1 /*
2 * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 /*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30 /*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82 #include <string.h>
83 #include <setjmp.h>
84 #include <assert.h>
85 #include <limits.h>
86 #include <stdlib.h>
87
88 #include "jni.h"
89 #include "jvm.h"
90 #include "classfile_constants.h"
91 #include "opcodes.in_out"
92
93 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
94 * but the code here does not handles it. So we wrap the methods and return non-NULL
95 * pointers even if we allocate 0 bytes.
96 */
97 #ifdef _AIX
98 static int aix_dummy;
99 static void* aix_malloc(size_t len) {
100 if (len == 0) {
101 return &aix_dummy;
102 }
103 return malloc(len);
104 }
105
106 static void* aix_calloc(size_t n, size_t size) {
107 if (n == 0) {
108 return &aix_dummy;
109 }
110 return calloc(n, size);
111 }
112
113 static void aix_free(void* p) {
114 if (p == &aix_dummy) {
115 return;
116 }
117 free(p);
118 }
119
120 #undef malloc
121 #undef calloc
122 #undef free
123 #define malloc aix_malloc
124 #define calloc aix_calloc
125 #define free aix_free
126 #endif
127
128 #ifdef __APPLE__
129 /* use setjmp/longjmp versions that do not save/restore the signal mask */
130 #define setjmp _setjmp
131 #define longjmp _longjmp
132 #endif
133
134 #define MAX_ARRAY_DIMENSIONS 255
135 /* align byte code */
136 #ifndef ALIGN_UP
137 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
138 #endif /* ALIGN_UP */
139 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
140
141 #ifdef DEBUG
142
143 int verify_verbose = 0;
144 static struct context_type *GlobalContext;
145 #endif
146
147 enum {
148 ITEM_Bogus,
149 ITEM_Void, /* only as a function return value */
150 ITEM_Integer,
151 ITEM_Float,
152 ITEM_Double,
153 ITEM_Double_2, /* 2nd word of double in register */
154 ITEM_Long,
155 ITEM_Long_2, /* 2nd word of long in register */
156 ITEM_Array,
157 ITEM_Object, /* Extra info field gives name. */
158 ITEM_NewObject, /* Like object, but uninitialized. */
159 ITEM_InitObject, /* "this" is init method, before call
160 to super() */
161 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
162 /* The following three are only used within array types.
163 * Normally, we use ITEM_Integer, instead. */
164 ITEM_Byte,
165 ITEM_Short,
166 ITEM_Char
167 };
168
169
170 #define UNKNOWN_STACK_SIZE -1
171 #define UNKNOWN_REGISTER_COUNT -1
172 #define UNKNOWN_RET_INSTRUCTION -1
173
174 #undef MAX
175 #undef MIN
176 #define MAX(a, b) ((a) > (b) ? (a) : (b))
177 #define MIN(a, b) ((a) < (b) ? (a) : (b))
178
179 #define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
180 #define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
181 ((unsigned)1 << ((i) % BITS_PER_INT)))
182 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
183 ((unsigned)1 << ((i) % BITS_PER_INT)))
184
185 typedef unsigned int fullinfo_type;
186 typedef unsigned int *bitvector;
187
188 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
189 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
190 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
191 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
192 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
193
194 #define MAKE_FULLINFO(type, indirect, extra) \
195 ((type) + ((indirect) << 5) + ((extra) << 16))
196
197 #define MAKE_Object_ARRAY(indirect) \
198 (context->object_info + ((indirect) << 5))
199
200 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
201
202 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
203 #define JVM_OPC_invokeinit 0x100
204
205 /* A hash mechanism used by the verifier.
206 * Maps class names to unique 16 bit integers.
207 */
208
209 #define HASH_TABLE_SIZE 503
210
211 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
212 * row (256 buckets) at a time to minimize fragmentation. Rows are
213 * allocated on demand so that we don't waste too much space.
214 */
215
216 #define MAX_HASH_ENTRIES 65536
217 #define HASH_ROW_SIZE 256
218
219 typedef struct hash_bucket_type {
220 char *name;
221 unsigned int hash;
222 jclass class;
223 unsigned short ID;
224 unsigned short next;
225 unsigned loadable:1; /* from context->class loader */
226 } hash_bucket_type;
227
228 typedef struct {
229 hash_bucket_type **buckets;
230 unsigned short *table;
231 int entries_used;
232 } hash_table_type;
233
234 #define GET_BUCKET(class_hash, ID)\
235 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
236
237 /*
238 * There are currently two types of resources that we need to keep
239 * track of (in addition to the CCalloc pool).
240 */
241 enum {
242 VM_STRING_UTF, /* VM-allocated UTF strings */
243 VM_MALLOC_BLK /* malloc'ed blocks */
244 };
245
246 #define LDC_CLASS_MAJOR_VERSION 49
247
248 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
249
250 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
251
252 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
253
254 #define ALLOC_STACK_SIZE 16 /* big enough */
255
256 typedef struct alloc_stack_type {
257 void *ptr;
258 int kind;
259 struct alloc_stack_type *next;
260 } alloc_stack_type;
261
262 /* The context type encapsulates the current invocation of the byte
263 * code verifier.
264 */
265 struct context_type {
266
267 JNIEnv *env; /* current JNIEnv */
268
269 /* buffers etc. */
270 char *message;
271 jint message_buf_len;
272 jboolean err_code;
273
274 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
275 had a chance to free */
276 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
277 blocks here, to save mallocs. */
278 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
279 int alloc_stack_top;
280
281 /* these fields are per class */
282 jclass class; /* current class */
283 jint major_version;
284 jint nconstants;
285 unsigned char *constant_types;
286 hash_table_type class_hash;
287
288 fullinfo_type object_info; /* fullinfo for java/lang/Object */
289 fullinfo_type string_info; /* fullinfo for java/lang/String */
290 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
291 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
292 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
293
294 fullinfo_type currentclass_info; /* fullinfo for context->class */
295 fullinfo_type superclass_info; /* fullinfo for superclass */
296
297 /* these fields are per method */
298 int method_index; /* current method */
299 unsigned short *exceptions; /* exceptions */
300 unsigned char *code; /* current code object */
301 jint code_length;
302 int *code_data; /* offset to instruction number */
303 struct instruction_data_type *instruction_data; /* info about each */
304 struct handler_info_type *handler_info;
305 fullinfo_type *superclasses; /* null terminated superclasses */
306 int instruction_count; /* number of instructions */
307 fullinfo_type return_type; /* function return type */
308 fullinfo_type swap_table[4]; /* used for passing information */
309 int bitmask_size; /* words needed to hold bitmap of arguments */
310
311 /* these fields are per field */
312 int field_index;
313
314 /* Used by the space allocator */
315 struct CCpool *CCroot, *CCcurrent;
316 char *CCfree_ptr;
317 int CCfree_size;
318
319 /* Jump here on any error. */
320 jmp_buf jump_buffer;
321
322 #ifdef DEBUG
323 /* keep track of how many global refs are allocated. */
324 int n_globalrefs;
325 #endif
326 };
327
328 struct stack_info_type {
329 struct stack_item_type *stack;
330 int stack_size;
331 };
332
333 struct register_info_type {
334 int register_count; /* number of registers used */
335 fullinfo_type *registers;
336 int mask_count; /* number of masks in the following */
337 struct mask_type *masks;
338 };
339
340 struct mask_type {
341 int entry;
342 int *modifies;
343 };
344
345 typedef unsigned short flag_type;
346
347 struct instruction_data_type {
348 int opcode; /* may turn into "canonical" opcode */
349 unsigned changed:1; /* has it changed */
350 unsigned protected:1; /* must accessor be a subclass of "this" */
351 union {
352 int i; /* operand to the opcode */
353 int *ip;
354 fullinfo_type fi;
355 } operand, operand2;
356 fullinfo_type p;
357 struct stack_info_type stack_info;
358 struct register_info_type register_info;
359 #define FLAG_REACHED 0x01 /* instruction reached */
360 #define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
361 #define FLAG_NO_RETURN 0x04 /* must throw out of method */
362 flag_type or_flags; /* true for at least one path to this inst */
363 #define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
364 flag_type and_flags; /* true for all paths to this instruction */
365 };
366
367 struct handler_info_type {
368 int start, end, handler;
369 struct stack_info_type stack_info;
370 };
371
372 struct stack_item_type {
373 fullinfo_type item;
374 struct stack_item_type *next;
375 };
376
377 typedef struct context_type context_type;
378 typedef struct instruction_data_type instruction_data_type;
379 typedef struct stack_item_type stack_item_type;
380 typedef struct register_info_type register_info_type;
381 typedef struct stack_info_type stack_info_type;
382 typedef struct mask_type mask_type;
383
384 static void read_all_code(context_type *context, jclass cb, int num_methods,
385 int** code_lengths, unsigned char*** code);
386 static void verify_method(context_type *context, jclass cb, int index,
387 int code_length, unsigned char* code);
388 static void free_all_code(context_type* context, int num_methods,
389 unsigned char** code);
390 static void verify_field(context_type *context, jclass cb, int index);
391
392 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
393 static void set_protected(context_type *, unsigned int inumber, int key, int);
394 static jboolean is_superclass(context_type *, fullinfo_type);
395
396 static void initialize_exception_table(context_type *);
397 static int instruction_length(unsigned char *iptr, unsigned char *end);
398 static jboolean isLegalTarget(context_type *, int offset);
399 static void verify_constant_pool_type(context_type *, int, unsigned);
400
401 static void initialize_dataflow(context_type *);
402 static void run_dataflow(context_type *context);
403 static void check_register_values(context_type *context, unsigned int inumber);
404 static void check_flags(context_type *context, unsigned int inumber);
405 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
406 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
407 static void update_flags(context_type *, unsigned int inumber,
408 flag_type *new_and_flags, flag_type *new_or_flags);
409 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
410
411 static void merge_into_successors(context_type *, unsigned int inumber,
412 register_info_type *register_info,
413 stack_info_type *stack_info,
414 flag_type and_flags, flag_type or_flags);
415 static void merge_into_one_successor(context_type *context,
416 unsigned int from_inumber,
417 unsigned int inumber,
418 register_info_type *register_info,
419 stack_info_type *stack_info,
420 flag_type and_flags, flag_type or_flags,
421 jboolean isException);
422 static void merge_stack(context_type *, unsigned int inumber,
423 unsigned int to_inumber, stack_info_type *);
424 static void merge_registers(context_type *, unsigned int inumber,
425 unsigned int to_inumber,
426 register_info_type *);
427 static void merge_flags(context_type *context, unsigned int from_inumber,
428 unsigned int to_inumber,
429 flag_type new_and_flags, flag_type new_or_flags);
430
431 static stack_item_type *copy_stack(context_type *, stack_item_type *);
432 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
433 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
434
435 static fullinfo_type decrement_indirection(fullinfo_type);
436
437 static fullinfo_type merge_fullinfo_types(context_type *context,
438 fullinfo_type a,
439 fullinfo_type b,
440 jboolean assignment);
441 static jboolean isAssignableTo(context_type *,
442 fullinfo_type a,
443 fullinfo_type b);
444
445 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
446
447
448 #define NEW(type, count) \
449 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
450 #define ZNEW(type, count) \
451 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
452
453 static void CCinit(context_type *context);
454 static void CCreinit(context_type *context);
455 static void CCdestroy(context_type *context);
456 static void *CCalloc(context_type *context, int size, jboolean zero);
457
458 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
459
460 static char signature_to_fieldtype(context_type *context,
461 const char **signature_p, fullinfo_type *info);
462
463 static void CCerror (context_type *, char *format, ...);
464 static void CFerror (context_type *, char *format, ...);
465 static void CCout_of_memory (context_type *);
466
467 /* Because we can longjmp any time, we need to be very careful about
468 * remembering what needs to be freed. */
469
470 static void check_and_push(context_type *context, const void *ptr, int kind);
471 static void pop_and_free(context_type *context);
472
473 static int signature_to_args_size(const char *method_signature);
474
475 #ifdef DEBUG
476 static void print_stack (context_type *, stack_info_type *stack_info);
477 static void print_registers(context_type *, register_info_type *register_info);
478 static void print_flags(context_type *, flag_type, flag_type);
479 static void print_formatted_fieldname(context_type *context, int index);
480 static void print_formatted_methodname(context_type *context, int index);
481 #endif
482
483 void initialize_class_hash(context_type *context)
484 {
485 hash_table_type *class_hash = &(context->class_hash);
486 class_hash->buckets = (hash_bucket_type **)
487 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
488 class_hash->table = (unsigned short *)
489 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
490 if (class_hash->buckets == 0 ||
491 class_hash->table == 0)
492 CCout_of_memory(context);
493 class_hash->entries_used = 0;
494 }
495
496 static void finalize_class_hash(context_type *context)
497 {
498 hash_table_type *class_hash = &(context->class_hash);
499 JNIEnv *env = context->env;
500 int i;
501 /* 4296677: bucket index starts from 1. */
502 for (i=1;i<=class_hash->entries_used;i++) {
503 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
504 assert(bucket != NULL);
505 free(bucket->name);
506 if (bucket->class) {
507 (*env)->DeleteGlobalRef(env, bucket->class);
508 #ifdef DEBUG
509 context->n_globalrefs--;
510 #endif
511 }
512 }
513 if (class_hash->buckets) {
514 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
515 if (class_hash->buckets[i] == 0)
516 break;
517 free(class_hash->buckets[i]);
518 }
519 }
520 free(class_hash->buckets);
521 free(class_hash->table);
522 }
523
524 static hash_bucket_type *
525 new_bucket(context_type *context, unsigned short *pID)
526 {
527 hash_table_type *class_hash = &(context->class_hash);
528 int i = *pID = class_hash->entries_used + 1;
529 int row = i / HASH_ROW_SIZE;
530 if (i >= MAX_HASH_ENTRIES)
531 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
532 if (class_hash->buckets[row] == 0) {
533 class_hash->buckets[row] = (hash_bucket_type*)
534 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
535 if (class_hash->buckets[row] == 0)
536 CCout_of_memory(context);
537 }
538 class_hash->entries_used++; /* only increment when we are sure there
539 is no overflow. */
540 return GET_BUCKET(class_hash, i);
541 }
542
543 static unsigned int
544 class_hash_fun(const char *s)
545 {
546 int i;
547 unsigned raw_hash;
548 for (raw_hash = 0; (i = *s) != '\0'; ++s)
549 raw_hash = raw_hash * 37 + i;
550 return raw_hash;
551 }
552
553 /*
554 * Find a class using the defining loader of the current class
555 * and return a local reference to it.
556 */
557 static jclass load_class_local(context_type *context,const char *classname)
558 {
559 jclass cb = JVM_FindClassFromClass(context->env, classname,
560 JNI_FALSE, context->class);
561 if (cb == 0)
562 CCerror(context, "Cannot find class %s", classname);
563 return cb;
564 }
565
566 /*
567 * Find a class using the defining loader of the current class
568 * and return a global reference to it.
569 */
570 static jclass load_class_global(context_type *context, const char *classname)
571 {
572 JNIEnv *env = context->env;
573 jclass local, global;
574
575 local = load_class_local(context, classname);
576 global = (*env)->NewGlobalRef(env, local);
577 if (global == 0)
578 CCout_of_memory(context);
579 #ifdef DEBUG
580 context->n_globalrefs++;
581 #endif
582 (*env)->DeleteLocalRef(env, local);
583 return global;
584 }
585
586 /*
587 * Return a unique ID given a local class reference. The loadable
588 * flag is true if the defining class loader of context->class
589 * is known to be capable of loading the class.
590 */
591 static unsigned short
592 class_to_ID(context_type *context, jclass cb, jboolean loadable)
593 {
594 JNIEnv *env = context->env;
595 hash_table_type *class_hash = &(context->class_hash);
596 unsigned int hash;
597 hash_bucket_type *bucket;
598 unsigned short *pID;
599 const char *name = JVM_GetClassNameUTF(env, cb);
600
601 check_and_push(context, name, VM_STRING_UTF);
602 hash = class_hash_fun(name);
603 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
604 while (*pID) {
605 bucket = GET_BUCKET(class_hash, *pID);
606 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
607 /*
608 * There is an unresolved entry with our name
609 * so we're forced to load it in case it matches us.
610 */
611 if (bucket->class == 0) {
612 assert(bucket->loadable == JNI_TRUE);
613 bucket->class = load_class_global(context, name);
614 }
615
616 /*
617 * It's already in the table. Update the loadable
618 * state if it's known and then we're done.
619 */
620 if ((*env)->IsSameObject(env, cb, bucket->class)) {
621 if (loadable && !bucket->loadable)
622 bucket->loadable = JNI_TRUE;
623 goto done;
624 }
625 }
626 pID = &bucket->next;
627 }
628 bucket = new_bucket(context, pID);
629 bucket->next = 0;
630 bucket->hash = hash;
631 bucket->name = malloc(strlen(name) + 1);
632 if (bucket->name == 0)
633 CCout_of_memory(context);
634 strcpy(bucket->name, name);
635 bucket->loadable = loadable;
636 bucket->class = (*env)->NewGlobalRef(env, cb);
637 if (bucket->class == 0)
638 CCout_of_memory(context);
639 #ifdef DEBUG
640 context->n_globalrefs++;
641 #endif
642
643 done:
644 pop_and_free(context);
645 return *pID;
646 }
647
648 /*
649 * Return a unique ID given a class name from the constant pool.
650 * All classes are lazily loaded from the defining loader of
651 * context->class.
652 */
653 static unsigned short
654 class_name_to_ID(context_type *context, const char *name)
655 {
656 hash_table_type *class_hash = &(context->class_hash);
657 unsigned int hash = class_hash_fun(name);
658 hash_bucket_type *bucket;
659 unsigned short *pID;
660 jboolean force_load = JNI_FALSE;
661
662 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
663 while (*pID) {
664 bucket = GET_BUCKET(class_hash, *pID);
665 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
666 if (bucket->loadable)
667 goto done;
668 force_load = JNI_TRUE;
669 }
670 pID = &bucket->next;
671 }
672
673 if (force_load) {
674 /*
675 * We found at least one matching named entry for a class that
676 * was not known to be loadable through the defining class loader
677 * of context->class. We must load our named class and update
678 * the hash table in case one these entries matches our class.
679 */
680 JNIEnv *env = context->env;
681 jclass cb = load_class_local(context, name);
682 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
683 (*env)->DeleteLocalRef(env, cb);
684 return id;
685 }
686
687 bucket = new_bucket(context, pID);
688 bucket->next = 0;
689 bucket->class = 0;
690 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
691 bucket->hash = hash;
692 bucket->name = malloc(strlen(name) + 1);
693 if (bucket->name == 0)
694 CCout_of_memory(context);
695 strcpy(bucket->name, name);
696
697 done:
698 return *pID;
699 }
700
701 static const char *
702 ID_to_class_name(context_type *context, unsigned short ID)
703 {
704 hash_table_type *class_hash = &(context->class_hash);
705 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
706 return bucket->name;
707 }
708
709 static jclass
710 ID_to_class(context_type *context, unsigned short ID)
711 {
712 hash_table_type *class_hash = &(context->class_hash);
713 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
714 if (bucket->class == 0) {
715 assert(bucket->loadable == JNI_TRUE);
716 bucket->class = load_class_global(context, bucket->name);
717 }
718 return bucket->class;
719 }
720
721 static fullinfo_type
722 make_loadable_class_info(context_type *context, jclass cb)
723 {
724 return MAKE_FULLINFO(ITEM_Object, 0,
725 class_to_ID(context, cb, JNI_TRUE));
726 }
727
728 static fullinfo_type
729 make_class_info(context_type *context, jclass cb)
730 {
731 return MAKE_FULLINFO(ITEM_Object, 0,
732 class_to_ID(context, cb, JNI_FALSE));
733 }
734
735 static fullinfo_type
736 make_class_info_from_name(context_type *context, const char *name)
737 {
738 return MAKE_FULLINFO(ITEM_Object, 0,
739 class_name_to_ID(context, name));
740 }
741
742 /* RETURNS
743 * 1: on success chosen to be consistent with previous VerifyClass
744 * 0: verify error
745 * 2: out of memory
746 * 3: class format error
747 *
748 * Called by verify_class. Verify the code of each of the methods
749 * in a class. Note that this function apparently can't be JNICALL,
750 * because if it is the dynamic linker doesn't appear to be able to
751 * find it on Win32.
752 */
753
754 #define CC_OK 1
755 #define CC_VerifyError 0
756 #define CC_OutOfMemory 2
757 #define CC_ClassFormatError 3
758
759 JNIEXPORT jboolean
760 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
761 jint major_version)
762 {
763 context_type context_structure;
764 context_type *context = &context_structure;
765 jboolean result = CC_OK;
766 int i;
767 int num_methods;
768 int* code_lengths;
769 unsigned char** code;
770
771 #ifdef DEBUG
772 GlobalContext = context;
773 #endif
774
775 memset(context, 0, sizeof(context_type));
776 context->message = buffer;
777 context->message_buf_len = len;
778
779 context->env = env;
780 context->class = cb;
781
782 /* Set invalid method/field index of the context, in case anyone
783 calls CCerror */
784 context->method_index = -1;
785 context->field_index = -1;
786
787 /* Don't call CCerror or anything that can call it above the setjmp! */
788 if (!setjmp(context->jump_buffer)) {
789 jclass super;
790
791 CCinit(context); /* initialize heap; may throw */
792
793 initialize_class_hash(context);
794
795 context->major_version = major_version;
796 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
797 context->constant_types = (unsigned char *)
798 malloc(sizeof(unsigned char) * context->nconstants + 1);
799
800 if (context->constant_types == 0)
801 CCout_of_memory(context);
802
803 JVM_GetClassCPTypes(env, cb, context->constant_types);
804
805 if (context->constant_types == 0)
806 CCout_of_memory(context);
807
808 context->object_info =
809 make_class_info_from_name(context, "java/lang/Object");
810 context->string_info =
811 make_class_info_from_name(context, "java/lang/String");
812 context->throwable_info =
813 make_class_info_from_name(context, "java/lang/Throwable");
814 context->cloneable_info =
815 make_class_info_from_name(context, "java/lang/Cloneable");
816 context->serializable_info =
817 make_class_info_from_name(context, "java/io/Serializable");
818
819 context->currentclass_info = make_loadable_class_info(context, cb);
820
821 super = (*env)->GetSuperclass(env, cb);
822
823 if (super != 0) {
824 fullinfo_type *gptr;
825 int i = 0;
826
827 context->superclass_info = make_loadable_class_info(context, super);
828
829 while(super != 0) {
830 jclass tmp_cb = (*env)->GetSuperclass(env, super);
831 (*env)->DeleteLocalRef(env, super);
832 super = tmp_cb;
833 i++;
834 }
835 (*env)->DeleteLocalRef(env, super);
836 super = 0;
837
838 /* Can't go on context heap since it survives more than
839 one method */
840 context->superclasses = gptr =
841 malloc(sizeof(fullinfo_type)*(i + 1));
842 if (gptr == 0) {
843 CCout_of_memory(context);
844 }
845
846 super = (*env)->GetSuperclass(env, context->class);
847 while(super != 0) {
848 jclass tmp_cb;
849 *gptr++ = make_class_info(context, super);
850 tmp_cb = (*env)->GetSuperclass(env, super);
851 (*env)->DeleteLocalRef(env, super);
852 super = tmp_cb;
853 }
854 *gptr = 0;
855 } else {
856 context->superclass_info = 0;
857 }
858
859 (*env)->DeleteLocalRef(env, super);
860
861 /* Look at each method */
862 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
863 verify_field(context, cb, i);
864 num_methods = JVM_GetClassMethodsCount(env, cb);
865 read_all_code(context, cb, num_methods, &code_lengths, &code);
866 for (i = num_methods - 1; i >= 0; --i)
867 verify_method(context, cb, i, code_lengths[i], code[i]);
868 free_all_code(context, num_methods, code);
869 result = CC_OK;
870 } else {
871 result = context->err_code;
872 }
873
874 /* Cleanup */
875 finalize_class_hash(context);
876
877 while(context->allocated_memory)
878 pop_and_free(context);
879
880 #ifdef DEBUG
881 GlobalContext = 0;
882 #endif
883
884 if (context->exceptions)
885 free(context->exceptions);
886
887 if (context->constant_types)
888 free(context->constant_types);
889
890 if (context->superclasses)
891 free(context->superclasses);
892
893 #ifdef DEBUG
894 /* Make sure all global refs created in the verifier are freed */
895 assert(context->n_globalrefs == 0);
896 #endif
897
898 CCdestroy(context); /* destroy heap */
899 return result;
900 }
901
902 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
903
904 JNIEXPORT jboolean
905 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
906 {
907 static int warned = 0;
908 if (!warned) {
909 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
910 warned = 1;
911 }
912 return VerifyClassForMajorVersion(env, cb, buffer, len,
913 OLD_FORMAT_MAX_MAJOR_VERSION);
914 }
915
916 static void
917 verify_field(context_type *context, jclass cb, int field_index)
918 {
919 JNIEnv *env = context->env;
920 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
921 context->field_index = field_index;
922
923 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
924 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
925 CCerror(context, "Inconsistent access bits.");
926 }
927 context->field_index = -1;
928 }
929
930
931 /**
932 * We read all of the class's methods' code because it is possible that
933 * the verification of one method could resulting in linking further
934 * down the stack (due to class loading), which could end up rewriting
935 * some of the bytecode of methods we haven't verified yet. Since we
936 * don't want to see the rewritten bytecode, cache all the code and
937 * operate only on that.
938 */
939 static void
940 read_all_code(context_type* context, jclass cb, int num_methods,
941 int** lengths_addr, unsigned char*** code_addr)
942 {
943 int* lengths;
944 unsigned char** code;
945 int i;
946
947 lengths = malloc(sizeof(int) * num_methods);
948 check_and_push(context, lengths, VM_MALLOC_BLK);
949
950 code = malloc(sizeof(unsigned char*) * num_methods);
951 check_and_push(context, code, VM_MALLOC_BLK);
952
953 *(lengths_addr) = lengths;
954 *(code_addr) = code;
955
956 for (i = 0; i < num_methods; ++i) {
957 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
958 if (lengths[i] > 0) {
959 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
960 check_and_push(context, code[i], VM_MALLOC_BLK);
961 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
962 } else {
963 code[i] = NULL;
964 }
965 }
966 }
967
968 static void
969 free_all_code(context_type* context, int num_methods, unsigned char** code)
970 {
971 int i;
972 for (i = 0; i < num_methods; ++i) {
973 if (code[i] != NULL) {
974 pop_and_free(context);
975 }
976 }
977 pop_and_free(context); /* code */
978 pop_and_free(context); /* lengths */
979 }
980
981 /* Verify the code of one method */
982 static void
983 verify_method(context_type *context, jclass cb, int method_index,
984 int code_length, unsigned char* code)
985 {
986 JNIEnv *env = context->env;
987 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
988 int *code_data;
989 instruction_data_type *idata = 0;
990 int instruction_count;
991 int i, offset;
992 unsigned int inumber;
993 jint nexceptions;
994
995 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
996 /* not much to do for abstract and native methods */
997 return;
998 }
999
1000 context->code_length = code_length;
1001 context->code = code;
1002
1003 /* CCerror can give method-specific info once this is set */
1004 context->method_index = method_index;
1005
1006 CCreinit(context); /* initial heap */
1007 code_data = NEW(int, code_length);
1008
1009 #ifdef DEBUG
1010 if (verify_verbose) {
1011 const char *classname = JVM_GetClassNameUTF(env, cb);
1012 const char *methodname =
1013 JVM_GetMethodIxNameUTF(env, cb, method_index);
1014 const char *signature =
1015 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1016 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1017 (classname ? classname : ""),
1018 (methodname ? methodname : ""),
1019 (signature ? signature : ""));
1020 JVM_ReleaseUTF(classname);
1021 JVM_ReleaseUTF(methodname);
1022 JVM_ReleaseUTF(signature);
1023 }
1024 #endif
1025
1026 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1027 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1028 CCerror(context, "Inconsistent access bits.");
1029 }
1030
1031 // If this method is an overpass method, which is generated by the VM,
1032 // we trust the code and no check needs to be done.
1033 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1034 return;
1035 }
1036
1037 /* Run through the code. Mark the start of each instruction, and give
1038 * the instruction a number */
1039 for (i = 0, offset = 0; offset < code_length; i++) {
1040 int length = instruction_length(&code[offset], code + code_length);
1041 int next_offset = offset + length;
1042 if (length <= 0)
1043 CCerror(context, "Illegal instruction found at offset %d", offset);
1044 if (next_offset > code_length)
1045 CCerror(context, "Code stops in the middle of instruction "
1046 " starting at offset %d", offset);
1047 code_data[offset] = i;
1048 while (++offset < next_offset)
1049 code_data[offset] = -1; /* illegal location */
1050 }
1051 instruction_count = i; /* number of instructions in code */
1052
1053 /* Allocate a structure to hold info about each instruction. */
1054 idata = NEW(instruction_data_type, instruction_count);
1055
1056 /* Initialize the heap, and other info in the context structure. */
1057 context->code = code;
1058 context->instruction_data = idata;
1059 context->code_data = code_data;
1060 context->instruction_count = instruction_count;
1061 context->handler_info =
1062 NEW(struct handler_info_type,
1063 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1064 context->bitmask_size =
1065 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1066 + (BITS_PER_INT - 1))/BITS_PER_INT;
1067
1068 if (instruction_count == 0)
1069 CCerror(context, "Empty code");
1070
1071 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1072 int length = instruction_length(&code[offset], code + code_length);
1073 instruction_data_type *this_idata = &idata[inumber];
1074 this_idata->opcode = code[offset];
1075 this_idata->stack_info.stack = NULL;
1076 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1077 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1078 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1079 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1080 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1081 this_idata->or_flags = 0; /* "bottom" or value*/
1082 /* This also sets up this_data->operand. It also makes the
1083 * xload_x and xstore_x instructions look like the generic form. */
1084 verify_opcode_operands(context, inumber, offset);
1085 offset += length;
1086 }
1087
1088
1089 /* make sure exception table is reasonable. */
1090 initialize_exception_table(context);
1091 /* Set up first instruction, and start of exception handlers. */
1092 initialize_dataflow(context);
1093 /* Run data flow analysis on the instructions. */
1094 run_dataflow(context);
1095
1096 /* verify checked exceptions, if any */
1097 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1098 context->exceptions = (unsigned short *)
1099 malloc(sizeof(unsigned short) * nexceptions + 1);
1100 if (context->exceptions == 0)
1101 CCout_of_memory(context);
1102 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1103 context->exceptions);
1104 for (i = 0; i < nexceptions; i++) {
1105 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1106 verify_constant_pool_type(context, (int)context->exceptions[i],
1107 1 << JVM_CONSTANT_Class);
1108 }
1109 free(context->exceptions);
1110 context->exceptions = 0;
1111 context->code = 0;
1112 context->method_index = -1;
1113 }
1114
1115
1116 /* Look at a single instruction, and verify its operands. Also, for
1117 * simplicity, move the operand into the ->operand field.
1118 * Make sure that branches don't go into the middle of nowhere.
1119 */
1120
1121 static jint _ck_ntohl(jint n)
1122 {
1123 unsigned char *p = (unsigned char *)&n;
1124 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1125 }
1126
1127 static void
1128 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1129 {
1130 JNIEnv *env = context->env;
1131 instruction_data_type *idata = context->instruction_data;
1132 instruction_data_type *this_idata = &idata[inumber];
1133 int *code_data = context->code_data;
1134 int mi = context->method_index;
1135 unsigned char *code = context->code;
1136 int opcode = this_idata->opcode;
1137 int var;
1138
1139 /*
1140 * Set the ip fields to 0 not the i fields because the ip fields
1141 * are 64 bits on 64 bit architectures, the i field is only 32
1142 */
1143 this_idata->operand.ip = 0;
1144 this_idata->operand2.ip = 0;
1145
1146 switch (opcode) {
1147
1148 case JVM_OPC_jsr:
1149 /* instruction of ret statement */
1150 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1151 /* FALLTHROUGH */
1152 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1153 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1154 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1155 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1156 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1157 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1158 case JVM_OPC_goto: {
1159 /* Set the ->operand to be the instruction number of the target. */
1160 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1161 int target = offset + jump;
1162 if (!isLegalTarget(context, target))
1163 CCerror(context, "Illegal target of jump or branch");
1164 this_idata->operand.i = code_data[target];
1165 break;
1166 }
1167
1168 case JVM_OPC_jsr_w:
1169 /* instruction of ret statement */
1170 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1171 /* FALLTHROUGH */
1172 case JVM_OPC_goto_w: {
1173 /* Set the ->operand to be the instruction number of the target. */
1174 int jump = (((signed char)(code[offset+1])) << 24) +
1175 (code[offset+2] << 16) + (code[offset+3] << 8) +
1176 (code[offset + 4]);
1177 int target = offset + jump;
1178 if (!isLegalTarget(context, target))
1179 CCerror(context, "Illegal target of jump or branch");
1180 this_idata->operand.i = code_data[target];
1181 break;
1182 }
1183
1184 case JVM_OPC_tableswitch:
1185 case JVM_OPC_lookupswitch: {
1186 /* Set the ->operand to be a table of possible instruction targets. */
1187 int *lpc = (int *) UCALIGN(code + offset + 1);
1188 int *lptr;
1189 int *saved_operand;
1190 int keys;
1191 int k, delta;
1192
1193 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1194 /* 4639449, 4647081: Padding bytes must be zero. */
1195 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1196 for (; bptr < (unsigned char*)lpc; bptr++) {
1197 if (*bptr != 0) {
1198 CCerror(context, "Non zero padding bytes in switch");
1199 }
1200 }
1201 }
1202 if (opcode == JVM_OPC_tableswitch) {
1203 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1204 delta = 1;
1205 } else {
1206 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1207 delta = 2;
1208 /* Make sure that the tableswitch items are sorted */
1209 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1210 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1211 int next_key = _ck_ntohl(lptr[2]);
1212 if (this_key >= next_key) {
1213 CCerror(context, "Unsorted lookup switch");
1214 }
1215 }
1216 }
1217 saved_operand = NEW(int, keys + 2);
1218 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1219 CCerror(context, "Illegal default target in switch");
1220 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1221 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1222 int target = offset + _ck_ntohl(lptr[0]);
1223 if (!isLegalTarget(context, target))
1224 CCerror(context, "Illegal branch in tableswitch");
1225 saved_operand[k + 1] = code_data[target];
1226 }
1227 saved_operand[0] = keys + 1; /* number of successors */
1228 this_idata->operand.ip = saved_operand;
1229 break;
1230 }
1231
1232 case JVM_OPC_ldc: {
1233 /* Make sure the constant pool item is the right type. */
1234 int key = code[offset + 1];
1235 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1236 (1 << JVM_CONSTANT_String);
1237 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1238 types |= 1 << JVM_CONSTANT_Class;
1239 }
1240 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1241 types |= (1 << JVM_CONSTANT_MethodHandle) |
1242 (1 << JVM_CONSTANT_MethodType);
1243 }
1244 this_idata->operand.i = key;
1245 verify_constant_pool_type(context, key, types);
1246 break;
1247 }
1248
1249 case JVM_OPC_ldc_w: {
1250 /* Make sure the constant pool item is the right type. */
1251 int key = (code[offset + 1] << 8) + code[offset + 2];
1252 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1253 (1 << JVM_CONSTANT_String);
1254 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1255 types |= 1 << JVM_CONSTANT_Class;
1256 }
1257 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1258 types |= (1 << JVM_CONSTANT_MethodHandle) |
1259 (1 << JVM_CONSTANT_MethodType);
1260 }
1261 this_idata->operand.i = key;
1262 verify_constant_pool_type(context, key, types);
1263 break;
1264 }
1265
1266 case JVM_OPC_ldc2_w: {
1267 /* Make sure the constant pool item is the right type. */
1268 int key = (code[offset + 1] << 8) + code[offset + 2];
1269 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1270 this_idata->operand.i = key;
1271 verify_constant_pool_type(context, key, types);
1272 break;
1273 }
1274
1275 case JVM_OPC_getfield: case JVM_OPC_putfield:
1276 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1277 /* Make sure the constant pool item is the right type. */
1278 int key = (code[offset + 1] << 8) + code[offset + 2];
1279 this_idata->operand.i = key;
1280 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1281 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1282 set_protected(context, inumber, key, opcode);
1283 break;
1284 }
1285
1286 case JVM_OPC_invokevirtual:
1287 case JVM_OPC_invokespecial:
1288 case JVM_OPC_invokestatic:
1289 case JVM_OPC_invokedynamic:
1290 case JVM_OPC_invokeinterface: {
1291 /* Make sure the constant pool item is the right type. */
1292 int key = (code[offset + 1] << 8) + code[offset + 2];
1293 const char *methodname;
1294 jclass cb = context->class;
1295 fullinfo_type clazz_info;
1296 int is_constructor, is_internal, is_invokedynamic;
1297 int kind;
1298
1299 switch (opcode ) {
1300 case JVM_OPC_invokestatic:
1301 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1302 ? (1 << JVM_CONSTANT_Methodref)
1303 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1304 break;
1305 case JVM_OPC_invokedynamic:
1306 kind = 1 << JVM_CONSTANT_NameAndType;
1307 break;
1308 case JVM_OPC_invokeinterface:
1309 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1310 break;
1311 default:
1312 kind = 1 << JVM_CONSTANT_Methodref;
1313 }
1314
1315 is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1316 /* Make sure the constant pool item is the right type. */
1317 verify_constant_pool_type(context, key, kind);
1318 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1319 check_and_push(context, methodname, VM_STRING_UTF);
1320 is_constructor = !strcmp(methodname, "<init>");
1321 is_internal = methodname[0] == '<';
1322 pop_and_free(context);
1323
1324 if (is_invokedynamic)
1325 clazz_info = context->object_info; // anything will do
1326 else
1327 clazz_info = cp_index_to_class_fullinfo(context, key,
1328 JVM_CONSTANT_Methodref);
1329 this_idata->operand.i = key;
1330 this_idata->operand2.fi = clazz_info;
1331 if (is_constructor) {
1332 if (opcode != JVM_OPC_invokespecial) {
1333 CCerror(context,
1334 "Must call initializers using invokespecial");
1335 }
1336 this_idata->opcode = JVM_OPC_invokeinit;
1337 } else {
1338 if (is_internal) {
1339 CCerror(context, "Illegal call to internal method");
1340 }
1341 if (opcode == JVM_OPC_invokespecial
1342 && clazz_info != context->currentclass_info
1343 && clazz_info != context->superclass_info) {
1344 int not_found = 1;
1345
1346 jclass super = (*env)->GetSuperclass(env, context->class);
1347 while(super != 0) {
1348 jclass tmp_cb;
1349 fullinfo_type new_info = make_class_info(context, super);
1350 if (clazz_info == new_info) {
1351 not_found = 0;
1352 break;
1353 }
1354 tmp_cb = (*env)->GetSuperclass(env, super);
1355 (*env)->DeleteLocalRef(env, super);
1356 super = tmp_cb;
1357 }
1358 (*env)->DeleteLocalRef(env, super);
1359
1360 /* The optimizer may cause this to happen on local code */
1361 if (not_found) {
1362 CCerror(context, "Illegal use of nonvirtual function call");
1363 }
1364 }
1365 }
1366 if (opcode == JVM_OPC_invokeinterface) {
1367 unsigned int args1;
1368 unsigned int args2;
1369 const char *signature =
1370 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1371 check_and_push(context, signature, VM_STRING_UTF);
1372 args1 = signature_to_args_size(signature) + 1;
1373 args2 = code[offset + 3];
1374 if (args1 != args2) {
1375 CCerror(context,
1376 "Inconsistent args_size for invokeinterface");
1377 }
1378 if (code[offset + 4] != 0) {
1379 CCerror(context,
1380 "Fourth operand byte of invokeinterface must be zero");
1381 }
1382 pop_and_free(context);
1383 } else if (opcode == JVM_OPC_invokedynamic) {
1384 if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1385 CCerror(context,
1386 "Third and fourth operand bytes of invokedynamic must be zero");
1387 }
1388 } else if (opcode == JVM_OPC_invokevirtual
1389 || opcode == JVM_OPC_invokespecial)
1390 set_protected(context, inumber, key, opcode);
1391 break;
1392 }
1393
1394
1395 case JVM_OPC_instanceof:
1396 case JVM_OPC_checkcast:
1397 case JVM_OPC_new:
1398 case JVM_OPC_anewarray:
1399 case JVM_OPC_multianewarray: {
1400 /* Make sure the constant pool item is a class */
1401 int key = (code[offset + 1] << 8) + code[offset + 2];
1402 fullinfo_type target;
1403 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1404 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1405 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1406 CCerror(context, "Illegal type");
1407 switch(opcode) {
1408 case JVM_OPC_anewarray:
1409 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1410 CCerror(context, "Array with too many dimensions");
1411 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1412 GET_INDIRECTION(target) + 1,
1413 GET_EXTRA_INFO(target));
1414 break;
1415 case JVM_OPC_new:
1416 if (WITH_ZERO_EXTRA_INFO(target) !=
1417 MAKE_FULLINFO(ITEM_Object, 0, 0))
1418 CCerror(context, "Illegal creation of multi-dimensional array");
1419 /* operand gets set to the "unitialized object". operand2 gets
1420 * set to what the value will be after it's initialized. */
1421 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1422 this_idata->operand2.fi = target;
1423 break;
1424 case JVM_OPC_multianewarray:
1425 this_idata->operand.fi = target;
1426 this_idata->operand2.i = code[offset + 3];
1427 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1428 || (this_idata->operand2.i == 0))
1429 CCerror(context, "Illegal dimension argument");
1430 break;
1431 default:
1432 this_idata->operand.fi = target;
1433 }
1434 break;
1435 }
1436
1437 case JVM_OPC_newarray: {
1438 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1439 fullinfo_type full_info;
1440 switch (code[offset + 1]) {
1441 case JVM_T_INT:
1442 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1443 case JVM_T_LONG:
1444 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1445 case JVM_T_FLOAT:
1446 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1447 case JVM_T_DOUBLE:
1448 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1449 case JVM_T_BYTE: case JVM_T_BOOLEAN:
1450 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1451 case JVM_T_CHAR:
1452 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1453 case JVM_T_SHORT:
1454 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1455 default:
1456 full_info = 0; /* Keep lint happy */
1457 CCerror(context, "Bad type passed to newarray");
1458 }
1459 this_idata->operand.fi = full_info;
1460 break;
1461 }
1462
1463 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1464 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1465 this_idata->opcode = JVM_OPC_iload;
1466 var = opcode - JVM_OPC_iload_0;
1467 goto check_local_variable;
1468
1469 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1470 this_idata->opcode = JVM_OPC_fload;
1471 var = opcode - JVM_OPC_fload_0;
1472 goto check_local_variable;
1473
1474 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1475 this_idata->opcode = JVM_OPC_aload;
1476 var = opcode - JVM_OPC_aload_0;
1477 goto check_local_variable;
1478
1479 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1480 this_idata->opcode = JVM_OPC_lload;
1481 var = opcode - JVM_OPC_lload_0;
1482 goto check_local_variable2;
1483
1484 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1485 this_idata->opcode = JVM_OPC_dload;
1486 var = opcode - JVM_OPC_dload_0;
1487 goto check_local_variable2;
1488
1489 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1490 this_idata->opcode = JVM_OPC_istore;
1491 var = opcode - JVM_OPC_istore_0;
1492 goto check_local_variable;
1493
1494 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1495 this_idata->opcode = JVM_OPC_fstore;
1496 var = opcode - JVM_OPC_fstore_0;
1497 goto check_local_variable;
1498
1499 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1500 this_idata->opcode = JVM_OPC_astore;
1501 var = opcode - JVM_OPC_astore_0;
1502 goto check_local_variable;
1503
1504 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1505 this_idata->opcode = JVM_OPC_lstore;
1506 var = opcode - JVM_OPC_lstore_0;
1507 goto check_local_variable2;
1508
1509 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1510 this_idata->opcode = JVM_OPC_dstore;
1511 var = opcode - JVM_OPC_dstore_0;
1512 goto check_local_variable2;
1513
1514 case JVM_OPC_wide:
1515 this_idata->opcode = code[offset + 1];
1516 var = (code[offset + 2] << 8) + code[offset + 3];
1517 switch(this_idata->opcode) {
1518 case JVM_OPC_lload: case JVM_OPC_dload:
1519 case JVM_OPC_lstore: case JVM_OPC_dstore:
1520 goto check_local_variable2;
1521 default:
1522 goto check_local_variable;
1523 }
1524
1525 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1526 case JVM_OPC_ret:
1527 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1528 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1529 var = code[offset + 1];
1530 check_local_variable:
1531 /* Make sure that the variable number isn't illegal. */
1532 this_idata->operand.i = var;
1533 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1534 CCerror(context, "Illegal local variable number");
1535 break;
1536
1537 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1538 var = code[offset + 1];
1539 check_local_variable2:
1540 /* Make sure that the variable number isn't illegal. */
1541 this_idata->operand.i = var;
1542 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1543 CCerror(context, "Illegal local variable number");
1544 break;
1545
1546 default:
1547 if (opcode > JVM_OPC_MAX)
1548 CCerror(context, "Quick instructions shouldn't appear yet.");
1549 break;
1550 } /* of switch */
1551 }
1552
1553
1554 static void
1555 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1556 {
1557 JNIEnv *env = context->env;
1558 fullinfo_type clazz_info;
1559 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1560 clazz_info = cp_index_to_class_fullinfo(context, key,
1561 JVM_CONSTANT_Fieldref);
1562 } else {
1563 clazz_info = cp_index_to_class_fullinfo(context, key,
1564 JVM_CONSTANT_Methodref);
1565 }
1566 if (is_superclass(context, clazz_info)) {
1567 jclass calledClass =
1568 object_fullinfo_to_classclass(context, clazz_info);
1569 int access;
1570 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1571 searches the referenced field or method in calledClass. The following
1572 while loop is added to search up the superclass chain to make this
1573 symbolic resolution consistent with the field/method resolution
1574 specified in VM spec 5.4.3. */
1575 calledClass = (*env)->NewLocalRef(env, calledClass);
1576 do {
1577 jclass tmp_cb;
1578 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1579 access = JVM_GetCPFieldModifiers
1580 (env, context->class, key, calledClass);
1581 } else {
1582 access = JVM_GetCPMethodModifiers
1583 (env, context->class, key, calledClass);
1584 }
1585 if (access != -1) {
1586 break;
1587 }
1588 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1589 (*env)->DeleteLocalRef(env, calledClass);
1590 calledClass = tmp_cb;
1591 } while (calledClass != 0);
1592
1593 if (access == -1) {
1594 /* field/method not found, detected at runtime. */
1595 } else if (access & JVM_ACC_PROTECTED) {
1596 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1597 context->instruction_data[inumber].protected = JNI_TRUE;
1598 }
1599 (*env)->DeleteLocalRef(env, calledClass);
1600 }
1601 }
1602
1603
1604 static jboolean
1605 is_superclass(context_type *context, fullinfo_type clazz_info) {
1606 fullinfo_type *fptr = context->superclasses;
1607
1608 if (fptr == 0)
1609 return JNI_FALSE;
1610 for (; *fptr != 0; fptr++) {
1611 if (*fptr == clazz_info)
1612 return JNI_TRUE;
1613 }
1614 return JNI_FALSE;
1615 }
1616
1617
1618 /* Look through each item on the exception table. Each of the fields must
1619 * refer to a legal instruction.
1620 */
1621 static void
1622 initialize_exception_table(context_type *context)
1623 {
1624 JNIEnv *env = context->env;
1625 int mi = context->method_index;
1626 struct handler_info_type *handler_info = context->handler_info;
1627 int *code_data = context->code_data;
1628 int code_length = context->code_length;
1629 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1630 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1631 if (max_stack_size < 1 && i > 0) {
1632 // If the method contains exception handlers, it must have room
1633 // on the expression stack for the exception that the VM could push
1634 CCerror(context, "Stack size too large");
1635 }
1636 for (; --i >= 0; handler_info++) {
1637 JVM_ExceptionTableEntryType einfo;
1638 stack_item_type *stack_item = NEW(stack_item_type, 1);
1639
1640 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1641 i, &einfo);
1642
1643 if (!(einfo.start_pc < einfo.end_pc &&
1644 einfo.start_pc >= 0 &&
1645 isLegalTarget(context, einfo.start_pc) &&
1646 (einfo.end_pc == code_length ||
1647 isLegalTarget(context, einfo.end_pc)))) {
1648 CFerror(context, "Illegal exception table range");
1649 }
1650 if (!((einfo.handler_pc > 0) &&
1651 isLegalTarget(context, einfo.handler_pc))) {
1652 CFerror(context, "Illegal exception table handler");
1653 }
1654
1655 handler_info->start = code_data[einfo.start_pc];
1656 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1657 handler_info->end = (einfo.end_pc == context->code_length) ?
1658 context->instruction_count : code_data[einfo.end_pc];
1659 handler_info->handler = code_data[einfo.handler_pc];
1660 handler_info->stack_info.stack = stack_item;
1661 handler_info->stack_info.stack_size = 1;
1662 stack_item->next = NULL;
1663 if (einfo.catchType != 0) {
1664 const char *classname;
1665 /* Constant pool entry type has been checked in format checker */
1666 classname = JVM_GetCPClassNameUTF(env,
1667 context->class,
1668 einfo.catchType);
1669 check_and_push(context, classname, VM_STRING_UTF);
1670 stack_item->item = make_class_info_from_name(context, classname);
1671 if (!isAssignableTo(context,
1672 stack_item->item,
1673 context->throwable_info))
1674 CCerror(context, "catch_type not a subclass of Throwable");
1675 pop_and_free(context);
1676 } else {
1677 stack_item->item = context->throwable_info;
1678 }
1679 }
1680 }
1681
1682
1683 /* Given a pointer to an instruction, return its length. Use the table
1684 * opcode_length[] which is automatically built.
1685 */
1686 static int instruction_length(unsigned char *iptr, unsigned char *end)
1687 {
1688 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1689 int instruction = *iptr;
1690 switch (instruction) {
1691 case JVM_OPC_tableswitch: {
1692 int *lpc = (int *)UCALIGN(iptr + 1);
1693 int index;
1694 if (lpc + 2 >= (int *)end) {
1695 return -1; /* do not read pass the end */
1696 }
1697 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1698 if ((index < 0) || (index > 65535)) {
1699 return -1; /* illegal */
1700 } else {
1701 return (unsigned char *)(&lpc[index + 4]) - iptr;
1702 }
1703 }
1704
1705 case JVM_OPC_lookupswitch: {
1706 int *lpc = (int *) UCALIGN(iptr + 1);
1707 int npairs;
1708 if (lpc + 1 >= (int *)end)
1709 return -1; /* do not read pass the end */
1710 npairs = _ck_ntohl(lpc[1]);
1711 /* There can't be more than 64K labels because of the limit
1712 * on per-method byte code length.
1713 */
1714 if (npairs < 0 || npairs >= 65536)
1715 return -1;
1716 else
1717 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1718 }
1719
1720 case JVM_OPC_wide:
1721 if (iptr + 1 >= end)
1722 return -1; /* do not read pass the end */
1723 switch(iptr[1]) {
1724 case JVM_OPC_ret:
1725 case JVM_OPC_iload: case JVM_OPC_istore:
1726 case JVM_OPC_fload: case JVM_OPC_fstore:
1727 case JVM_OPC_aload: case JVM_OPC_astore:
1728 case JVM_OPC_lload: case JVM_OPC_lstore:
1729 case JVM_OPC_dload: case JVM_OPC_dstore:
1730 return 4;
1731 case JVM_OPC_iinc:
1732 return 6;
1733 default:
1734 return -1;
1735 }
1736
1737 default: {
1738 /* A length of 0 indicates an error. */
1739 int length = opcode_length[instruction];
1740 return (length <= 0) ? -1 : length;
1741 }
1742 }
1743 }
1744
1745
1746 /* Given the target of a branch, make sure that it's a legal target. */
1747 static jboolean
1748 isLegalTarget(context_type *context, int offset)
1749 {
1750 int code_length = context->code_length;
1751 int *code_data = context->code_data;
1752 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1753 }
1754
1755
1756 /* Make sure that an element of the constant pool really is of the indicated
1757 * type.
1758 */
1759 static void
1760 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1761 {
1762 int nconstants = context->nconstants;
1763 unsigned char *type_table = context->constant_types;
1764 unsigned type;
1765
1766 if ((index <= 0) || (index >= nconstants))
1767 CCerror(context, "Illegal constant pool index");
1768
1769 type = type_table[index];
1770 if ((mask & (1 << type)) == 0)
1771 CCerror(context, "Illegal type in constant pool");
1772 }
1773
1774
1775 static void
1776 initialize_dataflow(context_type *context)
1777 {
1778 JNIEnv *env = context->env;
1779 instruction_data_type *idata = context->instruction_data;
1780 int mi = context->method_index;
1781 jclass cb = context->class;
1782 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1783 fullinfo_type *reg_ptr;
1784 fullinfo_type full_info;
1785 const char *p;
1786 const char *signature;
1787
1788 /* Initialize the function entry, since we know everything about it. */
1789 idata[0].stack_info.stack_size = 0;
1790 idata[0].stack_info.stack = NULL;
1791 idata[0].register_info.register_count = args_size;
1792 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1793 idata[0].register_info.mask_count = 0;
1794 idata[0].register_info.masks = NULL;
1795 idata[0].and_flags = 0; /* nothing needed */
1796 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1797 reg_ptr = idata[0].register_info.registers;
1798
1799 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1800 /* A non static method. If this is an <init> method, the first
1801 * argument is an uninitialized object. Otherwise it is an object of
1802 * the given class type. java.lang.Object.<init> is special since
1803 * we don't call its superclass <init> method.
1804 */
1805 if (JVM_IsConstructorIx(env, cb, mi)
1806 && context->currentclass_info != context->object_info) {
1807 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1808 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1809 } else {
1810 *reg_ptr++ = context->currentclass_info;
1811 }
1812 }
1813 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1814 check_and_push(context, signature, VM_STRING_UTF);
1815 /* Fill in each of the arguments into the registers. */
1816 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1817 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1818 switch (fieldchar) {
1819 case 'D': case 'L':
1820 *reg_ptr++ = full_info;
1821 *reg_ptr++ = full_info + 1;
1822 break;
1823 default:
1824 *reg_ptr++ = full_info;
1825 break;
1826 }
1827 }
1828 p++; /* skip over right parenthesis */
1829 if (*p == 'V') {
1830 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1831 } else {
1832 signature_to_fieldtype(context, &p, &full_info);
1833 context->return_type = full_info;
1834 }
1835 pop_and_free(context);
1836 /* Indicate that we need to look at the first instruction. */
1837 idata[0].changed = JNI_TRUE;
1838 }
1839
1840
1841 /* Run the data flow analysis, as long as there are things to change. */
1842 static void
1843 run_dataflow(context_type *context) {
1844 JNIEnv *env = context->env;
1845 int mi = context->method_index;
1846 jclass cb = context->class;
1847 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1848 instruction_data_type *idata = context->instruction_data;
1849 unsigned int icount = context->instruction_count;
1850 jboolean work_to_do = JNI_TRUE;
1851 unsigned int inumber;
1852
1853 /* Run through the loop, until there is nothing left to do. */
1854 while (work_to_do) {
1855 work_to_do = JNI_FALSE;
1856 for (inumber = 0; inumber < icount; inumber++) {
1857 instruction_data_type *this_idata = &idata[inumber];
1858 if (this_idata->changed) {
1859 register_info_type new_register_info;
1860 stack_info_type new_stack_info;
1861 flag_type new_and_flags, new_or_flags;
1862
1863 this_idata->changed = JNI_FALSE;
1864 work_to_do = JNI_TRUE;
1865 #ifdef DEBUG
1866 if (verify_verbose) {
1867 int opcode = this_idata->opcode;
1868 jio_fprintf(stdout, "Instruction %d: ", inumber);
1869 print_stack(context, &this_idata->stack_info);
1870 print_registers(context, &this_idata->register_info);
1871 print_flags(context,
1872 this_idata->and_flags, this_idata->or_flags);
1873 fflush(stdout);
1874 }
1875 #endif
1876 /* Make sure the registers and flags are appropriate */
1877 check_register_values(context, inumber);
1878 check_flags(context, inumber);
1879
1880 /* Make sure the stack can deal with this instruction */
1881 pop_stack(context, inumber, &new_stack_info);
1882
1883 /* Update the registers and flags */
1884 update_registers(context, inumber, &new_register_info);
1885 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1886
1887 /* Update the stack. */
1888 push_stack(context, inumber, &new_stack_info);
1889
1890 if (new_stack_info.stack_size > max_stack_size)
1891 CCerror(context, "Stack size too large");
1892 #ifdef DEBUG
1893 if (verify_verbose) {
1894 jio_fprintf(stdout, " ");
1895 print_stack(context, &new_stack_info);
1896 print_registers(context, &new_register_info);
1897 print_flags(context, new_and_flags, new_or_flags);
1898 fflush(stdout);
1899 }
1900 #endif
1901 /* Add the new stack and register information to any
1902 * instructions that can follow this instruction. */
1903 merge_into_successors(context, inumber,
1904 &new_register_info, &new_stack_info,
1905 new_and_flags, new_or_flags);
1906 }
1907 }
1908 }
1909 }
1910
1911
1912 /* Make sure that the registers contain a legitimate value for the given
1913 * instruction.
1914 */
1915
1916 static void
1917 check_register_values(context_type *context, unsigned int inumber)
1918 {
1919 instruction_data_type *idata = context->instruction_data;
1920 instruction_data_type *this_idata = &idata[inumber];
1921 int opcode = this_idata->opcode;
1922 int operand = this_idata->operand.i;
1923 int register_count = this_idata->register_info.register_count;
1924 fullinfo_type *registers = this_idata->register_info.registers;
1925 jboolean double_word = JNI_FALSE; /* default value */
1926 int type;
1927
1928 switch (opcode) {
1929 default:
1930 return;
1931 case JVM_OPC_iload: case JVM_OPC_iinc:
1932 type = ITEM_Integer; break;
1933 case JVM_OPC_fload:
1934 type = ITEM_Float; break;
1935 case JVM_OPC_aload:
1936 type = ITEM_Object; break;
1937 case JVM_OPC_ret:
1938 type = ITEM_ReturnAddress; break;
1939 case JVM_OPC_lload:
1940 type = ITEM_Long; double_word = JNI_TRUE; break;
1941 case JVM_OPC_dload:
1942 type = ITEM_Double; double_word = JNI_TRUE; break;
1943 }
1944 if (!double_word) {
1945 fullinfo_type reg;
1946 /* Make sure we don't have an illegal register or one with wrong type */
1947 if (operand >= register_count) {
1948 CCerror(context,
1949 "Accessing value from uninitialized register %d", operand);
1950 }
1951 reg = registers[operand];
1952
1953 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1954 /* the register is obviously of the given type */
1955 return;
1956 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1957 /* address type stuff be used on all arrays */
1958 return;
1959 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1960 CCerror(context, "Cannot load return address from register %d",
1961 operand);
1962 /* alternatively
1963 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1964 && (opcode == JVM_OPC_iload)
1965 && (type == ITEM_Object || type == ITEM_Integer)
1966 but this never occurs
1967 */
1968 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1969 return;
1970 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1971 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1972 type == ITEM_Object) {
1973 return;
1974 } else {
1975 CCerror(context, "Register %d contains wrong type", operand);
1976 }
1977 } else {
1978 /* Make sure we don't have an illegal register or one with wrong type */
1979 if ((operand + 1) >= register_count) {
1980 CCerror(context,
1981 "Accessing value from uninitialized register pair %d/%d",
1982 operand, operand+1);
1983 } else {
1984 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1985 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1986 return;
1987 } else {
1988 CCerror(context, "Register pair %d/%d contains wrong type",
1989 operand, operand+1);
1990 }
1991 }
1992 }
1993 }
1994
1995
1996 /* Make sure the flags contain legitimate values for this instruction.
1997 */
1998
1999 static void
2000 check_flags(context_type *context, unsigned int inumber)
2001 {
2002 instruction_data_type *idata = context->instruction_data;
2003 instruction_data_type *this_idata = &idata[inumber];
2004 int opcode = this_idata->opcode;
2005 switch (opcode) {
2006 case JVM_OPC_return:
2007 /* We need a constructor, but we aren't guaranteed it's called */
2008 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2009 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2010 CCerror(context, "Constructor must call super() or this()");
2011 /* fall through */
2012 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2013 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2014 if (this_idata->or_flags & FLAG_NO_RETURN)
2015 /* This method cannot exit normally */
2016 CCerror(context, "Cannot return normally");
2017 default:
2018 break; /* nothing to do. */
2019 }
2020 }
2021
2022 /* Make sure that the top of the stack contains reasonable values for the
2023 * given instruction. The post-pop values of the stack and its size are
2024 * returned in *new_stack_info.
2025 */
2026
2027 static void
2028 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2029 {
2030 instruction_data_type *idata = context->instruction_data;
2031 instruction_data_type *this_idata = &idata[inumber];
2032 int opcode = this_idata->opcode;
2033 stack_item_type *stack = this_idata->stack_info.stack;
2034 int stack_size = this_idata->stack_info.stack_size;
2035 char *stack_operands, *p;
2036 char buffer[257]; /* for holding manufactured argument lists */
2037 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2038 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2039 fullinfo_type full_info; /* only used in case of invoke instructions */
2040 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2041
2042 switch(opcode) {
2043 default:
2044 /* For most instructions, we just use a built-in table */
2045 stack_operands = opcode_in_out[opcode][0];
2046 break;
2047
2048 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2049 /* The top thing on the stack depends on the signature of
2050 * the object. */
2051 int operand = this_idata->operand.i;
2052 const char *signature =
2053 JVM_GetCPFieldSignatureUTF(context->env,
2054 context->class,
2055 operand);
2056 char *ip = buffer;
2057 check_and_push(context, signature, VM_STRING_UTF);
2058 #ifdef DEBUG
2059 if (verify_verbose) {
2060 print_formatted_fieldname(context, operand);
2061 }
2062 #endif
2063 if (opcode == JVM_OPC_putfield)
2064 *ip++ = 'A'; /* object for putfield */
2065 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2066 *ip = '\0';
2067 stack_operands = buffer;
2068 pop_and_free(context);
2069 break;
2070 }
2071
2072 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2073 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2074 case JVM_OPC_invokedynamic:
2075 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2076 /* The top stuff on the stack depends on the method signature */
2077 int operand = this_idata->operand.i;
2078 const char *signature =
2079 JVM_GetCPMethodSignatureUTF(context->env,
2080 context->class,
2081 operand);
2082 char *ip = buffer;
2083 const char *p;
2084 check_and_push(context, signature, VM_STRING_UTF);
2085 #ifdef DEBUG
2086 if (verify_verbose) {
2087 print_formatted_methodname(context, operand);
2088 }
2089 #endif
2090 if (opcode != JVM_OPC_invokestatic &&
2091 opcode != JVM_OPC_invokedynamic)
2092 /* First, push the object */
2093 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2094 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2095 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2096 if (ip >= buffer + sizeof(buffer) - 1)
2097 CCerror(context, "Signature %s has too many arguments",
2098 signature);
2099 }
2100 *ip = 0;
2101 stack_operands = buffer;
2102 pop_and_free(context);
2103 break;
2104 }
2105
2106 case JVM_OPC_multianewarray: {
2107 /* Count can't be larger than 255. So can't overflow buffer */
2108 int count = this_idata->operand2.i; /* number of ints on stack */
2109 memset(buffer, 'I', count);
2110 buffer[count] = '\0';
2111 stack_operands = buffer;
2112 break;
2113 }
2114
2115 } /* of switch */
2116
2117 /* Run through the list of operands >>backwards<< */
2118 for ( p = stack_operands + strlen(stack_operands);
2119 p > stack_operands;
2120 stack = stack->next) {
2121 int type = *--p;
2122 fullinfo_type top_type = stack ? stack->item : 0;
2123 int size = (type == 'D' || type == 'L') ? 2 : 1;
2124 *--stack_extra_info = top_type;
2125 if (stack == NULL)
2126 CCerror(context, "Unable to pop operand off an empty stack");
2127
2128 switch (type) {
2129 case 'I':
2130 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2131 CCerror(context, "Expecting to find integer on stack");
2132 break;
2133
2134 case 'F':
2135 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2136 CCerror(context, "Expecting to find float on stack");
2137 break;
2138
2139 case 'A': /* object or array */
2140 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2141 && (GET_INDIRECTION(top_type) == 0)) {
2142 /* The thing isn't an object or an array. Let's see if it's
2143 * one of the special cases */
2144 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2145 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2146 && (opcode == JVM_OPC_astore))
2147 break;
2148 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2149 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2150 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2151 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2152 break;
2153 /* The 2nd edition VM of the specification allows field
2154 * initializations before the superclass initializer,
2155 * if the field is defined within the current class.
2156 */
2157 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2158 && (opcode == JVM_OPC_putfield)) {
2159 int operand = this_idata->operand.i;
2160 int access_bits = JVM_GetCPFieldModifiers(context->env,
2161 context->class,
2162 operand,
2163 context->class);
2164 /* Note: This relies on the fact that
2165 * JVM_GetCPFieldModifiers retrieves only local fields,
2166 * and does not respect inheritance.
2167 */
2168 if (access_bits != -1) {
2169 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2170 context->currentclass_info ) {
2171 top_type = context->currentclass_info;
2172 *stack_extra_info = top_type;
2173 break;
2174 }
2175 }
2176 }
2177 CCerror(context, "Expecting to find object/array on stack");
2178 }
2179 break;
2180
2181 case '@': { /* unitialized object, for call to <init> */
2182 int item_type = GET_ITEM_TYPE(top_type);
2183 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2184 CCerror(context,
2185 "Expecting to find unitialized object on stack");
2186 break;
2187 }
2188
2189 case 'O': /* object, not array */
2190 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2191 MAKE_FULLINFO(ITEM_Object, 0, 0))
2192 CCerror(context, "Expecting to find object on stack");
2193 break;
2194
2195 case 'a': /* integer, object, or array */
2196 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2197 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2198 && (GET_INDIRECTION(top_type) == 0))
2199 CCerror(context,
2200 "Expecting to find object, array, or int on stack");
2201 break;
2202
2203 case 'D': /* double */
2204 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2205 CCerror(context, "Expecting to find double on stack");
2206 break;
2207
2208 case 'L': /* long */
2209 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2210 CCerror(context, "Expecting to find long on stack");
2211 break;
2212
2213 case ']': /* array of some type */
2214 if (top_type == NULL_FULLINFO) {
2215 /* do nothing */
2216 } else switch(p[-1]) {
2217 case 'I': /* array of integers */
2218 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2219 top_type != NULL_FULLINFO)
2220 CCerror(context,
2221 "Expecting to find array of ints on stack");
2222 break;
2223
2224 case 'L': /* array of longs */
2225 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2226 CCerror(context,
2227 "Expecting to find array of longs on stack");
2228 break;
2229
2230 case 'F': /* array of floats */
2231 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2232 CCerror(context,
2233 "Expecting to find array of floats on stack");
2234 break;
2235
2236 case 'D': /* array of doubles */
2237 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2238 CCerror(context,
2239 "Expecting to find array of doubles on stack");
2240 break;
2241
2242 case 'A': { /* array of addresses (arrays or objects) */
2243 int indirection = GET_INDIRECTION(top_type);
2244 if ((indirection == 0) ||
2245 ((indirection == 1) &&
2246 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2247 CCerror(context,
2248 "Expecting to find array of objects or arrays "
2249 "on stack");
2250 break;
2251 }
2252
2253 case 'B': /* array of bytes */
2254 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0))
2255 CCerror(context,
2256 "Expecting to find array of bytes on stack");
2257 break;
2258
2259 case 'C': /* array of characters */
2260 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2261 CCerror(context,
2262 "Expecting to find array of chars on stack");
2263 break;
2264
2265 case 'S': /* array of shorts */
2266 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2267 CCerror(context,
2268 "Expecting to find array of shorts on stack");
2269 break;
2270
2271 case '?': /* any type of array is okay */
2272 if (GET_INDIRECTION(top_type) == 0)
2273 CCerror(context,
2274 "Expecting to find array on stack");
2275 break;
2276
2277 default:
2278 CCerror(context, "Internal error #1");
2279 break;
2280 }
2281 p -= 2; /* skip over [ <char> */
2282 break;
2283
2284 case '1': case '2': case '3': case '4': /* stack swapping */
2285 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2286 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2287 if ((p > stack_operands) && (p[-1] == '+')) {
2288 context->swap_table[type - '1'] = top_type + 1;
2289 context->swap_table[p[-2] - '1'] = top_type;
2290 size = 2;
2291 p -= 2;
2292 } else {
2293 CCerror(context,
2294 "Attempt to split long or double on the stack");
2295 }
2296 } else {
2297 context->swap_table[type - '1'] = stack->item;
2298 if ((p > stack_operands) && (p[-1] == '+'))
2299 p--; /* ignore */
2300 }
2301 break;
2302 case '+': /* these should have been caught. */
2303 default:
2304 CCerror(context, "Internal error #2");
2305 }
2306 stack_size -= size;
2307 }
2308
2309 /* For many of the opcodes that had an "A" in their field, we really
2310 * need to go back and do a little bit more accurate testing. We can, of
2311 * course, assume that the minimal type checking has already been done.
2312 */
2313 switch (opcode) {
2314 default: break;
2315 case JVM_OPC_aastore: { /* array index object */
2316 fullinfo_type array_type = stack_extra_info[0];
2317 fullinfo_type object_type = stack_extra_info[2];
2318 fullinfo_type target_type = decrement_indirection(array_type);
2319 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2320 && (GET_INDIRECTION(object_type) == 0)) {
2321 CCerror(context, "Expecting reference type on operand stack in aastore");
2322 }
2323 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2324 && (GET_INDIRECTION(target_type) == 0)) {
2325 CCerror(context, "Component type of the array must be reference type in aastore");
2326 }
2327 break;
2328 }
2329
2330 case JVM_OPC_putfield:
2331 case JVM_OPC_getfield:
2332 case JVM_OPC_putstatic: {
2333 int operand = this_idata->operand.i;
2334 fullinfo_type stack_object = stack_extra_info[0];
2335 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2336 if (!isAssignableTo
2337 (context,
2338 stack_object,
2339 cp_index_to_class_fullinfo
2340 (context, operand, JVM_CONSTANT_Fieldref))) {
2341 CCerror(context,
2342 "Incompatible type for getting or setting field");
2343 }
2344 if (this_idata->protected &&
2345 !isAssignableTo(context, stack_object,
2346 context->currentclass_info)) {
2347 CCerror(context, "Bad access to protected data");
2348 }
2349 }
2350 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2351 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2352 if (!isAssignableTo(context,
2353 stack_extra_info[item], put_full_info)) {
2354 CCerror(context, "Bad type in putfield/putstatic");
2355 }
2356 }
2357 break;
2358 }
2359
2360 case JVM_OPC_athrow:
2361 if (!isAssignableTo(context, stack_extra_info[0],
2362 context->throwable_info)) {
2363 CCerror(context, "Can only throw Throwable objects");
2364 }
2365 break;
2366
2367 case JVM_OPC_aaload: { /* array index */
2368 /* We need to pass the information to the stack updater */
2369 fullinfo_type array_type = stack_extra_info[0];
2370 context->swap_table[0] = decrement_indirection(array_type);
2371 break;
2372 }
2373
2374 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2375 case JVM_OPC_invokeinit:
2376 case JVM_OPC_invokedynamic:
2377 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2378 int operand = this_idata->operand.i;
2379 const char *signature =
2380 JVM_GetCPMethodSignatureUTF(context->env,
2381 context->class,
2382 operand);
2383 int item;
2384 const char *p;
2385 check_and_push(context, signature, VM_STRING_UTF);
2386 if (opcode == JVM_OPC_invokestatic ||
2387 opcode == JVM_OPC_invokedynamic) {
2388 item = 0;
2389 } else if (opcode == JVM_OPC_invokeinit) {
2390 fullinfo_type init_type = this_idata->operand2.fi;
2391 fullinfo_type object_type = stack_extra_info[0];
2392 context->swap_table[0] = object_type; /* save value */
2393 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2394 /* We better be calling the appropriate init. Find the
2395 * inumber of the "JVM_OPC_new" instruction", and figure
2396 * out what the type really is.
2397 */
2398 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2399 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2400 context->swap_table[1] = target_type;
2401
2402 if (target_type != init_type) {
2403 CCerror(context, "Call to wrong initialization method");
2404 }
2405 if (this_idata->protected
2406 && context->major_version > LDC_CLASS_MAJOR_VERSION
2407 && !isAssignableTo(context, object_type,
2408 context->currentclass_info)) {
2409 CCerror(context, "Bad access to protected data");
2410 }
2411 } else {
2412 /* We better be calling super() or this(). */
2413 if (init_type != context->superclass_info &&
2414 init_type != context->currentclass_info) {
2415 CCerror(context, "Call to wrong initialization method");
2416 }
2417 context->swap_table[1] = context->currentclass_info;
2418 }
2419 item = 1;
2420 } else {
2421 fullinfo_type target_type = this_idata->operand2.fi;
2422 fullinfo_type object_type = stack_extra_info[0];
2423 if (!isAssignableTo(context, object_type, target_type)){
2424 CCerror(context,
2425 "Incompatible object argument for function call");
2426 }
2427 if (opcode == JVM_OPC_invokespecial
2428 && !isAssignableTo(context, object_type,
2429 context->currentclass_info)) {
2430 /* Make sure object argument is assignment compatible to current class */
2431 CCerror(context,
2432 "Incompatible object argument for invokespecial");
2433 }
2434 if (this_idata->protected
2435 && !isAssignableTo(context, object_type,
2436 context->currentclass_info)) {
2437 /* This is ugly. Special dispensation. Arrays pretend to
2438 implement public Object clone() even though they don't */
2439 const char *utfName =
2440 JVM_GetCPMethodNameUTF(context->env,
2441 context->class,
2442 this_idata->operand.i);
2443 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2444 JVM_ReleaseUTF(utfName);
2445
2446 if ((target_type == context->object_info) &&
2447 (GET_INDIRECTION(object_type) > 0) &&
2448 is_clone) {
2449 } else {
2450 CCerror(context, "Bad access to protected data");
2451 }
2452 }
2453 item = 1;
2454 }
2455 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2456 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2457 if (!isAssignableTo(context,
2458 stack_extra_info[item], full_info)) {
2459 CCerror(context, "Incompatible argument to function");
2460 }
2461 }
2462
2463 pop_and_free(context);
2464 break;
2465 }
2466
2467 case JVM_OPC_return:
2468 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2469 CCerror(context, "Wrong return type in function");
2470 break;
2471
2472 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2473 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2474 fullinfo_type target_type = context->return_type;
2475 fullinfo_type object_type = stack_extra_info[0];
2476 if (!isAssignableTo(context, object_type, target_type)) {
2477 CCerror(context, "Wrong return type in function");
2478 }
2479 break;
2480 }
2481
2482 case JVM_OPC_new: {
2483 /* Make sure that nothing on the stack already looks like what
2484 * we want to create. I can't image how this could possibly happen
2485 * but we should test for it anyway, since if it could happen, the
2486 * result would be an unitialized object being able to masquerade
2487 * as an initialized one.
2488 */
2489 stack_item_type *item;
2490 for (item = stack; item != NULL; item = item->next) {
2491 if (item->item == this_idata->operand.fi) {
2492 CCerror(context,
2493 "Uninitialized object on stack at creating point");
2494 }
2495 }
2496 /* Info for update_registers */
2497 context->swap_table[0] = this_idata->operand.fi;
2498 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2499
2500 break;
2501 }
2502 }
2503 new_stack_info->stack = stack;
2504 new_stack_info->stack_size = stack_size;
2505 }
2506
2507
2508 /* We've already determined that the instruction is legal. Perform the
2509 * operation on the registers, and return the updated results in
2510 * new_register_count_p and new_registers.
2511 */
2512
2513 static void
2514 update_registers(context_type *context, unsigned int inumber,
2515 register_info_type *new_register_info)
2516 {
2517 instruction_data_type *idata = context->instruction_data;
2518 instruction_data_type *this_idata = &idata[inumber];
2519 int opcode = this_idata->opcode;
2520 int operand = this_idata->operand.i;
2521 int register_count = this_idata->register_info.register_count;
2522 fullinfo_type *registers = this_idata->register_info.registers;
2523 stack_item_type *stack = this_idata->stack_info.stack;
2524 int mask_count = this_idata->register_info.mask_count;
2525 mask_type *masks = this_idata->register_info.masks;
2526
2527 /* Use these as default new values. */
2528 int new_register_count = register_count;
2529 int new_mask_count = mask_count;
2530 fullinfo_type *new_registers = registers;
2531 mask_type *new_masks = masks;
2532
2533 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2534 int i;
2535
2536 /* Remember, we've already verified the type at the top of the stack. */
2537 switch (opcode) {
2538 default: break;
2539 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2540 access = ACCESS_SINGLE;
2541 goto continue_store;
2542
2543 case JVM_OPC_lstore: case JVM_OPC_dstore:
2544 access = ACCESS_DOUBLE;
2545 goto continue_store;
2546
2547 continue_store: {
2548 /* We have a modification to the registers. Copy them if needed. */
2549 fullinfo_type stack_top_type = stack->item;
2550 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2551
2552 if ( max_operand < register_count
2553 && registers[operand] == stack_top_type
2554 && ((access == ACCESS_SINGLE) ||
2555 (registers[operand + 1]== stack_top_type + 1)))
2556 /* No changes have been made to the registers. */
2557 break;
2558 new_register_count = MAX(max_operand + 1, register_count);
2559 new_registers = NEW(fullinfo_type, new_register_count);
2560 for (i = 0; i < register_count; i++)
2561 new_registers[i] = registers[i];
2562 for (i = register_count; i < new_register_count; i++)
2563 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2564 new_registers[operand] = stack_top_type;
2565 if (access == ACCESS_DOUBLE)
2566 new_registers[operand + 1] = stack_top_type + 1;
2567 break;
2568 }
2569
2570 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2571 case JVM_OPC_iinc: case JVM_OPC_ret:
2572 access = ACCESS_SINGLE;
2573 break;
2574
2575 case JVM_OPC_lload: case JVM_OPC_dload:
2576 access = ACCESS_DOUBLE;
2577 break;
2578
2579 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2580 for (i = 0; i < new_mask_count; i++)
2581 if (new_masks[i].entry == operand)
2582 CCerror(context, "Recursive call to jsr entry");
2583 new_masks = add_to_masks(context, masks, mask_count, operand);
2584 new_mask_count++;
2585 break;
2586
2587 case JVM_OPC_invokeinit:
2588 case JVM_OPC_new: {
2589 /* For invokeinit, an uninitialized object has been initialized.
2590 * For new, all previous occurrences of an uninitialized object
2591 * from the same instruction must be made bogus.
2592 * We find all occurrences of swap_table[0] in the registers, and
2593 * replace them with swap_table[1];
2594 */
2595 fullinfo_type from = context->swap_table[0];
2596 fullinfo_type to = context->swap_table[1];
2597
2598 int i;
2599 for (i = 0; i < register_count; i++) {
2600 if (new_registers[i] == from) {
2601 /* Found a match */
2602 break;
2603 }
2604 }
2605 if (i < register_count) { /* We broke out loop for match */
2606 /* We have to change registers, and possibly a mask */
2607 jboolean copied_mask = JNI_FALSE;
2608 int k;
2609 new_registers = NEW(fullinfo_type, register_count);
2610 memcpy(new_registers, registers,
2611 register_count * sizeof(registers[0]));
2612 for ( ; i < register_count; i++) {
2613 if (new_registers[i] == from) {
2614 new_registers[i] = to;
2615 for (k = 0; k < new_mask_count; k++) {
2616 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2617 if (!copied_mask) {
2618 new_masks = copy_masks(context, new_masks,
2619 mask_count);
2620 copied_mask = JNI_TRUE;
2621 }
2622 SET_BIT(new_masks[k].modifies, i);
2623 }
2624 }
2625 }
2626 }
2627 }
2628 break;
2629 }
2630 } /* of switch */
2631
2632 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2633 int i, j;
2634 for (i = 0; i < new_mask_count; i++) {
2635 int *mask = new_masks[i].modifies;
2636 if ((!IS_BIT_SET(mask, operand)) ||
2637 ((access == ACCESS_DOUBLE) &&
2638 !IS_BIT_SET(mask, operand + 1))) {
2639 new_masks = copy_masks(context, new_masks, mask_count);
2640 for (j = i; j < new_mask_count; j++) {
2641 SET_BIT(new_masks[j].modifies, operand);
2642 if (access == ACCESS_DOUBLE)
2643 SET_BIT(new_masks[j].modifies, operand + 1);
2644 }
2645 break;
2646 }
2647 }
2648 }
2649
2650 new_register_info->register_count = new_register_count;
2651 new_register_info->registers = new_registers;
2652 new_register_info->masks = new_masks;
2653 new_register_info->mask_count = new_mask_count;
2654 }
2655
2656
2657
2658 /* We've already determined that the instruction is legal, and have updated
2659 * the registers. Update the flags, too.
2660 */
2661
2662
2663 static void
2664 update_flags(context_type *context, unsigned int inumber,
2665 flag_type *new_and_flags, flag_type *new_or_flags)
2666
2667 {
2668 instruction_data_type *idata = context->instruction_data;
2669 instruction_data_type *this_idata = &idata[inumber];
2670 flag_type and_flags = this_idata->and_flags;
2671 flag_type or_flags = this_idata->or_flags;
2672
2673 /* Set the "we've done a constructor" flag */
2674 if (this_idata->opcode == JVM_OPC_invokeinit) {
2675 fullinfo_type from = context->swap_table[0];
2676 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2677 and_flags |= FLAG_CONSTRUCTED;
2678 }
2679 *new_and_flags = and_flags;
2680 *new_or_flags = or_flags;
2681 }
2682
2683
2684
2685 /* We've already determined that the instruction is legal. Perform the
2686 * operation on the stack;
2687 *
2688 * new_stack_size_p and new_stack_p point to the results after the pops have
2689 * already been done. Do the pushes, and then put the results back there.
2690 */
2691
2692 static void
2693 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2694 {
2695 instruction_data_type *idata = context->instruction_data;
2696 instruction_data_type *this_idata = &idata[inumber];
2697 int opcode = this_idata->opcode;
2698 int operand = this_idata->operand.i;
2699
2700 int stack_size = new_stack_info->stack_size;
2701 stack_item_type *stack = new_stack_info->stack;
2702 char *stack_results;
2703
2704 fullinfo_type full_info = 0;
2705 char buffer[5], *p; /* actually [2] is big enough */
2706
2707 /* We need to look at all those opcodes in which either we can't tell the
2708 * value pushed onto the stack from the opcode, or in which the value
2709 * pushed onto the stack is an object or array. For the latter, we need
2710 * to make sure that full_info is set to the right value.
2711 */
2712 switch(opcode) {
2713 default:
2714 stack_results = opcode_in_out[opcode][1];
2715 break;
2716
2717 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2718 /* Look to constant pool to determine correct result. */
2719 unsigned char *type_table = context->constant_types;
2720 switch (type_table[operand]) {
2721 case JVM_CONSTANT_Integer:
2722 stack_results = "I"; break;
2723 case JVM_CONSTANT_Float:
2724 stack_results = "F"; break;
2725 case JVM_CONSTANT_Double:
2726 stack_results = "D"; break;
2727 case JVM_CONSTANT_Long:
2728 stack_results = "L"; break;
2729 case JVM_CONSTANT_String:
2730 stack_results = "A";
2731 full_info = context->string_info;
2732 break;
2733 case JVM_CONSTANT_Class:
2734 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2735 CCerror(context, "Internal error #3");
2736 stack_results = "A";
2737 full_info = make_class_info_from_name(context,
2738 "java/lang/Class");
2739 break;
2740 case JVM_CONSTANT_MethodHandle:
2741 case JVM_CONSTANT_MethodType:
2742 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2743 CCerror(context, "Internal error #3");
2744 stack_results = "A";
2745 switch (type_table[operand]) {
2746 case JVM_CONSTANT_MethodType:
2747 full_info = make_class_info_from_name(context,
2748 "java/lang/invoke/MethodType");
2749 break;
2750 default: //JVM_CONSTANT_MethodHandle
2751 full_info = make_class_info_from_name(context,
2752 "java/lang/invoke/MethodHandle");
2753 break;
2754 }
2755 break;
2756 default:
2757 CCerror(context, "Internal error #3");
2758 stack_results = ""; /* Never reached: keep lint happy */
2759 }
2760 break;
2761 }
2762
2763 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2764 /* Look to signature to determine correct result. */
2765 int operand = this_idata->operand.i;
2766 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2767 context->class,
2768 operand);
2769 check_and_push(context, signature, VM_STRING_UTF);
2770 #ifdef DEBUG
2771 if (verify_verbose) {
2772 print_formatted_fieldname(context, operand);
2773 }
2774 #endif
2775 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2776 buffer[1] = '\0';
2777 stack_results = buffer;
2778 pop_and_free(context);
2779 break;
2780 }
2781
2782 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2783 case JVM_OPC_invokeinit:
2784 case JVM_OPC_invokedynamic:
2785 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2786 /* Look to signature to determine correct result. */
2787 int operand = this_idata->operand.i;
2788 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2789 context->class,
2790 operand);
2791 const char *result_signature;
2792 check_and_push(context, signature, VM_STRING_UTF);
2793 result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2794 if (result_signature++ == NULL) {
2795 CCerror(context, "Illegal signature %s", signature);
2796 }
2797 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2798 stack_results = "";
2799 } else {
2800 buffer[0] = signature_to_fieldtype(context, &result_signature,
2801 &full_info);
2802 buffer[1] = '\0';
2803 stack_results = buffer;
2804 }
2805 pop_and_free(context);
2806 break;
2807 }
2808
2809 case JVM_OPC_aconst_null:
2810 stack_results = opcode_in_out[opcode][1];
2811 full_info = NULL_FULLINFO; /* special NULL */
2812 break;
2813
2814 case JVM_OPC_new:
2815 case JVM_OPC_checkcast:
2816 case JVM_OPC_newarray:
2817 case JVM_OPC_anewarray:
2818 case JVM_OPC_multianewarray:
2819 stack_results = opcode_in_out[opcode][1];
2820 /* Conveniently, this result type is stored here */
2821 full_info = this_idata->operand.fi;
2822 break;
2823
2824 case JVM_OPC_aaload:
2825 stack_results = opcode_in_out[opcode][1];
2826 /* pop_stack() saved value for us. */
2827 full_info = context->swap_table[0];
2828 break;
2829
2830 case JVM_OPC_aload:
2831 stack_results = opcode_in_out[opcode][1];
2832 /* The register hasn't been modified, so we can use its value. */
2833 full_info = this_idata->register_info.registers[operand];
2834 break;
2835 } /* of switch */
2836
2837 for (p = stack_results; *p != 0; p++) {
2838 int type = *p;
2839 stack_item_type *new_item = NEW(stack_item_type, 1);
2840 new_item->next = stack;
2841 stack = new_item;
2842 switch (type) {
2843 case 'I':
2844 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2845 case 'F':
2846 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2847 case 'D':
2848 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2849 stack_size++; break;
2850 case 'L':
2851 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2852 stack_size++; break;
2853 case 'R':
2854 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2855 break;
2856 case '1': case '2': case '3': case '4': {
2857 /* Get the info saved in the swap_table */
2858 fullinfo_type stype = context->swap_table[type - '1'];
2859 stack->item = stype;
2860 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2861 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2862 stack_size++; p++;
2863 }
2864 break;
2865 }
2866 case 'A':
2867 /* full_info should have the appropriate value. */
2868 assert(full_info != 0);
2869 stack->item = full_info;
2870 break;
2871 default:
2872 CCerror(context, "Internal error #4");
2873
2874 } /* switch type */
2875 stack_size++;
2876 } /* outer for loop */
2877
2878 if (opcode == JVM_OPC_invokeinit) {
2879 /* If there are any instances of "from" on the stack, we need to
2880 * replace it with "to", since calling <init> initializes all versions
2881 * of the object, obviously. */
2882 fullinfo_type from = context->swap_table[0];
2883 stack_item_type *ptr;
2884 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2885 if (ptr->item == from) {
2886 fullinfo_type to = context->swap_table[1];
2887 stack = copy_stack(context, stack);
2888 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2889 if (ptr->item == from) ptr->item = to;
2890 break;
2891 }
2892 }
2893 }
2894
2895 new_stack_info->stack_size = stack_size;
2896 new_stack_info->stack = stack;
2897 }
2898
2899
2900 /* We've performed an instruction, and determined the new registers and stack
2901 * value. Look at all of the possibly subsequent instructions, and merge
2902 * this stack value into theirs.
2903 */
2904
2905 static void
2906 merge_into_successors(context_type *context, unsigned int inumber,
2907 register_info_type *register_info,
2908 stack_info_type *stack_info,
2909 flag_type and_flags, flag_type or_flags)
2910 {
2911 instruction_data_type *idata = context->instruction_data;
2912 instruction_data_type *this_idata = &idata[inumber];
2913 int opcode = this_idata->opcode;
2914 int operand = this_idata->operand.i;
2915 struct handler_info_type *handler_info = context->handler_info;
2916 int handler_info_length =
2917 JVM_GetMethodIxExceptionTableLength(context->env,
2918 context->class,
2919 context->method_index);
2920
2921
2922 int buffer[2]; /* default value for successors */
2923 int *successors = buffer; /* table of successors */
2924 int successors_count;
2925 int i;
2926
2927 switch (opcode) {
2928 default:
2929 successors_count = 1;
2930 buffer[0] = inumber + 1;
2931 break;
2932
2933 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2934 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2935 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2936 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2937 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2938 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2939 successors_count = 2;
2940 buffer[0] = inumber + 1;
2941 buffer[1] = operand;
2942 break;
2943
2944 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2945 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2946 idata[this_idata->operand2.i].changed = JNI_TRUE;
2947 /* FALLTHROUGH */
2948 case JVM_OPC_goto: case JVM_OPC_goto_w:
2949 successors_count = 1;
2950 buffer[0] = operand;
2951 break;
2952
2953
2954 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2955 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2956 case JVM_OPC_athrow:
2957 /* The testing for the returns is handled in pop_stack() */
2958 successors_count = 0;
2959 break;
2960
2961 case JVM_OPC_ret: {
2962 /* This is slightly slow, but good enough for a seldom used instruction.
2963 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2964 * address of the first instruction of the subroutine. We can return
2965 * to 1 after any instruction that jsr's to that instruction.
2966 */
2967 if (this_idata->operand2.ip == NULL) {
2968 fullinfo_type *registers = this_idata->register_info.registers;
2969 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2970 int i, count, *ptr;;
2971 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2972 if (((idata[i].opcode == JVM_OPC_jsr) ||
2973 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2974 (idata[i].operand.i == called_instruction))
2975 count++;
2976 }
2977 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2978 *ptr++ = count;
2979 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2980 if (((idata[i].opcode == JVM_OPC_jsr) ||
2981 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2982 (idata[i].operand.i == called_instruction))
2983 *ptr++ = i + 1;
2984 }
2985 }
2986 successors = this_idata->operand2.ip; /* use this instead */
2987 successors_count = *successors++;
2988 break;
2989
2990 }
2991
2992 case JVM_OPC_tableswitch:
2993 case JVM_OPC_lookupswitch:
2994 successors = this_idata->operand.ip; /* use this instead */
2995 successors_count = *successors++;
2996 break;
2997 }
2998
2999 #ifdef DEBUG
3000 if (verify_verbose) {
3001 jio_fprintf(stdout, " [");
3002 for (i = handler_info_length; --i >= 0; handler_info++)
3003 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3004 jio_fprintf(stdout, "%d* ", handler_info->handler);
3005 for (i = 0; i < successors_count; i++)
3006 jio_fprintf(stdout, "%d ", successors[i]);
3007 jio_fprintf(stdout, "]\n");
3008 }
3009 #endif
3010
3011 handler_info = context->handler_info;
3012 for (i = handler_info_length; --i >= 0; handler_info++) {
3013 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3014 int handler = handler_info->handler;
3015 if (opcode != JVM_OPC_invokeinit) {
3016 merge_into_one_successor(context, inumber, handler,
3017 &this_idata->register_info, /* old */
3018 &handler_info->stack_info,
3019 (flag_type) (and_flags
3020 & this_idata->and_flags),
3021 (flag_type) (or_flags
3022 | this_idata->or_flags),
3023 JNI_TRUE);
3024 } else {
3025 /* We need to be a little bit more careful with this
3026 * instruction. Things could either be in the state before
3027 * the instruction or in the state afterwards */
3028 fullinfo_type from = context->swap_table[0];
3029 flag_type temp_or_flags = or_flags;
3030 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3031 temp_or_flags |= FLAG_NO_RETURN;
3032 merge_into_one_successor(context, inumber, handler,
3033 &this_idata->register_info, /* old */
3034 &handler_info->stack_info,
3035 this_idata->and_flags,
3036 this_idata->or_flags,
3037 JNI_TRUE);
3038 merge_into_one_successor(context, inumber, handler,
3039 register_info,
3040 &handler_info->stack_info,
3041 and_flags, temp_or_flags, JNI_TRUE);
3042 }
3043 }
3044 }
3045 for (i = 0; i < successors_count; i++) {
3046 int target = successors[i];
3047 if (target >= context->instruction_count)
3048 CCerror(context, "Falling off the end of the code");
3049 merge_into_one_successor(context, inumber, target,
3050 register_info, stack_info, and_flags, or_flags,
3051 JNI_FALSE);
3052 }
3053 }
3054
3055 /* We have a new set of registers and stack values for a given instruction.
3056 * Merge this new set into the values that are already there.
3057 */
3058
3059 static void
3060 merge_into_one_successor(context_type *context,
3061 unsigned int from_inumber, unsigned int to_inumber,
3062 register_info_type *new_register_info,
3063 stack_info_type *new_stack_info,
3064 flag_type new_and_flags, flag_type new_or_flags,
3065 jboolean isException)
3066 {
3067 instruction_data_type *idata = context->instruction_data;
3068 register_info_type register_info_buf;
3069 stack_info_type stack_info_buf;
3070 #ifdef DEBUG
3071 instruction_data_type *this_idata = &idata[to_inumber];
3072 register_info_type old_reg_info;
3073 stack_info_type old_stack_info;
3074 flag_type old_and_flags = 0;
3075 flag_type old_or_flags = 0;
3076 #endif
3077
3078 #ifdef DEBUG
3079 if (verify_verbose) {
3080 old_reg_info = this_idata->register_info;
3081 old_stack_info = this_idata->stack_info;
3082 old_and_flags = this_idata->and_flags;
3083 old_or_flags = this_idata->or_flags;
3084 }
3085 #endif
3086
3087 /* All uninitialized objects are set to "bogus" when jsr and
3088 * ret are executed. Thus uninitialized objects can't propagate
3089 * into or out of a subroutine.
3090 */
3091 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3092 idata[from_inumber].opcode == JVM_OPC_jsr ||
3093 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3094 int new_register_count = new_register_info->register_count;
3095 fullinfo_type *new_registers = new_register_info->registers;
3096 int i;
3097 stack_item_type *item;
3098
3099 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3100 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3101 /* This check only succeeds for hand-contrived code.
3102 * Efficiency is not an issue.
3103 */
3104 stack_info_buf.stack = copy_stack(context,
3105 new_stack_info->stack);
3106 stack_info_buf.stack_size = new_stack_info->stack_size;
3107 new_stack_info = &stack_info_buf;
3108 for (item = new_stack_info->stack; item != NULL;
3109 item = item->next) {
3110 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3111 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3112 }
3113 }
3114 break;
3115 }
3116 }
3117 for (i = 0; i < new_register_count; i++) {
3118 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3119 /* This check only succeeds for hand-contrived code.
3120 * Efficiency is not an issue.
3121 */
3122 fullinfo_type *new_set = NEW(fullinfo_type,
3123 new_register_count);
3124 for (i = 0; i < new_register_count; i++) {
3125 fullinfo_type t = new_registers[i];
3126 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3127 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3128 }
3129 register_info_buf.register_count = new_register_count;
3130 register_info_buf.registers = new_set;
3131 register_info_buf.mask_count = new_register_info->mask_count;
3132 register_info_buf.masks = new_register_info->masks;
3133 new_register_info = ®ister_info_buf;
3134 break;
3135 }
3136 }
3137 }
3138
3139 /* Returning from a subroutine is somewhat ugly. The actual thing
3140 * that needs to get merged into the new instruction is a joining
3141 * of info from the ret instruction with stuff in the jsr instruction
3142 */
3143 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3144 int new_register_count = new_register_info->register_count;
3145 fullinfo_type *new_registers = new_register_info->registers;
3146 int new_mask_count = new_register_info->mask_count;
3147 mask_type *new_masks = new_register_info->masks;
3148 int operand = idata[from_inumber].operand.i;
3149 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3150 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3151 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3152 if (jsr_idata->operand2.i != (int)from_inumber) {
3153 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3154 CCerror(context, "Multiple returns to single jsr");
3155 jsr_idata->operand2.i = from_inumber;
3156 }
3157 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3158 /* We don't want to handle the returned-to instruction until
3159 * we've dealt with the jsr instruction. When we get to the
3160 * jsr instruction (if ever), we'll re-mark the ret instruction
3161 */
3162 ;
3163 } else {
3164 int register_count = jsr_reginfo->register_count;
3165 fullinfo_type *registers = jsr_reginfo->registers;
3166 int max_registers = MAX(register_count, new_register_count);
3167 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3168 int *return_mask;
3169 struct register_info_type new_new_register_info;
3170 int i;
3171 /* Make sure the place we're returning from is legal! */
3172 for (i = new_mask_count; --i >= 0; )
3173 if (new_masks[i].entry == called_instruction)
3174 break;
3175 if (i < 0)
3176 CCerror(context, "Illegal return from subroutine");
3177 /* pop the masks down to the indicated one. Remember the mask
3178 * we're popping off. */
3179 return_mask = new_masks[i].modifies;
3180 new_mask_count = i;
3181 for (i = 0; i < max_registers; i++) {
3182 if (IS_BIT_SET(return_mask, i))
3183 new_set[i] = i < new_register_count ?
3184 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3185 else
3186 new_set[i] = i < register_count ?
3187 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3188 }
3189 new_new_register_info.register_count = max_registers;
3190 new_new_register_info.registers = new_set;
3191 new_new_register_info.mask_count = new_mask_count;
3192 new_new_register_info.masks = new_masks;
3193
3194
3195 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3196 merge_registers(context, to_inumber - 1, to_inumber,
3197 &new_new_register_info);
3198 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3199 }
3200 } else {
3201 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3202 merge_registers(context, from_inumber, to_inumber, new_register_info);
3203 merge_flags(context, from_inumber, to_inumber,
3204 new_and_flags, new_or_flags);
3205 }
3206
3207 #ifdef DEBUG
3208 if (verify_verbose && idata[to_inumber].changed) {
3209 register_info_type *register_info = &this_idata->register_info;
3210 stack_info_type *stack_info = &this_idata->stack_info;
3211 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3212 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3213 (old_and_flags != this_idata->and_flags) ||
3214 (old_or_flags != this_idata->or_flags)) {
3215 jio_fprintf(stdout, " %2d:", to_inumber);
3216 print_stack(context, &old_stack_info);
3217 print_registers(context, &old_reg_info);
3218 print_flags(context, old_and_flags, old_or_flags);
3219 jio_fprintf(stdout, " => ");
3220 print_stack(context, &this_idata->stack_info);
3221 print_registers(context, &this_idata->register_info);
3222 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3223 jio_fprintf(stdout, "\n");
3224 }
3225 }
3226 #endif
3227
3228 }
3229
3230 static void
3231 merge_stack(context_type *context, unsigned int from_inumber,
3232 unsigned int to_inumber, stack_info_type *new_stack_info)
3233 {
3234 instruction_data_type *idata = context->instruction_data;
3235 instruction_data_type *this_idata = &idata[to_inumber];
3236
3237 int new_stack_size = new_stack_info->stack_size;
3238 stack_item_type *new_stack = new_stack_info->stack;
3239
3240 int stack_size = this_idata->stack_info.stack_size;
3241
3242 if (stack_size == UNKNOWN_STACK_SIZE) {
3243 /* First time at this instruction. Just copy. */
3244 this_idata->stack_info.stack_size = new_stack_size;
3245 this_idata->stack_info.stack = new_stack;
3246 this_idata->changed = JNI_TRUE;
3247 } else if (new_stack_size != stack_size) {
3248 CCerror(context, "Inconsistent stack height %d != %d",
3249 new_stack_size, stack_size);
3250 } else {
3251 stack_item_type *stack = this_idata->stack_info.stack;
3252 stack_item_type *old, *new;
3253 jboolean change = JNI_FALSE;
3254 for (old = stack, new = new_stack; old != NULL;
3255 old = old->next, new = new->next) {
3256 if (!isAssignableTo(context, new->item, old->item)) {
3257 change = JNI_TRUE;
3258 break;
3259 }
3260 }
3261 if (change) {
3262 stack = copy_stack(context, stack);
3263 for (old = stack, new = new_stack; old != NULL;
3264 old = old->next, new = new->next) {
3265 if (new == NULL) {
3266 break;
3267 }
3268 old->item = merge_fullinfo_types(context, old->item, new->item,
3269 JNI_FALSE);
3270 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3271 CCerror(context, "Mismatched stack types");
3272 }
3273 }
3274 if (old != NULL || new != NULL) {
3275 CCerror(context, "Mismatched stack types");
3276 }
3277 this_idata->stack_info.stack = stack;
3278 this_idata->changed = JNI_TRUE;
3279 }
3280 }
3281 }
3282
3283 static void
3284 merge_registers(context_type *context, unsigned int from_inumber,
3285 unsigned int to_inumber, register_info_type *new_register_info)
3286 {
3287 instruction_data_type *idata = context->instruction_data;
3288 instruction_data_type *this_idata = &idata[to_inumber];
3289 register_info_type *this_reginfo = &this_idata->register_info;
3290
3291 int new_register_count = new_register_info->register_count;
3292 fullinfo_type *new_registers = new_register_info->registers;
3293 int new_mask_count = new_register_info->mask_count;
3294 mask_type *new_masks = new_register_info->masks;
3295
3296
3297 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3298 this_reginfo->register_count = new_register_count;
3299 this_reginfo->registers = new_registers;
3300 this_reginfo->mask_count = new_mask_count;
3301 this_reginfo->masks = new_masks;
3302 this_idata->changed = JNI_TRUE;
3303 } else {
3304 /* See if we've got new information on the register set. */
3305 int register_count = this_reginfo->register_count;
3306 fullinfo_type *registers = this_reginfo->registers;
3307 int mask_count = this_reginfo->mask_count;
3308 mask_type *masks = this_reginfo->masks;
3309
3310 jboolean copy = JNI_FALSE;
3311 int i, j;
3312 if (register_count > new_register_count) {
3313 /* Any register larger than new_register_count is now bogus */
3314 this_reginfo->register_count = new_register_count;
3315 register_count = new_register_count;
3316 this_idata->changed = JNI_TRUE;
3317 }
3318 for (i = 0; i < register_count; i++) {
3319 fullinfo_type prev_value = registers[i];
3320 if ((i < new_register_count)
3321 ? (!isAssignableTo(context, new_registers[i], prev_value))
3322 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3323 copy = JNI_TRUE;
3324 break;
3325 }
3326 }
3327
3328 if (copy) {
3329 /* We need a copy. So do it. */
3330 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3331 for (j = 0; j < i; j++)
3332 new_set[j] = registers[j];
3333 for (j = i; j < register_count; j++) {
3334 if (i >= new_register_count)
3335 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3336 else
3337 new_set[j] = merge_fullinfo_types(context,
3338 new_registers[j],
3339 registers[j], JNI_FALSE);
3340 }
3341 /* Some of the end items might now be bogus. This step isn't
3342 * necessary, but it may save work later. */
3343 while ( register_count > 0
3344 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3345 register_count--;
3346 this_reginfo->register_count = register_count;
3347 this_reginfo->registers = new_set;
3348 this_idata->changed = JNI_TRUE;
3349 }
3350 if (mask_count > 0) {
3351 /* If the target instruction already has a sequence of masks, then
3352 * we need to merge new_masks into it. We want the entries on
3353 * the mask to be the longest common substring of the two.
3354 * (e.g. a->b->d merged with a->c->d should give a->d)
3355 * The bits set in the mask should be the or of the corresponding
3356 * entries in each of the original masks.
3357 */
3358 int i, j, k;
3359 int matches = 0;
3360 int last_match = -1;
3361 jboolean copy_needed = JNI_FALSE;
3362 for (i = 0; i < mask_count; i++) {
3363 int entry = masks[i].entry;
3364 for (j = last_match + 1; j < new_mask_count; j++) {
3365 if (new_masks[j].entry == entry) {
3366 /* We have a match */
3367 int *prev = masks[i].modifies;
3368 int *new = new_masks[j].modifies;
3369 matches++;
3370 /* See if new_mask has bits set for "entry" that
3371 * weren't set for mask. If so, need to copy. */
3372 for (k = context->bitmask_size - 1;
3373 !copy_needed && k >= 0;
3374 k--)
3375 if (~prev[k] & new[k])
3376 copy_needed = JNI_TRUE;
3377 last_match = j;
3378 break;
3379 }
3380 }
3381 }
3382 if ((matches < mask_count) || copy_needed) {
3383 /* We need to make a copy for the new item, since either the
3384 * size has decreased, or new bits are set. */
3385 mask_type *copy = NEW(mask_type, matches);
3386 for (i = 0; i < matches; i++) {
3387 copy[i].modifies = NEW(int, context->bitmask_size);
3388 }
3389 this_reginfo->masks = copy;
3390 this_reginfo->mask_count = matches;
3391 this_idata->changed = JNI_TRUE;
3392 matches = 0;
3393 last_match = -1;
3394 for (i = 0; i < mask_count; i++) {
3395 int entry = masks[i].entry;
3396 for (j = last_match + 1; j < new_mask_count; j++) {
3397 if (new_masks[j].entry == entry) {
3398 int *prev1 = masks[i].modifies;
3399 int *prev2 = new_masks[j].modifies;
3400 int *new = copy[matches].modifies;
3401 copy[matches].entry = entry;
3402 for (k = context->bitmask_size - 1; k >= 0; k--)
3403 new[k] = prev1[k] | prev2[k];
3404 matches++;
3405 last_match = j;
3406 break;
3407 }
3408 }
3409 }
3410 }
3411 }
3412 }
3413 }
3414
3415
3416 static void
3417 merge_flags(context_type *context, unsigned int from_inumber,
3418 unsigned int to_inumber,
3419 flag_type new_and_flags, flag_type new_or_flags)
3420 {
3421 /* Set this_idata->and_flags &= new_and_flags
3422 this_idata->or_flags |= new_or_flags
3423 */
3424 instruction_data_type *idata = context->instruction_data;
3425 instruction_data_type *this_idata = &idata[to_inumber];
3426 flag_type this_and_flags = this_idata->and_flags;
3427 flag_type this_or_flags = this_idata->or_flags;
3428 flag_type merged_and = this_and_flags & new_and_flags;
3429 flag_type merged_or = this_or_flags | new_or_flags;
3430
3431 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3432 this_idata->and_flags = merged_and;
3433 this_idata->or_flags = merged_or;
3434 this_idata->changed = JNI_TRUE;
3435 }
3436 }
3437
3438
3439 /* Make a copy of a stack */
3440
3441 static stack_item_type *
3442 copy_stack(context_type *context, stack_item_type *stack)
3443 {
3444 int length;
3445 stack_item_type *ptr;
3446
3447 /* Find the length */
3448 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3449
3450 if (length > 0) {
3451 stack_item_type *new_stack = NEW(stack_item_type, length);
3452 stack_item_type *new_ptr;
3453 for ( ptr = stack, new_ptr = new_stack;
3454 ptr != NULL;
3455 ptr = ptr->next, new_ptr++) {
3456 new_ptr->item = ptr->item;
3457 new_ptr->next = new_ptr + 1;
3458 }
3459 new_stack[length - 1].next = NULL;
3460 return new_stack;
3461 } else {
3462 return NULL;
3463 }
3464 }
3465
3466
3467 static mask_type *
3468 copy_masks(context_type *context, mask_type *masks, int mask_count)
3469 {
3470 mask_type *result = NEW(mask_type, mask_count);
3471 int bitmask_size = context->bitmask_size;
3472 int *bitmaps = NEW(int, mask_count * bitmask_size);
3473 int i;
3474 for (i = 0; i < mask_count; i++) {
3475 result[i].entry = masks[i].entry;
3476 result[i].modifies = &bitmaps[i * bitmask_size];
3477 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3478 }
3479 return result;
3480 }
3481
3482
3483 static mask_type *
3484 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3485 {
3486 mask_type *result = NEW(mask_type, mask_count + 1);
3487 int bitmask_size = context->bitmask_size;
3488 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3489 int i;
3490 for (i = 0; i < mask_count; i++) {
3491 result[i].entry = masks[i].entry;
3492 result[i].modifies = &bitmaps[i * bitmask_size];
3493 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3494 }
3495 result[mask_count].entry = d;
3496 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3497 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3498 return result;
3499 }
3500
3501
3502
3503 /* We create our own storage manager, since we malloc lots of little items,
3504 * and I don't want to keep trace of when they become free. I sure wish that
3505 * we had heaps, and I could just free the heap when done.
3506 */
3507
3508 #define CCSegSize 2000
3509
3510 struct CCpool { /* a segment of allocated memory in the pool */
3511 struct CCpool *next;
3512 int segSize; /* almost always CCSegSize */
3513 int poolPad;
3514 char space[CCSegSize];
3515 };
3516
3517 /* Initialize the context's heap. */
3518 static void CCinit(context_type *context)
3519 {
3520 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3521 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3522 context->CCroot = context->CCcurrent = new;
3523 if (new == 0) {
3524 CCout_of_memory(context);
3525 }
3526 new->next = NULL;
3527 new->segSize = CCSegSize;
3528 context->CCfree_size = CCSegSize;
3529 context->CCfree_ptr = &new->space[0];
3530 }
3531
3532
3533 /* Reuse all the space that we have in the context's heap. */
3534 static void CCreinit(context_type *context)
3535 {
3536 struct CCpool *first = context->CCroot;
3537 context->CCcurrent = first;
3538 context->CCfree_size = CCSegSize;
3539 context->CCfree_ptr = &first->space[0];
3540 }
3541
3542 /* Destroy the context's heap. */
3543 static void CCdestroy(context_type *context)
3544 {
3545 struct CCpool *this = context->CCroot;
3546 while (this) {
3547 struct CCpool *next = this->next;
3548 free(this);
3549 this = next;
3550 }
3551 /* These two aren't necessary. But can't hurt either */
3552 context->CCroot = context->CCcurrent = NULL;
3553 context->CCfree_ptr = 0;
3554 }
3555
3556 /* Allocate an object of the given size from the context's heap. */
3557 static void *
3558 CCalloc(context_type *context, int size, jboolean zero)
3559 {
3560
3561 register char *p;
3562 /* Round CC to the size of a pointer */
3563 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3564
3565 if (context->CCfree_size < size) {
3566 struct CCpool *current = context->CCcurrent;
3567 struct CCpool *new;
3568 if (size > CCSegSize) { /* we need to allocate a special block */
3569 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3570 (size - CCSegSize));
3571 if (new == 0) {
3572 CCout_of_memory(context);
3573 }
3574 new->next = current->next;
3575 new->segSize = size;
3576 current->next = new;
3577 } else {
3578 new = current->next;
3579 if (new == NULL) {
3580 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3581 if (new == 0) {
3582 CCout_of_memory(context);
3583 }
3584 current->next = new;
3585 new->next = NULL;
3586 new->segSize = CCSegSize;
3587 }
3588 }
3589 context->CCcurrent = new;
3590 context->CCfree_ptr = &new->space[0];
3591 context->CCfree_size = new->segSize;
3592 }
3593 p = context->CCfree_ptr;
3594 context->CCfree_ptr += size;
3595 context->CCfree_size -= size;
3596 if (zero)
3597 memset(p, 0, size);
3598 return p;
3599 }
3600
3601 /* Get the class associated with a particular field or method or class in the
3602 * constant pool. If is_field is true, we've got a field or method. If
3603 * false, we've got a class.
3604 */
3605 static fullinfo_type
3606 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3607 {
3608 JNIEnv *env = context->env;
3609 fullinfo_type result;
3610 const char *classname;
3611 switch (kind) {
3612 case JVM_CONSTANT_Class:
3613 classname = JVM_GetCPClassNameUTF(env,
3614 context->class,
3615 cp_index);
3616 break;
3617 case JVM_CONSTANT_Methodref:
3618 classname = JVM_GetCPMethodClassNameUTF(env,
3619 context->class,
3620 cp_index);
3621 break;
3622 case JVM_CONSTANT_Fieldref:
3623 classname = JVM_GetCPFieldClassNameUTF(env,
3624 context->class,
3625 cp_index);
3626 break;
3627 default:
3628 classname = NULL;
3629 CCerror(context, "Internal error #5");
3630 }
3631
3632 check_and_push(context, classname, VM_STRING_UTF);
3633 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3634 /* This make recursively call us, in case of a class array */
3635 signature_to_fieldtype(context, &classname, &result);
3636 } else {
3637 result = make_class_info_from_name(context, classname);
3638 }
3639 pop_and_free(context);
3640 return result;
3641 }
3642
3643
3644 static int
3645 print_CCerror_info(context_type *context)
3646 {
3647 JNIEnv *env = context->env;
3648 jclass cb = context->class;
3649 const char *classname = JVM_GetClassNameUTF(env, cb);
3650 const char *name = 0;
3651 const char *signature = 0;
3652 int n = 0;
3653 if (context->method_index != -1) {
3654 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3655 signature =
3656 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3657 n += jio_snprintf(context->message, context->message_buf_len,
3658 "(class: %s, method: %s signature: %s) ",
3659 (classname ? classname : ""),
3660 (name ? name : ""),
3661 (signature ? signature : ""));
3662 } else if (context->field_index != -1 ) {
3663 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3664 n += jio_snprintf(context->message, context->message_buf_len,
3665 "(class: %s, field: %s) ",
3666 (classname ? classname : 0),
3667 (name ? name : 0));
3668 } else {
3669 n += jio_snprintf(context->message, context->message_buf_len,
3670 "(class: %s) ", classname ? classname : "");
3671 }
3672 JVM_ReleaseUTF(classname);
3673 JVM_ReleaseUTF(name);
3674 JVM_ReleaseUTF(signature);
3675 return n;
3676 }
3677
3678 static void
3679 CCerror (context_type *context, char *format, ...)
3680 {
3681 int n = print_CCerror_info(context);
3682 va_list args;
3683 if (n >= 0 && n < context->message_buf_len) {
3684 va_start(args, format);
3685 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3686 format, args);
3687 va_end(args);
3688 }
3689 context->err_code = CC_VerifyError;
3690 longjmp(context->jump_buffer, 1);
3691 }
3692
3693 static void
3694 CCout_of_memory(context_type *context)
3695 {
3696 int n = print_CCerror_info(context);
3697 context->err_code = CC_OutOfMemory;
3698 longjmp(context->jump_buffer, 1);
3699 }
3700
3701 static void
3702 CFerror(context_type *context, char *format, ...)
3703 {
3704 int n = print_CCerror_info(context);
3705 va_list args;
3706 if (n >= 0 && n < context->message_buf_len) {
3707 va_start(args, format);
3708 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3709 format, args);
3710 va_end(args);
3711 }
3712 context->err_code = CC_ClassFormatError;
3713 longjmp(context->jump_buffer, 1);
3714 }
3715
3716 static char
3717 signature_to_fieldtype(context_type *context,
3718 const char **signature_p, fullinfo_type *full_info_p)
3719 {
3720 const char *p = *signature_p;
3721 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3722 char result;
3723 int array_depth = 0;
3724
3725 for (;;) {
3726 switch(*p++) {
3727 default:
3728 result = 0;
3729 break;
3730
3731 case JVM_SIGNATURE_BOOLEAN: case JVM_SIGNATURE_BYTE:
3732 full_info = (array_depth > 0)
3733 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3734 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3735 result = 'I';
3736 break;
3737
3738 case JVM_SIGNATURE_CHAR:
3739 full_info = (array_depth > 0)
3740 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3741 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3742 result = 'I';
3743 break;
3744
3745 case JVM_SIGNATURE_SHORT:
3746 full_info = (array_depth > 0)
3747 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3748 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3749 result = 'I';
3750 break;
3751
3752 case JVM_SIGNATURE_INT:
3753 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3754 result = 'I';
3755 break;
3756
3757 case JVM_SIGNATURE_FLOAT:
3758 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3759 result = 'F';
3760 break;
3761
3762 case JVM_SIGNATURE_DOUBLE:
3763 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3764 result = 'D';
3765 break;
3766
3767 case JVM_SIGNATURE_LONG:
3768 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3769 result = 'L';
3770 break;
3771
3772 case JVM_SIGNATURE_ARRAY:
3773 array_depth++;
3774 continue; /* only time we ever do the loop > 1 */
3775
3776 case JVM_SIGNATURE_CLASS: {
3777 char buffer_space[256];
3778 char *buffer = buffer_space;
3779 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3780 int length;
3781 if (finish == NULL) {
3782 /* Signature must have ';' after the class name.
3783 * If it does not, return 0 and ITEM_Bogus in full_info. */
3784 result = 0;
3785 break;
3786 }
3787 length = finish - p;
3788 if (length + 1 > (int)sizeof(buffer_space)) {
3789 buffer = malloc(length + 1);
3790 check_and_push(context, buffer, VM_MALLOC_BLK);
3791 }
3792 memcpy(buffer, p, length);
3793 buffer[length] = '\0';
3794 full_info = make_class_info_from_name(context, buffer);
3795 result = 'A';
3796 p = finish + 1;
3797 if (buffer != buffer_space)
3798 pop_and_free(context);
3799 break;
3800 }
3801 } /* end of switch */
3802 break;
3803 }
3804 *signature_p = p;
3805 if (array_depth == 0 || result == 0) {
3806 /* either not an array, or result is bogus */
3807 *full_info_p = full_info;
3808 return result;
3809 } else {
3810 if (array_depth > MAX_ARRAY_DIMENSIONS)
3811 CCerror(context, "Array with too many dimensions");
3812 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3813 array_depth,
3814 GET_EXTRA_INFO(full_info));
3815 return 'A';
3816 }
3817 }
3818
3819
3820 /* Given an array type, create the type that has one less level of
3821 * indirection.
3822 */
3823
3824 static fullinfo_type
3825 decrement_indirection(fullinfo_type array_info)
3826 {
3827 if (array_info == NULL_FULLINFO) {
3828 return NULL_FULLINFO;
3829 } else {
3830 int type = GET_ITEM_TYPE(array_info);
3831 int indirection = GET_INDIRECTION(array_info) - 1;
3832 int extra_info = GET_EXTRA_INFO(array_info);
3833 if ( (indirection == 0)
3834 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Char)))
3835 type = ITEM_Integer;
3836 return MAKE_FULLINFO(type, indirection, extra_info);
3837 }
3838 }
3839
3840
3841 /* See if we can assign an object of the "from" type to an object
3842 * of the "to" type.
3843 */
3844
3845 static jboolean isAssignableTo(context_type *context,
3846 fullinfo_type from, fullinfo_type to)
3847 {
3848 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3849 }
3850
3851 /* Given two fullinfo_type's, find their lowest common denominator. If
3852 * the assignable_p argument is non-null, we're really just calling to find
3853 * out if "<target> := <value>" is a legitimate assignment.
3854 *
3855 * We treat all interfaces as if they were of type java/lang/Object, since the
3856 * runtime will do the full checking.
3857 */
3858 static fullinfo_type
3859 merge_fullinfo_types(context_type *context,
3860 fullinfo_type value, fullinfo_type target,
3861 jboolean for_assignment)
3862 {
3863 JNIEnv *env = context->env;
3864 if (value == target) {
3865 /* If they're identical, clearly just return what we've got */
3866 return value;
3867 }
3868
3869 /* Both must be either arrays or objects to go further */
3870 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3871 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3872 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3873 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3874
3875 /* If either is NULL, return the other. */
3876 if (value == NULL_FULLINFO)
3877 return target;
3878 else if (target == NULL_FULLINFO)
3879 return value;
3880
3881 /* If either is java/lang/Object, that's the result. */
3882 if (target == context->object_info)
3883 return target;
3884 else if (value == context->object_info) {
3885 /* Minor hack. For assignments, Interface := Object, return Interface
3886 * rather than Object, so that isAssignableTo() will get the right
3887 * result. */
3888 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3889 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3890 jclass cb = object_fullinfo_to_classclass(context,
3891 target);
3892 int is_interface = cb && JVM_IsInterface(env, cb);
3893 if (is_interface)
3894 return target;
3895 }
3896 return value;
3897 }
3898 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3899 /* At least one is an array. Neither is java/lang/Object or NULL.
3900 * Moreover, the types are not identical.
3901 * The result must either be Object, or an array of some object type.
3902 */
3903 fullinfo_type value_base, target_base;
3904 int dimen_value = GET_INDIRECTION(value);
3905 int dimen_target = GET_INDIRECTION(target);
3906
3907 if (target == context->cloneable_info ||
3908 target == context->serializable_info) {
3909 return target;
3910 }
3911
3912 if (value == context->cloneable_info ||
3913 value == context->serializable_info) {
3914 return value;
3915 }
3916
3917 /* First, if either item's base type isn't ITEM_Object, promote it up
3918 * to an object or array of object. If either is elemental, we can
3919 * punt.
3920 */
3921 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3922 if (dimen_value == 0)
3923 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3924 dimen_value--;
3925 value = MAKE_Object_ARRAY(dimen_value);
3926
3927 }
3928 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3929 if (dimen_target == 0)
3930 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3931 dimen_target--;
3932 target = MAKE_Object_ARRAY(dimen_target);
3933 }
3934 /* Both are now objects or arrays of some sort of object type */
3935 value_base = WITH_ZERO_INDIRECTION(value);
3936 target_base = WITH_ZERO_INDIRECTION(target);
3937 if (dimen_value == dimen_target) {
3938 /* Arrays of the same dimension. Merge their base types. */
3939 fullinfo_type result_base =
3940 merge_fullinfo_types(context, value_base, target_base,
3941 for_assignment);
3942 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3943 /* bogus in, bogus out */
3944 return result_base;
3945 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3946 GET_EXTRA_INFO(result_base));
3947 } else {
3948 /* Arrays of different sizes. If the smaller dimension array's base
3949 * type is java/lang/Cloneable or java/io/Serializable, return it.
3950 * Otherwise return java/lang/Object with a dimension of the smaller
3951 * of the two */
3952 if (dimen_value < dimen_target) {
3953 if (value_base == context->cloneable_info ||
3954 value_base == context ->serializable_info) {
3955 return value;
3956 }
3957 return MAKE_Object_ARRAY(dimen_value);
3958 } else {
3959 if (target_base == context->cloneable_info ||
3960 target_base == context->serializable_info) {
3961 return target;
3962 }
3963 return MAKE_Object_ARRAY(dimen_target);
3964 }
3965 }
3966 } else {
3967 /* Both are non-array objects. Neither is java/lang/Object or NULL */
3968 jclass cb_value, cb_target, cb_super_value, cb_super_target;
3969 fullinfo_type result_info;
3970
3971 /* Let's get the classes corresponding to each of these. Treat
3972 * interfaces as if they were java/lang/Object. See hack note above. */
3973 cb_target = object_fullinfo_to_classclass(context, target);
3974 if (cb_target == 0)
3975 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3976 if (JVM_IsInterface(env, cb_target))
3977 return for_assignment ? target : context->object_info;
3978 cb_value = object_fullinfo_to_classclass(context, value);
3979 if (cb_value == 0)
3980 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3981 if (JVM_IsInterface(env, cb_value))
3982 return context->object_info;
3983
3984 /* If this is for assignment of target := value, we just need to see if
3985 * cb_target is a superclass of cb_value. Save ourselves a lot of
3986 * work.
3987 */
3988 if (for_assignment) {
3989 cb_super_value = (*env)->GetSuperclass(env, cb_value);
3990 while (cb_super_value != 0) {
3991 jclass tmp_cb;
3992 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
3993 (*env)->DeleteLocalRef(env, cb_super_value);
3994 return target;
3995 }
3996 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
3997 (*env)->DeleteLocalRef(env, cb_super_value);
3998 cb_super_value = tmp_cb;
3999 }
4000 (*env)->DeleteLocalRef(env, cb_super_value);
4001 return context->object_info;
4002 }
4003
4004 /* Find out whether cb_value or cb_target is deeper in the class
4005 * tree by moving both toward the root, and seeing who gets there
4006 * first. */
4007 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4008 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4009 while((cb_super_value != 0) &&
4010 (cb_super_target != 0)) {
4011 jclass tmp_cb;
4012 /* Optimization. If either hits the other when going up looking
4013 * for a parent, then might as well return the parent immediately */
4014 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4015 (*env)->DeleteLocalRef(env, cb_super_value);
4016 (*env)->DeleteLocalRef(env, cb_super_target);
4017 return target;
4018 }
4019 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4020 (*env)->DeleteLocalRef(env, cb_super_value);
4021 (*env)->DeleteLocalRef(env, cb_super_target);
4022 return value;
4023 }
4024 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4025 (*env)->DeleteLocalRef(env, cb_super_value);
4026 cb_super_value = tmp_cb;
4027
4028 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4029 (*env)->DeleteLocalRef(env, cb_super_target);
4030 cb_super_target = tmp_cb;
4031 }
4032 cb_value = (*env)->NewLocalRef(env, cb_value);
4033 cb_target = (*env)->NewLocalRef(env, cb_target);
4034 /* At most one of the following two while clauses will be executed.
4035 * Bring the deeper of cb_target and cb_value to the depth of the
4036 * shallower one.
4037 */
4038 while (cb_super_value != 0) {
4039 /* cb_value is deeper */
4040 jclass cb_tmp;
4041
4042 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4043 (*env)->DeleteLocalRef(env, cb_super_value);
4044 cb_super_value = cb_tmp;
4045
4046 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4047 (*env)->DeleteLocalRef(env, cb_value);
4048 cb_value = cb_tmp;
4049 }
4050 while (cb_super_target != 0) {
4051 /* cb_target is deeper */
4052 jclass cb_tmp;
4053
4054 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4055 (*env)->DeleteLocalRef(env, cb_super_target);
4056 cb_super_target = cb_tmp;
4057
4058 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4059 (*env)->DeleteLocalRef(env, cb_target);
4060 cb_target = cb_tmp;
4061 }
4062
4063 /* Walk both up, maintaining equal depth, until a join is found. We
4064 * know that we will find one. */
4065 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4066 jclass cb_tmp;
4067 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4068 (*env)->DeleteLocalRef(env, cb_value);
4069 cb_value = cb_tmp;
4070 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4071 (*env)->DeleteLocalRef(env, cb_target);
4072 cb_target = cb_tmp;
4073 }
4074 result_info = make_class_info(context, cb_value);
4075 (*env)->DeleteLocalRef(env, cb_value);
4076 (*env)->DeleteLocalRef(env, cb_super_value);
4077 (*env)->DeleteLocalRef(env, cb_target);
4078 (*env)->DeleteLocalRef(env, cb_super_target);
4079 return result_info;
4080 } /* both items are classes */
4081 }
4082
4083
4084 /* Given a fullinfo_type corresponding to an Object, return the jclass
4085 * of that type.
4086 *
4087 * This function always returns a global reference!
4088 */
4089
4090 static jclass
4091 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4092 {
4093 unsigned short info = GET_EXTRA_INFO(classinfo);
4094 return ID_to_class(context, info);
4095 }
4096
4097 static void free_block(void *ptr, int kind)
4098 {
4099 switch (kind) {
4100 case VM_STRING_UTF:
4101 JVM_ReleaseUTF(ptr);
4102 break;
4103 case VM_MALLOC_BLK:
4104 free(ptr);
4105 break;
4106 }
4107 }
4108
4109 static void check_and_push(context_type *context, const void *ptr, int kind)
4110 {
4111 alloc_stack_type *p;
4112 if (ptr == 0)
4113 CCout_of_memory(context);
4114 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4115 p = &(context->alloc_stack[context->alloc_stack_top++]);
4116 else {
4117 /* Otherwise we have to malloc */
4118 p = malloc(sizeof(alloc_stack_type));
4119 if (p == 0) {
4120 /* Make sure we clean up. */
4121 free_block((void *)ptr, kind);
4122 CCout_of_memory(context);
4123 }
4124 }
4125 p->kind = kind;
4126 p->ptr = (void *)ptr;
4127 p->next = context->allocated_memory;
4128 context->allocated_memory = p;
4129 }
4130
4131 static void pop_and_free(context_type *context)
4132 {
4133 alloc_stack_type *p = context->allocated_memory;
4134 context->allocated_memory = p->next;
4135 free_block(p->ptr, p->kind);
4136 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4137 p >= context->alloc_stack)
4138 context->alloc_stack_top--;
4139 else
4140 free(p);
4141 }
4142
4143 static int signature_to_args_size(const char *method_signature)
4144 {
4145 const char *p;
4146 int args_size = 0;
4147 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4148 switch (*p) {
4149 case JVM_SIGNATURE_BOOLEAN:
4150 case JVM_SIGNATURE_BYTE:
4151 case JVM_SIGNATURE_CHAR:
4152 case JVM_SIGNATURE_SHORT:
4153 case JVM_SIGNATURE_INT:
4154 case JVM_SIGNATURE_FLOAT:
4155 args_size += 1;
4156 break;
4157 case JVM_SIGNATURE_CLASS:
4158 args_size += 1;
4159 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4160 break;
4161 case JVM_SIGNATURE_ARRAY:
4162 args_size += 1;
4163 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4164 /* If an array of classes, skip over class name, too. */
4165 if (*p == JVM_SIGNATURE_CLASS) {
4166 while (*p != JVM_SIGNATURE_ENDCLASS)
4167 p++;
4168 }
4169 break;
4170 case JVM_SIGNATURE_DOUBLE:
4171 case JVM_SIGNATURE_LONG:
4172 args_size += 2;
4173 break;
4174 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4175 break;
4176 default:
4177 /* Indicate an error. */
4178 return 0;
4179 }
4180 }
4181 return args_size;
4182 }
4183
4184 #ifdef DEBUG
4185
4186 /* Below are for debugging. */
4187
4188 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4189
4190 static void
4191 print_stack(context_type *context, stack_info_type *stack_info)
4192 {
4193 stack_item_type *stack = stack_info->stack;
4194 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4195 jio_fprintf(stdout, "x");
4196 } else {
4197 jio_fprintf(stdout, "(");
4198 for ( ; stack != 0; stack = stack->next)
4199 print_fullinfo_type(context, stack->item,
4200 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4201 jio_fprintf(stdout, ")");
4202 }
4203 }
4204
4205 static void
4206 print_registers(context_type *context, register_info_type *register_info)
4207 {
4208 int register_count = register_info->register_count;
4209 if (register_count == UNKNOWN_REGISTER_COUNT) {
4210 jio_fprintf(stdout, "x");
4211 } else {
4212 fullinfo_type *registers = register_info->registers;
4213 int mask_count = register_info->mask_count;
4214 mask_type *masks = register_info->masks;
4215 int i, j;
4216
4217 jio_fprintf(stdout, "{");
4218 for (i = 0; i < register_count; i++)
4219 print_fullinfo_type(context, registers[i],
4220 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4221 jio_fprintf(stdout, "}");
4222 for (i = 0; i < mask_count; i++) {
4223 char *separator = "";
4224 int *modifies = masks[i].modifies;
4225 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4226 for (j = 0;
4227 j < JVM_GetMethodIxLocalsCount(context->env,
4228 context->class,
4229 context->method_index);
4230 j++)
4231 if (IS_BIT_SET(modifies, j)) {
4232 jio_fprintf(stdout, "%s%d", separator, j);
4233 separator = ",";
4234 }
4235 jio_fprintf(stdout, ">");
4236 }
4237 }
4238 }
4239
4240
4241 static void
4242 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4243 {
4244 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4245 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4246 }
4247 }
4248
4249 static void
4250 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4251 {
4252 int i;
4253 int indirection = GET_INDIRECTION(type);
4254 for (i = indirection; i-- > 0; )
4255 jio_fprintf(stdout, "[");
4256 switch (GET_ITEM_TYPE(type)) {
4257 case ITEM_Integer:
4258 jio_fprintf(stdout, "I"); break;
4259 case ITEM_Float:
4260 jio_fprintf(stdout, "F"); break;
4261 case ITEM_Double:
4262 jio_fprintf(stdout, "D"); break;
4263 case ITEM_Double_2:
4264 jio_fprintf(stdout, "d"); break;
4265 case ITEM_Long:
4266 jio_fprintf(stdout, "L"); break;
4267 case ITEM_Long_2:
4268 jio_fprintf(stdout, "l"); break;
4269 case ITEM_ReturnAddress:
4270 jio_fprintf(stdout, "a"); break;
4271 case ITEM_Object:
4272 if (!verbose) {
4273 jio_fprintf(stdout, "A");
4274 } else {
4275 unsigned short extra = GET_EXTRA_INFO(type);
4276 if (extra == 0) {
4277 jio_fprintf(stdout, "/Null/");
4278 } else {
4279 const char *name = ID_to_class_name(context, extra);
4280 const char *name2 = strrchr(name, '/');
4281 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4282 }
4283 }
4284 break;
4285 case ITEM_Char:
4286 jio_fprintf(stdout, "C"); break;
4287 case ITEM_Short:
4288 jio_fprintf(stdout, "S"); break;
4289 case ITEM_Byte:
4290 jio_fprintf(stdout, "B"); break;
4291 case ITEM_NewObject:
4292 if (!verbose) {
4293 jio_fprintf(stdout, "@");
4294 } else {
4295 int inum = GET_EXTRA_INFO(type);
4296 fullinfo_type real_type =
4297 context->instruction_data[inum].operand2.fi;
4298 jio_fprintf(stdout, ">");
4299 print_fullinfo_type(context, real_type, JNI_TRUE);
4300 jio_fprintf(stdout, "<");
4301 }
4302 break;
4303 case ITEM_InitObject:
4304 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4305 break;
4306
4307 default:
4308 jio_fprintf(stdout, "?"); break;
4309 }
4310 for (i = indirection; i-- > 0; )
4311 jio_fprintf(stdout, "]");
4312 }
4313
4314
4315 static void
4316 print_formatted_fieldname(context_type *context, int index)
4317 {
4318 JNIEnv *env = context->env;
4319 jclass cb = context->class;
4320 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4321 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4322 jio_fprintf(stdout, " <%s.%s>",
4323 classname ? classname : "", fieldname ? fieldname : "");
4324 JVM_ReleaseUTF(classname);
4325 JVM_ReleaseUTF(fieldname);
4326 }
4327
4328 static void
4329 print_formatted_methodname(context_type *context, int index)
4330 {
4331 JNIEnv *env = context->env;
4332 jclass cb = context->class;
4333 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4334 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4335 jio_fprintf(stdout, " <%s.%s>",
4336 classname ? classname : "", methodname ? methodname : "");
4337 JVM_ReleaseUTF(classname);
4338 JVM_ReleaseUTF(methodname);
4339 }
4340
4341 #endif /*DEBUG*/