fixed bash/dash/sh issue (Ubuntu)
[zpugcc/jano.git] / toolchain / gcc / libjava / verify.cc
blob64efc3033f10b4876b237aede353340f6424af6d
1 // verify.cc - verify bytecode
3 /* Copyright (C) 2001, 2002, 2003 Free Software Foundation
5 This file is part of libgcj.
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
9 details. */
11 // Written by Tom Tromey <tromey@redhat.com>
13 // Define VERIFY_DEBUG to enable debugging output.
15 #include <config.h>
17 #include <jvm.h>
18 #include <gcj/cni.h>
19 #include <java-insns.h>
20 #include <java-interp.h>
22 // On Solaris 10/x86, <signal.h> indirectly includes <ia32/sys/reg.h>, which
23 // defines PC since g++ predefines __EXTENSIONS__. Undef here to avoid clash
24 // with PC member of class _Jv_BytecodeVerifier below.
25 #undef PC
27 #ifdef INTERPRETER
29 #include <java/lang/Class.h>
30 #include <java/lang/VerifyError.h>
31 #include <java/lang/Throwable.h>
32 #include <java/lang/reflect/Modifier.h>
33 #include <java/lang/StringBuffer.h>
35 #ifdef VERIFY_DEBUG
36 #include <stdio.h>
37 #endif /* VERIFY_DEBUG */
40 static void debug_print (const char *fmt, ...)
41 __attribute__ ((format (printf, 1, 2)));
43 static inline void
44 debug_print (const char *fmt, ...)
46 #ifdef VERIFY_DEBUG
47 va_list ap;
48 va_start (ap, fmt);
49 vfprintf (stderr, fmt, ap);
50 va_end (ap);
51 #endif /* VERIFY_DEBUG */
54 class _Jv_BytecodeVerifier
56 private:
58 static const int FLAG_INSN_START = 1;
59 static const int FLAG_BRANCH_TARGET = 2;
61 struct state;
62 struct type;
63 struct subr_info;
64 struct subr_entry_info;
65 struct linked_utf8;
66 struct ref_intersection;
68 // The current PC.
69 int PC;
70 // The PC corresponding to the start of the current instruction.
71 int start_PC;
73 // The current state of the stack, locals, etc.
74 state *current_state;
76 // We store the state at branch targets, for merging. This holds
77 // such states.
78 state **states;
80 // We keep a linked list of all the PCs which we must reverify.
81 // The link is done using the PC values. This is the head of the
82 // list.
83 int next_verify_pc;
85 // We keep some flags for each instruction. The values are the
86 // FLAG_* constants defined above.
87 char *flags;
89 // We need to keep track of which instructions can call a given
90 // subroutine. FIXME: this is inefficient. We keep a linked list
91 // of all calling `jsr's at at each jsr target.
92 subr_info **jsr_ptrs;
94 // We keep a linked list of entries which map each `ret' instruction
95 // to its unique subroutine entry point. We expect that there won't
96 // be many `ret' instructions, so a linked list is ok.
97 subr_entry_info *entry_points;
99 // The bytecode itself.
100 unsigned char *bytecode;
101 // The exceptions.
102 _Jv_InterpException *exception;
104 // Defining class.
105 jclass current_class;
106 // This method.
107 _Jv_InterpMethod *current_method;
109 // A linked list of utf8 objects we allocate. This is really ugly,
110 // but without this our utf8 objects would be collected.
111 linked_utf8 *utf8_list;
113 // A linked list of all ref_intersection objects we allocate.
114 ref_intersection *isect_list;
116 struct linked_utf8
118 _Jv_Utf8Const *val;
119 linked_utf8 *next;
122 _Jv_Utf8Const *make_utf8_const (char *s, int len)
124 _Jv_Utf8Const *val = _Jv_makeUtf8Const (s, len);
125 _Jv_Utf8Const *r = (_Jv_Utf8Const *) _Jv_Malloc (sizeof (_Jv_Utf8Const)
126 + val->length
127 + 1);
128 r->length = val->length;
129 r->hash = val->hash;
130 memcpy (r->data, val->data, val->length + 1);
132 linked_utf8 *lu = (linked_utf8 *) _Jv_Malloc (sizeof (linked_utf8));
133 lu->val = r;
134 lu->next = utf8_list;
135 utf8_list = lu;
137 return r;
140 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1)
142 using namespace java::lang;
143 StringBuffer *buf = new StringBuffer ();
145 buf->append (JvNewStringLatin1 ("verification failed"));
146 if (pc == -1)
147 pc = start_PC;
148 if (pc != -1)
150 buf->append (JvNewStringLatin1 (" at PC "));
151 buf->append (pc);
154 _Jv_InterpMethod *method = current_method;
155 buf->append (JvNewStringLatin1 (" in "));
156 buf->append (current_class->getName());
157 buf->append ((jchar) ':');
158 buf->append (JvNewStringUTF (method->get_method()->name->data));
159 buf->append ((jchar) '(');
160 buf->append (JvNewStringUTF (method->get_method()->signature->data));
161 buf->append ((jchar) ')');
163 buf->append (JvNewStringLatin1 (": "));
164 buf->append (JvNewStringLatin1 (s));
165 throw new java::lang::VerifyError (buf->toString ());
168 // This enum holds a list of tags for all the different types we
169 // need to handle. Reference types are treated specially by the
170 // type class.
171 enum type_val
173 void_type,
175 // The values for primitive types are chosen to correspond to values
176 // specified to newarray.
177 boolean_type = 4,
178 char_type = 5,
179 float_type = 6,
180 double_type = 7,
181 byte_type = 8,
182 short_type = 9,
183 int_type = 10,
184 long_type = 11,
186 // Used when overwriting second word of a double or long in the
187 // local variables. Also used after merging local variable states
188 // to indicate an unusable value.
189 unsuitable_type,
190 return_address_type,
191 continuation_type,
193 // There is an obscure special case which requires us to note when
194 // a local variable has not been used by a subroutine. See
195 // push_jump_merge for more information.
196 unused_by_subroutine_type,
198 // Everything after `reference_type' must be a reference type.
199 reference_type,
200 null_type,
201 uninitialized_reference_type
204 // This represents a merged class type. Some verifiers (including
205 // earlier versions of this one) will compute the intersection of
206 // two class types when merging states. However, this loses
207 // critical information about interfaces implemented by the various
208 // classes. So instead we keep track of all the actual classes that
209 // have been merged.
210 struct ref_intersection
212 // Whether or not this type has been resolved.
213 bool is_resolved;
215 // Actual type data.
216 union
218 // For a resolved reference type, this is a pointer to the class.
219 jclass klass;
220 // For other reference types, this it the name of the class.
221 _Jv_Utf8Const *name;
222 } data;
224 // Link to the next reference in the intersection.
225 ref_intersection *ref_next;
227 // This is used to keep track of all the allocated
228 // ref_intersection objects, so we can free them.
229 // FIXME: we should allocate these in chunks.
230 ref_intersection *alloc_next;
232 ref_intersection (jclass klass, _Jv_BytecodeVerifier *verifier)
233 : ref_next (NULL)
235 is_resolved = true;
236 data.klass = klass;
237 alloc_next = verifier->isect_list;
238 verifier->isect_list = this;
241 ref_intersection (_Jv_Utf8Const *name, _Jv_BytecodeVerifier *verifier)
242 : ref_next (NULL)
244 is_resolved = false;
245 data.name = name;
246 alloc_next = verifier->isect_list;
247 verifier->isect_list = this;
250 ref_intersection (ref_intersection *dup, ref_intersection *tail,
251 _Jv_BytecodeVerifier *verifier)
252 : ref_next (tail)
254 is_resolved = dup->is_resolved;
255 data = dup->data;
256 alloc_next = verifier->isect_list;
257 verifier->isect_list = this;
260 bool equals (ref_intersection *other, _Jv_BytecodeVerifier *verifier)
262 if (! is_resolved && ! other->is_resolved
263 && _Jv_equalUtf8Consts (data.name, other->data.name))
264 return true;
265 if (! is_resolved)
266 resolve (verifier);
267 if (! other->is_resolved)
268 other->resolve (verifier);
269 return data.klass == other->data.klass;
272 // Merge THIS type into OTHER, returning the result. This will
273 // return OTHER if all the classes in THIS already appear in
274 // OTHER.
275 ref_intersection *merge (ref_intersection *other,
276 _Jv_BytecodeVerifier *verifier)
278 ref_intersection *tail = other;
279 for (ref_intersection *self = this; self != NULL; self = self->ref_next)
281 bool add = true;
282 for (ref_intersection *iter = other; iter != NULL;
283 iter = iter->ref_next)
285 if (iter->equals (self, verifier))
287 add = false;
288 break;
292 if (add)
293 tail = new ref_intersection (self, tail, verifier);
295 return tail;
298 void resolve (_Jv_BytecodeVerifier *verifier)
300 if (is_resolved)
301 return;
303 using namespace java::lang;
304 java::lang::ClassLoader *loader
305 = verifier->current_class->getClassLoaderInternal();
306 // We might see either kind of name. Sigh.
307 if (data.name->data[0] == 'L'
308 && data.name->data[data.name->length - 1] == ';')
309 data.klass = _Jv_FindClassFromSignature (data.name->data, loader);
310 else
311 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
312 false, loader);
313 is_resolved = true;
316 // See if an object of type OTHER can be assigned to an object of
317 // type *THIS. This might resolve classes in one chain or the
318 // other.
319 bool compatible (ref_intersection *other,
320 _Jv_BytecodeVerifier *verifier)
322 ref_intersection *self = this;
324 for (; self != NULL; self = self->ref_next)
326 ref_intersection *other_iter = other;
328 for (; other_iter != NULL; other_iter = other_iter->ref_next)
330 // Avoid resolving if possible.
331 if (! self->is_resolved
332 && ! other_iter->is_resolved
333 && _Jv_equalUtf8Consts (self->data.name,
334 other_iter->data.name))
335 continue;
337 if (! self->is_resolved)
338 self->resolve(verifier);
339 if (! other_iter->is_resolved)
340 other_iter->resolve(verifier);
342 if (! is_assignable_from_slow (self->data.klass,
343 other_iter->data.klass))
344 return false;
348 return true;
351 bool isarray ()
353 // assert (ref_next == NULL);
354 if (is_resolved)
355 return data.klass->isArray ();
356 else
357 return data.name->data[0] == '[';
360 bool isinterface (_Jv_BytecodeVerifier *verifier)
362 // assert (ref_next == NULL);
363 if (! is_resolved)
364 resolve (verifier);
365 return data.klass->isInterface ();
368 bool isabstract (_Jv_BytecodeVerifier *verifier)
370 // assert (ref_next == NULL);
371 if (! is_resolved)
372 resolve (verifier);
373 using namespace java::lang::reflect;
374 return Modifier::isAbstract (data.klass->getModifiers ());
377 jclass getclass (_Jv_BytecodeVerifier *verifier)
379 if (! is_resolved)
380 resolve (verifier);
381 return data.klass;
384 int count_dimensions ()
386 int ndims = 0;
387 if (is_resolved)
389 jclass k = data.klass;
390 while (k->isArray ())
392 k = k->getComponentType ();
393 ++ndims;
396 else
398 char *p = data.name->data;
399 while (*p++ == '[')
400 ++ndims;
402 return ndims;
405 void *operator new (size_t bytes)
407 return _Jv_Malloc (bytes);
410 void operator delete (void *mem)
412 _Jv_Free (mem);
416 // Return the type_val corresponding to a primitive signature
417 // character. For instance `I' returns `int.class'.
418 type_val get_type_val_for_signature (jchar sig)
420 type_val rt;
421 switch (sig)
423 case 'Z':
424 rt = boolean_type;
425 break;
426 case 'B':
427 rt = byte_type;
428 break;
429 case 'C':
430 rt = char_type;
431 break;
432 case 'S':
433 rt = short_type;
434 break;
435 case 'I':
436 rt = int_type;
437 break;
438 case 'J':
439 rt = long_type;
440 break;
441 case 'F':
442 rt = float_type;
443 break;
444 case 'D':
445 rt = double_type;
446 break;
447 case 'V':
448 rt = void_type;
449 break;
450 default:
451 verify_fail ("invalid signature");
453 return rt;
456 // Return the type_val corresponding to a primitive class.
457 type_val get_type_val_for_signature (jclass k)
459 return get_type_val_for_signature ((jchar) k->method_count);
462 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
463 // TARGET haven't been prepared.
464 static bool is_assignable_from_slow (jclass target, jclass source)
466 // First, strip arrays.
467 while (target->isArray ())
469 // If target is array, source must be as well.
470 if (! source->isArray ())
471 return false;
472 target = target->getComponentType ();
473 source = source->getComponentType ();
476 // Quick success.
477 if (target == &java::lang::Object::class$)
478 return true;
482 if (source == target)
483 return true;
485 if (target->isPrimitive () || source->isPrimitive ())
486 return false;
488 if (target->isInterface ())
490 for (int i = 0; i < source->interface_count; ++i)
492 // We use a recursive call because we also need to
493 // check superinterfaces.
494 if (is_assignable_from_slow (target, source->interfaces[i]))
495 return true;
498 source = source->getSuperclass ();
500 while (source != NULL);
502 return false;
505 // This is used to keep track of which `jsr's correspond to a given
506 // jsr target.
507 struct subr_info
509 // PC of the instruction just after the jsr.
510 int pc;
511 // Link.
512 subr_info *next;
515 // This is used to keep track of which subroutine entry point
516 // corresponds to which `ret' instruction.
517 struct subr_entry_info
519 // PC of the subroutine entry point.
520 int pc;
521 // PC of the `ret' instruction.
522 int ret_pc;
523 // Link.
524 subr_entry_info *next;
527 // The `type' class is used to represent a single type in the
528 // verifier.
529 struct type
531 // The type key.
532 type_val key;
534 // For reference types, the representation of the type.
535 ref_intersection *klass;
537 // This is used when constructing a new object. It is the PC of the
538 // `new' instruction which created the object. We use the special
539 // value -2 to mean that this is uninitialized, and the special
540 // value -1 for the case where the current method is itself the
541 // <init> method.
542 int pc;
544 static const int UNINIT = -2;
545 static const int SELF = -1;
547 // Basic constructor.
548 type ()
550 key = unsuitable_type;
551 klass = NULL;
552 pc = UNINIT;
555 // Make a new instance given the type tag. We assume a generic
556 // `reference_type' means Object.
557 type (type_val k)
559 key = k;
560 // For reference_type, if KLASS==NULL then that means we are
561 // looking for a generic object of any kind, including an
562 // uninitialized reference.
563 klass = NULL;
564 pc = UNINIT;
567 // Make a new instance given a class.
568 type (jclass k, _Jv_BytecodeVerifier *verifier)
570 key = reference_type;
571 klass = new ref_intersection (k, verifier);
572 pc = UNINIT;
575 // Make a new instance given the name of a class.
576 type (_Jv_Utf8Const *n, _Jv_BytecodeVerifier *verifier)
578 key = reference_type;
579 klass = new ref_intersection (n, verifier);
580 pc = UNINIT;
583 // Copy constructor.
584 type (const type &t)
586 key = t.key;
587 klass = t.klass;
588 pc = t.pc;
591 // These operators are required because libgcj can't link in
592 // -lstdc++.
593 void *operator new[] (size_t bytes)
595 return _Jv_Malloc (bytes);
598 void operator delete[] (void *mem)
600 _Jv_Free (mem);
603 type& operator= (type_val k)
605 key = k;
606 klass = NULL;
607 pc = UNINIT;
608 return *this;
611 type& operator= (const type& t)
613 key = t.key;
614 klass = t.klass;
615 pc = t.pc;
616 return *this;
619 // Promote a numeric type.
620 type &promote ()
622 if (key == boolean_type || key == char_type
623 || key == byte_type || key == short_type)
624 key = int_type;
625 return *this;
628 // Mark this type as the uninitialized result of `new'.
629 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier)
631 if (key == reference_type)
632 key = uninitialized_reference_type;
633 else
634 verifier->verify_fail ("internal error in type::uninitialized");
635 pc = npc;
638 // Mark this type as now initialized.
639 void set_initialized (int npc)
641 if (npc != UNINIT && pc == npc && key == uninitialized_reference_type)
643 key = reference_type;
644 pc = UNINIT;
649 // Return true if an object of type K can be assigned to a variable
650 // of type *THIS. Handle various special cases too. Might modify
651 // *THIS or K. Note however that this does not perform numeric
652 // promotion.
653 bool compatible (type &k, _Jv_BytecodeVerifier *verifier)
655 // Any type is compatible with the unsuitable type.
656 if (key == unsuitable_type)
657 return true;
659 if (key < reference_type || k.key < reference_type)
660 return key == k.key;
662 // The `null' type is convertible to any initialized reference
663 // type.
664 if (key == null_type)
665 return k.key != uninitialized_reference_type;
666 if (k.key == null_type)
667 return key != uninitialized_reference_type;
669 // A special case for a generic reference.
670 if (klass == NULL)
671 return true;
672 if (k.klass == NULL)
673 verifier->verify_fail ("programmer error in type::compatible");
675 // An initialized type and an uninitialized type are not
676 // compatible.
677 if (isinitialized () != k.isinitialized ())
678 return false;
680 // Two uninitialized objects are compatible if either:
681 // * The PCs are identical, or
682 // * One PC is UNINIT.
683 if (! isinitialized ())
685 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
686 return false;
689 return klass->compatible(k.klass, verifier);
692 bool isvoid () const
694 return key == void_type;
697 bool iswide () const
699 return key == long_type || key == double_type;
702 // Return number of stack or local variable slots taken by this
703 // type.
704 int depth () const
706 return iswide () ? 2 : 1;
709 bool isarray () const
711 // We treat null_type as not an array. This is ok based on the
712 // current uses of this method.
713 if (key == reference_type)
714 return klass->isarray ();
715 return false;
718 bool isnull () const
720 return key == null_type;
723 bool isinterface (_Jv_BytecodeVerifier *verifier)
725 if (key != reference_type)
726 return false;
727 return klass->isinterface (verifier);
730 bool isabstract (_Jv_BytecodeVerifier *verifier)
732 if (key != reference_type)
733 return false;
734 return klass->isabstract (verifier);
737 // Return the element type of an array.
738 type element_type (_Jv_BytecodeVerifier *verifier)
740 if (key != reference_type)
741 verifier->verify_fail ("programmer error in type::element_type()", -1);
743 jclass k = klass->getclass (verifier)->getComponentType ();
744 if (k->isPrimitive ())
745 return type (verifier->get_type_val_for_signature (k));
746 return type (k, verifier);
749 // Return the array type corresponding to an initialized
750 // reference. We could expand this to work for other kinds of
751 // types, but currently we don't need to.
752 type to_array (_Jv_BytecodeVerifier *verifier)
754 if (key != reference_type)
755 verifier->verify_fail ("internal error in type::to_array()");
757 jclass k = klass->getclass (verifier);
758 return type (_Jv_GetArrayClass (k, k->getClassLoaderInternal()),
759 verifier);
762 bool isreference () const
764 return key >= reference_type;
767 int get_pc () const
769 return pc;
772 bool isinitialized () const
774 return key == reference_type || key == null_type;
777 bool isresolved () const
779 return (key == reference_type
780 || key == null_type
781 || key == uninitialized_reference_type);
784 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier)
786 // The way this is written, we don't need to check isarray().
787 if (key != reference_type)
788 verifier->verify_fail ("internal error in verify_dimensions: not a reference type");
790 if (klass->count_dimensions () < ndims)
791 verifier->verify_fail ("array type has fewer dimensions than required");
794 // Merge OLD_TYPE into this. On error throw exception.
795 bool merge (type& old_type, bool local_semantics,
796 _Jv_BytecodeVerifier *verifier)
798 bool changed = false;
799 bool refo = old_type.isreference ();
800 bool refn = isreference ();
801 if (refo && refn)
803 if (old_type.key == null_type)
805 else if (key == null_type)
807 *this = old_type;
808 changed = true;
810 else if (isinitialized () != old_type.isinitialized ())
811 verifier->verify_fail ("merging initialized and uninitialized types");
812 else
814 if (! isinitialized ())
816 if (pc == UNINIT)
817 pc = old_type.pc;
818 else if (old_type.pc == UNINIT)
820 else if (pc != old_type.pc)
821 verifier->verify_fail ("merging different uninitialized types");
824 ref_intersection *merged = old_type.klass->merge (klass,
825 verifier);
826 if (merged != klass)
828 klass = merged;
829 changed = true;
833 else if (refo || refn || key != old_type.key)
835 if (local_semantics)
837 // If we're merging into an "unused" slot, then we
838 // simply accept whatever we're merging from.
839 if (key == unused_by_subroutine_type)
841 *this = old_type;
842 changed = true;
844 else if (old_type.key == unused_by_subroutine_type)
846 // Do nothing.
848 // If we already have an `unsuitable' type, then we
849 // don't need to change again.
850 else if (key != unsuitable_type)
852 key = unsuitable_type;
853 changed = true;
856 else
857 verifier->verify_fail ("unmergeable type");
859 return changed;
862 #ifdef VERIFY_DEBUG
863 void print (void) const
865 char c = '?';
866 switch (key)
868 case boolean_type: c = 'Z'; break;
869 case byte_type: c = 'B'; break;
870 case char_type: c = 'C'; break;
871 case short_type: c = 'S'; break;
872 case int_type: c = 'I'; break;
873 case long_type: c = 'J'; break;
874 case float_type: c = 'F'; break;
875 case double_type: c = 'D'; break;
876 case void_type: c = 'V'; break;
877 case unsuitable_type: c = '-'; break;
878 case return_address_type: c = 'r'; break;
879 case continuation_type: c = '+'; break;
880 case unused_by_subroutine_type: c = '_'; break;
881 case reference_type: c = 'L'; break;
882 case null_type: c = '@'; break;
883 case uninitialized_reference_type: c = 'U'; break;
885 debug_print ("%c", c);
887 #endif /* VERIFY_DEBUG */
890 // This class holds all the state information we need for a given
891 // location.
892 struct state
894 // The current top of the stack, in terms of slots.
895 int stacktop;
896 // The current depth of the stack. This will be larger than
897 // STACKTOP when wide types are on the stack.
898 int stackdepth;
899 // The stack.
900 type *stack;
901 // The local variables.
902 type *locals;
903 // Flags are used in subroutines to keep track of which local
904 // variables have been accessed. They are also used after
905 char *flags;
906 // If not 0, then we are in a subroutine. The value is the PC of
907 // the subroutine's entry point. We can use 0 as an exceptional
908 // value because PC=0 can never be a subroutine.
909 int subroutine;
910 // This is used to keep a linked list of all the states which
911 // require re-verification. We use the PC to keep track.
912 int next;
913 // We keep track of the type of `this' specially. This is used to
914 // ensure that an instance initializer invokes another initializer
915 // on `this' before returning. We must keep track of this
916 // specially because otherwise we might be confused by code which
917 // assigns to locals[0] (overwriting `this') and then returns
918 // without really initializing.
919 type this_type;
920 // This is a list of all subroutines that have been seen at this
921 // point. Ordinarily this is NULL; it is only allocated and used
922 // in relatively weird situations involving non-ret exit from a
923 // subroutine. We have to keep track of this in this way to avoid
924 // endless recursion in these cases.
925 subr_info *seen_subrs;
927 // INVALID marks a state which is not on the linked list of states
928 // requiring reverification.
929 static const int INVALID = -1;
930 // NO_NEXT marks the state at the end of the reverification list.
931 static const int NO_NEXT = -2;
933 // This is used to mark the stack depth at the instruction just
934 // after a `jsr' when we haven't yet processed the corresponding
935 // `ret'. See handle_jsr_insn for more information.
936 static const int NO_STACK = -1;
938 // This flag indicates that the local was changed in this
939 // subroutine.
940 static const int FLAG_CHANGED = 1;
941 // This is set only on the flags of the state of an instruction
942 // directly following a "jsr". It indicates that the local
943 // variable was changed by the subroutine corresponding to the
944 // "jsr".
945 static const int FLAG_USED = 2;
947 state ()
948 : this_type ()
950 stack = NULL;
951 locals = NULL;
952 flags = NULL;
953 seen_subrs = NULL;
956 state (int max_stack, int max_locals)
957 : this_type ()
959 stacktop = 0;
960 stackdepth = 0;
961 stack = new type[max_stack];
962 for (int i = 0; i < max_stack; ++i)
963 stack[i] = unsuitable_type;
964 locals = new type[max_locals];
965 flags = (char *) _Jv_Malloc (sizeof (char) * max_locals);
966 seen_subrs = NULL;
967 for (int i = 0; i < max_locals; ++i)
969 locals[i] = unsuitable_type;
970 flags[i] = 0;
972 next = INVALID;
973 subroutine = 0;
976 state (const state *orig, int max_stack, int max_locals,
977 bool ret_semantics = false)
979 stack = new type[max_stack];
980 locals = new type[max_locals];
981 flags = (char *) _Jv_Malloc (sizeof (char) * max_locals);
982 seen_subrs = NULL;
983 copy (orig, max_stack, max_locals, ret_semantics);
984 next = INVALID;
987 ~state ()
989 if (stack)
990 delete[] stack;
991 if (locals)
992 delete[] locals;
993 if (flags)
994 _Jv_Free (flags);
995 clean_subrs ();
998 void *operator new[] (size_t bytes)
1000 return _Jv_Malloc (bytes);
1003 void operator delete[] (void *mem)
1005 _Jv_Free (mem);
1008 void *operator new (size_t bytes)
1010 return _Jv_Malloc (bytes);
1013 void operator delete (void *mem)
1015 _Jv_Free (mem);
1018 void clean_subrs ()
1020 subr_info *info = seen_subrs;
1021 while (info != NULL)
1023 subr_info *next = info->next;
1024 _Jv_Free (info);
1025 info = next;
1027 seen_subrs = NULL;
1030 void copy (const state *copy, int max_stack, int max_locals,
1031 bool ret_semantics = false)
1033 stacktop = copy->stacktop;
1034 stackdepth = copy->stackdepth;
1035 subroutine = copy->subroutine;
1036 for (int i = 0; i < max_stack; ++i)
1037 stack[i] = copy->stack[i];
1038 for (int i = 0; i < max_locals; ++i)
1040 // See push_jump_merge to understand this case.
1041 if (ret_semantics)
1043 if ((copy->flags[i] & FLAG_CHANGED))
1045 // Changed in the subroutine, so we copy it here.
1046 locals[i] = copy->locals[i];
1047 flags[i] |= FLAG_USED;
1049 else
1051 // Not changed in the subroutine. Use a special
1052 // type so the coming merge will overwrite.
1053 locals[i] = type (unused_by_subroutine_type);
1056 else
1057 locals[i] = copy->locals[i];
1059 // Clear the flag unconditionally just so printouts look ok,
1060 // then only set it if we're still in a subroutine and it
1061 // did in fact change.
1062 flags[i] &= ~FLAG_CHANGED;
1063 if (subroutine && (copy->flags[i] & FLAG_CHANGED) != 0)
1064 flags[i] |= FLAG_CHANGED;
1067 clean_subrs ();
1068 if (copy->seen_subrs)
1070 for (subr_info *info = copy->seen_subrs;
1071 info != NULL; info = info->next)
1072 add_subr (info->pc);
1075 this_type = copy->this_type;
1076 // Don't modify `next'.
1079 // Modify this state to reflect entry to an exception handler.
1080 void set_exception (type t, int max_stack)
1082 stackdepth = 1;
1083 stacktop = 1;
1084 stack[0] = t;
1085 for (int i = stacktop; i < max_stack; ++i)
1086 stack[i] = unsuitable_type;
1089 // Modify this state to reflect entry into a subroutine.
1090 void enter_subroutine (int npc, int max_locals)
1092 subroutine = npc;
1093 // Mark all items as unchanged. Each subroutine needs to keep
1094 // track of its `changed' state independently. In the case of
1095 // nested subroutines, this information will be merged back into
1096 // parent by the `ret'.
1097 for (int i = 0; i < max_locals; ++i)
1098 flags[i] &= ~FLAG_CHANGED;
1101 // Indicate that we've been in this this subroutine.
1102 void add_subr (int pc)
1104 subr_info *n = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1105 n->pc = pc;
1106 n->next = seen_subrs;
1107 seen_subrs = n;
1110 // Merge STATE_OLD into this state. Destructively modifies this
1111 // state. Returns true if the new state was in fact changed.
1112 // Will throw an exception if the states are not mergeable.
1113 bool merge (state *state_old, bool ret_semantics,
1114 int max_locals, _Jv_BytecodeVerifier *verifier,
1115 bool jsr_semantics = false)
1117 bool changed = false;
1119 // Special handling for `this'. If one or the other is
1120 // uninitialized, then the merge is uninitialized.
1121 if (this_type.isinitialized ())
1122 this_type = state_old->this_type;
1124 // Merge subroutine states. Here we just keep track of what
1125 // subroutine we think we're in. We only check for a merge
1126 // (which is invalid) when we see a `ret'.
1127 if (subroutine == state_old->subroutine)
1129 // Nothing.
1131 else if (subroutine == 0)
1133 subroutine = state_old->subroutine;
1134 changed = true;
1136 else
1138 // If the subroutines differ, and we haven't seen this
1139 // subroutine before, indicate that the state changed. This
1140 // is needed to detect when subroutines have merged.
1141 bool found = false;
1142 for (subr_info *info = seen_subrs; info != NULL; info = info->next)
1144 if (info->pc == state_old->subroutine)
1146 found = true;
1147 break;
1150 if (! found)
1152 add_subr (state_old->subroutine);
1153 changed = true;
1157 // Merge stacks, including special handling for NO_STACK case.
1158 // If the destination is NO_STACK, this means it is the
1159 // instruction following a "jsr" and has not yet been processed
1160 // in any way. In this situation, if we are currently
1161 // processing a "ret", then we must *copy* any locals changed in
1162 // the subroutine into the current state. Merging in this
1163 // situation is incorrect because the locals we've noted didn't
1164 // come real program flow, they are just an artifact of how
1165 // we've chosen to handle the post-jsr state.
1166 bool copy_in_locals = ret_semantics && stacktop == NO_STACK;
1168 if (state_old->stacktop == NO_STACK)
1170 // This can happen if we're doing a pass-through jsr merge.
1171 // Here we can just ignore the stack.
1173 else if (stacktop == NO_STACK)
1175 stacktop = state_old->stacktop;
1176 stackdepth = state_old->stackdepth;
1177 for (int i = 0; i < stacktop; ++i)
1178 stack[i] = state_old->stack[i];
1179 changed = true;
1181 else if (state_old->stacktop != stacktop)
1182 verifier->verify_fail ("stack sizes differ");
1183 else
1185 for (int i = 0; i < state_old->stacktop; ++i)
1187 if (stack[i].merge (state_old->stack[i], false, verifier))
1188 changed = true;
1192 // Merge local variables.
1193 for (int i = 0; i < max_locals; ++i)
1195 // If we're not processing a `ret', then we merge every
1196 // local variable. If we are processing a `ret', then we
1197 // only merge locals which changed in the subroutine. When
1198 // processing a `ret', STATE_OLD is the state at the point
1199 // of the `ret', and THIS is the state just after the `jsr'.
1200 // See comment above for explanation of COPY_IN_LOCALS.
1201 if (copy_in_locals)
1203 if ((state_old->flags[i] & FLAG_CHANGED) != 0)
1205 locals[i] = state_old->locals[i];
1206 changed = true;
1207 // There's no point in calling note_variable here,
1208 // since we call it under the same condition before
1209 // the loop ends.
1212 else if (jsr_semantics && (flags[i] & FLAG_USED) != 0)
1214 // We are processing the "pass-through" part of a jsr
1215 // statement. In this particular case, the local was
1216 // changed by the subroutine. So, we have no work to
1217 // do, as the pre-jsr value does not survive the
1218 // subroutine call.
1220 else if (! ret_semantics
1221 || (state_old->flags[i] & FLAG_CHANGED) != 0)
1223 // If we have ordinary (not ret) semantics, then we have
1224 // merging flow control, so we merge types. Or, we have
1225 // jsr pass-through semantics and the type survives the
1226 // subroutine (see above), so again we merge. Or,
1227 // finally, we have ret semantics and this value did
1228 // change, in which case we merge the change from the
1229 // subroutine into the post-jsr instruction.
1230 if (locals[i].merge (state_old->locals[i], true, verifier))
1232 // Note that we don't call `note_variable' here.
1233 // This change doesn't represent a real change to a
1234 // local, but rather a merge artifact. If we're in
1235 // a subroutine which is called with two
1236 // incompatible types in a slot that is unused by
1237 // the subroutine, then we don't want to mark that
1238 // variable as having been modified.
1239 changed = true;
1243 // If we're in a subroutine, we must compute the union of
1244 // all the changed local variables.
1245 if ((state_old->flags[i] & FLAG_CHANGED) != 0)
1246 note_variable (i);
1248 // If we're returning from a subroutine, we must mark the
1249 // post-jsr instruction with information about what changed,
1250 // so that future "pass-through" jsr merges work correctly.
1251 if (ret_semantics && (state_old->flags[i] & FLAG_CHANGED) != 0)
1252 flags[i] |= FLAG_USED;
1255 return changed;
1258 // Throw an exception if there is an uninitialized object on the
1259 // stack or in a local variable. EXCEPTION_SEMANTICS controls
1260 // whether we're using backwards-branch or exception-handing
1261 // semantics.
1262 void check_no_uninitialized_objects (int max_locals,
1263 _Jv_BytecodeVerifier *verifier,
1264 bool exception_semantics = false)
1266 if (! exception_semantics)
1268 for (int i = 0; i < stacktop; ++i)
1269 if (stack[i].isreference () && ! stack[i].isinitialized ())
1270 verifier->verify_fail ("uninitialized object on stack");
1273 for (int i = 0; i < max_locals; ++i)
1274 if (locals[i].isreference () && ! locals[i].isinitialized ())
1275 verifier->verify_fail ("uninitialized object in local variable");
1277 check_this_initialized (verifier);
1280 // Ensure that `this' has been initialized.
1281 void check_this_initialized (_Jv_BytecodeVerifier *verifier)
1283 if (this_type.isreference () && ! this_type.isinitialized ())
1284 verifier->verify_fail ("`this' is uninitialized");
1287 // Set type of `this'.
1288 void set_this_type (const type &k)
1290 this_type = k;
1293 // Note that a local variable was modified.
1294 void note_variable (int index)
1296 if (subroutine > 0)
1297 flags[index] |= FLAG_CHANGED;
1300 // Mark each `new'd object we know of that was allocated at PC as
1301 // initialized.
1302 void set_initialized (int pc, int max_locals)
1304 for (int i = 0; i < stacktop; ++i)
1305 stack[i].set_initialized (pc);
1306 for (int i = 0; i < max_locals; ++i)
1307 locals[i].set_initialized (pc);
1308 this_type.set_initialized (pc);
1311 // Return true if this state is the unmerged result of a `ret'.
1312 bool is_unmerged_ret_state (int max_locals) const
1314 if (stacktop == NO_STACK)
1315 return true;
1316 for (int i = 0; i < max_locals; ++i)
1318 if (locals[i].key == unused_by_subroutine_type)
1319 return true;
1321 return false;
1324 #ifdef VERIFY_DEBUG
1325 void print (const char *leader, int pc,
1326 int max_stack, int max_locals) const
1328 debug_print ("%s [%4d]: [stack] ", leader, pc);
1329 int i;
1330 for (i = 0; i < stacktop; ++i)
1331 stack[i].print ();
1332 for (; i < max_stack; ++i)
1333 debug_print (".");
1334 debug_print (" [local] ");
1335 for (i = 0; i < max_locals; ++i)
1337 locals[i].print ();
1338 if ((flags[i] & FLAG_USED) != 0)
1339 debug_print ((flags[i] & FLAG_CHANGED) ? ">" : "<");
1340 else
1341 debug_print ((flags[i] & FLAG_CHANGED) ? "+" : " ");
1343 if (subroutine == 0)
1344 debug_print (" | None");
1345 else
1346 debug_print (" | %4d", subroutine);
1347 debug_print (" | %p\n", this);
1349 #else
1350 inline void print (const char *, int, int, int) const
1353 #endif /* VERIFY_DEBUG */
1356 type pop_raw ()
1358 if (current_state->stacktop <= 0)
1359 verify_fail ("stack empty");
1360 type r = current_state->stack[--current_state->stacktop];
1361 current_state->stackdepth -= r.depth ();
1362 if (current_state->stackdepth < 0)
1363 verify_fail ("stack empty", start_PC);
1364 return r;
1367 type pop32 ()
1369 type r = pop_raw ();
1370 if (r.iswide ())
1371 verify_fail ("narrow pop of wide type");
1372 return r;
1375 type pop_type (type match)
1377 match.promote ();
1378 type t = pop_raw ();
1379 if (! match.compatible (t, this))
1380 verify_fail ("incompatible type on stack");
1381 return t;
1384 // Pop a reference which is guaranteed to be initialized. MATCH
1385 // doesn't have to be a reference type; in this case this acts like
1386 // pop_type.
1387 type pop_init_ref (type match)
1389 type t = pop_raw ();
1390 if (t.isreference () && ! t.isinitialized ())
1391 verify_fail ("initialized reference required");
1392 else if (! match.compatible (t, this))
1393 verify_fail ("incompatible type on stack");
1394 return t;
1397 // Pop a reference type or a return address.
1398 type pop_ref_or_return ()
1400 type t = pop_raw ();
1401 if (! t.isreference () && t.key != return_address_type)
1402 verify_fail ("expected reference or return address on stack");
1403 return t;
1406 void push_type (type t)
1408 // If T is a numeric type like short, promote it to int.
1409 t.promote ();
1411 int depth = t.depth ();
1412 if (current_state->stackdepth + depth > current_method->max_stack)
1413 verify_fail ("stack overflow");
1414 current_state->stack[current_state->stacktop++] = t;
1415 current_state->stackdepth += depth;
1418 void set_variable (int index, type t)
1420 // If T is a numeric type like short, promote it to int.
1421 t.promote ();
1423 int depth = t.depth ();
1424 if (index > current_method->max_locals - depth)
1425 verify_fail ("invalid local variable");
1426 current_state->locals[index] = t;
1427 current_state->note_variable (index);
1429 if (depth == 2)
1431 current_state->locals[index + 1] = continuation_type;
1432 current_state->note_variable (index + 1);
1434 if (index > 0 && current_state->locals[index - 1].iswide ())
1436 current_state->locals[index - 1] = unsuitable_type;
1437 // There's no need to call note_variable here.
1441 type get_variable (int index, type t)
1443 int depth = t.depth ();
1444 if (index > current_method->max_locals - depth)
1445 verify_fail ("invalid local variable");
1446 if (! t.compatible (current_state->locals[index], this))
1447 verify_fail ("incompatible type in local variable");
1448 if (depth == 2)
1450 type t (continuation_type);
1451 if (! current_state->locals[index + 1].compatible (t, this))
1452 verify_fail ("invalid local variable");
1454 return current_state->locals[index];
1457 // Make sure ARRAY is an array type and that its elements are
1458 // compatible with type ELEMENT. Returns the actual element type.
1459 type require_array_type (type array, type element)
1461 // An odd case. Here we just pretend that everything went ok. If
1462 // the requested element type is some kind of reference, return
1463 // the null type instead.
1464 if (array.isnull ())
1465 return element.isreference () ? type (null_type) : element;
1467 if (! array.isarray ())
1468 verify_fail ("array required");
1470 type t = array.element_type (this);
1471 if (! element.compatible (t, this))
1473 // Special case for byte arrays, which must also be boolean
1474 // arrays.
1475 bool ok = true;
1476 if (element.key == byte_type)
1478 type e2 (boolean_type);
1479 ok = e2.compatible (t, this);
1481 if (! ok)
1482 verify_fail ("incompatible array element type");
1485 // Return T and not ELEMENT, because T might be specialized.
1486 return t;
1489 jint get_byte ()
1491 if (PC >= current_method->code_length)
1492 verify_fail ("premature end of bytecode");
1493 return (jint) bytecode[PC++] & 0xff;
1496 jint get_ushort ()
1498 jint b1 = get_byte ();
1499 jint b2 = get_byte ();
1500 return (jint) ((b1 << 8) | b2) & 0xffff;
1503 jint get_short ()
1505 jint b1 = get_byte ();
1506 jint b2 = get_byte ();
1507 jshort s = (b1 << 8) | b2;
1508 return (jint) s;
1511 jint get_int ()
1513 jint b1 = get_byte ();
1514 jint b2 = get_byte ();
1515 jint b3 = get_byte ();
1516 jint b4 = get_byte ();
1517 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1520 int compute_jump (int offset)
1522 int npc = start_PC + offset;
1523 if (npc < 0 || npc >= current_method->code_length)
1524 verify_fail ("branch out of range", start_PC);
1525 return npc;
1528 // Merge the indicated state into the state at the branch target and
1529 // schedule a new PC if there is a change. If RET_SEMANTICS is
1530 // true, then we are merging from a `ret' instruction into the
1531 // instruction after a `jsr'. This is a special case with its own
1532 // modified semantics. If JSR_SEMANTICS is true, then we're merging
1533 // some type information from a "jsr" instruction to the immediately
1534 // following instruction. In this situation we have to be careful
1535 // not to merge local variables whose values are modified by the
1536 // subroutine we're about to call.
1537 void push_jump_merge (int npc, state *nstate,
1538 bool ret_semantics = false,
1539 bool jsr_semantics = false)
1541 bool changed = true;
1542 if (states[npc] == NULL)
1544 // There's a weird situation here. If are examining the
1545 // branch that results from a `ret', and there is not yet a
1546 // state available at the branch target (the instruction just
1547 // after the `jsr'), then we have to construct a special kind
1548 // of state at that point for future merging. This special
1549 // state has the type `unused_by_subroutine_type' in each slot
1550 // which was not modified by the subroutine.
1551 states[npc] = new state (nstate, current_method->max_stack,
1552 current_method->max_locals, ret_semantics);
1553 debug_print ("== New state in push_jump_merge (ret_semantics = %s)\n",
1554 ret_semantics ? "true" : "false");
1555 states[npc]->print ("New", npc, current_method->max_stack,
1556 current_method->max_locals);
1558 else
1560 debug_print ("== Merge states in push_jump_merge\n");
1561 nstate->print ("Frm", start_PC, current_method->max_stack,
1562 current_method->max_locals);
1563 states[npc]->print (" To", npc, current_method->max_stack,
1564 current_method->max_locals);
1565 changed = states[npc]->merge (nstate, ret_semantics,
1566 current_method->max_locals, this,
1567 jsr_semantics);
1568 states[npc]->print ("New", npc, current_method->max_stack,
1569 current_method->max_locals);
1572 if (changed && states[npc]->next == state::INVALID)
1574 // The merge changed the state, and the new PC isn't yet on our
1575 // list of PCs to re-verify.
1576 states[npc]->next = next_verify_pc;
1577 next_verify_pc = npc;
1581 void push_jump (int offset)
1583 int npc = compute_jump (offset);
1584 if (npc < PC)
1585 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1586 push_jump_merge (npc, current_state);
1589 void push_exception_jump (type t, int pc)
1591 current_state->check_no_uninitialized_objects (current_method->max_locals,
1592 this, true);
1593 state s (current_state, current_method->max_stack,
1594 current_method->max_locals);
1595 if (current_method->max_stack < 1)
1596 verify_fail ("stack overflow at exception handler");
1597 s.set_exception (t, current_method->max_stack);
1598 push_jump_merge (pc, &s);
1601 int pop_jump ()
1603 int *prev_loc = &next_verify_pc;
1604 int npc = next_verify_pc;
1606 while (npc != state::NO_NEXT)
1608 // If the next available PC is an unmerged `ret' state, then
1609 // we aren't yet ready to handle it. That's because we would
1610 // need all kind of special cases to do so. So instead we
1611 // defer this jump until after we've processed it via a
1612 // fall-through. This has to happen because the instruction
1613 // before this one must be a `jsr'.
1614 if (! states[npc]->is_unmerged_ret_state (current_method->max_locals))
1616 *prev_loc = states[npc]->next;
1617 states[npc]->next = state::INVALID;
1618 return npc;
1621 prev_loc = &states[npc]->next;
1622 npc = states[npc]->next;
1625 // Note that we might have gotten here even when there are
1626 // remaining states to process. That can happen if we find a
1627 // `jsr' without a `ret'.
1628 return state::NO_NEXT;
1631 void invalidate_pc ()
1633 PC = state::NO_NEXT;
1636 void note_branch_target (int pc, bool is_jsr_target = false)
1638 // Don't check `pc <= PC', because we've advanced PC after
1639 // fetching the target and we haven't yet checked the next
1640 // instruction.
1641 if (pc < PC && ! (flags[pc] & FLAG_INSN_START))
1642 verify_fail ("branch not to instruction start", start_PC);
1643 flags[pc] |= FLAG_BRANCH_TARGET;
1644 if (is_jsr_target)
1646 // Record the jsr which called this instruction.
1647 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1648 info->pc = PC;
1649 info->next = jsr_ptrs[pc];
1650 jsr_ptrs[pc] = info;
1654 void skip_padding ()
1656 while ((PC % 4) > 0)
1657 if (get_byte () != 0)
1658 verify_fail ("found nonzero padding byte");
1661 // Return the subroutine to which the instruction at PC belongs.
1662 int get_subroutine (int pc)
1664 if (states[pc] == NULL)
1665 return 0;
1666 return states[pc]->subroutine;
1669 // Do the work for a `ret' instruction. INDEX is the index into the
1670 // local variables.
1671 void handle_ret_insn (int index)
1673 get_variable (index, return_address_type);
1675 int csub = current_state->subroutine;
1676 if (csub == 0)
1677 verify_fail ("no subroutine");
1679 // Check to see if we've merged subroutines.
1680 subr_entry_info *entry;
1681 for (entry = entry_points; entry != NULL; entry = entry->next)
1683 if (entry->ret_pc == start_PC)
1684 break;
1686 if (entry == NULL)
1688 entry = (subr_entry_info *) _Jv_Malloc (sizeof (subr_entry_info));
1689 entry->pc = csub;
1690 entry->ret_pc = start_PC;
1691 entry->next = entry_points;
1692 entry_points = entry;
1694 else if (entry->pc != csub)
1695 verify_fail ("subroutines merged");
1697 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next)
1699 // We might be returning to a `jsr' that is at the end of the
1700 // bytecode. This is ok if we never return from the called
1701 // subroutine, but if we see this here it is an error.
1702 if (subr->pc >= current_method->code_length)
1703 verify_fail ("fell off end");
1705 // Temporarily modify the current state so it looks like we're
1706 // in the enclosing context.
1707 current_state->subroutine = get_subroutine (subr->pc);
1708 if (subr->pc < PC)
1709 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1710 push_jump_merge (subr->pc, current_state, true);
1713 current_state->subroutine = csub;
1714 invalidate_pc ();
1717 // We're in the subroutine SUB, calling a subroutine at DEST. Make
1718 // sure this subroutine isn't already on the stack.
1719 void check_nonrecursive_call (int sub, int dest)
1721 if (sub == 0)
1722 return;
1723 if (sub == dest)
1724 verify_fail ("recursive subroutine call");
1725 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next)
1726 check_nonrecursive_call (get_subroutine (info->pc), dest);
1729 void handle_jsr_insn (int offset)
1731 int npc = compute_jump (offset);
1733 if (npc < PC)
1734 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1735 check_nonrecursive_call (current_state->subroutine, npc);
1737 // Modify our state as appropriate for entry into a subroutine.
1738 push_type (return_address_type);
1739 push_jump_merge (npc, current_state);
1740 // Clean up.
1741 pop_type (return_address_type);
1743 // On entry to the subroutine, the subroutine number must be set
1744 // and the locals must be marked as cleared. We do this after
1745 // merging state so that we don't erroneously "notice" a variable
1746 // change merely on entry.
1747 states[npc]->enter_subroutine (npc, current_method->max_locals);
1749 // Indicate that we don't know the stack depth of the instruction
1750 // following the `jsr'. The idea here is that we need to merge
1751 // the local variable state across the jsr, but the subroutine
1752 // might change the stack depth, so we can't make any assumptions
1753 // about it. So we have yet another special case. We know that
1754 // at this point PC points to the instruction after the jsr. Note
1755 // that it is ok to have a `jsr' at the end of the bytecode,
1756 // provided that the called subroutine never returns. So, we have
1757 // a special case here and another one when we handle the ret.
1758 if (PC < current_method->code_length)
1760 current_state->stacktop = state::NO_STACK;
1761 push_jump_merge (PC, current_state, false, true);
1763 invalidate_pc ();
1766 jclass construct_primitive_array_type (type_val prim)
1768 jclass k = NULL;
1769 switch (prim)
1771 case boolean_type:
1772 k = JvPrimClass (boolean);
1773 break;
1774 case char_type:
1775 k = JvPrimClass (char);
1776 break;
1777 case float_type:
1778 k = JvPrimClass (float);
1779 break;
1780 case double_type:
1781 k = JvPrimClass (double);
1782 break;
1783 case byte_type:
1784 k = JvPrimClass (byte);
1785 break;
1786 case short_type:
1787 k = JvPrimClass (short);
1788 break;
1789 case int_type:
1790 k = JvPrimClass (int);
1791 break;
1792 case long_type:
1793 k = JvPrimClass (long);
1794 break;
1796 // These aren't used here but we call them out to avoid
1797 // warnings.
1798 case void_type:
1799 case unsuitable_type:
1800 case return_address_type:
1801 case continuation_type:
1802 case unused_by_subroutine_type:
1803 case reference_type:
1804 case null_type:
1805 case uninitialized_reference_type:
1806 default:
1807 verify_fail ("unknown type in construct_primitive_array_type");
1809 k = _Jv_GetArrayClass (k, NULL);
1810 return k;
1813 // This pass computes the location of branch targets and also
1814 // instruction starts.
1815 void branch_prepass ()
1817 flags = (char *) _Jv_Malloc (current_method->code_length);
1818 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *)
1819 * current_method->code_length);
1821 for (int i = 0; i < current_method->code_length; ++i)
1823 flags[i] = 0;
1824 jsr_ptrs[i] = NULL;
1827 bool last_was_jsr = false;
1829 PC = 0;
1830 while (PC < current_method->code_length)
1832 // Set `start_PC' early so that error checking can have the
1833 // correct value.
1834 start_PC = PC;
1835 flags[PC] |= FLAG_INSN_START;
1837 // If the previous instruction was a jsr, then the next
1838 // instruction is a branch target -- the branch being the
1839 // corresponding `ret'.
1840 if (last_was_jsr)
1841 note_branch_target (PC);
1842 last_was_jsr = false;
1844 java_opcode opcode = (java_opcode) bytecode[PC++];
1845 switch (opcode)
1847 case op_nop:
1848 case op_aconst_null:
1849 case op_iconst_m1:
1850 case op_iconst_0:
1851 case op_iconst_1:
1852 case op_iconst_2:
1853 case op_iconst_3:
1854 case op_iconst_4:
1855 case op_iconst_5:
1856 case op_lconst_0:
1857 case op_lconst_1:
1858 case op_fconst_0:
1859 case op_fconst_1:
1860 case op_fconst_2:
1861 case op_dconst_0:
1862 case op_dconst_1:
1863 case op_iload_0:
1864 case op_iload_1:
1865 case op_iload_2:
1866 case op_iload_3:
1867 case op_lload_0:
1868 case op_lload_1:
1869 case op_lload_2:
1870 case op_lload_3:
1871 case op_fload_0:
1872 case op_fload_1:
1873 case op_fload_2:
1874 case op_fload_3:
1875 case op_dload_0:
1876 case op_dload_1:
1877 case op_dload_2:
1878 case op_dload_3:
1879 case op_aload_0:
1880 case op_aload_1:
1881 case op_aload_2:
1882 case op_aload_3:
1883 case op_iaload:
1884 case op_laload:
1885 case op_faload:
1886 case op_daload:
1887 case op_aaload:
1888 case op_baload:
1889 case op_caload:
1890 case op_saload:
1891 case op_istore_0:
1892 case op_istore_1:
1893 case op_istore_2:
1894 case op_istore_3:
1895 case op_lstore_0:
1896 case op_lstore_1:
1897 case op_lstore_2:
1898 case op_lstore_3:
1899 case op_fstore_0:
1900 case op_fstore_1:
1901 case op_fstore_2:
1902 case op_fstore_3:
1903 case op_dstore_0:
1904 case op_dstore_1:
1905 case op_dstore_2:
1906 case op_dstore_3:
1907 case op_astore_0:
1908 case op_astore_1:
1909 case op_astore_2:
1910 case op_astore_3:
1911 case op_iastore:
1912 case op_lastore:
1913 case op_fastore:
1914 case op_dastore:
1915 case op_aastore:
1916 case op_bastore:
1917 case op_castore:
1918 case op_sastore:
1919 case op_pop:
1920 case op_pop2:
1921 case op_dup:
1922 case op_dup_x1:
1923 case op_dup_x2:
1924 case op_dup2:
1925 case op_dup2_x1:
1926 case op_dup2_x2:
1927 case op_swap:
1928 case op_iadd:
1929 case op_isub:
1930 case op_imul:
1931 case op_idiv:
1932 case op_irem:
1933 case op_ishl:
1934 case op_ishr:
1935 case op_iushr:
1936 case op_iand:
1937 case op_ior:
1938 case op_ixor:
1939 case op_ladd:
1940 case op_lsub:
1941 case op_lmul:
1942 case op_ldiv:
1943 case op_lrem:
1944 case op_lshl:
1945 case op_lshr:
1946 case op_lushr:
1947 case op_land:
1948 case op_lor:
1949 case op_lxor:
1950 case op_fadd:
1951 case op_fsub:
1952 case op_fmul:
1953 case op_fdiv:
1954 case op_frem:
1955 case op_dadd:
1956 case op_dsub:
1957 case op_dmul:
1958 case op_ddiv:
1959 case op_drem:
1960 case op_ineg:
1961 case op_i2b:
1962 case op_i2c:
1963 case op_i2s:
1964 case op_lneg:
1965 case op_fneg:
1966 case op_dneg:
1967 case op_i2l:
1968 case op_i2f:
1969 case op_i2d:
1970 case op_l2i:
1971 case op_l2f:
1972 case op_l2d:
1973 case op_f2i:
1974 case op_f2l:
1975 case op_f2d:
1976 case op_d2i:
1977 case op_d2l:
1978 case op_d2f:
1979 case op_lcmp:
1980 case op_fcmpl:
1981 case op_fcmpg:
1982 case op_dcmpl:
1983 case op_dcmpg:
1984 case op_monitorenter:
1985 case op_monitorexit:
1986 case op_ireturn:
1987 case op_lreturn:
1988 case op_freturn:
1989 case op_dreturn:
1990 case op_areturn:
1991 case op_return:
1992 case op_athrow:
1993 case op_arraylength:
1994 break;
1996 case op_bipush:
1997 case op_ldc:
1998 case op_iload:
1999 case op_lload:
2000 case op_fload:
2001 case op_dload:
2002 case op_aload:
2003 case op_istore:
2004 case op_lstore:
2005 case op_fstore:
2006 case op_dstore:
2007 case op_astore:
2008 case op_ret:
2009 case op_newarray:
2010 get_byte ();
2011 break;
2013 case op_iinc:
2014 case op_sipush:
2015 case op_ldc_w:
2016 case op_ldc2_w:
2017 case op_getstatic:
2018 case op_getfield:
2019 case op_putfield:
2020 case op_putstatic:
2021 case op_new:
2022 case op_anewarray:
2023 case op_instanceof:
2024 case op_checkcast:
2025 case op_invokespecial:
2026 case op_invokestatic:
2027 case op_invokevirtual:
2028 get_short ();
2029 break;
2031 case op_multianewarray:
2032 get_short ();
2033 get_byte ();
2034 break;
2036 case op_jsr:
2037 last_was_jsr = true;
2038 // Fall through.
2039 case op_ifeq:
2040 case op_ifne:
2041 case op_iflt:
2042 case op_ifge:
2043 case op_ifgt:
2044 case op_ifle:
2045 case op_if_icmpeq:
2046 case op_if_icmpne:
2047 case op_if_icmplt:
2048 case op_if_icmpge:
2049 case op_if_icmpgt:
2050 case op_if_icmple:
2051 case op_if_acmpeq:
2052 case op_if_acmpne:
2053 case op_ifnull:
2054 case op_ifnonnull:
2055 case op_goto:
2056 note_branch_target (compute_jump (get_short ()), last_was_jsr);
2057 break;
2059 case op_tableswitch:
2061 skip_padding ();
2062 note_branch_target (compute_jump (get_int ()));
2063 jint low = get_int ();
2064 jint hi = get_int ();
2065 if (low > hi)
2066 verify_fail ("invalid tableswitch", start_PC);
2067 for (int i = low; i <= hi; ++i)
2068 note_branch_target (compute_jump (get_int ()));
2070 break;
2072 case op_lookupswitch:
2074 skip_padding ();
2075 note_branch_target (compute_jump (get_int ()));
2076 int npairs = get_int ();
2077 if (npairs < 0)
2078 verify_fail ("too few pairs in lookupswitch", start_PC);
2079 while (npairs-- > 0)
2081 get_int ();
2082 note_branch_target (compute_jump (get_int ()));
2085 break;
2087 case op_invokeinterface:
2088 get_short ();
2089 get_byte ();
2090 get_byte ();
2091 break;
2093 case op_wide:
2095 opcode = (java_opcode) get_byte ();
2096 get_short ();
2097 if (opcode == op_iinc)
2098 get_short ();
2100 break;
2102 case op_jsr_w:
2103 last_was_jsr = true;
2104 // Fall through.
2105 case op_goto_w:
2106 note_branch_target (compute_jump (get_int ()), last_was_jsr);
2107 break;
2109 // These are unused here, but we call them out explicitly
2110 // so that -Wswitch-enum doesn't complain.
2111 case op_putfield_1:
2112 case op_putfield_2:
2113 case op_putfield_4:
2114 case op_putfield_8:
2115 case op_putfield_a:
2116 case op_putstatic_1:
2117 case op_putstatic_2:
2118 case op_putstatic_4:
2119 case op_putstatic_8:
2120 case op_putstatic_a:
2121 case op_getfield_1:
2122 case op_getfield_2s:
2123 case op_getfield_2u:
2124 case op_getfield_4:
2125 case op_getfield_8:
2126 case op_getfield_a:
2127 case op_getstatic_1:
2128 case op_getstatic_2s:
2129 case op_getstatic_2u:
2130 case op_getstatic_4:
2131 case op_getstatic_8:
2132 case op_getstatic_a:
2133 default:
2134 verify_fail ("unrecognized instruction in branch_prepass",
2135 start_PC);
2138 // See if any previous branch tried to branch to the middle of
2139 // this instruction.
2140 for (int pc = start_PC + 1; pc < PC; ++pc)
2142 if ((flags[pc] & FLAG_BRANCH_TARGET))
2143 verify_fail ("branch to middle of instruction", pc);
2147 // Verify exception handlers.
2148 for (int i = 0; i < current_method->exc_count; ++i)
2150 if (! (flags[exception[i].handler_pc.i] & FLAG_INSN_START))
2151 verify_fail ("exception handler not at instruction start",
2152 exception[i].handler_pc.i);
2153 if (! (flags[exception[i].start_pc.i] & FLAG_INSN_START))
2154 verify_fail ("exception start not at instruction start",
2155 exception[i].start_pc.i);
2156 if (exception[i].end_pc.i != current_method->code_length
2157 && ! (flags[exception[i].end_pc.i] & FLAG_INSN_START))
2158 verify_fail ("exception end not at instruction start",
2159 exception[i].end_pc.i);
2161 flags[exception[i].handler_pc.i] |= FLAG_BRANCH_TARGET;
2165 void check_pool_index (int index)
2167 if (index < 0 || index >= current_class->constants.size)
2168 verify_fail ("constant pool index out of range", start_PC);
2171 type check_class_constant (int index)
2173 check_pool_index (index);
2174 _Jv_Constants *pool = &current_class->constants;
2175 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
2176 return type (pool->data[index].clazz, this);
2177 else if (pool->tags[index] == JV_CONSTANT_Class)
2178 return type (pool->data[index].utf8, this);
2179 verify_fail ("expected class constant", start_PC);
2182 type check_constant (int index)
2184 check_pool_index (index);
2185 _Jv_Constants *pool = &current_class->constants;
2186 if (pool->tags[index] == JV_CONSTANT_ResolvedString
2187 || pool->tags[index] == JV_CONSTANT_String)
2188 return type (&java::lang::String::class$, this);
2189 else if (pool->tags[index] == JV_CONSTANT_Integer)
2190 return type (int_type);
2191 else if (pool->tags[index] == JV_CONSTANT_Float)
2192 return type (float_type);
2193 verify_fail ("String, int, or float constant expected", start_PC);
2196 type check_wide_constant (int index)
2198 check_pool_index (index);
2199 _Jv_Constants *pool = &current_class->constants;
2200 if (pool->tags[index] == JV_CONSTANT_Long)
2201 return type (long_type);
2202 else if (pool->tags[index] == JV_CONSTANT_Double)
2203 return type (double_type);
2204 verify_fail ("long or double constant expected", start_PC);
2207 // Helper for both field and method. These are laid out the same in
2208 // the constant pool.
2209 type handle_field_or_method (int index, int expected,
2210 _Jv_Utf8Const **name,
2211 _Jv_Utf8Const **fmtype)
2213 check_pool_index (index);
2214 _Jv_Constants *pool = &current_class->constants;
2215 if (pool->tags[index] != expected)
2216 verify_fail ("didn't see expected constant", start_PC);
2217 // Once we know we have a Fieldref or Methodref we assume that it
2218 // is correctly laid out in the constant pool. I think the code
2219 // in defineclass.cc guarantees this.
2220 _Jv_ushort class_index, name_and_type_index;
2221 _Jv_loadIndexes (&pool->data[index],
2222 class_index,
2223 name_and_type_index);
2224 _Jv_ushort name_index, desc_index;
2225 _Jv_loadIndexes (&pool->data[name_and_type_index],
2226 name_index, desc_index);
2228 *name = pool->data[name_index].utf8;
2229 *fmtype = pool->data[desc_index].utf8;
2231 return check_class_constant (class_index);
2234 // Return field's type, compute class' type if requested.
2235 type check_field_constant (int index, type *class_type = NULL)
2237 _Jv_Utf8Const *name, *field_type;
2238 type ct = handle_field_or_method (index,
2239 JV_CONSTANT_Fieldref,
2240 &name, &field_type);
2241 if (class_type)
2242 *class_type = ct;
2243 if (field_type->data[0] == '[' || field_type->data[0] == 'L')
2244 return type (field_type, this);
2245 return get_type_val_for_signature (field_type->data[0]);
2248 type check_method_constant (int index, bool is_interface,
2249 _Jv_Utf8Const **method_name,
2250 _Jv_Utf8Const **method_signature)
2252 return handle_field_or_method (index,
2253 (is_interface
2254 ? JV_CONSTANT_InterfaceMethodref
2255 : JV_CONSTANT_Methodref),
2256 method_name, method_signature);
2259 type get_one_type (char *&p)
2261 char *start = p;
2263 int arraycount = 0;
2264 while (*p == '[')
2266 ++arraycount;
2267 ++p;
2270 char v = *p++;
2272 if (v == 'L')
2274 while (*p != ';')
2275 ++p;
2276 ++p;
2277 _Jv_Utf8Const *name = make_utf8_const (start, p - start);
2278 return type (name, this);
2281 // Casting to jchar here is ok since we are looking at an ASCII
2282 // character.
2283 type_val rt = get_type_val_for_signature (jchar (v));
2285 if (arraycount == 0)
2287 // Callers of this function eventually push their arguments on
2288 // the stack. So, promote them here.
2289 return type (rt).promote ();
2292 jclass k = construct_primitive_array_type (rt);
2293 while (--arraycount > 0)
2294 k = _Jv_GetArrayClass (k, NULL);
2295 return type (k, this);
2298 void compute_argument_types (_Jv_Utf8Const *signature,
2299 type *types)
2301 char *p = signature->data;
2302 // Skip `('.
2303 ++p;
2305 int i = 0;
2306 while (*p != ')')
2307 types[i++] = get_one_type (p);
2310 type compute_return_type (_Jv_Utf8Const *signature)
2312 char *p = signature->data;
2313 while (*p != ')')
2314 ++p;
2315 ++p;
2316 return get_one_type (p);
2319 void check_return_type (type onstack)
2321 type rt = compute_return_type (current_method->self->signature);
2322 if (! rt.compatible (onstack, this))
2323 verify_fail ("incompatible return type");
2326 // Initialize the stack for the new method. Returns true if this
2327 // method is an instance initializer.
2328 bool initialize_stack ()
2330 int var = 0;
2331 bool is_init = _Jv_equalUtf8Consts (current_method->self->name,
2332 gcj::init_name);
2333 bool is_clinit = _Jv_equalUtf8Consts (current_method->self->name,
2334 gcj::clinit_name);
2336 using namespace java::lang::reflect;
2337 if (! Modifier::isStatic (current_method->self->accflags))
2339 type kurr (current_class, this);
2340 if (is_init)
2342 kurr.set_uninitialized (type::SELF, this);
2343 is_init = true;
2345 else if (is_clinit)
2346 verify_fail ("<clinit> method must be static");
2347 set_variable (0, kurr);
2348 current_state->set_this_type (kurr);
2349 ++var;
2351 else
2353 if (is_init)
2354 verify_fail ("<init> method must be non-static");
2357 // We have to handle wide arguments specially here.
2358 int arg_count = _Jv_count_arguments (current_method->self->signature);
2359 type arg_types[arg_count];
2360 compute_argument_types (current_method->self->signature, arg_types);
2361 for (int i = 0; i < arg_count; ++i)
2363 set_variable (var, arg_types[i]);
2364 ++var;
2365 if (arg_types[i].iswide ())
2366 ++var;
2369 return is_init;
2372 void verify_instructions_0 ()
2374 current_state = new state (current_method->max_stack,
2375 current_method->max_locals);
2377 PC = 0;
2378 start_PC = 0;
2380 // True if we are verifying an instance initializer.
2381 bool this_is_init = initialize_stack ();
2383 states = (state **) _Jv_Malloc (sizeof (state *)
2384 * current_method->code_length);
2385 for (int i = 0; i < current_method->code_length; ++i)
2386 states[i] = NULL;
2388 next_verify_pc = state::NO_NEXT;
2390 while (true)
2392 // If the PC was invalidated, get a new one from the work list.
2393 if (PC == state::NO_NEXT)
2395 PC = pop_jump ();
2396 if (PC == state::INVALID)
2397 verify_fail ("can't happen: saw state::INVALID");
2398 if (PC == state::NO_NEXT)
2399 break;
2400 debug_print ("== State pop from pending list\n");
2401 // Set up the current state.
2402 current_state->copy (states[PC], current_method->max_stack,
2403 current_method->max_locals);
2405 else
2407 // Control can't fall off the end of the bytecode. We
2408 // only need to check this in the fall-through case,
2409 // because branch bounds are checked when they are
2410 // pushed.
2411 if (PC >= current_method->code_length)
2412 verify_fail ("fell off end");
2414 // We only have to do this checking in the situation where
2415 // control flow falls through from the previous
2416 // instruction. Otherwise merging is done at the time we
2417 // push the branch.
2418 if (states[PC] != NULL)
2420 // We've already visited this instruction. So merge
2421 // the states together. If this yields no change then
2422 // we don't have to re-verify. However, if the new
2423 // state is an the result of an unmerged `ret', we
2424 // must continue through it.
2425 debug_print ("== Fall through merge\n");
2426 states[PC]->print ("Old", PC, current_method->max_stack,
2427 current_method->max_locals);
2428 current_state->print ("Cur", PC, current_method->max_stack,
2429 current_method->max_locals);
2430 if (! current_state->merge (states[PC], false,
2431 current_method->max_locals, this)
2432 && ! states[PC]->is_unmerged_ret_state (current_method->max_locals))
2434 debug_print ("== Fall through optimization\n");
2435 invalidate_pc ();
2436 continue;
2438 // Save a copy of it for later.
2439 states[PC]->copy (current_state, current_method->max_stack,
2440 current_method->max_locals);
2441 current_state->print ("New", PC, current_method->max_stack,
2442 current_method->max_locals);
2446 // We only have to keep saved state at branch targets. If
2447 // we're at a branch target and the state here hasn't been set
2448 // yet, we set it now.
2449 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET))
2451 states[PC] = new state (current_state, current_method->max_stack,
2452 current_method->max_locals);
2455 // Set this before handling exceptions so that debug output is
2456 // sane.
2457 start_PC = PC;
2459 // Update states for all active exception handlers. Ordinarily
2460 // there are not many exception handlers. So we simply run
2461 // through them all.
2462 for (int i = 0; i < current_method->exc_count; ++i)
2464 if (PC >= exception[i].start_pc.i && PC < exception[i].end_pc.i)
2466 type handler (&java::lang::Throwable::class$, this);
2467 if (exception[i].handler_type.i != 0)
2468 handler = check_class_constant (exception[i].handler_type.i);
2469 push_exception_jump (handler, exception[i].handler_pc.i);
2473 current_state->print (" ", PC, current_method->max_stack,
2474 current_method->max_locals);
2475 java_opcode opcode = (java_opcode) bytecode[PC++];
2476 switch (opcode)
2478 case op_nop:
2479 break;
2481 case op_aconst_null:
2482 push_type (null_type);
2483 break;
2485 case op_iconst_m1:
2486 case op_iconst_0:
2487 case op_iconst_1:
2488 case op_iconst_2:
2489 case op_iconst_3:
2490 case op_iconst_4:
2491 case op_iconst_5:
2492 push_type (int_type);
2493 break;
2495 case op_lconst_0:
2496 case op_lconst_1:
2497 push_type (long_type);
2498 break;
2500 case op_fconst_0:
2501 case op_fconst_1:
2502 case op_fconst_2:
2503 push_type (float_type);
2504 break;
2506 case op_dconst_0:
2507 case op_dconst_1:
2508 push_type (double_type);
2509 break;
2511 case op_bipush:
2512 get_byte ();
2513 push_type (int_type);
2514 break;
2516 case op_sipush:
2517 get_short ();
2518 push_type (int_type);
2519 break;
2521 case op_ldc:
2522 push_type (check_constant (get_byte ()));
2523 break;
2524 case op_ldc_w:
2525 push_type (check_constant (get_ushort ()));
2526 break;
2527 case op_ldc2_w:
2528 push_type (check_wide_constant (get_ushort ()));
2529 break;
2531 case op_iload:
2532 push_type (get_variable (get_byte (), int_type));
2533 break;
2534 case op_lload:
2535 push_type (get_variable (get_byte (), long_type));
2536 break;
2537 case op_fload:
2538 push_type (get_variable (get_byte (), float_type));
2539 break;
2540 case op_dload:
2541 push_type (get_variable (get_byte (), double_type));
2542 break;
2543 case op_aload:
2544 push_type (get_variable (get_byte (), reference_type));
2545 break;
2547 case op_iload_0:
2548 case op_iload_1:
2549 case op_iload_2:
2550 case op_iload_3:
2551 push_type (get_variable (opcode - op_iload_0, int_type));
2552 break;
2553 case op_lload_0:
2554 case op_lload_1:
2555 case op_lload_2:
2556 case op_lload_3:
2557 push_type (get_variable (opcode - op_lload_0, long_type));
2558 break;
2559 case op_fload_0:
2560 case op_fload_1:
2561 case op_fload_2:
2562 case op_fload_3:
2563 push_type (get_variable (opcode - op_fload_0, float_type));
2564 break;
2565 case op_dload_0:
2566 case op_dload_1:
2567 case op_dload_2:
2568 case op_dload_3:
2569 push_type (get_variable (opcode - op_dload_0, double_type));
2570 break;
2571 case op_aload_0:
2572 case op_aload_1:
2573 case op_aload_2:
2574 case op_aload_3:
2575 push_type (get_variable (opcode - op_aload_0, reference_type));
2576 break;
2577 case op_iaload:
2578 pop_type (int_type);
2579 push_type (require_array_type (pop_init_ref (reference_type),
2580 int_type));
2581 break;
2582 case op_laload:
2583 pop_type (int_type);
2584 push_type (require_array_type (pop_init_ref (reference_type),
2585 long_type));
2586 break;
2587 case op_faload:
2588 pop_type (int_type);
2589 push_type (require_array_type (pop_init_ref (reference_type),
2590 float_type));
2591 break;
2592 case op_daload:
2593 pop_type (int_type);
2594 push_type (require_array_type (pop_init_ref (reference_type),
2595 double_type));
2596 break;
2597 case op_aaload:
2598 pop_type (int_type);
2599 push_type (require_array_type (pop_init_ref (reference_type),
2600 reference_type));
2601 break;
2602 case op_baload:
2603 pop_type (int_type);
2604 require_array_type (pop_init_ref (reference_type), byte_type);
2605 push_type (int_type);
2606 break;
2607 case op_caload:
2608 pop_type (int_type);
2609 require_array_type (pop_init_ref (reference_type), char_type);
2610 push_type (int_type);
2611 break;
2612 case op_saload:
2613 pop_type (int_type);
2614 require_array_type (pop_init_ref (reference_type), short_type);
2615 push_type (int_type);
2616 break;
2617 case op_istore:
2618 set_variable (get_byte (), pop_type (int_type));
2619 break;
2620 case op_lstore:
2621 set_variable (get_byte (), pop_type (long_type));
2622 break;
2623 case op_fstore:
2624 set_variable (get_byte (), pop_type (float_type));
2625 break;
2626 case op_dstore:
2627 set_variable (get_byte (), pop_type (double_type));
2628 break;
2629 case op_astore:
2630 set_variable (get_byte (), pop_ref_or_return ());
2631 break;
2632 case op_istore_0:
2633 case op_istore_1:
2634 case op_istore_2:
2635 case op_istore_3:
2636 set_variable (opcode - op_istore_0, pop_type (int_type));
2637 break;
2638 case op_lstore_0:
2639 case op_lstore_1:
2640 case op_lstore_2:
2641 case op_lstore_3:
2642 set_variable (opcode - op_lstore_0, pop_type (long_type));
2643 break;
2644 case op_fstore_0:
2645 case op_fstore_1:
2646 case op_fstore_2:
2647 case op_fstore_3:
2648 set_variable (opcode - op_fstore_0, pop_type (float_type));
2649 break;
2650 case op_dstore_0:
2651 case op_dstore_1:
2652 case op_dstore_2:
2653 case op_dstore_3:
2654 set_variable (opcode - op_dstore_0, pop_type (double_type));
2655 break;
2656 case op_astore_0:
2657 case op_astore_1:
2658 case op_astore_2:
2659 case op_astore_3:
2660 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2661 break;
2662 case op_iastore:
2663 pop_type (int_type);
2664 pop_type (int_type);
2665 require_array_type (pop_init_ref (reference_type), int_type);
2666 break;
2667 case op_lastore:
2668 pop_type (long_type);
2669 pop_type (int_type);
2670 require_array_type (pop_init_ref (reference_type), long_type);
2671 break;
2672 case op_fastore:
2673 pop_type (float_type);
2674 pop_type (int_type);
2675 require_array_type (pop_init_ref (reference_type), float_type);
2676 break;
2677 case op_dastore:
2678 pop_type (double_type);
2679 pop_type (int_type);
2680 require_array_type (pop_init_ref (reference_type), double_type);
2681 break;
2682 case op_aastore:
2683 pop_type (reference_type);
2684 pop_type (int_type);
2685 require_array_type (pop_init_ref (reference_type), reference_type);
2686 break;
2687 case op_bastore:
2688 pop_type (int_type);
2689 pop_type (int_type);
2690 require_array_type (pop_init_ref (reference_type), byte_type);
2691 break;
2692 case op_castore:
2693 pop_type (int_type);
2694 pop_type (int_type);
2695 require_array_type (pop_init_ref (reference_type), char_type);
2696 break;
2697 case op_sastore:
2698 pop_type (int_type);
2699 pop_type (int_type);
2700 require_array_type (pop_init_ref (reference_type), short_type);
2701 break;
2702 case op_pop:
2703 pop32 ();
2704 break;
2705 case op_pop2:
2707 type t = pop_raw ();
2708 if (! t.iswide ())
2709 pop32 ();
2711 break;
2712 case op_dup:
2714 type t = pop32 ();
2715 push_type (t);
2716 push_type (t);
2718 break;
2719 case op_dup_x1:
2721 type t1 = pop32 ();
2722 type t2 = pop32 ();
2723 push_type (t1);
2724 push_type (t2);
2725 push_type (t1);
2727 break;
2728 case op_dup_x2:
2730 type t1 = pop32 ();
2731 type t2 = pop_raw ();
2732 if (! t2.iswide ())
2734 type t3 = pop32 ();
2735 push_type (t1);
2736 push_type (t3);
2738 else
2739 push_type (t1);
2740 push_type (t2);
2741 push_type (t1);
2743 break;
2744 case op_dup2:
2746 type t = pop_raw ();
2747 if (! t.iswide ())
2749 type t2 = pop32 ();
2750 push_type (t2);
2751 push_type (t);
2752 push_type (t2);
2754 else
2755 push_type (t);
2756 push_type (t);
2758 break;
2759 case op_dup2_x1:
2761 type t1 = pop_raw ();
2762 type t2 = pop32 ();
2763 if (! t1.iswide ())
2765 type t3 = pop32 ();
2766 push_type (t2);
2767 push_type (t1);
2768 push_type (t3);
2770 else
2771 push_type (t1);
2772 push_type (t2);
2773 push_type (t1);
2775 break;
2776 case op_dup2_x2:
2778 type t1 = pop_raw ();
2779 if (t1.iswide ())
2781 type t2 = pop_raw ();
2782 if (t2.iswide ())
2784 push_type (t1);
2785 push_type (t2);
2787 else
2789 type t3 = pop32 ();
2790 push_type (t1);
2791 push_type (t3);
2792 push_type (t2);
2794 push_type (t1);
2796 else
2798 type t2 = pop32 ();
2799 type t3 = pop_raw ();
2800 if (t3.iswide ())
2802 push_type (t2);
2803 push_type (t1);
2805 else
2807 type t4 = pop32 ();
2808 push_type (t2);
2809 push_type (t1);
2810 push_type (t4);
2812 push_type (t3);
2813 push_type (t2);
2814 push_type (t1);
2817 break;
2818 case op_swap:
2820 type t1 = pop32 ();
2821 type t2 = pop32 ();
2822 push_type (t1);
2823 push_type (t2);
2825 break;
2826 case op_iadd:
2827 case op_isub:
2828 case op_imul:
2829 case op_idiv:
2830 case op_irem:
2831 case op_ishl:
2832 case op_ishr:
2833 case op_iushr:
2834 case op_iand:
2835 case op_ior:
2836 case op_ixor:
2837 pop_type (int_type);
2838 push_type (pop_type (int_type));
2839 break;
2840 case op_ladd:
2841 case op_lsub:
2842 case op_lmul:
2843 case op_ldiv:
2844 case op_lrem:
2845 case op_land:
2846 case op_lor:
2847 case op_lxor:
2848 pop_type (long_type);
2849 push_type (pop_type (long_type));
2850 break;
2851 case op_lshl:
2852 case op_lshr:
2853 case op_lushr:
2854 pop_type (int_type);
2855 push_type (pop_type (long_type));
2856 break;
2857 case op_fadd:
2858 case op_fsub:
2859 case op_fmul:
2860 case op_fdiv:
2861 case op_frem:
2862 pop_type (float_type);
2863 push_type (pop_type (float_type));
2864 break;
2865 case op_dadd:
2866 case op_dsub:
2867 case op_dmul:
2868 case op_ddiv:
2869 case op_drem:
2870 pop_type (double_type);
2871 push_type (pop_type (double_type));
2872 break;
2873 case op_ineg:
2874 case op_i2b:
2875 case op_i2c:
2876 case op_i2s:
2877 push_type (pop_type (int_type));
2878 break;
2879 case op_lneg:
2880 push_type (pop_type (long_type));
2881 break;
2882 case op_fneg:
2883 push_type (pop_type (float_type));
2884 break;
2885 case op_dneg:
2886 push_type (pop_type (double_type));
2887 break;
2888 case op_iinc:
2889 get_variable (get_byte (), int_type);
2890 get_byte ();
2891 break;
2892 case op_i2l:
2893 pop_type (int_type);
2894 push_type (long_type);
2895 break;
2896 case op_i2f:
2897 pop_type (int_type);
2898 push_type (float_type);
2899 break;
2900 case op_i2d:
2901 pop_type (int_type);
2902 push_type (double_type);
2903 break;
2904 case op_l2i:
2905 pop_type (long_type);
2906 push_type (int_type);
2907 break;
2908 case op_l2f:
2909 pop_type (long_type);
2910 push_type (float_type);
2911 break;
2912 case op_l2d:
2913 pop_type (long_type);
2914 push_type (double_type);
2915 break;
2916 case op_f2i:
2917 pop_type (float_type);
2918 push_type (int_type);
2919 break;
2920 case op_f2l:
2921 pop_type (float_type);
2922 push_type (long_type);
2923 break;
2924 case op_f2d:
2925 pop_type (float_type);
2926 push_type (double_type);
2927 break;
2928 case op_d2i:
2929 pop_type (double_type);
2930 push_type (int_type);
2931 break;
2932 case op_d2l:
2933 pop_type (double_type);
2934 push_type (long_type);
2935 break;
2936 case op_d2f:
2937 pop_type (double_type);
2938 push_type (float_type);
2939 break;
2940 case op_lcmp:
2941 pop_type (long_type);
2942 pop_type (long_type);
2943 push_type (int_type);
2944 break;
2945 case op_fcmpl:
2946 case op_fcmpg:
2947 pop_type (float_type);
2948 pop_type (float_type);
2949 push_type (int_type);
2950 break;
2951 case op_dcmpl:
2952 case op_dcmpg:
2953 pop_type (double_type);
2954 pop_type (double_type);
2955 push_type (int_type);
2956 break;
2957 case op_ifeq:
2958 case op_ifne:
2959 case op_iflt:
2960 case op_ifge:
2961 case op_ifgt:
2962 case op_ifle:
2963 pop_type (int_type);
2964 push_jump (get_short ());
2965 break;
2966 case op_if_icmpeq:
2967 case op_if_icmpne:
2968 case op_if_icmplt:
2969 case op_if_icmpge:
2970 case op_if_icmpgt:
2971 case op_if_icmple:
2972 pop_type (int_type);
2973 pop_type (int_type);
2974 push_jump (get_short ());
2975 break;
2976 case op_if_acmpeq:
2977 case op_if_acmpne:
2978 pop_type (reference_type);
2979 pop_type (reference_type);
2980 push_jump (get_short ());
2981 break;
2982 case op_goto:
2983 push_jump (get_short ());
2984 invalidate_pc ();
2985 break;
2986 case op_jsr:
2987 handle_jsr_insn (get_short ());
2988 break;
2989 case op_ret:
2990 handle_ret_insn (get_byte ());
2991 break;
2992 case op_tableswitch:
2994 pop_type (int_type);
2995 skip_padding ();
2996 push_jump (get_int ());
2997 jint low = get_int ();
2998 jint high = get_int ();
2999 // Already checked LOW -vs- HIGH.
3000 for (int i = low; i <= high; ++i)
3001 push_jump (get_int ());
3002 invalidate_pc ();
3004 break;
3006 case op_lookupswitch:
3008 pop_type (int_type);
3009 skip_padding ();
3010 push_jump (get_int ());
3011 jint npairs = get_int ();
3012 // Already checked NPAIRS >= 0.
3013 jint lastkey = 0;
3014 for (int i = 0; i < npairs; ++i)
3016 jint key = get_int ();
3017 if (i > 0 && key <= lastkey)
3018 verify_fail ("lookupswitch pairs unsorted", start_PC);
3019 lastkey = key;
3020 push_jump (get_int ());
3022 invalidate_pc ();
3024 break;
3025 case op_ireturn:
3026 check_return_type (pop_type (int_type));
3027 invalidate_pc ();
3028 break;
3029 case op_lreturn:
3030 check_return_type (pop_type (long_type));
3031 invalidate_pc ();
3032 break;
3033 case op_freturn:
3034 check_return_type (pop_type (float_type));
3035 invalidate_pc ();
3036 break;
3037 case op_dreturn:
3038 check_return_type (pop_type (double_type));
3039 invalidate_pc ();
3040 break;
3041 case op_areturn:
3042 check_return_type (pop_init_ref (reference_type));
3043 invalidate_pc ();
3044 break;
3045 case op_return:
3046 // We only need to check this when the return type is
3047 // void, because all instance initializers return void.
3048 if (this_is_init)
3049 current_state->check_this_initialized (this);
3050 check_return_type (void_type);
3051 invalidate_pc ();
3052 break;
3053 case op_getstatic:
3054 push_type (check_field_constant (get_ushort ()));
3055 break;
3056 case op_putstatic:
3057 pop_type (check_field_constant (get_ushort ()));
3058 break;
3059 case op_getfield:
3061 type klass;
3062 type field = check_field_constant (get_ushort (), &klass);
3063 pop_type (klass);
3064 push_type (field);
3066 break;
3067 case op_putfield:
3069 type klass;
3070 type field = check_field_constant (get_ushort (), &klass);
3071 pop_type (field);
3073 // We have an obscure special case here: we can use
3074 // `putfield' on a field declared in this class, even if
3075 // `this' has not yet been initialized.
3076 if (! current_state->this_type.isinitialized ()
3077 && current_state->this_type.pc == type::SELF)
3078 klass.set_uninitialized (type::SELF, this);
3079 pop_type (klass);
3081 break;
3083 case op_invokevirtual:
3084 case op_invokespecial:
3085 case op_invokestatic:
3086 case op_invokeinterface:
3088 _Jv_Utf8Const *method_name, *method_signature;
3089 type class_type
3090 = check_method_constant (get_ushort (),
3091 opcode == op_invokeinterface,
3092 &method_name,
3093 &method_signature);
3094 // NARGS is only used when we're processing
3095 // invokeinterface. It is simplest for us to compute it
3096 // here and then verify it later.
3097 int nargs = 0;
3098 if (opcode == op_invokeinterface)
3100 nargs = get_byte ();
3101 if (get_byte () != 0)
3102 verify_fail ("invokeinterface dummy byte is wrong");
3105 bool is_init = false;
3106 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
3108 is_init = true;
3109 if (opcode != op_invokespecial)
3110 verify_fail ("can't invoke <init>");
3112 else if (method_name->data[0] == '<')
3113 verify_fail ("can't invoke method starting with `<'");
3115 // Pop arguments and check types.
3116 int arg_count = _Jv_count_arguments (method_signature);
3117 type arg_types[arg_count];
3118 compute_argument_types (method_signature, arg_types);
3119 for (int i = arg_count - 1; i >= 0; --i)
3121 // This is only used for verifying the byte for
3122 // invokeinterface.
3123 nargs -= arg_types[i].depth ();
3124 pop_init_ref (arg_types[i]);
3127 if (opcode == op_invokeinterface
3128 && nargs != 1)
3129 verify_fail ("wrong argument count for invokeinterface");
3131 if (opcode != op_invokestatic)
3133 type t = class_type;
3134 if (is_init)
3136 // In this case the PC doesn't matter.
3137 t.set_uninitialized (type::UNINIT, this);
3138 // FIXME: check to make sure that the <init>
3139 // call is to the right class.
3140 // It must either be super or an exact class
3141 // match.
3143 type raw = pop_raw ();
3144 if (! t.compatible (raw, this))
3145 verify_fail ("incompatible type on stack");
3147 if (is_init)
3148 current_state->set_initialized (raw.get_pc (),
3149 current_method->max_locals);
3152 type rt = compute_return_type (method_signature);
3153 if (! rt.isvoid ())
3154 push_type (rt);
3156 break;
3158 case op_new:
3160 type t = check_class_constant (get_ushort ());
3161 if (t.isarray () || t.isinterface (this) || t.isabstract (this))
3162 verify_fail ("type is array, interface, or abstract");
3163 t.set_uninitialized (start_PC, this);
3164 push_type (t);
3166 break;
3168 case op_newarray:
3170 int atype = get_byte ();
3171 // We intentionally have chosen constants to make this
3172 // valid.
3173 if (atype < boolean_type || atype > long_type)
3174 verify_fail ("type not primitive", start_PC);
3175 pop_type (int_type);
3176 type t (construct_primitive_array_type (type_val (atype)), this);
3177 push_type (t);
3179 break;
3180 case op_anewarray:
3181 pop_type (int_type);
3182 push_type (check_class_constant (get_ushort ()).to_array (this));
3183 break;
3184 case op_arraylength:
3186 type t = pop_init_ref (reference_type);
3187 if (! t.isarray () && ! t.isnull ())
3188 verify_fail ("array type expected");
3189 push_type (int_type);
3191 break;
3192 case op_athrow:
3193 pop_type (type (&java::lang::Throwable::class$, this));
3194 invalidate_pc ();
3195 break;
3196 case op_checkcast:
3197 pop_init_ref (reference_type);
3198 push_type (check_class_constant (get_ushort ()));
3199 break;
3200 case op_instanceof:
3201 pop_init_ref (reference_type);
3202 check_class_constant (get_ushort ());
3203 push_type (int_type);
3204 break;
3205 case op_monitorenter:
3206 pop_init_ref (reference_type);
3207 break;
3208 case op_monitorexit:
3209 pop_init_ref (reference_type);
3210 break;
3211 case op_wide:
3213 switch (get_byte ())
3215 case op_iload:
3216 push_type (get_variable (get_ushort (), int_type));
3217 break;
3218 case op_lload:
3219 push_type (get_variable (get_ushort (), long_type));
3220 break;
3221 case op_fload:
3222 push_type (get_variable (get_ushort (), float_type));
3223 break;
3224 case op_dload:
3225 push_type (get_variable (get_ushort (), double_type));
3226 break;
3227 case op_aload:
3228 push_type (get_variable (get_ushort (), reference_type));
3229 break;
3230 case op_istore:
3231 set_variable (get_ushort (), pop_type (int_type));
3232 break;
3233 case op_lstore:
3234 set_variable (get_ushort (), pop_type (long_type));
3235 break;
3236 case op_fstore:
3237 set_variable (get_ushort (), pop_type (float_type));
3238 break;
3239 case op_dstore:
3240 set_variable (get_ushort (), pop_type (double_type));
3241 break;
3242 case op_astore:
3243 set_variable (get_ushort (), pop_init_ref (reference_type));
3244 break;
3245 case op_ret:
3246 handle_ret_insn (get_short ());
3247 break;
3248 case op_iinc:
3249 get_variable (get_ushort (), int_type);
3250 get_short ();
3251 break;
3252 default:
3253 verify_fail ("unrecognized wide instruction", start_PC);
3256 break;
3257 case op_multianewarray:
3259 type atype = check_class_constant (get_ushort ());
3260 int dim = get_byte ();
3261 if (dim < 1)
3262 verify_fail ("too few dimensions to multianewarray", start_PC);
3263 atype.verify_dimensions (dim, this);
3264 for (int i = 0; i < dim; ++i)
3265 pop_type (int_type);
3266 push_type (atype);
3268 break;
3269 case op_ifnull:
3270 case op_ifnonnull:
3271 pop_type (reference_type);
3272 push_jump (get_short ());
3273 break;
3274 case op_goto_w:
3275 push_jump (get_int ());
3276 invalidate_pc ();
3277 break;
3278 case op_jsr_w:
3279 handle_jsr_insn (get_int ());
3280 break;
3282 // These are unused here, but we call them out explicitly
3283 // so that -Wswitch-enum doesn't complain.
3284 case op_putfield_1:
3285 case op_putfield_2:
3286 case op_putfield_4:
3287 case op_putfield_8:
3288 case op_putfield_a:
3289 case op_putstatic_1:
3290 case op_putstatic_2:
3291 case op_putstatic_4:
3292 case op_putstatic_8:
3293 case op_putstatic_a:
3294 case op_getfield_1:
3295 case op_getfield_2s:
3296 case op_getfield_2u:
3297 case op_getfield_4:
3298 case op_getfield_8:
3299 case op_getfield_a:
3300 case op_getstatic_1:
3301 case op_getstatic_2s:
3302 case op_getstatic_2u:
3303 case op_getstatic_4:
3304 case op_getstatic_8:
3305 case op_getstatic_a:
3306 default:
3307 // Unrecognized opcode.
3308 verify_fail ("unrecognized instruction in verify_instructions_0",
3309 start_PC);
3314 public:
3316 void verify_instructions ()
3318 branch_prepass ();
3319 verify_instructions_0 ();
3322 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
3324 // We just print the text as utf-8. This is just for debugging
3325 // anyway.
3326 debug_print ("--------------------------------\n");
3327 debug_print ("-- Verifying method `%s'\n", m->self->name->data);
3329 current_method = m;
3330 bytecode = m->bytecode ();
3331 exception = m->exceptions ();
3332 current_class = m->defining_class;
3334 states = NULL;
3335 flags = NULL;
3336 jsr_ptrs = NULL;
3337 utf8_list = NULL;
3338 isect_list = NULL;
3339 entry_points = NULL;
3342 ~_Jv_BytecodeVerifier ()
3344 if (states)
3345 _Jv_Free (states);
3346 if (flags)
3347 _Jv_Free (flags);
3349 if (jsr_ptrs)
3351 for (int i = 0; i < current_method->code_length; ++i)
3353 if (jsr_ptrs[i] != NULL)
3355 subr_info *info = jsr_ptrs[i];
3356 while (info != NULL)
3358 subr_info *next = info->next;
3359 _Jv_Free (info);
3360 info = next;
3364 _Jv_Free (jsr_ptrs);
3367 while (utf8_list != NULL)
3369 linked_utf8 *n = utf8_list->next;
3370 _Jv_Free (utf8_list->val);
3371 _Jv_Free (utf8_list);
3372 utf8_list = n;
3375 while (entry_points != NULL)
3377 subr_entry_info *next = entry_points->next;
3378 _Jv_Free (entry_points);
3379 entry_points = next;
3382 while (isect_list != NULL)
3384 ref_intersection *next = isect_list->alloc_next;
3385 delete isect_list;
3386 isect_list = next;
3391 void
3392 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
3394 _Jv_BytecodeVerifier v (meth);
3395 v.verify_instructions ();
3397 #endif /* INTERPRETER */