1 /*
2 * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
94 * but the code here does not handles it. So we wrap the methods and return non-NULL
95 * pointers even if we allocate 0 bytes.
96 */
97 #ifdef _AIX
98 static int aix_dummy;
99 static void* aix_malloc(size_t len) {
100 if (len == 0) {
101 return &aix_dummy;
102 }
103 return malloc(len);
104 }
105
106 static void* aix_calloc(size_t n, size_t size) {
107 if (n == 0) {
108 return &aix_dummy;
109 }
110 return calloc(n, size);
111 }
112
113 static void aix_free(void* p) {
114 if (p == &aix_dummy) {
115 return;
116 }
117 free(p);
118 }
119
120 #undef malloc
121 #undef calloc
122 #undef free
123 #define malloc aix_malloc
124 #define calloc aix_calloc
125 #define free aix_free
126 #endif
127
128 #ifdef __APPLE__
129 /* use setjmp/longjmp versions that do not save/restore the signal mask */
130 #define setjmp _setjmp
131 #define longjmp _longjmp
132 #endif
133
134 #define MAX_ARRAY_DIMENSIONS 255
135 /* align byte code */
136 #ifndef ALIGN_UP
137 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
138 #endif /* ALIGN_UP */
139 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
140
141 #ifdef DEBUG
142
143 int verify_verbose = 0;
144 static struct context_type *GlobalContext;
145 #endif
146
147 enum {
148 ITEM_Bogus,
149 ITEM_Void, /* only as a function return value */
150 ITEM_Integer,
151 ITEM_Float,
152 ITEM_Double,
153 ITEM_Double_2, /* 2nd word of double in register */
154 ITEM_Long,
155 ITEM_Long_2, /* 2nd word of long in register */
156 ITEM_Array,
157 ITEM_Object, /* Extra info field gives name. */
158 ITEM_NewObject, /* Like object, but uninitialized. */
159 ITEM_InitObject, /* "this" is init method, before call
160 to super() */
161 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
162 /* The following four are only used within array types.
163 * Normally, we use ITEM_Integer, instead. */
164 ITEM_Byte,
165 ITEM_Short,
166 ITEM_Char,
167 ITEM_Boolean
168 };
169
170
171 #define UNKNOWN_STACK_SIZE -1
172 #define UNKNOWN_REGISTER_COUNT -1
173 #define UNKNOWN_RET_INSTRUCTION -1
174
175 #undef MAX
176 #undef MIN
177 #define MAX(a, b) ((a) > (b) ? (a) : (b))
178 #define MIN(a, b) ((a) < (b) ? (a) : (b))
179
180 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
181 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
182 ((unsigned)1 << ((i) % BITS_PER_INT)))
183 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
184 ((unsigned)1 << ((i) % BITS_PER_INT)))
185
186 typedef unsigned int fullinfo_type;
187 typedef unsigned int *bitvector;
188
189 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
190 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
191 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
192 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
193 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
194
195 #define MAKE_FULLINFO(type, indirect, extra) \
196 ((type) + ((indirect) << 5) + ((extra) << 16))
197
198 #define MAKE_Object_ARRAY(indirect) \
199 (context->object_info + ((indirect) << 5))
200
201 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
202
203 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
204 #define JVM_OPC_invokeinit 0x100
205
206 /* A hash mechanism used by the verifier.
207 * Maps class names to unique 16 bit integers.
208 */
209
210 #define HASH_TABLE_SIZE 503
211
212 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
213 * row (256 buckets) at a time to minimize fragmentation. Rows are
214 * allocated on demand so that we don't waste too much space.
215 */
216
217 #define MAX_HASH_ENTRIES 65536
218 #define HASH_ROW_SIZE 256
219
220 typedef struct hash_bucket_type {
221 char *name;
222 unsigned int hash;
223 jclass class;
224 unsigned short ID;
225 unsigned short next;
226 unsigned loadable:1; /* from context->class loader */
227 } hash_bucket_type;
228
229 typedef struct {
230 hash_bucket_type **buckets;
231 unsigned short *table;
232 int entries_used;
233 } hash_table_type;
234
235 #define GET_BUCKET(class_hash, ID)\
236 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
237
238 /*
239 * There are currently two types of resources that we need to keep
240 * track of (in addition to the CCalloc pool).
241 */
242 enum {
243 VM_STRING_UTF, /* VM-allocated UTF strings */
244 VM_MALLOC_BLK /* malloc'ed blocks */
245 };
246
247 #define LDC_CLASS_MAJOR_VERSION 49
248
249 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
250
251 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
252
253 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
254
255 #define ALLOC_STACK_SIZE 16 /* big enough */
256
257 typedef struct alloc_stack_type {
258 void *ptr;
259 int kind;
260 struct alloc_stack_type *next;
261 } alloc_stack_type;
262
263 /* The context type encapsulates the current invocation of the byte
264 * code verifier.
265 */
266 struct context_type {
267
268 JNIEnv *env; /* current JNIEnv */
269
270 /* buffers etc. */
271 char *message;
272 jint message_buf_len;
273 jboolean err_code;
274
275 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
276 had a chance to free */
277 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
278 blocks here, to save mallocs. */
279 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
280 int alloc_stack_top;
281
282 /* these fields are per class */
283 jclass class; /* current class */
284 jint major_version;
285 jint nconstants;
286 unsigned char *constant_types;
287 hash_table_type class_hash;
288
289 fullinfo_type object_info; /* fullinfo for java/lang/Object */
290 fullinfo_type string_info; /* fullinfo for java/lang/String */
291 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
292 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
293 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
294
295 fullinfo_type currentclass_info; /* fullinfo for context->class */
296 fullinfo_type superclass_info; /* fullinfo for superclass */
297
298 /* these fields are per method */
299 int method_index; /* current method */
300 unsigned short *exceptions; /* exceptions */
301 unsigned char *code; /* current code object */
302 jint code_length;
303 int *code_data; /* offset to instruction number */
304 struct instruction_data_type *instruction_data; /* info about each */
305 struct handler_info_type *handler_info;
306 fullinfo_type *superclasses; /* null terminated superclasses */
307 int instruction_count; /* number of instructions */
308 fullinfo_type return_type; /* function return type */
309 fullinfo_type swap_table[4]; /* used for passing information */
310 int bitmask_size; /* words needed to hold bitmap of arguments */
311
312 /* these fields are per field */
313 int field_index;
314
315 /* Used by the space allocator */
316 struct CCpool *CCroot, *CCcurrent;
317 char *CCfree_ptr;
318 int CCfree_size;
319
320 /* Jump here on any error. */
321 jmp_buf jump_buffer;
322
323 #ifdef DEBUG
324 /* keep track of how many global refs are allocated. */
325 int n_globalrefs;
326 #endif
327 };
328
329 struct stack_info_type {
330 struct stack_item_type *stack;
331 int stack_size;
332 };
333
334 struct register_info_type {
335 int register_count; /* number of registers used */
336 fullinfo_type *registers;
337 int mask_count; /* number of masks in the following */
338 struct mask_type *masks;
339 };
340
341 struct mask_type {
342 int entry;
343 int *modifies;
344 };
345
346 typedef unsigned short flag_type;
347
348 struct instruction_data_type {
349 int opcode; /* may turn into "canonical" opcode */
350 unsigned changed:1; /* has it changed */
351 unsigned protected:1; /* must accessor be a subclass of "this" */
352 union {
353 int i; /* operand to the opcode */
354 int *ip;
355 fullinfo_type fi;
356 } operand, operand2;
357 fullinfo_type p;
358 struct stack_info_type stack_info;
359 struct register_info_type register_info;
360 #define FLAG_REACHED 0x01 /* instruction reached */
361 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
362 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
363 flag_type or_flags; /* true for at least one path to this inst */
364 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
365 flag_type and_flags; /* true for all paths to this instruction */
366 };
367
368 struct handler_info_type {
369 int start, end, handler;
370 struct stack_info_type stack_info;
371 };
372
373 struct stack_item_type {
374 fullinfo_type item;
375 struct stack_item_type *next;
376 };
377
378 typedef struct context_type context_type;
379 typedef struct instruction_data_type instruction_data_type;
380 typedef struct stack_item_type stack_item_type;
381 typedef struct register_info_type register_info_type;
382 typedef struct stack_info_type stack_info_type;
383 typedef struct mask_type mask_type;
384
385 static void read_all_code(context_type *context, jclass cb, int num_methods,
386 int** code_lengths, unsigned char*** code);
387 static void verify_method(context_type *context, jclass cb, int index,
388 int code_length, unsigned char* code);
389 static void free_all_code(context_type* context, int num_methods,
390 unsigned char** code);
391 static void verify_field(context_type *context, jclass cb, int index);
392
393 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
394 static void set_protected(context_type *, unsigned int inumber, int key, int);
395 static jboolean is_superclass(context_type *, fullinfo_type);
396
397 static void initialize_exception_table(context_type *);
398 static int instruction_length(unsigned char *iptr, unsigned char *end);
399 static jboolean isLegalTarget(context_type *, int offset);
400 static void verify_constant_pool_type(context_type *, int, unsigned);
401
402 static void initialize_dataflow(context_type *);
403 static void run_dataflow(context_type *context);
404 static void check_register_values(context_type *context, unsigned int inumber);
405 static void check_flags(context_type *context, unsigned int inumber);
406 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
407 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
408 static void update_flags(context_type *, unsigned int inumber,
409 flag_type *new_and_flags, flag_type *new_or_flags);
410 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
411
412 static void merge_into_successors(context_type *, unsigned int inumber,
413 register_info_type *register_info,
414 stack_info_type *stack_info,
415 flag_type and_flags, flag_type or_flags);
416 static void merge_into_one_successor(context_type *context,
417 unsigned int from_inumber,
418 unsigned int inumber,
419 register_info_type *register_info,
420 stack_info_type *stack_info,
421 flag_type and_flags, flag_type or_flags,
422 jboolean isException);
423 static void merge_stack(context_type *, unsigned int inumber,
424 unsigned int to_inumber, stack_info_type *);
425 static void merge_registers(context_type *, unsigned int inumber,
426 unsigned int to_inumber,
427 register_info_type *);
428 static void merge_flags(context_type *context, unsigned int from_inumber,
429 unsigned int to_inumber,
430 flag_type new_and_flags, flag_type new_or_flags);
431
432 static stack_item_type *copy_stack(context_type *, stack_item_type *);
433 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
434 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
435
436 static fullinfo_type decrement_indirection(fullinfo_type);
437
438 static fullinfo_type merge_fullinfo_types(context_type *context,
439 fullinfo_type a,
440 fullinfo_type b,
441 jboolean assignment);
442 static jboolean isAssignableTo(context_type *,
443 fullinfo_type a,
444 fullinfo_type b);
445
446 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
447
448
449 #define NEW(type, count) \
450 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
451 #define ZNEW(type, count) \
452 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
453
454 static void CCinit(context_type *context);
455 static void CCreinit(context_type *context);
456 static void CCdestroy(context_type *context);
457 static void *CCalloc(context_type *context, int size, jboolean zero);
458
459 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
460
461 static char signature_to_fieldtype(context_type *context,
462 const char **signature_p, fullinfo_type *info);
463
464 static void CCerror (context_type *, char *format, ...);
465 static void CFerror (context_type *, char *format, ...);
466 static void CCout_of_memory (context_type *);
467
468 /* Because we can longjmp any time, we need to be very careful about
469 * remembering what needs to be freed. */
470
471 static void check_and_push(context_type *context, const void *ptr, int kind);
472 static void pop_and_free(context_type *context);
473
474 static int signature_to_args_size(const char *method_signature);
475
476 #ifdef DEBUG
477 static void print_stack (context_type *, stack_info_type *stack_info);
478 static void print_registers(context_type *, register_info_type *register_info);
479 static void print_flags(context_type *, flag_type, flag_type);
480 static void print_formatted_fieldname(context_type *context, int index);
481 static void print_formatted_methodname(context_type *context, int index);
482 #endif
483
484 void initialize_class_hash(context_type *context)
485 {
486 hash_table_type *class_hash = &(context->class_hash);
487 class_hash->buckets = (hash_bucket_type **)
488 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
489 class_hash->table = (unsigned short *)
490 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
491 if (class_hash->buckets == 0 ||
492 class_hash->table == 0)
493 CCout_of_memory(context);
494 class_hash->entries_used = 0;
495 }
496
497 static void finalize_class_hash(context_type *context)
498 {
499 hash_table_type *class_hash = &(context->class_hash);
500 JNIEnv *env = context->env;
501 int i;
502 /* 4296677: bucket index starts from 1. */
503 for (i=1;i<=class_hash->entries_used;i++) {
504 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
505 assert(bucket != NULL);
506 free(bucket->name);
507 if (bucket->class) {
508 (*env)->DeleteGlobalRef(env, bucket->class);
509 #ifdef DEBUG
510 context->n_globalrefs--;
511 #endif
512 }
513 }
514 if (class_hash->buckets) {
515 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
516 if (class_hash->buckets[i] == 0)
517 break;
518 free(class_hash->buckets[i]);
519 }
520 }
521 free(class_hash->buckets);
522 free(class_hash->table);
523 }
524
525 static hash_bucket_type *
526 new_bucket(context_type *context, unsigned short *pID)
527 {
528 hash_table_type *class_hash = &(context->class_hash);
529 int i = *pID = class_hash->entries_used + 1;
530 int row = i / HASH_ROW_SIZE;
531 if (i >= MAX_HASH_ENTRIES)
532 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
533 if (class_hash->buckets[row] == 0) {
534 class_hash->buckets[row] = (hash_bucket_type*)
535 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
536 if (class_hash->buckets[row] == 0)
537 CCout_of_memory(context);
538 }
539 class_hash->entries_used++; /* only increment when we are sure there
540 is no overflow. */
541 return GET_BUCKET(class_hash, i);
542 }
543
544 static unsigned int
545 class_hash_fun(const char *s)
546 {
547 int i;
548 unsigned raw_hash;
549 for (raw_hash = 0; (i = *s) != '\0'; ++s)
550 raw_hash = raw_hash * 37 + i;
551 return raw_hash;
552 }
553
554 /*
555 * Find a class using the defining loader of the current class
556 * and return a local reference to it.
557 */
558 static jclass load_class_local(context_type *context,const char *classname)
559 {
560 jclass cb = JVM_FindClassFromClass(context->env, classname,
561 JNI_FALSE, context->class);
562 if (cb == 0)
563 CCerror(context, "Cannot find class %s", classname);
564 return cb;
565 }
566
567 /*
568 * Find a class using the defining loader of the current class
569 * and return a global reference to it.
570 */
571 static jclass load_class_global(context_type *context, const char *classname)
572 {
573 JNIEnv *env = context->env;
574 jclass local, global;
575
576 local = load_class_local(context, classname);
577 global = (*env)->NewGlobalRef(env, local);
578 if (global == 0)
579 CCout_of_memory(context);
580 #ifdef DEBUG
581 context->n_globalrefs++;
582 #endif
583 (*env)->DeleteLocalRef(env, local);
584 return global;
585 }
586
587 /*
588 * Return a unique ID given a local class reference. The loadable
589 * flag is true if the defining class loader of context->class
590 * is known to be capable of loading the class.
591 */
592 static unsigned short
593 class_to_ID(context_type *context, jclass cb, jboolean loadable)
594 {
595 JNIEnv *env = context->env;
596 hash_table_type *class_hash = &(context->class_hash);
597 unsigned int hash;
598 hash_bucket_type *bucket;
599 unsigned short *pID;
600 const char *name = JVM_GetClassNameUTF(env, cb);
601
602 check_and_push(context, name, VM_STRING_UTF);
603 hash = class_hash_fun(name);
604 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
605 while (*pID) {
606 bucket = GET_BUCKET(class_hash, *pID);
607 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
608 /*
609 * There is an unresolved entry with our name
610 * so we're forced to load it in case it matches us.
611 */
612 if (bucket->class == 0) {
613 assert(bucket->loadable == JNI_TRUE);
614 bucket->class = load_class_global(context, name);
615 }
616
617 /*
618 * It's already in the table. Update the loadable
619 * state if it's known and then we're done.
620 */
621 if ((*env)->IsSameObject(env, cb, bucket->class)) {
622 if (loadable && !bucket->loadable)
623 bucket->loadable = JNI_TRUE;
624 goto done;
625 }
626 }
627 pID = &bucket->next;
628 }
629 bucket = new_bucket(context, pID);
630 bucket->next = 0;
631 bucket->hash = hash;
632 bucket->name = malloc(strlen(name) + 1);
633 if (bucket->name == 0)
634 CCout_of_memory(context);
635 strcpy(bucket->name, name);
636 bucket->loadable = loadable;
637 bucket->class = (*env)->NewGlobalRef(env, cb);
638 if (bucket->class == 0)
639 CCout_of_memory(context);
640 #ifdef DEBUG
641 context->n_globalrefs++;
642 #endif
643
644 done:
645 pop_and_free(context);
646 return *pID;
647 }
648
649 /*
650 * Return a unique ID given a class name from the constant pool.
651 * All classes are lazily loaded from the defining loader of
652 * context->class.
653 */
654 static unsigned short
655 class_name_to_ID(context_type *context, const char *name)
656 {
657 hash_table_type *class_hash = &(context->class_hash);
658 unsigned int hash = class_hash_fun(name);
659 hash_bucket_type *bucket;
660 unsigned short *pID;
661 jboolean force_load = JNI_FALSE;
662
663 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
664 while (*pID) {
665 bucket = GET_BUCKET(class_hash, *pID);
666 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
667 if (bucket->loadable)
668 goto done;
669 force_load = JNI_TRUE;
670 }
671 pID = &bucket->next;
672 }
673
674 if (force_load) {
675 /*
676 * We found at least one matching named entry for a class that
677 * was not known to be loadable through the defining class loader
678 * of context->class. We must load our named class and update
679 * the hash table in case one these entries matches our class.
680 */
681 JNIEnv *env = context->env;
682 jclass cb = load_class_local(context, name);
683 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
684 (*env)->DeleteLocalRef(env, cb);
685 return id;
686 }
687
688 bucket = new_bucket(context, pID);
689 bucket->next = 0;
690 bucket->class = 0;
691 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
692 bucket->hash = hash;
693 bucket->name = malloc(strlen(name) + 1);
694 if (bucket->name == 0)
695 CCout_of_memory(context);
696 strcpy(bucket->name, name);
697
698 done:
699 return *pID;
700 }
701
702 static const char *
703 ID_to_class_name(context_type *context, unsigned short ID)
704 {
705 hash_table_type *class_hash = &(context->class_hash);
706 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
707 return bucket->name;
708 }
709
710 static jclass
711 ID_to_class(context_type *context, unsigned short ID)
712 {
713 hash_table_type *class_hash = &(context->class_hash);
714 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
715 if (bucket->class == 0) {
716 assert(bucket->loadable == JNI_TRUE);
717 bucket->class = load_class_global(context, bucket->name);
718 }
719 return bucket->class;
720 }
721
722 static fullinfo_type
723 make_loadable_class_info(context_type *context, jclass cb)
724 {
725 return MAKE_FULLINFO(ITEM_Object, 0,
726 class_to_ID(context, cb, JNI_TRUE));
727 }
728
729 static fullinfo_type
730 make_class_info(context_type *context, jclass cb)
731 {
732 return MAKE_FULLINFO(ITEM_Object, 0,
733 class_to_ID(context, cb, JNI_FALSE));
734 }
735
736 static fullinfo_type
737 make_class_info_from_name(context_type *context, const char *name)
738 {
739 return MAKE_FULLINFO(ITEM_Object, 0,
740 class_name_to_ID(context, name));
741 }
742
743 /* RETURNS
744 * 1: on success chosen to be consistent with previous VerifyClass
745 * 0: verify error
746 * 2: out of memory
747 * 3: class format error
748 *
749 * Called by verify_class. Verify the code of each of the methods
750 * in a class. Note that this function apparently can't be JNICALL,
751 * because if it is the dynamic linker doesn't appear to be able to
752 * find it on Win32.
753 */
754
755 #define CC_OK 1
756 #define CC_VerifyError 0
757 #define CC_OutOfMemory 2
758 #define CC_ClassFormatError 3
759
760 JNIEXPORT jboolean
761 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
762 jint major_version)
763 {
764 context_type context_structure;
765 context_type *context = &context_structure;
766 jboolean result = CC_OK;
767 int i;
768 int num_methods;
769 int* code_lengths;
770 unsigned char** code;
771
772 #ifdef DEBUG
773 GlobalContext = context;
774 #endif
775
776 memset(context, 0, sizeof(context_type));
777 context->message = buffer;
778 context->message_buf_len = len;
779
780 context->env = env;
781 context->class = cb;
782
783 /* Set invalid method/field index of the context, in case anyone
784 calls CCerror */
785 context->method_index = -1;
786 context->field_index = -1;
787
788 /* Don't call CCerror or anything that can call it above the setjmp! */
789 if (!setjmp(context->jump_buffer)) {
790 jclass super;
791
792 CCinit(context); /* initialize heap; may throw */
793
794 initialize_class_hash(context);
795
796 context->major_version = major_version;
797 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
798 context->constant_types = (unsigned char *)
799 malloc(sizeof(unsigned char) * context->nconstants + 1);
800
801 if (context->constant_types == 0)
802 CCout_of_memory(context);
803
804 JVM_GetClassCPTypes(env, cb, context->constant_types);
805
806 if (context->constant_types == 0)
807 CCout_of_memory(context);
808
809 context->object_info =
810 make_class_info_from_name(context, "java/lang/Object");
811 context->string_info =
812 make_class_info_from_name(context, "java/lang/String");
813 context->throwable_info =
814 make_class_info_from_name(context, "java/lang/Throwable");
815 context->cloneable_info =
816 make_class_info_from_name(context, "java/lang/Cloneable");
817 context->serializable_info =
818 make_class_info_from_name(context, "java/io/Serializable");
819
820 context->currentclass_info = make_loadable_class_info(context, cb);
821
822 super = (*env)->GetSuperclass(env, cb);
823
824 if (super != 0) {
825 fullinfo_type *gptr;
826 int i = 0;
827
828 context->superclass_info = make_loadable_class_info(context, super);
829
830 while(super != 0) {
831 jclass tmp_cb = (*env)->GetSuperclass(env, super);
832 (*env)->DeleteLocalRef(env, super);
833 super = tmp_cb;
834 i++;
835 }
836 (*env)->DeleteLocalRef(env, super);
837 super = 0;
838
839 /* Can't go on context heap since it survives more than
840 one method */
841 context->superclasses = gptr =
842 malloc(sizeof(fullinfo_type)*(i + 1));
843 if (gptr == 0) {
844 CCout_of_memory(context);
845 }
846
847 super = (*env)->GetSuperclass(env, context->class);
848 while(super != 0) {
849 jclass tmp_cb;
850 *gptr++ = make_class_info(context, super);
851 tmp_cb = (*env)->GetSuperclass(env, super);
852 (*env)->DeleteLocalRef(env, super);
853 super = tmp_cb;
854 }
855 *gptr = 0;
856 } else {
857 context->superclass_info = 0;
858 }
859
860 (*env)->DeleteLocalRef(env, super);
861
862 /* Look at each method */
863 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
864 verify_field(context, cb, i);
865 num_methods = JVM_GetClassMethodsCount(env, cb);
866 read_all_code(context, cb, num_methods, &code_lengths, &code);
867 for (i = num_methods - 1; i >= 0; --i)
868 verify_method(context, cb, i, code_lengths[i], code[i]);
869 free_all_code(context, num_methods, code);
870 result = CC_OK;
871 } else {
872 result = context->err_code;
873 }
874
875 /* Cleanup */
876 finalize_class_hash(context);
877
878 while(context->allocated_memory)
879 pop_and_free(context);
880
881 #ifdef DEBUG
882 GlobalContext = 0;
883 #endif
884
885 if (context->exceptions)
886 free(context->exceptions);
887
888 if (context->constant_types)
889 free(context->constant_types);
890
891 if (context->superclasses)
892 free(context->superclasses);
893
894 #ifdef DEBUG
895 /* Make sure all global refs created in the verifier are freed */
896 assert(context->n_globalrefs == 0);
897 #endif
898
899 CCdestroy(context); /* destroy heap */
900 return result;
901 }
902
903 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
904
905 JNIEXPORT jboolean
906 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
907 {
908 static int warned = 0;
909 if (!warned) {
910 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
911 warned = 1;
912 }
913 return VerifyClassForMajorVersion(env, cb, buffer, len,
914 OLD_FORMAT_MAX_MAJOR_VERSION);
915 }
916
917 static void
918 verify_field(context_type *context, jclass cb, int field_index)
919 {
920 JNIEnv *env = context->env;
921 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
922 context->field_index = field_index;
923
924 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
925 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
926 CCerror(context, "Inconsistent access bits.");
927 }
928 context->field_index = -1;
929 }
930
931
932 /**
933 * We read all of the class's methods' code because it is possible that
934 * the verification of one method could resulting in linking further
935 * down the stack (due to class loading), which could end up rewriting
936 * some of the bytecode of methods we haven't verified yet. Since we
937 * don't want to see the rewritten bytecode, cache all the code and
938 * operate only on that.
939 */
940 static void
941 read_all_code(context_type* context, jclass cb, int num_methods,
942 int** lengths_addr, unsigned char*** code_addr)
943 {
944 int* lengths;
945 unsigned char** code;
946 int i;
947
948 lengths = malloc(sizeof(int) * num_methods);
949 check_and_push(context, lengths, VM_MALLOC_BLK);
950
951 code = malloc(sizeof(unsigned char*) * num_methods);
952 check_and_push(context, code, VM_MALLOC_BLK);
953
954 *(lengths_addr) = lengths;
955 *(code_addr) = code;
956
957 for (i = 0; i < num_methods; ++i) {
958 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
959 if (lengths[i] > 0) {
960 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
961 check_and_push(context, code[i], VM_MALLOC_BLK);
962 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
963 } else {
964 code[i] = NULL;
965 }
966 }
967 }
968
969 static void
970 free_all_code(context_type* context, int num_methods, unsigned char** code)
971 {
972 int i;
973 for (i = 0; i < num_methods; ++i) {
974 if (code[i] != NULL) {
975 pop_and_free(context);
976 }
977 }
978 pop_and_free(context); /* code */
979 pop_and_free(context); /* lengths */
980 }
981
982 /* Verify the code of one method */
983 static void
984 verify_method(context_type *context, jclass cb, int method_index,
985 int code_length, unsigned char* code)
986 {
987 JNIEnv *env = context->env;
988 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
989 int *code_data;
990 instruction_data_type *idata = 0;
991 int instruction_count;
992 int i, offset;
993 unsigned int inumber;
994 jint nexceptions;
995
996 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
997 /* not much to do for abstract and native methods */
998 return;
999 }
1000
1001 context->code_length = code_length;
1002 context->code = code;
1003
1004 /* CCerror can give method-specific info once this is set */
1005 context->method_index = method_index;
1006
1007 CCreinit(context); /* initial heap */
1008 code_data = NEW(int, code_length);
1009
1010 #ifdef DEBUG
1011 if (verify_verbose) {
1012 const char *classname = JVM_GetClassNameUTF(env, cb);
1013 const char *methodname =
1014 JVM_GetMethodIxNameUTF(env, cb, method_index);
1015 const char *signature =
1016 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1017 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1018 (classname ? classname : ""),
1019 (methodname ? methodname : ""),
1020 (signature ? signature : ""));
1021 JVM_ReleaseUTF(classname);
1022 JVM_ReleaseUTF(methodname);
1023 JVM_ReleaseUTF(signature);
1024 }
1025 #endif
1026
1027 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1028 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1029 CCerror(context, "Inconsistent access bits.");
1030 }
1031
1032 // If this method is an overpass method, which is generated by the VM,
1033 // we trust the code and no check needs to be done.
1034 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1035 return;
1036 }
1037
1038 /* Run through the code. Mark the start of each instruction, and give
1039 * the instruction a number */
1040 for (i = 0, offset = 0; offset < code_length; i++) {
1041 int length = instruction_length(&code[offset], code + code_length);
1042 int next_offset = offset + length;
1043 if (length <= 0)
1044 CCerror(context, "Illegal instruction found at offset %d", offset);
1045 if (next_offset > code_length)
1046 CCerror(context, "Code stops in the middle of instruction "
1047 " starting at offset %d", offset);
1048 code_data[offset] = i;
1049 while (++offset < next_offset)
1050 code_data[offset] = -1; /* illegal location */
1051 }
1052 instruction_count = i; /* number of instructions in code */
1053
1054 /* Allocate a structure to hold info about each instruction. */
1055 idata = NEW(instruction_data_type, instruction_count);
1056
1057 /* Initialize the heap, and other info in the context structure. */
1058 context->code = code;
1059 context->instruction_data = idata;
1060 context->code_data = code_data;
1061 context->instruction_count = instruction_count;
1062 context->handler_info =
1063 NEW(struct handler_info_type,
1064 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1065 context->bitmask_size =
1066 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1067 + (BITS_PER_INT - 1))/BITS_PER_INT;
1068
1069 if (instruction_count == 0)
1070 CCerror(context, "Empty code");
1071
1072 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1073 int length = instruction_length(&code[offset], code + code_length);
1074 instruction_data_type *this_idata = &idata[inumber];
1075 this_idata->opcode = code[offset];
1076 this_idata->stack_info.stack = NULL;
1077 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1078 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1079 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1080 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1081 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1082 this_idata->or_flags = 0; /* "bottom" or value*/
1083 /* This also sets up this_data->operand. It also makes the
1084 * xload_x and xstore_x instructions look like the generic form. */
1085 verify_opcode_operands(context, inumber, offset);
1086 offset += length;
1087 }
1088
1089
1090 /* make sure exception table is reasonable. */
1091 initialize_exception_table(context);
1092 /* Set up first instruction, and start of exception handlers. */
1093 initialize_dataflow(context);
1094 /* Run data flow analysis on the instructions. */
1095 run_dataflow(context);
1096
1097 /* verify checked exceptions, if any */
1098 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1099 context->exceptions = (unsigned short *)
1100 malloc(sizeof(unsigned short) * nexceptions + 1);
1101 if (context->exceptions == 0)
1102 CCout_of_memory(context);
1103 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1104 context->exceptions);
1105 for (i = 0; i < nexceptions; i++) {
1106 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1107 verify_constant_pool_type(context, (int)context->exceptions[i],
1108 1 << JVM_CONSTANT_Class);
1109 }
1110 free(context->exceptions);
1111 context->exceptions = 0;
1112 context->code = 0;
1113 context->method_index = -1;
1114 }
1115
1116
1117 /* Look at a single instruction, and verify its operands. Also, for
1118 * simplicity, move the operand into the ->operand field.
1119 * Make sure that branches don't go into the middle of nowhere.
1120 */
1121
1122 static jint _ck_ntohl(jint n)
1123 {
1124 unsigned char *p = (unsigned char *)&n;
1125 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1126 }
1127
1128 static void
1129 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1130 {
1131 JNIEnv *env = context->env;
1132 instruction_data_type *idata = context->instruction_data;
1133 instruction_data_type *this_idata = &idata[inumber];
1134 int *code_data = context->code_data;
1135 int mi = context->method_index;
1136 unsigned char *code = context->code;
1137 int opcode = this_idata->opcode;
1138 int var;
1139
1140 /*
1141 * Set the ip fields to 0 not the i fields because the ip fields
1142 * are 64 bits on 64 bit architectures, the i field is only 32
1143 */
1144 this_idata->operand.ip = 0;
1145 this_idata->operand2.ip = 0;
1146
1147 switch (opcode) {
1148
1149 case JVM_OPC_jsr:
1150 /* instruction of ret statement */
1151 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1152 /* FALLTHROUGH */
1153 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1154 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1155 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1156 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1157 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1158 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1159 case JVM_OPC_goto: {
1160 /* Set the ->operand to be the instruction number of the target. */
1161 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1162 int target = offset + jump;
1163 if (!isLegalTarget(context, target))
1164 CCerror(context, "Illegal target of jump or branch");
1165 this_idata->operand.i = code_data[target];
1166 break;
1167 }
1168
1169 case JVM_OPC_jsr_w:
1170 /* instruction of ret statement */
1171 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1172 /* FALLTHROUGH */
1173 case JVM_OPC_goto_w: {
1174 /* Set the ->operand to be the instruction number of the target. */
1175 int jump = (((signed char)(code[offset+1])) << 24) +
1176 (code[offset+2] << 16) + (code[offset+3] << 8) +
1177 (code[offset + 4]);
1178 int target = offset + jump;
1179 if (!isLegalTarget(context, target))
1180 CCerror(context, "Illegal target of jump or branch");
1181 this_idata->operand.i = code_data[target];
1182 break;
1183 }
1184
1185 case JVM_OPC_tableswitch:
1186 case JVM_OPC_lookupswitch: {
1187 /* Set the ->operand to be a table of possible instruction targets. */
1188 int *lpc = (int *) UCALIGN(code + offset + 1);
1189 int *lptr;
1190 int *saved_operand;
1191 int keys;
1192 int k, delta;
1193
1194 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1195 /* 4639449, 4647081: Padding bytes must be zero. */
1196 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1197 for (; bptr < (unsigned char*)lpc; bptr++) {
1198 if (*bptr != 0) {
1199 CCerror(context, "Non zero padding bytes in switch");
1200 }
1201 }
1202 }
1203 if (opcode == JVM_OPC_tableswitch) {
1204 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1205 delta = 1;
1206 } else {
1207 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1208 delta = 2;
1209 /* Make sure that the tableswitch items are sorted */
1210 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1211 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1212 int next_key = _ck_ntohl(lptr[2]);
1213 if (this_key >= next_key) {
1214 CCerror(context, "Unsorted lookup switch");
1215 }
1216 }
1217 }
1218 saved_operand = NEW(int, keys + 2);
1219 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1220 CCerror(context, "Illegal default target in switch");
1221 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1222 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1223 int target = offset + _ck_ntohl(lptr[0]);
1224 if (!isLegalTarget(context, target))
1225 CCerror(context, "Illegal branch in tableswitch");
1226 saved_operand[k + 1] = code_data[target];
1227 }
1228 saved_operand[0] = keys + 1; /* number of successors */
1229 this_idata->operand.ip = saved_operand;
1230 break;
1231 }
1232
1233 case JVM_OPC_ldc: {
1234 /* Make sure the constant pool item is the right type. */
1235 int key = code[offset + 1];
1236 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1237 (1 << JVM_CONSTANT_String);
1238 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1239 types |= 1 << JVM_CONSTANT_Class;
1240 }
1241 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1242 types |= (1 << JVM_CONSTANT_MethodHandle) |
1243 (1 << JVM_CONSTANT_MethodType);
1244 }
1245 this_idata->operand.i = key;
1246 verify_constant_pool_type(context, key, types);
1247 break;
1248 }
1249
1250 case JVM_OPC_ldc_w: {
1251 /* Make sure the constant pool item is the right type. */
1252 int key = (code[offset + 1] << 8) + code[offset + 2];
1253 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1254 (1 << JVM_CONSTANT_String);
1255 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1256 types |= 1 << JVM_CONSTANT_Class;
1257 }
1258 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1259 types |= (1 << JVM_CONSTANT_MethodHandle) |
1260 (1 << JVM_CONSTANT_MethodType);
1261 }
1262 this_idata->operand.i = key;
1263 verify_constant_pool_type(context, key, types);
1264 break;
1265 }
1266
1267 case JVM_OPC_ldc2_w: {
1268 /* Make sure the constant pool item is the right type. */
1269 int key = (code[offset + 1] << 8) + code[offset + 2];
1270 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1271 this_idata->operand.i = key;
1272 verify_constant_pool_type(context, key, types);
1273 break;
1274 }
1275
1276 case JVM_OPC_getfield: case JVM_OPC_putfield:
1277 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1278 /* Make sure the constant pool item is the right type. */
1279 int key = (code[offset + 1] << 8) + code[offset + 2];
1280 this_idata->operand.i = key;
1281 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1282 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1283 set_protected(context, inumber, key, opcode);
1284 break;
1285 }
1286
1287 case JVM_OPC_invokevirtual:
1288 case JVM_OPC_invokespecial:
1289 case JVM_OPC_invokestatic:
1290 case JVM_OPC_invokedynamic:
1291 case JVM_OPC_invokeinterface: {
1292 /* Make sure the constant pool item is the right type. */
1293 int key = (code[offset + 1] << 8) + code[offset + 2];
1294 const char *methodname;
1295 jclass cb = context->class;
1296 fullinfo_type clazz_info;
1297 int is_constructor, is_internal, is_invokedynamic;
1298 int kind;
1299
1300 switch (opcode ) {
1301 case JVM_OPC_invokestatic:
1302 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1303 ? (1 << JVM_CONSTANT_Methodref)
1304 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1305 break;
1306 case JVM_OPC_invokedynamic:
1307 kind = 1 << JVM_CONSTANT_NameAndType;
1308 break;
1309 case JVM_OPC_invokeinterface:
1310 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1311 break;
1312 default:
1313 kind = 1 << JVM_CONSTANT_Methodref;
1314 }
1315
1316 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1317 /* Make sure the constant pool item is the right type. */
1318 verify_constant_pool_type(context, key, kind);
1319 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1320 check_and_push(context, methodname, VM_STRING_UTF);
1321 is_constructor = !strcmp(methodname, "<init>");
1322 is_internal = methodname[0] == '<';
1323 pop_and_free(context);
1324
1325 if (is_invokedynamic)
1326 clazz_info = context->object_info; // anything will do
1327 else
1328 clazz_info = cp_index_to_class_fullinfo(context, key,
1329 JVM_CONSTANT_Methodref);
1330 this_idata->operand.i = key;
1331 this_idata->operand2.fi = clazz_info;
1332 if (is_constructor) {
1333 if (opcode != JVM_OPC_invokespecial) {
1334 CCerror(context,
1335 "Must call initializers using invokespecial");
1336 }
1337 this_idata->opcode = JVM_OPC_invokeinit;
1338 } else {
1339 if (is_internal) {
1340 CCerror(context, "Illegal call to internal method");
1341 }
1342 if (opcode == JVM_OPC_invokespecial
1343 && clazz_info != context->currentclass_info
1344 && clazz_info != context->superclass_info) {
1345 int not_found = 1;
1346
1347 jclass super = (*env)->GetSuperclass(env, context->class);
1348 while(super != 0) {
1349 jclass tmp_cb;
1350 fullinfo_type new_info = make_class_info(context, super);
1351 if (clazz_info == new_info) {
1352 not_found = 0;
1353 break;
1354 }
1355 tmp_cb = (*env)->GetSuperclass(env, super);
1356 (*env)->DeleteLocalRef(env, super);
1357 super = tmp_cb;
1358 }
1359 (*env)->DeleteLocalRef(env, super);
1360
1361 /* The optimizer may cause this to happen on local code */
1362 if (not_found) {
1363 CCerror(context, "Illegal use of nonvirtual function call");
1364 }
1365 }
1366 }
1367 if (opcode == JVM_OPC_invokeinterface) {
1368 unsigned int args1;
1369 unsigned int args2;
1370 const char *signature =
1371 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1372 check_and_push(context, signature, VM_STRING_UTF);
1373 args1 = signature_to_args_size(signature) + 1;
1374 args2 = code[offset + 3];
1375 if (args1 != args2) {
1376 CCerror(context,
1377 "Inconsistent args_size for invokeinterface");
1378 }
1379 if (code[offset + 4] != 0) {
1380 CCerror(context,
1381 "Fourth operand byte of invokeinterface must be zero");
1382 }
1383 pop_and_free(context);
1384 } else if (opcode == JVM_OPC_invokedynamic) {
1385 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1386 CCerror(context,
1387 "Third and fourth operand bytes of invokedynamic must be zero");
1388 }
1389 } else if (opcode == JVM_OPC_invokevirtual
1390 || opcode == JVM_OPC_invokespecial)
1391 set_protected(context, inumber, key, opcode);
1392 break;
1393 }
1394
1395
1396 case JVM_OPC_instanceof:
1397 case JVM_OPC_checkcast:
1398 case JVM_OPC_new:
1399 case JVM_OPC_anewarray:
1400 case JVM_OPC_multianewarray: {
1401 /* Make sure the constant pool item is a class */
1402 int key = (code[offset + 1] << 8) + code[offset + 2];
1403 fullinfo_type target;
1404 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1405 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1406 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1407 CCerror(context, "Illegal type");
1408 switch(opcode) {
1409 case JVM_OPC_anewarray:
1410 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1411 CCerror(context, "Array with too many dimensions");
1412 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1413 GET_INDIRECTION(target) + 1,
1414 GET_EXTRA_INFO(target));
1415 break;
1416 case JVM_OPC_new:
1417 if (WITH_ZERO_EXTRA_INFO(target) !=
1418 MAKE_FULLINFO(ITEM_Object, 0, 0))
1419 CCerror(context, "Illegal creation of multi-dimensional array");
1420 /* operand gets set to the "unitialized object". operand2 gets
1421 * set to what the value will be after it's initialized. */
1422 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1423 this_idata->operand2.fi = target;
1424 break;
1425 case JVM_OPC_multianewarray:
1426 this_idata->operand.fi = target;
1427 this_idata->operand2.i = code[offset + 3];
1428 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1429 || (this_idata->operand2.i == 0))
1430 CCerror(context, "Illegal dimension argument");
1431 break;
1432 default:
1433 this_idata->operand.fi = target;
1434 }
1435 break;
1436 }
1437
1438 case JVM_OPC_newarray: {
1439 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1440 fullinfo_type full_info;
1441 switch (code[offset + 1]) {
1442 case JVM_T_INT:
1443 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1444 case JVM_T_LONG:
1445 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1446 case JVM_T_FLOAT:
1447 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1448 case JVM_T_DOUBLE:
1449 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1450 case JVM_T_BOOLEAN:
1451 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0); break;
1452 case JVM_T_BYTE:
1453 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1454 case JVM_T_CHAR:
1455 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1456 case JVM_T_SHORT:
1457 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1458 default:
1459 full_info = 0; /* Keep lint happy */
1460 CCerror(context, "Bad type passed to newarray");
1461 }
1462 this_idata->operand.fi = full_info;
1463 break;
1464 }
1465
1466 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1467 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1468 this_idata->opcode = JVM_OPC_iload;
1469 var = opcode - JVM_OPC_iload_0;
1470 goto check_local_variable;
1471
1472 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1473 this_idata->opcode = JVM_OPC_fload;
1474 var = opcode - JVM_OPC_fload_0;
1475 goto check_local_variable;
1476
1477 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1478 this_idata->opcode = JVM_OPC_aload;
1479 var = opcode - JVM_OPC_aload_0;
1480 goto check_local_variable;
1481
1482 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1483 this_idata->opcode = JVM_OPC_lload;
1484 var = opcode - JVM_OPC_lload_0;
1485 goto check_local_variable2;
1486
1487 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1488 this_idata->opcode = JVM_OPC_dload;
1489 var = opcode - JVM_OPC_dload_0;
1490 goto check_local_variable2;
1491
1492 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1493 this_idata->opcode = JVM_OPC_istore;
1494 var = opcode - JVM_OPC_istore_0;
1495 goto check_local_variable;
1496
1497 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1498 this_idata->opcode = JVM_OPC_fstore;
1499 var = opcode - JVM_OPC_fstore_0;
1500 goto check_local_variable;
1501
1502 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1503 this_idata->opcode = JVM_OPC_astore;
1504 var = opcode - JVM_OPC_astore_0;
1505 goto check_local_variable;
1506
1507 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1508 this_idata->opcode = JVM_OPC_lstore;
1509 var = opcode - JVM_OPC_lstore_0;
1510 goto check_local_variable2;
1511
1512 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1513 this_idata->opcode = JVM_OPC_dstore;
1514 var = opcode - JVM_OPC_dstore_0;
1515 goto check_local_variable2;
1516
1517 case JVM_OPC_wide:
1518 this_idata->opcode = code[offset + 1];
1519 var = (code[offset + 2] << 8) + code[offset + 3];
1520 switch(this_idata->opcode) {
1521 case JVM_OPC_lload: case JVM_OPC_dload:
1522 case JVM_OPC_lstore: case JVM_OPC_dstore:
1523 goto check_local_variable2;
1524 default:
1525 goto check_local_variable;
1526 }
1527
1528 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1529 case JVM_OPC_ret:
1530 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1531 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1532 var = code[offset + 1];
1533 check_local_variable:
1534 /* Make sure that the variable number isn't illegal. */
1535 this_idata->operand.i = var;
1536 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1537 CCerror(context, "Illegal local variable number");
1538 break;
1539
1540 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1541 var = code[offset + 1];
1542 check_local_variable2:
1543 /* Make sure that the variable number isn't illegal. */
1544 this_idata->operand.i = var;
1545 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1546 CCerror(context, "Illegal local variable number");
1547 break;
1548
1549 default:
1550 if (opcode > JVM_OPC_MAX)
1551 CCerror(context, "Quick instructions shouldn't appear yet.");
1552 break;
1553 } /* of switch */
1554 }
1555
1556
1557 static void
1558 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1559 {
1560 JNIEnv *env = context->env;
1561 fullinfo_type clazz_info;
1562 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1563 clazz_info = cp_index_to_class_fullinfo(context, key,
1564 JVM_CONSTANT_Fieldref);
1565 } else {
1566 clazz_info = cp_index_to_class_fullinfo(context, key,
1567 JVM_CONSTANT_Methodref);
1568 }
1569 if (is_superclass(context, clazz_info)) {
1570 jclass calledClass =
1571 object_fullinfo_to_classclass(context, clazz_info);
1572 int access;
1573 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1574 searches the referenced field or method in calledClass. The following
1575 while loop is added to search up the superclass chain to make this
1576 symbolic resolution consistent with the field/method resolution
1577 specified in VM spec 5.4.3. */
1578 calledClass = (*env)->NewLocalRef(env, calledClass);
1579 do {
1580 jclass tmp_cb;
1581 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1582 access = JVM_GetCPFieldModifiers
1583 (env, context->class, key, calledClass);
1584 } else {
1585 access = JVM_GetCPMethodModifiers
1586 (env, context->class, key, calledClass);
1587 }
1588 if (access != -1) {
1589 break;
1590 }
1591 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1592 (*env)->DeleteLocalRef(env, calledClass);
1593 calledClass = tmp_cb;
1594 } while (calledClass != 0);
1595
1596 if (access == -1) {
1597 /* field/method not found, detected at runtime. */
1598 } else if (access & JVM_ACC_PROTECTED) {
1599 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1600 context->instruction_data[inumber].protected = JNI_TRUE;
1601 }
1602 (*env)->DeleteLocalRef(env, calledClass);
1603 }
1604 }
1605
1606
1607 static jboolean
1608 is_superclass(context_type *context, fullinfo_type clazz_info) {
1609 fullinfo_type *fptr = context->superclasses;
1610
1611 if (fptr == 0)
1612 return JNI_FALSE;
1613 for (; *fptr != 0; fptr++) {
1614 if (*fptr == clazz_info)
1615 return JNI_TRUE;
1616 }
1617 return JNI_FALSE;
1618 }
1619
1620
1621 /* Look through each item on the exception table. Each of the fields must
1622 * refer to a legal instruction.
1623 */
1624 static void
1625 initialize_exception_table(context_type *context)
1626 {
1627 JNIEnv *env = context->env;
1628 int mi = context->method_index;
1629 struct handler_info_type *handler_info = context->handler_info;
1630 int *code_data = context->code_data;
1631 int code_length = context->code_length;
1632 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1633 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1634 if (max_stack_size < 1 && i > 0) {
1635 // If the method contains exception handlers, it must have room
1636 // on the expression stack for the exception that the VM could push
1637 CCerror(context, "Stack size too large");
1638 }
1639 for (; --i >= 0; handler_info++) {
1640 JVM_ExceptionTableEntryType einfo;
1641 stack_item_type *stack_item = NEW(stack_item_type, 1);
1642
1643 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1644 i, &einfo);
1645
1646 if (!(einfo.start_pc < einfo.end_pc &&
1647 einfo.start_pc >= 0 &&
1648 isLegalTarget(context, einfo.start_pc) &&
1649 (einfo.end_pc == code_length ||
1650 isLegalTarget(context, einfo.end_pc)))) {
1651 CFerror(context, "Illegal exception table range");
1652 }
1653 if (!((einfo.handler_pc > 0) &&
1654 isLegalTarget(context, einfo.handler_pc))) {
1655 CFerror(context, "Illegal exception table handler");
1656 }
1657
1658 handler_info->start = code_data[einfo.start_pc];
1659 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1660 handler_info->end = (einfo.end_pc == context->code_length) ?
1661 context->instruction_count : code_data[einfo.end_pc];
1662 handler_info->handler = code_data[einfo.handler_pc];
1663 handler_info->stack_info.stack = stack_item;
1664 handler_info->stack_info.stack_size = 1;
1665 stack_item->next = NULL;
1666 if (einfo.catchType != 0) {
1667 const char *classname;
1668 /* Constant pool entry type has been checked in format checker */
1669 classname = JVM_GetCPClassNameUTF(env,
1670 context->class,
1671 einfo.catchType);
1672 check_and_push(context, classname, VM_STRING_UTF);
1673 stack_item->item = make_class_info_from_name(context, classname);
1674 if (!isAssignableTo(context,
1675 stack_item->item,
1676 context->throwable_info))
1677 CCerror(context, "catch_type not a subclass of Throwable");
1678 pop_and_free(context);
1679 } else {
1680 stack_item->item = context->throwable_info;
1681 }
1682 }
1683 }
1684
1685
1686 /* Given a pointer to an instruction, return its length. Use the table
1687 * opcode_length[] which is automatically built.
1688 */
1689 static int instruction_length(unsigned char *iptr, unsigned char *end)
1690 {
1691 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1692 int instruction = *iptr;
1693 switch (instruction) {
1694 case JVM_OPC_tableswitch: {
1695 int *lpc = (int *)UCALIGN(iptr + 1);
1696 int index;
1697 if (lpc + 2 >= (int *)end) {
1698 return -1; /* do not read pass the end */
1699 }
1700 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1701 if ((index < 0) || (index > 65535)) {
1702 return -1; /* illegal */
1703 } else {
1704 return (unsigned char *)(&lpc[index + 4]) - iptr;
1705 }
1706 }
1707
1708 case JVM_OPC_lookupswitch: {
1709 int *lpc = (int *) UCALIGN(iptr + 1);
1710 int npairs;
1711 if (lpc + 1 >= (int *)end)
1712 return -1; /* do not read pass the end */
1713 npairs = _ck_ntohl(lpc[1]);
1714 /* There can't be more than 64K labels because of the limit
1715 * on per-method byte code length.
1716 */
1717 if (npairs < 0 || npairs >= 65536)
1718 return -1;
1719 else
1720 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1721 }
1722
1723 case JVM_OPC_wide:
1724 if (iptr + 1 >= end)
1725 return -1; /* do not read pass the end */
1726 switch(iptr[1]) {
1727 case JVM_OPC_ret:
1728 case JVM_OPC_iload: case JVM_OPC_istore:
1729 case JVM_OPC_fload: case JVM_OPC_fstore:
1730 case JVM_OPC_aload: case JVM_OPC_astore:
1731 case JVM_OPC_lload: case JVM_OPC_lstore:
1732 case JVM_OPC_dload: case JVM_OPC_dstore:
1733 return 4;
1734 case JVM_OPC_iinc:
1735 return 6;
1736 default:
1737 return -1;
1738 }
1739
1740 default: {
1741 /* A length of 0 indicates an error. */
1742 int length = opcode_length[instruction];
1743 return (length <= 0) ? -1 : length;
1744 }
1745 }
1746 }
1747
1748
1749 /* Given the target of a branch, make sure that it's a legal target. */
1750 static jboolean
1751 isLegalTarget(context_type *context, int offset)
1752 {
1753 int code_length = context->code_length;
1754 int *code_data = context->code_data;
1755 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1756 }
1757
1758
1759 /* Make sure that an element of the constant pool really is of the indicated
1760 * type.
1761 */
1762 static void
1763 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1764 {
1765 int nconstants = context->nconstants;
1766 unsigned char *type_table = context->constant_types;
1767 unsigned type;
1768
1769 if ((index <= 0) || (index >= nconstants))
1770 CCerror(context, "Illegal constant pool index");
1771
1772 type = type_table[index];
1773 if ((mask & (1 << type)) == 0)
1774 CCerror(context, "Illegal type in constant pool");
1775 }
1776
1777
1778 static void
1779 initialize_dataflow(context_type *context)
1780 {
1781 JNIEnv *env = context->env;
1782 instruction_data_type *idata = context->instruction_data;
1783 int mi = context->method_index;
1784 jclass cb = context->class;
1785 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1786 fullinfo_type *reg_ptr;
1787 fullinfo_type full_info;
1788 const char *p;
1789 const char *signature;
1790
1791 /* Initialize the function entry, since we know everything about it. */
1792 idata[0].stack_info.stack_size = 0;
1793 idata[0].stack_info.stack = NULL;
1794 idata[0].register_info.register_count = args_size;
1795 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1796 idata[0].register_info.mask_count = 0;
1797 idata[0].register_info.masks = NULL;
1798 idata[0].and_flags = 0; /* nothing needed */
1799 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1800 reg_ptr = idata[0].register_info.registers;
1801
1802 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1803 /* A non static method. If this is an <init> method, the first
1804 * argument is an uninitialized object. Otherwise it is an object of
1805 * the given class type. java.lang.Object.<init> is special since
1806 * we don't call its superclass <init> method.
1807 */
1808 if (JVM_IsConstructorIx(env, cb, mi)
1809 && context->currentclass_info != context->object_info) {
1810 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1811 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1812 } else {
1813 *reg_ptr++ = context->currentclass_info;
1814 }
1815 }
1816 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1817 check_and_push(context, signature, VM_STRING_UTF);
1818 /* Fill in each of the arguments into the registers. */
1819 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1820 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1821 switch (fieldchar) {
1822 case 'D': case 'L':
1823 *reg_ptr++ = full_info;
1824 *reg_ptr++ = full_info + 1;
1825 break;
1826 default:
1827 *reg_ptr++ = full_info;
1828 break;
1829 }
1830 }
1831 p++; /* skip over right parenthesis */
1832 if (*p == 'V') {
1833 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1834 } else {
1835 signature_to_fieldtype(context, &p, &full_info);
1836 context->return_type = full_info;
1837 }
1838 pop_and_free(context);
1839 /* Indicate that we need to look at the first instruction. */
1840 idata[0].changed = JNI_TRUE;
1841 }
1842
1843
1844 /* Run the data flow analysis, as long as there are things to change. */
1845 static void
1846 run_dataflow(context_type *context) {
1847 JNIEnv *env = context->env;
1848 int mi = context->method_index;
1849 jclass cb = context->class;
1850 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1851 instruction_data_type *idata = context->instruction_data;
1852 unsigned int icount = context->instruction_count;
1853 jboolean work_to_do = JNI_TRUE;
1854 unsigned int inumber;
1855
1856 /* Run through the loop, until there is nothing left to do. */
1857 while (work_to_do) {
1858 work_to_do = JNI_FALSE;
1859 for (inumber = 0; inumber < icount; inumber++) {
1860 instruction_data_type *this_idata = &idata[inumber];
1861 if (this_idata->changed) {
1862 register_info_type new_register_info;
1863 stack_info_type new_stack_info;
1864 flag_type new_and_flags, new_or_flags;
1865
1866 this_idata->changed = JNI_FALSE;
1867 work_to_do = JNI_TRUE;
1868 #ifdef DEBUG
1869 if (verify_verbose) {
1870 int opcode = this_idata->opcode;
1871 jio_fprintf(stdout, "Instruction %d: ", inumber);
1872 print_stack(context, &this_idata->stack_info);
1873 print_registers(context, &this_idata->register_info);
1874 print_flags(context,
1875 this_idata->and_flags, this_idata->or_flags);
1876 fflush(stdout);
1877 }
1878 #endif
1879 /* Make sure the registers and flags are appropriate */
1880 check_register_values(context, inumber);
1881 check_flags(context, inumber);
1882
1883 /* Make sure the stack can deal with this instruction */
1884 pop_stack(context, inumber, &new_stack_info);
1885
1886 /* Update the registers and flags */
1887 update_registers(context, inumber, &new_register_info);
1888 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1889
1890 /* Update the stack. */
1891 push_stack(context, inumber, &new_stack_info);
1892
1893 if (new_stack_info.stack_size > max_stack_size)
1894 CCerror(context, "Stack size too large");
1895 #ifdef DEBUG
1896 if (verify_verbose) {
1897 jio_fprintf(stdout, " ");
1898 print_stack(context, &new_stack_info);
1899 print_registers(context, &new_register_info);
1900 print_flags(context, new_and_flags, new_or_flags);
1901 fflush(stdout);
1902 }
1903 #endif
1904 /* Add the new stack and register information to any
1905 * instructions that can follow this instruction. */
1906 merge_into_successors(context, inumber,
1907 &new_register_info, &new_stack_info,
1908 new_and_flags, new_or_flags);
1909 }
1910 }
1911 }
1912 }
1913
1914
1915 /* Make sure that the registers contain a legitimate value for the given
1916 * instruction.
1917 */
1918
1919 static void
1920 check_register_values(context_type *context, unsigned int inumber)
1921 {
1922 instruction_data_type *idata = context->instruction_data;
1923 instruction_data_type *this_idata = &idata[inumber];
1924 int opcode = this_idata->opcode;
1925 int operand = this_idata->operand.i;
1926 int register_count = this_idata->register_info.register_count;
1927 fullinfo_type *registers = this_idata->register_info.registers;
1928 jboolean double_word = JNI_FALSE; /* default value */
1929 int type;
1930
1931 switch (opcode) {
1932 default:
1933 return;
1934 case JVM_OPC_iload: case JVM_OPC_iinc:
1935 type = ITEM_Integer; break;
1936 case JVM_OPC_fload:
1937 type = ITEM_Float; break;
1938 case JVM_OPC_aload:
1939 type = ITEM_Object; break;
1940 case JVM_OPC_ret:
1941 type = ITEM_ReturnAddress; break;
1942 case JVM_OPC_lload:
1943 type = ITEM_Long; double_word = JNI_TRUE; break;
1944 case JVM_OPC_dload:
1945 type = ITEM_Double; double_word = JNI_TRUE; break;
1946 }
1947 if (!double_word) {
1948 fullinfo_type reg;
1949 /* Make sure we don't have an illegal register or one with wrong type */
1950 if (operand >= register_count) {
1951 CCerror(context,
1952 "Accessing value from uninitialized register %d", operand);
1953 }
1954 reg = registers[operand];
1955
1956 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1957 /* the register is obviously of the given type */
1958 return;
1959 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1960 /* address type stuff be used on all arrays */
1961 return;
1962 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1963 CCerror(context, "Cannot load return address from register %d",
1964 operand);
1965 /* alternatively
1966 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1967 && (opcode == JVM_OPC_iload)
1968 && (type == ITEM_Object || type == ITEM_Integer)
1969 but this never occurs
1970 */
1971 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1972 return;
1973 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1974 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1975 type == ITEM_Object) {
1976 return;
1977 } else {
1978 CCerror(context, "Register %d contains wrong type", operand);
1979 }
1980 } else {
1981 /* Make sure we don't have an illegal register or one with wrong type */
1982 if ((operand + 1) >= register_count) {
1983 CCerror(context,
1984 "Accessing value from uninitialized register pair %d/%d",
1985 operand, operand+1);
1986 } else {
1987 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1988 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1989 return;
1990 } else {
1991 CCerror(context, "Register pair %d/%d contains wrong type",
1992 operand, operand+1);
1993 }
1994 }
1995 }
1996 }
1997
1998
1999 /* Make sure the flags contain legitimate values for this instruction.
2000 */
2001
2002 static void
2003 check_flags(context_type *context, unsigned int inumber)
2004 {
2005 instruction_data_type *idata = context->instruction_data;
2006 instruction_data_type *this_idata = &idata[inumber];
2007 int opcode = this_idata->opcode;
2008 switch (opcode) {
2009 case JVM_OPC_return:
2010 /* We need a constructor, but we aren't guaranteed it's called */
2011 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2012 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2013 CCerror(context, "Constructor must call super() or this()");
2014 /* fall through */
2015 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2016 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2017 if (this_idata->or_flags & FLAG_NO_RETURN)
2018 /* This method cannot exit normally */
2019 CCerror(context, "Cannot return normally");
2020 default:
2021 break; /* nothing to do. */
2022 }
2023 }
2024
2025 /* Make sure that the top of the stack contains reasonable values for the
2026 * given instruction. The post-pop values of the stack and its size are
2027 * returned in *new_stack_info.
2028 */
2029
2030 static void
2031 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2032 {
2033 instruction_data_type *idata = context->instruction_data;
2034 instruction_data_type *this_idata = &idata[inumber];
2035 int opcode = this_idata->opcode;
2036 stack_item_type *stack = this_idata->stack_info.stack;
2037 int stack_size = this_idata->stack_info.stack_size;
2038 char *stack_operands, *p;
2039 char buffer[257]; /* for holding manufactured argument lists */
2040 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2041 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2042 fullinfo_type full_info; /* only used in case of invoke instructions */
2043 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2044
2045 switch(opcode) {
2046 default:
2047 /* For most instructions, we just use a built-in table */
2048 stack_operands = opcode_in_out[opcode][0];
2049 break;
2050
2051 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2052 /* The top thing on the stack depends on the signature of
2053 * the object. */
2054 int operand = this_idata->operand.i;
2055 const char *signature =
2056 JVM_GetCPFieldSignatureUTF(context->env,
2057 context->class,
2058 operand);
2059 char *ip = buffer;
2060 check_and_push(context, signature, VM_STRING_UTF);
2061 #ifdef DEBUG
2062 if (verify_verbose) {
2063 print_formatted_fieldname(context, operand);
2064 }
2065 #endif
2066 if (opcode == JVM_OPC_putfield)
2067 *ip++ = 'A'; /* object for putfield */
2068 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2069 *ip = '\0';
2070 stack_operands = buffer;
2071 pop_and_free(context);
2072 break;
2073 }
2074
2075 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2076 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2077 case JVM_OPC_invokedynamic:
2078 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2079 /* The top stuff on the stack depends on the method signature */
2080 int operand = this_idata->operand.i;
2081 const char *signature =
2082 JVM_GetCPMethodSignatureUTF(context->env,
2083 context->class,
2084 operand);
2085 char *ip = buffer;
2086 const char *p;
2087 check_and_push(context, signature, VM_STRING_UTF);
2088 #ifdef DEBUG
2089 if (verify_verbose) {
2090 print_formatted_methodname(context, operand);
2091 }
2092 #endif
2093 if (opcode != JVM_OPC_invokestatic &&
2094 opcode != JVM_OPC_invokedynamic)
2095 /* First, push the object */
2096 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2097 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2098 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2099 if (ip >= buffer + sizeof(buffer) - 1)
2100 CCerror(context, "Signature %s has too many arguments",
2101 signature);
2102 }
2103 *ip = 0;
2104 stack_operands = buffer;
2105 pop_and_free(context);
2106 break;
2107 }
2108
2109 case JVM_OPC_multianewarray: {
2110 /* Count can't be larger than 255. So can't overflow buffer */
2111 int count = this_idata->operand2.i; /* number of ints on stack */
2112 memset(buffer, 'I', count);
2113 buffer[count] = '\0';
2114 stack_operands = buffer;
2115 break;
2116 }
2117
2118 } /* of switch */
2119
2120 /* Run through the list of operands >>backwards<< */
2121 for ( p = stack_operands + strlen(stack_operands);
2122 p > stack_operands;
2123 stack = stack->next) {
2124 int type = *--p;
2125 fullinfo_type top_type = stack ? stack->item : 0;
2126 int size = (type == 'D' || type == 'L') ? 2 : 1;
2127 *--stack_extra_info = top_type;
2128 if (stack == NULL)
2129 CCerror(context, "Unable to pop operand off an empty stack");
2130
2131 switch (type) {
2132 case 'I':
2133 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2134 CCerror(context, "Expecting to find integer on stack");
2135 break;
2136
2137 case 'F':
2138 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2139 CCerror(context, "Expecting to find float on stack");
2140 break;
2141
2142 case 'A': /* object or array */
2143 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2144 && (GET_INDIRECTION(top_type) == 0)) {
2145 /* The thing isn't an object or an array. Let's see if it's
2146 * one of the special cases */
2147 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2148 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2149 && (opcode == JVM_OPC_astore))
2150 break;
2151 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2152 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2153 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2154 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2155 break;
2156 /* The 2nd edition VM of the specification allows field
2157 * initializations before the superclass initializer,
2158 * if the field is defined within the current class.
2159 */
2160 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2161 && (opcode == JVM_OPC_putfield)) {
2162 int operand = this_idata->operand.i;
2163 int access_bits = JVM_GetCPFieldModifiers(context->env,
2164 context->class,
2165 operand,
2166 context->class);
2167 /* Note: This relies on the fact that
2168 * JVM_GetCPFieldModifiers retrieves only local fields,
2169 * and does not respect inheritance.
2170 */
2171 if (access_bits != -1) {
2172 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2173 context->currentclass_info ) {
2174 top_type = context->currentclass_info;
2175 *stack_extra_info = top_type;
2176 break;
2177 }
2178 }
2179 }
2180 CCerror(context, "Expecting to find object/array on stack");
2181 }
2182 break;
2183
2184 case '@': { /* unitialized object, for call to <init> */
2185 int item_type = GET_ITEM_TYPE(top_type);
2186 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2187 CCerror(context,
2188 "Expecting to find unitialized object on stack");
2189 break;
2190 }
2191
2192 case 'O': /* object, not array */
2193 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2194 MAKE_FULLINFO(ITEM_Object, 0, 0))
2195 CCerror(context, "Expecting to find object on stack");
2196 break;
2197
2198 case 'a': /* integer, object, or array */
2199 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2200 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2201 && (GET_INDIRECTION(top_type) == 0))
2202 CCerror(context,
2203 "Expecting to find object, array, or int on stack");
2204 break;
2205
2206 case 'D': /* double */
2207 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2208 CCerror(context, "Expecting to find double on stack");
2209 break;
2210
2211 case 'L': /* long */
2212 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2213 CCerror(context, "Expecting to find long on stack");
2214 break;
2215
2216 case ']': /* array of some type */
2217 if (top_type == NULL_FULLINFO) {
2218 /* do nothing */
2219 } else switch(p[-1]) {
2220 case 'I': /* array of integers */
2221 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2222 top_type != NULL_FULLINFO)
2223 CCerror(context,
2224 "Expecting to find array of ints on stack");
2225 break;
2226
2227 case 'L': /* array of longs */
2228 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2229 CCerror(context,
2230 "Expecting to find array of longs on stack");
2231 break;
2232
2233 case 'F': /* array of floats */
2234 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2235 CCerror(context,
2236 "Expecting to find array of floats on stack");
2237 break;
2238
2239 case 'D': /* array of doubles */
2240 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2241 CCerror(context,
2242 "Expecting to find array of doubles on stack");
2243 break;
2244
2245 case 'A': { /* array of addresses (arrays or objects) */
2246 int indirection = GET_INDIRECTION(top_type);
2247 if ((indirection == 0) ||
2248 ((indirection == 1) &&
2249 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2250 CCerror(context,
2251 "Expecting to find array of objects or arrays "
2252 "on stack");
2253 break;
2254 }
2255
2256 case 'B': /* array of bytes or booleans */
2257 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2258 top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2259 CCerror(context,
2260 "Expecting to find array of bytes or Booleans on stack");
2261 break;
2262
2263 case 'C': /* array of characters */
2264 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2265 CCerror(context,
2266 "Expecting to find array of chars on stack");
2267 break;
2268
2269 case 'S': /* array of shorts */
2270 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2271 CCerror(context,
2272 "Expecting to find array of shorts on stack");
2273 break;
2274
2275 case '?': /* any type of array is okay */
2276 if (GET_INDIRECTION(top_type) == 0)
2277 CCerror(context,
2278 "Expecting to find array on stack");
2279 break;
2280
2281 default:
2282 CCerror(context, "Internal error #1");
2283 break;
2284 }
2285 p -= 2; /* skip over [ <char> */
2286 break;
2287
2288 case '1': case '2': case '3': case '4': /* stack swapping */
2289 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2290 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2291 if ((p > stack_operands) && (p[-1] == '+')) {
2292 context->swap_table[type - '1'] = top_type + 1;
2293 context->swap_table[p[-2] - '1'] = top_type;
2294 size = 2;
2295 p -= 2;
2296 } else {
2297 CCerror(context,
2298 "Attempt to split long or double on the stack");
2299 }
2300 } else {
2301 context->swap_table[type - '1'] = stack->item;
2302 if ((p > stack_operands) && (p[-1] == '+'))
2303 p--; /* ignore */
2304 }
2305 break;
2306 case '+': /* these should have been caught. */
2307 default:
2308 CCerror(context, "Internal error #2");
2309 }
2310 stack_size -= size;
2311 }
2312
2313 /* For many of the opcodes that had an "A" in their field, we really
2314 * need to go back and do a little bit more accurate testing. We can, of
2315 * course, assume that the minimal type checking has already been done.
2316 */
2317 switch (opcode) {
2318 default: break;
2319 case JVM_OPC_aastore: { /* array index object */
2320 fullinfo_type array_type = stack_extra_info[0];
2321 fullinfo_type object_type = stack_extra_info[2];
2322 fullinfo_type target_type = decrement_indirection(array_type);
2323 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2324 && (GET_INDIRECTION(object_type) == 0)) {
2325 CCerror(context, "Expecting reference type on operand stack in aastore");
2326 }
2327 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2328 && (GET_INDIRECTION(target_type) == 0)) {
2329 CCerror(context, "Component type of the array must be reference type in aastore");
2330 }
2331 break;
2332 }
2333
2334 case JVM_OPC_putfield:
2335 case JVM_OPC_getfield:
2336 case JVM_OPC_putstatic: {
2337 int operand = this_idata->operand.i;
2338 fullinfo_type stack_object = stack_extra_info[0];
2339 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2340 if (!isAssignableTo
2341 (context,
2342 stack_object,
2343 cp_index_to_class_fullinfo
2344 (context, operand, JVM_CONSTANT_Fieldref))) {
2345 CCerror(context,
2346 "Incompatible type for getting or setting field");
2347 }
2348 if (this_idata->protected &&
2349 !isAssignableTo(context, stack_object,
2350 context->currentclass_info)) {
2351 CCerror(context, "Bad access to protected data");
2352 }
2353 }
2354 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2355 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2356 if (!isAssignableTo(context,
2357 stack_extra_info[item], put_full_info)) {
2358 CCerror(context, "Bad type in putfield/putstatic");
2359 }
2360 }
2361 break;
2362 }
2363
2364 case JVM_OPC_athrow:
2365 if (!isAssignableTo(context, stack_extra_info[0],
2366 context->throwable_info)) {
2367 CCerror(context, "Can only throw Throwable objects");
2368 }
2369 break;
2370
2371 case JVM_OPC_aaload: { /* array index */
2372 /* We need to pass the information to the stack updater */
2373 fullinfo_type array_type = stack_extra_info[0];
2374 context->swap_table[0] = decrement_indirection(array_type);
2375 break;
2376 }
2377
2378 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2379 case JVM_OPC_invokeinit:
2380 case JVM_OPC_invokedynamic:
2381 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2382 int operand = this_idata->operand.i;
2383 const char *signature =
2384 JVM_GetCPMethodSignatureUTF(context->env,
2385 context->class,
2386 operand);
2387 int item;
2388 const char *p;
2389 check_and_push(context, signature, VM_STRING_UTF);
2390 if (opcode == JVM_OPC_invokestatic ||
2391 opcode == JVM_OPC_invokedynamic) {
2392 item = 0;
2393 } else if (opcode == JVM_OPC_invokeinit) {
2394 fullinfo_type init_type = this_idata->operand2.fi;
2395 fullinfo_type object_type = stack_extra_info[0];
2396 context->swap_table[0] = object_type; /* save value */
2397 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2398 /* We better be calling the appropriate init. Find the
2399 * inumber of the "JVM_OPC_new" instruction", and figure
2400 * out what the type really is.
2401 */
2402 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2403 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2404 context->swap_table[1] = target_type;
2405
2406 if (target_type != init_type) {
2407 CCerror(context, "Call to wrong initialization method");
2408 }
2409 if (this_idata->protected
2410 && !isAssignableTo(context, object_type,
2411 context->currentclass_info)) {
2412 CCerror(context, "Bad access to protected data");
2413 }
2414 } else {
2415 /* We better be calling super() or this(). */
2416 if (init_type != context->superclass_info &&
2417 init_type != context->currentclass_info) {
2418 CCerror(context, "Call to wrong initialization method");
2419 }
2420 context->swap_table[1] = context->currentclass_info;
2421 }
2422 item = 1;
2423 } else {
2424 fullinfo_type target_type = this_idata->operand2.fi;
2425 fullinfo_type object_type = stack_extra_info[0];
2426 if (!isAssignableTo(context, object_type, target_type)){
2427 CCerror(context,
2428 "Incompatible object argument for function call");
2429 }
2430 if (opcode == JVM_OPC_invokespecial
2431 && !isAssignableTo(context, object_type,
2432 context->currentclass_info)) {
2433 /* Make sure object argument is assignment compatible to current class */
2434 CCerror(context,
2435 "Incompatible object argument for invokespecial");
2436 }
2437 if (this_idata->protected
2438 && !isAssignableTo(context, object_type,
2439 context->currentclass_info)) {
2440 /* This is ugly. Special dispensation. Arrays pretend to
2441 implement public Object clone() even though they don't */
2442 const char *utfName =
2443 JVM_GetCPMethodNameUTF(context->env,
2444 context->class,
2445 this_idata->operand.i);
2446 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2447 JVM_ReleaseUTF(utfName);
2448
2449 if ((target_type == context->object_info) &&
2450 (GET_INDIRECTION(object_type) > 0) &&
2451 is_clone) {
2452 } else {
2453 CCerror(context, "Bad access to protected data");
2454 }
2455 }
2456 item = 1;
2457 }
2458 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2459 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2460 if (!isAssignableTo(context,
2461 stack_extra_info[item], full_info)) {
2462 CCerror(context, "Incompatible argument to function");
2463 }
2464 }
2465
2466 pop_and_free(context);
2467 break;
2468 }
2469
2470 case JVM_OPC_return:
2471 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2472 CCerror(context, "Wrong return type in function");
2473 break;
2474
2475 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2476 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2477 fullinfo_type target_type = context->return_type;
2478 fullinfo_type object_type = stack_extra_info[0];
2479 if (!isAssignableTo(context, object_type, target_type)) {
2480 CCerror(context, "Wrong return type in function");
2481 }
2482 break;
2483 }
2484
2485 case JVM_OPC_new: {
2486 /* Make sure that nothing on the stack already looks like what
2487 * we want to create. I can't image how this could possibly happen
2488 * but we should test for it anyway, since if it could happen, the
2489 * result would be an unitialized object being able to masquerade
2490 * as an initialized one.
2491 */
2492 stack_item_type *item;
2493 for (item = stack; item != NULL; item = item->next) {
2494 if (item->item == this_idata->operand.fi) {
2495 CCerror(context,
2496 "Uninitialized object on stack at creating point");
2497 }
2498 }
2499 /* Info for update_registers */
2500 context->swap_table[0] = this_idata->operand.fi;
2501 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2502
2503 break;
2504 }
2505 }
2506 new_stack_info->stack = stack;
2507 new_stack_info->stack_size = stack_size;
2508 }
2509
2510
2511 /* We've already determined that the instruction is legal. Perform the
2512 * operation on the registers, and return the updated results in
2513 * new_register_count_p and new_registers.
2514 */
2515
2516 static void
2517 update_registers(context_type *context, unsigned int inumber,
2518 register_info_type *new_register_info)
2519 {
2520 instruction_data_type *idata = context->instruction_data;
2521 instruction_data_type *this_idata = &idata[inumber];
2522 int opcode = this_idata->opcode;
2523 int operand = this_idata->operand.i;
2524 int register_count = this_idata->register_info.register_count;
2525 fullinfo_type *registers = this_idata->register_info.registers;
2526 stack_item_type *stack = this_idata->stack_info.stack;
2527 int mask_count = this_idata->register_info.mask_count;
2528 mask_type *masks = this_idata->register_info.masks;
2529
2530 /* Use these as default new values. */
2531 int new_register_count = register_count;
2532 int new_mask_count = mask_count;
2533 fullinfo_type *new_registers = registers;
2534 mask_type *new_masks = masks;
2535
2536 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2537 int i;
2538
2539 /* Remember, we've already verified the type at the top of the stack. */
2540 switch (opcode) {
2541 default: break;
2542 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2543 access = ACCESS_SINGLE;
2544 goto continue_store;
2545
2546 case JVM_OPC_lstore: case JVM_OPC_dstore:
2547 access = ACCESS_DOUBLE;
2548 goto continue_store;
2549
2550 continue_store: {
2551 /* We have a modification to the registers. Copy them if needed. */
2552 fullinfo_type stack_top_type = stack->item;
2553 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2554
2555 if ( max_operand < register_count
2556 && registers[operand] == stack_top_type
2557 && ((access == ACCESS_SINGLE) ||
2558 (registers[operand + 1]== stack_top_type + 1)))
2559 /* No changes have been made to the registers. */
2560 break;
2561 new_register_count = MAX(max_operand + 1, register_count);
2562 new_registers = NEW(fullinfo_type, new_register_count);
2563 for (i = 0; i < register_count; i++)
2564 new_registers[i] = registers[i];
2565 for (i = register_count; i < new_register_count; i++)
2566 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2567 new_registers[operand] = stack_top_type;
2568 if (access == ACCESS_DOUBLE)
2569 new_registers[operand + 1] = stack_top_type + 1;
2570 break;
2571 }
2572
2573 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2574 case JVM_OPC_iinc: case JVM_OPC_ret:
2575 access = ACCESS_SINGLE;
2576 break;
2577
2578 case JVM_OPC_lload: case JVM_OPC_dload:
2579 access = ACCESS_DOUBLE;
2580 break;
2581
2582 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2583 for (i = 0; i < new_mask_count; i++)
2584 if (new_masks[i].entry == operand)
2585 CCerror(context, "Recursive call to jsr entry");
2586 new_masks = add_to_masks(context, masks, mask_count, operand);
2587 new_mask_count++;
2588 break;
2589
2590 case JVM_OPC_invokeinit:
2591 case JVM_OPC_new: {
2592 /* For invokeinit, an uninitialized object has been initialized.
2593 * For new, all previous occurrences of an uninitialized object
2594 * from the same instruction must be made bogus.
2595 * We find all occurrences of swap_table[0] in the registers, and
2596 * replace them with swap_table[1];
2597 */
2598 fullinfo_type from = context->swap_table[0];
2599 fullinfo_type to = context->swap_table[1];
2600
2601 int i;
2602 for (i = 0; i < register_count; i++) {
2603 if (new_registers[i] == from) {
2604 /* Found a match */
2605 break;
2606 }
2607 }
2608 if (i < register_count) { /* We broke out loop for match */
2609 /* We have to change registers, and possibly a mask */
2610 jboolean copied_mask = JNI_FALSE;
2611 int k;
2612 new_registers = NEW(fullinfo_type, register_count);
2613 memcpy(new_registers, registers,
2614 register_count * sizeof(registers[0]));
2615 for ( ; i < register_count; i++) {
2616 if (new_registers[i] == from) {
2617 new_registers[i] = to;
2618 for (k = 0; k < new_mask_count; k++) {
2619 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2620 if (!copied_mask) {
2621 new_masks = copy_masks(context, new_masks,
2622 mask_count);
2623 copied_mask = JNI_TRUE;
2624 }
2625 SET_BIT(new_masks[k].modifies, i);
2626 }
2627 }
2628 }
2629 }
2630 }
2631 break;
2632 }
2633 } /* of switch */
2634
2635 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2636 int i, j;
2637 for (i = 0; i < new_mask_count; i++) {
2638 int *mask = new_masks[i].modifies;
2639 if ((!IS_BIT_SET(mask, operand)) ||
2640 ((access == ACCESS_DOUBLE) &&
2641 !IS_BIT_SET(mask, operand + 1))) {
2642 new_masks = copy_masks(context, new_masks, mask_count);
2643 for (j = i; j < new_mask_count; j++) {
2644 SET_BIT(new_masks[j].modifies, operand);
2645 if (access == ACCESS_DOUBLE)
2646 SET_BIT(new_masks[j].modifies, operand + 1);
2647 }
2648 break;
2649 }
2650 }
2651 }
2652
2653 new_register_info->register_count = new_register_count;
2654 new_register_info->registers = new_registers;
2655 new_register_info->masks = new_masks;
2656 new_register_info->mask_count = new_mask_count;
2657 }
2658
2659
2660
2661 /* We've already determined that the instruction is legal, and have updated
2662 * the registers. Update the flags, too.
2663 */
2664
2665
2666 static void
2667 update_flags(context_type *context, unsigned int inumber,
2668 flag_type *new_and_flags, flag_type *new_or_flags)
2669
2670 {
2671 instruction_data_type *idata = context->instruction_data;
2672 instruction_data_type *this_idata = &idata[inumber];
2673 flag_type and_flags = this_idata->and_flags;
2674 flag_type or_flags = this_idata->or_flags;
2675
2676 /* Set the "we've done a constructor" flag */
2677 if (this_idata->opcode == JVM_OPC_invokeinit) {
2678 fullinfo_type from = context->swap_table[0];
2679 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2680 and_flags |= FLAG_CONSTRUCTED;
2681 }
2682 *new_and_flags = and_flags;
2683 *new_or_flags = or_flags;
2684 }
2685
2686
2687
2688 /* We've already determined that the instruction is legal. Perform the
2689 * operation on the stack;
2690 *
2691 * new_stack_size_p and new_stack_p point to the results after the pops have
2692 * already been done. Do the pushes, and then put the results back there.
2693 */
2694
2695 static void
2696 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2697 {
2698 instruction_data_type *idata = context->instruction_data;
2699 instruction_data_type *this_idata = &idata[inumber];
2700 int opcode = this_idata->opcode;
2701 int operand = this_idata->operand.i;
2702
2703 int stack_size = new_stack_info->stack_size;
2704 stack_item_type *stack = new_stack_info->stack;
2705 char *stack_results;
2706
2707 fullinfo_type full_info = 0;
2708 char buffer[5], *p; /* actually [2] is big enough */
2709
2710 /* We need to look at all those opcodes in which either we can't tell the
2711 * value pushed onto the stack from the opcode, or in which the value
2712 * pushed onto the stack is an object or array. For the latter, we need
2713 * to make sure that full_info is set to the right value.
2714 */
2715 switch(opcode) {
2716 default:
2717 stack_results = opcode_in_out[opcode][1];
2718 break;
2719
2720 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2721 /* Look to constant pool to determine correct result. */
2722 unsigned char *type_table = context->constant_types;
2723 switch (type_table[operand]) {
2724 case JVM_CONSTANT_Integer:
2725 stack_results = "I"; break;
2726 case JVM_CONSTANT_Float:
2727 stack_results = "F"; break;
2728 case JVM_CONSTANT_Double:
2729 stack_results = "D"; break;
2730 case JVM_CONSTANT_Long:
2731 stack_results = "L"; break;
2732 case JVM_CONSTANT_String:
2733 stack_results = "A";
2734 full_info = context->string_info;
2735 break;
2736 case JVM_CONSTANT_Class:
2737 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2738 CCerror(context, "Internal error #3");
2739 stack_results = "A";
2740 full_info = make_class_info_from_name(context,
2741 "java/lang/Class");
2742 break;
2743 case JVM_CONSTANT_MethodHandle:
2744 case JVM_CONSTANT_MethodType:
2745 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2746 CCerror(context, "Internal error #3");
2747 stack_results = "A";
2748 switch (type_table[operand]) {
2749 case JVM_CONSTANT_MethodType:
2750 full_info = make_class_info_from_name(context,
2751 "java/lang/invoke/MethodType");
2752 break;
2753 default: //JVM_CONSTANT_MethodHandle
2754 full_info = make_class_info_from_name(context,
2755 "java/lang/invoke/MethodHandle");
2756 break;
2757 }
2758 break;
2759 default:
2760 CCerror(context, "Internal error #3");
2761 stack_results = ""; /* Never reached: keep lint happy */
2762 }
2763 break;
2764 }
2765
2766 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2767 /* Look to signature to determine correct result. */
2768 int operand = this_idata->operand.i;
2769 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2770 context->class,
2771 operand);
2772 check_and_push(context, signature, VM_STRING_UTF);
2773 #ifdef DEBUG
2774 if (verify_verbose) {
2775 print_formatted_fieldname(context, operand);
2776 }
2777 #endif
2778 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2779 buffer[1] = '\0';
2780 stack_results = buffer;
2781 pop_and_free(context);
2782 break;
2783 }
2784
2785 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2786 case JVM_OPC_invokeinit:
2787 case JVM_OPC_invokedynamic:
2788 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2789 /* Look to signature to determine correct result. */
2790 int operand = this_idata->operand.i;
2791 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2792 context->class,
2793 operand);
2794 const char *result_signature;
2795 check_and_push(context, signature, VM_STRING_UTF);
2796 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2797 if (result_signature++ == NULL) {
2798 CCerror(context, "Illegal signature %s", signature);
2799 }
2800 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2801 stack_results = "";
2802 } else {
2803 buffer[0] = signature_to_fieldtype(context, &result_signature,
2804 &full_info);
2805 buffer[1] = '\0';
2806 stack_results = buffer;
2807 }
2808 pop_and_free(context);
2809 break;
2810 }
2811
2812 case JVM_OPC_aconst_null:
2813 stack_results = opcode_in_out[opcode][1];
2814 full_info = NULL_FULLINFO; /* special NULL */
2815 break;
2816
2817 case JVM_OPC_new:
2818 case JVM_OPC_checkcast:
2819 case JVM_OPC_newarray:
2820 case JVM_OPC_anewarray:
2821 case JVM_OPC_multianewarray:
2822 stack_results = opcode_in_out[opcode][1];
2823 /* Conveniently, this result type is stored here */
2824 full_info = this_idata->operand.fi;
2825 break;
2826
2827 case JVM_OPC_aaload:
2828 stack_results = opcode_in_out[opcode][1];
2829 /* pop_stack() saved value for us. */
2830 full_info = context->swap_table[0];
2831 break;
2832
2833 case JVM_OPC_aload:
2834 stack_results = opcode_in_out[opcode][1];
2835 /* The register hasn't been modified, so we can use its value. */
2836 full_info = this_idata->register_info.registers[operand];
2837 break;
2838 } /* of switch */
2839
2840 for (p = stack_results; *p != 0; p++) {
2841 int type = *p;
2842 stack_item_type *new_item = NEW(stack_item_type, 1);
2843 new_item->next = stack;
2844 stack = new_item;
2845 switch (type) {
2846 case 'I':
2847 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2848 case 'F':
2849 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2850 case 'D':
2851 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2852 stack_size++; break;
2853 case 'L':
2854 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2855 stack_size++; break;
2856 case 'R':
2857 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2858 break;
2859 case '1': case '2': case '3': case '4': {
2860 /* Get the info saved in the swap_table */
2861 fullinfo_type stype = context->swap_table[type - '1'];
2862 stack->item = stype;
2863 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2864 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2865 stack_size++; p++;
2866 }
2867 break;
2868 }
2869 case 'A':
2870 /* full_info should have the appropriate value. */
2871 assert(full_info != 0);
2872 stack->item = full_info;
2873 break;
2874 default:
2875 CCerror(context, "Internal error #4");
2876
2877 } /* switch type */
2878 stack_size++;
2879 } /* outer for loop */
2880
2881 if (opcode == JVM_OPC_invokeinit) {
2882 /* If there are any instances of "from" on the stack, we need to
2883 * replace it with "to", since calling <init> initializes all versions
2884 * of the object, obviously. */
2885 fullinfo_type from = context->swap_table[0];
2886 stack_item_type *ptr;
2887 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2888 if (ptr->item == from) {
2889 fullinfo_type to = context->swap_table[1];
2890 stack = copy_stack(context, stack);
2891 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2892 if (ptr->item == from) ptr->item = to;
2893 break;
2894 }
2895 }
2896 }
2897
2898 new_stack_info->stack_size = stack_size;
2899 new_stack_info->stack = stack;
2900 }
2901
2902
2903 /* We've performed an instruction, and determined the new registers and stack
2904 * value. Look at all of the possibly subsequent instructions, and merge
2905 * this stack value into theirs.
2906 */
2907
2908 static void
2909 merge_into_successors(context_type *context, unsigned int inumber,
2910 register_info_type *register_info,
2911 stack_info_type *stack_info,
2912 flag_type and_flags, flag_type or_flags)
2913 {
2914 instruction_data_type *idata = context->instruction_data;
2915 instruction_data_type *this_idata = &idata[inumber];
2916 int opcode = this_idata->opcode;
2917 int operand = this_idata->operand.i;
2918 struct handler_info_type *handler_info = context->handler_info;
2919 int handler_info_length =
2920 JVM_GetMethodIxExceptionTableLength(context->env,
2921 context->class,
2922 context->method_index);
2923
2924
2925 int buffer[2]; /* default value for successors */
2926 int *successors = buffer; /* table of successors */
2927 int successors_count;
2928 int i;
2929
2930 switch (opcode) {
2931 default:
2932 successors_count = 1;
2933 buffer[0] = inumber + 1;
2934 break;
2935
2936 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2937 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2938 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2939 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2940 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2941 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2942 successors_count = 2;
2943 buffer[0] = inumber + 1;
2944 buffer[1] = operand;
2945 break;
2946
2947 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2948 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2949 idata[this_idata->operand2.i].changed = JNI_TRUE;
2950 /* FALLTHROUGH */
2951 case JVM_OPC_goto: case JVM_OPC_goto_w:
2952 successors_count = 1;
2953 buffer[0] = operand;
2954 break;
2955
2956
2957 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2958 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2959 case JVM_OPC_athrow:
2960 /* The testing for the returns is handled in pop_stack() */
2961 successors_count = 0;
2962 break;
2963
2964 case JVM_OPC_ret: {
2965 /* This is slightly slow, but good enough for a seldom used instruction.
2966 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2967 * address of the first instruction of the subroutine. We can return
2968 * to 1 after any instruction that jsr's to that instruction.
2969 */
2970 if (this_idata->operand2.ip == NULL) {
2971 fullinfo_type *registers = this_idata->register_info.registers;
2972 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2973 int i, count, *ptr;;
2974 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2975 if (((idata[i].opcode == JVM_OPC_jsr) ||
2976 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2977 (idata[i].operand.i == called_instruction))
2978 count++;
2979 }
2980 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2981 *ptr++ = count;
2982 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2983 if (((idata[i].opcode == JVM_OPC_jsr) ||
2984 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2985 (idata[i].operand.i == called_instruction))
2986 *ptr++ = i + 1;
2987 }
2988 }
2989 successors = this_idata->operand2.ip; /* use this instead */
2990 successors_count = *successors++;
2991 break;
2992
2993 }
2994
2995 case JVM_OPC_tableswitch:
2996 case JVM_OPC_lookupswitch:
2997 successors = this_idata->operand.ip; /* use this instead */
2998 successors_count = *successors++;
2999 break;
3000 }
3001
3002 #ifdef DEBUG
3003 if (verify_verbose) {
3004 jio_fprintf(stdout, " [");
3005 for (i = handler_info_length; --i >= 0; handler_info++)
3006 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3007 jio_fprintf(stdout, "%d* ", handler_info->handler);
3008 for (i = 0; i < successors_count; i++)
3009 jio_fprintf(stdout, "%d ", successors[i]);
3010 jio_fprintf(stdout, "]\n");
3011 }
3012 #endif
3013
3014 handler_info = context->handler_info;
3015 for (i = handler_info_length; --i >= 0; handler_info++) {
3016 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3017 int handler = handler_info->handler;
3018 if (opcode != JVM_OPC_invokeinit) {
3019 merge_into_one_successor(context, inumber, handler,
3020 &this_idata->register_info, /* old */
3021 &handler_info->stack_info,
3022 (flag_type) (and_flags
3023 & this_idata->and_flags),
3024 (flag_type) (or_flags
3025 | this_idata->or_flags),
3026 JNI_TRUE);
3027 } else {
3028 /* We need to be a little bit more careful with this
3029 * instruction. Things could either be in the state before
3030 * the instruction or in the state afterwards */
3031 fullinfo_type from = context->swap_table[0];
3032 flag_type temp_or_flags = or_flags;
3033 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3034 temp_or_flags |= FLAG_NO_RETURN;
3035 merge_into_one_successor(context, inumber, handler,
3036 &this_idata->register_info, /* old */
3037 &handler_info->stack_info,
3038 this_idata->and_flags,
3039 this_idata->or_flags,
3040 JNI_TRUE);
3041 merge_into_one_successor(context, inumber, handler,
3042 register_info,
3043 &handler_info->stack_info,
3044 and_flags, temp_or_flags, JNI_TRUE);
3045 }
3046 }
3047 }
3048 for (i = 0; i < successors_count; i++) {
3049 int target = successors[i];
3050 if (target >= context->instruction_count)
3051 CCerror(context, "Falling off the end of the code");
3052 merge_into_one_successor(context, inumber, target,
3053 register_info, stack_info, and_flags, or_flags,
3054 JNI_FALSE);
3055 }
3056 }
3057
3058 /* We have a new set of registers and stack values for a given instruction.
3059 * Merge this new set into the values that are already there.
3060 */
3061
3062 static void
3063 merge_into_one_successor(context_type *context,
3064 unsigned int from_inumber, unsigned int to_inumber,
3065 register_info_type *new_register_info,
3066 stack_info_type *new_stack_info,
3067 flag_type new_and_flags, flag_type new_or_flags,
3068 jboolean isException)
3069 {
3070 instruction_data_type *idata = context->instruction_data;
3071 register_info_type register_info_buf;
3072 stack_info_type stack_info_buf;
3073 #ifdef DEBUG
3074 instruction_data_type *this_idata = &idata[to_inumber];
3075 register_info_type old_reg_info;
3076 stack_info_type old_stack_info;
3077 flag_type old_and_flags = 0;
3078 flag_type old_or_flags = 0;
3079 #endif
3080
3081 #ifdef DEBUG
3082 if (verify_verbose) {
3083 old_reg_info = this_idata->register_info;
3084 old_stack_info = this_idata->stack_info;
3085 old_and_flags = this_idata->and_flags;
3086 old_or_flags = this_idata->or_flags;
3087 }
3088 #endif
3089
3090 /* All uninitialized objects are set to "bogus" when jsr and
3091 * ret are executed. Thus uninitialized objects can't propagate
3092 * into or out of a subroutine.
3093 */
3094 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3095 idata[from_inumber].opcode == JVM_OPC_jsr ||
3096 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3097 int new_register_count = new_register_info->register_count;
3098 fullinfo_type *new_registers = new_register_info->registers;
3099 int i;
3100 stack_item_type *item;
3101
3102 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3103 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3104 /* This check only succeeds for hand-contrived code.
3105 * Efficiency is not an issue.
3106 */
3107 stack_info_buf.stack = copy_stack(context,
3108 new_stack_info->stack);
3109 stack_info_buf.stack_size = new_stack_info->stack_size;
3110 new_stack_info = &stack_info_buf;
3111 for (item = new_stack_info->stack; item != NULL;
3112 item = item->next) {
3113 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3114 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3115 }
3116 }
3117 break;
3118 }
3119 }
3120 for (i = 0; i < new_register_count; i++) {
3121 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3122 /* This check only succeeds for hand-contrived code.
3123 * Efficiency is not an issue.
3124 */
3125 fullinfo_type *new_set = NEW(fullinfo_type,
3126 new_register_count);
3127 for (i = 0; i < new_register_count; i++) {
3128 fullinfo_type t = new_registers[i];
3129 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3130 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3131 }
3132 register_info_buf.register_count = new_register_count;
3133 register_info_buf.registers = new_set;
3134 register_info_buf.mask_count = new_register_info->mask_count;
3135 register_info_buf.masks = new_register_info->masks;
3136 new_register_info = ®ister_info_buf;
3137 break;
3138 }
3139 }
3140 }
3141
3142 /* Returning from a subroutine is somewhat ugly. The actual thing
3143 * that needs to get merged into the new instruction is a joining
3144 * of info from the ret instruction with stuff in the jsr instruction
3145 */
3146 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3147 int new_register_count = new_register_info->register_count;
3148 fullinfo_type *new_registers = new_register_info->registers;
3149 int new_mask_count = new_register_info->mask_count;
3150 mask_type *new_masks = new_register_info->masks;
3151 int operand = idata[from_inumber].operand.i;
3152 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3153 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3154 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3155 if (jsr_idata->operand2.i != (int)from_inumber) {
3156 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3157 CCerror(context, "Multiple returns to single jsr");
3158 jsr_idata->operand2.i = from_inumber;
3159 }
3160 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3161 /* We don't want to handle the returned-to instruction until
3162 * we've dealt with the jsr instruction. When we get to the
3163 * jsr instruction (if ever), we'll re-mark the ret instruction
3164 */
3165 ;
3166 } else {
3167 int register_count = jsr_reginfo->register_count;
3168 fullinfo_type *registers = jsr_reginfo->registers;
3169 int max_registers = MAX(register_count, new_register_count);
3170 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3171 int *return_mask;
3172 struct register_info_type new_new_register_info;
3173 int i;
3174 /* Make sure the place we're returning from is legal! */
3175 for (i = new_mask_count; --i >= 0; )
3176 if (new_masks[i].entry == called_instruction)
3177 break;
3178 if (i < 0)
3179 CCerror(context, "Illegal return from subroutine");
3180 /* pop the masks down to the indicated one. Remember the mask
3181 * we're popping off. */
3182 return_mask = new_masks[i].modifies;
3183 new_mask_count = i;
3184 for (i = 0; i < max_registers; i++) {
3185 if (IS_BIT_SET(return_mask, i))
3186 new_set[i] = i < new_register_count ?
3187 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3188 else
3189 new_set[i] = i < register_count ?
3190 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3191 }
3192 new_new_register_info.register_count = max_registers;
3193 new_new_register_info.registers = new_set;
3194 new_new_register_info.mask_count = new_mask_count;
3195 new_new_register_info.masks = new_masks;
3196
3197
3198 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3199 merge_registers(context, to_inumber - 1, to_inumber,
3200 &new_new_register_info);
3201 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3202 }
3203 } else {
3204 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3205 merge_registers(context, from_inumber, to_inumber, new_register_info);
3206 merge_flags(context, from_inumber, to_inumber,
3207 new_and_flags, new_or_flags);
3208 }
3209
3210 #ifdef DEBUG
3211 if (verify_verbose && idata[to_inumber].changed) {
3212 register_info_type *register_info = &this_idata->register_info;
3213 stack_info_type *stack_info = &this_idata->stack_info;
3214 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3215 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3216 (old_and_flags != this_idata->and_flags) ||
3217 (old_or_flags != this_idata->or_flags)) {
3218 jio_fprintf(stdout, " %2d:", to_inumber);
3219 print_stack(context, &old_stack_info);
3220 print_registers(context, &old_reg_info);
3221 print_flags(context, old_and_flags, old_or_flags);
3222 jio_fprintf(stdout, " => ");
3223 print_stack(context, &this_idata->stack_info);
3224 print_registers(context, &this_idata->register_info);
3225 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3226 jio_fprintf(stdout, "\n");
3227 }
3228 }
3229 #endif
3230
3231 }
3232
3233 static void
3234 merge_stack(context_type *context, unsigned int from_inumber,
3235 unsigned int to_inumber, stack_info_type *new_stack_info)
3236 {
3237 instruction_data_type *idata = context->instruction_data;
3238 instruction_data_type *this_idata = &idata[to_inumber];
3239
3240 int new_stack_size = new_stack_info->stack_size;
3241 stack_item_type *new_stack = new_stack_info->stack;
3242
3243 int stack_size = this_idata->stack_info.stack_size;
3244
3245 if (stack_size == UNKNOWN_STACK_SIZE) {
3246 /* First time at this instruction. Just copy. */
3247 this_idata->stack_info.stack_size = new_stack_size;
3248 this_idata->stack_info.stack = new_stack;
3249 this_idata->changed = JNI_TRUE;
3250 } else if (new_stack_size != stack_size) {
3251 CCerror(context, "Inconsistent stack height %d != %d",
3252 new_stack_size, stack_size);
3253 } else {
3254 stack_item_type *stack = this_idata->stack_info.stack;
3255 stack_item_type *old, *new;
3256 jboolean change = JNI_FALSE;
3257 for (old = stack, new = new_stack; old != NULL;
3258 old = old->next, new = new->next) {
3259 if (!isAssignableTo(context, new->item, old->item)) {
3260 change = JNI_TRUE;
3261 break;
3262 }
3263 }
3264 if (change) {
3265 stack = copy_stack(context, stack);
3266 for (old = stack, new = new_stack; old != NULL;
3267 old = old->next, new = new->next) {
3268 if (new == NULL) {
3269 break;
3270 }
3271 old->item = merge_fullinfo_types(context, old->item, new->item,
3272 JNI_FALSE);
3273 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3274 CCerror(context, "Mismatched stack types");
3275 }
3276 }
3277 if (old != NULL || new != NULL) {
3278 CCerror(context, "Mismatched stack types");
3279 }
3280 this_idata->stack_info.stack = stack;
3281 this_idata->changed = JNI_TRUE;
3282 }
3283 }
3284 }
3285
3286 static void
3287 merge_registers(context_type *context, unsigned int from_inumber,
3288 unsigned int to_inumber, register_info_type *new_register_info)
3289 {
3290 instruction_data_type *idata = context->instruction_data;
3291 instruction_data_type *this_idata = &idata[to_inumber];
3292 register_info_type *this_reginfo = &this_idata->register_info;
3293
3294 int new_register_count = new_register_info->register_count;
3295 fullinfo_type *new_registers = new_register_info->registers;
3296 int new_mask_count = new_register_info->mask_count;
3297 mask_type *new_masks = new_register_info->masks;
3298
3299
3300 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3301 this_reginfo->register_count = new_register_count;
3302 this_reginfo->registers = new_registers;
3303 this_reginfo->mask_count = new_mask_count;
3304 this_reginfo->masks = new_masks;
3305 this_idata->changed = JNI_TRUE;
3306 } else {
3307 /* See if we've got new information on the register set. */
3308 int register_count = this_reginfo->register_count;
3309 fullinfo_type *registers = this_reginfo->registers;
3310 int mask_count = this_reginfo->mask_count;
3311 mask_type *masks = this_reginfo->masks;
3312
3313 jboolean copy = JNI_FALSE;
3314 int i, j;
3315 if (register_count > new_register_count) {
3316 /* Any register larger than new_register_count is now bogus */
3317 this_reginfo->register_count = new_register_count;
3318 register_count = new_register_count;
3319 this_idata->changed = JNI_TRUE;
3320 }
3321 for (i = 0; i < register_count; i++) {
3322 fullinfo_type prev_value = registers[i];
3323 if ((i < new_register_count)
3324 ? (!isAssignableTo(context, new_registers[i], prev_value))
3325 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3326 copy = JNI_TRUE;
3327 break;
3328 }
3329 }
3330
3331 if (copy) {
3332 /* We need a copy. So do it. */
3333 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3334 for (j = 0; j < i; j++)
3335 new_set[j] = registers[j];
3336 for (j = i; j < register_count; j++) {
3337 if (i >= new_register_count)
3338 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3339 else
3340 new_set[j] = merge_fullinfo_types(context,
3341 new_registers[j],
3342 registers[j], JNI_FALSE);
3343 }
3344 /* Some of the end items might now be bogus. This step isn't
3345 * necessary, but it may save work later. */
3346 while ( register_count > 0
3347 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3348 register_count--;
3349 this_reginfo->register_count = register_count;
3350 this_reginfo->registers = new_set;
3351 this_idata->changed = JNI_TRUE;
3352 }
3353 if (mask_count > 0) {
3354 /* If the target instruction already has a sequence of masks, then
3355 * we need to merge new_masks into it. We want the entries on
3356 * the mask to be the longest common substring of the two.
3357 * (e.g. a->b->d merged with a->c->d should give a->d)
3358 * The bits set in the mask should be the or of the corresponding
3359 * entries in each of the original masks.
3360 */
3361 int i, j, k;
3362 int matches = 0;
3363 int last_match = -1;
3364 jboolean copy_needed = JNI_FALSE;
3365 for (i = 0; i < mask_count; i++) {
3366 int entry = masks[i].entry;
3367 for (j = last_match + 1; j < new_mask_count; j++) {
3368 if (new_masks[j].entry == entry) {
3369 /* We have a match */
3370 int *prev = masks[i].modifies;
3371 int *new = new_masks[j].modifies;
3372 matches++;
3373 /* See if new_mask has bits set for "entry" that
3374 * weren't set for mask. If so, need to copy. */
3375 for (k = context->bitmask_size - 1;
3376 !copy_needed && k >= 0;
3377 k--)
3378 if (~prev[k] & new[k])
3379 copy_needed = JNI_TRUE;
3380 last_match = j;
3381 break;
3382 }
3383 }
3384 }
3385 if ((matches < mask_count) || copy_needed) {
3386 /* We need to make a copy for the new item, since either the
3387 * size has decreased, or new bits are set. */
3388 mask_type *copy = NEW(mask_type, matches);
3389 for (i = 0; i < matches; i++) {
3390 copy[i].modifies = NEW(int, context->bitmask_size);
3391 }
3392 this_reginfo->masks = copy;
3393 this_reginfo->mask_count = matches;
3394 this_idata->changed = JNI_TRUE;
3395 matches = 0;
3396 last_match = -1;
3397 for (i = 0; i < mask_count; i++) {
3398 int entry = masks[i].entry;
3399 for (j = last_match + 1; j < new_mask_count; j++) {
3400 if (new_masks[j].entry == entry) {
3401 int *prev1 = masks[i].modifies;
3402 int *prev2 = new_masks[j].modifies;
3403 int *new = copy[matches].modifies;
3404 copy[matches].entry = entry;
3405 for (k = context->bitmask_size - 1; k >= 0; k--)
3406 new[k] = prev1[k] | prev2[k];
3407 matches++;
3408 last_match = j;
3409 break;
3410 }
3411 }
3412 }
3413 }
3414 }
3415 }
3416 }
3417
3418
3419 static void
3420 merge_flags(context_type *context, unsigned int from_inumber,
3421 unsigned int to_inumber,
3422 flag_type new_and_flags, flag_type new_or_flags)
3423 {
3424 /* Set this_idata->and_flags &= new_and_flags
3425 this_idata->or_flags |= new_or_flags
3426 */
3427 instruction_data_type *idata = context->instruction_data;
3428 instruction_data_type *this_idata = &idata[to_inumber];
3429 flag_type this_and_flags = this_idata->and_flags;
3430 flag_type this_or_flags = this_idata->or_flags;
3431 flag_type merged_and = this_and_flags & new_and_flags;
3432 flag_type merged_or = this_or_flags | new_or_flags;
3433
3434 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3435 this_idata->and_flags = merged_and;
3436 this_idata->or_flags = merged_or;
3437 this_idata->changed = JNI_TRUE;
3438 }
3439 }
3440
3441
3442 /* Make a copy of a stack */
3443
3444 static stack_item_type *
3445 copy_stack(context_type *context, stack_item_type *stack)
3446 {
3447 int length;
3448 stack_item_type *ptr;
3449
3450 /* Find the length */
3451 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3452
3453 if (length > 0) {
3454 stack_item_type *new_stack = NEW(stack_item_type, length);
3455 stack_item_type *new_ptr;
3456 for ( ptr = stack, new_ptr = new_stack;
3457 ptr != NULL;
3458 ptr = ptr->next, new_ptr++) {
3459 new_ptr->item = ptr->item;
3460 new_ptr->next = new_ptr + 1;
3461 }
3462 new_stack[length - 1].next = NULL;
3463 return new_stack;
3464 } else {
3465 return NULL;
3466 }
3467 }
3468
3469
3470 static mask_type *
3471 copy_masks(context_type *context, mask_type *masks, int mask_count)
3472 {
3473 mask_type *result = NEW(mask_type, mask_count);
3474 int bitmask_size = context->bitmask_size;
3475 int *bitmaps = NEW(int, mask_count * bitmask_size);
3476 int i;
3477 for (i = 0; i < mask_count; i++) {
3478 result[i].entry = masks[i].entry;
3479 result[i].modifies = &bitmaps[i * bitmask_size];
3480 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3481 }
3482 return result;
3483 }
3484
3485
3486 static mask_type *
3487 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3488 {
3489 mask_type *result = NEW(mask_type, mask_count + 1);
3490 int bitmask_size = context->bitmask_size;
3491 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3492 int i;
3493 for (i = 0; i < mask_count; i++) {
3494 result[i].entry = masks[i].entry;
3495 result[i].modifies = &bitmaps[i * bitmask_size];
3496 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3497 }
3498 result[mask_count].entry = d;
3499 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3500 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3501 return result;
3502 }
3503
3504
3505
3506 /* We create our own storage manager, since we malloc lots of little items,
3507 * and I don't want to keep trace of when they become free. I sure wish that
3508 * we had heaps, and I could just free the heap when done.
3509 */
3510
3511 #define CCSegSize 2000
3512
3513 struct CCpool { /* a segment of allocated memory in the pool */
3514 struct CCpool *next;
3515 int segSize; /* almost always CCSegSize */
3516 int poolPad;
3517 char space[CCSegSize];
3518 };
3519
3520 /* Initialize the context's heap. */
3521 static void CCinit(context_type *context)
3522 {
3523 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3524 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3525 context->CCroot = context->CCcurrent = new;
3526 if (new == 0) {
3527 CCout_of_memory(context);
3528 }
3529 new->next = NULL;
3530 new->segSize = CCSegSize;
3531 context->CCfree_size = CCSegSize;
3532 context->CCfree_ptr = &new->space[0];
3533 }
3534
3535
3536 /* Reuse all the space that we have in the context's heap. */
3537 static void CCreinit(context_type *context)
3538 {
3539 struct CCpool *first = context->CCroot;
3540 context->CCcurrent = first;
3541 context->CCfree_size = CCSegSize;
3542 context->CCfree_ptr = &first->space[0];
3543 }
3544
3545 /* Destroy the context's heap. */
3546 static void CCdestroy(context_type *context)
3547 {
3548 struct CCpool *this = context->CCroot;
3549 while (this) {
3550 struct CCpool *next = this->next;
3551 free(this);
3552 this = next;
3553 }
3554 /* These two aren't necessary. But can't hurt either */
3555 context->CCroot = context->CCcurrent = NULL;
3556 context->CCfree_ptr = 0;
3557 }
3558
3559 /* Allocate an object of the given size from the context's heap. */
3560 static void *
3561 CCalloc(context_type *context, int size, jboolean zero)
3562 {
3563
3564 register char *p;
3565 /* Round CC to the size of a pointer */
3566 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3567
3568 if (context->CCfree_size < size) {
3569 struct CCpool *current = context->CCcurrent;
3570 struct CCpool *new;
3571 if (size > CCSegSize) { /* we need to allocate a special block */
3572 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3573 (size - CCSegSize));
3574 if (new == 0) {
3575 CCout_of_memory(context);
3576 }
3577 new->next = current->next;
3578 new->segSize = size;
3579 current->next = new;
3580 } else {
3581 new = current->next;
3582 if (new == NULL) {
3583 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3584 if (new == 0) {
3585 CCout_of_memory(context);
3586 }
3587 current->next = new;
3588 new->next = NULL;
3589 new->segSize = CCSegSize;
3590 }
3591 }
3592 context->CCcurrent = new;
3593 context->CCfree_ptr = &new->space[0];
3594 context->CCfree_size = new->segSize;
3595 }
3596 p = context->CCfree_ptr;
3597 context->CCfree_ptr += size;
3598 context->CCfree_size -= size;
3599 if (zero)
3600 memset(p, 0, size);
3601 return p;
3602 }
3603
3604 /* Get the class associated with a particular field or method or class in the
3605 * constant pool. If is_field is true, we've got a field or method. If
3606 * false, we've got a class.
3607 */
3608 static fullinfo_type
3609 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3610 {
3611 JNIEnv *env = context->env;
3612 fullinfo_type result;
3613 const char *classname;
3614 switch (kind) {
3615 case JVM_CONSTANT_Class:
3616 classname = JVM_GetCPClassNameUTF(env,
3617 context->class,
3618 cp_index);
3619 break;
3620 case JVM_CONSTANT_Methodref:
3621 classname = JVM_GetCPMethodClassNameUTF(env,
3622 context->class,
3623 cp_index);
3624 break;
3625 case JVM_CONSTANT_Fieldref:
3626 classname = JVM_GetCPFieldClassNameUTF(env,
3627 context->class,
3628 cp_index);
3629 break;
3630 default:
3631 classname = NULL;
3632 CCerror(context, "Internal error #5");
3633 }
3634
3635 check_and_push(context, classname, VM_STRING_UTF);
3636 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3637 /* This make recursively call us, in case of a class array */
3638 signature_to_fieldtype(context, &classname, &result);
3639 } else {
3640 result = make_class_info_from_name(context, classname);
3641 }
3642 pop_and_free(context);
3643 return result;
3644 }
3645
3646
3647 static int
3648 print_CCerror_info(context_type *context)
3649 {
3650 JNIEnv *env = context->env;
3651 jclass cb = context->class;
3652 const char *classname = JVM_GetClassNameUTF(env, cb);
3653 const char *name = 0;
3654 const char *signature = 0;
3655 int n = 0;
3656 if (context->method_index != -1) {
3657 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3658 signature =
3659 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3660 n += jio_snprintf(context->message, context->message_buf_len,
3661 "(class: %s, method: %s signature: %s) ",
3662 (classname ? classname : ""),
3663 (name ? name : ""),
3664 (signature ? signature : ""));
3665 } else if (context->field_index != -1 ) {
3666 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3667 n += jio_snprintf(context->message, context->message_buf_len,
3668 "(class: %s, field: %s) ",
3669 (classname ? classname : 0),
3670 (name ? name : 0));
3671 } else {
3672 n += jio_snprintf(context->message, context->message_buf_len,
3673 "(class: %s) ", classname ? classname : "");
3674 }
3675 JVM_ReleaseUTF(classname);
3676 JVM_ReleaseUTF(name);
3677 JVM_ReleaseUTF(signature);
3678 return n;
3679 }
3680
3681 static void
3682 CCerror (context_type *context, char *format, ...)
3683 {
3684 int n = print_CCerror_info(context);
3685 va_list args;
3686 if (n >= 0 && n < context->message_buf_len) {
3687 va_start(args, format);
3688 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3689 format, args);
3690 va_end(args);
3691 }
3692 context->err_code = CC_VerifyError;
3693 longjmp(context->jump_buffer, 1);
3694 }
3695
3696 static void
3697 CCout_of_memory(context_type *context)
3698 {
3699 int n = print_CCerror_info(context);
3700 context->err_code = CC_OutOfMemory;
3701 longjmp(context->jump_buffer, 1);
3702 }
3703
3704 static void
3705 CFerror(context_type *context, char *format, ...)
3706 {
3707 int n = print_CCerror_info(context);
3708 va_list args;
3709 if (n >= 0 && n < context->message_buf_len) {
3710 va_start(args, format);
3711 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3712 format, args);
3713 va_end(args);
3714 }
3715 context->err_code = CC_ClassFormatError;
3716 longjmp(context->jump_buffer, 1);
3717 }
3718
3719 static char
3720 signature_to_fieldtype(context_type *context,
3721 const char **signature_p, fullinfo_type *full_info_p)
3722 {
3723 const char *p = *signature_p;
3724 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3725 char result;
3726 int array_depth = 0;
3727
3728 for (;;) {
3729 switch(*p++) {
3730 default:
3731 result = 0;
3732 break;
3733
3734 case JVM_SIGNATURE_BOOLEAN:
3735 full_info = (array_depth > 0)
3736 ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)
3737 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3738 result = 'I';
3739 break;
3740
3741 case JVM_SIGNATURE_BYTE:
3742 full_info = (array_depth > 0)
3743 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3744 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3745 result = 'I';
3746 break;
3747
3748 case JVM_SIGNATURE_CHAR:
3749 full_info = (array_depth > 0)
3750 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3751 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3752 result = 'I';
3753 break;
3754
3755 case JVM_SIGNATURE_SHORT:
3756 full_info = (array_depth > 0)
3757 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3758 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3759 result = 'I';
3760 break;
3761
3762 case JVM_SIGNATURE_INT:
3763 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3764 result = 'I';
3765 break;
3766
3767 case JVM_SIGNATURE_FLOAT:
3768 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3769 result = 'F';
3770 break;
3771
3772 case JVM_SIGNATURE_DOUBLE:
3773 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3774 result = 'D';
3775 break;
3776
3777 case JVM_SIGNATURE_LONG:
3778 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3779 result = 'L';
3780 break;
3781
3782 case JVM_SIGNATURE_ARRAY:
3783 array_depth++;
3784 continue; /* only time we ever do the loop > 1 */
3785
3786 case JVM_SIGNATURE_CLASS: {
3787 char buffer_space[256];
3788 char *buffer = buffer_space;
3789 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3790 int length;
3791 if (finish == NULL) {
3792 /* Signature must have ';' after the class name.
3793 * If it does not, return 0 and ITEM_Bogus in full_info. */
3794 result = 0;
3795 break;
3796 }
3797 length = finish - p;
3798 if (length + 1 > (int)sizeof(buffer_space)) {
3799 buffer = malloc(length + 1);
3800 check_and_push(context, buffer, VM_MALLOC_BLK);
3801 }
3802 memcpy(buffer, p, length);
3803 buffer[length] = '\0';
3804 full_info = make_class_info_from_name(context, buffer);
3805 result = 'A';
3806 p = finish + 1;
3807 if (buffer != buffer_space)
3808 pop_and_free(context);
3809 break;
3810 }
3811 } /* end of switch */
3812 break;
3813 }
3814 *signature_p = p;
3815 if (array_depth == 0 || result == 0) {
3816 /* either not an array, or result is bogus */
3817 *full_info_p = full_info;
3818 return result;
3819 } else {
3820 if (array_depth > MAX_ARRAY_DIMENSIONS)
3821 CCerror(context, "Array with too many dimensions");
3822 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3823 array_depth,
3824 GET_EXTRA_INFO(full_info));
3825 return 'A';
3826 }
3827 }
3828
3829
3830 /* Given an array type, create the type that has one less level of
3831 * indirection.
3832 */
3833
3834 static fullinfo_type
3835 decrement_indirection(fullinfo_type array_info)
3836 {
3837 if (array_info == NULL_FULLINFO) {
3838 return NULL_FULLINFO;
3839 } else {
3840 int type = GET_ITEM_TYPE(array_info);
3841 int indirection = GET_INDIRECTION(array_info) - 1;
3842 int extra_info = GET_EXTRA_INFO(array_info);
3843 if ( (indirection == 0)
3844 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3845 type = ITEM_Integer;
3846 return MAKE_FULLINFO(type, indirection, extra_info);
3847 }
3848 }
3849
3850
3851 /* See if we can assign an object of the "from" type to an object
3852 * of the "to" type.
3853 */
3854
3855 static jboolean isAssignableTo(context_type *context,
3856 fullinfo_type from, fullinfo_type to)
3857 {
3858 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3859 }
3860
3861 /* Given two fullinfo_type's, find their lowest common denominator. If
3862 * the assignable_p argument is non-null, we're really just calling to find
3863 * out if "<target> := <value>" is a legitimate assignment.
3864 *
3865 * We treat all interfaces as if they were of type java/lang/Object, since the
3866 * runtime will do the full checking.
3867 */
3868 static fullinfo_type
3869 merge_fullinfo_types(context_type *context,
3870 fullinfo_type value, fullinfo_type target,
3871 jboolean for_assignment)
3872 {
3873 JNIEnv *env = context->env;
3874 if (value == target) {
3875 /* If they're identical, clearly just return what we've got */
3876 return value;
3877 }
3878
3879 /* Both must be either arrays or objects to go further */
3880 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3881 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3882 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3883 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3884
3885 /* If either is NULL, return the other. */
3886 if (value == NULL_FULLINFO)
3887 return target;
3888 else if (target == NULL_FULLINFO)
3889 return value;
3890
3891 /* If either is java/lang/Object, that's the result. */
3892 if (target == context->object_info)
3893 return target;
3894 else if (value == context->object_info) {
3895 /* Minor hack. For assignments, Interface := Object, return Interface
3896 * rather than Object, so that isAssignableTo() will get the right
3897 * result. */
3898 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3899 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3900 jclass cb = object_fullinfo_to_classclass(context,
3901 target);
3902 int is_interface = cb && JVM_IsInterface(env, cb);
3903 if (is_interface)
3904 return target;
3905 }
3906 return value;
3907 }
3908 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3909 /* At least one is an array. Neither is java/lang/Object or NULL.
3910 * Moreover, the types are not identical.
3911 * The result must either be Object, or an array of some object type.
3912 */
3913 fullinfo_type value_base, target_base;
3914 int dimen_value = GET_INDIRECTION(value);
3915 int dimen_target = GET_INDIRECTION(target);
3916
3917 if (target == context->cloneable_info ||
3918 target == context->serializable_info) {
3919 return target;
3920 }
3921
3922 if (value == context->cloneable_info ||
3923 value == context->serializable_info) {
3924 return value;
3925 }
3926
3927 /* First, if either item's base type isn't ITEM_Object, promote it up
3928 * to an object or array of object. If either is elemental, we can
3929 * punt.
3930 */
3931 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3932 if (dimen_value == 0)
3933 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3934 dimen_value--;
3935 value = MAKE_Object_ARRAY(dimen_value);
3936
3937 }
3938 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3939 if (dimen_target == 0)
3940 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3941 dimen_target--;
3942 target = MAKE_Object_ARRAY(dimen_target);
3943 }
3944 /* Both are now objects or arrays of some sort of object type */
3945 value_base = WITH_ZERO_INDIRECTION(value);
3946 target_base = WITH_ZERO_INDIRECTION(target);
3947 if (dimen_value == dimen_target) {
3948 /* Arrays of the same dimension. Merge their base types. */
3949 fullinfo_type result_base =
3950 merge_fullinfo_types(context, value_base, target_base,
3951 for_assignment);
3952 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3953 /* bogus in, bogus out */
3954 return result_base;
3955 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3956 GET_EXTRA_INFO(result_base));
3957 } else {
3958 /* Arrays of different sizes. If the smaller dimension array's base
3959 * type is java/lang/Cloneable or java/io/Serializable, return it.
3960 * Otherwise return java/lang/Object with a dimension of the smaller
3961 * of the two */
3962 if (dimen_value < dimen_target) {
3963 if (value_base == context->cloneable_info ||
3964 value_base == context ->serializable_info) {
3965 return value;
3966 }
3967 return MAKE_Object_ARRAY(dimen_value);
3968 } else {
3969 if (target_base == context->cloneable_info ||
3970 target_base == context->serializable_info) {
3971 return target;
3972 }
3973 return MAKE_Object_ARRAY(dimen_target);
3974 }
3975 }
3976 } else {
3977 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3978 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3979 fullinfo_type result_info;
3980
3981 /* Let's get the classes corresponding to each of these. Treat
3982 * interfaces as if they were java/lang/Object. See hack note above. */
3983 cb_target = object_fullinfo_to_classclass(context, target);
3984 if (cb_target == 0)
3985 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3986 if (JVM_IsInterface(env, cb_target))
3987 return for_assignment ? target : context->object_info;
3988 cb_value = object_fullinfo_to_classclass(context, value);
3989 if (cb_value == 0)
3990 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3991 if (JVM_IsInterface(env, cb_value))
3992 return context->object_info;
3993
3994 /* If this is for assignment of target := value, we just need to see if
3995 * cb_target is a superclass of cb_value. Save ourselves a lot of
3996 * work.
3997 */
3998 if (for_assignment) {
3999 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4000 while (cb_super_value != 0) {
4001 jclass tmp_cb;
4002 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4003 (*env)->DeleteLocalRef(env, cb_super_value);
4004 return target;
4005 }
4006 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4007 (*env)->DeleteLocalRef(env, cb_super_value);
4008 cb_super_value = tmp_cb;
4009 }
4010 (*env)->DeleteLocalRef(env, cb_super_value);
4011 return context->object_info;
4012 }
4013
4014 /* Find out whether cb_value or cb_target is deeper in the class
4015 * tree by moving both toward the root, and seeing who gets there
4016 * first. */
4017 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4018 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4019 while((cb_super_value != 0) &&
4020 (cb_super_target != 0)) {
4021 jclass tmp_cb;
4022 /* Optimization. If either hits the other when going up looking
4023 * for a parent, then might as well return the parent immediately */
4024 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4025 (*env)->DeleteLocalRef(env, cb_super_value);
4026 (*env)->DeleteLocalRef(env, cb_super_target);
4027 return target;
4028 }
4029 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4030 (*env)->DeleteLocalRef(env, cb_super_value);
4031 (*env)->DeleteLocalRef(env, cb_super_target);
4032 return value;
4033 }
4034 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4035 (*env)->DeleteLocalRef(env, cb_super_value);
4036 cb_super_value = tmp_cb;
4037
4038 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4039 (*env)->DeleteLocalRef(env, cb_super_target);
4040 cb_super_target = tmp_cb;
4041 }
4042 cb_value = (*env)->NewLocalRef(env, cb_value);
4043 cb_target = (*env)->NewLocalRef(env, cb_target);
4044 /* At most one of the following two while clauses will be executed.
4045 * Bring the deeper of cb_target and cb_value to the depth of the
4046 * shallower one.
4047 */
4048 while (cb_super_value != 0) {
4049 /* cb_value is deeper */
4050 jclass cb_tmp;
4051
4052 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4053 (*env)->DeleteLocalRef(env, cb_super_value);
4054 cb_super_value = cb_tmp;
4055
4056 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4057 (*env)->DeleteLocalRef(env, cb_value);
4058 cb_value = cb_tmp;
4059 }
4060 while (cb_super_target != 0) {
4061 /* cb_target is deeper */
4062 jclass cb_tmp;
4063
4064 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4065 (*env)->DeleteLocalRef(env, cb_super_target);
4066 cb_super_target = cb_tmp;
4067
4068 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4069 (*env)->DeleteLocalRef(env, cb_target);
4070 cb_target = cb_tmp;
4071 }
4072
4073 /* Walk both up, maintaining equal depth, until a join is found. We
4074 * know that we will find one. */
4075 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4076 jclass cb_tmp;
4077 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4078 (*env)->DeleteLocalRef(env, cb_value);
4079 cb_value = cb_tmp;
4080 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4081 (*env)->DeleteLocalRef(env, cb_target);
4082 cb_target = cb_tmp;
4083 }
4084 result_info = make_class_info(context, cb_value);
4085 (*env)->DeleteLocalRef(env, cb_value);
4086 (*env)->DeleteLocalRef(env, cb_super_value);
4087 (*env)->DeleteLocalRef(env, cb_target);
4088 (*env)->DeleteLocalRef(env, cb_super_target);
4089 return result_info;
4090 } /* both items are classes */
4091 }
4092
4093
4094 /* Given a fullinfo_type corresponding to an Object, return the jclass
4095 * of that type.
4096 *
4097 * This function always returns a global reference!
4098 */
4099
4100 static jclass
4101 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4102 {
4103 unsigned short info = GET_EXTRA_INFO(classinfo);
4104 return ID_to_class(context, info);
4105 }
4106
4107 static void free_block(void *ptr, int kind)
4108 {
4109 switch (kind) {
4110 case VM_STRING_UTF:
4111 JVM_ReleaseUTF(ptr);
4112 break;
4113 case VM_MALLOC_BLK:
4114 free(ptr);
4115 break;
4116 }
4117 }
4118
4119 static void check_and_push(context_type *context, const void *ptr, int kind)
4120 {
4121 alloc_stack_type *p;
4122 if (ptr == 0)
4123 CCout_of_memory(context);
4124 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4125 p = &(context->alloc_stack[context->alloc_stack_top++]);
4126 else {
4127 /* Otherwise we have to malloc */
4128 p = malloc(sizeof(alloc_stack_type));
4129 if (p == 0) {
4130 /* Make sure we clean up. */
4131 free_block((void *)ptr, kind);
4132 CCout_of_memory(context);
4133 }
4134 }
4135 p->kind = kind;
4136 p->ptr = (void *)ptr;
4137 p->next = context->allocated_memory;
4138 context->allocated_memory = p;
4139 }
4140
4141 static void pop_and_free(context_type *context)
4142 {
4143 alloc_stack_type *p = context->allocated_memory;
4144 context->allocated_memory = p->next;
4145 free_block(p->ptr, p->kind);
4146 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4147 p >= context->alloc_stack)
4148 context->alloc_stack_top--;
4149 else
4150 free(p);
4151 }
4152
4153 static int signature_to_args_size(const char *method_signature)
4154 {
4155 const char *p;
4156 int args_size = 0;
4157 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4158 switch (*p) {
4159 case JVM_SIGNATURE_BOOLEAN:
4160 case JVM_SIGNATURE_BYTE:
4161 case JVM_SIGNATURE_CHAR:
4162 case JVM_SIGNATURE_SHORT:
4163 case JVM_SIGNATURE_INT:
4164 case JVM_SIGNATURE_FLOAT:
4165 args_size += 1;
4166 break;
4167 case JVM_SIGNATURE_CLASS:
4168 args_size += 1;
4169 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4170 break;
4171 case JVM_SIGNATURE_ARRAY:
4172 args_size += 1;
4173 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4174 /* If an array of classes, skip over class name, too. */
4175 if (*p == JVM_SIGNATURE_CLASS) {
4176 while (*p != JVM_SIGNATURE_ENDCLASS)
4177 p++;
4178 }
4179 break;
4180 case JVM_SIGNATURE_DOUBLE:
4181 case JVM_SIGNATURE_LONG:
4182 args_size += 2;
4183 break;
4184 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4185 break;
4186 default:
4187 /* Indicate an error. */
4188 return 0;
4189 }
4190 }
4191 return args_size;
4192 }
4193
4194 #ifdef DEBUG
4195
4196 /* Below are for debugging. */
4197
4198 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4199
4200 static void
4201 print_stack(context_type *context, stack_info_type *stack_info)
4202 {
4203 stack_item_type *stack = stack_info->stack;
4204 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4205 jio_fprintf(stdout, "x");
4206 } else {
4207 jio_fprintf(stdout, "(");
4208 for ( ; stack != 0; stack = stack->next)
4209 print_fullinfo_type(context, stack->item,
4210 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4211 jio_fprintf(stdout, ")");
4212 }
4213 }
4214
4215 static void
4216 print_registers(context_type *context, register_info_type *register_info)
4217 {
4218 int register_count = register_info->register_count;
4219 if (register_count == UNKNOWN_REGISTER_COUNT) {
4220 jio_fprintf(stdout, "x");
4221 } else {
4222 fullinfo_type *registers = register_info->registers;
4223 int mask_count = register_info->mask_count;
4224 mask_type *masks = register_info->masks;
4225 int i, j;
4226
4227 jio_fprintf(stdout, "{");
4228 for (i = 0; i < register_count; i++)
4229 print_fullinfo_type(context, registers[i],
4230 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4231 jio_fprintf(stdout, "}");
4232 for (i = 0; i < mask_count; i++) {
4233 char *separator = "";
4234 int *modifies = masks[i].modifies;
4235 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4236 for (j = 0;
4237 j < JVM_GetMethodIxLocalsCount(context->env,
4238 context->class,
4239 context->method_index);
4240 j++)
4241 if (IS_BIT_SET(modifies, j)) {
4242 jio_fprintf(stdout, "%s%d", separator, j);
4243 separator = ",";
4244 }
4245 jio_fprintf(stdout, ">");
4246 }
4247 }
4248 }
4249
4250
4251 static void
4252 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4253 {
4254 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4255 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4256 }
4257 }
4258
4259 static void
4260 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4261 {
4262 int i;
4263 int indirection = GET_INDIRECTION(type);
4264 for (i = indirection; i-- > 0; )
4265 jio_fprintf(stdout, "[");
4266 switch (GET_ITEM_TYPE(type)) {
4267 case ITEM_Integer:
4268 jio_fprintf(stdout, "I"); break;
4269 case ITEM_Float:
4270 jio_fprintf(stdout, "F"); break;
4271 case ITEM_Double:
4272 jio_fprintf(stdout, "D"); break;
4273 case ITEM_Double_2:
4274 jio_fprintf(stdout, "d"); break;
4275 case ITEM_Long:
4276 jio_fprintf(stdout, "L"); break;
4277 case ITEM_Long_2:
4278 jio_fprintf(stdout, "l"); break;
4279 case ITEM_ReturnAddress:
4280 jio_fprintf(stdout, "a"); break;
4281 case ITEM_Object:
4282 if (!verbose) {
4283 jio_fprintf(stdout, "A");
4284 } else {
4285 unsigned short extra = GET_EXTRA_INFO(type);
4286 if (extra == 0) {
4287 jio_fprintf(stdout, "/Null/");
4288 } else {
4289 const char *name = ID_to_class_name(context, extra);
4290 const char *name2 = strrchr(name, '/');
4291 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4292 }
4293 }
4294 break;
4295 case ITEM_Char:
4296 jio_fprintf(stdout, "C"); break;
4297 case ITEM_Short:
4298 jio_fprintf(stdout, "S"); break;
4299 case ITEM_Boolean:
4300 jio_fprintf(stdout, "Z"); break;
4301 case ITEM_Byte:
4302 jio_fprintf(stdout, "B"); break;
4303 case ITEM_NewObject:
4304 if (!verbose) {
4305 jio_fprintf(stdout, "@");
4306 } else {
4307 int inum = GET_EXTRA_INFO(type);
4308 fullinfo_type real_type =
4309 context->instruction_data[inum].operand2.fi;
4310 jio_fprintf(stdout, ">");
4311 print_fullinfo_type(context, real_type, JNI_TRUE);
4312 jio_fprintf(stdout, "<");
4313 }
4314 break;
4315 case ITEM_InitObject:
4316 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4317 break;
4318
4319 default:
4320 jio_fprintf(stdout, "?"); break;
4321 }
4322 for (i = indirection; i-- > 0; )
4323 jio_fprintf(stdout, "]");
4324 }
4325
4326
4327 static void
4328 print_formatted_fieldname(context_type *context, int index)
4329 {
4330 JNIEnv *env = context->env;
4331 jclass cb = context->class;
4332 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4333 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4334 jio_fprintf(stdout, " <%s.%s>",
4335 classname ? classname : "", fieldname ? fieldname : "");
4336 JVM_ReleaseUTF(classname);
4337 JVM_ReleaseUTF(fieldname);
4338 }
4339
4340 static void
4341 print_formatted_methodname(context_type *context, int index)
4342 {
4343 JNIEnv *env = context->env;
4344 jclass cb = context->class;
4345 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4346 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4347 jio_fprintf(stdout, " <%s.%s>",
4348 classname ? classname : "", methodname ? methodname : "");
4349 JVM_ReleaseUTF(classname);
4350 JVM_ReleaseUTF(methodname);
4351 }
4352
4353 #endif /*DEBUG*/