1 /*
2 * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jni_util.h"
90 #include "jvm.h"
91 #include "classfile_constants.h"
92 #include "opcodes.in_out"
93
94 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
95 * but the code here does not handles it. So we wrap the methods and return non-NULL
96 * pointers even if we allocate 0 bytes.
97 */
98 #ifdef _AIX
99 static int aix_dummy;
100 static void* aix_malloc(size_t len) {
101 if (len == 0) {
102 return &aix_dummy;
103 }
104 return malloc(len);
105 }
106
107 static void* aix_calloc(size_t n, size_t size) {
108 if (n == 0) {
109 return &aix_dummy;
110 }
111 return calloc(n, size);
112 }
113
114 static void aix_free(void* p) {
115 if (p == &aix_dummy) {
116 return;
117 }
118 free(p);
119 }
120
121 #undef malloc
122 #undef calloc
123 #undef free
124 #define malloc aix_malloc
125 #define calloc aix_calloc
126 #define free aix_free
127 #endif
128
129 #ifdef __APPLE__
130 /* use setjmp/longjmp versions that do not save/restore the signal mask */
131 #define setjmp _setjmp
132 #define longjmp _longjmp
133 #endif
134
135 #define MAX_ARRAY_DIMENSIONS 255
136 /* align byte code */
137 #ifndef ALIGN_UP
138 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
139 #endif /* ALIGN_UP */
140 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
141
142 #ifdef DEBUG
143
144 int verify_verbose = 0;
145 static struct context_type *GlobalContext;
146 #endif
147
148 enum {
149 ITEM_Bogus,
150 ITEM_Void, /* only as a function return value */
151 ITEM_Integer,
152 ITEM_Float,
153 ITEM_Double,
154 ITEM_Double_2, /* 2nd word of double in register */
155 ITEM_Long,
156 ITEM_Long_2, /* 2nd word of long in register */
157 ITEM_Array,
158 ITEM_Object, /* Extra info field gives name. */
159 ITEM_NewObject, /* Like object, but uninitialized. */
160 ITEM_InitObject, /* "this" is init method, before call
161 to super() */
162 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
163 /* The following four are only used within array types.
164 * Normally, we use ITEM_Integer, instead. */
165 ITEM_Byte,
166 ITEM_Short,
167 ITEM_Char,
168 ITEM_Boolean
169 };
170
171
172 #define UNKNOWN_STACK_SIZE -1
173 #define UNKNOWN_REGISTER_COUNT -1
174 #define UNKNOWN_RET_INSTRUCTION -1
175
176 #undef MAX
177 #undef MIN
178 #define MAX(a, b) ((a) > (b) ? (a) : (b))
179 #define MIN(a, b) ((a) < (b) ? (a) : (b))
180
181 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
182 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
183 ((unsigned)1 << ((i) % BITS_PER_INT)))
184 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
185 ((unsigned)1 << ((i) % BITS_PER_INT)))
186
187 typedef unsigned int fullinfo_type;
188 typedef unsigned int *bitvector;
189
190 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
191 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
192 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
193 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
194 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
195
196 #define MAKE_FULLINFO(type, indirect, extra) \
197 ((type) + ((indirect) << 5) + ((extra) << 16))
198
199 #define MAKE_Object_ARRAY(indirect) \
200 (context->object_info + ((indirect) << 5))
201
202 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
203
204 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
205 #define JVM_OPC_invokeinit 0x100
206
207 /* A hash mechanism used by the verifier.
208 * Maps class names to unique 16 bit integers.
209 */
210
211 #define HASH_TABLE_SIZE 503
212
213 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
214 * row (256 buckets) at a time to minimize fragmentation. Rows are
215 * allocated on demand so that we don't waste too much space.
216 */
217
218 #define MAX_HASH_ENTRIES 65536
219 #define HASH_ROW_SIZE 256
220
221 typedef struct hash_bucket_type {
222 char *name;
223 unsigned int hash;
224 jclass class;
225 unsigned short ID;
226 unsigned short next;
227 unsigned loadable:1; /* from context->class loader */
228 } hash_bucket_type;
229
230 typedef struct {
231 hash_bucket_type **buckets;
232 unsigned short *table;
233 int entries_used;
234 } hash_table_type;
235
236 #define GET_BUCKET(class_hash, ID)\
237 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
238
239 /*
240 * There are currently two types of resources that we need to keep
241 * track of (in addition to the CCalloc pool).
242 */
243 enum {
244 VM_STRING_UTF, /* VM-allocated UTF strings */
245 VM_MALLOC_BLK /* malloc'ed blocks */
246 };
247
248 #define LDC_CLASS_MAJOR_VERSION 49
249
250 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
251
252 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
253
254 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
255
256 #define ALLOC_STACK_SIZE 16 /* big enough */
257
258 typedef struct alloc_stack_type {
259 void *ptr;
260 int kind;
261 struct alloc_stack_type *next;
262 } alloc_stack_type;
263
264 /* The context type encapsulates the current invocation of the byte
265 * code verifier.
266 */
267 struct context_type {
268
269 JNIEnv *env; /* current JNIEnv */
270
271 /* buffers etc. */
272 char *message;
273 jint message_buf_len;
274 jboolean err_code;
275
276 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
277 had a chance to free */
278 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
279 blocks here, to save mallocs. */
280 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
281 int alloc_stack_top;
282
283 /* these fields are per class */
284 jclass class; /* current class */
285 jint major_version;
286 jint nconstants;
287 unsigned char *constant_types;
288 hash_table_type class_hash;
289
290 fullinfo_type object_info; /* fullinfo for java/lang/Object */
291 fullinfo_type string_info; /* fullinfo for java/lang/String */
292 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
293 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
294 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
295
296 fullinfo_type currentclass_info; /* fullinfo for context->class */
297 fullinfo_type superclass_info; /* fullinfo for superclass */
298
299 /* these fields are per method */
300 int method_index; /* current method */
301 unsigned short *exceptions; /* exceptions */
302 unsigned char *code; /* current code object */
303 jint code_length;
304 int *code_data; /* offset to instruction number */
305 struct instruction_data_type *instruction_data; /* info about each */
306 struct handler_info_type *handler_info;
307 fullinfo_type *superclasses; /* null terminated superclasses */
308 int instruction_count; /* number of instructions */
309 fullinfo_type return_type; /* function return type */
310 fullinfo_type swap_table[4]; /* used for passing information */
311 int bitmask_size; /* words needed to hold bitmap of arguments */
312
313 /* these fields are per field */
314 int field_index;
315
316 /* Used by the space allocator */
317 struct CCpool *CCroot, *CCcurrent;
318 char *CCfree_ptr;
319 int CCfree_size;
320
321 /* Jump here on any error. */
322 jmp_buf jump_buffer;
323
324 #ifdef DEBUG
325 /* keep track of how many global refs are allocated. */
326 int n_globalrefs;
327 #endif
328 };
329
330 struct stack_info_type {
331 struct stack_item_type *stack;
332 int stack_size;
333 };
334
335 struct register_info_type {
336 int register_count; /* number of registers used */
337 fullinfo_type *registers;
338 int mask_count; /* number of masks in the following */
339 struct mask_type *masks;
340 };
341
342 struct mask_type {
343 int entry;
344 int *modifies;
345 };
346
347 typedef unsigned short flag_type;
348
349 struct instruction_data_type {
350 int opcode; /* may turn into "canonical" opcode */
351 unsigned changed:1; /* has it changed */
352 unsigned protected:1; /* must accessor be a subclass of "this" */
353 union {
354 int i; /* operand to the opcode */
355 int *ip;
356 fullinfo_type fi;
357 } operand, operand2;
358 fullinfo_type p;
359 struct stack_info_type stack_info;
360 struct register_info_type register_info;
361 #define FLAG_REACHED 0x01 /* instruction reached */
362 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
363 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
364 flag_type or_flags; /* true for at least one path to this inst */
365 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
366 flag_type and_flags; /* true for all paths to this instruction */
367 };
368
369 struct handler_info_type {
370 int start, end, handler;
371 struct stack_info_type stack_info;
372 };
373
374 struct stack_item_type {
375 fullinfo_type item;
376 struct stack_item_type *next;
377 };
378
379 typedef struct context_type context_type;
380 typedef struct instruction_data_type instruction_data_type;
381 typedef struct stack_item_type stack_item_type;
382 typedef struct register_info_type register_info_type;
383 typedef struct stack_info_type stack_info_type;
384 typedef struct mask_type mask_type;
385
386 static void read_all_code(context_type *context, jclass cb, int num_methods,
387 int** code_lengths, unsigned char*** code);
388 static void verify_method(context_type *context, jclass cb, int index,
389 int code_length, unsigned char* code);
390 static void free_all_code(context_type* context, int num_methods,
391 unsigned char** code);
392 static void verify_field(context_type *context, jclass cb, int index);
393
394 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
395 static void set_protected(context_type *, unsigned int inumber, int key, int);
396 static jboolean is_superclass(context_type *, fullinfo_type);
397
398 static void initialize_exception_table(context_type *);
399 static int instruction_length(unsigned char *iptr, unsigned char *end);
400 static jboolean isLegalTarget(context_type *, int offset);
401 static void verify_constant_pool_type(context_type *, int, unsigned);
402
403 static void initialize_dataflow(context_type *);
404 static void run_dataflow(context_type *context);
405 static void check_register_values(context_type *context, unsigned int inumber);
406 static void check_flags(context_type *context, unsigned int inumber);
407 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
408 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
409 static void update_flags(context_type *, unsigned int inumber,
410 flag_type *new_and_flags, flag_type *new_or_flags);
411 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
412
413 static void merge_into_successors(context_type *, unsigned int inumber,
414 register_info_type *register_info,
415 stack_info_type *stack_info,
416 flag_type and_flags, flag_type or_flags);
417 static void merge_into_one_successor(context_type *context,
418 unsigned int from_inumber,
419 unsigned int inumber,
420 register_info_type *register_info,
421 stack_info_type *stack_info,
422 flag_type and_flags, flag_type or_flags,
423 jboolean isException);
424 static void merge_stack(context_type *, unsigned int inumber,
425 unsigned int to_inumber, stack_info_type *);
426 static void merge_registers(context_type *, unsigned int inumber,
427 unsigned int to_inumber,
428 register_info_type *);
429 static void merge_flags(context_type *context, unsigned int from_inumber,
430 unsigned int to_inumber,
431 flag_type new_and_flags, flag_type new_or_flags);
432
433 static stack_item_type *copy_stack(context_type *, stack_item_type *);
434 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
435 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
436
437 static fullinfo_type decrement_indirection(fullinfo_type);
438
439 static fullinfo_type merge_fullinfo_types(context_type *context,
440 fullinfo_type a,
441 fullinfo_type b,
442 jboolean assignment);
443 static jboolean isAssignableTo(context_type *,
444 fullinfo_type a,
445 fullinfo_type b);
446
447 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
448
449
450 #define NEW(type, count) \
451 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
452 #define ZNEW(type, count) \
453 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
454
455 static void CCinit(context_type *context);
456 static void CCreinit(context_type *context);
457 static void CCdestroy(context_type *context);
458 static void *CCalloc(context_type *context, int size, jboolean zero);
459
460 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
461
462 static char signature_to_fieldtype(context_type *context,
463 const char **signature_p, fullinfo_type *info);
464
465 static void CCerror (context_type *, char *format, ...);
466 static void CFerror (context_type *, char *format, ...);
467 static void CCout_of_memory (context_type *);
468
469 /* Because we can longjmp any time, we need to be very careful about
470 * remembering what needs to be freed. */
471
472 static void check_and_push(context_type *context, const void *ptr, int kind);
473 static void pop_and_free(context_type *context);
474
475 static int signature_to_args_size(const char *method_signature);
476
477 #ifdef DEBUG
478 static void print_stack (context_type *, stack_info_type *stack_info);
479 static void print_registers(context_type *, register_info_type *register_info);
480 static void print_flags(context_type *, flag_type, flag_type);
481 static void print_formatted_fieldname(context_type *context, int index);
482 static void print_formatted_methodname(context_type *context, int index);
483 #endif
484
485 /*
486 * Declare library specific JNI_Onload entry if static build
487 */
488 DEF_STATIC_JNI_OnLoad
489
490 void initialize_class_hash(context_type *context)
491 {
492 hash_table_type *class_hash = &(context->class_hash);
493 class_hash->buckets = (hash_bucket_type **)
494 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
495 class_hash->table = (unsigned short *)
496 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
497 if (class_hash->buckets == 0 ||
498 class_hash->table == 0)
499 CCout_of_memory(context);
500 class_hash->entries_used = 0;
501 }
502
503 static void finalize_class_hash(context_type *context)
504 {
505 hash_table_type *class_hash = &(context->class_hash);
506 JNIEnv *env = context->env;
507 int i;
508 /* 4296677: bucket index starts from 1. */
509 for (i=1;i<=class_hash->entries_used;i++) {
510 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
511 assert(bucket != NULL);
512 free(bucket->name);
513 if (bucket->class) {
514 (*env)->DeleteGlobalRef(env, bucket->class);
515 #ifdef DEBUG
516 context->n_globalrefs--;
517 #endif
518 }
519 }
520 if (class_hash->buckets) {
521 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
522 if (class_hash->buckets[i] == 0)
523 break;
524 free(class_hash->buckets[i]);
525 }
526 }
527 free(class_hash->buckets);
528 free(class_hash->table);
529 }
530
531 static hash_bucket_type *
532 new_bucket(context_type *context, unsigned short *pID)
533 {
534 hash_table_type *class_hash = &(context->class_hash);
535 int i = *pID = class_hash->entries_used + 1;
536 int row = i / HASH_ROW_SIZE;
537 if (i >= MAX_HASH_ENTRIES)
538 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
539 if (class_hash->buckets[row] == 0) {
540 class_hash->buckets[row] = (hash_bucket_type*)
541 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
542 if (class_hash->buckets[row] == 0)
543 CCout_of_memory(context);
544 }
545 class_hash->entries_used++; /* only increment when we are sure there
546 is no overflow. */
547 return GET_BUCKET(class_hash, i);
548 }
549
550 static unsigned int
551 class_hash_fun(const char *s)
552 {
553 int i;
554 unsigned raw_hash;
555 for (raw_hash = 0; (i = *s) != '\0'; ++s)
556 raw_hash = raw_hash * 37 + i;
557 return raw_hash;
558 }
559
560 /*
561 * Find a class using the defining loader of the current class
562 * and return a local reference to it.
563 */
564 static jclass load_class_local(context_type *context,const char *classname)
565 {
566 jclass cb = JVM_FindClassFromClass(context->env, classname,
567 JNI_FALSE, context->class);
568 if (cb == 0)
569 CCerror(context, "Cannot find class %s", classname);
570 return cb;
571 }
572
573 /*
574 * Find a class using the defining loader of the current class
575 * and return a global reference to it.
576 */
577 static jclass load_class_global(context_type *context, const char *classname)
578 {
579 JNIEnv *env = context->env;
580 jclass local, global;
581
582 local = load_class_local(context, classname);
583 global = (*env)->NewGlobalRef(env, local);
584 if (global == 0)
585 CCout_of_memory(context);
586 #ifdef DEBUG
587 context->n_globalrefs++;
588 #endif
589 (*env)->DeleteLocalRef(env, local);
590 return global;
591 }
592
593 /*
594 * Return a unique ID given a local class reference. The loadable
595 * flag is true if the defining class loader of context->class
596 * is known to be capable of loading the class.
597 */
598 static unsigned short
599 class_to_ID(context_type *context, jclass cb, jboolean loadable)
600 {
601 JNIEnv *env = context->env;
602 hash_table_type *class_hash = &(context->class_hash);
603 unsigned int hash;
604 hash_bucket_type *bucket;
605 unsigned short *pID;
606 const char *name = JVM_GetClassNameUTF(env, cb);
607
608 check_and_push(context, name, VM_STRING_UTF);
609 hash = class_hash_fun(name);
610 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
611 while (*pID) {
612 bucket = GET_BUCKET(class_hash, *pID);
613 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
614 /*
615 * There is an unresolved entry with our name
616 * so we're forced to load it in case it matches us.
617 */
618 if (bucket->class == 0) {
619 assert(bucket->loadable == JNI_TRUE);
620 bucket->class = load_class_global(context, name);
621 }
622
623 /*
624 * It's already in the table. Update the loadable
625 * state if it's known and then we're done.
626 */
627 if ((*env)->IsSameObject(env, cb, bucket->class)) {
628 if (loadable && !bucket->loadable)
629 bucket->loadable = JNI_TRUE;
630 goto done;
631 }
632 }
633 pID = &bucket->next;
634 }
635 bucket = new_bucket(context, pID);
636 bucket->next = 0;
637 bucket->hash = hash;
638 bucket->name = malloc(strlen(name) + 1);
639 if (bucket->name == 0)
640 CCout_of_memory(context);
641 strcpy(bucket->name, name);
642 bucket->loadable = loadable;
643 bucket->class = (*env)->NewGlobalRef(env, cb);
644 if (bucket->class == 0)
645 CCout_of_memory(context);
646 #ifdef DEBUG
647 context->n_globalrefs++;
648 #endif
649
650 done:
651 pop_and_free(context);
652 return *pID;
653 }
654
655 /*
656 * Return a unique ID given a class name from the constant pool.
657 * All classes are lazily loaded from the defining loader of
658 * context->class.
659 */
660 static unsigned short
661 class_name_to_ID(context_type *context, const char *name)
662 {
663 hash_table_type *class_hash = &(context->class_hash);
664 unsigned int hash = class_hash_fun(name);
665 hash_bucket_type *bucket;
666 unsigned short *pID;
667 jboolean force_load = JNI_FALSE;
668
669 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
670 while (*pID) {
671 bucket = GET_BUCKET(class_hash, *pID);
672 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
673 if (bucket->loadable)
674 goto done;
675 force_load = JNI_TRUE;
676 }
677 pID = &bucket->next;
678 }
679
680 if (force_load) {
681 /*
682 * We found at least one matching named entry for a class that
683 * was not known to be loadable through the defining class loader
684 * of context->class. We must load our named class and update
685 * the hash table in case one these entries matches our class.
686 */
687 JNIEnv *env = context->env;
688 jclass cb = load_class_local(context, name);
689 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
690 (*env)->DeleteLocalRef(env, cb);
691 return id;
692 }
693
694 bucket = new_bucket(context, pID);
695 bucket->next = 0;
696 bucket->class = 0;
697 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
698 bucket->hash = hash;
699 bucket->name = malloc(strlen(name) + 1);
700 if (bucket->name == 0)
701 CCout_of_memory(context);
702 strcpy(bucket->name, name);
703
704 done:
705 return *pID;
706 }
707
708 static const char *
709 ID_to_class_name(context_type *context, unsigned short ID)
710 {
711 hash_table_type *class_hash = &(context->class_hash);
712 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
713 return bucket->name;
714 }
715
716 static jclass
717 ID_to_class(context_type *context, unsigned short ID)
718 {
719 hash_table_type *class_hash = &(context->class_hash);
720 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
721 if (bucket->class == 0) {
722 assert(bucket->loadable == JNI_TRUE);
723 bucket->class = load_class_global(context, bucket->name);
724 }
725 return bucket->class;
726 }
727
728 static fullinfo_type
729 make_loadable_class_info(context_type *context, jclass cb)
730 {
731 return MAKE_FULLINFO(ITEM_Object, 0,
732 class_to_ID(context, cb, JNI_TRUE));
733 }
734
735 static fullinfo_type
736 make_class_info(context_type *context, jclass cb)
737 {
738 return MAKE_FULLINFO(ITEM_Object, 0,
739 class_to_ID(context, cb, JNI_FALSE));
740 }
741
742 static fullinfo_type
743 make_class_info_from_name(context_type *context, const char *name)
744 {
745 return MAKE_FULLINFO(ITEM_Object, 0,
746 class_name_to_ID(context, name));
747 }
748
749 /* RETURNS
750 * 1: on success chosen to be consistent with previous VerifyClass
751 * 0: verify error
752 * 2: out of memory
753 * 3: class format error
754 *
755 * Called by verify_class. Verify the code of each of the methods
756 * in a class. Note that this function apparently can't be JNICALL,
757 * because if it is the dynamic linker doesn't appear to be able to
758 * find it on Win32.
759 */
760
761 #define CC_OK 1
762 #define CC_VerifyError 0
763 #define CC_OutOfMemory 2
764 #define CC_ClassFormatError 3
765
766 JNIEXPORT jboolean
767 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
768 jint major_version)
769 {
770 context_type context_structure;
771 context_type *context = &context_structure;
772 jboolean result = CC_OK;
773 int i;
774 int num_methods;
775 int* code_lengths;
776 unsigned char** code;
777
778 #ifdef DEBUG
779 GlobalContext = context;
780 #endif
781
782 memset(context, 0, sizeof(context_type));
783 context->message = buffer;
784 context->message_buf_len = len;
785
786 context->env = env;
787 context->class = cb;
788
789 /* Set invalid method/field index of the context, in case anyone
790 calls CCerror */
791 context->method_index = -1;
792 context->field_index = -1;
793
794 /* Don't call CCerror or anything that can call it above the setjmp! */
795 if (!setjmp(context->jump_buffer)) {
796 jclass super;
797
798 CCinit(context); /* initialize heap; may throw */
799
800 initialize_class_hash(context);
801
802 context->major_version = major_version;
803 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
804 context->constant_types = (unsigned char *)
805 malloc(sizeof(unsigned char) * context->nconstants + 1);
806
807 if (context->constant_types == 0)
808 CCout_of_memory(context);
809
810 JVM_GetClassCPTypes(env, cb, context->constant_types);
811
812 if (context->constant_types == 0)
813 CCout_of_memory(context);
814
815 context->object_info =
816 make_class_info_from_name(context, "java/lang/Object");
817 context->string_info =
818 make_class_info_from_name(context, "java/lang/String");
819 context->throwable_info =
820 make_class_info_from_name(context, "java/lang/Throwable");
821 context->cloneable_info =
822 make_class_info_from_name(context, "java/lang/Cloneable");
823 context->serializable_info =
824 make_class_info_from_name(context, "java/io/Serializable");
825
826 context->currentclass_info = make_loadable_class_info(context, cb);
827
828 super = (*env)->GetSuperclass(env, cb);
829
830 if (super != 0) {
831 fullinfo_type *gptr;
832 int i = 0;
833
834 context->superclass_info = make_loadable_class_info(context, super);
835
836 while(super != 0) {
837 jclass tmp_cb = (*env)->GetSuperclass(env, super);
838 (*env)->DeleteLocalRef(env, super);
839 super = tmp_cb;
840 i++;
841 }
842 (*env)->DeleteLocalRef(env, super);
843 super = 0;
844
845 /* Can't go on context heap since it survives more than
846 one method */
847 context->superclasses = gptr =
848 malloc(sizeof(fullinfo_type)*(i + 1));
849 if (gptr == 0) {
850 CCout_of_memory(context);
851 }
852
853 super = (*env)->GetSuperclass(env, context->class);
854 while(super != 0) {
855 jclass tmp_cb;
856 *gptr++ = make_class_info(context, super);
857 tmp_cb = (*env)->GetSuperclass(env, super);
858 (*env)->DeleteLocalRef(env, super);
859 super = tmp_cb;
860 }
861 *gptr = 0;
862 } else {
863 context->superclass_info = 0;
864 }
865
866 (*env)->DeleteLocalRef(env, super);
867
868 /* Look at each method */
869 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
870 verify_field(context, cb, i);
871 num_methods = JVM_GetClassMethodsCount(env, cb);
872 read_all_code(context, cb, num_methods, &code_lengths, &code);
873 for (i = num_methods - 1; i >= 0; --i)
874 verify_method(context, cb, i, code_lengths[i], code[i]);
875 free_all_code(context, num_methods, code);
876 result = CC_OK;
877 } else {
878 result = context->err_code;
879 }
880
881 /* Cleanup */
882 finalize_class_hash(context);
883
884 while(context->allocated_memory)
885 pop_and_free(context);
886
887 #ifdef DEBUG
888 GlobalContext = 0;
889 #endif
890
891 if (context->exceptions)
892 free(context->exceptions);
893
894 if (context->constant_types)
895 free(context->constant_types);
896
897 if (context->superclasses)
898 free(context->superclasses);
899
900 #ifdef DEBUG
901 /* Make sure all global refs created in the verifier are freed */
902 assert(context->n_globalrefs == 0);
903 #endif
904
905 CCdestroy(context); /* destroy heap */
906 return result;
907 }
908
909 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
910
911 JNIEXPORT jboolean
912 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
913 {
914 static int warned = 0;
915 if (!warned) {
916 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
917 warned = 1;
918 }
919 return VerifyClassForMajorVersion(env, cb, buffer, len,
920 OLD_FORMAT_MAX_MAJOR_VERSION);
921 }
922
923 static void
924 verify_field(context_type *context, jclass cb, int field_index)
925 {
926 JNIEnv *env = context->env;
927 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
928 context->field_index = field_index;
929
930 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
931 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
932 CCerror(context, "Inconsistent access bits.");
933 }
934 context->field_index = -1;
935 }
936
937
938 /**
939 * We read all of the class's methods' code because it is possible that
940 * the verification of one method could resulting in linking further
941 * down the stack (due to class loading), which could end up rewriting
942 * some of the bytecode of methods we haven't verified yet. Since we
943 * don't want to see the rewritten bytecode, cache all the code and
944 * operate only on that.
945 */
946 static void
947 read_all_code(context_type* context, jclass cb, int num_methods,
948 int** lengths_addr, unsigned char*** code_addr)
949 {
950 int* lengths;
951 unsigned char** code;
952 int i;
953
954 lengths = malloc(sizeof(int) * num_methods);
955 check_and_push(context, lengths, VM_MALLOC_BLK);
956
957 code = malloc(sizeof(unsigned char*) * num_methods);
958 check_and_push(context, code, VM_MALLOC_BLK);
959
960 *(lengths_addr) = lengths;
961 *(code_addr) = code;
962
963 for (i = 0; i < num_methods; ++i) {
964 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
965 if (lengths[i] > 0) {
966 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
967 check_and_push(context, code[i], VM_MALLOC_BLK);
968 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
969 } else {
970 code[i] = NULL;
971 }
972 }
973 }
974
975 static void
976 free_all_code(context_type* context, int num_methods, unsigned char** code)
977 {
978 int i;
979 for (i = 0; i < num_methods; ++i) {
980 if (code[i] != NULL) {
981 pop_and_free(context);
982 }
983 }
984 pop_and_free(context); /* code */
985 pop_and_free(context); /* lengths */
986 }
987
988 /* Verify the code of one method */
989 static void
990 verify_method(context_type *context, jclass cb, int method_index,
991 int code_length, unsigned char* code)
992 {
993 JNIEnv *env = context->env;
994 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
995 int *code_data;
996 instruction_data_type *idata = 0;
997 int instruction_count;
998 int i, offset;
999 unsigned int inumber;
1000 jint nexceptions;
1001
1002 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
1003 /* not much to do for abstract and native methods */
1004 return;
1005 }
1006
1007 context->code_length = code_length;
1008 context->code = code;
1009
1010 /* CCerror can give method-specific info once this is set */
1011 context->method_index = method_index;
1012
1013 CCreinit(context); /* initial heap */
1014 code_data = NEW(int, code_length);
1015
1016 #ifdef DEBUG
1017 if (verify_verbose) {
1018 const char *classname = JVM_GetClassNameUTF(env, cb);
1019 const char *methodname =
1020 JVM_GetMethodIxNameUTF(env, cb, method_index);
1021 const char *signature =
1022 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1023 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1024 (classname ? classname : ""),
1025 (methodname ? methodname : ""),
1026 (signature ? signature : ""));
1027 JVM_ReleaseUTF(classname);
1028 JVM_ReleaseUTF(methodname);
1029 JVM_ReleaseUTF(signature);
1030 }
1031 #endif
1032
1033 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1034 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1035 CCerror(context, "Inconsistent access bits.");
1036 }
1037
1038 // If this method is an overpass method, which is generated by the VM,
1039 // we trust the code and no check needs to be done.
1040 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1041 return;
1042 }
1043
1044 /* Run through the code. Mark the start of each instruction, and give
1045 * the instruction a number */
1046 for (i = 0, offset = 0; offset < code_length; i++) {
1047 int length = instruction_length(&code[offset], code + code_length);
1048 int next_offset = offset + length;
1049 if (length <= 0)
1050 CCerror(context, "Illegal instruction found at offset %d", offset);
1051 if (next_offset > code_length)
1052 CCerror(context, "Code stops in the middle of instruction "
1053 " starting at offset %d", offset);
1054 code_data[offset] = i;
1055 while (++offset < next_offset)
1056 code_data[offset] = -1; /* illegal location */
1057 }
1058 instruction_count = i; /* number of instructions in code */
1059
1060 /* Allocate a structure to hold info about each instruction. */
1061 idata = NEW(instruction_data_type, instruction_count);
1062
1063 /* Initialize the heap, and other info in the context structure. */
1064 context->code = code;
1065 context->instruction_data = idata;
1066 context->code_data = code_data;
1067 context->instruction_count = instruction_count;
1068 context->handler_info =
1069 NEW(struct handler_info_type,
1070 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1071 context->bitmask_size =
1072 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1073 + (BITS_PER_INT - 1))/BITS_PER_INT;
1074
1075 if (instruction_count == 0)
1076 CCerror(context, "Empty code");
1077
1078 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1079 int length = instruction_length(&code[offset], code + code_length);
1080 instruction_data_type *this_idata = &idata[inumber];
1081 this_idata->opcode = code[offset];
1082 this_idata->stack_info.stack = NULL;
1083 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1084 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1085 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1086 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1087 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1088 this_idata->or_flags = 0; /* "bottom" or value*/
1089 /* This also sets up this_data->operand. It also makes the
1090 * xload_x and xstore_x instructions look like the generic form. */
1091 verify_opcode_operands(context, inumber, offset);
1092 offset += length;
1093 }
1094
1095
1096 /* make sure exception table is reasonable. */
1097 initialize_exception_table(context);
1098 /* Set up first instruction, and start of exception handlers. */
1099 initialize_dataflow(context);
1100 /* Run data flow analysis on the instructions. */
1101 run_dataflow(context);
1102
1103 /* verify checked exceptions, if any */
1104 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1105 context->exceptions = (unsigned short *)
1106 malloc(sizeof(unsigned short) * nexceptions + 1);
1107 if (context->exceptions == 0)
1108 CCout_of_memory(context);
1109 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1110 context->exceptions);
1111 for (i = 0; i < nexceptions; i++) {
1112 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1113 verify_constant_pool_type(context, (int)context->exceptions[i],
1114 1 << JVM_CONSTANT_Class);
1115 }
1116 free(context->exceptions);
1117 context->exceptions = 0;
1118 context->code = 0;
1119 context->method_index = -1;
1120 }
1121
1122
1123 /* Look at a single instruction, and verify its operands. Also, for
1124 * simplicity, move the operand into the ->operand field.
1125 * Make sure that branches don't go into the middle of nowhere.
1126 */
1127
1128 static jint _ck_ntohl(jint n)
1129 {
1130 unsigned char *p = (unsigned char *)&n;
1131 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1132 }
1133
1134 static void
1135 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1136 {
1137 JNIEnv *env = context->env;
1138 instruction_data_type *idata = context->instruction_data;
1139 instruction_data_type *this_idata = &idata[inumber];
1140 int *code_data = context->code_data;
1141 int mi = context->method_index;
1142 unsigned char *code = context->code;
1143 int opcode = this_idata->opcode;
1144 int var;
1145
1146 /*
1147 * Set the ip fields to 0 not the i fields because the ip fields
1148 * are 64 bits on 64 bit architectures, the i field is only 32
1149 */
1150 this_idata->operand.ip = 0;
1151 this_idata->operand2.ip = 0;
1152
1153 switch (opcode) {
1154
1155 case JVM_OPC_jsr:
1156 /* instruction of ret statement */
1157 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1158 /* FALLTHROUGH */
1159 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1160 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1161 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1162 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1163 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1164 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1165 case JVM_OPC_goto: {
1166 /* Set the ->operand to be the instruction number of the target. */
1167 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1168 int target = offset + jump;
1169 if (!isLegalTarget(context, target))
1170 CCerror(context, "Illegal target of jump or branch");
1171 this_idata->operand.i = code_data[target];
1172 break;
1173 }
1174
1175 case JVM_OPC_jsr_w:
1176 /* instruction of ret statement */
1177 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1178 /* FALLTHROUGH */
1179 case JVM_OPC_goto_w: {
1180 /* Set the ->operand to be the instruction number of the target. */
1181 int jump = (((signed char)(code[offset+1])) << 24) +
1182 (code[offset+2] << 16) + (code[offset+3] << 8) +
1183 (code[offset + 4]);
1184 int target = offset + jump;
1185 if (!isLegalTarget(context, target))
1186 CCerror(context, "Illegal target of jump or branch");
1187 this_idata->operand.i = code_data[target];
1188 break;
1189 }
1190
1191 case JVM_OPC_tableswitch:
1192 case JVM_OPC_lookupswitch: {
1193 /* Set the ->operand to be a table of possible instruction targets. */
1194 int *lpc = (int *) UCALIGN(code + offset + 1);
1195 int *lptr;
1196 int *saved_operand;
1197 int keys;
1198 int k, delta;
1199
1200 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1201 /* 4639449, 4647081: Padding bytes must be zero. */
1202 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1203 for (; bptr < (unsigned char*)lpc; bptr++) {
1204 if (*bptr != 0) {
1205 CCerror(context, "Non zero padding bytes in switch");
1206 }
1207 }
1208 }
1209 if (opcode == JVM_OPC_tableswitch) {
1210 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1211 delta = 1;
1212 } else {
1213 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1214 delta = 2;
1215 /* Make sure that the tableswitch items are sorted */
1216 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1217 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1218 int next_key = _ck_ntohl(lptr[2]);
1219 if (this_key >= next_key) {
1220 CCerror(context, "Unsorted lookup switch");
1221 }
1222 }
1223 }
1224 saved_operand = NEW(int, keys + 2);
1225 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1226 CCerror(context, "Illegal default target in switch");
1227 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1228 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1229 int target = offset + _ck_ntohl(lptr[0]);
1230 if (!isLegalTarget(context, target))
1231 CCerror(context, "Illegal branch in tableswitch");
1232 saved_operand[k + 1] = code_data[target];
1233 }
1234 saved_operand[0] = keys + 1; /* number of successors */
1235 this_idata->operand.ip = saved_operand;
1236 break;
1237 }
1238
1239 case JVM_OPC_ldc: {
1240 /* Make sure the constant pool item is the right type. */
1241 int key = code[offset + 1];
1242 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1243 (1 << JVM_CONSTANT_String);
1244 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1245 types |= 1 << JVM_CONSTANT_Class;
1246 }
1247 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1248 types |= (1 << JVM_CONSTANT_MethodHandle) |
1249 (1 << JVM_CONSTANT_MethodType);
1250 }
1251 this_idata->operand.i = key;
1252 verify_constant_pool_type(context, key, types);
1253 break;
1254 }
1255
1256 case JVM_OPC_ldc_w: {
1257 /* Make sure the constant pool item is the right type. */
1258 int key = (code[offset + 1] << 8) + code[offset + 2];
1259 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1260 (1 << JVM_CONSTANT_String);
1261 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1262 types |= 1 << JVM_CONSTANT_Class;
1263 }
1264 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1265 types |= (1 << JVM_CONSTANT_MethodHandle) |
1266 (1 << JVM_CONSTANT_MethodType);
1267 }
1268 this_idata->operand.i = key;
1269 verify_constant_pool_type(context, key, types);
1270 break;
1271 }
1272
1273 case JVM_OPC_ldc2_w: {
1274 /* Make sure the constant pool item is the right type. */
1275 int key = (code[offset + 1] << 8) + code[offset + 2];
1276 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1277 this_idata->operand.i = key;
1278 verify_constant_pool_type(context, key, types);
1279 break;
1280 }
1281
1282 case JVM_OPC_getfield: case JVM_OPC_putfield:
1283 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1284 /* Make sure the constant pool item is the right type. */
1285 int key = (code[offset + 1] << 8) + code[offset + 2];
1286 this_idata->operand.i = key;
1287 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1288 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1289 set_protected(context, inumber, key, opcode);
1290 break;
1291 }
1292
1293 case JVM_OPC_invokevirtual:
1294 case JVM_OPC_invokespecial:
1295 case JVM_OPC_invokestatic:
1296 case JVM_OPC_invokedynamic:
1297 case JVM_OPC_invokeinterface: {
1298 /* Make sure the constant pool item is the right type. */
1299 int key = (code[offset + 1] << 8) + code[offset + 2];
1300 const char *methodname;
1301 jclass cb = context->class;
1302 fullinfo_type clazz_info;
1303 int is_constructor, is_internal, is_invokedynamic;
1304 int kind;
1305
1306 switch (opcode ) {
1307 case JVM_OPC_invokestatic:
1308 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1309 ? (1 << JVM_CONSTANT_Methodref)
1310 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1311 break;
1312 case JVM_OPC_invokedynamic:
1313 kind = 1 << JVM_CONSTANT_NameAndType;
1314 break;
1315 case JVM_OPC_invokeinterface:
1316 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1317 break;
1318 default:
1319 kind = 1 << JVM_CONSTANT_Methodref;
1320 }
1321
1322 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1323 /* Make sure the constant pool item is the right type. */
1324 verify_constant_pool_type(context, key, kind);
1325 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1326 check_and_push(context, methodname, VM_STRING_UTF);
1327 is_constructor = !strcmp(methodname, "<init>");
1328 is_internal = methodname[0] == '<';
1329 pop_and_free(context);
1330
1331 if (is_invokedynamic)
1332 clazz_info = context->object_info; // anything will do
1333 else
1334 clazz_info = cp_index_to_class_fullinfo(context, key,
1335 JVM_CONSTANT_Methodref);
1336 this_idata->operand.i = key;
1337 this_idata->operand2.fi = clazz_info;
1338 if (is_constructor) {
1339 if (opcode != JVM_OPC_invokespecial) {
1340 CCerror(context,
1341 "Must call initializers using invokespecial");
1342 }
1343 this_idata->opcode = JVM_OPC_invokeinit;
1344 } else {
1345 if (is_internal) {
1346 CCerror(context, "Illegal call to internal method");
1347 }
1348 if (opcode == JVM_OPC_invokespecial
1349 && clazz_info != context->currentclass_info
1350 && clazz_info != context->superclass_info) {
1351 int not_found = 1;
1352
1353 jclass super = (*env)->GetSuperclass(env, context->class);
1354 while(super != 0) {
1355 jclass tmp_cb;
1356 fullinfo_type new_info = make_class_info(context, super);
1357 if (clazz_info == new_info) {
1358 not_found = 0;
1359 break;
1360 }
1361 tmp_cb = (*env)->GetSuperclass(env, super);
1362 (*env)->DeleteLocalRef(env, super);
1363 super = tmp_cb;
1364 }
1365 (*env)->DeleteLocalRef(env, super);
1366
1367 /* The optimizer may cause this to happen on local code */
1368 if (not_found) {
1369 CCerror(context, "Illegal use of nonvirtual function call");
1370 }
1371 }
1372 }
1373 if (opcode == JVM_OPC_invokeinterface) {
1374 unsigned int args1;
1375 unsigned int args2;
1376 const char *signature =
1377 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1378 check_and_push(context, signature, VM_STRING_UTF);
1379 args1 = signature_to_args_size(signature) + 1;
1380 args2 = code[offset + 3];
1381 if (args1 != args2) {
1382 CCerror(context,
1383 "Inconsistent args_size for invokeinterface");
1384 }
1385 if (code[offset + 4] != 0) {
1386 CCerror(context,
1387 "Fourth operand byte of invokeinterface must be zero");
1388 }
1389 pop_and_free(context);
1390 } else if (opcode == JVM_OPC_invokedynamic) {
1391 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1392 CCerror(context,
1393 "Third and fourth operand bytes of invokedynamic must be zero");
1394 }
1395 } else if (opcode == JVM_OPC_invokevirtual
1396 || opcode == JVM_OPC_invokespecial)
1397 set_protected(context, inumber, key, opcode);
1398 break;
1399 }
1400
1401
1402 case JVM_OPC_instanceof:
1403 case JVM_OPC_checkcast:
1404 case JVM_OPC_new:
1405 case JVM_OPC_anewarray:
1406 case JVM_OPC_multianewarray: {
1407 /* Make sure the constant pool item is a class */
1408 int key = (code[offset + 1] << 8) + code[offset + 2];
1409 fullinfo_type target;
1410 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1411 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1412 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1413 CCerror(context, "Illegal type");
1414 switch(opcode) {
1415 case JVM_OPC_anewarray:
1416 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1417 CCerror(context, "Array with too many dimensions");
1418 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1419 GET_INDIRECTION(target) + 1,
1420 GET_EXTRA_INFO(target));
1421 break;
1422 case JVM_OPC_new:
1423 if (WITH_ZERO_EXTRA_INFO(target) !=
1424 MAKE_FULLINFO(ITEM_Object, 0, 0))
1425 CCerror(context, "Illegal creation of multi-dimensional array");
1426 /* operand gets set to the "unitialized object". operand2 gets
1427 * set to what the value will be after it's initialized. */
1428 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1429 this_idata->operand2.fi = target;
1430 break;
1431 case JVM_OPC_multianewarray:
1432 this_idata->operand.fi = target;
1433 this_idata->operand2.i = code[offset + 3];
1434 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1435 || (this_idata->operand2.i == 0))
1436 CCerror(context, "Illegal dimension argument");
1437 break;
1438 default:
1439 this_idata->operand.fi = target;
1440 }
1441 break;
1442 }
1443
1444 case JVM_OPC_newarray: {
1445 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1446 fullinfo_type full_info;
1447 switch (code[offset + 1]) {
1448 case JVM_T_INT:
1449 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1450 case JVM_T_LONG:
1451 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1452 case JVM_T_FLOAT:
1453 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1454 case JVM_T_DOUBLE:
1455 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1456 case JVM_T_BOOLEAN:
1457 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0); break;
1458 case JVM_T_BYTE:
1459 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1460 case JVM_T_CHAR:
1461 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1462 case JVM_T_SHORT:
1463 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1464 default:
1465 full_info = 0; /* Keep lint happy */
1466 CCerror(context, "Bad type passed to newarray");
1467 }
1468 this_idata->operand.fi = full_info;
1469 break;
1470 }
1471
1472 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1473 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1474 this_idata->opcode = JVM_OPC_iload;
1475 var = opcode - JVM_OPC_iload_0;
1476 goto check_local_variable;
1477
1478 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1479 this_idata->opcode = JVM_OPC_fload;
1480 var = opcode - JVM_OPC_fload_0;
1481 goto check_local_variable;
1482
1483 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1484 this_idata->opcode = JVM_OPC_aload;
1485 var = opcode - JVM_OPC_aload_0;
1486 goto check_local_variable;
1487
1488 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1489 this_idata->opcode = JVM_OPC_lload;
1490 var = opcode - JVM_OPC_lload_0;
1491 goto check_local_variable2;
1492
1493 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1494 this_idata->opcode = JVM_OPC_dload;
1495 var = opcode - JVM_OPC_dload_0;
1496 goto check_local_variable2;
1497
1498 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1499 this_idata->opcode = JVM_OPC_istore;
1500 var = opcode - JVM_OPC_istore_0;
1501 goto check_local_variable;
1502
1503 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1504 this_idata->opcode = JVM_OPC_fstore;
1505 var = opcode - JVM_OPC_fstore_0;
1506 goto check_local_variable;
1507
1508 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1509 this_idata->opcode = JVM_OPC_astore;
1510 var = opcode - JVM_OPC_astore_0;
1511 goto check_local_variable;
1512
1513 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1514 this_idata->opcode = JVM_OPC_lstore;
1515 var = opcode - JVM_OPC_lstore_0;
1516 goto check_local_variable2;
1517
1518 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1519 this_idata->opcode = JVM_OPC_dstore;
1520 var = opcode - JVM_OPC_dstore_0;
1521 goto check_local_variable2;
1522
1523 case JVM_OPC_wide:
1524 this_idata->opcode = code[offset + 1];
1525 var = (code[offset + 2] << 8) + code[offset + 3];
1526 switch(this_idata->opcode) {
1527 case JVM_OPC_lload: case JVM_OPC_dload:
1528 case JVM_OPC_lstore: case JVM_OPC_dstore:
1529 goto check_local_variable2;
1530 default:
1531 goto check_local_variable;
1532 }
1533
1534 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1535 case JVM_OPC_ret:
1536 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1537 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1538 var = code[offset + 1];
1539 check_local_variable:
1540 /* Make sure that the variable number isn't illegal. */
1541 this_idata->operand.i = var;
1542 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1543 CCerror(context, "Illegal local variable number");
1544 break;
1545
1546 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1547 var = code[offset + 1];
1548 check_local_variable2:
1549 /* Make sure that the variable number isn't illegal. */
1550 this_idata->operand.i = var;
1551 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1552 CCerror(context, "Illegal local variable number");
1553 break;
1554
1555 default:
1556 if (opcode > JVM_OPC_MAX)
1557 CCerror(context, "Quick instructions shouldn't appear yet.");
1558 break;
1559 } /* of switch */
1560 }
1561
1562
1563 static void
1564 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1565 {
1566 JNIEnv *env = context->env;
1567 fullinfo_type clazz_info;
1568 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1569 clazz_info = cp_index_to_class_fullinfo(context, key,
1570 JVM_CONSTANT_Fieldref);
1571 } else {
1572 clazz_info = cp_index_to_class_fullinfo(context, key,
1573 JVM_CONSTANT_Methodref);
1574 }
1575 if (is_superclass(context, clazz_info)) {
1576 jclass calledClass =
1577 object_fullinfo_to_classclass(context, clazz_info);
1578 int access;
1579 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1580 searches the referenced field or method in calledClass. The following
1581 while loop is added to search up the superclass chain to make this
1582 symbolic resolution consistent with the field/method resolution
1583 specified in VM spec 5.4.3. */
1584 calledClass = (*env)->NewLocalRef(env, calledClass);
1585 do {
1586 jclass tmp_cb;
1587 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1588 access = JVM_GetCPFieldModifiers
1589 (env, context->class, key, calledClass);
1590 } else {
1591 access = JVM_GetCPMethodModifiers
1592 (env, context->class, key, calledClass);
1593 }
1594 if (access != -1) {
1595 break;
1596 }
1597 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1598 (*env)->DeleteLocalRef(env, calledClass);
1599 calledClass = tmp_cb;
1600 } while (calledClass != 0);
1601
1602 if (access == -1) {
1603 /* field/method not found, detected at runtime. */
1604 } else if (access & JVM_ACC_PROTECTED) {
1605 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1606 context->instruction_data[inumber].protected = JNI_TRUE;
1607 }
1608 (*env)->DeleteLocalRef(env, calledClass);
1609 }
1610 }
1611
1612
1613 static jboolean
1614 is_superclass(context_type *context, fullinfo_type clazz_info) {
1615 fullinfo_type *fptr = context->superclasses;
1616
1617 if (fptr == 0)
1618 return JNI_FALSE;
1619 for (; *fptr != 0; fptr++) {
1620 if (*fptr == clazz_info)
1621 return JNI_TRUE;
1622 }
1623 return JNI_FALSE;
1624 }
1625
1626
1627 /* Look through each item on the exception table. Each of the fields must
1628 * refer to a legal instruction.
1629 */
1630 static void
1631 initialize_exception_table(context_type *context)
1632 {
1633 JNIEnv *env = context->env;
1634 int mi = context->method_index;
1635 struct handler_info_type *handler_info = context->handler_info;
1636 int *code_data = context->code_data;
1637 int code_length = context->code_length;
1638 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1639 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1640 if (max_stack_size < 1 && i > 0) {
1641 // If the method contains exception handlers, it must have room
1642 // on the expression stack for the exception that the VM could push
1643 CCerror(context, "Stack size too large");
1644 }
1645 for (; --i >= 0; handler_info++) {
1646 JVM_ExceptionTableEntryType einfo;
1647 stack_item_type *stack_item = NEW(stack_item_type, 1);
1648
1649 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1650 i, &einfo);
1651
1652 if (!(einfo.start_pc < einfo.end_pc &&
1653 einfo.start_pc >= 0 &&
1654 isLegalTarget(context, einfo.start_pc) &&
1655 (einfo.end_pc == code_length ||
1656 isLegalTarget(context, einfo.end_pc)))) {
1657 CFerror(context, "Illegal exception table range");
1658 }
1659 if (!((einfo.handler_pc > 0) &&
1660 isLegalTarget(context, einfo.handler_pc))) {
1661 CFerror(context, "Illegal exception table handler");
1662 }
1663
1664 handler_info->start = code_data[einfo.start_pc];
1665 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1666 handler_info->end = (einfo.end_pc == context->code_length) ?
1667 context->instruction_count : code_data[einfo.end_pc];
1668 handler_info->handler = code_data[einfo.handler_pc];
1669 handler_info->stack_info.stack = stack_item;
1670 handler_info->stack_info.stack_size = 1;
1671 stack_item->next = NULL;
1672 if (einfo.catchType != 0) {
1673 const char *classname;
1674 /* Constant pool entry type has been checked in format checker */
1675 classname = JVM_GetCPClassNameUTF(env,
1676 context->class,
1677 einfo.catchType);
1678 check_and_push(context, classname, VM_STRING_UTF);
1679 stack_item->item = make_class_info_from_name(context, classname);
1680 if (!isAssignableTo(context,
1681 stack_item->item,
1682 context->throwable_info))
1683 CCerror(context, "catch_type not a subclass of Throwable");
1684 pop_and_free(context);
1685 } else {
1686 stack_item->item = context->throwable_info;
1687 }
1688 }
1689 }
1690
1691
1692 /* Given a pointer to an instruction, return its length. Use the table
1693 * opcode_length[] which is automatically built.
1694 */
1695 static int instruction_length(unsigned char *iptr, unsigned char *end)
1696 {
1697 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1698 int instruction = *iptr;
1699 switch (instruction) {
1700 case JVM_OPC_tableswitch: {
1701 int *lpc = (int *)UCALIGN(iptr + 1);
1702 int index;
1703 if (lpc + 2 >= (int *)end) {
1704 return -1; /* do not read pass the end */
1705 }
1706 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1707 if ((index < 0) || (index > 65535)) {
1708 return -1; /* illegal */
1709 } else {
1710 return (unsigned char *)(&lpc[index + 4]) - iptr;
1711 }
1712 }
1713
1714 case JVM_OPC_lookupswitch: {
1715 int *lpc = (int *) UCALIGN(iptr + 1);
1716 int npairs;
1717 if (lpc + 1 >= (int *)end)
1718 return -1; /* do not read pass the end */
1719 npairs = _ck_ntohl(lpc[1]);
1720 /* There can't be more than 64K labels because of the limit
1721 * on per-method byte code length.
1722 */
1723 if (npairs < 0 || npairs >= 65536)
1724 return -1;
1725 else
1726 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1727 }
1728
1729 case JVM_OPC_wide:
1730 if (iptr + 1 >= end)
1731 return -1; /* do not read pass the end */
1732 switch(iptr[1]) {
1733 case JVM_OPC_ret:
1734 case JVM_OPC_iload: case JVM_OPC_istore:
1735 case JVM_OPC_fload: case JVM_OPC_fstore:
1736 case JVM_OPC_aload: case JVM_OPC_astore:
1737 case JVM_OPC_lload: case JVM_OPC_lstore:
1738 case JVM_OPC_dload: case JVM_OPC_dstore:
1739 return 4;
1740 case JVM_OPC_iinc:
1741 return 6;
1742 default:
1743 return -1;
1744 }
1745
1746 default: {
1747 /* A length of 0 indicates an error. */
1748 int length = opcode_length[instruction];
1749 return (length <= 0) ? -1 : length;
1750 }
1751 }
1752 }
1753
1754
1755 /* Given the target of a branch, make sure that it's a legal target. */
1756 static jboolean
1757 isLegalTarget(context_type *context, int offset)
1758 {
1759 int code_length = context->code_length;
1760 int *code_data = context->code_data;
1761 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1762 }
1763
1764
1765 /* Make sure that an element of the constant pool really is of the indicated
1766 * type.
1767 */
1768 static void
1769 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1770 {
1771 int nconstants = context->nconstants;
1772 unsigned char *type_table = context->constant_types;
1773 unsigned type;
1774
1775 if ((index <= 0) || (index >= nconstants))
1776 CCerror(context, "Illegal constant pool index");
1777
1778 type = type_table[index];
1779 if ((mask & (1 << type)) == 0)
1780 CCerror(context, "Illegal type in constant pool");
1781 }
1782
1783
1784 static void
1785 initialize_dataflow(context_type *context)
1786 {
1787 JNIEnv *env = context->env;
1788 instruction_data_type *idata = context->instruction_data;
1789 int mi = context->method_index;
1790 jclass cb = context->class;
1791 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1792 fullinfo_type *reg_ptr;
1793 fullinfo_type full_info;
1794 const char *p;
1795 const char *signature;
1796
1797 /* Initialize the function entry, since we know everything about it. */
1798 idata[0].stack_info.stack_size = 0;
1799 idata[0].stack_info.stack = NULL;
1800 idata[0].register_info.register_count = args_size;
1801 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1802 idata[0].register_info.mask_count = 0;
1803 idata[0].register_info.masks = NULL;
1804 idata[0].and_flags = 0; /* nothing needed */
1805 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1806 reg_ptr = idata[0].register_info.registers;
1807
1808 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1809 /* A non static method. If this is an <init> method, the first
1810 * argument is an uninitialized object. Otherwise it is an object of
1811 * the given class type. java.lang.Object.<init> is special since
1812 * we don't call its superclass <init> method.
1813 */
1814 if (JVM_IsConstructorIx(env, cb, mi)
1815 && context->currentclass_info != context->object_info) {
1816 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1817 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1818 } else {
1819 *reg_ptr++ = context->currentclass_info;
1820 }
1821 }
1822 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1823 check_and_push(context, signature, VM_STRING_UTF);
1824 /* Fill in each of the arguments into the registers. */
1825 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1826 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1827 switch (fieldchar) {
1828 case 'D': case 'L':
1829 *reg_ptr++ = full_info;
1830 *reg_ptr++ = full_info + 1;
1831 break;
1832 default:
1833 *reg_ptr++ = full_info;
1834 break;
1835 }
1836 }
1837 p++; /* skip over right parenthesis */
1838 if (*p == 'V') {
1839 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1840 } else {
1841 signature_to_fieldtype(context, &p, &full_info);
1842 context->return_type = full_info;
1843 }
1844 pop_and_free(context);
1845 /* Indicate that we need to look at the first instruction. */
1846 idata[0].changed = JNI_TRUE;
1847 }
1848
1849
1850 /* Run the data flow analysis, as long as there are things to change. */
1851 static void
1852 run_dataflow(context_type *context) {
1853 JNIEnv *env = context->env;
1854 int mi = context->method_index;
1855 jclass cb = context->class;
1856 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1857 instruction_data_type *idata = context->instruction_data;
1858 unsigned int icount = context->instruction_count;
1859 jboolean work_to_do = JNI_TRUE;
1860 unsigned int inumber;
1861
1862 /* Run through the loop, until there is nothing left to do. */
1863 while (work_to_do) {
1864 work_to_do = JNI_FALSE;
1865 for (inumber = 0; inumber < icount; inumber++) {
1866 instruction_data_type *this_idata = &idata[inumber];
1867 if (this_idata->changed) {
1868 register_info_type new_register_info;
1869 stack_info_type new_stack_info;
1870 flag_type new_and_flags, new_or_flags;
1871
1872 this_idata->changed = JNI_FALSE;
1873 work_to_do = JNI_TRUE;
1874 #ifdef DEBUG
1875 if (verify_verbose) {
1876 int opcode = this_idata->opcode;
1877 jio_fprintf(stdout, "Instruction %d: ", inumber);
1878 print_stack(context, &this_idata->stack_info);
1879 print_registers(context, &this_idata->register_info);
1880 print_flags(context,
1881 this_idata->and_flags, this_idata->or_flags);
1882 fflush(stdout);
1883 }
1884 #endif
1885 /* Make sure the registers and flags are appropriate */
1886 check_register_values(context, inumber);
1887 check_flags(context, inumber);
1888
1889 /* Make sure the stack can deal with this instruction */
1890 pop_stack(context, inumber, &new_stack_info);
1891
1892 /* Update the registers and flags */
1893 update_registers(context, inumber, &new_register_info);
1894 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1895
1896 /* Update the stack. */
1897 push_stack(context, inumber, &new_stack_info);
1898
1899 if (new_stack_info.stack_size > max_stack_size)
1900 CCerror(context, "Stack size too large");
1901 #ifdef DEBUG
1902 if (verify_verbose) {
1903 jio_fprintf(stdout, " ");
1904 print_stack(context, &new_stack_info);
1905 print_registers(context, &new_register_info);
1906 print_flags(context, new_and_flags, new_or_flags);
1907 fflush(stdout);
1908 }
1909 #endif
1910 /* Add the new stack and register information to any
1911 * instructions that can follow this instruction. */
1912 merge_into_successors(context, inumber,
1913 &new_register_info, &new_stack_info,
1914 new_and_flags, new_or_flags);
1915 }
1916 }
1917 }
1918 }
1919
1920
1921 /* Make sure that the registers contain a legitimate value for the given
1922 * instruction.
1923 */
1924
1925 static void
1926 check_register_values(context_type *context, unsigned int inumber)
1927 {
1928 instruction_data_type *idata = context->instruction_data;
1929 instruction_data_type *this_idata = &idata[inumber];
1930 int opcode = this_idata->opcode;
1931 int operand = this_idata->operand.i;
1932 int register_count = this_idata->register_info.register_count;
1933 fullinfo_type *registers = this_idata->register_info.registers;
1934 jboolean double_word = JNI_FALSE; /* default value */
1935 int type;
1936
1937 switch (opcode) {
1938 default:
1939 return;
1940 case JVM_OPC_iload: case JVM_OPC_iinc:
1941 type = ITEM_Integer; break;
1942 case JVM_OPC_fload:
1943 type = ITEM_Float; break;
1944 case JVM_OPC_aload:
1945 type = ITEM_Object; break;
1946 case JVM_OPC_ret:
1947 type = ITEM_ReturnAddress; break;
1948 case JVM_OPC_lload:
1949 type = ITEM_Long; double_word = JNI_TRUE; break;
1950 case JVM_OPC_dload:
1951 type = ITEM_Double; double_word = JNI_TRUE; break;
1952 }
1953 if (!double_word) {
1954 fullinfo_type reg;
1955 /* Make sure we don't have an illegal register or one with wrong type */
1956 if (operand >= register_count) {
1957 CCerror(context,
1958 "Accessing value from uninitialized register %d", operand);
1959 }
1960 reg = registers[operand];
1961
1962 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1963 /* the register is obviously of the given type */
1964 return;
1965 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1966 /* address type stuff be used on all arrays */
1967 return;
1968 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1969 CCerror(context, "Cannot load return address from register %d",
1970 operand);
1971 /* alternatively
1972 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1973 && (opcode == JVM_OPC_iload)
1974 && (type == ITEM_Object || type == ITEM_Integer)
1975 but this never occurs
1976 */
1977 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1978 return;
1979 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1980 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1981 type == ITEM_Object) {
1982 return;
1983 } else {
1984 CCerror(context, "Register %d contains wrong type", operand);
1985 }
1986 } else {
1987 /* Make sure we don't have an illegal register or one with wrong type */
1988 if ((operand + 1) >= register_count) {
1989 CCerror(context,
1990 "Accessing value from uninitialized register pair %d/%d",
1991 operand, operand+1);
1992 } else {
1993 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1994 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1995 return;
1996 } else {
1997 CCerror(context, "Register pair %d/%d contains wrong type",
1998 operand, operand+1);
1999 }
2000 }
2001 }
2002 }
2003
2004
2005 /* Make sure the flags contain legitimate values for this instruction.
2006 */
2007
2008 static void
2009 check_flags(context_type *context, unsigned int inumber)
2010 {
2011 instruction_data_type *idata = context->instruction_data;
2012 instruction_data_type *this_idata = &idata[inumber];
2013 int opcode = this_idata->opcode;
2014 switch (opcode) {
2015 case JVM_OPC_return:
2016 /* We need a constructor, but we aren't guaranteed it's called */
2017 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2018 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2019 CCerror(context, "Constructor must call super() or this()");
2020 /* fall through */
2021 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2022 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2023 if (this_idata->or_flags & FLAG_NO_RETURN)
2024 /* This method cannot exit normally */
2025 CCerror(context, "Cannot return normally");
2026 default:
2027 break; /* nothing to do. */
2028 }
2029 }
2030
2031 /* Make sure that the top of the stack contains reasonable values for the
2032 * given instruction. The post-pop values of the stack and its size are
2033 * returned in *new_stack_info.
2034 */
2035
2036 static void
2037 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2038 {
2039 instruction_data_type *idata = context->instruction_data;
2040 instruction_data_type *this_idata = &idata[inumber];
2041 int opcode = this_idata->opcode;
2042 stack_item_type *stack = this_idata->stack_info.stack;
2043 int stack_size = this_idata->stack_info.stack_size;
2044 char *stack_operands, *p;
2045 char buffer[257]; /* for holding manufactured argument lists */
2046 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2047 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2048 fullinfo_type full_info; /* only used in case of invoke instructions */
2049 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2050
2051 switch(opcode) {
2052 default:
2053 /* For most instructions, we just use a built-in table */
2054 stack_operands = opcode_in_out[opcode][0];
2055 break;
2056
2057 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2058 /* The top thing on the stack depends on the signature of
2059 * the object. */
2060 int operand = this_idata->operand.i;
2061 const char *signature =
2062 JVM_GetCPFieldSignatureUTF(context->env,
2063 context->class,
2064 operand);
2065 char *ip = buffer;
2066 check_and_push(context, signature, VM_STRING_UTF);
2067 #ifdef DEBUG
2068 if (verify_verbose) {
2069 print_formatted_fieldname(context, operand);
2070 }
2071 #endif
2072 if (opcode == JVM_OPC_putfield)
2073 *ip++ = 'A'; /* object for putfield */
2074 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2075 *ip = '\0';
2076 stack_operands = buffer;
2077 pop_and_free(context);
2078 break;
2079 }
2080
2081 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2082 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2083 case JVM_OPC_invokedynamic:
2084 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2085 /* The top stuff on the stack depends on the method signature */
2086 int operand = this_idata->operand.i;
2087 const char *signature =
2088 JVM_GetCPMethodSignatureUTF(context->env,
2089 context->class,
2090 operand);
2091 char *ip = buffer;
2092 const char *p;
2093 check_and_push(context, signature, VM_STRING_UTF);
2094 #ifdef DEBUG
2095 if (verify_verbose) {
2096 print_formatted_methodname(context, operand);
2097 }
2098 #endif
2099 if (opcode != JVM_OPC_invokestatic &&
2100 opcode != JVM_OPC_invokedynamic)
2101 /* First, push the object */
2102 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2103 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2104 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2105 if (ip >= buffer + sizeof(buffer) - 1)
2106 CCerror(context, "Signature %s has too many arguments",
2107 signature);
2108 }
2109 *ip = 0;
2110 stack_operands = buffer;
2111 pop_and_free(context);
2112 break;
2113 }
2114
2115 case JVM_OPC_multianewarray: {
2116 /* Count can't be larger than 255. So can't overflow buffer */
2117 int count = this_idata->operand2.i; /* number of ints on stack */
2118 memset(buffer, 'I', count);
2119 buffer[count] = '\0';
2120 stack_operands = buffer;
2121 break;
2122 }
2123
2124 } /* of switch */
2125
2126 /* Run through the list of operands >>backwards<< */
2127 for ( p = stack_operands + strlen(stack_operands);
2128 p > stack_operands;
2129 stack = stack->next) {
2130 int type = *--p;
2131 fullinfo_type top_type = stack ? stack->item : 0;
2132 int size = (type == 'D' || type == 'L') ? 2 : 1;
2133 *--stack_extra_info = top_type;
2134 if (stack == NULL)
2135 CCerror(context, "Unable to pop operand off an empty stack");
2136
2137 switch (type) {
2138 case 'I':
2139 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2140 CCerror(context, "Expecting to find integer on stack");
2141 break;
2142
2143 case 'F':
2144 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2145 CCerror(context, "Expecting to find float on stack");
2146 break;
2147
2148 case 'A': /* object or array */
2149 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2150 && (GET_INDIRECTION(top_type) == 0)) {
2151 /* The thing isn't an object or an array. Let's see if it's
2152 * one of the special cases */
2153 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2154 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2155 && (opcode == JVM_OPC_astore))
2156 break;
2157 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2158 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2159 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2160 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2161 break;
2162 /* The 2nd edition VM of the specification allows field
2163 * initializations before the superclass initializer,
2164 * if the field is defined within the current class.
2165 */
2166 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2167 && (opcode == JVM_OPC_putfield)) {
2168 int operand = this_idata->operand.i;
2169 int access_bits = JVM_GetCPFieldModifiers(context->env,
2170 context->class,
2171 operand,
2172 context->class);
2173 /* Note: This relies on the fact that
2174 * JVM_GetCPFieldModifiers retrieves only local fields,
2175 * and does not respect inheritance.
2176 */
2177 if (access_bits != -1) {
2178 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2179 context->currentclass_info ) {
2180 top_type = context->currentclass_info;
2181 *stack_extra_info = top_type;
2182 break;
2183 }
2184 }
2185 }
2186 CCerror(context, "Expecting to find object/array on stack");
2187 }
2188 break;
2189
2190 case '@': { /* unitialized object, for call to <init> */
2191 int item_type = GET_ITEM_TYPE(top_type);
2192 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2193 CCerror(context,
2194 "Expecting to find unitialized object on stack");
2195 break;
2196 }
2197
2198 case 'O': /* object, not array */
2199 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2200 MAKE_FULLINFO(ITEM_Object, 0, 0))
2201 CCerror(context, "Expecting to find object on stack");
2202 break;
2203
2204 case 'a': /* integer, object, or array */
2205 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2206 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2207 && (GET_INDIRECTION(top_type) == 0))
2208 CCerror(context,
2209 "Expecting to find object, array, or int on stack");
2210 break;
2211
2212 case 'D': /* double */
2213 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2214 CCerror(context, "Expecting to find double on stack");
2215 break;
2216
2217 case 'L': /* long */
2218 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2219 CCerror(context, "Expecting to find long on stack");
2220 break;
2221
2222 case ']': /* array of some type */
2223 if (top_type == NULL_FULLINFO) {
2224 /* do nothing */
2225 } else switch(p[-1]) {
2226 case 'I': /* array of integers */
2227 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2228 top_type != NULL_FULLINFO)
2229 CCerror(context,
2230 "Expecting to find array of ints on stack");
2231 break;
2232
2233 case 'L': /* array of longs */
2234 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2235 CCerror(context,
2236 "Expecting to find array of longs on stack");
2237 break;
2238
2239 case 'F': /* array of floats */
2240 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2241 CCerror(context,
2242 "Expecting to find array of floats on stack");
2243 break;
2244
2245 case 'D': /* array of doubles */
2246 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2247 CCerror(context,
2248 "Expecting to find array of doubles on stack");
2249 break;
2250
2251 case 'A': { /* array of addresses (arrays or objects) */
2252 int indirection = GET_INDIRECTION(top_type);
2253 if ((indirection == 0) ||
2254 ((indirection == 1) &&
2255 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2256 CCerror(context,
2257 "Expecting to find array of objects or arrays "
2258 "on stack");
2259 break;
2260 }
2261
2262 case 'B': /* array of bytes or booleans */
2263 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2264 top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2265 CCerror(context,
2266 "Expecting to find array of bytes or Booleans on stack");
2267 break;
2268
2269 case 'C': /* array of characters */
2270 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2271 CCerror(context,
2272 "Expecting to find array of chars on stack");
2273 break;
2274
2275 case 'S': /* array of shorts */
2276 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2277 CCerror(context,
2278 "Expecting to find array of shorts on stack");
2279 break;
2280
2281 case '?': /* any type of array is okay */
2282 if (GET_INDIRECTION(top_type) == 0)
2283 CCerror(context,
2284 "Expecting to find array on stack");
2285 break;
2286
2287 default:
2288 CCerror(context, "Internal error #1");
2289 break;
2290 }
2291 p -= 2; /* skip over [ <char> */
2292 break;
2293
2294 case '1': case '2': case '3': case '4': /* stack swapping */
2295 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2296 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2297 if ((p > stack_operands) && (p[-1] == '+')) {
2298 context->swap_table[type - '1'] = top_type + 1;
2299 context->swap_table[p[-2] - '1'] = top_type;
2300 size = 2;
2301 p -= 2;
2302 } else {
2303 CCerror(context,
2304 "Attempt to split long or double on the stack");
2305 }
2306 } else {
2307 context->swap_table[type - '1'] = stack->item;
2308 if ((p > stack_operands) && (p[-1] == '+'))
2309 p--; /* ignore */
2310 }
2311 break;
2312 case '+': /* these should have been caught. */
2313 default:
2314 CCerror(context, "Internal error #2");
2315 }
2316 stack_size -= size;
2317 }
2318
2319 /* For many of the opcodes that had an "A" in their field, we really
2320 * need to go back and do a little bit more accurate testing. We can, of
2321 * course, assume that the minimal type checking has already been done.
2322 */
2323 switch (opcode) {
2324 default: break;
2325 case JVM_OPC_aastore: { /* array index object */
2326 fullinfo_type array_type = stack_extra_info[0];
2327 fullinfo_type object_type = stack_extra_info[2];
2328 fullinfo_type target_type = decrement_indirection(array_type);
2329 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2330 && (GET_INDIRECTION(object_type) == 0)) {
2331 CCerror(context, "Expecting reference type on operand stack in aastore");
2332 }
2333 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2334 && (GET_INDIRECTION(target_type) == 0)) {
2335 CCerror(context, "Component type of the array must be reference type in aastore");
2336 }
2337 break;
2338 }
2339
2340 case JVM_OPC_putfield:
2341 case JVM_OPC_getfield:
2342 case JVM_OPC_putstatic: {
2343 int operand = this_idata->operand.i;
2344 fullinfo_type stack_object = stack_extra_info[0];
2345 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2346 if (!isAssignableTo
2347 (context,
2348 stack_object,
2349 cp_index_to_class_fullinfo
2350 (context, operand, JVM_CONSTANT_Fieldref))) {
2351 CCerror(context,
2352 "Incompatible type for getting or setting field");
2353 }
2354 if (this_idata->protected &&
2355 !isAssignableTo(context, stack_object,
2356 context->currentclass_info)) {
2357 CCerror(context, "Bad access to protected data");
2358 }
2359 }
2360 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2361 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2362 if (!isAssignableTo(context,
2363 stack_extra_info[item], put_full_info)) {
2364 CCerror(context, "Bad type in putfield/putstatic");
2365 }
2366 }
2367 break;
2368 }
2369
2370 case JVM_OPC_athrow:
2371 if (!isAssignableTo(context, stack_extra_info[0],
2372 context->throwable_info)) {
2373 CCerror(context, "Can only throw Throwable objects");
2374 }
2375 break;
2376
2377 case JVM_OPC_aaload: { /* array index */
2378 /* We need to pass the information to the stack updater */
2379 fullinfo_type array_type = stack_extra_info[0];
2380 context->swap_table[0] = decrement_indirection(array_type);
2381 break;
2382 }
2383
2384 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2385 case JVM_OPC_invokeinit:
2386 case JVM_OPC_invokedynamic:
2387 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2388 int operand = this_idata->operand.i;
2389 const char *signature =
2390 JVM_GetCPMethodSignatureUTF(context->env,
2391 context->class,
2392 operand);
2393 int item;
2394 const char *p;
2395 check_and_push(context, signature, VM_STRING_UTF);
2396 if (opcode == JVM_OPC_invokestatic ||
2397 opcode == JVM_OPC_invokedynamic) {
2398 item = 0;
2399 } else if (opcode == JVM_OPC_invokeinit) {
2400 fullinfo_type init_type = this_idata->operand2.fi;
2401 fullinfo_type object_type = stack_extra_info[0];
2402 context->swap_table[0] = object_type; /* save value */
2403 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2404 /* We better be calling the appropriate init. Find the
2405 * inumber of the "JVM_OPC_new" instruction", and figure
2406 * out what the type really is.
2407 */
2408 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2409 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2410 context->swap_table[1] = target_type;
2411
2412 if (target_type != init_type) {
2413 CCerror(context, "Call to wrong initialization method");
2414 }
2415 if (this_idata->protected
2416 && !isAssignableTo(context, object_type,
2417 context->currentclass_info)) {
2418 CCerror(context, "Bad access to protected data");
2419 }
2420 } else {
2421 /* We better be calling super() or this(). */
2422 if (init_type != context->superclass_info &&
2423 init_type != context->currentclass_info) {
2424 CCerror(context, "Call to wrong initialization method");
2425 }
2426 context->swap_table[1] = context->currentclass_info;
2427 }
2428 item = 1;
2429 } else {
2430 fullinfo_type target_type = this_idata->operand2.fi;
2431 fullinfo_type object_type = stack_extra_info[0];
2432 if (!isAssignableTo(context, object_type, target_type)){
2433 CCerror(context,
2434 "Incompatible object argument for function call");
2435 }
2436 if (opcode == JVM_OPC_invokespecial
2437 && !isAssignableTo(context, object_type,
2438 context->currentclass_info)) {
2439 /* Make sure object argument is assignment compatible to current class */
2440 CCerror(context,
2441 "Incompatible object argument for invokespecial");
2442 }
2443 if (this_idata->protected
2444 && !isAssignableTo(context, object_type,
2445 context->currentclass_info)) {
2446 /* This is ugly. Special dispensation. Arrays pretend to
2447 implement public Object clone() even though they don't */
2448 const char *utfName =
2449 JVM_GetCPMethodNameUTF(context->env,
2450 context->class,
2451 this_idata->operand.i);
2452 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2453 JVM_ReleaseUTF(utfName);
2454
2455 if ((target_type == context->object_info) &&
2456 (GET_INDIRECTION(object_type) > 0) &&
2457 is_clone) {
2458 } else {
2459 CCerror(context, "Bad access to protected data");
2460 }
2461 }
2462 item = 1;
2463 }
2464 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2465 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2466 if (!isAssignableTo(context,
2467 stack_extra_info[item], full_info)) {
2468 CCerror(context, "Incompatible argument to function");
2469 }
2470 }
2471
2472 pop_and_free(context);
2473 break;
2474 }
2475
2476 case JVM_OPC_return:
2477 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2478 CCerror(context, "Wrong return type in function");
2479 break;
2480
2481 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2482 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2483 fullinfo_type target_type = context->return_type;
2484 fullinfo_type object_type = stack_extra_info[0];
2485 if (!isAssignableTo(context, object_type, target_type)) {
2486 CCerror(context, "Wrong return type in function");
2487 }
2488 break;
2489 }
2490
2491 case JVM_OPC_new: {
2492 /* Make sure that nothing on the stack already looks like what
2493 * we want to create. I can't image how this could possibly happen
2494 * but we should test for it anyway, since if it could happen, the
2495 * result would be an unitialized object being able to masquerade
2496 * as an initialized one.
2497 */
2498 stack_item_type *item;
2499 for (item = stack; item != NULL; item = item->next) {
2500 if (item->item == this_idata->operand.fi) {
2501 CCerror(context,
2502 "Uninitialized object on stack at creating point");
2503 }
2504 }
2505 /* Info for update_registers */
2506 context->swap_table[0] = this_idata->operand.fi;
2507 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2508
2509 break;
2510 }
2511 }
2512 new_stack_info->stack = stack;
2513 new_stack_info->stack_size = stack_size;
2514 }
2515
2516
2517 /* We've already determined that the instruction is legal. Perform the
2518 * operation on the registers, and return the updated results in
2519 * new_register_count_p and new_registers.
2520 */
2521
2522 static void
2523 update_registers(context_type *context, unsigned int inumber,
2524 register_info_type *new_register_info)
2525 {
2526 instruction_data_type *idata = context->instruction_data;
2527 instruction_data_type *this_idata = &idata[inumber];
2528 int opcode = this_idata->opcode;
2529 int operand = this_idata->operand.i;
2530 int register_count = this_idata->register_info.register_count;
2531 fullinfo_type *registers = this_idata->register_info.registers;
2532 stack_item_type *stack = this_idata->stack_info.stack;
2533 int mask_count = this_idata->register_info.mask_count;
2534 mask_type *masks = this_idata->register_info.masks;
2535
2536 /* Use these as default new values. */
2537 int new_register_count = register_count;
2538 int new_mask_count = mask_count;
2539 fullinfo_type *new_registers = registers;
2540 mask_type *new_masks = masks;
2541
2542 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2543 int i;
2544
2545 /* Remember, we've already verified the type at the top of the stack. */
2546 switch (opcode) {
2547 default: break;
2548 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2549 access = ACCESS_SINGLE;
2550 goto continue_store;
2551
2552 case JVM_OPC_lstore: case JVM_OPC_dstore:
2553 access = ACCESS_DOUBLE;
2554 goto continue_store;
2555
2556 continue_store: {
2557 /* We have a modification to the registers. Copy them if needed. */
2558 fullinfo_type stack_top_type = stack->item;
2559 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2560
2561 if ( max_operand < register_count
2562 && registers[operand] == stack_top_type
2563 && ((access == ACCESS_SINGLE) ||
2564 (registers[operand + 1]== stack_top_type + 1)))
2565 /* No changes have been made to the registers. */
2566 break;
2567 new_register_count = MAX(max_operand + 1, register_count);
2568 new_registers = NEW(fullinfo_type, new_register_count);
2569 for (i = 0; i < register_count; i++)
2570 new_registers[i] = registers[i];
2571 for (i = register_count; i < new_register_count; i++)
2572 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2573 new_registers[operand] = stack_top_type;
2574 if (access == ACCESS_DOUBLE)
2575 new_registers[operand + 1] = stack_top_type + 1;
2576 break;
2577 }
2578
2579 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2580 case JVM_OPC_iinc: case JVM_OPC_ret:
2581 access = ACCESS_SINGLE;
2582 break;
2583
2584 case JVM_OPC_lload: case JVM_OPC_dload:
2585 access = ACCESS_DOUBLE;
2586 break;
2587
2588 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2589 for (i = 0; i < new_mask_count; i++)
2590 if (new_masks[i].entry == operand)
2591 CCerror(context, "Recursive call to jsr entry");
2592 new_masks = add_to_masks(context, masks, mask_count, operand);
2593 new_mask_count++;
2594 break;
2595
2596 case JVM_OPC_invokeinit:
2597 case JVM_OPC_new: {
2598 /* For invokeinit, an uninitialized object has been initialized.
2599 * For new, all previous occurrences of an uninitialized object
2600 * from the same instruction must be made bogus.
2601 * We find all occurrences of swap_table[0] in the registers, and
2602 * replace them with swap_table[1];
2603 */
2604 fullinfo_type from = context->swap_table[0];
2605 fullinfo_type to = context->swap_table[1];
2606
2607 int i;
2608 for (i = 0; i < register_count; i++) {
2609 if (new_registers[i] == from) {
2610 /* Found a match */
2611 break;
2612 }
2613 }
2614 if (i < register_count) { /* We broke out loop for match */
2615 /* We have to change registers, and possibly a mask */
2616 jboolean copied_mask = JNI_FALSE;
2617 int k;
2618 new_registers = NEW(fullinfo_type, register_count);
2619 memcpy(new_registers, registers,
2620 register_count * sizeof(registers[0]));
2621 for ( ; i < register_count; i++) {
2622 if (new_registers[i] == from) {
2623 new_registers[i] = to;
2624 for (k = 0; k < new_mask_count; k++) {
2625 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2626 if (!copied_mask) {
2627 new_masks = copy_masks(context, new_masks,
2628 mask_count);
2629 copied_mask = JNI_TRUE;
2630 }
2631 SET_BIT(new_masks[k].modifies, i);
2632 }
2633 }
2634 }
2635 }
2636 }
2637 break;
2638 }
2639 } /* of switch */
2640
2641 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2642 int i, j;
2643 for (i = 0; i < new_mask_count; i++) {
2644 int *mask = new_masks[i].modifies;
2645 if ((!IS_BIT_SET(mask, operand)) ||
2646 ((access == ACCESS_DOUBLE) &&
2647 !IS_BIT_SET(mask, operand + 1))) {
2648 new_masks = copy_masks(context, new_masks, mask_count);
2649 for (j = i; j < new_mask_count; j++) {
2650 SET_BIT(new_masks[j].modifies, operand);
2651 if (access == ACCESS_DOUBLE)
2652 SET_BIT(new_masks[j].modifies, operand + 1);
2653 }
2654 break;
2655 }
2656 }
2657 }
2658
2659 new_register_info->register_count = new_register_count;
2660 new_register_info->registers = new_registers;
2661 new_register_info->masks = new_masks;
2662 new_register_info->mask_count = new_mask_count;
2663 }
2664
2665
2666
2667 /* We've already determined that the instruction is legal, and have updated
2668 * the registers. Update the flags, too.
2669 */
2670
2671
2672 static void
2673 update_flags(context_type *context, unsigned int inumber,
2674 flag_type *new_and_flags, flag_type *new_or_flags)
2675
2676 {
2677 instruction_data_type *idata = context->instruction_data;
2678 instruction_data_type *this_idata = &idata[inumber];
2679 flag_type and_flags = this_idata->and_flags;
2680 flag_type or_flags = this_idata->or_flags;
2681
2682 /* Set the "we've done a constructor" flag */
2683 if (this_idata->opcode == JVM_OPC_invokeinit) {
2684 fullinfo_type from = context->swap_table[0];
2685 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2686 and_flags |= FLAG_CONSTRUCTED;
2687 }
2688 *new_and_flags = and_flags;
2689 *new_or_flags = or_flags;
2690 }
2691
2692
2693
2694 /* We've already determined that the instruction is legal. Perform the
2695 * operation on the stack;
2696 *
2697 * new_stack_size_p and new_stack_p point to the results after the pops have
2698 * already been done. Do the pushes, and then put the results back there.
2699 */
2700
2701 static void
2702 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2703 {
2704 instruction_data_type *idata = context->instruction_data;
2705 instruction_data_type *this_idata = &idata[inumber];
2706 int opcode = this_idata->opcode;
2707 int operand = this_idata->operand.i;
2708
2709 int stack_size = new_stack_info->stack_size;
2710 stack_item_type *stack = new_stack_info->stack;
2711 char *stack_results;
2712
2713 fullinfo_type full_info = 0;
2714 char buffer[5], *p; /* actually [2] is big enough */
2715
2716 /* We need to look at all those opcodes in which either we can't tell the
2717 * value pushed onto the stack from the opcode, or in which the value
2718 * pushed onto the stack is an object or array. For the latter, we need
2719 * to make sure that full_info is set to the right value.
2720 */
2721 switch(opcode) {
2722 default:
2723 stack_results = opcode_in_out[opcode][1];
2724 break;
2725
2726 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2727 /* Look to constant pool to determine correct result. */
2728 unsigned char *type_table = context->constant_types;
2729 switch (type_table[operand]) {
2730 case JVM_CONSTANT_Integer:
2731 stack_results = "I"; break;
2732 case JVM_CONSTANT_Float:
2733 stack_results = "F"; break;
2734 case JVM_CONSTANT_Double:
2735 stack_results = "D"; break;
2736 case JVM_CONSTANT_Long:
2737 stack_results = "L"; break;
2738 case JVM_CONSTANT_String:
2739 stack_results = "A";
2740 full_info = context->string_info;
2741 break;
2742 case JVM_CONSTANT_Class:
2743 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2744 CCerror(context, "Internal error #3");
2745 stack_results = "A";
2746 full_info = make_class_info_from_name(context,
2747 "java/lang/Class");
2748 break;
2749 case JVM_CONSTANT_MethodHandle:
2750 case JVM_CONSTANT_MethodType:
2751 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2752 CCerror(context, "Internal error #3");
2753 stack_results = "A";
2754 switch (type_table[operand]) {
2755 case JVM_CONSTANT_MethodType:
2756 full_info = make_class_info_from_name(context,
2757 "java/lang/invoke/MethodType");
2758 break;
2759 default: //JVM_CONSTANT_MethodHandle
2760 full_info = make_class_info_from_name(context,
2761 "java/lang/invoke/MethodHandle");
2762 break;
2763 }
2764 break;
2765 default:
2766 CCerror(context, "Internal error #3");
2767 stack_results = ""; /* Never reached: keep lint happy */
2768 }
2769 break;
2770 }
2771
2772 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2773 /* Look to signature to determine correct result. */
2774 int operand = this_idata->operand.i;
2775 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2776 context->class,
2777 operand);
2778 check_and_push(context, signature, VM_STRING_UTF);
2779 #ifdef DEBUG
2780 if (verify_verbose) {
2781 print_formatted_fieldname(context, operand);
2782 }
2783 #endif
2784 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2785 buffer[1] = '\0';
2786 stack_results = buffer;
2787 pop_and_free(context);
2788 break;
2789 }
2790
2791 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2792 case JVM_OPC_invokeinit:
2793 case JVM_OPC_invokedynamic:
2794 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2795 /* Look to signature to determine correct result. */
2796 int operand = this_idata->operand.i;
2797 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2798 context->class,
2799 operand);
2800 const char *result_signature;
2801 check_and_push(context, signature, VM_STRING_UTF);
2802 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2803 if (result_signature++ == NULL) {
2804 CCerror(context, "Illegal signature %s", signature);
2805 }
2806 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2807 stack_results = "";
2808 } else {
2809 buffer[0] = signature_to_fieldtype(context, &result_signature,
2810 &full_info);
2811 buffer[1] = '\0';
2812 stack_results = buffer;
2813 }
2814 pop_and_free(context);
2815 break;
2816 }
2817
2818 case JVM_OPC_aconst_null:
2819 stack_results = opcode_in_out[opcode][1];
2820 full_info = NULL_FULLINFO; /* special NULL */
2821 break;
2822
2823 case JVM_OPC_new:
2824 case JVM_OPC_checkcast:
2825 case JVM_OPC_newarray:
2826 case JVM_OPC_anewarray:
2827 case JVM_OPC_multianewarray:
2828 stack_results = opcode_in_out[opcode][1];
2829 /* Conveniently, this result type is stored here */
2830 full_info = this_idata->operand.fi;
2831 break;
2832
2833 case JVM_OPC_aaload:
2834 stack_results = opcode_in_out[opcode][1];
2835 /* pop_stack() saved value for us. */
2836 full_info = context->swap_table[0];
2837 break;
2838
2839 case JVM_OPC_aload:
2840 stack_results = opcode_in_out[opcode][1];
2841 /* The register hasn't been modified, so we can use its value. */
2842 full_info = this_idata->register_info.registers[operand];
2843 break;
2844 } /* of switch */
2845
2846 for (p = stack_results; *p != 0; p++) {
2847 int type = *p;
2848 stack_item_type *new_item = NEW(stack_item_type, 1);
2849 new_item->next = stack;
2850 stack = new_item;
2851 switch (type) {
2852 case 'I':
2853 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2854 case 'F':
2855 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2856 case 'D':
2857 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2858 stack_size++; break;
2859 case 'L':
2860 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2861 stack_size++; break;
2862 case 'R':
2863 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2864 break;
2865 case '1': case '2': case '3': case '4': {
2866 /* Get the info saved in the swap_table */
2867 fullinfo_type stype = context->swap_table[type - '1'];
2868 stack->item = stype;
2869 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2870 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2871 stack_size++; p++;
2872 }
2873 break;
2874 }
2875 case 'A':
2876 /* full_info should have the appropriate value. */
2877 assert(full_info != 0);
2878 stack->item = full_info;
2879 break;
2880 default:
2881 CCerror(context, "Internal error #4");
2882
2883 } /* switch type */
2884 stack_size++;
2885 } /* outer for loop */
2886
2887 if (opcode == JVM_OPC_invokeinit) {
2888 /* If there are any instances of "from" on the stack, we need to
2889 * replace it with "to", since calling <init> initializes all versions
2890 * of the object, obviously. */
2891 fullinfo_type from = context->swap_table[0];
2892 stack_item_type *ptr;
2893 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2894 if (ptr->item == from) {
2895 fullinfo_type to = context->swap_table[1];
2896 stack = copy_stack(context, stack);
2897 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2898 if (ptr->item == from) ptr->item = to;
2899 break;
2900 }
2901 }
2902 }
2903
2904 new_stack_info->stack_size = stack_size;
2905 new_stack_info->stack = stack;
2906 }
2907
2908
2909 /* We've performed an instruction, and determined the new registers and stack
2910 * value. Look at all of the possibly subsequent instructions, and merge
2911 * this stack value into theirs.
2912 */
2913
2914 static void
2915 merge_into_successors(context_type *context, unsigned int inumber,
2916 register_info_type *register_info,
2917 stack_info_type *stack_info,
2918 flag_type and_flags, flag_type or_flags)
2919 {
2920 instruction_data_type *idata = context->instruction_data;
2921 instruction_data_type *this_idata = &idata[inumber];
2922 int opcode = this_idata->opcode;
2923 int operand = this_idata->operand.i;
2924 struct handler_info_type *handler_info = context->handler_info;
2925 int handler_info_length =
2926 JVM_GetMethodIxExceptionTableLength(context->env,
2927 context->class,
2928 context->method_index);
2929
2930
2931 int buffer[2]; /* default value for successors */
2932 int *successors = buffer; /* table of successors */
2933 int successors_count;
2934 int i;
2935
2936 switch (opcode) {
2937 default:
2938 successors_count = 1;
2939 buffer[0] = inumber + 1;
2940 break;
2941
2942 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2943 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2944 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2945 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2946 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2947 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2948 successors_count = 2;
2949 buffer[0] = inumber + 1;
2950 buffer[1] = operand;
2951 break;
2952
2953 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2954 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2955 idata[this_idata->operand2.i].changed = JNI_TRUE;
2956 /* FALLTHROUGH */
2957 case JVM_OPC_goto: case JVM_OPC_goto_w:
2958 successors_count = 1;
2959 buffer[0] = operand;
2960 break;
2961
2962
2963 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2964 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2965 case JVM_OPC_athrow:
2966 /* The testing for the returns is handled in pop_stack() */
2967 successors_count = 0;
2968 break;
2969
2970 case JVM_OPC_ret: {
2971 /* This is slightly slow, but good enough for a seldom used instruction.
2972 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2973 * address of the first instruction of the subroutine. We can return
2974 * to 1 after any instruction that jsr's to that instruction.
2975 */
2976 if (this_idata->operand2.ip == NULL) {
2977 fullinfo_type *registers = this_idata->register_info.registers;
2978 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2979 int i, count, *ptr;;
2980 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2981 if (((idata[i].opcode == JVM_OPC_jsr) ||
2982 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2983 (idata[i].operand.i == called_instruction))
2984 count++;
2985 }
2986 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2987 *ptr++ = count;
2988 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2989 if (((idata[i].opcode == JVM_OPC_jsr) ||
2990 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2991 (idata[i].operand.i == called_instruction))
2992 *ptr++ = i + 1;
2993 }
2994 }
2995 successors = this_idata->operand2.ip; /* use this instead */
2996 successors_count = *successors++;
2997 break;
2998
2999 }
3000
3001 case JVM_OPC_tableswitch:
3002 case JVM_OPC_lookupswitch:
3003 successors = this_idata->operand.ip; /* use this instead */
3004 successors_count = *successors++;
3005 break;
3006 }
3007
3008 #ifdef DEBUG
3009 if (verify_verbose) {
3010 jio_fprintf(stdout, " [");
3011 for (i = handler_info_length; --i >= 0; handler_info++)
3012 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3013 jio_fprintf(stdout, "%d* ", handler_info->handler);
3014 for (i = 0; i < successors_count; i++)
3015 jio_fprintf(stdout, "%d ", successors[i]);
3016 jio_fprintf(stdout, "]\n");
3017 }
3018 #endif
3019
3020 handler_info = context->handler_info;
3021 for (i = handler_info_length; --i >= 0; handler_info++) {
3022 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3023 int handler = handler_info->handler;
3024 if (opcode != JVM_OPC_invokeinit) {
3025 merge_into_one_successor(context, inumber, handler,
3026 &this_idata->register_info, /* old */
3027 &handler_info->stack_info,
3028 (flag_type) (and_flags
3029 & this_idata->and_flags),
3030 (flag_type) (or_flags
3031 | this_idata->or_flags),
3032 JNI_TRUE);
3033 } else {
3034 /* We need to be a little bit more careful with this
3035 * instruction. Things could either be in the state before
3036 * the instruction or in the state afterwards */
3037 fullinfo_type from = context->swap_table[0];
3038 flag_type temp_or_flags = or_flags;
3039 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3040 temp_or_flags |= FLAG_NO_RETURN;
3041 merge_into_one_successor(context, inumber, handler,
3042 &this_idata->register_info, /* old */
3043 &handler_info->stack_info,
3044 this_idata->and_flags,
3045 this_idata->or_flags,
3046 JNI_TRUE);
3047 merge_into_one_successor(context, inumber, handler,
3048 register_info,
3049 &handler_info->stack_info,
3050 and_flags, temp_or_flags, JNI_TRUE);
3051 }
3052 }
3053 }
3054 for (i = 0; i < successors_count; i++) {
3055 int target = successors[i];
3056 if (target >= context->instruction_count)
3057 CCerror(context, "Falling off the end of the code");
3058 merge_into_one_successor(context, inumber, target,
3059 register_info, stack_info, and_flags, or_flags,
3060 JNI_FALSE);
3061 }
3062 }
3063
3064 /* We have a new set of registers and stack values for a given instruction.
3065 * Merge this new set into the values that are already there.
3066 */
3067
3068 static void
3069 merge_into_one_successor(context_type *context,
3070 unsigned int from_inumber, unsigned int to_inumber,
3071 register_info_type *new_register_info,
3072 stack_info_type *new_stack_info,
3073 flag_type new_and_flags, flag_type new_or_flags,
3074 jboolean isException)
3075 {
3076 instruction_data_type *idata = context->instruction_data;
3077 register_info_type register_info_buf;
3078 stack_info_type stack_info_buf;
3079 #ifdef DEBUG
3080 instruction_data_type *this_idata = &idata[to_inumber];
3081 register_info_type old_reg_info;
3082 stack_info_type old_stack_info;
3083 flag_type old_and_flags = 0;
3084 flag_type old_or_flags = 0;
3085 #endif
3086
3087 #ifdef DEBUG
3088 if (verify_verbose) {
3089 old_reg_info = this_idata->register_info;
3090 old_stack_info = this_idata->stack_info;
3091 old_and_flags = this_idata->and_flags;
3092 old_or_flags = this_idata->or_flags;
3093 }
3094 #endif
3095
3096 /* All uninitialized objects are set to "bogus" when jsr and
3097 * ret are executed. Thus uninitialized objects can't propagate
3098 * into or out of a subroutine.
3099 */
3100 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3101 idata[from_inumber].opcode == JVM_OPC_jsr ||
3102 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3103 int new_register_count = new_register_info->register_count;
3104 fullinfo_type *new_registers = new_register_info->registers;
3105 int i;
3106 stack_item_type *item;
3107
3108 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3109 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3110 /* This check only succeeds for hand-contrived code.
3111 * Efficiency is not an issue.
3112 */
3113 stack_info_buf.stack = copy_stack(context,
3114 new_stack_info->stack);
3115 stack_info_buf.stack_size = new_stack_info->stack_size;
3116 new_stack_info = &stack_info_buf;
3117 for (item = new_stack_info->stack; item != NULL;
3118 item = item->next) {
3119 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3120 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3121 }
3122 }
3123 break;
3124 }
3125 }
3126 for (i = 0; i < new_register_count; i++) {
3127 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3128 /* This check only succeeds for hand-contrived code.
3129 * Efficiency is not an issue.
3130 */
3131 fullinfo_type *new_set = NEW(fullinfo_type,
3132 new_register_count);
3133 for (i = 0; i < new_register_count; i++) {
3134 fullinfo_type t = new_registers[i];
3135 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3136 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3137 }
3138 register_info_buf.register_count = new_register_count;
3139 register_info_buf.registers = new_set;
3140 register_info_buf.mask_count = new_register_info->mask_count;
3141 register_info_buf.masks = new_register_info->masks;
3142 new_register_info = ®ister_info_buf;
3143 break;
3144 }
3145 }
3146 }
3147
3148 /* Returning from a subroutine is somewhat ugly. The actual thing
3149 * that needs to get merged into the new instruction is a joining
3150 * of info from the ret instruction with stuff in the jsr instruction
3151 */
3152 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3153 int new_register_count = new_register_info->register_count;
3154 fullinfo_type *new_registers = new_register_info->registers;
3155 int new_mask_count = new_register_info->mask_count;
3156 mask_type *new_masks = new_register_info->masks;
3157 int operand = idata[from_inumber].operand.i;
3158 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3159 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3160 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3161 if (jsr_idata->operand2.i != (int)from_inumber) {
3162 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3163 CCerror(context, "Multiple returns to single jsr");
3164 jsr_idata->operand2.i = from_inumber;
3165 }
3166 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3167 /* We don't want to handle the returned-to instruction until
3168 * we've dealt with the jsr instruction. When we get to the
3169 * jsr instruction (if ever), we'll re-mark the ret instruction
3170 */
3171 ;
3172 } else {
3173 int register_count = jsr_reginfo->register_count;
3174 fullinfo_type *registers = jsr_reginfo->registers;
3175 int max_registers = MAX(register_count, new_register_count);
3176 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3177 int *return_mask;
3178 struct register_info_type new_new_register_info;
3179 int i;
3180 /* Make sure the place we're returning from is legal! */
3181 for (i = new_mask_count; --i >= 0; )
3182 if (new_masks[i].entry == called_instruction)
3183 break;
3184 if (i < 0)
3185 CCerror(context, "Illegal return from subroutine");
3186 /* pop the masks down to the indicated one. Remember the mask
3187 * we're popping off. */
3188 return_mask = new_masks[i].modifies;
3189 new_mask_count = i;
3190 for (i = 0; i < max_registers; i++) {
3191 if (IS_BIT_SET(return_mask, i))
3192 new_set[i] = i < new_register_count ?
3193 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3194 else
3195 new_set[i] = i < register_count ?
3196 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3197 }
3198 new_new_register_info.register_count = max_registers;
3199 new_new_register_info.registers = new_set;
3200 new_new_register_info.mask_count = new_mask_count;
3201 new_new_register_info.masks = new_masks;
3202
3203
3204 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3205 merge_registers(context, to_inumber - 1, to_inumber,
3206 &new_new_register_info);
3207 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3208 }
3209 } else {
3210 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3211 merge_registers(context, from_inumber, to_inumber, new_register_info);
3212 merge_flags(context, from_inumber, to_inumber,
3213 new_and_flags, new_or_flags);
3214 }
3215
3216 #ifdef DEBUG
3217 if (verify_verbose && idata[to_inumber].changed) {
3218 register_info_type *register_info = &this_idata->register_info;
3219 stack_info_type *stack_info = &this_idata->stack_info;
3220 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3221 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3222 (old_and_flags != this_idata->and_flags) ||
3223 (old_or_flags != this_idata->or_flags)) {
3224 jio_fprintf(stdout, " %2d:", to_inumber);
3225 print_stack(context, &old_stack_info);
3226 print_registers(context, &old_reg_info);
3227 print_flags(context, old_and_flags, old_or_flags);
3228 jio_fprintf(stdout, " => ");
3229 print_stack(context, &this_idata->stack_info);
3230 print_registers(context, &this_idata->register_info);
3231 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3232 jio_fprintf(stdout, "\n");
3233 }
3234 }
3235 #endif
3236
3237 }
3238
3239 static void
3240 merge_stack(context_type *context, unsigned int from_inumber,
3241 unsigned int to_inumber, stack_info_type *new_stack_info)
3242 {
3243 instruction_data_type *idata = context->instruction_data;
3244 instruction_data_type *this_idata = &idata[to_inumber];
3245
3246 int new_stack_size = new_stack_info->stack_size;
3247 stack_item_type *new_stack = new_stack_info->stack;
3248
3249 int stack_size = this_idata->stack_info.stack_size;
3250
3251 if (stack_size == UNKNOWN_STACK_SIZE) {
3252 /* First time at this instruction. Just copy. */
3253 this_idata->stack_info.stack_size = new_stack_size;
3254 this_idata->stack_info.stack = new_stack;
3255 this_idata->changed = JNI_TRUE;
3256 } else if (new_stack_size != stack_size) {
3257 CCerror(context, "Inconsistent stack height %d != %d",
3258 new_stack_size, stack_size);
3259 } else {
3260 stack_item_type *stack = this_idata->stack_info.stack;
3261 stack_item_type *old, *new;
3262 jboolean change = JNI_FALSE;
3263 for (old = stack, new = new_stack; old != NULL;
3264 old = old->next, new = new->next) {
3265 if (!isAssignableTo(context, new->item, old->item)) {
3266 change = JNI_TRUE;
3267 break;
3268 }
3269 }
3270 if (change) {
3271 stack = copy_stack(context, stack);
3272 for (old = stack, new = new_stack; old != NULL;
3273 old = old->next, new = new->next) {
3274 if (new == NULL) {
3275 break;
3276 }
3277 old->item = merge_fullinfo_types(context, old->item, new->item,
3278 JNI_FALSE);
3279 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3280 CCerror(context, "Mismatched stack types");
3281 }
3282 }
3283 if (old != NULL || new != NULL) {
3284 CCerror(context, "Mismatched stack types");
3285 }
3286 this_idata->stack_info.stack = stack;
3287 this_idata->changed = JNI_TRUE;
3288 }
3289 }
3290 }
3291
3292 static void
3293 merge_registers(context_type *context, unsigned int from_inumber,
3294 unsigned int to_inumber, register_info_type *new_register_info)
3295 {
3296 instruction_data_type *idata = context->instruction_data;
3297 instruction_data_type *this_idata = &idata[to_inumber];
3298 register_info_type *this_reginfo = &this_idata->register_info;
3299
3300 int new_register_count = new_register_info->register_count;
3301 fullinfo_type *new_registers = new_register_info->registers;
3302 int new_mask_count = new_register_info->mask_count;
3303 mask_type *new_masks = new_register_info->masks;
3304
3305
3306 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3307 this_reginfo->register_count = new_register_count;
3308 this_reginfo->registers = new_registers;
3309 this_reginfo->mask_count = new_mask_count;
3310 this_reginfo->masks = new_masks;
3311 this_idata->changed = JNI_TRUE;
3312 } else {
3313 /* See if we've got new information on the register set. */
3314 int register_count = this_reginfo->register_count;
3315 fullinfo_type *registers = this_reginfo->registers;
3316 int mask_count = this_reginfo->mask_count;
3317 mask_type *masks = this_reginfo->masks;
3318
3319 jboolean copy = JNI_FALSE;
3320 int i, j;
3321 if (register_count > new_register_count) {
3322 /* Any register larger than new_register_count is now bogus */
3323 this_reginfo->register_count = new_register_count;
3324 register_count = new_register_count;
3325 this_idata->changed = JNI_TRUE;
3326 }
3327 for (i = 0; i < register_count; i++) {
3328 fullinfo_type prev_value = registers[i];
3329 if ((i < new_register_count)
3330 ? (!isAssignableTo(context, new_registers[i], prev_value))
3331 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3332 copy = JNI_TRUE;
3333 break;
3334 }
3335 }
3336
3337 if (copy) {
3338 /* We need a copy. So do it. */
3339 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3340 for (j = 0; j < i; j++)
3341 new_set[j] = registers[j];
3342 for (j = i; j < register_count; j++) {
3343 if (i >= new_register_count)
3344 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3345 else
3346 new_set[j] = merge_fullinfo_types(context,
3347 new_registers[j],
3348 registers[j], JNI_FALSE);
3349 }
3350 /* Some of the end items might now be bogus. This step isn't
3351 * necessary, but it may save work later. */
3352 while ( register_count > 0
3353 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3354 register_count--;
3355 this_reginfo->register_count = register_count;
3356 this_reginfo->registers = new_set;
3357 this_idata->changed = JNI_TRUE;
3358 }
3359 if (mask_count > 0) {
3360 /* If the target instruction already has a sequence of masks, then
3361 * we need to merge new_masks into it. We want the entries on
3362 * the mask to be the longest common substring of the two.
3363 * (e.g. a->b->d merged with a->c->d should give a->d)
3364 * The bits set in the mask should be the or of the corresponding
3365 * entries in each of the original masks.
3366 */
3367 int i, j, k;
3368 int matches = 0;
3369 int last_match = -1;
3370 jboolean copy_needed = JNI_FALSE;
3371 for (i = 0; i < mask_count; i++) {
3372 int entry = masks[i].entry;
3373 for (j = last_match + 1; j < new_mask_count; j++) {
3374 if (new_masks[j].entry == entry) {
3375 /* We have a match */
3376 int *prev = masks[i].modifies;
3377 int *new = new_masks[j].modifies;
3378 matches++;
3379 /* See if new_mask has bits set for "entry" that
3380 * weren't set for mask. If so, need to copy. */
3381 for (k = context->bitmask_size - 1;
3382 !copy_needed && k >= 0;
3383 k--)
3384 if (~prev[k] & new[k])
3385 copy_needed = JNI_TRUE;
3386 last_match = j;
3387 break;
3388 }
3389 }
3390 }
3391 if ((matches < mask_count) || copy_needed) {
3392 /* We need to make a copy for the new item, since either the
3393 * size has decreased, or new bits are set. */
3394 mask_type *copy = NEW(mask_type, matches);
3395 for (i = 0; i < matches; i++) {
3396 copy[i].modifies = NEW(int, context->bitmask_size);
3397 }
3398 this_reginfo->masks = copy;
3399 this_reginfo->mask_count = matches;
3400 this_idata->changed = JNI_TRUE;
3401 matches = 0;
3402 last_match = -1;
3403 for (i = 0; i < mask_count; i++) {
3404 int entry = masks[i].entry;
3405 for (j = last_match + 1; j < new_mask_count; j++) {
3406 if (new_masks[j].entry == entry) {
3407 int *prev1 = masks[i].modifies;
3408 int *prev2 = new_masks[j].modifies;
3409 int *new = copy[matches].modifies;
3410 copy[matches].entry = entry;
3411 for (k = context->bitmask_size - 1; k >= 0; k--)
3412 new[k] = prev1[k] | prev2[k];
3413 matches++;
3414 last_match = j;
3415 break;
3416 }
3417 }
3418 }
3419 }
3420 }
3421 }
3422 }
3423
3424
3425 static void
3426 merge_flags(context_type *context, unsigned int from_inumber,
3427 unsigned int to_inumber,
3428 flag_type new_and_flags, flag_type new_or_flags)
3429 {
3430 /* Set this_idata->and_flags &= new_and_flags
3431 this_idata->or_flags |= new_or_flags
3432 */
3433 instruction_data_type *idata = context->instruction_data;
3434 instruction_data_type *this_idata = &idata[to_inumber];
3435 flag_type this_and_flags = this_idata->and_flags;
3436 flag_type this_or_flags = this_idata->or_flags;
3437 flag_type merged_and = this_and_flags & new_and_flags;
3438 flag_type merged_or = this_or_flags | new_or_flags;
3439
3440 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3441 this_idata->and_flags = merged_and;
3442 this_idata->or_flags = merged_or;
3443 this_idata->changed = JNI_TRUE;
3444 }
3445 }
3446
3447
3448 /* Make a copy of a stack */
3449
3450 static stack_item_type *
3451 copy_stack(context_type *context, stack_item_type *stack)
3452 {
3453 int length;
3454 stack_item_type *ptr;
3455
3456 /* Find the length */
3457 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3458
3459 if (length > 0) {
3460 stack_item_type *new_stack = NEW(stack_item_type, length);
3461 stack_item_type *new_ptr;
3462 for ( ptr = stack, new_ptr = new_stack;
3463 ptr != NULL;
3464 ptr = ptr->next, new_ptr++) {
3465 new_ptr->item = ptr->item;
3466 new_ptr->next = new_ptr + 1;
3467 }
3468 new_stack[length - 1].next = NULL;
3469 return new_stack;
3470 } else {
3471 return NULL;
3472 }
3473 }
3474
3475
3476 static mask_type *
3477 copy_masks(context_type *context, mask_type *masks, int mask_count)
3478 {
3479 mask_type *result = NEW(mask_type, mask_count);
3480 int bitmask_size = context->bitmask_size;
3481 int *bitmaps = NEW(int, mask_count * bitmask_size);
3482 int i;
3483 for (i = 0; i < mask_count; i++) {
3484 result[i].entry = masks[i].entry;
3485 result[i].modifies = &bitmaps[i * bitmask_size];
3486 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3487 }
3488 return result;
3489 }
3490
3491
3492 static mask_type *
3493 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3494 {
3495 mask_type *result = NEW(mask_type, mask_count + 1);
3496 int bitmask_size = context->bitmask_size;
3497 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3498 int i;
3499 for (i = 0; i < mask_count; i++) {
3500 result[i].entry = masks[i].entry;
3501 result[i].modifies = &bitmaps[i * bitmask_size];
3502 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3503 }
3504 result[mask_count].entry = d;
3505 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3506 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3507 return result;
3508 }
3509
3510
3511
3512 /* We create our own storage manager, since we malloc lots of little items,
3513 * and I don't want to keep trace of when they become free. I sure wish that
3514 * we had heaps, and I could just free the heap when done.
3515 */
3516
3517 #define CCSegSize 2000
3518
3519 struct CCpool { /* a segment of allocated memory in the pool */
3520 struct CCpool *next;
3521 int segSize; /* almost always CCSegSize */
3522 int poolPad;
3523 char space[CCSegSize];
3524 };
3525
3526 /* Initialize the context's heap. */
3527 static void CCinit(context_type *context)
3528 {
3529 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3530 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3531 context->CCroot = context->CCcurrent = new;
3532 if (new == 0) {
3533 CCout_of_memory(context);
3534 }
3535 new->next = NULL;
3536 new->segSize = CCSegSize;
3537 context->CCfree_size = CCSegSize;
3538 context->CCfree_ptr = &new->space[0];
3539 }
3540
3541
3542 /* Reuse all the space that we have in the context's heap. */
3543 static void CCreinit(context_type *context)
3544 {
3545 struct CCpool *first = context->CCroot;
3546 context->CCcurrent = first;
3547 context->CCfree_size = CCSegSize;
3548 context->CCfree_ptr = &first->space[0];
3549 }
3550
3551 /* Destroy the context's heap. */
3552 static void CCdestroy(context_type *context)
3553 {
3554 struct CCpool *this = context->CCroot;
3555 while (this) {
3556 struct CCpool *next = this->next;
3557 free(this);
3558 this = next;
3559 }
3560 /* These two aren't necessary. But can't hurt either */
3561 context->CCroot = context->CCcurrent = NULL;
3562 context->CCfree_ptr = 0;
3563 }
3564
3565 /* Allocate an object of the given size from the context's heap. */
3566 static void *
3567 CCalloc(context_type *context, int size, jboolean zero)
3568 {
3569
3570 register char *p;
3571 /* Round CC to the size of a pointer */
3572 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3573
3574 if (context->CCfree_size < size) {
3575 struct CCpool *current = context->CCcurrent;
3576 struct CCpool *new;
3577 if (size > CCSegSize) { /* we need to allocate a special block */
3578 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3579 (size - CCSegSize));
3580 if (new == 0) {
3581 CCout_of_memory(context);
3582 }
3583 new->next = current->next;
3584 new->segSize = size;
3585 current->next = new;
3586 } else {
3587 new = current->next;
3588 if (new == NULL) {
3589 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3590 if (new == 0) {
3591 CCout_of_memory(context);
3592 }
3593 current->next = new;
3594 new->next = NULL;
3595 new->segSize = CCSegSize;
3596 }
3597 }
3598 context->CCcurrent = new;
3599 context->CCfree_ptr = &new->space[0];
3600 context->CCfree_size = new->segSize;
3601 }
3602 p = context->CCfree_ptr;
3603 context->CCfree_ptr += size;
3604 context->CCfree_size -= size;
3605 if (zero)
3606 memset(p, 0, size);
3607 return p;
3608 }
3609
3610 /* Get the class associated with a particular field or method or class in the
3611 * constant pool. If is_field is true, we've got a field or method. If
3612 * false, we've got a class.
3613 */
3614 static fullinfo_type
3615 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3616 {
3617 JNIEnv *env = context->env;
3618 fullinfo_type result;
3619 const char *classname;
3620 switch (kind) {
3621 case JVM_CONSTANT_Class:
3622 classname = JVM_GetCPClassNameUTF(env,
3623 context->class,
3624 cp_index);
3625 break;
3626 case JVM_CONSTANT_Methodref:
3627 classname = JVM_GetCPMethodClassNameUTF(env,
3628 context->class,
3629 cp_index);
3630 break;
3631 case JVM_CONSTANT_Fieldref:
3632 classname = JVM_GetCPFieldClassNameUTF(env,
3633 context->class,
3634 cp_index);
3635 break;
3636 default:
3637 classname = NULL;
3638 CCerror(context, "Internal error #5");
3639 }
3640
3641 check_and_push(context, classname, VM_STRING_UTF);
3642 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3643 /* This make recursively call us, in case of a class array */
3644 signature_to_fieldtype(context, &classname, &result);
3645 } else {
3646 result = make_class_info_from_name(context, classname);
3647 }
3648 pop_and_free(context);
3649 return result;
3650 }
3651
3652
3653 static int
3654 print_CCerror_info(context_type *context)
3655 {
3656 JNIEnv *env = context->env;
3657 jclass cb = context->class;
3658 const char *classname = JVM_GetClassNameUTF(env, cb);
3659 const char *name = 0;
3660 const char *signature = 0;
3661 int n = 0;
3662 if (context->method_index != -1) {
3663 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3664 signature =
3665 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3666 n += jio_snprintf(context->message, context->message_buf_len,
3667 "(class: %s, method: %s signature: %s) ",
3668 (classname ? classname : ""),
3669 (name ? name : ""),
3670 (signature ? signature : ""));
3671 } else if (context->field_index != -1 ) {
3672 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3673 n += jio_snprintf(context->message, context->message_buf_len,
3674 "(class: %s, field: %s) ",
3675 (classname ? classname : 0),
3676 (name ? name : 0));
3677 } else {
3678 n += jio_snprintf(context->message, context->message_buf_len,
3679 "(class: %s) ", classname ? classname : "");
3680 }
3681 JVM_ReleaseUTF(classname);
3682 JVM_ReleaseUTF(name);
3683 JVM_ReleaseUTF(signature);
3684 return n;
3685 }
3686
3687 static void
3688 CCerror (context_type *context, char *format, ...)
3689 {
3690 int n = print_CCerror_info(context);
3691 va_list args;
3692 if (n >= 0 && n < context->message_buf_len) {
3693 va_start(args, format);
3694 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3695 format, args);
3696 va_end(args);
3697 }
3698 context->err_code = CC_VerifyError;
3699 longjmp(context->jump_buffer, 1);
3700 }
3701
3702 static void
3703 CCout_of_memory(context_type *context)
3704 {
3705 int n = print_CCerror_info(context);
3706 context->err_code = CC_OutOfMemory;
3707 longjmp(context->jump_buffer, 1);
3708 }
3709
3710 static void
3711 CFerror(context_type *context, char *format, ...)
3712 {
3713 int n = print_CCerror_info(context);
3714 va_list args;
3715 if (n >= 0 && n < context->message_buf_len) {
3716 va_start(args, format);
3717 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3718 format, args);
3719 va_end(args);
3720 }
3721 context->err_code = CC_ClassFormatError;
3722 longjmp(context->jump_buffer, 1);
3723 }
3724
3725 static char
3726 signature_to_fieldtype(context_type *context,
3727 const char **signature_p, fullinfo_type *full_info_p)
3728 {
3729 const char *p = *signature_p;
3730 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3731 char result;
3732 int array_depth = 0;
3733
3734 for (;;) {
3735 switch(*p++) {
3736 default:
3737 result = 0;
3738 break;
3739
3740 case JVM_SIGNATURE_BOOLEAN:
3741 full_info = (array_depth > 0)
3742 ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)
3743 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3744 result = 'I';
3745 break;
3746
3747 case JVM_SIGNATURE_BYTE:
3748 full_info = (array_depth > 0)
3749 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3750 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3751 result = 'I';
3752 break;
3753
3754 case JVM_SIGNATURE_CHAR:
3755 full_info = (array_depth > 0)
3756 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3757 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3758 result = 'I';
3759 break;
3760
3761 case JVM_SIGNATURE_SHORT:
3762 full_info = (array_depth > 0)
3763 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3764 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3765 result = 'I';
3766 break;
3767
3768 case JVM_SIGNATURE_INT:
3769 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3770 result = 'I';
3771 break;
3772
3773 case JVM_SIGNATURE_FLOAT:
3774 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3775 result = 'F';
3776 break;
3777
3778 case JVM_SIGNATURE_DOUBLE:
3779 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3780 result = 'D';
3781 break;
3782
3783 case JVM_SIGNATURE_LONG:
3784 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3785 result = 'L';
3786 break;
3787
3788 case JVM_SIGNATURE_ARRAY:
3789 array_depth++;
3790 continue; /* only time we ever do the loop > 1 */
3791
3792 case JVM_SIGNATURE_CLASS: {
3793 char buffer_space[256];
3794 char *buffer = buffer_space;
3795 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3796 int length;
3797 if (finish == NULL) {
3798 /* Signature must have ';' after the class name.
3799 * If it does not, return 0 and ITEM_Bogus in full_info. */
3800 result = 0;
3801 break;
3802 }
3803 length = finish - p;
3804 if (length + 1 > (int)sizeof(buffer_space)) {
3805 buffer = malloc(length + 1);
3806 check_and_push(context, buffer, VM_MALLOC_BLK);
3807 }
3808 memcpy(buffer, p, length);
3809 buffer[length] = '\0';
3810 full_info = make_class_info_from_name(context, buffer);
3811 result = 'A';
3812 p = finish + 1;
3813 if (buffer != buffer_space)
3814 pop_and_free(context);
3815 break;
3816 }
3817 } /* end of switch */
3818 break;
3819 }
3820 *signature_p = p;
3821 if (array_depth == 0 || result == 0) {
3822 /* either not an array, or result is bogus */
3823 *full_info_p = full_info;
3824 return result;
3825 } else {
3826 if (array_depth > MAX_ARRAY_DIMENSIONS)
3827 CCerror(context, "Array with too many dimensions");
3828 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3829 array_depth,
3830 GET_EXTRA_INFO(full_info));
3831 return 'A';
3832 }
3833 }
3834
3835
3836 /* Given an array type, create the type that has one less level of
3837 * indirection.
3838 */
3839
3840 static fullinfo_type
3841 decrement_indirection(fullinfo_type array_info)
3842 {
3843 if (array_info == NULL_FULLINFO) {
3844 return NULL_FULLINFO;
3845 } else {
3846 int type = GET_ITEM_TYPE(array_info);
3847 int indirection = GET_INDIRECTION(array_info) - 1;
3848 int extra_info = GET_EXTRA_INFO(array_info);
3849 if ( (indirection == 0)
3850 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3851 type = ITEM_Integer;
3852 return MAKE_FULLINFO(type, indirection, extra_info);
3853 }
3854 }
3855
3856
3857 /* See if we can assign an object of the "from" type to an object
3858 * of the "to" type.
3859 */
3860
3861 static jboolean isAssignableTo(context_type *context,
3862 fullinfo_type from, fullinfo_type to)
3863 {
3864 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3865 }
3866
3867 /* Given two fullinfo_type's, find their lowest common denominator. If
3868 * the assignable_p argument is non-null, we're really just calling to find
3869 * out if "<target> := <value>" is a legitimate assignment.
3870 *
3871 * We treat all interfaces as if they were of type java/lang/Object, since the
3872 * runtime will do the full checking.
3873 */
3874 static fullinfo_type
3875 merge_fullinfo_types(context_type *context,
3876 fullinfo_type value, fullinfo_type target,
3877 jboolean for_assignment)
3878 {
3879 JNIEnv *env = context->env;
3880 if (value == target) {
3881 /* If they're identical, clearly just return what we've got */
3882 return value;
3883 }
3884
3885 /* Both must be either arrays or objects to go further */
3886 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3887 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3888 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3889 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3890
3891 /* If either is NULL, return the other. */
3892 if (value == NULL_FULLINFO)
3893 return target;
3894 else if (target == NULL_FULLINFO)
3895 return value;
3896
3897 /* If either is java/lang/Object, that's the result. */
3898 if (target == context->object_info)
3899 return target;
3900 else if (value == context->object_info) {
3901 /* Minor hack. For assignments, Interface := Object, return Interface
3902 * rather than Object, so that isAssignableTo() will get the right
3903 * result. */
3904 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3905 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3906 jclass cb = object_fullinfo_to_classclass(context,
3907 target);
3908 int is_interface = cb && JVM_IsInterface(env, cb);
3909 if (is_interface)
3910 return target;
3911 }
3912 return value;
3913 }
3914 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3915 /* At least one is an array. Neither is java/lang/Object or NULL.
3916 * Moreover, the types are not identical.
3917 * The result must either be Object, or an array of some object type.
3918 */
3919 fullinfo_type value_base, target_base;
3920 int dimen_value = GET_INDIRECTION(value);
3921 int dimen_target = GET_INDIRECTION(target);
3922
3923 if (target == context->cloneable_info ||
3924 target == context->serializable_info) {
3925 return target;
3926 }
3927
3928 if (value == context->cloneable_info ||
3929 value == context->serializable_info) {
3930 return value;
3931 }
3932
3933 /* First, if either item's base type isn't ITEM_Object, promote it up
3934 * to an object or array of object. If either is elemental, we can
3935 * punt.
3936 */
3937 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3938 if (dimen_value == 0)
3939 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3940 dimen_value--;
3941 value = MAKE_Object_ARRAY(dimen_value);
3942
3943 }
3944 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3945 if (dimen_target == 0)
3946 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3947 dimen_target--;
3948 target = MAKE_Object_ARRAY(dimen_target);
3949 }
3950 /* Both are now objects or arrays of some sort of object type */
3951 value_base = WITH_ZERO_INDIRECTION(value);
3952 target_base = WITH_ZERO_INDIRECTION(target);
3953 if (dimen_value == dimen_target) {
3954 /* Arrays of the same dimension. Merge their base types. */
3955 fullinfo_type result_base =
3956 merge_fullinfo_types(context, value_base, target_base,
3957 for_assignment);
3958 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3959 /* bogus in, bogus out */
3960 return result_base;
3961 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3962 GET_EXTRA_INFO(result_base));
3963 } else {
3964 /* Arrays of different sizes. If the smaller dimension array's base
3965 * type is java/lang/Cloneable or java/io/Serializable, return it.
3966 * Otherwise return java/lang/Object with a dimension of the smaller
3967 * of the two */
3968 if (dimen_value < dimen_target) {
3969 if (value_base == context->cloneable_info ||
3970 value_base == context ->serializable_info) {
3971 return value;
3972 }
3973 return MAKE_Object_ARRAY(dimen_value);
3974 } else {
3975 if (target_base == context->cloneable_info ||
3976 target_base == context->serializable_info) {
3977 return target;
3978 }
3979 return MAKE_Object_ARRAY(dimen_target);
3980 }
3981 }
3982 } else {
3983 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3984 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3985 fullinfo_type result_info;
3986
3987 /* Let's get the classes corresponding to each of these. Treat
3988 * interfaces as if they were java/lang/Object. See hack note above. */
3989 cb_target = object_fullinfo_to_classclass(context, target);
3990 if (cb_target == 0)
3991 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3992 if (JVM_IsInterface(env, cb_target))
3993 return for_assignment ? target : context->object_info;
3994 cb_value = object_fullinfo_to_classclass(context, value);
3995 if (cb_value == 0)
3996 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3997 if (JVM_IsInterface(env, cb_value))
3998 return context->object_info;
3999
4000 /* If this is for assignment of target := value, we just need to see if
4001 * cb_target is a superclass of cb_value. Save ourselves a lot of
4002 * work.
4003 */
4004 if (for_assignment) {
4005 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4006 while (cb_super_value != 0) {
4007 jclass tmp_cb;
4008 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4009 (*env)->DeleteLocalRef(env, cb_super_value);
4010 return target;
4011 }
4012 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4013 (*env)->DeleteLocalRef(env, cb_super_value);
4014 cb_super_value = tmp_cb;
4015 }
4016 (*env)->DeleteLocalRef(env, cb_super_value);
4017 return context->object_info;
4018 }
4019
4020 /* Find out whether cb_value or cb_target is deeper in the class
4021 * tree by moving both toward the root, and seeing who gets there
4022 * first. */
4023 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4024 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4025 while((cb_super_value != 0) &&
4026 (cb_super_target != 0)) {
4027 jclass tmp_cb;
4028 /* Optimization. If either hits the other when going up looking
4029 * for a parent, then might as well return the parent immediately */
4030 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4031 (*env)->DeleteLocalRef(env, cb_super_value);
4032 (*env)->DeleteLocalRef(env, cb_super_target);
4033 return target;
4034 }
4035 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4036 (*env)->DeleteLocalRef(env, cb_super_value);
4037 (*env)->DeleteLocalRef(env, cb_super_target);
4038 return value;
4039 }
4040 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4041 (*env)->DeleteLocalRef(env, cb_super_value);
4042 cb_super_value = tmp_cb;
4043
4044 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4045 (*env)->DeleteLocalRef(env, cb_super_target);
4046 cb_super_target = tmp_cb;
4047 }
4048 cb_value = (*env)->NewLocalRef(env, cb_value);
4049 cb_target = (*env)->NewLocalRef(env, cb_target);
4050 /* At most one of the following two while clauses will be executed.
4051 * Bring the deeper of cb_target and cb_value to the depth of the
4052 * shallower one.
4053 */
4054 while (cb_super_value != 0) {
4055 /* cb_value is deeper */
4056 jclass cb_tmp;
4057
4058 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4059 (*env)->DeleteLocalRef(env, cb_super_value);
4060 cb_super_value = cb_tmp;
4061
4062 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4063 (*env)->DeleteLocalRef(env, cb_value);
4064 cb_value = cb_tmp;
4065 }
4066 while (cb_super_target != 0) {
4067 /* cb_target is deeper */
4068 jclass cb_tmp;
4069
4070 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4071 (*env)->DeleteLocalRef(env, cb_super_target);
4072 cb_super_target = cb_tmp;
4073
4074 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4075 (*env)->DeleteLocalRef(env, cb_target);
4076 cb_target = cb_tmp;
4077 }
4078
4079 /* Walk both up, maintaining equal depth, until a join is found. We
4080 * know that we will find one. */
4081 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4082 jclass cb_tmp;
4083 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4084 (*env)->DeleteLocalRef(env, cb_value);
4085 cb_value = cb_tmp;
4086 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4087 (*env)->DeleteLocalRef(env, cb_target);
4088 cb_target = cb_tmp;
4089 }
4090 result_info = make_class_info(context, cb_value);
4091 (*env)->DeleteLocalRef(env, cb_value);
4092 (*env)->DeleteLocalRef(env, cb_super_value);
4093 (*env)->DeleteLocalRef(env, cb_target);
4094 (*env)->DeleteLocalRef(env, cb_super_target);
4095 return result_info;
4096 } /* both items are classes */
4097 }
4098
4099
4100 /* Given a fullinfo_type corresponding to an Object, return the jclass
4101 * of that type.
4102 *
4103 * This function always returns a global reference!
4104 */
4105
4106 static jclass
4107 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4108 {
4109 unsigned short info = GET_EXTRA_INFO(classinfo);
4110 return ID_to_class(context, info);
4111 }
4112
4113 static void free_block(void *ptr, int kind)
4114 {
4115 switch (kind) {
4116 case VM_STRING_UTF:
4117 JVM_ReleaseUTF(ptr);
4118 break;
4119 case VM_MALLOC_BLK:
4120 free(ptr);
4121 break;
4122 }
4123 }
4124
4125 static void check_and_push(context_type *context, const void *ptr, int kind)
4126 {
4127 alloc_stack_type *p;
4128 if (ptr == 0)
4129 CCout_of_memory(context);
4130 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4131 p = &(context->alloc_stack[context->alloc_stack_top++]);
4132 else {
4133 /* Otherwise we have to malloc */
4134 p = malloc(sizeof(alloc_stack_type));
4135 if (p == 0) {
4136 /* Make sure we clean up. */
4137 free_block((void *)ptr, kind);
4138 CCout_of_memory(context);
4139 }
4140 }
4141 p->kind = kind;
4142 p->ptr = (void *)ptr;
4143 p->next = context->allocated_memory;
4144 context->allocated_memory = p;
4145 }
4146
4147 static void pop_and_free(context_type *context)
4148 {
4149 alloc_stack_type *p = context->allocated_memory;
4150 context->allocated_memory = p->next;
4151 free_block(p->ptr, p->kind);
4152 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4153 p >= context->alloc_stack)
4154 context->alloc_stack_top--;
4155 else
4156 free(p);
4157 }
4158
4159 static int signature_to_args_size(const char *method_signature)
4160 {
4161 const char *p;
4162 int args_size = 0;
4163 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4164 switch (*p) {
4165 case JVM_SIGNATURE_BOOLEAN:
4166 case JVM_SIGNATURE_BYTE:
4167 case JVM_SIGNATURE_CHAR:
4168 case JVM_SIGNATURE_SHORT:
4169 case JVM_SIGNATURE_INT:
4170 case JVM_SIGNATURE_FLOAT:
4171 args_size += 1;
4172 break;
4173 case JVM_SIGNATURE_CLASS:
4174 args_size += 1;
4175 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4176 break;
4177 case JVM_SIGNATURE_ARRAY:
4178 args_size += 1;
4179 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4180 /* If an array of classes, skip over class name, too. */
4181 if (*p == JVM_SIGNATURE_CLASS) {
4182 while (*p != JVM_SIGNATURE_ENDCLASS)
4183 p++;
4184 }
4185 break;
4186 case JVM_SIGNATURE_DOUBLE:
4187 case JVM_SIGNATURE_LONG:
4188 args_size += 2;
4189 break;
4190 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4191 break;
4192 default:
4193 /* Indicate an error. */
4194 return 0;
4195 }
4196 }
4197 return args_size;
4198 }
4199
4200 #ifdef DEBUG
4201
4202 /* Below are for debugging. */
4203
4204 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4205
4206 static void
4207 print_stack(context_type *context, stack_info_type *stack_info)
4208 {
4209 stack_item_type *stack = stack_info->stack;
4210 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4211 jio_fprintf(stdout, "x");
4212 } else {
4213 jio_fprintf(stdout, "(");
4214 for ( ; stack != 0; stack = stack->next)
4215 print_fullinfo_type(context, stack->item,
4216 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4217 jio_fprintf(stdout, ")");
4218 }
4219 }
4220
4221 static void
4222 print_registers(context_type *context, register_info_type *register_info)
4223 {
4224 int register_count = register_info->register_count;
4225 if (register_count == UNKNOWN_REGISTER_COUNT) {
4226 jio_fprintf(stdout, "x");
4227 } else {
4228 fullinfo_type *registers = register_info->registers;
4229 int mask_count = register_info->mask_count;
4230 mask_type *masks = register_info->masks;
4231 int i, j;
4232
4233 jio_fprintf(stdout, "{");
4234 for (i = 0; i < register_count; i++)
4235 print_fullinfo_type(context, registers[i],
4236 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4237 jio_fprintf(stdout, "}");
4238 for (i = 0; i < mask_count; i++) {
4239 char *separator = "";
4240 int *modifies = masks[i].modifies;
4241 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4242 for (j = 0;
4243 j < JVM_GetMethodIxLocalsCount(context->env,
4244 context->class,
4245 context->method_index);
4246 j++)
4247 if (IS_BIT_SET(modifies, j)) {
4248 jio_fprintf(stdout, "%s%d", separator, j);
4249 separator = ",";
4250 }
4251 jio_fprintf(stdout, ">");
4252 }
4253 }
4254 }
4255
4256
4257 static void
4258 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4259 {
4260 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4261 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4262 }
4263 }
4264
4265 static void
4266 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4267 {
4268 int i;
4269 int indirection = GET_INDIRECTION(type);
4270 for (i = indirection; i-- > 0; )
4271 jio_fprintf(stdout, "[");
4272 switch (GET_ITEM_TYPE(type)) {
4273 case ITEM_Integer:
4274 jio_fprintf(stdout, "I"); break;
4275 case ITEM_Float:
4276 jio_fprintf(stdout, "F"); break;
4277 case ITEM_Double:
4278 jio_fprintf(stdout, "D"); break;
4279 case ITEM_Double_2:
4280 jio_fprintf(stdout, "d"); break;
4281 case ITEM_Long:
4282 jio_fprintf(stdout, "L"); break;
4283 case ITEM_Long_2:
4284 jio_fprintf(stdout, "l"); break;
4285 case ITEM_ReturnAddress:
4286 jio_fprintf(stdout, "a"); break;
4287 case ITEM_Object:
4288 if (!verbose) {
4289 jio_fprintf(stdout, "A");
4290 } else {
4291 unsigned short extra = GET_EXTRA_INFO(type);
4292 if (extra == 0) {
4293 jio_fprintf(stdout, "/Null/");
4294 } else {
4295 const char *name = ID_to_class_name(context, extra);
4296 const char *name2 = strrchr(name, '/');
4297 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4298 }
4299 }
4300 break;
4301 case ITEM_Char:
4302 jio_fprintf(stdout, "C"); break;
4303 case ITEM_Short:
4304 jio_fprintf(stdout, "S"); break;
4305 case ITEM_Boolean:
4306 jio_fprintf(stdout, "Z"); break;
4307 case ITEM_Byte:
4308 jio_fprintf(stdout, "B"); break;
4309 case ITEM_NewObject:
4310 if (!verbose) {
4311 jio_fprintf(stdout, "@");
4312 } else {
4313 int inum = GET_EXTRA_INFO(type);
4314 fullinfo_type real_type =
4315 context->instruction_data[inum].operand2.fi;
4316 jio_fprintf(stdout, ">");
4317 print_fullinfo_type(context, real_type, JNI_TRUE);
4318 jio_fprintf(stdout, "<");
4319 }
4320 break;
4321 case ITEM_InitObject:
4322 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4323 break;
4324
4325 default:
4326 jio_fprintf(stdout, "?"); break;
4327 }
4328 for (i = indirection; i-- > 0; )
4329 jio_fprintf(stdout, "]");
4330 }
4331
4332
4333 static void
4334 print_formatted_fieldname(context_type *context, int index)
4335 {
4336 JNIEnv *env = context->env;
4337 jclass cb = context->class;
4338 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4339 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4340 jio_fprintf(stdout, " <%s.%s>",
4341 classname ? classname : "", fieldname ? fieldname : "");
4342 JVM_ReleaseUTF(classname);
4343 JVM_ReleaseUTF(fieldname);
4344 }
4345
4346 static void
4347 print_formatted_methodname(context_type *context, int index)
4348 {
4349 JNIEnv *env = context->env;
4350 jclass cb = context->class;
4351 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4352 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4353 jio_fprintf(stdout, " <%s.%s>",
4354 classname ? classname : "", methodname ? methodname : "");
4355 JVM_ReleaseUTF(classname);
4356 JVM_ReleaseUTF(methodname);
4357 }
4358
4359 #endif /*DEBUG*/