1 // defineclass.cc - defining a class from .class format.
3 /* Copyright (C) 2001, 2002 Free Software Foundation
5 This file is part of libgcj.
7 This software is copyrighted work licensed under the terms of the
8 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for
11 // Written by Tom Tromey <tromey@redhat.com>
13 // Define VERIFY_DEBUG to enable debugging output.
19 #include <java-insns.h>
20 #include <java-interp.h>
24 #include <java/lang/Class.h>
25 #include <java/lang/VerifyError.h>
26 #include <java/lang/Throwable.h>
27 #include <java/lang/reflect/Modifier.h>
28 #include <java/lang/StringBuffer.h>
32 #endif /* VERIFY_DEBUG */
35 static void debug_print (const char *fmt, ...)
36 __attribute__ ((format (printf, 1, 2)));
39 debug_print (const char *fmt, ...)
44 vfprintf (stderr, fmt, ap);
46 #endif /* VERIFY_DEBUG */
49 class _Jv_BytecodeVerifier
53 static const int FLAG_INSN_START = 1;
54 static const int FLAG_BRANCH_TARGET = 2;
59 struct subr_entry_info;
64 // The PC corresponding to the start of the current instruction.
67 // The current state of the stack, locals, etc.
70 // We store the state at branch targets, for merging. This holds
74 // We keep a linked list of all the PCs which we must reverify.
75 // The link is done using the PC values. This is the head of the
79 // We keep some flags for each instruction. The values are the
80 // FLAG_* constants defined above.
83 // We need to keep track of which instructions can call a given
84 // subroutine. FIXME: this is inefficient. We keep a linked list
85 // of all calling `jsr's at at each jsr target.
88 // We keep a linked list of entries which map each `ret' instruction
89 // to its unique subroutine entry point. We expect that there won't
90 // be many `ret' instructions, so a linked list is ok.
91 subr_entry_info *entry_points;
93 // The current top of the stack, in terms of slots.
95 // The current depth of the stack. This will be larger than
96 // STACKTOP when wide types are on the stack.
99 // The bytecode itself.
100 unsigned char *bytecode;
102 _Jv_InterpException *exception;
105 jclass current_class;
107 _Jv_InterpMethod *current_method;
109 // A linked list of utf8 objects we allocate. This is really ugly,
110 // but without this our utf8 objects would be collected.
111 linked_utf8 *utf8_list;
119 _Jv_Utf8Const *make_utf8_const (char *s, int len)
121 _Jv_Utf8Const *val = _Jv_makeUtf8Const (s, len);
122 _Jv_Utf8Const *r = (_Jv_Utf8Const *) _Jv_Malloc (sizeof (_Jv_Utf8Const)
125 r->length = val->length;
127 memcpy (r->data, val->data, val->length + 1);
129 linked_utf8 *lu = (linked_utf8 *) _Jv_Malloc (sizeof (linked_utf8));
131 lu->next = utf8_list;
137 // This enum holds a list of tags for all the different types we
138 // need to handle. Reference types are treated specially by the
144 // The values for primitive types are chosen to correspond to values
145 // specified to newarray.
155 // Used when overwriting second word of a double or long in the
156 // local variables. Also used after merging local variable states
157 // to indicate an unusable value.
162 // There is an obscure special case which requires us to note when
163 // a local variable has not been used by a subroutine. See
164 // push_jump_merge for more information.
165 unused_by_subroutine_type,
167 // Everything after `reference_type' must be a reference type.
170 unresolved_reference_type,
171 uninitialized_reference_type,
172 uninitialized_unresolved_reference_type
175 // Return the type_val corresponding to a primitive signature
176 // character. For instance `I' returns `int.class'.
177 type_val get_type_val_for_signature (jchar sig)
210 verify_fail ("invalid signature");
215 // Return the type_val corresponding to a primitive class.
216 type_val get_type_val_for_signature (jclass k)
218 return get_type_val_for_signature ((jchar) k->method_count);
221 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or
222 // TARGET haven't been prepared.
223 static bool is_assignable_from_slow (jclass target, jclass source)
225 // This will terminate when SOURCE==Object.
228 if (source == target)
231 if (target->isPrimitive () || source->isPrimitive ())
234 // Check array case first because we can have an array whose
235 // component type is not prepared; _Jv_IsAssignableFrom
236 // doesn't handle this correctly.
237 if (target->isArray ())
239 if (! source->isArray ())
241 target = target->getComponentType ();
242 source = source->getComponentType ();
244 // _Jv_IsAssignableFrom can handle a target which is an
245 // interface even if it hasn't been prepared.
246 else if ((target->state > JV_STATE_LINKED || target->isInterface ())
247 && source->state > JV_STATE_LINKED)
248 return _Jv_IsAssignableFrom (target, source);
249 else if (target->isInterface ())
251 for (int i = 0; i < source->interface_count; ++i)
253 // We use a recursive call because we also need to
254 // check superinterfaces.
255 if (is_assignable_from_slow (target, source->interfaces[i]))
258 source = source->getSuperclass ();
262 else if (target == &java::lang::Object::class$)
264 else if (source->isInterface ()
265 || source == &java::lang::Object::class$)
268 source = source->getSuperclass ();
272 // This is used to keep track of which `jsr's correspond to a given
276 // PC of the instruction just after the jsr.
282 // This is used to keep track of which subroutine entry point
283 // corresponds to which `ret' instruction.
284 struct subr_entry_info
286 // PC of the subroutine entry point.
288 // PC of the `ret' instruction.
291 subr_entry_info *next;
294 // The `type' class is used to represent a single type in the
300 // Some associated data.
303 // For a resolved reference type, this is a pointer to the class.
305 // For other reference types, this it the name of the class.
308 // This is used when constructing a new object. It is the PC of the
309 // `new' instruction which created the object. We use the special
310 // value -2 to mean that this is uninitialized, and the special
311 // value -1 for the case where the current method is itself the
315 static const int UNINIT = -2;
316 static const int SELF = -1;
318 // Basic constructor.
321 key = unsuitable_type;
326 // Make a new instance given the type tag. We assume a generic
327 // `reference_type' means Object.
332 if (key == reference_type)
333 data.klass = &java::lang::Object::class$;
337 // Make a new instance given a class.
340 key = reference_type;
345 // Make a new instance given the name of a class.
346 type (_Jv_Utf8Const *n)
348 key = unresolved_reference_type;
361 // These operators are required because libgcj can't link in
363 void *operator new[] (size_t bytes)
365 return _Jv_Malloc (bytes);
368 void operator delete[] (void *mem)
373 type& operator= (type_val k)
381 type& operator= (const type& t)
389 // Promote a numeric type.
392 if (key == boolean_type || key == char_type
393 || key == byte_type || key == short_type)
398 // If *THIS is an unresolved reference type, resolve it.
399 void resolve (_Jv_BytecodeVerifier *verifier)
401 if (key != unresolved_reference_type
402 && key != uninitialized_unresolved_reference_type)
405 using namespace java::lang;
406 java::lang::ClassLoader *loader
407 = verifier->current_class->getClassLoader();
408 // We might see either kind of name. Sigh.
409 if (data.name->data[0] == 'L'
410 && data.name->data[data.name->length - 1] == ';')
411 data.klass = _Jv_FindClassFromSignature (data.name->data, loader);
413 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name),
415 key = (key == unresolved_reference_type
417 : uninitialized_reference_type);
420 // Mark this type as the uninitialized result of `new'.
421 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier)
423 if (key == reference_type)
424 key = uninitialized_reference_type;
425 else if (key == unresolved_reference_type)
426 key = uninitialized_unresolved_reference_type;
428 verifier->verify_fail ("internal error in type::uninitialized");
432 // Mark this type as now initialized.
433 void set_initialized (int npc)
435 if (npc != UNINIT && pc == npc
436 && (key == uninitialized_reference_type
437 || key == uninitialized_unresolved_reference_type))
439 key = (key == uninitialized_reference_type
441 : unresolved_reference_type);
447 // Return true if an object of type K can be assigned to a variable
448 // of type *THIS. Handle various special cases too. Might modify
449 // *THIS or K. Note however that this does not perform numeric
451 bool compatible (type &k, _Jv_BytecodeVerifier *verifier)
453 // Any type is compatible with the unsuitable type.
454 if (key == unsuitable_type)
457 if (key < reference_type || k.key < reference_type)
460 // The `null' type is convertible to any reference type.
461 // FIXME: is this correct for THIS?
462 if (key == null_type || k.key == null_type)
465 // Any reference type is convertible to Object. This is a special
466 // case so we don't need to unnecessarily resolve a class.
467 if (key == reference_type
468 && data.klass == &java::lang::Object::class$)
471 // An initialized type and an uninitialized type are not
473 if (isinitialized () != k.isinitialized ())
476 // Two uninitialized objects are compatible if either:
477 // * The PCs are identical, or
478 // * One PC is UNINIT.
479 if (! isinitialized ())
481 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT)
485 // Two unresolved types are equal if their names are the same.
488 && _Jv_equalUtf8Consts (data.name, k.data.name))
491 // We must resolve both types and check assignability.
493 k.resolve (verifier);
494 return is_assignable_from_slow (data.klass, k.data.klass);
499 return key == void_type;
504 return key == long_type || key == double_type;
507 // Return number of stack or local variable slots taken by this
511 return iswide () ? 2 : 1;
514 bool isarray () const
516 // We treat null_type as not an array. This is ok based on the
517 // current uses of this method.
518 if (key == reference_type)
519 return data.klass->isArray ();
520 else if (key == unresolved_reference_type)
521 return data.name->data[0] == '[';
527 return key == null_type;
530 bool isinterface (_Jv_BytecodeVerifier *verifier)
533 if (key != reference_type)
535 return data.klass->isInterface ();
538 bool isabstract (_Jv_BytecodeVerifier *verifier)
541 if (key != reference_type)
543 using namespace java::lang::reflect;
544 return Modifier::isAbstract (data.klass->getModifiers ());
547 // Return the element type of an array.
548 type element_type (_Jv_BytecodeVerifier *verifier)
550 // FIXME: maybe should do string manipulation here.
552 if (key != reference_type)
553 verifier->verify_fail ("programmer error in type::element_type()", -1);
555 jclass k = data.klass->getComponentType ();
556 if (k->isPrimitive ())
557 return type (verifier->get_type_val_for_signature (k));
561 // Return the array type corresponding to an initialized
562 // reference. We could expand this to work for other kinds of
563 // types, but currently we don't need to.
564 type to_array (_Jv_BytecodeVerifier *verifier)
566 // Resolving isn't ideal, because it might force us to load
567 // another class, but it's easy. FIXME?
568 if (key == unresolved_reference_type)
571 if (key == reference_type)
572 return type (_Jv_GetArrayClass (data.klass,
573 data.klass->getClassLoader ()));
575 verifier->verify_fail ("internal error in type::to_array()");
578 bool isreference () const
580 return key >= reference_type;
588 bool isinitialized () const
590 return (key == reference_type
592 || key == unresolved_reference_type);
595 bool isresolved () const
597 return (key == reference_type
599 || key == uninitialized_reference_type);
602 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier)
604 // The way this is written, we don't need to check isarray().
605 if (key == reference_type)
607 jclass k = data.klass;
608 while (k->isArray () && ndims > 0)
610 k = k->getComponentType ();
616 // We know KEY == unresolved_reference_type.
617 char *p = data.name->data;
618 while (*p++ == '[' && ndims-- > 0)
623 verifier->verify_fail ("array type has fewer dimensions than required");
626 // Merge OLD_TYPE into this. On error throw exception.
627 bool merge (type& old_type, bool local_semantics,
628 _Jv_BytecodeVerifier *verifier)
630 bool changed = false;
631 bool refo = old_type.isreference ();
632 bool refn = isreference ();
635 if (old_type.key == null_type)
637 else if (key == null_type)
642 else if (isinitialized () != old_type.isinitialized ())
643 verifier->verify_fail ("merging initialized and uninitialized types");
646 if (! isinitialized ())
650 else if (old_type.pc == UNINIT)
652 else if (pc != old_type.pc)
653 verifier->verify_fail ("merging different uninitialized types");
657 && ! old_type.isresolved ()
658 && _Jv_equalUtf8Consts (data.name, old_type.data.name))
660 // Types are identical.
665 old_type.resolve (verifier);
667 jclass k = data.klass;
668 jclass oldk = old_type.data.klass;
671 while (k->isArray () && oldk->isArray ())
674 k = k->getComponentType ();
675 oldk = oldk->getComponentType ();
678 // This loop will end when we hit Object.
681 if (is_assignable_from_slow (k, oldk))
683 k = k->getSuperclass ();
689 while (arraycount > 0)
691 java::lang::ClassLoader *loader
692 = verifier->current_class->getClassLoader();
693 k = _Jv_GetArrayClass (k, loader);
701 else if (refo || refn || key != old_type.key)
705 // If we're merging into an "unused" slot, then we
706 // simply accept whatever we're merging from.
707 if (key == unused_by_subroutine_type)
712 else if (old_type.key == unused_by_subroutine_type)
716 // If we already have an `unsuitable' type, then we
717 // don't need to change again.
718 else if (key != unsuitable_type)
720 key = unsuitable_type;
725 verifier->verify_fail ("unmergeable type");
731 void print (void) const
736 case boolean_type: c = 'Z'; break;
737 case byte_type: c = 'B'; break;
738 case char_type: c = 'C'; break;
739 case short_type: c = 'S'; break;
740 case int_type: c = 'I'; break;
741 case long_type: c = 'J'; break;
742 case float_type: c = 'F'; break;
743 case double_type: c = 'D'; break;
744 case void_type: c = 'V'; break;
745 case unsuitable_type: c = '-'; break;
746 case return_address_type: c = 'r'; break;
747 case continuation_type: c = '+'; break;
748 case unused_by_subroutine_type: c = '_'; break;
749 case reference_type: c = 'L'; break;
750 case null_type: c = '@'; break;
751 case unresolved_reference_type: c = 'l'; break;
752 case uninitialized_reference_type: c = 'U'; break;
753 case uninitialized_unresolved_reference_type: c = 'u'; break;
755 debug_print ("%c", c);
757 #endif /* VERIFY_DEBUG */
760 // This class holds all the state information we need for a given
764 // Current top of stack.
766 // Current stack depth. This is like the top of stack but it
767 // includes wide variable information.
771 // The local variables.
773 // This is used in subroutines to keep track of which local
774 // variables have been accessed.
776 // If not 0, then we are in a subroutine. The value is the PC of
777 // the subroutine's entry point. We can use 0 as an exceptional
778 // value because PC=0 can never be a subroutine.
780 // This is used to keep a linked list of all the states which
781 // require re-verification. We use the PC to keep track.
783 // We keep track of the type of `this' specially. This is used to
784 // ensure that an instance initializer invokes another initializer
785 // on `this' before returning. We must keep track of this
786 // specially because otherwise we might be confused by code which
787 // assigns to locals[0] (overwriting `this') and then returns
788 // without really initializing.
791 // INVALID marks a state which is not on the linked list of states
792 // requiring reverification.
793 static const int INVALID = -1;
794 // NO_NEXT marks the state at the end of the reverification list.
795 static const int NO_NEXT = -2;
802 local_changed = NULL;
805 state (int max_stack, int max_locals)
810 stack = new type[max_stack];
811 for (int i = 0; i < max_stack; ++i)
812 stack[i] = unsuitable_type;
813 locals = new type[max_locals];
814 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
815 for (int i = 0; i < max_locals; ++i)
817 locals[i] = unsuitable_type;
818 local_changed[i] = false;
824 state (const state *orig, int max_stack, int max_locals,
825 bool ret_semantics = false)
827 stack = new type[max_stack];
828 locals = new type[max_locals];
829 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals);
830 copy (orig, max_stack, max_locals, ret_semantics);
841 _Jv_Free (local_changed);
844 void *operator new[] (size_t bytes)
846 return _Jv_Malloc (bytes);
849 void operator delete[] (void *mem)
854 void *operator new (size_t bytes)
856 return _Jv_Malloc (bytes);
859 void operator delete (void *mem)
864 void copy (const state *copy, int max_stack, int max_locals,
865 bool ret_semantics = false)
867 stacktop = copy->stacktop;
868 stackdepth = copy->stackdepth;
869 subroutine = copy->subroutine;
870 for (int i = 0; i < max_stack; ++i)
871 stack[i] = copy->stack[i];
872 for (int i = 0; i < max_locals; ++i)
874 // See push_jump_merge to understand this case.
876 locals[i] = type (copy->local_changed[i]
878 : unused_by_subroutine_type);
880 locals[i] = copy->locals[i];
881 local_changed[i] = copy->local_changed[i];
883 this_type = copy->this_type;
884 // Don't modify `next'.
887 // Modify this state to reflect entry to an exception handler.
888 void set_exception (type t, int max_stack)
893 for (int i = stacktop; i < max_stack; ++i)
894 stack[i] = unsuitable_type;
896 // FIXME: subroutine handling?
899 // Modify this state to reflect entry into a subroutine.
900 void enter_subroutine (int npc, int max_locals)
903 // Mark all items as unchanged. Each subroutine needs to keep
904 // track of its `changed' state independently. In the case of
905 // nested subroutines, this information will be merged back into
906 // parent by the `ret'.
907 for (int i = 0; i < max_locals; ++i)
908 local_changed[i] = false;
911 // Merge STATE_OLD into this state. Destructively modifies this
912 // state. Returns true if the new state was in fact changed.
913 // Will throw an exception if the states are not mergeable.
914 bool merge (state *state_old, bool ret_semantics,
915 int max_locals, _Jv_BytecodeVerifier *verifier)
917 bool changed = false;
919 // Special handling for `this'. If one or the other is
920 // uninitialized, then the merge is uninitialized.
921 if (this_type.isinitialized ())
922 this_type = state_old->this_type;
924 // Merge subroutine states. Here we just keep track of what
925 // subroutine we think we're in. We only check for a merge
926 // (which is invalid) when we see a `ret'.
927 if (subroutine == state_old->subroutine)
931 else if (subroutine == 0)
933 subroutine = state_old->subroutine;
938 // If the subroutines differ, indicate that the state
939 // changed. This is needed to detect when subroutines have
945 if (state_old->stacktop != stacktop)
946 verifier->verify_fail ("stack sizes differ");
947 for (int i = 0; i < state_old->stacktop; ++i)
949 if (stack[i].merge (state_old->stack[i], false, verifier))
953 // Merge local variables.
954 for (int i = 0; i < max_locals; ++i)
956 // If we're not processing a `ret', then we merge every
957 // local variable. If we are processing a `ret', then we
958 // only merge locals which changed in the subroutine. When
959 // processing a `ret', STATE_OLD is the state at the point
960 // of the `ret', and THIS is the state just after the `jsr'.
961 if (! ret_semantics || state_old->local_changed[i])
963 if (locals[i].merge (state_old->locals[i], true, verifier))
970 // If we're in a subroutine, we must compute the union of
971 // all the changed local variables.
972 if (state_old->local_changed[i])
979 // Throw an exception if there is an uninitialized object on the
980 // stack or in a local variable. EXCEPTION_SEMANTICS controls
981 // whether we're using backwards-branch or exception-handing
983 void check_no_uninitialized_objects (int max_locals,
984 _Jv_BytecodeVerifier *verifier,
985 bool exception_semantics = false)
987 if (! exception_semantics)
989 for (int i = 0; i < stacktop; ++i)
990 if (stack[i].isreference () && ! stack[i].isinitialized ())
991 verifier->verify_fail ("uninitialized object on stack");
994 for (int i = 0; i < max_locals; ++i)
995 if (locals[i].isreference () && ! locals[i].isinitialized ())
996 verifier->verify_fail ("uninitialized object in local variable");
998 check_this_initialized (verifier);
1001 // Ensure that `this' has been initialized.
1002 void check_this_initialized (_Jv_BytecodeVerifier *verifier)
1004 if (this_type.isreference () && ! this_type.isinitialized ())
1005 verifier->verify_fail ("`this' is uninitialized");
1008 // Set type of `this'.
1009 void set_this_type (const type &k)
1014 // Note that a local variable was modified.
1015 void note_variable (int index)
1018 local_changed[index] = true;
1021 // Mark each `new'd object we know of that was allocated at PC as
1023 void set_initialized (int pc, int max_locals)
1025 for (int i = 0; i < stacktop; ++i)
1026 stack[i].set_initialized (pc);
1027 for (int i = 0; i < max_locals; ++i)
1028 locals[i].set_initialized (pc);
1029 this_type.set_initialized (pc);
1032 // Return true if this state is the unmerged result of a `ret'.
1033 bool is_unmerged_ret_state (int max_locals) const
1035 for (int i = 0; i < max_locals; ++i)
1037 if (locals[i].key == unused_by_subroutine_type)
1044 void print (const char *leader, int pc,
1045 int max_stack, int max_locals) const
1047 debug_print ("%s [%4d]: [stack] ", leader, pc);
1049 for (i = 0; i < stacktop; ++i)
1051 for (; i < max_stack; ++i)
1053 debug_print (" [local] ");
1054 for (i = 0; i < max_locals; ++i)
1056 if (subroutine == 0)
1057 debug_print (" | None");
1059 debug_print (" | %4d", subroutine);
1060 debug_print (" | %p\n", this);
1063 inline void print (const char *, int, int, int) const
1066 #endif /* VERIFY_DEBUG */
1071 if (current_state->stacktop <= 0)
1072 verify_fail ("stack empty");
1073 type r = current_state->stack[--current_state->stacktop];
1074 current_state->stackdepth -= r.depth ();
1075 if (current_state->stackdepth < 0)
1076 verify_fail ("stack empty", start_PC);
1082 type r = pop_raw ();
1084 verify_fail ("narrow pop of wide type");
1090 type r = pop_raw ();
1092 verify_fail ("wide pop of narrow type");
1096 type pop_type (type match)
1099 type t = pop_raw ();
1100 if (! match.compatible (t, this))
1101 verify_fail ("incompatible type on stack");
1105 // Pop a reference type or a return address.
1106 type pop_ref_or_return ()
1108 type t = pop_raw ();
1109 if (! t.isreference () && t.key != return_address_type)
1110 verify_fail ("expected reference or return address on stack");
1114 void push_type (type t)
1116 // If T is a numeric type like short, promote it to int.
1119 int depth = t.depth ();
1120 if (current_state->stackdepth + depth > current_method->max_stack)
1121 verify_fail ("stack overflow");
1122 current_state->stack[current_state->stacktop++] = t;
1123 current_state->stackdepth += depth;
1126 void set_variable (int index, type t)
1128 // If T is a numeric type like short, promote it to int.
1131 int depth = t.depth ();
1132 if (index > current_method->max_locals - depth)
1133 verify_fail ("invalid local variable");
1134 current_state->locals[index] = t;
1135 current_state->note_variable (index);
1139 current_state->locals[index + 1] = continuation_type;
1140 current_state->note_variable (index + 1);
1142 if (index > 0 && current_state->locals[index - 1].iswide ())
1144 current_state->locals[index - 1] = unsuitable_type;
1145 // There's no need to call note_variable here.
1149 type get_variable (int index, type t)
1151 int depth = t.depth ();
1152 if (index > current_method->max_locals - depth)
1153 verify_fail ("invalid local variable");
1154 if (! t.compatible (current_state->locals[index], this))
1155 verify_fail ("incompatible type in local variable");
1158 type t (continuation_type);
1159 if (! current_state->locals[index + 1].compatible (t, this))
1160 verify_fail ("invalid local variable");
1162 return current_state->locals[index];
1165 // Make sure ARRAY is an array type and that its elements are
1166 // compatible with type ELEMENT. Returns the actual element type.
1167 type require_array_type (type array, type element)
1169 // An odd case. Here we just pretend that everything went ok.
1170 if (array.isnull ())
1173 if (! array.isarray ())
1174 verify_fail ("array required");
1176 type t = array.element_type (this);
1177 if (! element.compatible (t, this))
1179 // Special case for byte arrays, which must also be boolean
1182 if (element.key == byte_type)
1184 type e2 (boolean_type);
1185 ok = e2.compatible (t, this);
1188 verify_fail ("incompatible array element type");
1191 // Return T and not ELEMENT, because T might be specialized.
1197 if (PC >= current_method->code_length)
1198 verify_fail ("premature end of bytecode");
1199 return (jint) bytecode[PC++] & 0xff;
1204 jint b1 = get_byte ();
1205 jint b2 = get_byte ();
1206 return (jint) ((b1 << 8) | b2) & 0xffff;
1211 jint b1 = get_byte ();
1212 jint b2 = get_byte ();
1213 jshort s = (b1 << 8) | b2;
1219 jint b1 = get_byte ();
1220 jint b2 = get_byte ();
1221 jint b3 = get_byte ();
1222 jint b4 = get_byte ();
1223 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4;
1226 int compute_jump (int offset)
1228 int npc = start_PC + offset;
1229 if (npc < 0 || npc >= current_method->code_length)
1230 verify_fail ("branch out of range", start_PC);
1234 // Merge the indicated state into the state at the branch target and
1235 // schedule a new PC if there is a change. If RET_SEMANTICS is
1236 // true, then we are merging from a `ret' instruction into the
1237 // instruction after a `jsr'. This is a special case with its own
1238 // modified semantics.
1239 void push_jump_merge (int npc, state *nstate, bool ret_semantics = false)
1241 bool changed = true;
1242 if (states[npc] == NULL)
1244 // There's a weird situation here. If are examining the
1245 // branch that results from a `ret', and there is not yet a
1246 // state available at the branch target (the instruction just
1247 // after the `jsr'), then we have to construct a special kind
1248 // of state at that point for future merging. This special
1249 // state has the type `unused_by_subroutine_type' in each slot
1250 // which was not modified by the subroutine.
1251 states[npc] = new state (nstate, current_method->max_stack,
1252 current_method->max_locals, ret_semantics);
1253 debug_print ("== New state in push_jump_merge\n");
1254 states[npc]->print ("New", npc, current_method->max_stack,
1255 current_method->max_locals);
1259 debug_print ("== Merge states in push_jump_merge\n");
1260 nstate->print ("Frm", start_PC, current_method->max_stack,
1261 current_method->max_locals);
1262 states[npc]->print (" To", npc, current_method->max_stack,
1263 current_method->max_locals);
1264 changed = states[npc]->merge (nstate, ret_semantics,
1265 current_method->max_locals, this);
1266 states[npc]->print ("New", npc, current_method->max_stack,
1267 current_method->max_locals);
1270 if (changed && states[npc]->next == state::INVALID)
1272 // The merge changed the state, and the new PC isn't yet on our
1273 // list of PCs to re-verify.
1274 states[npc]->next = next_verify_pc;
1275 next_verify_pc = npc;
1279 void push_jump (int offset)
1281 int npc = compute_jump (offset);
1283 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1284 push_jump_merge (npc, current_state);
1287 void push_exception_jump (type t, int pc)
1289 current_state->check_no_uninitialized_objects (current_method->max_locals,
1291 state s (current_state, current_method->max_stack,
1292 current_method->max_locals);
1293 if (current_method->max_stack < 1)
1294 verify_fail ("stack overflow at exception handler");
1295 s.set_exception (t, current_method->max_stack);
1296 push_jump_merge (pc, &s);
1301 int *prev_loc = &next_verify_pc;
1302 int npc = next_verify_pc;
1303 bool skipped = false;
1305 while (npc != state::NO_NEXT)
1307 // If the next available PC is an unmerged `ret' state, then
1308 // we aren't yet ready to handle it. That's because we would
1309 // need all kind of special cases to do so. So instead we
1310 // defer this jump until after we've processed it via a
1311 // fall-through. This has to happen because the instruction
1312 // before this one must be a `jsr'.
1313 if (! states[npc]->is_unmerged_ret_state (current_method->max_locals))
1315 *prev_loc = states[npc]->next;
1316 states[npc]->next = state::INVALID;
1321 prev_loc = &states[npc]->next;
1322 npc = states[npc]->next;
1325 // If we've skipped states and there is nothing else, that's a
1328 verify_fail ("pop_jump: can't happen");
1329 return state::NO_NEXT;
1332 void invalidate_pc ()
1334 PC = state::NO_NEXT;
1337 void note_branch_target (int pc, bool is_jsr_target = false)
1339 // Don't check `pc <= PC', because we've advanced PC after
1340 // fetching the target and we haven't yet checked the next
1342 if (pc < PC && ! (flags[pc] & FLAG_INSN_START))
1343 verify_fail ("branch not to instruction start", start_PC);
1344 flags[pc] |= FLAG_BRANCH_TARGET;
1347 // Record the jsr which called this instruction.
1348 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info));
1350 info->next = jsr_ptrs[pc];
1351 jsr_ptrs[pc] = info;
1355 void skip_padding ()
1357 while ((PC % 4) > 0)
1358 if (get_byte () != 0)
1359 verify_fail ("found nonzero padding byte");
1362 // Return the subroutine to which the instruction at PC belongs.
1363 int get_subroutine (int pc)
1365 if (states[pc] == NULL)
1367 return states[pc]->subroutine;
1370 // Do the work for a `ret' instruction. INDEX is the index into the
1372 void handle_ret_insn (int index)
1374 get_variable (index, return_address_type);
1376 int csub = current_state->subroutine;
1378 verify_fail ("no subroutine");
1380 // Check to see if we've merged subroutines.
1381 subr_entry_info *entry;
1382 for (entry = entry_points; entry != NULL; entry = entry->next)
1384 if (entry->ret_pc == start_PC)
1389 entry = (subr_entry_info *) _Jv_Malloc (sizeof (subr_entry_info));
1391 entry->ret_pc = start_PC;
1392 entry->next = entry_points;
1393 entry_points = entry;
1395 else if (entry->pc != csub)
1396 verify_fail ("subroutines merged");
1398 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next)
1400 // Temporarily modify the current state so it looks like we're
1401 // in the enclosing context.
1402 current_state->subroutine = get_subroutine (subr->pc);
1404 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1405 push_jump_merge (subr->pc, current_state, true);
1408 current_state->subroutine = csub;
1412 // We're in the subroutine SUB, calling a subroutine at DEST. Make
1413 // sure this subroutine isn't already on the stack.
1414 void check_nonrecursive_call (int sub, int dest)
1419 verify_fail ("recursive subroutine call");
1420 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next)
1421 check_nonrecursive_call (get_subroutine (info->pc), dest);
1424 void handle_jsr_insn (int offset)
1426 int npc = compute_jump (offset);
1429 current_state->check_no_uninitialized_objects (current_method->max_locals, this);
1430 check_nonrecursive_call (current_state->subroutine, npc);
1432 // Create a new state and modify it as appropriate for entry into
1433 // a subroutine. We're writing this in a weird way because,
1434 // unfortunately, push_type only works on the current state.
1435 push_type (return_address_type);
1436 push_jump_merge (npc, current_state);
1437 // Clean up the weirdness.
1438 pop_type (return_address_type);
1440 // On entry to the subroutine, the subroutine number must be set
1441 // and the locals must be marked as cleared. We do this after
1442 // merging state so that we don't erroneously "notice" a variable
1443 // change merely on entry.
1444 states[npc]->enter_subroutine (npc, current_method->max_locals);
1447 jclass construct_primitive_array_type (type_val prim)
1453 k = JvPrimClass (boolean);
1456 k = JvPrimClass (char);
1459 k = JvPrimClass (float);
1462 k = JvPrimClass (double);
1465 k = JvPrimClass (byte);
1468 k = JvPrimClass (short);
1471 k = JvPrimClass (int);
1474 k = JvPrimClass (long);
1477 verify_fail ("unknown type in construct_primitive_array_type");
1479 k = _Jv_GetArrayClass (k, NULL);
1483 // This pass computes the location of branch targets and also
1484 // instruction starts.
1485 void branch_prepass ()
1487 flags = (char *) _Jv_Malloc (current_method->code_length);
1488 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *)
1489 * current_method->code_length);
1491 for (int i = 0; i < current_method->code_length; ++i)
1497 bool last_was_jsr = false;
1500 while (PC < current_method->code_length)
1502 // Set `start_PC' early so that error checking can have the
1505 flags[PC] |= FLAG_INSN_START;
1507 // If the previous instruction was a jsr, then the next
1508 // instruction is a branch target -- the branch being the
1509 // corresponding `ret'.
1511 note_branch_target (PC);
1512 last_was_jsr = false;
1514 java_opcode opcode = (java_opcode) bytecode[PC++];
1518 case op_aconst_null:
1654 case op_monitorenter:
1655 case op_monitorexit:
1663 case op_arraylength:
1695 case op_invokespecial:
1696 case op_invokestatic:
1697 case op_invokevirtual:
1701 case op_multianewarray:
1707 last_was_jsr = true;
1726 note_branch_target (compute_jump (get_short ()), last_was_jsr);
1729 case op_tableswitch:
1732 note_branch_target (compute_jump (get_int ()));
1733 jint low = get_int ();
1734 jint hi = get_int ();
1736 verify_fail ("invalid tableswitch", start_PC);
1737 for (int i = low; i <= hi; ++i)
1738 note_branch_target (compute_jump (get_int ()));
1742 case op_lookupswitch:
1745 note_branch_target (compute_jump (get_int ()));
1746 int npairs = get_int ();
1748 verify_fail ("too few pairs in lookupswitch", start_PC);
1749 while (npairs-- > 0)
1752 note_branch_target (compute_jump (get_int ()));
1757 case op_invokeinterface:
1765 opcode = (java_opcode) get_byte ();
1767 if (opcode == op_iinc)
1773 last_was_jsr = true;
1776 note_branch_target (compute_jump (get_int ()), last_was_jsr);
1780 verify_fail ("unrecognized instruction in branch_prepass",
1784 // See if any previous branch tried to branch to the middle of
1785 // this instruction.
1786 for (int pc = start_PC + 1; pc < PC; ++pc)
1788 if ((flags[pc] & FLAG_BRANCH_TARGET))
1789 verify_fail ("branch to middle of instruction", pc);
1793 // Verify exception handlers.
1794 for (int i = 0; i < current_method->exc_count; ++i)
1796 if (! (flags[exception[i].handler_pc] & FLAG_INSN_START))
1797 verify_fail ("exception handler not at instruction start",
1798 exception[i].handler_pc);
1799 if (! (flags[exception[i].start_pc] & FLAG_INSN_START))
1800 verify_fail ("exception start not at instruction start",
1801 exception[i].start_pc);
1802 if (exception[i].end_pc != current_method->code_length
1803 && ! (flags[exception[i].end_pc] & FLAG_INSN_START))
1804 verify_fail ("exception end not at instruction start",
1805 exception[i].end_pc);
1807 flags[exception[i].handler_pc] |= FLAG_BRANCH_TARGET;
1811 void check_pool_index (int index)
1813 if (index < 0 || index >= current_class->constants.size)
1814 verify_fail ("constant pool index out of range", start_PC);
1817 type check_class_constant (int index)
1819 check_pool_index (index);
1820 _Jv_Constants *pool = ¤t_class->constants;
1821 if (pool->tags[index] == JV_CONSTANT_ResolvedClass)
1822 return type (pool->data[index].clazz);
1823 else if (pool->tags[index] == JV_CONSTANT_Class)
1824 return type (pool->data[index].utf8);
1825 verify_fail ("expected class constant", start_PC);
1828 type check_constant (int index)
1830 check_pool_index (index);
1831 _Jv_Constants *pool = ¤t_class->constants;
1832 if (pool->tags[index] == JV_CONSTANT_ResolvedString
1833 || pool->tags[index] == JV_CONSTANT_String)
1834 return type (&java::lang::String::class$);
1835 else if (pool->tags[index] == JV_CONSTANT_Integer)
1836 return type (int_type);
1837 else if (pool->tags[index] == JV_CONSTANT_Float)
1838 return type (float_type);
1839 verify_fail ("String, int, or float constant expected", start_PC);
1842 type check_wide_constant (int index)
1844 check_pool_index (index);
1845 _Jv_Constants *pool = ¤t_class->constants;
1846 if (pool->tags[index] == JV_CONSTANT_Long)
1847 return type (long_type);
1848 else if (pool->tags[index] == JV_CONSTANT_Double)
1849 return type (double_type);
1850 verify_fail ("long or double constant expected", start_PC);
1853 // Helper for both field and method. These are laid out the same in
1854 // the constant pool.
1855 type handle_field_or_method (int index, int expected,
1856 _Jv_Utf8Const **name,
1857 _Jv_Utf8Const **fmtype)
1859 check_pool_index (index);
1860 _Jv_Constants *pool = ¤t_class->constants;
1861 if (pool->tags[index] != expected)
1862 verify_fail ("didn't see expected constant", start_PC);
1863 // Once we know we have a Fieldref or Methodref we assume that it
1864 // is correctly laid out in the constant pool. I think the code
1865 // in defineclass.cc guarantees this.
1866 _Jv_ushort class_index, name_and_type_index;
1867 _Jv_loadIndexes (&pool->data[index],
1869 name_and_type_index);
1870 _Jv_ushort name_index, desc_index;
1871 _Jv_loadIndexes (&pool->data[name_and_type_index],
1872 name_index, desc_index);
1874 *name = pool->data[name_index].utf8;
1875 *fmtype = pool->data[desc_index].utf8;
1877 return check_class_constant (class_index);
1880 // Return field's type, compute class' type if requested.
1881 type check_field_constant (int index, type *class_type = NULL)
1883 _Jv_Utf8Const *name, *field_type;
1884 type ct = handle_field_or_method (index,
1885 JV_CONSTANT_Fieldref,
1886 &name, &field_type);
1889 if (field_type->data[0] == '[' || field_type->data[0] == 'L')
1890 return type (field_type);
1891 return get_type_val_for_signature (field_type->data[0]);
1894 type check_method_constant (int index, bool is_interface,
1895 _Jv_Utf8Const **method_name,
1896 _Jv_Utf8Const **method_signature)
1898 return handle_field_or_method (index,
1900 ? JV_CONSTANT_InterfaceMethodref
1901 : JV_CONSTANT_Methodref),
1902 method_name, method_signature);
1905 type get_one_type (char *&p)
1923 _Jv_Utf8Const *name = make_utf8_const (start, p - start);
1927 // Casting to jchar here is ok since we are looking at an ASCII
1929 type_val rt = get_type_val_for_signature (jchar (v));
1931 if (arraycount == 0)
1933 // Callers of this function eventually push their arguments on
1934 // the stack. So, promote them here.
1935 return type (rt).promote ();
1938 jclass k = construct_primitive_array_type (rt);
1939 while (--arraycount > 0)
1940 k = _Jv_GetArrayClass (k, NULL);
1944 void compute_argument_types (_Jv_Utf8Const *signature,
1947 char *p = signature->data;
1953 types[i++] = get_one_type (p);
1956 type compute_return_type (_Jv_Utf8Const *signature)
1958 char *p = signature->data;
1962 return get_one_type (p);
1965 void check_return_type (type onstack)
1967 type rt = compute_return_type (current_method->self->signature);
1968 if (! rt.compatible (onstack, this))
1969 verify_fail ("incompatible return type");
1972 // Initialize the stack for the new method. Returns true if this
1973 // method is an instance initializer.
1974 bool initialize_stack ()
1977 bool is_init = false;
1979 using namespace java::lang::reflect;
1980 if (! Modifier::isStatic (current_method->self->accflags))
1982 type kurr (current_class);
1983 if (_Jv_equalUtf8Consts (current_method->self->name, gcj::init_name))
1985 kurr.set_uninitialized (type::SELF, this);
1988 set_variable (0, kurr);
1989 current_state->set_this_type (kurr);
1993 // We have to handle wide arguments specially here.
1994 int arg_count = _Jv_count_arguments (current_method->self->signature);
1995 type arg_types[arg_count];
1996 compute_argument_types (current_method->self->signature, arg_types);
1997 for (int i = 0; i < arg_count; ++i)
1999 set_variable (var, arg_types[i]);
2001 if (arg_types[i].iswide ())
2008 void verify_instructions_0 ()
2010 current_state = new state (current_method->max_stack,
2011 current_method->max_locals);
2016 // True if we are verifying an instance initializer.
2017 bool this_is_init = initialize_stack ();
2019 states = (state **) _Jv_Malloc (sizeof (state *)
2020 * current_method->code_length);
2021 for (int i = 0; i < current_method->code_length; ++i)
2024 next_verify_pc = state::NO_NEXT;
2028 // If the PC was invalidated, get a new one from the work list.
2029 if (PC == state::NO_NEXT)
2032 if (PC == state::INVALID)
2033 verify_fail ("can't happen: saw state::INVALID");
2034 if (PC == state::NO_NEXT)
2036 // Set up the current state.
2037 current_state->copy (states[PC], current_method->max_stack,
2038 current_method->max_locals);
2042 // Control can't fall off the end of the bytecode. We
2043 // only need to check this in the fall-through case,
2044 // because branch bounds are checked when they are
2046 if (PC >= current_method->code_length)
2047 verify_fail ("fell off end");
2049 // We only have to do this checking in the situation where
2050 // control flow falls through from the previous
2051 // instruction. Otherwise merging is done at the time we
2053 if (states[PC] != NULL)
2055 // We've already visited this instruction. So merge
2056 // the states together. If this yields no change then
2057 // we don't have to re-verify. However, if the new
2058 // state is an the result of an unmerged `ret', we
2059 // must continue through it.
2060 debug_print ("== Fall through merge\n");
2061 states[PC]->print ("Old", PC, current_method->max_stack,
2062 current_method->max_locals);
2063 current_state->print ("Cur", PC, current_method->max_stack,
2064 current_method->max_locals);
2065 if (! current_state->merge (states[PC], false,
2066 current_method->max_locals, this)
2067 && ! states[PC]->is_unmerged_ret_state (current_method->max_locals))
2069 debug_print ("== Fall through optimization\n");
2073 // Save a copy of it for later.
2074 states[PC]->copy (current_state, current_method->max_stack,
2075 current_method->max_locals);
2076 current_state->print ("New", PC, current_method->max_stack,
2077 current_method->max_locals);
2081 // We only have to keep saved state at branch targets. If
2082 // we're at a branch target and the state here hasn't been set
2083 // yet, we set it now.
2084 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET))
2086 states[PC] = new state (current_state, current_method->max_stack,
2087 current_method->max_locals);
2090 // Set this before handling exceptions so that debug output is
2094 // Update states for all active exception handlers. Ordinarily
2095 // there are not many exception handlers. So we simply run
2096 // through them all.
2097 for (int i = 0; i < current_method->exc_count; ++i)
2099 if (PC >= exception[i].start_pc && PC < exception[i].end_pc)
2101 type handler (&java::lang::Throwable::class$);
2102 if (exception[i].handler_type != 0)
2103 handler = check_class_constant (exception[i].handler_type);
2104 push_exception_jump (handler, exception[i].handler_pc);
2108 current_state->print (" ", PC, current_method->max_stack,
2109 current_method->max_locals);
2110 java_opcode opcode = (java_opcode) bytecode[PC++];
2116 case op_aconst_null:
2117 push_type (null_type);
2127 push_type (int_type);
2132 push_type (long_type);
2138 push_type (float_type);
2143 push_type (double_type);
2148 push_type (int_type);
2153 push_type (int_type);
2157 push_type (check_constant (get_byte ()));
2160 push_type (check_constant (get_ushort ()));
2163 push_type (check_wide_constant (get_ushort ()));
2167 push_type (get_variable (get_byte (), int_type));
2170 push_type (get_variable (get_byte (), long_type));
2173 push_type (get_variable (get_byte (), float_type));
2176 push_type (get_variable (get_byte (), double_type));
2179 push_type (get_variable (get_byte (), reference_type));
2186 push_type (get_variable (opcode - op_iload_0, int_type));
2192 push_type (get_variable (opcode - op_lload_0, long_type));
2198 push_type (get_variable (opcode - op_fload_0, float_type));
2204 push_type (get_variable (opcode - op_dload_0, double_type));
2210 push_type (get_variable (opcode - op_aload_0, reference_type));
2213 pop_type (int_type);
2214 push_type (require_array_type (pop_type (reference_type),
2218 pop_type (int_type);
2219 push_type (require_array_type (pop_type (reference_type),
2223 pop_type (int_type);
2224 push_type (require_array_type (pop_type (reference_type),
2228 pop_type (int_type);
2229 push_type (require_array_type (pop_type (reference_type),
2233 pop_type (int_type);
2234 push_type (require_array_type (pop_type (reference_type),
2238 pop_type (int_type);
2239 require_array_type (pop_type (reference_type), byte_type);
2240 push_type (int_type);
2243 pop_type (int_type);
2244 require_array_type (pop_type (reference_type), char_type);
2245 push_type (int_type);
2248 pop_type (int_type);
2249 require_array_type (pop_type (reference_type), short_type);
2250 push_type (int_type);
2253 set_variable (get_byte (), pop_type (int_type));
2256 set_variable (get_byte (), pop_type (long_type));
2259 set_variable (get_byte (), pop_type (float_type));
2262 set_variable (get_byte (), pop_type (double_type));
2265 set_variable (get_byte (), pop_ref_or_return ());
2271 set_variable (opcode - op_istore_0, pop_type (int_type));
2277 set_variable (opcode - op_lstore_0, pop_type (long_type));
2283 set_variable (opcode - op_fstore_0, pop_type (float_type));
2289 set_variable (opcode - op_dstore_0, pop_type (double_type));
2295 set_variable (opcode - op_astore_0, pop_ref_or_return ());
2298 pop_type (int_type);
2299 pop_type (int_type);
2300 require_array_type (pop_type (reference_type), int_type);
2303 pop_type (long_type);
2304 pop_type (int_type);
2305 require_array_type (pop_type (reference_type), long_type);
2308 pop_type (float_type);
2309 pop_type (int_type);
2310 require_array_type (pop_type (reference_type), float_type);
2313 pop_type (double_type);
2314 pop_type (int_type);
2315 require_array_type (pop_type (reference_type), double_type);
2318 pop_type (reference_type);
2319 pop_type (int_type);
2320 require_array_type (pop_type (reference_type), reference_type);
2323 pop_type (int_type);
2324 pop_type (int_type);
2325 require_array_type (pop_type (reference_type), byte_type);
2328 pop_type (int_type);
2329 pop_type (int_type);
2330 require_array_type (pop_type (reference_type), char_type);
2333 pop_type (int_type);
2334 pop_type (int_type);
2335 require_array_type (pop_type (reference_type), short_type);
2362 type t2 = pop_raw ();
2377 type t = pop_raw ();
2392 type t1 = pop_raw ();
2409 type t1 = pop_raw ();
2412 type t2 = pop_raw ();
2430 type t3 = pop_raw ();
2468 pop_type (int_type);
2469 push_type (pop_type (int_type));
2479 pop_type (long_type);
2480 push_type (pop_type (long_type));
2485 pop_type (int_type);
2486 push_type (pop_type (long_type));
2493 pop_type (float_type);
2494 push_type (pop_type (float_type));
2501 pop_type (double_type);
2502 push_type (pop_type (double_type));
2508 push_type (pop_type (int_type));
2511 push_type (pop_type (long_type));
2514 push_type (pop_type (float_type));
2517 push_type (pop_type (double_type));
2520 get_variable (get_byte (), int_type);
2524 pop_type (int_type);
2525 push_type (long_type);
2528 pop_type (int_type);
2529 push_type (float_type);
2532 pop_type (int_type);
2533 push_type (double_type);
2536 pop_type (long_type);
2537 push_type (int_type);
2540 pop_type (long_type);
2541 push_type (float_type);
2544 pop_type (long_type);
2545 push_type (double_type);
2548 pop_type (float_type);
2549 push_type (int_type);
2552 pop_type (float_type);
2553 push_type (long_type);
2556 pop_type (float_type);
2557 push_type (double_type);
2560 pop_type (double_type);
2561 push_type (int_type);
2564 pop_type (double_type);
2565 push_type (long_type);
2568 pop_type (double_type);
2569 push_type (float_type);
2572 pop_type (long_type);
2573 pop_type (long_type);
2574 push_type (int_type);
2578 pop_type (float_type);
2579 pop_type (float_type);
2580 push_type (int_type);
2584 pop_type (double_type);
2585 pop_type (double_type);
2586 push_type (int_type);
2594 pop_type (int_type);
2595 push_jump (get_short ());
2603 pop_type (int_type);
2604 pop_type (int_type);
2605 push_jump (get_short ());
2609 pop_type (reference_type);
2610 pop_type (reference_type);
2611 push_jump (get_short ());
2614 push_jump (get_short ());
2618 handle_jsr_insn (get_short ());
2621 handle_ret_insn (get_byte ());
2623 case op_tableswitch:
2625 pop_type (int_type);
2627 push_jump (get_int ());
2628 jint low = get_int ();
2629 jint high = get_int ();
2630 // Already checked LOW -vs- HIGH.
2631 for (int i = low; i <= high; ++i)
2632 push_jump (get_int ());
2637 case op_lookupswitch:
2639 pop_type (int_type);
2641 push_jump (get_int ());
2642 jint npairs = get_int ();
2643 // Already checked NPAIRS >= 0.
2645 for (int i = 0; i < npairs; ++i)
2647 jint key = get_int ();
2648 if (i > 0 && key <= lastkey)
2649 verify_fail ("lookupswitch pairs unsorted", start_PC);
2651 push_jump (get_int ());
2657 check_return_type (pop_type (int_type));
2661 check_return_type (pop_type (long_type));
2665 check_return_type (pop_type (float_type));
2669 check_return_type (pop_type (double_type));
2673 check_return_type (pop_type (reference_type));
2677 // We only need to check this when the return type is
2678 // void, because all instance initializers return void.
2680 current_state->check_this_initialized (this);
2681 check_return_type (void_type);
2685 push_type (check_field_constant (get_ushort ()));
2688 pop_type (check_field_constant (get_ushort ()));
2693 type field = check_field_constant (get_ushort (), &klass);
2701 type field = check_field_constant (get_ushort (), &klass);
2704 // We have an obscure special case here: we can use
2705 // `putfield' on a field declared in this class, even if
2706 // `this' has not yet been initialized.
2707 if (! current_state->this_type.isinitialized ()
2708 && current_state->this_type.pc == type::SELF)
2709 klass.set_uninitialized (type::SELF, this);
2714 case op_invokevirtual:
2715 case op_invokespecial:
2716 case op_invokestatic:
2717 case op_invokeinterface:
2719 _Jv_Utf8Const *method_name, *method_signature;
2721 = check_method_constant (get_ushort (),
2722 opcode == op_invokeinterface,
2725 // NARGS is only used when we're processing
2726 // invokeinterface. It is simplest for us to compute it
2727 // here and then verify it later.
2729 if (opcode == op_invokeinterface)
2731 nargs = get_byte ();
2732 if (get_byte () != 0)
2733 verify_fail ("invokeinterface dummy byte is wrong");
2736 bool is_init = false;
2737 if (_Jv_equalUtf8Consts (method_name, gcj::init_name))
2740 if (opcode != op_invokespecial)
2741 verify_fail ("can't invoke <init>");
2743 else if (method_name->data[0] == '<')
2744 verify_fail ("can't invoke method starting with `<'");
2746 // Pop arguments and check types.
2747 int arg_count = _Jv_count_arguments (method_signature);
2748 type arg_types[arg_count];
2749 compute_argument_types (method_signature, arg_types);
2750 for (int i = arg_count - 1; i >= 0; --i)
2752 // This is only used for verifying the byte for
2754 nargs -= arg_types[i].depth ();
2755 pop_type (arg_types[i]);
2758 if (opcode == op_invokeinterface
2760 verify_fail ("wrong argument count for invokeinterface");
2762 if (opcode != op_invokestatic)
2764 type t = class_type;
2767 // In this case the PC doesn't matter.
2768 t.set_uninitialized (type::UNINIT, this);
2772 current_state->set_initialized (t.get_pc (),
2773 current_method->max_locals);
2776 type rt = compute_return_type (method_signature);
2784 type t = check_class_constant (get_ushort ());
2785 if (t.isarray () || t.isinterface (this) || t.isabstract (this))
2786 verify_fail ("type is array, interface, or abstract");
2787 t.set_uninitialized (start_PC, this);
2794 int atype = get_byte ();
2795 // We intentionally have chosen constants to make this
2797 if (atype < boolean_type || atype > long_type)
2798 verify_fail ("type not primitive", start_PC);
2799 pop_type (int_type);
2800 push_type (construct_primitive_array_type (type_val (atype)));
2804 pop_type (int_type);
2805 push_type (check_class_constant (get_ushort ()).to_array (this));
2807 case op_arraylength:
2809 type t = pop_type (reference_type);
2810 if (! t.isarray () && ! t.isnull ())
2811 verify_fail ("array type expected");
2812 push_type (int_type);
2816 pop_type (type (&java::lang::Throwable::class$));
2820 pop_type (reference_type);
2821 push_type (check_class_constant (get_ushort ()));
2824 pop_type (reference_type);
2825 check_class_constant (get_ushort ());
2826 push_type (int_type);
2828 case op_monitorenter:
2829 pop_type (reference_type);
2831 case op_monitorexit:
2832 pop_type (reference_type);
2836 switch (get_byte ())
2839 push_type (get_variable (get_ushort (), int_type));
2842 push_type (get_variable (get_ushort (), long_type));
2845 push_type (get_variable (get_ushort (), float_type));
2848 push_type (get_variable (get_ushort (), double_type));
2851 push_type (get_variable (get_ushort (), reference_type));
2854 set_variable (get_ushort (), pop_type (int_type));
2857 set_variable (get_ushort (), pop_type (long_type));
2860 set_variable (get_ushort (), pop_type (float_type));
2863 set_variable (get_ushort (), pop_type (double_type));
2866 set_variable (get_ushort (), pop_type (reference_type));
2869 handle_ret_insn (get_short ());
2872 get_variable (get_ushort (), int_type);
2876 verify_fail ("unrecognized wide instruction", start_PC);
2880 case op_multianewarray:
2882 type atype = check_class_constant (get_ushort ());
2883 int dim = get_byte ();
2885 verify_fail ("too few dimensions to multianewarray", start_PC);
2886 atype.verify_dimensions (dim, this);
2887 for (int i = 0; i < dim; ++i)
2888 pop_type (int_type);
2894 pop_type (reference_type);
2895 push_jump (get_short ());
2898 push_jump (get_int ());
2902 handle_jsr_insn (get_int ());
2906 // Unrecognized opcode.
2907 verify_fail ("unrecognized instruction in verify_instructions_0",
2913 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1)
2915 using namespace java::lang;
2916 StringBuffer *buf = new StringBuffer ();
2918 buf->append (JvNewStringLatin1 ("verification failed"));
2923 buf->append (JvNewStringLatin1 (" at PC "));
2927 _Jv_InterpMethod *method = current_method;
2928 buf->append (JvNewStringLatin1 (" in "));
2929 buf->append (current_class->getName());
2930 buf->append ((jchar) ':');
2931 buf->append (JvNewStringUTF (method->get_method()->name->data));
2932 buf->append ((jchar) '(');
2933 buf->append (JvNewStringUTF (method->get_method()->signature->data));
2934 buf->append ((jchar) ')');
2936 buf->append (JvNewStringLatin1 (": "));
2937 buf->append (JvNewStringLatin1 (s));
2938 throw new java::lang::VerifyError (buf->toString ());
2943 void verify_instructions ()
2946 verify_instructions_0 ();
2949 _Jv_BytecodeVerifier (_Jv_InterpMethod *m)
2951 // We just print the text as utf-8. This is just for debugging
2953 debug_print ("--------------------------------\n");
2954 debug_print ("-- Verifying method `%s'\n", m->self->name->data);
2957 bytecode = m->bytecode ();
2958 exception = m->exceptions ();
2959 current_class = m->defining_class;
2965 entry_points = NULL;
2968 ~_Jv_BytecodeVerifier ()
2977 for (int i = 0; i < current_method->code_length; ++i)
2979 if (jsr_ptrs[i] != NULL)
2981 subr_info *info = jsr_ptrs[i];
2982 while (info != NULL)
2984 subr_info *next = info->next;
2990 _Jv_Free (jsr_ptrs);
2993 while (utf8_list != NULL)
2995 linked_utf8 *n = utf8_list->next;
2996 _Jv_Free (utf8_list->val);
2997 _Jv_Free (utf8_list);
3001 while (entry_points != NULL)
3003 subr_entry_info *next = entry_points->next;
3004 _Jv_Free (entry_points);
3005 entry_points = next;
3011 _Jv_VerifyMethod (_Jv_InterpMethod *meth)
3013 _Jv_BytecodeVerifier v (meth);
3014 v.verify_instructions ();
3016 #endif /* INTERPRETER */