1 /*
2 * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 #ifdef __APPLE__
94 /* use setjmp/longjmp versions that do not save/restore the signal mask */
95 #define setjmp _setjmp
96 #define longjmp _longjmp
97 #endif
98
99 #define MAX_ARRAY_DIMENSIONS 255
100 /* align byte code */
101 #ifndef ALIGN_UP
102 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
103 #endif /* ALIGN_UP */
104 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
105
106 #ifdef DEBUG
107
108 int verify_verbose = 0;
109 static struct context_type *GlobalContext;
110 #endif
111
112 enum {
113 ITEM_Bogus,
114 ITEM_Void, /* only as a function return value */
115 ITEM_Integer,
116 ITEM_Float,
117 ITEM_Double,
118 ITEM_Double_2, /* 2nd word of double in register */
119 ITEM_Long,
120 ITEM_Long_2, /* 2nd word of long in register */
121 ITEM_Array,
122 ITEM_Object, /* Extra info field gives name. */
123 ITEM_NewObject, /* Like object, but uninitialized. */
124 ITEM_InitObject, /* "this" is init method, before call
125 to super() */
126 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
127 /* The following three are only used within array types.
128 * Normally, we use ITEM_Integer, instead. */
129 ITEM_Byte,
130 ITEM_Short,
131 ITEM_Char
132 };
133
134
135 #define UNKNOWN_STACK_SIZE -1
136 #define UNKNOWN_REGISTER_COUNT -1
137 #define UNKNOWN_RET_INSTRUCTION -1
138
139 #undef MAX
140 #undef MIN
141 #define MAX(a, b) ((a) > (b) ? (a) : (b))
142 #define MIN(a, b) ((a) < (b) ? (a) : (b))
143
144 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
145 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
146 ((unsigned)1 << ((i) % BITS_PER_INT)))
147 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
148 ((unsigned)1 << ((i) % BITS_PER_INT)))
149
150 typedef unsigned int fullinfo_type;
151 typedef unsigned int *bitvector;
152
153 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
154 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
155 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
156 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
157 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
158
159 #define MAKE_FULLINFO(type, indirect, extra) \
160 ((type) + ((indirect) << 5) + ((extra) << 16))
161
162 #define MAKE_Object_ARRAY(indirect) \
163 (context->object_info + ((indirect) << 5))
164
165 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
166
167 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
168 #define JVM_OPC_invokeinit 0x100
169
170 /* A hash mechanism used by the verifier.
171 * Maps class names to unique 16 bit integers.
172 */
173
174 #define HASH_TABLE_SIZE 503
175
176 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
177 * row (256 buckets) at a time to minimize fragmentation. Rows are
178 * allocated on demand so that we don't waste too much space.
179 */
180
181 #define MAX_HASH_ENTRIES 65536
182 #define HASH_ROW_SIZE 256
183
184 typedef struct hash_bucket_type {
185 char *name;
186 unsigned int hash;
187 jclass class;
188 unsigned short ID;
189 unsigned short next;
190 unsigned loadable:1; /* from context->class loader */
191 } hash_bucket_type;
192
193 typedef struct {
194 hash_bucket_type **buckets;
195 unsigned short *table;
196 int entries_used;
197 } hash_table_type;
198
199 #define GET_BUCKET(class_hash, ID)\
200 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
201
202 /*
203 * There are currently two types of resources that we need to keep
204 * track of (in addition to the CCalloc pool).
205 */
206 enum {
207 VM_STRING_UTF, /* VM-allocated UTF strings */
208 VM_MALLOC_BLK /* malloc'ed blocks */
209 };
210
211 #define LDC_CLASS_MAJOR_VERSION 49
212
213 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
214
215 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
216
217 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
218
219 #define ALLOC_STACK_SIZE 16 /* big enough */
220
221 typedef struct alloc_stack_type {
222 void *ptr;
223 int kind;
224 struct alloc_stack_type *next;
225 } alloc_stack_type;
226
227 /* The context type encapsulates the current invocation of the byte
228 * code verifier.
229 */
230 struct context_type {
231
232 JNIEnv *env; /* current JNIEnv */
233
234 /* buffers etc. */
235 char *message;
236 jint message_buf_len;
237 jboolean err_code;
238
239 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
240 had a chance to free */
241 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
242 blocks here, to save mallocs. */
243 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
244 int alloc_stack_top;
245
246 /* these fields are per class */
247 jclass class; /* current class */
248 jint major_version;
249 jint nconstants;
250 unsigned char *constant_types;
251 hash_table_type class_hash;
252
253 fullinfo_type object_info; /* fullinfo for java/lang/Object */
254 fullinfo_type string_info; /* fullinfo for java/lang/String */
255 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
256 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
257 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
258
259 fullinfo_type currentclass_info; /* fullinfo for context->class */
260 fullinfo_type superclass_info; /* fullinfo for superclass */
261
262 /* these fields are per method */
263 int method_index; /* current method */
264 unsigned short *exceptions; /* exceptions */
265 unsigned char *code; /* current code object */
266 jint code_length;
267 int *code_data; /* offset to instruction number */
268 struct instruction_data_type *instruction_data; /* info about each */
269 struct handler_info_type *handler_info;
270 fullinfo_type *superclasses; /* null terminated superclasses */
271 int instruction_count; /* number of instructions */
272 fullinfo_type return_type; /* function return type */
273 fullinfo_type swap_table[4]; /* used for passing information */
274 int bitmask_size; /* words needed to hold bitmap of arguments */
275
276 /* these fields are per field */
277 int field_index;
278
279 /* Used by the space allocator */
280 struct CCpool *CCroot, *CCcurrent;
281 char *CCfree_ptr;
282 int CCfree_size;
283
284 /* Jump here on any error. */
285 jmp_buf jump_buffer;
286
287 #ifdef DEBUG
288 /* keep track of how many global refs are allocated. */
289 int n_globalrefs;
290 #endif
291 };
292
293 struct stack_info_type {
294 struct stack_item_type *stack;
295 int stack_size;
296 };
297
298 struct register_info_type {
299 int register_count; /* number of registers used */
300 fullinfo_type *registers;
301 int mask_count; /* number of masks in the following */
302 struct mask_type *masks;
303 };
304
305 struct mask_type {
306 int entry;
307 int *modifies;
308 };
309
310 typedef unsigned short flag_type;
311
312 struct instruction_data_type {
313 int opcode; /* may turn into "canonical" opcode */
314 unsigned changed:1; /* has it changed */
315 unsigned protected:1; /* must accessor be a subclass of "this" */
316 union {
317 int i; /* operand to the opcode */
318 int *ip;
319 fullinfo_type fi;
320 } operand, operand2;
321 fullinfo_type p;
322 struct stack_info_type stack_info;
323 struct register_info_type register_info;
324 #define FLAG_REACHED 0x01 /* instruction reached */
325 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
326 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
327 flag_type or_flags; /* true for at least one path to this inst */
328 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
329 flag_type and_flags; /* true for all paths to this instruction */
330 };
331
332 struct handler_info_type {
333 int start, end, handler;
334 struct stack_info_type stack_info;
335 };
336
337 struct stack_item_type {
338 fullinfo_type item;
339 struct stack_item_type *next;
340 };
341
342 typedef struct context_type context_type;
343 typedef struct instruction_data_type instruction_data_type;
344 typedef struct stack_item_type stack_item_type;
345 typedef struct register_info_type register_info_type;
346 typedef struct stack_info_type stack_info_type;
347 typedef struct mask_type mask_type;
348
349 static void read_all_code(context_type *context, jclass cb, int num_methods,
350 int** code_lengths, unsigned char*** code);
351 static void verify_method(context_type *context, jclass cb, int index,
352 int code_length, unsigned char* code);
353 static void free_all_code(context_type* context, int num_methods,
354 unsigned char** code);
355 static void verify_field(context_type *context, jclass cb, int index);
356
357 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
358 static void set_protected(context_type *, unsigned int inumber, int key, int);
359 static jboolean is_superclass(context_type *, fullinfo_type);
360
361 static void initialize_exception_table(context_type *);
362 static int instruction_length(unsigned char *iptr, unsigned char *end);
363 static jboolean isLegalTarget(context_type *, int offset);
364 static void verify_constant_pool_type(context_type *, int, unsigned);
365
366 static void initialize_dataflow(context_type *);
367 static void run_dataflow(context_type *context);
368 static void check_register_values(context_type *context, unsigned int inumber);
369 static void check_flags(context_type *context, unsigned int inumber);
370 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
371 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
372 static void update_flags(context_type *, unsigned int inumber,
373 flag_type *new_and_flags, flag_type *new_or_flags);
374 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
375
376 static void merge_into_successors(context_type *, unsigned int inumber,
377 register_info_type *register_info,
378 stack_info_type *stack_info,
379 flag_type and_flags, flag_type or_flags);
380 static void merge_into_one_successor(context_type *context,
381 unsigned int from_inumber,
382 unsigned int inumber,
383 register_info_type *register_info,
384 stack_info_type *stack_info,
385 flag_type and_flags, flag_type or_flags,
386 jboolean isException);
387 static void merge_stack(context_type *, unsigned int inumber,
388 unsigned int to_inumber, stack_info_type *);
389 static void merge_registers(context_type *, unsigned int inumber,
390 unsigned int to_inumber,
391 register_info_type *);
392 static void merge_flags(context_type *context, unsigned int from_inumber,
393 unsigned int to_inumber,
394 flag_type new_and_flags, flag_type new_or_flags);
395
396 static stack_item_type *copy_stack(context_type *, stack_item_type *);
397 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
398 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
399
400 static fullinfo_type decrement_indirection(fullinfo_type);
401
402 static fullinfo_type merge_fullinfo_types(context_type *context,
403 fullinfo_type a,
404 fullinfo_type b,
405 jboolean assignment);
406 static jboolean isAssignableTo(context_type *,
407 fullinfo_type a,
408 fullinfo_type b);
409
410 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
411
412
413 #define NEW(type, count) \
414 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
415 #define ZNEW(type, count) \
416 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
417
418 static void CCinit(context_type *context);
419 static void CCreinit(context_type *context);
420 static void CCdestroy(context_type *context);
421 static void *CCalloc(context_type *context, int size, jboolean zero);
422
423 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
424
425 static char signature_to_fieldtype(context_type *context,
426 const char **signature_p, fullinfo_type *info);
427
428 static void CCerror (context_type *, char *format, ...);
429 static void CFerror (context_type *, char *format, ...);
430 static void CCout_of_memory (context_type *);
431
432 /* Because we can longjmp any time, we need to be very careful about
433 * remembering what needs to be freed. */
434
435 static void check_and_push(context_type *context, const void *ptr, int kind);
436 static void pop_and_free(context_type *context);
437
438 static int signature_to_args_size(const char *method_signature);
439
440 #ifdef DEBUG
441 static void print_stack (context_type *, stack_info_type *stack_info);
442 static void print_registers(context_type *, register_info_type *register_info);
443 static void print_flags(context_type *, flag_type, flag_type);
444 static void print_formatted_fieldname(context_type *context, int index);
445 static void print_formatted_methodname(context_type *context, int index);
446 #endif
447
448 void initialize_class_hash(context_type *context)
449 {
450 hash_table_type *class_hash = &(context->class_hash);
451 class_hash->buckets = (hash_bucket_type **)
452 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
453 class_hash->table = (unsigned short *)
454 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
455 if (class_hash->buckets == 0 ||
456 class_hash->table == 0)
457 CCout_of_memory(context);
458 class_hash->entries_used = 0;
459 }
460
461 static void finalize_class_hash(context_type *context)
462 {
463 hash_table_type *class_hash = &(context->class_hash);
464 JNIEnv *env = context->env;
465 int i;
466 /* 4296677: bucket index starts from 1. */
467 for (i=1;i<=class_hash->entries_used;i++) {
468 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
469 assert(bucket != NULL);
470 free(bucket->name);
471 if (bucket->class) {
472 (*env)->DeleteGlobalRef(env, bucket->class);
473 #ifdef DEBUG
474 context->n_globalrefs--;
475 #endif
476 }
477 }
478 if (class_hash->buckets) {
479 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
480 if (class_hash->buckets[i] == 0)
481 break;
482 free(class_hash->buckets[i]);
483 }
484 }
485 free(class_hash->buckets);
486 free(class_hash->table);
487 }
488
489 static hash_bucket_type *
490 new_bucket(context_type *context, unsigned short *pID)
491 {
492 hash_table_type *class_hash = &(context->class_hash);
493 int i = *pID = class_hash->entries_used + 1;
494 int row = i / HASH_ROW_SIZE;
495 if (i >= MAX_HASH_ENTRIES)
496 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
497 if (class_hash->buckets[row] == 0) {
498 class_hash->buckets[row] = (hash_bucket_type*)
499 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
500 if (class_hash->buckets[row] == 0)
501 CCout_of_memory(context);
502 }
503 class_hash->entries_used++; /* only increment when we are sure there
504 is no overflow. */
505 return GET_BUCKET(class_hash, i);
506 }
507
508 static unsigned int
509 class_hash_fun(const char *s)
510 {
511 int i;
512 unsigned raw_hash;
513 for (raw_hash = 0; (i = *s) != '\0'; ++s)
514 raw_hash = raw_hash * 37 + i;
515 return raw_hash;
516 }
517
518 /*
519 * Find a class using the defining loader of the current class
520 * and return a local reference to it.
521 */
522 static jclass load_class_local(context_type *context,const char *classname)
523 {
524 jclass cb = JVM_FindClassFromClass(context->env, classname,
525 JNI_FALSE, context->class);
526 if (cb == 0)
527 CCerror(context, "Cannot find class %s", classname);
528 return cb;
529 }
530
531 /*
532 * Find a class using the defining loader of the current class
533 * and return a global reference to it.
534 */
535 static jclass load_class_global(context_type *context, const char *classname)
536 {
537 JNIEnv *env = context->env;
538 jclass local, global;
539
540 local = load_class_local(context, classname);
541 global = (*env)->NewGlobalRef(env, local);
542 if (global == 0)
543 CCout_of_memory(context);
544 #ifdef DEBUG
545 context->n_globalrefs++;
546 #endif
547 (*env)->DeleteLocalRef(env, local);
548 return global;
549 }
550
551 /*
552 * Return a unique ID given a local class reference. The loadable
553 * flag is true if the defining class loader of context->class
554 * is known to be capable of loading the class.
555 */
556 static unsigned short
557 class_to_ID(context_type *context, jclass cb, jboolean loadable)
558 {
559 JNIEnv *env = context->env;
560 hash_table_type *class_hash = &(context->class_hash);
561 unsigned int hash;
562 hash_bucket_type *bucket;
563 unsigned short *pID;
564 const char *name = JVM_GetClassNameUTF(env, cb);
565
566 check_and_push(context, name, VM_STRING_UTF);
567 hash = class_hash_fun(name);
568 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
569 while (*pID) {
570 bucket = GET_BUCKET(class_hash, *pID);
571 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
572 /*
573 * There is an unresolved entry with our name
574 * so we're forced to load it in case it matches us.
575 */
576 if (bucket->class == 0) {
577 assert(bucket->loadable == JNI_TRUE);
578 bucket->class = load_class_global(context, name);
579 }
580
581 /*
582 * It's already in the table. Update the loadable
583 * state if it's known and then we're done.
584 */
585 if ((*env)->IsSameObject(env, cb, bucket->class)) {
586 if (loadable && !bucket->loadable)
587 bucket->loadable = JNI_TRUE;
588 goto done;
589 }
590 }
591 pID = &bucket->next;
592 }
593 bucket = new_bucket(context, pID);
594 bucket->next = 0;
595 bucket->hash = hash;
596 bucket->name = malloc(strlen(name) + 1);
597 if (bucket->name == 0)
598 CCout_of_memory(context);
599 strcpy(bucket->name, name);
600 bucket->loadable = loadable;
601 bucket->class = (*env)->NewGlobalRef(env, cb);
602 if (bucket->class == 0)
603 CCout_of_memory(context);
604 #ifdef DEBUG
605 context->n_globalrefs++;
606 #endif
607
608 done:
609 pop_and_free(context);
610 return *pID;
611 }
612
613 /*
614 * Return a unique ID given a class name from the constant pool.
615 * All classes are lazily loaded from the defining loader of
616 * context->class.
617 */
618 static unsigned short
619 class_name_to_ID(context_type *context, const char *name)
620 {
621 hash_table_type *class_hash = &(context->class_hash);
622 unsigned int hash = class_hash_fun(name);
623 hash_bucket_type *bucket;
624 unsigned short *pID;
625 jboolean force_load = JNI_FALSE;
626
627 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
628 while (*pID) {
629 bucket = GET_BUCKET(class_hash, *pID);
630 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
631 if (bucket->loadable)
632 goto done;
633 force_load = JNI_TRUE;
634 }
635 pID = &bucket->next;
636 }
637
638 if (force_load) {
639 /*
640 * We found at least one matching named entry for a class that
641 * was not known to be loadable through the defining class loader
642 * of context->class. We must load our named class and update
643 * the hash table in case one these entries matches our class.
644 */
645 JNIEnv *env = context->env;
646 jclass cb = load_class_local(context, name);
647 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
648 (*env)->DeleteLocalRef(env, cb);
649 return id;
650 }
651
652 bucket = new_bucket(context, pID);
653 bucket->next = 0;
654 bucket->class = 0;
655 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
656 bucket->hash = hash;
657 bucket->name = malloc(strlen(name) + 1);
658 if (bucket->name == 0)
659 CCout_of_memory(context);
660 strcpy(bucket->name, name);
661
662 done:
663 return *pID;
664 }
665
666 static const char *
667 ID_to_class_name(context_type *context, unsigned short ID)
668 {
669 hash_table_type *class_hash = &(context->class_hash);
670 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
671 return bucket->name;
672 }
673
674 static jclass
675 ID_to_class(context_type *context, unsigned short ID)
676 {
677 hash_table_type *class_hash = &(context->class_hash);
678 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
679 if (bucket->class == 0) {
680 assert(bucket->loadable == JNI_TRUE);
681 bucket->class = load_class_global(context, bucket->name);
682 }
683 return bucket->class;
684 }
685
686 static fullinfo_type
687 make_loadable_class_info(context_type *context, jclass cb)
688 {
689 return MAKE_FULLINFO(ITEM_Object, 0,
690 class_to_ID(context, cb, JNI_TRUE));
691 }
692
693 static fullinfo_type
694 make_class_info(context_type *context, jclass cb)
695 {
696 return MAKE_FULLINFO(ITEM_Object, 0,
697 class_to_ID(context, cb, JNI_FALSE));
698 }
699
700 static fullinfo_type
701 make_class_info_from_name(context_type *context, const char *name)
702 {
703 return MAKE_FULLINFO(ITEM_Object, 0,
704 class_name_to_ID(context, name));
705 }
706
707 /* RETURNS
708 * 1: on success chosen to be consistent with previous VerifyClass
709 * 0: verify error
710 * 2: out of memory
711 * 3: class format error
712 *
713 * Called by verify_class. Verify the code of each of the methods
714 * in a class. Note that this function apparently can't be JNICALL,
715 * because if it is the dynamic linker doesn't appear to be able to
716 * find it on Win32.
717 */
718
719 #define CC_OK 1
720 #define CC_VerifyError 0
721 #define CC_OutOfMemory 2
722 #define CC_ClassFormatError 3
723
724 JNIEXPORT jboolean
725 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
726 jint major_version)
727 {
728 context_type context_structure;
729 context_type *context = &context_structure;
730 jboolean result = CC_OK;
731 int i;
732 int num_methods;
733 int* code_lengths;
734 unsigned char** code;
735
736 #ifdef DEBUG
737 GlobalContext = context;
738 #endif
739
740 memset(context, 0, sizeof(context_type));
741 context->message = buffer;
742 context->message_buf_len = len;
743
744 context->env = env;
745 context->class = cb;
746
747 /* Set invalid method/field index of the context, in case anyone
748 calls CCerror */
749 context->method_index = -1;
750 context->field_index = -1;
751
752 /* Don't call CCerror or anything that can call it above the setjmp! */
753 if (!setjmp(context->jump_buffer)) {
754 jclass super;
755
756 CCinit(context); /* initialize heap; may throw */
757
758 initialize_class_hash(context);
759
760 context->major_version = major_version;
761 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
762 context->constant_types = (unsigned char *)
763 malloc(sizeof(unsigned char) * context->nconstants + 1);
764
765 if (context->constant_types == 0)
766 CCout_of_memory(context);
767
768 JVM_GetClassCPTypes(env, cb, context->constant_types);
769
770 if (context->constant_types == 0)
771 CCout_of_memory(context);
772
773 context->object_info =
774 make_class_info_from_name(context, "java/lang/Object");
775 context->string_info =
776 make_class_info_from_name(context, "java/lang/String");
777 context->throwable_info =
778 make_class_info_from_name(context, "java/lang/Throwable");
779 context->cloneable_info =
780 make_class_info_from_name(context, "java/lang/Cloneable");
781 context->serializable_info =
782 make_class_info_from_name(context, "java/io/Serializable");
783
784 context->currentclass_info = make_loadable_class_info(context, cb);
785
786 super = (*env)->GetSuperclass(env, cb);
787
788 if (super != 0) {
789 fullinfo_type *gptr;
790 int i = 0;
791
792 context->superclass_info = make_loadable_class_info(context, super);
793
794 while(super != 0) {
795 jclass tmp_cb = (*env)->GetSuperclass(env, super);
796 (*env)->DeleteLocalRef(env, super);
797 super = tmp_cb;
798 i++;
799 }
800 (*env)->DeleteLocalRef(env, super);
801 super = 0;
802
803 /* Can't go on context heap since it survives more than
804 one method */
805 context->superclasses = gptr =
806 malloc(sizeof(fullinfo_type)*(i + 1));
807 if (gptr == 0) {
808 CCout_of_memory(context);
809 }
810
811 super = (*env)->GetSuperclass(env, context->class);
812 while(super != 0) {
813 jclass tmp_cb;
814 *gptr++ = make_class_info(context, super);
815 tmp_cb = (*env)->GetSuperclass(env, super);
816 (*env)->DeleteLocalRef(env, super);
817 super = tmp_cb;
818 }
819 *gptr = 0;
820 } else {
821 context->superclass_info = 0;
822 }
823
824 (*env)->DeleteLocalRef(env, super);
825
826 /* Look at each method */
827 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
828 verify_field(context, cb, i);
829 num_methods = JVM_GetClassMethodsCount(env, cb);
830 read_all_code(context, cb, num_methods, &code_lengths, &code);
831 for (i = num_methods - 1; i >= 0; --i)
832 verify_method(context, cb, i, code_lengths[i], code[i]);
833 free_all_code(context, num_methods, code);
834 result = CC_OK;
835 } else {
836 result = context->err_code;
837 }
838
839 /* Cleanup */
840 finalize_class_hash(context);
841
842 while(context->allocated_memory)
843 pop_and_free(context);
844
845 #ifdef DEBUG
846 GlobalContext = 0;
847 #endif
848
849 if (context->exceptions)
850 free(context->exceptions);
851
852 if (context->constant_types)
853 free(context->constant_types);
854
855 if (context->superclasses)
856 free(context->superclasses);
857
858 #ifdef DEBUG
859 /* Make sure all global refs created in the verifier are freed */
860 assert(context->n_globalrefs == 0);
861 #endif
862
863 CCdestroy(context); /* destroy heap */
864 return result;
865 }
866
867 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
868
869 JNIEXPORT jboolean
870 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
871 {
872 static int warned = 0;
873 if (!warned) {
874 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
875 warned = 1;
876 }
877 return VerifyClassForMajorVersion(env, cb, buffer, len,
878 OLD_FORMAT_MAX_MAJOR_VERSION);
879 }
880
881 static void
882 verify_field(context_type *context, jclass cb, int field_index)
883 {
884 JNIEnv *env = context->env;
885 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
886 context->field_index = field_index;
887
888 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
889 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
890 CCerror(context, "Inconsistent access bits.");
891 }
892 context->field_index = -1;
893 }
894
895
896 /**
897 * We read all of the class's methods' code because it is possible that
898 * the verification of one method could resulting in linking further
899 * down the stack (due to class loading), which could end up rewriting
900 * some of the bytecode of methods we haven't verified yet. Since we
901 * don't want to see the rewritten bytecode, cache all the code and
902 * operate only on that.
903 */
904 static void
905 read_all_code(context_type* context, jclass cb, int num_methods,
906 int** lengths_addr, unsigned char*** code_addr)
907 {
908 int* lengths;
909 unsigned char** code;
910 int i;
911
912 lengths = malloc(sizeof(int) * num_methods);
913 check_and_push(context, lengths, VM_MALLOC_BLK);
914
915 code = malloc(sizeof(unsigned char*) * num_methods);
916 check_and_push(context, code, VM_MALLOC_BLK);
917
918 *(lengths_addr) = lengths;
919 *(code_addr) = code;
920
921 for (i = 0; i < num_methods; ++i) {
922 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
923 if (lengths[i] > 0) {
924 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
925 check_and_push(context, code[i], VM_MALLOC_BLK);
926 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
927 } else {
928 code[i] = NULL;
929 }
930 }
931 }
932
933 static void
934 free_all_code(context_type* context, int num_methods, unsigned char** code)
935 {
936 int i;
937 for (i = 0; i < num_methods; ++i) {
938 if (code[i] != NULL) {
939 pop_and_free(context);
940 }
941 }
942 pop_and_free(context); /* code */
943 pop_and_free(context); /* lengths */
944 }
945
946 /* Verify the code of one method */
947 static void
948 verify_method(context_type *context, jclass cb, int method_index,
949 int code_length, unsigned char* code)
950 {
951 JNIEnv *env = context->env;
952 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
953 int *code_data;
954 instruction_data_type *idata = 0;
955 int instruction_count;
956 int i, offset;
957 unsigned int inumber;
958 jint nexceptions;
959
960 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
961 /* not much to do for abstract and native methods */
962 return;
963 }
964
965 context->code_length = code_length;
966 context->code = code;
967
968 /* CCerror can give method-specific info once this is set */
969 context->method_index = method_index;
970
971 CCreinit(context); /* initial heap */
972 code_data = NEW(int, code_length);
973
974 #ifdef DEBUG
975 if (verify_verbose) {
976 const char *classname = JVM_GetClassNameUTF(env, cb);
977 const char *methodname =
978 JVM_GetMethodIxNameUTF(env, cb, method_index);
979 const char *signature =
980 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
981 jio_fprintf(stdout, "Looking at %s.%s%s\n",
982 (classname ? classname : ""),
983 (methodname ? methodname : ""),
984 (signature ? signature : ""));
985 JVM_ReleaseUTF(classname);
986 JVM_ReleaseUTF(methodname);
987 JVM_ReleaseUTF(signature);
988 }
989 #endif
990
991 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
992 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
993 CCerror(context, "Inconsistent access bits.");
994 }
995
996 // If this method is an overpass method, which is generated by the VM,
997 // we trust the code and no check needs to be done.
998 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
999 return;
1000 }
1001
1002 /* Run through the code. Mark the start of each instruction, and give
1003 * the instruction a number */
1004 for (i = 0, offset = 0; offset < code_length; i++) {
1005 int length = instruction_length(&code[offset], code + code_length);
1006 int next_offset = offset + length;
1007 if (length <= 0)
1008 CCerror(context, "Illegal instruction found at offset %d", offset);
1009 if (next_offset > code_length)
1010 CCerror(context, "Code stops in the middle of instruction "
1011 " starting at offset %d", offset);
1012 code_data[offset] = i;
1013 while (++offset < next_offset)
1014 code_data[offset] = -1; /* illegal location */
1015 }
1016 instruction_count = i; /* number of instructions in code */
1017
1018 /* Allocate a structure to hold info about each instruction. */
1019 idata = NEW(instruction_data_type, instruction_count);
1020
1021 /* Initialize the heap, and other info in the context structure. */
1022 context->code = code;
1023 context->instruction_data = idata;
1024 context->code_data = code_data;
1025 context->instruction_count = instruction_count;
1026 context->handler_info =
1027 NEW(struct handler_info_type,
1028 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1029 context->bitmask_size =
1030 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1031 + (BITS_PER_INT - 1))/BITS_PER_INT;
1032
1033 if (instruction_count == 0)
1034 CCerror(context, "Empty code");
1035
1036 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1037 int length = instruction_length(&code[offset], code + code_length);
1038 instruction_data_type *this_idata = &idata[inumber];
1039 this_idata->opcode = code[offset];
1040 this_idata->stack_info.stack = NULL;
1041 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1042 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1043 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1044 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1045 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1046 this_idata->or_flags = 0; /* "bottom" or value*/
1047 /* This also sets up this_data->operand. It also makes the
1048 * xload_x and xstore_x instructions look like the generic form. */
1049 verify_opcode_operands(context, inumber, offset);
1050 offset += length;
1051 }
1052
1053
1054 /* make sure exception table is reasonable. */
1055 initialize_exception_table(context);
1056 /* Set up first instruction, and start of exception handlers. */
1057 initialize_dataflow(context);
1058 /* Run data flow analysis on the instructions. */
1059 run_dataflow(context);
1060
1061 /* verify checked exceptions, if any */
1062 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1063 context->exceptions = (unsigned short *)
1064 malloc(sizeof(unsigned short) * nexceptions + 1);
1065 if (context->exceptions == 0)
1066 CCout_of_memory(context);
1067 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1068 context->exceptions);
1069 for (i = 0; i < nexceptions; i++) {
1070 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1071 verify_constant_pool_type(context, (int)context->exceptions[i],
1072 1 << JVM_CONSTANT_Class);
1073 }
1074 free(context->exceptions);
1075 context->exceptions = 0;
1076 context->code = 0;
1077 context->method_index = -1;
1078 }
1079
1080
1081 /* Look at a single instruction, and verify its operands. Also, for
1082 * simplicity, move the operand into the ->operand field.
1083 * Make sure that branches don't go into the middle of nowhere.
1084 */
1085
1086 static jint _ck_ntohl(jint n)
1087 {
1088 unsigned char *p = (unsigned char *)&n;
1089 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1090 }
1091
1092 static void
1093 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1094 {
1095 JNIEnv *env = context->env;
1096 instruction_data_type *idata = context->instruction_data;
1097 instruction_data_type *this_idata = &idata[inumber];
1098 int *code_data = context->code_data;
1099 int mi = context->method_index;
1100 unsigned char *code = context->code;
1101 int opcode = this_idata->opcode;
1102 int var;
1103
1104 /*
1105 * Set the ip fields to 0 not the i fields because the ip fields
1106 * are 64 bits on 64 bit architectures, the i field is only 32
1107 */
1108 this_idata->operand.ip = 0;
1109 this_idata->operand2.ip = 0;
1110
1111 switch (opcode) {
1112
1113 case JVM_OPC_jsr:
1114 /* instruction of ret statement */
1115 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1116 /* FALLTHROUGH */
1117 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1118 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1119 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1120 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1121 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1122 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1123 case JVM_OPC_goto: {
1124 /* Set the ->operand to be the instruction number of the target. */
1125 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1126 int target = offset + jump;
1127 if (!isLegalTarget(context, target))
1128 CCerror(context, "Illegal target of jump or branch");
1129 this_idata->operand.i = code_data[target];
1130 break;
1131 }
1132
1133 case JVM_OPC_jsr_w:
1134 /* instruction of ret statement */
1135 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1136 /* FALLTHROUGH */
1137 case JVM_OPC_goto_w: {
1138 /* Set the ->operand to be the instruction number of the target. */
1139 int jump = (((signed char)(code[offset+1])) << 24) +
1140 (code[offset+2] << 16) + (code[offset+3] << 8) +
1141 (code[offset + 4]);
1142 int target = offset + jump;
1143 if (!isLegalTarget(context, target))
1144 CCerror(context, "Illegal target of jump or branch");
1145 this_idata->operand.i = code_data[target];
1146 break;
1147 }
1148
1149 case JVM_OPC_tableswitch:
1150 case JVM_OPC_lookupswitch: {
1151 /* Set the ->operand to be a table of possible instruction targets. */
1152 int *lpc = (int *) UCALIGN(code + offset + 1);
1153 int *lptr;
1154 int *saved_operand;
1155 int keys;
1156 int k, delta;
1157
1158 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1159 /* 4639449, 4647081: Padding bytes must be zero. */
1160 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1161 for (; bptr < (unsigned char*)lpc; bptr++) {
1162 if (*bptr != 0) {
1163 CCerror(context, "Non zero padding bytes in switch");
1164 }
1165 }
1166 }
1167 if (opcode == JVM_OPC_tableswitch) {
1168 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1169 delta = 1;
1170 } else {
1171 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1172 delta = 2;
1173 /* Make sure that the tableswitch items are sorted */
1174 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1175 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1176 int next_key = _ck_ntohl(lptr[2]);
1177 if (this_key >= next_key) {
1178 CCerror(context, "Unsorted lookup switch");
1179 }
1180 }
1181 }
1182 saved_operand = NEW(int, keys + 2);
1183 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1184 CCerror(context, "Illegal default target in switch");
1185 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1186 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1187 int target = offset + _ck_ntohl(lptr[0]);
1188 if (!isLegalTarget(context, target))
1189 CCerror(context, "Illegal branch in tableswitch");
1190 saved_operand[k + 1] = code_data[target];
1191 }
1192 saved_operand[0] = keys + 1; /* number of successors */
1193 this_idata->operand.ip = saved_operand;
1194 break;
1195 }
1196
1197 case JVM_OPC_ldc: {
1198 /* Make sure the constant pool item is the right type. */
1199 int key = code[offset + 1];
1200 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1201 (1 << JVM_CONSTANT_String);
1202 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1203 types |= 1 << JVM_CONSTANT_Class;
1204 }
1205 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1206 types |= (1 << JVM_CONSTANT_MethodHandle) |
1207 (1 << JVM_CONSTANT_MethodType);
1208 }
1209 this_idata->operand.i = key;
1210 verify_constant_pool_type(context, key, types);
1211 break;
1212 }
1213
1214 case JVM_OPC_ldc_w: {
1215 /* Make sure the constant pool item is the right type. */
1216 int key = (code[offset + 1] << 8) + code[offset + 2];
1217 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1218 (1 << JVM_CONSTANT_String);
1219 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1220 types |= 1 << JVM_CONSTANT_Class;
1221 }
1222 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1223 types |= (1 << JVM_CONSTANT_MethodHandle) |
1224 (1 << JVM_CONSTANT_MethodType);
1225 }
1226 this_idata->operand.i = key;
1227 verify_constant_pool_type(context, key, types);
1228 break;
1229 }
1230
1231 case JVM_OPC_ldc2_w: {
1232 /* Make sure the constant pool item is the right type. */
1233 int key = (code[offset + 1] << 8) + code[offset + 2];
1234 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1235 this_idata->operand.i = key;
1236 verify_constant_pool_type(context, key, types);
1237 break;
1238 }
1239
1240 case JVM_OPC_getfield: case JVM_OPC_putfield:
1241 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1242 /* Make sure the constant pool item is the right type. */
1243 int key = (code[offset + 1] << 8) + code[offset + 2];
1244 this_idata->operand.i = key;
1245 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1246 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1247 set_protected(context, inumber, key, opcode);
1248 break;
1249 }
1250
1251 case JVM_OPC_invokevirtual:
1252 case JVM_OPC_invokespecial:
1253 case JVM_OPC_invokestatic:
1254 case JVM_OPC_invokedynamic:
1255 case JVM_OPC_invokeinterface: {
1256 /* Make sure the constant pool item is the right type. */
1257 int key = (code[offset + 1] << 8) + code[offset + 2];
1258 const char *methodname;
1259 jclass cb = context->class;
1260 fullinfo_type clazz_info;
1261 int is_constructor, is_internal, is_invokedynamic;
1262 int kind;
1263
1264 switch (opcode ) {
1265 case JVM_OPC_invokestatic:
1266 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1267 ? (1 << JVM_CONSTANT_Methodref)
1268 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1269 break;
1270 case JVM_OPC_invokedynamic:
1271 kind = 1 << JVM_CONSTANT_NameAndType;
1272 break;
1273 case JVM_OPC_invokeinterface:
1274 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1275 break;
1276 default:
1277 kind = 1 << JVM_CONSTANT_Methodref;
1278 }
1279
1280 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1281 /* Make sure the constant pool item is the right type. */
1282 verify_constant_pool_type(context, key, kind);
1283 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1284 check_and_push(context, methodname, VM_STRING_UTF);
1285 is_constructor = !strcmp(methodname, "<init>");
1286 is_internal = methodname[0] == '<';
1287 pop_and_free(context);
1288
1289 if (is_invokedynamic)
1290 clazz_info = context->object_info; // anything will do
1291 else
1292 clazz_info = cp_index_to_class_fullinfo(context, key,
1293 JVM_CONSTANT_Methodref);
1294 this_idata->operand.i = key;
1295 this_idata->operand2.fi = clazz_info;
1296 if (is_constructor) {
1297 if (opcode != JVM_OPC_invokespecial) {
1298 CCerror(context,
1299 "Must call initializers using invokespecial");
1300 }
1301 this_idata->opcode = JVM_OPC_invokeinit;
1302 } else {
1303 if (is_internal) {
1304 CCerror(context, "Illegal call to internal method");
1305 }
1306 if (opcode == JVM_OPC_invokespecial
1307 && clazz_info != context->currentclass_info
1308 && clazz_info != context->superclass_info) {
1309 int not_found = 1;
1310
1311 jclass super = (*env)->GetSuperclass(env, context->class);
1312 while(super != 0) {
1313 jclass tmp_cb;
1314 fullinfo_type new_info = make_class_info(context, super);
1315 if (clazz_info == new_info) {
1316 not_found = 0;
1317 break;
1318 }
1319 tmp_cb = (*env)->GetSuperclass(env, super);
1320 (*env)->DeleteLocalRef(env, super);
1321 super = tmp_cb;
1322 }
1323 (*env)->DeleteLocalRef(env, super);
1324
1325 /* The optimizer make cause this to happen on local code */
1326 if (not_found) {
1327 #ifdef BROKEN_JAVAC
1328 jobject loader = JVM_GetClassLoader(env, context->class);
1329 int has_loader = (loader != 0);
1330 (*env)->DeleteLocalRef(env, loader);
1331 if (has_loader)
1332 #endif /* BROKEN_JAVAC */
1333 CCerror(context,
1334 "Illegal use of nonvirtual function call");
1335 }
1336 }
1337 }
1338 if (opcode == JVM_OPC_invokeinterface) {
1339 unsigned int args1;
1340 unsigned int args2;
1341 const char *signature =
1342 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1343 check_and_push(context, signature, VM_STRING_UTF);
1344 args1 = signature_to_args_size(signature) + 1;
1345 args2 = code[offset + 3];
1346 if (args1 != args2) {
1347 CCerror(context,
1348 "Inconsistent args_size for invokeinterface");
1349 }
1350 if (code[offset + 4] != 0) {
1351 CCerror(context,
1352 "Fourth operand byte of invokeinterface must be zero");
1353 }
1354 pop_and_free(context);
1355 } else if (opcode == JVM_OPC_invokedynamic) {
1356 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1357 CCerror(context,
1358 "Third and fourth operand bytes of invokedynamic must be zero");
1359 }
1360 } else if (opcode == JVM_OPC_invokevirtual
1361 || opcode == JVM_OPC_invokespecial)
1362 set_protected(context, inumber, key, opcode);
1363 break;
1364 }
1365
1366
1367 case JVM_OPC_instanceof:
1368 case JVM_OPC_checkcast:
1369 case JVM_OPC_new:
1370 case JVM_OPC_anewarray:
1371 case JVM_OPC_multianewarray: {
1372 /* Make sure the constant pool item is a class */
1373 int key = (code[offset + 1] << 8) + code[offset + 2];
1374 fullinfo_type target;
1375 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1376 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1377 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1378 CCerror(context, "Illegal type");
1379 switch(opcode) {
1380 case JVM_OPC_anewarray:
1381 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1382 CCerror(context, "Array with too many dimensions");
1383 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1384 GET_INDIRECTION(target) + 1,
1385 GET_EXTRA_INFO(target));
1386 break;
1387 case JVM_OPC_new:
1388 if (WITH_ZERO_EXTRA_INFO(target) !=
1389 MAKE_FULLINFO(ITEM_Object, 0, 0))
1390 CCerror(context, "Illegal creation of multi-dimensional array");
1391 /* operand gets set to the "unitialized object". operand2 gets
1392 * set to what the value will be after it's initialized. */
1393 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1394 this_idata->operand2.fi = target;
1395 break;
1396 case JVM_OPC_multianewarray:
1397 this_idata->operand.fi = target;
1398 this_idata->operand2.i = code[offset + 3];
1399 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1400 || (this_idata->operand2.i == 0))
1401 CCerror(context, "Illegal dimension argument");
1402 break;
1403 default:
1404 this_idata->operand.fi = target;
1405 }
1406 break;
1407 }
1408
1409 case JVM_OPC_newarray: {
1410 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1411 fullinfo_type full_info;
1412 switch (code[offset + 1]) {
1413 case JVM_T_INT:
1414 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1415 case JVM_T_LONG:
1416 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1417 case JVM_T_FLOAT:
1418 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1419 case JVM_T_DOUBLE:
1420 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1421 case JVM_T_BYTE: case JVM_T_BOOLEAN:
1422 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1423 case JVM_T_CHAR:
1424 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1425 case JVM_T_SHORT:
1426 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1427 default:
1428 full_info = 0; /* Keep lint happy */
1429 CCerror(context, "Bad type passed to newarray");
1430 }
1431 this_idata->operand.fi = full_info;
1432 break;
1433 }
1434
1435 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1436 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1437 this_idata->opcode = JVM_OPC_iload;
1438 var = opcode - JVM_OPC_iload_0;
1439 goto check_local_variable;
1440
1441 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1442 this_idata->opcode = JVM_OPC_fload;
1443 var = opcode - JVM_OPC_fload_0;
1444 goto check_local_variable;
1445
1446 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1447 this_idata->opcode = JVM_OPC_aload;
1448 var = opcode - JVM_OPC_aload_0;
1449 goto check_local_variable;
1450
1451 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1452 this_idata->opcode = JVM_OPC_lload;
1453 var = opcode - JVM_OPC_lload_0;
1454 goto check_local_variable2;
1455
1456 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1457 this_idata->opcode = JVM_OPC_dload;
1458 var = opcode - JVM_OPC_dload_0;
1459 goto check_local_variable2;
1460
1461 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1462 this_idata->opcode = JVM_OPC_istore;
1463 var = opcode - JVM_OPC_istore_0;
1464 goto check_local_variable;
1465
1466 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1467 this_idata->opcode = JVM_OPC_fstore;
1468 var = opcode - JVM_OPC_fstore_0;
1469 goto check_local_variable;
1470
1471 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1472 this_idata->opcode = JVM_OPC_astore;
1473 var = opcode - JVM_OPC_astore_0;
1474 goto check_local_variable;
1475
1476 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1477 this_idata->opcode = JVM_OPC_lstore;
1478 var = opcode - JVM_OPC_lstore_0;
1479 goto check_local_variable2;
1480
1481 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1482 this_idata->opcode = JVM_OPC_dstore;
1483 var = opcode - JVM_OPC_dstore_0;
1484 goto check_local_variable2;
1485
1486 case JVM_OPC_wide:
1487 this_idata->opcode = code[offset + 1];
1488 var = (code[offset + 2] << 8) + code[offset + 3];
1489 switch(this_idata->opcode) {
1490 case JVM_OPC_lload: case JVM_OPC_dload:
1491 case JVM_OPC_lstore: case JVM_OPC_dstore:
1492 goto check_local_variable2;
1493 default:
1494 goto check_local_variable;
1495 }
1496
1497 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1498 case JVM_OPC_ret:
1499 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1500 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1501 var = code[offset + 1];
1502 check_local_variable:
1503 /* Make sure that the variable number isn't illegal. */
1504 this_idata->operand.i = var;
1505 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1506 CCerror(context, "Illegal local variable number");
1507 break;
1508
1509 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1510 var = code[offset + 1];
1511 check_local_variable2:
1512 /* Make sure that the variable number isn't illegal. */
1513 this_idata->operand.i = var;
1514 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1515 CCerror(context, "Illegal local variable number");
1516 break;
1517
1518 default:
1519 if (opcode > JVM_OPC_MAX)
1520 CCerror(context, "Quick instructions shouldn't appear yet.");
1521 break;
1522 } /* of switch */
1523 }
1524
1525
1526 static void
1527 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1528 {
1529 JNIEnv *env = context->env;
1530 fullinfo_type clazz_info;
1531 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1532 clazz_info = cp_index_to_class_fullinfo(context, key,
1533 JVM_CONSTANT_Fieldref);
1534 } else {
1535 clazz_info = cp_index_to_class_fullinfo(context, key,
1536 JVM_CONSTANT_Methodref);
1537 }
1538 if (is_superclass(context, clazz_info)) {
1539 jclass calledClass =
1540 object_fullinfo_to_classclass(context, clazz_info);
1541 int access;
1542 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1543 searches the referenced field or method in calledClass. The following
1544 while loop is added to search up the superclass chain to make this
1545 symbolic resolution consistent with the field/method resolution
1546 specified in VM spec 5.4.3. */
1547 calledClass = (*env)->NewLocalRef(env, calledClass);
1548 do {
1549 jclass tmp_cb;
1550 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1551 access = JVM_GetCPFieldModifiers
1552 (env, context->class, key, calledClass);
1553 } else {
1554 access = JVM_GetCPMethodModifiers
1555 (env, context->class, key, calledClass);
1556 }
1557 if (access != -1) {
1558 break;
1559 }
1560 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1561 (*env)->DeleteLocalRef(env, calledClass);
1562 calledClass = tmp_cb;
1563 } while (calledClass != 0);
1564
1565 if (access == -1) {
1566 /* field/method not found, detected at runtime. */
1567 } else if (access & JVM_ACC_PROTECTED) {
1568 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1569 context->instruction_data[inumber].protected = JNI_TRUE;
1570 }
1571 (*env)->DeleteLocalRef(env, calledClass);
1572 }
1573 }
1574
1575
1576 static jboolean
1577 is_superclass(context_type *context, fullinfo_type clazz_info) {
1578 fullinfo_type *fptr = context->superclasses;
1579
1580 if (fptr == 0)
1581 return JNI_FALSE;
1582 for (; *fptr != 0; fptr++) {
1583 if (*fptr == clazz_info)
1584 return JNI_TRUE;
1585 }
1586 return JNI_FALSE;
1587 }
1588
1589
1590 /* Look through each item on the exception table. Each of the fields must
1591 * refer to a legal instruction.
1592 */
1593 static void
1594 initialize_exception_table(context_type *context)
1595 {
1596 JNIEnv *env = context->env;
1597 int mi = context->method_index;
1598 struct handler_info_type *handler_info = context->handler_info;
1599 int *code_data = context->code_data;
1600 int code_length = context->code_length;
1601 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1602 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1603 if (max_stack_size < 1 && i > 0) {
1604 // If the method contains exception handlers, it must have room
1605 // on the expression stack for the exception that the VM could push
1606 CCerror(context, "Stack size too large");
1607 }
1608 for (; --i >= 0; handler_info++) {
1609 JVM_ExceptionTableEntryType einfo;
1610 stack_item_type *stack_item = NEW(stack_item_type, 1);
1611
1612 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1613 i, &einfo);
1614
1615 if (!(einfo.start_pc < einfo.end_pc &&
1616 einfo.start_pc >= 0 &&
1617 isLegalTarget(context, einfo.start_pc) &&
1618 (einfo.end_pc == code_length ||
1619 isLegalTarget(context, einfo.end_pc)))) {
1620 CFerror(context, "Illegal exception table range");
1621 }
1622 if (!((einfo.handler_pc > 0) &&
1623 isLegalTarget(context, einfo.handler_pc))) {
1624 CFerror(context, "Illegal exception table handler");
1625 }
1626
1627 handler_info->start = code_data[einfo.start_pc];
1628 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1629 handler_info->end = (einfo.end_pc == context->code_length) ?
1630 context->instruction_count : code_data[einfo.end_pc];
1631 handler_info->handler = code_data[einfo.handler_pc];
1632 handler_info->stack_info.stack = stack_item;
1633 handler_info->stack_info.stack_size = 1;
1634 stack_item->next = NULL;
1635 if (einfo.catchType != 0) {
1636 const char *classname;
1637 /* Constant pool entry type has been checked in format checker */
1638 classname = JVM_GetCPClassNameUTF(env,
1639 context->class,
1640 einfo.catchType);
1641 check_and_push(context, classname, VM_STRING_UTF);
1642 stack_item->item = make_class_info_from_name(context, classname);
1643 if (!isAssignableTo(context,
1644 stack_item->item,
1645 context->throwable_info))
1646 CCerror(context, "catch_type not a subclass of Throwable");
1647 pop_and_free(context);
1648 } else {
1649 stack_item->item = context->throwable_info;
1650 }
1651 }
1652 }
1653
1654
1655 /* Given a pointer to an instruction, return its length. Use the table
1656 * opcode_length[] which is automatically built.
1657 */
1658 static int instruction_length(unsigned char *iptr, unsigned char *end)
1659 {
1660 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1661 int instruction = *iptr;
1662 switch (instruction) {
1663 case JVM_OPC_tableswitch: {
1664 int *lpc = (int *)UCALIGN(iptr + 1);
1665 int index;
1666 if (lpc + 2 >= (int *)end) {
1667 return -1; /* do not read pass the end */
1668 }
1669 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1670 if ((index < 0) || (index > 65535)) {
1671 return -1; /* illegal */
1672 } else {
1673 return (unsigned char *)(&lpc[index + 4]) - iptr;
1674 }
1675 }
1676
1677 case JVM_OPC_lookupswitch: {
1678 int *lpc = (int *) UCALIGN(iptr + 1);
1679 int npairs;
1680 if (lpc + 1 >= (int *)end)
1681 return -1; /* do not read pass the end */
1682 npairs = _ck_ntohl(lpc[1]);
1683 /* There can't be more than 64K labels because of the limit
1684 * on per-method byte code length.
1685 */
1686 if (npairs < 0 || npairs >= 65536)
1687 return -1;
1688 else
1689 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1690 }
1691
1692 case JVM_OPC_wide:
1693 if (iptr + 1 >= end)
1694 return -1; /* do not read pass the end */
1695 switch(iptr[1]) {
1696 case JVM_OPC_ret:
1697 case JVM_OPC_iload: case JVM_OPC_istore:
1698 case JVM_OPC_fload: case JVM_OPC_fstore:
1699 case JVM_OPC_aload: case JVM_OPC_astore:
1700 case JVM_OPC_lload: case JVM_OPC_lstore:
1701 case JVM_OPC_dload: case JVM_OPC_dstore:
1702 return 4;
1703 case JVM_OPC_iinc:
1704 return 6;
1705 default:
1706 return -1;
1707 }
1708
1709 default: {
1710 /* A length of 0 indicates an error. */
1711 int length = opcode_length[instruction];
1712 return (length <= 0) ? -1 : length;
1713 }
1714 }
1715 }
1716
1717
1718 /* Given the target of a branch, make sure that it's a legal target. */
1719 static jboolean
1720 isLegalTarget(context_type *context, int offset)
1721 {
1722 int code_length = context->code_length;
1723 int *code_data = context->code_data;
1724 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1725 }
1726
1727
1728 /* Make sure that an element of the constant pool really is of the indicated
1729 * type.
1730 */
1731 static void
1732 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1733 {
1734 int nconstants = context->nconstants;
1735 unsigned char *type_table = context->constant_types;
1736 unsigned type;
1737
1738 if ((index <= 0) || (index >= nconstants))
1739 CCerror(context, "Illegal constant pool index");
1740
1741 type = type_table[index];
1742 if ((mask & (1 << type)) == 0)
1743 CCerror(context, "Illegal type in constant pool");
1744 }
1745
1746
1747 static void
1748 initialize_dataflow(context_type *context)
1749 {
1750 JNIEnv *env = context->env;
1751 instruction_data_type *idata = context->instruction_data;
1752 int mi = context->method_index;
1753 jclass cb = context->class;
1754 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1755 fullinfo_type *reg_ptr;
1756 fullinfo_type full_info;
1757 const char *p;
1758 const char *signature;
1759
1760 /* Initialize the function entry, since we know everything about it. */
1761 idata[0].stack_info.stack_size = 0;
1762 idata[0].stack_info.stack = NULL;
1763 idata[0].register_info.register_count = args_size;
1764 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1765 idata[0].register_info.mask_count = 0;
1766 idata[0].register_info.masks = NULL;
1767 idata[0].and_flags = 0; /* nothing needed */
1768 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1769 reg_ptr = idata[0].register_info.registers;
1770
1771 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1772 /* A non static method. If this is an <init> method, the first
1773 * argument is an uninitialized object. Otherwise it is an object of
1774 * the given class type. java.lang.Object.<init> is special since
1775 * we don't call its superclass <init> method.
1776 */
1777 if (JVM_IsConstructorIx(env, cb, mi)
1778 && context->currentclass_info != context->object_info) {
1779 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1780 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1781 } else {
1782 *reg_ptr++ = context->currentclass_info;
1783 }
1784 }
1785 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1786 check_and_push(context, signature, VM_STRING_UTF);
1787 /* Fill in each of the arguments into the registers. */
1788 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1789 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1790 switch (fieldchar) {
1791 case 'D': case 'L':
1792 *reg_ptr++ = full_info;
1793 *reg_ptr++ = full_info + 1;
1794 break;
1795 default:
1796 *reg_ptr++ = full_info;
1797 break;
1798 }
1799 }
1800 p++; /* skip over right parenthesis */
1801 if (*p == 'V') {
1802 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1803 } else {
1804 signature_to_fieldtype(context, &p, &full_info);
1805 context->return_type = full_info;
1806 }
1807 pop_and_free(context);
1808 /* Indicate that we need to look at the first instruction. */
1809 idata[0].changed = JNI_TRUE;
1810 }
1811
1812
1813 /* Run the data flow analysis, as long as there are things to change. */
1814 static void
1815 run_dataflow(context_type *context) {
1816 JNIEnv *env = context->env;
1817 int mi = context->method_index;
1818 jclass cb = context->class;
1819 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1820 instruction_data_type *idata = context->instruction_data;
1821 unsigned int icount = context->instruction_count;
1822 jboolean work_to_do = JNI_TRUE;
1823 unsigned int inumber;
1824
1825 /* Run through the loop, until there is nothing left to do. */
1826 while (work_to_do) {
1827 work_to_do = JNI_FALSE;
1828 for (inumber = 0; inumber < icount; inumber++) {
1829 instruction_data_type *this_idata = &idata[inumber];
1830 if (this_idata->changed) {
1831 register_info_type new_register_info;
1832 stack_info_type new_stack_info;
1833 flag_type new_and_flags, new_or_flags;
1834
1835 this_idata->changed = JNI_FALSE;
1836 work_to_do = JNI_TRUE;
1837 #ifdef DEBUG
1838 if (verify_verbose) {
1839 int opcode = this_idata->opcode;
1840 jio_fprintf(stdout, "Instruction %d: ", inumber);
1841 print_stack(context, &this_idata->stack_info);
1842 print_registers(context, &this_idata->register_info);
1843 print_flags(context,
1844 this_idata->and_flags, this_idata->or_flags);
1845 fflush(stdout);
1846 }
1847 #endif
1848 /* Make sure the registers and flags are appropriate */
1849 check_register_values(context, inumber);
1850 check_flags(context, inumber);
1851
1852 /* Make sure the stack can deal with this instruction */
1853 pop_stack(context, inumber, &new_stack_info);
1854
1855 /* Update the registers and flags */
1856 update_registers(context, inumber, &new_register_info);
1857 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1858
1859 /* Update the stack. */
1860 push_stack(context, inumber, &new_stack_info);
1861
1862 if (new_stack_info.stack_size > max_stack_size)
1863 CCerror(context, "Stack size too large");
1864 #ifdef DEBUG
1865 if (verify_verbose) {
1866 jio_fprintf(stdout, " ");
1867 print_stack(context, &new_stack_info);
1868 print_registers(context, &new_register_info);
1869 print_flags(context, new_and_flags, new_or_flags);
1870 fflush(stdout);
1871 }
1872 #endif
1873 /* Add the new stack and register information to any
1874 * instructions that can follow this instruction. */
1875 merge_into_successors(context, inumber,
1876 &new_register_info, &new_stack_info,
1877 new_and_flags, new_or_flags);
1878 }
1879 }
1880 }
1881 }
1882
1883
1884 /* Make sure that the registers contain a legitimate value for the given
1885 * instruction.
1886 */
1887
1888 static void
1889 check_register_values(context_type *context, unsigned int inumber)
1890 {
1891 instruction_data_type *idata = context->instruction_data;
1892 instruction_data_type *this_idata = &idata[inumber];
1893 int opcode = this_idata->opcode;
1894 int operand = this_idata->operand.i;
1895 int register_count = this_idata->register_info.register_count;
1896 fullinfo_type *registers = this_idata->register_info.registers;
1897 jboolean double_word = JNI_FALSE; /* default value */
1898 int type;
1899
1900 switch (opcode) {
1901 default:
1902 return;
1903 case JVM_OPC_iload: case JVM_OPC_iinc:
1904 type = ITEM_Integer; break;
1905 case JVM_OPC_fload:
1906 type = ITEM_Float; break;
1907 case JVM_OPC_aload:
1908 type = ITEM_Object; break;
1909 case JVM_OPC_ret:
1910 type = ITEM_ReturnAddress; break;
1911 case JVM_OPC_lload:
1912 type = ITEM_Long; double_word = JNI_TRUE; break;
1913 case JVM_OPC_dload:
1914 type = ITEM_Double; double_word = JNI_TRUE; break;
1915 }
1916 if (!double_word) {
1917 fullinfo_type reg;
1918 /* Make sure we don't have an illegal register or one with wrong type */
1919 if (operand >= register_count) {
1920 CCerror(context,
1921 "Accessing value from uninitialized register %d", operand);
1922 }
1923 reg = registers[operand];
1924
1925 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1926 /* the register is obviously of the given type */
1927 return;
1928 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1929 /* address type stuff be used on all arrays */
1930 return;
1931 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1932 CCerror(context, "Cannot load return address from register %d",
1933 operand);
1934 /* alternatively
1935 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1936 && (opcode == JVM_OPC_iload)
1937 && (type == ITEM_Object || type == ITEM_Integer)
1938 but this never occurs
1939 */
1940 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1941 return;
1942 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1943 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1944 type == ITEM_Object) {
1945 return;
1946 } else {
1947 CCerror(context, "Register %d contains wrong type", operand);
1948 }
1949 } else {
1950 /* Make sure we don't have an illegal register or one with wrong type */
1951 if ((operand + 1) >= register_count) {
1952 CCerror(context,
1953 "Accessing value from uninitialized register pair %d/%d",
1954 operand, operand+1);
1955 } else {
1956 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1957 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1958 return;
1959 } else {
1960 CCerror(context, "Register pair %d/%d contains wrong type",
1961 operand, operand+1);
1962 }
1963 }
1964 }
1965 }
1966
1967
1968 /* Make sure the flags contain legitimate values for this instruction.
1969 */
1970
1971 static void
1972 check_flags(context_type *context, unsigned int inumber)
1973 {
1974 instruction_data_type *idata = context->instruction_data;
1975 instruction_data_type *this_idata = &idata[inumber];
1976 int opcode = this_idata->opcode;
1977 switch (opcode) {
1978 case JVM_OPC_return:
1979 /* We need a constructor, but we aren't guaranteed it's called */
1980 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
1981 !(this_idata->and_flags & FLAG_CONSTRUCTED))
1982 CCerror(context, "Constructor must call super() or this()");
1983 /* fall through */
1984 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
1985 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
1986 if (this_idata->or_flags & FLAG_NO_RETURN)
1987 /* This method cannot exit normally */
1988 CCerror(context, "Cannot return normally");
1989 default:
1990 break; /* nothing to do. */
1991 }
1992 }
1993
1994 /* Make sure that the top of the stack contains reasonable values for the
1995 * given instruction. The post-pop values of the stack and its size are
1996 * returned in *new_stack_info.
1997 */
1998
1999 static void
2000 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2001 {
2002 instruction_data_type *idata = context->instruction_data;
2003 instruction_data_type *this_idata = &idata[inumber];
2004 int opcode = this_idata->opcode;
2005 stack_item_type *stack = this_idata->stack_info.stack;
2006 int stack_size = this_idata->stack_info.stack_size;
2007 char *stack_operands, *p;
2008 char buffer[257]; /* for holding manufactured argument lists */
2009 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2010 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2011 fullinfo_type full_info; /* only used in case of invoke instructions */
2012 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2013
2014 switch(opcode) {
2015 default:
2016 /* For most instructions, we just use a built-in table */
2017 stack_operands = opcode_in_out[opcode][0];
2018 break;
2019
2020 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2021 /* The top thing on the stack depends on the signature of
2022 * the object. */
2023 int operand = this_idata->operand.i;
2024 const char *signature =
2025 JVM_GetCPFieldSignatureUTF(context->env,
2026 context->class,
2027 operand);
2028 char *ip = buffer;
2029 check_and_push(context, signature, VM_STRING_UTF);
2030 #ifdef DEBUG
2031 if (verify_verbose) {
2032 print_formatted_fieldname(context, operand);
2033 }
2034 #endif
2035 if (opcode == JVM_OPC_putfield)
2036 *ip++ = 'A'; /* object for putfield */
2037 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2038 *ip = '\0';
2039 stack_operands = buffer;
2040 pop_and_free(context);
2041 break;
2042 }
2043
2044 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2045 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2046 case JVM_OPC_invokedynamic:
2047 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2048 /* The top stuff on the stack depends on the method signature */
2049 int operand = this_idata->operand.i;
2050 const char *signature =
2051 JVM_GetCPMethodSignatureUTF(context->env,
2052 context->class,
2053 operand);
2054 char *ip = buffer;
2055 const char *p;
2056 check_and_push(context, signature, VM_STRING_UTF);
2057 #ifdef DEBUG
2058 if (verify_verbose) {
2059 print_formatted_methodname(context, operand);
2060 }
2061 #endif
2062 if (opcode != JVM_OPC_invokestatic &&
2063 opcode != JVM_OPC_invokedynamic)
2064 /* First, push the object */
2065 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2066 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2067 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2068 if (ip >= buffer + sizeof(buffer) - 1)
2069 CCerror(context, "Signature %s has too many arguments",
2070 signature);
2071 }
2072 *ip = 0;
2073 stack_operands = buffer;
2074 pop_and_free(context);
2075 break;
2076 }
2077
2078 case JVM_OPC_multianewarray: {
2079 /* Count can't be larger than 255. So can't overflow buffer */
2080 int count = this_idata->operand2.i; /* number of ints on stack */
2081 memset(buffer, 'I', count);
2082 buffer[count] = '\0';
2083 stack_operands = buffer;
2084 break;
2085 }
2086
2087 } /* of switch */
2088
2089 /* Run through the list of operands >>backwards<< */
2090 for ( p = stack_operands + strlen(stack_operands);
2091 p > stack_operands;
2092 stack = stack->next) {
2093 int type = *--p;
2094 fullinfo_type top_type = stack ? stack->item : 0;
2095 int size = (type == 'D' || type == 'L') ? 2 : 1;
2096 *--stack_extra_info = top_type;
2097 if (stack == NULL)
2098 CCerror(context, "Unable to pop operand off an empty stack");
2099
2100 switch (type) {
2101 case 'I':
2102 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2103 CCerror(context, "Expecting to find integer on stack");
2104 break;
2105
2106 case 'F':
2107 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2108 CCerror(context, "Expecting to find float on stack");
2109 break;
2110
2111 case 'A': /* object or array */
2112 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2113 && (GET_INDIRECTION(top_type) == 0)) {
2114 /* The thing isn't an object or an array. Let's see if it's
2115 * one of the special cases */
2116 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2117 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2118 && (opcode == JVM_OPC_astore))
2119 break;
2120 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2121 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2122 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2123 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2124 break;
2125 /* The 2nd edition VM of the specification allows field
2126 * initializations before the superclass initializer,
2127 * if the field is defined within the current class.
2128 */
2129 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2130 && (opcode == JVM_OPC_putfield)) {
2131 int operand = this_idata->operand.i;
2132 int access_bits = JVM_GetCPFieldModifiers(context->env,
2133 context->class,
2134 operand,
2135 context->class);
2136 /* Note: This relies on the fact that
2137 * JVM_GetCPFieldModifiers retrieves only local fields,
2138 * and does not respect inheritance.
2139 */
2140 if (access_bits != -1) {
2141 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2142 context->currentclass_info ) {
2143 top_type = context->currentclass_info;
2144 *stack_extra_info = top_type;
2145 break;
2146 }
2147 }
2148 }
2149 CCerror(context, "Expecting to find object/array on stack");
2150 }
2151 break;
2152
2153 case '@': { /* unitialized object, for call to <init> */
2154 int item_type = GET_ITEM_TYPE(top_type);
2155 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2156 CCerror(context,
2157 "Expecting to find unitialized object on stack");
2158 break;
2159 }
2160
2161 case 'O': /* object, not array */
2162 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2163 MAKE_FULLINFO(ITEM_Object, 0, 0))
2164 CCerror(context, "Expecting to find object on stack");
2165 break;
2166
2167 case 'a': /* integer, object, or array */
2168 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2169 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2170 && (GET_INDIRECTION(top_type) == 0))
2171 CCerror(context,
2172 "Expecting to find object, array, or int on stack");
2173 break;
2174
2175 case 'D': /* double */
2176 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2177 CCerror(context, "Expecting to find double on stack");
2178 break;
2179
2180 case 'L': /* long */
2181 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2182 CCerror(context, "Expecting to find long on stack");
2183 break;
2184
2185 case ']': /* array of some type */
2186 if (top_type == NULL_FULLINFO) {
2187 /* do nothing */
2188 } else switch(p[-1]) {
2189 case 'I': /* array of integers */
2190 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2191 top_type != NULL_FULLINFO)
2192 CCerror(context,
2193 "Expecting to find array of ints on stack");
2194 break;
2195
2196 case 'L': /* array of longs */
2197 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2198 CCerror(context,
2199 "Expecting to find array of longs on stack");
2200 break;
2201
2202 case 'F': /* array of floats */
2203 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2204 CCerror(context,
2205 "Expecting to find array of floats on stack");
2206 break;
2207
2208 case 'D': /* array of doubles */
2209 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2210 CCerror(context,
2211 "Expecting to find array of doubles on stack");
2212 break;
2213
2214 case 'A': { /* array of addresses (arrays or objects) */
2215 int indirection = GET_INDIRECTION(top_type);
2216 if ((indirection == 0) ||
2217 ((indirection == 1) &&
2218 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2219 CCerror(context,
2220 "Expecting to find array of objects or arrays "
2221 "on stack");
2222 break;
2223 }
2224
2225 case 'B': /* array of bytes */
2226 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0))
2227 CCerror(context,
2228 "Expecting to find array of bytes on stack");
2229 break;
2230
2231 case 'C': /* array of characters */
2232 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2233 CCerror(context,
2234 "Expecting to find array of chars on stack");
2235 break;
2236
2237 case 'S': /* array of shorts */
2238 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2239 CCerror(context,
2240 "Expecting to find array of shorts on stack");
2241 break;
2242
2243 case '?': /* any type of array is okay */
2244 if (GET_INDIRECTION(top_type) == 0)
2245 CCerror(context,
2246 "Expecting to find array on stack");
2247 break;
2248
2249 default:
2250 CCerror(context, "Internal error #1");
2251 break;
2252 }
2253 p -= 2; /* skip over [ <char> */
2254 break;
2255
2256 case '1': case '2': case '3': case '4': /* stack swapping */
2257 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2258 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2259 if ((p > stack_operands) && (p[-1] == '+')) {
2260 context->swap_table[type - '1'] = top_type + 1;
2261 context->swap_table[p[-2] - '1'] = top_type;
2262 size = 2;
2263 p -= 2;
2264 } else {
2265 CCerror(context,
2266 "Attempt to split long or double on the stack");
2267 }
2268 } else {
2269 context->swap_table[type - '1'] = stack->item;
2270 if ((p > stack_operands) && (p[-1] == '+'))
2271 p--; /* ignore */
2272 }
2273 break;
2274 case '+': /* these should have been caught. */
2275 default:
2276 CCerror(context, "Internal error #2");
2277 }
2278 stack_size -= size;
2279 }
2280
2281 /* For many of the opcodes that had an "A" in their field, we really
2282 * need to go back and do a little bit more accurate testing. We can, of
2283 * course, assume that the minimal type checking has already been done.
2284 */
2285 switch (opcode) {
2286 default: break;
2287 case JVM_OPC_aastore: { /* array index object */
2288 fullinfo_type array_type = stack_extra_info[0];
2289 fullinfo_type object_type = stack_extra_info[2];
2290 fullinfo_type target_type = decrement_indirection(array_type);
2291 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2292 && (GET_INDIRECTION(object_type) == 0)) {
2293 CCerror(context, "Expecting reference type on operand stack in aastore");
2294 }
2295 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2296 && (GET_INDIRECTION(target_type) == 0)) {
2297 CCerror(context, "Component type of the array must be reference type in aastore");
2298 }
2299 break;
2300 }
2301
2302 case JVM_OPC_putfield:
2303 case JVM_OPC_getfield:
2304 case JVM_OPC_putstatic: {
2305 int operand = this_idata->operand.i;
2306 fullinfo_type stack_object = stack_extra_info[0];
2307 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2308 if (!isAssignableTo
2309 (context,
2310 stack_object,
2311 cp_index_to_class_fullinfo
2312 (context, operand, JVM_CONSTANT_Fieldref))) {
2313 CCerror(context,
2314 "Incompatible type for getting or setting field");
2315 }
2316 if (this_idata->protected &&
2317 !isAssignableTo(context, stack_object,
2318 context->currentclass_info)) {
2319 CCerror(context, "Bad access to protected data");
2320 }
2321 }
2322 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2323 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2324 if (!isAssignableTo(context,
2325 stack_extra_info[item], put_full_info)) {
2326 CCerror(context, "Bad type in putfield/putstatic");
2327 }
2328 }
2329 break;
2330 }
2331
2332 case JVM_OPC_athrow:
2333 if (!isAssignableTo(context, stack_extra_info[0],
2334 context->throwable_info)) {
2335 CCerror(context, "Can only throw Throwable objects");
2336 }
2337 break;
2338
2339 case JVM_OPC_aaload: { /* array index */
2340 /* We need to pass the information to the stack updater */
2341 fullinfo_type array_type = stack_extra_info[0];
2342 context->swap_table[0] = decrement_indirection(array_type);
2343 break;
2344 }
2345
2346 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2347 case JVM_OPC_invokeinit:
2348 case JVM_OPC_invokedynamic:
2349 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2350 int operand = this_idata->operand.i;
2351 const char *signature =
2352 JVM_GetCPMethodSignatureUTF(context->env,
2353 context->class,
2354 operand);
2355 int item;
2356 const char *p;
2357 check_and_push(context, signature, VM_STRING_UTF);
2358 if (opcode == JVM_OPC_invokestatic ||
2359 opcode == JVM_OPC_invokedynamic) {
2360 item = 0;
2361 } else if (opcode == JVM_OPC_invokeinit) {
2362 fullinfo_type init_type = this_idata->operand2.fi;
2363 fullinfo_type object_type = stack_extra_info[0];
2364 context->swap_table[0] = object_type; /* save value */
2365 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2366 /* We better be calling the appropriate init. Find the
2367 * inumber of the "JVM_OPC_new" instruction", and figure
2368 * out what the type really is.
2369 */
2370 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2371 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2372 context->swap_table[1] = target_type;
2373
2374 if (target_type != init_type) {
2375 CCerror(context, "Call to wrong initialization method");
2376 }
2377 if (this_idata->protected
2378 && context->major_version > LDC_CLASS_MAJOR_VERSION
2379 && !isAssignableTo(context, object_type,
2380 context->currentclass_info)) {
2381 CCerror(context, "Bad access to protected data");
2382 }
2383 } else {
2384 /* We better be calling super() or this(). */
2385 if (init_type != context->superclass_info &&
2386 init_type != context->currentclass_info) {
2387 CCerror(context, "Call to wrong initialization method");
2388 }
2389 context->swap_table[1] = context->currentclass_info;
2390 }
2391 item = 1;
2392 } else {
2393 fullinfo_type target_type = this_idata->operand2.fi;
2394 fullinfo_type object_type = stack_extra_info[0];
2395 if (!isAssignableTo(context, object_type, target_type)){
2396 CCerror(context,
2397 "Incompatible object argument for function call");
2398 }
2399 if (opcode == JVM_OPC_invokespecial
2400 && !isAssignableTo(context, object_type,
2401 context->currentclass_info)) {
2402 /* Make sure object argument is assignment compatible to current class */
2403 CCerror(context,
2404 "Incompatible object argument for invokespecial");
2405 }
2406 if (this_idata->protected
2407 && !isAssignableTo(context, object_type,
2408 context->currentclass_info)) {
2409 /* This is ugly. Special dispensation. Arrays pretend to
2410 implement public Object clone() even though they don't */
2411 const char *utfName =
2412 JVM_GetCPMethodNameUTF(context->env,
2413 context->class,
2414 this_idata->operand.i);
2415 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2416 JVM_ReleaseUTF(utfName);
2417
2418 if ((target_type == context->object_info) &&
2419 (GET_INDIRECTION(object_type) > 0) &&
2420 is_clone) {
2421 } else {
2422 CCerror(context, "Bad access to protected data");
2423 }
2424 }
2425 item = 1;
2426 }
2427 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2428 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2429 if (!isAssignableTo(context,
2430 stack_extra_info[item], full_info)) {
2431 CCerror(context, "Incompatible argument to function");
2432 }
2433 }
2434
2435 pop_and_free(context);
2436 break;
2437 }
2438
2439 case JVM_OPC_return:
2440 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2441 CCerror(context, "Wrong return type in function");
2442 break;
2443
2444 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2445 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2446 fullinfo_type target_type = context->return_type;
2447 fullinfo_type object_type = stack_extra_info[0];
2448 if (!isAssignableTo(context, object_type, target_type)) {
2449 CCerror(context, "Wrong return type in function");
2450 }
2451 break;
2452 }
2453
2454 case JVM_OPC_new: {
2455 /* Make sure that nothing on the stack already looks like what
2456 * we want to create. I can't image how this could possibly happen
2457 * but we should test for it anyway, since if it could happen, the
2458 * result would be an unitialized object being able to masquerade
2459 * as an initialized one.
2460 */
2461 stack_item_type *item;
2462 for (item = stack; item != NULL; item = item->next) {
2463 if (item->item == this_idata->operand.fi) {
2464 CCerror(context,
2465 "Uninitialized object on stack at creating point");
2466 }
2467 }
2468 /* Info for update_registers */
2469 context->swap_table[0] = this_idata->operand.fi;
2470 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2471
2472 break;
2473 }
2474 }
2475 new_stack_info->stack = stack;
2476 new_stack_info->stack_size = stack_size;
2477 }
2478
2479
2480 /* We've already determined that the instruction is legal. Perform the
2481 * operation on the registers, and return the updated results in
2482 * new_register_count_p and new_registers.
2483 */
2484
2485 static void
2486 update_registers(context_type *context, unsigned int inumber,
2487 register_info_type *new_register_info)
2488 {
2489 instruction_data_type *idata = context->instruction_data;
2490 instruction_data_type *this_idata = &idata[inumber];
2491 int opcode = this_idata->opcode;
2492 int operand = this_idata->operand.i;
2493 int register_count = this_idata->register_info.register_count;
2494 fullinfo_type *registers = this_idata->register_info.registers;
2495 stack_item_type *stack = this_idata->stack_info.stack;
2496 int mask_count = this_idata->register_info.mask_count;
2497 mask_type *masks = this_idata->register_info.masks;
2498
2499 /* Use these as default new values. */
2500 int new_register_count = register_count;
2501 int new_mask_count = mask_count;
2502 fullinfo_type *new_registers = registers;
2503 mask_type *new_masks = masks;
2504
2505 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2506 int i;
2507
2508 /* Remember, we've already verified the type at the top of the stack. */
2509 switch (opcode) {
2510 default: break;
2511 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2512 access = ACCESS_SINGLE;
2513 goto continue_store;
2514
2515 case JVM_OPC_lstore: case JVM_OPC_dstore:
2516 access = ACCESS_DOUBLE;
2517 goto continue_store;
2518
2519 continue_store: {
2520 /* We have a modification to the registers. Copy them if needed. */
2521 fullinfo_type stack_top_type = stack->item;
2522 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2523
2524 if ( max_operand < register_count
2525 && registers[operand] == stack_top_type
2526 && ((access == ACCESS_SINGLE) ||
2527 (registers[operand + 1]== stack_top_type + 1)))
2528 /* No changes have been made to the registers. */
2529 break;
2530 new_register_count = MAX(max_operand + 1, register_count);
2531 new_registers = NEW(fullinfo_type, new_register_count);
2532 for (i = 0; i < register_count; i++)
2533 new_registers[i] = registers[i];
2534 for (i = register_count; i < new_register_count; i++)
2535 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2536 new_registers[operand] = stack_top_type;
2537 if (access == ACCESS_DOUBLE)
2538 new_registers[operand + 1] = stack_top_type + 1;
2539 break;
2540 }
2541
2542 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2543 case JVM_OPC_iinc: case JVM_OPC_ret:
2544 access = ACCESS_SINGLE;
2545 break;
2546
2547 case JVM_OPC_lload: case JVM_OPC_dload:
2548 access = ACCESS_DOUBLE;
2549 break;
2550
2551 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2552 for (i = 0; i < new_mask_count; i++)
2553 if (new_masks[i].entry == operand)
2554 CCerror(context, "Recursive call to jsr entry");
2555 new_masks = add_to_masks(context, masks, mask_count, operand);
2556 new_mask_count++;
2557 break;
2558
2559 case JVM_OPC_invokeinit:
2560 case JVM_OPC_new: {
2561 /* For invokeinit, an uninitialized object has been initialized.
2562 * For new, all previous occurrences of an uninitialized object
2563 * from the same instruction must be made bogus.
2564 * We find all occurrences of swap_table[0] in the registers, and
2565 * replace them with swap_table[1];
2566 */
2567 fullinfo_type from = context->swap_table[0];
2568 fullinfo_type to = context->swap_table[1];
2569
2570 int i;
2571 for (i = 0; i < register_count; i++) {
2572 if (new_registers[i] == from) {
2573 /* Found a match */
2574 break;
2575 }
2576 }
2577 if (i < register_count) { /* We broke out loop for match */
2578 /* We have to change registers, and possibly a mask */
2579 jboolean copied_mask = JNI_FALSE;
2580 int k;
2581 new_registers = NEW(fullinfo_type, register_count);
2582 memcpy(new_registers, registers,
2583 register_count * sizeof(registers[0]));
2584 for ( ; i < register_count; i++) {
2585 if (new_registers[i] == from) {
2586 new_registers[i] = to;
2587 for (k = 0; k < new_mask_count; k++) {
2588 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2589 if (!copied_mask) {
2590 new_masks = copy_masks(context, new_masks,
2591 mask_count);
2592 copied_mask = JNI_TRUE;
2593 }
2594 SET_BIT(new_masks[k].modifies, i);
2595 }
2596 }
2597 }
2598 }
2599 }
2600 break;
2601 }
2602 } /* of switch */
2603
2604 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2605 int i, j;
2606 for (i = 0; i < new_mask_count; i++) {
2607 int *mask = new_masks[i].modifies;
2608 if ((!IS_BIT_SET(mask, operand)) ||
2609 ((access == ACCESS_DOUBLE) &&
2610 !IS_BIT_SET(mask, operand + 1))) {
2611 new_masks = copy_masks(context, new_masks, mask_count);
2612 for (j = i; j < new_mask_count; j++) {
2613 SET_BIT(new_masks[j].modifies, operand);
2614 if (access == ACCESS_DOUBLE)
2615 SET_BIT(new_masks[j].modifies, operand + 1);
2616 }
2617 break;
2618 }
2619 }
2620 }
2621
2622 new_register_info->register_count = new_register_count;
2623 new_register_info->registers = new_registers;
2624 new_register_info->masks = new_masks;
2625 new_register_info->mask_count = new_mask_count;
2626 }
2627
2628
2629
2630 /* We've already determined that the instruction is legal, and have updated
2631 * the registers. Update the flags, too.
2632 */
2633
2634
2635 static void
2636 update_flags(context_type *context, unsigned int inumber,
2637 flag_type *new_and_flags, flag_type *new_or_flags)
2638
2639 {
2640 instruction_data_type *idata = context->instruction_data;
2641 instruction_data_type *this_idata = &idata[inumber];
2642 flag_type and_flags = this_idata->and_flags;
2643 flag_type or_flags = this_idata->or_flags;
2644
2645 /* Set the "we've done a constructor" flag */
2646 if (this_idata->opcode == JVM_OPC_invokeinit) {
2647 fullinfo_type from = context->swap_table[0];
2648 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2649 and_flags |= FLAG_CONSTRUCTED;
2650 }
2651 *new_and_flags = and_flags;
2652 *new_or_flags = or_flags;
2653 }
2654
2655
2656
2657 /* We've already determined that the instruction is legal. Perform the
2658 * operation on the stack;
2659 *
2660 * new_stack_size_p and new_stack_p point to the results after the pops have
2661 * already been done. Do the pushes, and then put the results back there.
2662 */
2663
2664 static void
2665 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2666 {
2667 instruction_data_type *idata = context->instruction_data;
2668 instruction_data_type *this_idata = &idata[inumber];
2669 int opcode = this_idata->opcode;
2670 int operand = this_idata->operand.i;
2671
2672 int stack_size = new_stack_info->stack_size;
2673 stack_item_type *stack = new_stack_info->stack;
2674 char *stack_results;
2675
2676 fullinfo_type full_info = 0;
2677 char buffer[5], *p; /* actually [2] is big enough */
2678
2679 /* We need to look at all those opcodes in which either we can't tell the
2680 * value pushed onto the stack from the opcode, or in which the value
2681 * pushed onto the stack is an object or array. For the latter, we need
2682 * to make sure that full_info is set to the right value.
2683 */
2684 switch(opcode) {
2685 default:
2686 stack_results = opcode_in_out[opcode][1];
2687 break;
2688
2689 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2690 /* Look to constant pool to determine correct result. */
2691 unsigned char *type_table = context->constant_types;
2692 switch (type_table[operand]) {
2693 case JVM_CONSTANT_Integer:
2694 stack_results = "I"; break;
2695 case JVM_CONSTANT_Float:
2696 stack_results = "F"; break;
2697 case JVM_CONSTANT_Double:
2698 stack_results = "D"; break;
2699 case JVM_CONSTANT_Long:
2700 stack_results = "L"; break;
2701 case JVM_CONSTANT_String:
2702 stack_results = "A";
2703 full_info = context->string_info;
2704 break;
2705 case JVM_CONSTANT_Class:
2706 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2707 CCerror(context, "Internal error #3");
2708 stack_results = "A";
2709 full_info = make_class_info_from_name(context,
2710 "java/lang/Class");
2711 break;
2712 case JVM_CONSTANT_MethodHandle:
2713 case JVM_CONSTANT_MethodType:
2714 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2715 CCerror(context, "Internal error #3");
2716 stack_results = "A";
2717 switch (type_table[operand]) {
2718 case JVM_CONSTANT_MethodType:
2719 full_info = make_class_info_from_name(context,
2720 "java/lang/invoke/MethodType");
2721 break;
2722 default: //JVM_CONSTANT_MethodHandle
2723 full_info = make_class_info_from_name(context,
2724 "java/lang/invoke/MethodHandle");
2725 break;
2726 }
2727 break;
2728 default:
2729 CCerror(context, "Internal error #3");
2730 stack_results = ""; /* Never reached: keep lint happy */
2731 }
2732 break;
2733 }
2734
2735 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2736 /* Look to signature to determine correct result. */
2737 int operand = this_idata->operand.i;
2738 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2739 context->class,
2740 operand);
2741 check_and_push(context, signature, VM_STRING_UTF);
2742 #ifdef DEBUG
2743 if (verify_verbose) {
2744 print_formatted_fieldname(context, operand);
2745 }
2746 #endif
2747 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2748 buffer[1] = '\0';
2749 stack_results = buffer;
2750 pop_and_free(context);
2751 break;
2752 }
2753
2754 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2755 case JVM_OPC_invokeinit:
2756 case JVM_OPC_invokedynamic:
2757 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2758 /* Look to signature to determine correct result. */
2759 int operand = this_idata->operand.i;
2760 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2761 context->class,
2762 operand);
2763 const char *result_signature;
2764 check_and_push(context, signature, VM_STRING_UTF);
2765 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2766 if (result_signature++ == NULL) {
2767 CCerror(context, "Illegal signature %s", signature);
2768 }
2769 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2770 stack_results = "";
2771 } else {
2772 buffer[0] = signature_to_fieldtype(context, &result_signature,
2773 &full_info);
2774 buffer[1] = '\0';
2775 stack_results = buffer;
2776 }
2777 pop_and_free(context);
2778 break;
2779 }
2780
2781 case JVM_OPC_aconst_null:
2782 stack_results = opcode_in_out[opcode][1];
2783 full_info = NULL_FULLINFO; /* special NULL */
2784 break;
2785
2786 case JVM_OPC_new:
2787 case JVM_OPC_checkcast:
2788 case JVM_OPC_newarray:
2789 case JVM_OPC_anewarray:
2790 case JVM_OPC_multianewarray:
2791 stack_results = opcode_in_out[opcode][1];
2792 /* Conveniently, this result type is stored here */
2793 full_info = this_idata->operand.fi;
2794 break;
2795
2796 case JVM_OPC_aaload:
2797 stack_results = opcode_in_out[opcode][1];
2798 /* pop_stack() saved value for us. */
2799 full_info = context->swap_table[0];
2800 break;
2801
2802 case JVM_OPC_aload:
2803 stack_results = opcode_in_out[opcode][1];
2804 /* The register hasn't been modified, so we can use its value. */
2805 full_info = this_idata->register_info.registers[operand];
2806 break;
2807 } /* of switch */
2808
2809 for (p = stack_results; *p != 0; p++) {
2810 int type = *p;
2811 stack_item_type *new_item = NEW(stack_item_type, 1);
2812 new_item->next = stack;
2813 stack = new_item;
2814 switch (type) {
2815 case 'I':
2816 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2817 case 'F':
2818 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2819 case 'D':
2820 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2821 stack_size++; break;
2822 case 'L':
2823 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2824 stack_size++; break;
2825 case 'R':
2826 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2827 break;
2828 case '1': case '2': case '3': case '4': {
2829 /* Get the info saved in the swap_table */
2830 fullinfo_type stype = context->swap_table[type - '1'];
2831 stack->item = stype;
2832 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2833 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2834 stack_size++; p++;
2835 }
2836 break;
2837 }
2838 case 'A':
2839 /* full_info should have the appropriate value. */
2840 assert(full_info != 0);
2841 stack->item = full_info;
2842 break;
2843 default:
2844 CCerror(context, "Internal error #4");
2845
2846 } /* switch type */
2847 stack_size++;
2848 } /* outer for loop */
2849
2850 if (opcode == JVM_OPC_invokeinit) {
2851 /* If there are any instances of "from" on the stack, we need to
2852 * replace it with "to", since calling <init> initializes all versions
2853 * of the object, obviously. */
2854 fullinfo_type from = context->swap_table[0];
2855 stack_item_type *ptr;
2856 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2857 if (ptr->item == from) {
2858 fullinfo_type to = context->swap_table[1];
2859 stack = copy_stack(context, stack);
2860 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2861 if (ptr->item == from) ptr->item = to;
2862 break;
2863 }
2864 }
2865 }
2866
2867 new_stack_info->stack_size = stack_size;
2868 new_stack_info->stack = stack;
2869 }
2870
2871
2872 /* We've performed an instruction, and determined the new registers and stack
2873 * value. Look at all of the possibly subsequent instructions, and merge
2874 * this stack value into theirs.
2875 */
2876
2877 static void
2878 merge_into_successors(context_type *context, unsigned int inumber,
2879 register_info_type *register_info,
2880 stack_info_type *stack_info,
2881 flag_type and_flags, flag_type or_flags)
2882 {
2883 instruction_data_type *idata = context->instruction_data;
2884 instruction_data_type *this_idata = &idata[inumber];
2885 int opcode = this_idata->opcode;
2886 int operand = this_idata->operand.i;
2887 struct handler_info_type *handler_info = context->handler_info;
2888 int handler_info_length =
2889 JVM_GetMethodIxExceptionTableLength(context->env,
2890 context->class,
2891 context->method_index);
2892
2893
2894 int buffer[2]; /* default value for successors */
2895 int *successors = buffer; /* table of successors */
2896 int successors_count;
2897 int i;
2898
2899 switch (opcode) {
2900 default:
2901 successors_count = 1;
2902 buffer[0] = inumber + 1;
2903 break;
2904
2905 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2906 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2907 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2908 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2909 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2910 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2911 successors_count = 2;
2912 buffer[0] = inumber + 1;
2913 buffer[1] = operand;
2914 break;
2915
2916 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2917 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2918 idata[this_idata->operand2.i].changed = JNI_TRUE;
2919 /* FALLTHROUGH */
2920 case JVM_OPC_goto: case JVM_OPC_goto_w:
2921 successors_count = 1;
2922 buffer[0] = operand;
2923 break;
2924
2925
2926 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2927 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2928 case JVM_OPC_athrow:
2929 /* The testing for the returns is handled in pop_stack() */
2930 successors_count = 0;
2931 break;
2932
2933 case JVM_OPC_ret: {
2934 /* This is slightly slow, but good enough for a seldom used instruction.
2935 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2936 * address of the first instruction of the subroutine. We can return
2937 * to 1 after any instruction that jsr's to that instruction.
2938 */
2939 if (this_idata->operand2.ip == NULL) {
2940 fullinfo_type *registers = this_idata->register_info.registers;
2941 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2942 int i, count, *ptr;;
2943 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2944 if (((idata[i].opcode == JVM_OPC_jsr) ||
2945 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2946 (idata[i].operand.i == called_instruction))
2947 count++;
2948 }
2949 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2950 *ptr++ = count;
2951 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2952 if (((idata[i].opcode == JVM_OPC_jsr) ||
2953 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2954 (idata[i].operand.i == called_instruction))
2955 *ptr++ = i + 1;
2956 }
2957 }
2958 successors = this_idata->operand2.ip; /* use this instead */
2959 successors_count = *successors++;
2960 break;
2961
2962 }
2963
2964 case JVM_OPC_tableswitch:
2965 case JVM_OPC_lookupswitch:
2966 successors = this_idata->operand.ip; /* use this instead */
2967 successors_count = *successors++;
2968 break;
2969 }
2970
2971 #ifdef DEBUG
2972 if (verify_verbose) {
2973 jio_fprintf(stdout, " [");
2974 for (i = handler_info_length; --i >= 0; handler_info++)
2975 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
2976 jio_fprintf(stdout, "%d* ", handler_info->handler);
2977 for (i = 0; i < successors_count; i++)
2978 jio_fprintf(stdout, "%d ", successors[i]);
2979 jio_fprintf(stdout, "]\n");
2980 }
2981 #endif
2982
2983 handler_info = context->handler_info;
2984 for (i = handler_info_length; --i >= 0; handler_info++) {
2985 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
2986 int handler = handler_info->handler;
2987 if (opcode != JVM_OPC_invokeinit) {
2988 merge_into_one_successor(context, inumber, handler,
2989 &this_idata->register_info, /* old */
2990 &handler_info->stack_info,
2991 (flag_type) (and_flags
2992 & this_idata->and_flags),
2993 (flag_type) (or_flags
2994 | this_idata->or_flags),
2995 JNI_TRUE);
2996 } else {
2997 /* We need to be a little bit more careful with this
2998 * instruction. Things could either be in the state before
2999 * the instruction or in the state afterwards */
3000 fullinfo_type from = context->swap_table[0];
3001 flag_type temp_or_flags = or_flags;
3002 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3003 temp_or_flags |= FLAG_NO_RETURN;
3004 merge_into_one_successor(context, inumber, handler,
3005 &this_idata->register_info, /* old */
3006 &handler_info->stack_info,
3007 this_idata->and_flags,
3008 this_idata->or_flags,
3009 JNI_TRUE);
3010 merge_into_one_successor(context, inumber, handler,
3011 register_info,
3012 &handler_info->stack_info,
3013 and_flags, temp_or_flags, JNI_TRUE);
3014 }
3015 }
3016 }
3017 for (i = 0; i < successors_count; i++) {
3018 int target = successors[i];
3019 if (target >= context->instruction_count)
3020 CCerror(context, "Falling off the end of the code");
3021 merge_into_one_successor(context, inumber, target,
3022 register_info, stack_info, and_flags, or_flags,
3023 JNI_FALSE);
3024 }
3025 }
3026
3027 /* We have a new set of registers and stack values for a given instruction.
3028 * Merge this new set into the values that are already there.
3029 */
3030
3031 static void
3032 merge_into_one_successor(context_type *context,
3033 unsigned int from_inumber, unsigned int to_inumber,
3034 register_info_type *new_register_info,
3035 stack_info_type *new_stack_info,
3036 flag_type new_and_flags, flag_type new_or_flags,
3037 jboolean isException)
3038 {
3039 instruction_data_type *idata = context->instruction_data;
3040 register_info_type register_info_buf;
3041 stack_info_type stack_info_buf;
3042 #ifdef DEBUG
3043 instruction_data_type *this_idata = &idata[to_inumber];
3044 register_info_type old_reg_info;
3045 stack_info_type old_stack_info;
3046 flag_type old_and_flags = 0;
3047 flag_type old_or_flags = 0;
3048 #endif
3049
3050 #ifdef DEBUG
3051 if (verify_verbose) {
3052 old_reg_info = this_idata->register_info;
3053 old_stack_info = this_idata->stack_info;
3054 old_and_flags = this_idata->and_flags;
3055 old_or_flags = this_idata->or_flags;
3056 }
3057 #endif
3058
3059 /* All uninitialized objects are set to "bogus" when jsr and
3060 * ret are executed. Thus uninitialized objects can't propagate
3061 * into or out of a subroutine.
3062 */
3063 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3064 idata[from_inumber].opcode == JVM_OPC_jsr ||
3065 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3066 int new_register_count = new_register_info->register_count;
3067 fullinfo_type *new_registers = new_register_info->registers;
3068 int i;
3069 stack_item_type *item;
3070
3071 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3072 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3073 /* This check only succeeds for hand-contrived code.
3074 * Efficiency is not an issue.
3075 */
3076 stack_info_buf.stack = copy_stack(context,
3077 new_stack_info->stack);
3078 stack_info_buf.stack_size = new_stack_info->stack_size;
3079 new_stack_info = &stack_info_buf;
3080 for (item = new_stack_info->stack; item != NULL;
3081 item = item->next) {
3082 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3083 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3084 }
3085 }
3086 break;
3087 }
3088 }
3089 for (i = 0; i < new_register_count; i++) {
3090 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3091 /* This check only succeeds for hand-contrived code.
3092 * Efficiency is not an issue.
3093 */
3094 fullinfo_type *new_set = NEW(fullinfo_type,
3095 new_register_count);
3096 for (i = 0; i < new_register_count; i++) {
3097 fullinfo_type t = new_registers[i];
3098 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3099 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3100 }
3101 register_info_buf.register_count = new_register_count;
3102 register_info_buf.registers = new_set;
3103 register_info_buf.mask_count = new_register_info->mask_count;
3104 register_info_buf.masks = new_register_info->masks;
3105 new_register_info = ®ister_info_buf;
3106 break;
3107 }
3108 }
3109 }
3110
3111 /* Returning from a subroutine is somewhat ugly. The actual thing
3112 * that needs to get merged into the new instruction is a joining
3113 * of info from the ret instruction with stuff in the jsr instruction
3114 */
3115 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3116 int new_register_count = new_register_info->register_count;
3117 fullinfo_type *new_registers = new_register_info->registers;
3118 int new_mask_count = new_register_info->mask_count;
3119 mask_type *new_masks = new_register_info->masks;
3120 int operand = idata[from_inumber].operand.i;
3121 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3122 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3123 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3124 if (jsr_idata->operand2.i != (int)from_inumber) {
3125 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3126 CCerror(context, "Multiple returns to single jsr");
3127 jsr_idata->operand2.i = from_inumber;
3128 }
3129 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3130 /* We don't want to handle the returned-to instruction until
3131 * we've dealt with the jsr instruction. When we get to the
3132 * jsr instruction (if ever), we'll re-mark the ret instruction
3133 */
3134 ;
3135 } else {
3136 int register_count = jsr_reginfo->register_count;
3137 fullinfo_type *registers = jsr_reginfo->registers;
3138 int max_registers = MAX(register_count, new_register_count);
3139 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3140 int *return_mask;
3141 struct register_info_type new_new_register_info;
3142 int i;
3143 /* Make sure the place we're returning from is legal! */
3144 for (i = new_mask_count; --i >= 0; )
3145 if (new_masks[i].entry == called_instruction)
3146 break;
3147 if (i < 0)
3148 CCerror(context, "Illegal return from subroutine");
3149 /* pop the masks down to the indicated one. Remember the mask
3150 * we're popping off. */
3151 return_mask = new_masks[i].modifies;
3152 new_mask_count = i;
3153 for (i = 0; i < max_registers; i++) {
3154 if (IS_BIT_SET(return_mask, i))
3155 new_set[i] = i < new_register_count ?
3156 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3157 else
3158 new_set[i] = i < register_count ?
3159 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3160 }
3161 new_new_register_info.register_count = max_registers;
3162 new_new_register_info.registers = new_set;
3163 new_new_register_info.mask_count = new_mask_count;
3164 new_new_register_info.masks = new_masks;
3165
3166
3167 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3168 merge_registers(context, to_inumber - 1, to_inumber,
3169 &new_new_register_info);
3170 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3171 }
3172 } else {
3173 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3174 merge_registers(context, from_inumber, to_inumber, new_register_info);
3175 merge_flags(context, from_inumber, to_inumber,
3176 new_and_flags, new_or_flags);
3177 }
3178
3179 #ifdef DEBUG
3180 if (verify_verbose && idata[to_inumber].changed) {
3181 register_info_type *register_info = &this_idata->register_info;
3182 stack_info_type *stack_info = &this_idata->stack_info;
3183 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3184 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3185 (old_and_flags != this_idata->and_flags) ||
3186 (old_or_flags != this_idata->or_flags)) {
3187 jio_fprintf(stdout, " %2d:", to_inumber);
3188 print_stack(context, &old_stack_info);
3189 print_registers(context, &old_reg_info);
3190 print_flags(context, old_and_flags, old_or_flags);
3191 jio_fprintf(stdout, " => ");
3192 print_stack(context, &this_idata->stack_info);
3193 print_registers(context, &this_idata->register_info);
3194 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3195 jio_fprintf(stdout, "\n");
3196 }
3197 }
3198 #endif
3199
3200 }
3201
3202 static void
3203 merge_stack(context_type *context, unsigned int from_inumber,
3204 unsigned int to_inumber, stack_info_type *new_stack_info)
3205 {
3206 instruction_data_type *idata = context->instruction_data;
3207 instruction_data_type *this_idata = &idata[to_inumber];
3208
3209 int new_stack_size = new_stack_info->stack_size;
3210 stack_item_type *new_stack = new_stack_info->stack;
3211
3212 int stack_size = this_idata->stack_info.stack_size;
3213
3214 if (stack_size == UNKNOWN_STACK_SIZE) {
3215 /* First time at this instruction. Just copy. */
3216 this_idata->stack_info.stack_size = new_stack_size;
3217 this_idata->stack_info.stack = new_stack;
3218 this_idata->changed = JNI_TRUE;
3219 } else if (new_stack_size != stack_size) {
3220 CCerror(context, "Inconsistent stack height %d != %d",
3221 new_stack_size, stack_size);
3222 } else {
3223 stack_item_type *stack = this_idata->stack_info.stack;
3224 stack_item_type *old, *new;
3225 jboolean change = JNI_FALSE;
3226 for (old = stack, new = new_stack; old != NULL;
3227 old = old->next, new = new->next) {
3228 if (!isAssignableTo(context, new->item, old->item)) {
3229 change = JNI_TRUE;
3230 break;
3231 }
3232 }
3233 if (change) {
3234 stack = copy_stack(context, stack);
3235 for (old = stack, new = new_stack; old != NULL;
3236 old = old->next, new = new->next) {
3237 if (new == NULL) {
3238 break;
3239 }
3240 old->item = merge_fullinfo_types(context, old->item, new->item,
3241 JNI_FALSE);
3242 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3243 CCerror(context, "Mismatched stack types");
3244 }
3245 }
3246 if (old != NULL || new != NULL) {
3247 CCerror(context, "Mismatched stack types");
3248 }
3249 this_idata->stack_info.stack = stack;
3250 this_idata->changed = JNI_TRUE;
3251 }
3252 }
3253 }
3254
3255 static void
3256 merge_registers(context_type *context, unsigned int from_inumber,
3257 unsigned int to_inumber, register_info_type *new_register_info)
3258 {
3259 instruction_data_type *idata = context->instruction_data;
3260 instruction_data_type *this_idata = &idata[to_inumber];
3261 register_info_type *this_reginfo = &this_idata->register_info;
3262
3263 int new_register_count = new_register_info->register_count;
3264 fullinfo_type *new_registers = new_register_info->registers;
3265 int new_mask_count = new_register_info->mask_count;
3266 mask_type *new_masks = new_register_info->masks;
3267
3268
3269 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3270 this_reginfo->register_count = new_register_count;
3271 this_reginfo->registers = new_registers;
3272 this_reginfo->mask_count = new_mask_count;
3273 this_reginfo->masks = new_masks;
3274 this_idata->changed = JNI_TRUE;
3275 } else {
3276 /* See if we've got new information on the register set. */
3277 int register_count = this_reginfo->register_count;
3278 fullinfo_type *registers = this_reginfo->registers;
3279 int mask_count = this_reginfo->mask_count;
3280 mask_type *masks = this_reginfo->masks;
3281
3282 jboolean copy = JNI_FALSE;
3283 int i, j;
3284 if (register_count > new_register_count) {
3285 /* Any register larger than new_register_count is now bogus */
3286 this_reginfo->register_count = new_register_count;
3287 register_count = new_register_count;
3288 this_idata->changed = JNI_TRUE;
3289 }
3290 for (i = 0; i < register_count; i++) {
3291 fullinfo_type prev_value = registers[i];
3292 if ((i < new_register_count)
3293 ? (!isAssignableTo(context, new_registers[i], prev_value))
3294 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3295 copy = JNI_TRUE;
3296 break;
3297 }
3298 }
3299
3300 if (copy) {
3301 /* We need a copy. So do it. */
3302 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3303 for (j = 0; j < i; j++)
3304 new_set[j] = registers[j];
3305 for (j = i; j < register_count; j++) {
3306 if (i >= new_register_count)
3307 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3308 else
3309 new_set[j] = merge_fullinfo_types(context,
3310 new_registers[j],
3311 registers[j], JNI_FALSE);
3312 }
3313 /* Some of the end items might now be bogus. This step isn't
3314 * necessary, but it may save work later. */
3315 while ( register_count > 0
3316 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3317 register_count--;
3318 this_reginfo->register_count = register_count;
3319 this_reginfo->registers = new_set;
3320 this_idata->changed = JNI_TRUE;
3321 }
3322 if (mask_count > 0) {
3323 /* If the target instruction already has a sequence of masks, then
3324 * we need to merge new_masks into it. We want the entries on
3325 * the mask to be the longest common substring of the two.
3326 * (e.g. a->b->d merged with a->c->d should give a->d)
3327 * The bits set in the mask should be the or of the corresponding
3328 * entries in each of the original masks.
3329 */
3330 int i, j, k;
3331 int matches = 0;
3332 int last_match = -1;
3333 jboolean copy_needed = JNI_FALSE;
3334 for (i = 0; i < mask_count; i++) {
3335 int entry = masks[i].entry;
3336 for (j = last_match + 1; j < new_mask_count; j++) {
3337 if (new_masks[j].entry == entry) {
3338 /* We have a match */
3339 int *prev = masks[i].modifies;
3340 int *new = new_masks[j].modifies;
3341 matches++;
3342 /* See if new_mask has bits set for "entry" that
3343 * weren't set for mask. If so, need to copy. */
3344 for (k = context->bitmask_size - 1;
3345 !copy_needed && k >= 0;
3346 k--)
3347 if (~prev[k] & new[k])
3348 copy_needed = JNI_TRUE;
3349 last_match = j;
3350 break;
3351 }
3352 }
3353 }
3354 if ((matches < mask_count) || copy_needed) {
3355 /* We need to make a copy for the new item, since either the
3356 * size has decreased, or new bits are set. */
3357 mask_type *copy = NEW(mask_type, matches);
3358 for (i = 0; i < matches; i++) {
3359 copy[i].modifies = NEW(int, context->bitmask_size);
3360 }
3361 this_reginfo->masks = copy;
3362 this_reginfo->mask_count = matches;
3363 this_idata->changed = JNI_TRUE;
3364 matches = 0;
3365 last_match = -1;
3366 for (i = 0; i < mask_count; i++) {
3367 int entry = masks[i].entry;
3368 for (j = last_match + 1; j < new_mask_count; j++) {
3369 if (new_masks[j].entry == entry) {
3370 int *prev1 = masks[i].modifies;
3371 int *prev2 = new_masks[j].modifies;
3372 int *new = copy[matches].modifies;
3373 copy[matches].entry = entry;
3374 for (k = context->bitmask_size - 1; k >= 0; k--)
3375 new[k] = prev1[k] | prev2[k];
3376 matches++;
3377 last_match = j;
3378 break;
3379 }
3380 }
3381 }
3382 }
3383 }
3384 }
3385 }
3386
3387
3388 static void
3389 merge_flags(context_type *context, unsigned int from_inumber,
3390 unsigned int to_inumber,
3391 flag_type new_and_flags, flag_type new_or_flags)
3392 {
3393 /* Set this_idata->and_flags &= new_and_flags
3394 this_idata->or_flags |= new_or_flags
3395 */
3396 instruction_data_type *idata = context->instruction_data;
3397 instruction_data_type *this_idata = &idata[to_inumber];
3398 flag_type this_and_flags = this_idata->and_flags;
3399 flag_type this_or_flags = this_idata->or_flags;
3400 flag_type merged_and = this_and_flags & new_and_flags;
3401 flag_type merged_or = this_or_flags | new_or_flags;
3402
3403 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3404 this_idata->and_flags = merged_and;
3405 this_idata->or_flags = merged_or;
3406 this_idata->changed = JNI_TRUE;
3407 }
3408 }
3409
3410
3411 /* Make a copy of a stack */
3412
3413 static stack_item_type *
3414 copy_stack(context_type *context, stack_item_type *stack)
3415 {
3416 int length;
3417 stack_item_type *ptr;
3418
3419 /* Find the length */
3420 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3421
3422 if (length > 0) {
3423 stack_item_type *new_stack = NEW(stack_item_type, length);
3424 stack_item_type *new_ptr;
3425 for ( ptr = stack, new_ptr = new_stack;
3426 ptr != NULL;
3427 ptr = ptr->next, new_ptr++) {
3428 new_ptr->item = ptr->item;
3429 new_ptr->next = new_ptr + 1;
3430 }
3431 new_stack[length - 1].next = NULL;
3432 return new_stack;
3433 } else {
3434 return NULL;
3435 }
3436 }
3437
3438
3439 static mask_type *
3440 copy_masks(context_type *context, mask_type *masks, int mask_count)
3441 {
3442 mask_type *result = NEW(mask_type, mask_count);
3443 int bitmask_size = context->bitmask_size;
3444 int *bitmaps = NEW(int, mask_count * bitmask_size);
3445 int i;
3446 for (i = 0; i < mask_count; i++) {
3447 result[i].entry = masks[i].entry;
3448 result[i].modifies = &bitmaps[i * bitmask_size];
3449 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3450 }
3451 return result;
3452 }
3453
3454
3455 static mask_type *
3456 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3457 {
3458 mask_type *result = NEW(mask_type, mask_count + 1);
3459 int bitmask_size = context->bitmask_size;
3460 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3461 int i;
3462 for (i = 0; i < mask_count; i++) {
3463 result[i].entry = masks[i].entry;
3464 result[i].modifies = &bitmaps[i * bitmask_size];
3465 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3466 }
3467 result[mask_count].entry = d;
3468 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3469 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3470 return result;
3471 }
3472
3473
3474
3475 /* We create our own storage manager, since we malloc lots of little items,
3476 * and I don't want to keep trace of when they become free. I sure wish that
3477 * we had heaps, and I could just free the heap when done.
3478 */
3479
3480 #define CCSegSize 2000
3481
3482 struct CCpool { /* a segment of allocated memory in the pool */
3483 struct CCpool *next;
3484 int segSize; /* almost always CCSegSize */
3485 int poolPad;
3486 char space[CCSegSize];
3487 };
3488
3489 /* Initialize the context's heap. */
3490 static void CCinit(context_type *context)
3491 {
3492 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3493 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3494 context->CCroot = context->CCcurrent = new;
3495 if (new == 0) {
3496 CCout_of_memory(context);
3497 }
3498 new->next = NULL;
3499 new->segSize = CCSegSize;
3500 context->CCfree_size = CCSegSize;
3501 context->CCfree_ptr = &new->space[0];
3502 }
3503
3504
3505 /* Reuse all the space that we have in the context's heap. */
3506 static void CCreinit(context_type *context)
3507 {
3508 struct CCpool *first = context->CCroot;
3509 context->CCcurrent = first;
3510 context->CCfree_size = CCSegSize;
3511 context->CCfree_ptr = &first->space[0];
3512 }
3513
3514 /* Destroy the context's heap. */
3515 static void CCdestroy(context_type *context)
3516 {
3517 struct CCpool *this = context->CCroot;
3518 while (this) {
3519 struct CCpool *next = this->next;
3520 free(this);
3521 this = next;
3522 }
3523 /* These two aren't necessary. But can't hurt either */
3524 context->CCroot = context->CCcurrent = NULL;
3525 context->CCfree_ptr = 0;
3526 }
3527
3528 /* Allocate an object of the given size from the context's heap. */
3529 static void *
3530 CCalloc(context_type *context, int size, jboolean zero)
3531 {
3532
3533 register char *p;
3534 /* Round CC to the size of a pointer */
3535 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3536
3537 if (context->CCfree_size < size) {
3538 struct CCpool *current = context->CCcurrent;
3539 struct CCpool *new;
3540 if (size > CCSegSize) { /* we need to allocate a special block */
3541 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3542 (size - CCSegSize));
3543 if (new == 0) {
3544 CCout_of_memory(context);
3545 }
3546 new->next = current->next;
3547 new->segSize = size;
3548 current->next = new;
3549 } else {
3550 new = current->next;
3551 if (new == NULL) {
3552 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3553 if (new == 0) {
3554 CCout_of_memory(context);
3555 }
3556 current->next = new;
3557 new->next = NULL;
3558 new->segSize = CCSegSize;
3559 }
3560 }
3561 context->CCcurrent = new;
3562 context->CCfree_ptr = &new->space[0];
3563 context->CCfree_size = new->segSize;
3564 }
3565 p = context->CCfree_ptr;
3566 context->CCfree_ptr += size;
3567 context->CCfree_size -= size;
3568 if (zero)
3569 memset(p, 0, size);
3570 return p;
3571 }
3572
3573 /* Get the class associated with a particular field or method or class in the
3574 * constant pool. If is_field is true, we've got a field or method. If
3575 * false, we've got a class.
3576 */
3577 static fullinfo_type
3578 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3579 {
3580 JNIEnv *env = context->env;
3581 fullinfo_type result;
3582 const char *classname;
3583 switch (kind) {
3584 case JVM_CONSTANT_Class:
3585 classname = JVM_GetCPClassNameUTF(env,
3586 context->class,
3587 cp_index);
3588 break;
3589 case JVM_CONSTANT_Methodref:
3590 classname = JVM_GetCPMethodClassNameUTF(env,
3591 context->class,
3592 cp_index);
3593 break;
3594 case JVM_CONSTANT_Fieldref:
3595 classname = JVM_GetCPFieldClassNameUTF(env,
3596 context->class,
3597 cp_index);
3598 break;
3599 default:
3600 classname = NULL;
3601 CCerror(context, "Internal error #5");
3602 }
3603
3604 check_and_push(context, classname, VM_STRING_UTF);
3605 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3606 /* This make recursively call us, in case of a class array */
3607 signature_to_fieldtype(context, &classname, &result);
3608 } else {
3609 result = make_class_info_from_name(context, classname);
3610 }
3611 pop_and_free(context);
3612 return result;
3613 }
3614
3615
3616 static int
3617 print_CCerror_info(context_type *context)
3618 {
3619 JNIEnv *env = context->env;
3620 jclass cb = context->class;
3621 const char *classname = JVM_GetClassNameUTF(env, cb);
3622 const char *name = 0;
3623 const char *signature = 0;
3624 int n = 0;
3625 if (context->method_index != -1) {
3626 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3627 signature =
3628 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3629 n += jio_snprintf(context->message, context->message_buf_len,
3630 "(class: %s, method: %s signature: %s) ",
3631 (classname ? classname : ""),
3632 (name ? name : ""),
3633 (signature ? signature : ""));
3634 } else if (context->field_index != -1 ) {
3635 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3636 n += jio_snprintf(context->message, context->message_buf_len,
3637 "(class: %s, field: %s) ",
3638 (classname ? classname : 0),
3639 (name ? name : 0));
3640 } else {
3641 n += jio_snprintf(context->message, context->message_buf_len,
3642 "(class: %s) ", classname ? classname : "");
3643 }
3644 JVM_ReleaseUTF(classname);
3645 JVM_ReleaseUTF(name);
3646 JVM_ReleaseUTF(signature);
3647 return n;
3648 }
3649
3650 static void
3651 CCerror (context_type *context, char *format, ...)
3652 {
3653 int n = print_CCerror_info(context);
3654 va_list args;
3655 if (n >= 0 && n < context->message_buf_len) {
3656 va_start(args, format);
3657 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3658 format, args);
3659 va_end(args);
3660 }
3661 context->err_code = CC_VerifyError;
3662 longjmp(context->jump_buffer, 1);
3663 }
3664
3665 static void
3666 CCout_of_memory(context_type *context)
3667 {
3668 int n = print_CCerror_info(context);
3669 context->err_code = CC_OutOfMemory;
3670 longjmp(context->jump_buffer, 1);
3671 }
3672
3673 static void
3674 CFerror(context_type *context, char *format, ...)
3675 {
3676 int n = print_CCerror_info(context);
3677 va_list args;
3678 if (n >= 0 && n < context->message_buf_len) {
3679 va_start(args, format);
3680 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3681 format, args);
3682 va_end(args);
3683 }
3684 context->err_code = CC_ClassFormatError;
3685 longjmp(context->jump_buffer, 1);
3686 }
3687
3688 static char
3689 signature_to_fieldtype(context_type *context,
3690 const char **signature_p, fullinfo_type *full_info_p)
3691 {
3692 const char *p = *signature_p;
3693 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3694 char result;
3695 int array_depth = 0;
3696
3697 for (;;) {
3698 switch(*p++) {
3699 default:
3700 result = 0;
3701 break;
3702
3703 case JVM_SIGNATURE_BOOLEAN: case JVM_SIGNATURE_BYTE:
3704 full_info = (array_depth > 0)
3705 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3706 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3707 result = 'I';
3708 break;
3709
3710 case JVM_SIGNATURE_CHAR:
3711 full_info = (array_depth > 0)
3712 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3713 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3714 result = 'I';
3715 break;
3716
3717 case JVM_SIGNATURE_SHORT:
3718 full_info = (array_depth > 0)
3719 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3720 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3721 result = 'I';
3722 break;
3723
3724 case JVM_SIGNATURE_INT:
3725 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3726 result = 'I';
3727 break;
3728
3729 case JVM_SIGNATURE_FLOAT:
3730 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3731 result = 'F';
3732 break;
3733
3734 case JVM_SIGNATURE_DOUBLE:
3735 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3736 result = 'D';
3737 break;
3738
3739 case JVM_SIGNATURE_LONG:
3740 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3741 result = 'L';
3742 break;
3743
3744 case JVM_SIGNATURE_ARRAY:
3745 array_depth++;
3746 continue; /* only time we ever do the loop > 1 */
3747
3748 case JVM_SIGNATURE_CLASS: {
3749 char buffer_space[256];
3750 char *buffer = buffer_space;
3751 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3752 int length;
3753 if (finish == NULL) {
3754 /* Signature must have ';' after the class name.
3755 * If it does not, return 0 and ITEM_Bogus in full_info. */
3756 result = 0;
3757 break;
3758 }
3759 length = finish - p;
3760 if (length + 1 > (int)sizeof(buffer_space)) {
3761 buffer = malloc(length + 1);
3762 check_and_push(context, buffer, VM_MALLOC_BLK);
3763 }
3764 memcpy(buffer, p, length);
3765 buffer[length] = '\0';
3766 full_info = make_class_info_from_name(context, buffer);
3767 result = 'A';
3768 p = finish + 1;
3769 if (buffer != buffer_space)
3770 pop_and_free(context);
3771 break;
3772 }
3773 } /* end of switch */
3774 break;
3775 }
3776 *signature_p = p;
3777 if (array_depth == 0 || result == 0) {
3778 /* either not an array, or result is bogus */
3779 *full_info_p = full_info;
3780 return result;
3781 } else {
3782 if (array_depth > MAX_ARRAY_DIMENSIONS)
3783 CCerror(context, "Array with too many dimensions");
3784 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3785 array_depth,
3786 GET_EXTRA_INFO(full_info));
3787 return 'A';
3788 }
3789 }
3790
3791
3792 /* Given an array type, create the type that has one less level of
3793 * indirection.
3794 */
3795
3796 static fullinfo_type
3797 decrement_indirection(fullinfo_type array_info)
3798 {
3799 if (array_info == NULL_FULLINFO) {
3800 return NULL_FULLINFO;
3801 } else {
3802 int type = GET_ITEM_TYPE(array_info);
3803 int indirection = GET_INDIRECTION(array_info) - 1;
3804 int extra_info = GET_EXTRA_INFO(array_info);
3805 if ( (indirection == 0)
3806 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Char)))
3807 type = ITEM_Integer;
3808 return MAKE_FULLINFO(type, indirection, extra_info);
3809 }
3810 }
3811
3812
3813 /* See if we can assign an object of the "from" type to an object
3814 * of the "to" type.
3815 */
3816
3817 static jboolean isAssignableTo(context_type *context,
3818 fullinfo_type from, fullinfo_type to)
3819 {
3820 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3821 }
3822
3823 /* Given two fullinfo_type's, find their lowest common denominator. If
3824 * the assignable_p argument is non-null, we're really just calling to find
3825 * out if "<target> := <value>" is a legitimate assignment.
3826 *
3827 * We treat all interfaces as if they were of type java/lang/Object, since the
3828 * runtime will do the full checking.
3829 */
3830 static fullinfo_type
3831 merge_fullinfo_types(context_type *context,
3832 fullinfo_type value, fullinfo_type target,
3833 jboolean for_assignment)
3834 {
3835 JNIEnv *env = context->env;
3836 if (value == target) {
3837 /* If they're identical, clearly just return what we've got */
3838 return value;
3839 }
3840
3841 /* Both must be either arrays or objects to go further */
3842 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3843 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3844 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3845 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3846
3847 /* If either is NULL, return the other. */
3848 if (value == NULL_FULLINFO)
3849 return target;
3850 else if (target == NULL_FULLINFO)
3851 return value;
3852
3853 /* If either is java/lang/Object, that's the result. */
3854 if (target == context->object_info)
3855 return target;
3856 else if (value == context->object_info) {
3857 /* Minor hack. For assignments, Interface := Object, return Interface
3858 * rather than Object, so that isAssignableTo() will get the right
3859 * result. */
3860 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3861 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3862 jclass cb = object_fullinfo_to_classclass(context,
3863 target);
3864 int is_interface = cb && JVM_IsInterface(env, cb);
3865 if (is_interface)
3866 return target;
3867 }
3868 return value;
3869 }
3870 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3871 /* At least one is an array. Neither is java/lang/Object or NULL.
3872 * Moreover, the types are not identical.
3873 * The result must either be Object, or an array of some object type.
3874 */
3875 fullinfo_type value_base, target_base;
3876 int dimen_value = GET_INDIRECTION(value);
3877 int dimen_target = GET_INDIRECTION(target);
3878
3879 if (target == context->cloneable_info ||
3880 target == context->serializable_info) {
3881 return target;
3882 }
3883
3884 if (value == context->cloneable_info ||
3885 value == context->serializable_info) {
3886 return value;
3887 }
3888
3889 /* First, if either item's base type isn't ITEM_Object, promote it up
3890 * to an object or array of object. If either is elemental, we can
3891 * punt.
3892 */
3893 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3894 if (dimen_value == 0)
3895 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3896 dimen_value--;
3897 value = MAKE_Object_ARRAY(dimen_value);
3898
3899 }
3900 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3901 if (dimen_target == 0)
3902 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3903 dimen_target--;
3904 target = MAKE_Object_ARRAY(dimen_target);
3905 }
3906 /* Both are now objects or arrays of some sort of object type */
3907 value_base = WITH_ZERO_INDIRECTION(value);
3908 target_base = WITH_ZERO_INDIRECTION(target);
3909 if (dimen_value == dimen_target) {
3910 /* Arrays of the same dimension. Merge their base types. */
3911 fullinfo_type result_base =
3912 merge_fullinfo_types(context, value_base, target_base,
3913 for_assignment);
3914 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3915 /* bogus in, bogus out */
3916 return result_base;
3917 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3918 GET_EXTRA_INFO(result_base));
3919 } else {
3920 /* Arrays of different sizes. If the smaller dimension array's base
3921 * type is java/lang/Cloneable or java/io/Serializable, return it.
3922 * Otherwise return java/lang/Object with a dimension of the smaller
3923 * of the two */
3924 if (dimen_value < dimen_target) {
3925 if (value_base == context->cloneable_info ||
3926 value_base == context ->serializable_info) {
3927 return value;
3928 }
3929 return MAKE_Object_ARRAY(dimen_value);
3930 } else {
3931 if (target_base == context->cloneable_info ||
3932 target_base == context->serializable_info) {
3933 return target;
3934 }
3935 return MAKE_Object_ARRAY(dimen_target);
3936 }
3937 }
3938 } else {
3939 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3940 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3941 fullinfo_type result_info;
3942
3943 /* Let's get the classes corresponding to each of these. Treat
3944 * interfaces as if they were java/lang/Object. See hack note above. */
3945 cb_target = object_fullinfo_to_classclass(context, target);
3946 if (cb_target == 0)
3947 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3948 if (JVM_IsInterface(env, cb_target))
3949 return for_assignment ? target : context->object_info;
3950 cb_value = object_fullinfo_to_classclass(context, value);
3951 if (cb_value == 0)
3952 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3953 if (JVM_IsInterface(env, cb_value))
3954 return context->object_info;
3955
3956 /* If this is for assignment of target := value, we just need to see if
3957 * cb_target is a superclass of cb_value. Save ourselves a lot of
3958 * work.
3959 */
3960 if (for_assignment) {
3961 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3962 while (cb_super_value != 0) {
3963 jclass tmp_cb;
3964 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3965 (*env)->DeleteLocalRef(env, cb_super_value);
3966 return target;
3967 }
3968 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3969 (*env)->DeleteLocalRef(env, cb_super_value);
3970 cb_super_value = tmp_cb;
3971 }
3972 (*env)->DeleteLocalRef(env, cb_super_value);
3973 return context->object_info;
3974 }
3975
3976 /* Find out whether cb_value or cb_target is deeper in the class
3977 * tree by moving both toward the root, and seeing who gets there
3978 * first. */
3979 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3980 cb_super_target = (*env)->GetSuperclass(env, cb_target);
3981 while((cb_super_value != 0) &&
3982 (cb_super_target != 0)) {
3983 jclass tmp_cb;
3984 /* Optimization. If either hits the other when going up looking
3985 * for a parent, then might as well return the parent immediately */
3986 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3987 (*env)->DeleteLocalRef(env, cb_super_value);
3988 (*env)->DeleteLocalRef(env, cb_super_target);
3989 return target;
3990 }
3991 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
3992 (*env)->DeleteLocalRef(env, cb_super_value);
3993 (*env)->DeleteLocalRef(env, cb_super_target);
3994 return value;
3995 }
3996 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3997 (*env)->DeleteLocalRef(env, cb_super_value);
3998 cb_super_value = tmp_cb;
3999
4000 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4001 (*env)->DeleteLocalRef(env, cb_super_target);
4002 cb_super_target = tmp_cb;
4003 }
4004 cb_value = (*env)->NewLocalRef(env, cb_value);
4005 cb_target = (*env)->NewLocalRef(env, cb_target);
4006 /* At most one of the following two while clauses will be executed.
4007 * Bring the deeper of cb_target and cb_value to the depth of the
4008 * shallower one.
4009 */
4010 while (cb_super_value != 0) {
4011 /* cb_value is deeper */
4012 jclass cb_tmp;
4013
4014 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4015 (*env)->DeleteLocalRef(env, cb_super_value);
4016 cb_super_value = cb_tmp;
4017
4018 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4019 (*env)->DeleteLocalRef(env, cb_value);
4020 cb_value = cb_tmp;
4021 }
4022 while (cb_super_target != 0) {
4023 /* cb_target is deeper */
4024 jclass cb_tmp;
4025
4026 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4027 (*env)->DeleteLocalRef(env, cb_super_target);
4028 cb_super_target = cb_tmp;
4029
4030 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4031 (*env)->DeleteLocalRef(env, cb_target);
4032 cb_target = cb_tmp;
4033 }
4034
4035 /* Walk both up, maintaining equal depth, until a join is found. We
4036 * know that we will find one. */
4037 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4038 jclass cb_tmp;
4039 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4040 (*env)->DeleteLocalRef(env, cb_value);
4041 cb_value = cb_tmp;
4042 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4043 (*env)->DeleteLocalRef(env, cb_target);
4044 cb_target = cb_tmp;
4045 }
4046 result_info = make_class_info(context, cb_value);
4047 (*env)->DeleteLocalRef(env, cb_value);
4048 (*env)->DeleteLocalRef(env, cb_super_value);
4049 (*env)->DeleteLocalRef(env, cb_target);
4050 (*env)->DeleteLocalRef(env, cb_super_target);
4051 return result_info;
4052 } /* both items are classes */
4053 }
4054
4055
4056 /* Given a fullinfo_type corresponding to an Object, return the jclass
4057 * of that type.
4058 *
4059 * This function always returns a global reference!
4060 */
4061
4062 static jclass
4063 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4064 {
4065 unsigned short info = GET_EXTRA_INFO(classinfo);
4066 return ID_to_class(context, info);
4067 }
4068
4069 static void free_block(void *ptr, int kind)
4070 {
4071 switch (kind) {
4072 case VM_STRING_UTF:
4073 JVM_ReleaseUTF(ptr);
4074 break;
4075 case VM_MALLOC_BLK:
4076 free(ptr);
4077 break;
4078 }
4079 }
4080
4081 static void check_and_push(context_type *context, const void *ptr, int kind)
4082 {
4083 alloc_stack_type *p;
4084 if (ptr == 0)
4085 CCout_of_memory(context);
4086 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4087 p = &(context->alloc_stack[context->alloc_stack_top++]);
4088 else {
4089 /* Otherwise we have to malloc */
4090 p = malloc(sizeof(alloc_stack_type));
4091 if (p == 0) {
4092 /* Make sure we clean up. */
4093 free_block((void *)ptr, kind);
4094 CCout_of_memory(context);
4095 }
4096 }
4097 p->kind = kind;
4098 p->ptr = (void *)ptr;
4099 p->next = context->allocated_memory;
4100 context->allocated_memory = p;
4101 }
4102
4103 static void pop_and_free(context_type *context)
4104 {
4105 alloc_stack_type *p = context->allocated_memory;
4106 context->allocated_memory = p->next;
4107 free_block(p->ptr, p->kind);
4108 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4109 p >= context->alloc_stack)
4110 context->alloc_stack_top--;
4111 else
4112 free(p);
4113 }
4114
4115 static int signature_to_args_size(const char *method_signature)
4116 {
4117 const char *p;
4118 int args_size = 0;
4119 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4120 switch (*p) {
4121 case JVM_SIGNATURE_BOOLEAN:
4122 case JVM_SIGNATURE_BYTE:
4123 case JVM_SIGNATURE_CHAR:
4124 case JVM_SIGNATURE_SHORT:
4125 case JVM_SIGNATURE_INT:
4126 case JVM_SIGNATURE_FLOAT:
4127 args_size += 1;
4128 break;
4129 case JVM_SIGNATURE_CLASS:
4130 args_size += 1;
4131 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4132 break;
4133 case JVM_SIGNATURE_ARRAY:
4134 args_size += 1;
4135 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4136 /* If an array of classes, skip over class name, too. */
4137 if (*p == JVM_SIGNATURE_CLASS) {
4138 while (*p != JVM_SIGNATURE_ENDCLASS)
4139 p++;
4140 }
4141 break;
4142 case JVM_SIGNATURE_DOUBLE:
4143 case JVM_SIGNATURE_LONG:
4144 args_size += 2;
4145 break;
4146 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4147 break;
4148 default:
4149 /* Indicate an error. */
4150 return 0;
4151 }
4152 }
4153 return args_size;
4154 }
4155
4156 #ifdef DEBUG
4157
4158 /* Below are for debugging. */
4159
4160 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4161
4162 static void
4163 print_stack(context_type *context, stack_info_type *stack_info)
4164 {
4165 stack_item_type *stack = stack_info->stack;
4166 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4167 jio_fprintf(stdout, "x");
4168 } else {
4169 jio_fprintf(stdout, "(");
4170 for ( ; stack != 0; stack = stack->next)
4171 print_fullinfo_type(context, stack->item,
4172 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4173 jio_fprintf(stdout, ")");
4174 }
4175 }
4176
4177 static void
4178 print_registers(context_type *context, register_info_type *register_info)
4179 {
4180 int register_count = register_info->register_count;
4181 if (register_count == UNKNOWN_REGISTER_COUNT) {
4182 jio_fprintf(stdout, "x");
4183 } else {
4184 fullinfo_type *registers = register_info->registers;
4185 int mask_count = register_info->mask_count;
4186 mask_type *masks = register_info->masks;
4187 int i, j;
4188
4189 jio_fprintf(stdout, "{");
4190 for (i = 0; i < register_count; i++)
4191 print_fullinfo_type(context, registers[i],
4192 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4193 jio_fprintf(stdout, "}");
4194 for (i = 0; i < mask_count; i++) {
4195 char *separator = "";
4196 int *modifies = masks[i].modifies;
4197 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4198 for (j = 0;
4199 j < JVM_GetMethodIxLocalsCount(context->env,
4200 context->class,
4201 context->method_index);
4202 j++)
4203 if (IS_BIT_SET(modifies, j)) {
4204 jio_fprintf(stdout, "%s%d", separator, j);
4205 separator = ",";
4206 }
4207 jio_fprintf(stdout, ">");
4208 }
4209 }
4210 }
4211
4212
4213 static void
4214 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4215 {
4216 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4217 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4218 }
4219 }
4220
4221 static void
4222 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4223 {
4224 int i;
4225 int indirection = GET_INDIRECTION(type);
4226 for (i = indirection; i-- > 0; )
4227 jio_fprintf(stdout, "[");
4228 switch (GET_ITEM_TYPE(type)) {
4229 case ITEM_Integer:
4230 jio_fprintf(stdout, "I"); break;
4231 case ITEM_Float:
4232 jio_fprintf(stdout, "F"); break;
4233 case ITEM_Double:
4234 jio_fprintf(stdout, "D"); break;
4235 case ITEM_Double_2:
4236 jio_fprintf(stdout, "d"); break;
4237 case ITEM_Long:
4238 jio_fprintf(stdout, "L"); break;
4239 case ITEM_Long_2:
4240 jio_fprintf(stdout, "l"); break;
4241 case ITEM_ReturnAddress:
4242 jio_fprintf(stdout, "a"); break;
4243 case ITEM_Object:
4244 if (!verbose) {
4245 jio_fprintf(stdout, "A");
4246 } else {
4247 unsigned short extra = GET_EXTRA_INFO(type);
4248 if (extra == 0) {
4249 jio_fprintf(stdout, "/Null/");
4250 } else {
4251 const char *name = ID_to_class_name(context, extra);
4252 const char *name2 = strrchr(name, '/');
4253 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4254 }
4255 }
4256 break;
4257 case ITEM_Char:
4258 jio_fprintf(stdout, "C"); break;
4259 case ITEM_Short:
4260 jio_fprintf(stdout, "S"); break;
4261 case ITEM_Byte:
4262 jio_fprintf(stdout, "B"); break;
4263 case ITEM_NewObject:
4264 if (!verbose) {
4265 jio_fprintf(stdout, "@");
4266 } else {
4267 int inum = GET_EXTRA_INFO(type);
4268 fullinfo_type real_type =
4269 context->instruction_data[inum].operand2.fi;
4270 jio_fprintf(stdout, ">");
4271 print_fullinfo_type(context, real_type, JNI_TRUE);
4272 jio_fprintf(stdout, "<");
4273 }
4274 break;
4275 case ITEM_InitObject:
4276 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4277 break;
4278
4279 default:
4280 jio_fprintf(stdout, "?"); break;
4281 }
4282 for (i = indirection; i-- > 0; )
4283 jio_fprintf(stdout, "]");
4284 }
4285
4286
4287 static void
4288 print_formatted_fieldname(context_type *context, int index)
4289 {
4290 JNIEnv *env = context->env;
4291 jclass cb = context->class;
4292 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4293 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4294 jio_fprintf(stdout, " <%s.%s>",
4295 classname ? classname : "", fieldname ? fieldname : "");
4296 JVM_ReleaseUTF(classname);
4297 JVM_ReleaseUTF(fieldname);
4298 }
4299
4300 static void
4301 print_formatted_methodname(context_type *context, int index)
4302 {
4303 JNIEnv *env = context->env;
4304 jclass cb = context->class;
4305 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4306 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4307 jio_fprintf(stdout, " <%s.%s>",
4308 classname ? classname : "", methodname ? methodname : "");
4309 JVM_ReleaseUTF(classname);
4310 JVM_ReleaseUTF(methodname);
4311 }
4312
4313 #endif /*DEBUG*/