1 /*
   2  * Copyright (c) 1994, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 /*-
  27  *      Verify that the code within a method block doesn't exploit any
  28  *      security holes.
  29  */
  30 /*
  31    Exported function:
  32 
  33    jboolean
  34    VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
  35                jint buffer_length)
  36    jboolean
  37    VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
  38                               jint buffer_length, jint major_version)
  39 
  40    This file now only uses the standard JNI and the following VM functions
  41    exported in jvm.h:
  42 
  43    JVM_FindClassFromClass
  44    JVM_IsInterface
  45    JVM_GetClassNameUTF
  46    JVM_GetClassCPEntriesCount
  47    JVM_GetClassCPTypes
  48    JVM_GetClassFieldsCount
  49    JVM_GetClassMethodsCount
  50 
  51    JVM_GetFieldIxModifiers
  52 
  53    JVM_GetMethodIxModifiers
  54    JVM_GetMethodIxExceptionTableLength
  55    JVM_GetMethodIxLocalsCount
  56    JVM_GetMethodIxArgsSize
  57    JVM_GetMethodIxMaxStack
  58    JVM_GetMethodIxNameUTF
  59    JVM_GetMethodIxSignatureUTF
  60    JVM_GetMethodIxExceptionsCount
  61    JVM_GetMethodIxExceptionIndexes
  62    JVM_GetMethodIxByteCodeLength
  63    JVM_GetMethodIxByteCode
  64    JVM_GetMethodIxExceptionTableEntry
  65    JVM_IsConstructorIx
  66 
  67    JVM_GetCPClassNameUTF
  68    JVM_GetCPFieldNameUTF
  69    JVM_GetCPMethodNameUTF
  70    JVM_GetCPFieldSignatureUTF
  71    JVM_GetCPMethodSignatureUTF
  72    JVM_GetCPFieldClassNameUTF
  73    JVM_GetCPMethodClassNameUTF
  74    JVM_GetCPFieldModifiers
  75    JVM_GetCPMethodModifiers
  76 
  77    JVM_ReleaseUTF
  78    JVM_IsSameClassPackage
  79 
  80  */
  81 
  82 #include <string.h>
  83 #include <setjmp.h>
  84 #include <assert.h>
  85 #include <limits.h>
  86 #include <stdlib.h>
  87 
  88 #include "jni.h"
  89 #include "jvm.h"
  90 #include "classfile_constants.h"
  91 #include "opcodes.in_out"
  92 
  93 /* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
  94  * but the code here does not handles it. So we wrap the methods and return non-NULL
  95  * pointers even if we allocate 0 bytes.
  96  */
  97 #ifdef _AIX
  98 static int aix_dummy;
  99 static void* aix_malloc(size_t len) {
 100   if (len == 0) {
 101     return &aix_dummy;
 102   }
 103   return malloc(len);
 104 }
 105 
 106 static void* aix_calloc(size_t n, size_t size) {
 107   if (n == 0) {
 108     return &aix_dummy;
 109   }
 110   return calloc(n, size);
 111 }
 112 
 113 static void aix_free(void* p) {
 114   if (p == &aix_dummy) {
 115     return;
 116   }
 117   free(p);
 118 }
 119 
 120 #undef malloc
 121 #undef calloc
 122 #undef free
 123 #define malloc aix_malloc
 124 #define calloc aix_calloc
 125 #define free aix_free
 126 #endif
 127 
 128 #ifdef __APPLE__
 129 /* use setjmp/longjmp versions that do not save/restore the signal mask */
 130 #define setjmp _setjmp
 131 #define longjmp _longjmp
 132 #endif
 133 
 134 #define MAX_ARRAY_DIMENSIONS 255
 135 /* align byte code */
 136 #ifndef ALIGN_UP
 137 #define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
 138 #endif /* ALIGN_UP */
 139 #define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
 140 
 141 #ifdef DEBUG
 142 
 143 int verify_verbose = 0;
 144 static struct context_type *GlobalContext;
 145 #endif
 146 
 147 enum {
 148     ITEM_Bogus,
 149     ITEM_Void,                  /* only as a function return value */
 150     ITEM_Integer,
 151     ITEM_Float,
 152     ITEM_Double,
 153     ITEM_Double_2,              /* 2nd word of double in register */
 154     ITEM_Long,
 155     ITEM_Long_2,                /* 2nd word of long in register */
 156     ITEM_Array,
 157     ITEM_Object,                /* Extra info field gives name. */
 158     ITEM_NewObject,             /* Like object, but uninitialized. */
 159     ITEM_InitObject,            /* "this" is init method, before call
 160                                     to super() */
 161     ITEM_ReturnAddress,         /* Extra info gives instr # of start pc */
 162     /* The following four are only used within array types.
 163      * Normally, we use ITEM_Integer, instead. */
 164     ITEM_Byte,
 165     ITEM_Short,
 166     ITEM_Char,
 167     ITEM_Boolean
 168 };
 169 
 170 
 171 #define UNKNOWN_STACK_SIZE -1
 172 #define UNKNOWN_REGISTER_COUNT -1
 173 #define UNKNOWN_RET_INSTRUCTION -1
 174 
 175 #undef MAX
 176 #undef MIN
 177 #define MAX(a, b) ((a) > (b) ? (a) : (b))
 178 #define MIN(a, b) ((a) < (b) ? (a) : (b))
 179 
 180 #define BITS_PER_INT   (CHAR_BIT * sizeof(int)/sizeof(char))
 181 #define SET_BIT(flags, i)  (flags[(i)/BITS_PER_INT] |= \
 182                                        ((unsigned)1 << ((i) % BITS_PER_INT)))
 183 #define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
 184                                        ((unsigned)1 << ((i) % BITS_PER_INT)))
 185 
 186 typedef unsigned int fullinfo_type;
 187 typedef unsigned int *bitvector;
 188 
 189 #define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
 190 #define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
 191 #define GET_EXTRA_INFO(thing) ((thing) >> 16)
 192 #define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
 193 #define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
 194 
 195 #define MAKE_FULLINFO(type, indirect, extra) \
 196      ((type) + ((indirect) << 5) + ((extra) << 16))
 197 
 198 #define MAKE_Object_ARRAY(indirect) \
 199        (context->object_info + ((indirect) << 5))
 200 
 201 #define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
 202 
 203 /* JVM_OPC_invokespecial calls to <init> need to be treated special */
 204 #define JVM_OPC_invokeinit 0x100
 205 
 206 /* A hash mechanism used by the verifier.
 207  * Maps class names to unique 16 bit integers.
 208  */
 209 
 210 #define HASH_TABLE_SIZE 503
 211 
 212 /* The buckets are managed as a 256 by 256 matrix. We allocate an entire
 213  * row (256 buckets) at a time to minimize fragmentation. Rows are
 214  * allocated on demand so that we don't waste too much space.
 215  */
 216 
 217 #define MAX_HASH_ENTRIES 65536
 218 #define HASH_ROW_SIZE 256
 219 
 220 typedef struct hash_bucket_type {
 221     char *name;
 222     unsigned int hash;
 223     jclass class;
 224     unsigned short ID;
 225     unsigned short next;
 226     unsigned loadable:1;  /* from context->class loader */
 227 } hash_bucket_type;
 228 
 229 typedef struct {
 230     hash_bucket_type **buckets;
 231     unsigned short *table;
 232     int entries_used;
 233 } hash_table_type;
 234 
 235 #define GET_BUCKET(class_hash, ID)\
 236     (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
 237 
 238 /*
 239  * There are currently two types of resources that we need to keep
 240  * track of (in addition to the CCalloc pool).
 241  */
 242 enum {
 243     VM_STRING_UTF, /* VM-allocated UTF strings */
 244     VM_MALLOC_BLK  /* malloc'ed blocks */
 245 };
 246 
 247 #define LDC_CLASS_MAJOR_VERSION 49
 248 
 249 #define LDC_METHOD_HANDLE_MAJOR_VERSION 51
 250 
 251 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
 252 
 253 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION  52
 254 
 255 #define ALLOC_STACK_SIZE 16 /* big enough */
 256 
 257 typedef struct alloc_stack_type {
 258     void *ptr;
 259     int kind;
 260     struct alloc_stack_type *next;
 261 } alloc_stack_type;
 262 
 263 /* The context type encapsulates the current invocation of the byte
 264  * code verifier.
 265  */
 266 struct context_type {
 267 
 268     JNIEnv *env;                /* current JNIEnv */
 269 
 270     /* buffers etc. */
 271     char *message;
 272     jint message_buf_len;
 273     jboolean err_code;
 274 
 275     alloc_stack_type *allocated_memory; /* all memory blocks that we have not
 276                                            had a chance to free */
 277     /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
 278        blocks here, to save mallocs. */
 279     alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
 280     int alloc_stack_top;
 281 
 282     /* these fields are per class */
 283     jclass class;               /* current class */
 284     jint major_version;
 285     jint nconstants;
 286     unsigned char *constant_types;
 287     hash_table_type class_hash;
 288 
 289     fullinfo_type object_info;  /* fullinfo for java/lang/Object */
 290     fullinfo_type string_info;  /* fullinfo for java/lang/String */
 291     fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
 292     fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
 293     fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
 294 
 295     fullinfo_type currentclass_info; /* fullinfo for context->class */
 296     fullinfo_type superclass_info;   /* fullinfo for superclass */
 297 
 298     /* these fields are per method */
 299     int method_index;   /* current method */
 300     unsigned short *exceptions; /* exceptions */
 301     unsigned char *code;        /* current code object */
 302     jint code_length;
 303     int *code_data;             /* offset to instruction number */
 304     struct instruction_data_type *instruction_data; /* info about each */
 305     struct handler_info_type *handler_info;
 306     fullinfo_type *superclasses; /* null terminated superclasses */
 307     int instruction_count;      /* number of instructions */
 308     fullinfo_type return_type;  /* function return type */
 309     fullinfo_type swap_table[4]; /* used for passing information */
 310     int bitmask_size;           /* words needed to hold bitmap of arguments */
 311 
 312     /* these fields are per field */
 313     int field_index;
 314 
 315     /* Used by the space allocator */
 316     struct CCpool *CCroot, *CCcurrent;
 317     char *CCfree_ptr;
 318     int CCfree_size;
 319 
 320     /* Jump here on any error. */
 321     jmp_buf jump_buffer;
 322 
 323 #ifdef DEBUG
 324     /* keep track of how many global refs are allocated. */
 325     int n_globalrefs;
 326 #endif
 327 };
 328 
 329 struct stack_info_type {
 330     struct stack_item_type *stack;
 331     int stack_size;
 332 };
 333 
 334 struct register_info_type {
 335     int register_count;         /* number of registers used */
 336     fullinfo_type *registers;
 337     int mask_count;             /* number of masks in the following */
 338     struct mask_type *masks;
 339 };
 340 
 341 struct mask_type {
 342     int entry;
 343     int *modifies;
 344 };
 345 
 346 typedef unsigned short flag_type;
 347 
 348 struct instruction_data_type {
 349     int opcode;         /* may turn into "canonical" opcode */
 350     unsigned changed:1;         /* has it changed */
 351     unsigned protected:1;       /* must accessor be a subclass of "this" */
 352     union {
 353         int i;                  /* operand to the opcode */
 354         int *ip;
 355         fullinfo_type fi;
 356     } operand, operand2;
 357     fullinfo_type p;
 358     struct stack_info_type stack_info;
 359     struct register_info_type register_info;
 360 #define FLAG_REACHED            0x01 /* instruction reached */
 361 #define FLAG_NEED_CONSTRUCTOR   0x02 /* must call this.<init> or super.<init> */
 362 #define FLAG_NO_RETURN          0x04 /* must throw out of method */
 363     flag_type or_flags;         /* true for at least one path to this inst */
 364 #define FLAG_CONSTRUCTED        0x01 /* this.<init> or super.<init> called */
 365     flag_type and_flags;        /* true for all paths to this instruction */
 366 };
 367 
 368 struct handler_info_type {
 369     int start, end, handler;
 370     struct stack_info_type stack_info;
 371 };
 372 
 373 struct stack_item_type {
 374     fullinfo_type item;
 375     struct stack_item_type *next;
 376 };
 377 
 378 typedef struct context_type context_type;
 379 typedef struct instruction_data_type instruction_data_type;
 380 typedef struct stack_item_type stack_item_type;
 381 typedef struct register_info_type register_info_type;
 382 typedef struct stack_info_type stack_info_type;
 383 typedef struct mask_type mask_type;
 384 
 385 static void read_all_code(context_type *context, jclass cb, int num_methods,
 386                           int** code_lengths, unsigned char*** code);
 387 static void verify_method(context_type *context, jclass cb, int index,
 388                           int code_length, unsigned char* code);
 389 static void free_all_code(context_type* context, int num_methods,
 390                           unsigned char** code);
 391 static void verify_field(context_type *context, jclass cb, int index);
 392 
 393 static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
 394 static void set_protected(context_type *, unsigned int inumber, int key, int);
 395 static jboolean is_superclass(context_type *, fullinfo_type);
 396 
 397 static void initialize_exception_table(context_type *);
 398 static int instruction_length(unsigned char *iptr, unsigned char *end);
 399 static jboolean isLegalTarget(context_type *, int offset);
 400 static void verify_constant_pool_type(context_type *, int, unsigned);
 401 
 402 static void initialize_dataflow(context_type *);
 403 static void run_dataflow(context_type *context);
 404 static void check_register_values(context_type *context, unsigned int inumber);
 405 static void check_flags(context_type *context, unsigned int inumber);
 406 static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
 407 static void update_registers(context_type *, unsigned int inumber, register_info_type *);
 408 static void update_flags(context_type *, unsigned int inumber,
 409                          flag_type *new_and_flags, flag_type *new_or_flags);
 410 static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
 411 
 412 static void merge_into_successors(context_type *, unsigned int inumber,
 413                                   register_info_type *register_info,
 414                                   stack_info_type *stack_info,
 415                                   flag_type and_flags, flag_type or_flags);
 416 static void merge_into_one_successor(context_type *context,
 417                                      unsigned int from_inumber,
 418                                      unsigned int inumber,
 419                                      register_info_type *register_info,
 420                                      stack_info_type *stack_info,
 421                                      flag_type and_flags, flag_type or_flags,
 422                                      jboolean isException);
 423 static void merge_stack(context_type *, unsigned int inumber,
 424                         unsigned int to_inumber, stack_info_type *);
 425 static void merge_registers(context_type *, unsigned int inumber,
 426                             unsigned int to_inumber,
 427                             register_info_type *);
 428 static void merge_flags(context_type *context, unsigned int from_inumber,
 429                         unsigned int to_inumber,
 430                         flag_type new_and_flags, flag_type new_or_flags);
 431 
 432 static stack_item_type *copy_stack(context_type *, stack_item_type *);
 433 static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
 434 static mask_type *add_to_masks(context_type *, mask_type *, int , int);
 435 
 436 static fullinfo_type decrement_indirection(fullinfo_type);
 437 
 438 static fullinfo_type merge_fullinfo_types(context_type *context,
 439                                           fullinfo_type a,
 440                                           fullinfo_type b,
 441                                           jboolean assignment);
 442 static jboolean isAssignableTo(context_type *,
 443                                fullinfo_type a,
 444                                fullinfo_type b);
 445 
 446 static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
 447 
 448 
 449 #define NEW(type, count) \
 450         ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
 451 #define ZNEW(type, count) \
 452         ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
 453 
 454 static void CCinit(context_type *context);
 455 static void CCreinit(context_type *context);
 456 static void CCdestroy(context_type *context);
 457 static void *CCalloc(context_type *context, int size, jboolean zero);
 458 
 459 static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
 460 
 461 static char signature_to_fieldtype(context_type *context,
 462                                    const char **signature_p, fullinfo_type *info);
 463 
 464 static void CCerror (context_type *, char *format, ...);
 465 static void CFerror (context_type *, char *format, ...);
 466 static void CCout_of_memory (context_type *);
 467 
 468 /* Because we can longjmp any time, we need to be very careful about
 469  * remembering what needs to be freed. */
 470 
 471 static void check_and_push(context_type *context, const void *ptr, int kind);
 472 static void pop_and_free(context_type *context);
 473 
 474 static int signature_to_args_size(const char *method_signature);
 475 
 476 #ifdef DEBUG
 477 static void print_stack (context_type *, stack_info_type *stack_info);
 478 static void print_registers(context_type *, register_info_type *register_info);
 479 static void print_flags(context_type *, flag_type, flag_type);
 480 static void print_formatted_fieldname(context_type *context, int index);
 481 static void print_formatted_methodname(context_type *context, int index);
 482 #endif
 483 
 484 void initialize_class_hash(context_type *context)
 485 {
 486     hash_table_type *class_hash = &(context->class_hash);
 487     class_hash->buckets = (hash_bucket_type **)
 488         calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
 489     class_hash->table = (unsigned short *)
 490         calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
 491     if (class_hash->buckets == 0 ||
 492         class_hash->table == 0)
 493         CCout_of_memory(context);
 494     class_hash->entries_used = 0;
 495 }
 496 
 497 static void finalize_class_hash(context_type *context)
 498 {
 499     hash_table_type *class_hash = &(context->class_hash);
 500     JNIEnv *env = context->env;
 501     int i;
 502     /* 4296677: bucket index starts from 1. */
 503     for (i=1;i<=class_hash->entries_used;i++) {
 504         hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
 505         assert(bucket != NULL);
 506         free(bucket->name);
 507         if (bucket->class) {
 508             (*env)->DeleteGlobalRef(env, bucket->class);
 509 #ifdef DEBUG
 510             context->n_globalrefs--;
 511 #endif
 512         }
 513     }
 514     if (class_hash->buckets) {
 515         for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
 516             if (class_hash->buckets[i] == 0)
 517                 break;
 518             free(class_hash->buckets[i]);
 519         }
 520     }
 521     free(class_hash->buckets);
 522     free(class_hash->table);
 523 }
 524 
 525 static hash_bucket_type *
 526 new_bucket(context_type *context, unsigned short *pID)
 527 {
 528     hash_table_type *class_hash = &(context->class_hash);
 529     int i = *pID = class_hash->entries_used + 1;
 530     int row = i / HASH_ROW_SIZE;
 531     if (i >= MAX_HASH_ENTRIES)
 532         CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
 533     if (class_hash->buckets[row] == 0) {
 534         class_hash->buckets[row] = (hash_bucket_type*)
 535             calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
 536         if (class_hash->buckets[row] == 0)
 537             CCout_of_memory(context);
 538     }
 539     class_hash->entries_used++; /* only increment when we are sure there
 540                                    is no overflow. */
 541     return GET_BUCKET(class_hash, i);
 542 }
 543 
 544 static unsigned int
 545 class_hash_fun(const char *s)
 546 {
 547     int i;
 548     unsigned raw_hash;
 549     for (raw_hash = 0; (i = *s) != '\0'; ++s)
 550         raw_hash = raw_hash * 37 + i;
 551     return raw_hash;
 552 }
 553 
 554 /*
 555  * Find a class using the defining loader of the current class
 556  * and return a local reference to it.
 557  */
 558 static jclass load_class_local(context_type *context,const char *classname)
 559 {
 560     jclass cb = JVM_FindClassFromClass(context->env, classname,
 561                                  JNI_FALSE, context->class);
 562     if (cb == 0)
 563          CCerror(context, "Cannot find class %s", classname);
 564     return cb;
 565 }
 566 
 567 /*
 568  * Find a class using the defining loader of the current class
 569  * and return a global reference to it.
 570  */
 571 static jclass load_class_global(context_type *context, const char *classname)
 572 {
 573     JNIEnv *env = context->env;
 574     jclass local, global;
 575 
 576     local = load_class_local(context, classname);
 577     global = (*env)->NewGlobalRef(env, local);
 578     if (global == 0)
 579         CCout_of_memory(context);
 580 #ifdef DEBUG
 581     context->n_globalrefs++;
 582 #endif
 583     (*env)->DeleteLocalRef(env, local);
 584     return global;
 585 }
 586 
 587 /*
 588  * Return a unique ID given a local class reference. The loadable
 589  * flag is true if the defining class loader of context->class
 590  * is known to be capable of loading the class.
 591  */
 592 static unsigned short
 593 class_to_ID(context_type *context, jclass cb, jboolean loadable)
 594 {
 595     JNIEnv *env = context->env;
 596     hash_table_type *class_hash = &(context->class_hash);
 597     unsigned int hash;
 598     hash_bucket_type *bucket;
 599     unsigned short *pID;
 600     const char *name = JVM_GetClassNameUTF(env, cb);
 601 
 602     check_and_push(context, name, VM_STRING_UTF);
 603     hash = class_hash_fun(name);
 604     pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
 605     while (*pID) {
 606         bucket = GET_BUCKET(class_hash, *pID);
 607         if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
 608             /*
 609              * There is an unresolved entry with our name
 610              * so we're forced to load it in case it matches us.
 611              */
 612             if (bucket->class == 0) {
 613                 assert(bucket->loadable == JNI_TRUE);
 614                 bucket->class = load_class_global(context, name);
 615             }
 616 
 617             /*
 618              * It's already in the table. Update the loadable
 619              * state if it's known and then we're done.
 620              */
 621             if ((*env)->IsSameObject(env, cb, bucket->class)) {
 622                 if (loadable && !bucket->loadable)
 623                     bucket->loadable = JNI_TRUE;
 624                 goto done;
 625             }
 626         }
 627         pID = &bucket->next;
 628     }
 629     bucket = new_bucket(context, pID);
 630     bucket->next = 0;
 631     bucket->hash = hash;
 632     bucket->name = malloc(strlen(name) + 1);
 633     if (bucket->name == 0)
 634         CCout_of_memory(context);
 635     strcpy(bucket->name, name);
 636     bucket->loadable = loadable;
 637     bucket->class = (*env)->NewGlobalRef(env, cb);
 638     if (bucket->class == 0)
 639         CCout_of_memory(context);
 640 #ifdef DEBUG
 641     context->n_globalrefs++;
 642 #endif
 643 
 644 done:
 645     pop_and_free(context);
 646     return *pID;
 647 }
 648 
 649 /*
 650  * Return a unique ID given a class name from the constant pool.
 651  * All classes are lazily loaded from the defining loader of
 652  * context->class.
 653  */
 654 static unsigned short
 655 class_name_to_ID(context_type *context, const char *name)
 656 {
 657     hash_table_type *class_hash = &(context->class_hash);
 658     unsigned int hash = class_hash_fun(name);
 659     hash_bucket_type *bucket;
 660     unsigned short *pID;
 661     jboolean force_load = JNI_FALSE;
 662 
 663     pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
 664     while (*pID) {
 665         bucket = GET_BUCKET(class_hash, *pID);
 666         if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
 667             if (bucket->loadable)
 668                 goto done;
 669             force_load = JNI_TRUE;
 670         }
 671         pID = &bucket->next;
 672     }
 673 
 674     if (force_load) {
 675         /*
 676          * We found at least one matching named entry for a class that
 677          * was not known to be loadable through the defining class loader
 678          * of context->class. We must load our named class and update
 679          * the hash table in case one these entries matches our class.
 680          */
 681         JNIEnv *env = context->env;
 682         jclass cb = load_class_local(context, name);
 683         unsigned short id = class_to_ID(context, cb, JNI_TRUE);
 684         (*env)->DeleteLocalRef(env, cb);
 685         return id;
 686     }
 687 
 688     bucket = new_bucket(context, pID);
 689     bucket->next = 0;
 690     bucket->class = 0;
 691     bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
 692     bucket->hash = hash;
 693     bucket->name = malloc(strlen(name) + 1);
 694     if (bucket->name == 0)
 695         CCout_of_memory(context);
 696     strcpy(bucket->name, name);
 697 
 698 done:
 699     return *pID;
 700 }
 701 
 702 static const char *
 703 ID_to_class_name(context_type *context, unsigned short ID)
 704 {
 705     hash_table_type *class_hash = &(context->class_hash);
 706     hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
 707     return bucket->name;
 708 }
 709 
 710 static jclass
 711 ID_to_class(context_type *context, unsigned short ID)
 712 {
 713     hash_table_type *class_hash = &(context->class_hash);
 714     hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
 715     if (bucket->class == 0) {
 716         assert(bucket->loadable == JNI_TRUE);
 717         bucket->class = load_class_global(context, bucket->name);
 718     }
 719     return bucket->class;
 720 }
 721 
 722 static fullinfo_type
 723 make_loadable_class_info(context_type *context, jclass cb)
 724 {
 725     return MAKE_FULLINFO(ITEM_Object, 0,
 726                            class_to_ID(context, cb, JNI_TRUE));
 727 }
 728 
 729 static fullinfo_type
 730 make_class_info(context_type *context, jclass cb)
 731 {
 732     return MAKE_FULLINFO(ITEM_Object, 0,
 733                          class_to_ID(context, cb, JNI_FALSE));
 734 }
 735 
 736 static fullinfo_type
 737 make_class_info_from_name(context_type *context, const char *name)
 738 {
 739     return MAKE_FULLINFO(ITEM_Object, 0,
 740                          class_name_to_ID(context, name));
 741 }
 742 
 743 /* RETURNS
 744  * 1: on success       chosen to be consistent with previous VerifyClass
 745  * 0: verify error
 746  * 2: out of memory
 747  * 3: class format error
 748  *
 749  * Called by verify_class.  Verify the code of each of the methods
 750  * in a class.  Note that this function apparently can't be JNICALL,
 751  * because if it is the dynamic linker doesn't appear to be able to
 752  * find it on Win32.
 753  */
 754 
 755 #define CC_OK 1
 756 #define CC_VerifyError 0
 757 #define CC_OutOfMemory 2
 758 #define CC_ClassFormatError 3
 759 
 760 JNIEXPORT jboolean
 761 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
 762                            jint major_version)
 763 {
 764     context_type context_structure;
 765     context_type *context = &context_structure;
 766     jboolean result = CC_OK;
 767     int i;
 768     int num_methods;
 769     int* code_lengths;
 770     unsigned char** code;
 771 
 772 #ifdef DEBUG
 773     GlobalContext = context;
 774 #endif
 775 
 776     memset(context, 0, sizeof(context_type));
 777     context->message = buffer;
 778     context->message_buf_len = len;
 779 
 780     context->env = env;
 781     context->class = cb;
 782 
 783     /* Set invalid method/field index of the context, in case anyone
 784        calls CCerror */
 785     context->method_index = -1;
 786     context->field_index = -1;
 787 
 788     /* Don't call CCerror or anything that can call it above the setjmp! */
 789     if (!setjmp(context->jump_buffer)) {
 790         jclass super;
 791 
 792         CCinit(context);                /* initialize heap; may throw */
 793 
 794         initialize_class_hash(context);
 795 
 796         context->major_version = major_version;
 797         context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
 798         context->constant_types = (unsigned char *)
 799             malloc(sizeof(unsigned char) * context->nconstants + 1);
 800 
 801         if (context->constant_types == 0)
 802             CCout_of_memory(context);
 803 
 804         JVM_GetClassCPTypes(env, cb, context->constant_types);
 805 
 806         if (context->constant_types == 0)
 807             CCout_of_memory(context);
 808 
 809         context->object_info =
 810             make_class_info_from_name(context, "java/lang/Object");
 811         context->string_info =
 812             make_class_info_from_name(context, "java/lang/String");
 813         context->throwable_info =
 814             make_class_info_from_name(context, "java/lang/Throwable");
 815         context->cloneable_info =
 816             make_class_info_from_name(context, "java/lang/Cloneable");
 817         context->serializable_info =
 818             make_class_info_from_name(context, "java/io/Serializable");
 819 
 820         context->currentclass_info = make_loadable_class_info(context, cb);
 821 
 822         super = (*env)->GetSuperclass(env, cb);
 823 
 824         if (super != 0) {
 825             fullinfo_type *gptr;
 826             int i = 0;
 827 
 828             context->superclass_info = make_loadable_class_info(context, super);
 829 
 830             while(super != 0) {
 831                 jclass tmp_cb = (*env)->GetSuperclass(env, super);
 832                 (*env)->DeleteLocalRef(env, super);
 833                 super = tmp_cb;
 834                 i++;
 835             }
 836             (*env)->DeleteLocalRef(env, super);
 837             super = 0;
 838 
 839             /* Can't go on context heap since it survives more than
 840                one method */
 841             context->superclasses = gptr =
 842                 malloc(sizeof(fullinfo_type)*(i + 1));
 843             if (gptr == 0) {
 844                 CCout_of_memory(context);
 845             }
 846 
 847             super = (*env)->GetSuperclass(env, context->class);
 848             while(super != 0) {
 849                 jclass tmp_cb;
 850                 *gptr++ = make_class_info(context, super);
 851                 tmp_cb = (*env)->GetSuperclass(env, super);
 852                 (*env)->DeleteLocalRef(env, super);
 853                 super = tmp_cb;
 854             }
 855             *gptr = 0;
 856         } else {
 857             context->superclass_info = 0;
 858         }
 859 
 860         (*env)->DeleteLocalRef(env, super);
 861 
 862         /* Look at each method */
 863         for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
 864             verify_field(context, cb, i);
 865         num_methods = JVM_GetClassMethodsCount(env, cb);
 866         read_all_code(context, cb, num_methods, &code_lengths, &code);
 867         for (i = num_methods - 1; i >= 0; --i)
 868             verify_method(context, cb, i, code_lengths[i], code[i]);
 869         free_all_code(context, num_methods, code);
 870         result = CC_OK;
 871     } else {
 872         result = context->err_code;
 873     }
 874 
 875     /* Cleanup */
 876     finalize_class_hash(context);
 877 
 878     while(context->allocated_memory)
 879         pop_and_free(context);
 880 
 881 #ifdef DEBUG
 882     GlobalContext = 0;
 883 #endif
 884 
 885     if (context->exceptions)
 886         free(context->exceptions);
 887 
 888     if (context->constant_types)
 889         free(context->constant_types);
 890 
 891     if (context->superclasses)
 892         free(context->superclasses);
 893 
 894 #ifdef DEBUG
 895     /* Make sure all global refs created in the verifier are freed */
 896     assert(context->n_globalrefs == 0);
 897 #endif
 898 
 899     CCdestroy(context);         /* destroy heap */
 900     return result;
 901 }
 902 
 903 #define OLD_FORMAT_MAX_MAJOR_VERSION 48
 904 
 905 JNIEXPORT jboolean
 906 VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
 907 {
 908     static int warned = 0;
 909     if (!warned) {
 910       jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
 911       warned = 1;
 912     }
 913     return VerifyClassForMajorVersion(env, cb, buffer, len,
 914                                       OLD_FORMAT_MAX_MAJOR_VERSION);
 915 }
 916 
 917 static void
 918 verify_field(context_type *context, jclass cb, int field_index)
 919 {
 920     JNIEnv *env = context->env;
 921     int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
 922     context->field_index = field_index;
 923 
 924     if (  ((access_bits & JVM_ACC_PUBLIC) != 0) &&
 925           ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
 926         CCerror(context, "Inconsistent access bits.");
 927     }
 928     context->field_index = -1;
 929 }
 930 
 931 
 932 /**
 933  * We read all of the class's methods' code because it is possible that
 934  * the verification of one method could resulting in linking further
 935  * down the stack (due to class loading), which could end up rewriting
 936  * some of the bytecode of methods we haven't verified yet.  Since we
 937  * don't want to see the rewritten bytecode, cache all the code and
 938  * operate only on that.
 939  */
 940 static void
 941 read_all_code(context_type* context, jclass cb, int num_methods,
 942               int** lengths_addr, unsigned char*** code_addr)
 943 {
 944     int* lengths;
 945     unsigned char** code;
 946     int i;
 947 
 948     lengths = malloc(sizeof(int) * num_methods);
 949     check_and_push(context, lengths, VM_MALLOC_BLK);
 950 
 951     code = malloc(sizeof(unsigned char*) * num_methods);
 952     check_and_push(context, code, VM_MALLOC_BLK);
 953 
 954     *(lengths_addr) = lengths;
 955     *(code_addr) = code;
 956 
 957     for (i = 0; i < num_methods; ++i) {
 958         lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
 959         if (lengths[i] > 0) {
 960             code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
 961             check_and_push(context, code[i], VM_MALLOC_BLK);
 962             JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
 963         } else {
 964             code[i] = NULL;
 965         }
 966     }
 967 }
 968 
 969 static void
 970 free_all_code(context_type* context, int num_methods, unsigned char** code)
 971 {
 972   int i;
 973   for (i = 0; i < num_methods; ++i) {
 974       if (code[i] != NULL) {
 975           pop_and_free(context);
 976       }
 977   }
 978   pop_and_free(context); /* code */
 979   pop_and_free(context); /* lengths */
 980 }
 981 
 982 /* Verify the code of one method */
 983 static void
 984 verify_method(context_type *context, jclass cb, int method_index,
 985               int code_length, unsigned char* code)
 986 {
 987     JNIEnv *env = context->env;
 988     int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
 989     int *code_data;
 990     instruction_data_type *idata = 0;
 991     int instruction_count;
 992     int i, offset;
 993     unsigned int inumber;
 994     jint nexceptions;
 995 
 996     if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
 997         /* not much to do for abstract and native methods */
 998         return;
 999     }
1000 
1001     context->code_length = code_length;
1002     context->code = code;
1003 
1004     /* CCerror can give method-specific info once this is set */
1005     context->method_index = method_index;
1006 
1007     CCreinit(context);          /* initial heap */
1008     code_data = NEW(int, code_length);
1009 
1010 #ifdef DEBUG
1011     if (verify_verbose) {
1012         const char *classname = JVM_GetClassNameUTF(env, cb);
1013         const char *methodname =
1014             JVM_GetMethodIxNameUTF(env, cb, method_index);
1015         const char *signature =
1016             JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1017         jio_fprintf(stdout, "Looking at %s.%s%s\n",
1018                     (classname ? classname : ""),
1019                     (methodname ? methodname : ""),
1020                     (signature ? signature : ""));
1021         JVM_ReleaseUTF(classname);
1022         JVM_ReleaseUTF(methodname);
1023         JVM_ReleaseUTF(signature);
1024     }
1025 #endif
1026 
1027     if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1028         ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1029         CCerror(context, "Inconsistent access bits.");
1030     }
1031 
1032     // If this method is an overpass method, which is generated by the VM,
1033     // we trust the code and no check needs to be done.
1034     if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1035       return;
1036     }
1037 
1038     /* Run through the code.  Mark the start of each instruction, and give
1039      * the instruction a number */
1040     for (i = 0, offset = 0; offset < code_length; i++) {
1041         int length = instruction_length(&code[offset], code + code_length);
1042         int next_offset = offset + length;
1043         if (length <= 0)
1044             CCerror(context, "Illegal instruction found at offset %d", offset);
1045         if (next_offset > code_length)
1046             CCerror(context, "Code stops in the middle of instruction "
1047                     " starting at offset %d", offset);
1048         code_data[offset] = i;
1049         while (++offset < next_offset)
1050             code_data[offset] = -1; /* illegal location */
1051     }
1052     instruction_count = i;      /* number of instructions in code */
1053 
1054     /* Allocate a structure to hold info about each instruction. */
1055     idata = NEW(instruction_data_type, instruction_count);
1056 
1057     /* Initialize the heap, and other info in the context structure. */
1058     context->code = code;
1059     context->instruction_data = idata;
1060     context->code_data = code_data;
1061     context->instruction_count = instruction_count;
1062     context->handler_info =
1063         NEW(struct handler_info_type,
1064             JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1065     context->bitmask_size =
1066         (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1067          + (BITS_PER_INT - 1))/BITS_PER_INT;
1068 
1069     if (instruction_count == 0)
1070         CCerror(context, "Empty code");
1071 
1072     for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1073         int length = instruction_length(&code[offset], code + code_length);
1074         instruction_data_type *this_idata = &idata[inumber];
1075         this_idata->opcode = code[offset];
1076         this_idata->stack_info.stack = NULL;
1077         this_idata->stack_info.stack_size  = UNKNOWN_STACK_SIZE;
1078         this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1079         this_idata->changed = JNI_FALSE;  /* no need to look at it yet. */
1080         this_idata->protected = JNI_FALSE;  /* no need to look at it yet. */
1081         this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1082         this_idata->or_flags = 0; /* "bottom" or value*/
1083         /* This also sets up this_data->operand.  It also makes the
1084          * xload_x and xstore_x instructions look like the generic form. */
1085         verify_opcode_operands(context, inumber, offset);
1086         offset += length;
1087     }
1088 
1089 
1090     /* make sure exception table is reasonable. */
1091     initialize_exception_table(context);
1092     /* Set up first instruction, and start of exception handlers. */
1093     initialize_dataflow(context);
1094     /* Run data flow analysis on the instructions. */
1095     run_dataflow(context);
1096 
1097     /* verify checked exceptions, if any */
1098     nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1099     context->exceptions = (unsigned short *)
1100         malloc(sizeof(unsigned short) * nexceptions + 1);
1101     if (context->exceptions == 0)
1102         CCout_of_memory(context);
1103     JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1104                                     context->exceptions);
1105     for (i = 0; i < nexceptions; i++) {
1106         /* Make sure the constant pool item is JVM_CONSTANT_Class */
1107         verify_constant_pool_type(context, (int)context->exceptions[i],
1108                                   1 << JVM_CONSTANT_Class);
1109     }
1110     free(context->exceptions);
1111     context->exceptions = 0;
1112     context->code = 0;
1113     context->method_index = -1;
1114 }
1115 
1116 
1117 /* Look at a single instruction, and verify its operands.  Also, for
1118  * simplicity, move the operand into the ->operand field.
1119  * Make sure that branches don't go into the middle of nowhere.
1120  */
1121 
1122 static jint _ck_ntohl(jint n)
1123 {
1124     unsigned char *p = (unsigned char *)&n;
1125     return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1126 }
1127 
1128 static void
1129 verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1130 {
1131     JNIEnv *env = context->env;
1132     instruction_data_type *idata = context->instruction_data;
1133     instruction_data_type *this_idata = &idata[inumber];
1134     int *code_data = context->code_data;
1135     int mi = context->method_index;
1136     unsigned char *code = context->code;
1137     int opcode = this_idata->opcode;
1138     int var;
1139 
1140     /*
1141      * Set the ip fields to 0 not the i fields because the ip fields
1142      * are 64 bits on 64 bit architectures, the i field is only 32
1143      */
1144     this_idata->operand.ip = 0;
1145     this_idata->operand2.ip = 0;
1146 
1147     switch (opcode) {
1148 
1149     case JVM_OPC_jsr:
1150         /* instruction of ret statement */
1151         this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1152         /* FALLTHROUGH */
1153     case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1154     case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1155     case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1156     case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1157     case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1158     case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1159     case JVM_OPC_goto: {
1160         /* Set the ->operand to be the instruction number of the target. */
1161         int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1162         int target = offset + jump;
1163         if (!isLegalTarget(context, target))
1164             CCerror(context, "Illegal target of jump or branch");
1165         this_idata->operand.i = code_data[target];
1166         break;
1167     }
1168 
1169     case JVM_OPC_jsr_w:
1170         /* instruction of ret statement */
1171         this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1172         /* FALLTHROUGH */
1173     case JVM_OPC_goto_w: {
1174         /* Set the ->operand to be the instruction number of the target. */
1175         int jump = (((signed char)(code[offset+1])) << 24) +
1176                      (code[offset+2] << 16) + (code[offset+3] << 8) +
1177                      (code[offset + 4]);
1178         int target = offset + jump;
1179         if (!isLegalTarget(context, target))
1180             CCerror(context, "Illegal target of jump or branch");
1181         this_idata->operand.i = code_data[target];
1182         break;
1183     }
1184 
1185     case JVM_OPC_tableswitch:
1186     case JVM_OPC_lookupswitch: {
1187         /* Set the ->operand to be a table of possible instruction targets. */
1188         int *lpc = (int *) UCALIGN(code + offset + 1);
1189         int *lptr;
1190         int *saved_operand;
1191         int keys;
1192         int k, delta;
1193 
1194         if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1195             /* 4639449, 4647081: Padding bytes must be zero. */
1196             unsigned char* bptr = (unsigned char*) (code + offset + 1);
1197             for (; bptr < (unsigned char*)lpc; bptr++) {
1198                 if (*bptr != 0) {
1199                     CCerror(context, "Non zero padding bytes in switch");
1200                 }
1201             }
1202         }
1203         if (opcode == JVM_OPC_tableswitch) {
1204             keys = _ck_ntohl(lpc[2]) -  _ck_ntohl(lpc[1]) + 1;
1205             delta = 1;
1206         } else {
1207             keys = _ck_ntohl(lpc[1]); /* number of pairs */
1208             delta = 2;
1209             /* Make sure that the tableswitch items are sorted */
1210             for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1211                 int this_key = _ck_ntohl(lptr[0]);  /* NB: ntohl may be unsigned */
1212                 int next_key = _ck_ntohl(lptr[2]);
1213                 if (this_key >= next_key) {
1214                     CCerror(context, "Unsorted lookup switch");
1215                 }
1216             }
1217         }
1218         saved_operand = NEW(int, keys + 2);
1219         if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1220             CCerror(context, "Illegal default target in switch");
1221         saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1222         for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1223             int target = offset + _ck_ntohl(lptr[0]);
1224             if (!isLegalTarget(context, target))
1225                 CCerror(context, "Illegal branch in tableswitch");
1226             saved_operand[k + 1] = code_data[target];
1227         }
1228         saved_operand[0] = keys + 1; /* number of successors */
1229         this_idata->operand.ip = saved_operand;
1230         break;
1231     }
1232 
1233     case JVM_OPC_ldc: {
1234         /* Make sure the constant pool item is the right type. */
1235         int key = code[offset + 1];
1236         int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1237                     (1 << JVM_CONSTANT_String);
1238         if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1239             types |= 1 << JVM_CONSTANT_Class;
1240         }
1241         if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1242             types |= (1 << JVM_CONSTANT_MethodHandle) |
1243                      (1 << JVM_CONSTANT_MethodType);
1244         }
1245         this_idata->operand.i = key;
1246         verify_constant_pool_type(context, key, types);
1247         break;
1248     }
1249 
1250     case JVM_OPC_ldc_w: {
1251         /* Make sure the constant pool item is the right type. */
1252         int key = (code[offset + 1] << 8) + code[offset + 2];
1253         int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1254                     (1 << JVM_CONSTANT_String);
1255         if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1256             types |= 1 << JVM_CONSTANT_Class;
1257         }
1258         if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1259             types |= (1 << JVM_CONSTANT_MethodHandle) |
1260                      (1 << JVM_CONSTANT_MethodType);
1261         }
1262         this_idata->operand.i = key;
1263         verify_constant_pool_type(context, key, types);
1264         break;
1265     }
1266 
1267     case JVM_OPC_ldc2_w: {
1268         /* Make sure the constant pool item is the right type. */
1269         int key = (code[offset + 1] << 8) + code[offset + 2];
1270         int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1271         this_idata->operand.i = key;
1272         verify_constant_pool_type(context, key, types);
1273         break;
1274     }
1275 
1276     case JVM_OPC_getfield: case JVM_OPC_putfield:
1277     case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1278         /* Make sure the constant pool item is the right type. */
1279         int key = (code[offset + 1] << 8) + code[offset + 2];
1280         this_idata->operand.i = key;
1281         verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1282         if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1283             set_protected(context, inumber, key, opcode);
1284         break;
1285     }
1286 
1287     case JVM_OPC_invokevirtual:
1288     case JVM_OPC_invokespecial:
1289     case JVM_OPC_invokestatic:
1290     case JVM_OPC_invokedynamic:
1291     case JVM_OPC_invokeinterface: {
1292         /* Make sure the constant pool item is the right type. */
1293         int key = (code[offset + 1] << 8) + code[offset + 2];
1294         const char *methodname;
1295         jclass cb = context->class;
1296         fullinfo_type clazz_info;
1297         int is_constructor, is_internal, is_invokedynamic;
1298         int kind;
1299 
1300         switch (opcode ) {
1301         case JVM_OPC_invokestatic:
1302             kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1303                        ? (1 << JVM_CONSTANT_Methodref)
1304                        : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1305             break;
1306         case JVM_OPC_invokedynamic:
1307             kind = 1 << JVM_CONSTANT_NameAndType;
1308             break;
1309         case JVM_OPC_invokeinterface:
1310             kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1311             break;
1312         default:
1313             kind = 1 << JVM_CONSTANT_Methodref;
1314         }
1315 
1316         is_invokedynamic = opcode == JVM_OPC_invokedynamic;
1317         /* Make sure the constant pool item is the right type. */
1318         verify_constant_pool_type(context, key, kind);
1319         methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1320         check_and_push(context, methodname, VM_STRING_UTF);
1321         is_constructor = !strcmp(methodname, "<init>");
1322         is_internal = methodname[0] == '<';
1323         pop_and_free(context);
1324 
1325         if (is_invokedynamic)
1326           clazz_info = context->object_info;  // anything will do
1327         else
1328           clazz_info = cp_index_to_class_fullinfo(context, key,
1329                                                   JVM_CONSTANT_Methodref);
1330         this_idata->operand.i = key;
1331         this_idata->operand2.fi = clazz_info;
1332         if (is_constructor) {
1333             if (opcode != JVM_OPC_invokespecial) {
1334                 CCerror(context,
1335                         "Must call initializers using invokespecial");
1336             }
1337             this_idata->opcode = JVM_OPC_invokeinit;
1338         } else {
1339             if (is_internal) {
1340                 CCerror(context, "Illegal call to internal method");
1341             }
1342             if (opcode == JVM_OPC_invokespecial
1343                    && clazz_info != context->currentclass_info
1344                    && clazz_info != context->superclass_info) {
1345                 int not_found = 1;
1346 
1347                 jclass super = (*env)->GetSuperclass(env, context->class);
1348                 while(super != 0) {
1349                     jclass tmp_cb;
1350                     fullinfo_type new_info = make_class_info(context, super);
1351                     if (clazz_info == new_info) {
1352                         not_found = 0;
1353                         break;
1354                     }
1355                     tmp_cb = (*env)->GetSuperclass(env, super);
1356                     (*env)->DeleteLocalRef(env, super);
1357                     super = tmp_cb;
1358                 }
1359                 (*env)->DeleteLocalRef(env, super);
1360 
1361                 /* The optimizer may cause this to happen on local code */
1362                 if (not_found) {
1363                     CCerror(context, "Illegal use of nonvirtual function call");
1364                 }
1365             }
1366         }
1367         if (opcode == JVM_OPC_invokeinterface) {
1368             unsigned int args1;
1369             unsigned int args2;
1370             const char *signature =
1371                 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1372             check_and_push(context, signature, VM_STRING_UTF);
1373             args1 = signature_to_args_size(signature) + 1;
1374             args2 = code[offset + 3];
1375             if (args1 != args2) {
1376                 CCerror(context,
1377                         "Inconsistent args_size for invokeinterface");
1378             }
1379             if (code[offset + 4] != 0) {
1380                 CCerror(context,
1381                         "Fourth operand byte of invokeinterface must be zero");
1382             }
1383             pop_and_free(context);
1384         } else if (opcode == JVM_OPC_invokedynamic) {
1385             if (code[offset + 3] != 0 || code[offset + 4] != 0) {
1386                 CCerror(context,
1387                         "Third and fourth operand bytes of invokedynamic must be zero");
1388             }
1389         } else if (opcode == JVM_OPC_invokevirtual
1390                       || opcode == JVM_OPC_invokespecial)
1391             set_protected(context, inumber, key, opcode);
1392         break;
1393     }
1394 
1395 
1396     case JVM_OPC_instanceof:
1397     case JVM_OPC_checkcast:
1398     case JVM_OPC_new:
1399     case JVM_OPC_anewarray:
1400     case JVM_OPC_multianewarray: {
1401         /* Make sure the constant pool item is a class */
1402         int key = (code[offset + 1] << 8) + code[offset + 2];
1403         fullinfo_type target;
1404         verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1405         target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1406         if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1407             CCerror(context, "Illegal type");
1408         switch(opcode) {
1409         case JVM_OPC_anewarray:
1410             if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1411                 CCerror(context, "Array with too many dimensions");
1412             this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1413                                                    GET_INDIRECTION(target) + 1,
1414                                                    GET_EXTRA_INFO(target));
1415             break;
1416         case JVM_OPC_new:
1417             if (WITH_ZERO_EXTRA_INFO(target) !=
1418                              MAKE_FULLINFO(ITEM_Object, 0, 0))
1419                 CCerror(context, "Illegal creation of multi-dimensional array");
1420             /* operand gets set to the "unitialized object".  operand2 gets
1421              * set to what the value will be after it's initialized. */
1422             this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1423             this_idata->operand2.fi = target;
1424             break;
1425         case JVM_OPC_multianewarray:
1426             this_idata->operand.fi = target;
1427             this_idata->operand2.i = code[offset + 3];
1428             if (    (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1429                  || (this_idata->operand2.i == 0))
1430                 CCerror(context, "Illegal dimension argument");
1431             break;
1432         default:
1433             this_idata->operand.fi = target;
1434         }
1435         break;
1436     }
1437 
1438     case JVM_OPC_newarray: {
1439         /* Cache the result of the JVM_OPC_newarray into the operand slot */
1440         fullinfo_type full_info;
1441         switch (code[offset + 1]) {
1442             case JVM_T_INT:
1443                 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1444             case JVM_T_LONG:
1445                 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1446             case JVM_T_FLOAT:
1447                 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1448             case JVM_T_DOUBLE:
1449                 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1450             case JVM_T_BOOLEAN:
1451                 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0); break;
1452             case JVM_T_BYTE:
1453                 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1454             case JVM_T_CHAR:
1455                 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1456             case JVM_T_SHORT:
1457                 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1458             default:
1459                 full_info = 0;          /* Keep lint happy */
1460                 CCerror(context, "Bad type passed to newarray");
1461         }
1462         this_idata->operand.fi = full_info;
1463         break;
1464     }
1465 
1466     /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1467     case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1468         this_idata->opcode = JVM_OPC_iload;
1469         var = opcode - JVM_OPC_iload_0;
1470         goto check_local_variable;
1471 
1472     case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1473         this_idata->opcode = JVM_OPC_fload;
1474         var = opcode - JVM_OPC_fload_0;
1475         goto check_local_variable;
1476 
1477     case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1478         this_idata->opcode = JVM_OPC_aload;
1479         var = opcode - JVM_OPC_aload_0;
1480         goto check_local_variable;
1481 
1482     case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1483         this_idata->opcode = JVM_OPC_lload;
1484         var = opcode - JVM_OPC_lload_0;
1485         goto check_local_variable2;
1486 
1487     case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1488         this_idata->opcode = JVM_OPC_dload;
1489         var = opcode - JVM_OPC_dload_0;
1490         goto check_local_variable2;
1491 
1492     case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1493         this_idata->opcode = JVM_OPC_istore;
1494         var = opcode - JVM_OPC_istore_0;
1495         goto check_local_variable;
1496 
1497     case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1498         this_idata->opcode = JVM_OPC_fstore;
1499         var = opcode - JVM_OPC_fstore_0;
1500         goto check_local_variable;
1501 
1502     case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1503         this_idata->opcode = JVM_OPC_astore;
1504         var = opcode - JVM_OPC_astore_0;
1505         goto check_local_variable;
1506 
1507     case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1508         this_idata->opcode = JVM_OPC_lstore;
1509         var = opcode - JVM_OPC_lstore_0;
1510         goto check_local_variable2;
1511 
1512     case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1513         this_idata->opcode = JVM_OPC_dstore;
1514         var = opcode - JVM_OPC_dstore_0;
1515         goto check_local_variable2;
1516 
1517     case JVM_OPC_wide:
1518         this_idata->opcode = code[offset + 1];
1519         var = (code[offset + 2] << 8) + code[offset + 3];
1520         switch(this_idata->opcode) {
1521             case JVM_OPC_lload:  case JVM_OPC_dload:
1522             case JVM_OPC_lstore: case JVM_OPC_dstore:
1523                 goto check_local_variable2;
1524             default:
1525                 goto check_local_variable;
1526         }
1527 
1528     case JVM_OPC_iinc:              /* the increment amount doesn't matter */
1529     case JVM_OPC_ret:
1530     case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1531     case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1532         var = code[offset + 1];
1533     check_local_variable:
1534         /* Make sure that the variable number isn't illegal. */
1535         this_idata->operand.i = var;
1536         if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1537             CCerror(context, "Illegal local variable number");
1538         break;
1539 
1540     case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1541         var = code[offset + 1];
1542     check_local_variable2:
1543         /* Make sure that the variable number isn't illegal. */
1544         this_idata->operand.i = var;
1545         if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1546             CCerror(context, "Illegal local variable number");
1547         break;
1548 
1549     default:
1550         if (opcode > JVM_OPC_MAX)
1551             CCerror(context, "Quick instructions shouldn't appear yet.");
1552         break;
1553     } /* of switch */
1554 }
1555 
1556 
1557 static void
1558 set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1559 {
1560     JNIEnv *env = context->env;
1561     fullinfo_type clazz_info;
1562     if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1563         clazz_info = cp_index_to_class_fullinfo(context, key,
1564                                                 JVM_CONSTANT_Fieldref);
1565     } else {
1566         clazz_info = cp_index_to_class_fullinfo(context, key,
1567                                                 JVM_CONSTANT_Methodref);
1568     }
1569     if (is_superclass(context, clazz_info)) {
1570         jclass calledClass =
1571             object_fullinfo_to_classclass(context, clazz_info);
1572         int access;
1573         /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1574            searches the referenced field or method in calledClass. The following
1575            while loop is added to search up the superclass chain to make this
1576            symbolic resolution consistent with the field/method resolution
1577            specified in VM spec 5.4.3. */
1578         calledClass = (*env)->NewLocalRef(env, calledClass);
1579         do {
1580             jclass tmp_cb;
1581             if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1582                 access = JVM_GetCPFieldModifiers
1583                     (env, context->class, key, calledClass);
1584             } else {
1585                 access = JVM_GetCPMethodModifiers
1586                     (env, context->class, key, calledClass);
1587             }
1588             if (access != -1) {
1589                 break;
1590             }
1591             tmp_cb = (*env)->GetSuperclass(env, calledClass);
1592             (*env)->DeleteLocalRef(env, calledClass);
1593             calledClass = tmp_cb;
1594         } while (calledClass != 0);
1595 
1596         if (access == -1) {
1597             /* field/method not found, detected at runtime. */
1598         } else if (access & JVM_ACC_PROTECTED) {
1599             if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1600                 context->instruction_data[inumber].protected = JNI_TRUE;
1601         }
1602         (*env)->DeleteLocalRef(env, calledClass);
1603     }
1604 }
1605 
1606 
1607 static jboolean
1608 is_superclass(context_type *context, fullinfo_type clazz_info) {
1609     fullinfo_type *fptr = context->superclasses;
1610 
1611     if (fptr == 0)
1612         return JNI_FALSE;
1613     for (; *fptr != 0; fptr++) {
1614         if (*fptr == clazz_info)
1615             return JNI_TRUE;
1616     }
1617     return JNI_FALSE;
1618 }
1619 
1620 
1621 /* Look through each item on the exception table.  Each of the fields must
1622  * refer to a legal instruction.
1623  */
1624 static void
1625 initialize_exception_table(context_type *context)
1626 {
1627     JNIEnv *env = context->env;
1628     int mi = context->method_index;
1629     struct handler_info_type *handler_info = context->handler_info;
1630     int *code_data = context->code_data;
1631     int code_length = context->code_length;
1632     int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1633     int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1634     if (max_stack_size < 1 && i > 0) {
1635         // If the method contains exception handlers, it must have room
1636         // on the expression stack for the exception that the VM could push
1637         CCerror(context, "Stack size too large");
1638     }
1639     for (; --i >= 0; handler_info++) {
1640         JVM_ExceptionTableEntryType einfo;
1641         stack_item_type *stack_item = NEW(stack_item_type, 1);
1642 
1643         JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1644                                            i, &einfo);
1645 
1646         if (!(einfo.start_pc < einfo.end_pc &&
1647               einfo.start_pc >= 0 &&
1648               isLegalTarget(context, einfo.start_pc) &&
1649               (einfo.end_pc ==  code_length ||
1650                isLegalTarget(context, einfo.end_pc)))) {
1651             CFerror(context, "Illegal exception table range");
1652         }
1653         if (!((einfo.handler_pc > 0) &&
1654               isLegalTarget(context, einfo.handler_pc))) {
1655             CFerror(context, "Illegal exception table handler");
1656         }
1657 
1658         handler_info->start = code_data[einfo.start_pc];
1659         /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1660         handler_info->end = (einfo.end_pc == context->code_length) ?
1661             context->instruction_count : code_data[einfo.end_pc];
1662         handler_info->handler = code_data[einfo.handler_pc];
1663         handler_info->stack_info.stack = stack_item;
1664         handler_info->stack_info.stack_size = 1;
1665         stack_item->next = NULL;
1666         if (einfo.catchType != 0) {
1667             const char *classname;
1668             /* Constant pool entry type has been checked in format checker */
1669             classname = JVM_GetCPClassNameUTF(env,
1670                                               context->class,
1671                                               einfo.catchType);
1672             check_and_push(context, classname, VM_STRING_UTF);
1673             stack_item->item = make_class_info_from_name(context, classname);
1674             if (!isAssignableTo(context,
1675                                 stack_item->item,
1676                                 context->throwable_info))
1677                 CCerror(context, "catch_type not a subclass of Throwable");
1678             pop_and_free(context);
1679         } else {
1680             stack_item->item = context->throwable_info;
1681         }
1682     }
1683 }
1684 
1685 
1686 /* Given a pointer to an instruction, return its length.  Use the table
1687  * opcode_length[] which is automatically built.
1688  */
1689 static int instruction_length(unsigned char *iptr, unsigned char *end)
1690 {
1691     static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1692     int instruction = *iptr;
1693     switch (instruction) {
1694         case JVM_OPC_tableswitch: {
1695             int *lpc = (int *)UCALIGN(iptr + 1);
1696             int index;
1697             if (lpc + 2 >= (int *)end) {
1698                 return -1; /* do not read pass the end */
1699             }
1700             index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1701             if ((index < 0) || (index > 65535)) {
1702                 return -1;      /* illegal */
1703             } else {
1704                 return (unsigned char *)(&lpc[index + 4]) - iptr;
1705             }
1706         }
1707 
1708         case JVM_OPC_lookupswitch: {
1709             int *lpc = (int *) UCALIGN(iptr + 1);
1710             int npairs;
1711             if (lpc + 1 >= (int *)end)
1712                 return -1; /* do not read pass the end */
1713             npairs = _ck_ntohl(lpc[1]);
1714             /* There can't be more than 64K labels because of the limit
1715              * on per-method byte code length.
1716              */
1717             if (npairs < 0 || npairs >= 65536)
1718                 return  -1;
1719             else
1720                 return (unsigned char *)(&lpc[2 * (npairs + 1)]) - iptr;
1721         }
1722 
1723         case JVM_OPC_wide:
1724             if (iptr + 1 >= end)
1725                 return -1; /* do not read pass the end */
1726             switch(iptr[1]) {
1727                 case JVM_OPC_ret:
1728                 case JVM_OPC_iload: case JVM_OPC_istore:
1729                 case JVM_OPC_fload: case JVM_OPC_fstore:
1730                 case JVM_OPC_aload: case JVM_OPC_astore:
1731                 case JVM_OPC_lload: case JVM_OPC_lstore:
1732                 case JVM_OPC_dload: case JVM_OPC_dstore:
1733                     return 4;
1734                 case JVM_OPC_iinc:
1735                     return 6;
1736                 default:
1737                     return -1;
1738             }
1739 
1740         default: {
1741             /* A length of 0 indicates an error. */
1742             int length = opcode_length[instruction];
1743             return (length <= 0) ? -1 : length;
1744         }
1745     }
1746 }
1747 
1748 
1749 /* Given the target of a branch, make sure that it's a legal target. */
1750 static jboolean
1751 isLegalTarget(context_type *context, int offset)
1752 {
1753     int code_length = context->code_length;
1754     int *code_data = context->code_data;
1755     return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1756 }
1757 
1758 
1759 /* Make sure that an element of the constant pool really is of the indicated
1760  * type.
1761  */
1762 static void
1763 verify_constant_pool_type(context_type *context, int index, unsigned mask)
1764 {
1765     int nconstants = context->nconstants;
1766     unsigned char *type_table = context->constant_types;
1767     unsigned type;
1768 
1769     if ((index <= 0) || (index >= nconstants))
1770         CCerror(context, "Illegal constant pool index");
1771 
1772     type = type_table[index];
1773     if ((mask & (1 << type)) == 0)
1774         CCerror(context, "Illegal type in constant pool");
1775 }
1776 
1777 
1778 static void
1779 initialize_dataflow(context_type *context)
1780 {
1781     JNIEnv *env = context->env;
1782     instruction_data_type *idata = context->instruction_data;
1783     int mi = context->method_index;
1784     jclass cb = context->class;
1785     int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1786     fullinfo_type *reg_ptr;
1787     fullinfo_type full_info;
1788     const char *p;
1789     const char *signature;
1790 
1791     /* Initialize the function entry, since we know everything about it. */
1792     idata[0].stack_info.stack_size = 0;
1793     idata[0].stack_info.stack = NULL;
1794     idata[0].register_info.register_count = args_size;
1795     idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1796     idata[0].register_info.mask_count = 0;
1797     idata[0].register_info.masks = NULL;
1798     idata[0].and_flags = 0;     /* nothing needed */
1799     idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1800     reg_ptr = idata[0].register_info.registers;
1801 
1802     if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1803         /* A non static method.  If this is an <init> method, the first
1804          * argument is an uninitialized object.  Otherwise it is an object of
1805          * the given class type.  java.lang.Object.<init> is special since
1806          * we don't call its superclass <init> method.
1807          */
1808         if (JVM_IsConstructorIx(env, cb, mi)
1809                 && context->currentclass_info != context->object_info) {
1810             *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1811             idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1812         } else {
1813             *reg_ptr++ = context->currentclass_info;
1814         }
1815     }
1816     signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1817     check_and_push(context, signature, VM_STRING_UTF);
1818     /* Fill in each of the arguments into the registers. */
1819     for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1820         char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1821         switch (fieldchar) {
1822             case 'D': case 'L':
1823                 *reg_ptr++ = full_info;
1824                 *reg_ptr++ = full_info + 1;
1825                 break;
1826             default:
1827                 *reg_ptr++ = full_info;
1828                 break;
1829         }
1830     }
1831     p++;                        /* skip over right parenthesis */
1832     if (*p == 'V') {
1833         context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1834     } else {
1835         signature_to_fieldtype(context, &p, &full_info);
1836         context->return_type = full_info;
1837     }
1838     pop_and_free(context);
1839     /* Indicate that we need to look at the first instruction. */
1840     idata[0].changed = JNI_TRUE;
1841 }
1842 
1843 
1844 /* Run the data flow analysis, as long as there are things to change. */
1845 static void
1846 run_dataflow(context_type *context) {
1847     JNIEnv *env = context->env;
1848     int mi = context->method_index;
1849     jclass cb = context->class;
1850     int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1851     instruction_data_type *idata = context->instruction_data;
1852     unsigned int icount = context->instruction_count;
1853     jboolean work_to_do = JNI_TRUE;
1854     unsigned int inumber;
1855 
1856     /* Run through the loop, until there is nothing left to do. */
1857     while (work_to_do) {
1858         work_to_do = JNI_FALSE;
1859         for (inumber = 0; inumber < icount; inumber++) {
1860             instruction_data_type *this_idata = &idata[inumber];
1861             if (this_idata->changed) {
1862                 register_info_type new_register_info;
1863                 stack_info_type new_stack_info;
1864                 flag_type new_and_flags, new_or_flags;
1865 
1866                 this_idata->changed = JNI_FALSE;
1867                 work_to_do = JNI_TRUE;
1868 #ifdef DEBUG
1869                 if (verify_verbose) {
1870                     int opcode = this_idata->opcode;
1871                     jio_fprintf(stdout, "Instruction %d: ", inumber);
1872                     print_stack(context, &this_idata->stack_info);
1873                     print_registers(context, &this_idata->register_info);
1874                     print_flags(context,
1875                                 this_idata->and_flags, this_idata->or_flags);
1876                     fflush(stdout);
1877                 }
1878 #endif
1879                 /* Make sure the registers and flags are appropriate */
1880                 check_register_values(context, inumber);
1881                 check_flags(context, inumber);
1882 
1883                 /* Make sure the stack can deal with this instruction */
1884                 pop_stack(context, inumber, &new_stack_info);
1885 
1886                 /* Update the registers  and flags */
1887                 update_registers(context, inumber, &new_register_info);
1888                 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1889 
1890                 /* Update the stack. */
1891                 push_stack(context, inumber, &new_stack_info);
1892 
1893                 if (new_stack_info.stack_size > max_stack_size)
1894                     CCerror(context, "Stack size too large");
1895 #ifdef DEBUG
1896                 if (verify_verbose) {
1897                     jio_fprintf(stdout, "  ");
1898                     print_stack(context, &new_stack_info);
1899                     print_registers(context, &new_register_info);
1900                     print_flags(context, new_and_flags, new_or_flags);
1901                     fflush(stdout);
1902                 }
1903 #endif
1904                 /* Add the new stack and register information to any
1905                  * instructions that can follow this instruction.     */
1906                 merge_into_successors(context, inumber,
1907                                       &new_register_info, &new_stack_info,
1908                                       new_and_flags, new_or_flags);
1909             }
1910         }
1911     }
1912 }
1913 
1914 
1915 /* Make sure that the registers contain a legitimate value for the given
1916  * instruction.
1917 */
1918 
1919 static void
1920 check_register_values(context_type *context, unsigned int inumber)
1921 {
1922     instruction_data_type *idata = context->instruction_data;
1923     instruction_data_type *this_idata = &idata[inumber];
1924     int opcode = this_idata->opcode;
1925     int operand = this_idata->operand.i;
1926     int register_count = this_idata->register_info.register_count;
1927     fullinfo_type *registers = this_idata->register_info.registers;
1928     jboolean double_word = JNI_FALSE;   /* default value */
1929     int type;
1930 
1931     switch (opcode) {
1932         default:
1933             return;
1934         case JVM_OPC_iload: case JVM_OPC_iinc:
1935             type = ITEM_Integer; break;
1936         case JVM_OPC_fload:
1937             type = ITEM_Float; break;
1938         case JVM_OPC_aload:
1939             type = ITEM_Object; break;
1940         case JVM_OPC_ret:
1941             type = ITEM_ReturnAddress; break;
1942         case JVM_OPC_lload:
1943             type = ITEM_Long; double_word = JNI_TRUE; break;
1944         case JVM_OPC_dload:
1945             type = ITEM_Double; double_word = JNI_TRUE; break;
1946     }
1947     if (!double_word) {
1948         fullinfo_type reg;
1949         /* Make sure we don't have an illegal register or one with wrong type */
1950         if (operand >= register_count) {
1951             CCerror(context,
1952                     "Accessing value from uninitialized register %d", operand);
1953         }
1954         reg = registers[operand];
1955 
1956         if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1957             /* the register is obviously of the given type */
1958             return;
1959         } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1960             /* address type stuff be used on all arrays */
1961             return;
1962         } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1963             CCerror(context, "Cannot load return address from register %d",
1964                               operand);
1965             /* alternatively
1966                       (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1967                    && (opcode == JVM_OPC_iload)
1968                    && (type == ITEM_Object || type == ITEM_Integer)
1969                but this never occurs
1970             */
1971         } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1972             return;
1973         } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1974                         MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1975                    type == ITEM_Object) {
1976             return;
1977         } else {
1978             CCerror(context, "Register %d contains wrong type", operand);
1979         }
1980     } else {
1981         /* Make sure we don't have an illegal register or one with wrong type */
1982         if ((operand + 1) >= register_count) {
1983             CCerror(context,
1984                     "Accessing value from uninitialized register pair %d/%d",
1985                     operand, operand+1);
1986         } else {
1987             if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1988                 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1989                 return;
1990             } else {
1991                 CCerror(context, "Register pair %d/%d contains wrong type",
1992                         operand, operand+1);
1993             }
1994         }
1995     }
1996 }
1997 
1998 
1999 /* Make sure the flags contain legitimate values for this instruction.
2000 */
2001 
2002 static void
2003 check_flags(context_type *context, unsigned int inumber)
2004 {
2005     instruction_data_type *idata = context->instruction_data;
2006     instruction_data_type *this_idata = &idata[inumber];
2007     int opcode = this_idata->opcode;
2008     switch (opcode) {
2009         case JVM_OPC_return:
2010             /* We need a constructor, but we aren't guaranteed it's called */
2011             if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2012                    !(this_idata->and_flags & FLAG_CONSTRUCTED))
2013                 CCerror(context, "Constructor must call super() or this()");
2014             /* fall through */
2015         case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2016         case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2017             if (this_idata->or_flags & FLAG_NO_RETURN)
2018                 /* This method cannot exit normally */
2019                 CCerror(context, "Cannot return normally");
2020         default:
2021             break; /* nothing to do. */
2022     }
2023 }
2024 
2025 /* Make sure that the top of the stack contains reasonable values for the
2026  * given instruction.  The post-pop values of the stack and its size are
2027  * returned in *new_stack_info.
2028  */
2029 
2030 static void
2031 pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2032 {
2033     instruction_data_type *idata = context->instruction_data;
2034     instruction_data_type *this_idata = &idata[inumber];
2035     int opcode = this_idata->opcode;
2036     stack_item_type *stack = this_idata->stack_info.stack;
2037     int stack_size = this_idata->stack_info.stack_size;
2038     char *stack_operands, *p;
2039     char buffer[257];           /* for holding manufactured argument lists */
2040     fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2041     fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2042     fullinfo_type full_info;    /* only used in case of invoke instructions */
2043     fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2044 
2045     switch(opcode) {
2046         default:
2047             /* For most instructions, we just use a built-in table */
2048             stack_operands = opcode_in_out[opcode][0];
2049             break;
2050 
2051         case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2052             /* The top thing on the stack depends on the signature of
2053              * the object.                         */
2054             int operand = this_idata->operand.i;
2055             const char *signature =
2056                 JVM_GetCPFieldSignatureUTF(context->env,
2057                                            context->class,
2058                                            operand);
2059             char *ip = buffer;
2060             check_and_push(context, signature, VM_STRING_UTF);
2061 #ifdef DEBUG
2062             if (verify_verbose) {
2063                 print_formatted_fieldname(context, operand);
2064             }
2065 #endif
2066             if (opcode == JVM_OPC_putfield)
2067                 *ip++ = 'A';    /* object for putfield */
2068             *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2069             *ip = '\0';
2070             stack_operands = buffer;
2071             pop_and_free(context);
2072             break;
2073         }
2074 
2075         case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2076         case JVM_OPC_invokeinit:    /* invokespecial call to <init> */
2077         case JVM_OPC_invokedynamic:
2078         case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2079             /* The top stuff on the stack depends on the method signature */
2080             int operand = this_idata->operand.i;
2081             const char *signature =
2082                 JVM_GetCPMethodSignatureUTF(context->env,
2083                                             context->class,
2084                                             operand);
2085             char *ip = buffer;
2086             const char *p;
2087             check_and_push(context, signature, VM_STRING_UTF);
2088 #ifdef DEBUG
2089             if (verify_verbose) {
2090                 print_formatted_methodname(context, operand);
2091             }
2092 #endif
2093             if (opcode != JVM_OPC_invokestatic &&
2094                 opcode != JVM_OPC_invokedynamic)
2095                 /* First, push the object */
2096                 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2097             for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2098                 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2099                 if (ip >= buffer + sizeof(buffer) - 1)
2100                     CCerror(context, "Signature %s has too many arguments",
2101                             signature);
2102             }
2103             *ip = 0;
2104             stack_operands = buffer;
2105             pop_and_free(context);
2106             break;
2107         }
2108 
2109         case JVM_OPC_multianewarray: {
2110             /* Count can't be larger than 255. So can't overflow buffer */
2111             int count = this_idata->operand2.i; /* number of ints on stack */
2112             memset(buffer, 'I', count);
2113             buffer[count] = '\0';
2114             stack_operands = buffer;
2115             break;
2116         }
2117 
2118     } /* of switch */
2119 
2120     /* Run through the list of operands >>backwards<< */
2121     for (   p = stack_operands + strlen(stack_operands);
2122             p > stack_operands;
2123             stack = stack->next) {
2124         int type = *--p;
2125         fullinfo_type top_type = stack ? stack->item : 0;
2126         int size = (type == 'D' || type == 'L') ? 2 : 1;
2127         *--stack_extra_info = top_type;
2128         if (stack == NULL)
2129             CCerror(context, "Unable to pop operand off an empty stack");
2130 
2131         switch (type) {
2132             case 'I':
2133                 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2134                     CCerror(context, "Expecting to find integer on stack");
2135                 break;
2136 
2137             case 'F':
2138                 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2139                     CCerror(context, "Expecting to find float on stack");
2140                 break;
2141 
2142             case 'A':           /* object or array */
2143                 if (   (GET_ITEM_TYPE(top_type) != ITEM_Object)
2144                     && (GET_INDIRECTION(top_type) == 0)) {
2145                     /* The thing isn't an object or an array.  Let's see if it's
2146                      * one of the special cases  */
2147                     if (  (WITH_ZERO_EXTRA_INFO(top_type) ==
2148                                 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2149                         && (opcode == JVM_OPC_astore))
2150                         break;
2151                     if (   (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2152                             || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2153                         && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2154                             || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2155                         break;
2156                     /* The 2nd edition VM of the specification allows field
2157                      * initializations before the superclass initializer,
2158                      * if the field is defined within the current class.
2159                      */
2160                      if (   (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2161                          && (opcode == JVM_OPC_putfield)) {
2162                         int operand = this_idata->operand.i;
2163                         int access_bits = JVM_GetCPFieldModifiers(context->env,
2164                                                                   context->class,
2165                                                                   operand,
2166                                                                   context->class);
2167                         /* Note: This relies on the fact that
2168                          * JVM_GetCPFieldModifiers retrieves only local fields,
2169                          * and does not respect inheritance.
2170                          */
2171                         if (access_bits != -1) {
2172                             if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2173                                  context->currentclass_info ) {
2174                                 top_type = context->currentclass_info;
2175                                 *stack_extra_info = top_type;
2176                                 break;
2177                             }
2178                         }
2179                     }
2180                     CCerror(context, "Expecting to find object/array on stack");
2181                 }
2182                 break;
2183 
2184             case '@': {         /* unitialized object, for call to <init> */
2185                 int item_type = GET_ITEM_TYPE(top_type);
2186                 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2187                     CCerror(context,
2188                             "Expecting to find unitialized object on stack");
2189                 break;
2190             }
2191 
2192             case 'O':           /* object, not array */
2193                 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2194                        MAKE_FULLINFO(ITEM_Object, 0, 0))
2195                     CCerror(context, "Expecting to find object on stack");
2196                 break;
2197 
2198             case 'a':           /* integer, object, or array */
2199                 if (      (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2200                        && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2201                        && (GET_INDIRECTION(top_type) == 0))
2202                     CCerror(context,
2203                             "Expecting to find object, array, or int on stack");
2204                 break;
2205 
2206             case 'D':           /* double */
2207                 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2208                     CCerror(context, "Expecting to find double on stack");
2209                 break;
2210 
2211             case 'L':           /* long */
2212                 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2213                     CCerror(context, "Expecting to find long on stack");
2214                 break;
2215 
2216             case ']':           /* array of some type */
2217                 if (top_type == NULL_FULLINFO) {
2218                     /* do nothing */
2219                 } else switch(p[-1]) {
2220                     case 'I':   /* array of integers */
2221                         if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2222                             top_type != NULL_FULLINFO)
2223                             CCerror(context,
2224                                     "Expecting to find array of ints on stack");
2225                         break;
2226 
2227                     case 'L':   /* array of longs */
2228                         if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2229                             CCerror(context,
2230                                    "Expecting to find array of longs on stack");
2231                         break;
2232 
2233                     case 'F':   /* array of floats */
2234                         if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2235                             CCerror(context,
2236                                  "Expecting to find array of floats on stack");
2237                         break;
2238 
2239                     case 'D':   /* array of doubles */
2240                         if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2241                             CCerror(context,
2242                                 "Expecting to find array of doubles on stack");
2243                         break;
2244 
2245                     case 'A': { /* array of addresses (arrays or objects) */
2246                         int indirection = GET_INDIRECTION(top_type);
2247                         if ((indirection == 0) ||
2248                             ((indirection == 1) &&
2249                                 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2250                             CCerror(context,
2251                                 "Expecting to find array of objects or arrays "
2252                                     "on stack");
2253                         break;
2254                     }
2255 
2256                     case 'B': case 'Z':   /* array of bytes or booleans */
2257                         if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2258                             top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2259                             CCerror(context,
2260                                   "Expecting to find array of bytes or Booleans on stack");
2261                         break;
2262 
2263                     case 'C':   /* array of characters */
2264                         if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2265                             CCerror(context,
2266                                   "Expecting to find array of chars on stack");
2267                         break;
2268 
2269                     case 'S':   /* array of shorts */
2270                         if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2271                             CCerror(context,
2272                                  "Expecting to find array of shorts on stack");
2273                         break;
2274 
2275                     case '?':   /* any type of array is okay */
2276                         if (GET_INDIRECTION(top_type) == 0)
2277                             CCerror(context,
2278                                     "Expecting to find array on stack");
2279                         break;
2280 
2281                     default:
2282                         CCerror(context, "Internal error #1");
2283                         break;
2284                 }
2285                 p -= 2;         /* skip over [ <char> */
2286                 break;
2287 
2288             case '1': case '2': case '3': case '4': /* stack swapping */
2289                 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2290                     || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2291                     if ((p > stack_operands) && (p[-1] == '+')) {
2292                         context->swap_table[type - '1'] = top_type + 1;
2293                         context->swap_table[p[-2] - '1'] = top_type;
2294                         size = 2;
2295                         p -= 2;
2296                     } else {
2297                         CCerror(context,
2298                                 "Attempt to split long or double on the stack");
2299                     }
2300                 } else {
2301                     context->swap_table[type - '1'] = stack->item;
2302                     if ((p > stack_operands) && (p[-1] == '+'))
2303                         p--;    /* ignore */
2304                 }
2305                 break;
2306             case '+':           /* these should have been caught. */
2307             default:
2308                 CCerror(context, "Internal error #2");
2309         }
2310         stack_size -= size;
2311     }
2312 
2313     /* For many of the opcodes that had an "A" in their field, we really
2314      * need to go back and do a little bit more accurate testing.  We can, of
2315      * course, assume that the minimal type checking has already been done.
2316      */
2317     switch (opcode) {
2318         default: break;
2319         case JVM_OPC_aastore: {     /* array index object  */
2320             fullinfo_type array_type = stack_extra_info[0];
2321             fullinfo_type object_type = stack_extra_info[2];
2322             fullinfo_type target_type = decrement_indirection(array_type);
2323             if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2324                     && (GET_INDIRECTION(object_type) == 0)) {
2325                 CCerror(context, "Expecting reference type on operand stack in aastore");
2326             }
2327             if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2328                     && (GET_INDIRECTION(target_type) == 0)) {
2329                 CCerror(context, "Component type of the array must be reference type in aastore");
2330             }
2331             break;
2332         }
2333 
2334         case JVM_OPC_putfield:
2335         case JVM_OPC_getfield:
2336         case JVM_OPC_putstatic: {
2337             int operand = this_idata->operand.i;
2338             fullinfo_type stack_object = stack_extra_info[0];
2339             if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2340                 if (!isAssignableTo
2341                         (context,
2342                          stack_object,
2343                          cp_index_to_class_fullinfo
2344                              (context, operand, JVM_CONSTANT_Fieldref))) {
2345                     CCerror(context,
2346                             "Incompatible type for getting or setting field");
2347                 }
2348                 if (this_idata->protected &&
2349                     !isAssignableTo(context, stack_object,
2350                                     context->currentclass_info)) {
2351                     CCerror(context, "Bad access to protected data");
2352                 }
2353             }
2354             if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2355                 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2356                 if (!isAssignableTo(context,
2357                                     stack_extra_info[item], put_full_info)) {
2358                     CCerror(context, "Bad type in putfield/putstatic");
2359                 }
2360             }
2361             break;
2362         }
2363 
2364         case JVM_OPC_athrow:
2365             if (!isAssignableTo(context, stack_extra_info[0],
2366                                 context->throwable_info)) {
2367                 CCerror(context, "Can only throw Throwable objects");
2368             }
2369             break;
2370 
2371         case JVM_OPC_aaload: {      /* array index */
2372             /* We need to pass the information to the stack updater */
2373             fullinfo_type array_type = stack_extra_info[0];
2374             context->swap_table[0] = decrement_indirection(array_type);
2375             break;
2376         }
2377 
2378         case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2379         case JVM_OPC_invokeinit:
2380         case JVM_OPC_invokedynamic:
2381         case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2382             int operand = this_idata->operand.i;
2383             const char *signature =
2384                 JVM_GetCPMethodSignatureUTF(context->env,
2385                                             context->class,
2386                                             operand);
2387             int item;
2388             const char *p;
2389             check_and_push(context, signature, VM_STRING_UTF);
2390             if (opcode == JVM_OPC_invokestatic ||
2391                 opcode == JVM_OPC_invokedynamic) {
2392                 item = 0;
2393             } else if (opcode == JVM_OPC_invokeinit) {
2394                 fullinfo_type init_type = this_idata->operand2.fi;
2395                 fullinfo_type object_type = stack_extra_info[0];
2396                 context->swap_table[0] = object_type; /* save value */
2397                 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2398                     /* We better be calling the appropriate init.  Find the
2399                      * inumber of the "JVM_OPC_new" instruction", and figure
2400                      * out what the type really is.
2401                      */
2402                     unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2403                     fullinfo_type target_type = idata[new_inumber].operand2.fi;
2404                     context->swap_table[1] = target_type;
2405 
2406                     if (target_type != init_type) {
2407                         CCerror(context, "Call to wrong initialization method");
2408                     }
2409                     if (this_idata->protected
2410                         && context->major_version > LDC_CLASS_MAJOR_VERSION
2411                         && !isAssignableTo(context, object_type,
2412                                            context->currentclass_info)) {
2413                       CCerror(context, "Bad access to protected data");
2414                     }
2415                 } else {
2416                     /* We better be calling super() or this(). */
2417                     if (init_type != context->superclass_info &&
2418                         init_type != context->currentclass_info) {
2419                         CCerror(context, "Call to wrong initialization method");
2420                     }
2421                     context->swap_table[1] = context->currentclass_info;
2422                 }
2423                 item = 1;
2424             } else {
2425                 fullinfo_type target_type = this_idata->operand2.fi;
2426                 fullinfo_type object_type = stack_extra_info[0];
2427                 if (!isAssignableTo(context, object_type, target_type)){
2428                     CCerror(context,
2429                             "Incompatible object argument for function call");
2430                 }
2431                 if (opcode == JVM_OPC_invokespecial
2432                     && !isAssignableTo(context, object_type,
2433                                        context->currentclass_info)) {
2434                     /* Make sure object argument is assignment compatible to current class */
2435                     CCerror(context,
2436                             "Incompatible object argument for invokespecial");
2437                 }
2438                 if (this_idata->protected
2439                     && !isAssignableTo(context, object_type,
2440                                        context->currentclass_info)) {
2441                     /* This is ugly. Special dispensation.  Arrays pretend to
2442                        implement public Object clone() even though they don't */
2443                     const char *utfName =
2444                         JVM_GetCPMethodNameUTF(context->env,
2445                                                context->class,
2446                                                this_idata->operand.i);
2447                     int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2448                     JVM_ReleaseUTF(utfName);
2449 
2450                     if ((target_type == context->object_info) &&
2451                         (GET_INDIRECTION(object_type) > 0) &&
2452                         is_clone) {
2453                     } else {
2454                         CCerror(context, "Bad access to protected data");
2455                     }
2456                 }
2457                 item = 1;
2458             }
2459             for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2460                 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2461                     if (!isAssignableTo(context,
2462                                         stack_extra_info[item], full_info)) {
2463                         CCerror(context, "Incompatible argument to function");
2464                     }
2465                 }
2466 
2467             pop_and_free(context);
2468             break;
2469         }
2470 
2471         case JVM_OPC_return:
2472             if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2473                 CCerror(context, "Wrong return type in function");
2474             break;
2475 
2476         case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2477         case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2478             fullinfo_type target_type = context->return_type;
2479             fullinfo_type object_type = stack_extra_info[0];
2480             if (!isAssignableTo(context, object_type, target_type)) {
2481                 CCerror(context, "Wrong return type in function");
2482             }
2483             break;
2484         }
2485 
2486         case JVM_OPC_new: {
2487             /* Make sure that nothing on the stack already looks like what
2488              * we want to create.  I can't image how this could possibly happen
2489              * but we should test for it anyway, since if it could happen, the
2490              * result would be an unitialized object being able to masquerade
2491              * as an initialized one.
2492              */
2493             stack_item_type *item;
2494             for (item = stack; item != NULL; item = item->next) {
2495                 if (item->item == this_idata->operand.fi) {
2496                     CCerror(context,
2497                             "Uninitialized object on stack at creating point");
2498                 }
2499             }
2500             /* Info for update_registers */
2501             context->swap_table[0] = this_idata->operand.fi;
2502             context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2503 
2504             break;
2505         }
2506     }
2507     new_stack_info->stack = stack;
2508     new_stack_info->stack_size = stack_size;
2509 }
2510 
2511 
2512 /* We've already determined that the instruction is legal.  Perform the
2513  * operation on the registers, and return the updated results in
2514  * new_register_count_p and new_registers.
2515  */
2516 
2517 static void
2518 update_registers(context_type *context, unsigned int inumber,
2519                  register_info_type *new_register_info)
2520 {
2521     instruction_data_type *idata = context->instruction_data;
2522     instruction_data_type *this_idata = &idata[inumber];
2523     int opcode = this_idata->opcode;
2524     int operand = this_idata->operand.i;
2525     int register_count = this_idata->register_info.register_count;
2526     fullinfo_type *registers = this_idata->register_info.registers;
2527     stack_item_type *stack = this_idata->stack_info.stack;
2528     int mask_count = this_idata->register_info.mask_count;
2529     mask_type *masks = this_idata->register_info.masks;
2530 
2531     /* Use these as default new values. */
2532     int            new_register_count = register_count;
2533     int            new_mask_count = mask_count;
2534     fullinfo_type *new_registers = registers;
2535     mask_type     *new_masks = masks;
2536 
2537     enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2538     int i;
2539 
2540     /* Remember, we've already verified the type at the top of the stack. */
2541     switch (opcode) {
2542         default: break;
2543         case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2544             access = ACCESS_SINGLE;
2545             goto continue_store;
2546 
2547         case JVM_OPC_lstore: case JVM_OPC_dstore:
2548             access = ACCESS_DOUBLE;
2549             goto continue_store;
2550 
2551         continue_store: {
2552             /* We have a modification to the registers.  Copy them if needed. */
2553             fullinfo_type stack_top_type = stack->item;
2554             int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2555 
2556             if (     max_operand < register_count
2557                   && registers[operand] == stack_top_type
2558                   && ((access == ACCESS_SINGLE) ||
2559                          (registers[operand + 1]== stack_top_type + 1)))
2560                 /* No changes have been made to the registers. */
2561                 break;
2562             new_register_count = MAX(max_operand + 1, register_count);
2563             new_registers = NEW(fullinfo_type, new_register_count);
2564             for (i = 0; i < register_count; i++)
2565                 new_registers[i] = registers[i];
2566             for (i = register_count; i < new_register_count; i++)
2567                 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2568             new_registers[operand] = stack_top_type;
2569             if (access == ACCESS_DOUBLE)
2570                 new_registers[operand + 1] = stack_top_type + 1;
2571             break;
2572         }
2573 
2574         case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2575         case JVM_OPC_iinc: case JVM_OPC_ret:
2576             access = ACCESS_SINGLE;
2577             break;
2578 
2579         case JVM_OPC_lload: case JVM_OPC_dload:
2580             access = ACCESS_DOUBLE;
2581             break;
2582 
2583         case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2584             for (i = 0; i < new_mask_count; i++)
2585                 if (new_masks[i].entry == operand)
2586                     CCerror(context, "Recursive call to jsr entry");
2587             new_masks = add_to_masks(context, masks, mask_count, operand);
2588             new_mask_count++;
2589             break;
2590 
2591         case JVM_OPC_invokeinit:
2592         case JVM_OPC_new: {
2593             /* For invokeinit, an uninitialized object has been initialized.
2594              * For new, all previous occurrences of an uninitialized object
2595              * from the same instruction must be made bogus.
2596              * We find all occurrences of swap_table[0] in the registers, and
2597              * replace them with swap_table[1];
2598              */
2599             fullinfo_type from = context->swap_table[0];
2600             fullinfo_type to = context->swap_table[1];
2601 
2602             int i;
2603             for (i = 0; i < register_count; i++) {
2604                 if (new_registers[i] == from) {
2605                     /* Found a match */
2606                     break;
2607                 }
2608             }
2609             if (i < register_count) { /* We broke out loop for match */
2610                 /* We have to change registers, and possibly a mask */
2611                 jboolean copied_mask = JNI_FALSE;
2612                 int k;
2613                 new_registers = NEW(fullinfo_type, register_count);
2614                 memcpy(new_registers, registers,
2615                        register_count * sizeof(registers[0]));
2616                 for ( ; i < register_count; i++) {
2617                     if (new_registers[i] == from) {
2618                         new_registers[i] = to;
2619                         for (k = 0; k < new_mask_count; k++) {
2620                             if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2621                                 if (!copied_mask) {
2622                                     new_masks = copy_masks(context, new_masks,
2623                                                            mask_count);
2624                                     copied_mask = JNI_TRUE;
2625                                 }
2626                                 SET_BIT(new_masks[k].modifies, i);
2627                             }
2628                         }
2629                     }
2630                 }
2631             }
2632             break;
2633         }
2634     } /* of switch */
2635 
2636     if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2637         int i, j;
2638         for (i = 0; i < new_mask_count; i++) {
2639             int *mask = new_masks[i].modifies;
2640             if ((!IS_BIT_SET(mask, operand)) ||
2641                   ((access == ACCESS_DOUBLE) &&
2642                    !IS_BIT_SET(mask, operand + 1))) {
2643                 new_masks = copy_masks(context, new_masks, mask_count);
2644                 for (j = i; j < new_mask_count; j++) {
2645                     SET_BIT(new_masks[j].modifies, operand);
2646                     if (access == ACCESS_DOUBLE)
2647                         SET_BIT(new_masks[j].modifies, operand + 1);
2648                 }
2649                 break;
2650             }
2651         }
2652     }
2653 
2654     new_register_info->register_count = new_register_count;
2655     new_register_info->registers = new_registers;
2656     new_register_info->masks = new_masks;
2657     new_register_info->mask_count = new_mask_count;
2658 }
2659 
2660 
2661 
2662 /* We've already determined that the instruction is legal, and have updated
2663  * the registers.  Update the flags, too.
2664  */
2665 
2666 
2667 static void
2668 update_flags(context_type *context, unsigned int inumber,
2669              flag_type *new_and_flags, flag_type *new_or_flags)
2670 
2671 {
2672     instruction_data_type *idata = context->instruction_data;
2673     instruction_data_type *this_idata = &idata[inumber];
2674     flag_type and_flags = this_idata->and_flags;
2675     flag_type or_flags = this_idata->or_flags;
2676 
2677     /* Set the "we've done a constructor" flag */
2678     if (this_idata->opcode == JVM_OPC_invokeinit) {
2679         fullinfo_type from = context->swap_table[0];
2680         if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2681             and_flags |= FLAG_CONSTRUCTED;
2682     }
2683     *new_and_flags = and_flags;
2684     *new_or_flags = or_flags;
2685 }
2686 
2687 
2688 
2689 /* We've already determined that the instruction is legal.  Perform the
2690  * operation on the stack;
2691  *
2692  * new_stack_size_p and new_stack_p point to the results after the pops have
2693  * already been done.  Do the pushes, and then put the results back there.
2694  */
2695 
2696 static void
2697 push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2698 {
2699     instruction_data_type *idata = context->instruction_data;
2700     instruction_data_type *this_idata = &idata[inumber];
2701     int opcode = this_idata->opcode;
2702     int operand = this_idata->operand.i;
2703 
2704     int stack_size = new_stack_info->stack_size;
2705     stack_item_type *stack = new_stack_info->stack;
2706     char *stack_results;
2707 
2708     fullinfo_type full_info = 0;
2709     char buffer[5], *p;         /* actually [2] is big enough */
2710 
2711     /* We need to look at all those opcodes in which either we can't tell the
2712      * value pushed onto the stack from the opcode, or in which the value
2713      * pushed onto the stack is an object or array.  For the latter, we need
2714      * to make sure that full_info is set to the right value.
2715      */
2716     switch(opcode) {
2717         default:
2718             stack_results = opcode_in_out[opcode][1];
2719             break;
2720 
2721         case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2722             /* Look to constant pool to determine correct result. */
2723             unsigned char *type_table = context->constant_types;
2724             switch (type_table[operand]) {
2725                 case JVM_CONSTANT_Integer:
2726                     stack_results = "I"; break;
2727                 case JVM_CONSTANT_Float:
2728                     stack_results = "F"; break;
2729                 case JVM_CONSTANT_Double:
2730                     stack_results = "D"; break;
2731                 case JVM_CONSTANT_Long:
2732                     stack_results = "L"; break;
2733                 case JVM_CONSTANT_String:
2734                     stack_results = "A";
2735                     full_info = context->string_info;
2736                     break;
2737                 case JVM_CONSTANT_Class:
2738                     if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2739                         CCerror(context, "Internal error #3");
2740                     stack_results = "A";
2741                     full_info = make_class_info_from_name(context,
2742                                                           "java/lang/Class");
2743                     break;
2744                 case JVM_CONSTANT_MethodHandle:
2745                 case JVM_CONSTANT_MethodType:
2746                     if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2747                         CCerror(context, "Internal error #3");
2748                     stack_results = "A";
2749                     switch (type_table[operand]) {
2750                     case JVM_CONSTANT_MethodType:
2751                       full_info = make_class_info_from_name(context,
2752                                                             "java/lang/invoke/MethodType");
2753                       break;
2754                     default: //JVM_CONSTANT_MethodHandle
2755                       full_info = make_class_info_from_name(context,
2756                                                             "java/lang/invoke/MethodHandle");
2757                       break;
2758                     }
2759                     break;
2760                 default:
2761                     CCerror(context, "Internal error #3");
2762                     stack_results = ""; /* Never reached: keep lint happy */
2763             }
2764             break;
2765         }
2766 
2767         case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2768             /* Look to signature to determine correct result. */
2769             int operand = this_idata->operand.i;
2770             const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2771                                                                context->class,
2772                                                                operand);
2773             check_and_push(context, signature, VM_STRING_UTF);
2774 #ifdef DEBUG
2775             if (verify_verbose) {
2776                 print_formatted_fieldname(context, operand);
2777             }
2778 #endif
2779             buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2780             buffer[1] = '\0';
2781             stack_results = buffer;
2782             pop_and_free(context);
2783             break;
2784         }
2785 
2786         case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2787         case JVM_OPC_invokeinit:
2788         case JVM_OPC_invokedynamic:
2789         case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2790             /* Look to signature to determine correct result. */
2791             int operand = this_idata->operand.i;
2792             const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2793                                                                 context->class,
2794                                                                 operand);
2795             const char *result_signature;
2796             check_and_push(context, signature, VM_STRING_UTF);
2797             result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
2798             if (result_signature++ == NULL) {
2799                 CCerror(context, "Illegal signature %s", signature);
2800             }
2801             if (result_signature[0] == JVM_SIGNATURE_VOID) {
2802                 stack_results = "";
2803             } else {
2804                 buffer[0] = signature_to_fieldtype(context, &result_signature,
2805                                                    &full_info);
2806                 buffer[1] = '\0';
2807                 stack_results = buffer;
2808             }
2809             pop_and_free(context);
2810             break;
2811         }
2812 
2813         case JVM_OPC_aconst_null:
2814             stack_results = opcode_in_out[opcode][1];
2815             full_info = NULL_FULLINFO; /* special NULL */
2816             break;
2817 
2818         case JVM_OPC_new:
2819         case JVM_OPC_checkcast:
2820         case JVM_OPC_newarray:
2821         case JVM_OPC_anewarray:
2822         case JVM_OPC_multianewarray:
2823             stack_results = opcode_in_out[opcode][1];
2824             /* Conveniently, this result type is stored here */
2825             full_info = this_idata->operand.fi;
2826             break;
2827 
2828         case JVM_OPC_aaload:
2829             stack_results = opcode_in_out[opcode][1];
2830             /* pop_stack() saved value for us. */
2831             full_info = context->swap_table[0];
2832             break;
2833 
2834         case JVM_OPC_aload:
2835             stack_results = opcode_in_out[opcode][1];
2836             /* The register hasn't been modified, so we can use its value. */
2837             full_info = this_idata->register_info.registers[operand];
2838             break;
2839     } /* of switch */
2840 
2841     for (p = stack_results; *p != 0; p++) {
2842         int type = *p;
2843         stack_item_type *new_item = NEW(stack_item_type, 1);
2844         new_item->next = stack;
2845         stack = new_item;
2846         switch (type) {
2847             case 'I':
2848                 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2849             case 'F':
2850                 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2851             case 'D':
2852                 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2853                 stack_size++; break;
2854             case 'L':
2855                 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2856                 stack_size++; break;
2857             case 'R':
2858                 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2859                 break;
2860             case '1': case '2': case '3': case '4': {
2861                 /* Get the info saved in the swap_table */
2862                 fullinfo_type stype = context->swap_table[type - '1'];
2863                 stack->item = stype;
2864                 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2865                     stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2866                     stack_size++; p++;
2867                 }
2868                 break;
2869             }
2870             case 'A':
2871                 /* full_info should have the appropriate value. */
2872                 assert(full_info != 0);
2873                 stack->item = full_info;
2874                 break;
2875             default:
2876                 CCerror(context, "Internal error #4");
2877 
2878             } /* switch type */
2879         stack_size++;
2880     } /* outer for loop */
2881 
2882     if (opcode == JVM_OPC_invokeinit) {
2883         /* If there are any instances of "from" on the stack, we need to
2884          * replace it with "to", since calling <init> initializes all versions
2885          * of the object, obviously.     */
2886         fullinfo_type from = context->swap_table[0];
2887         stack_item_type *ptr;
2888         for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2889             if (ptr->item == from) {
2890                 fullinfo_type to = context->swap_table[1];
2891                 stack = copy_stack(context, stack);
2892                 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2893                     if (ptr->item == from) ptr->item = to;
2894                 break;
2895             }
2896         }
2897     }
2898 
2899     new_stack_info->stack_size = stack_size;
2900     new_stack_info->stack = stack;
2901 }
2902 
2903 
2904 /* We've performed an instruction, and determined the new registers and stack
2905  * value.  Look at all of the possibly subsequent instructions, and merge
2906  * this stack value into theirs.
2907  */
2908 
2909 static void
2910 merge_into_successors(context_type *context, unsigned int inumber,
2911                       register_info_type *register_info,
2912                       stack_info_type *stack_info,
2913                       flag_type and_flags, flag_type or_flags)
2914 {
2915     instruction_data_type *idata = context->instruction_data;
2916     instruction_data_type *this_idata = &idata[inumber];
2917     int opcode = this_idata->opcode;
2918     int operand = this_idata->operand.i;
2919     struct handler_info_type *handler_info = context->handler_info;
2920     int handler_info_length =
2921         JVM_GetMethodIxExceptionTableLength(context->env,
2922                                             context->class,
2923                                             context->method_index);
2924 
2925 
2926     int buffer[2];              /* default value for successors */
2927     int *successors = buffer;   /* table of successors */
2928     int successors_count;
2929     int i;
2930 
2931     switch (opcode) {
2932     default:
2933         successors_count = 1;
2934         buffer[0] = inumber + 1;
2935         break;
2936 
2937     case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2938     case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2939     case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2940     case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2941     case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2942     case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2943         successors_count = 2;
2944         buffer[0] = inumber + 1;
2945         buffer[1] = operand;
2946         break;
2947 
2948     case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2949         if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2950             idata[this_idata->operand2.i].changed = JNI_TRUE;
2951         /* FALLTHROUGH */
2952     case JVM_OPC_goto: case JVM_OPC_goto_w:
2953         successors_count = 1;
2954         buffer[0] = operand;
2955         break;
2956 
2957 
2958     case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2959     case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2960     case JVM_OPC_athrow:
2961         /* The testing for the returns is handled in pop_stack() */
2962         successors_count = 0;
2963         break;
2964 
2965     case JVM_OPC_ret: {
2966         /* This is slightly slow, but good enough for a seldom used instruction.
2967          * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2968          * address of the first instruction of the subroutine.  We can return
2969          * to 1 after any instruction that jsr's to that instruction.
2970          */
2971         if (this_idata->operand2.ip == NULL) {
2972             fullinfo_type *registers = this_idata->register_info.registers;
2973             int called_instruction = GET_EXTRA_INFO(registers[operand]);
2974             int i, count, *ptr;;
2975             for (i = context->instruction_count, count = 0; --i >= 0; ) {
2976                 if (((idata[i].opcode == JVM_OPC_jsr) ||
2977                      (idata[i].opcode == JVM_OPC_jsr_w)) &&
2978                     (idata[i].operand.i == called_instruction))
2979                     count++;
2980             }
2981             this_idata->operand2.ip = ptr = NEW(int, count + 1);
2982             *ptr++ = count;
2983             for (i = context->instruction_count, count = 0; --i >= 0; ) {
2984                 if (((idata[i].opcode == JVM_OPC_jsr) ||
2985                      (idata[i].opcode == JVM_OPC_jsr_w)) &&
2986                     (idata[i].operand.i == called_instruction))
2987                     *ptr++ = i + 1;
2988             }
2989         }
2990         successors = this_idata->operand2.ip; /* use this instead */
2991         successors_count = *successors++;
2992         break;
2993 
2994     }
2995 
2996     case JVM_OPC_tableswitch:
2997     case JVM_OPC_lookupswitch:
2998         successors = this_idata->operand.ip; /* use this instead */
2999         successors_count = *successors++;
3000         break;
3001     }
3002 
3003 #ifdef DEBUG
3004     if (verify_verbose) {
3005         jio_fprintf(stdout, " [");
3006         for (i = handler_info_length; --i >= 0; handler_info++)
3007             if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3008                 jio_fprintf(stdout, "%d* ", handler_info->handler);
3009         for (i = 0; i < successors_count; i++)
3010             jio_fprintf(stdout, "%d ", successors[i]);
3011         jio_fprintf(stdout,   "]\n");
3012     }
3013 #endif
3014 
3015     handler_info = context->handler_info;
3016     for (i = handler_info_length; --i >= 0; handler_info++) {
3017         if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3018             int handler = handler_info->handler;
3019             if (opcode != JVM_OPC_invokeinit) {
3020                 merge_into_one_successor(context, inumber, handler,
3021                                          &this_idata->register_info, /* old */
3022                                          &handler_info->stack_info,
3023                                          (flag_type) (and_flags
3024                                                       & this_idata->and_flags),
3025                                          (flag_type) (or_flags
3026                                                       | this_idata->or_flags),
3027                                          JNI_TRUE);
3028             } else {
3029                 /* We need to be a little bit more careful with this
3030                  * instruction.  Things could either be in the state before
3031                  * the instruction or in the state afterwards */
3032                 fullinfo_type from = context->swap_table[0];
3033                 flag_type temp_or_flags = or_flags;
3034                 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3035                     temp_or_flags |= FLAG_NO_RETURN;
3036                 merge_into_one_successor(context, inumber, handler,
3037                                          &this_idata->register_info, /* old */
3038                                          &handler_info->stack_info,
3039                                          this_idata->and_flags,
3040                                          this_idata->or_flags,
3041                                          JNI_TRUE);
3042                 merge_into_one_successor(context, inumber, handler,
3043                                          register_info,
3044                                          &handler_info->stack_info,
3045                                          and_flags, temp_or_flags, JNI_TRUE);
3046             }
3047         }
3048     }
3049     for (i = 0; i < successors_count; i++) {
3050         int target = successors[i];
3051         if (target >= context->instruction_count)
3052             CCerror(context, "Falling off the end of the code");
3053         merge_into_one_successor(context, inumber, target,
3054                                  register_info, stack_info, and_flags, or_flags,
3055                                  JNI_FALSE);
3056     }
3057 }
3058 
3059 /* We have a new set of registers and stack values for a given instruction.
3060  * Merge this new set into the values that are already there.
3061  */
3062 
3063 static void
3064 merge_into_one_successor(context_type *context,
3065                          unsigned int from_inumber, unsigned int to_inumber,
3066                          register_info_type *new_register_info,
3067                          stack_info_type *new_stack_info,
3068                          flag_type new_and_flags, flag_type new_or_flags,
3069                          jboolean isException)
3070 {
3071     instruction_data_type *idata = context->instruction_data;
3072     register_info_type register_info_buf;
3073     stack_info_type stack_info_buf;
3074 #ifdef DEBUG
3075     instruction_data_type *this_idata = &idata[to_inumber];
3076     register_info_type old_reg_info;
3077     stack_info_type old_stack_info;
3078     flag_type old_and_flags = 0;
3079     flag_type old_or_flags = 0;
3080 #endif
3081 
3082 #ifdef DEBUG
3083     if (verify_verbose) {
3084         old_reg_info = this_idata->register_info;
3085         old_stack_info = this_idata->stack_info;
3086         old_and_flags = this_idata->and_flags;
3087         old_or_flags = this_idata->or_flags;
3088     }
3089 #endif
3090 
3091     /* All uninitialized objects are set to "bogus" when jsr and
3092      * ret are executed. Thus uninitialized objects can't propagate
3093      * into or out of a subroutine.
3094      */
3095     if (idata[from_inumber].opcode == JVM_OPC_ret ||
3096         idata[from_inumber].opcode == JVM_OPC_jsr ||
3097         idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3098         int new_register_count = new_register_info->register_count;
3099         fullinfo_type *new_registers = new_register_info->registers;
3100         int i;
3101         stack_item_type *item;
3102 
3103         for (item = new_stack_info->stack; item != NULL; item = item->next) {
3104             if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3105                 /* This check only succeeds for hand-contrived code.
3106                  * Efficiency is not an issue.
3107                  */
3108                 stack_info_buf.stack = copy_stack(context,
3109                                                   new_stack_info->stack);
3110                 stack_info_buf.stack_size = new_stack_info->stack_size;
3111                 new_stack_info = &stack_info_buf;
3112                 for (item = new_stack_info->stack; item != NULL;
3113                      item = item->next) {
3114                     if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3115                         item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3116                     }
3117                 }
3118                 break;
3119             }
3120         }
3121         for (i = 0; i < new_register_count; i++) {
3122             if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3123                 /* This check only succeeds for hand-contrived code.
3124                  * Efficiency is not an issue.
3125                  */
3126                 fullinfo_type *new_set = NEW(fullinfo_type,
3127                                              new_register_count);
3128                 for (i = 0; i < new_register_count; i++) {
3129                     fullinfo_type t = new_registers[i];
3130                     new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3131                         t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3132                 }
3133                 register_info_buf.register_count = new_register_count;
3134                 register_info_buf.registers = new_set;
3135                 register_info_buf.mask_count = new_register_info->mask_count;
3136                 register_info_buf.masks = new_register_info->masks;
3137                 new_register_info = &register_info_buf;
3138                 break;
3139             }
3140         }
3141     }
3142 
3143     /* Returning from a subroutine is somewhat ugly.  The actual thing
3144      * that needs to get merged into the new instruction is a joining
3145      * of info from the ret instruction with stuff in the jsr instruction
3146      */
3147     if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3148         int new_register_count = new_register_info->register_count;
3149         fullinfo_type *new_registers = new_register_info->registers;
3150         int new_mask_count = new_register_info->mask_count;
3151         mask_type *new_masks = new_register_info->masks;
3152         int operand = idata[from_inumber].operand.i;
3153         int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3154         instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3155         register_info_type *jsr_reginfo = &jsr_idata->register_info;
3156         if (jsr_idata->operand2.i != (int)from_inumber) {
3157             if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3158                 CCerror(context, "Multiple returns to single jsr");
3159             jsr_idata->operand2.i = from_inumber;
3160         }
3161         if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3162             /* We don't want to handle the returned-to instruction until
3163              * we've dealt with the jsr instruction.   When we get to the
3164              * jsr instruction (if ever), we'll re-mark the ret instruction
3165              */
3166             ;
3167         } else {
3168             int register_count = jsr_reginfo->register_count;
3169             fullinfo_type *registers = jsr_reginfo->registers;
3170             int max_registers = MAX(register_count, new_register_count);
3171             fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3172             int *return_mask;
3173             struct register_info_type new_new_register_info;
3174             int i;
3175             /* Make sure the place we're returning from is legal! */
3176             for (i = new_mask_count; --i >= 0; )
3177                 if (new_masks[i].entry == called_instruction)
3178                     break;
3179             if (i < 0)
3180                 CCerror(context, "Illegal return from subroutine");
3181             /* pop the masks down to the indicated one.  Remember the mask
3182              * we're popping off. */
3183             return_mask = new_masks[i].modifies;
3184             new_mask_count = i;
3185             for (i = 0; i < max_registers; i++) {
3186                 if (IS_BIT_SET(return_mask, i))
3187                     new_set[i] = i < new_register_count ?
3188                           new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3189                 else
3190                     new_set[i] = i < register_count ?
3191                         registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3192             }
3193             new_new_register_info.register_count = max_registers;
3194             new_new_register_info.registers      = new_set;
3195             new_new_register_info.mask_count     = new_mask_count;
3196             new_new_register_info.masks          = new_masks;
3197 
3198 
3199             merge_stack(context, from_inumber, to_inumber, new_stack_info);
3200             merge_registers(context, to_inumber - 1, to_inumber,
3201                             &new_new_register_info);
3202             merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3203         }
3204     } else {
3205         merge_stack(context, from_inumber, to_inumber, new_stack_info);
3206         merge_registers(context, from_inumber, to_inumber, new_register_info);
3207         merge_flags(context, from_inumber, to_inumber,
3208                     new_and_flags, new_or_flags);
3209     }
3210 
3211 #ifdef DEBUG
3212     if (verify_verbose && idata[to_inumber].changed) {
3213         register_info_type *register_info = &this_idata->register_info;
3214         stack_info_type *stack_info = &this_idata->stack_info;
3215         if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3216             memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3217             (old_and_flags != this_idata->and_flags) ||
3218             (old_or_flags != this_idata->or_flags)) {
3219             jio_fprintf(stdout, "   %2d:", to_inumber);
3220             print_stack(context, &old_stack_info);
3221             print_registers(context, &old_reg_info);
3222             print_flags(context, old_and_flags, old_or_flags);
3223             jio_fprintf(stdout, " => ");
3224             print_stack(context, &this_idata->stack_info);
3225             print_registers(context, &this_idata->register_info);
3226             print_flags(context, this_idata->and_flags, this_idata->or_flags);
3227             jio_fprintf(stdout, "\n");
3228         }
3229     }
3230 #endif
3231 
3232 }
3233 
3234 static void
3235 merge_stack(context_type *context, unsigned int from_inumber,
3236             unsigned int to_inumber, stack_info_type *new_stack_info)
3237 {
3238     instruction_data_type *idata = context->instruction_data;
3239     instruction_data_type *this_idata = &idata[to_inumber];
3240 
3241     int new_stack_size =  new_stack_info->stack_size;
3242     stack_item_type *new_stack = new_stack_info->stack;
3243 
3244     int stack_size = this_idata->stack_info.stack_size;
3245 
3246     if (stack_size == UNKNOWN_STACK_SIZE) {
3247         /* First time at this instruction.  Just copy. */
3248         this_idata->stack_info.stack_size = new_stack_size;
3249         this_idata->stack_info.stack = new_stack;
3250         this_idata->changed = JNI_TRUE;
3251     } else if (new_stack_size != stack_size) {
3252         CCerror(context, "Inconsistent stack height %d != %d",
3253                 new_stack_size, stack_size);
3254     } else {
3255         stack_item_type *stack = this_idata->stack_info.stack;
3256         stack_item_type *old, *new;
3257         jboolean change = JNI_FALSE;
3258         for (old = stack, new = new_stack; old != NULL;
3259                    old = old->next, new = new->next) {
3260             if (!isAssignableTo(context, new->item, old->item)) {
3261                 change = JNI_TRUE;
3262                 break;
3263             }
3264         }
3265         if (change) {
3266             stack = copy_stack(context, stack);
3267             for (old = stack, new = new_stack; old != NULL;
3268                           old = old->next, new = new->next) {
3269                 if (new == NULL) {
3270                     break;
3271                 }
3272                 old->item = merge_fullinfo_types(context, old->item, new->item,
3273                                                  JNI_FALSE);
3274                 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3275                         CCerror(context, "Mismatched stack types");
3276                 }
3277             }
3278             if (old != NULL || new != NULL) {
3279                 CCerror(context, "Mismatched stack types");
3280             }
3281             this_idata->stack_info.stack = stack;
3282             this_idata->changed = JNI_TRUE;
3283         }
3284     }
3285 }
3286 
3287 static void
3288 merge_registers(context_type *context, unsigned int from_inumber,
3289                 unsigned int to_inumber, register_info_type *new_register_info)
3290 {
3291     instruction_data_type *idata = context->instruction_data;
3292     instruction_data_type *this_idata = &idata[to_inumber];
3293     register_info_type    *this_reginfo = &this_idata->register_info;
3294 
3295     int            new_register_count = new_register_info->register_count;
3296     fullinfo_type *new_registers = new_register_info->registers;
3297     int            new_mask_count = new_register_info->mask_count;
3298     mask_type     *new_masks = new_register_info->masks;
3299 
3300 
3301     if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3302         this_reginfo->register_count = new_register_count;
3303         this_reginfo->registers = new_registers;
3304         this_reginfo->mask_count = new_mask_count;
3305         this_reginfo->masks = new_masks;
3306         this_idata->changed = JNI_TRUE;
3307     } else {
3308         /* See if we've got new information on the register set. */
3309         int register_count = this_reginfo->register_count;
3310         fullinfo_type *registers = this_reginfo->registers;
3311         int mask_count = this_reginfo->mask_count;
3312         mask_type *masks = this_reginfo->masks;
3313 
3314         jboolean copy = JNI_FALSE;
3315         int i, j;
3316         if (register_count > new_register_count) {
3317             /* Any register larger than new_register_count is now bogus */
3318             this_reginfo->register_count = new_register_count;
3319             register_count = new_register_count;
3320             this_idata->changed = JNI_TRUE;
3321         }
3322         for (i = 0; i < register_count; i++) {
3323             fullinfo_type prev_value = registers[i];
3324             if ((i < new_register_count)
3325                   ? (!isAssignableTo(context, new_registers[i], prev_value))
3326                   : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3327                 copy = JNI_TRUE;
3328                 break;
3329             }
3330         }
3331 
3332         if (copy) {
3333             /* We need a copy.  So do it. */
3334             fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3335             for (j = 0; j < i; j++)
3336                 new_set[j] =  registers[j];
3337             for (j = i; j < register_count; j++) {
3338                 if (i >= new_register_count)
3339                     new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3340                 else
3341                     new_set[j] = merge_fullinfo_types(context,
3342                                                       new_registers[j],
3343                                                       registers[j], JNI_FALSE);
3344             }
3345             /* Some of the end items might now be bogus. This step isn't
3346              * necessary, but it may save work later. */
3347             while (   register_count > 0
3348                    && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3349                 register_count--;
3350             this_reginfo->register_count = register_count;
3351             this_reginfo->registers = new_set;
3352             this_idata->changed = JNI_TRUE;
3353         }
3354         if (mask_count > 0) {
3355             /* If the target instruction already has a sequence of masks, then
3356              * we need to merge new_masks into it.  We want the entries on
3357              * the mask to be the longest common substring of the two.
3358              *   (e.g.   a->b->d merged with a->c->d should give a->d)
3359              * The bits set in the mask should be the or of the corresponding
3360              * entries in each of the original masks.
3361              */
3362             int i, j, k;
3363             int matches = 0;
3364             int last_match = -1;
3365             jboolean copy_needed = JNI_FALSE;
3366             for (i = 0; i < mask_count; i++) {
3367                 int entry = masks[i].entry;
3368                 for (j = last_match + 1; j < new_mask_count; j++) {
3369                     if (new_masks[j].entry == entry) {
3370                         /* We have a match */
3371                         int *prev = masks[i].modifies;
3372                         int *new = new_masks[j].modifies;
3373                         matches++;
3374                         /* See if new_mask has bits set for "entry" that
3375                          * weren't set for mask.  If so, need to copy. */
3376                         for (k = context->bitmask_size - 1;
3377                                !copy_needed && k >= 0;
3378                                k--)
3379                             if (~prev[k] & new[k])
3380                                 copy_needed = JNI_TRUE;
3381                         last_match = j;
3382                         break;
3383                     }
3384                 }
3385             }
3386             if ((matches < mask_count) || copy_needed) {
3387                 /* We need to make a copy for the new item, since either the
3388                  * size has decreased, or new bits are set. */
3389                 mask_type *copy = NEW(mask_type, matches);
3390                 for (i = 0; i < matches; i++) {
3391                     copy[i].modifies = NEW(int, context->bitmask_size);
3392                 }
3393                 this_reginfo->masks = copy;
3394                 this_reginfo->mask_count = matches;
3395                 this_idata->changed = JNI_TRUE;
3396                 matches = 0;
3397                 last_match = -1;
3398                 for (i = 0; i < mask_count; i++) {
3399                     int entry = masks[i].entry;
3400                     for (j = last_match + 1; j < new_mask_count; j++) {
3401                         if (new_masks[j].entry == entry) {
3402                             int *prev1 = masks[i].modifies;
3403                             int *prev2 = new_masks[j].modifies;
3404                             int *new = copy[matches].modifies;
3405                             copy[matches].entry = entry;
3406                             for (k = context->bitmask_size - 1; k >= 0; k--)
3407                                 new[k] = prev1[k] | prev2[k];
3408                             matches++;
3409                             last_match = j;
3410                             break;
3411                         }
3412                     }
3413                 }
3414             }
3415         }
3416     }
3417 }
3418 
3419 
3420 static void
3421 merge_flags(context_type *context, unsigned int from_inumber,
3422             unsigned int to_inumber,
3423             flag_type new_and_flags, flag_type new_or_flags)
3424 {
3425     /* Set this_idata->and_flags &= new_and_flags
3426            this_idata->or_flags |= new_or_flags
3427      */
3428     instruction_data_type *idata = context->instruction_data;
3429     instruction_data_type *this_idata = &idata[to_inumber];
3430     flag_type this_and_flags = this_idata->and_flags;
3431     flag_type this_or_flags = this_idata->or_flags;
3432     flag_type merged_and = this_and_flags & new_and_flags;
3433     flag_type merged_or = this_or_flags | new_or_flags;
3434 
3435     if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3436         this_idata->and_flags = merged_and;
3437         this_idata->or_flags = merged_or;
3438         this_idata->changed = JNI_TRUE;
3439     }
3440 }
3441 
3442 
3443 /* Make a copy of a stack */
3444 
3445 static stack_item_type *
3446 copy_stack(context_type *context, stack_item_type *stack)
3447 {
3448     int length;
3449     stack_item_type *ptr;
3450 
3451     /* Find the length */
3452     for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3453 
3454     if (length > 0) {
3455         stack_item_type *new_stack = NEW(stack_item_type, length);
3456         stack_item_type *new_ptr;
3457         for (    ptr = stack, new_ptr = new_stack;
3458                  ptr != NULL;
3459                  ptr = ptr->next, new_ptr++) {
3460             new_ptr->item = ptr->item;
3461             new_ptr->next = new_ptr + 1;
3462         }
3463         new_stack[length - 1].next = NULL;
3464         return new_stack;
3465     } else {
3466         return NULL;
3467     }
3468 }
3469 
3470 
3471 static mask_type *
3472 copy_masks(context_type *context, mask_type *masks, int mask_count)
3473 {
3474     mask_type *result = NEW(mask_type, mask_count);
3475     int bitmask_size = context->bitmask_size;
3476     int *bitmaps = NEW(int, mask_count * bitmask_size);
3477     int i;
3478     for (i = 0; i < mask_count; i++) {
3479         result[i].entry = masks[i].entry;
3480         result[i].modifies = &bitmaps[i * bitmask_size];
3481         memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3482     }
3483     return result;
3484 }
3485 
3486 
3487 static mask_type *
3488 add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3489 {
3490     mask_type *result = NEW(mask_type, mask_count + 1);
3491     int bitmask_size = context->bitmask_size;
3492     int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3493     int i;
3494     for (i = 0; i < mask_count; i++) {
3495         result[i].entry = masks[i].entry;
3496         result[i].modifies = &bitmaps[i * bitmask_size];
3497         memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3498     }
3499     result[mask_count].entry = d;
3500     result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3501     memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3502     return result;
3503 }
3504 
3505 
3506 
3507 /* We create our own storage manager, since we malloc lots of little items,
3508  * and I don't want to keep trace of when they become free.  I sure wish that
3509  * we had heaps, and I could just free the heap when done.
3510  */
3511 
3512 #define CCSegSize 2000
3513 
3514 struct CCpool {                 /* a segment of allocated memory in the pool */
3515     struct CCpool *next;
3516     int segSize;                /* almost always CCSegSize */
3517     int poolPad;
3518     char space[CCSegSize];
3519 };
3520 
3521 /* Initialize the context's heap. */
3522 static void CCinit(context_type *context)
3523 {
3524     struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3525     /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3526     context->CCroot = context->CCcurrent = new;
3527     if (new == 0) {
3528         CCout_of_memory(context);
3529     }
3530     new->next = NULL;
3531     new->segSize = CCSegSize;
3532     context->CCfree_size = CCSegSize;
3533     context->CCfree_ptr = &new->space[0];
3534 }
3535 
3536 
3537 /* Reuse all the space that we have in the context's heap. */
3538 static void CCreinit(context_type *context)
3539 {
3540     struct CCpool *first = context->CCroot;
3541     context->CCcurrent = first;
3542     context->CCfree_size = CCSegSize;
3543     context->CCfree_ptr = &first->space[0];
3544 }
3545 
3546 /* Destroy the context's heap. */
3547 static void CCdestroy(context_type *context)
3548 {
3549     struct CCpool *this = context->CCroot;
3550     while (this) {
3551         struct CCpool *next = this->next;
3552         free(this);
3553         this = next;
3554     }
3555     /* These two aren't necessary.  But can't hurt either */
3556     context->CCroot = context->CCcurrent = NULL;
3557     context->CCfree_ptr = 0;
3558 }
3559 
3560 /* Allocate an object of the given size from the context's heap. */
3561 static void *
3562 CCalloc(context_type *context, int size, jboolean zero)
3563 {
3564 
3565     register char *p;
3566     /* Round CC to the size of a pointer */
3567     size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3568 
3569     if (context->CCfree_size <  size) {
3570         struct CCpool *current = context->CCcurrent;
3571         struct CCpool *new;
3572         if (size > CCSegSize) { /* we need to allocate a special block */
3573             new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3574                                           (size - CCSegSize));
3575             if (new == 0) {
3576                 CCout_of_memory(context);
3577             }
3578             new->next = current->next;
3579             new->segSize = size;
3580             current->next = new;
3581         } else {
3582             new = current->next;
3583             if (new == NULL) {
3584                 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3585                 if (new == 0) {
3586                     CCout_of_memory(context);
3587                 }
3588                 current->next = new;
3589                 new->next = NULL;
3590                 new->segSize = CCSegSize;
3591             }
3592         }
3593         context->CCcurrent = new;
3594         context->CCfree_ptr = &new->space[0];
3595         context->CCfree_size = new->segSize;
3596     }
3597     p = context->CCfree_ptr;
3598     context->CCfree_ptr += size;
3599     context->CCfree_size -= size;
3600     if (zero)
3601         memset(p, 0, size);
3602     return p;
3603 }
3604 
3605 /* Get the class associated with a particular field or method or class in the
3606  * constant pool.  If is_field is true, we've got a field or method.  If
3607  * false, we've got a class.
3608  */
3609 static fullinfo_type
3610 cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3611 {
3612     JNIEnv *env = context->env;
3613     fullinfo_type result;
3614     const char *classname;
3615     switch (kind) {
3616     case JVM_CONSTANT_Class:
3617         classname = JVM_GetCPClassNameUTF(env,
3618                                           context->class,
3619                                           cp_index);
3620         break;
3621     case JVM_CONSTANT_Methodref:
3622         classname = JVM_GetCPMethodClassNameUTF(env,
3623                                                 context->class,
3624                                                 cp_index);
3625         break;
3626     case JVM_CONSTANT_Fieldref:
3627         classname = JVM_GetCPFieldClassNameUTF(env,
3628                                                context->class,
3629                                                cp_index);
3630         break;
3631     default:
3632         classname = NULL;
3633         CCerror(context, "Internal error #5");
3634     }
3635 
3636     check_and_push(context, classname, VM_STRING_UTF);
3637     if (classname[0] == JVM_SIGNATURE_ARRAY) {
3638         /* This make recursively call us, in case of a class array */
3639         signature_to_fieldtype(context, &classname, &result);
3640     } else {
3641         result = make_class_info_from_name(context, classname);
3642     }
3643     pop_and_free(context);
3644     return result;
3645 }
3646 
3647 
3648 static int
3649 print_CCerror_info(context_type *context)
3650 {
3651     JNIEnv *env = context->env;
3652     jclass cb = context->class;
3653     const char *classname = JVM_GetClassNameUTF(env, cb);
3654     const char *name = 0;
3655     const char *signature = 0;
3656     int n = 0;
3657     if (context->method_index != -1) {
3658         name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3659         signature =
3660             JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3661         n += jio_snprintf(context->message, context->message_buf_len,
3662                           "(class: %s, method: %s signature: %s) ",
3663                           (classname ? classname : ""),
3664                           (name ? name : ""),
3665                           (signature ? signature : ""));
3666     } else if (context->field_index != -1 ) {
3667         name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3668         n += jio_snprintf(context->message, context->message_buf_len,
3669                           "(class: %s, field: %s) ",
3670                           (classname ? classname : 0),
3671                           (name ? name : 0));
3672     } else {
3673         n += jio_snprintf(context->message, context->message_buf_len,
3674                           "(class: %s) ", classname ? classname : "");
3675     }
3676     JVM_ReleaseUTF(classname);
3677     JVM_ReleaseUTF(name);
3678     JVM_ReleaseUTF(signature);
3679     return n;
3680 }
3681 
3682 static void
3683 CCerror (context_type *context, char *format, ...)
3684 {
3685     int n = print_CCerror_info(context);
3686     va_list args;
3687     if (n >= 0 && n < context->message_buf_len) {
3688         va_start(args, format);
3689         jio_vsnprintf(context->message + n, context->message_buf_len - n,
3690                       format, args);
3691         va_end(args);
3692     }
3693     context->err_code = CC_VerifyError;
3694     longjmp(context->jump_buffer, 1);
3695 }
3696 
3697 static void
3698 CCout_of_memory(context_type *context)
3699 {
3700     int n = print_CCerror_info(context);
3701     context->err_code = CC_OutOfMemory;
3702     longjmp(context->jump_buffer, 1);
3703 }
3704 
3705 static void
3706 CFerror(context_type *context, char *format, ...)
3707 {
3708     int n = print_CCerror_info(context);
3709     va_list args;
3710     if (n >= 0 && n < context->message_buf_len) {
3711         va_start(args, format);
3712         jio_vsnprintf(context->message + n, context->message_buf_len - n,
3713                       format, args);
3714         va_end(args);
3715     }
3716     context->err_code = CC_ClassFormatError;
3717     longjmp(context->jump_buffer, 1);
3718 }
3719 
3720 static char
3721 signature_to_fieldtype(context_type *context,
3722                        const char **signature_p, fullinfo_type *full_info_p)
3723 {
3724     const char *p = *signature_p;
3725     fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3726     char result;
3727     int array_depth = 0;
3728 
3729     for (;;) {
3730         switch(*p++) {
3731             default:
3732                 result = 0;
3733                 break;
3734 
3735             case JVM_SIGNATURE_BOOLEAN:
3736                 full_info = (array_depth > 0)
3737                               ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)
3738                               : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3739                 result = 'I';
3740                 break;
3741 
3742             case JVM_SIGNATURE_BYTE:
3743                 full_info = (array_depth > 0)
3744                               ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3745                               : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3746                 result = 'I';
3747                 break;
3748 
3749             case JVM_SIGNATURE_CHAR:
3750                 full_info = (array_depth > 0)
3751                               ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3752                               : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3753                 result = 'I';
3754                 break;
3755 
3756             case JVM_SIGNATURE_SHORT:
3757                 full_info = (array_depth > 0)
3758                               ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3759                               : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3760                 result = 'I';
3761                 break;
3762 
3763             case JVM_SIGNATURE_INT:
3764                 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3765                 result = 'I';
3766                 break;
3767 
3768             case JVM_SIGNATURE_FLOAT:
3769                 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3770                 result = 'F';
3771                 break;
3772 
3773             case JVM_SIGNATURE_DOUBLE:
3774                 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3775                 result = 'D';
3776                 break;
3777 
3778             case JVM_SIGNATURE_LONG:
3779                 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3780                 result = 'L';
3781                 break;
3782 
3783             case JVM_SIGNATURE_ARRAY:
3784                 array_depth++;
3785                 continue;       /* only time we ever do the loop > 1 */
3786 
3787             case JVM_SIGNATURE_CLASS: {
3788                 char buffer_space[256];
3789                 char *buffer = buffer_space;
3790                 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3791                 int length;
3792                 if (finish == NULL) {
3793                     /* Signature must have ';' after the class name.
3794                      * If it does not, return 0 and ITEM_Bogus in full_info. */
3795                     result = 0;
3796                     break;
3797                 }
3798                 length = finish - p;
3799                 if (length + 1 > (int)sizeof(buffer_space)) {
3800                     buffer = malloc(length + 1);
3801                     check_and_push(context, buffer, VM_MALLOC_BLK);
3802                 }
3803                 memcpy(buffer, p, length);
3804                 buffer[length] = '\0';
3805                 full_info = make_class_info_from_name(context, buffer);
3806                 result = 'A';
3807                 p = finish + 1;
3808                 if (buffer != buffer_space)
3809                     pop_and_free(context);
3810                 break;
3811             }
3812         } /* end of switch */
3813         break;
3814     }
3815     *signature_p = p;
3816     if (array_depth == 0 || result == 0) {
3817         /* either not an array, or result is bogus */
3818         *full_info_p = full_info;
3819         return result;
3820     } else {
3821         if (array_depth > MAX_ARRAY_DIMENSIONS)
3822             CCerror(context, "Array with too many dimensions");
3823         *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3824                                      array_depth,
3825                                      GET_EXTRA_INFO(full_info));
3826         return 'A';
3827     }
3828 }
3829 
3830 
3831 /* Given an array type, create the type that has one less level of
3832  * indirection.
3833  */
3834 
3835 static fullinfo_type
3836 decrement_indirection(fullinfo_type array_info)
3837 {
3838     if (array_info == NULL_FULLINFO) {
3839         return NULL_FULLINFO;
3840     } else {
3841         int type = GET_ITEM_TYPE(array_info);
3842         int indirection = GET_INDIRECTION(array_info) - 1;
3843         int extra_info = GET_EXTRA_INFO(array_info);
3844         if (   (indirection == 0)
3845                && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3846             type = ITEM_Integer;
3847         return MAKE_FULLINFO(type, indirection, extra_info);
3848     }
3849 }
3850 
3851 
3852 /* See if we can assign an object of the "from" type to an object
3853  * of the "to" type.
3854  */
3855 
3856 static jboolean isAssignableTo(context_type *context,
3857                              fullinfo_type from, fullinfo_type to)
3858 {
3859     return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3860 }
3861 
3862 /* Given two fullinfo_type's, find their lowest common denominator.  If
3863  * the assignable_p argument is non-null, we're really just calling to find
3864  * out if "<target> := <value>" is a legitimate assignment.
3865  *
3866  * We treat all interfaces as if they were of type java/lang/Object, since the
3867  * runtime will do the full checking.
3868  */
3869 static fullinfo_type
3870 merge_fullinfo_types(context_type *context,
3871                      fullinfo_type value, fullinfo_type target,
3872                      jboolean for_assignment)
3873 {
3874     JNIEnv *env = context->env;
3875     if (value == target) {
3876         /* If they're identical, clearly just return what we've got */
3877         return value;
3878     }
3879 
3880     /* Both must be either arrays or objects to go further */
3881     if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3882         return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3883     if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3884         return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3885 
3886     /* If either is NULL, return the other. */
3887     if (value == NULL_FULLINFO)
3888         return target;
3889     else if (target == NULL_FULLINFO)
3890         return value;
3891 
3892     /* If either is java/lang/Object, that's the result. */
3893     if (target == context->object_info)
3894         return target;
3895     else if (value == context->object_info) {
3896         /* Minor hack.  For assignments, Interface := Object, return Interface
3897          * rather than Object, so that isAssignableTo() will get the right
3898          * result.      */
3899         if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3900                                   MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3901             jclass cb = object_fullinfo_to_classclass(context,
3902                                                       target);
3903             int is_interface = cb && JVM_IsInterface(env, cb);
3904             if (is_interface)
3905                 return target;
3906         }
3907         return value;
3908     }
3909     if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3910         /* At least one is an array.  Neither is java/lang/Object or NULL.
3911          * Moreover, the types are not identical.
3912          * The result must either be Object, or an array of some object type.
3913          */
3914         fullinfo_type value_base, target_base;
3915         int dimen_value = GET_INDIRECTION(value);
3916         int dimen_target = GET_INDIRECTION(target);
3917 
3918         if (target == context->cloneable_info ||
3919             target == context->serializable_info) {
3920             return target;
3921         }
3922 
3923         if (value == context->cloneable_info ||
3924             value == context->serializable_info) {
3925             return value;
3926         }
3927 
3928         /* First, if either item's base type isn't ITEM_Object, promote it up
3929          * to an object or array of object.  If either is elemental, we can
3930          * punt.
3931          */
3932         if (GET_ITEM_TYPE(value) != ITEM_Object) {
3933             if (dimen_value == 0)
3934                 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3935             dimen_value--;
3936             value = MAKE_Object_ARRAY(dimen_value);
3937 
3938         }
3939         if (GET_ITEM_TYPE(target) != ITEM_Object) {
3940             if (dimen_target == 0)
3941                 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3942             dimen_target--;
3943             target = MAKE_Object_ARRAY(dimen_target);
3944         }
3945         /* Both are now objects or arrays of some sort of object type */
3946         value_base = WITH_ZERO_INDIRECTION(value);
3947         target_base = WITH_ZERO_INDIRECTION(target);
3948         if (dimen_value == dimen_target) {
3949             /* Arrays of the same dimension.  Merge their base types. */
3950             fullinfo_type  result_base =
3951                 merge_fullinfo_types(context, value_base, target_base,
3952                                             for_assignment);
3953             if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3954                 /* bogus in, bogus out */
3955                 return result_base;
3956             return MAKE_FULLINFO(ITEM_Object, dimen_value,
3957                                  GET_EXTRA_INFO(result_base));
3958         } else {
3959             /* Arrays of different sizes. If the smaller dimension array's base
3960              * type is java/lang/Cloneable or java/io/Serializable, return it.
3961              * Otherwise return java/lang/Object with a dimension of the smaller
3962              * of the two */
3963             if (dimen_value < dimen_target) {
3964                 if (value_base == context->cloneable_info ||
3965                     value_base == context ->serializable_info) {
3966                     return value;
3967                 }
3968                 return MAKE_Object_ARRAY(dimen_value);
3969             } else {
3970                 if (target_base == context->cloneable_info ||
3971                     target_base == context->serializable_info) {
3972                     return target;
3973                 }
3974                 return MAKE_Object_ARRAY(dimen_target);
3975             }
3976         }
3977     } else {
3978         /* Both are non-array objects. Neither is java/lang/Object or NULL */
3979         jclass cb_value, cb_target, cb_super_value, cb_super_target;
3980         fullinfo_type result_info;
3981 
3982         /* Let's get the classes corresponding to each of these.  Treat
3983          * interfaces as if they were java/lang/Object.  See hack note above. */
3984         cb_target = object_fullinfo_to_classclass(context, target);
3985         if (cb_target == 0)
3986             return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3987         if (JVM_IsInterface(env, cb_target))
3988             return for_assignment ? target : context->object_info;
3989         cb_value = object_fullinfo_to_classclass(context, value);
3990         if (cb_value == 0)
3991             return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3992         if (JVM_IsInterface(env, cb_value))
3993             return context->object_info;
3994 
3995         /* If this is for assignment of target := value, we just need to see if
3996          * cb_target is a superclass of cb_value.  Save ourselves a lot of
3997          * work.
3998          */
3999         if (for_assignment) {
4000             cb_super_value = (*env)->GetSuperclass(env, cb_value);
4001             while (cb_super_value != 0) {
4002                 jclass tmp_cb;
4003                 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4004                     (*env)->DeleteLocalRef(env, cb_super_value);
4005                     return target;
4006                 }
4007                 tmp_cb =  (*env)->GetSuperclass(env, cb_super_value);
4008                 (*env)->DeleteLocalRef(env, cb_super_value);
4009                 cb_super_value = tmp_cb;
4010             }
4011             (*env)->DeleteLocalRef(env, cb_super_value);
4012             return context->object_info;
4013         }
4014 
4015         /* Find out whether cb_value or cb_target is deeper in the class
4016          * tree by moving both toward the root, and seeing who gets there
4017          * first.                                                          */
4018         cb_super_value = (*env)->GetSuperclass(env, cb_value);
4019         cb_super_target = (*env)->GetSuperclass(env, cb_target);
4020         while((cb_super_value != 0) &&
4021               (cb_super_target != 0)) {
4022             jclass tmp_cb;
4023             /* Optimization.  If either hits the other when going up looking
4024              * for a parent, then might as well return the parent immediately */
4025             if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4026                 (*env)->DeleteLocalRef(env, cb_super_value);
4027                 (*env)->DeleteLocalRef(env, cb_super_target);
4028                 return target;
4029             }
4030             if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4031                 (*env)->DeleteLocalRef(env, cb_super_value);
4032                 (*env)->DeleteLocalRef(env, cb_super_target);
4033                 return value;
4034             }
4035             tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4036             (*env)->DeleteLocalRef(env, cb_super_value);
4037             cb_super_value = tmp_cb;
4038 
4039             tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4040             (*env)->DeleteLocalRef(env, cb_super_target);
4041             cb_super_target = tmp_cb;
4042         }
4043         cb_value = (*env)->NewLocalRef(env, cb_value);
4044         cb_target = (*env)->NewLocalRef(env, cb_target);
4045         /* At most one of the following two while clauses will be executed.
4046          * Bring the deeper of cb_target and cb_value to the depth of the
4047          * shallower one.
4048          */
4049         while (cb_super_value != 0) {
4050           /* cb_value is deeper */
4051             jclass cb_tmp;
4052 
4053             cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4054             (*env)->DeleteLocalRef(env, cb_super_value);
4055             cb_super_value = cb_tmp;
4056 
4057             cb_tmp = (*env)->GetSuperclass(env, cb_value);
4058             (*env)->DeleteLocalRef(env, cb_value);
4059             cb_value = cb_tmp;
4060         }
4061         while (cb_super_target != 0) {
4062           /* cb_target is deeper */
4063             jclass cb_tmp;
4064 
4065             cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4066             (*env)->DeleteLocalRef(env, cb_super_target);
4067             cb_super_target = cb_tmp;
4068 
4069             cb_tmp = (*env)->GetSuperclass(env, cb_target);
4070             (*env)->DeleteLocalRef(env, cb_target);
4071             cb_target = cb_tmp;
4072         }
4073 
4074         /* Walk both up, maintaining equal depth, until a join is found.  We
4075          * know that we will find one.  */
4076         while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4077             jclass cb_tmp;
4078             cb_tmp = (*env)->GetSuperclass(env, cb_value);
4079             (*env)->DeleteLocalRef(env, cb_value);
4080             cb_value = cb_tmp;
4081             cb_tmp = (*env)->GetSuperclass(env, cb_target);
4082             (*env)->DeleteLocalRef(env, cb_target);
4083             cb_target = cb_tmp;
4084         }
4085         result_info = make_class_info(context, cb_value);
4086         (*env)->DeleteLocalRef(env, cb_value);
4087         (*env)->DeleteLocalRef(env, cb_super_value);
4088         (*env)->DeleteLocalRef(env, cb_target);
4089         (*env)->DeleteLocalRef(env, cb_super_target);
4090         return result_info;
4091     } /* both items are classes */
4092 }
4093 
4094 
4095 /* Given a fullinfo_type corresponding to an Object, return the jclass
4096  * of that type.
4097  *
4098  * This function always returns a global reference!
4099  */
4100 
4101 static jclass
4102 object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4103 {
4104     unsigned short info = GET_EXTRA_INFO(classinfo);
4105     return ID_to_class(context, info);
4106 }
4107 
4108 static void free_block(void *ptr, int kind)
4109 {
4110     switch (kind) {
4111     case VM_STRING_UTF:
4112         JVM_ReleaseUTF(ptr);
4113         break;
4114     case VM_MALLOC_BLK:
4115         free(ptr);
4116         break;
4117     }
4118 }
4119 
4120 static void check_and_push(context_type *context, const void *ptr, int kind)
4121 {
4122     alloc_stack_type *p;
4123     if (ptr == 0)
4124         CCout_of_memory(context);
4125     if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4126         p = &(context->alloc_stack[context->alloc_stack_top++]);
4127     else {
4128         /* Otherwise we have to malloc */
4129         p = malloc(sizeof(alloc_stack_type));
4130         if (p == 0) {
4131             /* Make sure we clean up. */
4132             free_block((void *)ptr, kind);
4133             CCout_of_memory(context);
4134         }
4135     }
4136     p->kind = kind;
4137     p->ptr = (void *)ptr;
4138     p->next = context->allocated_memory;
4139     context->allocated_memory = p;
4140 }
4141 
4142 static void pop_and_free(context_type *context)
4143 {
4144     alloc_stack_type *p = context->allocated_memory;
4145     context->allocated_memory = p->next;
4146     free_block(p->ptr, p->kind);
4147     if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4148         p >= context->alloc_stack)
4149         context->alloc_stack_top--;
4150     else
4151         free(p);
4152 }
4153 
4154 static int signature_to_args_size(const char *method_signature)
4155 {
4156     const char *p;
4157     int args_size = 0;
4158     for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4159         switch (*p) {
4160           case JVM_SIGNATURE_BOOLEAN:
4161           case JVM_SIGNATURE_BYTE:
4162           case JVM_SIGNATURE_CHAR:
4163           case JVM_SIGNATURE_SHORT:
4164           case JVM_SIGNATURE_INT:
4165           case JVM_SIGNATURE_FLOAT:
4166             args_size += 1;
4167             break;
4168           case JVM_SIGNATURE_CLASS:
4169             args_size += 1;
4170             while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4171             break;
4172           case JVM_SIGNATURE_ARRAY:
4173             args_size += 1;
4174             while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4175             /* If an array of classes, skip over class name, too. */
4176             if (*p == JVM_SIGNATURE_CLASS) {
4177                 while (*p != JVM_SIGNATURE_ENDCLASS)
4178                   p++;
4179             }
4180             break;
4181           case JVM_SIGNATURE_DOUBLE:
4182           case JVM_SIGNATURE_LONG:
4183             args_size += 2;
4184             break;
4185           case JVM_SIGNATURE_FUNC:  /* ignore initial (, if given */
4186             break;
4187           default:
4188             /* Indicate an error. */
4189             return 0;
4190         }
4191     }
4192     return args_size;
4193 }
4194 
4195 #ifdef DEBUG
4196 
4197 /* Below are for debugging. */
4198 
4199 static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4200 
4201 static void
4202 print_stack(context_type *context, stack_info_type *stack_info)
4203 {
4204     stack_item_type *stack = stack_info->stack;
4205     if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4206         jio_fprintf(stdout, "x");
4207     } else {
4208         jio_fprintf(stdout, "(");
4209         for ( ; stack != 0; stack = stack->next)
4210             print_fullinfo_type(context, stack->item,
4211                 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4212         jio_fprintf(stdout, ")");
4213     }
4214 }
4215 
4216 static void
4217 print_registers(context_type *context, register_info_type *register_info)
4218 {
4219     int register_count = register_info->register_count;
4220     if (register_count == UNKNOWN_REGISTER_COUNT) {
4221         jio_fprintf(stdout, "x");
4222     } else {
4223         fullinfo_type *registers = register_info->registers;
4224         int mask_count = register_info->mask_count;
4225         mask_type *masks = register_info->masks;
4226         int i, j;
4227 
4228         jio_fprintf(stdout, "{");
4229         for (i = 0; i < register_count; i++)
4230             print_fullinfo_type(context, registers[i],
4231                 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4232         jio_fprintf(stdout, "}");
4233         for (i = 0; i < mask_count; i++) {
4234             char *separator = "";
4235             int *modifies = masks[i].modifies;
4236             jio_fprintf(stdout, "<%d: ", masks[i].entry);
4237             for (j = 0;
4238                  j < JVM_GetMethodIxLocalsCount(context->env,
4239                                                 context->class,
4240                                                 context->method_index);
4241                  j++)
4242                 if (IS_BIT_SET(modifies, j)) {
4243                     jio_fprintf(stdout, "%s%d", separator, j);
4244                     separator = ",";
4245                 }
4246             jio_fprintf(stdout, ">");
4247         }
4248     }
4249 }
4250 
4251 
4252 static void
4253 print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4254 {
4255     if (and_flags != ((flag_type)-1) || or_flags != 0) {
4256         jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4257     }
4258 }
4259 
4260 static void
4261 print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4262 {
4263     int i;
4264     int indirection = GET_INDIRECTION(type);
4265     for (i = indirection; i-- > 0; )
4266         jio_fprintf(stdout, "[");
4267     switch (GET_ITEM_TYPE(type)) {
4268         case ITEM_Integer:
4269             jio_fprintf(stdout, "I"); break;
4270         case ITEM_Float:
4271             jio_fprintf(stdout, "F"); break;
4272         case ITEM_Double:
4273             jio_fprintf(stdout, "D"); break;
4274         case ITEM_Double_2:
4275             jio_fprintf(stdout, "d"); break;
4276         case ITEM_Long:
4277             jio_fprintf(stdout, "L"); break;
4278         case ITEM_Long_2:
4279             jio_fprintf(stdout, "l"); break;
4280         case ITEM_ReturnAddress:
4281             jio_fprintf(stdout, "a"); break;
4282         case ITEM_Object:
4283             if (!verbose) {
4284                 jio_fprintf(stdout, "A");
4285             } else {
4286                 unsigned short extra = GET_EXTRA_INFO(type);
4287                 if (extra == 0) {
4288                     jio_fprintf(stdout, "/Null/");
4289                 } else {
4290                     const char *name = ID_to_class_name(context, extra);
4291                     const char *name2 = strrchr(name, '/');
4292                     jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4293                 }
4294             }
4295             break;
4296         case ITEM_Char:
4297             jio_fprintf(stdout, "C"); break;
4298         case ITEM_Short:
4299             jio_fprintf(stdout, "S"); break;
4300         case ITEM_Boolean:
4301             jio_fprintf(stdout, "Z"); break;
4302         case ITEM_Byte:
4303             jio_fprintf(stdout, "B"); break;
4304         case ITEM_NewObject:
4305             if (!verbose) {
4306                 jio_fprintf(stdout, "@");
4307             } else {
4308                 int inum = GET_EXTRA_INFO(type);
4309                 fullinfo_type real_type =
4310                     context->instruction_data[inum].operand2.fi;
4311                 jio_fprintf(stdout, ">");
4312                 print_fullinfo_type(context, real_type, JNI_TRUE);
4313                 jio_fprintf(stdout, "<");
4314             }
4315             break;
4316         case ITEM_InitObject:
4317             jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4318             break;
4319 
4320         default:
4321             jio_fprintf(stdout, "?"); break;
4322     }
4323     for (i = indirection; i-- > 0; )
4324         jio_fprintf(stdout, "]");
4325 }
4326 
4327 
4328 static void
4329 print_formatted_fieldname(context_type *context, int index)
4330 {
4331     JNIEnv *env = context->env;
4332     jclass cb = context->class;
4333     const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4334     const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4335     jio_fprintf(stdout, "  <%s.%s>",
4336                 classname ? classname : "", fieldname ? fieldname : "");
4337     JVM_ReleaseUTF(classname);
4338     JVM_ReleaseUTF(fieldname);
4339 }
4340 
4341 static void
4342 print_formatted_methodname(context_type *context, int index)
4343 {
4344     JNIEnv *env = context->env;
4345     jclass cb = context->class;
4346     const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4347     const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4348     jio_fprintf(stdout, "  <%s.%s>",
4349                 classname ? classname : "", methodname ? methodname : "");
4350     JVM_ReleaseUTF(classname);
4351     JVM_ReleaseUTF(methodname);
4352 }
4353 
4354 #endif /*DEBUG*/