1 // defineclass.cc - defining a class from .class format.
3 /* Copyright (C) 2001, 2002 Free Software Foundation
5 This file is part of libgcj.
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
11 // Written by Tom Tromey <tromey@redhat.com>
13 // Define VERIFY_DEBUG to enable debugging output.
19 #include <java-insns.h>
20 #include <java-interp.h>
24 #include <java/lang/Class.h>
25 #include <java/lang/VerifyError.h>
26 #include <java/lang/Throwable.h>
27 #include <java/lang/reflect/Modifier.h>
28 #include <java/lang/StringBuffer.h>
32 #endif /* VERIFY_DEBUG */
35 static void debug_print (const char *fmt, ...)
36 __attribute__ ((format (printf, 1, 2)));
39 debug_print (const char *fmt, ...)
44 vfprintf (stderr, fmt, ap);
46 #endif /* VERIFY_DEBUG */
49 class _Jv_BytecodeVerifier
53 static const int FLAG_INSN_START = 1;
54 static const int FLAG_BRANCH_TARGET = 2;
59 struct subr_entry_info;
64 // The PC corresponding to the start of the current instruction.
67 // The current state of the stack, locals, etc.
70 // We store the state at branch targets, for merging. This holds
74 // We keep a linked list of all the PCs which we must reverify.
75 // The link is done using the PC values. This is the head of the
79 // We keep some flags for each instruction. The values are the
80 // FLAG_* constants defined above.
83 // We need to keep track of which instructions can call a given
84 // subroutine. FIXME: this is inefficient. We keep a linked list
85 // of all calling `jsr's at at each jsr target.
88 // We keep a linked list of entries which map each `ret' instruction
89 // to its unique subroutine entry point. We expect that there won't
90 // be many `ret' instructions, so a linked list is ok.
91 subr_entry_info *entry_points;
93 // The current top of the stack, in terms of slots.
95 // The current depth of the stack. This will be larger than
96 // STACKTOP when wide types are on the stack.
99 // The bytecode itself.
100 unsigned char *bytecode;
102 _Jv_InterpException *exception;
105 jclass current_class;
107 _Jv_InterpMethod *current_method;
109 // A linked list of utf8 objects we allocate. This is really ugly,
110 // but without this our utf8 objects would be collected.
111 linked_utf8 *utf8_list;
119 _Jv_Utf8Const *make_utf8_const (char *s, int len)
121 _Jv_Utf8Const *val = _Jv_makeUtf8Const (s, len);
122 _Jv_Utf8Const *r = (_Jv_Utf8Const *) _Jv_Malloc (sizeof (_Jv_Utf8Const)
125 r->length = val->length;
127 memcpy (r->data, val->data, val->length + 1);
129 linked_utf8 *lu = (linked_utf8 *) _Jv_Malloc (sizeof (linked_utf8));
131 lu->next = utf8_list;
137 // This enum holds a list of tags for all the different types we
138 // need to handle. Reference types are treated specially by the
144 // The values for primitive types are chosen to correspond to values
145 // specified to newarray.
155 // Used when overwriting second word of a double or long in the
156 // local variables. Also used after merging local variable states
157 // to indicate an unusable value.
162 // There is an obscure special case which requires us to note when
163 // a local variable has not been used by a subroutine. See
164 // push_jump_merge for more information.
165 unused_by_subroutine_type,
167 // Everything after `reference_type' must be a reference type.
170 unresolved_reference_type,
171 uninitialized_reference_type,
172 uninitialized_unresolved_reference_type
175 // Return the type_val corresponding to a primitive signature
176 // character. For instance `I' returns `int.class'.
177 type_val get_type_val_for_signature (jchar sig)
210 verify_fail ("invalid signature");
215 // Return the type_val corresponding to a primitive class.
216 type_val get_type_val_for_signature (jclass k)
218 return get_type_val_for_signature ((jchar) k->method_count);
221 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
222 // TARGET haven't been prepared.
223 static bool is_assignable_from_slow (jclass target, jclass source)
225 // This will terminate when SOURCE==Object.
228 if (source == target)
231 if (target->isPrimitive () || source->isPrimitive ())
234 // Check array case first because we can have an array whose
235 // component type is not prepared; _Jv_IsAssignableFrom
236 // doesn't handle this correctly.
237 if (target->isArray ())
239 if (! source->isArray ())
241 target = target->getComponentType ();
242 source = source->getComponentType ();
244 // _Jv_IsAssignableFrom can handle a target which is an
245 // interface even if it hasn't been prepared.
246 else if ((target->state > JV_STATE_LINKED || target->isInterface ())
247 && source->state > JV_STATE_LINKED)
248 return _Jv_IsAssignableFrom (target, source);
249 else if (target->isInterface ())
251 for (int i = 0; i < source->interface_count; ++i)
253 // We use a recursive call because we also need to
254 // check superinterfaces.
255 if (is_assignable_from_slow (target, source->interfaces[i]))
258 source = source->getSuperclass ();
262 else if (source->isInterface ())
264 for (int i = 0; i < target->interface_count; ++i)
266 // We use a recursive call because we also need to
267 // check superinterfaces.
268 if (is_assignable_from_slow (target->interfaces[i], source))
271 target = target->getSuperclass ();
275 else if (target == &java::lang::Object::class$)
277 else if (source == &java::lang::Object::class$)
280 source = source->getSuperclass ();
284 // This is used to keep track of which `jsr's correspond to a given
288 // PC of the instruction just after the jsr.
294 // This is used to keep track of which subroutine entry point
295 // corresponds to which `ret' instruction.
296 struct subr_entry_info
298 // PC of the subroutine entry point.
300 // PC of the `ret' instruction.
303 subr_entry_info *next;
306 // The `type' class is used to represent a single type in the
312 // Some associated data.
315 // For a resolved reference type, this is a pointer to the class.
317 // For other reference types, this it the name of the class.
320 // This is used when constructing a new object. It is the PC of the
321 // `new' instruction which created the object. We use the special
322 // value -2 to mean that this is uninitialized, and the special
323 // value -1 for the case where the current method is itself the
327 static const int UNINIT = -2;
328 static const int SELF = -1;
330 // Basic constructor.
333 key = unsuitable_type;
338 // Make a new instance given the type tag. We assume a generic
339 // `reference_type' means Object.
344 if (key == reference_type)
345 data.klass = &java::lang::Object::class$;
349 // Make a new instance given a class.
352 key = reference_type;
357 // Make a new instance given the name of a class.
358 type (_Jv_Utf8Const *n)
360 key = unresolved_reference_type;
373 // These operators are required because libgcj can't link in
375 void *operator new[] (size_t bytes)
377 return _Jv_Malloc (bytes);
380 void operator delete[] (void *mem)
385 type& operator= (type_val k)
393 type& operator= (const type& t)
401 // Promote a numeric type.
404 if (key == boolean_type || key == char_type
405 || key == byte_type || key == short_type)
410 // If *THIS is an unresolved reference type, resolve it.
411 void resolve (_Jv_BytecodeVerifier *verifier)
413 if (key != unresolved_reference_type
414 && key != uninitialized_unresolved_reference_type)
417 using namespace java::lang;
418 java::lang::ClassLoader *loader
419 = verifier->current_class->getClassLoader();
420 // We might see either kind of name. Sigh.
421 if (data.name->data[0] == 'L'
422 && data.name->data[data.name->length - 1] == ';')
423 data.klass = _Jv_FindClassFromSignature (data.name->data, loader);
425 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
427 key = (key == unresolved_reference_type
429 : uninitialized_reference_type);
432 // Mark this type as the uninitialized result of `new'.
433 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier)
435 if (key == reference_type)
436 key = uninitialized_reference_type;
437 else if (key == unresolved_reference_type)
438 key = uninitialized_unresolved_reference_type;
440 verifier->verify_fail ("internal error in type::uninitialized");
444 // Mark this type as now initialized.
445 void set_initialized (int npc)
447 if (npc != UNINIT && pc == npc
448 && (key == uninitialized_reference_type
449 || key == uninitialized_unresolved_reference_type))
451 key = (key == uninitialized_reference_type
453 : unresolved_reference_type);
459 // Return true if an object of type K can be assigned to a variable
460 // of type *THIS. Handle various special cases too. Might modify
461 // *THIS or K. Note however that this does not perform numeric
463 bool compatible (type &k, _Jv_BytecodeVerifier *verifier)
465 // Any type is compatible with the unsuitable type.
466 if (key == unsuitable_type)
469 if (key < reference_type || k.key < reference_type)
472 // The `null' type is convertible to any reference type.
473 // FIXME: is this correct for THIS?
474 if (key == null_type || k.key == null_type)
477 // Any reference type is convertible to Object. This is a special
478 // case so we don't need to unnecessarily resolve a class.
479 if (key == reference_type
480 && data.klass == &java::lang::Object::class$)
483 // An initialized type and an uninitialized type are not
485 if (isinitialized () != k.isinitialized ())
488 // Two uninitialized objects are compatible if either:
489 // * The PCs are identical, or
490 // * One PC is UNINIT.
491 if (! isinitialized ())
493 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
497 // Two unresolved types are equal if their names are the same.
500 && _Jv_equalUtf8Consts (data.name, k.data.name))
503 // We must resolve both types and check assignability.
505 k.resolve (verifier);
506 return is_assignable_from_slow (data.klass, k.data.klass);
511 return key == void_type;
516 return key == long_type || key == double_type;
519 // Return number of stack or local variable slots taken by this
523 return iswide () ? 2 : 1;
526 bool isarray () const
528 // We treat null_type as not an array. This is ok based on the
529 // current uses of this method.
530 if (key == reference_type)
531 return data.klass->isArray ();
532 else if (key == unresolved_reference_type)
533 return data.name->data[0] == '[';
539 return key == null_type;
542 bool isinterface (_Jv_BytecodeVerifier *verifier)
545 if (key != reference_type)
547 return data.klass->isInterface ();
550 bool isabstract (_Jv_BytecodeVerifier *verifier)
553 if (key != reference_type)
555 using namespace java::lang::reflect;
556 return Modifier::isAbstract (data.klass->getModifiers ());
559 // Return the element type of an array.
560 type element_type (_Jv_BytecodeVerifier *verifier)
562 // FIXME: maybe should do string manipulation here.
564 if (key != reference_type)
565 verifier->verify_fail ("programmer error in type::element_type()", -1);
567 jclass k = data.klass->getComponentType ();
568 if (k->isPrimitive ())
569 return type (verifier->get_type_val_for_signature (k));
573 // Return the array type corresponding to an initialized
574 // reference. We could expand this to work for other kinds of
575 // types, but currently we don't need to.
576 type to_array (_Jv_BytecodeVerifier *verifier)
578 // Resolving isn't ideal, because it might force us to load
579 // another class, but it's easy. FIXME?
580 if (key == unresolved_reference_type)
583 if (key == reference_type)
584 return type (_Jv_GetArrayClass (data.klass,
585 data.klass->getClassLoader ()));
587 verifier->verify_fail ("internal error in type::to_array()");
590 bool isreference () const
592 return key >= reference_type;
600 bool isinitialized () const
602 return (key == reference_type
604 || key == unresolved_reference_type);
607 bool isresolved () const
609 return (key == reference_type
611 || key == uninitialized_reference_type);
614 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier)
616 // The way this is written, we don't need to check isarray().
617 if (key == reference_type)
619 jclass k = data.klass;
620 while (k->isArray () && ndims > 0)
622 k = k->getComponentType ();
628 // We know KEY == unresolved_reference_type.
629 char *p = data.name->data;
630 while (*p++ == '[' && ndims-- > 0)
635 verifier->verify_fail ("array type has fewer dimensions than required");
638 // Merge OLD_TYPE into this. On error throw exception.
639 bool merge (type& old_type, bool local_semantics,
640 _Jv_BytecodeVerifier *verifier)
642 bool changed = false;
643 bool refo = old_type.isreference ();
644 bool refn = isreference ();
647 if (old_type.key == null_type)
649 else if (key == null_type)
654 else if (isinitialized () != old_type.isinitialized ())
655 verifier->verify_fail ("merging initialized and uninitialized types");
658 if (! isinitialized ())
662 else if (old_type.pc == UNINIT)
664 else if (pc != old_type.pc)
665 verifier->verify_fail ("merging different uninitialized types");
669 && ! old_type.isresolved ()
670 && _Jv_equalUtf8Consts (data.name, old_type.data.name))
672 // Types are identical.
677 old_type.resolve (verifier);
679 jclass k = data.klass;
680 jclass oldk = old_type.data.klass;
683 while (k->isArray () && oldk->isArray ())
686 k = k->getComponentType ();
687 oldk = oldk->getComponentType ();
690 // Ordinarily this terminates when we hit Object...
693 if (is_assignable_from_slow (k, oldk))
695 k = k->getSuperclass ();
698 // ... but K could have been an interface, in which
699 // case we'll end up here. We just convert this
702 k = &java::lang::Object::class$;
706 while (arraycount > 0)
708 java::lang::ClassLoader *loader
709 = verifier->current_class->getClassLoader();
710 k = _Jv_GetArrayClass (k, loader);
718 else if (refo || refn || key != old_type.key)
722 // If we're merging into an "unused" slot, then we
723 // simply accept whatever we're merging from.
724 if (key == unused_by_subroutine_type)
729 else if (old_type.key == unused_by_subroutine_type)
733 // If we already have an `unsuitable' type, then we
734 // don't need to change again.
735 else if (key != unsuitable_type)
737 key = unsuitable_type;
742 verifier->verify_fail ("unmergeable type");
748 void print (void) const
753 case boolean_type: c = 'Z'; break;
754 case byte_type: c = 'B'; break;
755 case char_type: c = 'C'; break;
756 case short_type: c = 'S'; break;
757 case int_type: c = 'I'; break;
758 case long_type: c = 'J'; break;
759 case float_type: c = 'F'; break;
760 case double_type: c = 'D'; break;
761 case void_type: c = 'V'; break;
762 case unsuitable_type: c = '-'; break;
763 case return_address_type: c = 'r'; break;
764 case continuation_type: c = '+'; break;
765 case unused_by_subroutine_type: c = '_'; break;
766 case reference_type: c = 'L'; break;
767 case null_type: c = '@'; break;
768 case unresolved_reference_type: c = 'l'; break;
769 case uninitialized_reference_type: c = 'U'; break;
770 case uninitialized_unresolved_reference_type: c = 'u'; break;
772 debug_print ("%c", c);
774 #endif /* VERIFY_DEBUG */
777 // This class holds all the state information we need for a given
781 // Current top of stack.
783 // Current stack depth. This is like the top of stack but it
784 // includes wide variable information.
788 // The local variables.
790 // This is used in subroutines to keep track of which local
791 // variables have been accessed.
793 // If not 0, then we are in a subroutine. The value is the PC of
794 // the subroutine's entry point. We can use 0 as an exceptional
795 // value because PC=0 can never be a subroutine.
797 // This is used to keep a linked list of all the states which
798 // require re-verification. We use the PC to keep track.
800 // We keep track of the type of `this' specially. This is used to
801 // ensure that an instance initializer invokes another initializer
802 // on `this' before returning. We must keep track of this
803 // specially because otherwise we might be confused by code which
804 // assigns to locals[0] (overwriting `this') and then returns
805 // without really initializing.
808 // INVALID marks a state which is not on the linked list of states
809 // requiring reverification.
810 static const int INVALID = -1;
811 // NO_NEXT marks the state at the end of the reverification list.
812 static const int NO_NEXT = -2;
819 local_changed = NULL;
822 state (int max_stack, int max_locals)
827 stack = new type[max_stack];
828 for (int i = 0; i < max_stack; ++i)
829 stack[i] = unsuitable_type;
830 locals = new type[max_locals];
831 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
832 for (int i = 0; i < max_locals; ++i)
834 locals[i] = unsuitable_type;
835 local_changed[i] = false;
841 state (const state *orig, int max_stack, int max_locals,
842 bool ret_semantics = false)
844 stack = new type[max_stack];
845 locals = new type[max_locals];
846 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
847 copy (orig, max_stack, max_locals, ret_semantics);
858 _Jv_Free (local_changed);
861 void *operator new[] (size_t bytes)
863 return _Jv_Malloc (bytes);
866 void operator delete[] (void *mem)
871 void *operator new (size_t bytes)
873 return _Jv_Malloc (bytes);
876 void operator delete (void *mem)
881 void copy (const state *copy, int max_stack, int max_locals,
882 bool ret_semantics = false)
884 stacktop = copy->stacktop;
885 stackdepth = copy->stackdepth;
886 subroutine = copy->subroutine;
887 for (int i = 0; i < max_stack; ++i)
888 stack[i] = copy->stack[i];
889 for (int i = 0; i < max_locals; ++i)
891 // See push_jump_merge to understand this case.
893 locals[i] = type (copy->local_changed[i]
895 : unused_by_subroutine_type);
897 locals[i] = copy->locals[i];
898 local_changed[i] = copy->local_changed[i];
900 this_type = copy->this_type;
901 // Don't modify `next'.
904 // Modify this state to reflect entry to an exception handler.
905 void set_exception (type t, int max_stack)
910 for (int i = stacktop; i < max_stack; ++i)
911 stack[i] = unsuitable_type;
913 // FIXME: subroutine handling?
916 // Modify this state to reflect entry into a subroutine.
917 void enter_subroutine (int npc, int max_locals)
920 // Mark all items as unchanged. Each subroutine needs to keep
921 // track of its `changed' state independently. In the case of
922 // nested subroutines, this information will be merged back into
923 // parent by the `ret'.
924 for (int i = 0; i < max_locals; ++i)
925 local_changed[i] = false;
928 // Merge STATE_OLD into this state. Destructively modifies this
929 // state. Returns true if the new state was in fact changed.
930 // Will throw an exception if the states are not mergeable.
931 bool merge (state *state_old, bool ret_semantics,
932 int max_locals, _Jv_BytecodeVerifier *verifier)
934 bool changed = false;
936 // Special handling for `this'. If one or the other is
937 // uninitialized, then the merge is uninitialized.
938 if (this_type.isinitialized ())
939 this_type = state_old->this_type;
941 // Merge subroutine states. Here we just keep track of what
942 // subroutine we think we're in. We only check for a merge
943 // (which is invalid) when we see a `ret'.
944 if (subroutine == state_old->subroutine)
948 else if (subroutine == 0)
950 subroutine = state_old->subroutine;
955 // If the subroutines differ, indicate that the state
956 // changed. This is needed to detect when subroutines have
962 if (state_old->stacktop != stacktop)
963 verifier->verify_fail ("stack sizes differ");
964 for (int i = 0; i < state_old->stacktop; ++i)
966 if (stack[i].merge (state_old->stack[i], false, verifier))
970 // Merge local variables.
971 for (int i = 0; i < max_locals; ++i)
973 // If we're not processing a `ret', then we merge every
974 // local variable. If we are processing a `ret', then we
975 // only merge locals which changed in the subroutine. When
976 // processing a `ret', STATE_OLD is the state at the point
977 // of the `ret', and THIS is the state just after the `jsr'.
978 if (! ret_semantics || state_old->local_changed[i])
980 if (locals[i].merge (state_old->locals[i], true, verifier))
987 // If we're in a subroutine, we must compute the union of
988 // all the changed local variables.
989 if (state_old->local_changed[i])
996 // Throw an exception if there is an uninitialized object on the
997 // stack or in a local variable. EXCEPTION_SEMANTICS controls
998 // whether we're using backwards-branch or exception-handing
1000 void check_no_uninitialized_objects (int max_locals,
1001 _Jv_BytecodeVerifier *verifier,
1002 bool exception_semantics = false)
1004 if (! exception_semantics)
1006 for (int i = 0; i < stacktop; ++i)
1007 if (stack[i].isreference () && ! stack[i].isinitialized ())
1008 verifier->verify_fail ("uninitialized object on stack");
1011 for (int i = 0; i < max_locals; ++i)
1012 if (locals[i].isreference () && ! locals[i].isinitialized ())
1013 verifier->verify_fail ("uninitialized object in local variable");
1015 check_this_initialized (verifier);
1018 // Ensure that `this' has been initialized.
1019 void check_this_initialized (_Jv_BytecodeVerifier *verifier)
1021 if (this_type.isreference () && ! this_type.isinitialized ())
1022 verifier->verify_fail ("`this' is uninitialized");
1025 // Set type of `this'.
1026 void set_this_type (const type &k)
1031 // Note that a local variable was modified.
1032 void note_variable (int index)
1035 local_changed[index] = true;
1038 // Mark each `new'd object we know of that was allocated at PC as
1040 void set_initialized (int pc, int max_locals)
1042 for (int i = 0; i < stacktop; ++i)
1043 stack[i].set_initialized (pc);
1044 for (int i = 0; i < max_locals; ++i)
1045 locals[i].set_initialized (pc);
1046 this_type.set_initialized (pc);
1049 // Return true if this state is the unmerged result of a `ret'.
1050 bool is_unmerged_ret_state (int max_locals) const
1052 for (int i = 0; i < max_locals; ++i)
1054 if (locals[i].key == unused_by_subroutine_type)
1061 void print (const char *leader, int pc,
1062 int max_stack, int max_locals) const
1064 debug_print ("%s [%4d]: [stack] ", leader, pc);
1066 for (i = 0; i < stacktop; ++i)
1068 for (; i < max_stack; ++i)
1070 debug_print (" [local] ");
1071 for (i = 0; i < max_locals; ++i)
1073 if (subroutine == 0)
1074 debug_print (" | None");
1076 debug_print (" | %4d", subroutine);
1077 debug_print (" | %p\n", this);
1080 inline void print (const char *, int, int, int) const
1083 #endif /* VERIFY_DEBUG */
1088 if (current_state->stacktop <= 0)
1089 verify_fail ("stack empty");
1090 type r = current_state->stack[--current_state->stacktop];
1091 current_state->stackdepth -= r.depth ();
1092 if (current_state->stackdepth < 0)
1093 verify_fail ("stack empty", start_PC);
1099 type r = pop_raw ();
1101 verify_fail ("narrow pop of wide type");
1107 type r = pop_raw ();
1109 verify_fail ("wide pop of narrow type");
1113 type pop_type (type match)
1116 type t = pop_raw ();
1117 if (! match.compatible (t, this))
1118 verify_fail ("incompatible type on stack");
1122 // Pop a reference type or a return address.
1123 type pop_ref_or_return ()
1125 type t = pop_raw ();
1126 if (! t.isreference () && t.key != return_address_type)
1127 verify_fail ("expected reference or return address on stack");
1131 void push_type (type t)
1133 // If T is a numeric type like short, promote it to int.
1136 int depth = t.depth ();
1137 if (current_state->stackdepth + depth > current_method->max_stack)
1138 verify_fail ("stack overflow");
1139 current_state->stack[current_state->stacktop++] = t;
1140 current_state->stackdepth += depth;
1143 void set_variable (int index, type t)
1145 // If T is a numeric type like short, promote it to int.
1148 int depth = t.depth ();
1149 if (index > current_method->max_locals - depth)
1150 verify_fail ("invalid local variable");
1151 current_state->locals[index] = t;
1152 current_state->note_variable (index);
1156 current_state->locals[index + 1] = continuation_type;
1157 current_state->note_variable (index + 1);
1159 if (index > 0 && current_state->locals[index - 1].iswide ())
1161 current_state->locals[index - 1] = unsuitable_type;
1162 // There's no need to call note_variable here.
1166 type get_variable (int index, type t)
1168 int depth = t.depth ();
1169 if (index > current_method->max_locals - depth)
1170 verify_fail ("invalid local variable");
1171 if (! t.compatible (current_state->locals[index], this))
1172 verify_fail ("incompatible type in local variable");
1175 type t (continuation_type);
1176 if (! current_state->locals[index + 1].compatible (t, this))
1177 verify_fail ("invalid local variable");
1179 return current_state->locals[index];
1182 // Make sure ARRAY is an array type and that its elements are
1183 // compatible with type ELEMENT. Returns the actual element type.
1184 type require_array_type (type array, type element)
1186 // An odd case. Here we just pretend that everything went ok. If
1187 // the requested element type is some kind of reference, return
1188 // the null type instead.
1189 if (array.isnull ())
1190 return element.isreference () ? type (null_type) : element;
1192 if (! array.isarray ())
1193 verify_fail ("array required");
1195 type t = array.element_type (this);
1196 if (! element.compatible (t, this))
1198 // Special case for byte arrays, which must also be boolean
1201 if (element.key == byte_type)
1203 type e2 (boolean_type);
1204 ok = e2.compatible (t, this);
1207 verify_fail ("incompatible array element type");
1210 // Return T and not ELEMENT, because T might be specialized.
1216 if (PC >= current_method->code_length)
1217 verify_fail ("premature end of bytecode");
1218 return (jint) bytecode[PC++] & 0xff;
1223 jint b1 = get_byte ();
1224 jint b2 = get_byte ();
1225 return (jint) ((b1 << 8) | b2) & 0xffff;
1230 jint b1 = get_byte ();
1231 jint b2 = get_byte ();
1232 jshort s = (b1 << 8) | b2;
1238 jint b1 = get_byte ();
1239 jint b2 = get_byte ();
1240 jint b3 = get_byte ();
1241 jint b4 = get_byte ();
1242 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1245 int compute_jump (int offset)
1247 int npc = start_PC + offset;
1248 if (npc < 0 || npc >= current_method->code_length)
1249 verify_fail ("branch out of range", start_PC);
1253 // Merge the indicated state into the state at the branch target and
1254 // schedule a new PC if there is a change. If RET_SEMANTICS is
1255 // true, then we are merging from a `ret' instruction into the
1256 // instruction after a `jsr'. This is a special case with its own
1257 // modified semantics.
1258 void push_jump_merge (int npc, state *nstate, bool ret_semantics = false)
1260 bool changed = true;
1261 if (states[npc] == NULL)
1263 // There's a weird situation here. If are examining the
1264 // branch that results from a `ret', and there is not yet a
1265 // state available at the branch target (the instruction just
1266 // after the `jsr'), then we have to construct a special kind
1267 // of state at that point for future merging. This special
1268 // state has the type `unused_by_subroutine_type' in each slot
1269 // which was not modified by the subroutine.
1270 states[npc] = new state (nstate, current_method->max_stack,
1271 current_method->max_locals, ret_semantics);
1272 debug_print ("== New state in push_jump_merge\n");
1273 states[npc]->print ("New", npc, current_method->max_stack,
1274 current_method->max_locals);
1278 debug_print ("== Merge states in push_jump_merge\n");
1279 nstate->print ("Frm", start_PC, current_method->max_stack,
1280 current_method->max_locals);
1281 states[npc]->print (" To", npc, current_method->max_stack,
1282 current_method->max_locals);
1283 changed = states[npc]->merge (nstate, ret_semantics,
1284 current_method->max_locals, this);
1285 states[npc]->print ("New", npc, current_method->max_stack,
1286 current_method->max_locals);
1289 if (changed && states[npc]->next == state::INVALID)
1291 // The merge changed the state, and the new PC isn't yet on our
1292 // list of PCs to re-verify.
1293 states[npc]->next = next_verify_pc;
1294 next_verify_pc = npc;
1298 void push_jump (int offset)
1300 int npc = compute_jump (offset);
1302 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1303 push_jump_merge (npc, current_state);
1306 void push_exception_jump (type t, int pc)
1308 current_state->check_no_uninitialized_objects (current_method->max_locals,
1310 state s (current_state, current_method->max_stack,
1311 current_method->max_locals);
1312 if (current_method->max_stack < 1)
1313 verify_fail ("stack overflow at exception handler");
1314 s.set_exception (t, current_method->max_stack);
1315 push_jump_merge (pc, &s);
1320 int *prev_loc = &next_verify_pc;
1321 int npc = next_verify_pc;
1322 bool skipped = false;
1324 while (npc != state::NO_NEXT)
1326 // If the next available PC is an unmerged `ret' state, then
1327 // we aren't yet ready to handle it. That's because we would
1328 // need all kind of special cases to do so. So instead we
1329 // defer this jump until after we've processed it via a
1330 // fall-through. This has to happen because the instruction
1331 // before this one must be a `jsr'.
1332 if (! states[npc]->is_unmerged_ret_state (current_method->max_locals))
1334 *prev_loc = states[npc]->next;
1335 states[npc]->next = state::INVALID;
1340 prev_loc = &states[npc]->next;
1341 npc = states[npc]->next;
1344 // If we've skipped states and there is nothing else, that's a
1347 verify_fail ("pop_jump: can't happen");
1348 return state::NO_NEXT;
1351 void invalidate_pc ()
1353 PC = state::NO_NEXT;
1356 void note_branch_target (int pc, bool is_jsr_target = false)
1358 // Don't check `pc <= PC', because we've advanced PC after
1359 // fetching the target and we haven't yet checked the next
1361 if (pc < PC && ! (flags[pc] & FLAG_INSN_START))
1362 verify_fail ("branch not to instruction start", start_PC);
1363 flags[pc] |= FLAG_BRANCH_TARGET;
1366 // Record the jsr which called this instruction.
1367 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1369 info->next = jsr_ptrs[pc];
1370 jsr_ptrs[pc] = info;
1374 void skip_padding ()
1376 while ((PC % 4) > 0)
1377 if (get_byte () != 0)
1378 verify_fail ("found nonzero padding byte");
1381 // Return the subroutine to which the instruction at PC belongs.
1382 int get_subroutine (int pc)
1384 if (states[pc] == NULL)
1386 return states[pc]->subroutine;
1389 // Do the work for a `ret' instruction. INDEX is the index into the
1391 void handle_ret_insn (int index)
1393 get_variable (index, return_address_type);
1395 int csub = current_state->subroutine;
1397 verify_fail ("no subroutine");
1399 // Check to see if we've merged subroutines.
1400 subr_entry_info *entry;
1401 for (entry = entry_points; entry != NULL; entry = entry->next)
1403 if (entry->ret_pc == start_PC)
1408 entry = (subr_entry_info *) _Jv_Malloc (sizeof (subr_entry_info));
1410 entry->ret_pc = start_PC;
1411 entry->next = entry_points;
1412 entry_points = entry;
1414 else if (entry->pc != csub)
1415 verify_fail ("subroutines merged");
1417 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next)
1419 // Temporarily modify the current state so it looks like we're
1420 // in the enclosing context.
1421 current_state->subroutine = get_subroutine (subr->pc);
1423 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1424 push_jump_merge (subr->pc, current_state, true);
1427 current_state->subroutine = csub;
1431 // We're in the subroutine SUB, calling a subroutine at DEST. Make
1432 // sure this subroutine isn't already on the stack.
1433 void check_nonrecursive_call (int sub, int dest)
1438 verify_fail ("recursive subroutine call");
1439 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next)
1440 check_nonrecursive_call (get_subroutine (info->pc), dest);
1443 void handle_jsr_insn (int offset)
1445 int npc = compute_jump (offset);
1448 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1449 check_nonrecursive_call (current_state->subroutine, npc);
1451 // Create a new state and modify it as appropriate for entry into
1452 // a subroutine. We're writing this in a weird way because,
1453 // unfortunately, push_type only works on the current state.
1454 push_type (return_address_type);
1455 push_jump_merge (npc, current_state);
1456 // Clean up the weirdness.
1457 pop_type (return_address_type);
1459 // On entry to the subroutine, the subroutine number must be set
1460 // and the locals must be marked as cleared. We do this after
1461 // merging state so that we don't erroneously "notice" a variable
1462 // change merely on entry.
1463 states[npc]->enter_subroutine (npc, current_method->max_locals);
1466 jclass construct_primitive_array_type (type_val prim)
1472 k = JvPrimClass (boolean);
1475 k = JvPrimClass (char);
1478 k = JvPrimClass (float);
1481 k = JvPrimClass (double);
1484 k = JvPrimClass (byte);
1487 k = JvPrimClass (short);
1490 k = JvPrimClass (int);
1493 k = JvPrimClass (long);
1496 verify_fail ("unknown type in construct_primitive_array_type");
1498 k = _Jv_GetArrayClass (k, NULL);
1502 // This pass computes the location of branch targets and also
1503 // instruction starts.
1504 void branch_prepass ()
1506 flags = (char *) _Jv_Malloc (current_method->code_length);
1507 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *)
1508 * current_method->code_length);
1510 for (int i = 0; i < current_method->code_length; ++i)
1516 bool last_was_jsr = false;
1519 while (PC < current_method->code_length)
1521 // Set `start_PC' early so that error checking can have the
1524 flags[PC] |= FLAG_INSN_START;
1526 // If the previous instruction was a jsr, then the next
1527 // instruction is a branch target -- the branch being the
1528 // corresponding `ret'.
1530 note_branch_target (PC);
1531 last_was_jsr = false;
1533 java_opcode opcode = (java_opcode) bytecode[PC++];
1537 case op_aconst_null:
1673 case op_monitorenter:
1674 case op_monitorexit:
1682 case op_arraylength:
1714 case op_invokespecial:
1715 case op_invokestatic:
1716 case op_invokevirtual:
1720 case op_multianewarray:
1726 last_was_jsr = true;
1745 note_branch_target (compute_jump (get_short ()), last_was_jsr);
1748 case op_tableswitch:
1751 note_branch_target (compute_jump (get_int ()));
1752 jint low = get_int ();
1753 jint hi = get_int ();
1755 verify_fail ("invalid tableswitch", start_PC);
1756 for (int i = low; i <= hi; ++i)
1757 note_branch_target (compute_jump (get_int ()));
1761 case op_lookupswitch:
1764 note_branch_target (compute_jump (get_int ()));
1765 int npairs = get_int ();
1767 verify_fail ("too few pairs in lookupswitch", start_PC);
1768 while (npairs-- > 0)
1771 note_branch_target (compute_jump (get_int ()));
1776 case op_invokeinterface:
1784 opcode = (java_opcode) get_byte ();
1786 if (opcode == op_iinc)
1792 last_was_jsr = true;
1795 note_branch_target (compute_jump (get_int ()), last_was_jsr);
1799 verify_fail ("unrecognized instruction in branch_prepass",
1803 // See if any previous branch tried to branch to the middle of
1804 // this instruction.
1805 for (int pc = start_PC + 1; pc < PC; ++pc)
1807 if ((flags[pc] & FLAG_BRANCH_TARGET))
1808 verify_fail ("branch to middle of instruction", pc);
1812 // Verify exception handlers.
1813 for (int i = 0; i < current_method->exc_count; ++i)
1815 if (! (flags[exception[i].handler_pc] & FLAG_INSN_START))
1816 verify_fail ("exception handler not at instruction start",
1817 exception[i].handler_pc);
1818 if (! (flags[exception[i].start_pc] & FLAG_INSN_START))
1819 verify_fail ("exception start not at instruction start",
1820 exception[i].start_pc);
1821 if (exception[i].end_pc != current_method->code_length
1822 && ! (flags[exception[i].end_pc] & FLAG_INSN_START))
1823 verify_fail ("exception end not at instruction start",
1824 exception[i].end_pc);
1826 flags[exception[i].handler_pc] |= FLAG_BRANCH_TARGET;
1830 void check_pool_index (int index)
1832 if (index < 0 || index >= current_class->constants.size)
1833 verify_fail ("constant pool index out of range", start_PC);
1836 type check_class_constant (int index)
1838 check_pool_index (index);
1839 _Jv_Constants *pool = ¤t_class->constants;
1840 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
1841 return type (pool->data[index].clazz);
1842 else if (pool->tags[index] == JV_CONSTANT_Class)
1843 return type (pool->data[index].utf8);
1844 verify_fail ("expected class constant", start_PC);
1847 type check_constant (int index)
1849 check_pool_index (index);
1850 _Jv_Constants *pool = ¤t_class->constants;
1851 if (pool->tags[index] == JV_CONSTANT_ResolvedString
1852 || pool->tags[index] == JV_CONSTANT_String)
1853 return type (&java::lang::String::class$);
1854 else if (pool->tags[index] == JV_CONSTANT_Integer)
1855 return type (int_type);
1856 else if (pool->tags[index] == JV_CONSTANT_Float)
1857 return type (float_type);
1858 verify_fail ("String, int, or float constant expected", start_PC);
1861 type check_wide_constant (int index)
1863 check_pool_index (index);
1864 _Jv_Constants *pool = ¤t_class->constants;
1865 if (pool->tags[index] == JV_CONSTANT_Long)
1866 return type (long_type);
1867 else if (pool->tags[index] == JV_CONSTANT_Double)
1868 return type (double_type);
1869 verify_fail ("long or double constant expected", start_PC);
1872 // Helper for both field and method. These are laid out the same in
1873 // the constant pool.
1874 type handle_field_or_method (int index, int expected,
1875 _Jv_Utf8Const **name,
1876 _Jv_Utf8Const **fmtype)
1878 check_pool_index (index);
1879 _Jv_Constants *pool = ¤t_class->constants;
1880 if (pool->tags[index] != expected)
1881 verify_fail ("didn't see expected constant", start_PC);
1882 // Once we know we have a Fieldref or Methodref we assume that it
1883 // is correctly laid out in the constant pool. I think the code
1884 // in defineclass.cc guarantees this.
1885 _Jv_ushort class_index, name_and_type_index;
1886 _Jv_loadIndexes (&pool->data[index],
1888 name_and_type_index);
1889 _Jv_ushort name_index, desc_index;
1890 _Jv_loadIndexes (&pool->data[name_and_type_index],
1891 name_index, desc_index);
1893 *name = pool->data[name_index].utf8;
1894 *fmtype = pool->data[desc_index].utf8;
1896 return check_class_constant (class_index);
1899 // Return field's type, compute class' type if requested.
1900 type check_field_constant (int index, type *class_type = NULL)
1902 _Jv_Utf8Const *name, *field_type;
1903 type ct = handle_field_or_method (index,
1904 JV_CONSTANT_Fieldref,
1905 &name, &field_type);
1908 if (field_type->data[0] == '[' || field_type->data[0] == 'L')
1909 return type (field_type);
1910 return get_type_val_for_signature (field_type->data[0]);
1913 type check_method_constant (int index, bool is_interface,
1914 _Jv_Utf8Const **method_name,
1915 _Jv_Utf8Const **method_signature)
1917 return handle_field_or_method (index,
1919 ? JV_CONSTANT_InterfaceMethodref
1920 : JV_CONSTANT_Methodref),
1921 method_name, method_signature);
1924 type get_one_type (char *&p)
1942 _Jv_Utf8Const *name = make_utf8_const (start, p - start);
1946 // Casting to jchar here is ok since we are looking at an ASCII
1948 type_val rt = get_type_val_for_signature (jchar (v));
1950 if (arraycount == 0)
1952 // Callers of this function eventually push their arguments on
1953 // the stack. So, promote them here.
1954 return type (rt).promote ();
1957 jclass k = construct_primitive_array_type (rt);
1958 while (--arraycount > 0)
1959 k = _Jv_GetArrayClass (k, NULL);
1963 void compute_argument_types (_Jv_Utf8Const *signature,
1966 char *p = signature->data;
1972 types[i++] = get_one_type (p);
1975 type compute_return_type (_Jv_Utf8Const *signature)
1977 char *p = signature->data;
1981 return get_one_type (p);
1984 void check_return_type (type onstack)
1986 type rt = compute_return_type (current_method->self->signature);
1987 if (! rt.compatible (onstack, this))
1988 verify_fail ("incompatible return type");
1991 // Initialize the stack for the new method. Returns true if this
1992 // method is an instance initializer.
1993 bool initialize_stack ()
1996 bool is_init = false;
1998 using namespace java::lang::reflect;
1999 if (! Modifier::isStatic (current_method->self->accflags))
2001 type kurr (current_class);
2002 if (_Jv_equalUtf8Consts (current_method->self->name, gcj::init_name))
2004 kurr.set_uninitialized (type::SELF, this);
2007 set_variable (0, kurr);
2008 current_state->set_this_type (kurr);
2012 // We have to handle wide arguments specially here.
2013 int arg_count = _Jv_count_arguments (current_method->self->signature);
2014 type arg_types[arg_count];
2015 compute_argument_types (current_method->self->signature, arg_types);
2016 for (int i = 0; i < arg_count; ++i)
2018 set_variable (var, arg_types[i]);
2020 if (arg_types[i].iswide ())
2027 void verify_instructions_0 ()
2029 current_state = new state (current_method->max_stack,
2030 current_method->max_locals);
2035 // True if we are verifying an instance initializer.
2036 bool this_is_init = initialize_stack ();
2038 states = (state **) _Jv_Malloc (sizeof (state *)
2039 * current_method->code_length);
2040 for (int i = 0; i < current_method->code_length; ++i)
2043 next_verify_pc = state::NO_NEXT;
2047 // If the PC was invalidated, get a new one from the work list.
2048 if (PC == state::NO_NEXT)
2051 if (PC == state::INVALID)
2052 verify_fail ("can't happen: saw state::INVALID");
2053 if (PC == state::NO_NEXT)
2055 // Set up the current state.
2056 current_state->copy (states[PC], current_method->max_stack,
2057 current_method->max_locals);
2061 // Control can't fall off the end of the bytecode. We
2062 // only need to check this in the fall-through case,
2063 // because branch bounds are checked when they are
2065 if (PC >= current_method->code_length)
2066 verify_fail ("fell off end");
2068 // We only have to do this checking in the situation where
2069 // control flow falls through from the previous
2070 // instruction. Otherwise merging is done at the time we
2072 if (states[PC] != NULL)
2074 // We've already visited this instruction. So merge
2075 // the states together. If this yields no change then
2076 // we don't have to re-verify. However, if the new
2077 // state is an the result of an unmerged `ret', we
2078 // must continue through it.
2079 debug_print ("== Fall through merge\n");
2080 states[PC]->print ("Old", PC, current_method->max_stack,
2081 current_method->max_locals);
2082 current_state->print ("Cur", PC, current_method->max_stack,
2083 current_method->max_locals);
2084 if (! current_state->merge (states[PC], false,
2085 current_method->max_locals, this)
2086 && ! states[PC]->is_unmerged_ret_state (current_method->max_locals))
2088 debug_print ("== Fall through optimization\n");
2092 // Save a copy of it for later.
2093 states[PC]->copy (current_state, current_method->max_stack,
2094 current_method->max_locals);
2095 current_state->print ("New", PC, current_method->max_stack,
2096 current_method->max_locals);
2100 // We only have to keep saved state at branch targets. If
2101 // we're at a branch target and the state here hasn't been set
2102 // yet, we set it now.
2103 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET))
2105 states[PC] = new state (current_state, current_method->max_stack,
2106 current_method->max_locals);
2109 // Set this before handling exceptions so that debug output is
2113 // Update states for all active exception handlers. Ordinarily
2114 // there are not many exception handlers. So we simply run
2115 // through them all.
2116 for (int i = 0; i < current_method->exc_count; ++i)
2118 if (PC >= exception[i].start_pc && PC < exception[i].end_pc)
2120 type handler (&java::lang::Throwable::class$);
2121 if (exception[i].handler_type != 0)
2122 handler = check_class_constant (exception[i].handler_type);
2123 push_exception_jump (handler, exception[i].handler_pc);
2127 current_state->print (" ", PC, current_method->max_stack,
2128 current_method->max_locals);
2129 java_opcode opcode = (java_opcode) bytecode[PC++];
2135 case op_aconst_null:
2136 push_type (null_type);
2146 push_type (int_type);
2151 push_type (long_type);
2157 push_type (float_type);
2162 push_type (double_type);
2167 push_type (int_type);
2172 push_type (int_type);
2176 push_type (check_constant (get_byte ()));
2179 push_type (check_constant (get_ushort ()));
2182 push_type (check_wide_constant (get_ushort ()));
2186 push_type (get_variable (get_byte (), int_type));
2189 push_type (get_variable (get_byte (), long_type));
2192 push_type (get_variable (get_byte (), float_type));
2195 push_type (get_variable (get_byte (), double_type));
2198 push_type (get_variable (get_byte (), reference_type));
2205 push_type (get_variable (opcode - op_iload_0, int_type));
2211 push_type (get_variable (opcode - op_lload_0, long_type));
2217 push_type (get_variable (opcode - op_fload_0, float_type));
2223 push_type (get_variable (opcode - op_dload_0, double_type));
2229 push_type (get_variable (opcode - op_aload_0, reference_type));
2232 pop_type (int_type);
2233 push_type (require_array_type (pop_type (reference_type),
2237 pop_type (int_type);
2238 push_type (require_array_type (pop_type (reference_type),
2242 pop_type (int_type);
2243 push_type (require_array_type (pop_type (reference_type),
2247 pop_type (int_type);
2248 push_type (require_array_type (pop_type (reference_type),
2252 pop_type (int_type);
2253 push_type (require_array_type (pop_type (reference_type),
2257 pop_type (int_type);
2258 require_array_type (pop_type (reference_type), byte_type);
2259 push_type (int_type);
2262 pop_type (int_type);
2263 require_array_type (pop_type (reference_type), char_type);
2264 push_type (int_type);
2267 pop_type (int_type);
2268 require_array_type (pop_type (reference_type), short_type);
2269 push_type (int_type);
2272 set_variable (get_byte (), pop_type (int_type));
2275 set_variable (get_byte (), pop_type (long_type));
2278 set_variable (get_byte (), pop_type (float_type));
2281 set_variable (get_byte (), pop_type (double_type));
2284 set_variable (get_byte (), pop_ref_or_return ());
2290 set_variable (opcode - op_istore_0, pop_type (int_type));
2296 set_variable (opcode - op_lstore_0, pop_type (long_type));
2302 set_variable (opcode - op_fstore_0, pop_type (float_type));
2308 set_variable (opcode - op_dstore_0, pop_type (double_type));
2314 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2317 pop_type (int_type);
2318 pop_type (int_type);
2319 require_array_type (pop_type (reference_type), int_type);
2322 pop_type (long_type);
2323 pop_type (int_type);
2324 require_array_type (pop_type (reference_type), long_type);
2327 pop_type (float_type);
2328 pop_type (int_type);
2329 require_array_type (pop_type (reference_type), float_type);
2332 pop_type (double_type);
2333 pop_type (int_type);
2334 require_array_type (pop_type (reference_type), double_type);
2337 pop_type (reference_type);
2338 pop_type (int_type);
2339 require_array_type (pop_type (reference_type), reference_type);
2342 pop_type (int_type);
2343 pop_type (int_type);
2344 require_array_type (pop_type (reference_type), byte_type);
2347 pop_type (int_type);
2348 pop_type (int_type);
2349 require_array_type (pop_type (reference_type), char_type);
2352 pop_type (int_type);
2353 pop_type (int_type);
2354 require_array_type (pop_type (reference_type), short_type);
2381 type t2 = pop_raw ();
2396 type t = pop_raw ();
2411 type t1 = pop_raw ();
2428 type t1 = pop_raw ();
2431 type t2 = pop_raw ();
2449 type t3 = pop_raw ();
2487 pop_type (int_type);
2488 push_type (pop_type (int_type));
2498 pop_type (long_type);
2499 push_type (pop_type (long_type));
2504 pop_type (int_type);
2505 push_type (pop_type (long_type));
2512 pop_type (float_type);
2513 push_type (pop_type (float_type));
2520 pop_type (double_type);
2521 push_type (pop_type (double_type));
2527 push_type (pop_type (int_type));
2530 push_type (pop_type (long_type));
2533 push_type (pop_type (float_type));
2536 push_type (pop_type (double_type));
2539 get_variable (get_byte (), int_type);
2543 pop_type (int_type);
2544 push_type (long_type);
2547 pop_type (int_type);
2548 push_type (float_type);
2551 pop_type (int_type);
2552 push_type (double_type);
2555 pop_type (long_type);
2556 push_type (int_type);
2559 pop_type (long_type);
2560 push_type (float_type);
2563 pop_type (long_type);
2564 push_type (double_type);
2567 pop_type (float_type);
2568 push_type (int_type);
2571 pop_type (float_type);
2572 push_type (long_type);
2575 pop_type (float_type);
2576 push_type (double_type);
2579 pop_type (double_type);
2580 push_type (int_type);
2583 pop_type (double_type);
2584 push_type (long_type);
2587 pop_type (double_type);
2588 push_type (float_type);
2591 pop_type (long_type);
2592 pop_type (long_type);
2593 push_type (int_type);
2597 pop_type (float_type);
2598 pop_type (float_type);
2599 push_type (int_type);
2603 pop_type (double_type);
2604 pop_type (double_type);
2605 push_type (int_type);
2613 pop_type (int_type);
2614 push_jump (get_short ());
2622 pop_type (int_type);
2623 pop_type (int_type);
2624 push_jump (get_short ());
2628 pop_type (reference_type);
2629 pop_type (reference_type);
2630 push_jump (get_short ());
2633 push_jump (get_short ());
2637 handle_jsr_insn (get_short ());
2640 handle_ret_insn (get_byte ());
2642 case op_tableswitch:
2644 pop_type (int_type);
2646 push_jump (get_int ());
2647 jint low = get_int ();
2648 jint high = get_int ();
2649 // Already checked LOW -vs- HIGH.
2650 for (int i = low; i <= high; ++i)
2651 push_jump (get_int ());
2656 case op_lookupswitch:
2658 pop_type (int_type);
2660 push_jump (get_int ());
2661 jint npairs = get_int ();
2662 // Already checked NPAIRS >= 0.
2664 for (int i = 0; i < npairs; ++i)
2666 jint key = get_int ();
2667 if (i > 0 && key <= lastkey)
2668 verify_fail ("lookupswitch pairs unsorted", start_PC);
2670 push_jump (get_int ());
2676 check_return_type (pop_type (int_type));
2680 check_return_type (pop_type (long_type));
2684 check_return_type (pop_type (float_type));
2688 check_return_type (pop_type (double_type));
2692 check_return_type (pop_type (reference_type));
2696 // We only need to check this when the return type is
2697 // void, because all instance initializers return void.
2699 current_state->check_this_initialized (this);
2700 check_return_type (void_type);
2704 push_type (check_field_constant (get_ushort ()));
2707 pop_type (check_field_constant (get_ushort ()));
2712 type field = check_field_constant (get_ushort (), &klass);
2720 type field = check_field_constant (get_ushort (), &klass);
2723 // We have an obscure special case here: we can use
2724 // `putfield' on a field declared in this class, even if
2725 // `this' has not yet been initialized.
2726 if (! current_state->this_type.isinitialized ()
2727 && current_state->this_type.pc == type::SELF)
2728 klass.set_uninitialized (type::SELF, this);
2733 case op_invokevirtual:
2734 case op_invokespecial:
2735 case op_invokestatic:
2736 case op_invokeinterface:
2738 _Jv_Utf8Const *method_name, *method_signature;
2740 = check_method_constant (get_ushort (),
2741 opcode == op_invokeinterface,
2744 // NARGS is only used when we're processing
2745 // invokeinterface. It is simplest for us to compute it
2746 // here and then verify it later.
2748 if (opcode == op_invokeinterface)
2750 nargs = get_byte ();
2751 if (get_byte () != 0)
2752 verify_fail ("invokeinterface dummy byte is wrong");
2755 bool is_init = false;
2756 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
2759 if (opcode != op_invokespecial)
2760 verify_fail ("can't invoke <init>");
2762 else if (method_name->data[0] == '<')
2763 verify_fail ("can't invoke method starting with `<'");
2765 // Pop arguments and check types.
2766 int arg_count = _Jv_count_arguments (method_signature);
2767 type arg_types[arg_count];
2768 compute_argument_types (method_signature, arg_types);
2769 for (int i = arg_count - 1; i >= 0; --i)
2771 // This is only used for verifying the byte for
2773 nargs -= arg_types[i].depth ();
2774 pop_type (arg_types[i]);
2777 if (opcode == op_invokeinterface
2779 verify_fail ("wrong argument count for invokeinterface");
2781 if (opcode != op_invokestatic)
2783 type t = class_type;
2786 // In this case the PC doesn't matter.
2787 t.set_uninitialized (type::UNINIT, this);
2791 current_state->set_initialized (t.get_pc (),
2792 current_method->max_locals);
2795 type rt = compute_return_type (method_signature);
2803 type t = check_class_constant (get_ushort ());
2804 if (t.isarray () || t.isinterface (this) || t.isabstract (this))
2805 verify_fail ("type is array, interface, or abstract");
2806 t.set_uninitialized (start_PC, this);
2813 int atype = get_byte ();
2814 // We intentionally have chosen constants to make this
2816 if (atype < boolean_type || atype > long_type)
2817 verify_fail ("type not primitive", start_PC);
2818 pop_type (int_type);
2819 push_type (construct_primitive_array_type (type_val (atype)));
2823 pop_type (int_type);
2824 push_type (check_class_constant (get_ushort ()).to_array (this));
2826 case op_arraylength:
2828 type t = pop_type (reference_type);
2829 if (! t.isarray () && ! t.isnull ())
2830 verify_fail ("array type expected");
2831 push_type (int_type);
2835 pop_type (type (&java::lang::Throwable::class$));
2839 pop_type (reference_type);
2840 push_type (check_class_constant (get_ushort ()));
2843 pop_type (reference_type);
2844 check_class_constant (get_ushort ());
2845 push_type (int_type);
2847 case op_monitorenter:
2848 pop_type (reference_type);
2850 case op_monitorexit:
2851 pop_type (reference_type);
2855 switch (get_byte ())
2858 push_type (get_variable (get_ushort (), int_type));
2861 push_type (get_variable (get_ushort (), long_type));
2864 push_type (get_variable (get_ushort (), float_type));
2867 push_type (get_variable (get_ushort (), double_type));
2870 push_type (get_variable (get_ushort (), reference_type));
2873 set_variable (get_ushort (), pop_type (int_type));
2876 set_variable (get_ushort (), pop_type (long_type));
2879 set_variable (get_ushort (), pop_type (float_type));
2882 set_variable (get_ushort (), pop_type (double_type));
2885 set_variable (get_ushort (), pop_type (reference_type));
2888 handle_ret_insn (get_short ());
2891 get_variable (get_ushort (), int_type);
2895 verify_fail ("unrecognized wide instruction", start_PC);
2899 case op_multianewarray:
2901 type atype = check_class_constant (get_ushort ());
2902 int dim = get_byte ();
2904 verify_fail ("too few dimensions to multianewarray", start_PC);
2905 atype.verify_dimensions (dim, this);
2906 for (int i = 0; i < dim; ++i)
2907 pop_type (int_type);
2913 pop_type (reference_type);
2914 push_jump (get_short ());
2917 push_jump (get_int ());
2921 handle_jsr_insn (get_int ());
2925 // Unrecognized opcode.
2926 verify_fail ("unrecognized instruction in verify_instructions_0",
2932 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1)
2934 using namespace java::lang;
2935 StringBuffer *buf = new StringBuffer ();
2937 buf->append (JvNewStringLatin1 ("verification failed"));
2942 buf->append (JvNewStringLatin1 (" at PC "));
2946 _Jv_InterpMethod *method = current_method;
2947 buf->append (JvNewStringLatin1 (" in "));
2948 buf->append (current_class->getName());
2949 buf->append ((jchar) ':');
2950 buf->append (JvNewStringUTF (method->get_method()->name->data));
2951 buf->append ((jchar) '(');
2952 buf->append (JvNewStringUTF (method->get_method()->signature->data));
2953 buf->append ((jchar) ')');
2955 buf->append (JvNewStringLatin1 (": "));
2956 buf->append (JvNewStringLatin1 (s));
2957 throw new java::lang::VerifyError (buf->toString ());
2962 void verify_instructions ()
2965 verify_instructions_0 ();
2968 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
2970 // We just print the text as utf-8. This is just for debugging
2972 debug_print ("--------------------------------\n");
2973 debug_print ("-- Verifying method `%s'\n", m->self->name->data);
2976 bytecode = m->bytecode ();
2977 exception = m->exceptions ();
2978 current_class = m->defining_class;
2984 entry_points = NULL;
2987 ~_Jv_BytecodeVerifier ()
2996 for (int i = 0; i < current_method->code_length; ++i)
2998 if (jsr_ptrs[i] != NULL)
3000 subr_info *info = jsr_ptrs[i];
3001 while (info != NULL)
3003 subr_info *next = info->next;
3009 _Jv_Free (jsr_ptrs);
3012 while (utf8_list != NULL)
3014 linked_utf8 *n = utf8_list->next;
3015 _Jv_Free (utf8_list->val);
3016 _Jv_Free (utf8_list);
3020 while (entry_points != NULL)
3022 subr_entry_info *next = entry_points->next;
3023 _Jv_Free (entry_points);
3024 entry_points = next;
3030 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
3032 _Jv_BytecodeVerifier v (meth);
3033 v.verify_instructions ();
3035 #endif /* INTERPRETER */
OSDN Git Service
