275 print_formatted_methodname(context_type *context, int index)
4276 {
4277 JNIEnv *env = context->env;
4278 jclass cb = context->class;
4279 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4280 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4281 jio_fprintf(stdout, " <%s.%s>",
4282 classname ? classname : "", methodname ? methodname : "");
4283 JVM_ReleaseUTF(classname);
4284 JVM_ReleaseUTF(methodname);
4285 }
4286
4287 #endif /*DEBUG*/