1 // defineclass.cc - defining a class from .class format.
3 /* Copyright (C) 2001 Free Software Foundation
5 This file is part of libgcj.
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
11 // Writte by Tom Tromey <tromey@redhat.com>
17 #include <java-insns.h>
18 #include <java-interp.h>
22 #include <java/lang/Class.h>
23 #include <java/lang/VerifyError.h>
24 #include <java/lang/Throwable.h>
25 #include <java/lang/reflect/Modifier.h>
26 #include <java/lang/StringBuffer.h>
30 // * read more about when classes must be loaded
31 // * there are bugs with boolean arrays?
32 // * class loader madness
33 // * Lots and lots of debugging and testing
34 // * type representation is still ugly. look for the big switches
35 // * at least one GC problem :-(
38 // This is global because __attribute__ doesn't seem to work on static
40 static void verify_fail (char *msg, jint pc = -1)
41 __attribute__ ((__noreturn__));
43 class _Jv_BytecodeVerifier
47 static const int FLAG_INSN_START = 1;
48 static const int FLAG_BRANCH_TARGET = 2;
49 static const int FLAG_JSR_TARGET = 4;
57 // The PC corresponding to the start of the current instruction.
60 // The current state of the stack, locals, etc.
63 // We store the state at branch targets, for merging. This holds
67 // We keep a linked list of all the PCs which we must reverify.
68 // The link is done using the PC values. This is the head of the
72 // We keep some flags for each instruction. The values are the
73 // FLAG_* constants defined above.
76 // We need to keep track of which instructions can call a given
77 // subroutine. FIXME: this is inefficient. We keep a linked list
78 // of all calling `jsr's at at each jsr target.
81 // The current top of the stack, in terms of slots.
83 // The current depth of the stack. This will be larger than
84 // STACKTOP when wide types are on the stack.
87 // The bytecode itself.
88 unsigned char *bytecode;
90 _Jv_InterpException *exception;
95 _Jv_InterpMethod *current_method;
97 // This enum holds a list of tags for all the different types we
98 // need to handle. Reference types are treated specially by the
104 // The values for primitive types are chosen to correspond to values
105 // specified to newarray.
115 // Used when overwriting second word of a double or long in the
116 // local variables. Also used after merging local variable states
117 // to indicate an unusable value.
122 // Everything after `reference_type' must be a reference type.
125 unresolved_reference_type,
126 uninitialized_reference_type,
127 uninitialized_unresolved_reference_type
130 // Return the type_val corresponding to a primitive signature
131 // character. For instance `I' returns `int.class'.
132 static type_val get_type_val_for_signature (jchar sig)
162 verify_fail ("invalid signature");
167 // Return the type_val corresponding to a primitive class.
168 static type_val get_type_val_for_signature (jclass k)
170 return get_type_val_for_signature ((jchar) k->method_count);
173 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
174 // TARGET haven't been prepared.
175 static bool is_assignable_from_slow (jclass target, jclass source)
177 // This will terminate when SOURCE==Object.
180 if (source == target)
183 if (target->isPrimitive () || source->isPrimitive ())
186 // _Jv_IsAssignableFrom can handle a target which is an
187 // interface even if it hasn't been prepared.
188 if ((target->state > JV_STATE_LINKED || target->isInterface ())
189 && source->state > JV_STATE_LINKED)
190 return _Jv_IsAssignableFrom (target, source);
192 if (target->isArray ())
194 if (! source->isArray ())
196 target = target->getComponentType ();
197 source = source->getComponentType ();
199 else if (target->isInterface ())
201 for (int i = 0; i < source->interface_count; ++i)
203 // We use a recursive call because we also need to
204 // check superinterfaces.
205 if (is_assignable_from_slow (target, source->interfaces[i]))
210 else if (target == &java::lang::Object::class$)
212 else if (source->isInterface ()
213 || source == &java::lang::Object::class$)
216 source = source->getSuperclass ();
220 // This is used to keep track of which `jsr's correspond to a given
224 // PC of the instruction just after the jsr.
230 // The `type' class is used to represent a single type in the
236 // Some associated data.
239 // For a resolved reference type, this is a pointer to the class.
241 // For other reference types, this it the name of the class.
244 // This is used when constructing a new object. It is the PC of the
245 // `new' instruction which created the object. We use the special
246 // value -2 to mean that this is uninitialized, and the special
247 // value -1 for the case where the current method is itself the
251 static const int UNINIT = -2;
252 static const int SELF = -1;
254 // Basic constructor.
257 key = unsuitable_type;
262 // Make a new instance given the type tag. We assume a generic
263 // `reference_type' means Object.
268 if (key == reference_type)
269 data.klass = &java::lang::Object::class$;
273 // Make a new instance given a class.
276 key = reference_type;
281 // Make a new instance given the name of a class.
282 type (_Jv_Utf8Const *n)
284 key = unresolved_reference_type;
297 // These operators are required because libgcj can't link in
299 void *operator new[] (size_t bytes)
301 return _Jv_Malloc (bytes);
304 void operator delete[] (void *mem)
309 type& operator= (type_val k)
317 type& operator= (const type& t)
325 // Promote a numeric type.
328 if (key == boolean_type || key == char_type
329 || key == byte_type || key == short_type)
334 // If *THIS is an unresolved reference type, resolve it.
337 if (key != unresolved_reference_type
338 && key != uninitialized_unresolved_reference_type)
341 // FIXME: class loader
342 using namespace java::lang;
343 // We might see either kind of name. Sigh.
344 if (data.name->data[0] == 'L'
345 && data.name->data[data.name->length - 1] == ';')
346 data.klass = _Jv_FindClassFromSignature (data.name->data, NULL);
348 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
350 key = (key == unresolved_reference_type
352 : uninitialized_reference_type);
355 // Mark this type as the uninitialized result of `new'.
356 void set_uninitialized (int pc)
358 if (key != reference_type && key != unresolved_reference_type)
359 verify_fail ("internal error in type::uninitialized");
360 key = (key == reference_type
361 ? uninitialized_reference_type
362 : uninitialized_unresolved_reference_type);
366 // Mark this type as now initialized.
367 void set_initialized (int npc)
371 key = (key == uninitialized_reference_type
373 : unresolved_reference_type);
379 // Return true if an object of type K can be assigned to a variable
380 // of type *THIS. Handle various special cases too. Might modify
381 // *THIS or K. Note however that this does not perform numeric
383 bool compatible (type &k)
385 // Any type is compatible with the unsuitable type.
386 if (key == unsuitable_type)
389 if (key < reference_type || k.key < reference_type)
392 // The `null' type is convertible to any reference type.
393 // FIXME: is this correct for THIS?
394 if (key == null_type || k.key == null_type)
397 // Any reference type is convertible to Object. This is a special
398 // case so we don't need to unnecessarily resolve a class.
399 if (key == reference_type
400 && data.klass == &java::lang::Object::class$)
403 // An initialized type and an uninitialized type are not
405 if (isinitialized () != k.isinitialized ())
408 // Two uninitialized objects are compatible if either:
409 // * The PCs are identical, or
410 // * One PC is UNINIT.
411 if (! isinitialized ())
413 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
417 // Two unresolved types are equal if their names are the same.
420 && _Jv_equalUtf8Consts (data.name, k.data.name))
423 // We must resolve both types and check assignability.
426 return is_assignable_from_slow (data.klass, k.data.klass);
431 return key == void_type;
436 return key == long_type || key == double_type;
439 // Return number of stack or local variable slots taken by this
443 return iswide () ? 2 : 1;
446 bool isarray () const
448 // We treat null_type as not an array. This is ok based on the
449 // current uses of this method.
450 if (key == reference_type)
451 return data.klass->isArray ();
452 else if (key == unresolved_reference_type)
453 return data.name->data[0] == '[';
460 if (key != reference_type)
462 return data.klass->isInterface ();
468 if (key != reference_type)
470 using namespace java::lang::reflect;
471 return Modifier::isAbstract (data.klass->getModifiers ());
474 // Return the element type of an array.
477 // FIXME: maybe should do string manipulation here.
479 if (key != reference_type)
480 verify_fail ("programmer error in type::element_type()");
482 jclass k = data.klass->getComponentType ();
483 if (k->isPrimitive ())
484 return type (get_type_val_for_signature (k));
488 bool isreference () const
490 return key >= reference_type;
498 bool isinitialized () const
500 return (key == reference_type
502 || key == unresolved_reference_type);
505 bool isresolved () const
507 return (key == reference_type
509 || key == uninitialized_reference_type);
512 void verify_dimensions (int ndims)
514 // The way this is written, we don't need to check isarray().
515 if (key == reference_type)
517 jclass k = data.klass;
518 while (k->isArray () && ndims > 0)
520 k = k->getComponentType ();
526 // We know KEY == unresolved_reference_type.
527 char *p = data.name->data;
528 while (*p++ == '[' && ndims-- > 0)
533 verify_fail ("array type has fewer dimensions than required");
536 // Merge OLD_TYPE into this. On error throw exception.
537 bool merge (type& old_type, bool local_semantics = false)
539 bool changed = false;
540 bool refo = old_type.isreference ();
541 bool refn = isreference ();
544 if (old_type.key == null_type)
546 else if (key == null_type)
551 else if (isinitialized () != old_type.isinitialized ())
552 verify_fail ("merging initialized and uninitialized types");
555 if (! isinitialized ())
559 else if (old_type.pc == UNINIT)
561 else if (pc != old_type.pc)
562 verify_fail ("merging different uninitialized types");
566 && ! old_type.isresolved ()
567 && _Jv_equalUtf8Consts (data.name, old_type.data.name))
569 // Types are identical.
576 jclass k = data.klass;
577 jclass oldk = old_type.data.klass;
580 while (k->isArray () && oldk->isArray ())
583 k = k->getComponentType ();
584 oldk = oldk->getComponentType ();
587 // This loop will end when we hit Object.
590 if (is_assignable_from_slow (k, oldk))
592 k = k->getSuperclass ();
598 while (arraycount > 0)
600 // FIXME: Class loader.
601 k = _Jv_GetArrayClass (k, NULL);
609 else if (refo || refn || key != old_type.key)
613 key = unsuitable_type;
617 verify_fail ("unmergeable type");
623 // This class holds all the state information we need for a given
627 // Current top of stack.
629 // Current stack depth. This is like the top of stack but it
630 // includes wide variable information.
634 // The local variables.
636 // This is used in subroutines to keep track of which local
637 // variables have been accessed.
639 // If not 0, then we are in a subroutine. The value is the PC of
640 // the subroutine's entry point. We can use 0 as an exceptional
641 // value because PC=0 can never be a subroutine.
643 // This is used to keep a linked list of all the states which
644 // require re-verification. We use the PC to keep track.
647 // INVALID marks a state which is not on the linked list of states
648 // requiring reverification.
649 static const int INVALID = -1;
650 // NO_NEXT marks the state at the end of the reverification list.
651 static const int NO_NEXT = -2;
657 local_changed = NULL;
660 state (int max_stack, int max_locals)
664 stack = new type[max_stack];
665 for (int i = 0; i < max_stack; ++i)
666 stack[i] = unsuitable_type;
667 locals = new type[max_locals];
668 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
669 for (int i = 0; i < max_locals; ++i)
671 locals[i] = unsuitable_type;
672 local_changed[i] = false;
678 state (const state *copy, int max_stack, int max_locals)
680 stack = new type[max_stack];
681 locals = new type[max_locals];
682 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
694 _Jv_Free (local_changed);
697 void *operator new[] (size_t bytes)
699 return _Jv_Malloc (bytes);
702 void operator delete[] (void *mem)
707 void *operator new (size_t bytes)
709 return _Jv_Malloc (bytes);
712 void operator delete (void *mem)
717 void copy (const state *copy, int max_stack, int max_locals)
719 stacktop = copy->stacktop;
720 stackdepth = copy->stackdepth;
721 subroutine = copy->subroutine;
722 for (int i = 0; i < max_stack; ++i)
723 stack[i] = copy->stack[i];
724 for (int i = 0; i < max_locals; ++i)
726 locals[i] = copy->locals[i];
727 local_changed[i] = copy->local_changed[i];
729 // Don't modify `next'.
732 // Modify this state to reflect entry to an exception handler.
733 void set_exception (type t, int max_stack)
738 for (int i = stacktop; i < max_stack; ++i)
739 stack[i] = unsuitable_type;
741 // FIXME: subroutine handling?
744 // Merge STATE into this state. Destructively modifies this state.
745 // Returns true if the new state was in fact changed. Will throw an
746 // exception if the states are not mergeable.
747 bool merge (state *state_old, bool ret_semantics,
750 bool changed = false;
752 // Merge subroutine states. *THIS and *STATE_OLD must be in the
753 // same subroutine. Also, recursive subroutine calls must be
755 if (subroutine == state_old->subroutine)
759 else if (subroutine == 0)
761 subroutine = state_old->subroutine;
765 verify_fail ("subroutines merged");
768 if (state_old->stacktop != stacktop)
769 verify_fail ("stack sizes differ");
770 for (int i = 0; i < state_old->stacktop; ++i)
772 if (stack[i].merge (state_old->stack[i]))
776 // Merge local variables.
777 for (int i = 0; i < max_locals; ++i)
779 if (! ret_semantics || local_changed[i])
781 if (locals[i].merge (state_old->locals[i], true))
788 // If we're in a subroutine, we must compute the union of
789 // all the changed local variables.
790 if (state_old->local_changed[i])
797 // Throw an exception if there is an uninitialized object on the
798 // stack or in a local variable. EXCEPTION_SEMANTICS controls
799 // whether we're using backwards-branch or exception-handing
801 void check_no_uninitialized_objects (int max_locals,
802 bool exception_semantics = false)
804 if (! exception_semantics)
806 for (int i = 0; i < stacktop; ++i)
807 if (stack[i].isreference () && ! stack[i].isinitialized ())
808 verify_fail ("uninitialized object on stack");
811 for (int i = 0; i < max_locals; ++i)
812 if (locals[i].isreference () && ! locals[i].isinitialized ())
813 verify_fail ("uninitialized object in local variable");
816 // Note that a local variable was accessed or modified.
817 void note_variable (int index)
820 local_changed[index] = true;
823 // Mark each `new'd object we know of that was allocated at PC as
825 void set_initialized (int pc, int max_locals)
827 for (int i = 0; i < stacktop; ++i)
828 stack[i].set_initialized (pc);
829 for (int i = 0; i < max_locals; ++i)
830 locals[i].set_initialized (pc);
836 if (current_state->stacktop <= 0)
837 verify_fail ("stack empty");
838 type r = current_state->stack[--current_state->stacktop];
839 current_state->stackdepth -= r.depth ();
840 if (current_state->stackdepth < 0)
841 verify_fail ("stack empty");
849 verify_fail ("narrow pop of wide type");
857 verify_fail ("wide pop of narrow type");
861 type pop_type (type match)
864 if (! match.compatible (t))
865 verify_fail ("incompatible type on stack");
869 void push_type (type t)
871 // If T is a numeric type like short, promote it to int.
874 int depth = t.depth ();
875 if (current_state->stackdepth + depth > current_method->max_stack)
876 verify_fail ("stack overflow");
877 current_state->stack[current_state->stacktop++] = t;
878 current_state->stackdepth += depth;
881 void set_variable (int index, type t)
883 // If T is a numeric type like short, promote it to int.
886 int depth = t.depth ();
887 if (index > current_method->max_locals - depth)
888 verify_fail ("invalid local variable");
889 current_state->locals[index] = t;
890 current_state->note_variable (index);
894 current_state->locals[index + 1] = continuation_type;
895 current_state->note_variable (index + 1);
897 if (index > 0 && current_state->locals[index - 1].iswide ())
899 current_state->locals[index - 1] = unsuitable_type;
900 // There's no need to call note_variable here.
904 type get_variable (int index, type t)
906 int depth = t.depth ();
907 if (index > current_method->max_locals - depth)
908 verify_fail ("invalid local variable", start_PC);
909 if (! t.compatible (current_state->locals[index]))
910 verify_fail ("incompatible type in local variable", start_PC);
913 type t (continuation_type);
914 if (! current_state->locals[index + 1].compatible (t))
915 verify_fail ("invalid local variable", start_PC);
917 current_state->note_variable (index);
918 return current_state->locals[index];
921 // Make sure ARRAY is an array type and that its elements are
922 // compatible with type ELEMENT. Returns the actual element type.
923 type require_array_type (type array, type element)
925 if (! array.isarray ())
926 verify_fail ("array required");
928 type t = array.element_type ();
929 if (! element.compatible (t))
930 verify_fail ("incompatible array element type");
932 // Return T and not ELEMENT, because T might be specialized.
938 if (PC >= current_method->code_length)
939 verify_fail ("premature end of bytecode");
940 return (jint) bytecode[PC++] & 0xff;
945 jbyte b1 = get_byte ();
946 jbyte b2 = get_byte ();
947 return (jint) ((b1 << 8) | b2) & 0xffff;
952 jbyte b1 = get_byte ();
953 jbyte b2 = get_byte ();
954 jshort s = (b1 << 8) | b2;
960 jbyte b1 = get_byte ();
961 jbyte b2 = get_byte ();
962 jbyte b3 = get_byte ();
963 jbyte b4 = get_byte ();
964 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
967 int compute_jump (int offset)
969 int npc = start_PC + offset;
970 if (npc < 0 || npc >= current_method->code_length)
971 verify_fail ("branch out of range");
975 // Merge the indicated state into a new state and schedule a new PC if
976 // there is a change. If RET_SEMANTICS is true, then we are merging
977 // from a `ret' instruction into the instruction after a `jsr'. This
978 // is a special case with its own modified semantics.
979 void push_jump_merge (int npc, state *nstate, bool ret_semantics = false)
982 if (states[npc] == NULL)
984 // FIXME: what if we reach this code from a `ret'?
986 states[npc] = new state (nstate, current_method->max_stack,
987 current_method->max_locals);
990 changed = nstate->merge (states[npc], ret_semantics,
991 current_method->max_stack);
993 if (changed && states[npc]->next == state::INVALID)
995 // The merge changed the state, and the new PC isn't yet on our
996 // list of PCs to re-verify.
997 states[npc]->next = next_verify_pc;
998 next_verify_pc = npc;
1002 void push_jump (int offset)
1004 int npc = compute_jump (offset);
1006 current_state->check_no_uninitialized_objects (current_method->max_stack);
1007 push_jump_merge (npc, current_state);
1010 void push_exception_jump (type t, int pc)
1012 current_state->check_no_uninitialized_objects (current_method->max_stack,
1014 state s (current_state, current_method->max_stack,
1015 current_method->max_locals);
1016 s.set_exception (t, current_method->max_stack);
1017 push_jump_merge (pc, &s);
1022 int npc = next_verify_pc;
1023 if (npc != state::NO_NEXT)
1025 next_verify_pc = states[npc]->next;
1026 states[npc]->next = state::INVALID;
1031 void invalidate_pc ()
1033 PC = state::NO_NEXT;
1036 void note_branch_target (int pc, bool is_jsr_target = false)
1038 if (pc <= PC && ! (flags[pc] & FLAG_INSN_START))
1039 verify_fail ("branch not to instruction start");
1040 flags[pc] |= FLAG_BRANCH_TARGET;
1043 // Record the jsr which called this instruction.
1044 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1046 info->next = jsr_ptrs[pc];
1047 jsr_ptrs[pc] = info;
1048 flags[pc] |= FLAG_JSR_TARGET;
1052 void skip_padding ()
1054 while ((PC % 4) > 0)
1055 if (get_byte () != 0)
1056 verify_fail ("found nonzero padding byte");
1059 // Return the subroutine to which the instruction at PC belongs.
1060 int get_subroutine (int pc)
1062 if (states[pc] == NULL)
1064 return states[pc]->subroutine;
1067 // Do the work for a `ret' instruction. INDEX is the index into the
1069 void handle_ret_insn (int index)
1071 get_variable (index, return_address_type);
1073 int csub = current_state->subroutine;
1075 verify_fail ("no subroutine");
1077 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next)
1079 // Temporarily modify the current state so it looks like we're
1080 // in the enclosing context.
1081 current_state->subroutine = get_subroutine (subr->pc);
1083 current_state->check_no_uninitialized_objects (current_method->max_stack);
1084 push_jump_merge (subr->pc, current_state, true);
1087 current_state->subroutine = csub;
1091 // We're in the subroutine SUB, calling a subroutine at DEST. Make
1092 // sure this subroutine isn't already on the stack.
1093 void check_nonrecursive_call (int sub, int dest)
1098 verify_fail ("recursive subroutine call");
1099 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next)
1100 check_nonrecursive_call (get_subroutine (info->pc), dest);
1103 void handle_jsr_insn (int offset)
1105 int npc = compute_jump (offset);
1108 current_state->check_no_uninitialized_objects (current_method->max_stack);
1109 check_nonrecursive_call (current_state->subroutine, npc);
1111 // Temporarily modify the current state so that it looks like we are
1112 // in the subroutine.
1113 push_type (return_address_type);
1114 int save = current_state->subroutine;
1115 current_state->subroutine = npc;
1117 // Merge into the subroutine.
1118 push_jump_merge (npc, current_state);
1120 // Undo our modifications.
1121 current_state->subroutine = save;
1122 pop_type (return_address_type);
1125 jclass construct_primitive_array_type (type_val prim)
1131 k = JvPrimClass (boolean);
1134 k = JvPrimClass (char);
1137 k = JvPrimClass (float);
1140 k = JvPrimClass (double);
1143 k = JvPrimClass (byte);
1146 k = JvPrimClass (short);
1149 k = JvPrimClass (int);
1152 k = JvPrimClass (long);
1155 verify_fail ("unknown type in construct_primitive_array_type");
1157 k = _Jv_GetArrayClass (k, NULL);
1161 // This pass computes the location of branch targets and also
1162 // instruction starts.
1163 void branch_prepass ()
1165 flags = (char *) _Jv_Malloc (current_method->code_length);
1166 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *)
1167 * current_method->code_length);
1169 for (int i = 0; i < current_method->code_length; ++i)
1175 bool last_was_jsr = false;
1178 while (PC < current_method->code_length)
1180 flags[PC] |= FLAG_INSN_START;
1182 // If the previous instruction was a jsr, then the next
1183 // instruction is a branch target -- the branch being the
1184 // corresponding `ret'.
1186 note_branch_target (PC);
1187 last_was_jsr = false;
1190 unsigned char opcode = bytecode[PC++];
1194 case op_aconst_null:
1331 case op_monitorenter:
1332 case op_monitorexit:
1355 case op_arraylength:
1371 case op_invokespecial:
1372 case op_invokestatic:
1373 case op_invokevirtual:
1377 case op_multianewarray:
1383 last_was_jsr = true;
1402 note_branch_target (compute_jump (get_short ()), last_was_jsr);
1405 case op_tableswitch:
1408 note_branch_target (compute_jump (get_int ()));
1409 jint low = get_int ();
1410 jint hi = get_int ();
1412 verify_fail ("invalid tableswitch", start_PC);
1413 for (int i = low; i <= hi; ++i)
1414 note_branch_target (compute_jump (get_int ()));
1418 case op_lookupswitch:
1421 note_branch_target (compute_jump (get_int ()));
1422 int npairs = get_int ();
1424 verify_fail ("too few pairs in lookupswitch", start_PC);
1425 while (npairs-- > 0)
1428 note_branch_target (compute_jump (get_int ()));
1433 case op_invokeinterface:
1441 opcode = get_byte ();
1443 if (opcode == (unsigned char) op_iinc)
1449 last_was_jsr = true;
1452 note_branch_target (compute_jump (get_int ()), last_was_jsr);
1456 verify_fail ("unrecognized instruction in branch_prepass",
1460 // See if any previous branch tried to branch to the middle of
1461 // this instruction.
1462 for (int pc = start_PC + 1; pc < PC; ++pc)
1464 if ((flags[pc] & FLAG_BRANCH_TARGET))
1465 verify_fail ("branch to middle of instruction", pc);
1469 // Verify exception handlers.
1470 for (int i = 0; i < current_method->exc_count; ++i)
1472 if (! (flags[exception[i].handler_pc] & FLAG_INSN_START))
1473 verify_fail ("exception handler not at instruction start",
1474 exception[i].handler_pc);
1475 if (exception[i].start_pc > exception[i].end_pc)
1476 verify_fail ("exception range inverted");
1477 if (! (flags[exception[i].start_pc] & FLAG_INSN_START))
1478 verify_fail ("exception start not at instruction start",
1479 exception[i].start_pc);
1480 else if (! (flags[exception[i].end_pc] & FLAG_INSN_START))
1481 verify_fail ("exception end not at instruction start",
1482 exception[i].end_pc);
1484 flags[exception[i].handler_pc] |= FLAG_BRANCH_TARGET;
1488 void check_pool_index (int index)
1490 if (index < 0 || index >= current_class->constants.size)
1491 verify_fail ("constant pool index out of range", start_PC);
1494 type check_class_constant (int index)
1496 check_pool_index (index);
1497 _Jv_Constants *pool = ¤t_class->constants;
1498 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
1499 return type (pool->data[index].clazz);
1500 else if (pool->tags[index] == JV_CONSTANT_Class)
1501 return type (pool->data[index].utf8);
1502 verify_fail ("expected class constant", start_PC);
1505 type check_constant (int index)
1507 check_pool_index (index);
1508 _Jv_Constants *pool = ¤t_class->constants;
1509 if (pool->tags[index] == JV_CONSTANT_ResolvedString
1510 || pool->tags[index] == JV_CONSTANT_String)
1511 return type (&java::lang::String::class$);
1512 else if (pool->tags[index] == JV_CONSTANT_Integer)
1513 return type (int_type);
1514 else if (pool->tags[index] == JV_CONSTANT_Float)
1515 return type (float_type);
1516 verify_fail ("String, int, or float constant expected", start_PC);
1519 type check_wide_constant (int index)
1521 check_pool_index (index);
1522 _Jv_Constants *pool = ¤t_class->constants;
1523 if (pool->tags[index] == JV_CONSTANT_Long)
1524 return type (long_type);
1525 else if (pool->tags[index] == JV_CONSTANT_Double)
1526 return type (double_type);
1527 verify_fail ("long or double constant expected", start_PC);
1530 // Helper for both field and method. These are laid out the same in
1531 // the constant pool.
1532 type handle_field_or_method (int index, int expected,
1533 _Jv_Utf8Const **name,
1534 _Jv_Utf8Const **fmtype)
1536 check_pool_index (index);
1537 _Jv_Constants *pool = ¤t_class->constants;
1538 if (pool->tags[index] != expected)
1539 verify_fail ("didn't see expected constant", start_PC);
1540 // Once we know we have a Fieldref or Methodref we assume that it
1541 // is correctly laid out in the constant pool. I think the code
1542 // in defineclass.cc guarantees this.
1543 _Jv_ushort class_index, name_and_type_index;
1544 _Jv_loadIndexes (&pool->data[index],
1546 name_and_type_index);
1547 _Jv_ushort name_index, desc_index;
1548 _Jv_loadIndexes (&pool->data[name_and_type_index],
1549 name_index, desc_index);
1551 *name = pool->data[name_index].utf8;
1552 *fmtype = pool->data[desc_index].utf8;
1554 return check_class_constant (class_index);
1557 // Return field's type, compute class' type if requested.
1558 type check_field_constant (int index, type *class_type = NULL)
1560 _Jv_Utf8Const *name, *field_type;
1561 type ct = handle_field_or_method (index,
1562 JV_CONSTANT_Fieldref,
1563 &name, &field_type);
1566 if (field_type->data[0] == '[' || field_type->data[0] == 'L')
1567 return type (field_type);
1568 return get_type_val_for_signature (field_type->data[0]);
1571 type check_method_constant (int index, bool is_interface,
1572 _Jv_Utf8Const **method_name,
1573 _Jv_Utf8Const **method_signature)
1575 return handle_field_or_method (index,
1577 ? JV_CONSTANT_InterfaceMethodref
1578 : JV_CONSTANT_Methodref),
1579 method_name, method_signature);
1582 type get_one_type (char *&p)
1600 // FIXME! This will get collected!
1601 _Jv_Utf8Const *name = _Jv_makeUtf8Const (start, p - start);
1605 // Casting to jchar here is ok since we are looking at an ASCII
1607 type_val rt = get_type_val_for_signature (jchar (v));
1609 if (arraycount == 0)
1611 // Callers of this function eventually push their arguments on
1612 // the stack. So, promote them here.
1613 return type (rt).promote ();
1616 jclass k = construct_primitive_array_type (rt);
1617 while (--arraycount > 0)
1618 k = _Jv_GetArrayClass (k, NULL);
1622 void compute_argument_types (_Jv_Utf8Const *signature,
1625 char *p = signature->data;
1631 types[i++] = get_one_type (p);
1634 type compute_return_type (_Jv_Utf8Const *signature)
1636 char *p = signature->data;
1640 return get_one_type (p);
1643 void check_return_type (type expected)
1645 type rt = compute_return_type (current_method->self->signature);
1646 if (! expected.compatible (rt))
1647 verify_fail ("incompatible return type", start_PC);
1650 void verify_instructions_0 ()
1652 current_state = new state (current_method->max_stack,
1653 current_method->max_locals);
1661 using namespace java::lang::reflect;
1662 if (! Modifier::isStatic (current_method->self->accflags))
1664 type kurr (current_class);
1665 if (_Jv_equalUtf8Consts (current_method->self->name, gcj::init_name))
1666 kurr.set_uninitialized (type::SELF);
1667 set_variable (0, kurr);
1671 // We have to handle wide arguments specially here.
1672 int arg_count = _Jv_count_arguments (current_method->self->signature);
1673 type arg_types[arg_count];
1674 compute_argument_types (current_method->self->signature, arg_types);
1675 for (int i = 0; i < arg_count; ++i)
1677 set_variable (var, arg_types[i]);
1679 if (arg_types[i].iswide ())
1684 states = (state **) _Jv_Malloc (sizeof (state *)
1685 * current_method->code_length);
1686 for (int i = 0; i < current_method->code_length; ++i)
1689 next_verify_pc = state::NO_NEXT;
1693 // If the PC was invalidated, get a new one from the work list.
1694 if (PC == state::NO_NEXT)
1697 if (PC == state::INVALID)
1698 verify_fail ("saw state::INVALID", start_PC);
1699 if (PC == state::NO_NEXT)
1701 // Set up the current state.
1702 *current_state = *states[PC];
1705 // Control can't fall off the end of the bytecode.
1706 if (PC >= current_method->code_length)
1707 verify_fail ("fell off end");
1709 if (states[PC] != NULL)
1711 // We've already visited this instruction. So merge the
1712 // states together. If this yields no change then we don't
1713 // have to re-verify.
1714 if (! current_state->merge (states[PC], false,
1715 current_method->max_stack))
1720 // Save a copy of it for later.
1721 states[PC]->copy (current_state, current_method->max_stack,
1722 current_method->max_locals);
1724 else if ((flags[PC] & FLAG_BRANCH_TARGET))
1726 // We only have to keep saved state at branch targets.
1727 states[PC] = new state (current_state, current_method->max_stack,
1728 current_method->max_locals);
1731 // Update states for all active exception handlers. Ordinarily
1732 // there are not many exception handlers. So we simply run
1733 // through them all.
1734 for (int i = 0; i < current_method->exc_count; ++i)
1736 if (PC >= exception[i].start_pc && PC < exception[i].end_pc)
1738 type handler = reference_type;
1739 if (exception[i].handler_type != 0)
1740 handler = check_class_constant (exception[i].handler_type);
1741 push_exception_jump (handler, exception[i].handler_pc);
1746 unsigned char opcode = bytecode[PC++];
1752 case op_aconst_null:
1753 push_type (null_type);
1763 push_type (int_type);
1768 push_type (long_type);
1774 push_type (float_type);
1779 push_type (double_type);
1784 push_type (int_type);
1789 push_type (int_type);
1793 push_type (check_constant (get_byte ()));
1796 push_type (check_constant (get_ushort ()));
1799 push_type (check_wide_constant (get_ushort ()));
1803 push_type (get_variable (get_byte (), int_type));
1806 push_type (get_variable (get_byte (), long_type));
1809 push_type (get_variable (get_byte (), float_type));
1812 push_type (get_variable (get_byte (), double_type));
1815 push_type (get_variable (get_byte (), reference_type));
1822 push_type (get_variable (opcode - op_iload_0, int_type));
1828 push_type (get_variable (opcode - op_lload_0, long_type));
1834 push_type (get_variable (opcode - op_fload_0, float_type));
1840 push_type (get_variable (opcode - op_dload_0, double_type));
1846 push_type (get_variable (opcode - op_aload_0, reference_type));
1849 pop_type (int_type);
1850 push_type (require_array_type (pop_type (reference_type),
1854 pop_type (int_type);
1855 push_type (require_array_type (pop_type (reference_type),
1859 pop_type (int_type);
1860 push_type (require_array_type (pop_type (reference_type),
1864 pop_type (int_type);
1865 push_type (require_array_type (pop_type (reference_type),
1869 pop_type (int_type);
1870 push_type (require_array_type (pop_type (reference_type),
1874 pop_type (int_type);
1875 require_array_type (pop_type (reference_type), byte_type);
1876 push_type (int_type);
1879 pop_type (int_type);
1880 require_array_type (pop_type (reference_type), char_type);
1881 push_type (int_type);
1884 pop_type (int_type);
1885 require_array_type (pop_type (reference_type), short_type);
1886 push_type (int_type);
1889 set_variable (get_byte (), pop_type (int_type));
1892 set_variable (get_byte (), pop_type (long_type));
1895 set_variable (get_byte (), pop_type (float_type));
1898 set_variable (get_byte (), pop_type (double_type));
1901 set_variable (get_byte (), pop_type (reference_type));
1907 set_variable (opcode - op_istore_0, pop_type (int_type));
1913 set_variable (opcode - op_lstore_0, pop_type (long_type));
1919 set_variable (opcode - op_fstore_0, pop_type (float_type));
1925 set_variable (opcode - op_dstore_0, pop_type (double_type));
1931 set_variable (opcode - op_astore_0, pop_type (reference_type));
1934 pop_type (int_type);
1935 pop_type (int_type);
1936 require_array_type (pop_type (reference_type), int_type);
1939 pop_type (long_type);
1940 pop_type (int_type);
1941 require_array_type (pop_type (reference_type), long_type);
1944 pop_type (float_type);
1945 pop_type (int_type);
1946 require_array_type (pop_type (reference_type), float_type);
1949 pop_type (double_type);
1950 pop_type (int_type);
1951 require_array_type (pop_type (reference_type), double_type);
1954 pop_type (reference_type);
1955 pop_type (int_type);
1956 require_array_type (pop_type (reference_type), reference_type);
1959 pop_type (int_type);
1960 pop_type (int_type);
1961 require_array_type (pop_type (reference_type), byte_type);
1964 pop_type (int_type);
1965 pop_type (int_type);
1966 require_array_type (pop_type (reference_type), char_type);
1969 pop_type (int_type);
1970 pop_type (int_type);
1971 require_array_type (pop_type (reference_type), short_type);
1998 type t2 = pop_raw ();
2013 type t = pop_raw ();
2026 type t1 = pop_raw ();
2044 type t1 = pop_raw ();
2047 type t2 = pop_raw ();
2065 type t3 = pop_raw ();
2103 pop_type (int_type);
2104 push_type (pop_type (int_type));
2117 pop_type (long_type);
2118 push_type (pop_type (long_type));
2125 pop_type (float_type);
2126 push_type (pop_type (float_type));
2133 pop_type (double_type);
2134 push_type (pop_type (double_type));
2140 push_type (pop_type (int_type));
2143 push_type (pop_type (long_type));
2146 push_type (pop_type (float_type));
2149 push_type (pop_type (double_type));
2152 get_variable (get_byte (), int_type);
2156 pop_type (int_type);
2157 push_type (long_type);
2160 pop_type (int_type);
2161 push_type (float_type);
2164 pop_type (int_type);
2165 push_type (double_type);
2168 pop_type (long_type);
2169 push_type (int_type);
2172 pop_type (long_type);
2173 push_type (float_type);
2176 pop_type (long_type);
2177 push_type (double_type);
2180 pop_type (float_type);
2181 push_type (int_type);
2184 pop_type (float_type);
2185 push_type (long_type);
2188 pop_type (float_type);
2189 push_type (double_type);
2192 pop_type (double_type);
2193 push_type (int_type);
2196 pop_type (double_type);
2197 push_type (long_type);
2200 pop_type (double_type);
2201 push_type (float_type);
2204 pop_type (long_type);
2205 pop_type (long_type);
2206 push_type (int_type);
2210 pop_type (float_type);
2211 pop_type (float_type);
2212 push_type (int_type);
2216 pop_type (double_type);
2217 pop_type (double_type);
2218 push_type (int_type);
2226 pop_type (int_type);
2227 push_jump (get_short ());
2235 pop_type (int_type);
2236 pop_type (int_type);
2237 push_jump (get_short ());
2241 pop_type (reference_type);
2242 pop_type (reference_type);
2243 push_jump (get_short ());
2246 push_jump (get_short ());
2250 handle_jsr_insn (get_short ());
2253 handle_ret_insn (get_byte ());
2255 case op_tableswitch:
2257 pop_type (int_type);
2259 push_jump (get_int ());
2260 jint low = get_int ();
2261 jint high = get_int ();
2262 // Already checked LOW -vs- HIGH.
2263 for (int i = low; i <= high; ++i)
2264 push_jump (get_int ());
2269 case op_lookupswitch:
2271 pop_type (int_type);
2273 push_jump (get_int ());
2274 jint npairs = get_int ();
2275 // Already checked NPAIRS >= 0.
2277 for (int i = 0; i < npairs; ++i)
2279 jint key = get_int ();
2280 if (i > 0 && key <= lastkey)
2281 verify_fail ("lookupswitch pairs unsorted", start_PC);
2283 push_jump (get_int ());
2289 check_return_type (pop_type (int_type));
2293 check_return_type (pop_type (long_type));
2297 check_return_type (pop_type (float_type));
2301 check_return_type (pop_type (double_type));
2305 check_return_type (pop_type (reference_type));
2309 check_return_type (void_type);
2313 push_type (check_field_constant (get_ushort ()));
2316 pop_type (check_field_constant (get_ushort ()));
2321 type field = check_field_constant (get_ushort (), &klass);
2329 type field = check_field_constant (get_ushort (), &klass);
2335 case op_invokevirtual:
2336 case op_invokespecial:
2337 case op_invokestatic:
2338 case op_invokeinterface:
2340 _Jv_Utf8Const *method_name, *method_signature;
2342 = check_method_constant (get_ushort (),
2343 opcode == (unsigned char) op_invokeinterface,
2346 int arg_count = _Jv_count_arguments (method_signature);
2347 if (opcode == (unsigned char) op_invokeinterface)
2349 int nargs = get_byte ();
2351 verify_fail ("too few arguments to invokeinterface",
2353 if (get_byte () != 0)
2354 verify_fail ("invokeinterface dummy byte is wrong",
2356 if (nargs - 1 != arg_count)
2357 verify_fail ("wrong argument count for invokeinterface",
2361 bool is_init = false;
2362 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
2365 if (opcode != (unsigned char) op_invokespecial)
2366 verify_fail ("can't invoke <init>", start_PC);
2368 else if (method_name->data[0] == '<')
2369 verify_fail ("can't invoke method starting with `<'",
2372 // Pop arguments and check types.
2373 type arg_types[arg_count];
2374 compute_argument_types (method_signature, arg_types);
2375 for (int i = arg_count - 1; i >= 0; --i)
2376 pop_type (arg_types[i]);
2378 if (opcode != (unsigned char) op_invokestatic)
2380 type t = class_type;
2383 // In this case the PC doesn't matter.
2384 t.set_uninitialized (type::UNINIT);
2388 current_state->set_initialized (t.get_pc (),
2389 current_method->max_locals);
2392 type rt = compute_return_type (method_signature);
2400 type t = check_class_constant (get_ushort ());
2401 if (t.isarray () || t.isinterface () || t.isabstract ())
2402 verify_fail ("type is array, interface, or abstract",
2404 t.set_uninitialized (start_PC);
2411 int atype = get_byte ();
2412 // We intentionally have chosen constants to make this
2414 if (atype < boolean_type || atype > long_type)
2415 verify_fail ("type not primitive", start_PC);
2416 pop_type (int_type);
2417 push_type (construct_primitive_array_type (type_val (atype)));
2421 pop_type (int_type);
2422 push_type (check_class_constant (get_ushort ()));
2424 case op_arraylength:
2426 type t = pop_type (reference_type);
2428 verify_fail ("array type expected", start_PC);
2429 push_type (int_type);
2433 pop_type (type (&java::lang::Throwable::class$));
2437 pop_type (reference_type);
2438 push_type (check_class_constant (get_ushort ()));
2441 pop_type (reference_type);
2442 check_class_constant (get_ushort ());
2443 push_type (int_type);
2445 case op_monitorenter:
2446 pop_type (reference_type);
2448 case op_monitorexit:
2449 pop_type (reference_type);
2453 switch (get_byte ())
2456 push_type (get_variable (get_ushort (), int_type));
2459 push_type (get_variable (get_ushort (), long_type));
2462 push_type (get_variable (get_ushort (), float_type));
2465 push_type (get_variable (get_ushort (), double_type));
2468 push_type (get_variable (get_ushort (), reference_type));
2471 set_variable (get_ushort (), pop_type (int_type));
2474 set_variable (get_ushort (), pop_type (long_type));
2477 set_variable (get_ushort (), pop_type (float_type));
2480 set_variable (get_ushort (), pop_type (double_type));
2483 set_variable (get_ushort (), pop_type (reference_type));
2486 handle_ret_insn (get_short ());
2489 get_variable (get_ushort (), int_type);
2493 verify_fail ("unrecognized wide instruction", start_PC);
2497 case op_multianewarray:
2499 type atype = check_class_constant (get_ushort ());
2500 int dim = get_byte ();
2502 verify_fail ("too few dimensions to multianewarray", start_PC);
2503 atype.verify_dimensions (dim);
2504 for (int i = 0; i < dim; ++i)
2505 pop_type (int_type);
2511 pop_type (reference_type);
2512 push_jump (get_short ());
2515 push_jump (get_int ());
2519 handle_jsr_insn (get_int ());
2523 // Unrecognized opcode.
2524 verify_fail ("unrecognized instruction in verify_instructions_0",
2532 void verify_instructions ()
2535 verify_instructions_0 ();
2538 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
2541 bytecode = m->bytecode ();
2542 exception = m->exceptions ();
2543 current_class = m->defining_class;
2550 ~_Jv_BytecodeVerifier ()
2557 _Jv_Free (jsr_ptrs);
2562 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
2564 _Jv_BytecodeVerifier v (meth);
2565 v.verify_instructions ();
2568 // FIXME: add more info, like PC, when required.
2570 verify_fail (char *s, jint pc)
2572 using namespace java::lang;
2573 StringBuffer *buf = new StringBuffer ();
2575 buf->append (JvNewStringLatin1 ("verification failed"));
2578 buf->append (JvNewStringLatin1 (" at PC "));
2581 buf->append (JvNewStringLatin1 (": "));
2582 buf->append (JvNewStringLatin1 (s));
2583 throw new java::lang::VerifyError (buf->toString ());
2586 #endif /* INTERPRETER */