/* Go through all available attribute (ATTRIBUTE_NUMER) and try to identify PEEKED_NAME. Return 1 if PEEKED_NAME was found, 0 otherwise. JCF is restored to its initial position before returning. */ #ifdef NEED_PEEK_ATTRIBUTE /* Not everyone uses this function */ static int peek_attribute (JCF *jcf, int attribute_number, const char *peeked_name, int peeked_name_length) { int to_return = 0; long absolute_offset = (long)JCF_TELL (jcf); int i; for (i = 0; !to_return && i < attribute_number; i++) { uint16 attribute_name = (JCF_FILL (jcf, 6), JCF_readu2 (jcf)); uint32 attribute_length = JCF_readu4 (jcf); int name_length; const unsigned char *name_data; JCF_FILL (jcf, (long) attribute_length); if (attribute_name <= 0 || attribute_name >= JPOOL_SIZE(jcf) || JPOOL_TAG (jcf, attribute_name) != CONSTANT_Utf8) continue; name_length = JPOOL_UTF_LENGTH (jcf, attribute_name); name_data = JPOOL_UTF_DATA (jcf, attribute_name); if (name_length == peeked_name_length && ! memcmp (name_data, peeked_name, peeked_name_length)) { to_return = 1; break; } JCF_SKIP (jcf, attribute_length); } JCF_SEEK (jcf, absolute_offset); return to_return; }
/* Verify the bytecodes of the current method, with the instructions starting at BYTE_OPS and LENGTH in number, from the class file pointed to by JCF. Return 1 on success, 0 on failure. */ int verify_jvm_instructions (JCF* jcf, const unsigned char *byte_ops, long length) { tree label; int wide = 0; int op_code; int PC; int oldpc = 0; /* PC of start of instruction. */ int prevpc = 0; /* If >= 0, PC of previous instruction. */ const char *message = 0; char *pmessage; int i; int index; unsigned char *p; struct eh_range *prev_eh_ranges = NULL_EH_RANGE; struct eh_range *eh_ranges; tree return_type = TREE_TYPE (TREE_TYPE (current_function_decl)); struct pc_index *starts; int eh_count; jint int_value = -1; pending_blocks = NULL_TREE; current_subr = NULL_TREE; /* Handle the exception table. */ method_init_exceptions (); JCF_SEEK (jcf, DECL_CODE_OFFSET (current_function_decl) + length); eh_count = JCF_readu2 (jcf); /* We read the exception handlers in order of increasing start PC. To do this we first read and sort the start PCs. */ starts = xmalloc (eh_count * sizeof (struct pc_index)); for (i = 0; i < eh_count; ++i) { starts[i].start_pc = GET_u2 (jcf->read_ptr + 8 * i); starts[i].index = i; } qsort (starts, eh_count, sizeof (struct pc_index), start_pc_cmp); for (i = 0; i < eh_count; ++i) { int start_pc, end_pc, handler_pc, catch_type; p = jcf->read_ptr + 8 * starts[i].index; start_pc = GET_u2 (p); end_pc = GET_u2 (p+2); handler_pc = GET_u2 (p+4); catch_type = GET_u2 (p+6); if (start_pc < 0 || start_pc >= length || end_pc < 0 || end_pc > length || start_pc >= end_pc || handler_pc < 0 || handler_pc >= length || ! (instruction_bits[start_pc] & BCODE_INSTRUCTION_START) || (end_pc < length && ! (instruction_bits[end_pc] & BCODE_INSTRUCTION_START)) || ! (instruction_bits[handler_pc] & BCODE_INSTRUCTION_START)) { error ("bad pc in exception_table"); free (starts); return 0; } add_handler (start_pc, end_pc, lookup_label (handler_pc), catch_type == 0 ? NULL_TREE : get_class_constant (jcf, catch_type)); instruction_bits[handler_pc] |= BCODE_EXCEPTION_TARGET; } free (starts); handle_nested_ranges (); for (PC = 0;;) { tree type, tmp; if (((PC != INVALID_PC && instruction_bits[PC] & BCODE_TARGET) != 0) || PC == 0) { PUSH_PENDING (lookup_label (PC)); INVALIDATE_PC; } /* Check if there are any more pending blocks in the current subroutine. Because we push pending blocks in a last-in-first-out order, and because we don't push anything from our caller until we are done with this subroutine or anything nested in it, we are done if the top of the pending_blocks stack is not in a subroutine, or it is in our caller. */ if (current_subr && PC == INVALID_PC) { if (pending_blocks == NULL_TREE || (subroutine_nesting (pending_blocks) < subroutine_nesting (current_subr))) { int size = DECL_MAX_LOCALS (current_function_decl) + stack_pointer; tree ret_map = LABEL_RETURN_TYPE_STATE (current_subr); tmp = LABEL_RETURN_LABELS (current_subr); /* FIXME: If we exit a subroutine via a throw, we might have returned to an earlier caller. Obviously a "ret" can only return one level, but a throw may return many levels. */ current_subr = LABEL_SUBR_CONTEXT (current_subr); if (RETURN_MAP_ADJUSTED (ret_map)) { /* Since we are done with this subroutine, set up the (so far known) return address as pending - with the merged type state. */ for ( ; tmp != NULL_TREE; tmp = TREE_CHAIN (tmp)) { tree return_label = TREE_VALUE (tmp); tree return_state = LABEL_TYPE_STATE (return_label); if (return_state == NULL_TREE) { /* This means we had not verified the subroutine earlier, so this is the first jsr to call it. In this case, the type_map of the return address is just the current type_map - and that is handled by the following PUSH_PENDING. */ } else { /* In this case we have to do a merge. But first restore the type_map for unused slots to those that were in effect at the jsr. */ for (index = size; --index >= 0; ) { type_map[index] = TREE_VEC_ELT (ret_map, index); if (type_map[index] == TYPE_UNUSED) type_map[index] = TREE_VEC_ELT (return_state, index); } } PUSH_PENDING (return_label); } } } } if (PC == INVALID_PC) { label = pending_blocks; if (label == NULL_TREE) break; /* We're done! */ pending_blocks = LABEL_PENDING_CHAIN (label); LABEL_CHANGED (label) = 0; if (LABEL_IN_SUBR (label)) current_subr = LABEL_SUBR_START (label); else current_subr = NULL_TREE; /* Restore type_map and stack_pointer from LABEL_TYPE_STATE (label), and continue compiling from there. */ load_type_state (label); PC = LABEL_PC (label); } else if (PC >= length) VERIFICATION_ERROR ("falling through the end of the method"); oldpc = PC; if (! (instruction_bits[PC] & BCODE_INSTRUCTION_START) && ! wide) VERIFICATION_ERROR ("PC not at instruction start"); instruction_bits[PC] |= BCODE_VERIFIED; eh_ranges = find_handler (oldpc); op_code = byte_ops[PC++]; switch (op_code) { int is_static, is_putting; case OPCODE_nop: break; case OPCODE_iconst_m1: case OPCODE_iconst_0: case OPCODE_iconst_1: case OPCODE_iconst_2: case OPCODE_iconst_3: case OPCODE_iconst_4: case OPCODE_iconst_5: i = op_code - OPCODE_iconst_0; goto push_int; push_int: if (byte_ops[PC] == OPCODE_newarray || byte_ops[PC] == OPCODE_anewarray) int_value = i; PUSH_TYPE (int_type_node); break; case OPCODE_lconst_0: case OPCODE_lconst_1: PUSH_TYPE (long_type_node); break; case OPCODE_fconst_0: case OPCODE_fconst_1: case OPCODE_fconst_2: PUSH_TYPE (float_type_node); break; case OPCODE_dconst_0: case OPCODE_dconst_1: PUSH_TYPE (double_type_node); break; case OPCODE_bipush: i = IMMEDIATE_s1; goto push_int; case OPCODE_sipush: i = IMMEDIATE_s2; goto push_int; case OPCODE_iload: type = int_type_node; goto general_load; case OPCODE_lload: type = long_type_node; goto general_load; case OPCODE_fload: type = float_type_node; goto general_load; case OPCODE_dload: type = double_type_node; goto general_load; case OPCODE_aload: type = ptr_type_node; goto general_load; general_load: index = wide ? IMMEDIATE_u2 : IMMEDIATE_u1; wide = 0; goto load; case OPCODE_iload_0: type = int_type_node; index = 0; goto load; case OPCODE_iload_1: type = int_type_node; index = 1; goto load; case OPCODE_iload_2: type = int_type_node; index = 2; goto load; case OPCODE_iload_3: type = int_type_node; index = 3; goto load; case OPCODE_lload_0: type = long_type_node; index = 0; goto load; case OPCODE_lload_1: type = long_type_node; index = 1; goto load; case OPCODE_lload_2: type = long_type_node; index = 2; goto load; case OPCODE_lload_3: type = long_type_node; index = 3; goto load; case OPCODE_fload_0: type = float_type_node; index = 0; goto load; case OPCODE_fload_1: type = float_type_node; index = 1; goto load; case OPCODE_fload_2: type = float_type_node; index = 2; goto load; case OPCODE_fload_3: type = float_type_node; index = 3; goto load; case OPCODE_dload_0: type = double_type_node; index = 0; goto load; case OPCODE_dload_1: type = double_type_node; index = 1; goto load; case OPCODE_dload_2: type = double_type_node; index = 2; goto load; case OPCODE_dload_3: type = double_type_node; index = 3; goto load; case OPCODE_aload_0: type = ptr_type_node; index = 0; goto load; case OPCODE_aload_1: type = ptr_type_node; index = 1; goto load; case OPCODE_aload_2: type = ptr_type_node; index = 2; goto load; case OPCODE_aload_3: type = ptr_type_node; index = 3; goto load; load: if (index < 0 || (index + TYPE_IS_WIDE (type) >= DECL_MAX_LOCALS (current_function_decl))) VERIFICATION_ERROR_WITH_INDEX ("invalid local variable index %d in load"); tmp = type_map[index]; if (tmp == TYPE_UNKNOWN) VERIFICATION_ERROR_WITH_INDEX ("loading local variable %d which has unknown type"); else if (tmp == TYPE_SECOND || (TYPE_IS_WIDE (type) && type_map[index+1] != void_type_node) || (type == ptr_type_node ? TREE_CODE (tmp) != POINTER_TYPE : type == int_type_node ? (! INTEGRAL_TYPE_P (tmp) || TYPE_PRECISION (tmp) > 32) : type != tmp)) VERIFICATION_ERROR_WITH_INDEX ("loading local variable %d which has invalid type"); PUSH_TYPE (tmp); goto note_used; case OPCODE_istore: type = int_type_node; goto general_store; case OPCODE_lstore: type = long_type_node; goto general_store; case OPCODE_fstore: type = float_type_node; goto general_store; case OPCODE_dstore: type = double_type_node; goto general_store; case OPCODE_astore: type = object_ptr_type_node; goto general_store; general_store: index = wide ? IMMEDIATE_u2 : IMMEDIATE_u1; wide = 0; goto store; case OPCODE_istore_0: type = int_type_node; index = 0; goto store; case OPCODE_istore_1: type = int_type_node; index = 1; goto store; case OPCODE_istore_2: type = int_type_node; index = 2; goto store; case OPCODE_istore_3: type = int_type_node; index = 3; goto store; case OPCODE_lstore_0: type = long_type_node; index=0; goto store; case OPCODE_lstore_1: type = long_type_node; index=1; goto store; case OPCODE_lstore_2: type = long_type_node; index=2; goto store; case OPCODE_lstore_3: type = long_type_node; index=3; goto store; case OPCODE_fstore_0: type=float_type_node; index=0; goto store; case OPCODE_fstore_1: type=float_type_node; index=1; goto store; case OPCODE_fstore_2: type=float_type_node; index=2; goto store; case OPCODE_fstore_3: type=float_type_node; index=3; goto store; case OPCODE_dstore_0: type=double_type_node; index=0; goto store; case OPCODE_dstore_1: type=double_type_node; index=1; goto store; case OPCODE_dstore_2: type=double_type_node; index=2; goto store; case OPCODE_dstore_3: type=double_type_node; index=3; goto store; case OPCODE_astore_0: type = ptr_type_node; index = 0; goto store; case OPCODE_astore_1: type = ptr_type_node; index = 1; goto store; case OPCODE_astore_2: type = ptr_type_node; index = 2; goto store; case OPCODE_astore_3: type = ptr_type_node; index = 3; goto store; store: if (index < 0 || (index + TYPE_IS_WIDE (type) >= DECL_MAX_LOCALS (current_function_decl))) { VERIFICATION_ERROR_WITH_INDEX ("invalid local variable index %d in store"); return 0; } POP_TYPE_CONV (type, type, NULL); type_map[index] = type; /* If a local variable has changed, we need to reconsider exception handlers. */ prev_eh_ranges = NULL_EH_RANGE; /* Allocate decl for this variable now, so we get a temporary ! that survives the whole method. */ find_local_variable (index, type, oldpc); if (TYPE_IS_WIDE (type)) type_map[index+1] = TYPE_SECOND; /* ... fall through to note_used ... */ note_used: /* For store or load, note that local variable INDEX is used. This is needed to verify try-finally subroutines. */ if (current_subr) { tree vec = LABEL_RETURN_TYPE_STATE (current_subr); tree subr_vec = LABEL_TYPE_STATE (current_subr); int len = 1 + TYPE_IS_WIDE (type); while (--len >= 0) { if (TREE_VEC_ELT (vec, index) == TYPE_UNUSED) TREE_VEC_ELT (vec, index) = TREE_VEC_ELT (subr_vec, index); } } break; case OPCODE_iadd: case OPCODE_iand: case OPCODE_idiv: case OPCODE_imul: case OPCODE_ior: case OPCODE_irem: case OPCODE_ishl: case OPCODE_ishr: case OPCODE_isub: case OPCODE_iushr: case OPCODE_ixor: type = int_type_node; goto binop; case OPCODE_ineg: case OPCODE_i2c: case OPCODE_i2b: case OPCODE_i2s: type = int_type_node; goto unop; case OPCODE_ladd: case OPCODE_land: case OPCODE_ldiv: case OPCODE_lsub: case OPCODE_lmul: case OPCODE_lrem: case OPCODE_lor: case OPCODE_lxor: type = long_type_node; goto binop; case OPCODE_lneg: type = long_type_node; goto unop; case OPCODE_fadd: case OPCODE_fsub: case OPCODE_fmul: case OPCODE_fdiv: case OPCODE_frem: type = float_type_node; goto binop; case OPCODE_fneg: type = float_type_node; goto unop; case OPCODE_dadd: case OPCODE_dsub: case OPCODE_dmul: case OPCODE_ddiv: case OPCODE_drem: type = double_type_node; goto binop; case OPCODE_dneg: type = double_type_node; goto unop; unop: pop_type (type); PUSH_TYPE (type); break; binop: pop_type (type); pop_type (type); PUSH_TYPE (type); break; case OPCODE_lshl: case OPCODE_lshr: case OPCODE_lushr: pop_type (int_type_node); pop_type (long_type_node); PUSH_TYPE (long_type_node); break; case OPCODE_iinc: index = wide ? IMMEDIATE_u2 : IMMEDIATE_u1; PC += wide + 1; wide = 0; if (index < 0 || index >= DECL_MAX_LOCALS (current_function_decl)) VERIFICATION_ERROR ("invalid local variable index in iinc"); tmp = type_map[index]; if (tmp == NULL_TREE || ! INTEGRAL_TYPE_P (tmp) || TYPE_PRECISION (tmp) > 32) VERIFICATION_ERROR ("invalid local variable type in iinc"); break; case OPCODE_i2l: pop_type (int_type_node); PUSH_TYPE (long_type_node); break; case OPCODE_i2f: pop_type (int_type_node); PUSH_TYPE (float_type_node); break; case OPCODE_i2d: pop_type (int_type_node); PUSH_TYPE (double_type_node); break; case OPCODE_l2i: pop_type (long_type_node); PUSH_TYPE (int_type_node); break; case OPCODE_l2f: pop_type (long_type_node); PUSH_TYPE (float_type_node); break; case OPCODE_l2d: pop_type (long_type_node); PUSH_TYPE (double_type_node); break; case OPCODE_f2i: pop_type (float_type_node); PUSH_TYPE (int_type_node); break; case OPCODE_f2l: pop_type (float_type_node); PUSH_TYPE (long_type_node); break; case OPCODE_f2d: pop_type (float_type_node); PUSH_TYPE (double_type_node); break; case OPCODE_d2i: pop_type (double_type_node); PUSH_TYPE (int_type_node); break; case OPCODE_d2l: pop_type (double_type_node); PUSH_TYPE (long_type_node); break; case OPCODE_d2f: pop_type (double_type_node); PUSH_TYPE (float_type_node); break; case OPCODE_lcmp: type = long_type_node; goto compare; case OPCODE_fcmpl: case OPCODE_fcmpg: type = float_type_node; goto compare; case OPCODE_dcmpl: case OPCODE_dcmpg: type = double_type_node; goto compare; compare: pop_type (type); pop_type (type); PUSH_TYPE (int_type_node); break; case OPCODE_ifeq: case OPCODE_ifne: case OPCODE_iflt: case OPCODE_ifge: case OPCODE_ifgt: case OPCODE_ifle: pop_type (int_type_node); goto cond; case OPCODE_ifnull: case OPCODE_ifnonnull: pop_type (ptr_type_node ); goto cond; case OPCODE_if_icmpeq: case OPCODE_if_icmpne: case OPCODE_if_icmplt: case OPCODE_if_icmpge: case OPCODE_if_icmpgt: case OPCODE_if_icmple: pop_type (int_type_node); pop_type (int_type_node); goto cond; case OPCODE_if_acmpeq: case OPCODE_if_acmpne: pop_type (object_ptr_type_node); pop_type (object_ptr_type_node); goto cond; cond: PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s2)); break; case OPCODE_goto: PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s2)); INVALIDATE_PC; break; case OPCODE_wide: switch (byte_ops[PC]) { case OPCODE_iload: case OPCODE_lload: case OPCODE_fload: case OPCODE_dload: case OPCODE_aload: case OPCODE_istore: case OPCODE_lstore: case OPCODE_fstore: case OPCODE_dstore: case OPCODE_astore: case OPCODE_iinc: case OPCODE_ret: wide = 1; break; default: VERIFICATION_ERROR ("invalid use of wide instruction"); } break; case OPCODE_return: type = void_type_node; goto ret; case OPCODE_ireturn: if ((TREE_CODE (return_type) == BOOLEAN_TYPE || TREE_CODE (return_type) == CHAR_TYPE || TREE_CODE (return_type) == INTEGER_TYPE) && TYPE_PRECISION (return_type) <= 32) type = return_type; else type = NULL_TREE; goto ret; case OPCODE_lreturn: type = long_type_node; goto ret; case OPCODE_freturn: type = float_type_node; goto ret; case OPCODE_dreturn: type = double_type_node; goto ret; case OPCODE_areturn: if (TREE_CODE (return_type) == POINTER_TYPE) type = return_type; else type = NULL_TREE; goto ret; ret: if (type != return_type) VERIFICATION_ERROR ("incorrect ?return opcode"); if (type != void_type_node) POP_TYPE (type, "return value has wrong type"); INVALIDATE_PC; break; case OPCODE_getstatic: is_putting = 0; is_static = 1; goto field; case OPCODE_putstatic: is_putting = 1; is_static = 1; goto field; case OPCODE_getfield: is_putting = 0; is_static = 0; goto field; case OPCODE_putfield: is_putting = 1; is_static = 0; goto field; field: { tree field_signature, field_type; index = IMMEDIATE_u2; if (index <= 0 || index >= JPOOL_SIZE (current_jcf)) VERIFICATION_ERROR_WITH_INDEX ("bad constant pool index %d"); if (JPOOL_TAG (current_jcf, index) != CONSTANT_Fieldref) VERIFICATION_ERROR ("field instruction does not reference a Fieldref"); field_signature = COMPONENT_REF_SIGNATURE (¤t_jcf->cpool, index); field_type = get_type_from_signature (field_signature); if (is_putting) POP_TYPE (field_type, "incorrect type for field"); if (! is_static) { int clindex = COMPONENT_REF_CLASS_INDEX (¤t_jcf->cpool, index); tree self_type = get_class_constant (current_jcf, clindex); /* Defer actual checking until next pass. */ POP_TYPE (self_type, "incorrect type for field reference"); } if (! is_putting) PUSH_TYPE (field_type); break; } case OPCODE_new: PUSH_TYPE (get_class_constant (jcf, IMMEDIATE_u2)); break; case OPCODE_dup: wide = 1; index = 0; goto dup; case OPCODE_dup_x1: wide = 1; index = 1; goto dup; case OPCODE_dup_x2: wide = 1; index = 2; goto dup; case OPCODE_dup2: wide = 2; index = 0; goto dup; case OPCODE_dup2_x1: wide = 2; index = 1; goto dup; case OPCODE_dup2_x2: wide = 2; index = 2; goto dup; dup: if (wide + index > stack_pointer) VERIFICATION_ERROR ("stack underflow - dup* operation"); type_stack_dup (wide, index); wide = 0; break; case OPCODE_pop: index = 1; goto pop; case OPCODE_pop2: index = 2; goto pop; pop: if (stack_pointer < index) VERIFICATION_ERROR ("stack underflow"); stack_pointer -= index; break; case OPCODE_swap: if (stack_pointer < 2) VERIFICATION_ERROR ("stack underflow (in swap)"); else { tree type1 = stack_type_map[stack_pointer - 1]; tree type2 = stack_type_map[stack_pointer - 2]; if (type1 == void_type_node || type2 == void_type_node) VERIFICATION_ERROR ("verifier (swap): double or long value"); stack_type_map[stack_pointer - 2] = type1; stack_type_map[stack_pointer - 1] = type2; } break; case OPCODE_ldc: index = IMMEDIATE_u1; goto ldc; case OPCODE_ldc2_w: case OPCODE_ldc_w: index = IMMEDIATE_u2; goto ldc; ldc: if (index <= 0 || index >= JPOOL_SIZE (current_jcf)) VERIFICATION_ERROR_WITH_INDEX ("bad constant pool index %d in ldc"); int_value = -1; switch (JPOOL_TAG (current_jcf, index) & ~CONSTANT_ResolvedFlag) { case CONSTANT_Integer: type = int_type_node; goto check_ldc; case CONSTANT_Float: type = float_type_node; goto check_ldc; case CONSTANT_String: type = string_type_node; goto check_ldc; case CONSTANT_Long: type = long_type_node; goto check_ldc; case CONSTANT_Double: type = double_type_node; goto check_ldc; check_ldc: if (TYPE_IS_WIDE (type) == (op_code == OPCODE_ldc2_w)) break; /* ... else fall through ... */ default: VERIFICATION_ERROR ("bad constant pool tag in ldc"); } if (type == int_type_node) { i = TREE_INT_CST_LOW (get_constant (current_jcf, index)); goto push_int; } PUSH_TYPE (type); break; case OPCODE_invokevirtual: case OPCODE_invokespecial: case OPCODE_invokestatic: case OPCODE_invokeinterface: { tree sig, method_name, method_type, self_type; int self_is_interface, tag; index = IMMEDIATE_u2; if (index <= 0 || index >= JPOOL_SIZE (current_jcf)) VERIFICATION_ERROR_WITH_INDEX ("bad constant pool index %d for invoke"); tag = JPOOL_TAG (current_jcf, index); if (op_code == OPCODE_invokeinterface) { if (tag != CONSTANT_InterfaceMethodref) VERIFICATION_ERROR ("invokeinterface does not reference an InterfaceMethodref"); } else { if (tag != CONSTANT_Methodref) VERIFICATION_ERROR ("invoke does not reference a Methodref"); } sig = COMPONENT_REF_SIGNATURE (¤t_jcf->cpool, index); self_type = get_class_constant (current_jcf, COMPONENT_REF_CLASS_INDEX (¤t_jcf->cpool, index)); if (! CLASS_LOADED_P (self_type)) load_class (self_type, 1); self_is_interface = CLASS_INTERFACE (TYPE_NAME (self_type)); method_name = COMPONENT_REF_NAME (¤t_jcf->cpool, index); method_type = parse_signature_string ((const unsigned char *) IDENTIFIER_POINTER (sig), IDENTIFIER_LENGTH (sig)); if (TREE_CODE (method_type) != FUNCTION_TYPE) VERIFICATION_ERROR ("bad method signature"); pmessage = pop_argument_types (TYPE_ARG_TYPES (method_type)); if (pmessage != NULL) { message = "invalid argument type"; goto pop_type_error; } /* Can't invoke <clinit>. */ if (ID_CLINIT_P (method_name)) VERIFICATION_ERROR ("invoke opcode can't invoke <clinit>"); /* Apart from invokespecial, can't invoke <init>. */ if (op_code != OPCODE_invokespecial && ID_INIT_P (method_name)) VERIFICATION_ERROR ("invoke opcode can't invoke <init>"); if (op_code != OPCODE_invokestatic) POP_TYPE (self_type, "stack type not subclass of invoked method's class"); switch (op_code) { case OPCODE_invokeinterface: { int nargs = IMMEDIATE_u1; int notZero = IMMEDIATE_u1; if (!nargs || notZero) VERIFICATION_ERROR ("invalid argument number in invokeinterface"); /* If we verify/resolve the constant pool, as we should, this test (and the one just following) are redundant. */ if (! self_is_interface) VERIFICATION_ERROR ("invokeinterface calls method not in interface"); break; default: if (self_is_interface) VERIFICATION_ERROR ("method in interface called"); } } if (TREE_TYPE (method_type) != void_type_node) PUSH_TYPE (TREE_TYPE (method_type)); break; } case OPCODE_arraylength: /* Type checking actually made during code generation. */ pop_type (ptr_type_node); PUSH_TYPE (int_type_node); break; /* Q&D verification *or* more checking done during code generation for byte/boolean/char/short, the value popped is a int coerced into the right type before being stored. */ case OPCODE_iastore: type = int_type_node; goto astore; case OPCODE_lastore: type = long_type_node; goto astore; case OPCODE_fastore: type = float_type_node; goto astore; case OPCODE_dastore: type = double_type_node; goto astore; case OPCODE_aastore: type = ptr_type_node; goto astore; case OPCODE_bastore: type = int_type_node; goto astore; case OPCODE_castore: type = int_type_node; goto astore; case OPCODE_sastore: type = int_type_node; goto astore; astore: /* FIXME - need better verification here. */ pop_type (type); /* new value */ pop_type (int_type_node); /* index */ pop_type (ptr_type_node); /* array */ break; /* Q&D verification *or* more checking done during code generation for byte/boolean/char/short, the value pushed is a int. */ case OPCODE_iaload: type = int_type_node; goto aload; case OPCODE_laload: type = long_type_node; goto aload; case OPCODE_faload: type = float_type_node; goto aload; case OPCODE_daload: type = double_type_node; goto aload; case OPCODE_aaload: type = ptr_type_node; goto aload; case OPCODE_baload: type = promote_type (byte_type_node); goto aload; case OPCODE_caload: type = promote_type (char_type_node); goto aload; case OPCODE_saload: type = promote_type (short_type_node); goto aload; aload: pop_type (int_type_node); tmp = pop_type (ptr_type_node); if (is_array_type_p (tmp)) type = TYPE_ARRAY_ELEMENT (TREE_TYPE (tmp)); else if (tmp != TYPE_NULL) VERIFICATION_ERROR ("array load from non-array type"); PUSH_TYPE (type); break; case OPCODE_anewarray: type = get_class_constant (current_jcf, IMMEDIATE_u2); type = promote_type (type); goto newarray; case OPCODE_newarray: index = IMMEDIATE_u1; type = decode_newarray_type (index); if (type == NULL_TREE) VERIFICATION_ERROR ("invalid type code in newarray opcode"); goto newarray; newarray: if (int_value >= 0 && prevpc >= 0) { /* If the previous instruction pushed an int constant, we want to use it. */ switch (byte_ops[prevpc]) { case OPCODE_iconst_0: case OPCODE_iconst_1: case OPCODE_iconst_2: case OPCODE_iconst_3: case OPCODE_iconst_4: case OPCODE_iconst_5: case OPCODE_bipush: case OPCODE_sipush: case OPCODE_ldc: case OPCODE_ldc_w: break; default: int_value = -1; } } else int_value = -1; type = build_java_array_type (type, int_value); pop_type (int_type_node); PUSH_TYPE (type); break; case OPCODE_multianewarray: { int ndim, i; index = IMMEDIATE_u2; ndim = IMMEDIATE_u1; if (ndim < 1) VERIFICATION_ERROR ("number of dimension lower that 1 in multianewarray" ); for (i = 0; i < ndim; i++) pop_type (int_type_node); PUSH_TYPE (get_class_constant (current_jcf, index)); break; } case OPCODE_aconst_null: PUSH_TYPE (ptr_type_node); break; case OPCODE_athrow: /* FIXME: athrow also empties the stack. */ POP_TYPE (throwable_type_node, "missing throwable at athrow" ); INVALIDATE_PC; break; case OPCODE_checkcast: POP_TYPE (object_ptr_type_node, "checkcast operand is not a pointer"); type = get_class_constant (current_jcf, IMMEDIATE_u2); PUSH_TYPE (type); break; case OPCODE_instanceof: POP_TYPE (object_ptr_type_node, "instanceof operand is not a pointer"); get_class_constant (current_jcf, IMMEDIATE_u2); PUSH_TYPE (int_type_node); break; case OPCODE_tableswitch: { jint low, high; POP_TYPE (int_type_node, "missing int for tableswitch"); while (PC%4) { if (byte_ops[PC++]) VERIFICATION_ERROR ("bad alignment in tableswitch pad"); } PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s4)); low = IMMEDIATE_s4; high = IMMEDIATE_s4; if (low > high) VERIFICATION_ERROR ("unsorted low/high value in tableswitch"); while (low++ <= high) PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s4)); INVALIDATE_PC; break; } case OPCODE_lookupswitch: { jint npairs, last = 0, not_registered = 1; POP_TYPE (int_type_node, "missing int for lookupswitch"); while (PC%4) { if (byte_ops[PC++]) VERIFICATION_ERROR ("bad alignment in lookupswitch pad"); } PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s4)); npairs = IMMEDIATE_s4; if (npairs < 0) VERIFICATION_ERROR ("invalid number of targets in lookupswitch"); while (npairs--) { int match = IMMEDIATE_s4; if (not_registered) not_registered = 0; else if (last >= match) VERIFICATION_ERROR ("unsorted match value in lookupswitch"); last = match; PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s4)); } INVALIDATE_PC; break; } case OPCODE_monitorenter: /* fall thru */ case OPCODE_monitorexit: pop_type (ptr_type_node); break; case OPCODE_goto_w: PUSH_PENDING (lookup_label (oldpc + IMMEDIATE_s4)); INVALIDATE_PC; break; case OPCODE_jsr: { tree target = lookup_label (oldpc + IMMEDIATE_s2); tree return_label = lookup_label (PC); PUSH_TYPE (return_address_type_node); /* The return label chain will be null if this is the first time we've seen this jsr target. */ if (LABEL_RETURN_LABEL (target) == NULL_TREE) { tree return_type_map; int nlocals = DECL_MAX_LOCALS (current_function_decl); index = nlocals + DECL_MAX_STACK (current_function_decl); return_type_map = make_tree_vec (index); while (index > nlocals) TREE_VEC_ELT (return_type_map, --index) = TYPE_UNKNOWN; while (index > 0) TREE_VEC_ELT (return_type_map, --index) = TYPE_UNUSED; LABEL_RETURN_LABEL (target) = build_decl (LABEL_DECL, NULL_TREE, TREE_TYPE (target)); LABEL_PC (LABEL_RETURN_LABEL (target)) = INVALID_PC; LABEL_RETURN_TYPE_STATE (target) = return_type_map; LABEL_IS_SUBR_START (target) = 1; LABEL_IN_SUBR (target) = 1; LABEL_SUBR_START (target) = target; LABEL_SUBR_CONTEXT (target) = current_subr; } else if (! LABEL_IS_SUBR_START (target) || LABEL_SUBR_CONTEXT (target) != current_subr) VERIFICATION_ERROR ("label part of different subroutines"); i = merge_type_state (target); if (i != 0) { if (i < 0) VERIFICATION_ERROR ("types could not be merged at jsr"); push_pending_label (target); } current_subr = target; /* Chain return_pc onto LABEL_RETURN_LABELS (target) if needed. */ if (! value_member (return_label, LABEL_RETURN_LABELS (target))) { LABEL_RETURN_LABELS (target) = tree_cons (NULL_TREE, return_label, LABEL_RETURN_LABELS (target)); } if (LABEL_VERIFIED (target)) { tree return_map = LABEL_RETURN_TYPE_STATE (target); int len = TREE_VEC_LENGTH (return_map); stack_pointer = len - DECL_MAX_LOCALS (current_function_decl); while (--len >= 0) { if (TREE_VEC_ELT (return_map, len) != TYPE_UNUSED) type_map[len] = TREE_VEC_ELT (return_map, len); } current_subr = LABEL_SUBR_CONTEXT (target); if (RETURN_MAP_ADJUSTED (return_map)) PUSH_PENDING (return_label); } INVALIDATE_PC; } break; case OPCODE_ret: if (current_subr == NULL_TREE) VERIFICATION_ERROR ("ret instruction not in a jsr subroutine"); else { tree ret_map = LABEL_RETURN_TYPE_STATE (current_subr); int size = DECL_MAX_LOCALS (current_function_decl) + stack_pointer; index = wide ? IMMEDIATE_u2 : IMMEDIATE_u1; wide = 0; INVALIDATE_PC; if (index < 0 || index >= DECL_MAX_LOCALS (current_function_decl) || type_map[index] != TYPE_RETURN_ADDR) VERIFICATION_ERROR ("invalid ret index"); /* The next chunk of code is similar to an inlined version of merge_type_state (LABEL_RETURN_LABEL (current_subr)). The main differences are that LABEL_RETURN_LABEL is pre-allocated by the jsr (but we don't know the size then); and that we have to handle TYPE_UNUSED. */ if (! RETURN_MAP_ADJUSTED (ret_map)) { /* First return from this subroutine - fix stack pointer. */ TREE_VEC_LENGTH (ret_map) = size; for (index = size; --index >= 0; ) { if (TREE_VEC_ELT (ret_map, index) != TYPE_UNUSED) TREE_VEC_ELT (ret_map, index) = type_map[index]; } RETURN_MAP_ADJUSTED (ret_map) = 1; } else { if (TREE_VEC_LENGTH (ret_map) != size) VERIFICATION_ERROR ("inconsistent stack size on ret"); for (index = 0; index < size; index++) { tree type = TREE_VEC_ELT (ret_map, index); if (type != TYPE_UNUSED) { type = merge_types (type, type_map[index]); TREE_VEC_ELT (ret_map, index) = type; if (type == TYPE_UNKNOWN) { if (index >= size - stack_pointer) VERIFICATION_ERROR ("inconsistent types on ret from jsr"); } else if (TYPE_IS_WIDE (type)) index++; } } } } break; case OPCODE_jsr_w: case OPCODE_ret_w: default: error ("unknown opcode %d@pc=%d during verification", op_code, PC-1); return 0; } prevpc = oldpc; /* The following test is true if we have entered or exited an exception handler range *or* we have done a store to a local variable. In either case we need to consider any exception handlers that might "follow" this instruction. */ if (eh_ranges != prev_eh_ranges) { int save_stack_pointer = stack_pointer; int index = DECL_MAX_LOCALS (current_function_decl); tree save_type = type_map[index]; tree save_current_subr = current_subr; struct eh_range *ranges = find_handler (oldpc); stack_pointer = 1; for ( ; ranges != NULL_EH_RANGE; ranges = ranges->outer) { tree chain = ranges->handlers; /* We need to determine if the handler is part of current_subr. The are two cases: (1) The exception catch range is entirely within current_subr. In that case the handler is also part of current_subr. (2) Some of the catch range is not in current_subr. In that case, the handler is *not* part of current_subr. Figuring out which is the case is not necessarily obvious, in the presence of clever code generators (and obfuscators). We make a simplifying assumption that in case (2) we have that the current_subr is entirely within the catch range. In that case we can assume if that if a caller (the jsr) of a subroutine is within the catch range, then the handler is *not* part of the subroutine, and vice versa. */ current_subr = save_current_subr; for ( ; current_subr != NULL_TREE; current_subr = LABEL_SUBR_CONTEXT (current_subr)) { tree return_labels = LABEL_RETURN_LABELS (current_subr); /* There could be multiple return_labels, but we only need to check one. */ int return_pc = LABEL_PC (TREE_VALUE (return_labels)); if (return_pc <= ranges->start_pc || return_pc > ranges->end_pc) break; } for ( ; chain != NULL_TREE; chain = TREE_CHAIN (chain)) { tree handler = TREE_VALUE (chain); tree type = TREE_PURPOSE (chain); if (type == NULL_TREE) /* a finally handler */ type = throwable_type_node; type_map[index] = promote_type (type); PUSH_PENDING (handler); } } stack_pointer = save_stack_pointer; current_subr = save_current_subr; type_map[index] = save_type; prev_eh_ranges = eh_ranges; } } return 1; pop_type_error: error ("verification error at PC=%d", oldpc); if (message != NULL) error ("%s", message); error ("%s", pmessage); free (pmessage); return 0; stack_overflow: message = "stack overflow"; goto verify_error; bad_pc: message = "program counter out of range"; goto verify_error; error_with_index: error ("verification error at PC=%d", oldpc); error (message, index); return 0; verify_error: error ("verification error at PC=%d", oldpc); error ("%s", message); return 0; }