Bug Summary

File:jdk/src/java.base/share/native/libverify/check_code.c
Warning:line 2292, column 55
Access to field 'item' results in a dereference of a null pointer (loaded from variable 'stack')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name check_code.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -mthread-model posix -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -fno-rounding-math -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib/llvm-10/lib/clang/10.0.0 -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/modules_include/java.base -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/modules_include/java.base/linux -I /home/daniel/Projects/java/jdk/src/java.base/share/native/libjava -I /home/daniel/Projects/java/jdk/src/java.base/unix/native/libjava -I /home/daniel/Projects/java/jdk/src/hotspot/share/include -I /home/daniel/Projects/java/jdk/src/hotspot/os/posix/include -D LIBC=gnu -D _GNU_SOURCE -D _REENTRANT -D _LARGEFILE64_SOURCE -D LINUX -D DEBUG -D _LITTLE_ENDIAN -D ARCH="amd64" -D amd64 -D _LP64=1 -I /home/daniel/Projects/java/jdk/src/java.base/share/native/libverify -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/headers/java.base -D _FORTIFY_SOURCE=2 -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wno-unused -std=c99 -fdebug-compilation-dir /home/daniel/Projects/java/jdk/make -ferror-limit 19 -fmessage-length 0 -fvisibility hidden -stack-protector 1 -fgnuc-version=4.2.1 -fobjc-runtime=gcc -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -o /home/daniel/Projects/java/scan/2021-12-21-193737-8510-1 -x c /home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c
1/*
2 * Copyright (c) 1994, 2021, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26/*-
27 * Verify that the code within a method block doesn't exploit any
28 * security holes.
29 */
30/*
31 Exported function:
32
33 jboolean
34 VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *message_buffer,
35 jint buffer_length, jint major_version)
36
37 This file now only uses the standard JNI and the following VM functions
38 exported in jvm.h:
39
40 JVM_FindClassFromClass
41 JVM_IsInterface
42 JVM_GetClassNameUTF
43 JVM_GetClassCPEntriesCount
44 JVM_GetClassCPTypes
45 JVM_GetClassFieldsCount
46 JVM_GetClassMethodsCount
47
48 JVM_GetFieldIxModifiers
49
50 JVM_GetMethodIxModifiers
51 JVM_GetMethodIxExceptionTableLength
52 JVM_GetMethodIxLocalsCount
53 JVM_GetMethodIxArgsSize
54 JVM_GetMethodIxMaxStack
55 JVM_GetMethodIxNameUTF
56 JVM_GetMethodIxSignatureUTF
57 JVM_GetMethodIxExceptionsCount
58 JVM_GetMethodIxExceptionIndexes
59 JVM_GetMethodIxByteCodeLength
60 JVM_GetMethodIxByteCode
61 JVM_GetMethodIxExceptionTableEntry
62 JVM_IsConstructorIx
63
64 JVM_GetCPClassNameUTF
65 JVM_GetCPFieldNameUTF
66 JVM_GetCPMethodNameUTF
67 JVM_GetCPFieldSignatureUTF
68 JVM_GetCPMethodSignatureUTF
69 JVM_GetCPFieldClassNameUTF
70 JVM_GetCPMethodClassNameUTF
71 JVM_GetCPFieldModifiers
72 JVM_GetCPMethodModifiers
73
74 JVM_ReleaseUTF
75 JVM_IsSameClassPackage
76
77 */
78
79#include <string.h>
80#include <setjmp.h>
81#include <assert.h>
82#include <limits.h>
83#include <stdlib.h>
84
85#include "jni.h"
86#include "jni_util.h"
87#include "jvm.h"
88#include "classfile_constants.h"
89#include "opcodes.in_out"
90
91/* On AIX malloc(0) and calloc(0, ...) return a NULL pointer, which is legal,
92 * but the code here does not handles it. So we wrap the methods and return non-NULL
93 * pointers even if we allocate 0 bytes.
94 */
95#ifdef _AIX
96static int aix_dummy;
97static void* aix_malloc(size_t len) {
98 if (len == 0) {
99 return &aix_dummy;
100 }
101 return malloc(len);
102}
103
104static void* aix_calloc(size_t n, size_t size) {
105 if (n == 0) {
106 return &aix_dummy;
107 }
108 return calloc(n, size);
109}
110
111static void aix_free(void* p) {
112 if (p == &aix_dummy) {
113 return;
114 }
115 free(p);
116}
117
118#undef malloc
119#undef calloc
120#undef free
121#define malloc aix_malloc
122#define calloc aix_calloc
123#define free aix_free
124#endif
125
126#ifdef __APPLE__
127/* use setjmp/longjmp versions that do not save/restore the signal mask */
128#define setjmp _setjmp
129#define longjmp _longjmp
130#endif
131
132#define MAX_ARRAY_DIMENSIONS255 255
133/* align byte code */
134#ifndef ALIGN_UP
135#define ALIGN_UP(n,align_grain)(((n) + ((align_grain) - 1)) & ~((align_grain)-1)) (((n) + ((align_grain) - 1)) & ~((align_grain)-1))
136#endif /* ALIGN_UP */
137#define UCALIGN(n)((unsigned char *)((((uintptr_t)(n)) + ((sizeof(int)) - 1)) &
~((sizeof(int))-1))) ((unsigned char *)ALIGN_UP((uintptr_t)(n),sizeof(int))((((uintptr_t)(n)) + ((sizeof(int)) - 1)) & ~((sizeof(int
))-1)))
138
139#ifdef DEBUG1
140
141int verify_verbose = 0;
142static struct context_type *GlobalContext;
143#endif
144
145enum {
146 ITEM_Bogus,
147 ITEM_Void, /* only as a function return value */
148 ITEM_Integer,
149 ITEM_Float,
150 ITEM_Double,
151 ITEM_Double_2, /* 2nd word of double in register */
152 ITEM_Long,
153 ITEM_Long_2, /* 2nd word of long in register */
154 ITEM_Array,
155 ITEM_Object, /* Extra info field gives name. */
156 ITEM_NewObject, /* Like object, but uninitialized. */
157 ITEM_InitObject, /* "this" is init method, before call
158 to super() */
159 ITEM_ReturnAddress, /* Extra info gives instr # of start pc */
160 /* The following four are only used within array types.
161 * Normally, we use ITEM_Integer, instead. */
162 ITEM_Byte,
163 ITEM_Short,
164 ITEM_Char,
165 ITEM_Boolean
166};
167
168
169#define UNKNOWN_STACK_SIZE-1 -1
170#define UNKNOWN_REGISTER_COUNT-1 -1
171#define UNKNOWN_RET_INSTRUCTION-1 -1
172
173#undef MAX
174#undef MIN
175#define MAX(a, b)((a) > (b) ? (a) : (b)) ((a) > (b) ? (a) : (b))
176#define MIN(a, b)((a) < (b) ? (a) : (b)) ((a) < (b) ? (a) : (b))
177
178#define BITS_PER_INT(8 * sizeof(int)/sizeof(char)) (CHAR_BIT8 * sizeof(int)/sizeof(char))
179#define SET_BIT(flags, i)(flags[(i)/(8 * sizeof(int)/sizeof(char))] |= ((unsigned)1 <<
((i) % (8 * sizeof(int)/sizeof(char))))) (flags[(i)/BITS_PER_INT(8 * sizeof(int)/sizeof(char))] |= \
180 ((unsigned)1 << ((i) % BITS_PER_INT(8 * sizeof(int)/sizeof(char)))))
181#define IS_BIT_SET(flags, i)(flags[(i)/(8 * sizeof(int)/sizeof(char))] & ((unsigned)1
<< ((i) % (8 * sizeof(int)/sizeof(char))))) (flags[(i)/BITS_PER_INT(8 * sizeof(int)/sizeof(char))] & \
182 ((unsigned)1 << ((i) % BITS_PER_INT(8 * sizeof(int)/sizeof(char)))))
183
184typedef unsigned int fullinfo_type;
185typedef unsigned int *bitvector;
186
187#define GET_ITEM_TYPE(thing)((thing) & 0x1F) ((thing) & 0x1F)
188#define GET_INDIRECTION(thing)(((thing) & 0xFFFF) >> 5) (((thing) & 0xFFFF) >> 5)
189#define GET_EXTRA_INFO(thing)((thing) >> 16) ((thing) >> 16)
190#define WITH_ZERO_INDIRECTION(thing)((thing) & ~(0xFFE0)) ((thing) & ~(0xFFE0))
191#define WITH_ZERO_EXTRA_INFO(thing)((thing) & 0xFFFF) ((thing) & 0xFFFF)
192
193#define MAKE_FULLINFO(type, indirect, extra)((type) + ((indirect) << 5) + ((extra) << 16)) \
194 ((type) + ((indirect) << 5) + ((extra) << 16))
195
196#define MAKE_Object_ARRAY(indirect)(context->object_info + ((indirect) << 5)) \
197 (context->object_info + ((indirect) << 5))
198
199#define NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16)) MAKE_FULLINFO(ITEM_Object, 0, 0)((ITEM_Object) + ((0) << 5) + ((0) << 16))
200
201/* JVM_OPC_invokespecial calls to <init> need to be treated special */
202#define JVM_OPC_invokeinit0x100 0x100
203
204/* A hash mechanism used by the verifier.
205 * Maps class names to unique 16 bit integers.
206 */
207
208#define HASH_TABLE_SIZE503 503
209
210/* The buckets are managed as a 256 by 256 matrix. We allocate an entire
211 * row (256 buckets) at a time to minimize fragmentation. Rows are
212 * allocated on demand so that we don't waste too much space.
213 */
214
215#define MAX_HASH_ENTRIES65536 65536
216#define HASH_ROW_SIZE256 256
217
218typedef struct hash_bucket_type {
219 char *name;
220 unsigned int hash;
221 jclass class;
222 unsigned short ID;
223 unsigned short next;
224 unsigned loadable:1; /* from context->class loader */
225} hash_bucket_type;
226
227typedef struct {
228 hash_bucket_type **buckets;
229 unsigned short *table;
230 int entries_used;
231} hash_table_type;
232
233#define GET_BUCKET(class_hash, ID)(class_hash->buckets[ID / 256] + ID % 256)\
234 (class_hash->buckets[ID / HASH_ROW_SIZE256] + ID % HASH_ROW_SIZE256)
235
236/*
237 * There are currently two types of resources that we need to keep
238 * track of (in addition to the CCalloc pool).
239 */
240enum {
241 VM_STRING_UTF, /* VM-allocated UTF strings */
242 VM_MALLOC_BLK /* malloc'ed blocks */
243};
244
245#define LDC_CLASS_MAJOR_VERSION49 49
246
247#define LDC_METHOD_HANDLE_MAJOR_VERSION51 51
248
249#define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION51 51
250
251#define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION52 52
252
253#define ALLOC_STACK_SIZE16 16 /* big enough */
254
255typedef struct alloc_stack_type {
256 void *ptr;
257 int kind;
258 struct alloc_stack_type *next;
259} alloc_stack_type;
260
261/* The context type encapsulates the current invocation of the byte
262 * code verifier.
263 */
264struct context_type {
265
266 JNIEnv *env; /* current JNIEnv */
267
268 /* buffers etc. */
269 char *message;
270 jint message_buf_len;
271 jboolean err_code;
272
273 alloc_stack_type *allocated_memory; /* all memory blocks that we have not
274 had a chance to free */
275 /* Store up to ALLOC_STACK_SIZE number of handles to allocated memory
276 blocks here, to save mallocs. */
277 alloc_stack_type alloc_stack[ALLOC_STACK_SIZE16];
278 int alloc_stack_top;
279
280 /* these fields are per class */
281 jclass class; /* current class */
282 jint major_version;
283 jint nconstants;
284 unsigned char *constant_types;
285 hash_table_type class_hash;
286
287 fullinfo_type object_info; /* fullinfo for java/lang/Object */
288 fullinfo_type string_info; /* fullinfo for java/lang/String */
289 fullinfo_type throwable_info; /* fullinfo for java/lang/Throwable */
290 fullinfo_type cloneable_info; /* fullinfo for java/lang/Cloneable */
291 fullinfo_type serializable_info; /* fullinfo for java/io/Serializable */
292
293 fullinfo_type currentclass_info; /* fullinfo for context->class */
294 fullinfo_type superclass_info; /* fullinfo for superclass */
295
296 /* these fields are per method */
297 int method_index; /* current method */
298 unsigned short *exceptions; /* exceptions */
299 unsigned char *code; /* current code object */
300 jint code_length;
301 int *code_data; /* offset to instruction number */
302 struct instruction_data_type *instruction_data; /* info about each */
303 struct handler_info_type *handler_info;
304 fullinfo_type *superclasses; /* null terminated superclasses */
305 int instruction_count; /* number of instructions */
306 fullinfo_type return_type; /* function return type */
307 fullinfo_type swap_table[4]; /* used for passing information */
308 int bitmask_size; /* words needed to hold bitmap of arguments */
309
310 /* these fields are per field */
311 int field_index;
312
313 /* Used by the space allocator */
314 struct CCpool *CCroot, *CCcurrent;
315 char *CCfree_ptr;
316 int CCfree_size;
317
318 /* Jump here on any error. */
319 jmp_buf jump_buffer;
320
321#ifdef DEBUG1
322 /* keep track of how many global refs are allocated. */
323 int n_globalrefs;
324#endif
325};
326
327struct stack_info_type {
328 struct stack_item_type *stack;
329 int stack_size;
330};
331
332struct register_info_type {
333 int register_count; /* number of registers used */
334 fullinfo_type *registers;
335 int mask_count; /* number of masks in the following */
336 struct mask_type *masks;
337};
338
339struct mask_type {
340 int entry;
341 int *modifies;
342};
343
344typedef unsigned short flag_type;
345
346struct instruction_data_type {
347 int opcode; /* may turn into "canonical" opcode */
348 unsigned changed:1; /* has it changed */
349 unsigned protected:1; /* must accessor be a subclass of "this" */
350 union {
351 int i; /* operand to the opcode */
352 int *ip;
353 fullinfo_type fi;
354 } operand, operand2;
355 fullinfo_type p;
356 struct stack_info_type stack_info;
357 struct register_info_type register_info;
358#define FLAG_REACHED0x01 0x01 /* instruction reached */
359#define FLAG_NEED_CONSTRUCTOR0x02 0x02 /* must call this.<init> or super.<init> */
360#define FLAG_NO_RETURN0x04 0x04 /* must throw out of method */
361 flag_type or_flags; /* true for at least one path to this inst */
362#define FLAG_CONSTRUCTED0x01 0x01 /* this.<init> or super.<init> called */
363 flag_type and_flags; /* true for all paths to this instruction */
364};
365
366struct handler_info_type {
367 int start, end, handler;
368 struct stack_info_type stack_info;
369};
370
371struct stack_item_type {
372 fullinfo_type item;
373 struct stack_item_type *next;
374};
375
376typedef struct context_type context_type;
377typedef struct instruction_data_type instruction_data_type;
378typedef struct stack_item_type stack_item_type;
379typedef struct register_info_type register_info_type;
380typedef struct stack_info_type stack_info_type;
381typedef struct mask_type mask_type;
382
383static void read_all_code(context_type *context, jclass cb, int num_methods,
384 int** code_lengths, unsigned char*** code);
385static void verify_method(context_type *context, jclass cb, int index,
386 int code_length, unsigned char* code);
387static void free_all_code(context_type* context, int num_methods,
388 unsigned char** code);
389static void verify_field(context_type *context, jclass cb, int index);
390
391static void verify_opcode_operands (context_type *, unsigned int inumber, int offset);
392static void set_protected(context_type *, unsigned int inumber, int key, int);
393static jboolean is_superclass(context_type *, fullinfo_type);
394
395static void initialize_exception_table(context_type *);
396static int instruction_length(unsigned char *iptr, unsigned char *end);
397static jboolean isLegalTarget(context_type *, int offset);
398static void verify_constant_pool_type(context_type *, int, unsigned);
399
400static void initialize_dataflow(context_type *);
401static void run_dataflow(context_type *context);
402static void check_register_values(context_type *context, unsigned int inumber);
403static void check_flags(context_type *context, unsigned int inumber);
404static void pop_stack(context_type *, unsigned int inumber, stack_info_type *);
405static void update_registers(context_type *, unsigned int inumber, register_info_type *);
406static void update_flags(context_type *, unsigned int inumber,
407 flag_type *new_and_flags, flag_type *new_or_flags);
408static void push_stack(context_type *, unsigned int inumber, stack_info_type *stack);
409
410static void merge_into_successors(context_type *, unsigned int inumber,
411 register_info_type *register_info,
412 stack_info_type *stack_info,
413 flag_type and_flags, flag_type or_flags);
414static void merge_into_one_successor(context_type *context,
415 unsigned int from_inumber,
416 unsigned int inumber,
417 register_info_type *register_info,
418 stack_info_type *stack_info,
419 flag_type and_flags, flag_type or_flags,
420 jboolean isException);
421static void merge_stack(context_type *, unsigned int inumber,
422 unsigned int to_inumber, stack_info_type *);
423static void merge_registers(context_type *, unsigned int inumber,
424 unsigned int to_inumber,
425 register_info_type *);
426static void merge_flags(context_type *context, unsigned int from_inumber,
427 unsigned int to_inumber,
428 flag_type new_and_flags, flag_type new_or_flags);
429
430static stack_item_type *copy_stack(context_type *, stack_item_type *);
431static mask_type *copy_masks(context_type *, mask_type *masks, int mask_count);
432static mask_type *add_to_masks(context_type *, mask_type *, int , int);
433
434static fullinfo_type decrement_indirection(fullinfo_type);
435
436static fullinfo_type merge_fullinfo_types(context_type *context,
437 fullinfo_type a,
438 fullinfo_type b,
439 jboolean assignment);
440static jboolean isAssignableTo(context_type *,
441 fullinfo_type a,
442 fullinfo_type b);
443
444static jclass object_fullinfo_to_classclass(context_type *, fullinfo_type);
445
446
447#define NEW(type, count)((type *)CCalloc(context, (count)*(sizeof(type)), 0)) \
448 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_FALSE0))
449#define ZNEW(type, count)((type *)CCalloc(context, (count)*(sizeof(type)), 1)) \
450 ((type *)CCalloc(context, (count)*(sizeof(type)), JNI_TRUE1))
451
452static void CCinit(context_type *context);
453static void CCreinit(context_type *context);
454static void CCdestroy(context_type *context);
455static void *CCalloc(context_type *context, int size, jboolean zero);
456
457static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
458
459static const char* get_result_signature(const char* signature);
460
461static char signature_to_fieldtype(context_type *context,
462 const char **signature_p, fullinfo_type *info);
463
464static void CCerror (context_type *, char *format, ...);
465static void CFerror (context_type *, char *format, ...);
466static void CCout_of_memory (context_type *);
467
468/* Because we can longjmp any time, we need to be very careful about
469 * remembering what needs to be freed. */
470
471static void check_and_push(context_type *context, const void *ptr, int kind);
472static void pop_and_free(context_type *context);
473
474static int signature_to_args_size(const char *method_signature);
475
476#ifdef DEBUG1
477static void print_stack (context_type *, stack_info_type *stack_info);
478static void print_registers(context_type *, register_info_type *register_info);
479static void print_flags(context_type *, flag_type, flag_type);
480static void print_formatted_fieldname(context_type *context, int index);
481static void print_formatted_methodname(context_type *context, int index);
482#endif
483
484/*
485 * Declare library specific JNI_Onload entry if static build
486 */
487DEF_STATIC_JNI_OnLoad
488
489void initialize_class_hash(context_type *context)
490{
491 hash_table_type *class_hash = &(context->class_hash);
492 class_hash->buckets = (hash_bucket_type **)
493 calloc(MAX_HASH_ENTRIES65536 / HASH_ROW_SIZE256, sizeof(hash_bucket_type *));
494 class_hash->table = (unsigned short *)
495 calloc(HASH_TABLE_SIZE503, sizeof(unsigned short));
496 if (class_hash->buckets == 0 ||
497 class_hash->table == 0)
498 CCout_of_memory(context);
499 class_hash->entries_used = 0;
500}
501
502static void finalize_class_hash(context_type *context)
503{
504 hash_table_type *class_hash = &(context->class_hash);
505 JNIEnv *env = context->env;
506 int i;
507 /* 4296677: bucket index starts from 1. */
508 for (i=1;i<=class_hash->entries_used;i++) {
509 hash_bucket_type *bucket = GET_BUCKET(class_hash, i)(class_hash->buckets[i / 256] + i % 256);
510 assert(bucket != NULL)((bucket != ((void*)0)) ? (void) (0) : __assert_fail ("bucket != NULL"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 510, __extension__ __PRETTY_FUNCTION__));
511 free(bucket->name);
512 if (bucket->class) {
513 (*env)->DeleteGlobalRef(env, bucket->class);
514#ifdef DEBUG1
515 context->n_globalrefs--;
516#endif
517 }
518 }
519 if (class_hash->buckets) {
520 for (i=0;i<MAX_HASH_ENTRIES65536 / HASH_ROW_SIZE256; i++) {
521 if (class_hash->buckets[i] == 0)
522 break;
523 free(class_hash->buckets[i]);
524 }
525 }
526 free(class_hash->buckets);
527 free(class_hash->table);
528}
529
530static hash_bucket_type *
531new_bucket(context_type *context, unsigned short *pID)
532{
533 hash_table_type *class_hash = &(context->class_hash);
534 int i = *pID = class_hash->entries_used + 1;
535 int row = i / HASH_ROW_SIZE256;
536 if (i >= MAX_HASH_ENTRIES65536)
537 CCerror(context, "Exceeded verifier's limit of 65535 referred classes");
538 if (class_hash->buckets[row] == 0) {
539 class_hash->buckets[row] = (hash_bucket_type*)
540 calloc(HASH_ROW_SIZE256, sizeof(hash_bucket_type));
541 if (class_hash->buckets[row] == 0)
542 CCout_of_memory(context);
543 }
544 class_hash->entries_used++; /* only increment when we are sure there
545 is no overflow. */
546 return GET_BUCKET(class_hash, i)(class_hash->buckets[i / 256] + i % 256);
547}
548
549static unsigned int
550class_hash_fun(const char *s)
551{
552 int i;
553 unsigned raw_hash;
554 for (raw_hash = 0; (i = *s) != '\0'; ++s)
555 raw_hash = raw_hash * 37 + i;
556 return raw_hash;
557}
558
559/*
560 * Find a class using the defining loader of the current class
561 * and return a local reference to it.
562 */
563static jclass load_class_local(context_type *context,const char *classname)
564{
565 jclass cb = JVM_FindClassFromClass(context->env, classname,
566 JNI_FALSE0, context->class);
567 if (cb == 0)
568 CCerror(context, "Cannot find class %s", classname);
569 return cb;
570}
571
572/*
573 * Find a class using the defining loader of the current class
574 * and return a global reference to it.
575 */
576static jclass load_class_global(context_type *context, const char *classname)
577{
578 JNIEnv *env = context->env;
579 jclass local, global;
580
581 local = load_class_local(context, classname);
582 global = (*env)->NewGlobalRef(env, local);
583 if (global == 0)
584 CCout_of_memory(context);
585#ifdef DEBUG1
586 context->n_globalrefs++;
587#endif
588 (*env)->DeleteLocalRef(env, local);
589 return global;
590}
591
592/*
593 * Return a unique ID given a local class reference. The loadable
594 * flag is true if the defining class loader of context->class
595 * is known to be capable of loading the class.
596 */
597static unsigned short
598class_to_ID(context_type *context, jclass cb, jboolean loadable)
599{
600 JNIEnv *env = context->env;
601 hash_table_type *class_hash = &(context->class_hash);
602 unsigned int hash;
603 hash_bucket_type *bucket;
604 unsigned short *pID;
605 const char *name = JVM_GetClassNameUTF(env, cb);
606
607 check_and_push(context, name, VM_STRING_UTF);
608 hash = class_hash_fun(name);
609 pID = &(class_hash->table[hash % HASH_TABLE_SIZE503]);
610 while (*pID) {
611 bucket = GET_BUCKET(class_hash, *pID)(class_hash->buckets[*pID / 256] + *pID % 256);
612 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
613 /*
614 * There is an unresolved entry with our name
615 * so we're forced to load it in case it matches us.
616 */
617 if (bucket->class == 0) {
618 assert(bucket->loadable == JNI_TRUE)((bucket->loadable == 1) ? (void) (0) : __assert_fail ("bucket->loadable == JNI_TRUE"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 618, __extension__ __PRETTY_FUNCTION__));
619 bucket->class = load_class_global(context, name);
620 }
621
622 /*
623 * It's already in the table. Update the loadable
624 * state if it's known and then we're done.
625 */
626 if ((*env)->IsSameObject(env, cb, bucket->class)) {
627 if (loadable && !bucket->loadable)
628 bucket->loadable = JNI_TRUE1;
629 goto done;
630 }
631 }
632 pID = &bucket->next;
633 }
634 bucket = new_bucket(context, pID);
635 bucket->next = 0;
636 bucket->hash = hash;
637 bucket->name = malloc(strlen(name) + 1);
638 if (bucket->name == 0)
639 CCout_of_memory(context);
640 strcpy(bucket->name, name);
641 bucket->loadable = loadable;
642 bucket->class = (*env)->NewGlobalRef(env, cb);
643 if (bucket->class == 0)
644 CCout_of_memory(context);
645#ifdef DEBUG1
646 context->n_globalrefs++;
647#endif
648
649done:
650 pop_and_free(context);
651 return *pID;
652}
653
654/*
655 * Return a unique ID given a class name from the constant pool.
656 * All classes are lazily loaded from the defining loader of
657 * context->class.
658 */
659static unsigned short
660class_name_to_ID(context_type *context, const char *name)
661{
662 hash_table_type *class_hash = &(context->class_hash);
663 unsigned int hash = class_hash_fun(name);
664 hash_bucket_type *bucket;
665 unsigned short *pID;
666 jboolean force_load = JNI_FALSE0;
667
668 pID = &(class_hash->table[hash % HASH_TABLE_SIZE503]);
669 while (*pID) {
670 bucket = GET_BUCKET(class_hash, *pID)(class_hash->buckets[*pID / 256] + *pID % 256);
671 if (bucket->hash == hash && strcmp(name, bucket->name) == 0) {
672 if (bucket->loadable)
673 goto done;
674 force_load = JNI_TRUE1;
675 }
676 pID = &bucket->next;
677 }
678
679 if (force_load) {
680 /*
681 * We found at least one matching named entry for a class that
682 * was not known to be loadable through the defining class loader
683 * of context->class. We must load our named class and update
684 * the hash table in case one these entries matches our class.
685 */
686 JNIEnv *env = context->env;
687 jclass cb = load_class_local(context, name);
688 unsigned short id = class_to_ID(context, cb, JNI_TRUE1);
689 (*env)->DeleteLocalRef(env, cb);
690 return id;
691 }
692
693 bucket = new_bucket(context, pID);
694 bucket->next = 0;
695 bucket->class = 0;
696 bucket->loadable = JNI_TRUE1; /* name-only IDs are implicitly loadable */
697 bucket->hash = hash;
698 bucket->name = malloc(strlen(name) + 1);
699 if (bucket->name == 0)
700 CCout_of_memory(context);
701 strcpy(bucket->name, name);
702
703done:
704 return *pID;
705}
706
707#ifdef DEBUG1
708static const char *
709ID_to_class_name(context_type *context, unsigned short ID)
710{
711 hash_table_type *class_hash = &(context->class_hash);
712 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID)(class_hash->buckets[ID / 256] + ID % 256);
713 return bucket->name;
714}
715#endif
716
717static jclass
718ID_to_class(context_type *context, unsigned short ID)
719{
720 hash_table_type *class_hash = &(context->class_hash);
721 hash_bucket_type *bucket = GET_BUCKET(class_hash, ID)(class_hash->buckets[ID / 256] + ID % 256);
722 if (bucket->class == 0) {
723 assert(bucket->loadable == JNI_TRUE)((bucket->loadable == 1) ? (void) (0) : __assert_fail ("bucket->loadable == JNI_TRUE"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 723, __extension__ __PRETTY_FUNCTION__));
724 bucket->class = load_class_global(context, bucket->name);
725 }
726 return bucket->class;
727}
728
729static fullinfo_type
730make_loadable_class_info(context_type *context, jclass cb)
731{
732 return MAKE_FULLINFO(ITEM_Object, 0,((ITEM_Object) + ((0) << 5) + ((class_to_ID(context, cb
, 1)) << 16))
733 class_to_ID(context, cb, JNI_TRUE))((ITEM_Object) + ((0) << 5) + ((class_to_ID(context, cb
, 1)) << 16));
734}
735
736static fullinfo_type
737make_class_info(context_type *context, jclass cb)
738{
739 return MAKE_FULLINFO(ITEM_Object, 0,((ITEM_Object) + ((0) << 5) + ((class_to_ID(context, cb
, 0)) << 16))
740 class_to_ID(context, cb, JNI_FALSE))((ITEM_Object) + ((0) << 5) + ((class_to_ID(context, cb
, 0)) << 16));
741}
742
743static fullinfo_type
744make_class_info_from_name(context_type *context, const char *name)
745{
746 return MAKE_FULLINFO(ITEM_Object, 0,((ITEM_Object) + ((0) << 5) + ((class_name_to_ID(context
, name)) << 16))
747 class_name_to_ID(context, name))((ITEM_Object) + ((0) << 5) + ((class_name_to_ID(context
, name)) << 16));
748}
749
750/* RETURNS
751 * 1: on success chosen to be consistent with previous VerifyClass
752 * 0: verify error
753 * 2: out of memory
754 * 3: class format error
755 *
756 * Called by verify_class. Verify the code of each of the methods
757 * in a class. Note that this function apparently can't be JNICALL,
758 * because if it is the dynamic linker doesn't appear to be able to
759 * find it on Win32.
760 */
761
762#define CC_OK1 1
763#define CC_VerifyError0 0
764#define CC_OutOfMemory2 2
765#define CC_ClassFormatError3 3
766
767JNIEXPORT__attribute__((visibility("default"))) jboolean
768VerifyClassForMajorVersion(JNIEnv *env, jclass cb, char *buffer, jint len,
769 jint major_version)
770{
771 context_type context_structure;
772 context_type *context = &context_structure;
773 jboolean result = CC_OK1;
774 int i;
775 int num_methods;
776 int* code_lengths;
777 unsigned char** code;
778
779#ifdef DEBUG1
780 GlobalContext = context;
781#endif
782
783 memset(context, 0, sizeof(context_type));
784 context->message = buffer;
785 context->message_buf_len = len;
786
787 context->env = env;
788 context->class = cb;
789
790 /* Set invalid method/field index of the context, in case anyone
791 calls CCerror */
792 context->method_index = -1;
793 context->field_index = -1;
794
795 /* Don't call CCerror or anything that can call it above the setjmp! */
796 if (!setjmp(context->jump_buffer)_setjmp (context->jump_buffer)) {
797 jclass super;
798
799 CCinit(context); /* initialize heap; may throw */
800
801 initialize_class_hash(context);
802
803 context->major_version = major_version;
804 context->nconstants = JVM_GetClassCPEntriesCount(env, cb);
805 context->constant_types = (unsigned char *)
806 malloc(sizeof(unsigned char) * context->nconstants + 1);
807
808 if (context->constant_types == 0)
809 CCout_of_memory(context);
810
811 JVM_GetClassCPTypes(env, cb, context->constant_types);
812
813 if (context->constant_types == 0)
814 CCout_of_memory(context);
815
816 context->object_info =
817 make_class_info_from_name(context, "java/lang/Object");
818 context->string_info =
819 make_class_info_from_name(context, "java/lang/String");
820 context->throwable_info =
821 make_class_info_from_name(context, "java/lang/Throwable");
822 context->cloneable_info =
823 make_class_info_from_name(context, "java/lang/Cloneable");
824 context->serializable_info =
825 make_class_info_from_name(context, "java/io/Serializable");
826
827 context->currentclass_info = make_loadable_class_info(context, cb);
828
829 super = (*env)->GetSuperclass(env, cb);
830
831 if (super != 0) {
832 fullinfo_type *gptr;
833 int i = 0;
834
835 context->superclass_info = make_loadable_class_info(context, super);
836
837 while(super != 0) {
838 jclass tmp_cb = (*env)->GetSuperclass(env, super);
839 (*env)->DeleteLocalRef(env, super);
840 super = tmp_cb;
841 i++;
842 }
843 (*env)->DeleteLocalRef(env, super);
844 super = 0;
845
846 /* Can't go on context heap since it survives more than
847 one method */
848 context->superclasses = gptr =
849 malloc(sizeof(fullinfo_type)*(i + 1));
850 if (gptr == 0) {
851 CCout_of_memory(context);
852 }
853
854 super = (*env)->GetSuperclass(env, context->class);
855 while(super != 0) {
856 jclass tmp_cb;
857 *gptr++ = make_class_info(context, super);
858 tmp_cb = (*env)->GetSuperclass(env, super);
859 (*env)->DeleteLocalRef(env, super);
860 super = tmp_cb;
861 }
862 *gptr = 0;
863 } else {
864 context->superclass_info = 0;
865 }
866
867 (*env)->DeleteLocalRef(env, super);
868
869 /* Look at each method */
870 for (i = JVM_GetClassFieldsCount(env, cb); --i >= 0;)
871 verify_field(context, cb, i);
872 num_methods = JVM_GetClassMethodsCount(env, cb);
873 read_all_code(context, cb, num_methods, &code_lengths, &code);
874 for (i = num_methods - 1; i >= 0; --i)
875 verify_method(context, cb, i, code_lengths[i], code[i]);
876 free_all_code(context, num_methods, code);
877 result = CC_OK1;
878 } else {
879 result = context->err_code;
880 }
881
882 /* Cleanup */
883 finalize_class_hash(context);
884
885 while(context->allocated_memory)
886 pop_and_free(context);
887
888#ifdef DEBUG1
889 GlobalContext = 0;
890#endif
891
892 if (context->exceptions)
893 free(context->exceptions);
894
895 if (context->constant_types)
896 free(context->constant_types);
897
898 if (context->superclasses)
899 free(context->superclasses);
900
901#ifdef DEBUG1
902 /* Make sure all global refs created in the verifier are freed */
903 assert(context->n_globalrefs == 0)((context->n_globalrefs == 0) ? (void) (0) : __assert_fail
("context->n_globalrefs == 0", "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 903, __extension__ __PRETTY_FUNCTION__));
904#endif
905
906 CCdestroy(context); /* destroy heap */
907 return result;
908}
909
910static void
911verify_field(context_type *context, jclass cb, int field_index)
912{
913 JNIEnv *env = context->env;
914 int access_bits = JVM_GetFieldIxModifiers(env, cb, field_index);
915 context->field_index = field_index;
916
917 if ( ((access_bits & JVM_ACC_PUBLIC) != 0) &&
918 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
919 CCerror(context, "Inconsistent access bits.");
920 }
921 context->field_index = -1;
922}
923
924
925/**
926 * We read all of the class's methods' code because it is possible that
927 * the verification of one method could resulting in linking further
928 * down the stack (due to class loading), which could end up rewriting
929 * some of the bytecode of methods we haven't verified yet. Since we
930 * don't want to see the rewritten bytecode, cache all the code and
931 * operate only on that.
932 */
933static void
934read_all_code(context_type* context, jclass cb, int num_methods,
935 int** lengths_addr, unsigned char*** code_addr)
936{
937 int* lengths;
938 unsigned char** code;
939 int i;
940
941 lengths = malloc(sizeof(int) * num_methods);
942 check_and_push(context, lengths, VM_MALLOC_BLK);
943
944 code = malloc(sizeof(unsigned char*) * num_methods);
945 check_and_push(context, code, VM_MALLOC_BLK);
946
947 *(lengths_addr) = lengths;
948 *(code_addr) = code;
949
950 for (i = 0; i < num_methods; ++i) {
951 lengths[i] = JVM_GetMethodIxByteCodeLength(context->env, cb, i);
952 if (lengths[i] > 0) {
953 code[i] = malloc(sizeof(unsigned char) * (lengths[i] + 1));
954 check_and_push(context, code[i], VM_MALLOC_BLK);
955 JVM_GetMethodIxByteCode(context->env, cb, i, code[i]);
956 } else {
957 code[i] = NULL((void*)0);
958 }
959 }
960}
961
962static void
963free_all_code(context_type* context, int num_methods, unsigned char** code)
964{
965 int i;
966 for (i = 0; i < num_methods; ++i) {
967 if (code[i] != NULL((void*)0)) {
968 pop_and_free(context);
969 }
970 }
971 pop_and_free(context); /* code */
972 pop_and_free(context); /* lengths */
973}
974
975/* Verify the code of one method */
976static void
977verify_method(context_type *context, jclass cb, int method_index,
978 int code_length, unsigned char* code)
979{
980 JNIEnv *env = context->env;
981 int access_bits = JVM_GetMethodIxModifiers(env, cb, method_index);
982 int *code_data;
983 instruction_data_type *idata = 0;
984 int instruction_count;
985 int i, offset;
986 unsigned int inumber;
987 jint nexceptions;
988
989 if ((access_bits & (JVM_ACC_NATIVE | JVM_ACC_ABSTRACT)) != 0) {
990 /* not much to do for abstract and native methods */
991 return;
992 }
993
994 context->code_length = code_length;
995 context->code = code;
996
997 /* CCerror can give method-specific info once this is set */
998 context->method_index = method_index;
999
1000 CCreinit(context); /* initial heap */
1001 code_data = NEW(int, code_length)((int *)CCalloc(context, (code_length)*(sizeof(int)), 0));
1002
1003#ifdef DEBUG1
1004 if (verify_verbose) {
1005 const char *classname = JVM_GetClassNameUTF(env, cb);
1006 const char *methodname =
1007 JVM_GetMethodIxNameUTF(env, cb, method_index);
1008 const char *signature =
1009 JVM_GetMethodIxSignatureUTF(env, cb, method_index);
1010 jio_fprintf(stdoutstdout, "Looking at %s.%s%s\n",
1011 (classname ? classname : ""),
1012 (methodname ? methodname : ""),
1013 (signature ? signature : ""));
1014 JVM_ReleaseUTF(classname);
1015 JVM_ReleaseUTF(methodname);
1016 JVM_ReleaseUTF(signature);
1017 }
1018#endif
1019
1020 if (((access_bits & JVM_ACC_PUBLIC) != 0) &&
1021 ((access_bits & (JVM_ACC_PRIVATE | JVM_ACC_PROTECTED)) != 0)) {
1022 CCerror(context, "Inconsistent access bits.");
1023 }
1024
1025 // If this method is an overpass method, which is generated by the VM,
1026 // we trust the code and no check needs to be done.
1027 if (JVM_IsVMGeneratedMethodIx(env, cb, method_index)) {
1028 return;
1029 }
1030
1031 /* Run through the code. Mark the start of each instruction, and give
1032 * the instruction a number */
1033 for (i = 0, offset = 0; offset < code_length; i++) {
1034 int length = instruction_length(&code[offset], code + code_length);
1035 int next_offset = offset + length;
1036 if (length <= 0)
1037 CCerror(context, "Illegal instruction found at offset %d", offset);
1038 if (next_offset > code_length)
1039 CCerror(context, "Code stops in the middle of instruction "
1040 " starting at offset %d", offset);
1041 code_data[offset] = i;
1042 while (++offset < next_offset)
1043 code_data[offset] = -1; /* illegal location */
1044 }
1045 instruction_count = i; /* number of instructions in code */
1046
1047 /* Allocate a structure to hold info about each instruction. */
1048 idata = NEW(instruction_data_type, instruction_count)((instruction_data_type *)CCalloc(context, (instruction_count
)*(sizeof(instruction_data_type)), 0));
1049
1050 /* Initialize the heap, and other info in the context structure. */
1051 context->code = code;
1052 context->instruction_data = idata;
1053 context->code_data = code_data;
1054 context->instruction_count = instruction_count;
1055 context->handler_info =
1056 NEW(struct handler_info_type,((struct handler_info_type *)CCalloc(context, (JVM_GetMethodIxExceptionTableLength
(env, cb, method_index))*(sizeof(struct handler_info_type)), 0
))
1057 JVM_GetMethodIxExceptionTableLength(env, cb, method_index))((struct handler_info_type *)CCalloc(context, (JVM_GetMethodIxExceptionTableLength
(env, cb, method_index))*(sizeof(struct handler_info_type)), 0
));
1058 context->bitmask_size =
1059 (JVM_GetMethodIxLocalsCount(env, cb, method_index)
1060 + (BITS_PER_INT(8 * sizeof(int)/sizeof(char)) - 1))/BITS_PER_INT(8 * sizeof(int)/sizeof(char));
1061
1062 if (instruction_count == 0)
1063 CCerror(context, "Empty code");
1064
1065 for (inumber = 0, offset = 0; offset < code_length; inumber++) {
1066 int length = instruction_length(&code[offset], code + code_length);
1067 instruction_data_type *this_idata = &idata[inumber];
1068 this_idata->opcode = code[offset];
1069 this_idata->stack_info.stack = NULL((void*)0);
1070 this_idata->stack_info.stack_size = UNKNOWN_STACK_SIZE-1;
1071 this_idata->register_info.register_count = UNKNOWN_REGISTER_COUNT-1;
1072 this_idata->changed = JNI_FALSE0; /* no need to look at it yet. */
1073 this_idata->protected = JNI_FALSE0; /* no need to look at it yet. */
1074 this_idata->and_flags = (flag_type) -1; /* "bottom" and value */
1075 this_idata->or_flags = 0; /* "bottom" or value*/
1076 /* This also sets up this_data->operand. It also makes the
1077 * xload_x and xstore_x instructions look like the generic form. */
1078 verify_opcode_operands(context, inumber, offset);
1079 offset += length;
1080 }
1081
1082
1083 /* make sure exception table is reasonable. */
1084 initialize_exception_table(context);
1085 /* Set up first instruction, and start of exception handlers. */
1086 initialize_dataflow(context);
1087 /* Run data flow analysis on the instructions. */
1088 run_dataflow(context);
1089
1090 /* verify checked exceptions, if any */
1091 nexceptions = JVM_GetMethodIxExceptionsCount(env, cb, method_index);
1092 context->exceptions = (unsigned short *)
1093 malloc(sizeof(unsigned short) * nexceptions + 1);
1094 if (context->exceptions == 0)
1095 CCout_of_memory(context);
1096 JVM_GetMethodIxExceptionIndexes(env, cb, method_index,
1097 context->exceptions);
1098 for (i = 0; i < nexceptions; i++) {
1099 /* Make sure the constant pool item is JVM_CONSTANT_Class */
1100 verify_constant_pool_type(context, (int)context->exceptions[i],
1101 1 << JVM_CONSTANT_Class);
1102 }
1103 free(context->exceptions);
1104 context->exceptions = 0;
1105 context->code = 0;
1106 context->method_index = -1;
1107}
1108
1109
1110/* Look at a single instruction, and verify its operands. Also, for
1111 * simplicity, move the operand into the ->operand field.
1112 * Make sure that branches don't go into the middle of nowhere.
1113 */
1114
1115static jint _ck_ntohl(jint n)
1116{
1117 unsigned char *p = (unsigned char *)&n;
1118 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
1119}
1120
1121static void
1122verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
1123{
1124 JNIEnv *env = context->env;
1125 instruction_data_type *idata = context->instruction_data;
1126 instruction_data_type *this_idata = &idata[inumber];
1127 int *code_data = context->code_data;
1128 int mi = context->method_index;
1129 unsigned char *code = context->code;
1130 int opcode = this_idata->opcode;
1131 int var;
1132
1133 /*
1134 * Set the ip fields to 0 not the i fields because the ip fields
1135 * are 64 bits on 64 bit architectures, the i field is only 32
1136 */
1137 this_idata->operand.ip = 0;
1138 this_idata->operand2.ip = 0;
1139
1140 switch (opcode) {
1141
1142 case JVM_OPC_jsr:
1143 /* instruction of ret statement */
1144 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION-1;
1145 /* FALLTHROUGH */
1146 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_iflt:
1147 case JVM_OPC_ifge: case JVM_OPC_ifgt: case JVM_OPC_ifle:
1148 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
1149 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmplt:
1150 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmpgt: case JVM_OPC_if_icmple:
1151 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
1152 case JVM_OPC_goto: {
1153 /* Set the ->operand to be the instruction number of the target. */
1154 int jump = (((signed char)(code[offset+1])) << 8) + code[offset+2];
1155 int target = offset + jump;
1156 if (!isLegalTarget(context, target))
1157 CCerror(context, "Illegal target of jump or branch");
1158 this_idata->operand.i = code_data[target];
1159 break;
1160 }
1161
1162 case JVM_OPC_jsr_w:
1163 /* instruction of ret statement */
1164 this_idata->operand2.i = UNKNOWN_RET_INSTRUCTION-1;
1165 /* FALLTHROUGH */
1166 case JVM_OPC_goto_w: {
1167 /* Set the ->operand to be the instruction number of the target. */
1168 int jump = (((signed char)(code[offset+1])) << 24) +
1169 (code[offset+2] << 16) + (code[offset+3] << 8) +
1170 (code[offset + 4]);
1171 int target = offset + jump;
1172 if (!isLegalTarget(context, target))
1173 CCerror(context, "Illegal target of jump or branch");
1174 this_idata->operand.i = code_data[target];
1175 break;
1176 }
1177
1178 case JVM_OPC_tableswitch:
1179 case JVM_OPC_lookupswitch: {
1180 /* Set the ->operand to be a table of possible instruction targets. */
1181 int *lpc = (int *) UCALIGN(code + offset + 1)((unsigned char *)((((uintptr_t)(code + offset + 1)) + ((sizeof
(int)) - 1)) & ~((sizeof(int))-1)));
1182 int *lptr;
1183 int *saved_operand;
1184 int keys;
1185 int k, delta;
1186
1187 if (context->major_version < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION51) {
1188 /* 4639449, 4647081: Padding bytes must be zero. */
1189 unsigned char* bptr = (unsigned char*) (code + offset + 1);
1190 for (; bptr < (unsigned char*)lpc; bptr++) {
1191 if (*bptr != 0) {
1192 CCerror(context, "Non zero padding bytes in switch");
1193 }
1194 }
1195 }
1196 if (opcode == JVM_OPC_tableswitch) {
1197 keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
1198 delta = 1;
1199 } else {
1200 keys = _ck_ntohl(lpc[1]); /* number of pairs */
1201 delta = 2;
1202 /* Make sure that the tableswitch items are sorted */
1203 for (k = keys - 1, lptr = &lpc[2]; --k >= 0; lptr += 2) {
1204 int this_key = _ck_ntohl(lptr[0]); /* NB: ntohl may be unsigned */
1205 int next_key = _ck_ntohl(lptr[2]);
1206 if (this_key >= next_key) {
1207 CCerror(context, "Unsorted lookup switch");
1208 }
1209 }
1210 }
1211 saved_operand = NEW(int, keys + 2)((int *)CCalloc(context, (keys + 2)*(sizeof(int)), 0));
1212 if (!isLegalTarget(context, offset + _ck_ntohl(lpc[0])))
1213 CCerror(context, "Illegal default target in switch");
1214 saved_operand[keys + 1] = code_data[offset + _ck_ntohl(lpc[0])];
1215 for (k = keys, lptr = &lpc[3]; --k >= 0; lptr += delta) {
1216 int target = offset + _ck_ntohl(lptr[0]);
1217 if (!isLegalTarget(context, target))
1218 CCerror(context, "Illegal branch in tableswitch");
1219 saved_operand[k + 1] = code_data[target];
1220 }
1221 saved_operand[0] = keys + 1; /* number of successors */
1222 this_idata->operand.ip = saved_operand;
1223 break;
1224 }
1225
1226 case JVM_OPC_ldc: {
1227 /* Make sure the constant pool item is the right type. */
1228 int key = code[offset + 1];
1229 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1230 (1 << JVM_CONSTANT_String);
1231 if (context->major_version >= LDC_CLASS_MAJOR_VERSION49) {
1232 types |= 1 << JVM_CONSTANT_Class;
1233 }
1234 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION51) {
1235 types |= (1 << JVM_CONSTANT_MethodHandle) |
1236 (1 << JVM_CONSTANT_MethodType);
1237 }
1238 this_idata->operand.i = key;
1239 verify_constant_pool_type(context, key, types);
1240 break;
1241 }
1242
1243 case JVM_OPC_ldc_w: {
1244 /* Make sure the constant pool item is the right type. */
1245 int key = (code[offset + 1] << 8) + code[offset + 2];
1246 int types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) |
1247 (1 << JVM_CONSTANT_String);
1248 if (context->major_version >= LDC_CLASS_MAJOR_VERSION49) {
1249 types |= 1 << JVM_CONSTANT_Class;
1250 }
1251 if (context->major_version >= LDC_METHOD_HANDLE_MAJOR_VERSION51) {
1252 types |= (1 << JVM_CONSTANT_MethodHandle) |
1253 (1 << JVM_CONSTANT_MethodType);
1254 }
1255 this_idata->operand.i = key;
1256 verify_constant_pool_type(context, key, types);
1257 break;
1258 }
1259
1260 case JVM_OPC_ldc2_w: {
1261 /* Make sure the constant pool item is the right type. */
1262 int key = (code[offset + 1] << 8) + code[offset + 2];
1263 int types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long);
1264 this_idata->operand.i = key;
1265 verify_constant_pool_type(context, key, types);
1266 break;
1267 }
1268
1269 case JVM_OPC_getfield: case JVM_OPC_putfield:
1270 case JVM_OPC_getstatic: case JVM_OPC_putstatic: {
1271 /* Make sure the constant pool item is the right type. */
1272 int key = (code[offset + 1] << 8) + code[offset + 2];
1273 this_idata->operand.i = key;
1274 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Fieldref);
1275 if (opcode == JVM_OPC_getfield || opcode == JVM_OPC_putfield)
1276 set_protected(context, inumber, key, opcode);
1277 break;
1278 }
1279
1280 case JVM_OPC_invokevirtual:
1281 case JVM_OPC_invokespecial:
1282 case JVM_OPC_invokestatic:
1283 case JVM_OPC_invokeinterface: {
1284 /* Make sure the constant pool item is the right type. */
1285 int key = (code[offset + 1] << 8) + code[offset + 2];
1286 const char *methodname;
1287 jclass cb = context->class;
1288 fullinfo_type clazz_info;
1289 int is_constructor, is_internal;
1290 int kind;
1291
1292 switch (opcode ) {
1293 case JVM_OPC_invokestatic:
1294 kind = ((context->major_version < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION52)
1295 ? (1 << JVM_CONSTANT_Methodref)
1296 : ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)));
1297 break;
1298 case JVM_OPC_invokeinterface:
1299 kind = 1 << JVM_CONSTANT_InterfaceMethodref;
1300 break;
1301 default:
1302 kind = 1 << JVM_CONSTANT_Methodref;
1303 }
1304
1305 /* Make sure the constant pool item is the right type. */
1306 verify_constant_pool_type(context, key, kind);
1307 methodname = JVM_GetCPMethodNameUTF(env, cb, key);
1308 check_and_push(context, methodname, VM_STRING_UTF);
1309 is_constructor = !strcmp(methodname, "<init>");
1310 is_internal = methodname[0] == '<';
1311 pop_and_free(context);
1312
1313 clazz_info = cp_index_to_class_fullinfo(context, key,
1314 JVM_CONSTANT_Methodref);
1315 this_idata->operand.i = key;
1316 this_idata->operand2.fi = clazz_info;
1317 if (is_constructor) {
1318 if (opcode != JVM_OPC_invokespecial) {
1319 CCerror(context,
1320 "Must call initializers using invokespecial");
1321 }
1322 this_idata->opcode = JVM_OPC_invokeinit0x100;
1323 } else {
1324 if (is_internal) {
1325 CCerror(context, "Illegal call to internal method");
1326 }
1327 if (opcode == JVM_OPC_invokespecial
1328 && clazz_info != context->currentclass_info
1329 && clazz_info != context->superclass_info) {
1330 int not_found = 1;
1331
1332 jclass super = (*env)->GetSuperclass(env, context->class);
1333 while(super != 0) {
1334 jclass tmp_cb;
1335 fullinfo_type new_info = make_class_info(context, super);
1336 if (clazz_info == new_info) {
1337 not_found = 0;
1338 break;
1339 }
1340 tmp_cb = (*env)->GetSuperclass(env, super);
1341 (*env)->DeleteLocalRef(env, super);
1342 super = tmp_cb;
1343 }
1344 (*env)->DeleteLocalRef(env, super);
1345
1346 /* The optimizer may cause this to happen on local code */
1347 if (not_found) {
1348 CCerror(context, "Illegal use of nonvirtual function call");
1349 }
1350 }
1351 }
1352 if (opcode == JVM_OPC_invokeinterface) {
1353 unsigned int args1;
1354 unsigned int args2;
1355 const char *signature =
1356 JVM_GetCPMethodSignatureUTF(env, context->class, key);
1357 check_and_push(context, signature, VM_STRING_UTF);
1358 args1 = signature_to_args_size(signature) + 1;
1359 args2 = code[offset + 3];
1360 if (args1 != args2) {
1361 CCerror(context,
1362 "Inconsistent args_size for invokeinterface");
1363 }
1364 if (code[offset + 4] != 0) {
1365 CCerror(context,
1366 "Fourth operand byte of invokeinterface must be zero");
1367 }
1368 pop_and_free(context);
1369 } else if (opcode == JVM_OPC_invokevirtual
1370 || opcode == JVM_OPC_invokespecial)
1371 set_protected(context, inumber, key, opcode);
1372 break;
1373 }
1374
1375 case JVM_OPC_invokedynamic:
1376 CCerror(context,
1377 "invokedynamic bytecode is not supported in this class file version");
1378 break;
1379 case JVM_OPC_instanceof:
1380 case JVM_OPC_checkcast:
1381 case JVM_OPC_new:
1382 case JVM_OPC_anewarray:
1383 case JVM_OPC_multianewarray: {
1384 /* Make sure the constant pool item is a class */
1385 int key = (code[offset + 1] << 8) + code[offset + 2];
1386 fullinfo_type target;
1387 verify_constant_pool_type(context, key, 1 << JVM_CONSTANT_Class);
1388 target = cp_index_to_class_fullinfo(context, key, JVM_CONSTANT_Class);
1389 if (GET_ITEM_TYPE(target)((target) & 0x1F) == ITEM_Bogus)
1390 CCerror(context, "Illegal type");
1391 switch(opcode) {
1392 case JVM_OPC_anewarray:
1393 if ((GET_INDIRECTION(target)(((target) & 0xFFFF) >> 5)) >= MAX_ARRAY_DIMENSIONS255)
1394 CCerror(context, "Array with too many dimensions");
1395 this_idata->operand.fi = MAKE_FULLINFO(GET_ITEM_TYPE(target),((((target) & 0x1F)) + (((((target) & 0xFFFF) >>
5) + 1) << 5) + ((((target) >> 16)) << 16)
)
1396 GET_INDIRECTION(target) + 1,((((target) & 0x1F)) + (((((target) & 0xFFFF) >>
5) + 1) << 5) + ((((target) >> 16)) << 16)
)
1397 GET_EXTRA_INFO(target))((((target) & 0x1F)) + (((((target) & 0xFFFF) >>
5) + 1) << 5) + ((((target) >> 16)) << 16)
);
1398 break;
1399 case JVM_OPC_new:
1400 if (WITH_ZERO_EXTRA_INFO(target)((target) & 0xFFFF) !=
1401 MAKE_FULLINFO(ITEM_Object, 0, 0)((ITEM_Object) + ((0) << 5) + ((0) << 16)))
1402 CCerror(context, "Illegal creation of multi-dimensional array");
1403 /* operand gets set to the "unitialized object". operand2 gets
1404 * set to what the value will be after it's initialized. */
1405 this_idata->operand.fi = MAKE_FULLINFO(ITEM_NewObject, 0, inumber)((ITEM_NewObject) + ((0) << 5) + ((inumber) << 16
));
1406 this_idata->operand2.fi = target;
1407 break;
1408 case JVM_OPC_multianewarray:
1409 this_idata->operand.fi = target;
1410 this_idata->operand2.i = code[offset + 3];
1411 if ( (this_idata->operand2.i > (int)GET_INDIRECTION(target)(((target) & 0xFFFF) >> 5))
1412 || (this_idata->operand2.i == 0))
1413 CCerror(context, "Illegal dimension argument");
1414 break;
1415 default:
1416 this_idata->operand.fi = target;
1417 }
1418 break;
1419 }
1420
1421 case JVM_OPC_newarray: {
1422 /* Cache the result of the JVM_OPC_newarray into the operand slot */
1423 fullinfo_type full_info;
1424 switch (code[offset + 1]) {
1425 case JVM_T_INT:
1426 full_info = MAKE_FULLINFO(ITEM_Integer, 1, 0)((ITEM_Integer) + ((1) << 5) + ((0) << 16)); break;
1427 case JVM_T_LONG:
1428 full_info = MAKE_FULLINFO(ITEM_Long, 1, 0)((ITEM_Long) + ((1) << 5) + ((0) << 16)); break;
1429 case JVM_T_FLOAT:
1430 full_info = MAKE_FULLINFO(ITEM_Float, 1, 0)((ITEM_Float) + ((1) << 5) + ((0) << 16)); break;
1431 case JVM_T_DOUBLE:
1432 full_info = MAKE_FULLINFO(ITEM_Double, 1, 0)((ITEM_Double) + ((1) << 5) + ((0) << 16)); break;
1433 case JVM_T_BOOLEAN:
1434 full_info = MAKE_FULLINFO(ITEM_Boolean, 1, 0)((ITEM_Boolean) + ((1) << 5) + ((0) << 16)); break;
1435 case JVM_T_BYTE:
1436 full_info = MAKE_FULLINFO(ITEM_Byte, 1, 0)((ITEM_Byte) + ((1) << 5) + ((0) << 16)); break;
1437 case JVM_T_CHAR:
1438 full_info = MAKE_FULLINFO(ITEM_Char, 1, 0)((ITEM_Char) + ((1) << 5) + ((0) << 16)); break;
1439 case JVM_T_SHORT:
1440 full_info = MAKE_FULLINFO(ITEM_Short, 1, 0)((ITEM_Short) + ((1) << 5) + ((0) << 16)); break;
1441 default:
1442 full_info = 0; /* Keep lint happy */
1443 CCerror(context, "Bad type passed to newarray");
1444 }
1445 this_idata->operand.fi = full_info;
1446 break;
1447 }
1448
1449 /* Fudge iload_x, aload_x, etc to look like their generic cousin. */
1450 case JVM_OPC_iload_0: case JVM_OPC_iload_1: case JVM_OPC_iload_2: case JVM_OPC_iload_3:
1451 this_idata->opcode = JVM_OPC_iload;
1452 var = opcode - JVM_OPC_iload_0;
1453 goto check_local_variable;
1454
1455 case JVM_OPC_fload_0: case JVM_OPC_fload_1: case JVM_OPC_fload_2: case JVM_OPC_fload_3:
1456 this_idata->opcode = JVM_OPC_fload;
1457 var = opcode - JVM_OPC_fload_0;
1458 goto check_local_variable;
1459
1460 case JVM_OPC_aload_0: case JVM_OPC_aload_1: case JVM_OPC_aload_2: case JVM_OPC_aload_3:
1461 this_idata->opcode = JVM_OPC_aload;
1462 var = opcode - JVM_OPC_aload_0;
1463 goto check_local_variable;
1464
1465 case JVM_OPC_lload_0: case JVM_OPC_lload_1: case JVM_OPC_lload_2: case JVM_OPC_lload_3:
1466 this_idata->opcode = JVM_OPC_lload;
1467 var = opcode - JVM_OPC_lload_0;
1468 goto check_local_variable2;
1469
1470 case JVM_OPC_dload_0: case JVM_OPC_dload_1: case JVM_OPC_dload_2: case JVM_OPC_dload_3:
1471 this_idata->opcode = JVM_OPC_dload;
1472 var = opcode - JVM_OPC_dload_0;
1473 goto check_local_variable2;
1474
1475 case JVM_OPC_istore_0: case JVM_OPC_istore_1: case JVM_OPC_istore_2: case JVM_OPC_istore_3:
1476 this_idata->opcode = JVM_OPC_istore;
1477 var = opcode - JVM_OPC_istore_0;
1478 goto check_local_variable;
1479
1480 case JVM_OPC_fstore_0: case JVM_OPC_fstore_1: case JVM_OPC_fstore_2: case JVM_OPC_fstore_3:
1481 this_idata->opcode = JVM_OPC_fstore;
1482 var = opcode - JVM_OPC_fstore_0;
1483 goto check_local_variable;
1484
1485 case JVM_OPC_astore_0: case JVM_OPC_astore_1: case JVM_OPC_astore_2: case JVM_OPC_astore_3:
1486 this_idata->opcode = JVM_OPC_astore;
1487 var = opcode - JVM_OPC_astore_0;
1488 goto check_local_variable;
1489
1490 case JVM_OPC_lstore_0: case JVM_OPC_lstore_1: case JVM_OPC_lstore_2: case JVM_OPC_lstore_3:
1491 this_idata->opcode = JVM_OPC_lstore;
1492 var = opcode - JVM_OPC_lstore_0;
1493 goto check_local_variable2;
1494
1495 case JVM_OPC_dstore_0: case JVM_OPC_dstore_1: case JVM_OPC_dstore_2: case JVM_OPC_dstore_3:
1496 this_idata->opcode = JVM_OPC_dstore;
1497 var = opcode - JVM_OPC_dstore_0;
1498 goto check_local_variable2;
1499
1500 case JVM_OPC_wide:
1501 this_idata->opcode = code[offset + 1];
1502 var = (code[offset + 2] << 8) + code[offset + 3];
1503 switch(this_idata->opcode) {
1504 case JVM_OPC_lload: case JVM_OPC_dload:
1505 case JVM_OPC_lstore: case JVM_OPC_dstore:
1506 goto check_local_variable2;
1507 default:
1508 goto check_local_variable;
1509 }
1510
1511 case JVM_OPC_iinc: /* the increment amount doesn't matter */
1512 case JVM_OPC_ret:
1513 case JVM_OPC_aload: case JVM_OPC_iload: case JVM_OPC_fload:
1514 case JVM_OPC_astore: case JVM_OPC_istore: case JVM_OPC_fstore:
1515 var = code[offset + 1];
1516 check_local_variable:
1517 /* Make sure that the variable number isn't illegal. */
1518 this_idata->operand.i = var;
1519 if (var >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1520 CCerror(context, "Illegal local variable number");
1521 break;
1522
1523 case JVM_OPC_lload: case JVM_OPC_dload: case JVM_OPC_lstore: case JVM_OPC_dstore:
1524 var = code[offset + 1];
1525 check_local_variable2:
1526 /* Make sure that the variable number isn't illegal. */
1527 this_idata->operand.i = var;
1528 if ((var + 1) >= JVM_GetMethodIxLocalsCount(env, context->class, mi))
1529 CCerror(context, "Illegal local variable number");
1530 break;
1531
1532 default:
1533 if (opcode > JVM_OPC_MAX)
1534 CCerror(context, "Quick instructions shouldn't appear yet.");
1535 break;
1536 } /* of switch */
1537}
1538
1539
1540static void
1541set_protected(context_type *context, unsigned int inumber, int key, int opcode)
1542{
1543 JNIEnv *env = context->env;
1544 fullinfo_type clazz_info;
1545 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1546 clazz_info = cp_index_to_class_fullinfo(context, key,
1547 JVM_CONSTANT_Fieldref);
1548 } else {
1549 clazz_info = cp_index_to_class_fullinfo(context, key,
1550 JVM_CONSTANT_Methodref);
1551 }
1552 if (is_superclass(context, clazz_info)) {
1553 jclass calledClass =
1554 object_fullinfo_to_classclass(context, clazz_info);
1555 int access;
1556 /* 4734966: JVM_GetCPFieldModifiers() or JVM_GetCPMethodModifiers() only
1557 searches the referenced field or method in calledClass. The following
1558 while loop is added to search up the superclass chain to make this
1559 symbolic resolution consistent with the field/method resolution
1560 specified in VM spec 5.4.3. */
1561 calledClass = (*env)->NewLocalRef(env, calledClass);
1562 do {
1563 jclass tmp_cb;
1564 if (opcode != JVM_OPC_invokevirtual && opcode != JVM_OPC_invokespecial) {
1565 access = JVM_GetCPFieldModifiers
1566 (env, context->class, key, calledClass);
1567 } else {
1568 access = JVM_GetCPMethodModifiers
1569 (env, context->class, key, calledClass);
1570 }
1571 if (access != -1) {
1572 break;
1573 }
1574 tmp_cb = (*env)->GetSuperclass(env, calledClass);
1575 (*env)->DeleteLocalRef(env, calledClass);
1576 calledClass = tmp_cb;
1577 } while (calledClass != 0);
1578
1579 if (access == -1) {
1580 /* field/method not found, detected at runtime. */
1581 } else if (access & JVM_ACC_PROTECTED) {
1582 if (!JVM_IsSameClassPackage(env, calledClass, context->class))
1583 context->instruction_data[inumber].protected = JNI_TRUE1;
1584 }
1585 (*env)->DeleteLocalRef(env, calledClass);
1586 }
1587}
1588
1589
1590static jboolean
1591is_superclass(context_type *context, fullinfo_type clazz_info) {
1592 fullinfo_type *fptr = context->superclasses;
1593
1594 if (fptr == 0)
1595 return JNI_FALSE0;
1596 for (; *fptr != 0; fptr++) {
1597 if (*fptr == clazz_info)
1598 return JNI_TRUE1;
1599 }
1600 return JNI_FALSE0;
1601}
1602
1603
1604/* Look through each item on the exception table. Each of the fields must
1605 * refer to a legal instruction.
1606 */
1607static void
1608initialize_exception_table(context_type *context)
1609{
1610 JNIEnv *env = context->env;
1611 int mi = context->method_index;
1612 struct handler_info_type *handler_info = context->handler_info;
1613 int *code_data = context->code_data;
1614 int code_length = context->code_length;
1615 int max_stack_size = JVM_GetMethodIxMaxStack(env, context->class, mi);
1616 int i = JVM_GetMethodIxExceptionTableLength(env, context->class, mi);
1617 if (max_stack_size < 1 && i > 0) {
1618 // If the method contains exception handlers, it must have room
1619 // on the expression stack for the exception that the VM could push
1620 CCerror(context, "Stack size too large");
1621 }
1622 for (; --i >= 0; handler_info++) {
1623 JVM_ExceptionTableEntryType einfo;
1624 stack_item_type *stack_item = NEW(stack_item_type, 1)((stack_item_type *)CCalloc(context, (1)*(sizeof(stack_item_type
)), 0));
1625
1626 JVM_GetMethodIxExceptionTableEntry(env, context->class, mi,
1627 i, &einfo);
1628
1629 if (!(einfo.start_pc < einfo.end_pc &&
1630 einfo.start_pc >= 0 &&
1631 isLegalTarget(context, einfo.start_pc) &&
1632 (einfo.end_pc == code_length ||
1633 isLegalTarget(context, einfo.end_pc)))) {
1634 CFerror(context, "Illegal exception table range");
1635 }
1636 if (!((einfo.handler_pc > 0) &&
1637 isLegalTarget(context, einfo.handler_pc))) {
1638 CFerror(context, "Illegal exception table handler");
1639 }
1640
1641 handler_info->start = code_data[einfo.start_pc];
1642 /* einfo.end_pc may point to one byte beyond the end of bytecodes. */
1643 handler_info->end = (einfo.end_pc == context->code_length) ?
1644 context->instruction_count : code_data[einfo.end_pc];
1645 handler_info->handler = code_data[einfo.handler_pc];
1646 handler_info->stack_info.stack = stack_item;
1647 handler_info->stack_info.stack_size = 1;
1648 stack_item->next = NULL((void*)0);
1649 if (einfo.catchType != 0) {
1650 const char *classname;
1651 /* Constant pool entry type has been checked in format checker */
1652 classname = JVM_GetCPClassNameUTF(env,
1653 context->class,
1654 einfo.catchType);
1655 check_and_push(context, classname, VM_STRING_UTF);
1656 stack_item->item = make_class_info_from_name(context, classname);
1657 if (!isAssignableTo(context,
1658 stack_item->item,
1659 context->throwable_info))
1660 CCerror(context, "catch_type not a subclass of Throwable");
1661 pop_and_free(context);
1662 } else {
1663 stack_item->item = context->throwable_info;
1664 }
1665 }
1666}
1667
1668
1669/* Given a pointer to an instruction, return its length. Use the table
1670 * opcode_length[] which is automatically built.
1671 */
1672static int instruction_length(unsigned char *iptr, unsigned char *end)
1673{
1674 static unsigned char opcode_length[] = JVM_OPCODE_LENGTH_INITIALIZER{ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 2, 3,
3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3
, 3, 3, 3, 3, 3, 2, 99, 99, 1, 1, 1, 1, 1, 1, 3, 3, 3, 3, 3, 3
, 3, 5, 5, 3, 2, 3, 1, 1, 3, 3, 1, 1, 0, 4, 3, 3, 5, 5 };
1675 int instruction = *iptr;
1676 switch (instruction) {
1677 case JVM_OPC_tableswitch: {
1678 int *lpc = (int *)UCALIGN(iptr + 1)((unsigned char *)((((uintptr_t)(iptr + 1)) + ((sizeof(int)) -
1)) & ~((sizeof(int))-1)));
1679 int index;
1680 if (lpc + 2 >= (int *)end) {
1681 return -1; /* do not read pass the end */
1682 }
1683 index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
1684 if ((index < 0) || (index > 65535)) {
1685 return -1; /* illegal */
1686 } else {
1687 unsigned char *finish = (unsigned char *)(&lpc[index + 4]);
1688 assert(finish >= iptr)((finish >= iptr) ? (void) (0) : __assert_fail ("finish >= iptr"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 1688, __extension__ __PRETTY_FUNCTION__));
1689 return (int)(finish - iptr);
1690 }
1691 }
1692
1693 case JVM_OPC_lookupswitch: {
1694 int *lpc = (int *) UCALIGN(iptr + 1)((unsigned char *)((((uintptr_t)(iptr + 1)) + ((sizeof(int)) -
1)) & ~((sizeof(int))-1)));
1695 int npairs;
1696 if (lpc + 1 >= (int *)end)
1697 return -1; /* do not read pass the end */
1698 npairs = _ck_ntohl(lpc[1]);
1699 /* There can't be more than 64K labels because of the limit
1700 * on per-method byte code length.
1701 */
1702 if (npairs < 0 || npairs >= 65536)
1703 return -1;
1704 else {
1705 unsigned char *finish = (unsigned char *)(&lpc[2 * (npairs + 1)]);
1706 assert(finish >= iptr)((finish >= iptr) ? (void) (0) : __assert_fail ("finish >= iptr"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 1706, __extension__ __PRETTY_FUNCTION__));
1707 return (int)(finish - iptr);
1708 }
1709 }
1710
1711 case JVM_OPC_wide:
1712 if (iptr + 1 >= end)
1713 return -1; /* do not read pass the end */
1714 switch(iptr[1]) {
1715 case JVM_OPC_ret:
1716 case JVM_OPC_iload: case JVM_OPC_istore:
1717 case JVM_OPC_fload: case JVM_OPC_fstore:
1718 case JVM_OPC_aload: case JVM_OPC_astore:
1719 case JVM_OPC_lload: case JVM_OPC_lstore:
1720 case JVM_OPC_dload: case JVM_OPC_dstore:
1721 return 4;
1722 case JVM_OPC_iinc:
1723 return 6;
1724 default:
1725 return -1;
1726 }
1727
1728 default: {
1729 if (instruction < 0 || instruction > JVM_OPC_MAX)
1730 return -1;
1731
1732 /* A length of 0 indicates an error. */
1733 if (opcode_length[instruction] <= 0)
1734 return -1;
1735
1736 return opcode_length[instruction];
1737 }
1738 }
1739}
1740
1741
1742/* Given the target of a branch, make sure that it's a legal target. */
1743static jboolean
1744isLegalTarget(context_type *context, int offset)
1745{
1746 int code_length = context->code_length;
1747 int *code_data = context->code_data;
1748 return (offset >= 0 && offset < code_length && code_data[offset] >= 0);
1749}
1750
1751
1752/* Make sure that an element of the constant pool really is of the indicated
1753 * type.
1754 */
1755static void
1756verify_constant_pool_type(context_type *context, int index, unsigned mask)
1757{
1758 int nconstants = context->nconstants;
1759 unsigned char *type_table = context->constant_types;
1760 unsigned type;
1761
1762 if ((index <= 0) || (index >= nconstants))
1763 CCerror(context, "Illegal constant pool index");
1764
1765 type = type_table[index];
1766 if ((mask & (1 << type)) == 0)
1767 CCerror(context, "Illegal type in constant pool");
1768}
1769
1770
1771static void
1772initialize_dataflow(context_type *context)
1773{
1774 JNIEnv *env = context->env;
1775 instruction_data_type *idata = context->instruction_data;
1776 int mi = context->method_index;
1777 jclass cb = context->class;
1778 int args_size = JVM_GetMethodIxArgsSize(env, cb, mi);
1779 fullinfo_type *reg_ptr;
1780 fullinfo_type full_info;
1781 const char *p;
1782 const char *signature;
1783
1784 /* Initialize the function entry, since we know everything about it. */
1785 idata[0].stack_info.stack_size = 0;
1786 idata[0].stack_info.stack = NULL((void*)0);
1787 idata[0].register_info.register_count = args_size;
1788 idata[0].register_info.registers = NEW(fullinfo_type, args_size)((fullinfo_type *)CCalloc(context, (args_size)*(sizeof(fullinfo_type
)), 0));
1789 idata[0].register_info.mask_count = 0;
1790 idata[0].register_info.masks = NULL((void*)0);
1791 idata[0].and_flags = 0; /* nothing needed */
1792 idata[0].or_flags = FLAG_REACHED0x01; /* instruction reached */
1793 reg_ptr = idata[0].register_info.registers;
1794
1795 if ((JVM_GetMethodIxModifiers(env, cb, mi) & JVM_ACC_STATIC) == 0) {
1796 /* A non static method. If this is an <init> method, the first
1797 * argument is an uninitialized object. Otherwise it is an object of
1798 * the given class type. java.lang.Object.<init> is special since
1799 * we don't call its superclass <init> method.
1800 */
1801 if (JVM_IsConstructorIx(env, cb, mi)
1802 && context->currentclass_info != context->object_info) {
1803 *reg_ptr++ = MAKE_FULLINFO(ITEM_InitObject, 0, 0)((ITEM_InitObject) + ((0) << 5) + ((0) << 16));
1804 idata[0].or_flags |= FLAG_NEED_CONSTRUCTOR0x02;
1805 } else {
1806 *reg_ptr++ = context->currentclass_info;
1807 }
1808 }
1809 signature = JVM_GetMethodIxSignatureUTF(env, cb, mi);
1810 check_and_push(context, signature, VM_STRING_UTF);
1811 /* Fill in each of the arguments into the registers. */
1812 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
1813 char fieldchar = signature_to_fieldtype(context, &p, &full_info);
1814 switch (fieldchar) {
1815 case 'D': case 'L':
1816 *reg_ptr++ = full_info;
1817 *reg_ptr++ = full_info + 1;
1818 break;
1819 default:
1820 *reg_ptr++ = full_info;
1821 break;
1822 }
1823 }
1824 p++; /* skip over right parenthesis */
1825 if (*p == 'V') {
1826 context->return_type = MAKE_FULLINFO(ITEM_Void, 0, 0)((ITEM_Void) + ((0) << 5) + ((0) << 16));
1827 } else {
1828 signature_to_fieldtype(context, &p, &full_info);
1829 context->return_type = full_info;
1830 }
1831 pop_and_free(context);
1832 /* Indicate that we need to look at the first instruction. */
1833 idata[0].changed = JNI_TRUE1;
1834}
1835
1836
1837/* Run the data flow analysis, as long as there are things to change. */
1838static void
1839run_dataflow(context_type *context) {
1840 JNIEnv *env = context->env;
1841 int mi = context->method_index;
1842 jclass cb = context->class;
1843 int max_stack_size = JVM_GetMethodIxMaxStack(env, cb, mi);
1844 instruction_data_type *idata = context->instruction_data;
1845 unsigned int icount = context->instruction_count;
1846 jboolean work_to_do = JNI_TRUE1;
1847 unsigned int inumber;
1848
1849 /* Run through the loop, until there is nothing left to do. */
1850 while (work_to_do) {
1851 work_to_do = JNI_FALSE0;
1852 for (inumber = 0; inumber < icount; inumber++) {
1853 instruction_data_type *this_idata = &idata[inumber];
1854 if (this_idata->changed) {
1855 register_info_type new_register_info;
1856 stack_info_type new_stack_info;
1857 flag_type new_and_flags, new_or_flags;
1858
1859 this_idata->changed = JNI_FALSE0;
1860 work_to_do = JNI_TRUE1;
1861#ifdef DEBUG1
1862 if (verify_verbose) {
1863 int opcode = this_idata->opcode;
1864 jio_fprintf(stdoutstdout, "Instruction %d: ", inumber);
1865 print_stack(context, &this_idata->stack_info);
1866 print_registers(context, &this_idata->register_info);
1867 print_flags(context,
1868 this_idata->and_flags, this_idata->or_flags);
1869 fflush(stdoutstdout);
1870 }
1871#endif
1872 /* Make sure the registers and flags are appropriate */
1873 check_register_values(context, inumber);
1874 check_flags(context, inumber);
1875
1876 /* Make sure the stack can deal with this instruction */
1877 pop_stack(context, inumber, &new_stack_info);
1878
1879 /* Update the registers and flags */
1880 update_registers(context, inumber, &new_register_info);
1881 update_flags(context, inumber, &new_and_flags, &new_or_flags);
1882
1883 /* Update the stack. */
1884 push_stack(context, inumber, &new_stack_info);
1885
1886 if (new_stack_info.stack_size > max_stack_size)
1887 CCerror(context, "Stack size too large");
1888#ifdef DEBUG1
1889 if (verify_verbose) {
1890 jio_fprintf(stdoutstdout, " ");
1891 print_stack(context, &new_stack_info);
1892 print_registers(context, &new_register_info);
1893 print_flags(context, new_and_flags, new_or_flags);
1894 fflush(stdoutstdout);
1895 }
1896#endif
1897 /* Add the new stack and register information to any
1898 * instructions that can follow this instruction. */
1899 merge_into_successors(context, inumber,
1900 &new_register_info, &new_stack_info,
1901 new_and_flags, new_or_flags);
1902 }
1903 }
1904 }
1905}
1906
1907
1908/* Make sure that the registers contain a legitimate value for the given
1909 * instruction.
1910*/
1911
1912static void
1913check_register_values(context_type *context, unsigned int inumber)
1914{
1915 instruction_data_type *idata = context->instruction_data;
1916 instruction_data_type *this_idata = &idata[inumber];
1917 int opcode = this_idata->opcode;
1918 int operand = this_idata->operand.i;
1919 int register_count = this_idata->register_info.register_count;
1920 fullinfo_type *registers = this_idata->register_info.registers;
1921 jboolean double_word = JNI_FALSE0; /* default value */
1922 int type;
1923
1924 switch (opcode) {
1925 default:
1926 return;
1927 case JVM_OPC_iload: case JVM_OPC_iinc:
1928 type = ITEM_Integer; break;
1929 case JVM_OPC_fload:
1930 type = ITEM_Float; break;
1931 case JVM_OPC_aload:
1932 type = ITEM_Object; break;
1933 case JVM_OPC_ret:
1934 type = ITEM_ReturnAddress; break;
1935 case JVM_OPC_lload:
1936 type = ITEM_Long; double_word = JNI_TRUE1; break;
1937 case JVM_OPC_dload:
1938 type = ITEM_Double; double_word = JNI_TRUE1; break;
1939 }
1940 if (!double_word) {
1941 fullinfo_type reg;
1942 /* Make sure we don't have an illegal register or one with wrong type */
1943 if (operand >= register_count) {
1944 CCerror(context,
1945 "Accessing value from uninitialized register %d", operand);
1946 }
1947 reg = registers[operand];
1948
1949 if (WITH_ZERO_EXTRA_INFO(reg)((reg) & 0xFFFF) == (unsigned)MAKE_FULLINFO(type, 0, 0)((type) + ((0) << 5) + ((0) << 16))) {
1950 /* the register is obviously of the given type */
1951 return;
1952 } else if (GET_INDIRECTION(reg)(((reg) & 0xFFFF) >> 5) > 0 && type == ITEM_Object) {
1953 /* address type stuff be used on all arrays */
1954 return;
1955 } else if (GET_ITEM_TYPE(reg)((reg) & 0x1F) == ITEM_ReturnAddress) {
1956 CCerror(context, "Cannot load return address from register %d",
1957 operand);
1958 /* alternatively
1959 (GET_ITEM_TYPE(reg) == ITEM_ReturnAddress)
1960 && (opcode == JVM_OPC_iload)
1961 && (type == ITEM_Object || type == ITEM_Integer)
1962 but this never occurs
1963 */
1964 } else if (reg == ITEM_InitObject && type == ITEM_Object) {
1965 return;
1966 } else if (WITH_ZERO_EXTRA_INFO(reg)((reg) & 0xFFFF) ==
1967 MAKE_FULLINFO(ITEM_NewObject, 0, 0)((ITEM_NewObject) + ((0) << 5) + ((0) << 16)) &&
1968 type == ITEM_Object) {
1969 return;
1970 } else {
1971 CCerror(context, "Register %d contains wrong type", operand);
1972 }
1973 } else {
1974 /* Make sure we don't have an illegal register or one with wrong type */
1975 if ((operand + 1) >= register_count) {
1976 CCerror(context,
1977 "Accessing value from uninitialized register pair %d/%d",
1978 operand, operand+1);
1979 } else {
1980 if ((registers[operand] == (unsigned)MAKE_FULLINFO(type, 0, 0)((type) + ((0) << 5) + ((0) << 16))) &&
1981 (registers[operand + 1] == (unsigned)MAKE_FULLINFO(type + 1, 0, 0)((type + 1) + ((0) << 5) + ((0) << 16)))) {
1982 return;
1983 } else {
1984 CCerror(context, "Register pair %d/%d contains wrong type",
1985 operand, operand+1);
1986 }
1987 }
1988 }
1989}
1990
1991
1992/* Make sure the flags contain legitimate values for this instruction.
1993*/
1994
1995static void
1996check_flags(context_type *context, unsigned int inumber)
1997{
1998 instruction_data_type *idata = context->instruction_data;
1999 instruction_data_type *this_idata = &idata[inumber];
2000 int opcode = this_idata->opcode;
2001 switch (opcode) {
2002 case JVM_OPC_return:
2003 /* We need a constructor, but we aren't guaranteed it's called */
2004 if ((this_idata->or_flags & FLAG_NEED_CONSTRUCTOR0x02) &&
2005 !(this_idata->and_flags & FLAG_CONSTRUCTED0x01))
2006 CCerror(context, "Constructor must call super() or this()");
2007 /* fall through */
2008 case JVM_OPC_ireturn: case JVM_OPC_lreturn:
2009 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2010 if (this_idata->or_flags & FLAG_NO_RETURN0x04)
2011 /* This method cannot exit normally */
2012 CCerror(context, "Cannot return normally");
2013 default:
2014 break; /* nothing to do. */
2015 }
2016}
2017
2018/* Make sure that the top of the stack contains reasonable values for the
2019 * given instruction. The post-pop values of the stack and its size are
2020 * returned in *new_stack_info.
2021 */
2022
2023static void
2024pop_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2025{
2026 instruction_data_type *idata = context->instruction_data;
2027 instruction_data_type *this_idata = &idata[inumber];
2028 int opcode = this_idata->opcode;
2029 stack_item_type *stack = this_idata->stack_info.stack;
1
'stack' initialized here
2030 int stack_size = this_idata->stack_info.stack_size;
2031 char *stack_operands, *p;
2032 char buffer[257]; /* for holding manufactured argument lists */
2033 fullinfo_type stack_extra_info_buffer[256]; /* save info popped off stack */
2034 fullinfo_type *stack_extra_info = &stack_extra_info_buffer[256];
2035 fullinfo_type full_info; /* only used in case of invoke instructions */
2036 fullinfo_type put_full_info; /* only used in case JVM_OPC_putstatic and JVM_OPC_putfield */
2037
2038 switch(opcode) {
2
Control jumps to the 'default' case at line 2039
2039 default:
2040 /* For most instructions, we just use a built-in table */
2041 stack_operands = opcode_in_out[opcode][0];
2042 break;
3
 Execution continues on line 2112
2043
2044 case JVM_OPC_putstatic: case JVM_OPC_putfield: {
2045 /* The top thing on the stack depends on the signature of
2046 * the object. */
2047 int operand = this_idata->operand.i;
2048 const char *signature =
2049 JVM_GetCPFieldSignatureUTF(context->env,
2050 context->class,
2051 operand);
2052 char *ip = buffer;
2053 check_and_push(context, signature, VM_STRING_UTF);
2054#ifdef DEBUG1
2055 if (verify_verbose) {
2056 print_formatted_fieldname(context, operand);
2057 }
2058#endif
2059 if (opcode == JVM_OPC_putfield)
2060 *ip++ = 'A'; /* object for putfield */
2061 *ip++ = signature_to_fieldtype(context, &signature, &put_full_info);
2062 *ip = '\0';
2063 stack_operands = buffer;
2064 pop_and_free(context);
2065 break;
2066 }
2067
2068 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2069 case JVM_OPC_invokeinit0x100: /* invokespecial call to <init> */
2070 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2071 /* The top stuff on the stack depends on the method signature */
2072 int operand = this_idata->operand.i;
2073 const char *signature =
2074 JVM_GetCPMethodSignatureUTF(context->env,
2075 context->class,
2076 operand);
2077 char *ip = buffer;
2078 const char *p;
2079 check_and_push(context, signature, VM_STRING_UTF);
2080#ifdef DEBUG1
2081 if (verify_verbose) {
2082 print_formatted_methodname(context, operand);
2083 }
2084#endif
2085 if (opcode != JVM_OPC_invokestatic)
2086 /* First, push the object */
2087 *ip++ = (opcode == JVM_OPC_invokeinit0x100 ? '@' : 'A');
2088 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; ) {
2089 *ip++ = signature_to_fieldtype(context, &p, &full_info);
2090 if (ip >= buffer + sizeof(buffer) - 1)
2091 CCerror(context, "Signature %s has too many arguments",
2092 signature);
2093 }
2094 *ip = 0;
2095 stack_operands = buffer;
2096 pop_and_free(context);
2097 break;
2098 }
2099
2100 case JVM_OPC_multianewarray: {
2101 /* Count can't be larger than 255. So can't overflow buffer */
2102 int count = this_idata->operand2.i; /* number of ints on stack */
2103 memset(buffer, 'I', count);
2104 buffer[count] = '\0';
2105 stack_operands = buffer;
2106 break;
2107 }
2108
2109 } /* of switch */
2110
2111 /* Run through the list of operands >>backwards<< */
2112 for ( p = stack_operands + strlen(stack_operands);
4
Loop condition is true. Entering loop body
2113 p > stack_operands;
2114 stack = stack->next) {
2115 int type = *--p;
2116 fullinfo_type top_type = stack ? stack->item : 0;
5
Assuming 'stack' is null
6
'?' condition is false
2117 int size = (type == 'D' || type == 'L') ? 2 : 1;
7
Assuming the condition is false
8
Assuming the condition is false
9
'?' condition is false
2118 *--stack_extra_info = top_type;
2119 if (stack
9.1
'stack' is equal to NULL
 == NULL((void*)0))
10
Taking true branch
2120 CCerror(context, "Unable to pop operand off an empty stack");
2121
2122 switch (type) {
11
Control jumps to 'case 52:' at line 2279
2123 case 'I':
2124 if (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16)))
2125 CCerror(context, "Expecting to find integer on stack");
2126 break;
2127
2128 case 'F':
2129 if (top_type != MAKE_FULLINFO(ITEM_Float, 0, 0)((ITEM_Float) + ((0) << 5) + ((0) << 16)))
2130 CCerror(context, "Expecting to find float on stack");
2131 break;
2132
2133 case 'A': /* object or array */
2134 if ( (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) != ITEM_Object)
2135 && (GET_INDIRECTION(top_type)(((top_type) & 0xFFFF) >> 5) == 0)) {
2136 /* The thing isn't an object or an array. Let's see if it's
2137 * one of the special cases */
2138 if ( (WITH_ZERO_EXTRA_INFO(top_type)((top_type) & 0xFFFF) ==
2139 MAKE_FULLINFO(ITEM_ReturnAddress, 0, 0)((ITEM_ReturnAddress) + ((0) << 5) + ((0) << 16)))
2140 && (opcode == JVM_OPC_astore))
2141 break;
2142 if ( (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) == ITEM_NewObject
2143 || (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) == ITEM_InitObject))
2144 && ((opcode == JVM_OPC_astore) || (opcode == JVM_OPC_aload)
2145 || (opcode == JVM_OPC_ifnull) || (opcode == JVM_OPC_ifnonnull)))
2146 break;
2147 /* The 2nd edition VM of the specification allows field
2148 * initializations before the superclass initializer,
2149 * if the field is defined within the current class.
2150 */
2151 if ( (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) == ITEM_InitObject)
2152 && (opcode == JVM_OPC_putfield)) {
2153 int operand = this_idata->operand.i;
2154 int access_bits = JVM_GetCPFieldModifiers(context->env,
2155 context->class,
2156 operand,
2157 context->class);
2158 /* Note: This relies on the fact that
2159 * JVM_GetCPFieldModifiers retrieves only local fields,
2160 * and does not respect inheritance.
2161 */
2162 if (access_bits != -1) {
2163 if ( cp_index_to_class_fullinfo(context, operand, JVM_CONSTANT_Fieldref) ==
2164 context->currentclass_info ) {
2165 top_type = context->currentclass_info;
2166 *stack_extra_info = top_type;
2167 break;
2168 }
2169 }
2170 }
2171 CCerror(context, "Expecting to find object/array on stack");
2172 }
2173 break;
2174
2175 case '@': { /* unitialized object, for call to <init> */
2176 int item_type = GET_ITEM_TYPE(top_type)((top_type) & 0x1F);
2177 if (item_type != ITEM_NewObject && item_type != ITEM_InitObject)
2178 CCerror(context,
2179 "Expecting to find unitialized object on stack");
2180 break;
2181 }
2182
2183 case 'O': /* object, not array */
2184 if (WITH_ZERO_EXTRA_INFO(top_type)((top_type) & 0xFFFF) !=
2185 MAKE_FULLINFO(ITEM_Object, 0, 0)((ITEM_Object) + ((0) << 5) + ((0) << 16)))
2186 CCerror(context, "Expecting to find object on stack");
2187 break;
2188
2189 case 'a': /* integer, object, or array */
2190 if ( (top_type != MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16)))
2191 && (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) != ITEM_Object)
2192 && (GET_INDIRECTION(top_type)(((top_type) & 0xFFFF) >> 5) == 0))
2193 CCerror(context,
2194 "Expecting to find object, array, or int on stack");
2195 break;
2196
2197 case 'D': /* double */
2198 if (top_type != MAKE_FULLINFO(ITEM_Double, 0, 0)((ITEM_Double) + ((0) << 5) + ((0) << 16)))
2199 CCerror(context, "Expecting to find double on stack");
2200 break;
2201
2202 case 'L': /* long */
2203 if (top_type != MAKE_FULLINFO(ITEM_Long, 0, 0)((ITEM_Long) + ((0) << 5) + ((0) << 16)))
2204 CCerror(context, "Expecting to find long on stack");
2205 break;
2206
2207 case ']': /* array of some type */
2208 if (top_type == NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16))) {
2209 /* do nothing */
2210 } else switch(p[-1]) {
2211 case 'I': /* array of integers */
2212 if (top_type != MAKE_FULLINFO(ITEM_Integer, 1, 0)((ITEM_Integer) + ((1) << 5) + ((0) << 16)) &&
2213 top_type != NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16)))
2214 CCerror(context,
2215 "Expecting to find array of ints on stack");
2216 break;
2217
2218 case 'L': /* array of longs */
2219 if (top_type != MAKE_FULLINFO(ITEM_Long, 1, 0)((ITEM_Long) + ((1) << 5) + ((0) << 16)))
2220 CCerror(context,
2221 "Expecting to find array of longs on stack");
2222 break;
2223
2224 case 'F': /* array of floats */
2225 if (top_type != MAKE_FULLINFO(ITEM_Float, 1, 0)((ITEM_Float) + ((1) << 5) + ((0) << 16)))
2226 CCerror(context,
2227 "Expecting to find array of floats on stack");
2228 break;
2229
2230 case 'D': /* array of doubles */
2231 if (top_type != MAKE_FULLINFO(ITEM_Double, 1, 0)((ITEM_Double) + ((1) << 5) + ((0) << 16)))
2232 CCerror(context,
2233 "Expecting to find array of doubles on stack");
2234 break;
2235
2236 case 'A': { /* array of addresses (arrays or objects) */
2237 int indirection = GET_INDIRECTION(top_type)(((top_type) & 0xFFFF) >> 5);
2238 if ((indirection == 0) ||
2239 ((indirection == 1) &&
2240 (GET_ITEM_TYPE(top_type)((top_type) & 0x1F) != ITEM_Object)))
2241 CCerror(context,
2242 "Expecting to find array of objects or arrays "
2243 "on stack");
2244 break;
2245 }
2246
2247 case 'B': /* array of bytes or booleans */
2248 if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0)((ITEM_Byte) + ((1) << 5) + ((0) << 16)) &&
2249 top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0)((ITEM_Boolean) + ((1) << 5) + ((0) << 16)))
2250 CCerror(context,
2251 "Expecting to find array of bytes or Booleans on stack");
2252 break;
2253
2254 case 'C': /* array of characters */
2255 if (top_type != MAKE_FULLINFO(ITEM_Char, 1, 0)((ITEM_Char) + ((1) << 5) + ((0) << 16)))
2256 CCerror(context,
2257 "Expecting to find array of chars on stack");
2258 break;
2259
2260 case 'S': /* array of shorts */
2261 if (top_type != MAKE_FULLINFO(ITEM_Short, 1, 0)((ITEM_Short) + ((1) << 5) + ((0) << 16)))
2262 CCerror(context,
2263 "Expecting to find array of shorts on stack");
2264 break;
2265
2266 case '?': /* any type of array is okay */
2267 if (GET_INDIRECTION(top_type)(((top_type) & 0xFFFF) >> 5) == 0)
2268 CCerror(context,
2269 "Expecting to find array on stack");
2270 break;
2271
2272 default:
2273 CCerror(context, "Internal error #1");
2274 break;
2275 }
2276 p -= 2; /* skip over [ <char> */
2277 break;
2278
2279 case '1': case '2': case '3': case '4': /* stack swapping */
2280 if (top_type == MAKE_FULLINFO(ITEM_Double, 0, 0)((ITEM_Double) + ((0) << 5) + ((0) << 16))
12
Taking false branch
2281 || top_type == MAKE_FULLINFO(ITEM_Long, 0, 0)((ITEM_Long) + ((0) << 5) + ((0) << 16))) {
2282 if ((p > stack_operands) && (p[-1] == '+')) {
2283 context->swap_table[type - '1'] = top_type + 1;
2284 context->swap_table[p[-2] - '1'] = top_type;
2285 size = 2;
2286 p -= 2;
2287 } else {
2288 CCerror(context,
2289 "Attempt to split long or double on the stack");
2290 }
2291 } else {
2292 context->swap_table[type - '1'] = stack->item;
13
Access to field 'item' results in a dereference of a null pointer (loaded from variable 'stack')
2293 if ((p > stack_operands) && (p[-1] == '+'))
2294 p--; /* ignore */
2295 }
2296 break;
2297 case '+': /* these should have been caught. */
2298 default:
2299 CCerror(context, "Internal error #2");
2300 }
2301 stack_size -= size;
2302 }
2303
2304 /* For many of the opcodes that had an "A" in their field, we really
2305 * need to go back and do a little bit more accurate testing. We can, of
2306 * course, assume that the minimal type checking has already been done.
2307 */
2308 switch (opcode) {
2309 default: break;
2310 case JVM_OPC_aastore: { /* array index object */
2311 fullinfo_type array_type = stack_extra_info[0];
2312 fullinfo_type object_type = stack_extra_info[2];
2313 fullinfo_type target_type = decrement_indirection(array_type);
2314 if ((GET_ITEM_TYPE(object_type)((object_type) & 0x1F) != ITEM_Object)
2315 && (GET_INDIRECTION(object_type)(((object_type) & 0xFFFF) >> 5) == 0)) {
2316 CCerror(context, "Expecting reference type on operand stack in aastore");
2317 }
2318 if ((GET_ITEM_TYPE(target_type)((target_type) & 0x1F) != ITEM_Object)
2319 && (GET_INDIRECTION(target_type)(((target_type) & 0xFFFF) >> 5) == 0)) {
2320 CCerror(context, "Component type of the array must be reference type in aastore");
2321 }
2322 break;
2323 }
2324
2325 case JVM_OPC_putfield:
2326 case JVM_OPC_getfield:
2327 case JVM_OPC_putstatic: {
2328 int operand = this_idata->operand.i;
2329 fullinfo_type stack_object = stack_extra_info[0];
2330 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_getfield) {
2331 if (!isAssignableTo
2332 (context,
2333 stack_object,
2334 cp_index_to_class_fullinfo
2335 (context, operand, JVM_CONSTANT_Fieldref))) {
2336 CCerror(context,
2337 "Incompatible type for getting or setting field");
2338 }
2339 if (this_idata->protected &&
2340 !isAssignableTo(context, stack_object,
2341 context->currentclass_info)) {
2342 CCerror(context, "Bad access to protected data");
2343 }
2344 }
2345 if (opcode == JVM_OPC_putfield || opcode == JVM_OPC_putstatic) {
2346 int item = (opcode == JVM_OPC_putfield ? 1 : 0);
2347 if (!isAssignableTo(context,
2348 stack_extra_info[item], put_full_info)) {
2349 CCerror(context, "Bad type in putfield/putstatic");
2350 }
2351 }
2352 break;
2353 }
2354
2355 case JVM_OPC_athrow:
2356 if (!isAssignableTo(context, stack_extra_info[0],
2357 context->throwable_info)) {
2358 CCerror(context, "Can only throw Throwable objects");
2359 }
2360 break;
2361
2362 case JVM_OPC_aaload: { /* array index */
2363 /* We need to pass the information to the stack updater */
2364 fullinfo_type array_type = stack_extra_info[0];
2365 context->swap_table[0] = decrement_indirection(array_type);
2366 break;
2367 }
2368
2369 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2370 case JVM_OPC_invokeinit0x100:
2371 case JVM_OPC_invokeinterface: case JVM_OPC_invokestatic: {
2372 int operand = this_idata->operand.i;
2373 const char *signature =
2374 JVM_GetCPMethodSignatureUTF(context->env,
2375 context->class,
2376 operand);
2377 int item;
2378 const char *p;
2379 check_and_push(context, signature, VM_STRING_UTF);
2380 if (opcode == JVM_OPC_invokestatic) {
2381 item = 0;
2382 } else if (opcode == JVM_OPC_invokeinit0x100) {
2383 fullinfo_type init_type = this_idata->operand2.fi;
2384 fullinfo_type object_type = stack_extra_info[0];
2385 context->swap_table[0] = object_type; /* save value */
2386 if (GET_ITEM_TYPE(stack_extra_info[0])((stack_extra_info[0]) & 0x1F) == ITEM_NewObject) {
2387 /* We better be calling the appropriate init. Find the
2388 * inumber of the "JVM_OPC_new" instruction", and figure
2389 * out what the type really is.
2390 */
2391 unsigned int new_inumber = GET_EXTRA_INFO(stack_extra_info[0])((stack_extra_info[0]) >> 16);
2392 fullinfo_type target_type = idata[new_inumber].operand2.fi;
2393 context->swap_table[1] = target_type;
2394
2395 if (target_type != init_type) {
2396 CCerror(context, "Call to wrong initialization method");
2397 }
2398 if (this_idata->protected
2399 && !isAssignableTo(context, object_type,
2400 context->currentclass_info)) {
2401 CCerror(context, "Bad access to protected data");
2402 }
2403 } else {
2404 /* We better be calling super() or this(). */
2405 if (init_type != context->superclass_info &&
2406 init_type != context->currentclass_info) {
2407 CCerror(context, "Call to wrong initialization method");
2408 }
2409 context->swap_table[1] = context->currentclass_info;
2410 }
2411 item = 1;
2412 } else {
2413 fullinfo_type target_type = this_idata->operand2.fi;
2414 fullinfo_type object_type = stack_extra_info[0];
2415 if (!isAssignableTo(context, object_type, target_type)){
2416 CCerror(context,
2417 "Incompatible object argument for function call");
2418 }
2419 if (opcode == JVM_OPC_invokespecial
2420 && !isAssignableTo(context, object_type,
2421 context->currentclass_info)) {
2422 /* Make sure object argument is assignment compatible to current class */
2423 CCerror(context,
2424 "Incompatible object argument for invokespecial");
2425 }
2426 if (this_idata->protected
2427 && !isAssignableTo(context, object_type,
2428 context->currentclass_info)) {
2429 /* This is ugly. Special dispensation. Arrays pretend to
2430 implement public Object clone() even though they don't */
2431 const char *utfName =
2432 JVM_GetCPMethodNameUTF(context->env,
2433 context->class,
2434 this_idata->operand.i);
2435 int is_clone = utfName && (strcmp(utfName, "clone") == 0);
2436 JVM_ReleaseUTF(utfName);
2437
2438 if ((target_type == context->object_info) &&
2439 (GET_INDIRECTION(object_type)(((object_type) & 0xFFFF) >> 5) > 0) &&
2440 is_clone) {
2441 } else {
2442 CCerror(context, "Bad access to protected data");
2443 }
2444 }
2445 item = 1;
2446 }
2447 for (p = signature + 1; *p != JVM_SIGNATURE_ENDFUNC; item++)
2448 if (signature_to_fieldtype(context, &p, &full_info) == 'A') {
2449 if (!isAssignableTo(context,
2450 stack_extra_info[item], full_info)) {
2451 CCerror(context, "Incompatible argument to function");
2452 }
2453 }
2454
2455 pop_and_free(context);
2456 break;
2457 }
2458
2459 case JVM_OPC_return:
2460 if (context->return_type != MAKE_FULLINFO(ITEM_Void, 0, 0)((ITEM_Void) + ((0) << 5) + ((0) << 16)))
2461 CCerror(context, "Wrong return type in function");
2462 break;
2463
2464 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_freturn:
2465 case JVM_OPC_dreturn: case JVM_OPC_areturn: {
2466 fullinfo_type target_type = context->return_type;
2467 fullinfo_type object_type = stack_extra_info[0];
2468 if (!isAssignableTo(context, object_type, target_type)) {
2469 CCerror(context, "Wrong return type in function");
2470 }
2471 break;
2472 }
2473
2474 case JVM_OPC_new: {
2475 /* Make sure that nothing on the stack already looks like what
2476 * we want to create. I can't image how this could possibly happen
2477 * but we should test for it anyway, since if it could happen, the
2478 * result would be an unitialized object being able to masquerade
2479 * as an initialized one.
2480 */
2481 stack_item_type *item;
2482 for (item = stack; item != NULL((void*)0); item = item->next) {
2483 if (item->item == this_idata->operand.fi) {
2484 CCerror(context,
2485 "Uninitialized object on stack at creating point");
2486 }
2487 }
2488 /* Info for update_registers */
2489 context->swap_table[0] = this_idata->operand.fi;
2490 context->swap_table[1] = MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
2491
2492 break;
2493 }
2494 }
2495 new_stack_info->stack = stack;
2496 new_stack_info->stack_size = stack_size;
2497}
2498
2499
2500/* We've already determined that the instruction is legal. Perform the
2501 * operation on the registers, and return the updated results in
2502 * new_register_count_p and new_registers.
2503 */
2504
2505static void
2506update_registers(context_type *context, unsigned int inumber,
2507 register_info_type *new_register_info)
2508{
2509 instruction_data_type *idata = context->instruction_data;
2510 instruction_data_type *this_idata = &idata[inumber];
2511 int opcode = this_idata->opcode;
2512 int operand = this_idata->operand.i;
2513 int register_count = this_idata->register_info.register_count;
2514 fullinfo_type *registers = this_idata->register_info.registers;
2515 stack_item_type *stack = this_idata->stack_info.stack;
2516 int mask_count = this_idata->register_info.mask_count;
2517 mask_type *masks = this_idata->register_info.masks;
2518
2519 /* Use these as default new values. */
2520 int new_register_count = register_count;
2521 int new_mask_count = mask_count;
2522 fullinfo_type *new_registers = registers;
2523 mask_type *new_masks = masks;
2524
2525 enum { ACCESS_NONE, ACCESS_SINGLE, ACCESS_DOUBLE } access = ACCESS_NONE;
2526 int i;
2527
2528 /* Remember, we've already verified the type at the top of the stack. */
2529 switch (opcode) {
2530 default: break;
2531 case JVM_OPC_istore: case JVM_OPC_fstore: case JVM_OPC_astore:
2532 access = ACCESS_SINGLE;
2533 goto continue_store;
2534
2535 case JVM_OPC_lstore: case JVM_OPC_dstore:
2536 access = ACCESS_DOUBLE;
2537 goto continue_store;
2538
2539 continue_store: {
2540 /* We have a modification to the registers. Copy them if needed. */
2541 fullinfo_type stack_top_type = stack->item;
2542 int max_operand = operand + ((access == ACCESS_DOUBLE) ? 1 : 0);
2543
2544 if ( max_operand < register_count
2545 && registers[operand] == stack_top_type
2546 && ((access == ACCESS_SINGLE) ||
2547 (registers[operand + 1]== stack_top_type + 1)))
2548 /* No changes have been made to the registers. */
2549 break;
2550 new_register_count = MAX(max_operand + 1, register_count)((max_operand + 1) > (register_count) ? (max_operand + 1) :
(register_count));
2551 new_registers = NEW(fullinfo_type, new_register_count)((fullinfo_type *)CCalloc(context, (new_register_count)*(sizeof
(fullinfo_type)), 0));
2552 for (i = 0; i < register_count; i++)
2553 new_registers[i] = registers[i];
2554 for (i = register_count; i < new_register_count; i++)
2555 new_registers[i] = MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
2556 new_registers[operand] = stack_top_type;
2557 if (access == ACCESS_DOUBLE)
2558 new_registers[operand + 1] = stack_top_type + 1;
2559 break;
2560 }
2561
2562 case JVM_OPC_iload: case JVM_OPC_fload: case JVM_OPC_aload:
2563 case JVM_OPC_iinc: case JVM_OPC_ret:
2564 access = ACCESS_SINGLE;
2565 break;
2566
2567 case JVM_OPC_lload: case JVM_OPC_dload:
2568 access = ACCESS_DOUBLE;
2569 break;
2570
2571 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2572 for (i = 0; i < new_mask_count; i++)
2573 if (new_masks[i].entry == operand)
2574 CCerror(context, "Recursive call to jsr entry");
2575 new_masks = add_to_masks(context, masks, mask_count, operand);
2576 new_mask_count++;
2577 break;
2578
2579 case JVM_OPC_invokeinit0x100:
2580 case JVM_OPC_new: {
2581 /* For invokeinit, an uninitialized object has been initialized.
2582 * For new, all previous occurrences of an uninitialized object
2583 * from the same instruction must be made bogus.
2584 * We find all occurrences of swap_table[0] in the registers, and
2585 * replace them with swap_table[1];
2586 */
2587 fullinfo_type from = context->swap_table[0];
2588 fullinfo_type to = context->swap_table[1];
2589
2590 int i;
2591 for (i = 0; i < register_count; i++) {
2592 if (new_registers[i] == from) {
2593 /* Found a match */
2594 break;
2595 }
2596 }
2597 if (i < register_count) { /* We broke out loop for match */
2598 /* We have to change registers, and possibly a mask */
2599 jboolean copied_mask = JNI_FALSE0;
2600 int k;
2601 new_registers = NEW(fullinfo_type, register_count)((fullinfo_type *)CCalloc(context, (register_count)*(sizeof(fullinfo_type
)), 0));
2602 memcpy(new_registers, registers,
2603 register_count * sizeof(registers[0]));
2604 for ( ; i < register_count; i++) {
2605 if (new_registers[i] == from) {
2606 new_registers[i] = to;
2607 for (k = 0; k < new_mask_count; k++) {
2608 if (!IS_BIT_SET(new_masks[k].modifies, i)(new_masks[k].modifies[(i)/(8 * sizeof(int)/sizeof(char))] &
((unsigned)1 << ((i) % (8 * sizeof(int)/sizeof(char)))
))) {
2609 if (!copied_mask) {
2610 new_masks = copy_masks(context, new_masks,
2611 mask_count);
2612 copied_mask = JNI_TRUE1;
2613 }
2614 SET_BIT(new_masks[k].modifies, i)(new_masks[k].modifies[(i)/(8 * sizeof(int)/sizeof(char))] |=
((unsigned)1 << ((i) % (8 * sizeof(int)/sizeof(char)))
));
2615 }
2616 }
2617 }
2618 }
2619 }
2620 break;
2621 }
2622 } /* of switch */
2623
2624 if ((access != ACCESS_NONE) && (new_mask_count > 0)) {
2625 int i, j;
2626 for (i = 0; i < new_mask_count; i++) {
2627 int *mask = new_masks[i].modifies;
2628 if ((!IS_BIT_SET(mask, operand)(mask[(operand)/(8 * sizeof(int)/sizeof(char))] & ((unsigned
)1 << ((operand) % (8 * sizeof(int)/sizeof(char)))))) ||
2629 ((access == ACCESS_DOUBLE) &&
2630 !IS_BIT_SET(mask, operand + 1)(mask[(operand + 1)/(8 * sizeof(int)/sizeof(char))] & ((unsigned
)1 << ((operand + 1) % (8 * sizeof(int)/sizeof(char))))
))) {
2631 new_masks = copy_masks(context, new_masks, mask_count);
2632 for (j = i; j < new_mask_count; j++) {
2633 SET_BIT(new_masks[j].modifies, operand)(new_masks[j].modifies[(operand)/(8 * sizeof(int)/sizeof(char
))] |= ((unsigned)1 << ((operand) % (8 * sizeof(int)/sizeof
(char)))));
2634 if (access == ACCESS_DOUBLE)
2635 SET_BIT(new_masks[j].modifies, operand + 1)(new_masks[j].modifies[(operand + 1)/(8 * sizeof(int)/sizeof(
char))] |= ((unsigned)1 << ((operand + 1) % (8 * sizeof
(int)/sizeof(char)))));
2636 }
2637 break;
2638 }
2639 }
2640 }
2641
2642 new_register_info->register_count = new_register_count;
2643 new_register_info->registers = new_registers;
2644 new_register_info->masks = new_masks;
2645 new_register_info->mask_count = new_mask_count;
2646}
2647
2648
2649
2650/* We've already determined that the instruction is legal, and have updated
2651 * the registers. Update the flags, too.
2652 */
2653
2654
2655static void
2656update_flags(context_type *context, unsigned int inumber,
2657 flag_type *new_and_flags, flag_type *new_or_flags)
2658
2659{
2660 instruction_data_type *idata = context->instruction_data;
2661 instruction_data_type *this_idata = &idata[inumber];
2662 flag_type and_flags = this_idata->and_flags;
2663 flag_type or_flags = this_idata->or_flags;
2664
2665 /* Set the "we've done a constructor" flag */
2666 if (this_idata->opcode == JVM_OPC_invokeinit0x100) {
2667 fullinfo_type from = context->swap_table[0];
2668 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0)((ITEM_InitObject) + ((0) << 5) + ((0) << 16)))
2669 and_flags |= FLAG_CONSTRUCTED0x01;
2670 }
2671 *new_and_flags = and_flags;
2672 *new_or_flags = or_flags;
2673}
2674
2675
2676
2677/* We've already determined that the instruction is legal. Perform the
2678 * operation on the stack;
2679 *
2680 * new_stack_size_p and new_stack_p point to the results after the pops have
2681 * already been done. Do the pushes, and then put the results back there.
2682 */
2683
2684static void
2685push_stack(context_type *context, unsigned int inumber, stack_info_type *new_stack_info)
2686{
2687 instruction_data_type *idata = context->instruction_data;
2688 instruction_data_type *this_idata = &idata[inumber];
2689 int opcode = this_idata->opcode;
2690 int operand = this_idata->operand.i;
2691
2692 int stack_size = new_stack_info->stack_size;
2693 stack_item_type *stack = new_stack_info->stack;
2694 char *stack_results;
2695
2696 fullinfo_type full_info = 0;
2697 char buffer[5], *p; /* actually [2] is big enough */
2698
2699 /* We need to look at all those opcodes in which either we can't tell the
2700 * value pushed onto the stack from the opcode, or in which the value
2701 * pushed onto the stack is an object or array. For the latter, we need
2702 * to make sure that full_info is set to the right value.
2703 */
2704 switch(opcode) {
2705 default:
2706 stack_results = opcode_in_out[opcode][1];
2707 break;
2708
2709 case JVM_OPC_ldc: case JVM_OPC_ldc_w: case JVM_OPC_ldc2_w: {
2710 /* Look to constant pool to determine correct result. */
2711 unsigned char *type_table = context->constant_types;
2712 switch (type_table[operand]) {
2713 case JVM_CONSTANT_Integer:
2714 stack_results = "I"; break;
2715 case JVM_CONSTANT_Float:
2716 stack_results = "F"; break;
2717 case JVM_CONSTANT_Double:
2718 stack_results = "D"; break;
2719 case JVM_CONSTANT_Long:
2720 stack_results = "L"; break;
2721 case JVM_CONSTANT_String:
2722 stack_results = "A";
2723 full_info = context->string_info;
2724 break;
2725 case JVM_CONSTANT_Class:
2726 if (context->major_version < LDC_CLASS_MAJOR_VERSION49)
2727 CCerror(context, "Internal error #3");
2728 stack_results = "A";
2729 full_info = make_class_info_from_name(context,
2730 "java/lang/Class");
2731 break;
2732 case JVM_CONSTANT_MethodHandle:
2733 case JVM_CONSTANT_MethodType:
2734 if (context->major_version < LDC_METHOD_HANDLE_MAJOR_VERSION51)
2735 CCerror(context, "Internal error #3");
2736 stack_results = "A";
2737 switch (type_table[operand]) {
2738 case JVM_CONSTANT_MethodType:
2739 full_info = make_class_info_from_name(context,
2740 "java/lang/invoke/MethodType");
2741 break;
2742 default: //JVM_CONSTANT_MethodHandle
2743 full_info = make_class_info_from_name(context,
2744 "java/lang/invoke/MethodHandle");
2745 break;
2746 }
2747 break;
2748 default:
2749 CCerror(context, "Internal error #3");
2750 stack_results = ""; /* Never reached: keep lint happy */
2751 }
2752 break;
2753 }
2754
2755 case JVM_OPC_getstatic: case JVM_OPC_getfield: {
2756 /* Look to signature to determine correct result. */
2757 int operand = this_idata->operand.i;
2758 const char *signature = JVM_GetCPFieldSignatureUTF(context->env,
2759 context->class,
2760 operand);
2761 check_and_push(context, signature, VM_STRING_UTF);
2762#ifdef DEBUG1
2763 if (verify_verbose) {
2764 print_formatted_fieldname(context, operand);
2765 }
2766#endif
2767 buffer[0] = signature_to_fieldtype(context, &signature, &full_info);
2768 buffer[1] = '\0';
2769 stack_results = buffer;
2770 pop_and_free(context);
2771 break;
2772 }
2773
2774 case JVM_OPC_invokevirtual: case JVM_OPC_invokespecial:
2775 case JVM_OPC_invokeinit0x100:
2776 case JVM_OPC_invokestatic: case JVM_OPC_invokeinterface: {
2777 /* Look to signature to determine correct result. */
2778 int operand = this_idata->operand.i;
2779 const char *signature = JVM_GetCPMethodSignatureUTF(context->env,
2780 context->class,
2781 operand);
2782 const char *result_signature;
2783 check_and_push(context, signature, VM_STRING_UTF);
2784 result_signature = get_result_signature(signature);
2785 if (result_signature++ == NULL((void*)0)) {
2786 CCerror(context, "Illegal signature %s", signature);
2787 }
2788 if (result_signature[0] == JVM_SIGNATURE_VOID) {
2789 stack_results = "";
2790 } else {
2791 buffer[0] = signature_to_fieldtype(context, &result_signature,
2792 &full_info);
2793 buffer[1] = '\0';
2794 stack_results = buffer;
2795 }
2796 pop_and_free(context);
2797 break;
2798 }
2799
2800 case JVM_OPC_aconst_null:
2801 stack_results = opcode_in_out[opcode][1];
2802 full_info = NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16)); /* special NULL */
2803 break;
2804
2805 case JVM_OPC_new:
2806 case JVM_OPC_checkcast:
2807 case JVM_OPC_newarray:
2808 case JVM_OPC_anewarray:
2809 case JVM_OPC_multianewarray:
2810 stack_results = opcode_in_out[opcode][1];
2811 /* Conveniently, this result type is stored here */
2812 full_info = this_idata->operand.fi;
2813 break;
2814
2815 case JVM_OPC_aaload:
2816 stack_results = opcode_in_out[opcode][1];
2817 /* pop_stack() saved value for us. */
2818 full_info = context->swap_table[0];
2819 break;
2820
2821 case JVM_OPC_aload:
2822 stack_results = opcode_in_out[opcode][1];
2823 /* The register hasn't been modified, so we can use its value. */
2824 full_info = this_idata->register_info.registers[operand];
2825 break;
2826 } /* of switch */
2827
2828 for (p = stack_results; *p != 0; p++) {
2829 int type = *p;
2830 stack_item_type *new_item = NEW(stack_item_type, 1)((stack_item_type *)CCalloc(context, (1)*(sizeof(stack_item_type
)), 0));
2831 new_item->next = stack;
2832 stack = new_item;
2833 switch (type) {
2834 case 'I':
2835 stack->item = MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16)); break;
2836 case 'F':
2837 stack->item = MAKE_FULLINFO(ITEM_Float, 0, 0)((ITEM_Float) + ((0) << 5) + ((0) << 16)); break;
2838 case 'D':
2839 stack->item = MAKE_FULLINFO(ITEM_Double, 0, 0)((ITEM_Double) + ((0) << 5) + ((0) << 16));
2840 stack_size++; break;
2841 case 'L':
2842 stack->item = MAKE_FULLINFO(ITEM_Long, 0, 0)((ITEM_Long) + ((0) << 5) + ((0) << 16));
2843 stack_size++; break;
2844 case 'R':
2845 stack->item = MAKE_FULLINFO(ITEM_ReturnAddress, 0, operand)((ITEM_ReturnAddress) + ((0) << 5) + ((operand) <<
16));
2846 break;
2847 case '1': case '2': case '3': case '4': {
2848 /* Get the info saved in the swap_table */
2849 fullinfo_type stype = context->swap_table[type - '1'];
2850 stack->item = stype;
2851 if (stype == MAKE_FULLINFO(ITEM_Long, 0, 0)((ITEM_Long) + ((0) << 5) + ((0) << 16)) ||
2852 stype == MAKE_FULLINFO(ITEM_Double, 0, 0)((ITEM_Double) + ((0) << 5) + ((0) << 16))) {
2853 stack_size++; p++;
2854 }
2855 break;
2856 }
2857 case 'A':
2858 /* full_info should have the appropriate value. */
2859 assert(full_info != 0)((full_info != 0) ? (void) (0) : __assert_fail ("full_info != 0"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 2859, __extension__ __PRETTY_FUNCTION__));
2860 stack->item = full_info;
2861 break;
2862 default:
2863 CCerror(context, "Internal error #4");
2864
2865 } /* switch type */
2866 stack_size++;
2867 } /* outer for loop */
2868
2869 if (opcode == JVM_OPC_invokeinit0x100) {
2870 /* If there are any instances of "from" on the stack, we need to
2871 * replace it with "to", since calling <init> initializes all versions
2872 * of the object, obviously. */
2873 fullinfo_type from = context->swap_table[0];
2874 stack_item_type *ptr;
2875 for (ptr = stack; ptr != NULL((void*)0); ptr = ptr->next) {
2876 if (ptr->item == from) {
2877 fullinfo_type to = context->swap_table[1];
2878 stack = copy_stack(context, stack);
2879 for (ptr = stack; ptr != NULL((void*)0); ptr = ptr->next)
2880 if (ptr->item == from) ptr->item = to;
2881 break;
2882 }
2883 }
2884 }
2885
2886 new_stack_info->stack_size = stack_size;
2887 new_stack_info->stack = stack;
2888}
2889
2890
2891/* We've performed an instruction, and determined the new registers and stack
2892 * value. Look at all of the possibly subsequent instructions, and merge
2893 * this stack value into theirs.
2894 */
2895
2896static void
2897merge_into_successors(context_type *context, unsigned int inumber,
2898 register_info_type *register_info,
2899 stack_info_type *stack_info,
2900 flag_type and_flags, flag_type or_flags)
2901{
2902 instruction_data_type *idata = context->instruction_data;
2903 instruction_data_type *this_idata = &idata[inumber];
2904 int opcode = this_idata->opcode;
2905 int operand = this_idata->operand.i;
2906 struct handler_info_type *handler_info = context->handler_info;
2907 int handler_info_length =
2908 JVM_GetMethodIxExceptionTableLength(context->env,
2909 context->class,
2910 context->method_index);
2911
2912
2913 int buffer[2]; /* default value for successors */
2914 int *successors = buffer; /* table of successors */
2915 int successors_count;
2916 int i;
2917
2918 switch (opcode) {
2919 default:
2920 successors_count = 1;
2921 buffer[0] = inumber + 1;
2922 break;
2923
2924 case JVM_OPC_ifeq: case JVM_OPC_ifne: case JVM_OPC_ifgt:
2925 case JVM_OPC_ifge: case JVM_OPC_iflt: case JVM_OPC_ifle:
2926 case JVM_OPC_ifnull: case JVM_OPC_ifnonnull:
2927 case JVM_OPC_if_icmpeq: case JVM_OPC_if_icmpne: case JVM_OPC_if_icmpgt:
2928 case JVM_OPC_if_icmpge: case JVM_OPC_if_icmplt: case JVM_OPC_if_icmple:
2929 case JVM_OPC_if_acmpeq: case JVM_OPC_if_acmpne:
2930 successors_count = 2;
2931 buffer[0] = inumber + 1;
2932 buffer[1] = operand;
2933 break;
2934
2935 case JVM_OPC_jsr: case JVM_OPC_jsr_w:
2936 if (this_idata->operand2.i != UNKNOWN_RET_INSTRUCTION-1)
2937 idata[this_idata->operand2.i].changed = JNI_TRUE1;
2938 /* FALLTHROUGH */
2939 case JVM_OPC_goto: case JVM_OPC_goto_w:
2940 successors_count = 1;
2941 buffer[0] = operand;
2942 break;
2943
2944
2945 case JVM_OPC_ireturn: case JVM_OPC_lreturn: case JVM_OPC_return:
2946 case JVM_OPC_freturn: case JVM_OPC_dreturn: case JVM_OPC_areturn:
2947 case JVM_OPC_athrow:
2948 /* The testing for the returns is handled in pop_stack() */
2949 successors_count = 0;
2950 break;
2951
2952 case JVM_OPC_ret: {
2953 /* This is slightly slow, but good enough for a seldom used instruction.
2954 * The EXTRA_ITEM_INFO of the ITEM_ReturnAddress indicates the
2955 * address of the first instruction of the subroutine. We can return
2956 * to 1 after any instruction that jsr's to that instruction.
2957 */
2958 if (this_idata->operand2.ip == NULL((void*)0)) {
2959 fullinfo_type *registers = this_idata->register_info.registers;
2960 int called_instruction = GET_EXTRA_INFO(registers[operand])((registers[operand]) >> 16);
2961 int i, count, *ptr;;
2962 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2963 if (((idata[i].opcode == JVM_OPC_jsr) ||
2964 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2965 (idata[i].operand.i == called_instruction))
2966 count++;
2967 }
2968 this_idata->operand2.ip = ptr = NEW(int, count + 1)((int *)CCalloc(context, (count + 1)*(sizeof(int)), 0));
2969 *ptr++ = count;
2970 for (i = context->instruction_count, count = 0; --i >= 0; ) {
2971 if (((idata[i].opcode == JVM_OPC_jsr) ||
2972 (idata[i].opcode == JVM_OPC_jsr_w)) &&
2973 (idata[i].operand.i == called_instruction))
2974 *ptr++ = i + 1;
2975 }
2976 }
2977 successors = this_idata->operand2.ip; /* use this instead */
2978 successors_count = *successors++;
2979 break;
2980
2981 }
2982
2983 case JVM_OPC_tableswitch:
2984 case JVM_OPC_lookupswitch:
2985 successors = this_idata->operand.ip; /* use this instead */
2986 successors_count = *successors++;
2987 break;
2988 }
2989
2990#ifdef DEBUG1
2991 if (verify_verbose) {
2992 jio_fprintf(stdoutstdout, " [");
2993 for (i = handler_info_length; --i >= 0; handler_info++)
2994 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber)
2995 jio_fprintf(stdoutstdout, "%d* ", handler_info->handler);
2996 for (i = 0; i < successors_count; i++)
2997 jio_fprintf(stdoutstdout, "%d ", successors[i]);
2998 jio_fprintf(stdoutstdout, "]\n");
2999 }
3000#endif
3001
3002 handler_info = context->handler_info;
3003 for (i = handler_info_length; --i >= 0; handler_info++) {
3004 if (handler_info->start <= (int)inumber && handler_info->end > (int)inumber) {
3005 int handler = handler_info->handler;
3006 if (opcode != JVM_OPC_invokeinit0x100) {
3007 merge_into_one_successor(context, inumber, handler,
3008 &this_idata->register_info, /* old */
3009 &handler_info->stack_info,
3010 (flag_type) (and_flags
3011 & this_idata->and_flags),
3012 (flag_type) (or_flags
3013 | this_idata->or_flags),
3014 JNI_TRUE1);
3015 } else {
3016 /* We need to be a little bit more careful with this
3017 * instruction. Things could either be in the state before
3018 * the instruction or in the state afterwards */
3019 fullinfo_type from = context->swap_table[0];
3020 flag_type temp_or_flags = or_flags;
3021 if (from == MAKE_FULLINFO(ITEM_InitObject, 0, 0)((ITEM_InitObject) + ((0) << 5) + ((0) << 16)))
3022 temp_or_flags |= FLAG_NO_RETURN0x04;
3023 merge_into_one_successor(context, inumber, handler,
3024 &this_idata->register_info, /* old */
3025 &handler_info->stack_info,
3026 this_idata->and_flags,
3027 this_idata->or_flags,
3028 JNI_TRUE1);
3029 merge_into_one_successor(context, inumber, handler,
3030 register_info,
3031 &handler_info->stack_info,
3032 and_flags, temp_or_flags, JNI_TRUE1);
3033 }
3034 }
3035 }
3036 for (i = 0; i < successors_count; i++) {
3037 int target = successors[i];
3038 if (target >= context->instruction_count)
3039 CCerror(context, "Falling off the end of the code");
3040 merge_into_one_successor(context, inumber, target,
3041 register_info, stack_info, and_flags, or_flags,
3042 JNI_FALSE0);
3043 }
3044}
3045
3046/* We have a new set of registers and stack values for a given instruction.
3047 * Merge this new set into the values that are already there.
3048 */
3049
3050static void
3051merge_into_one_successor(context_type *context,
3052 unsigned int from_inumber, unsigned int to_inumber,
3053 register_info_type *new_register_info,
3054 stack_info_type *new_stack_info,
3055 flag_type new_and_flags, flag_type new_or_flags,
3056 jboolean isException)
3057{
3058 instruction_data_type *idata = context->instruction_data;
3059 register_info_type register_info_buf;
3060 stack_info_type stack_info_buf;
3061#ifdef DEBUG1
3062 instruction_data_type *this_idata = &idata[to_inumber];
3063 register_info_type old_reg_info;
3064 stack_info_type old_stack_info;
3065 flag_type old_and_flags = 0;
3066 flag_type old_or_flags = 0;
3067#endif
3068
3069#ifdef DEBUG1
3070 if (verify_verbose) {
3071 old_reg_info = this_idata->register_info;
3072 old_stack_info = this_idata->stack_info;
3073 old_and_flags = this_idata->and_flags;
3074 old_or_flags = this_idata->or_flags;
3075 }
3076#endif
3077
3078 /* All uninitialized objects are set to "bogus" when jsr and
3079 * ret are executed. Thus uninitialized objects can't propagate
3080 * into or out of a subroutine.
3081 */
3082 if (idata[from_inumber].opcode == JVM_OPC_ret ||
3083 idata[from_inumber].opcode == JVM_OPC_jsr ||
3084 idata[from_inumber].opcode == JVM_OPC_jsr_w) {
3085 int new_register_count = new_register_info->register_count;
3086 fullinfo_type *new_registers = new_register_info->registers;
3087 int i;
3088 stack_item_type *item;
3089
3090 for (item = new_stack_info->stack; item != NULL((void*)0); item = item->next) {
3091 if (GET_ITEM_TYPE(item->item)((item->item) & 0x1F) == ITEM_NewObject) {
3092 /* This check only succeeds for hand-contrived code.
3093 * Efficiency is not an issue.
3094 */
3095 stack_info_buf.stack = copy_stack(context,
3096 new_stack_info->stack);
3097 stack_info_buf.stack_size = new_stack_info->stack_size;
3098 new_stack_info = &stack_info_buf;
3099 for (item = new_stack_info->stack; item != NULL((void*)0);
3100 item = item->next) {
3101 if (GET_ITEM_TYPE(item->item)((item->item) & 0x1F) == ITEM_NewObject) {
3102 item->item = MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3103 }
3104 }
3105 break;
3106 }
3107 }
3108 for (i = 0; i < new_register_count; i++) {
3109 if (GET_ITEM_TYPE(new_registers[i])((new_registers[i]) & 0x1F) == ITEM_NewObject) {
3110 /* This check only succeeds for hand-contrived code.
3111 * Efficiency is not an issue.
3112 */
3113 fullinfo_type *new_set = NEW(fullinfo_type,((fullinfo_type *)CCalloc(context, (new_register_count)*(sizeof
(fullinfo_type)), 0))
3114 new_register_count)((fullinfo_type *)CCalloc(context, (new_register_count)*(sizeof
(fullinfo_type)), 0));
3115 for (i = 0; i < new_register_count; i++) {
3116 fullinfo_type t = new_registers[i];
3117 new_set[i] = GET_ITEM_TYPE(t)((t) & 0x1F) != ITEM_NewObject ?
3118 t : MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3119 }
3120 register_info_buf.register_count = new_register_count;
3121 register_info_buf.registers = new_set;
3122 register_info_buf.mask_count = new_register_info->mask_count;
3123 register_info_buf.masks = new_register_info->masks;
3124 new_register_info = &register_info_buf;
3125 break;
3126 }
3127 }
3128 }
3129
3130 /* Returning from a subroutine is somewhat ugly. The actual thing
3131 * that needs to get merged into the new instruction is a joining
3132 * of info from the ret instruction with stuff in the jsr instruction
3133 */
3134 if (idata[from_inumber].opcode == JVM_OPC_ret && !isException) {
3135 int new_register_count = new_register_info->register_count;
3136 fullinfo_type *new_registers = new_register_info->registers;
3137 int new_mask_count = new_register_info->mask_count;
3138 mask_type *new_masks = new_register_info->masks;
3139 int operand = idata[from_inumber].operand.i;
3140 int called_instruction = GET_EXTRA_INFO(new_registers[operand])((new_registers[operand]) >> 16);
3141 instruction_data_type *jsr_idata = &idata[to_inumber - 1];
3142 register_info_type *jsr_reginfo = &jsr_idata->register_info;
3143 if (jsr_idata->operand2.i != (int)from_inumber) {
3144 if (jsr_idata->operand2.i != UNKNOWN_RET_INSTRUCTION-1)
3145 CCerror(context, "Multiple returns to single jsr");
3146 jsr_idata->operand2.i = from_inumber;
3147 }
3148 if (jsr_reginfo->register_count == UNKNOWN_REGISTER_COUNT-1) {
3149 /* We don't want to handle the returned-to instruction until
3150 * we've dealt with the jsr instruction. When we get to the
3151 * jsr instruction (if ever), we'll re-mark the ret instruction
3152 */
3153 ;
3154 } else {
3155 int register_count = jsr_reginfo->register_count;
3156 fullinfo_type *registers = jsr_reginfo->registers;
3157 int max_registers = MAX(register_count, new_register_count)((register_count) > (new_register_count) ? (register_count
) : (new_register_count));
3158 fullinfo_type *new_set = NEW(fullinfo_type, max_registers)((fullinfo_type *)CCalloc(context, (max_registers)*(sizeof(fullinfo_type
)), 0));
3159 int *return_mask;
3160 struct register_info_type new_new_register_info;
3161 int i;
3162 /* Make sure the place we're returning from is legal! */
3163 for (i = new_mask_count; --i >= 0; )
3164 if (new_masks[i].entry == called_instruction)
3165 break;
3166 if (i < 0)
3167 CCerror(context, "Illegal return from subroutine");
3168 /* pop the masks down to the indicated one. Remember the mask
3169 * we're popping off. */
3170 return_mask = new_masks[i].modifies;
3171 new_mask_count = i;
3172 for (i = 0; i < max_registers; i++) {
3173 if (IS_BIT_SET(return_mask, i)(return_mask[(i)/(8 * sizeof(int)/sizeof(char))] & ((unsigned
)1 << ((i) % (8 * sizeof(int)/sizeof(char))))))
3174 new_set[i] = i < new_register_count ?
3175 new_registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3176 else
3177 new_set[i] = i < register_count ?
3178 registers[i] : MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3179 }
3180 new_new_register_info.register_count = max_registers;
3181 new_new_register_info.registers = new_set;
3182 new_new_register_info.mask_count = new_mask_count;
3183 new_new_register_info.masks = new_masks;
3184
3185
3186 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3187 merge_registers(context, to_inumber - 1, to_inumber,
3188 &new_new_register_info);
3189 merge_flags(context, from_inumber, to_inumber, new_and_flags, new_or_flags);
3190 }
3191 } else {
3192 merge_stack(context, from_inumber, to_inumber, new_stack_info);
3193 merge_registers(context, from_inumber, to_inumber, new_register_info);
3194 merge_flags(context, from_inumber, to_inumber,
3195 new_and_flags, new_or_flags);
3196 }
3197
3198#ifdef DEBUG1
3199 if (verify_verbose && idata[to_inumber].changed) {
3200 register_info_type *register_info = &this_idata->register_info;
3201 stack_info_type *stack_info = &this_idata->stack_info;
3202 if (memcmp(&old_reg_info, register_info, sizeof(old_reg_info)) ||
3203 memcmp(&old_stack_info, stack_info, sizeof(old_stack_info)) ||
3204 (old_and_flags != this_idata->and_flags) ||
3205 (old_or_flags != this_idata->or_flags)) {
3206 jio_fprintf(stdoutstdout, " %2d:", to_inumber);
3207 print_stack(context, &old_stack_info);
3208 print_registers(context, &old_reg_info);
3209 print_flags(context, old_and_flags, old_or_flags);
3210 jio_fprintf(stdoutstdout, " => ");
3211 print_stack(context, &this_idata->stack_info);
3212 print_registers(context, &this_idata->register_info);
3213 print_flags(context, this_idata->and_flags, this_idata->or_flags);
3214 jio_fprintf(stdoutstdout, "\n");
3215 }
3216 }
3217#endif
3218
3219}
3220
3221static void
3222merge_stack(context_type *context, unsigned int from_inumber,
3223 unsigned int to_inumber, stack_info_type *new_stack_info)
3224{
3225 instruction_data_type *idata = context->instruction_data;
3226 instruction_data_type *this_idata = &idata[to_inumber];
3227
3228 int new_stack_size = new_stack_info->stack_size;
3229 stack_item_type *new_stack = new_stack_info->stack;
3230
3231 int stack_size = this_idata->stack_info.stack_size;
3232
3233 if (stack_size == UNKNOWN_STACK_SIZE-1) {
3234 /* First time at this instruction. Just copy. */
3235 this_idata->stack_info.stack_size = new_stack_size;
3236 this_idata->stack_info.stack = new_stack;
3237 this_idata->changed = JNI_TRUE1;
3238 } else if (new_stack_size != stack_size) {
3239 CCerror(context, "Inconsistent stack height %d != %d",
3240 new_stack_size, stack_size);
3241 } else {
3242 stack_item_type *stack = this_idata->stack_info.stack;
3243 stack_item_type *old, *new;
3244 jboolean change = JNI_FALSE0;
3245 for (old = stack, new = new_stack; old != NULL((void*)0);
3246 old = old->next, new = new->next) {
3247 assert(new != NULL)((new != ((void*)0)) ? (void) (0) : __assert_fail ("new != NULL"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 3247, __extension__ __PRETTY_FUNCTION__));
3248 if (!isAssignableTo(context, new->item, old->item)) {
3249 change = JNI_TRUE1;
3250 break;
3251 }
3252 }
3253 if (change) {
3254 stack = copy_stack(context, stack);
3255 for (old = stack, new = new_stack; old != NULL((void*)0);
3256 old = old->next, new = new->next) {
3257 if (new == NULL((void*)0)) {
3258 break;
3259 }
3260 old->item = merge_fullinfo_types(context, old->item, new->item,
3261 JNI_FALSE0);
3262 if (GET_ITEM_TYPE(old->item)((old->item) & 0x1F) == ITEM_Bogus) {
3263 CCerror(context, "Mismatched stack types");
3264 }
3265 }
3266 if (old != NULL((void*)0) || new != NULL((void*)0)) {
3267 CCerror(context, "Mismatched stack types");
3268 }
3269 this_idata->stack_info.stack = stack;
3270 this_idata->changed = JNI_TRUE1;
3271 }
3272 }
3273}
3274
3275static void
3276merge_registers(context_type *context, unsigned int from_inumber,
3277 unsigned int to_inumber, register_info_type *new_register_info)
3278{
3279 instruction_data_type *idata = context->instruction_data;
3280 instruction_data_type *this_idata = &idata[to_inumber];
3281 register_info_type *this_reginfo = &this_idata->register_info;
3282
3283 int new_register_count = new_register_info->register_count;
3284 fullinfo_type *new_registers = new_register_info->registers;
3285 int new_mask_count = new_register_info->mask_count;
3286 mask_type *new_masks = new_register_info->masks;
3287
3288
3289 if (this_reginfo->register_count == UNKNOWN_REGISTER_COUNT-1) {
3290 this_reginfo->register_count = new_register_count;
3291 this_reginfo->registers = new_registers;
3292 this_reginfo->mask_count = new_mask_count;
3293 this_reginfo->masks = new_masks;
3294 this_idata->changed = JNI_TRUE1;
3295 } else {
3296 /* See if we've got new information on the register set. */
3297 int register_count = this_reginfo->register_count;
3298 fullinfo_type *registers = this_reginfo->registers;
3299 int mask_count = this_reginfo->mask_count;
3300 mask_type *masks = this_reginfo->masks;
3301
3302 jboolean copy = JNI_FALSE0;
3303 int i, j;
3304 if (register_count > new_register_count) {
3305 /* Any register larger than new_register_count is now bogus */
3306 this_reginfo->register_count = new_register_count;
3307 register_count = new_register_count;
3308 this_idata->changed = JNI_TRUE1;
3309 }
3310 for (i = 0; i < register_count; i++) {
3311 fullinfo_type prev_value = registers[i];
3312 if ((i < new_register_count)
3313 ? (!isAssignableTo(context, new_registers[i], prev_value))
3314 : (prev_value != MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16)))) {
3315 copy = JNI_TRUE1;
3316 break;
3317 }
3318 }
3319
3320 if (copy) {
3321 /* We need a copy. So do it. */
3322 fullinfo_type *new_set = NEW(fullinfo_type, register_count)((fullinfo_type *)CCalloc(context, (register_count)*(sizeof(fullinfo_type
)), 0));
3323 for (j = 0; j < i; j++)
3324 new_set[j] = registers[j];
3325 for (j = i; j < register_count; j++) {
3326 if (i >= new_register_count)
3327 new_set[j] = MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3328 else
3329 new_set[j] = merge_fullinfo_types(context,
3330 new_registers[j],
3331 registers[j], JNI_FALSE0);
3332 }
3333 /* Some of the end items might now be bogus. This step isn't
3334 * necessary, but it may save work later. */
3335 while ( register_count > 0
3336 && GET_ITEM_TYPE(new_set[register_count-1])((new_set[register_count-1]) & 0x1F) == ITEM_Bogus)
3337 register_count--;
3338 this_reginfo->register_count = register_count;
3339 this_reginfo->registers = new_set;
3340 this_idata->changed = JNI_TRUE1;
3341 }
3342 if (mask_count > 0) {
3343 /* If the target instruction already has a sequence of masks, then
3344 * we need to merge new_masks into it. We want the entries on
3345 * the mask to be the longest common substring of the two.
3346 * (e.g. a->b->d merged with a->c->d should give a->d)
3347 * The bits set in the mask should be the or of the corresponding
3348 * entries in each of the original masks.
3349 */
3350 int i, j, k;
3351 int matches = 0;
3352 int last_match = -1;
3353 jboolean copy_needed = JNI_FALSE0;
3354 for (i = 0; i < mask_count; i++) {
3355 int entry = masks[i].entry;
3356 for (j = last_match + 1; j < new_mask_count; j++) {
3357 if (new_masks[j].entry == entry) {
3358 /* We have a match */
3359 int *prev = masks[i].modifies;
3360 int *new = new_masks[j].modifies;
3361 matches++;
3362 /* See if new_mask has bits set for "entry" that
3363 * weren't set for mask. If so, need to copy. */
3364 for (k = context->bitmask_size - 1;
3365 !copy_needed && k >= 0;
3366 k--)
3367 if (~prev[k] & new[k])
3368 copy_needed = JNI_TRUE1;
3369 last_match = j;
3370 break;
3371 }
3372 }
3373 }
3374 if ((matches < mask_count) || copy_needed) {
3375 /* We need to make a copy for the new item, since either the
3376 * size has decreased, or new bits are set. */
3377 mask_type *copy = NEW(mask_type, matches)((mask_type *)CCalloc(context, (matches)*(sizeof(mask_type)),
0));
3378 for (i = 0; i < matches; i++) {
3379 copy[i].modifies = NEW(int, context->bitmask_size)((int *)CCalloc(context, (context->bitmask_size)*(sizeof(int
)), 0));
3380 }
3381 this_reginfo->masks = copy;
3382 this_reginfo->mask_count = matches;
3383 this_idata->changed = JNI_TRUE1;
3384 matches = 0;
3385 last_match = -1;
3386 for (i = 0; i < mask_count; i++) {
3387 int entry = masks[i].entry;
3388 for (j = last_match + 1; j < new_mask_count; j++) {
3389 if (new_masks[j].entry == entry) {
3390 int *prev1 = masks[i].modifies;
3391 int *prev2 = new_masks[j].modifies;
3392 int *new = copy[matches].modifies;
3393 copy[matches].entry = entry;
3394 for (k = context->bitmask_size - 1; k >= 0; k--)
3395 new[k] = prev1[k] | prev2[k];
3396 matches++;
3397 last_match = j;
3398 break;
3399 }
3400 }
3401 }
3402 }
3403 }
3404 }
3405}
3406
3407
3408static void
3409merge_flags(context_type *context, unsigned int from_inumber,
3410 unsigned int to_inumber,
3411 flag_type new_and_flags, flag_type new_or_flags)
3412{
3413 /* Set this_idata->and_flags &= new_and_flags
3414 this_idata->or_flags |= new_or_flags
3415 */
3416 instruction_data_type *idata = context->instruction_data;
3417 instruction_data_type *this_idata = &idata[to_inumber];
3418 flag_type this_and_flags = this_idata->and_flags;
3419 flag_type this_or_flags = this_idata->or_flags;
3420 flag_type merged_and = this_and_flags & new_and_flags;
3421 flag_type merged_or = this_or_flags | new_or_flags;
3422
3423 if ((merged_and != this_and_flags) || (merged_or != this_or_flags)) {
3424 this_idata->and_flags = merged_and;
3425 this_idata->or_flags = merged_or;
3426 this_idata->changed = JNI_TRUE1;
3427 }
3428}
3429
3430
3431/* Make a copy of a stack */
3432
3433static stack_item_type *
3434copy_stack(context_type *context, stack_item_type *stack)
3435{
3436 int length;
3437 stack_item_type *ptr;
3438
3439 /* Find the length */
3440 for (ptr = stack, length = 0; ptr != NULL((void*)0); ptr = ptr->next, length++);
3441
3442 if (length > 0) {
3443 stack_item_type *new_stack = NEW(stack_item_type, length)((stack_item_type *)CCalloc(context, (length)*(sizeof(stack_item_type
)), 0));
3444 stack_item_type *new_ptr;
3445 for ( ptr = stack, new_ptr = new_stack;
3446 ptr != NULL((void*)0);
3447 ptr = ptr->next, new_ptr++) {
3448 new_ptr->item = ptr->item;
3449 new_ptr->next = new_ptr + 1;
3450 }
3451 new_stack[length - 1].next = NULL((void*)0);
3452 return new_stack;
3453 } else {
3454 return NULL((void*)0);
3455 }
3456}
3457
3458
3459static mask_type *
3460copy_masks(context_type *context, mask_type *masks, int mask_count)
3461{
3462 mask_type *result = NEW(mask_type, mask_count)((mask_type *)CCalloc(context, (mask_count)*(sizeof(mask_type
)), 0));
3463 int bitmask_size = context->bitmask_size;
3464 int *bitmaps = NEW(int, mask_count * bitmask_size)((int *)CCalloc(context, (mask_count * bitmask_size)*(sizeof(
int)), 0));
3465 int i;
3466 for (i = 0; i < mask_count; i++) {
3467 result[i].entry = masks[i].entry;
3468 result[i].modifies = &bitmaps[i * bitmask_size];
3469 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3470 }
3471 return result;
3472}
3473
3474
3475static mask_type *
3476add_to_masks(context_type *context, mask_type *masks, int mask_count, int d)
3477{
3478 mask_type *result = NEW(mask_type, mask_count + 1)((mask_type *)CCalloc(context, (mask_count + 1)*(sizeof(mask_type
)), 0));
3479 int bitmask_size = context->bitmask_size;
3480 int *bitmaps = NEW(int, (mask_count + 1) * bitmask_size)((int *)CCalloc(context, ((mask_count + 1) * bitmask_size)*(sizeof
(int)), 0));
3481 int i;
3482 for (i = 0; i < mask_count; i++) {
3483 result[i].entry = masks[i].entry;
3484 result[i].modifies = &bitmaps[i * bitmask_size];
3485 memcpy(result[i].modifies, masks[i].modifies, bitmask_size * sizeof(int));
3486 }
3487 result[mask_count].entry = d;
3488 result[mask_count].modifies = &bitmaps[mask_count * bitmask_size];
3489 memset(result[mask_count].modifies, 0, bitmask_size * sizeof(int));
3490 return result;
3491}
3492
3493
3494
3495/* We create our own storage manager, since we malloc lots of little items,
3496 * and I don't want to keep trace of when they become free. I sure wish that
3497 * we had heaps, and I could just free the heap when done.
3498 */
3499
3500#define CCSegSize2000 2000
3501
3502struct CCpool { /* a segment of allocated memory in the pool */
3503 struct CCpool *next;
3504 int segSize; /* almost always CCSegSize */
3505 int poolPad;
3506 char space[CCSegSize2000];
3507};
3508
3509/* Initialize the context's heap. */
3510static void CCinit(context_type *context)
3511{
3512 struct CCpool *new = (struct CCpool *) malloc(sizeof(struct CCpool));
3513 /* Set context->CCroot to 0 if new == 0 to tell CCdestroy to lay off */
3514 context->CCroot = context->CCcurrent = new;
3515 if (new == 0) {
3516 CCout_of_memory(context);
3517 }
3518 new->next = NULL((void*)0);
3519 new->segSize = CCSegSize2000;
3520 context->CCfree_size = CCSegSize2000;
3521 context->CCfree_ptr = &new->space[0];
3522}
3523
3524
3525/* Reuse all the space that we have in the context's heap. */
3526static void CCreinit(context_type *context)
3527{
3528 struct CCpool *first = context->CCroot;
3529 context->CCcurrent = first;
3530 context->CCfree_size = CCSegSize2000;
3531 context->CCfree_ptr = &first->space[0];
3532}
3533
3534/* Destroy the context's heap. */
3535static void CCdestroy(context_type *context)
3536{
3537 struct CCpool *this = context->CCroot;
3538 while (this) {
3539 struct CCpool *next = this->next;
3540 free(this);
3541 this = next;
3542 }
3543 /* These two aren't necessary. But can't hurt either */
3544 context->CCroot = context->CCcurrent = NULL((void*)0);
3545 context->CCfree_ptr = 0;
3546}
3547
3548/* Allocate an object of the given size from the context's heap. */
3549static void *
3550CCalloc(context_type *context, int size, jboolean zero)
3551{
3552
3553 register char *p;
3554 /* Round CC to the size of a pointer */
3555 size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1);
3556
3557 if (context->CCfree_size < size) {
3558 struct CCpool *current = context->CCcurrent;
3559 struct CCpool *new;
3560 if (size > CCSegSize2000) { /* we need to allocate a special block */
3561 new = (struct CCpool *)malloc(sizeof(struct CCpool) +
3562 (size - CCSegSize2000));
3563 if (new == 0) {
3564 CCout_of_memory(context);
3565 }
3566 new->next = current->next;
3567 new->segSize = size;
3568 current->next = new;
3569 } else {
3570 new = current->next;
3571 if (new == NULL((void*)0)) {
3572 new = (struct CCpool *) malloc(sizeof(struct CCpool));
3573 if (new == 0) {
3574 CCout_of_memory(context);
3575 }
3576 current->next = new;
3577 new->next = NULL((void*)0);
3578 new->segSize = CCSegSize2000;
3579 }
3580 }
3581 context->CCcurrent = new;
3582 context->CCfree_ptr = &new->space[0];
3583 context->CCfree_size = new->segSize;
3584 }
3585 p = context->CCfree_ptr;
3586 context->CCfree_ptr += size;
3587 context->CCfree_size -= size;
3588 if (zero)
3589 memset(p, 0, size);
3590 return p;
3591}
3592
3593/* Get the class associated with a particular field or method or class in the
3594 * constant pool. If is_field is true, we've got a field or method. If
3595 * false, we've got a class.
3596 */
3597static fullinfo_type
3598cp_index_to_class_fullinfo(context_type *context, int cp_index, int kind)
3599{
3600 JNIEnv *env = context->env;
3601 fullinfo_type result;
3602 const char *classname;
3603 switch (kind) {
3604 case JVM_CONSTANT_Class:
3605 classname = JVM_GetCPClassNameUTF(env,
3606 context->class,
3607 cp_index);
3608 break;
3609 case JVM_CONSTANT_Methodref:
3610 classname = JVM_GetCPMethodClassNameUTF(env,
3611 context->class,
3612 cp_index);
3613 break;
3614 case JVM_CONSTANT_Fieldref:
3615 classname = JVM_GetCPFieldClassNameUTF(env,
3616 context->class,
3617 cp_index);
3618 break;
3619 default:
3620 classname = NULL((void*)0);
3621 CCerror(context, "Internal error #5");
3622 }
3623
3624 check_and_push(context, classname, VM_STRING_UTF);
3625 if (classname[0] == JVM_SIGNATURE_ARRAY) {
3626 /* This make recursively call us, in case of a class array */
3627 signature_to_fieldtype(context, &classname, &result);
3628 } else {
3629 result = make_class_info_from_name(context, classname);
3630 }
3631 pop_and_free(context);
3632 return result;
3633}
3634
3635
3636static int
3637print_CCerror_info(context_type *context)
3638{
3639 JNIEnv *env = context->env;
3640 jclass cb = context->class;
3641 const char *classname = JVM_GetClassNameUTF(env, cb);
3642 const char *name = 0;
3643 const char *signature = 0;
3644 int n = 0;
3645 if (context->method_index != -1) {
3646 name = JVM_GetMethodIxNameUTF(env, cb, context->method_index);
3647 signature =
3648 JVM_GetMethodIxSignatureUTF(env, cb, context->method_index);
3649 n += jio_snprintf(context->message, context->message_buf_len,
3650 "(class: %s, method: %s signature: %s) ",
3651 (classname ? classname : ""),
3652 (name ? name : ""),
3653 (signature ? signature : ""));
3654 } else if (context->field_index != -1 ) {
3655 name = JVM_GetMethodIxNameUTF(env, cb, context->field_index);
3656 n += jio_snprintf(context->message, context->message_buf_len,
3657 "(class: %s, field: %s) ",
3658 (classname ? classname : 0),
3659 (name ? name : 0));
3660 } else {
3661 n += jio_snprintf(context->message, context->message_buf_len,
3662 "(class: %s) ", classname ? classname : "");
3663 }
3664 JVM_ReleaseUTF(classname);
3665 JVM_ReleaseUTF(name);
3666 JVM_ReleaseUTF(signature);
3667 return n;
3668}
3669
3670static void
3671CCerror (context_type *context, char *format, ...)
3672{
3673 int n = print_CCerror_info(context);
3674 va_list args;
3675 if (n >= 0 && n < context->message_buf_len) {
3676 va_start(args, format)__builtin_va_start(args, format);
3677 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3678 format, args);
3679 va_end(args)__builtin_va_end(args);
3680 }
3681 context->err_code = CC_VerifyError0;
3682 longjmp(context->jump_buffer, 1);
3683}
3684
3685static void
3686CCout_of_memory(context_type *context)
3687{
3688 int n = print_CCerror_info(context);
3689 context->err_code = CC_OutOfMemory2;
3690 longjmp(context->jump_buffer, 1);
3691}
3692
3693static void
3694CFerror(context_type *context, char *format, ...)
3695{
3696 int n = print_CCerror_info(context);
3697 va_list args;
3698 if (n >= 0 && n < context->message_buf_len) {
3699 va_start(args, format)__builtin_va_start(args, format);
3700 jio_vsnprintf(context->message + n, context->message_buf_len - n,
3701 format, args);
3702 va_end(args)__builtin_va_end(args);
3703 }
3704 context->err_code = CC_ClassFormatError3;
3705 longjmp(context->jump_buffer, 1);
3706}
3707
3708/*
3709 * Need to scan the entire signature to find the result type because
3710 * types in the arg list and the result type could contain embedded ')'s.
3711 */
3712static const char* get_result_signature(const char* signature) {
3713 const char *p;
3714 for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
3715 switch (*p) {
3716 case JVM_SIGNATURE_BOOLEAN:
3717 case JVM_SIGNATURE_BYTE:
3718 case JVM_SIGNATURE_CHAR:
3719 case JVM_SIGNATURE_SHORT:
3720 case JVM_SIGNATURE_INT:
3721 case JVM_SIGNATURE_FLOAT:
3722 case JVM_SIGNATURE_DOUBLE:
3723 case JVM_SIGNATURE_LONG:
3724 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
3725 break;
3726 case JVM_SIGNATURE_CLASS:
3727 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
3728 break;
3729 case JVM_SIGNATURE_ARRAY:
3730 while (*p == JVM_SIGNATURE_ARRAY) p++;
3731 /* If an array of classes, skip over class name, too. */
3732 if (*p == JVM_SIGNATURE_CLASS) {
3733 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
3734 }
3735 break;
3736 default:
3737 /* Indicate an error. */
3738 return NULL((void*)0);
3739 }
3740 }
3741 return p++; /* skip over ')'. */
3742}
3743
3744static char
3745signature_to_fieldtype(context_type *context,
3746 const char **signature_p, fullinfo_type *full_info_p)
3747{
3748 const char *p = *signature_p;
3749 fullinfo_type full_info = MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3750 char result;
3751 int array_depth = 0;
3752
3753 for (;;) {
3754 switch(*p++) {
3755 default:
3756 result = 0;
3757 break;
3758
3759 case JVM_SIGNATURE_BOOLEAN:
3760 full_info = (array_depth > 0)
3761 ? MAKE_FULLINFO(ITEM_Boolean, 0, 0)((ITEM_Boolean) + ((0) << 5) + ((0) << 16))
3762 : MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16));
3763 result = 'I';
3764 break;
3765
3766 case JVM_SIGNATURE_BYTE:
3767 full_info = (array_depth > 0)
3768 ? MAKE_FULLINFO(ITEM_Byte, 0, 0)((ITEM_Byte) + ((0) << 5) + ((0) << 16))
3769 : MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16));
3770 result = 'I';
3771 break;
3772
3773 case JVM_SIGNATURE_CHAR:
3774 full_info = (array_depth > 0)
3775 ? MAKE_FULLINFO(ITEM_Char, 0, 0)((ITEM_Char) + ((0) << 5) + ((0) << 16))
3776 : MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16));
3777 result = 'I';
3778 break;
3779
3780 case JVM_SIGNATURE_SHORT:
3781 full_info = (array_depth > 0)
3782 ? MAKE_FULLINFO(ITEM_Short, 0, 0)((ITEM_Short) + ((0) << 5) + ((0) << 16))
3783 : MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16));
3784 result = 'I';
3785 break;
3786
3787 case JVM_SIGNATURE_INT:
3788 full_info = MAKE_FULLINFO(ITEM_Integer, 0, 0)((ITEM_Integer) + ((0) << 5) + ((0) << 16));
3789 result = 'I';
3790 break;
3791
3792 case JVM_SIGNATURE_FLOAT:
3793 full_info = MAKE_FULLINFO(ITEM_Float, 0, 0)((ITEM_Float) + ((0) << 5) + ((0) << 16));
3794 result = 'F';
3795 break;
3796
3797 case JVM_SIGNATURE_DOUBLE:
3798 full_info = MAKE_FULLINFO(ITEM_Double, 0, 0)((ITEM_Double) + ((0) << 5) + ((0) << 16));
3799 result = 'D';
3800 break;
3801
3802 case JVM_SIGNATURE_LONG:
3803 full_info = MAKE_FULLINFO(ITEM_Long, 0, 0)((ITEM_Long) + ((0) << 5) + ((0) << 16));
3804 result = 'L';
3805 break;
3806
3807 case JVM_SIGNATURE_ARRAY:
3808 array_depth++;
3809 continue; /* only time we ever do the loop > 1 */
3810
3811 case JVM_SIGNATURE_CLASS: {
3812 char buffer_space[256];
3813 char *buffer = buffer_space;
3814 char *finish = strchr(p, JVM_SIGNATURE_ENDCLASS);
3815 int length;
3816 if (finish == NULL((void*)0)) {
3817 /* Signature must have ';' after the class name.
3818 * If it does not, return 0 and ITEM_Bogus in full_info. */
3819 result = 0;
3820 break;
3821 }
3822 assert(finish >= p)((finish >= p) ? (void) (0) : __assert_fail ("finish >= p"
, "/home/daniel/Projects/java/jdk/src/java.base/share/native/libverify/check_code.c"
, 3822, __extension__ __PRETTY_FUNCTION__));
3823 length = (int)(finish - p);
3824 if (length + 1 > (int)sizeof(buffer_space)) {
3825 buffer = calloc(length + 1, sizeof(char));
3826 check_and_push(context, buffer, VM_MALLOC_BLK);
3827 }
3828 memcpy(buffer, p, length);
3829 buffer[length] = '\0';
3830 full_info = make_class_info_from_name(context, buffer);
3831 result = 'A';
3832 p = finish + 1;
3833 if (buffer != buffer_space)
3834 pop_and_free(context);
3835 break;
3836 }
3837 } /* end of switch */
3838 break;
3839 }
3840 *signature_p = p;
3841 if (array_depth == 0 || result == 0) {
3842 /* either not an array, or result is bogus */
3843 *full_info_p = full_info;
3844 return result;
3845 } else {
3846 if (array_depth > MAX_ARRAY_DIMENSIONS255)
3847 CCerror(context, "Array with too many dimensions");
3848 *full_info_p = MAKE_FULLINFO(GET_ITEM_TYPE(full_info),((((full_info) & 0x1F)) + ((array_depth) << 5) + ((
((full_info) >> 16)) << 16))
3849 array_depth,((((full_info) & 0x1F)) + ((array_depth) << 5) + ((
((full_info) >> 16)) << 16))
3850 GET_EXTRA_INFO(full_info))((((full_info) & 0x1F)) + ((array_depth) << 5) + ((
((full_info) >> 16)) << 16));
3851 return 'A';
3852 }
3853}
3854
3855
3856/* Given an array type, create the type that has one less level of
3857 * indirection.
3858 */
3859
3860static fullinfo_type
3861decrement_indirection(fullinfo_type array_info)
3862{
3863 if (array_info == NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16))) {
3864 return NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16));
3865 } else {
3866 int type = GET_ITEM_TYPE(array_info)((array_info) & 0x1F);
3867 int indirection = GET_INDIRECTION(array_info)(((array_info) & 0xFFFF) >> 5) - 1;
3868 int extra_info = GET_EXTRA_INFO(array_info)((array_info) >> 16);
3869 if ( (indirection == 0)
3870 && ((type == ITEM_Short || type == ITEM_Byte || type == ITEM_Boolean || type == ITEM_Char)))
3871 type = ITEM_Integer;
3872 return MAKE_FULLINFO(type, indirection, extra_info)((type) + ((indirection) << 5) + ((extra_info) <<
16));
3873 }
3874}
3875
3876
3877/* See if we can assign an object of the "from" type to an object
3878 * of the "to" type.
3879 */
3880
3881static jboolean isAssignableTo(context_type *context,
3882 fullinfo_type from, fullinfo_type to)
3883{
3884 return (merge_fullinfo_types(context, from, to, JNI_TRUE1) == to);
3885}
3886
3887/* Given two fullinfo_type's, find their lowest common denominator. If
3888 * the assignable_p argument is non-null, we're really just calling to find
3889 * out if "<target> := <value>" is a legitimate assignment.
3890 *
3891 * We treat all interfaces as if they were of type java/lang/Object, since the
3892 * runtime will do the full checking.
3893 */
3894static fullinfo_type
3895merge_fullinfo_types(context_type *context,
3896 fullinfo_type value, fullinfo_type target,
3897 jboolean for_assignment)
3898{
3899 JNIEnv *env = context->env;
3900 if (value == target) {
3901 /* If they're identical, clearly just return what we've got */
3902 return value;
3903 }
3904
3905 /* Both must be either arrays or objects to go further */
3906 if (GET_INDIRECTION(value)(((value) & 0xFFFF) >> 5) == 0 && GET_ITEM_TYPE(value)((value) & 0x1F) != ITEM_Object)
3907 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3908 if (GET_INDIRECTION(target)(((target) & 0xFFFF) >> 5) == 0 && GET_ITEM_TYPE(target)((target) & 0x1F) != ITEM_Object)
3909 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3910
3911 /* If either is NULL, return the other. */
3912 if (value == NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16)))
3913 return target;
3914 else if (target == NULL_FULLINFO((ITEM_Object) + ((0) << 5) + ((0) << 16)))
3915 return value;
3916
3917 /* If either is java/lang/Object, that's the result. */
3918 if (target == context->object_info)
3919 return target;
3920 else if (value == context->object_info) {
3921 /* Minor hack. For assignments, Interface := Object, return Interface
3922 * rather than Object, so that isAssignableTo() will get the right
3923 * result. */
3924 if (for_assignment && (WITH_ZERO_EXTRA_INFO(target)((target) & 0xFFFF) ==
3925 MAKE_FULLINFO(ITEM_Object, 0, 0)((ITEM_Object) + ((0) << 5) + ((0) << 16)))) {
3926 jclass cb = object_fullinfo_to_classclass(context,
3927 target);
3928 int is_interface = cb && JVM_IsInterface(env, cb);
3929 if (is_interface)
3930 return target;
3931 }
3932 return value;
3933 }
3934 if (GET_INDIRECTION(value)(((value) & 0xFFFF) >> 5) > 0 || GET_INDIRECTION(target)(((target) & 0xFFFF) >> 5) > 0) {
3935 /* At least one is an array. Neither is java/lang/Object or NULL.
3936 * Moreover, the types are not identical.
3937 * The result must either be Object, or an array of some object type.
3938 */
3939 fullinfo_type value_base, target_base;
3940 int dimen_value = GET_INDIRECTION(value)(((value) & 0xFFFF) >> 5);
3941 int dimen_target = GET_INDIRECTION(target)(((target) & 0xFFFF) >> 5);
3942
3943 if (target == context->cloneable_info ||
3944 target == context->serializable_info) {
3945 return target;
3946 }
3947
3948 if (value == context->cloneable_info ||
3949 value == context->serializable_info) {
3950 return value;
3951 }
3952
3953 /* First, if either item's base type isn't ITEM_Object, promote it up
3954 * to an object or array of object. If either is elemental, we can
3955 * punt.
3956 */
3957 if (GET_ITEM_TYPE(value)((value) & 0x1F) != ITEM_Object) {
3958 if (dimen_value == 0)
3959 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3960 dimen_value--;
3961 value = MAKE_Object_ARRAY(dimen_value)(context->object_info + ((dimen_value) << 5));
3962
3963 }
3964 if (GET_ITEM_TYPE(target)((target) & 0x1F) != ITEM_Object) {
3965 if (dimen_target == 0)
3966 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
3967 dimen_target--;
3968 target = MAKE_Object_ARRAY(dimen_target)(context->object_info + ((dimen_target) << 5));
3969 }
3970 /* Both are now objects or arrays of some sort of object type */
3971 value_base = WITH_ZERO_INDIRECTION(value)((value) & ~(0xFFE0));
3972 target_base = WITH_ZERO_INDIRECTION(target)((target) & ~(0xFFE0));
3973 if (dimen_value == dimen_target) {
3974 /* Arrays of the same dimension. Merge their base types. */
3975 fullinfo_type result_base =
3976 merge_fullinfo_types(context, value_base, target_base,
3977 for_assignment);
3978 if (result_base == MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16)))
3979 /* bogus in, bogus out */
3980 return result_base;
3981 return MAKE_FULLINFO(ITEM_Object, dimen_value,((ITEM_Object) + ((dimen_value) << 5) + ((((result_base
) >> 16)) << 16))
3982 GET_EXTRA_INFO(result_base))((ITEM_Object) + ((dimen_value) << 5) + ((((result_base
) >> 16)) << 16));
3983 } else {
3984 /* Arrays of different sizes. If the smaller dimension array's base
3985 * type is java/lang/Cloneable or java/io/Serializable, return it.
3986 * Otherwise return java/lang/Object with a dimension of the smaller
3987 * of the two */
3988 if (dimen_value < dimen_target) {
3989 if (value_base == context->cloneable_info ||
3990 value_base == context ->serializable_info) {
3991 return value;
3992 }
3993 return MAKE_Object_ARRAY(dimen_value)(context->object_info + ((dimen_value) << 5));
3994 } else {
3995 if (target_base == context->cloneable_info ||
3996 target_base == context->serializable_info) {
3997 return target;
3998 }
3999 return MAKE_Object_ARRAY(dimen_target)(context->object_info + ((dimen_target) << 5));
4000 }
4001 }
4002 } else {
4003 /* Both are non-array objects. Neither is java/lang/Object or NULL */
4004 jclass cb_value, cb_target, cb_super_value, cb_super_target;
4005 fullinfo_type result_info;
4006
4007 /* Let's get the classes corresponding to each of these. Treat
4008 * interfaces as if they were java/lang/Object. See hack note above. */
4009 cb_target = object_fullinfo_to_classclass(context, target);
4010 if (cb_target == 0)
4011 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
4012 if (JVM_IsInterface(env, cb_target))
4013 return for_assignment ? target : context->object_info;
4014 cb_value = object_fullinfo_to_classclass(context, value);
4015 if (cb_value == 0)
4016 return MAKE_FULLINFO(ITEM_Bogus, 0, 0)((ITEM_Bogus) + ((0) << 5) + ((0) << 16));
4017 if (JVM_IsInterface(env, cb_value))
4018 return context->object_info;
4019
4020 /* If this is for assignment of target := value, we just need to see if
4021 * cb_target is a superclass of cb_value. Save ourselves a lot of
4022 * work.
4023 */
4024 if (for_assignment) {
4025 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4026 while (cb_super_value != 0) {
4027 jclass tmp_cb;
4028 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4029 (*env)->DeleteLocalRef(env, cb_super_value);
4030 return target;
4031 }
4032 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4033 (*env)->DeleteLocalRef(env, cb_super_value);
4034 cb_super_value = tmp_cb;
4035 }
4036 (*env)->DeleteLocalRef(env, cb_super_value);
4037 return context->object_info;
4038 }
4039
4040 /* Find out whether cb_value or cb_target is deeper in the class
4041 * tree by moving both toward the root, and seeing who gets there
4042 * first. */
4043 cb_super_value = (*env)->GetSuperclass(env, cb_value);
4044 cb_super_target = (*env)->GetSuperclass(env, cb_target);
4045 while((cb_super_value != 0) &&
4046 (cb_super_target != 0)) {
4047 jclass tmp_cb;
4048 /* Optimization. If either hits the other when going up looking
4049 * for a parent, then might as well return the parent immediately */
4050 if ((*env)->IsSameObject(env, cb_super_value, cb_target)) {
4051 (*env)->DeleteLocalRef(env, cb_super_value);
4052 (*env)->DeleteLocalRef(env, cb_super_target);
4053 return target;
4054 }
4055 if ((*env)->IsSameObject(env, cb_super_target, cb_value)) {
4056 (*env)->DeleteLocalRef(env, cb_super_value);
4057 (*env)->DeleteLocalRef(env, cb_super_target);
4058 return value;
4059 }
4060 tmp_cb = (*env)->GetSuperclass(env, cb_super_value);
4061 (*env)->DeleteLocalRef(env, cb_super_value);
4062 cb_super_value = tmp_cb;
4063
4064 tmp_cb = (*env)->GetSuperclass(env, cb_super_target);
4065 (*env)->DeleteLocalRef(env, cb_super_target);
4066 cb_super_target = tmp_cb;
4067 }
4068 cb_value = (*env)->NewLocalRef(env, cb_value);
4069 cb_target = (*env)->NewLocalRef(env, cb_target);
4070 /* At most one of the following two while clauses will be executed.
4071 * Bring the deeper of cb_target and cb_value to the depth of the
4072 * shallower one.
4073 */
4074 while (cb_super_value != 0) {
4075 /* cb_value is deeper */
4076 jclass cb_tmp;
4077
4078 cb_tmp = (*env)->GetSuperclass(env, cb_super_value);
4079 (*env)->DeleteLocalRef(env, cb_super_value);
4080 cb_super_value = cb_tmp;
4081
4082 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4083 (*env)->DeleteLocalRef(env, cb_value);
4084 cb_value = cb_tmp;
4085 }
4086 while (cb_super_target != 0) {
4087 /* cb_target is deeper */
4088 jclass cb_tmp;
4089
4090 cb_tmp = (*env)->GetSuperclass(env, cb_super_target);
4091 (*env)->DeleteLocalRef(env, cb_super_target);
4092 cb_super_target = cb_tmp;
4093
4094 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4095 (*env)->DeleteLocalRef(env, cb_target);
4096 cb_target = cb_tmp;
4097 }
4098
4099 /* Walk both up, maintaining equal depth, until a join is found. We
4100 * know that we will find one. */
4101 while (!(*env)->IsSameObject(env, cb_value, cb_target)) {
4102 jclass cb_tmp;
4103 cb_tmp = (*env)->GetSuperclass(env, cb_value);
4104 (*env)->DeleteLocalRef(env, cb_value);
4105 cb_value = cb_tmp;
4106 cb_tmp = (*env)->GetSuperclass(env, cb_target);
4107 (*env)->DeleteLocalRef(env, cb_target);
4108 cb_target = cb_tmp;
4109 }
4110 result_info = make_class_info(context, cb_value);
4111 (*env)->DeleteLocalRef(env, cb_value);
4112 (*env)->DeleteLocalRef(env, cb_super_value);
4113 (*env)->DeleteLocalRef(env, cb_target);
4114 (*env)->DeleteLocalRef(env, cb_super_target);
4115 return result_info;
4116 } /* both items are classes */
4117}
4118
4119
4120/* Given a fullinfo_type corresponding to an Object, return the jclass
4121 * of that type.
4122 *
4123 * This function always returns a global reference!
4124 */
4125
4126static jclass
4127object_fullinfo_to_classclass(context_type *context, fullinfo_type classinfo)
4128{
4129 unsigned short info = GET_EXTRA_INFO(classinfo)((classinfo) >> 16);
4130 return ID_to_class(context, info);
4131}
4132
4133static void free_block(void *ptr, int kind)
4134{
4135 switch (kind) {
4136 case VM_STRING_UTF:
4137 JVM_ReleaseUTF(ptr);
4138 break;
4139 case VM_MALLOC_BLK:
4140 free(ptr);
4141 break;
4142 }
4143}
4144
4145static void check_and_push(context_type *context, const void *ptr, int kind)
4146{
4147 alloc_stack_type *p;
4148 if (ptr == 0)
4149 CCout_of_memory(context);
4150 if (context->alloc_stack_top < ALLOC_STACK_SIZE16)
4151 p = &(context->alloc_stack[context->alloc_stack_top++]);
4152 else {
4153 /* Otherwise we have to malloc */
4154 p = malloc(sizeof(alloc_stack_type));
4155 if (p == 0) {
4156 /* Make sure we clean up. */
4157 free_block((void *)ptr, kind);
4158 CCout_of_memory(context);
4159 }
4160 }
4161 p->kind = kind;
4162 p->ptr = (void *)ptr;
4163 p->next = context->allocated_memory;
4164 context->allocated_memory = p;
4165}
4166
4167static void pop_and_free(context_type *context)
4168{
4169 alloc_stack_type *p = context->allocated_memory;
4170 context->allocated_memory = p->next;
4171 free_block(p->ptr, p->kind);
4172 if (p < context->alloc_stack + ALLOC_STACK_SIZE16 &&
4173 p >= context->alloc_stack)
4174 context->alloc_stack_top--;
4175 else
4176 free(p);
4177}
4178
4179static int signature_to_args_size(const char *method_signature)
4180{
4181 const char *p;
4182 int args_size = 0;
4183 for (p = method_signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
4184 switch (*p) {
4185 case JVM_SIGNATURE_BOOLEAN:
4186 case JVM_SIGNATURE_BYTE:
4187 case JVM_SIGNATURE_CHAR:
4188 case JVM_SIGNATURE_SHORT:
4189 case JVM_SIGNATURE_INT:
4190 case JVM_SIGNATURE_FLOAT:
4191 args_size += 1;
4192 break;
4193 case JVM_SIGNATURE_CLASS:
4194 args_size += 1;
4195 while (*p != JVM_SIGNATURE_ENDCLASS) p++;
4196 break;
4197 case JVM_SIGNATURE_ARRAY:
4198 args_size += 1;
4199 while ((*p == JVM_SIGNATURE_ARRAY)) p++;
4200 /* If an array of classes, skip over class name, too. */
4201 if (*p == JVM_SIGNATURE_CLASS) {
4202 while (*p != JVM_SIGNATURE_ENDCLASS)
4203 p++;
4204 }
4205 break;
4206 case JVM_SIGNATURE_DOUBLE:
4207 case JVM_SIGNATURE_LONG:
4208 args_size += 2;
4209 break;
4210 case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
4211 break;
4212 default:
4213 /* Indicate an error. */
4214 return 0;
4215 }
4216 }
4217 return args_size;
4218}
4219
4220#ifdef DEBUG1
4221
4222/* Below are for debugging. */
4223
4224static void print_fullinfo_type(context_type *, fullinfo_type, jboolean);
4225
4226static void
4227print_stack(context_type *context, stack_info_type *stack_info)
4228{
4229 stack_item_type *stack = stack_info->stack;
4230 if (stack_info->stack_size == UNKNOWN_STACK_SIZE-1) {
4231 jio_fprintf(stdoutstdout, "x");
4232 } else {
4233 jio_fprintf(stdoutstdout, "(");
4234 for ( ; stack != 0; stack = stack->next)
4235 print_fullinfo_type(context, stack->item,
4236 (jboolean)(verify_verbose > 1 ? JNI_TRUE1 : JNI_FALSE0));
4237 jio_fprintf(stdoutstdout, ")");
4238 }
4239}
4240
4241static void
4242print_registers(context_type *context, register_info_type *register_info)
4243{
4244 int register_count = register_info->register_count;
4245 if (register_count == UNKNOWN_REGISTER_COUNT-1) {
4246 jio_fprintf(stdoutstdout, "x");
4247 } else {
4248 fullinfo_type *registers = register_info->registers;
4249 int mask_count = register_info->mask_count;
4250 mask_type *masks = register_info->masks;
4251 int i, j;
4252
4253 jio_fprintf(stdoutstdout, "{");
4254 for (i = 0; i < register_count; i++)
4255 print_fullinfo_type(context, registers[i],
4256 (jboolean)(verify_verbose > 1 ? JNI_TRUE1 : JNI_FALSE0));
4257 jio_fprintf(stdoutstdout, "}");
4258 for (i = 0; i < mask_count; i++) {
4259 char *separator = "";
4260 int *modifies = masks[i].modifies;
4261 jio_fprintf(stdoutstdout, "<%d: ", masks[i].entry);
4262 for (j = 0;
4263 j < JVM_GetMethodIxLocalsCount(context->env,
4264 context->class,
4265 context->method_index);
4266 j++)
4267 if (IS_BIT_SET(modifies, j)(modifies[(j)/(8 * sizeof(int)/sizeof(char))] & ((unsigned
)1 << ((j) % (8 * sizeof(int)/sizeof(char)))))) {
4268 jio_fprintf(stdoutstdout, "%s%d", separator, j);
4269 separator = ",";
4270 }
4271 jio_fprintf(stdoutstdout, ">");
4272 }
4273 }
4274}
4275
4276
4277static void
4278print_flags(context_type *context, flag_type and_flags, flag_type or_flags)
4279{
4280 if (and_flags != ((flag_type)-1) || or_flags != 0) {
4281 jio_fprintf(stdoutstdout, "<%x %x>", and_flags, or_flags);
4282 }
4283}
4284
4285static void
4286print_fullinfo_type(context_type *context, fullinfo_type type, jboolean verbose)
4287{
4288 int i;
4289 int indirection = GET_INDIRECTION(type)(((type) & 0xFFFF) >> 5);
4290 for (i = indirection; i-- > 0; )
4291 jio_fprintf(stdoutstdout, "[");
4292 switch (GET_ITEM_TYPE(type)((type) & 0x1F)) {
4293 case ITEM_Integer:
4294 jio_fprintf(stdoutstdout, "I"); break;
4295 case ITEM_Float:
4296 jio_fprintf(stdoutstdout, "F"); break;
4297 case ITEM_Double:
4298 jio_fprintf(stdoutstdout, "D"); break;
4299 case ITEM_Double_2:
4300 jio_fprintf(stdoutstdout, "d"); break;
4301 case ITEM_Long:
4302 jio_fprintf(stdoutstdout, "L"); break;
4303 case ITEM_Long_2:
4304 jio_fprintf(stdoutstdout, "l"); break;
4305 case ITEM_ReturnAddress:
4306 jio_fprintf(stdoutstdout, "a"); break;
4307 case ITEM_Object:
4308 if (!verbose) {
4309 jio_fprintf(stdoutstdout, "A");
4310 } else {
4311 unsigned short extra = GET_EXTRA_INFO(type)((type) >> 16);
4312 if (extra == 0) {
4313 jio_fprintf(stdoutstdout, "/Null/");
4314 } else {
4315 const char *name = ID_to_class_name(context, extra);
4316 const char *name2 = strrchr(name, '/');
4317 jio_fprintf(stdoutstdout, "/%s/", name2 ? name2 + 1 : name);
4318 }
4319 }
4320 break;
4321 case ITEM_Char:
4322 jio_fprintf(stdoutstdout, "C"); break;
4323 case ITEM_Short:
4324 jio_fprintf(stdoutstdout, "S"); break;
4325 case ITEM_Boolean:
4326 jio_fprintf(stdoutstdout, "Z"); break;
4327 case ITEM_Byte:
4328 jio_fprintf(stdoutstdout, "B"); break;
4329 case ITEM_NewObject:
4330 if (!verbose) {
4331 jio_fprintf(stdoutstdout, "@");
4332 } else {
4333 int inum = GET_EXTRA_INFO(type)((type) >> 16);
4334 fullinfo_type real_type =
4335 context->instruction_data[inum].operand2.fi;
4336 jio_fprintf(stdoutstdout, ">");
4337 print_fullinfo_type(context, real_type, JNI_TRUE1);
4338 jio_fprintf(stdoutstdout, "<");
4339 }
4340 break;
4341 case ITEM_InitObject:
4342 jio_fprintf(stdoutstdout, verbose ? ">/this/<" : "@");
4343 break;
4344
4345 default:
4346 jio_fprintf(stdoutstdout, "?"); break;
4347 }
4348 for (i = indirection; i-- > 0; )
4349 jio_fprintf(stdoutstdout, "]");
4350}
4351
4352
4353static void
4354print_formatted_fieldname(context_type *context, int index)
4355{
4356 JNIEnv *env = context->env;
4357 jclass cb = context->class;
4358 const char *classname = JVM_GetCPFieldClassNameUTF(env, cb, index);
4359 const char *fieldname = JVM_GetCPFieldNameUTF(env, cb, index);
4360 jio_fprintf(stdoutstdout, " <%s.%s>",
4361 classname ? classname : "", fieldname ? fieldname : "");
4362 JVM_ReleaseUTF(classname);
4363 JVM_ReleaseUTF(fieldname);
4364}
4365
4366static void
4367print_formatted_methodname(context_type *context, int index)
4368{
4369 JNIEnv *env = context->env;
4370 jclass cb = context->class;
4371 const char *classname = JVM_GetCPMethodClassNameUTF(env, cb, index);
4372 const char *methodname = JVM_GetCPMethodNameUTF(env, cb, index);
4373 jio_fprintf(stdoutstdout, " <%s.%s>",
4374 classname ? classname : "", methodname ? methodname : "");
4375 JVM_ReleaseUTF(classname);
4376 JVM_ReleaseUTF(methodname);
4377}
4378
4379#endif /*DEBUG*/