1/*
2 * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26/*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30/*
31 Exported function:
32
33 jboolean
34 VerifyClass(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length)
36 jboolean
37 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
38 jint buffer_length, jint major_version)
39
40 This file now only uses the standard JNI and the following VM functions
41 exported in jvm.h:
42
43 JVM_FindClassFromClass
44 JVM_IsInterface
45 JVM_GetClassNameUTF
46 JVM_GetClassCPEntriesCount
47 JVM_GetClassCPTypes
48 JVM_GetClassFieldsCount
49 JVM_GetClassMethodsCount
50
51 JVM_GetFieldIxModifiers
52
53 JVM_GetMethodIxModifiers
54 JVM_GetMethodIxExceptionTableLength
55 JVM_GetMethodIxLocalsCount
56 JVM_GetMethodIxArgsSize
57 JVM_GetMethodIxMaxStack
58 JVM_GetMethodIxNameUTF
59 JVM_GetMethodIxSignatureUTF
60 JVM_GetMethodIxExceptionsCount
61 JVM_GetMethodIxExceptionIndexes
62 JVM_GetMethodIxByteCodeLength
63 JVM_GetMethodIxByteCode
64 JVM_GetMethodIxExceptionTableEntry
65 JVM_IsConstructorIx
66
67 JVM_GetCPClassNameUTF
68 JVM_GetCPFieldNameUTF
69 JVM_GetCPMethodNameUTF
70 JVM_GetCPFieldSignatureUTF
71 JVM_GetCPMethodSignatureUTF
72 JVM_GetCPFieldClassNameUTF
73 JVM_GetCPMethodClassNameUTF
74 JVM_GetCPFieldModifiers
75 JVM_GetCPMethodModifiers
76
77 JVM_ReleaseUTF
78 JVM_IsSameClassPackage
79
80 */
81
82#include <string.h>
83#include <setjmp.h>
84#include <assert.h>
85#include <limits.h>
86#include <stdlib.h>
87
88#include "jni.h"
89#include "jni_util.h"
90#include "jvm.h"
91#include "classfile_constants.h"
92#include "opcodes.in_out"
93
94/* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
95 * but the code here does not handles it. So we wrap the methods and return non-NULL
96 * pointers even if we allocate 0 bytes.
97 */
98#ifdef _AIX
99static int aix_dummy;
100static void* aix_malloc(size_t len) {
101 if (len == 0) {
102 return &aix_dummy;
103 }
104 return malloc(len);
105}
106
107static void* aix_calloc(size_t n, size_t size) {
108 if (n == 0) {
109 return &aix_dummy;
110 }
111 return calloc(n, size);
112}
113
114static void aix_free(void* p) {
115 if (p == &aix_dummy) {
116 return;
117 }
118 free(p);
119}
120
121#undef malloc
122#undef calloc
123#undef free
124#define malloc aix_malloc
125#define calloc aix_calloc
126#define free aix_free
127#endif
128
129#ifdef __APPLE__
130/* use setjmp/longjmp versions that do not save/restore the signal mask */
131#define setjmp _setjmp
132#define longjmp _longjmp
133#endif
134
135#define MAX_ARRAY_DIMENSIONS 255
136/* align byte code */
137#ifndef ALIGN_UP
138#define ALIGN_UP(n,align_grain) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
139#endif /* ALIGN_UP */
140#define UCALIGN(n) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int)))
141
142#ifdef DEBUG
143
144int verify_verbose = 0;
145static struct context_type *GlobalContext;
146#endif
147
148enum {
149 ITEM_Bogus,
150 ITEM_Void, /* only as a function return value */
151 ITEM_Integer,
152 ITEM_Float,
153 ITEM_Double,
154 ITEM_Double_2, /* 2nd word of double in register */
155 ITEM_Long,
156 ITEM_Long_2, /* 2nd word of long in register */
157 ITEM_Array,
158 ITEM_Object, /* Extra info field gives name. */
159 ITEM_NewObject, /* Like object, but uninitialized. */
160 ITEM_InitObject, /* "this" is init method, before call
161 to super() */
162 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
163 /* The following four are only used within array types.
164 * Normally, we use ITEM_Integer, instead. */
165 ITEM_Byte,
166 ITEM_Short,
167 ITEM_Char,
168 ITEM_Boolean
169};
170
171
172#define UNKNOWN_STACK_SIZE -1
173#define UNKNOWN_REGISTER_COUNT -1
174#define UNKNOWN_RET_INSTRUCTION -1
175
176#undef MAX
177#undef MIN
178#define MAX(a, b) ((a) > (b) ? (a) : (b))
179#define MIN(a, b) ((a) < (b) ? (a) : (b))
180
181#define BITS_PER_INT (CHAR_BIT * sizeof(int)/sizeof(char))
182#define SET_BIT(flags, i) (flags[(i)/BITS_PER_INT] |= \
183 ((unsigned)1 << ((i) % BITS_PER_INT)))
184#define IS_BIT_SET(flags, i) (flags[(i)/BITS_PER_INT] & \
185 ((unsigned)1 << ((i) % BITS_PER_INT)))
186
187typedef unsigned int fullinfo_type;
188typedef unsigned int *bitvector;
189
190#define GET_ITEM_TYPE(thing) ((thing) & 0x1F)
191#define GET_INDIRECTION(thing) (((thing) & 0xFFFF) >> 5)
192#define GET_EXTRA_INFO(thing) ((thing) >> 16)
193#define WITH_ZERO_INDIRECTION(thing) ((thing) & ~(0xFFE0))
194#define WITH_ZERO_EXTRA_INFO(thing) ((thing) & 0xFFFF)
195
196#define MAKE_FULLINFO(type, indirect, extra) \
197 ((type) + ((indirect) << 5) + ((extra) << 16))
198
199#define MAKE_Object_ARRAY(indirect) \
200 (context->object_info + ((indirect) << 5))
201
202#define NULL_FULLINFO MAKE_FULLINFO(ITEM_Object, 0, 0)
203
204/* JVM_OPC_invokespecial calls to <init> need to be treated special */
205#define JVM_OPC_invokeinit 0x100
206
207/* A hash mechanism used by the verifier.
208 * Maps class names to unique 16 bit integers.
209 */
210
211#define HASH_TABLE_SIZE 503
212
213/* The buckets are managed as a 256 by 256 matrix. We allocate an entire
214 * row (256 buckets) at a time to minimize fragmentation. Rows are
215 * allocated on demand so that we don't waste too much space.
216 */
217
218#define MAX_HASH_ENTRIES 65536
219#define HASH_ROW_SIZE 256
220
221typedef struct hash_bucket_type {
222 char *name;
223 unsigned int hash;
224 jclass class;
225 unsigned short ID;
226 unsigned short next;
227 unsigned loadable:1; /* from context->class loader */
228} hash_bucket_type;
229
230typedef struct {
231 hash_bucket_type **buckets;
232 unsigned short *table;
233 int entries_used;
234} hash_table_type;
235
236#define GET_BUCKET(class_hash, ID)\
237 (class_hash->buckets[ID / HASH_ROW_SIZE] + ID % HASH_ROW_SIZE)
238
239/*
240 * There are currently two types of resources that we need to keep
241 * track of (in addition to the CCalloc pool).
242 */
243enum {
244 VM_STRING_UTF, /* VM-allocated UTF strings */
245 VM_MALLOC_BLK /* malloc'ed blocks */
246};
247
248#define LDC_CLASS_MAJOR_VERSION 49
249
250#define LDC_METHOD_HANDLE_MAJOR_VERSION 51
251
252#define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
253
254#define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
255
256#define ALLOC_STACK_SIZE 16 /* big enough */
257
258typedef struct alloc_stack_type {
259 void *ptr;
260 int kind;
261 struct alloc_stack_type *next;
262} alloc_stack_type;
263
264/* The context type encapsulates the current invocation of the byte
265 * code verifier.
266 */
267struct context_type {
268
269 JNIEnv *env; /* current JNIEnv */
270
271 /* buffers etc. */
272 char *message;
273 jint message_buf_len;
274 jboolean err_code;
275
276 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
277 had a chance to free */
278 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
279 blocks here, to save mallocs. */
280 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE];
281 int alloc_stack_top;
282
283 /* these fields are per class */
284 jclass class; /* current class */
285 jint major_version;
286 jint nconstants;
287 unsigned char *constant_types;
288 hash_table_type class_hash;
289
290 fullinfo_type object_info; /* fullinfo for java/lang/Object */
291 fullinfo_type string_info; /* fullinfo for java/lang/String */
292 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
293 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
294 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
295
296 fullinfo_type currentclass_info; /* fullinfo for context->class */
297 fullinfo_type superclass_info; /* fullinfo for superclass */
298
299 /* these fields are per method */
300 int method_index; /* current method */
301 unsigned short *exceptions; /* exceptions */
302 unsigned char *code; /* current code object */
303 jint code_length;
304 int *code_data; /* offset to instruction number */
305 struct instruction_data_type *instruction_data; /* info about each */
306 struct handler_info_type *handler_info;
307 fullinfo_type *superclasses; /* null terminated superclasses */
308 int instruction_count; /* number of instructions */
309 fullinfo_type return_type; /* function return type */
310 fullinfo_type swap_table[4]; /* used for passing information */
311 int bitmask_size; /* words needed to hold bitmap of arguments */
312
313 /* these fields are per field */
314 int field_index;
315
316 /* Used by the space allocator */
317 struct CCpool *CCroot, *CCcurrent;
318 char *CCfree_ptr;
319 int CCfree_size;
320
321 /* Jump here on any error. */
322 jmp_buf jump_buffer;
323
324#ifdef DEBUG
325 /* keep track of how many global refs are allocated. */
326 int n_globalrefs;
327#endif
328};
329
330struct stack_info_type {
331 struct stack_item_type *stack;
332 int stack_size;
333};
334
335struct register_info_type {
336 int register_count; /* number of registers used */
337 fullinfo_type *registers;
338 int mask_count; /* number of masks in the following */
339 struct mask_type *masks;
340};
341
342struct mask_type {
343 int entry;
344 int *modifies;
345};
346
347typedef unsigned short flag_type;
348
349struct instruction_data_type {
350 int opcode; /* may turn into "canonical" opcode */
351 unsigned changed:1; /* has it changed */
352 unsigned protected:1; /* must accessor be a subclass of "this" */
353 union {
354 int i; /* operand to the opcode */
355 int *ip;
356 fullinfo_type fi;
357 } operand, operand2;
358 fullinfo_type p;
359 struct stack_info_type stack_info;
360 struct register_info_type register_info;
361#define FLAG_REACHED 0x01 /* instruction reached */
362#define FLAG_NEED_CONSTRUCTOR 0x02 /* must call this.<init> or super.<init> */
363#define FLAG_NO_RETURN 0x04 /* must throw out of method */
364 flag_type or_flags; /* true for at least one path to this inst */
365#define FLAG_CONSTRUCTED 0x01 /* this.<init> or super.<init> called */
366 flag_type and_flags; /* true for all paths to this instruction */
367};
368
369struct handler_info_type {
370 int start, end, handler;
371 struct stack_info_type stack_info;
372};
373
374struct stack_item_type {
375 fullinfo_type item;
376 struct stack_item_type *next;
377};
378
379typedef struct context_type context_type;
380typedef struct instruction_data_type instruction_data_type;
381typedef struct stack_item_type stack_item_type;
382typedef struct register_info_type register_info_type;
383typedef struct stack_info_type stack_info_type;
384typedef struct mask_type mask_type;
385
386static void read_all_code(context_type *context, jclass cb, int num_methods,
387 int** code_lengths, unsigned char*** code);
388static void verify_method(context_type *context, jclass cb, int index,
389 int code_length, unsigned char* code);
390static void free_all_code(context_type* context, int num_methods,
391 unsigned char** code);
392static void verify_field(context_type *context, jclass cb, int index);
393
394static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
395static void set_protected(context_type *, unsigned int inumber, int key, int);
396static jboolean is_superclass(context_type *, fullinfo_type);
397
398static void initialize_exception_table(context_type *);
399static int instruction_length(unsigned char *iptr, unsigned char *end);
400static jboolean isLegalTarget(context_type *, int offset);
401static void verify_constant_pool_type(context_type *, int, unsigned);
402
403static void initialize_dataflow(context_type *);
404static void run_dataflow(context_type *context);
405static void check_register_values(context_type *context, unsigned int inumber);
406static void check_flags(context_type *context, unsigned int inumber);
407static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
408static void update_registers(context_type *, unsigned int inumber, register_info_type *);
409static void update_flags(context_type *, unsigned int inumber,
410 flag_type *new_and_flags, flag_type *new_or_flags);
411static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
412
413static void merge_into_successors(context_type *, unsigned int inumber,
414 register_info_type *register_info,
415 stack_info_type *stack_info,
416 flag_type and_flags, flag_type or_flags);
417static void merge_into_one_successor(context_type *context,
418 unsigned int from_inumber,
419 unsigned int inumber,
420 register_info_type *register_info,
421 stack_info_type *stack_info,
422 flag_type and_flags, flag_type or_flags,
423 jboolean isException);
424static void merge_stack(context_type *, unsigned int inumber,
425 unsigned int to_inumber, stack_info_type *);
426static void merge_registers(context_type *, unsigned int inumber,
427 unsigned int to_inumber,
428 register_info_type *);
429static void merge_flags(context_type *context, unsigned int from_inumber,
430 unsigned int to_inumber,
431 flag_type new_and_flags, flag_type new_or_flags);
432
433static stack_item_type *copy_stack(context_type *, stack_item_type *);
434static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
435static mask_type *add_to_masks(context_type *, mask_type *, int , int);
436
437static fullinfo_type decrement_indirection(fullinfo_type);
438
439static fullinfo_type merge_fullinfo_types(context_type *context,
440 fullinfo_type a,
441 fullinfo_type b,
442 jboolean assignment);
443static jboolean isAssignableTo(context_type *,
444 fullinfo_type a,
445 fullinfo_type b);
446
447static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
448
449
450#define NEW(type, count) \
451 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE))
452#define ZNEW(type, count) \
453 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE))
454
455static void CCinit(context_type *context);
456static void CCreinit(context_type *context);
457static void CCdestroy(context_type *context);
458static void *CCalloc(context_type *context, int size, jboolean zero);
459
460static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
461
462static const char* get_result_signature(const char* signature);
463
464static char signature_to_fieldtype(context_type *context,
465 const char **signature_p, fullinfo_type *info);
466
467static void CCerror (context_type *, char *format, ...);
468static void CFerror (context_type *, char *format, ...);
469static void CCout_of_memory (context_type *);
470
471/* Because we can longjmp any time, we need to be very careful about
472 * remembering what needs to be freed. */
473
474static void check_and_push(context_type *context, const void *ptr, int kind);
475static void pop_and_free(context_type *context);
476
477static int signature_to_args_size(const char *method_signature);
478
479#ifdef DEBUG
480static void print_stack (context_type *, stack_info_type *stack_info);
481static void print_registers(context_type *, register_info_type *register_info);
482static void print_flags(context_type *, flag_type, flag_type);
483static void print_formatted_fieldname(context_type *context, int index);
484static void print_formatted_methodname(context_type *context, int index);
485#endif
486
487/*
488 * Declare library specific JNI_Onload entry if static build
489 */
490DEF_STATIC_JNI_OnLoad
491
492void initialize_class_hash(context_type *context)
493{
494 hash_table_type *class_hash = &(context->class_hash);
495 class_hash->buckets = (hash_bucket_type **)
496 calloc(MAX_HASH_ENTRIES / HASH_ROW_SIZE, sizeof(hash_bucket_type *));
497 class_hash->table = (unsigned short *)
498 calloc(HASH_TABLE_SIZE, sizeof(unsigned short));
499 if (class_hash->buckets == 0 ||
500 class_hash->table == 0)
501 CCout_of_memory(context);
502 class_hash->entries_used = 0;
503}
504
505static void finalize_class_hash(context_type *context)
506{
507 hash_table_type *class_hash = &(context->class_hash);
508 JNIEnv *env = context->env;
509 int i;
510 /* 4296677: bucket index starts from 1. */
511 for (i=1;i<=class_hash->entries_used;i++) {
512 hash_bucket_type *bucket = GET_BUCKET(class_hash, i);
513 assert(bucket != NULL);
514 free(bucket->name);
515 if (bucket->class) {
516 (*env)->DeleteGlobalRef(env, bucket->class);
517#ifdef DEBUG
518 context->n_globalrefs--;
519#endif
520 }
521 }
522 if (class_hash->buckets) {
523 for (i=0;i<MAX_HASH_ENTRIES / HASH_ROW_SIZE; i++) {
524 if (class_hash->buckets[i] == 0)
525 break;
526 free(class_hash->buckets[i]);
527 }
528 }
529 free(class_hash->buckets);
530 free(class_hash->table);
531}
532
533static hash_bucket_type *
534new_bucket(context_type *context, unsigned short *pID)
535{
536 hash_table_type *class_hash = &(context->class_hash);
537 int i = *pID = class_hash->entries_used + 1;
538 int row = i / HASH_ROW_SIZE;
539 if (i >= MAX_HASH_ENTRIES)
540 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
541 if (class_hash->buckets[row] == 0) {
542 class_hash->buckets[row] = (hash_bucket_type*)
543 calloc(HASH_ROW_SIZE, sizeof(hash_bucket_type));
544 if (class_hash->buckets[row] == 0)
545 CCout_of_memory(context);
546 }
547 class_hash->entries_used++; /* only increment when we are sure there
548 is no overflow. */
549 return GET_BUCKET(class_hash, i);
550}
551
552static unsigned int
553class_hash_fun(const char *s)
554{
555 int i;
556 unsigned raw_hash;
557 for (raw_hash = 0; (i = *s) != '\0'; ++s)
558 raw_hash = raw_hash * 37 + i;
559 return raw_hash;
560}
561
562/*
563 * Find a class using the defining loader of the current class
564 * and return a local reference to it.
565 */
566static jclass load_class_local(context_type *context,const char *classname)
567{
568 jclass cb = JVM_FindClassFromClass(context->env, classname,
569 JNI_FALSE, context->class);
570 if (cb == 0)
571 CCerror(context, "Cannot find class %s", classname);
572 return cb;
573}
574
575/*
576 * Find a class using the defining loader of the current class
577 * and return a global reference to it.
578 */
579static jclass load_class_global(context_type *context, const char *classname)
580{
581 JNIEnv *env = context->env;
582 jclass local, global;
583
584 local = load_class_local(context, classname);
585 global = (*env)->NewGlobalRef(env, local);
586 if (global == 0)
587 CCout_of_memory(context);
588#ifdef DEBUG
589 context->n_globalrefs++;
590#endif
591 (*env)->DeleteLocalRef(env, local);
592 return global;
593}
594
595/*
596 * Return a unique ID given a local class reference. The loadable
597 * flag is true if the defining class loader of context->class
598 * is known to be capable of loading the class.
599 */
600static unsigned short
601class_to_ID(context_type *context, jclass cb, jboolean loadable)
602{
603 JNIEnv *env = context->env;
604 hash_table_type *class_hash = &(context->class_hash);
605 unsigned int hash;
606 hash_bucket_type *bucket;
607 unsigned short *pID;
608 const char *name = JVM_GetClassNameUTF(env, cb);
609
610 check_and_push(context, name, VM_STRING_UTF);
611 hash = class_hash_fun(name);
612 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
613 while (*pID) {
614 bucket = GET_BUCKET(class_hash, *pID);
615 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
616 /*
617 * There is an unresolved entry with our name
618 * so we're forced to load it in case it matches us.
619 */
620 if (bucket->class == 0) {
621 assert(bucket->loadable == JNI_TRUE);
622 bucket->class = load_class_global(context, name);
623 }
624
625 /*
626 * It's already in the table. Update the loadable
627 * state if it's known and then we're done.
628 */
629 if ((*env)->IsSameObject(env, cb, bucket->class)) {
630 if (loadable && !bucket->loadable)
631 bucket->loadable = JNI_TRUE;
632 goto done;
633 }
634 }
635 pID = &bucket->next;
636 }
637 bucket = new_bucket(context, pID);
638 bucket->next = 0;
639 bucket->hash = hash;
640 bucket->name = malloc(strlen(name) + 1);
641 if (bucket->name == 0)
642 CCout_of_memory(context);
643 strcpy(bucket->name, name);
644 bucket->loadable = loadable;
645 bucket->class = (*env)->NewGlobalRef(env, cb);
646 if (bucket->class == 0)
647 CCout_of_memory(context);
648#ifdef DEBUG
649 context->n_globalrefs++;
650#endif
651
652done:
653 pop_and_free(context);
654 return *pID;
655}
656
657/*
658 * Return a unique ID given a class name from the constant pool.
659 * All classes are lazily loaded from the defining loader of
660 * context->class.
661 */
662static unsigned short
663class_name_to_ID(context_type *context, const char *name)
664{
665 hash_table_type *class_hash = &(context->class_hash);
666 unsigned int hash = class_hash_fun(name);
667 hash_bucket_type *bucket;
668 unsigned short *pID;
669 jboolean force_load = JNI_FALSE;
670
671 pID = &(class_hash->table[hash % HASH_TABLE_SIZE]);
672 while (*pID) {
673 bucket = GET_BUCKET(class_hash, *pID);
674 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
675 if (bucket->loadable)
676 goto done;
677 force_load = JNI_TRUE;
678 }
679 pID = &bucket->next;
680 }
681
682 if (force_load) {
683 /*
684 * We found at least one matching named entry for a class that
685 * was not known to be loadable through the defining class loader
686 * of context->class. We must load our named class and update
687 * the hash table in case one these entries matches our class.
688 */
689 JNIEnv *env = context->env;
690 jclass cb = load_class_local(context, name);
691 unsigned short id = class_to_ID(context, cb, JNI_TRUE);
692 (*env)->DeleteLocalRef(env, cb);
693 return id;
694 }
695
696 bucket = new_bucket(context, pID);
697 bucket->next = 0;
698 bucket->class = 0;
699 bucket->loadable = JNI_TRUE; /* name-only IDs are implicitly loadable */
700 bucket->hash = hash;
701 bucket->name = malloc(strlen(name) + 1);
702 if (bucket->name == 0)
703 CCout_of_memory(context);
704 strcpy(bucket->name, name);
705
706done:
707 return *pID;
708}
709
710#ifdef DEBUG
711static const char *
712ID_to_class_name(context_type *context, unsigned short ID)
713{
714 hash_table_type *class_hash = &(context->class_hash);
715 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
716 return bucket->name;
717}
718#endif
719
720static jclass
721ID_to_class(context_type *context, unsigned short ID)
722{
723 hash_table_type *class_hash = &(context->class_hash);
724 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID);
725 if (bucket->class == 0) {
726 assert(bucket->loadable == JNI_TRUE);
727 bucket->class = load_class_global(context, bucket->name);
728 }
729 return bucket->class;
730}
731
732static fullinfo_type
733make_loadable_class_info(context_type *context, jclass cb)
734{
735 return MAKE_FULLINFO(ITEM_Object, 0,
736 class_to_ID(context, cb, JNI_TRUE));
737}
738
739static fullinfo_type
740make_class_info(context_type *context, jclass cb)
741{
742 return MAKE_FULLINFO(ITEM_Object, 0,
743 class_to_ID(context, cb, JNI_FALSE));
744}
745
746static fullinfo_type
747make_class_info_from_name(context_type *context, const char *name)
748{
749 return MAKE_FULLINFO(ITEM_Object, 0,
750 class_name_to_ID(context, name));
751}
752
753/* RETURNS
754 * 1: on success chosen to be consistent with previous VerifyClass
755 * 0: verify error
756 * 2: out of memory
757 * 3: class format error
758 *
759 * Called by verify_class. Verify the code of each of the methods
760 * in a class. Note that this function apparently can't be JNICALL,
761 * because if it is the dynamic linker doesn't appear to be able to
762 * find it on Win32.
763 */
764
765#define CC_OK 1
766#define CC_VerifyError 0
767#define CC_OutOfMemory 2
768#define CC_ClassFormatError 3
769
770JNIEXPORT jboolean
771VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
772 jint major_version)
773{
774 context_type context_structure;
775 context_type *context = &context_structure;
776 jboolean result = CC_OK;
777 int i;
778 int num_methods;
779 int* code_lengths;
780 unsigned char** code;
781
782#ifdef DEBUG
783 GlobalContext = context;
784#endif
785
786 memset(context, 0, sizeof(context_type));
787 context->message = buffer;
788 context->message_buf_len = len;
789
790 context->env = env;
791 context->class = cb;
792
793 /* Set invalid method/field index of the context, in case anyone
794 calls CCerror */
795 context->method_index = -1;
796 context->field_index = -1;
797
798 /* Don't call CCerror or anything that can call it above the setjmp! */
799 if (!setjmp(context->jump_buffer)) {
800 jclass super;
801
802 CCinit(context); /* initialize heap; may throw */
803
804 initialize_class_hash(context);
805
806 context->major_version = major_version;
807 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
808 context->constant_types = (unsigned char *)
809 malloc(sizeof(unsigned char) * context->nconstants + 1);
810
811 if (context->constant_types == 0)
812 CCout_of_memory(context);
813
814 JVM_GetClassCPTypes(env, cb, context->constant_types);
815
816 if (context->constant_types == 0)
817 CCout_of_memory(context);
818
819 context->object_info =
820 make_class_info_from_name(context, "java/lang/Object");
821 context->string_info =
822 make_class_info_from_name(context, "java/lang/String");
823 context->throwable_info =
824 make_class_info_from_name(context, "java/lang/Throwable");
825 context->cloneable_info =
826 make_class_info_from_name(context, "java/lang/Cloneable");
827 context->serializable_info =
828 make_class_info_from_name(context, "java/io/Serializable");
829
830 context->currentclass_info = make_loadable_class_info(context, cb);
831
832 super = (*env)->GetSuperclass(env, cb);
833
834 if (super != 0) {
835 fullinfo_type *gptr;
836 int i = 0;
837
838 context->superclass_info = make_loadable_class_info(context, super);
839
840 while(super != 0) {
841 jclass tmp_cb = (*env)->GetSuperclass(env, super);
842 (*env)->DeleteLocalRef(env, super);
843 super = tmp_cb;
844 i++;
845 }
846 (*env)->DeleteLocalRef(env, super);
847 super = 0;
848
849 /* Can't go on context heap since it survives more than
850 one method */
851 context->superclasses = gptr =
852 malloc(sizeof(fullinfo_type)*(i + 1));
853 if (gptr == 0) {
854 CCout_of_memory(context);
855 }
856
857 super = (*env)->GetSuperclass(env, context->class);
858 while(super != 0) {
859 jclass tmp_cb;
860 *gptr++ = make_class_info(context, super);
861 tmp_cb = (*env)->GetSuperclass(env, super);
862 (*env)->DeleteLocalRef(env, super);
863 super = tmp_cb;
864 }
865 *gptr = 0;
866 } else {
867 context->superclass_info = 0;
868 }
869
870 (*env)->DeleteLocalRef(env, super);
871
872 /* Look at each method */
873 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
874 verify_field(context, cb, i);
875 num_methods = JVM_GetClassMethodsCount(env, cb);
876 read_all_code(context, cb, num_methods, &code_lengths, &code);
877 for (i = num_methods - 1; i >= 0; --i)
878 verify_method(context, cb, i, code_lengths[i], code[i]);
879 free_all_code(context, num_methods, code);
880 result = CC_OK;
881 } else {
882 result = context->err_code;
883 }
884
885 /* Cleanup */
886 finalize_class_hash(context);
887
888 while(context->allocated_memory)
889 pop_and_free(context);
890
891#ifdef DEBUG
892 GlobalContext = 0;
893#endif
894
895 if (context->exceptions)
896 free(context->exceptions);
897
898 if (context->constant_types)
899 free(context->constant_types);
900
901 if (context->superclasses)
902 free(context->superclasses);
903
904#ifdef DEBUG
905 /* Make sure all global refs created in the verifier are freed */
906 assert(context->n_globalrefs == 0);
907#endif
908
909 CCdestroy(context); /* destroy heap */
910 return result;
911}
912
913#define OLD_FORMAT_MAX_MAJOR_VERSION 48
914
915JNIEXPORT jboolean
916VerifyClass(JNIEnv *env, jclass cb, char *buffer, jint len)
917{
918 static int warned = 0;
919 if (!warned) {
920 jio_fprintf(stdout, "Warning! An old version of jvm is used. This is not supported.\n");
921 warned = 1;
922 }
923 return VerifyClassForMajorVersion(env, cb, buffer, len,
924 OLD_FORMAT_MAX_MAJOR_VERSION);
925}
926
927static void
928verify_field(context_type *context, jclass cb, int field_index)
929{
930 JNIEnv *env = context->env;
931 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
932 context->field_index = field_index;
933
934 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
935 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
936 CCerror(context, "Inconsistent access bits.");
937 }
938 context->field_index = -1;
939}
940
941
942/**
943 * We read all of the class's methods' code because it is possible that
944 * the verification of one method could resulting in linking further
945 * down the stack (due to class loading), which could end up rewriting
946 * some of the bytecode of methods we haven't verified yet. Since we
947 * don't want to see the rewritten bytecode, cache all the code and
948 * operate only on that.
949 */
950static void
951read_all_code(context_type* context, jclass cb, int num_methods,
952 int** lengths_addr, unsigned char*** code_addr)
953{
954 int* lengths;
955 unsigned char** code;
956 int i;
957
958 lengths = malloc(sizeof(int) * num_methods);
959 check_and_push(context, lengths, VM_MALLOC_BLK);
960
961 code = malloc(sizeof(unsigned char*) * num_methods);
962 check_and_push(context, code, VM_MALLOC_BLK);
963
964 *(lengths_addr) = lengths;
965 *(code_addr) = code;
966
967 for (i = 0; i < num_methods; ++i) {
968 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
969 if (lengths[i] > 0) {
970 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
971 check_and_push(context, code[i], VM_MALLOC_BLK);
972 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
973 } else {
974 code[i] = NULL;
975 }
976 }
977}
978
979static void
980free_all_code(context_type* context, int num_methods, unsigned char** code)
981{
982 int i;
983 for (i = 0; i < num_methods; ++i) {
984 if (code[i] != NULL) {
985 pop_and_free(context);
986 }
987 }
988 pop_and_free(context); /* code */
989 pop_and_free(context); /* lengths */
990}
991
992/* Verify the code of one method */
993static void
994verify_method(context_type *context, jclass cb, int method_index,
995 int code_length, unsigned char* code)
996{
997 JNIEnv *env = context->env;
998 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
999 int *code_data;
1000 instruction_data_type *idata = 0;
1001 int instruction_count;
1002 int i, offset;
1003 unsigned int inumber;
1004 jint nexceptions;
1005
1006 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
1007 /* not much to do for abstract and native methods */
1008 return;
1009 }
1010
1011 context->code_length = code_length;
1012 context->code = code;
1013
1014 /* CCerror can give method-specific info once this is set */
1015 context->method_index = method_index;
1016
1017 CCreinit(context); /* initial heap */
1018 code_data = NEW(int, code_length);
1019
1020#ifdef DEBUG
1021 if (verify_verbose) {
1022 const char *classname = JVM_GetClassNameUTF(env, cb);
1023 const char *methodname =
1024 JVM_GetMethodIxNameUTF(env, cb, method_index);
1025 const char *signature =
1026 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1027 jio_fprintf(stdout, "Looking at %s.%s%s\n",
1028 (classname ? classname : ""),
1029 (methodname ? methodname : ""),
1030 (signature ? signature : ""));
1031 JVM_ReleaseUTF(classname);
1032 JVM_ReleaseUTF(methodname);
1033 JVM_ReleaseUTF(signature);
1034 }
1035#endif
1036
1037 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1038 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1039 CCerror(context, "Inconsistent access bits.");
1040 }
1041
1042 // If this method is an overpass method, which is generated by the VM,
1043 // we trust the code and no check needs to be done.
1044 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1045 return;
1046 }
1047
1048 /* Run through the code. Mark the start of each instruction, and give
1049 * the instruction a number */
1050 for (i = 0, offset = 0; offset < code_length; i++) {
1051 int length = instruction_length(&code[offset], code + code_length);
1052 int next_offset = offset + length;
1053 if (length <= 0)
1054 CCerror(context, "Illegal instruction found at offset %d", offset);
1055 if (next_offset > code_length)
1056 CCerror(context, "Code stops in the middle of instruction "
1057 " starting at offset %d", offset);
1058 code_data[offset] = i;
1059 while (++offset < next_offset)
1060 code_data[offset] = -1; /* illegal location */
1061 }
1062 instruction_count = i; /* number of instructions in code */
1063
1064 /* Allocate a structure to hold info about each instruction. */
1065 idata = NEW(instruction_data_type, instruction_count);
1066
1067 /* Initialize the heap, and other info in the context structure. */
1068 context->code = code;
1069 context->instruction_data = idata;
1070 context->code_data = code_data;
1071 context->instruction_count = instruction_count;
1072 context->handler_info =
1073 NEW(struct handler_info_type,
1074 JVM_GetMethodIxExceptionTableLength(env, cb, method_index));
1075 context->bitmask_size =
1076 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1077 + (BITS_PER_INT - 1))/BITS_PER_INT;
1078
1079 if (instruction_count == 0)
1080 CCerror(context, "Empty code");
1081
1082 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1083 int length = instruction_length(&code[offset], code + code_length);
1084 instruction_data_type *this_idata = &idata[inumber];
1085 this_idata->opcode = code[offset];
1086 this_idata->stack_info.stack = NULL;
1087 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE;
1088 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT;
1089 this_idata->changed = JNI_FALSE; /* no need to look at it yet. */
1090 this_idata->protected = JNI_FALSE; /* no need to look at it yet. */
1091 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1092 this_idata->or_flags = 0; /* "bottom" or value*/
1093 /* This also sets up this_data->operand. It also makes the
1094 * xload_x and xstore_x instructions look like the generic form. */
1095 verify_opcode_operands(context, inumber, offset);
1096 offset += length;
1097 }
1098
1099
1100 /* make sure exception table is reasonable. */
1101 initialize_exception_table(context);
1102 /* Set up first instruction, and start of exception handlers. */
1103 initialize_dataflow(context);
1104 /* Run data flow analysis on the instructions. */
1105 run_dataflow(context);
1106
1107 /* verify checked exceptions, if any */
1108 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1109 context->exceptions = (unsigned short *)
1110 malloc(sizeof(unsigned short) * nexceptions + 1);
1111 if (context->exceptions == 0)
1112 CCout_of_memory(context);
1113 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1114 context->exceptions);
1115 for (i = 0; i < nexceptions; i++) {
1116 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1117 verify_constant_pool_type(context, (int)context->exceptions[i],
1118 1 << JVM_CONSTANT_Class);
1119 }
1120 free(context->exceptions);
1121 context->exceptions = 0;
1122 context->code = 0;
1123 context->method_index = -1;
1124}
1125
1126
1127/* Look at a single instruction, and verify its operands. Also, for
1128 * simplicity, move the operand into the ->operand field.
1129 * Make sure that branches don't go into the middle of nowhere.
1130 */
1131
1132static jint _ck_ntohl(jint n)
1133{
1134 unsigned char *p = (unsigned char *)&n;
1135 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1136}
1137
1138static void
1139verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1140{
1141 JNIEnv *env = context->env;
1142 instruction_data_type *idata = context->instruction_data;
1143 instruction_data_type *this_idata = &idata[inumber];
1144 int *code_data = context->code_data;
1145 int mi = context->method_index;
1146 unsigned char *code = context->code;
1147 int opcode = this_idata->opcode;
1148 int var;
1149
1150 /*
1151 * Set the ip fields to 0 not the i fields because the ip fields
1152 * are 64 bits on 64 bit architectures, the i field is only 32
1153 */
1154 this_idata->operand.ip = 0;
1155 this_idata->operand2.ip = 0;
1156
1157 switch (opcode) {
1158
1159 case JVM_OPC_jsr:
1160 /* instruction of ret statement */
1161 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1162 /* FALLTHROUGH */
1163 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1164 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1165 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1166 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1167 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1168 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1169 case JVM_OPC_goto: {
1170 /* Set the ->operand to be the instruction number of the target. */
1171 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1172 int target = offset + jump;
1173 if (!isLegalTarget(context, target))
1174 CCerror(context, "Illegal target of jump or branch");
1175 this_idata->operand.i = code_data[target];
1176 break;
1177 }
1178
1179 case JVM_OPC_jsr_w:
1180 /* instruction of ret statement */
1181 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION;
1182 /* FALLTHROUGH */
1183 case JVM_OPC_goto_w: {
1184 /* Set the ->operand to be the instruction number of the target. */
1185 int jump = (((signed char)(code[offset+1])) << 24) +
1186 (code[offset+2] << 16) + (code[offset+3] << 8) +
1187 (code[offset + 4]);
1188 int target = offset + jump;
1189 if (!isLegalTarget(context, target))
1190 CCerror(context, "Illegal target of jump or branch");
1191 this_idata->operand.i = code_data[target];
1192 break;
1193 }
1194
1195 case JVM_OPC_tableswitch:
1196 case JVM_OPC_lookupswitch: {
1197 /* Set the ->operand to be a table of possible instruction targets. */
1198 int *lpc = (int *) UCALIGN(code + offset + 1);
1199 int *lptr;
1200 int *saved_operand;
1201 int keys;
1202 int k, delta;
1203
1204 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
1205 /* 4639449, 4647081: Padding bytes must be zero. */
1206 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1207 for (; bptr < (unsigned char*)lpc; bptr++) {
1208 if (*bptr != 0) {
1209 CCerror(context, "Non zero padding bytes in switch");
1210 }
1211 }
1212 }
1213 if (opcode == JVM_OPC_tableswitch) {
1214 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1215 delta = 1;
1216 } else {
1217 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1218 delta = 2;
1219 /* Make sure that the tableswitch items are sorted */
1220 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1221 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1222 int next_key = _ck_ntohl(lptr[2]);
1223 if (this_key >= next_key) {
1224 CCerror(context, "Unsorted lookup switch");
1225 }
1226 }
1227 }
1228 saved_operand = NEW(int, keys + 2);
1229 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1230 CCerror(context, "Illegal default target in switch");
1231 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1232 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1233 int target = offset + _ck_ntohl(lptr[0]);
1234 if (!isLegalTarget(context, target))
1235 CCerror(context, "Illegal branch in tableswitch");
1236 saved_operand[k + 1] = code_data[target];
1237 }
1238 saved_operand[0] = keys + 1; /* number of successors */
1239 this_idata->operand.ip = saved_operand;
1240 break;
1241 }
1242
1243 case JVM_OPC_ldc: {
1244 /* Make sure the constant pool item is the right type. */
1245 int key = code[offset + 1];
1246 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1247 (1 << JVM_CONSTANT_String);
1248 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1249 types |= 1 << JVM_CONSTANT_Class;
1250 }
1251 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1252 types |= (1 << JVM_CONSTANT_MethodHandle) |
1253 (1 << JVM_CONSTANT_MethodType);
1254 }
1255 this_idata->operand.i = key;
1256 verify_constant_pool_type(context, key, types);
1257 break;
1258 }
1259
1260 case JVM_OPC_ldc_w: {
1261 /* Make sure the constant pool item is the right type. */
1262 int key = (code[offset + 1] << 8) + code[offset + 2];
1263 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1264 (1 << JVM_CONSTANT_String);
1265 if (context->major_version >= LDC_CLASS_MAJOR_VERSION) {
1266 types |= 1 << JVM_CONSTANT_Class;
1267 }
1268 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION) {
1269 types |= (1 << JVM_CONSTANT_MethodHandle) |
1270 (1 << JVM_CONSTANT_MethodType);
1271 }
1272 this_idata->operand.i = key;
1273 verify_constant_pool_type(context, key, types);
1274 break;
1275 }
1276
1277 case JVM_OPC_ldc2_w: {
1278 /* Make sure the constant pool item is the right type. */
1279 int key = (code[offset + 1] << 8) + code[offset + 2];
1280 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1281 this_idata->operand.i = key;
1282 verify_constant_pool_type(context, key, types);
1283 break;
1284 }
1285
1286 case JVM_OPC_getfield: case JVM_OPC_putfield:
1287 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1288 /* Make sure the constant pool item is the right type. */
1289 int key = (code[offset + 1] << 8) + code[offset + 2];
1290 this_idata->operand.i = key;
1291 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1292 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1293 set_protected(context, inumber, key, opcode);
1294 break;
1295 }
1296
1297 case JVM_OPC_invokevirtual:
1298 case JVM_OPC_invokespecial:
1299 case JVM_OPC_invokestatic:
1300 case JVM_OPC_invokeinterface: {
1301 /* Make sure the constant pool item is the right type. */
1302 int key = (code[offset + 1] << 8) + code[offset + 2];
1303 const char *methodname;
1304 jclass cb = context->class;
1305 fullinfo_type clazz_info;
1306 int is_constructor, is_internal;
1307 int kind;
1308
1309 switch (opcode ) {
1310 case JVM_OPC_invokestatic:
1311 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION)
1312 ? (1 << JVM_CONSTANT_Methodref)
1313 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1314 break;
1315 case JVM_OPC_invokeinterface:
1316 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1317 break;
1318 default:
1319 kind = 1 << JVM_CONSTANT_Methodref;
1320 }
1321
1322 /* Make sure the constant pool item is the right type. */
1323 verify_constant_pool_type(context, key, kind);
1324 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1325 check_and_push(context, methodname, VM_STRING_UTF);
1326 is_constructor = !strcmp(methodname, "<init>");
1327 is_internal = methodname[0] == '<';
1328 pop_and_free(context);
1329
1330 clazz_info = cp_index_to_class_fullinfo(context, key,
1331 JVM_CONSTANT_Methodref);
1332 this_idata->operand.i = key;
1333 this_idata->operand2.fi = clazz_info;
1334 if (is_constructor) {
1335 if (opcode != JVM_OPC_invokespecial) {
1336 CCerror(context,
1337 "Must call initializers using invokespecial");
1338 }
1339 this_idata->opcode = JVM_OPC_invokeinit;
1340 } else {
1341 if (is_internal) {
1342 CCerror(context, "Illegal call to internal method");
1343 }
1344 if (opcode == JVM_OPC_invokespecial
1345 && clazz_info != context->currentclass_info
1346 && clazz_info != context->superclass_info) {
1347 int not_found = 1;
1348
1349 jclass super = (*env)->GetSuperclass(env, context->class);
1350 while(super != 0) {
1351 jclass tmp_cb;
1352 fullinfo_type new_info = make_class_info(context, super);
1353 if (clazz_info == new_info) {
1354 not_found = 0;
1355 break;
1356 }
1357 tmp_cb = (*env)->GetSuperclass(env, super);
1358 (*env)->DeleteLocalRef(env, super);
1359 super = tmp_cb;
1360 }
1361 (*env)->DeleteLocalRef(env, super);
1362
1363 /* The optimizer may cause this to happen on local code */
1364 if (not_found) {
1365 CCerror(context, "Illegal use of nonvirtual function call");
1366 }
1367 }
1368 }
1369 if (opcode == JVM_OPC_invokeinterface) {
1370 unsigned int args1;
1371 unsigned int args2;
1372 const char *signature =
1373 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1374 check_and_push(context, signature, VM_STRING_UTF);
1375 args1 = signature_to_args_size(signature) + 1;
1376 args2 = code[offset + 3];
1377 if (args1 != args2) {
1378 CCerror(context,
1379 "Inconsistent args_size for invokeinterface");
1380 }
1381 if (code[offset + 4] != 0) {
1382 CCerror(context,
1383 "Fourth operand byte of invokeinterface must be zero");
1384 }
1385 pop_and_free(context);
1386 } else if (opcode == JVM_OPC_invokevirtual
1387 || opcode == JVM_OPC_invokespecial)
1388 set_protected(context, inumber, key, opcode);
1389 break;
1390 }
1391
1392 case JVM_OPC_invokedynamic:
1393 CCerror(context,
1394 "invokedynamic bytecode is not supported in this class file version");
1395 break;
1396 case JVM_OPC_instanceof:
1397 case JVM_OPC_checkcast:
1398 case JVM_OPC_new:
1399 case JVM_OPC_anewarray:
1400 case JVM_OPC_multianewarray: {
1401 /* Make sure the constant pool item is a class */
1402 int key = (code[offset + 1] << 8) + code[offset + 2];
1403 fullinfo_type target;
1404 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1405 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1406 if (GET_ITEM_TYPE(target) == ITEM_Bogus)
1407 CCerror(context, "Illegal type");
1408 switch(opcode) {
1409 case JVM_OPC_anewarray:
1410 if ((GET_INDIRECTION(target)) >= MAX_ARRAY_DIMENSIONS)
1411 CCerror(context, "Array with too many dimensions");
1412 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),
1413 GET_INDIRECTION(target) + 1,
1414 GET_EXTRA_INFO(target));
1415 break;
1416 case JVM_OPC_new:
1417 if (WITH_ZERO_EXTRA_INFO(target) !=
1418 MAKE_FULLINFO(ITEM_Object, 0, 0))
1419 CCerror(context, "Illegal creation of multi-dimensional array");
1420 /* operand gets set to the "unitialized object". operand2 gets
1421 * set to what the value will be after it's initialized. */
1422 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber);
1423 this_idata->operand2.fi = target;
1424 break;
1425 case JVM_OPC_multianewarray:
1426 this_idata->operand.fi = target;
1427 this_idata->operand2.i = code[offset + 3];
1428 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target))
1429 || (this_idata->operand2.i == 0))
1430 CCerror(context, "Illegal dimension argument");
1431 break;
1432 default:
1433 this_idata->operand.fi = target;
1434 }
1435 break;
1436 }
1437
1438 case JVM_OPC_newarray: {
1439 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1440 fullinfo_type full_info;
1441 switch (code[offset + 1]) {
1442 case JVM_T_INT:
1443 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0); break;
1444 case JVM_T_LONG:
1445 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0); break;
1446 case JVM_T_FLOAT:
1447 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0); break;
1448 case JVM_T_DOUBLE:
1449 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0); break;
1450 case JVM_T_BOOLEAN:
1451 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0); break;
1452 case JVM_T_BYTE:
1453 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0); break;
1454 case JVM_T_CHAR:
1455 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0); break;
1456 case JVM_T_SHORT:
1457 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0); break;
1458 default:
1459 full_info = 0; /* Keep lint happy */
1460 CCerror(context, "Bad type passed to newarray");
1461 }
1462 this_idata->operand.fi = full_info;
1463 break;
1464 }
1465
1466 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1467 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1468 this_idata->opcode = JVM_OPC_iload;
1469 var = opcode - JVM_OPC_iload_0;
1470 goto check_local_variable;
1471
1472 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1473 this_idata->opcode = JVM_OPC_fload;
1474 var = opcode - JVM_OPC_fload_0;
1475 goto check_local_variable;
1476
1477 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1478 this_idata->opcode = JVM_OPC_aload;
1479 var = opcode - JVM_OPC_aload_0;
1480 goto check_local_variable;
1481
1482 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1483 this_idata->opcode = JVM_OPC_lload;
1484 var = opcode - JVM_OPC_lload_0;
1485 goto check_local_variable2;
1486
1487 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1488 this_idata->opcode = JVM_OPC_dload;
1489 var = opcode - JVM_OPC_dload_0;
1490 goto check_local_variable2;
1491
1492 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1493 this_idata->opcode = JVM_OPC_istore;
1494 var = opcode - JVM_OPC_istore_0;
1495 goto check_local_variable;
1496
1497 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1498 this_idata->opcode = JVM_OPC_fstore;
1499 var = opcode - JVM_OPC_fstore_0;
1500 goto check_local_variable;
1501
1502 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1503 this_idata->opcode = JVM_OPC_astore;
1504 var = opcode - JVM_OPC_astore_0;
1505 goto check_local_variable;
1506
1507 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1508 this_idata->opcode = JVM_OPC_lstore;
1509 var = opcode - JVM_OPC_lstore_0;
1510 goto check_local_variable2;
1511
1512 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1513 this_idata->opcode = JVM_OPC_dstore;
1514 var = opcode - JVM_OPC_dstore_0;
1515 goto check_local_variable2;
1516
1517 case JVM_OPC_wide:
1518 this_idata->opcode = code[offset + 1];
1519 var = (code[offset + 2] << 8) + code[offset + 3];
1520 switch(this_idata->opcode) {
1521 case JVM_OPC_lload: case JVM_OPC_dload:
1522 case JVM_OPC_lstore: case JVM_OPC_dstore:
1523 goto check_local_variable2;
1524 default:
1525 goto check_local_variable;
1526 }
1527
1528 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1529 case JVM_OPC_ret:
1530 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1531 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1532 var = code[offset + 1];
1533 check_local_variable:
1534 /* Make sure that the variable number isn't illegal. */
1535 this_idata->operand.i = var;
1536 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1537 CCerror(context, "Illegal local variable number");
1538 break;
1539
1540 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1541 var = code[offset + 1];
1542 check_local_variable2:
1543 /* Make sure that the variable number isn't illegal. */
1544 this_idata->operand.i = var;
1545 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1546 CCerror(context, "Illegal local variable number");
1547 break;
1548
1549 default:
1550 if (opcode > JVM_OPC_MAX)
1551 CCerror(context, "Quick instructions shouldn't appear yet.");
1552 break;
1553 } /* of switch */
1554}
1555
1556
1557static void
1558set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1559{
1560 JNIEnv *env = context->env;
1561 fullinfo_type clazz_info;
1562 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1563 clazz_info = cp_index_to_class_fullinfo(context, key,
1564 JVM_CONSTANT_Fieldref);
1565 } else {
1566 clazz_info = cp_index_to_class_fullinfo(context, key,
1567 JVM_CONSTANT_Methodref);
1568 }
1569 if (is_superclass(context, clazz_info)) {
1570 jclass calledClass =
1571 object_fullinfo_to_classclass(context, clazz_info);
1572 int access;
1573 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1574 searches the referenced field or method in calledClass. The following
1575 while loop is added to search up the superclass chain to make this
1576 symbolic resolution consistent with the field/method resolution
1577 specified in VM spec 5.4.3. */
1578 calledClass = (*env)->NewLocalRef(env, calledClass);
1579 do {
1580 jclass tmp_cb;
1581 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1582 access = JVM_GetCPFieldModifiers
1583 (env, context->class, key, calledClass);
1584 } else {
1585 access = JVM_GetCPMethodModifiers
1586 (env, context->class, key, calledClass);
1587 }
1588 if (access != -1) {
1589 break;
1590 }
1591 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1592 (*env)->DeleteLocalRef(env, calledClass);
1593 calledClass = tmp_cb;
1594 } while (calledClass != 0);
1595
1596 if (access == -1) {
1597 /* field/method not found, detected at runtime. */
1598 } else if (access & JVM_ACC_PROTECTED) {
1599 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1600 context->instruction_data[inumber].protected = JNI_TRUE;
1601 }
1602 (*env)->DeleteLocalRef(env, calledClass);
1603 }
1604}
1605
1606
1607static jboolean
1608is_superclass(context_type *context, fullinfo_type clazz_info) {
1609 fullinfo_type *fptr = context->superclasses;
1610
1611 if (fptr == 0)
1612 return JNI_FALSE;
1613 for (; *fptr != 0; fptr++) {
1614 if (*fptr == clazz_info)
1615 return JNI_TRUE;
1616 }
1617 return JNI_FALSE;
1618}
1619
1620
1621/* Look through each item on the exception table. Each of the fields must
1622 * refer to a legal instruction.
1623 */
1624static void
1625initialize_exception_table(context_type *context)
1626{
1627 JNIEnv *env = context->env;
1628 int mi = context->method_index;
1629 struct handler_info_type *handler_info = context->handler_info;
1630 int *code_data = context->code_data;
1631 int code_length = context->code_length;
1632 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1633 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1634 if (max_stack_size < 1 && i > 0) {
1635 // If the method contains exception handlers, it must have room
1636 // on the expression stack for the exception that the VM could push
1637 CCerror(context, "Stack size too large");
1638 }
1639 for (; --i >= 0; handler_info++) {
1640 JVM_ExceptionTableEntryType einfo;
1641 stack_item_type *stack_item = NEW(stack_item_type, 1);
1642
1643 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1644 i, &einfo);
1645
1646 if (!(einfo.start_pc < einfo.end_pc &&
1647 einfo.start_pc >= 0 &&
1648 isLegalTarget(context, einfo.start_pc) &&
1649 (einfo.end_pc == code_length ||
1650 isLegalTarget(context, einfo.end_pc)))) {
1651 CFerror(context, "Illegal exception table range");
1652 }
1653 if (!((einfo.handler_pc > 0) &&
1654 isLegalTarget(context, einfo.handler_pc))) {
1655 CFerror(context, "Illegal exception table handler");
1656 }
1657
1658 handler_info->start = code_data[einfo.start_pc];
1659 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1660 handler_info->end = (einfo.end_pc == context->code_length) ?
1661 context->instruction_count : code_data[einfo.end_pc];
1662 handler_info->handler = code_data[einfo.handler_pc];
1663 handler_info->stack_info.stack = stack_item;
1664 handler_info->stack_info.stack_size = 1;
1665 stack_item->next = NULL;
1666 if (einfo.catchType != 0) {
1667 const char *classname;
1668 /* Constant pool entry type has been checked in format checker */
1669 classname = JVM_GetCPClassNameUTF(env,
1670 context->class,
1671 einfo.catchType);
1672 check_and_push(context, classname, VM_STRING_UTF);
1673 stack_item->item = make_class_info_from_name(context, classname);
1674 if (!isAssignableTo(context,
1675 stack_item->item,
1676 context->throwable_info))
1677 CCerror(context, "catch_type not a subclass of Throwable");
1678 pop_and_free(context);
1679 } else {
1680 stack_item->item = context->throwable_info;
1681 }
1682 }
1683}
1684
1685
1686/* Given a pointer to an instruction, return its length. Use the table
1687 * opcode_length[] which is automatically built.
1688 */
1689static int instruction_length(unsigned char *iptr, unsigned char *end)
1690{
1691 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER;
1692 int instruction = *iptr;
1693 switch (instruction) {
1694 case JVM_OPC_tableswitch: {
1695 int *lpc = (int *)UCALIGN(iptr + 1);
1696 int index;
1697 if (lpc + 2 >= (int *)end) {
1698 return -1; /* do not read pass the end */
1699 }
1700 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1701 if ((index < 0) || (index > 65535)) {
1702 return -1; /* illegal */
1703 } else {
1704 unsigned char *finish = (unsigned char *)(&lpc[index + 4]);
1705 assert(finish >= iptr);
1706 return (int)(finish - iptr);
1707 }
1708 }
1709
1710 case JVM_OPC_lookupswitch: {
1711 int *lpc = (int *) UCALIGN(iptr + 1);
1712 int npairs;
1713 if (lpc + 1 >= (int *)end)
1714 return -1; /* do not read pass the end */
1715 npairs = _ck_ntohl(lpc[1]);
1716 /* There can't be more than 64K labels because of the limit
1717 * on per-method byte code length.
1718 */
1719 if (npairs < 0 || npairs >= 65536)
1720 return -1;
1721 else {
1722 unsigned char *finish = (unsigned char *)(&lpc[2 * (npairs + 1)]);
1723 assert(finish >= iptr);
1724 return (int)(finish - iptr);
1725 }
1726 }
1727
1728 case JVM_OPC_wide:
1729 if (iptr + 1 >= end)
1730 return -1; /* do not read pass the end */
1731 switch(iptr[1]) {
1732 case JVM_OPC_ret:
1733 case JVM_OPC_iload: case JVM_OPC_istore:
1734 case JVM_OPC_fload: case JVM_OPC_fstore:
1735 case JVM_OPC_aload: case JVM_OPC_astore:
1736 case JVM_OPC_lload: case JVM_OPC_lstore:
1737 case JVM_OPC_dload: case JVM_OPC_dstore:
1738 return 4;
1739 case JVM_OPC_iinc:
1740 return 6;
1741 default:
1742 return -1;
1743 }
1744
1745 default: {
1746 if (instruction < 0 || instruction > JVM_OPC_MAX)
1747 return -1;
1748
1749 /* A length of 0 indicates an error. */
1750 if (opcode_length[instruction] <= 0)
1751 return -1;
1752
1753 return opcode_length[instruction];
1754 }
1755 }
1756}
1757
1758
1759/* Given the target of a branch, make sure that it's a legal target. */
1760static jboolean
1761isLegalTarget(context_type *context, int offset)
1762{
1763 int code_length = context->code_length;
1764 int *code_data = context->code_data;
1765 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1766}
1767
1768
1769/* Make sure that an element of the constant pool really is of the indicated
1770 * type.
1771 */
1772static void
1773verify_constant_pool_type(context_type *context, int index, unsigned mask)
1774{
1775 int nconstants = context->nconstants;
1776 unsigned char *type_table = context->constant_types;
1777 unsigned type;
1778
1779 if ((index <= 0) || (index >= nconstants))
1780 CCerror(context, "Illegal constant pool index");
1781
1782 type = type_table[index];
1783 if ((mask & (1 << type)) == 0)
1784 CCerror(context, "Illegal type in constant pool");
1785}
1786
1787
1788static void
1789initialize_dataflow(context_type *context)
1790{
1791 JNIEnv *env = context->env;
1792 instruction_data_type *idata = context->instruction_data;
1793 int mi = context->method_index;
1794 jclass cb = context->class;
1795 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1796 fullinfo_type *reg_ptr;
1797 fullinfo_type full_info;
1798 const char *p;
1799 const char *signature;
1800
1801 /* Initialize the function entry, since we know everything about it. */
1802 idata[0].stack_info.stack_size = 0;
1803 idata[0].stack_info.stack = NULL;
1804 idata[0].register_info.register_count = args_size;
1805 idata[0].register_info.registers = NEW(fullinfo_type, args_size);
1806 idata[0].register_info.mask_count = 0;
1807 idata[0].register_info.masks = NULL;
1808 idata[0].and_flags = 0; /* nothing needed */
1809 idata[0].or_flags = FLAG_REACHED; /* instruction reached */
1810 reg_ptr = idata[0].register_info.registers;
1811
1812 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1813 /* A non static method. If this is an <init> method, the first
1814 * argument is an uninitialized object. Otherwise it is an object of
1815 * the given class type. java.lang.Object.<init> is special since
1816 * we don't call its superclass <init> method.
1817 */
1818 if (JVM_IsConstructorIx(env, cb, mi)
1819 && context->currentclass_info != context->object_info) {
1820 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0);
1821 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR;
1822 } else {
1823 *reg_ptr++ = context->currentclass_info;
1824 }
1825 }
1826 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1827 check_and_push(context, signature, VM_STRING_UTF);
1828 /* Fill in each of the arguments into the registers. */
1829 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1830 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1831 switch (fieldchar) {
1832 case 'D': case 'L':
1833 *reg_ptr++ = full_info;
1834 *reg_ptr++ = full_info + 1;
1835 break;
1836 default:
1837 *reg_ptr++ = full_info;
1838 break;
1839 }
1840 }
1841 p++; /* skip over right parenthesis */
1842 if (*p == 'V') {
1843 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0);
1844 } else {
1845 signature_to_fieldtype(context, &p, &full_info);
1846 context->return_type = full_info;
1847 }
1848 pop_and_free(context);
1849 /* Indicate that we need to look at the first instruction. */
1850 idata[0].changed = JNI_TRUE;
1851}
1852
1853
1854/* Run the data flow analysis, as long as there are things to change. */
1855static void
1856run_dataflow(context_type *context) {
1857 JNIEnv *env = context->env;
1858 int mi = context->method_index;
1859 jclass cb = context->class;
1860 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1861 instruction_data_type *idata = context->instruction_data;
1862 unsigned int icount = context->instruction_count;
1863 jboolean work_to_do = JNI_TRUE;
1864 unsigned int inumber;
1865
1866 /* Run through the loop, until there is nothing left to do. */
1867 while (work_to_do) {
1868 work_to_do = JNI_FALSE;
1869 for (inumber = 0; inumber < icount; inumber++) {
1870 instruction_data_type *this_idata = &idata[inumber];
1871 if (this_idata->changed) {
1872 register_info_type new_register_info;
1873 stack_info_type new_stack_info;
1874 flag_type new_and_flags, new_or_flags;
1875
1876 this_idata->changed = JNI_FALSE;
1877 work_to_do = JNI_TRUE;
1878#ifdef DEBUG
1879 if (verify_verbose) {
1880 int opcode = this_idata->opcode;
1881 jio_fprintf(stdout, "Instruction %d: ", inumber);
1882 print_stack(context, &this_idata->stack_info);
1883 print_registers(context, &this_idata->register_info);
1884 print_flags(context,
1885 this_idata->and_flags, this_idata->or_flags);
1886 fflush(stdout);
1887 }
1888#endif
1889 /* Make sure the registers and flags are appropriate */
1890 check_register_values(context, inumber);
1891 check_flags(context, inumber);
1892
1893 /* Make sure the stack can deal with this instruction */
1894 pop_stack(context, inumber, &new_stack_info);
1895
1896 /* Update the registers and flags */
1897 update_registers(context, inumber, &new_register_info);
1898 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1899
1900 /* Update the stack. */
1901 push_stack(context, inumber, &new_stack_info);
1902
1903 if (new_stack_info.stack_size > max_stack_size)
1904 CCerror(context, "Stack size too large");
1905#ifdef DEBUG
1906 if (verify_verbose) {
1907 jio_fprintf(stdout, " ");
1908 print_stack(context, &new_stack_info);
1909 print_registers(context, &new_register_info);
1910 print_flags(context, new_and_flags, new_or_flags);
1911 fflush(stdout);
1912 }
1913#endif
1914 /* Add the new stack and register information to any
1915 * instructions that can follow this instruction. */
1916 merge_into_successors(context, inumber,
1917 &new_register_info, &new_stack_info,
1918 new_and_flags, new_or_flags);
1919 }
1920 }
1921 }
1922}
1923
1924
1925/* Make sure that the registers contain a legitimate value for the given
1926 * instruction.
1927*/
1928
1929static void
1930check_register_values(context_type *context, unsigned int inumber)
1931{
1932 instruction_data_type *idata = context->instruction_data;
1933 instruction_data_type *this_idata = &idata[inumber];
1934 int opcode = this_idata->opcode;
1935 int operand = this_idata->operand.i;
1936 int register_count = this_idata->register_info.register_count;
1937 fullinfo_type *registers = this_idata->register_info.registers;
1938 jboolean double_word = JNI_FALSE; /* default value */
1939 int type;
1940
1941 switch (opcode) {
1942 default:
1943 return;
1944 case JVM_OPC_iload: case JVM_OPC_iinc:
1945 type = ITEM_Integer; break;
1946 case JVM_OPC_fload:
1947 type = ITEM_Float; break;
1948 case JVM_OPC_aload:
1949 type = ITEM_Object; break;
1950 case JVM_OPC_ret:
1951 type = ITEM_ReturnAddress; break;
1952 case JVM_OPC_lload:
1953 type = ITEM_Long; double_word = JNI_TRUE; break;
1954 case JVM_OPC_dload:
1955 type = ITEM_Double; double_word = JNI_TRUE; break;
1956 }
1957 if (!double_word) {
1958 fullinfo_type reg;
1959 /* Make sure we don't have an illegal register or one with wrong type */
1960 if (operand >= register_count) {
1961 CCerror(context,
1962 "Accessing value from uninitialized register %d", operand);
1963 }
1964 reg = registers[operand];
1965
1966 if (WITH_ZERO_EXTRA_INFO(reg) == (unsigned)MAKE_FULLINFO(type, 0, 0)) {
1967 /* the register is obviously of the given type */
1968 return;
1969 } else if (GET_INDIRECTION(reg) > 0 && type == ITEM_Object) {
1970 /* address type stuff be used on all arrays */
1971 return;
1972 } else if (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress) {
1973 CCerror(context, "Cannot load return address from register %d",
1974 operand);
1975 /* alternatively
1976 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1977 && (opcode == JVM_OPC_iload)
1978 && (type == ITEM_Object || type == ITEM_Integer)
1979 but this never occurs
1980 */
1981 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1982 return;
1983 } else if (WITH_ZERO_EXTRA_INFO(reg) ==
1984 MAKE_FULLINFO(ITEM_NewObject, 0, 0) &&
1985 type == ITEM_Object) {
1986 return;
1987 } else {
1988 CCerror(context, "Register %d contains wrong type", operand);
1989 }
1990 } else {
1991 /* Make sure we don't have an illegal register or one with wrong type */
1992 if ((operand + 1) >= register_count) {
1993 CCerror(context,
1994 "Accessing value from uninitialized register pair %d/%d",
1995 operand, operand+1);
1996 } else {
1997 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)) &&
1998 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0))) {
1999 return;
2000 } else {
2001 CCerror(context, "Register pair %d/%d contains wrong type",
2002 operand, operand+1);
2003 }
2004 }
2005 }
2006}
2007
2008
2009/* Make sure the flags contain legitimate values for this instruction.
2010*/
2011
2012static void
2013check_flags(context_type *context, unsigned int inumber)
2014{
2015 instruction_data_type *idata = context->instruction_data;
2016 instruction_data_type *this_idata = &idata[inumber];
2017 int opcode = this_idata->opcode;
2018 switch (opcode) {
2019 case JVM_OPC_return:
2020 /* We need a constructor, but we aren't guaranteed it's called */
2021 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR) &&
2022 !(this_idata->and_flags & FLAG_CONSTRUCTED))
2023 CCerror(context, "Constructor must call super() or this()");
2024 /* fall through */
2025 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2026 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2027 if (this_idata->or_flags & FLAG_NO_RETURN)
2028 /* This method cannot exit normally */
2029 CCerror(context, "Cannot return normally");
2030 default:
2031 break; /* nothing to do. */
2032 }
2033}
2034
2035/* Make sure that the top of the stack contains reasonable values for the
2036 * given instruction. The post-pop values of the stack and its size are
2037 * returned in *new_stack_info.
2038 */
2039
2040static void
2041pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2042{
2043 instruction_data_type *idata = context->instruction_data;
2044 instruction_data_type *this_idata = &idata[inumber];
2045 int opcode = this_idata->opcode;
2046 stack_item_type *stack = this_idata->stack_info.stack;
2047 int stack_size = this_idata->stack_info.stack_size;
2048 char *stack_operands, *p;
2049 char buffer[257]; /* for holding manufactured argument lists */
2050 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2051 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2052 fullinfo_type full_info; /* only used in case of invoke instructions */
2053 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2054
2055 switch(opcode) {
2056 default:
2057 /* For most instructions, we just use a built-in table */
2058 stack_operands = opcode_in_out[opcode][0];
2059 break;
2060
2061 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2062 /* The top thing on the stack depends on the signature of
2063 * the object. */
2064 int operand = this_idata->operand.i;
2065 const char *signature =
2066 JVM_GetCPFieldSignatureUTF(context->env,
2067 context->class,
2068 operand);
2069 char *ip = buffer;
2070 check_and_push(context, signature, VM_STRING_UTF);
2071#ifdef DEBUG
2072 if (verify_verbose) {
2073 print_formatted_fieldname(context, operand);
2074 }
2075#endif
2076 if (opcode == JVM_OPC_putfield)
2077 *ip++ = 'A'; /* object for putfield */
2078 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2079 *ip = '\0';
2080 stack_operands = buffer;
2081 pop_and_free(context);
2082 break;
2083 }
2084
2085 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2086 case JVM_OPC_invokeinit: /* invokespecial call to <init> */
2087 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2088 /* The top stuff on the stack depends on the method signature */
2089 int operand = this_idata->operand.i;
2090 const char *signature =
2091 JVM_GetCPMethodSignatureUTF(context->env,
2092 context->class,
2093 operand);
2094 char *ip = buffer;
2095 const char *p;
2096 check_and_push(context, signature, VM_STRING_UTF);
2097#ifdef DEBUG
2098 if (verify_verbose) {
2099 print_formatted_methodname(context, operand);
2100 }
2101#endif
2102 if (opcode != JVM_OPC_invokestatic)
2103 /* First, push the object */
2104 *ip++ = (opcode == JVM_OPC_invokeinit ? '@' : 'A');
2105 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2106 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2107 if (ip >= buffer + sizeof(buffer) - 1)
2108 CCerror(context, "Signature %s has too many arguments",
2109 signature);
2110 }
2111 *ip = 0;
2112 stack_operands = buffer;
2113 pop_and_free(context);
2114 break;
2115 }
2116
2117 case JVM_OPC_multianewarray: {
2118 /* Count can't be larger than 255. So can't overflow buffer */
2119 int count = this_idata->operand2.i; /* number of ints on stack */
2120 memset(buffer, 'I', count);
2121 buffer[count] = '\0';
2122 stack_operands = buffer;
2123 break;
2124 }
2125
2126 } /* of switch */
2127
2128 /* Run through the list of operands >>backwards<< */
2129 for ( p = stack_operands + strlen(stack_operands);
2130 p > stack_operands;
2131 stack = stack->next) {
2132 int type = *--p;
2133 fullinfo_type top_type = stack ? stack->item : 0;
2134 int size = (type == 'D' || type == 'L') ? 2 : 1;
2135 *--stack_extra_info = top_type;
2136 if (stack == NULL)
2137 CCerror(context, "Unable to pop operand off an empty stack");
2138
2139 switch (type) {
2140 case 'I':
2141 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2142 CCerror(context, "Expecting to find integer on stack");
2143 break;
2144
2145 case 'F':
2146 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0))
2147 CCerror(context, "Expecting to find float on stack");
2148 break;
2149
2150 case 'A': /* object or array */
2151 if ( (GET_ITEM_TYPE(top_type) != ITEM_Object)
2152 && (GET_INDIRECTION(top_type) == 0)) {
2153 /* The thing isn't an object or an array. Let's see if it's
2154 * one of the special cases */
2155 if ( (WITH_ZERO_EXTRA_INFO(top_type) ==
2156 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0))
2157 && (opcode == JVM_OPC_astore))
2158 break;
2159 if ( (GET_ITEM_TYPE(top_type) == ITEM_NewObject
2160 || (GET_ITEM_TYPE(top_type) == ITEM_InitObject))
2161 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2162 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2163 break;
2164 /* The 2nd edition VM of the specification allows field
2165 * initializations before the superclass initializer,
2166 * if the field is defined within the current class.
2167 */
2168 if ( (GET_ITEM_TYPE(top_type) == ITEM_InitObject)
2169 && (opcode == JVM_OPC_putfield)) {
2170 int operand = this_idata->operand.i;
2171 int access_bits = JVM_GetCPFieldModifiers(context->env,
2172 context->class,
2173 operand,
2174 context->class);
2175 /* Note: This relies on the fact that
2176 * JVM_GetCPFieldModifiers retrieves only local fields,
2177 * and does not respect inheritance.
2178 */
2179 if (access_bits != -1) {
2180 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2181 context->currentclass_info ) {
2182 top_type = context->currentclass_info;
2183 *stack_extra_info = top_type;
2184 break;
2185 }
2186 }
2187 }
2188 CCerror(context, "Expecting to find object/array on stack");
2189 }
2190 break;
2191
2192 case '@': { /* unitialized object, for call to <init> */
2193 int item_type = GET_ITEM_TYPE(top_type);
2194 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2195 CCerror(context,
2196 "Expecting to find unitialized object on stack");
2197 break;
2198 }
2199
2200 case 'O': /* object, not array */
2201 if (WITH_ZERO_EXTRA_INFO(top_type) !=
2202 MAKE_FULLINFO(ITEM_Object, 0, 0))
2203 CCerror(context, "Expecting to find object on stack");
2204 break;
2205
2206 case 'a': /* integer, object, or array */
2207 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0))
2208 && (GET_ITEM_TYPE(top_type) != ITEM_Object)
2209 && (GET_INDIRECTION(top_type) == 0))
2210 CCerror(context,
2211 "Expecting to find object, array, or int on stack");
2212 break;
2213
2214 case 'D': /* double */
2215 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0))
2216 CCerror(context, "Expecting to find double on stack");
2217 break;
2218
2219 case 'L': /* long */
2220 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0))
2221 CCerror(context, "Expecting to find long on stack");
2222 break;
2223
2224 case ']': /* array of some type */
2225 if (top_type == NULL_FULLINFO) {
2226 /* do nothing */
2227 } else switch(p[-1]) {
2228 case 'I': /* array of integers */
2229 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0) &&
2230 top_type != NULL_FULLINFO)
2231 CCerror(context,
2232 "Expecting to find array of ints on stack");
2233 break;
2234
2235 case 'L': /* array of longs */
2236 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0))
2237 CCerror(context,
2238 "Expecting to find array of longs on stack");
2239 break;
2240
2241 case 'F': /* array of floats */
2242 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0))
2243 CCerror(context,
2244 "Expecting to find array of floats on stack");
2245 break;
2246
2247 case 'D': /* array of doubles */
2248 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0))
2249 CCerror(context,
2250 "Expecting to find array of doubles on stack");
2251 break;
2252
2253 case 'A': { /* array of addresses (arrays or objects) */
2254 int indirection = GET_INDIRECTION(top_type);
2255 if ((indirection == 0) ||
2256 ((indirection == 1) &&
2257 (GET_ITEM_TYPE(top_type) != ITEM_Object)))
2258 CCerror(context,
2259 "Expecting to find array of objects or arrays "
2260 "on stack");
2261 break;
2262 }
2263
2264 case 'B': /* array of bytes or booleans */
2265 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2266 top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2267 CCerror(context,
2268 "Expecting to find array of bytes or Booleans on stack");
2269 break;
2270
2271 case 'C': /* array of characters */
2272 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0))
2273 CCerror(context,
2274 "Expecting to find array of chars on stack");
2275 break;
2276
2277 case 'S': /* array of shorts */
2278 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0))
2279 CCerror(context,
2280 "Expecting to find array of shorts on stack");
2281 break;
2282
2283 case '?': /* any type of array is okay */
2284 if (GET_INDIRECTION(top_type) == 0)
2285 CCerror(context,
2286 "Expecting to find array on stack");
2287 break;
2288
2289 default:
2290 CCerror(context, "Internal error #1");
2291 break;
2292 }
2293 p -= 2; /* skip over [ <char> */
2294 break;
2295
2296 case '1': case '2': case '3': case '4': /* stack swapping */
2297 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)
2298 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)) {
2299 if ((p > stack_operands) && (p[-1] == '+')) {
2300 context->swap_table[type - '1'] = top_type + 1;
2301 context->swap_table[p[-2] - '1'] = top_type;
2302 size = 2;
2303 p -= 2;
2304 } else {
2305 CCerror(context,
2306 "Attempt to split long or double on the stack");
2307 }
2308 } else {
2309 context->swap_table[type - '1'] = stack->item;
2310 if ((p > stack_operands) && (p[-1] == '+'))
2311 p--; /* ignore */
2312 }
2313 break;
2314 case '+': /* these should have been caught. */
2315 default:
2316 CCerror(context, "Internal error #2");
2317 }
2318 stack_size -= size;
2319 }
2320
2321 /* For many of the opcodes that had an "A" in their field, we really
2322 * need to go back and do a little bit more accurate testing. We can, of
2323 * course, assume that the minimal type checking has already been done.
2324 */
2325 switch (opcode) {
2326 default: break;
2327 case JVM_OPC_aastore: { /* array index object */
2328 fullinfo_type array_type = stack_extra_info[0];
2329 fullinfo_type object_type = stack_extra_info[2];
2330 fullinfo_type target_type = decrement_indirection(array_type);
2331 if ((GET_ITEM_TYPE(object_type) != ITEM_Object)
2332 && (GET_INDIRECTION(object_type) == 0)) {
2333 CCerror(context, "Expecting reference type on operand stack in aastore");
2334 }
2335 if ((GET_ITEM_TYPE(target_type) != ITEM_Object)
2336 && (GET_INDIRECTION(target_type) == 0)) {
2337 CCerror(context, "Component type of the array must be reference type in aastore");
2338 }
2339 break;
2340 }
2341
2342 case JVM_OPC_putfield:
2343 case JVM_OPC_getfield:
2344 case JVM_OPC_putstatic: {
2345 int operand = this_idata->operand.i;
2346 fullinfo_type stack_object = stack_extra_info[0];
2347 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2348 if (!isAssignableTo
2349 (context,
2350 stack_object,
2351 cp_index_to_class_fullinfo
2352 (context, operand, JVM_CONSTANT_Fieldref))) {
2353 CCerror(context,
2354 "Incompatible type for getting or setting field");
2355 }
2356 if (this_idata->protected &&
2357 !isAssignableTo(context, stack_object,
2358 context->currentclass_info)) {
2359 CCerror(context, "Bad access to protected data");
2360 }
2361 }
2362 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2363 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2364 if (!isAssignableTo(context,
2365 stack_extra_info[item], put_full_info)) {
2366 CCerror(context, "Bad type in putfield/putstatic");
2367 }
2368 }
2369 break;
2370 }
2371
2372 case JVM_OPC_athrow:
2373 if (!isAssignableTo(context, stack_extra_info[0],
2374 context->throwable_info)) {
2375 CCerror(context, "Can only throw Throwable objects");
2376 }
2377 break;
2378
2379 case JVM_OPC_aaload: { /* array index */
2380 /* We need to pass the information to the stack updater */
2381 fullinfo_type array_type = stack_extra_info[0];
2382 context->swap_table[0] = decrement_indirection(array_type);
2383 break;
2384 }
2385
2386 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2387 case JVM_OPC_invokeinit:
2388 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2389 int operand = this_idata->operand.i;
2390 const char *signature =
2391 JVM_GetCPMethodSignatureUTF(context->env,
2392 context->class,
2393 operand);
2394 int item;
2395 const char *p;
2396 check_and_push(context, signature, VM_STRING_UTF);
2397 if (opcode == JVM_OPC_invokestatic) {
2398 item = 0;
2399 } else if (opcode == JVM_OPC_invokeinit) {
2400 fullinfo_type init_type = this_idata->operand2.fi;
2401 fullinfo_type object_type = stack_extra_info[0];
2402 context->swap_table[0] = object_type; /* save value */
2403 if (GET_ITEM_TYPE(stack_extra_info[0]) == ITEM_NewObject) {
2404 /* We better be calling the appropriate init. Find the
2405 * inumber of the "JVM_OPC_new" instruction", and figure
2406 * out what the type really is.
2407 */
2408 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0]);
2409 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2410 context->swap_table[1] = target_type;
2411
2412 if (target_type != init_type) {
2413 CCerror(context, "Call to wrong initialization method");
2414 }
2415 if (this_idata->protected
2416 && !isAssignableTo(context, object_type,
2417 context->currentclass_info)) {
2418 CCerror(context, "Bad access to protected data");
2419 }
2420 } else {
2421 /* We better be calling super() or this(). */
2422 if (init_type != context->superclass_info &&
2423 init_type != context->currentclass_info) {
2424 CCerror(context, "Call to wrong initialization method");
2425 }
2426 context->swap_table[1] = context->currentclass_info;
2427 }
2428 item = 1;
2429 } else {
2430 fullinfo_type target_type = this_idata->operand2.fi;
2431 fullinfo_type object_type = stack_extra_info[0];
2432 if (!isAssignableTo(context, object_type, target_type)){
2433 CCerror(context,
2434 "Incompatible object argument for function call");
2435 }
2436 if (opcode == JVM_OPC_invokespecial
2437 && !isAssignableTo(context, object_type,
2438 context->currentclass_info)) {
2439 /* Make sure object argument is assignment compatible to current class */
2440 CCerror(context,
2441 "Incompatible object argument for invokespecial");
2442 }
2443 if (this_idata->protected
2444 && !isAssignableTo(context, object_type,
2445 context->currentclass_info)) {
2446 /* This is ugly. Special dispensation. Arrays pretend to
2447 implement public Object clone() even though they don't */
2448 const char *utfName =
2449 JVM_GetCPMethodNameUTF(context->env,
2450 context->class,
2451 this_idata->operand.i);
2452 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2453 JVM_ReleaseUTF(utfName);
2454
2455 if ((target_type == context->object_info) &&
2456 (GET_INDIRECTION(object_type) > 0) &&
2457 is_clone) {
2458 } else {
2459 CCerror(context, "Bad access to protected data");
2460 }
2461 }
2462 item = 1;
2463 }
2464 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2465 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2466 if (!isAssignableTo(context,
2467 stack_extra_info[item], full_info)) {
2468 CCerror(context, "Incompatible argument to function");
2469 }
2470 }
2471
2472 pop_and_free(context);
2473 break;
2474 }
2475
2476 case JVM_OPC_return:
2477 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0))
2478 CCerror(context, "Wrong return type in function");
2479 break;
2480
2481 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2482 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2483 fullinfo_type target_type = context->return_type;
2484 fullinfo_type object_type = stack_extra_info[0];
2485 if (!isAssignableTo(context, object_type, target_type)) {
2486 CCerror(context, "Wrong return type in function");
2487 }
2488 break;
2489 }
2490
2491 case JVM_OPC_new: {
2492 /* Make sure that nothing on the stack already looks like what
2493 * we want to create. I can't image how this could possibly happen
2494 * but we should test for it anyway, since if it could happen, the
2495 * result would be an unitialized object being able to masquerade
2496 * as an initialized one.
2497 */
2498 stack_item_type *item;
2499 for (item = stack; item != NULL; item = item->next) {
2500 if (item->item == this_idata->operand.fi) {
2501 CCerror(context,
2502 "Uninitialized object on stack at creating point");
2503 }
2504 }
2505 /* Info for update_registers */
2506 context->swap_table[0] = this_idata->operand.fi;
2507 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2508
2509 break;
2510 }
2511 }
2512 new_stack_info->stack = stack;
2513 new_stack_info->stack_size = stack_size;
2514}
2515
2516
2517/* We've already determined that the instruction is legal. Perform the
2518 * operation on the registers, and return the updated results in
2519 * new_register_count_p and new_registers.
2520 */
2521
2522static void
2523update_registers(context_type *context, unsigned int inumber,
2524 register_info_type *new_register_info)
2525{
2526 instruction_data_type *idata = context->instruction_data;
2527 instruction_data_type *this_idata = &idata[inumber];
2528 int opcode = this_idata->opcode;
2529 int operand = this_idata->operand.i;
2530 int register_count = this_idata->register_info.register_count;
2531 fullinfo_type *registers = this_idata->register_info.registers;
2532 stack_item_type *stack = this_idata->stack_info.stack;
2533 int mask_count = this_idata->register_info.mask_count;
2534 mask_type *masks = this_idata->register_info.masks;
2535
2536 /* Use these as default new values. */
2537 int new_register_count = register_count;
2538 int new_mask_count = mask_count;
2539 fullinfo_type *new_registers = registers;
2540 mask_type *new_masks = masks;
2541
2542 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2543 int i;
2544
2545 /* Remember, we've already verified the type at the top of the stack. */
2546 switch (opcode) {
2547 default: break;
2548 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2549 access = ACCESS_SINGLE;
2550 goto continue_store;
2551
2552 case JVM_OPC_lstore: case JVM_OPC_dstore:
2553 access = ACCESS_DOUBLE;
2554 goto continue_store;
2555
2556 continue_store: {
2557 /* We have a modification to the registers. Copy them if needed. */
2558 fullinfo_type stack_top_type = stack->item;
2559 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2560
2561 if ( max_operand < register_count
2562 && registers[operand] == stack_top_type
2563 && ((access == ACCESS_SINGLE) ||
2564 (registers[operand + 1]== stack_top_type + 1)))
2565 /* No changes have been made to the registers. */
2566 break;
2567 new_register_count = MAX(max_operand + 1, register_count);
2568 new_registers = NEW(fullinfo_type, new_register_count);
2569 for (i = 0; i < register_count; i++)
2570 new_registers[i] = registers[i];
2571 for (i = register_count; i < new_register_count; i++)
2572 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
2573 new_registers[operand] = stack_top_type;
2574 if (access == ACCESS_DOUBLE)
2575 new_registers[operand + 1] = stack_top_type + 1;
2576 break;
2577 }
2578
2579 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2580 case JVM_OPC_iinc: case JVM_OPC_ret:
2581 access = ACCESS_SINGLE;
2582 break;
2583
2584 case JVM_OPC_lload: case JVM_OPC_dload:
2585 access = ACCESS_DOUBLE;
2586 break;
2587
2588 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2589 for (i = 0; i < new_mask_count; i++)
2590 if (new_masks[i].entry == operand)
2591 CCerror(context, "Recursive call to jsr entry");
2592 new_masks = add_to_masks(context, masks, mask_count, operand);
2593 new_mask_count++;
2594 break;
2595
2596 case JVM_OPC_invokeinit:
2597 case JVM_OPC_new: {
2598 /* For invokeinit, an uninitialized object has been initialized.
2599 * For new, all previous occurrences of an uninitialized object
2600 * from the same instruction must be made bogus.
2601 * We find all occurrences of swap_table[0] in the registers, and
2602 * replace them with swap_table[1];
2603 */
2604 fullinfo_type from = context->swap_table[0];
2605 fullinfo_type to = context->swap_table[1];
2606
2607 int i;
2608 for (i = 0; i < register_count; i++) {
2609 if (new_registers[i] == from) {
2610 /* Found a match */
2611 break;
2612 }
2613 }
2614 if (i < register_count) { /* We broke out loop for match */
2615 /* We have to change registers, and possibly a mask */
2616 jboolean copied_mask = JNI_FALSE;
2617 int k;
2618 new_registers = NEW(fullinfo_type, register_count);
2619 memcpy(new_registers, registers,
2620 register_count * sizeof(registers[0]));
2621 for ( ; i < register_count; i++) {
2622 if (new_registers[i] == from) {
2623 new_registers[i] = to;
2624 for (k = 0; k < new_mask_count; k++) {
2625 if (!IS_BIT_SET(new_masks[k].modifies, i)) {
2626 if (!copied_mask) {
2627 new_masks = copy_masks(context, new_masks,
2628 mask_count);
2629 copied_mask = JNI_TRUE;
2630 }
2631 SET_BIT(new_masks[k].modifies, i);
2632 }
2633 }
2634 }
2635 }
2636 }
2637 break;
2638 }
2639 } /* of switch */
2640
2641 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2642 int i, j;
2643 for (i = 0; i < new_mask_count; i++) {
2644 int *mask = new_masks[i].modifies;
2645 if ((!IS_BIT_SET(mask, operand)) ||
2646 ((access == ACCESS_DOUBLE) &&
2647 !IS_BIT_SET(mask, operand + 1))) {
2648 new_masks = copy_masks(context, new_masks, mask_count);
2649 for (j = i; j < new_mask_count; j++) {
2650 SET_BIT(new_masks[j].modifies, operand);
2651 if (access == ACCESS_DOUBLE)
2652 SET_BIT(new_masks[j].modifies, operand + 1);
2653 }
2654 break;
2655 }
2656 }
2657 }
2658
2659 new_register_info->register_count = new_register_count;
2660 new_register_info->registers = new_registers;
2661 new_register_info->masks = new_masks;
2662 new_register_info->mask_count = new_mask_count;
2663}
2664
2665
2666
2667/* We've already determined that the instruction is legal, and have updated
2668 * the registers. Update the flags, too.
2669 */
2670
2671
2672static void
2673update_flags(context_type *context, unsigned int inumber,
2674 flag_type *new_and_flags, flag_type *new_or_flags)
2675
2676{
2677 instruction_data_type *idata = context->instruction_data;
2678 instruction_data_type *this_idata = &idata[inumber];
2679 flag_type and_flags = this_idata->and_flags;
2680 flag_type or_flags = this_idata->or_flags;
2681
2682 /* Set the "we've done a constructor" flag */
2683 if (this_idata->opcode == JVM_OPC_invokeinit) {
2684 fullinfo_type from = context->swap_table[0];
2685 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
2686 and_flags |= FLAG_CONSTRUCTED;
2687 }
2688 *new_and_flags = and_flags;
2689 *new_or_flags = or_flags;
2690}
2691
2692
2693
2694/* We've already determined that the instruction is legal. Perform the
2695 * operation on the stack;
2696 *
2697 * new_stack_size_p and new_stack_p point to the results after the pops have
2698 * already been done. Do the pushes, and then put the results back there.
2699 */
2700
2701static void
2702push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2703{
2704 instruction_data_type *idata = context->instruction_data;
2705 instruction_data_type *this_idata = &idata[inumber];
2706 int opcode = this_idata->opcode;
2707 int operand = this_idata->operand.i;
2708
2709 int stack_size = new_stack_info->stack_size;
2710 stack_item_type *stack = new_stack_info->stack;
2711 char *stack_results;
2712
2713 fullinfo_type full_info = 0;
2714 char buffer[5], *p; /* actually [2] is big enough */
2715
2716 /* We need to look at all those opcodes in which either we can't tell the
2717 * value pushed onto the stack from the opcode, or in which the value
2718 * pushed onto the stack is an object or array. For the latter, we need
2719 * to make sure that full_info is set to the right value.
2720 */
2721 switch(opcode) {
2722 default:
2723 stack_results = opcode_in_out[opcode][1];
2724 break;
2725
2726 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2727 /* Look to constant pool to determine correct result. */
2728 unsigned char *type_table = context->constant_types;
2729 switch (type_table[operand]) {
2730 case JVM_CONSTANT_Integer:
2731 stack_results = "I"; break;
2732 case JVM_CONSTANT_Float:
2733 stack_results = "F"; break;
2734 case JVM_CONSTANT_Double:
2735 stack_results = "D"; break;
2736 case JVM_CONSTANT_Long:
2737 stack_results = "L"; break;
2738 case JVM_CONSTANT_String:
2739 stack_results = "A";
2740 full_info = context->string_info;
2741 break;
2742 case JVM_CONSTANT_Class:
2743 if (context->major_version < LDC_CLASS_MAJOR_VERSION)
2744 CCerror(context, "Internal error #3");
2745 stack_results = "A";
2746 full_info = make_class_info_from_name(context,
2747 "java/lang/Class");
2748 break;
2749 case JVM_CONSTANT_MethodHandle:
2750 case JVM_CONSTANT_MethodType:
2751 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION)
2752 CCerror(context, "Internal error #3");
2753 stack_results = "A";
2754 switch (type_table[operand]) {
2755 case JVM_CONSTANT_MethodType:
2756 full_info = make_class_info_from_name(context,
2757 "java/lang/invoke/MethodType");
2758 break;
2759 default: //JVM_CONSTANT_MethodHandle
2760 full_info = make_class_info_from_name(context,
2761 "java/lang/invoke/MethodHandle");
2762 break;
2763 }
2764 break;
2765 default:
2766 CCerror(context, "Internal error #3");
2767 stack_results = ""; /* Never reached: keep lint happy */
2768 }
2769 break;
2770 }
2771
2772 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2773 /* Look to signature to determine correct result. */
2774 int operand = this_idata->operand.i;
2775 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2776 context->class,
2777 operand);
2778 check_and_push(context, signature, VM_STRING_UTF);
2779#ifdef DEBUG
2780 if (verify_verbose) {
2781 print_formatted_fieldname(context, operand);
2782 }
2783#endif
2784 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2785 buffer[1] = '\0';
2786 stack_results = buffer;
2787 pop_and_free(context);
2788 break;
2789 }
2790
2791 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2792 case JVM_OPC_invokeinit:
2793 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2794 /* Look to signature to determine correct result. */
2795 int operand = this_idata->operand.i;
2796 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2797 context->class,
2798 operand);
2799 const char *result_signature;
2800 check_and_push(context, signature, VM_STRING_UTF);
2801 result_signature = get_result_signature(signature);
2802 if (result_signature++ == NULL) {
2803 CCerror(context, "Illegal signature %s", signature);
2804 }
2805 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2806 stack_results = "";
2807 } else {
2808 buffer[0] = signature_to_fieldtype(context, &result_signature,
2809 &full_info);
2810 buffer[1] = '\0';
2811 stack_results = buffer;
2812 }
2813 pop_and_free(context);
2814 break;
2815 }
2816
2817 case JVM_OPC_aconst_null:
2818 stack_results = opcode_in_out[opcode][1];
2819 full_info = NULL_FULLINFO; /* special NULL */
2820 break;
2821
2822 case JVM_OPC_new:
2823 case JVM_OPC_checkcast:
2824 case JVM_OPC_newarray:
2825 case JVM_OPC_anewarray:
2826 case JVM_OPC_multianewarray:
2827 stack_results = opcode_in_out[opcode][1];
2828 /* Conveniently, this result type is stored here */
2829 full_info = this_idata->operand.fi;
2830 break;
2831
2832 case JVM_OPC_aaload:
2833 stack_results = opcode_in_out[opcode][1];
2834 /* pop_stack() saved value for us. */
2835 full_info = context->swap_table[0];
2836 break;
2837
2838 case JVM_OPC_aload:
2839 stack_results = opcode_in_out[opcode][1];
2840 /* The register hasn't been modified, so we can use its value. */
2841 full_info = this_idata->register_info.registers[operand];
2842 break;
2843 } /* of switch */
2844
2845 for (p = stack_results; *p != 0; p++) {
2846 int type = *p;
2847 stack_item_type *new_item = NEW(stack_item_type, 1);
2848 new_item->next = stack;
2849 stack = new_item;
2850 switch (type) {
2851 case 'I':
2852 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0); break;
2853 case 'F':
2854 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0); break;
2855 case 'D':
2856 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0);
2857 stack_size++; break;
2858 case 'L':
2859 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0);
2860 stack_size++; break;
2861 case 'R':
2862 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand);
2863 break;
2864 case '1': case '2': case '3': case '4': {
2865 /* Get the info saved in the swap_table */
2866 fullinfo_type stype = context->swap_table[type - '1'];
2867 stack->item = stype;
2868 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0) ||
2869 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)) {
2870 stack_size++; p++;
2871 }
2872 break;
2873 }
2874 case 'A':
2875 /* full_info should have the appropriate value. */
2876 assert(full_info != 0);
2877 stack->item = full_info;
2878 break;
2879 default:
2880 CCerror(context, "Internal error #4");
2881
2882 } /* switch type */
2883 stack_size++;
2884 } /* outer for loop */
2885
2886 if (opcode == JVM_OPC_invokeinit) {
2887 /* If there are any instances of "from" on the stack, we need to
2888 * replace it with "to", since calling <init> initializes all versions
2889 * of the object, obviously. */
2890 fullinfo_type from = context->swap_table[0];
2891 stack_item_type *ptr;
2892 for (ptr = stack; ptr != NULL; ptr = ptr->next) {
2893 if (ptr->item == from) {
2894 fullinfo_type to = context->swap_table[1];
2895 stack = copy_stack(context, stack);
2896 for (ptr = stack; ptr != NULL; ptr = ptr->next)
2897 if (ptr->item == from) ptr->item = to;
2898 break;
2899 }
2900 }
2901 }
2902
2903 new_stack_info->stack_size = stack_size;
2904 new_stack_info->stack = stack;
2905}
2906
2907
2908/* We've performed an instruction, and determined the new registers and stack
2909 * value. Look at all of the possibly subsequent instructions, and merge
2910 * this stack value into theirs.
2911 */
2912
2913static void
2914merge_into_successors(context_type *context, unsigned int inumber,
2915 register_info_type *register_info,
2916 stack_info_type *stack_info,
2917 flag_type and_flags, flag_type or_flags)
2918{
2919 instruction_data_type *idata = context->instruction_data;
2920 instruction_data_type *this_idata = &idata[inumber];
2921 int opcode = this_idata->opcode;
2922 int operand = this_idata->operand.i;
2923 struct handler_info_type *handler_info = context->handler_info;
2924 int handler_info_length =
2925 JVM_GetMethodIxExceptionTableLength(context->env,
2926 context->class,
2927 context->method_index);
2928
2929
2930 int buffer[2]; /* default value for successors */
2931 int *successors = buffer; /* table of successors */
2932 int successors_count;
2933 int i;
2934
2935 switch (opcode) {
2936 default:
2937 successors_count = 1;
2938 buffer[0] = inumber + 1;
2939 break;
2940
2941 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2942 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2943 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2944 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2945 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2946 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2947 successors_count = 2;
2948 buffer[0] = inumber + 1;
2949 buffer[1] = operand;
2950 break;
2951
2952 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2953 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
2954 idata[this_idata->operand2.i].changed = JNI_TRUE;
2955 /* FALLTHROUGH */
2956 case JVM_OPC_goto: case JVM_OPC_goto_w:
2957 successors_count = 1;
2958 buffer[0] = operand;
2959 break;
2960
2961
2962 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2963 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2964 case JVM_OPC_athrow:
2965 /* The testing for the returns is handled in pop_stack() */
2966 successors_count = 0;
2967 break;
2968
2969 case JVM_OPC_ret: {
2970 /* This is slightly slow, but good enough for a seldom used instruction.
2971 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2972 * address of the first instruction of the subroutine. We can return
2973 * to 1 after any instruction that jsr's to that instruction.
2974 */
2975 if (this_idata->operand2.ip == NULL) {
2976 fullinfo_type *registers = this_idata->register_info.registers;
2977 int called_instruction = GET_EXTRA_INFO(registers[operand]);
2978 int i, count, *ptr;;
2979 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2980 if (((idata[i].opcode == JVM_OPC_jsr) ||
2981 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2982 (idata[i].operand.i == called_instruction))
2983 count++;
2984 }
2985 this_idata->operand2.ip = ptr = NEW(int, count + 1);
2986 *ptr++ = count;
2987 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2988 if (((idata[i].opcode == JVM_OPC_jsr) ||
2989 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2990 (idata[i].operand.i == called_instruction))
2991 *ptr++ = i + 1;
2992 }
2993 }
2994 successors = this_idata->operand2.ip; /* use this instead */
2995 successors_count = *successors++;
2996 break;
2997
2998 }
2999
3000 case JVM_OPC_tableswitch:
3001 case JVM_OPC_lookupswitch:
3002 successors = this_idata->operand.ip; /* use this instead */
3003 successors_count = *successors++;
3004 break;
3005 }
3006
3007#ifdef DEBUG
3008 if (verify_verbose) {
3009 jio_fprintf(stdout, " [");
3010 for (i = handler_info_length; --i >= 0; handler_info++)
3011 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
3012 jio_fprintf(stdout, "%d* ", handler_info->handler);
3013 for (i = 0; i < successors_count; i++)
3014 jio_fprintf(stdout, "%d ", successors[i]);
3015 jio_fprintf(stdout, "]\n");
3016 }
3017#endif
3018
3019 handler_info = context->handler_info;
3020 for (i = handler_info_length; --i >= 0; handler_info++) {
3021 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3022 int handler = handler_info->handler;
3023 if (opcode != JVM_OPC_invokeinit) {
3024 merge_into_one_successor(context, inumber, handler,
3025 &this_idata->register_info, /* old */
3026 &handler_info->stack_info,
3027 (flag_type) (and_flags
3028 & this_idata->and_flags),
3029 (flag_type) (or_flags
3030 | this_idata->or_flags),
3031 JNI_TRUE);
3032 } else {
3033 /* We need to be a little bit more careful with this
3034 * instruction. Things could either be in the state before
3035 * the instruction or in the state afterwards */
3036 fullinfo_type from = context->swap_table[0];
3037 flag_type temp_or_flags = or_flags;
3038 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0))
3039 temp_or_flags |= FLAG_NO_RETURN;
3040 merge_into_one_successor(context, inumber, handler,
3041 &this_idata->register_info, /* old */
3042 &handler_info->stack_info,
3043 this_idata->and_flags,
3044 this_idata->or_flags,
3045 JNI_TRUE);
3046 merge_into_one_successor(context, inumber, handler,
3047 register_info,
3048 &handler_info->stack_info,
3049 and_flags, temp_or_flags, JNI_TRUE);
3050 }
3051 }
3052 }
3053 for (i = 0; i < successors_count; i++) {
3054 int target = successors[i];
3055 if (target >= context->instruction_count)
3056 CCerror(context, "Falling off the end of the code");
3057 merge_into_one_successor(context, inumber, target,
3058 register_info, stack_info, and_flags, or_flags,
3059 JNI_FALSE);
3060 }
3061}
3062
3063/* We have a new set of registers and stack values for a given instruction.
3064 * Merge this new set into the values that are already there.
3065 */
3066
3067static void
3068merge_into_one_successor(context_type *context,
3069 unsigned int from_inumber, unsigned int to_inumber,
3070 register_info_type *new_register_info,
3071 stack_info_type *new_stack_info,
3072 flag_type new_and_flags, flag_type new_or_flags,
3073 jboolean isException)
3074{
3075 instruction_data_type *idata = context->instruction_data;
3076 register_info_type register_info_buf;
3077 stack_info_type stack_info_buf;
3078#ifdef DEBUG
3079 instruction_data_type *this_idata = &idata[to_inumber];
3080 register_info_type old_reg_info;
3081 stack_info_type old_stack_info;
3082 flag_type old_and_flags = 0;
3083 flag_type old_or_flags = 0;
3084#endif
3085
3086#ifdef DEBUG
3087 if (verify_verbose) {
3088 old_reg_info = this_idata->register_info;
3089 old_stack_info = this_idata->stack_info;
3090 old_and_flags = this_idata->and_flags;
3091 old_or_flags = this_idata->or_flags;
3092 }
3093#endif
3094
3095 /* All uninitialized objects are set to "bogus" when jsr and
3096 * ret are executed. Thus uninitialized objects can't propagate
3097 * into or out of a subroutine.
3098 */
3099 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3100 idata[from_inumber].opcode == JVM_OPC_jsr ||
3101 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3102 int new_register_count = new_register_info->register_count;
3103 fullinfo_type *new_registers = new_register_info->registers;
3104 int i;
3105 stack_item_type *item;
3106
3107 for (item = new_stack_info->stack; item != NULL; item = item->next) {
3108 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3109 /* This check only succeeds for hand-contrived code.
3110 * Efficiency is not an issue.
3111 */
3112 stack_info_buf.stack = copy_stack(context,
3113 new_stack_info->stack);
3114 stack_info_buf.stack_size = new_stack_info->stack_size;
3115 new_stack_info = &stack_info_buf;
3116 for (item = new_stack_info->stack; item != NULL;
3117 item = item->next) {
3118 if (GET_ITEM_TYPE(item->item) == ITEM_NewObject) {
3119 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3120 }
3121 }
3122 break;
3123 }
3124 }
3125 for (i = 0; i < new_register_count; i++) {
3126 if (GET_ITEM_TYPE(new_registers[i]) == ITEM_NewObject) {
3127 /* This check only succeeds for hand-contrived code.
3128 * Efficiency is not an issue.
3129 */
3130 fullinfo_type *new_set = NEW(fullinfo_type,
3131 new_register_count);
3132 for (i = 0; i < new_register_count; i++) {
3133 fullinfo_type t = new_registers[i];
3134 new_set[i] = GET_ITEM_TYPE(t) != ITEM_NewObject ?
3135 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3136 }
3137 register_info_buf.register_count = new_register_count;
3138 register_info_buf.registers = new_set;
3139 register_info_buf.mask_count = new_register_info->mask_count;
3140 register_info_buf.masks = new_register_info->masks;
3141 new_register_info = &register_info_buf;
3142 break;
3143 }
3144 }
3145 }
3146
3147 /* Returning from a subroutine is somewhat ugly. The actual thing
3148 * that needs to get merged into the new instruction is a joining
3149 * of info from the ret instruction with stuff in the jsr instruction
3150 */
3151 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3152 int new_register_count = new_register_info->register_count;
3153 fullinfo_type *new_registers = new_register_info->registers;
3154 int new_mask_count = new_register_info->mask_count;
3155 mask_type *new_masks = new_register_info->masks;
3156 int operand = idata[from_inumber].operand.i;
3157 int called_instruction = GET_EXTRA_INFO(new_registers[operand]);
3158 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3159 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3160 if (jsr_idata->operand2.i != (int)from_inumber) {
3161 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION)
3162 CCerror(context, "Multiple returns to single jsr");
3163 jsr_idata->operand2.i = from_inumber;
3164 }
3165 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3166 /* We don't want to handle the returned-to instruction until
3167 * we've dealt with the jsr instruction. When we get to the
3168 * jsr instruction (if ever), we'll re-mark the ret instruction
3169 */
3170 ;
3171 } else {
3172 int register_count = jsr_reginfo->register_count;
3173 fullinfo_type *registers = jsr_reginfo->registers;
3174 int max_registers = MAX(register_count, new_register_count);
3175 fullinfo_type *new_set = NEW(fullinfo_type, max_registers);
3176 int *return_mask;
3177 struct register_info_type new_new_register_info;
3178 int i;
3179 /* Make sure the place we're returning from is legal! */
3180 for (i = new_mask_count; --i >= 0; )
3181 if (new_masks[i].entry == called_instruction)
3182 break;
3183 if (i < 0)
3184 CCerror(context, "Illegal return from subroutine");
3185 /* pop the masks down to the indicated one. Remember the mask
3186 * we're popping off. */
3187 return_mask = new_masks[i].modifies;
3188 new_mask_count = i;
3189 for (i = 0; i < max_registers; i++) {
3190 if (IS_BIT_SET(return_mask, i))
3191 new_set[i] = i < new_register_count ?
3192 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3193 else
3194 new_set[i] = i < register_count ?
3195 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3196 }
3197 new_new_register_info.register_count = max_registers;
3198 new_new_register_info.registers = new_set;
3199 new_new_register_info.mask_count = new_mask_count;
3200 new_new_register_info.masks = new_masks;
3201
3202
3203 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3204 merge_registers(context, to_inumber - 1, to_inumber,
3205 &new_new_register_info);
3206 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3207 }
3208 } else {
3209 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3210 merge_registers(context, from_inumber, to_inumber, new_register_info);
3211 merge_flags(context, from_inumber, to_inumber,
3212 new_and_flags, new_or_flags);
3213 }
3214
3215#ifdef DEBUG
3216 if (verify_verbose && idata[to_inumber].changed) {
3217 register_info_type *register_info = &this_idata->register_info;
3218 stack_info_type *stack_info = &this_idata->stack_info;
3219 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3220 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3221 (old_and_flags != this_idata->and_flags) ||
3222 (old_or_flags != this_idata->or_flags)) {
3223 jio_fprintf(stdout, " %2d:", to_inumber);
3224 print_stack(context, &old_stack_info);
3225 print_registers(context, &old_reg_info);
3226 print_flags(context, old_and_flags, old_or_flags);
3227 jio_fprintf(stdout, " => ");
3228 print_stack(context, &this_idata->stack_info);
3229 print_registers(context, &this_idata->register_info);
3230 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3231 jio_fprintf(stdout, "\n");
3232 }
3233 }
3234#endif
3235
3236}
3237
3238static void
3239merge_stack(context_type *context, unsigned int from_inumber,
3240 unsigned int to_inumber, stack_info_type *new_stack_info)
3241{
3242 instruction_data_type *idata = context->instruction_data;
3243 instruction_data_type *this_idata = &idata[to_inumber];
3244
3245 int new_stack_size = new_stack_info->stack_size;
3246 stack_item_type *new_stack = new_stack_info->stack;
3247
3248 int stack_size = this_idata->stack_info.stack_size;
3249
3250 if (stack_size == UNKNOWN_STACK_SIZE) {
3251 /* First time at this instruction. Just copy. */
3252 this_idata->stack_info.stack_size = new_stack_size;
3253 this_idata->stack_info.stack = new_stack;
3254 this_idata->changed = JNI_TRUE;
3255 } else if (new_stack_size != stack_size) {
3256 CCerror(context, "Inconsistent stack height %d != %d",
3257 new_stack_size, stack_size);
3258 } else {
3259 stack_item_type *stack = this_idata->stack_info.stack;
3260 stack_item_type *old, *new;
3261 jboolean change = JNI_FALSE;
3262 for (old = stack, new = new_stack; old != NULL;
3263 old = old->next, new = new->next) {
3264 if (!isAssignableTo(context, new->item, old->item)) {
3265 change = JNI_TRUE;
3266 break;
3267 }
3268 }
3269 if (change) {
3270 stack = copy_stack(context, stack);
3271 for (old = stack, new = new_stack; old != NULL;
3272 old = old->next, new = new->next) {
3273 if (new == NULL) {
3274 break;
3275 }
3276 old->item = merge_fullinfo_types(context, old->item, new->item,
3277 JNI_FALSE);
3278 if (GET_ITEM_TYPE(old->item) == ITEM_Bogus) {
3279 CCerror(context, "Mismatched stack types");
3280 }
3281 }
3282 if (old != NULL || new != NULL) {
3283 CCerror(context, "Mismatched stack types");
3284 }
3285 this_idata->stack_info.stack = stack;
3286 this_idata->changed = JNI_TRUE;
3287 }
3288 }
3289}
3290
3291static void
3292merge_registers(context_type *context, unsigned int from_inumber,
3293 unsigned int to_inumber, register_info_type *new_register_info)
3294{
3295 instruction_data_type *idata = context->instruction_data;
3296 instruction_data_type *this_idata = &idata[to_inumber];
3297 register_info_type *this_reginfo = &this_idata->register_info;
3298
3299 int new_register_count = new_register_info->register_count;
3300 fullinfo_type *new_registers = new_register_info->registers;
3301 int new_mask_count = new_register_info->mask_count;
3302 mask_type *new_masks = new_register_info->masks;
3303
3304
3305 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT) {
3306 this_reginfo->register_count = new_register_count;
3307 this_reginfo->registers = new_registers;
3308 this_reginfo->mask_count = new_mask_count;
3309 this_reginfo->masks = new_masks;
3310 this_idata->changed = JNI_TRUE;
3311 } else {
3312 /* See if we've got new information on the register set. */
3313 int register_count = this_reginfo->register_count;
3314 fullinfo_type *registers = this_reginfo->registers;
3315 int mask_count = this_reginfo->mask_count;
3316 mask_type *masks = this_reginfo->masks;
3317
3318 jboolean copy = JNI_FALSE;
3319 int i, j;
3320 if (register_count > new_register_count) {
3321 /* Any register larger than new_register_count is now bogus */
3322 this_reginfo->register_count = new_register_count;
3323 register_count = new_register_count;
3324 this_idata->changed = JNI_TRUE;
3325 }
3326 for (i = 0; i < register_count; i++) {
3327 fullinfo_type prev_value = registers[i];
3328 if ((i < new_register_count)
3329 ? (!isAssignableTo(context, new_registers[i], prev_value))
3330 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0))) {
3331 copy = JNI_TRUE;
3332 break;
3333 }
3334 }
3335
3336 if (copy) {
3337 /* We need a copy. So do it. */
3338 fullinfo_type *new_set = NEW(fullinfo_type, register_count);
3339 for (j = 0; j < i; j++)
3340 new_set[j] = registers[j];
3341 for (j = i; j < register_count; j++) {
3342 if (i >= new_register_count)
3343 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3344 else
3345 new_set[j] = merge_fullinfo_types(context,
3346 new_registers[j],
3347 registers[j], JNI_FALSE);
3348 }
3349 /* Some of the end items might now be bogus. This step isn't
3350 * necessary, but it may save work later. */
3351 while ( register_count > 0
3352 && GET_ITEM_TYPE(new_set[register_count-1]) == ITEM_Bogus)
3353 register_count--;
3354 this_reginfo->register_count = register_count;
3355 this_reginfo->registers = new_set;
3356 this_idata->changed = JNI_TRUE;
3357 }
3358 if (mask_count > 0) {
3359 /* If the target instruction already has a sequence of masks, then
3360 * we need to merge new_masks into it. We want the entries on
3361 * the mask to be the longest common substring of the two.
3362 * (e.g. a->b->d merged with a->c->d should give a->d)
3363 * The bits set in the mask should be the or of the corresponding
3364 * entries in each of the original masks.
3365 */
3366 int i, j, k;
3367 int matches = 0;
3368 int last_match = -1;
3369 jboolean copy_needed = JNI_FALSE;
3370 for (i = 0; i < mask_count; i++) {
3371 int entry = masks[i].entry;
3372 for (j = last_match + 1; j < new_mask_count; j++) {
3373 if (new_masks[j].entry == entry) {
3374 /* We have a match */
3375 int *prev = masks[i].modifies;
3376 int *new = new_masks[j].modifies;
3377 matches++;
3378 /* See if new_mask has bits set for "entry" that
3379 * weren't set for mask. If so, need to copy. */
3380 for (k = context->bitmask_size - 1;
3381 !copy_needed && k >= 0;
3382 k--)
3383 if (~prev[k] & new[k])
3384 copy_needed = JNI_TRUE;
3385 last_match = j;
3386 break;
3387 }
3388 }
3389 }
3390 if ((matches < mask_count) || copy_needed) {
3391 /* We need to make a copy for the new item, since either the
3392 * size has decreased, or new bits are set. */
3393 mask_type *copy = NEW(mask_type, matches);
3394 for (i = 0; i < matches; i++) {
3395 copy[i].modifies = NEW(int, context->bitmask_size);
3396 }
3397 this_reginfo->masks = copy;
3398 this_reginfo->mask_count = matches;
3399 this_idata->changed = JNI_TRUE;
3400 matches = 0;
3401 last_match = -1;
3402 for (i = 0; i < mask_count; i++) {
3403 int entry = masks[i].entry;
3404 for (j = last_match + 1; j < new_mask_count; j++) {
3405 if (new_masks[j].entry == entry) {
3406 int *prev1 = masks[i].modifies;
3407 int *prev2 = new_masks[j].modifies;
3408 int *new = copy[matches].modifies;
3409 copy[matches].entry = entry;
3410 for (k = context->bitmask_size - 1; k >= 0; k--)
3411 new[k] = prev1[k] | prev2[k];
3412 matches++;
3413 last_match = j;
3414 break;
3415 }
3416 }
3417 }
3418 }
3419 }
3420 }
3421}
3422
3423
3424static void
3425merge_flags(context_type *context, unsigned int from_inumber,
3426 unsigned int to_inumber,
3427 flag_type new_and_flags, flag_type new_or_flags)
3428{
3429 /* Set this_idata->and_flags &= new_and_flags
3430 this_idata->or_flags |= new_or_flags
3431 */
3432 instruction_data_type *idata = context->instruction_data;
3433 instruction_data_type *this_idata = &idata[to_inumber];
3434 flag_type this_and_flags = this_idata->and_flags;
3435 flag_type this_or_flags = this_idata->or_flags;
3436 flag_type merged_and = this_and_flags & new_and_flags;
3437 flag_type merged_or = this_or_flags | new_or_flags;
3438
3439 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3440 this_idata->and_flags = merged_and;
3441 this_idata->or_flags = merged_or;
3442 this_idata->changed = JNI_TRUE;
3443 }
3444}
3445
3446
3447/* Make a copy of a stack */
3448
3449static stack_item_type *
3450copy_stack(context_type *context, stack_item_type *stack)
3451{
3452 int length;
3453 stack_item_type *ptr;
3454
3455 /* Find the length */
3456 for (ptr = stack, length = 0; ptr != NULL; ptr = ptr->next, length++);
3457
3458 if (length > 0) {
3459 stack_item_type *new_stack = NEW(stack_item_type, length);
3460 stack_item_type *new_ptr;
3461 for ( ptr = stack, new_ptr = new_stack;
3462 ptr != NULL;
3463 ptr = ptr->next, new_ptr++) {
3464 new_ptr->item = ptr->item;
3465 new_ptr->next = new_ptr + 1;
3466 }
3467 new_stack[length - 1].next = NULL;
3468 return new_stack;
3469 } else {
3470 return NULL;
3471 }
3472}
3473
3474
3475static mask_type *
3476copy_masks(context_type *context, mask_type *masks, int mask_count)
3477{
3478 mask_type *result = NEW(mask_type, mask_count);
3479 int bitmask_size = context->bitmask_size;
3480 int *bitmaps = NEW(int, mask_count * bitmask_size);
3481 int i;
3482 for (i = 0; i < mask_count; i++) {
3483 result[i].entry = masks[i].entry;
3484 result[i].modifies = &bitmaps[i * bitmask_size];
3485 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3486 }
3487 return result;
3488}
3489
3490
3491static mask_type *
3492add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3493{
3494 mask_type *result = NEW(mask_type, mask_count + 1);
3495 int bitmask_size = context->bitmask_size;
3496 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size);
3497 int i;
3498 for (i = 0; i < mask_count; i++) {
3499 result[i].entry = masks[i].entry;
3500 result[i].modifies = &bitmaps[i * bitmask_size];
3501 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3502 }
3503 result[mask_count].entry = d;
3504 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3505 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3506 return result;
3507}
3508
3509
3510
3511/* We create our own storage manager, since we malloc lots of little items,
3512 * and I don't want to keep trace of when they become free. I sure wish that
3513 * we had heaps, and I could just free the heap when done.
3514 */
3515
3516#define CCSegSize 2000
3517
3518struct CCpool { /* a segment of allocated memory in the pool */
3519 struct CCpool *next;
3520 int segSize; /* almost always CCSegSize */
3521 int poolPad;
3522 char space[CCSegSize];
3523};
3524
3525/* Initialize the context's heap. */
3526static void CCinit(context_type *context)
3527{
3528 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3529 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3530 context->CCroot = context->CCcurrent = new;
3531 if (new == 0) {
3532 CCout_of_memory(context);
3533 }
3534 new->next = NULL;
3535 new->segSize = CCSegSize;
3536 context->CCfree_size = CCSegSize;
3537 context->CCfree_ptr = &new->space[0];
3538}
3539
3540
3541/* Reuse all the space that we have in the context's heap. */
3542static void CCreinit(context_type *context)
3543{
3544 struct CCpool *first = context->CCroot;
3545 context->CCcurrent = first;
3546 context->CCfree_size = CCSegSize;
3547 context->CCfree_ptr = &first->space[0];
3548}
3549
3550/* Destroy the context's heap. */
3551static void CCdestroy(context_type *context)
3552{
3553 struct CCpool *this = context->CCroot;
3554 while (this) {
3555 struct CCpool *next = this->next;
3556 free(this);
3557 this = next;
3558 }
3559 /* These two aren't necessary. But can't hurt either */
3560 context->CCroot = context->CCcurrent = NULL;
3561 context->CCfree_ptr = 0;
3562}
3563
3564/* Allocate an object of the given size from the context's heap. */
3565static void *
3566CCalloc(context_type *context, int size, jboolean zero)
3567{
3568
3569 register char *p;
3570 /* Round CC to the size of a pointer */
3571 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3572
3573 if (context->CCfree_size < size) {
3574 struct CCpool *current = context->CCcurrent;
3575 struct CCpool *new;
3576 if (size > CCSegSize) { /* we need to allocate a special block */
3577 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3578 (size - CCSegSize));
3579 if (new == 0) {
3580 CCout_of_memory(context);
3581 }
3582 new->next = current->next;
3583 new->segSize = size;
3584 current->next = new;
3585 } else {
3586 new = current->next;
3587 if (new == NULL) {
3588 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3589 if (new == 0) {
3590 CCout_of_memory(context);
3591 }
3592 current->next = new;
3593 new->next = NULL;
3594 new->segSize = CCSegSize;
3595 }
3596 }
3597 context->CCcurrent = new;
3598 context->CCfree_ptr = &new->space[0];
3599 context->CCfree_size = new->segSize;
3600 }
3601 p = context->CCfree_ptr;
3602 context->CCfree_ptr += size;
3603 context->CCfree_size -= size;
3604 if (zero)
3605 memset(p, 0, size);
3606 return p;
3607}
3608
3609/* Get the class associated with a particular field or method or class in the
3610 * constant pool. If is_field is true, we've got a field or method. If
3611 * false, we've got a class.
3612 */
3613static fullinfo_type
3614cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3615{
3616 JNIEnv *env = context->env;
3617 fullinfo_type result;
3618 const char *classname;
3619 switch (kind) {
3620 case JVM_CONSTANT_Class:
3621 classname = JVM_GetCPClassNameUTF(env,
3622 context->class,
3623 cp_index);
3624 break;
3625 case JVM_CONSTANT_Methodref:
3626 classname = JVM_GetCPMethodClassNameUTF(env,
3627 context->class,
3628 cp_index);
3629 break;
3630 case JVM_CONSTANT_Fieldref:
3631 classname = JVM_GetCPFieldClassNameUTF(env,
3632 context->class,
3633 cp_index);
3634 break;
3635 default:
3636 classname = NULL;
3637 CCerror(context, "Internal error #5");
3638 }
3639
3640 check_and_push(context, classname, VM_STRING_UTF);
3641 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3642 /* This make recursively call us, in case of a class array */
3643 signature_to_fieldtype(context, &classname, &result);
3644 } else {
3645 result = make_class_info_from_name(context, classname);
3646 }
3647 pop_and_free(context);
3648 return result;
3649}
3650
3651
3652static int
3653print_CCerror_info(context_type *context)
3654{
3655 JNIEnv *env = context->env;
3656 jclass cb = context->class;
3657 const char *classname = JVM_GetClassNameUTF(env, cb);
3658 const char *name = 0;
3659 const char *signature = 0;
3660 int n = 0;
3661 if (context->method_index != -1) {
3662 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3663 signature =
3664 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3665 n += jio_snprintf(context->message, context->message_buf_len,
3666 "(class: %s, method: %s signature: %s) ",
3667 (classname ? classname : ""),
3668 (name ? name : ""),
3669 (signature ? signature : ""));
3670 } else if (context->field_index != -1 ) {
3671 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3672 n += jio_snprintf(context->message, context->message_buf_len,
3673 "(class: %s, field: %s) ",
3674 (classname ? classname : 0),
3675 (name ? name : 0));
3676 } else {
3677 n += jio_snprintf(context->message, context->message_buf_len,
3678 "(class: %s) ", classname ? classname : "");
3679 }
3680 JVM_ReleaseUTF(classname);
3681 JVM_ReleaseUTF(name);
3682 JVM_ReleaseUTF(signature);
3683 return n;
3684}
3685
3686static void
3687CCerror (context_type *context, char *format, ...)
3688{
3689 int n = print_CCerror_info(context);
3690 va_list args;
3691 if (n >= 0 && n < context->message_buf_len) {
3692 va_start(args, format);
3693 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3694 format, args);
3695 va_end(args);
3696 }
3697 context->err_code = CC_VerifyError;
3698 longjmp(context->jump_buffer, 1);
3699}
3700
3701static void
3702CCout_of_memory(context_type *context)
3703{
3704 int n = print_CCerror_info(context);
3705 context->err_code = CC_OutOfMemory;
3706 longjmp(context->jump_buffer, 1);
3707}
3708
3709static void
3710CFerror(context_type *context, char *format, ...)
3711{
3712 int n = print_CCerror_info(context);
3713 va_list args;
3714 if (n >= 0 && n < context->message_buf_len) {
3715 va_start(args, format);
3716 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3717 format, args);
3718 va_end(args);
3719 }
3720 context->err_code = CC_ClassFormatError;
3721 longjmp(context->jump_buffer, 1);
3722}
3723
3724/*
3725 * Need to scan the entire signature to find the result type because
3726 * types in the arg list and the result type could contain embedded ')'s.
3727 */
3728static const char* get_result_signature(const char* signature) {
3729 const char *p;
3730 for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
3731 switch (*p) {
3732 case JVM_SIGNATURE_BOOLEAN:
3733 case JVM_SIGNATURE_BYTE:
3734 case JVM_SIGNATURE_CHAR:
3735 case JVM_SIGNATURE_SHORT:
3736 case JVM_SIGNATURE_INT:
3737 case JVM_SIGNATURE_FLOAT:
3738 case JVM_SIGNATURE_DOUBLE:
3739 case JVM_SIGNATURE_LONG:
3740 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
3741 break;
3742 case JVM_SIGNATURE_CLASS:
3743 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
3744 break;
3745 case JVM_SIGNATURE_ARRAY:
3746 while (*p == JVM_SIGNATURE_ARRAY) p++;
3747 /* If an array of classes, skip over class name, too. */
3748 if (*p == JVM_SIGNATURE_CLASS) {
3749 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
3750 }
3751 break;
3752 default:
3753 /* Indicate an error. */
3754 return NULL;
3755 }
3756 }
3757 return p++; /* skip over ')'. */
3758}
3759
3760static char
3761signature_to_fieldtype(context_type *context,
3762 const char **signature_p, fullinfo_type *full_info_p)
3763{
3764 const char *p = *signature_p;
3765 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3766 char result;
3767 int array_depth = 0;
3768
3769 for (;;) {
3770 switch(*p++) {
3771 default:
3772 result = 0;
3773 break;
3774
3775 case JVM_SIGNATURE_BOOLEAN:
3776 full_info = (array_depth > 0)
3777 ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)
3778 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3779 result = 'I';
3780 break;
3781
3782 case JVM_SIGNATURE_BYTE:
3783 full_info = (array_depth > 0)
3784 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)
3785 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3786 result = 'I';
3787 break;
3788
3789 case JVM_SIGNATURE_CHAR:
3790 full_info = (array_depth > 0)
3791 ? MAKE_FULLINFO(ITEM_Char, 0, 0)
3792 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3793 result = 'I';
3794 break;
3795
3796 case JVM_SIGNATURE_SHORT:
3797 full_info = (array_depth > 0)
3798 ? MAKE_FULLINFO(ITEM_Short, 0, 0)
3799 : MAKE_FULLINFO(ITEM_Integer, 0, 0);
3800 result = 'I';
3801 break;
3802
3803 case JVM_SIGNATURE_INT:
3804 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0);
3805 result = 'I';
3806 break;
3807
3808 case JVM_SIGNATURE_FLOAT:
3809 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0);
3810 result = 'F';
3811 break;
3812
3813 case JVM_SIGNATURE_DOUBLE:
3814 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0);
3815 result = 'D';
3816 break;
3817
3818 case JVM_SIGNATURE_LONG:
3819 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0);
3820 result = 'L';
3821 break;
3822
3823 case JVM_SIGNATURE_ARRAY:
3824 array_depth++;
3825 continue; /* only time we ever do the loop > 1 */
3826
3827 case JVM_SIGNATURE_CLASS: {
3828 char buffer_space[256];
3829 char *buffer = buffer_space;
3830 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3831 int length;
3832 if (finish == NULL) {
3833 /* Signature must have ';' after the class name.
3834 * If it does not, return 0 and ITEM_Bogus in full_info. */
3835 result = 0;
3836 break;
3837 }
3838 assert(finish >= p);
3839 length = (int)(finish - p);
3840 if (length + 1 > (int)sizeof(buffer_space)) {
3841 buffer = malloc(length + 1);
3842 check_and_push(context, buffer, VM_MALLOC_BLK);
3843 }
3844 memcpy(buffer, p, length);
3845 buffer[length] = '\0';
3846 full_info = make_class_info_from_name(context, buffer);
3847 result = 'A';
3848 p = finish + 1;
3849 if (buffer != buffer_space)
3850 pop_and_free(context);
3851 break;
3852 }
3853 } /* end of switch */
3854 break;
3855 }
3856 *signature_p = p;
3857 if (array_depth == 0 || result == 0) {
3858 /* either not an array, or result is bogus */
3859 *full_info_p = full_info;
3860 return result;
3861 } else {
3862 if (array_depth > MAX_ARRAY_DIMENSIONS)
3863 CCerror(context, "Array with too many dimensions");
3864 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),
3865 array_depth,
3866 GET_EXTRA_INFO(full_info));
3867 return 'A';
3868 }
3869}
3870
3871
3872/* Given an array type, create the type that has one less level of
3873 * indirection.
3874 */
3875
3876static fullinfo_type
3877decrement_indirection(fullinfo_type array_info)
3878{
3879 if (array_info == NULL_FULLINFO) {
3880 return NULL_FULLINFO;
3881 } else {
3882 int type = GET_ITEM_TYPE(array_info);
3883 int indirection = GET_INDIRECTION(array_info) - 1;
3884 int extra_info = GET_EXTRA_INFO(array_info);
3885 if ( (indirection == 0)
3886 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3887 type = ITEM_Integer;
3888 return MAKE_FULLINFO(type, indirection, extra_info);
3889 }
3890}
3891
3892
3893/* See if we can assign an object of the "from" type to an object
3894 * of the "to" type.
3895 */
3896
3897static jboolean isAssignableTo(context_type *context,
3898 fullinfo_type from, fullinfo_type to)
3899{
3900 return (merge_fullinfo_types(context, from, to, JNI_TRUE) == to);
3901}
3902
3903/* Given two fullinfo_type's, find their lowest common denominator. If
3904 * the assignable_p argument is non-null, we're really just calling to find
3905 * out if "<target> := <value>" is a legitimate assignment.
3906 *
3907 * We treat all interfaces as if they were of type java/lang/Object, since the
3908 * runtime will do the full checking.
3909 */
3910static fullinfo_type
3911merge_fullinfo_types(context_type *context,
3912 fullinfo_type value, fullinfo_type target,
3913 jboolean for_assignment)
3914{
3915 JNIEnv *env = context->env;
3916 if (value == target) {
3917 /* If they're identical, clearly just return what we've got */
3918 return value;
3919 }
3920
3921 /* Both must be either arrays or objects to go further */
3922 if (GET_INDIRECTION(value) == 0 && GET_ITEM_TYPE(value) != ITEM_Object)
3923 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3924 if (GET_INDIRECTION(target) == 0 && GET_ITEM_TYPE(target) != ITEM_Object)
3925 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3926
3927 /* If either is NULL, return the other. */
3928 if (value == NULL_FULLINFO)
3929 return target;
3930 else if (target == NULL_FULLINFO)
3931 return value;
3932
3933 /* If either is java/lang/Object, that's the result. */
3934 if (target == context->object_info)
3935 return target;
3936 else if (value == context->object_info) {
3937 /* Minor hack. For assignments, Interface := Object, return Interface
3938 * rather than Object, so that isAssignableTo() will get the right
3939 * result. */
3940 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target) ==
3941 MAKE_FULLINFO(ITEM_Object, 0, 0))) {
3942 jclass cb = object_fullinfo_to_classclass(context,
3943 target);
3944 int is_interface = cb && JVM_IsInterface(env, cb);
3945 if (is_interface)
3946 return target;
3947 }
3948 return value;
3949 }
3950 if (GET_INDIRECTION(value) > 0 || GET_INDIRECTION(target) > 0) {
3951 /* At least one is an array. Neither is java/lang/Object or NULL.
3952 * Moreover, the types are not identical.
3953 * The result must either be Object, or an array of some object type.
3954 */
3955 fullinfo_type value_base, target_base;
3956 int dimen_value = GET_INDIRECTION(value);
3957 int dimen_target = GET_INDIRECTION(target);
3958
3959 if (target == context->cloneable_info ||
3960 target == context->serializable_info) {
3961 return target;
3962 }
3963
3964 if (value == context->cloneable_info ||
3965 value == context->serializable_info) {
3966 return value;
3967 }
3968
3969 /* First, if either item's base type isn't ITEM_Object, promote it up
3970 * to an object or array of object. If either is elemental, we can
3971 * punt.
3972 */
3973 if (GET_ITEM_TYPE(value) != ITEM_Object) {
3974 if (dimen_value == 0)
3975 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3976 dimen_value--;
3977 value = MAKE_Object_ARRAY(dimen_value);
3978
3979 }
3980 if (GET_ITEM_TYPE(target) != ITEM_Object) {
3981 if (dimen_target == 0)
3982 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
3983 dimen_target--;
3984 target = MAKE_Object_ARRAY(dimen_target);
3985 }
3986 /* Both are now objects or arrays of some sort of object type */
3987 value_base = WITH_ZERO_INDIRECTION(value);
3988 target_base = WITH_ZERO_INDIRECTION(target);
3989 if (dimen_value == dimen_target) {
3990 /* Arrays of the same dimension. Merge their base types. */
3991 fullinfo_type result_base =
3992 merge_fullinfo_types(context, value_base, target_base,
3993 for_assignment);
3994 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0))
3995 /* bogus in, bogus out */
3996 return result_base;
3997 return MAKE_FULLINFO(ITEM_Object, dimen_value,
3998 GET_EXTRA_INFO(result_base));
3999 } else {
4000 /* Arrays of different sizes. If the smaller dimension array's base
4001 * type is java/lang/Cloneable or java/io/Serializable, return it.
4002 * Otherwise return java/lang/Object with a dimension of the smaller
4003 * of the two */
4004 if (dimen_value < dimen_target) {
4005 if (value_base == context->cloneable_info ||
4006 value_base == context ->serializable_info) {
4007 return value;
4008 }
4009 return MAKE_Object_ARRAY(dimen_value);
4010 } else {
4011 if (target_base == context->cloneable_info ||
4012 target_base == context->serializable_info) {
4013 return target;
4014 }
4015 return MAKE_Object_ARRAY(dimen_target);
4016 }
4017 }
4018 } else {
4019 /* Both are non-array objects. Neither is java/lang/Object or NULL */
4020 jclass cb_value, cb_target, cb_super_value, cb_super_target;
4021 fullinfo_type result_info;
4022
4023 /* Let's get the classes corresponding to each of these. Treat
4024 * interfaces as if they were java/lang/Object. See hack note above. */
4025 cb_target = object_fullinfo_to_classclass(context, target);
4026 if (cb_target == 0)
4027 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
4028 if (JVM_IsInterface(env, cb_target))
4029 return for_assignment ? target : context->object_info;
4030 cb_value = object_fullinfo_to_classclass(context, value);
4031 if (cb_value == 0)
4032 return MAKE_FULLINFO(ITEM_Bogus, 0, 0);
4033 if (JVM_IsInterface(env, cb_value))
4034 return context->object_info;
4035
4036 /* If this is for assignment of target := value, we just need to see if
4037 * cb_target is a superclass of cb_value. Save ourselves a lot of
4038 * work.
4039 */
4040 if (for_assignment) {
4041 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4042 while (cb_super_value != 0) {
4043 jclass tmp_cb;
4044 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4045 (*env)->DeleteLocalRef(env, cb_super_value);
4046 return target;
4047 }
4048 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4049 (*env)->DeleteLocalRef(env, cb_super_value);
4050 cb_super_value = tmp_cb;
4051 }
4052 (*env)->DeleteLocalRef(env, cb_super_value);
4053 return context->object_info;
4054 }
4055
4056 /* Find out whether cb_value or cb_target is deeper in the class
4057 * tree by moving both toward the root, and seeing who gets there
4058 * first. */
4059 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4060 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4061 while((cb_super_value != 0) &&
4062 (cb_super_target != 0)) {
4063 jclass tmp_cb;
4064 /* Optimization. If either hits the other when going up looking
4065 * for a parent, then might as well return the parent immediately */
4066 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4067 (*env)->DeleteLocalRef(env, cb_super_value);
4068 (*env)->DeleteLocalRef(env, cb_super_target);
4069 return target;
4070 }
4071 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4072 (*env)->DeleteLocalRef(env, cb_super_value);
4073 (*env)->DeleteLocalRef(env, cb_super_target);
4074 return value;
4075 }
4076 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4077 (*env)->DeleteLocalRef(env, cb_super_value);
4078 cb_super_value = tmp_cb;
4079
4080 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4081 (*env)->DeleteLocalRef(env, cb_super_target);
4082 cb_super_target = tmp_cb;
4083 }
4084 cb_value = (*env)->NewLocalRef(env, cb_value);
4085 cb_target = (*env)->NewLocalRef(env, cb_target);
4086 /* At most one of the following two while clauses will be executed.
4087 * Bring the deeper of cb_target and cb_value to the depth of the
4088 * shallower one.
4089 */
4090 while (cb_super_value != 0) {
4091 /* cb_value is deeper */
4092 jclass cb_tmp;
4093
4094 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4095 (*env)->DeleteLocalRef(env, cb_super_value);
4096 cb_super_value = cb_tmp;
4097
4098 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4099 (*env)->DeleteLocalRef(env, cb_value);
4100 cb_value = cb_tmp;
4101 }
4102 while (cb_super_target != 0) {
4103 /* cb_target is deeper */
4104 jclass cb_tmp;
4105
4106 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4107 (*env)->DeleteLocalRef(env, cb_super_target);
4108 cb_super_target = cb_tmp;
4109
4110 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4111 (*env)->DeleteLocalRef(env, cb_target);
4112 cb_target = cb_tmp;
4113 }
4114
4115 /* Walk both up, maintaining equal depth, until a join is found. We
4116 * know that we will find one. */
4117 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4118 jclass cb_tmp;
4119 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4120 (*env)->DeleteLocalRef(env, cb_value);
4121 cb_value = cb_tmp;
4122 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4123 (*env)->DeleteLocalRef(env, cb_target);
4124 cb_target = cb_tmp;
4125 }
4126 result_info = make_class_info(context, cb_value);
4127 (*env)->DeleteLocalRef(env, cb_value);
4128 (*env)->DeleteLocalRef(env, cb_super_value);
4129 (*env)->DeleteLocalRef(env, cb_target);
4130 (*env)->DeleteLocalRef(env, cb_super_target);
4131 return result_info;
4132 } /* both items are classes */
4133}
4134
4135
4136/* Given a fullinfo_type corresponding to an Object, return the jclass
4137 * of that type.
4138 *
4139 * This function always returns a global reference!
4140 */
4141
4142static jclass
4143object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4144{
4145 unsigned short info = GET_EXTRA_INFO(classinfo);
4146 return ID_to_class(context, info);
4147}
4148
4149static void free_block(void *ptr, int kind)
4150{
4151 switch (kind) {
4152 case VM_STRING_UTF:
4153 JVM_ReleaseUTF(ptr);
4154 break;
4155 case VM_MALLOC_BLK:
4156 free(ptr);
4157 break;
4158 }
4159}
4160
4161static void check_and_push(context_type *context, const void *ptr, int kind)
4162{
4163 alloc_stack_type *p;
4164 if (ptr == 0)
4165 CCout_of_memory(context);
4166 if (context->alloc_stack_top < ALLOC_STACK_SIZE)
4167 p = &(context->alloc_stack[context->alloc_stack_top++]);
4168 else {
4169 /* Otherwise we have to malloc */
4170 p = malloc(sizeof(alloc_stack_type));
4171 if (p == 0) {
4172 /* Make sure we clean up. */
4173 free_block((void *)ptr, kind);
4174 CCout_of_memory(context);
4175 }
4176 }
4177 p->kind = kind;
4178 p->ptr = (void *)ptr;
4179 p->next = context->allocated_memory;
4180 context->allocated_memory = p;
4181}
4182
4183static void pop_and_free(context_type *context)
4184{
4185 alloc_stack_type *p = context->allocated_memory;
4186 context->allocated_memory = p->next;
4187 free_block(p->ptr, p->kind);
4188 if (p < context->alloc_stack + ALLOC_STACK_SIZE &&
4189 p >= context->alloc_stack)
4190 context->alloc_stack_top--;
4191 else
4192 free(p);
4193}
4194
4195static int signature_to_args_size(const char *method_signature)
4196{
4197 const char *p;
4198 int args_size = 0;
4199 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4200 switch (*p) {
4201 case JVM_SIGNATURE_BOOLEAN:
4202 case JVM_SIGNATURE_BYTE:
4203 case JVM_SIGNATURE_CHAR:
4204 case JVM_SIGNATURE_SHORT:
4205 case JVM_SIGNATURE_INT:
4206 case JVM_SIGNATURE_FLOAT:
4207 args_size += 1;
4208 break;
4209 case JVM_SIGNATURE_CLASS:
4210 args_size += 1;
4211 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4212 break;
4213 case JVM_SIGNATURE_ARRAY:
4214 args_size += 1;
4215 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4216 /* If an array of classes, skip over class name, too. */
4217 if (*p == JVM_SIGNATURE_CLASS) {
4218 while (*p != JVM_SIGNATURE_ENDCLASS)
4219 p++;
4220 }
4221 break;
4222 case JVM_SIGNATURE_DOUBLE:
4223 case JVM_SIGNATURE_LONG:
4224 args_size += 2;
4225 break;
4226 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4227 break;
4228 default:
4229 /* Indicate an error. */
4230 return 0;
4231 }
4232 }
4233 return args_size;
4234}
4235
4236#ifdef DEBUG
4237
4238/* Below are for debugging. */
4239
4240static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4241
4242static void
4243print_stack(context_type *context, stack_info_type *stack_info)
4244{
4245 stack_item_type *stack = stack_info->stack;
4246 if (stack_info->stack_size == UNKNOWN_STACK_SIZE) {
4247 jio_fprintf(stdout, "x");
4248 } else {
4249 jio_fprintf(stdout, "(");
4250 for ( ; stack != 0; stack = stack->next)
4251 print_fullinfo_type(context, stack->item,
4252 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4253 jio_fprintf(stdout, ")");
4254 }
4255}
4256
4257static void
4258print_registers(context_type *context, register_info_type *register_info)
4259{
4260 int register_count = register_info->register_count;
4261 if (register_count == UNKNOWN_REGISTER_COUNT) {
4262 jio_fprintf(stdout, "x");
4263 } else {
4264 fullinfo_type *registers = register_info->registers;
4265 int mask_count = register_info->mask_count;
4266 mask_type *masks = register_info->masks;
4267 int i, j;
4268
4269 jio_fprintf(stdout, "{");
4270 for (i = 0; i < register_count; i++)
4271 print_fullinfo_type(context, registers[i],
4272 (jboolean)(verify_verbose > 1 ? JNI_TRUE : JNI_FALSE));
4273 jio_fprintf(stdout, "}");
4274 for (i = 0; i < mask_count; i++) {
4275 char *separator = "";
4276 int *modifies = masks[i].modifies;
4277 jio_fprintf(stdout, "<%d: ", masks[i].entry);
4278 for (j = 0;
4279 j < JVM_GetMethodIxLocalsCount(context->env,
4280 context->class,
4281 context->method_index);
4282 j++)
4283 if (IS_BIT_SET(modifies, j)) {
4284 jio_fprintf(stdout, "%s%d", separator, j);
4285 separator = ",";
4286 }
4287 jio_fprintf(stdout, ">");
4288 }
4289 }
4290}
4291
4292
4293static void
4294print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4295{
4296 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4297 jio_fprintf(stdout, "<%x %x>", and_flags, or_flags);
4298 }
4299}
4300
4301static void
4302print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4303{
4304 int i;
4305 int indirection = GET_INDIRECTION(type);
4306 for (i = indirection; i-- > 0; )
4307 jio_fprintf(stdout, "[");
4308 switch (GET_ITEM_TYPE(type)) {
4309 case ITEM_Integer:
4310 jio_fprintf(stdout, "I"); break;
4311 case ITEM_Float:
4312 jio_fprintf(stdout, "F"); break;
4313 case ITEM_Double:
4314 jio_fprintf(stdout, "D"); break;
4315 case ITEM_Double_2:
4316 jio_fprintf(stdout, "d"); break;
4317 case ITEM_Long:
4318 jio_fprintf(stdout, "L"); break;
4319 case ITEM_Long_2:
4320 jio_fprintf(stdout, "l"); break;
4321 case ITEM_ReturnAddress:
4322 jio_fprintf(stdout, "a"); break;
4323 case ITEM_Object:
4324 if (!verbose) {
4325 jio_fprintf(stdout, "A");
4326 } else {
4327 unsigned short extra = GET_EXTRA_INFO(type);
4328 if (extra == 0) {
4329 jio_fprintf(stdout, "/Null/");
4330 } else {
4331 const char *name = ID_to_class_name(context, extra);
4332 const char *name2 = strrchr(name, '/');
4333 jio_fprintf(stdout, "/%s/", name2 ? name2 + 1 : name);
4334 }
4335 }
4336 break;
4337 case ITEM_Char:
4338 jio_fprintf(stdout, "C"); break;
4339 case ITEM_Short:
4340 jio_fprintf(stdout, "S"); break;
4341 case ITEM_Boolean:
4342 jio_fprintf(stdout, "Z"); break;
4343 case ITEM_Byte:
4344 jio_fprintf(stdout, "B"); break;
4345 case ITEM_NewObject:
4346 if (!verbose) {
4347 jio_fprintf(stdout, "@");
4348 } else {
4349 int inum = GET_EXTRA_INFO(type);
4350 fullinfo_type real_type =
4351 context->instruction_data[inum].operand2.fi;
4352 jio_fprintf(stdout, ">");
4353 print_fullinfo_type(context, real_type, JNI_TRUE);
4354 jio_fprintf(stdout, "<");
4355 }
4356 break;
4357 case ITEM_InitObject:
4358 jio_fprintf(stdout, verbose ? ">/this/<" : "@");
4359 break;
4360
4361 default:
4362 jio_fprintf(stdout, "?"); break;
4363 }
4364 for (i = indirection; i-- > 0; )
4365 jio_fprintf(stdout, "]");
4366}
4367
4368
4369static void
4370print_formatted_fieldname(context_type *context, int index)
4371{
4372 JNIEnv *env = context->env;
4373 jclass cb = context->class;
4374 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4375 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4376 jio_fprintf(stdout, " <%s.%s>",
4377 classname ? classname : "", fieldname ? fieldname : "");
4378 JVM_ReleaseUTF(classname);
4379 JVM_ReleaseUTF(fieldname);
4380}
4381
4382static void
4383print_formatted_methodname(context_type *context, int index)
4384{
4385 JNIEnv *env = context->env;
4386 jclass cb = context->class;
4387 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4388 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4389 jio_fprintf(stdout, " <%s.%s>",
4390 classname ? classname : "", methodname ? methodname : "");
4391 JVM_ReleaseUTF(classname);
4392 JVM_ReleaseUTF(methodname);
4393}
4394
4395#endif /*DEBUG*/
4396