1 /*
2 * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
94 * but the code here does not handles it. So we wrap the methods and return non-NULL
95 * pointers even if we allocate 0 bytes.
96 */
97 #ifdef _AIX
98 static int aix_dummy;
99 static void* aix_malloc(size_t len) {
100 if (len == 0) {
101 return &aix_dummy;
102 }
103 return malloc(len);
104 }
105
106 static void* aix_calloc(size_t n, size_t size) {
107 if (n == 0) {
108 return &aix_dummy;
109 }
110 return calloc(n, size);
111 }
112
113 static void aix_free(void* p) {
114 if (p == &aix_dummy) {
115 return;
116 }
117 free(p);
118 }
119
120 #undef malloc
121 #undef calloc
122 #undef free
123 #define malloc aix_malloc
124 #define calloc aix_calloc
125 #define free aix_free
126 #endif
127
128 #ifdef __APPLE__
129 /* use setjmp/longjmp versions that do not save/restore the signal mask */
130 #define setjmp _setjmp
131 #define longjmp _longjmp
132 #endif
133
134 #define MAX_ARRAY_DIMENSIONS 255
135 /* align byte code */
136 #ifndef ALIGN_UP
137 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
138 #endif /* ALIGN_UP */
139 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
140
141 #ifdef DEBUG
142
143 int verify_verbose = 0;
144 static struct context_type *GlobalContext;
145 #endif
146
147 enum {
148 ITEM_Bogus,
149 ITEM_Void, /* only as a function return value */
150 ITEM_Integer,
151 ITEM_Float,
152 ITEM_Double,
153 ITEM_Double_2, /* 2nd word of double in register */
154 ITEM_Long,
155 ITEM_Long_2, /* 2nd word of long in register */
156 ITEM_Array,
157 ITEM_Object, /* Extra info field gives name. */
158 ITEM_NewObject, /* Like object, but uninitialized. */
159 ITEM_InitObject, /* "this" is init method, before call
160 to super() */
161 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
162 /* The following four are only used within array types.
163 * Normally, we use ITEM_Integer, instead. */
164 ITEM_Byte,
165 ITEM_Short,
166 ITEM_Char,
167 ITEM_Boolean
168 };
169
170
171 #define UNKNOWN_STACK_SIZE -1
172 #define UNKNOWN_REGISTER_COUNT -1
173 #define UNKNOWN_RET_INSTRUCTION -1
174
175 #undef MAX
176 #undef MIN
177 #define MAX(a, b) ((a) > (b) ? (a) : (b))
178 #define MIN(a, b) ((a) < (b) ? (a) : (b))
179
180 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
181 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
182 ((unsigned)1 << ((i) % BITS_PER_INT)))
183 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
184 ((unsigned)1 << ((i) % BITS_PER_INT)))
185
186 typedef unsigned int fullinfo_type;
187 typedef unsigned int *bitvector;
188
189 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
190 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
191 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
192 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
193 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
194
195 #define MAKE_FULLINFO(type, indirect, extra) \
196 ((type) + ((indirect) << 5) + ((extra) << 16))
197
198 #define MAKE_Object_ARRAY(indirect) \
199 (context->object_info + ((indirect) << 5))
200
201 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
202
203 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
204 #define JVM_OPC_invokeinit 0x100
205
206 /* A hash mechanism used by the verifier.
207 * Maps class names to unique 16 bit integers.
208 */
209
210 #define HASH_TABLE_SIZE 503
211
212 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
213 * row (256 buckets) at a time to minimize fragmentation. Rows are
214 * allocated on demand so that we don't waste too much space.
215 */
216
217 #define MAX_HASH_ENTRIES 65536
218 #define HASH_ROW_SIZE 256
219
220 typedef struct hash_bucket_type {
221 char *name;
222 unsigned int hash;
223 jclass class;
224 unsigned short ID;
225 unsigned short next;
226 unsigned loadable:1; /* from context->class loader */
227 } hash_bucket_type;
228
229 typedef struct {
230 hash_bucket_type **buckets;
231 unsigned short *table;
232 int entries_used;
233 } hash_table_type;
234
235 #define GET_BUCKET(class_hash, ID)\
236 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
237
238 /*
239 * There are currently two types of resources that we need to keep
240 * track of (in addition to the CCalloc pool).
241 */
242 enum {
243 VM_STRING_UTF, /* VM-allocated UTF strings */
244 VM_MALLOC_BLK /* malloc'ed blocks */
245 };
246
247 #define LDC_CLASS_MAJOR_VERSION 49
248
249 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
250
251 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
252
253 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
254
255 #define ALLOC_STACK_SIZE 16 /* big enough */
256
257 typedef struct alloc_stack_type {
258 void *ptr;
259 int kind;
260 struct alloc_stack_type *next;
261 } alloc_stack_type;
262
263 /* The context type encapsulates the current invocation of the byte
264 * code verifier.
265 */
266 struct context_type {
267
268 JNIEnv *env; /* current JNIEnv */
269
270 /* buffers etc. */
271 char *message;
272 jint message_buf_len;
273 jboolean err_code;
274
275 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
276 had a chance to free */
277 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
278 blocks here, to save mallocs. */
279 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
280 int alloc_stack_top;
281
282 /* these fields are per class */
283 jclass class; /* current class */
284 jint major_version;
285 jint nconstants;
286 unsigned char *constant_types;
287 hash_table_type class_hash;
288
289 fullinfo_type object_info; /* fullinfo for java/lang/Object */
290 fullinfo_type string_info; /* fullinfo for java/lang/String */
291 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
292 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
293 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
294
295 fullinfo_type currentclass_info; /* fullinfo for context->class */
296 fullinfo_type superclass_info; /* fullinfo for superclass */
297
298 /* these fields are per method */
299 int method_index; /* current method */
300 unsigned short *exceptions; /* exceptions */
301 unsigned char *code; /* current code object */
302 jint code_length;
303 int *code_data; /* offset to instruction number */
304 struct instruction_data_type *instruction_data; /* info about each */
305 struct handler_info_type *handler_info;
306 fullinfo_type *superclasses; /* null terminated superclasses */
307 int instruction_count; /* number of instructions */
308 fullinfo_type return_type; /* function return type */
309 fullinfo_type swap_table[4]; /* used for passing information */
310 int bitmask_size; /* words needed to hold bitmap of arguments */
311
312 /* these fields are per field */
313 int field_index;
314
315 /* Used by the space allocator */
316 struct CCpool *CCroot, *CCcurrent;
317 char *CCfree_ptr;
318 int CCfree_size;
319
320 /* Jump here on any error. */
321 jmp_buf jump_buffer;
322
323 #ifdef DEBUG
324 /* keep track of how many global refs are allocated. */
325 int n_globalrefs;
326 #endif
327 };
328
329 struct stack_info_type {
330 struct stack_item_type *stack;
331 int stack_size;
332 };
333
334 struct register_info_type {
335 int register_count; /* number of registers used */
336 fullinfo_type *registers;
337 int mask_count; /* number of masks in the following */
338 struct mask_type *masks;
339 };
340
341 struct mask_type {
342 int entry;
343 int *modifies;
344 };
345
346 typedef unsigned short flag_type;
347
348 struct instruction_data_type {
349 int opcode; /* may turn into "canonical" opcode */
350 unsigned changed:1; /* has it changed */
351 unsigned protected:1; /* must accessor be a subclass of "this" */
352 union {
353 int i; /* operand to the opcode */
354 int *ip;
355 fullinfo_type fi;
356 } operand, operand2;
357 fullinfo_type p;
358 struct stack_info_type stack_info;
359 struct register_info_type register_info;
360 #define FLAG_REACHED 0x01 /* instruction reached */
361 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
362 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
363 flag_type or_flags; /* true for at least one path to this inst */
364 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
365 flag_type and_flags; /* true for all paths to this instruction */
366 };
367
368 struct handler_info_type {
369 int start, end, handler;
370 struct stack_info_type stack_info;
371 };
372
373 struct stack_item_type {
374 fullinfo_type item;
375 struct stack_item_type *next;
376 };
377
378 typedef struct context_type context_type;
379 typedef struct instruction_data_type instruction_data_type;
380 typedef struct stack_item_type stack_item_type;
381 typedef struct register_info_type register_info_type;
382 typedef struct stack_info_type stack_info_type;
383 typedef struct mask_type mask_type;
384
385 static void read_all_code(context_type *context, jclass cb, int num_methods,
386 int** code_lengths, unsigned char*** code);
387 static void verify_method(context_type *context, jclass cb, int index,
388 int code_length, unsigned char* code);
389 static void free_all_code(context_type* context, int num_methods,
390 unsigned char** code);
391 static void verify_field(context_type *context, jclass cb, int index);
392
393 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
394 static void set_protected(context_type *, unsigned int inumber, int key, int);
395 static jboolean is_superclass(context_type *, fullinfo_type);
396
397 static void initialize_exception_table(context_type *);
398 static int instruction_length(unsigned char *iptr, unsigned char *end);
399 static jboolean isLegalTarget(context_type *, int offset);
400 static void verify_constant_pool_type(context_type *, int, unsigned);
401
402 static void initialize_dataflow(context_type *);
403 static void run_dataflow(context_type *context);
404 static void check_register_values(context_type *context, unsigned int inumber);
405 static void check_flags(context_type *context, unsigned int inumber);
406 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
407 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
408 static void update_flags(context_type *, unsigned int inumber,
409 flag_type *new_and_flags, flag_type *new_or_flags);
410 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
411
412 static void merge_into_successors(context_type *, unsigned int inumber,
413 register_info_type *register_info,
414 stack_info_type *stack_info,
415 flag_type and_flags, flag_type or_flags);
416 static void merge_into_one_successor(context_type *context,
417 unsigned int from_inumber,
418 unsigned int inumber,
419 register_info_type *register_info,
420 stack_info_type *stack_info,
421 flag_type and_flags, flag_type or_flags,
422 jboolean isException);
423 static void merge_stack(context_type *, unsigned int inumber,
424 unsigned int to_inumber, stack_info_type *);
425 static void merge_registers(context_type *, unsigned int inumber,
426 unsigned int to_inumber,
427 register_info_type *);
428 static void merge_flags(context_type *context, unsigned int from_inumber,
429 unsigned int to_inumber,
430 flag_type new_and_flags, flag_type new_or_flags);
431
432 static stack_item_type *copy_stack(context_type *, stack_item_type *);
433 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
434 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
435
436 static fullinfo_type decrement_indirection(fullinfo_type);
437
438 static fullinfo_type merge_fullinfo_types(context_type *context,
439 fullinfo_type a,
440 fullinfo_type b,
441 jboolean assignment);
442 static jboolean isAssignableTo(context_type *,
443 fullinfo_type a,
444 fullinfo_type b);
445
446 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
447
448
449 #define NEW(type, count) \
450 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
451 #define ZNEW(type, count) \
452 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
453
454 static void CCinit(context_type *context);
455 static void CCreinit(context_type *context);
456 static void CCdestroy(context_type *context);
457 static void *CCalloc(context_type *context, int size, jboolean zero);
458
459 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
460
461 static char signature_to_fieldtype(context_type *context,
462 const char **signature_p, fullinfo_type *info);
463
464 static void CCerror (context_type *, char *format, ...);
465 static void CFerror (context_type *, char *format, ...);
466 static void CCout_of_memory (context_type *);
467
468 /* Because we can longjmp any time, we need to be very careful about
469 * remembering what needs to be freed. */
470
471 static void check_and_push(context_type *context, const void *ptr, int kind);
472 static void pop_and_free(context_type *context);
473
474 static int signature_to_args_size(const char *method_signature);
475
476 #ifdef DEBUG
477 static void print_stack (context_type *, stack_info_type *stack_info);
478 static void print_registers(context_type *, register_info_type *register_info);
479 static void print_flags(context_type *, flag_type, flag_type);
480 static void print_formatted_fieldname(context_type *context, int index);
481 static void print_formatted_methodname(context_type *context, int index);
482 #endif
483
484 void initialize_class_hash(context_type *context)
485 {
486 hash_table_type *class_hash = &(context->class_hash);
487 class_hash->buckets = (hash_bucket_type **)
488 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
489 class_hash->table = (unsigned short *)
490 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
491 if (class_hash->buckets == 0 ||
492 class_hash->table == 0)
493 CCout_of_memory(context);
494 class_hash->entries_used = 0;
495 }
496
497 static void finalize_class_hash(context_type *context)
498 {
499 hash_table_type *class_hash = &(context->class_hash);
500 JNIEnv *env = context->env;
501 int i;
502 /* 4296677: bucket index starts from 1. */
503 for (i=1;i<=class_hash->entries_used;i++) {
504 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
505 assert(bucket != NULL);
506 free(bucket->name);
507 if (bucket->class) {
508 (*env)->DeleteGlobalRef(env, bucket->class);
509 #ifdef DEBUG
510 context->n_globalrefs--;
511 #endif
512 }
513 }
514 if (class_hash->buckets) {
515 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
516 if (class_hash->buckets[i] == 0)
517 break;
518 free(class_hash->buckets[i]);
519 }
520 }
521 free(class_hash->buckets);
522 free(class_hash->table);
523 }
524
525 static hash_bucket_type *
526 new_bucket(context_type *context, unsigned short *pID)
527 {
528 hash_table_type *class_hash = &(context->class_hash);
529 int i = *pID = class_hash->entries_used + 1;
530 int row = i / HASH_ROW_SIZE;
531 if (i >= MAX_HASH_ENTRIES)
532 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
533 if (class_hash->buckets[row] == 0) {
534 class_hash->buckets[row] = (hash_bucket_type*)
535 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
536 if (class_hash->buckets[row] == 0)
537 CCout_of_memory(context);
538 }
539 class_hash->entries_used++; /* only increment when we are sure there
540 is no overflow. */
541 return GET_BUCKET(class_hash, i);
542 }
543
544 static unsigned int
545 class_hash_fun(const char *s)
546 {
547 int i;
548 unsigned raw_hash;
549 for (raw_hash = 0; (i = *s) != '\0'; ++s)
550 raw_hash = raw_hash * 37 + i;
551 return raw_hash;
552 }
553
554 /*
555 * Find a class using the defining loader of the current class
556 * and return a local reference to it.
557 */
558 static jclass load_class_local(context_type *context,const char *classname)
559 {
560 jclass cb = JVM_FindClassFromClass(context->env, classname,
561 JNI_FALSE, context->class);
562 if (cb == 0)
563 CCerror(context, "Cannot find class %s", classname);
564 return cb;
565 }
566
567 /*
568 * Find a class using the defining loader of the current class
569 * and return a global reference to it.
570 */
571 static jclass load_class_global(context_type *context, const char *classname)
572 {
573 JNIEnv *env = context->env;
574 jclass local, global;
575
576 local = load_class_local(context, classname);
577 global = (*env)->NewGlobalRef(env, local);
578 if (global == 0)
579 CCout_of_memory(context);
580 #ifdef DEBUG
581 context->n_globalrefs++;
582 #endif
583 (*env)->DeleteLocalRef(env, local);
584 return global;
585 }
586
587 /*
588 * Return a unique ID given a local class reference. The loadable
589 * flag is true if the defining class loader of context->class
590 * is known to be capable of loading the class.
591 */
592 static unsigned short
593 class_to_ID(context_type *context, jclass cb, jboolean loadable)
594 {
595 JNIEnv *env = context->env;
596 hash_table_type *class_hash = &(context->class_hash);
597 unsigned int hash;
598 hash_bucket_type *bucket;
599 unsigned short *pID;
600 const char *name = JVM_GetClassNameUTF(env, cb);
601
602 check_and_push(context, name, VM_STRING_UTF);
603 hash = class_hash_fun(name);
604 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
605 while (*pID) {
606 bucket = GET_BUCKET(class_hash, *pID);
607 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
608 /*
609 * There is an unresolved entry with our name
610 * so we're forced to load it in case it matches us.
611 */
612 if (bucket->class == 0) {
613 assert(bucket->loadable == JNI_TRUE);
614 bucket->class = load_class_global(context, name);
615 }
616
617 /*
618 * It's already in the table. Update the loadable
619 * state if it's known and then we're done.
620 */
621 if ((*env)->IsSameObject(env, cb, bucket->class)) {
622 if (loadable && !bucket->loadable)
623 bucket->loadable = JNI_TRUE;
624 goto done;
625 }
626 }
627 pID = &bucket->next;
628 }
629 bucket = new_bucket(context, pID);
630 bucket->next = 0;
631 bucket->hash = hash;
632 bucket->name = malloc(strlen(name) + 1);
633 if (bucket->name == 0)
634 CCout_of_memory(context);
635 strcpy(bucket->name, name);
636 bucket->loadable = loadable;
637 bucket->class = (*env)->NewGlobalRef(env, cb);
638 if (bucket->class == 0)
639 CCout_of_memory(context);
640 #ifdef DEBUG
641 context->n_globalrefs++;
642 #endif
643
644 done:
645 pop_and_free(context);
646 return *pID;
647 }
648
649 /*
650 * Return a unique ID given a class name from the constant pool.
651 * All classes are lazily loaded from the defining loader of
652 * context->class.
653 */
654 static unsigned short
655 class_name_to_ID(context_type *context, const char *name)
656 {
657 hash_table_type *class_hash = &(context->class_hash);
658 unsigned int hash = class_hash_fun(name);
659 hash_bucket_type *bucket;
660 unsigned short *pID;
661 jboolean force_load = JNI_FALSE;
662
663 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
664 while (*pID) {
665 bucket = GET_BUCKET(class_hash, *pID);
666 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
667 if (bucket->loadable)
668 goto done;
669 force_load = JNI_TRUE;
670 }
671 pID = &bucket->next;
672 }
673
674 if (force_load) {
675 /*
676 * We found at least one matching named entry for a class that
677 * was not known to be loadable through the defining class loader
678 * of context->class. We must load our named class and update
679 * the hash table in case one these entries matches our class.
680 */
681 JNIEnv *env = context->env;
682 jclass cb = load_class_local(context, name);
683 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
684 (*env)->DeleteLocalRef(env, cb);
685 return id;
686 }
687
688 bucket = new_bucket(context, pID);
689 bucket->next = 0;
690 bucket->class = 0;
691 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
692 bucket->hash = hash;
693 bucket->name = malloc(strlen(name) + 1);
694 if (bucket->name == 0)
695 CCout_of_memory(context);
696 strcpy(bucket->name, name);
697
698 done:
699 return *pID;
700 }
701
702 static const char *
703 ID_to_class_name(context_type *context, unsigned short ID)
704 {
705 hash_table_type *class_hash = &(context->class_hash);
706 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
707 return bucket->name;
708 }
709
710 static jclass
711 ID_to_class(context_type *context, unsigned short ID)
712 {
713 hash_table_type *class_hash = &(context->class_hash);
714 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
715 if (bucket->class == 0) {
716 assert(bucket->loadable == JNI_TRUE);
717 bucket->class = load_class_global(context, bucket->name);
718 }
719 return bucket->class;
720 }
721
722 static fullinfo_type
723 make_loadable_class_info(context_type *context, jclass cb)
724 {
725 return MAKE_FULLINFO(ITEM_Object, 0,
726 class_to_ID(context, cb, JNI_TRUE));
727 }
728
729 static fullinfo_type
730 make_class_info(context_type *context, jclass cb)
731 {
732 return MAKE_FULLINFO(ITEM_Object, 0,
733 class_to_ID(context, cb, JNI_FALSE));
734 }
735
736 static fullinfo_type
737 make_class_info_from_name(context_type *context, const char *name)
738 {
739 return MAKE_FULLINFO(ITEM_Object, 0,
740 class_name_to_ID(context, name));
741 }
742
743 /* RETURNS
744 * 1: on success chosen to be consistent with previous VerifyClass
745 * 0: verify error
746 * 2: out of memory
747 * 3: class format error
748 *
749 * Called by verify_class. Verify the code of each of the methods
750 * in a class. Note that this function apparently can't be JNICALL,
751 * because if it is the dynamic linker doesn't appear to be able to
752 * find it on Win32.
753 */
754
755 #define CC_OK 1
756 #define CC_VerifyError 0
757 #define CC_OutOfMemory 2
758 #define CC_ClassFormatError 3
759
760 JNIEXPORT jboolean
761 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
762 jint major_version)
763 {
764 context_type context_structure;
765 context_type *context = &context_structure;
766 jboolean result = CC_OK;
767 int i;
768 int num_methods;
769 int* code_lengths;
770 unsigned char** code;
771
772 #ifdef DEBUG
773 GlobalContext = context;
774 #endif
775
776 memset(context, 0, sizeof(context_type));
777 context->message = buffer;
778 context->message_buf_len = len;
779
780 context->env = env;
781 context->class = cb;
782
783 /* Set invalid method/field index of the context, in case anyone
784 calls CCerror */
785 context->method_index = -1;
786 context->field_index = -1;
787
788 /* Don't call CCerror or anything that can call it above the setjmp! */
789 if (!setjmp(context->jump_buffer)) {
790 jclass super;
791
792 CCinit(context); /* initialize heap; may throw */
793
794 initialize_class_hash(context);
795
796 context->major_version = major_version;
797 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
798 context->constant_types = (unsigned char *)
799 malloc(sizeof(unsigned char) * context->nconstants + 1);
800
801 if (context->constant_types == 0)
802 CCout_of_memory(context);
803
804 JVM_GetClassCPTypes(env, cb, context->constant_types);
805
806 if (context->constant_types == 0)
807 CCout_of_memory(context);
808
809 context->object_info =
810 make_class_info_from_name(context, "java/lang/Object");
811 context->string_info =
812 make_class_info_from_name(context, "java/lang/String");
813 context->throwable_info =
814 make_class_info_from_name(context, "java/lang/Throwable");
815 context->cloneable_info =
816 make_class_info_from_name(context, "java/lang/Cloneable");
817 context->serializable_info =
818 make_class_info_from_name(context, "java/io/Serializable");
819
820 context->currentclass_info = make_loadable_class_info(context, cb);
821
822 super = (*env)->GetSuperclass(env, cb);
823
824 if (super != 0) {
825 fullinfo_type *gptr;
826 int i = 0;
827
828 context->superclass_info = make_loadable_class_info(context, super);
829
830 while(super != 0) {
831 jclass tmp_cb = (*env)->GetSuperclass(env, super);
832 (*env)->DeleteLocalRef(env, super);
833 super = tmp_cb;
834 i++;
835 }
836 (*env)->DeleteLocalRef(env, super);
837 super = 0;
838
839 /* Can't go on context heap since it survives more than
840 one method */
841 context->superclasses = gptr =
842 malloc(sizeof(fullinfo_type)*(i + 1));
843 if (gptr == 0) {
844 CCout_of_memory(context);
845 }
846
847 super = (*env)->GetSuperclass(env, context->class);
848 while(super != 0) {
849 jclass tmp_cb;
850 *gptr++ = make_class_info(context, super);
851 tmp_cb = (*env)->GetSuperclass(env, super);
852 (*env)->DeleteLocalRef(env, super);
853 super = tmp_cb;
854 }
855 *gptr = 0;
856 } else {
857 context->superclass_info = 0;
858 }
859
860 (*env)->DeleteLocalRef(env, super);
861
862 /* Look at each method */
863 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
864 verify_field(context, cb, i);
865 num_methods = JVM_GetClassMethodsCount(env, cb);
866 read_all_code(context, cb, num_methods, &code_lengths, &code);
867 for (i = num_methods - 1; i >= 0; --i)
868 verify_method(context, cb, i, code_lengths[i], code[i]);
869 free_all_code(context, num_methods, code);
870 result = CC_OK;
871 } else {
872 result = context->err_code;
873 }
874
875 /* Cleanup */
876 finalize_class_hash(context);
877
878 while(context->allocated_memory)
879 pop_and_free(context);
880
881 #ifdef DEBUG
882 GlobalContext = 0;
883 #endif
884
885 if (context->exceptions)
886 free(context->exceptions);
887
888 if (context->constant_types)
889 free(context->constant_types);
890
891 if (context->superclasses)
892 free(context->superclasses);
893
894 #ifdef DEBUG
895 /* Make sure all global refs created in the verifier are freed */
896 assert(context->n_globalrefs == 0);
897 #endif
898
899 CCdestroy(context); /* destroy heap */
900 return result;
901 }
902
903 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
904
905 JNIEXPORT jboolean
906 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
907 {
908 static int warned = 0;
909 if (!warned) {
910 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
911 warned = 1;
912 }
913 return VerifyClassForMajorVersion(env, cb, buffer, len,
914 OLD_FORMAT_MAX_MAJOR_VERSION);
915 }
916
917 static void
918 verify_field(context_type *context, jclass cb, int field_index)
919 {
920 JNIEnv *env = context->env;
921 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
922 context->field_index = field_index;
923
924 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
925 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
926 CCerror(context, "Inconsistent access bits.");
927 }
928 context->field_index = -1;
929 }
930
931
932 /**
933 * We read all of the class's methods' code because it is possible that
934 * the verification of one method could resulting in linking further
935 * down the stack (due to class loading), which could end up rewriting
936 * some of the bytecode of methods we haven't verified yet. Since we
937 * don't want to see the rewritten bytecode, cache all the code and
938 * operate only on that.
939 */
940 static void
941 read_all_code(context_type* context, jclass cb, int num_methods,
942 int** lengths_addr, unsigned char*** code_addr)
943 {
944 int* lengths;
945 unsigned char** code;
946 int i;
947
948 lengths = malloc(sizeof(int) * num_methods);
949 check_and_push(context, lengths, VM_MALLOC_BLK);
950
951 code = malloc(sizeof(unsigned char*) * num_methods);
952 check_and_push(context, code, VM_MALLOC_BLK);
953
954 *(lengths_addr) = lengths;
955 *(code_addr) = code;
956
957 for (i = 0; i < num_methods; ++i) {
958 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
959 if (lengths[i] > 0) {
960 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
961 check_and_push(context, code[i], VM_MALLOC_BLK);
962 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
963 } else {
964 code[i] = NULL;
965 }
966 }
967 }
968
969 static void
970 free_all_code(context_type* context, int num_methods, unsigned char** code)
971 {
972 int i;
973 for (i = 0; i < num_methods; ++i) {
974 if (code[i] != NULL) {
975 pop_and_free(context);
976 }
977 }
978 pop_and_free(context); /* code */
979 pop_and_free(context); /* lengths */
980 }
981
982 /* Verify the code of one method */
983 static void
984 verify_method(context_type *context, jclass cb, int method_index,
985 int code_length, unsigned char* code)
986 {
987 JNIEnv *env = context->env;
988 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
989 int *code_data;
990 instruction_data_type *idata = 0;
991 int instruction_count;
992 int i, offset;
993 unsigned int inumber;
994 jint nexceptions;
995
996 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
997 /* not much to do for abstract and native methods */
998 return;
999 }
1000
1001 context->code_length = code_length;
1002 context->code = code;
1003
1004 /* CCerror can give method-specific info once this is set */
1005 context->method_index = method_index;
1006
1007 CCreinit(context); /* initial heap */
1008 code_data = NEW(int, code_length);
1009
1010 #ifdef DEBUG
1011 if (verify_verbose) {
1012 const char *classname = JVM_GetClassNameUTF(env, cb);
1013 const char *methodname =
1014 JVM_GetMethodIxNameUTF(env, cb, method_index);
1015 const char *signature =
1016 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1017 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1018 (classname ? classname : ""),
1019 (methodname ? methodname : ""),
1020 (signature ? signature : ""));
1021 JVM_ReleaseUTF(classname);
1022 JVM_ReleaseUTF(methodname);
1023 JVM_ReleaseUTF(signature);
1024 }
1025 #endif
1026
1027 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1028 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1029 CCerror(context, "Inconsistent access bits.");
1030 }
1031
1032 // If this method is an overpass method, which is generated by the VM,
1033 // we trust the code and no check needs to be done.
1034 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1035 return;
1036 }
1037
1038 /* Run through the code. Mark the start of each instruction, and give
1039 * the instruction a number */
1040 for (i = 0, offset = 0; offset < code_length; i++) {
1041 int length = instruction_length(&code[offset], code + code_length);
1042 int next_offset = offset + length;
1043 if (length <= 0)
1044 CCerror(context, "Illegal instruction found at offset %d", offset);
1045 if (next_offset > code_length)
1046 CCerror(context, "Code stops in the middle of instruction "
1047 " starting at offset %d", offset);
1048 code_data[offset] = i;
1049 while (++offset < next_offset)
1050 code_data[offset] = -1; /* illegal location */
1051 }
1052 instruction_count = i; /* number of instructions in code */
1053
1054 /* Allocate a structure to hold info about each instruction. */
1055 idata = NEW(instruction_data_type, instruction_count);
1056
1057 /* Initialize the heap, and other info in the context structure. */
1058 context->code = code;
1059 context->instruction_data = idata;
1060 context->code_data = code_data;
1061 context->instruction_count = instruction_count;
1062 context->handler_info =
1063 NEW(struct handler_info_type,
1064 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1065 context->bitmask_size =
1066 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1067 + (BITS_PER_INT - 1))/BITS_PER_INT;
1068
1069 if (instruction_count == 0)
1070 CCerror(context, "Empty code");
1071
1072 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1073 int length = instruction_length(&code[offset], code + code_length);
1074 instruction_data_type *this_idata = &idata[inumber];
1075 this_idata->opcode = code[offset];
1076 this_idata->stack_info.stack = NULL;
1077 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1078 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1079 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1080 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1081 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1082 this_idata->or_flags = 0; /* "bottom" or value*/
1083 /* This also sets up this_data->operand. It also makes the
1084 * xload_x and xstore_x instructions look like the generic form. */
1085 verify_opcode_operands(context, inumber, offset);
1086 offset += length;
1087 }
1088
1089
1090 /* make sure exception table is reasonable. */
1091 initialize_exception_table(context);
1092 /* Set up first instruction, and start of exception handlers. */
1093 initialize_dataflow(context);
1094 /* Run data flow analysis on the instructions. */
1095 run_dataflow(context);
1096
1097 /* verify checked exceptions, if any */
1098 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1099 context->exceptions = (unsigned short *)
1100 malloc(sizeof(unsigned short) * nexceptions + 1);
1101 if (context->exceptions == 0)
1102 CCout_of_memory(context);
1103 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1104 context->exceptions);
1105 for (i = 0; i < nexceptions; i++) {
1106 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1107 verify_constant_pool_type(context, (int)context->exceptions[i],
1108 1 << JVM_CONSTANT_Class);
1109 }
1110 free(context->exceptions);
1111 context->exceptions = 0;
1112 context->code = 0;
1113 context->method_index = -1;
1114 }
1115
1116
1117 /* Look at a single instruction, and verify its operands. Also, for
1118 * simplicity, move the operand into the ->operand field.
1119 * Make sure that branches don't go into the middle of nowhere.
1120 */
1121
1122 static jint _ck_ntohl(jint n)
1123 {
1124 unsigned char *p = (unsigned char *)&n;
1125 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1126 }
1127
1128 static void
1129 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1130 {
1131 JNIEnv *env = context->env;
1132 instruction_data_type *idata = context->instruction_data;
1133 instruction_data_type *this_idata = &idata[inumber];
1134 int *code_data = context->code_data;
1135 int mi = context->method_index;
1136 unsigned char *code = context->code;
1137 int opcode = this_idata->opcode;
1138 int var;
1139
1140 /*
1141 * Set the ip fields to 0 not the i fields because the ip fields
1142 * are 64 bits on 64 bit architectures, the i field is only 32
1143 */
1144 this_idata->operand.ip = 0;
1145 this_idata->operand2.ip = 0;
1146
1147 switch (opcode) {
1148
1149 case JVM_OPC_jsr:
1150 /* instruction of ret statement */
1151 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1152 /* FALLTHROUGH */
1153 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1154 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1155 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1156 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1157 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1158 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1159 case JVM_OPC_goto: {
1160 /* Set the ->operand to be the instruction number of the target. */
1161 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1162 int target = offset + jump;
1163 if (!isLegalTarget(context, target))
1164 CCerror(context, "Illegal target of jump or branch");
1165 this_idata->operand.i = code_data[target];
1166 break;
1167 }
1168
1169 case JVM_OPC_jsr_w:
1170 /* instruction of ret statement */
1171 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1172 /* FALLTHROUGH */
1173 case JVM_OPC_goto_w: {
1174 /* Set the ->operand to be the instruction number of the target. */
1175 int jump = (((signed char)(code[offset+1])) << 24) +
1176 (code[offset+2] << 16) + (code[offset+3] << 8) +
1177 (code[offset + 4]);
1178 int target = offset + jump;
1179 if (!isLegalTarget(context, target))
1180 CCerror(context, "Illegal target of jump or branch");
1181 this_idata->operand.i = code_data[target];
1182 break;
1183 }
1184
1185 case JVM_OPC_tableswitch:
1186 case JVM_OPC_lookupswitch: {
1187 /* Set the ->operand to be a table of possible instruction targets. */
1188 int *lpc = (int *) UCALIGN(code + offset + 1);
1189 int *lptr;
1190 int *saved_operand;
1191 int keys;
1192 int k, delta;
1193
1194 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1195 /* 4639449, 4647081: Padding bytes must be zero. */
1196 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1197 for (; bptr < (unsigned char*)lpc; bptr++) {
1198 if (*bptr != 0) {
1199 CCerror(context, "Non zero padding bytes in switch");
1200 }
1201 }
1202 }
1203 if (opcode == JVM_OPC_tableswitch) {
1204 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1205 delta = 1;
1206 } else {
1207 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1208 delta = 2;
1209 /* Make sure that the tableswitch items are sorted */
1210 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1211 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1212 int next_key = _ck_ntohl(lptr[2]);
1213 if (this_key >= next_key) {
1214 CCerror(context, "Unsorted lookup switch");
1215 }
1216 }
1217 }
1218 saved_operand = NEW(int, keys + 2);
1219 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1220 CCerror(context, "Illegal default target in switch");
1221 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1222 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1223 int target = offset + _ck_ntohl(lptr[0]);
1224 if (!isLegalTarget(context, target))
1225 CCerror(context, "Illegal branch in tableswitch");
1226 saved_operand[k + 1] = code_data[target];
1227 }
1228 saved_operand[0] = keys + 1; /* number of successors */
1229 this_idata->operand.ip = saved_operand;
1230 break;
1231 }
1232
1233 case JVM_OPC_ldc: {
1234 /* Make sure the constant pool item is the right type. */
1235 int key = code[offset + 1];
1236 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1237 (1 << JVM_CONSTANT_String);
1238 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1239 types |= 1 << JVM_CONSTANT_Class;
1240 }
1241 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1242 types |= (1 << JVM_CONSTANT_MethodHandle) |
1243 (1 << JVM_CONSTANT_MethodType);
1244 }
1245 this_idata->operand.i = key;
1246 verify_constant_pool_type(context, key, types);
1247 break;
1248 }
1249
1250 case JVM_OPC_ldc_w: {
1251 /* Make sure the constant pool item is the right type. */
1252 int key = (code[offset + 1] << 8) + code[offset + 2];
1253 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1254 (1 << JVM_CONSTANT_String);
1255 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1256 types |= 1 << JVM_CONSTANT_Class;
1257 }
1258 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1259 types |= (1 << JVM_CONSTANT_MethodHandle) |
1260 (1 << JVM_CONSTANT_MethodType);
1261 }
1262 this_idata->operand.i = key;
1263 verify_constant_pool_type(context, key, types);
1264 break;
1265 }
1266
1267 case JVM_OPC_ldc2_w: {
1268 /* Make sure the constant pool item is the right type. */
1269 int key = (code[offset + 1] << 8) + code[offset + 2];
1270 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1271 this_idata->operand.i = key;
1272 verify_constant_pool_type(context, key, types);
1273 break;
1274 }
1275
1276 case JVM_OPC_getfield: case JVM_OPC_putfield:
1277 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1278 /* Make sure the constant pool item is the right type. */
1279 int key = (code[offset + 1] << 8) + code[offset + 2];
1280 this_idata->operand.i = key;
1281 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1282 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1283 set_protected(context, inumber, key, opcode);
1284 break;
1285 }
1286
1287 case JVM_OPC_invokevirtual:
1288 case JVM_OPC_invokespecial:
1289 case JVM_OPC_invokestatic:
1290 case JVM_OPC_invokedynamic:
1291 case JVM_OPC_invokeinterface: {
1292 /* Make sure the constant pool item is the right type. */
1293 int key = (code[offset + 1] << 8) + code[offset + 2];
1294 const char *methodname;
1295 jclass cb = context->class;
1296 fullinfo_type clazz_info;
1297 int is_constructor, is_internal, is_invokedynamic;
1298 int kind;
1299
1300 switch (opcode ) {
1301 case JVM_OPC_invokestatic:
1302 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1303 ? (1 << JVM_CONSTANT_Methodref)
1304 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1305 break;
1306 case JVM_OPC_invokedynamic:
1307 kind = 1 << JVM_CONSTANT_NameAndType;
1308 break;
1309 case JVM_OPC_invokeinterface:
1310 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1311 break;
1312 default:
1313 kind = 1 << JVM_CONSTANT_Methodref;
1314 }
1315
1316 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1317 /* Make sure the constant pool item is the right type. */
1318 verify_constant_pool_type(context, key, kind);
1319 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1320 check_and_push(context, methodname, VM_STRING_UTF);
1321 is_constructor = !strcmp(methodname, "<init>");
1322 is_internal = methodname[0] == '<';
1323 pop_and_free(context);
1324
1325 if (is_invokedynamic)
1326 clazz_info = context->object_info; // anything will do
1327 else
1328 clazz_info = cp_index_to_class_fullinfo(context, key,
1329 JVM_CONSTANT_Methodref);
1330 this_idata->operand.i = key;
1331 this_idata->operand2.fi = clazz_info;
1332 if (is_constructor) {
1333 if (opcode != JVM_OPC_invokespecial) {
1334 CCerror(context,
1335 "Must call initializers using invokespecial");
1336 }
1337 this_idata->opcode = JVM_OPC_invokeinit;
1338 } else {
1339 if (is_internal) {
1340 CCerror(context, "Illegal call to internal method");
1341 }
1342 if (opcode == JVM_OPC_invokespecial
1343 && clazz_info != context->currentclass_info
1344 && clazz_info != context->superclass_info) {
1345 int not_found = 1;
1346
1347 jclass super = (*env)->GetSuperclass(env, context->class);
1348 while(super != 0) {
1349 jclass tmp_cb;
1350 fullinfo_type new_info = make_class_info(context, super);
1351 if (clazz_info == new_info) {
1352 not_found = 0;
1353 break;
1354 }
1355 tmp_cb = (*env)->GetSuperclass(env, super);
1356 (*env)->DeleteLocalRef(env, super);
1357 super = tmp_cb;
1358 }
1359 (*env)->DeleteLocalRef(env, super);
1360
1361 /* The optimizer may cause this to happen on local code */
1362 if (not_found) {
1363 CCerror(context, "Illegal use of nonvirtual function call");
1364 }
1365 }
1366 }
1367 if (opcode == JVM_OPC_invokeinterface) {
1368 unsigned int args1;
1369 unsigned int args2;
1370 const char *signature =
1371 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1372 check_and_push(context, signature, VM_STRING_UTF);
1373 args1 = signature_to_args_size(signature) + 1;
1374 args2 = code[offset + 3];
1375 if (args1 != args2) {
1376 CCerror(context,
1377 "Inconsistent args_size for invokeinterface");
1378 }
1379 if (code[offset + 4] != 0) {
1380 CCerror(context,
1381 "Fourth operand byte of invokeinterface must be zero");
1382 }
1383 pop_and_free(context);
1384 } else if (opcode == JVM_OPC_invokedynamic) {
1385 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1386 CCerror(context,
1387 "Third and fourth operand bytes of invokedynamic must be zero");
1388 }
1389 } else if (opcode == JVM_OPC_invokevirtual
1390 || opcode == JVM_OPC_invokespecial)
1391 set_protected(context, inumber, key, opcode);
1392 break;
1393 }
1394
1395
1396 case JVM_OPC_instanceof:
1397 case JVM_OPC_checkcast:
1398 case JVM_OPC_new:
1399 case JVM_OPC_anewarray:
1400 case JVM_OPC_multianewarray: {
1401 /* Make sure the constant pool item is a class */
1402 int key = (code[offset + 1] << 8) + code[offset + 2];
1403 fullinfo_type target;
1404 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1405 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1406 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1407 CCerror(context, "Illegal type");
1408 switch(opcode) {
1409 case JVM_OPC_anewarray:
1410 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1411 CCerror(context, "Array with too many dimensions");
1412 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1413 GET_INDIRECTION(target) + 1,
1414 GET_EXTRA_INFO(target));
1415 break;
1416 case JVM_OPC_new:
1417 if (WITH_ZERO_EXTRA_INFO(target) !=
1418 MAKE_FULLINFO(ITEM_Object, 0, 0))
1419 CCerror(context, "Illegal creation of multi-dimensional array");
1420 /* operand gets set to the "unitialized object". operand2 gets
1421 * set to what the value will be after it's initialized. */
1422 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1423 this_idata->operand2.fi = target;
1424 break;
1425 case JVM_OPC_multianewarray:
1426 this_idata->operand.fi = target;
1427 this_idata->operand2.i = code[offset + 3];
1428 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1429 || (this_idata->operand2.i == 0))
1430 CCerror(context, "Illegal dimension argument");
1431 break;
1432 default:
1433 this_idata->operand.fi = target;
1434 }
1435 break;
1436 }
1437
1438 case JVM_OPC_newarray: {
1439 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1440 fullinfo_type full_info;
1441 switch (code[offset + 1]) {
1442 case JVM_T_INT:
1443 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1444 case JVM_T_LONG:
1445 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1446 case JVM_T_FLOAT:
1447 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1448 case JVM_T_DOUBLE:
1449 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1450 case JVM_T_BOOLEAN:
1451 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0); break;
1452 case JVM_T_BYTE:
1453 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1454 case JVM_T_CHAR:
1455 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1456 case JVM_T_SHORT:
1457 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1458 default:
1459 full_info = 0; /* Keep lint happy */
1460 CCerror(context, "Bad type passed to newarray");
1461 }
1462 this_idata->operand.fi = full_info;
1463 break;
1464 }
1465
1466 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1467 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1468 this_idata->opcode = JVM_OPC_iload;
1469 var = opcode - JVM_OPC_iload_0;
1470 goto check_local_variable;
1471
1472 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1473 this_idata->opcode = JVM_OPC_fload;
1474 var = opcode - JVM_OPC_fload_0;
1475 goto check_local_variable;
1476
1477 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1478 this_idata->opcode = JVM_OPC_aload;
1479 var = opcode - JVM_OPC_aload_0;
1480 goto check_local_variable;
1481
1482 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1483 this_idata->opcode = JVM_OPC_lload;
1484 var = opcode - JVM_OPC_lload_0;
1485 goto check_local_variable2;
1486
1487 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1488 this_idata->opcode = JVM_OPC_dload;
1489 var = opcode - JVM_OPC_dload_0;
1490 goto check_local_variable2;
1491
1492 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1493 this_idata->opcode = JVM_OPC_istore;
1494 var = opcode - JVM_OPC_istore_0;
1495 goto check_local_variable;
1496
1497 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1498 this_idata->opcode = JVM_OPC_fstore;
1499 var = opcode - JVM_OPC_fstore_0;
1500 goto check_local_variable;
1501
1502 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1503 this_idata->opcode = JVM_OPC_astore;
1504 var = opcode - JVM_OPC_astore_0;
1505 goto check_local_variable;
1506
1507 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1508 this_idata->opcode = JVM_OPC_lstore;
1509 var = opcode - JVM_OPC_lstore_0;
1510 goto check_local_variable2;
1511
1512 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1513 this_idata->opcode = JVM_OPC_dstore;
1514 var = opcode - JVM_OPC_dstore_0;
1515 goto check_local_variable2;
1516
1517 case JVM_OPC_wide:
1518 this_idata->opcode = code[offset + 1];
1519 var = (code[offset + 2] << 8) + code[offset + 3];
1520 switch(this_idata->opcode) {
1521 case JVM_OPC_lload: case JVM_OPC_dload:
1522 case JVM_OPC_lstore: case JVM_OPC_dstore:
1523 goto check_local_variable2;
1524 default:
1525 goto check_local_variable;
1526 }
1527
1528 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1529 case JVM_OPC_ret:
1530 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1531 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1532 var = code[offset + 1];
1533 check_local_variable:
1534 /* Make sure that the variable number isn't illegal. */
1535 this_idata->operand.i = var;
1536 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1537 CCerror(context, "Illegal local variable number");
1538 break;
1539
1540 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1541 var = code[offset + 1];
1542 check_local_variable2:
1543 /* Make sure that the variable number isn't illegal. */
1544 this_idata->operand.i = var;
1545 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1546 CCerror(context, "Illegal local variable number");
1547 break;
1548
1549 default:
1550 if (opcode > JVM_OPC_MAX)
1551 CCerror(context, "Quick instructions shouldn't appear yet.");
1552 break;
1553 } /* of switch */
1554 }
1555
1556
1557 static void
1558 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1559 {
1560 JNIEnv *env = context->env;
1561 fullinfo_type clazz_info;
1562 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1563 clazz_info = cp_index_to_class_fullinfo(context, key,
1564 JVM_CONSTANT_Fieldref);
1565 } else {
1566 clazz_info = cp_index_to_class_fullinfo(context, key,
1567 JVM_CONSTANT_Methodref);
1568 }
1569 if (is_superclass(context, clazz_info)) {
1570 jclass calledClass =
1571 object_fullinfo_to_classclass(context, clazz_info);
1572 int access;
1573 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1574 searches the referenced field or method in calledClass. The following
1575 while loop is added to search up the superclass chain to make this
1576 symbolic resolution consistent with the field/method resolution
1577 specified in VM spec 5.4.3. */
1578 calledClass = (*env)->NewLocalRef(env, calledClass);
1579 do {
1580 jclass tmp_cb;
1581 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1582 access = JVM_GetCPFieldModifiers
1583 (env, context->class, key, calledClass);
1584 } else {
1585 access = JVM_GetCPMethodModifiers
1586 (env, context->class, key, calledClass);
1587 }
1588 if (access != -1) {
1589 break;
1590 }
1591 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1592 (*env)->DeleteLocalRef(env, calledClass);
1593 calledClass = tmp_cb;
1594 } while (calledClass != 0);
1595
1596 if (access == -1) {
1597 /* field/method not found, detected at runtime. */
1598 } else if (access & JVM_ACC_PROTECTED) {
1599 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1600 context->instruction_data[inumber].protected = JNI_TRUE;
1601 }
1602 (*env)->DeleteLocalRef(env, calledClass);
1603 }
1604 }
1605
1606
1607 static jboolean
1608 is_superclass(context_type *context, fullinfo_type clazz_info) {
1609 fullinfo_type *fptr = context->superclasses;
1610
1611 if (fptr == 0)
1612 return JNI_FALSE;
1613 for (; *fptr != 0; fptr++) {
1614 if (*fptr == clazz_info)
1615 return JNI_TRUE;
1616 }
1617 return JNI_FALSE;
1618 }
1619
1620
1621 /* Look through each item on the exception table. Each of the fields must
1622 * refer to a legal instruction.
1623 */
1624 static void
1625 initialize_exception_table(context_type *context)
1626 {
1627 JNIEnv *env = context->env;
1628 int mi = context->method_index;
1629 struct handler_info_type *handler_info = context->handler_info;
1630 int *code_data = context->code_data;
1631 int code_length = context->code_length;
1632 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1633 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1634 if (max_stack_size < 1 && i > 0) {
1635 // If the method contains exception handlers, it must have room
1636 // on the expression stack for the exception that the VM could push
1637 CCerror(context, "Stack size too large");
1638 }
1639 for (; --i >= 0; handler_info++) {
1640 JVM_ExceptionTableEntryType einfo;
1641 stack_item_type *stack_item = NEW(stack_item_type, 1);
1642
1643 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1644 i, &einfo);
1645
1646 if (!(einfo.start_pc < einfo.end_pc &&
1647 einfo.start_pc >= 0 &&
1648 isLegalTarget(context, einfo.start_pc) &&
1649 (einfo.end_pc == code_length ||
1650 isLegalTarget(context, einfo.end_pc)))) {
1651 CFerror(context, "Illegal exception table range");
1652 }
1653 if (!((einfo.handler_pc > 0) &&
1654 isLegalTarget(context, einfo.handler_pc))) {
1655 CFerror(context, "Illegal exception table handler");
1656 }
1657
1658 handler_info->start = code_data[einfo.start_pc];
1659 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1660 handler_info->end = (einfo.end_pc == context->code_length) ?
1661 context->instruction_count : code_data[einfo.end_pc];
1662 handler_info->handler = code_data[einfo.handler_pc];
1663 handler_info->stack_info.stack = stack_item;
1664 handler_info->stack_info.stack_size = 1;
1665 stack_item->next = NULL;
1666 if (einfo.catchType != 0) {
1667 const char *classname;
1668 /* Constant pool entry type has been checked in format checker */
1669 classname = JVM_GetCPClassNameUTF(env,
1670 context->class,
1671 einfo.catchType);
1672 check_and_push(context, classname, VM_STRING_UTF);
1673 stack_item->item = make_class_info_from_name(context, classname);
1674 if (!isAssignableTo(context,
1675 stack_item->item,
1676 context->throwable_info))
1677 CCerror(context, "catch_type not a subclass of Throwable");
1678 pop_and_free(context);
1679 } else {
1680 stack_item->item = context->throwable_info;
1681 }
1682 }
1683 }
1684
1685
1686 /* Given a pointer to an instruction, return its length. Use the table
1687 * opcode_length[] which is automatically built.
1688 */
1689 static int instruction_length(unsigned char *iptr, unsigned char *end)
1690 {
1691 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1692 int instruction = *iptr;
1693 switch (instruction) {
1694 case JVM_OPC_tableswitch: {
1695 int *lpc = (int *)UCALIGN(iptr + 1);
1696 int index;
1697 if (lpc + 2 >= (int *)end) {
1698 return -1; /* do not read pass the end */
1699 }
1700 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1701 if ((index < 0) || (index > 65535)) {
1702 return -1; /* illegal */
1703 } else {
1704 return (unsigned char *)(&lpc[index + 4]) - iptr;
1705 }
1706 }
1707
1708 case JVM_OPC_lookupswitch: {
1709 int *lpc = (int *) UCALIGN(iptr + 1);
1710 int npairs;
1711 if (lpc + 1 >= (int *)end)
1712 return -1; /* do not read pass the end */
1713 npairs = _ck_ntohl(lpc[1]);
1714 /* There can't be more than 64K labels because of the limit
1715 * on per-method byte code length.
1716 */
1717 if (npairs < 0 || npairs >= 65536)
1718 return -1;
1719 else
1720 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1721 }
1722
1723 case JVM_OPC_wide:
1724 if (iptr + 1 >= end)
1725 return -1; /* do not read pass the end */
1726 switch(iptr[1]) {
1727 case JVM_OPC_ret:
1728 case JVM_OPC_iload: case JVM_OPC_istore:
1729 case JVM_OPC_fload: case JVM_OPC_fstore:
1730 case JVM_OPC_aload: case JVM_OPC_astore:
1731 case JVM_OPC_lload: case JVM_OPC_lstore:
1732 case JVM_OPC_dload: case JVM_OPC_dstore:
1733 return 4;
1734 case JVM_OPC_iinc:
1735 return 6;
1736 default:
1737 return -1;
1738 }
1739
1740 default: {
1741 /* A length of 0 indicates an error. */
1742 int length = opcode_length[instruction];
1743 return (length <= 0) ? -1 : length;
1744 }
1745 }
1746 }
1747
1748
1749 /* Given the target of a branch, make sure that it's a legal target. */
1750 static jboolean
1751 isLegalTarget(context_type *context, int offset)
1752 {
1753 int code_length = context->code_length;
1754 int *code_data = context->code_data;
1755 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1756 }
1757
1758
1759 /* Make sure that an element of the constant pool really is of the indicated
1760 * type.
1761 */
1762 static void
1763 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1764 {
1765 int nconstants = context->nconstants;
1766 unsigned char *type_table = context->constant_types;
1767 unsigned type;
1768
1769 if ((index <= 0) || (index >= nconstants))
1770 CCerror(context, "Illegal constant pool index");
1771
1772 type = type_table[index];
1773 if ((mask & (1 << type)) == 0)
1774 CCerror(context, "Illegal type in constant pool");
1775 }
1776
1777
1778 static void
1779 initialize_dataflow(context_type *context)
1780 {
1781 JNIEnv *env = context->env;
1782 instruction_data_type *idata = context->instruction_data;
1783 int mi = context->method_index;
1784 jclass cb = context->class;
1785 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1786 fullinfo_type *reg_ptr;
1787 fullinfo_type full_info;
1788 const char *p;
1789 const char *signature;
1790
1791 /* Initialize the function entry, since we know everything about it. */
1792 idata[0].stack_info.stack_size = 0;
1793 idata[0].stack_info.stack = NULL;
1794 idata[0].register_info.register_count = args_size;
1795 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1796 idata[0].register_info.mask_count = 0;
1797 idata[0].register_info.masks = NULL;
1798 idata[0].and_flags = 0; /* nothing needed */
1799 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1800 reg_ptr = idata[0].register_info.registers;
1801
1802 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1803 /* A non static method. If this is an <init> method, the first
1804 * argument is an uninitialized object. Otherwise it is an object of
1805 * the given class type. java.lang.Object.<init> is special since
1806 * we don't call its superclass <init> method.
1807 */
1808 if (JVM_IsConstructorIx(env, cb, mi)
1809 && context->currentclass_info != context->object_info) {
1810 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1811 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1812 } else {
1813 *reg_ptr++ = context->currentclass_info;
1814 }
1815 }
1816 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1817 check_and_push(context, signature, VM_STRING_UTF);
1818 /* Fill in each of the arguments into the registers. */
1819 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1820 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1821 switch (fieldchar) {
1822 case 'D': case 'L':
1823 *reg_ptr++ = full_info;
1824 *reg_ptr++ = full_info + 1;
1825 break;
1826 default:
1827 *reg_ptr++ = full_info;
1828 break;
1829 }
1830 }
1831 p++; /* skip over right parenthesis */
1832 if (*p == 'V') {
1833 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1834 } else {
1835 signature_to_fieldtype(context, &p, &full_info);
1836 context->return_type = full_info;
1837 }
1838 pop_and_free(context);
1839 /* Indicate that we need to look at the first instruction. */
1840 idata[0].changed = JNI_TRUE;
1841 }
1842
1843
1844 /* Run the data flow analysis, as long as there are things to change. */
1845 static void
1846 run_dataflow(context_type *context) {
1847 JNIEnv *env = context->env;
1848 int mi = context->method_index;
1849 jclass cb = context->class;
1850 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1851 instruction_data_type *idata = context->instruction_data;
1852 unsigned int icount = context->instruction_count;
1853 jboolean work_to_do = JNI_TRUE;
1854 unsigned int inumber;
1855
1856 /* Run through the loop, until there is nothing left to do. */
1857 while (work_to_do) {
1858 work_to_do = JNI_FALSE;
1859 for (inumber = 0; inumber < icount; inumber++) {
1860 instruction_data_type *this_idata = &idata[inumber];
1861 if (this_idata->changed) {
1862 register_info_type new_register_info;
1863 stack_info_type new_stack_info;
1864 flag_type new_and_flags, new_or_flags;
1865
1866 this_idata->changed = JNI_FALSE;
1867 work_to_do = JNI_TRUE;
1868 #ifdef DEBUG
1869 if (verify_verbose) {
1870 int opcode = this_idata->opcode;
1871 jio_fprintf(stdout, "Instruction %d: ", inumber);
1872 print_stack(context, &this_idata->stack_info);
1873 print_registers(context, &this_idata->register_info);
1874 print_flags(context,
1875 this_idata->and_flags, this_idata->or_flags);
1876 fflush(stdout);
1877 }
1878 #endif
1879 /* Make sure the registers and flags are appropriate */
1880 check_register_values(context, inumber);
1881 check_flags(context, inumber);
1882
1883 /* Make sure the stack can deal with this instruction */
1884 pop_stack(context, inumber, &new_stack_info);
1885
1886 /* Update the registers and flags */
1887 update_registers(context, inumber, &new_register_info);
1888 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1889
1890 /* Update the stack. */
1891 push_stack(context, inumber, &new_stack_info);
1892
1893 if (new_stack_info.stack_size > max_stack_size)
1894 CCerror(context, "Stack size too large");
1895 #ifdef DEBUG
1896 if (verify_verbose) {
1897 jio_fprintf(stdout, " ");
1898 print_stack(context, &new_stack_info);
1899 print_registers(context, &new_register_info);
1900 print_flags(context, new_and_flags, new_or_flags);
1901 fflush(stdout);
1902 }
1903 #endif
1904 /* Add the new stack and register information to any
1905 * instructions that can follow this instruction. */
1906 merge_into_successors(context, inumber,
1907 &new_register_info, &new_stack_info,
1908 new_and_flags, new_or_flags);
1909 }
1910 }
1911 }
1912 }
1913
1914
1915 /* Make sure that the registers contain a legitimate value for the given
1916 * instruction.
1917 */
1918
1919 static void
1920 check_register_values(context_type *context, unsigned int inumber)
1921 {
1922 instruction_data_type *idata = context->instruction_data;
1923 instruction_data_type *this_idata = &idata[inumber];
1924 int opcode = this_idata->opcode;
1925 int operand = this_idata->operand.i;
1926 int register_count = this_idata->register_info.register_count;
1927 fullinfo_type *registers = this_idata->register_info.registers;
1928 jboolean double_word = JNI_FALSE; /* default value */
1929 int type;
1930
1931 switch (opcode) {
1932 default:
1933 return;
1934 case JVM_OPC_iload: case JVM_OPC_iinc:
1935 type = ITEM_Integer; break;
1936 case JVM_OPC_fload:
1937 type = ITEM_Float; break;
1938 case JVM_OPC_aload:
1939 type = ITEM_Object; break;
1940 case JVM_OPC_ret:
1941 type = ITEM_ReturnAddress; break;
1942 case JVM_OPC_lload:
1943 type = ITEM_Long; double_word = JNI_TRUE; break;
1944 case JVM_OPC_dload:
1945 type = ITEM_Double; double_word = JNI_TRUE; break;
1946 }
1947 if (!double_word) {
1948 fullinfo_type reg;
1949 /* Make sure we don't have an illegal register or one with wrong type */
1950 if (operand >= register_count) {
1951 CCerror(context,
1952 "Accessing value from uninitialized register %d", operand);
1953 }
1954 reg = registers[operand];
1955
1956 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1957 /* the register is obviously of the given type */
1958 return;
1959 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1960 /* address type stuff be used on all arrays */
1961 return;
1962 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1963 CCerror(context, "Cannot load return address from register %d",
1964 operand);
1965 /* alternatively
1966 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1967 && (opcode == JVM_OPC_iload)
1968 && (type == ITEM_Object || type == ITEM_Integer)
1969 but this never occurs
1970 */
1971 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1972 return;
1973 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1974 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1975 type == ITEM_Object) {
1976 return;
1977 } else {
1978 CCerror(context, "Register %d contains wrong type", operand);
1979 }
1980 } else {
1981 /* Make sure we don't have an illegal register or one with wrong type */
1982 if ((operand + 1) >= register_count) {
1983 CCerror(context,
1984 "Accessing value from uninitialized register pair %d/%d",
1985 operand, operand+1);
1986 } else {
1987 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1988 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1989 return;
1990 } else {
1991 CCerror(context, "Register pair %d/%d contains wrong type",
1992 operand, operand+1);
1993 }
1994 }
1995 }
1996 }
1997
1998
1999 /* Make sure the flags contain legitimate values for this instruction.
2000 */
2001
2002 static void
2003 check_flags(context_type *context, unsigned int inumber)
2004 {
2005 instruction_data_type *idata = context->instruction_data;
2006 instruction_data_type *this_idata = &idata[inumber];
2007 int opcode = this_idata->opcode;
2008 switch (opcode) {
2009 case JVM_OPC_return:
2010 /* We need a constructor, but we aren't guaranteed it's called */
2011 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2012 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2013 CCerror(context, "Constructor must call super() or this()");
2014 /* fall through */
2015 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2016 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2017 if (this_idata->or_flags & FLAG_NO_RETURN)
2018 /* This method cannot exit normally */
2019 CCerror(context, "Cannot return normally");
2020 default:
2021 break; /* nothing to do. */
2022 }
2023 }
2024
2025 /* Make sure that the top of the stack contains reasonable values for the
2026 * given instruction. The post-pop values of the stack and its size are
2027 * returned in *new_stack_info.
2028 */
2029
2030 static void
2031 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2032 {
2033 instruction_data_type *idata = context->instruction_data;
2034 instruction_data_type *this_idata = &idata[inumber];
2035 int opcode = this_idata->opcode;
2036 stack_item_type *stack = this_idata->stack_info.stack;
2037 int stack_size = this_idata->stack_info.stack_size;
2038 char *stack_operands, *p;
2039 char buffer[257]; /* for holding manufactured argument lists */
2040 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2041 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2042 fullinfo_type full_info; /* only used in case of invoke instructions */
2043 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2044
2045 switch(opcode) {
2046 default:
2047 /* For most instructions, we just use a built-in table */
2048 stack_operands = opcode_in_out[opcode][0];
2049 break;
2050
2051 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2052 /* The top thing on the stack depends on the signature of
2053 * the object. */
2054 int operand = this_idata->operand.i;
2055 const char *signature =
2056 JVM_GetCPFieldSignatureUTF(context->env,
2057 context->class,
2058 operand);
2059 char *ip = buffer;
2060 check_and_push(context, signature, VM_STRING_UTF);
2061 #ifdef DEBUG
2062 if (verify_verbose) {
2063 print_formatted_fieldname(context, operand);
2064 }
2065 #endif
2066 if (opcode == JVM_OPC_putfield)
2067 *ip++ = 'A'; /* object for putfield */
2068 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2069 *ip = '\0';
2070 stack_operands = buffer;
2071 pop_and_free(context);
2072 break;
2073 }
2074
2075 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2076 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2077 case JVM_OPC_invokedynamic:
2078 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2079 /* The top stuff on the stack depends on the method signature */
2080 int operand = this_idata->operand.i;
2081 const char *signature =
2082 JVM_GetCPMethodSignatureUTF(context->env,
2083 context->class,
2084 operand);
2085 char *ip = buffer;
2086 const char *p;
2087 check_and_push(context, signature, VM_STRING_UTF);
2088 #ifdef DEBUG
2089 if (verify_verbose) {
2090 print_formatted_methodname(context, operand);
2091 }
2092 #endif
2093 if (opcode != JVM_OPC_invokestatic &&
2094 opcode != JVM_OPC_invokedynamic)
2095 /* First, push the object */
2096 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2097 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2098 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2099 if (ip >= buffer + sizeof(buffer) - 1)
2100 CCerror(context, "Signature %s has too many arguments",
2101 signature);
2102 }
2103 *ip = 0;
2104 stack_operands = buffer;
2105 pop_and_free(context);
2106 break;
2107 }
2108
2109 case JVM_OPC_multianewarray: {
2110 /* Count can't be larger than 255. So can't overflow buffer */
2111 int count = this_idata->operand2.i; /* number of ints on stack */
2112 memset(buffer, 'I', count);
2113 buffer[count] = '\0';
2114 stack_operands = buffer;
2115 break;
2116 }
2117
2118 } /* of switch */
2119
2120 /* Run through the list of operands >>backwards<< */
2121 for ( p = stack_operands + strlen(stack_operands);
2122 p > stack_operands;
2123 stack = stack->next) {
2124 int type = *--p;
2125 fullinfo_type top_type = stack ? stack->item : 0;
2126 int size = (type == 'D' || type == 'L') ? 2 : 1;
2127 *--stack_extra_info = top_type;
2128 if (stack == NULL)
2129 CCerror(context, "Unable to pop operand off an empty stack");
2130
2131 switch (type) {
2132 case 'I':
2133 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2134 CCerror(context, "Expecting to find integer on stack");
2135 break;
2136
2137 case 'F':
2138 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2139 CCerror(context, "Expecting to find float on stack");
2140 break;
2141
2142 case 'A': /* object or array */
2143 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2144 && (GET_INDIRECTION(top_type) == 0)) {
2145 /* The thing isn't an object or an array. Let's see if it's
2146 * one of the special cases */
2147 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2148 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2149 && (opcode == JVM_OPC_astore))
2150 break;
2151 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2152 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2153 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2154 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2155 break;
2156 /* The 2nd edition VM of the specification allows field
2157 * initializations before the superclass initializer,
2158 * if the field is defined within the current class.
2159 */
2160 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2161 && (opcode == JVM_OPC_putfield)) {
2162 int operand = this_idata->operand.i;
2163 int access_bits = JVM_GetCPFieldModifiers(context->env,
2164 context->class,
2165 operand,
2166 context->class);
2167 /* Note: This relies on the fact that
2168 * JVM_GetCPFieldModifiers retrieves only local fields,
2169 * and does not respect inheritance.
2170 */
2171 if (access_bits != -1) {
2172 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2173 context->currentclass_info ) {
2174 top_type = context->currentclass_info;
2175 *stack_extra_info = top_type;
2176 break;
2177 }
2178 }
2179 }
2180 CCerror(context, "Expecting to find object/array on stack");
2181 }
2182 break;
2183
2184 case '@': { /* unitialized object, for call to <init> */
2185 int item_type = GET_ITEM_TYPE(top_type);
2186 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2187 CCerror(context,
2188 "Expecting to find unitialized object on stack");
2189 break;
2190 }
2191
2192 case 'O': /* object, not array */
2193 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2194 MAKE_FULLINFO(ITEM_Object, 0, 0))
2195 CCerror(context, "Expecting to find object on stack");
2196 break;
2197
2198 case 'a': /* integer, object, or array */
2199 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2200 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2201 && (GET_INDIRECTION(top_type) == 0))
2202 CCerror(context,
2203 "Expecting to find object, array, or int on stack");
2204 break;
2205
2206 case 'D': /* double */
2207 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2208 CCerror(context, "Expecting to find double on stack");
2209 break;
2210
2211 case 'L': /* long */
2212 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2213 CCerror(context, "Expecting to find long on stack");
2214 break;
2215
2216 case ']': /* array of some type */
2217 if (top_type == NULL_FULLINFO) {
2218 /* do nothing */
2219 } else switch(p[-1]) {
2220 case 'I': /* array of integers */
2221 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2222 top_type != NULL_FULLINFO)
2223 CCerror(context,
2224 "Expecting to find array of ints on stack");
2225 break;
2226
2227 case 'L': /* array of longs */
2228 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2229 CCerror(context,
2230 "Expecting to find array of longs on stack");
2231 break;
2232
2233 case 'F': /* array of floats */
2234 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2235 CCerror(context,
2236 "Expecting to find array of floats on stack");
2237 break;
2238
2239 case 'D': /* array of doubles */
2240 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2241 CCerror(context,
2242 "Expecting to find array of doubles on stack");
2243 break;
2244
2245 case 'A': { /* array of addresses (arrays or objects) */
2246 int indirection = GET_INDIRECTION(top_type);
2247 if ((indirection == 0) ||
2248 ((indirection == 1) &&
2249 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2250 CCerror(context,
2251 "Expecting to find array of objects or arrays "
2252 "on stack");
2253 break;
2254 }
2255
2256 case 'B': /* array of bytes or booleans */
2257 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2258 top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2259 CCerror(context,
2260 "Expecting to find array of bytes or Booleans on stack");
2261 break;
2262
2263 case 'C': /* array of characters */
2264 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2265 CCerror(context,
2266 "Expecting to find array of chars on stack");
2267 break;
2268
2269 case 'S': /* array of shorts */
2270 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2271 CCerror(context,
2272 "Expecting to find array of shorts on stack");
2273 break;
2274
2275 case '?': /* any type of array is okay */
2276 if (GET_INDIRECTION(top_type) == 0)
2277 CCerror(context,
2278 "Expecting to find array on stack");
2279 break;
2280
2281 default:
2282 CCerror(context, "Internal error #1");
2283 break;
2284 }
2285 p -= 2; /* skip over [ <char> */
2286 break;
2287
2288 case '1': case '2': case '3': case '4': /* stack swapping */
2289 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2290 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2291 if ((p > stack_operands) && (p[-1] == '+')) {
2292 context->swap_table[type - '1'] = top_type + 1;
2293 context->swap_table[p[-2] - '1'] = top_type;
2294 size = 2;
2295 p -= 2;
2296 } else {
2297 CCerror(context,
2298 "Attempt to split long or double on the stack");
2299 }
2300 } else {
2301 context->swap_table[type - '1'] = stack->item;
2302 if ((p > stack_operands) && (p[-1] == '+'))
2303 p--; /* ignore */
2304 }
2305 break;
2306 case '+': /* these should have been caught. */
2307 default:
2308 CCerror(context, "Internal error #2");
2309 }
2310 stack_size -= size;
2311 }
2312
2313 /* For many of the opcodes that had an "A" in their field, we really
2314 * need to go back and do a little bit more accurate testing. We can, of
2315 * course, assume that the minimal type checking has already been done.
2316 */
2317 switch (opcode) {
2318 default: break;
2319 case JVM_OPC_aastore: { /* array index object */
2320 fullinfo_type array_type = stack_extra_info[0];
2321 fullinfo_type object_type = stack_extra_info[2];
2322 fullinfo_type target_type = decrement_indirection(array_type);
2323 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2324 && (GET_INDIRECTION(object_type) == 0)) {
2325 CCerror(context, "Expecting reference type on operand stack in aastore");
2326 }
2327 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2328 && (GET_INDIRECTION(target_type) == 0)) {
2329 CCerror(context, "Component type of the array must be reference type in aastore");
2330 }
2331 break;
2332 }
2333
2334 case JVM_OPC_putfield:
2335 case JVM_OPC_getfield:
2336 case JVM_OPC_putstatic: {
2337 int operand = this_idata->operand.i;
2338 fullinfo_type stack_object = stack_extra_info[0];
2339 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2340 if (!isAssignableTo
2341 (context,
2342 stack_object,
2343 cp_index_to_class_fullinfo
2344 (context, operand, JVM_CONSTANT_Fieldref))) {
2345 CCerror(context,
2346 "Incompatible type for getting or setting field");
2347 }
2348 if (this_idata->protected &&
2349 !isAssignableTo(context, stack_object,
2350 context->currentclass_info)) {
2351 CCerror(context, "Bad access to protected data");
2352 }
2353 }
2354 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2355 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2356 if (!isAssignableTo(context,
2357 stack_extra_info[item], put_full_info)) {
2358 CCerror(context, "Bad type in putfield/putstatic");
2359 }
2360 }
2361 break;
2362 }
2363
2364 case JVM_OPC_athrow:
2365 if (!isAssignableTo(context, stack_extra_info[0],
2366 context->throwable_info)) {
2367 CCerror(context, "Can only throw Throwable objects");
2368 }
2369 break;
2370
2371 case JVM_OPC_aaload: { /* array index */
2372 /* We need to pass the information to the stack updater */
2373 fullinfo_type array_type = stack_extra_info[0];
2374 context->swap_table[0] = decrement_indirection(array_type);
2375 break;
2376 }
2377
2378 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2379 case JVM_OPC_invokeinit:
2380 case JVM_OPC_invokedynamic:
2381 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2382 int operand = this_idata->operand.i;
2383 const char *signature =
2384 JVM_GetCPMethodSignatureUTF(context->env,
2385 context->class,
2386 operand);
2387 int item;
2388 const char *p;
2389 check_and_push(context, signature, VM_STRING_UTF);
2390 if (opcode == JVM_OPC_invokestatic ||
2391 opcode == JVM_OPC_invokedynamic) {
2392 item = 0;
2393 } else if (opcode == JVM_OPC_invokeinit) {
2394 fullinfo_type init_type = this_idata->operand2.fi;
2395 fullinfo_type object_type = stack_extra_info[0];
2396 context->swap_table[0] = object_type; /* save value */
2397 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2398 /* We better be calling the appropriate init. Find the
2399 * inumber of the "JVM_OPC_new" instruction", and figure
2400 * out what the type really is.
2401 */
2402 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2403 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2404 context->swap_table[1] = target_type;
2405
2406 if (target_type != init_type) {
2407 CCerror(context, "Call to wrong initialization method");
2408 }
2409 if (this_idata->protected
2410 && context->major_version > LDC_CLASS_MAJOR_VERSION
2411 && !isAssignableTo(context, object_type,
2412 context->currentclass_info)) {
2413 CCerror(context, "Bad access to protected data");
2414 }
2415 } else {
2416 /* We better be calling super() or this(). */
2417 if (init_type != context->superclass_info &&
2418 init_type != context->currentclass_info) {
2419 CCerror(context, "Call to wrong initialization method");
2420 }
2421 context->swap_table[1] = context->currentclass_info;
2422 }
2423 item = 1;
2424 } else {
2425 fullinfo_type target_type = this_idata->operand2.fi;
2426 fullinfo_type object_type = stack_extra_info[0];
2427 if (!isAssignableTo(context, object_type, target_type)){
2428 CCerror(context,
2429 "Incompatible object argument for function call");
2430 }
2431 if (opcode == JVM_OPC_invokespecial
2432 && !isAssignableTo(context, object_type,
2433 context->currentclass_info)) {
2434 /* Make sure object argument is assignment compatible to current class */
2435 CCerror(context,
2436 "Incompatible object argument for invokespecial");
2437 }
2438 if (this_idata->protected
2439 && !isAssignableTo(context, object_type,
2440 context->currentclass_info)) {
2441 /* This is ugly. Special dispensation. Arrays pretend to
2442 implement public Object clone() even though they don't */
2443 const char *utfName =
2444 JVM_GetCPMethodNameUTF(context->env,
2445 context->class,
2446 this_idata->operand.i);
2447 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2448 JVM_ReleaseUTF(utfName);
2449
2450 if ((target_type == context->object_info) &&
2451 (GET_INDIRECTION(object_type) > 0) &&
2452 is_clone) {
2453 } else {
2454 CCerror(context, "Bad access to protected data");
2455 }
2456 }
2457 item = 1;
2458 }
2459 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2460 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2461 if (!isAssignableTo(context,
2462 stack_extra_info[item], full_info)) {
2463 CCerror(context, "Incompatible argument to function");
2464 }
2465 }
2466
2467 pop_and_free(context);
2468 break;
2469 }
2470
2471 case JVM_OPC_return:
2472 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2473 CCerror(context, "Wrong return type in function");
2474 break;
2475
2476 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2477 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2478 fullinfo_type target_type = context->return_type;
2479 fullinfo_type object_type = stack_extra_info[0];
2480 if (!isAssignableTo(context, object_type, target_type)) {
2481 CCerror(context, "Wrong return type in function");
2482 }
2483 break;
2484 }
2485
2486 case JVM_OPC_new: {
2487 /* Make sure that nothing on the stack already looks like what
2488 * we want to create. I can't image how this could possibly happen
2489 * but we should test for it anyway, since if it could happen, the
2490 * result would be an unitialized object being able to masquerade
2491 * as an initialized one.
2492 */
2493 stack_item_type *item;
2494 for (item = stack; item != NULL; item = item->next) {
2495 if (item->item == this_idata->operand.fi) {
2496 CCerror(context,
2497 "Uninitialized object on stack at creating point");
2498 }
2499 }
2500 /* Info for update_registers */
2501 context->swap_table[0] = this_idata->operand.fi;
2502 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2503
2504 break;
2505 }
2506 }
2507 new_stack_info->stack = stack;
2508 new_stack_info->stack_size = stack_size;
2509 }
2510
2511
2512 /* We've already determined that the instruction is legal. Perform the
2513 * operation on the registers, and return the updated results in
2514 * new_register_count_p and new_registers.
2515 */
2516
2517 static void
2518 update_registers(context_type *context, unsigned int inumber,
2519 register_info_type *new_register_info)
2520 {
2521 instruction_data_type *idata = context->instruction_data;
2522 instruction_data_type *this_idata = &idata[inumber];
2523 int opcode = this_idata->opcode;
2524 int operand = this_idata->operand.i;
2525 int register_count = this_idata->register_info.register_count;
2526 fullinfo_type *registers = this_idata->register_info.registers;
2527 stack_item_type *stack = this_idata->stack_info.stack;
2528 int mask_count = this_idata->register_info.mask_count;
2529 mask_type *masks = this_idata->register_info.masks;
2530
2531 /* Use these as default new values. */
2532 int new_register_count = register_count;
2533 int new_mask_count = mask_count;
2534 fullinfo_type *new_registers = registers;
2535 mask_type *new_masks = masks;
2536
2537 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2538 int i;
2539
2540 /* Remember, we've already verified the type at the top of the stack. */
2541 switch (opcode) {
2542 default: break;
2543 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2544 access = ACCESS_SINGLE;
2545 goto continue_store;
2546
2547 case JVM_OPC_lstore: case JVM_OPC_dstore:
2548 access = ACCESS_DOUBLE;
2549 goto continue_store;
2550
2551 continue_store: {
2552 /* We have a modification to the registers. Copy them if needed. */
2553 fullinfo_type stack_top_type = stack->item;
2554 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2555
2556 if ( max_operand < register_count
2557 && registers[operand] == stack_top_type
2558 && ((access == ACCESS_SINGLE) ||
2559 (registers[operand + 1]== stack_top_type + 1)))
2560 /* No changes have been made to the registers. */
2561 break;
2562 new_register_count = MAX(max_operand + 1, register_count);
2563 new_registers = NEW(fullinfo_type, new_register_count);
2564 for (i = 0; i < register_count; i++)
2565 new_registers[i] = registers[i];
2566 for (i = register_count; i < new_register_count; i++)
2567 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2568 new_registers[operand] = stack_top_type;
2569 if (access == ACCESS_DOUBLE)
2570 new_registers[operand + 1] = stack_top_type + 1;
2571 break;
2572 }
2573
2574 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2575 case JVM_OPC_iinc: case JVM_OPC_ret:
2576 access = ACCESS_SINGLE;
2577 break;
2578
2579 case JVM_OPC_lload: case JVM_OPC_dload:
2580 access = ACCESS_DOUBLE;
2581 break;
2582
2583 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2584 for (i = 0; i < new_mask_count; i++)
2585 if (new_masks[i].entry == operand)
2586 CCerror(context, "Recursive call to jsr entry");
2587 new_masks = add_to_masks(context, masks, mask_count, operand);
2588 new_mask_count++;
2589 break;
2590
2591 case JVM_OPC_invokeinit:
2592 case JVM_OPC_new: {
2593 /* For invokeinit, an uninitialized object has been initialized.
2594 * For new, all previous occurrences of an uninitialized object
2595 * from the same instruction must be made bogus.
2596 * We find all occurrences of swap_table[0] in the registers, and
2597 * replace them with swap_table[1];
2598 */
2599 fullinfo_type from = context->swap_table[0];
2600 fullinfo_type to = context->swap_table[1];
2601
2602 int i;
2603 for (i = 0; i < register_count; i++) {
2604 if (new_registers[i] == from) {
2605 /* Found a match */
2606 break;
2607 }
2608 }
2609 if (i < register_count) { /* We broke out loop for match */
2610 /* We have to change registers, and possibly a mask */
2611 jboolean copied_mask = JNI_FALSE;
2612 int k;
2613 new_registers = NEW(fullinfo_type, register_count);
2614 memcpy(new_registers, registers,
2615 register_count * sizeof(registers[0]));
2616 for ( ; i < register_count; i++) {
2617 if (new_registers[i] == from) {
2618 new_registers[i] = to;
2619 for (k = 0; k < new_mask_count; k++) {
2620 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2621 if (!copied_mask) {
2622 new_masks = copy_masks(context, new_masks,
2623 mask_count);
2624 copied_mask = JNI_TRUE;
2625 }
2626 SET_BIT(new_masks[k].modifies, i);
2627 }
2628 }
2629 }
2630 }
2631 }
2632 break;
2633 }
2634 } /* of switch */
2635
2636 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2637 int i, j;
2638 for (i = 0; i < new_mask_count; i++) {
2639 int *mask = new_masks[i].modifies;
2640 if ((!IS_BIT_SET(mask, operand)) ||
2641 ((access == ACCESS_DOUBLE) &&
2642 !IS_BIT_SET(mask, operand + 1))) {
2643 new_masks = copy_masks(context, new_masks, mask_count);
2644 for (j = i; j < new_mask_count; j++) {
2645 SET_BIT(new_masks[j].modifies, operand);
2646 if (access == ACCESS_DOUBLE)
2647 SET_BIT(new_masks[j].modifies, operand + 1);
2648 }
2649 break;
2650 }
2651 }
2652 }
2653
2654 new_register_info->register_count = new_register_count;
2655 new_register_info->registers = new_registers;
2656 new_register_info->masks = new_masks;
2657 new_register_info->mask_count = new_mask_count;
2658 }
2659
2660
2661
2662 /* We've already determined that the instruction is legal, and have updated
2663 * the registers. Update the flags, too.
2664 */
2665
2666
2667 static void
2668 update_flags(context_type *context, unsigned int inumber,
2669 flag_type *new_and_flags, flag_type *new_or_flags)
2670
2671 {
2672 instruction_data_type *idata = context->instruction_data;
2673 instruction_data_type *this_idata = &idata[inumber];
2674 flag_type and_flags = this_idata->and_flags;
2675 flag_type or_flags = this_idata->or_flags;
2676
2677 /* Set the "we've done a constructor" flag */
2678 if (this_idata->opcode == JVM_OPC_invokeinit) {
2679 fullinfo_type from = context->swap_table[0];
2680 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2681 and_flags |= FLAG_CONSTRUCTED;
2682 }
2683 *new_and_flags = and_flags;
2684 *new_or_flags = or_flags;
2685 }
2686
2687
2688
2689 /* We've already determined that the instruction is legal. Perform the
2690 * operation on the stack;
2691 *
2692 * new_stack_size_p and new_stack_p point to the results after the pops have
2693 * already been done. Do the pushes, and then put the results back there.
2694 */
2695
2696 static void
2697 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2698 {
2699 instruction_data_type *idata = context->instruction_data;
2700 instruction_data_type *this_idata = &idata[inumber];
2701 int opcode = this_idata->opcode;
2702 int operand = this_idata->operand.i;
2703
2704 int stack_size = new_stack_info->stack_size;
2705 stack_item_type *stack = new_stack_info->stack;
2706 char *stack_results;
2707
2708 fullinfo_type full_info = 0;
2709 char buffer[5], *p; /* actually [2] is big enough */
2710
2711 /* We need to look at all those opcodes in which either we can't tell the
2712 * value pushed onto the stack from the opcode, or in which the value
2713 * pushed onto the stack is an object or array. For the latter, we need
2714 * to make sure that full_info is set to the right value.
2715 */
2716 switch(opcode) {
2717 default:
2718 stack_results = opcode_in_out[opcode][1];
2719 break;
2720
2721 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2722 /* Look to constant pool to determine correct result. */
2723 unsigned char *type_table = context->constant_types;
2724 switch (type_table[operand]) {
2725 case JVM_CONSTANT_Integer:
2726 stack_results = "I"; break;
2727 case JVM_CONSTANT_Float:
2728 stack_results = "F"; break;
2729 case JVM_CONSTANT_Double:
2730 stack_results = "D"; break;
2731 case JVM_CONSTANT_Long:
2732 stack_results = "L"; break;
2733 case JVM_CONSTANT_String:
2734 stack_results = "A";
2735 full_info = context->string_info;
2736 break;
2737 case JVM_CONSTANT_Class:
2738 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2739 CCerror(context, "Internal error #3");
2740 stack_results = "A";
2741 full_info = make_class_info_from_name(context,
2742 "java/lang/Class");
2743 break;
2744 case JVM_CONSTANT_MethodHandle:
2745 case JVM_CONSTANT_MethodType:
2746 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2747 CCerror(context, "Internal error #3");
2748 stack_results = "A";
2749 switch (type_table[operand]) {
2750 case JVM_CONSTANT_MethodType:
2751 full_info = make_class_info_from_name(context,
2752 "java/lang/invoke/MethodType");
2753 break;
2754 default: //JVM_CONSTANT_MethodHandle
2755 full_info = make_class_info_from_name(context,
2756 "java/lang/invoke/MethodHandle");
2757 break;
2758 }
2759 break;
2760 default:
2761 CCerror(context, "Internal error #3");
2762 stack_results = ""; /* Never reached: keep lint happy */
2763 }
2764 break;
2765 }
2766
2767 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2768 /* Look to signature to determine correct result. */
2769 int operand = this_idata->operand.i;
2770 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2771 context->class,
2772 operand);
2773 check_and_push(context, signature, VM_STRING_UTF);
2774 #ifdef DEBUG
2775 if (verify_verbose) {
2776 print_formatted_fieldname(context, operand);
2777 }
2778 #endif
2779 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2780 buffer[1] = '\0';
2781 stack_results = buffer;
2782 pop_and_free(context);
2783 break;
2784 }
2785
2786 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2787 case JVM_OPC_invokeinit:
2788 case JVM_OPC_invokedynamic:
2789 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2790 /* Look to signature to determine correct result. */
2791 int operand = this_idata->operand.i;
2792 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2793 context->class,
2794 operand);
2795 const char *result_signature;
2796 check_and_push(context, signature, VM_STRING_UTF);
2797 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2798 if (result_signature++ == NULL) {
2799 CCerror(context, "Illegal signature %s", signature);
2800 }
2801 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2802 stack_results = "";
2803 } else {
2804 buffer[0] = signature_to_fieldtype(context, &result_signature,
2805 &full_info);
2806 buffer[1] = '\0';
2807 stack_results = buffer;
2808 }
2809 pop_and_free(context);
2810 break;
2811 }
2812
2813 case JVM_OPC_aconst_null:
2814 stack_results = opcode_in_out[opcode][1];
2815 full_info = NULL_FULLINFO; /* special NULL */
2816 break;
2817
2818 case JVM_OPC_new:
2819 case JVM_OPC_checkcast:
2820 case JVM_OPC_newarray:
2821 case JVM_OPC_anewarray:
2822 case JVM_OPC_multianewarray:
2823 stack_results = opcode_in_out[opcode][1];
2824 /* Conveniently, this result type is stored here */
2825 full_info = this_idata->operand.fi;
2826 break;
2827
2828 case JVM_OPC_aaload:
2829 stack_results = opcode_in_out[opcode][1];
2830 /* pop_stack() saved value for us. */
2831 full_info = context->swap_table[0];
2832 break;
2833
2834 case JVM_OPC_aload:
2835 stack_results = opcode_in_out[opcode][1];
2836 /* The register hasn't been modified, so we can use its value. */
2837 full_info = this_idata->register_info.registers[operand];
2838 break;
2839 } /* of switch */
2840
2841 for (p = stack_results; *p != 0; p++) {
2842 int type = *p;
2843 stack_item_type *new_item = NEW(stack_item_type, 1);
2844 new_item->next = stack;
2845 stack = new_item;
2846 switch (type) {
2847 case 'I':
2848 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2849 case 'F':
2850 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2851 case 'D':
2852 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2853 stack_size++; break;
2854 case 'L':
2855 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2856 stack_size++; break;
2857 case 'R':
2858 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2859 break;
2860 case '1': case '2': case '3': case '4': {
2861 /* Get the info saved in the swap_table */
2862 fullinfo_type stype = context->swap_table[type - '1'];
2863 stack->item = stype;
2864 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2865 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2866 stack_size++; p++;
2867 }
2868 break;
2869 }
2870 case 'A':
2871 /* full_info should have the appropriate value. */
2872 assert(full_info != 0);
2873 stack->item = full_info;
2874 break;
2875 default:
2876 CCerror(context, "Internal error #4");
2877
2878 } /* switch type */
2879 stack_size++;
2880 } /* outer for loop */
2881
2882 if (opcode == JVM_OPC_invokeinit) {
2883 /* If there are any instances of "from" on the stack, we need to
2884 * replace it with "to", since calling <init> initializes all versions
2885 * of the object, obviously. */
2886 fullinfo_type from = context->swap_table[0];
2887 stack_item_type *ptr;
2888 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2889 if (ptr->item == from) {
2890 fullinfo_type to = context->swap_table[1];
2891 stack = copy_stack(context, stack);
2892 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2893 if (ptr->item == from) ptr->item = to;
2894 break;
2895 }
2896 }
2897 }
2898
2899 new_stack_info->stack_size = stack_size;
2900 new_stack_info->stack = stack;
2901 }
2902
2903
2904 /* We've performed an instruction, and determined the new registers and stack
2905 * value. Look at all of the possibly subsequent instructions, and merge
2906 * this stack value into theirs.
2907 */
2908
2909 static void
2910 merge_into_successors(context_type *context, unsigned int inumber,
2911 register_info_type *register_info,
2912 stack_info_type *stack_info,
2913 flag_type and_flags, flag_type or_flags)
2914 {
2915 instruction_data_type *idata = context->instruction_data;
2916 instruction_data_type *this_idata = &idata[inumber];
2917 int opcode = this_idata->opcode;
2918 int operand = this_idata->operand.i;
2919 struct handler_info_type *handler_info = context->handler_info;
2920 int handler_info_length =
2921 JVM_GetMethodIxExceptionTableLength(context->env,
2922 context->class,
2923 context->method_index);
2924
2925
2926 int buffer[2]; /* default value for successors */
2927 int *successors = buffer; /* table of successors */
2928 int successors_count;
2929 int i;
2930
2931 switch (opcode) {
2932 default:
2933 successors_count = 1;
2934 buffer[0] = inumber + 1;
2935 break;
2936
2937 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2938 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2939 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2940 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2941 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2942 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2943 successors_count = 2;
2944 buffer[0] = inumber + 1;
2945 buffer[1] = operand;
2946 break;
2947
2948 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2949 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2950 idata[this_idata->operand2.i].changed = JNI_TRUE;
2951 /* FALLTHROUGH */
2952 case JVM_OPC_goto: case JVM_OPC_goto_w:
2953 successors_count = 1;
2954 buffer[0] = operand;
2955 break;
2956
2957
2958 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2959 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2960 case JVM_OPC_athrow:
2961 /* The testing for the returns is handled in pop_stack() */
2962 successors_count = 0;
2963 break;
2964
2965 case JVM_OPC_ret: {
2966 /* This is slightly slow, but good enough for a seldom used instruction.
2967 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2968 * address of the first instruction of the subroutine. We can return
2969 * to 1 after any instruction that jsr's to that instruction.
2970 */
2971 if (this_idata->operand2.ip == NULL) {
2972 fullinfo_type *registers = this_idata->register_info.registers;
2973 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2974 int i, count, *ptr;;
2975 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2976 if (((idata[i].opcode == JVM_OPC_jsr) ||
2977 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2978 (idata[i].operand.i == called_instruction))
2979 count++;
2980 }
2981 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2982 *ptr++ = count;
2983 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2984 if (((idata[i].opcode == JVM_OPC_jsr) ||
2985 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2986 (idata[i].operand.i == called_instruction))
2987 *ptr++ = i + 1;
2988 }
2989 }
2990 successors = this_idata->operand2.ip; /* use this instead */
2991 successors_count = *successors++;
2992 break;
2993
2994 }
2995
2996 case JVM_OPC_tableswitch:
2997 case JVM_OPC_lookupswitch:
2998 successors = this_idata->operand.ip; /* use this instead */
2999 successors_count = *successors++;
3000 break;
3001 }
3002
3003 #ifdef DEBUG
3004 if (verify_verbose) {
3005 jio_fprintf(stdout, " [");
3006 for (i = handler_info_length; --i >= 0; handler_info++)
3007 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3008 jio_fprintf(stdout, "%d* ", handler_info->handler);
3009 for (i = 0; i < successors_count; i++)
3010 jio_fprintf(stdout, "%d ", successors[i]);
3011 jio_fprintf(stdout, "]\n");
3012 }
3013 #endif
3014
3015 handler_info = context->handler_info;
3016 for (i = handler_info_length; --i >= 0; handler_info++) {
3017 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3018 int handler = handler_info->handler;
3019 if (opcode != JVM_OPC_invokeinit) {
3020 merge_into_one_successor(context, inumber, handler,
3021 &this_idata->register_info, /* old */
3022 &handler_info->stack_info,
3023 (flag_type) (and_flags
3024 & this_idata->and_flags),
3025 (flag_type) (or_flags
3026 | this_idata->or_flags),
3027 JNI_TRUE);
3028 } else {
3029 /* We need to be a little bit more careful with this
3030 * instruction. Things could either be in the state before
3031 * the instruction or in the state afterwards */
3032 fullinfo_type from = context->swap_table[0];
3033 flag_type temp_or_flags = or_flags;
3034 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3035 temp_or_flags |= FLAG_NO_RETURN;
3036 merge_into_one_successor(context, inumber, handler,
3037 &this_idata->register_info, /* old */
3038 &handler_info->stack_info,
3039 this_idata->and_flags,
3040 this_idata->or_flags,
3041 JNI_TRUE);
3042 merge_into_one_successor(context, inumber, handler,
3043 register_info,
3044 &handler_info->stack_info,
3045 and_flags, temp_or_flags, JNI_TRUE);
3046 }
3047 }
3048 }
3049 for (i = 0; i < successors_count; i++) {
3050 int target = successors[i];
3051 if (target >= context->instruction_count)
3052 CCerror(context, "Falling off the end of the code");
3053 merge_into_one_successor(context, inumber, target,
3054 register_info, stack_info, and_flags, or_flags,
3055 JNI_FALSE);
3056 }
3057 }
3058
3059 /* We have a new set of registers and stack values for a given instruction.
3060 * Merge this new set into the values that are already there.
3061 */
3062
3063 static void
3064 merge_into_one_successor(context_type *context,
3065 unsigned int from_inumber, unsigned int to_inumber,
3066 register_info_type *new_register_info,
3067 stack_info_type *new_stack_info,
3068 flag_type new_and_flags, flag_type new_or_flags,
3069 jboolean isException)
3070 {
3071 instruction_data_type *idata = context->instruction_data;
3072 register_info_type register_info_buf;
3073 stack_info_type stack_info_buf;
3074 #ifdef DEBUG
3075 instruction_data_type *this_idata = &idata[to_inumber];
3076 register_info_type old_reg_info;
3077 stack_info_type old_stack_info;
3078 flag_type old_and_flags = 0;
3079 flag_type old_or_flags = 0;
3080 #endif
3081
3082 #ifdef DEBUG
3083 if (verify_verbose) {
3084 old_reg_info = this_idata->register_info;
3085 old_stack_info = this_idata->stack_info;
3086 old_and_flags = this_idata->and_flags;
3087 old_or_flags = this_idata->or_flags;
3088 }
3089 #endif
3090
3091 /* All uninitialized objects are set to "bogus" when jsr and
3092 * ret are executed. Thus uninitialized objects can't propagate
3093 * into or out of a subroutine.
3094 */
3095 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3096 idata[from_inumber].opcode == JVM_OPC_jsr ||
3097 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3098 int new_register_count = new_register_info->register_count;
3099 fullinfo_type *new_registers = new_register_info->registers;
3100 int i;
3101 stack_item_type *item;
3102
3103 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3104 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3105 /* This check only succeeds for hand-contrived code.
3106 * Efficiency is not an issue.
3107 */
3108 stack_info_buf.stack = copy_stack(context,
3109 new_stack_info->stack);
3110 stack_info_buf.stack_size = new_stack_info->stack_size;
3111 new_stack_info = &stack_info_buf;
3112 for (item = new_stack_info->stack; item != NULL;
3113 item = item->next) {
3114 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3115 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3116 }
3117 }
3118 break;
3119 }
3120 }
3121 for (i = 0; i < new_register_count; i++) {
3122 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3123 /* This check only succeeds for hand-contrived code.
3124 * Efficiency is not an issue.
3125 */
3126 fullinfo_type *new_set = NEW(fullinfo_type,
3127 new_register_count);
3128 for (i = 0; i < new_register_count; i++) {
3129 fullinfo_type t = new_registers[i];
3130 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3131 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3132 }
3133 register_info_buf.register_count = new_register_count;
3134 register_info_buf.registers = new_set;
3135 register_info_buf.mask_count = new_register_info->mask_count;
3136 register_info_buf.masks = new_register_info->masks;
3137 new_register_info = ®ister_info_buf;
3138 break;
3139 }
3140 }
3141 }
3142
3143 /* Returning from a subroutine is somewhat ugly. The actual thing
3144 * that needs to get merged into the new instruction is a joining
3145 * of info from the ret instruction with stuff in the jsr instruction
3146 */
3147 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3148 int new_register_count = new_register_info->register_count;
3149 fullinfo_type *new_registers = new_register_info->registers;
3150 int new_mask_count = new_register_info->mask_count;
3151 mask_type *new_masks = new_register_info->masks;
3152 int operand = idata[from_inumber].operand.i;
3153 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3154 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3155 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3156 if (jsr_idata->operand2.i != (int)from_inumber) {
3157 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3158 CCerror(context, "Multiple returns to single jsr");
3159 jsr_idata->operand2.i = from_inumber;
3160 }
3161 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3162 /* We don't want to handle the returned-to instruction until
3163 * we've dealt with the jsr instruction. When we get to the
3164 * jsr instruction (if ever), we'll re-mark the ret instruction
3165 */
3166 ;
3167 } else {
3168 int register_count = jsr_reginfo->register_count;
3169 fullinfo_type *registers = jsr_reginfo->registers;
3170 int max_registers = MAX(register_count, new_register_count);
3171 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3172 int *return_mask;
3173 struct register_info_type new_new_register_info;
3174 int i;
3175 /* Make sure the place we're returning from is legal! */
3176 for (i = new_mask_count; --i >= 0; )
3177 if (new_masks[i].entry == called_instruction)
3178 break;
3179 if (i < 0)
3180 CCerror(context, "Illegal return from subroutine");
3181 /* pop the masks down to the indicated one. Remember the mask
3182 * we're popping off. */
3183 return_mask = new_masks[i].modifies;
3184 new_mask_count = i;
3185 for (i = 0; i < max_registers; i++) {
3186 if (IS_BIT_SET(return_mask, i))
3187 new_set[i] = i < new_register_count ?
3188 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3189 else
3190 new_set[i] = i < register_count ?
3191 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3192 }
3193 new_new_register_info.register_count = max_registers;
3194 new_new_register_info.registers = new_set;
3195 new_new_register_info.mask_count = new_mask_count;
3196 new_new_register_info.masks = new_masks;
3197
3198
3199 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3200 merge_registers(context, to_inumber - 1, to_inumber,
3201 &new_new_register_info);
3202 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3203 }
3204 } else {
3205 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3206 merge_registers(context, from_inumber, to_inumber, new_register_info);
3207 merge_flags(context, from_inumber, to_inumber,
3208 new_and_flags, new_or_flags);
3209 }
3210
3211 #ifdef DEBUG
3212 if (verify_verbose && idata[to_inumber].changed) {
3213 register_info_type *register_info = &this_idata->register_info;
3214 stack_info_type *stack_info = &this_idata->stack_info;
3215 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3216 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3217 (old_and_flags != this_idata->and_flags) ||
3218 (old_or_flags != this_idata->or_flags)) {
3219 jio_fprintf(stdout, " %2d:", to_inumber);
3220 print_stack(context, &old_stack_info);
3221 print_registers(context, &old_reg_info);
3222 print_flags(context, old_and_flags, old_or_flags);
3223 jio_fprintf(stdout, " => ");
3224 print_stack(context, &this_idata->stack_info);
3225 print_registers(context, &this_idata->register_info);
3226 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3227 jio_fprintf(stdout, "\n");
3228 }
3229 }
3230 #endif
3231
3232 }
3233
3234 static void
3235 merge_stack(context_type *context, unsigned int from_inumber,
3236 unsigned int to_inumber, stack_info_type *new_stack_info)
3237 {
3238 instruction_data_type *idata = context->instruction_data;
3239 instruction_data_type *this_idata = &idata[to_inumber];
3240
3241 int new_stack_size = new_stack_info->stack_size;
3242 stack_item_type *new_stack = new_stack_info->stack;
3243
3244 int stack_size = this_idata->stack_info.stack_size;
3245
3246 if (stack_size == UNKNOWN_STACK_SIZE) {
3247 /* First time at this instruction. Just copy. */
3248 this_idata->stack_info.stack_size = new_stack_size;
3249 this_idata->stack_info.stack = new_stack;
3250 this_idata->changed = JNI_TRUE;
3251 } else if (new_stack_size != stack_size) {
3252 CCerror(context, "Inconsistent stack height %d != %d",
3253 new_stack_size, stack_size);
3254 } else {
3255 stack_item_type *stack = this_idata->stack_info.stack;
3256 stack_item_type *old, *new;
3257 jboolean change = JNI_FALSE;
3258 for (old = stack, new = new_stack; old != NULL;
3259 old = old->next, new = new->next) {
3260 if (!isAssignableTo(context, new->item, old->item)) {
3261 change = JNI_TRUE;
3262 break;
3263 }
3264 }
3265 if (change) {
3266 stack = copy_stack(context, stack);
3267 for (old = stack, new = new_stack; old != NULL;
3268 old = old->next, new = new->next) {
3269 if (new == NULL) {
3270 break;
3271 }
3272 old->item = merge_fullinfo_types(context, old->item, new->item,
3273 JNI_FALSE);
3274 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3275 CCerror(context, "Mismatched stack types");
3276 }
3277 }
3278 if (old != NULL || new != NULL) {
3279 CCerror(context, "Mismatched stack types");
3280 }
3281 this_idata->stack_info.stack = stack;
3282 this_idata->changed = JNI_TRUE;
3283 }
3284 }
3285 }
3286
3287 static void
3288 merge_registers(context_type *context, unsigned int from_inumber,
3289 unsigned int to_inumber, register_info_type *new_register_info)
3290 {
3291 instruction_data_type *idata = context->instruction_data;
3292 instruction_data_type *this_idata = &idata[to_inumber];
3293 register_info_type *this_reginfo = &this_idata->register_info;
3294
3295 int new_register_count = new_register_info->register_count;
3296 fullinfo_type *new_registers = new_register_info->registers;
3297 int new_mask_count = new_register_info->mask_count;
3298 mask_type *new_masks = new_register_info->masks;
3299
3300
3301 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3302 this_reginfo->register_count = new_register_count;
3303 this_reginfo->registers = new_registers;
3304 this_reginfo->mask_count = new_mask_count;
3305 this_reginfo->masks = new_masks;
3306 this_idata->changed = JNI_TRUE;
3307 } else {
3308 /* See if we've got new information on the register set. */
3309 int register_count = this_reginfo->register_count;
3310 fullinfo_type *registers = this_reginfo->registers;
3311 int mask_count = this_reginfo->mask_count;
3312 mask_type *masks = this_reginfo->masks;
3313
3314 jboolean copy = JNI_FALSE;
3315 int i, j;
3316 if (register_count > new_register_count) {
3317 /* Any register larger than new_register_count is now bogus */
3318 this_reginfo->register_count = new_register_count;
3319 register_count = new_register_count;
3320 this_idata->changed = JNI_TRUE;
3321 }
3322 for (i = 0; i < register_count; i++) {
3323 fullinfo_type prev_value = registers[i];
3324 if ((i < new_register_count)
3325 ? (!isAssignableTo(context, new_registers[i], prev_value))
3326 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3327 copy = JNI_TRUE;
3328 break;
3329 }
3330 }
3331
3332 if (copy) {
3333 /* We need a copy. So do it. */
3334 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3335 for (j = 0; j < i; j++)
3336 new_set[j] = registers[j];
3337 for (j = i; j < register_count; j++) {
3338 if (i >= new_register_count)
3339 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3340 else
3341 new_set[j] = merge_fullinfo_types(context,
3342 new_registers[j],
3343 registers[j], JNI_FALSE);
3344 }
3345 /* Some of the end items might now be bogus. This step isn't
3346 * necessary, but it may save work later. */
3347 while ( register_count > 0
3348 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3349 register_count--;
3350 this_reginfo->register_count = register_count;
3351 this_reginfo->registers = new_set;
3352 this_idata->changed = JNI_TRUE;
3353 }
3354 if (mask_count > 0) {
3355 /* If the target instruction already has a sequence of masks, then
3356 * we need to merge new_masks into it. We want the entries on
3357 * the mask to be the longest common substring of the two.
3358 * (e.g. a->b->d merged with a->c->d should give a->d)
3359 * The bits set in the mask should be the or of the corresponding
3360 * entries in each of the original masks.
3361 */
3362 int i, j, k;
3363 int matches = 0;
3364 int last_match = -1;
3365 jboolean copy_needed = JNI_FALSE;
3366 for (i = 0; i < mask_count; i++) {
3367 int entry = masks[i].entry;
3368 for (j = last_match + 1; j < new_mask_count; j++) {
3369 if (new_masks[j].entry == entry) {
3370 /* We have a match */
3371 int *prev = masks[i].modifies;
3372 int *new = new_masks[j].modifies;
3373 matches++;
3374 /* See if new_mask has bits set for "entry" that
3375 * weren't set for mask. If so, need to copy. */
3376 for (k = context->bitmask_size - 1;
3377 !copy_needed && k >= 0;
3378 k--)
3379 if (~prev[k] & new[k])
3380 copy_needed = JNI_TRUE;
3381 last_match = j;
3382 break;
3383 }
3384 }
3385 }
3386 if ((matches < mask_count) || copy_needed) {
3387 /* We need to make a copy for the new item, since either the
3388 * size has decreased, or new bits are set. */
3389 mask_type *copy = NEW(mask_type, matches);
3390 for (i = 0; i < matches; i++) {
3391 copy[i].modifies = NEW(int, context->bitmask_size);
3392 }
3393 this_reginfo->masks = copy;
3394 this_reginfo->mask_count = matches;
3395 this_idata->changed = JNI_TRUE;
3396 matches = 0;
3397 last_match = -1;
3398 for (i = 0; i < mask_count; i++) {
3399 int entry = masks[i].entry;
3400 for (j = last_match + 1; j < new_mask_count; j++) {
3401 if (new_masks[j].entry == entry) {
3402 int *prev1 = masks[i].modifies;
3403 int *prev2 = new_masks[j].modifies;
3404 int *new = copy[matches].modifies;
3405 copy[matches].entry = entry;
3406 for (k = context->bitmask_size - 1; k >= 0; k--)
3407 new[k] = prev1[k] | prev2[k];
3408 matches++;
3409 last_match = j;
3410 break;
3411 }
3412 }
3413 }
3414 }
3415 }
3416 }
3417 }
3418
3419
3420 static void
3421 merge_flags(context_type *context, unsigned int from_inumber,
3422 unsigned int to_inumber,
3423 flag_type new_and_flags, flag_type new_or_flags)
3424 {
3425 /* Set this_idata->and_flags &= new_and_flags
3426 this_idata->or_flags |= new_or_flags
3427 */
3428 instruction_data_type *idata = context->instruction_data;
3429 instruction_data_type *this_idata = &idata[to_inumber];
3430 flag_type this_and_flags = this_idata->and_flags;
3431 flag_type this_or_flags = this_idata->or_flags;
3432 flag_type merged_and = this_and_flags & new_and_flags;
3433 flag_type merged_or = this_or_flags | new_or_flags;
3434
3435 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3436 this_idata->and_flags = merged_and;
3437 this_idata->or_flags = merged_or;
3438 this_idata->changed = JNI_TRUE;
3439 }
3440 }
3441
3442
3443 /* Make a copy of a stack */
3444
3445 static stack_item_type *
3446 copy_stack(context_type *context, stack_item_type *stack)
3447 {
3448 int length;
3449 stack_item_type *ptr;
3450
3451 /* Find the length */
3452 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3453
3454 if (length > 0) {
3455 stack_item_type *new_stack = NEW(stack_item_type, length);
3456 stack_item_type *new_ptr;
3457 for ( ptr = stack, new_ptr = new_stack;
3458 ptr != NULL;
3459 ptr = ptr->next, new_ptr++) {
3460 new_ptr->item = ptr->item;
3461 new_ptr->next = new_ptr + 1;
3462 }
3463 new_stack[length - 1].next = NULL;
3464 return new_stack;
3465 } else {
3466 return NULL;
3467 }
3468 }
3469
3470
3471 static mask_type *
3472 copy_masks(context_type *context, mask_type *masks, int mask_count)
3473 {
3474 mask_type *result = NEW(mask_type, mask_count);
3475 int bitmask_size = context->bitmask_size;
3476 int *bitmaps = NEW(int, mask_count * bitmask_size);
3477 int i;
3478 for (i = 0; i < mask_count; i++) {
3479 result[i].entry = masks[i].entry;
3480 result[i].modifies = &bitmaps[i * bitmask_size];
3481 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3482 }
3483 return result;
3484 }
3485
3486
3487 static mask_type *
3488 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3489 {
3490 mask_type *result = NEW(mask_type, mask_count + 1);
3491 int bitmask_size = context->bitmask_size;
3492 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3493 int i;
3494 for (i = 0; i < mask_count; i++) {
3495 result[i].entry = masks[i].entry;
3496 result[i].modifies = &bitmaps[i * bitmask_size];
3497 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3498 }
3499 result[mask_count].entry = d;
3500 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3501 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3502 return result;
3503 }
3504
3505
3506
3507 /* We create our own storage manager, since we malloc lots of little items,
3508 * and I don't want to keep trace of when they become free. I sure wish that
3509 * we had heaps, and I could just free the heap when done.
3510 */
3511
3512 #define CCSegSize 2000
3513
3514 struct CCpool { /* a segment of allocated memory in the pool */
3515 struct CCpool *next;
3516 int segSize; /* almost always CCSegSize */
3517 int poolPad;
3518 char space[CCSegSize];
3519 };
3520
3521 /* Initialize the context's heap. */
3522 static void CCinit(context_type *context)
3523 {
3524 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3525 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3526 context->CCroot = context->CCcurrent = new;
3527 if (new == 0) {
3528 CCout_of_memory(context);
3529 }
3530 new->next = NULL;
3531 new->segSize = CCSegSize;
3532 context->CCfree_size = CCSegSize;
3533 context->CCfree_ptr = &new->space[0];
3534 }
3535
3536
3537 /* Reuse all the space that we have in the context's heap. */
3538 static void CCreinit(context_type *context)
3539 {
3540 struct CCpool *first = context->CCroot;
3541 context->CCcurrent = first;
3542 context->CCfree_size = CCSegSize;
3543 context->CCfree_ptr = &first->space[0];
3544 }
3545
3546 /* Destroy the context's heap. */
3547 static void CCdestroy(context_type *context)
3548 {
3549 struct CCpool *this = context->CCroot;
3550 while (this) {
3551 struct CCpool *next = this->next;
3552 free(this);
3553 this = next;
3554 }
3555 /* These two aren't necessary. But can't hurt either */
3556 context->CCroot = context->CCcurrent = NULL;
3557 context->CCfree_ptr = 0;
3558 }
3559
3560 /* Allocate an object of the given size from the context's heap. */
3561 static void *
3562 CCalloc(context_type *context, int size, jboolean zero)
3563 {
3564
3565 register char *p;
3566 /* Round CC to the size of a pointer */
3567 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3568
3569 if (context->CCfree_size < size) {
3570 struct CCpool *current = context->CCcurrent;
3571 struct CCpool *new;
3572 if (size > CCSegSize) { /* we need to allocate a special block */
3573 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3574 (size - CCSegSize));
3575 if (new == 0) {
3576 CCout_of_memory(context);
3577 }
3578 new->next = current->next;
3579 new->segSize = size;
3580 current->next = new;
3581 } else {
3582 new = current->next;
3583 if (new == NULL) {
3584 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3585 if (new == 0) {
3586 CCout_of_memory(context);
3587 }
3588 current->next = new;
3589 new->next = NULL;
3590 new->segSize = CCSegSize;
3591 }
3592 }
3593 context->CCcurrent = new;
3594 context->CCfree_ptr = &new->space[0];
3595 context->CCfree_size = new->segSize;
3596 }
3597 p = context->CCfree_ptr;
3598 context->CCfree_ptr += size;
3599 context->CCfree_size -= size;
3600 if (zero)
3601 memset(p, 0, size);
3602 return p;
3603 }
3604
3605 /* Get the class associated with a particular field or method or class in the
3606 * constant pool. If is_field is true, we've got a field or method. If
3607 * false, we've got a class.
3608 */
3609 static fullinfo_type
3610 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3611 {
3612 JNIEnv *env = context->env;
3613 fullinfo_type result;
3614 const char *classname;
3615 switch (kind) {
3616 case JVM_CONSTANT_Class:
3617 classname = JVM_GetCPClassNameUTF(env,
3618 context->class,
3619 cp_index);
3620 break;
3621 case JVM_CONSTANT_Methodref:
3622 classname = JVM_GetCPMethodClassNameUTF(env,
3623 context->class,
3624 cp_index);
3625 break;
3626 case JVM_CONSTANT_Fieldref:
3627 classname = JVM_GetCPFieldClassNameUTF(env,
3628 context->class,
3629 cp_index);
3630 break;
3631 default:
3632 classname = NULL;
3633 CCerror(context, "Internal error #5");
3634 }
3635
3636 check_and_push(context, classname, VM_STRING_UTF);
3637 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3638 /* This make recursively call us, in case of a class array */
3639 signature_to_fieldtype(context, &classname, &result);
3640 } else {
3641 result = make_class_info_from_name(context, classname);
3642 }
3643 pop_and_free(context);
3644 return result;
3645 }
3646
3647
3648 static int
3649 print_CCerror_info(context_type *context)
3650 {
3651 JNIEnv *env = context->env;
3652 jclass cb = context->class;
3653 const char *classname = JVM_GetClassNameUTF(env, cb);
3654 const char *name = 0;
3655 const char *signature = 0;
3656 int n = 0;
3657 if (context->method_index != -1) {
3658 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3659 signature =
3660 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3661 n += jio_snprintf(context->message, context->message_buf_len,
3662 "(class: %s, method: %s signature: %s) ",
3663 (classname ? classname : ""),
3664 (name ? name : ""),
3665 (signature ? signature : ""));
3666 } else if (context->field_index != -1 ) {
3667 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3668 n += jio_snprintf(context->message, context->message_buf_len,
3669 "(class: %s, field: %s) ",
3670 (classname ? classname : 0),
3671 (name ? name : 0));
3672 } else {
3673 n += jio_snprintf(context->message, context->message_buf_len,
3674 "(class: %s) ", classname ? classname : "");
3675 }
3676 JVM_ReleaseUTF(classname);
3677 JVM_ReleaseUTF(name);
3678 JVM_ReleaseUTF(signature);
3679 return n;
3680 }
3681
3682 static void
3683 CCerror (context_type *context, char *format, ...)
3684 {
3685 int n = print_CCerror_info(context);
3686 va_list args;
3687 if (n >= 0 && n < context->message_buf_len) {
3688 va_start(args, format);
3689 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3690 format, args);
3691 va_end(args);
3692 }
3693 context->err_code = CC_VerifyError;
3694 longjmp(context->jump_buffer, 1);
3695 }
3696
3697 static void
3698 CCout_of_memory(context_type *context)
3699 {
3700 int n = print_CCerror_info(context);
3701 context->err_code = CC_OutOfMemory;
3702 longjmp(context->jump_buffer, 1);
3703 }
3704
3705 static void
3706 CFerror(context_type *context, char *format, ...)
3707 {
3708 int n = print_CCerror_info(context);
3709 va_list args;
3710 if (n >= 0 && n < context->message_buf_len) {
3711 va_start(args, format);
3712 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3713 format, args);
3714 va_end(args);
3715 }
3716 context->err_code = CC_ClassFormatError;
3717 longjmp(context->jump_buffer, 1);
3718 }
3719
3720 static char
3721 signature_to_fieldtype(context_type *context,
3722 const char **signature_p, fullinfo_type *full_info_p)
3723 {
3724 const char *p = *signature_p;
3725 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3726 char result;
3727 int array_depth = 0;
3728
3729 for (;;) {
3730 switch(*p++) {
3731 default:
3732 result = 0;
3733 break;
3734
3735 case JVM_SIGNATURE_BOOLEAN:
3736 full_info = (array_depth > 0)
3737 ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)
3738 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3739 result = 'I';
3740 break;
3741
3742 case JVM_SIGNATURE_BYTE:
3743 full_info = (array_depth > 0)
3744 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3745 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3746 result = 'I';
3747 break;
3748
3749 case JVM_SIGNATURE_CHAR:
3750 full_info = (array_depth > 0)
3751 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3752 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3753 result = 'I';
3754 break;
3755
3756 case JVM_SIGNATURE_SHORT:
3757 full_info = (array_depth > 0)
3758 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3759 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3760 result = 'I';
3761 break;
3762
3763 case JVM_SIGNATURE_INT:
3764 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3765 result = 'I';
3766 break;
3767
3768 case JVM_SIGNATURE_FLOAT:
3769 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3770 result = 'F';
3771 break;
3772
3773 case JVM_SIGNATURE_DOUBLE:
3774 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3775 result = 'D';
3776 break;
3777
3778 case JVM_SIGNATURE_LONG:
3779 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3780 result = 'L';
3781 break;
3782
3783 case JVM_SIGNATURE_ARRAY:
3784 array_depth++;
3785 continue; /* only time we ever do the loop > 1 */
3786
3787 case JVM_SIGNATURE_CLASS: {
3788 char buffer_space[256];
3789 char *buffer = buffer_space;
3790 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3791 int length;
3792 if (finish == NULL) {
3793 /* Signature must have ';' after the class name.
3794 * If it does not, return 0 and ITEM_Bogus in full_info. */
3795 result = 0;
3796 break;
3797 }
3798 length = finish - p;
3799 if (length + 1 > (int)sizeof(buffer_space)) {
3800 buffer = malloc(length + 1);
3801 check_and_push(context, buffer, VM_MALLOC_BLK);
3802 }
3803 memcpy(buffer, p, length);
3804 buffer[length] = '\0';
3805 full_info = make_class_info_from_name(context, buffer);
3806 result = 'A';
3807 p = finish + 1;
3808 if (buffer != buffer_space)
3809 pop_and_free(context);
3810 break;
3811 }
3812 } /* end of switch */
3813 break;
3814 }
3815 *signature_p = p;
3816 if (array_depth == 0 || result == 0) {
3817 /* either not an array, or result is bogus */
3818 *full_info_p = full_info;
3819 return result;
3820 } else {
3821 if (array_depth > MAX_ARRAY_DIMENSIONS)
3822 CCerror(context, "Array with too many dimensions");
3823 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3824 array_depth,
3825 GET_EXTRA_INFO(full_info));
3826 return 'A';
3827 }
3828 }
3829
3830
3831 /* Given an array type, create the type that has one less level of
3832 * indirection.
3833 */
3834
3835 static fullinfo_type
3836 decrement_indirection(fullinfo_type array_info)
3837 {
3838 if (array_info == NULL_FULLINFO) {
3839 return NULL_FULLINFO;
3840 } else {
3841 int type = GET_ITEM_TYPE(array_info);
3842 int indirection = GET_INDIRECTION(array_info) - 1;
3843 int extra_info = GET_EXTRA_INFO(array_info);
3844 if ( (indirection == 0)
3845 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3846 type = ITEM_Integer;
3847 return MAKE_FULLINFO(type, indirection, extra_info);
3848 }
3849 }
3850
3851
3852 /* See if we can assign an object of the "from" type to an object
3853 * of the "to" type.
3854 */
3855
3856 static jboolean isAssignableTo(context_type *context,
3857 fullinfo_type from, fullinfo_type to)
3858 {
3859 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3860 }
3861
3862 /* Given two fullinfo_type's, find their lowest common denominator. If
3863 * the assignable_p argument is non-null, we're really just calling to find
3864 * out if "<target> := <value>" is a legitimate assignment.
3865 *
3866 * We treat all interfaces as if they were of type java/lang/Object, since the
3867 * runtime will do the full checking.
3868 */
3869 static fullinfo_type
3870 merge_fullinfo_types(context_type *context,
3871 fullinfo_type value, fullinfo_type target,
3872 jboolean for_assignment)
3873 {
3874 JNIEnv *env = context->env;
3875 if (value == target) {
3876 /* If they're identical, clearly just return what we've got */
3877 return value;
3878 }
3879
3880 /* Both must be either arrays or objects to go further */
3881 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3882 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3883 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3884 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3885
3886 /* If either is NULL, return the other. */
3887 if (value == NULL_FULLINFO)
3888 return target;
3889 else if (target == NULL_FULLINFO)
3890 return value;
3891
3892 /* If either is java/lang/Object, that's the result. */
3893 if (target == context->object_info)
3894 return target;
3895 else if (value == context->object_info) {
3896 /* Minor hack. For assignments, Interface := Object, return Interface
3897 * rather than Object, so that isAssignableTo() will get the right
3898 * result. */
3899 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3900 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3901 jclass cb = object_fullinfo_to_classclass(context,
3902 target);
3903 int is_interface = cb && JVM_IsInterface(env, cb);
3904 if (is_interface)
3905 return target;
3906 }
3907 return value;
3908 }
3909 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3910 /* At least one is an array. Neither is java/lang/Object or NULL.
3911 * Moreover, the types are not identical.
3912 * The result must either be Object, or an array of some object type.
3913 */
3914 fullinfo_type value_base, target_base;
3915 int dimen_value = GET_INDIRECTION(value);
3916 int dimen_target = GET_INDIRECTION(target);
3917
3918 if (target == context->cloneable_info ||
3919 target == context->serializable_info) {
3920 return target;
3921 }
3922
3923 if (value == context->cloneable_info ||
3924 value == context->serializable_info) {
3925 return value;
3926 }
3927
3928 /* First, if either item's base type isn't ITEM_Object, promote it up
3929 * to an object or array of object. If either is elemental, we can
3930 * punt.
3931 */
3932 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3933 if (dimen_value == 0)
3934 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3935 dimen_value--;
3936 value = MAKE_Object_ARRAY(dimen_value);
3937
3938 }
3939 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3940 if (dimen_target == 0)
3941 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3942 dimen_target--;
3943 target = MAKE_Object_ARRAY(dimen_target);
3944 }
3945 /* Both are now objects or arrays of some sort of object type */
3946 value_base = WITH_ZERO_INDIRECTION(value);
3947 target_base = WITH_ZERO_INDIRECTION(target);
3948 if (dimen_value == dimen_target) {
3949 /* Arrays of the same dimension. Merge their base types. */
3950 fullinfo_type result_base =
3951 merge_fullinfo_types(context, value_base, target_base,
3952 for_assignment);
3953 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3954 /* bogus in, bogus out */
3955 return result_base;
3956 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3957 GET_EXTRA_INFO(result_base));
3958 } else {
3959 /* Arrays of different sizes. If the smaller dimension array's base
3960 * type is java/lang/Cloneable or java/io/Serializable, return it.
3961 * Otherwise return java/lang/Object with a dimension of the smaller
3962 * of the two */
3963 if (dimen_value < dimen_target) {
3964 if (value_base == context->cloneable_info ||
3965 value_base == context ->serializable_info) {
3966 return value;
3967 }
3968 return MAKE_Object_ARRAY(dimen_value);
3969 } else {
3970 if (target_base == context->cloneable_info ||
3971 target_base == context->serializable_info) {
3972 return target;
3973 }
3974 return MAKE_Object_ARRAY(dimen_target);
3975 }
3976 }
3977 } else {
3978 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3979 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3980 fullinfo_type result_info;
3981
3982 /* Let's get the classes corresponding to each of these. Treat
3983 * interfaces as if they were java/lang/Object. See hack note above. */
3984 cb_target = object_fullinfo_to_classclass(context, target);
3985 if (cb_target == 0)
3986 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3987 if (JVM_IsInterface(env, cb_target))
3988 return for_assignment ? target : context->object_info;
3989 cb_value = object_fullinfo_to_classclass(context, value);
3990 if (cb_value == 0)
3991 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3992 if (JVM_IsInterface(env, cb_value))
3993 return context->object_info;
3994
3995 /* If this is for assignment of target := value, we just need to see if
3996 * cb_target is a superclass of cb_value. Save ourselves a lot of
3997 * work.
3998 */
3999 if (for_assignment) {
4000 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4001 while (cb_super_value != 0) {
4002 jclass tmp_cb;
4003 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4004 (*env)->DeleteLocalRef(env, cb_super_value);
4005 return target;
4006 }
4007 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4008 (*env)->DeleteLocalRef(env, cb_super_value);
4009 cb_super_value = tmp_cb;
4010 }
4011 (*env)->DeleteLocalRef(env, cb_super_value);
4012 return context->object_info;
4013 }
4014
4015 /* Find out whether cb_value or cb_target is deeper in the class
4016 * tree by moving both toward the root, and seeing who gets there
4017 * first. */
4018 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4019 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4020 while((cb_super_value != 0) &&
4021 (cb_super_target != 0)) {
4022 jclass tmp_cb;
4023 /* Optimization. If either hits the other when going up looking
4024 * for a parent, then might as well return the parent immediately */
4025 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4026 (*env)->DeleteLocalRef(env, cb_super_value);
4027 (*env)->DeleteLocalRef(env, cb_super_target);
4028 return target;
4029 }
4030 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4031 (*env)->DeleteLocalRef(env, cb_super_value);
4032 (*env)->DeleteLocalRef(env, cb_super_target);
4033 return value;
4034 }
4035 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4036 (*env)->DeleteLocalRef(env, cb_super_value);
4037 cb_super_value = tmp_cb;
4038
4039 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4040 (*env)->DeleteLocalRef(env, cb_super_target);
4041 cb_super_target = tmp_cb;
4042 }
4043 cb_value = (*env)->NewLocalRef(env, cb_value);
4044 cb_target = (*env)->NewLocalRef(env, cb_target);
4045 /* At most one of the following two while clauses will be executed.
4046 * Bring the deeper of cb_target and cb_value to the depth of the
4047 * shallower one.
4048 */
4049 while (cb_super_value != 0) {
4050 /* cb_value is deeper */
4051 jclass cb_tmp;
4052
4053 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4054 (*env)->DeleteLocalRef(env, cb_super_value);
4055 cb_super_value = cb_tmp;
4056
4057 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4058 (*env)->DeleteLocalRef(env, cb_value);
4059 cb_value = cb_tmp;
4060 }
4061 while (cb_super_target != 0) {
4062 /* cb_target is deeper */
4063 jclass cb_tmp;
4064
4065 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4066 (*env)->DeleteLocalRef(env, cb_super_target);
4067 cb_super_target = cb_tmp;
4068
4069 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4070 (*env)->DeleteLocalRef(env, cb_target);
4071 cb_target = cb_tmp;
4072 }
4073
4074 /* Walk both up, maintaining equal depth, until a join is found. We
4075 * know that we will find one. */
4076 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4077 jclass cb_tmp;
4078 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4079 (*env)->DeleteLocalRef(env, cb_value);
4080 cb_value = cb_tmp;
4081 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4082 (*env)->DeleteLocalRef(env, cb_target);
4083 cb_target = cb_tmp;
4084 }
4085 result_info = make_class_info(context, cb_value);
4086 (*env)->DeleteLocalRef(env, cb_value);
4087 (*env)->DeleteLocalRef(env, cb_super_value);
4088 (*env)->DeleteLocalRef(env, cb_target);
4089 (*env)->DeleteLocalRef(env, cb_super_target);
4090 return result_info;
4091 } /* both items are classes */
4092 }
4093
4094
4095 /* Given a fullinfo_type corresponding to an Object, return the jclass
4096 * of that type.
4097 *
4098 * This function always returns a global reference!
4099 */
4100
4101 static jclass
4102 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4103 {
4104 unsigned short info = GET_EXTRA_INFO(classinfo);
4105 return ID_to_class(context, info);
4106 }
4107
4108 static void free_block(void *ptr, int kind)
4109 {
4110 switch (kind) {
4111 case VM_STRING_UTF:
4112 JVM_ReleaseUTF(ptr);
4113 break;
4114 case VM_MALLOC_BLK:
4115 free(ptr);
4116 break;
4117 }
4118 }
4119
4120 static void check_and_push(context_type *context, const void *ptr, int kind)
4121 {
4122 alloc_stack_type *p;
4123 if (ptr == 0)
4124 CCout_of_memory(context);
4125 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4126 p = &(context->alloc_stack[context->alloc_stack_top++]);
4127 else {
4128 /* Otherwise we have to malloc */
4129 p = malloc(sizeof(alloc_stack_type));
4130 if (p == 0) {
4131 /* Make sure we clean up. */
4132 free_block((void *)ptr, kind);
4133 CCout_of_memory(context);
4134 }
4135 }
4136 p->kind = kind;
4137 p->ptr = (void *)ptr;
4138 p->next = context->allocated_memory;
4139 context->allocated_memory = p;
4140 }
4141
4142 static void pop_and_free(context_type *context)
4143 {
4144 alloc_stack_type *p = context->allocated_memory;
4145 context->allocated_memory = p->next;
4146 free_block(p->ptr, p->kind);
4147 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4148 p >= context->alloc_stack)
4149 context->alloc_stack_top--;
4150 else
4151 free(p);
4152 }
4153
4154 static int signature_to_args_size(const char *method_signature)
4155 {
4156 const char *p;
4157 int args_size = 0;
4158 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4159 switch (*p) {
4160 case JVM_SIGNATURE_BOOLEAN:
4161 case JVM_SIGNATURE_BYTE:
4162 case JVM_SIGNATURE_CHAR:
4163 case JVM_SIGNATURE_SHORT:
4164 case JVM_SIGNATURE_INT:
4165 case JVM_SIGNATURE_FLOAT:
4166 args_size += 1;
4167 break;
4168 case JVM_SIGNATURE_CLASS:
4169 args_size += 1;
4170 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4171 break;
4172 case JVM_SIGNATURE_ARRAY:
4173 args_size += 1;
4174 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4175 /* If an array of classes, skip over class name, too. */
4176 if (*p == JVM_SIGNATURE_CLASS) {
4177 while (*p != JVM_SIGNATURE_ENDCLASS)
4178 p++;
4179 }
4180 break;
4181 case JVM_SIGNATURE_DOUBLE:
4182 case JVM_SIGNATURE_LONG:
4183 args_size += 2;
4184 break;
4185 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4186 break;
4187 default:
4188 /* Indicate an error. */
4189 return 0;
4190 }
4191 }
4192 return args_size;
4193 }
4194
4195 #ifdef DEBUG
4196
4197 /* Below are for debugging. */
4198
4199 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4200
4201 static void
4202 print_stack(context_type *context, stack_info_type *stack_info)
4203 {
4204 stack_item_type *stack = stack_info->stack;
4205 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4206 jio_fprintf(stdout, "x");
4207 } else {
4208 jio_fprintf(stdout, "(");
4209 for ( ; stack != 0; stack = stack->next)
4210 print_fullinfo_type(context, stack->item,
4211 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4212 jio_fprintf(stdout, ")");
4213 }
4214 }
4215
4216 static void
4217 print_registers(context_type *context, register_info_type *register_info)
4218 {
4219 int register_count = register_info->register_count;
4220 if (register_count == UNKNOWN_REGISTER_COUNT) {
4221 jio_fprintf(stdout, "x");
4222 } else {
4223 fullinfo_type *registers = register_info->registers;
4224 int mask_count = register_info->mask_count;
4225 mask_type *masks = register_info->masks;
4226 int i, j;
4227
4228 jio_fprintf(stdout, "{");
4229 for (i = 0; i < register_count; i++)
4230 print_fullinfo_type(context, registers[i],
4231 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4232 jio_fprintf(stdout, "}");
4233 for (i = 0; i < mask_count; i++) {
4234 char *separator = "";
4235 int *modifies = masks[i].modifies;
4236 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4237 for (j = 0;
4238 j < JVM_GetMethodIxLocalsCount(context->env,
4239 context->class,
4240 context->method_index);
4241 j++)
4242 if (IS_BIT_SET(modifies, j)) {
4243 jio_fprintf(stdout, "%s%d", separator, j);
4244 separator = ",";
4245 }
4246 jio_fprintf(stdout, ">");
4247 }
4248 }
4249 }
4250
4251
4252 static void
4253 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4254 {
4255 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4256 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4257 }
4258 }
4259
4260 static void
4261 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4262 {
4263 int i;
4264 int indirection = GET_INDIRECTION(type);
4265 for (i = indirection; i-- > 0; )
4266 jio_fprintf(stdout, "[");
4267 switch (GET_ITEM_TYPE(type)) {
4268 case ITEM_Integer:
4269 jio_fprintf(stdout, "I"); break;
4270 case ITEM_Float:
4271 jio_fprintf(stdout, "F"); break;
4272 case ITEM_Double:
4273 jio_fprintf(stdout, "D"); break;
4274 case ITEM_Double_2:
4275 jio_fprintf(stdout, "d"); break;
4276 case ITEM_Long:
4277 jio_fprintf(stdout, "L"); break;
4278 case ITEM_Long_2:
4279 jio_fprintf(stdout, "l"); break;
4280 case ITEM_ReturnAddress:
4281 jio_fprintf(stdout, "a"); break;
4282 case ITEM_Object:
4283 if (!verbose) {
4284 jio_fprintf(stdout, "A");
4285 } else {
4286 unsigned short extra = GET_EXTRA_INFO(type);
4287 if (extra == 0) {
4288 jio_fprintf(stdout, "/Null/");
4289 } else {
4290 const char *name = ID_to_class_name(context, extra);
4291 const char *name2 = strrchr(name, '/');
4292 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4293 }
4294 }
4295 break;
4296 case ITEM_Char:
4297 jio_fprintf(stdout, "C"); break;
4298 case ITEM_Short:
4299 jio_fprintf(stdout, "S"); break;
4300 case ITEM_Boolean:
4301 jio_fprintf(stdout, "Z"); break;
4302 case ITEM_Byte:
4303 jio_fprintf(stdout, "B"); break;
4304 case ITEM_NewObject:
4305 if (!verbose) {
4306 jio_fprintf(stdout, "@");
4307 } else {
4308 int inum = GET_EXTRA_INFO(type);
4309 fullinfo_type real_type =
4310 context->instruction_data[inum].operand2.fi;
4311 jio_fprintf(stdout, ">");
4312 print_fullinfo_type(context, real_type, JNI_TRUE);
4313 jio_fprintf(stdout, "<");
4314 }
4315 break;
4316 case ITEM_InitObject:
4317 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4318 break;
4319
4320 default:
4321 jio_fprintf(stdout, "?"); break;
4322 }
4323 for (i = indirection; i-- > 0; )
4324 jio_fprintf(stdout, "]");
4325 }
4326
4327
4328 static void
4329 print_formatted_fieldname(context_type *context, int index)
4330 {
4331 JNIEnv *env = context->env;
4332 jclass cb = context->class;
4333 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4334 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4335 jio_fprintf(stdout, " <%s.%s>",
4336 classname ? classname : "", fieldname ? fieldname : "");
4337 JVM_ReleaseUTF(classname);
4338 JVM_ReleaseUTF(fieldname);
4339 }
4340
4341 static void
4342 print_formatted_methodname(context_type *context, int index)
4343 {
4344 JNIEnv *env = context->env;
4345 jclass cb = context->class;
4346 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4347 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4348 jio_fprintf(stdout, " <%s.%s>",
4349 classname ? classname : "", methodname ? methodname : "");
4350 JVM_ReleaseUTF(classname);
4351 JVM_ReleaseUTF(methodname);
4352 }
4353
4354 #endif /*DEBUG*/