Print
Send Feedback
Fixed Width
Fluid WidthError Buddy
Do you have an error message from your application? Then find the answer with Error Buddy. You can search over 40000 source code files and troubleshooting documents using our beta lucene/nutch search interface or if you prefer, search as normal using google. With LXR technology you can drill right down into the line of source code where it came from with full cross-referencing.
If after searching you didn't get your ideal answer, or you are still unclear what the error means, you can choose to post that question to the community forums following the link included in the search results.
[1.6]001 // defineclass.cc - defining a class from .class format. 002 003 /* Copyright (C) 2001, 2002, 2003 Free Software Foundation 004 005 This file is part of libgcj. 006 007 This software is copyrighted work licensed under the terms of the 008 Libgcj License. Please consult the file "LIBGCJ_LICENSE" for 009 details. */ 010 011 // Written by Tom Tromey <tromey@redhat.com> 012 013 // Define VERIFY_DEBUG to enable debugging output. 014 015 #include <config.h> 016 017 #include <jvm.h> 018 #include <gcj/cni.h> 019 #include <java-insns.h> 020 #include <java-interp.h> 021 022 #ifdef INTERPRETER 023 024 #include <java/lang/Class.h> 025 #include <java/lang/VerifyError.h> 026 #include <java/lang/Throwable.h> 027 #include <java/lang/reflect/Modifier.h> 028 #include <java/lang/StringBuffer.h> 029 030 #ifdef VERIFY_DEBUG 031 #include <stdio.h> 032 #endif /* VERIFY_DEBUG */ 033 034 035 static void debug_print (const char *fmt, ...) 036 __attribute__ ((format (printf, 1, 2))); 037 038 static inline void 039 debug_print (const char *fmt, ...) 040 { 041 #ifdef VERIFY_DEBUG 042 va_list ap; 043 va_start (ap, fmt); 044 vfprintf (stderr, fmt, ap); 045 va_end (ap); 046 #endif /* VERIFY_DEBUG */ 047 } 048 049 class _Jv_BytecodeVerifier 050 { 051 private: 052 053 static const int FLAG_INSN_START = 1; 054 static const int FLAG_BRANCH_TARGET = 2; 055 056 struct state; 057 struct type; 058 struct subr_info; 059 struct subr_entry_info; 060 struct linked_utf8; 061 062 // The current PC. 063 int PC; 064 // The PC corresponding to the start of the current instruction. 065 int start_PC; 066 067 // The current state of the stack, locals, etc. 068 state *current_state; 069 070 // We store the state at branch targets, for merging. This holds 071 // such states. 072 state **states; 073 074 // We keep a linked list of all the PCs which we must reverify. 075 // The link is done using the PC values. This is the head of the 076 // list. 077 int next_verify_pc; 078 079 // We keep some flags for each instruction. The values are the 080 // FLAG_* constants defined above. 081 char *flags; 082 083 // We need to keep track of which instructions can call a given 084 // subroutine. FIXME: this is inefficient. We keep a linked list 085 // of all calling `jsr's at at each jsr target. 086 subr_info **jsr_ptrs; 087 088 // We keep a linked list of entries which map each `ret' instruction 089 // to its unique subroutine entry point. We expect that there won't 090 // be many `ret' instructions, so a linked list is ok. 091 subr_entry_info *entry_points; 092 093 // The bytecode itself. 094 unsigned char *bytecode; 095 // The exceptions. 096 _Jv_InterpException *exception; 097 098 // Defining class. 099 jclass current_class; 100 // This method. 101 _Jv_InterpMethod *current_method; 102 103 // A linked list of utf8 objects we allocate. This is really ugly, 104 // but without this our utf8 objects would be collected. 105 linked_utf8 *utf8_list; 106 107 struct linked_utf8 108 { 109 _Jv_Utf8Const *val; 110 linked_utf8 *next; 111 }; 112 113 _Jv_Utf8Const *make_utf8_const (char *s, int len) 114 { 115 _Jv_Utf8Const *val = _Jv_makeUtf8Const (s, len); 116 _Jv_Utf8Const *r = (_Jv_Utf8Const *) _Jv_Malloc (sizeof (_Jv_Utf8Const) 117 + val->length 118 + 1); 119 r->length = val->length; 120 r->hash = val->hash; 121 memcpy (r->data, val->data, val->length + 1); 122 123 linked_utf8 *lu = (linked_utf8 *) _Jv_Malloc (sizeof (linked_utf8)); 124 lu->val = r; 125 lu->next = utf8_list; 126 utf8_list = lu; 127 128 return r; 129 } 130 131 __attribute__ ((__noreturn__)) void verify_fail (char *s, jint pc = -1) 132 { 133 using namespace java::lang; 134 StringBuffer *buf = new StringBuffer (); 135 136 buf->append (JvNewStringLatin1 ("verification failed")); 137 if (pc == -1) 138 pc = start_PC; 139 if (pc != -1) 140 { 141 buf->append (JvNewStringLatin1 (" at PC ")); 142 buf->append (pc); 143 } 144 145 _Jv_InterpMethod *method = current_method; 146 buf->append (JvNewStringLatin1 (" in ")); 147 buf->append (current_class->getName()); 148 buf->append ((jchar) ':'); 149 buf->append (JvNewStringUTF (method->get_method()->name->data)); 150 buf->append ((jchar) '('); 151 buf->append (JvNewStringUTF (method->get_method()->signature->data)); 152 buf->append ((jchar) ')'); 153 154 buf->append (JvNewStringLatin1 (": ")); 155 buf->append (JvNewStringLatin1 (s)); 156 throw new java::lang::VerifyError (buf->toString ()); 157 } 158 159 // This enum holds a list of tags for all the different types we 160 // need to handle. Reference types are treated specially by the 161 // type class. 162 enum type_val 163 { 164 void_type, 165 166 // The values for primitive types are chosen to correspond to values 167 // specified to newarray. 168 boolean_type = 4, 169 char_type = 5, 170 float_type = 6, 171 double_type = 7, 172 byte_type = 8, 173 short_type = 9, 174 int_type = 10, 175 long_type = 11, 176 177 // Used when overwriting second word of a double or long in the 178 // local variables. Also used after merging local variable states 179 // to indicate an unusable value. 180 unsuitable_type, 181 return_address_type, 182 continuation_type, 183 184 // There is an obscure special case which requires us to note when 185 // a local variable has not been used by a subroutine. See 186 // push_jump_merge for more information. 187 unused_by_subroutine_type, 188 189 // Everything after `reference_type' must be a reference type. 190 reference_type, 191 null_type, 192 unresolved_reference_type, 193 uninitialized_reference_type, 194 uninitialized_unresolved_reference_type 195 }; 196 197 // Return the type_val corresponding to a primitive signature 198 // character. For instance `I' returns `int.class'. 199 type_val get_type_val_for_signature (jchar sig) 200 { 201 type_val rt; 202 switch (sig) 203 { 204 case 'Z': 205 rt = boolean_type; 206 break; 207 case 'B': 208 rt = byte_type; 209 break; 210 case 'C': 211 rt = char_type; 212 break; 213 case 'S': 214 rt = short_type; 215 break; 216 case 'I': 217 rt = int_type; 218 break; 219 case 'J': 220 rt = long_type; 221 break; 222 case 'F': 223 rt = float_type; 224 break; 225 case 'D': 226 rt = double_type; 227 break; 228 case 'V': 229 rt = void_type; 230 break; 231 default: 232 verify_fail ("invalid signature"); 233 } 234 return rt; 235 } 236 237 // Return the type_val corresponding to a primitive class. 238 type_val get_type_val_for_signature (jclass k) 239 { 240 return get_type_val_for_signature ((jchar) k->method_count); 241 } 242 243 // This is like _Jv_IsAssignableFrom, but it works even if SOURCE or 244 // TARGET haven't been prepared. 245 static bool is_assignable_from_slow (jclass target, jclass source) 246 { 247 // This will terminate when SOURCE==Object. 248 while (true) 249 { 250 if (source == target) 251 return true; 252 253 if (target->isPrimitive () || source->isPrimitive ()) 254 return false; 255 256 if (target->isArray ()) 257 { 258 if (! source->isArray ()) 259 return false; 260 target = target->getComponentType (); 261 source = source->getComponentType (); 262 } 263 else if (target->isInterface ()) 264 { 265 for (int i = 0; i < source->interface_count; ++i) 266 { 267 // We use a recursive call because we also need to 268 // check superinterfaces. 269 if (is_assignable_from_slow (target, source->interfaces[i])) 270 return true; 271 } 272 source = source->getSuperclass (); 273 if (source == NULL) 274 return false; 275 } 276 // We must do this check before we check to see if SOURCE is 277 // an interface. This way we know that any interface is 278 // assignable to an Object. 279 else if (target == &java::lang::Object::class$) 280 return true; 281 else if (source->isInterface ()) 282 { 283 for (int i = 0; i < target->interface_count; ++i) 284 { 285 // We use a recursive call because we also need to 286 // check superinterfaces. 287 if (is_assignable_from_slow (target->interfaces[i], source)) 288 return true; 289 } 290 target = target->getSuperclass (); 291 if (target == NULL) 292 return false; 293 } 294 else if (source == &java::lang::Object::class$) 295 return false; 296 else 297 source = source->getSuperclass (); 298 } 299 } 300 301 // This is used to keep track of which `jsr's correspond to a given 302 // jsr target. 303 struct subr_info 304 { 305 // PC of the instruction just after the jsr. 306 int pc; 307 // Link. 308 subr_info *next; 309 }; 310 311 // This is used to keep track of which subroutine entry point 312 // corresponds to which `ret' instruction. 313 struct subr_entry_info 314 { 315 // PC of the subroutine entry point. 316 int pc; 317 // PC of the `ret' instruction. 318 int ret_pc; 319 // Link. 320 subr_entry_info *next; 321 }; 322 323 // The `type' class is used to represent a single type in the 324 // verifier. 325 struct type 326 { 327 // The type. 328 type_val key; 329 // Some associated data. 330 union 331 { 332 // For a resolved reference type, this is a pointer to the class. 333 jclass klass; 334 // For other reference types, this it the name of the class. 335 _Jv_Utf8Const *name; 336 } data; 337 // This is used when constructing a new object. It is the PC of the 338 // `new' instruction which created the object. We use the special 339 // value -2 to mean that this is uninitialized, and the special 340 // value -1 for the case where the current method is itself the 341 // <init> method. 342 int pc; 343 344 static const int UNINIT = -2; 345 static const int SELF = -1; 346 347 // Basic constructor. 348 type () 349 { 350 key = unsuitable_type; 351 data.klass = NULL; 352 pc = UNINIT; 353 } 354 355 // Make a new instance given the type tag. We assume a generic 356 // `reference_type' means Object. 357 type (type_val k) 358 { 359 key = k; 360 data.klass = NULL; 361 if (key == reference_type) 362 data.klass = &java::lang::Object::class$; 363 pc = UNINIT; 364 } 365 366 // Make a new instance given a class. 367 type (jclass klass) 368 { 369 key = reference_type; 370 data.klass = klass; 371 pc = UNINIT; 372 } 373 374 // Make a new instance given the name of a class. 375 type (_Jv_Utf8Const *n) 376 { 377 key = unresolved_reference_type; 378 data.name = n; 379 pc = UNINIT; 380 } 381 382 // Copy constructor. 383 type (const type &t) 384 { 385 key = t.key; 386 data = t.data; 387 pc = t.pc; 388 } 389 390 // These operators are required because libgcj can't link in 391 // -lstdc++. 392 void *operator new[] (size_t bytes) 393 { 394 return _Jv_Malloc (bytes); 395 } 396 397 void operator delete[] (void *mem) 398 { 399 _Jv_Free (mem); 400 } 401 402 type& operator= (type_val k) 403 { 404 key = k; 405 data.klass = NULL; 406 pc = UNINIT; 407 return *this; 408 } 409 410 type& operator= (const type& t) 411 { 412 key = t.key; 413 data = t.data; 414 pc = t.pc; 415 return *this; 416 } 417 418 // Promote a numeric type. 419 type &promote () 420 { 421 if (key == boolean_type || key == char_type 422 || key == byte_type || key == short_type) 423 key = int_type; 424 return *this; 425 } 426 427 // If *THIS is an unresolved reference type, resolve it. 428 void resolve (_Jv_BytecodeVerifier *verifier) 429 { 430 if (key != unresolved_reference_type 431 && key != uninitialized_unresolved_reference_type) 432 return; 433 434 using namespace java::lang; 435 java::lang::ClassLoader *loader 436 = verifier->current_class->getClassLoaderInternal(); 437 // We might see either kind of name. Sigh. 438 if (data.name->data[0] == 'L' 439 && data.name->data[data.name->length - 1] == ';') 440 data.klass = _Jv_FindClassFromSignature (data.name->data, loader); 441 else 442 data.klass = Class::forName (_Jv_NewStringUtf8Const (data.name), 443 false, loader); 444 key = (key == unresolved_reference_type 445 ? reference_type 446 : uninitialized_reference_type); 447 } 448 449 // Mark this type as the uninitialized result of `new'. 450 void set_uninitialized (int npc, _Jv_BytecodeVerifier *verifier) 451 { 452 if (key == reference_type) 453 key = uninitialized_reference_type; 454 else if (key == unresolved_reference_type) 455 key = uninitialized_unresolved_reference_type; 456 else 457 verifier->verify_fail ("internal error in type::uninitialized"); 458 pc = npc; 459 } 460 461 // Mark this type as now initialized. 462 void set_initialized (int npc) 463 { 464 if (npc != UNINIT && pc == npc 465 && (key == uninitialized_reference_type 466 || key == uninitialized_unresolved_reference_type)) 467 { 468 key = (key == uninitialized_reference_type 469 ? reference_type 470 : unresolved_reference_type); 471 pc = UNINIT; 472 } 473 } 474 475 476 // Return true if an object of type K can be assigned to a variable 477 // of type *THIS. Handle various special cases too. Might modify 478 // *THIS or K. Note however that this does not perform numeric 479 // promotion. 480 bool compatible (type &k, _Jv_BytecodeVerifier *verifier) 481 { 482 // Any type is compatible with the unsuitable type. 483 if (key == unsuitable_type) 484 return true; 485 486 if (key < reference_type || k.key < reference_type) 487 return key == k.key; 488 489 // The `null' type is convertible to any initialized reference 490 // type. 491 if (key == null_type || k.key == null_type) 492 return true; 493 494 // Any reference type is convertible to Object. This is a special 495 // case so we don't need to unnecessarily resolve a class. 496 if (key == reference_type 497 && data.klass == &java::lang::Object::class$) 498 return true; 499 500 // An initialized type and an uninitialized type are not 501 // compatible. 502 if (isinitialized () != k.isinitialized ()) 503 return false; 504 505 // Two uninitialized objects are compatible if either: 506 // * The PCs are identical, or 507 // * One PC is UNINIT. 508 if (! isinitialized ()) 509 { 510 if (pc != k.pc && pc != UNINIT && k.pc != UNINIT) 511 return false; 512 } 513 514 // Two unresolved types are equal if their names are the same. 515 if (! isresolved () 516 && ! k.isresolved () 517 && _Jv_equalUtf8Consts (data.name, k.data.name)) 518 return true; 519 520 // We must resolve both types and check assignability. 521 resolve (verifier); 522 k.resolve (verifier); 523 return is_assignable_from_slow (data.klass, k.data.klass); 524 } 525 526 bool isvoid () const 527 { 528 return key == void_type; 529 } 530 531 bool iswide () const 532 { 533 return key == long_type || key == double_type; 534 } 535 536 // Return number of stack or local variable slots taken by this 537 // type. 538 int depth () const 539 { 540 return iswide () ? 2 : 1; 541 } 542 543 bool isarray () const 544 { 545 // We treat null_type as not an array. This is ok based on the 546 // current uses of this method. 547 if (key == reference_type) 548 return data.klass->isArray (); 549 else if (key == unresolved_reference_type) 550 return data.name->data[0] == '['; 551 return false; 552 } 553 554 bool isnull () const 555 { 556 return key == null_type; 557 } 558 559 bool isinterface (_Jv_BytecodeVerifier *verifier) 560 { 561 resolve (verifier); 562 if (key != reference_type) 563 return false; 564 return data.klass->isInterface (); 565 } 566 567 bool isabstract (_Jv_BytecodeVerifier *verifier) 568 { 569 resolve (verifier); 570 if (key != reference_type) 571 return false; 572 using namespace java::lang::reflect; 573 return Modifier::isAbstract (data.klass->getModifiers ()); 574 } 575 576 // Return the element type of an array. 577 type element_type (_Jv_BytecodeVerifier *verifier) 578 { 579 // FIXME: maybe should do string manipulation here. 580 resolve (verifier); 581 if (key != reference_type) 582 verifier->verify_fail ("programmer error in type::element_type()", -1); 583 584 jclass k = data.klass->getComponentType (); 585 if (k->isPrimitive ()) 586 return type (verifier->get_type_val_for_signature (k)); 587 return type (k); 588 } 589 590 // Return the array type corresponding to an initialized 591 // reference. We could expand this to work for other kinds of 592 // types, but currently we don't need to. 593 type to_array (_Jv_BytecodeVerifier *verifier) 594 { 595 // Resolving isn't ideal, because it might force us to load 596 // another class, but it's easy. FIXME? 597 if (key == unresolved_reference_type) 598 resolve (verifier); 599 600 if (key == reference_type) 601 return type (_Jv_GetArrayClass (data.klass, 602 data.klass->getClassLoaderInternal())); 603 else 604 verifier->verify_fail ("internal error in type::to_array()"); 605 } 606 607 bool isreference () const 608 { 609 return key >= reference_type; 610 } 611 612 int get_pc () const 613 { 614 return pc; 615 } 616 617 bool isinitialized () const 618 { 619 return (key == reference_type 620 || key == null_type 621 || key == unresolved_reference_type); 622 } 623 624 bool isresolved () const 625 { 626 return (key == reference_type 627 || key == null_type 628 || key == uninitialized_reference_type); 629 } 630 631 void verify_dimensions (int ndims, _Jv_BytecodeVerifier *verifier) 632 { 633 // The way this is written, we don't need to check isarray(). 634 if (key == reference_type) 635 { 636 jclass k = data.klass; 637 while (k->isArray () && ndims > 0) 638 { 639 k = k->getComponentType (); 640 --ndims; 641 } 642 } 643 else 644 { 645 // We know KEY == unresolved_reference_type. 646 char *p = data.name->data; 647 while (*p++ == '[' && ndims-- > 0) 648 ; 649 } 650 651 if (ndims > 0) 652 verifier->verify_fail ("array type has fewer dimensions than required"); 653 } 654 655 // Merge OLD_TYPE into this. On error throw exception. 656 bool merge (type& old_type, bool local_semantics, 657 _Jv_BytecodeVerifier *verifier) 658 { 659 bool changed = false; 660 bool refo = old_type.isreference (); 661 bool refn = isreference (); 662 if (refo && refn) 663 { 664 if (old_type.key == null_type) 665 ; 666 else if (key == null_type) 667 { 668 *this = old_type; 669 changed = true; 670 } 671 else if (isinitialized () != old_type.isinitialized ()) 672 verifier->verify_fail ("merging initialized and uninitialized types"); 673 else 674 { 675 if (! isinitialized ()) 676 { 677 if (pc == UNINIT) 678 pc = old_type.pc; 679 else if (old_type.pc == UNINIT) 680 ; 681 else if (pc != old_type.pc) 682 verifier->verify_fail ("merging different uninitialized types"); 683 } 684 685 if (! isresolved () 686 && ! old_type.isresolved () 687 && _Jv_equalUtf8Consts (data.name, old_type.data.name)) 688 { 689 // Types are identical. 690 } 691 else 692 { 693 resolve (verifier); 694 old_type.resolve (verifier); 695 696 jclass k = data.klass; 697 jclass oldk = old_type.data.klass; 698 699 int arraycount = 0; 700 while (k->isArray () && oldk->isArray ()) 701 { 702 ++arraycount; 703 k = k->getComponentType (); 704 oldk = oldk->getComponentType (); 705 } 706 707 // Ordinarily this terminates when we hit Object... 708 while (k != NULL) 709 { 710 if (is_assignable_from_slow (k, oldk)) 711 break; 712 k = k->getSuperclass (); 713 changed = true; 714 } 715 // ... but K could have been an interface, in which 716 // case we'll end up here. We just convert this 717 // into Object. 718 if (k == NULL) 719 k = &java::lang::Object::class$; 720 721 if (changed) 722 { 723 while (arraycount > 0) 724 { 725 java::lang::ClassLoader *loader 726 = verifier->current_class->getClassLoaderInternal(); 727 k = _Jv_GetArrayClass (k, loader); 728 --arraycount; 729 } 730 data.klass = k; 731 } 732 } 733 } 734 } 735 else if (refo || refn || key != old_type.key) 736 { 737 if (local_semantics) 738 { 739 // If we're merging into an "unused" slot, then we 740 // simply accept whatever we're merging from. 741 if (key == unused_by_subroutine_type) 742 { 743 *this = old_type; 744 changed = true; 745 } 746 else if (old_type.key == unused_by_subroutine_type) 747 { 748 // Do nothing. 749 } 750 // If we already have an `unsuitable' type, then we 751 // don't need to change again. 752 else if (key != unsuitable_type) 753 { 754 key = unsuitable_type; 755 changed = true; 756 } 757 } 758 else 759 verifier->verify_fail ("unmergeable type"); 760 } 761 return changed; 762 } 763 764 #ifdef VERIFY_DEBUG 765 void print (void) const 766 { 767 char c = '?'; 768 switch (key) 769 { 770 case boolean_type: c = 'Z'; break; 771 case byte_type: c = 'B'; break; 772 case char_type: c = 'C'; break; 773 case short_type: c = 'S'; break; 774 case int_type: c = 'I'; break; 775 case long_type: c = 'J'; break; 776 case float_type: c = 'F'; break; 777 case double_type: c = 'D'; break; 778 case void_type: c = 'V'; break; 779 case unsuitable_type: c = '-'; break; 780 case return_address_type: c = 'r'; break; 781 case continuation_type: c = '+'; break; 782 case unused_by_subroutine_type: c = '_'; break; 783 case reference_type: c = 'L'; break; 784 case null_type: c = '@'; break; 785 case unresolved_reference_type: c = 'l'; break; 786 case uninitialized_reference_type: c = 'U'; break; 787 case uninitialized_unresolved_reference_type: c = 'u'; break; 788 } 789 debug_print ("%c", c); 790 } 791 #endif /* VERIFY_DEBUG */ 792 }; 793 794 // This class holds all the state information we need for a given 795 // location. 796 struct state 797 { 798 // The current top of the stack, in terms of slots. 799 int stacktop; 800 // The current depth of the stack. This will be larger than 801 // STACKTOP when wide types are on the stack. 802 int stackdepth; 803 // The stack. 804 type *stack; 805 // The local variables. 806 type *locals; 807 // This is used in subroutines to keep track of which local 808 // variables have been accessed. 809 bool *local_changed; 810 // If not 0, then we are in a subroutine. The value is the PC of 811 // the subroutine's entry point. We can use 0 as an exceptional 812 // value because PC=0 can never be a subroutine. 813 int subroutine; 814 // This is used to keep a linked list of all the states which 815 // require re-verification. We use the PC to keep track. 816 int next; 817 // We keep track of the type of `this' specially. This is used to 818 // ensure that an instance initializer invokes another initializer 819 // on `this' before returning. We must keep track of this 820 // specially because otherwise we might be confused by code which 821 // assigns to locals[0] (overwriting `this') and then returns 822 // without really initializing. 823 type this_type; 824 // This is a list of all subroutines that have been seen at this 825 // point. Ordinarily this is NULL; it is only allocated and used 826 // in relatively weird situations involving non-ret exit from a 827 // subroutine. We have to keep track of this in this way to avoid 828 // endless recursion in these cases. 829 subr_info *seen_subrs; 830 831 // INVALID marks a state which is not on the linked list of states 832 // requiring reverification. 833 static const int INVALID = -1; 834 // NO_NEXT marks the state at the end of the reverification list. 835 static const int NO_NEXT = -2; 836 837 // This is used to mark the stack depth at the instruction just 838 // after a `jsr' when we haven't yet processed the corresponding 839 // `ret'. See handle_jsr_insn for more information. 840 static const int NO_STACK = -1; 841 842 state () 843 : this_type () 844 { 845 stack = NULL; 846 locals = NULL; 847 local_changed = NULL; 848 seen_subrs = NULL; 849 } 850 851 state (int max_stack, int max_locals) 852 : this_type () 853 { 854 stacktop = 0; 855 stackdepth = 0; 856 stack = new type[max_stack]; 857 for (int i = 0; i < max_stack; ++i) 858 stack[i] = unsuitable_type; 859 locals = new type[max_locals]; 860 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals); 861 seen_subrs = NULL; 862 for (int i = 0; i < max_locals; ++i) 863 { 864 locals[i] = unsuitable_type; 865 local_changed[i] = false; 866 } 867 next = INVALID; 868 subroutine = 0; 869 } 870 871 state (const state *orig, int max_stack, int max_locals, 872 bool ret_semantics = false) 873 { 874 stack = new type[max_stack]; 875 locals = new type[max_locals]; 876 local_changed = (bool *) _Jv_Malloc (sizeof (bool) * max_locals); 877 seen_subrs = NULL; 878 copy (orig, max_stack, max_locals, ret_semantics); 879 next = INVALID; 880 } 881 882 ~state () 883 { 884 if (stack) 885 delete[] stack; 886 if (locals) 887 delete[] locals; 888 if (local_changed) 889 _Jv_Free (local_changed); 890 clean_subrs (); 891 } 892 893 void *operator new[] (size_t bytes) 894 { 895 return _Jv_Malloc (bytes); 896 } 897 898 void operator delete[] (void *mem) 899 { 900 _Jv_Free (mem); 901 } 902 903 void *operator new (size_t bytes) 904 { 905 return _Jv_Malloc (bytes); 906 } 907 908 void operator delete (void *mem) 909 { 910 _Jv_Free (mem); 911 } 912 913 void clean_subrs () 914 { 915 subr_info *info = seen_subrs; 916 while (info != NULL) 917 { 918 subr_info *next = info->next; 919 _Jv_Free (info); 920 info = next; 921 } 922 } 923 924 void copy (const state *copy, int max_stack, int max_locals, 925 bool ret_semantics = false) 926 { 927 stacktop = copy->stacktop; 928 stackdepth = copy->stackdepth; 929 subroutine = copy->subroutine; 930 for (int i = 0; i < max_stack; ++i) 931 stack[i] = copy->stack[i]; 932 for (int i = 0; i < max_locals; ++i) 933 { 934 // See push_jump_merge to understand this case. 935 if (ret_semantics) 936 locals[i] = type (copy->local_changed[i] 937 ? unsuitable_type 938 : unused_by_subroutine_type); 939 else 940 locals[i] = copy->locals[i]; 941 local_changed[i] = copy->local_changed[i]; 942 } 943 944 clean_subrs (); 945 if (copy->seen_subrs) 946 { 947 for (subr_info *info = seen_subrs; info != NULL; info = info->next) 948 add_subr (info->pc); 949 } 950 else 951 seen_subrs = NULL; 952 953 this_type = copy->this_type; 954 // Don't modify `next'. 955 } 956 957 // Modify this state to reflect entry to an exception handler. 958 void set_exception (type t, int max_stack) 959 { 960 stackdepth = 1; 961 stacktop = 1; 962 stack[0] = t; 963 for (int i = stacktop; i < max_stack; ++i) 964 stack[i] = unsuitable_type; 965 } 966 967 // Modify this state to reflect entry into a subroutine. 968 void enter_subroutine (int npc, int max_locals) 969 { 970 subroutine = npc; 971 // Mark all items as unchanged. Each subroutine needs to keep 972 // track of its `changed' state independently. In the case of 973 // nested subroutines, this information will be merged back into 974 // parent by the `ret'. 975 for (int i = 0; i < max_locals; ++i) 976 local_changed[i] = false; 977 } 978 979 // Indicate that we've been in this this subroutine. 980 void add_subr (int pc) 981 { 982 subr_info *n = (subr_info *) _Jv_Malloc (sizeof (subr_info)); 983 n->pc = pc; 984 n->next = seen_subrs; 985 seen_subrs = n; 986 } 987 988 // Merge STATE_OLD into this state. Destructively modifies this 989 // state. Returns true if the new state was in fact changed. 990 // Will throw an exception if the states are not mergeable. 991 bool merge (state *state_old, bool ret_semantics, 992 int max_locals, _Jv_BytecodeVerifier *verifier) 993 { 994 bool changed = false; 995 996 // Special handling for `this'. If one or the other is 997 // uninitialized, then the merge is uninitialized. 998 if (this_type.isinitialized ()) 999 this_type = state_old->this_type; 1000 1001 // Merge subroutine states. Here we just keep track of what 1002 // subroutine we think we're in. We only check for a merge 1003 // (which is invalid) when we see a `ret'. 1004 if (subroutine == state_old->subroutine) 1005 { 1006 // Nothing. 1007 } 1008 else if (subroutine == 0) 1009 { 1010 subroutine = state_old->subroutine; 1011 changed = true; 1012 } 1013 else 1014 { 1015 // If the subroutines differ, and we haven't seen this 1016 // subroutine before, indicate that the state changed. This 1017 // is needed to detect when subroutines have merged. 1018 bool found = false; 1019 for (subr_info *info = seen_subrs; info != NULL; info = info->next) 1020 { 1021 if (info->pc == state_old->subroutine) 1022 { 1023 found = true; 1024 break; 1025 } 1026 } 1027 if (! found) 1028 { 1029 add_subr (state_old->subroutine); 1030 changed = true; 1031 } 1032 } 1033 1034 // Merge stacks. Special handling for NO_STACK case. 1035 if (state_old->stacktop == NO_STACK) 1036 { 1037 // Nothing to do in this case; we don't care about modifying 1038 // the old state. 1039 } 1040 else if (stacktop == NO_STACK) 1041 { 1042 stacktop = state_old->stacktop; 1043 stackdepth = state_old->stackdepth; 1044 for (int i = 0; i < stacktop; ++i) 1045 stack[i] = state_old->stack[i]; 1046 changed = true; 1047 } 1048 else if (state_old->stacktop != stacktop) 1049 verifier->verify_fail ("stack sizes differ"); 1050 else 1051 { 1052 for (int i = 0; i < state_old->stacktop; ++i) 1053 { 1054 if (stack[i].merge (state_old->stack[i], false, verifier)) 1055 changed = true; 1056 } 1057 } 1058 1059 // Merge local variables. 1060 for (int i = 0; i < max_locals; ++i) 1061 { 1062 // If we're not processing a `ret', then we merge every 1063 // local variable. If we are processing a `ret', then we 1064 // only merge locals which changed in the subroutine. When 1065 // processing a `ret', STATE_OLD is the state at the point 1066 // of the `ret', and THIS is the state just after the `jsr'. 1067 if (! ret_semantics || state_old->local_changed[i]) 1068 { 1069 if (locals[i].merge (state_old->locals[i], true, verifier)) 1070 { 1071 // Note that we don't call `note_variable' here. 1072 // This change doesn't represent a real change to a 1073 // local, but rather a merge artifact. If we're in 1074 // a subroutine which is called with two 1075 // incompatible types in a slot that is unused by 1076 // the subroutine, then we don't want to mark that 1077 // variable as having been modified. 1078 changed = true; 1079 } 1080 } 1081 1082 // If we're in a subroutine, we must compute the union of 1083 // all the changed local variables. 1084 if (state_old->local_changed[i]) 1085 note_variable (i); 1086 } 1087 1088 return changed; 1089 } 1090 1091 // Throw an exception if there is an uninitialized object on the 1092 // stack or in a local variable. EXCEPTION_SEMANTICS controls 1093 // whether we're using backwards-branch or exception-handing 1094 // semantics. 1095 void check_no_uninitialized_objects (int max_locals, 1096 _Jv_BytecodeVerifier *verifier, 1097 bool exception_semantics = false) 1098 { 1099 if (! exception_semantics) 1100 { 1101 for (int i = 0; i < stacktop; ++i) 1102 if (stack[i].isreference () && ! stack[i].isinitialized ()) 1103 verifier->verify_fail ("uninitialized object on stack"); 1104 } 1105 1106 for (int i = 0; i < max_locals; ++i) 1107 if (locals[i].isreference () && ! locals[i].isinitialized ()) 1108 verifier->verify_fail ("uninitialized object in local variable"); 1109 1110 check_this_initialized (verifier); 1111 } 1112 1113 // Ensure that `this' has been initialized. 1114 void check_this_initialized (_Jv_BytecodeVerifier *verifier) 1115 { 1116 if (this_type.isreference () && ! this_type.isinitialized ()) 1117 verifier->verify_fail ("`this' is uninitialized"); 1118 } 1119 1120 // Set type of `this'. 1121 void set_this_type (const type &k) 1122 { 1123 this_type = k; 1124 } 1125 1126 // Note that a local variable was modified. 1127 void note_variable (int index) 1128 { 1129 if (subroutine > 0) 1130 local_changed[index] = true; 1131 } 1132 1133 // Mark each `new'd object we know of that was allocated at PC as 1134 // initialized. 1135 void set_initialized (int pc, int max_locals) 1136 { 1137 for (int i = 0; i < stacktop; ++i) 1138 stack[i].set_initialized (pc); 1139 for (int i = 0; i < max_locals; ++i) 1140 locals[i].set_initialized (pc); 1141 this_type.set_initialized (pc); 1142 } 1143 1144 // Return true if this state is the unmerged result of a `ret'. 1145 bool is_unmerged_ret_state (int max_locals) const 1146 { 1147 if (stacktop == NO_STACK) 1148 return true; 1149 for (int i = 0; i < max_locals; ++i) 1150 { 1151 if (locals[i].key == unused_by_subroutine_type) 1152 return true; 1153 } 1154 return false; 1155 } 1156 1157 #ifdef VERIFY_DEBUG 1158 void print (const char *leader, int pc, 1159 int max_stack, int max_locals) const 1160 { 1161 debug_print ("%s [%4d]: [stack] ", leader, pc); 1162 int i; 1163 for (i = 0; i < stacktop; ++i) 1164 stack[i].print (); 1165 for (; i < max_stack; ++i) 1166 debug_print ("."); 1167 debug_print (" [local] "); 1168 for (i = 0; i < max_locals; ++i) 1169 { 1170 locals[i].print (); 1171 debug_print (local_changed[i] ? "+" : " "); 1172 } 1173 if (subroutine == 0) 1174 debug_print (" | None"); 1175 else 1176 debug_print (" | %4d", subroutine); 1177 debug_print (" | %p\n", this); 1178 } 1179 #else 1180 inline void print (const char *, int, int, int) const 1181 { 1182 } 1183 #endif /* VERIFY_DEBUG */ 1184 }; 1185 1186 type pop_raw () 1187 { 1188 if (current_state->stacktop <= 0) 1189 verify_fail ("stack empty"); 1190 type r = current_state->stack[--current_state->stacktop]; 1191 current_state->stackdepth -= r.depth (); 1192 if (current_state->stackdepth < 0) 1193 verify_fail ("stack empty", start_PC); 1194 return r; 1195 } 1196 1197 type pop32 () 1198 { 1199 type r = pop_raw (); 1200 if (r.iswide ()) 1201 verify_fail ("narrow pop of wide type"); 1202 return r; 1203 } 1204 1205 type pop_type (type match) 1206 { 1207 match.promote (); 1208 type t = pop_raw (); 1209 if (! match.compatible (t, this)) 1210 verify_fail ("incompatible type on stack"); 1211 return t; 1212 } 1213 1214 // Pop a reference which is guaranteed to be initialized. MATCH 1215 // doesn't have to be a reference type; in this case this acts like 1216 // pop_type. 1217 type pop_init_ref (type match) 1218 { 1219 type t = pop_raw (); 1220 if (t.isreference () && ! t.isinitialized ()) 1221 verify_fail ("initialized reference required"); 1222 else if (! match.compatible (t, this)) 1223 verify_fail ("incompatible type on stack"); 1224 return t; 1225 } 1226 1227 // Pop a reference type or a return address. 1228 type pop_ref_or_return () 1229 { 1230 type t = pop_raw (); 1231 if (! t.isreference () && t.key != return_address_type) 1232 verify_fail ("expected reference or return address on stack"); 1233 return t; 1234 } 1235 1236 void push_type (type t) 1237 { 1238 // If T is a numeric type like short, promote it to int. 1239 t.promote (); 1240 1241 int depth = t.depth (); 1242 if (current_state->stackdepth + depth > current_method->max_stack) 1243 verify_fail ("stack overflow"); 1244 current_state->stack[current_state->stacktop++] = t; 1245 current_state->stackdepth += depth; 1246 } 1247 1248 void set_variable (int index, type t) 1249 { 1250 // If T is a numeric type like short, promote it to int. 1251 t.promote (); 1252 1253 int depth = t.depth (); 1254 if (index > current_method->max_locals - depth) 1255 verify_fail ("invalid local variable"); 1256 current_state->locals[index] = t; 1257 current_state->note_variable (index); 1258 1259 if (depth == 2) 1260 { 1261 current_state->locals[index + 1] = continuation_type; 1262 current_state->note_variable (index + 1); 1263 } 1264 if (index > 0 && current_state->locals[index - 1].iswide ()) 1265 { 1266 current_state->locals[index - 1] = unsuitable_type; 1267 // There's no need to call note_variable here. 1268 } 1269 } 1270 1271 type get_variable (int index, type t) 1272 { 1273 int depth = t.depth (); 1274 if (index > current_method->max_locals - depth) 1275 verify_fail ("invalid local variable"); 1276 if (! t.compatible (current_state->locals[index], this)) 1277 verify_fail ("incompatible type in local variable"); 1278 if (depth == 2) 1279 { 1280 type t (continuation_type); 1281 if (! current_state->locals[index + 1].compatible (t, this)) 1282 verify_fail ("invalid local variable"); 1283 } 1284 return current_state->locals[index]; 1285 } 1286 1287 // Make sure ARRAY is an array type and that its elements are 1288 // compatible with type ELEMENT. Returns the actual element type. 1289 type require_array_type (type array, type element) 1290 { 1291 // An odd case. Here we just pretend that everything went ok. If 1292 // the requested element type is some kind of reference, return 1293 // the null type instead. 1294 if (array.isnull ()) 1295 return element.isreference () ? type (null_type) : element; 1296 1297 if (! array.isarray ()) 1298 verify_fail ("array required"); 1299 1300 type t = array.element_type (this); 1301 if (! element.compatible (t, this)) 1302 { 1303 // Special case for byte arrays, which must also be boolean 1304 // arrays. 1305 bool ok = true; 1306 if (element.key == byte_type) 1307 { 1308 type e2 (boolean_type); 1309 ok = e2.compatible (t, this); 1310 } 1311 if (! ok) 1312 verify_fail ("incompatible array element type"); 1313 } 1314 1315 // Return T and not ELEMENT, because T might be specialized. 1316 return t; 1317 } 1318 1319 jint get_byte () 1320 { 1321 if (PC >= current_method->code_length) 1322 verify_fail ("premature end of bytecode"); 1323 return (jint) bytecode[PC++] & 0xff; 1324 } 1325 1326 jint get_ushort () 1327 { 1328 jint b1 = get_byte (); 1329 jint b2 = get_byte (); 1330 return (jint) ((b1 << 8) | b2) & 0xffff; 1331 } 1332 1333 jint get_short () 1334 { 1335 jint b1 = get_byte (); 1336 jint b2 = get_byte (); 1337 jshort s = (b1 << 8) | b2; 1338 return (jint) s; 1339 } 1340 1341 jint get_int () 1342 { 1343 jint b1 = get_byte (); 1344 jint b2 = get_byte (); 1345 jint b3 = get_byte (); 1346 jint b4 = get_byte (); 1347 return (b1 << 24) | (b2 << 16) | (b3 << 8) | b4; 1348 } 1349 1350 int compute_jump (int offset) 1351 { 1352 int npc = start_PC + offset; 1353 if (npc < 0 || npc >= current_method->code_length) 1354 verify_fail ("branch out of range", start_PC); 1355 return npc; 1356 } 1357 1358 // Merge the indicated state into the state at the branch target and 1359 // schedule a new PC if there is a change. If RET_SEMANTICS is 1360 // true, then we are merging from a `ret' instruction into the 1361 // instruction after a `jsr'. This is a special case with its own 1362 // modified semantics. 1363 void push_jump_merge (int npc, state *nstate, bool ret_semantics = false) 1364 { 1365 bool changed = true; 1366 if (states[npc] == NULL) 1367 { 1368 // There's a weird situation here. If are examining the 1369 // branch that results from a `ret', and there is not yet a 1370 // state available at the branch target (the instruction just 1371 // after the `jsr'), then we have to construct a special kind 1372 // of state at that point for future merging. This special 1373 // state has the type `unused_by_subroutine_type' in each slot 1374 // which was not modified by the subroutine. 1375 states[npc] = new state (nstate, current_method->max_stack, 1376 current_method->max_locals, ret_semantics); 1377 debug_print ("== New state in push_jump_merge\n"); 1378 states[npc]->print ("New", npc, current_method->max_stack, 1379 current_method->max_locals); 1380 } 1381 else 1382 { 1383 debug_print ("== Merge states in push_jump_merge\n"); 1384 nstate->print ("Frm", start_PC, current_method->max_stack, 1385 current_method->max_locals); 1386 states[npc]->print (" To", npc, current_method->max_stack, 1387 current_method->max_locals); 1388 changed = states[npc]->merge (nstate, ret_semantics, 1389 current_method->max_locals, this); 1390 states[npc]->print ("New", npc, current_method->max_stack, 1391 current_method->max_locals); 1392 } 1393 1394 if (changed && states[npc]->next == state::INVALID) 1395 { 1396 // The merge changed the state, and the new PC isn't yet on our 1397 // list of PCs to re-verify. 1398 states[npc]->next = next_verify_pc; 1399 next_verify_pc = npc; 1400 } 1401 } 1402 1403 void push_jump (int offset) 1404 { 1405 int npc = compute_jump (offset); 1406 if (npc < PC) 1407 current_state->check_no_uninitialized_objects (current_method->max_locals, this); 1408 push_jump_merge (npc, current_state); 1409 } 1410 1411 void push_exception_jump (type t, int pc) 1412 { 1413 current_state->check_no_uninitialized_objects (current_method->max_locals, 1414 this, true); 1415 state s (current_state, current_method->max_stack, 1416 current_method->max_locals); 1417 if (current_method->max_stack < 1) 1418 verify_fail ("stack overflow at exception handler"); 1419 s.set_exception (t, current_method->max_stack); 1420 push_jump_merge (pc, &s); 1421 } 1422 1423 int pop_jump () 1424 { 1425 int *prev_loc = &next_verify_pc; 1426 int npc = next_verify_pc; 1427 1428 while (npc != state::NO_NEXT) 1429 { 1430 // If the next available PC is an unmerged `ret' state, then 1431 // we aren't yet ready to handle it. That's because we would 1432 // need all kind of special cases to do so. So instead we 1433 // defer this jump until after we've processed it via a 1434 // fall-through. This has to happen because the instruction 1435 // before this one must be a `jsr'. 1436 if (! states[npc]->is_unmerged_ret_state (current_method->max_locals)) 1437 { 1438 *prev_loc = states[npc]->next; 1439 states[npc]->next = state::INVALID; 1440 return npc; 1441 } 1442 1443 prev_loc = &states[npc]->next; 1444 npc = states[npc]->next; 1445 } 1446 1447 // Note that we might have gotten here even when there are 1448 // remaining states to process. That can happen if we find a 1449 // `jsr' without a `ret'. 1450 return state::NO_NEXT; 1451 } 1452 1453 void invalidate_pc () 1454 { 1455 PC = state::NO_NEXT; 1456 } 1457 1458 void note_branch_target (int pc, bool is_jsr_target = false) 1459 { 1460 // Don't check `pc <= PC', because we've advanced PC after 1461 // fetching the target and we haven't yet checked the next 1462 // instruction. 1463 if (pc < PC && ! (flags[pc] & FLAG_INSN_START)) 1464 verify_fail ("branch not to instruction start", start_PC); 1465 flags[pc] |= FLAG_BRANCH_TARGET; 1466 if (is_jsr_target) 1467 { 1468 // Record the jsr which called this instruction. 1469 subr_info *info = (subr_info *) _Jv_Malloc (sizeof (subr_info)); 1470 info->pc = PC; 1471 info->next = jsr_ptrs[pc]; 1472 jsr_ptrs[pc] = info; 1473 } 1474 } 1475 1476 void skip_padding () 1477 { 1478 while ((PC % 4) > 0) 1479 if (get_byte () != 0) 1480 verify_fail ("found nonzero padding byte"); 1481 } 1482 1483 // Return the subroutine to which the instruction at PC belongs. 1484 int get_subroutine (int pc) 1485 { 1486 if (states[pc] == NULL) 1487 return 0; 1488 return states[pc]->subroutine; 1489 } 1490 1491 // Do the work for a `ret' instruction. INDEX is the index into the 1492 // local variables. 1493 void handle_ret_insn (int index) 1494 { 1495 get_variable (index, return_address_type); 1496 1497 int csub = current_state->subroutine; 1498 if (csub == 0) 1499 verify_fail ("no subroutine"); 1500 1501 // Check to see if we've merged subroutines. 1502 subr_entry_info *entry; 1503 for (entry = entry_points; entry != NULL; entry = entry->next) 1504 { 1505 if (entry->ret_pc == start_PC) 1506 break; 1507 } 1508 if (entry == NULL) 1509 { 1510 entry = (subr_entry_info *) _Jv_Malloc (sizeof (subr_entry_info)); 1511 entry->pc = csub; 1512 entry->ret_pc = start_PC; 1513 entry->next = entry_points; 1514 entry_points = entry; 1515 } 1516 else if (entry->pc != csub) 1517 verify_fail ("subroutines merged"); 1518 1519 for (subr_info *subr = jsr_ptrs[csub]; subr != NULL; subr = subr->next) 1520 { 1521 // We might be returning to a `jsr' that is at the end of the 1522 // bytecode. This is ok if we never return from the called 1523 // subroutine, but if we see this here it is an error. 1524 if (subr->pc >= current_method->code_length) 1525 verify_fail ("fell off end"); 1526 1527 // Temporarily modify the current state so it looks like we're 1528 // in the enclosing context. 1529 current_state->subroutine = get_subroutine (subr->pc); 1530 if (subr->pc < PC) 1531 current_state->check_no_uninitialized_objects (current_method->max_locals, this); 1532 push_jump_merge (subr->pc, current_state, true); 1533 } 1534 1535 current_state->subroutine = csub; 1536 invalidate_pc (); 1537 } 1538 1539 // We're in the subroutine SUB, calling a subroutine at DEST. Make 1540 // sure this subroutine isn't already on the stack. 1541 void check_nonrecursive_call (int sub, int dest) 1542 { 1543 if (sub == 0) 1544 return; 1545 if (sub == dest) 1546 verify_fail ("recursive subroutine call"); 1547 for (subr_info *info = jsr_ptrs[sub]; info != NULL; info = info->next) 1548 check_nonrecursive_call (get_subroutine (info->pc), dest); 1549 } 1550 1551 void handle_jsr_insn (int offset) 1552 { 1553 int npc = compute_jump (offset); 1554 1555 if (npc < PC) 1556 current_state->check_no_uninitialized_objects (current_method->max_locals, this); 1557 check_nonrecursive_call (current_state->subroutine, npc); 1558 1559 // Modify our state as appropriate for entry into a subroutine. 1560 push_type (return_address_type); 1561 push_jump_merge (npc, current_state); 1562 // Clean up. 1563 pop_type (return_address_type); 1564 1565 // On entry to the subroutine, the subroutine number must be set 1566 // and the locals must be marked as cleared. We do this after 1567 // merging state so that we don't erroneously "notice" a variable 1568 // change merely on entry. 1569 states[npc]->enter_subroutine (npc, current_method->max_locals); 1570 1571 // Indicate that we don't know the stack depth of the instruction 1572 // following the `jsr'. The idea here is that we need to merge 1573 // the local variable state across the jsr, but the subroutine 1574 // might change the stack depth, so we can't make any assumptions 1575 // about it. So we have yet another special case. We know that 1576 // at this point PC points to the instruction after the jsr. Note 1577 // that it is ok to have a `jsr' at the end of the bytecode, 1578 // provided that the called subroutine never returns. So, we have 1579 // a special case here and another one when we handle the ret. 1580 if (PC < current_method->code_length) 1581 { 1582 current_state->stacktop = state::NO_STACK; 1583 push_jump_merge (PC, current_state); 1584 } 1585 invalidate_pc (); 1586 } 1587 1588 jclass construct_primitive_array_type (type_val prim) 1589 { 1590 jclass k = NULL; 1591 switch (prim) 1592 { 1593 case boolean_type: 1594 k = JvPrimClass (boolean); 1595 break; 1596 case char_type: 1597 k = JvPrimClass (char); 1598 break; 1599 case float_type: 1600 k = JvPrimClass (float); 1601 break; 1602 case double_type: 1603 k = JvPrimClass (double); 1604 break; 1605 case byte_type: 1606 k = JvPrimClass (byte); 1607 break; 1608 case short_type: 1609 k = JvPrimClass (short); 1610 break; 1611 case int_type: 1612 k = JvPrimClass (int); 1613 break; 1614 case long_type: 1615 k = JvPrimClass (long); 1616 break; 1617 1618 // These aren't used here but we call them out to avoid 1619 // warnings. 1620 case void_type: 1621 case unsuitable_type: 1622 case return_address_type: 1623 case continuation_type: 1624 case unused_by_subroutine_type: 1625 case reference_type: 1626 case null_type: 1627 case unresolved_reference_type: 1628 case uninitialized_reference_type: 1629 case uninitialized_unresolved_reference_type: 1630 default: 1631 verify_fail ("unknown type in construct_primitive_array_type"); 1632 } 1633 k = _Jv_GetArrayClass (k, NULL); 1634 return k; 1635 } 1636 1637 // This pass computes the location of branch targets and also 1638 // instruction starts. 1639 void branch_prepass () 1640 { 1641 flags = (char *) _Jv_Malloc (current_method->code_length); 1642 jsr_ptrs = (subr_info **) _Jv_Malloc (sizeof (subr_info *) 1643 * current_method->code_length); 1644 1645 for (int i = 0; i < current_method->code_length; ++i) 1646 { 1647 flags[i] = 0; 1648 jsr_ptrs[i] = NULL; 1649 } 1650 1651 bool last_was_jsr = false; 1652 1653 PC = 0; 1654 while (PC < current_method->code_length) 1655 { 1656 // Set `start_PC' early so that error checking can have the 1657 // correct value. 1658 start_PC = PC; 1659 flags[PC] |= FLAG_INSN_START; 1660 1661 // If the previous instruction was a jsr, then the next 1662 // instruction is a branch target -- the branch being the 1663 // corresponding `ret'. 1664 if (last_was_jsr) 1665 note_branch_target (PC); 1666 last_was_jsr = false; 1667 1668 java_opcode opcode = (java_opcode) bytecode[PC++]; 1669 switch (opcode) 1670 { 1671 case op_nop: 1672 case op_aconst_null: 1673 case op_iconst_m1: 1674 case op_iconst_0: 1675 case op_iconst_1: 1676 case op_iconst_2: 1677 case op_iconst_3: 1678 case op_iconst_4: 1679 case op_iconst_5: 1680 case op_lconst_0: 1681 case op_lconst_1: 1682 case op_fconst_0: 1683 case op_fconst_1: 1684 case op_fconst_2: 1685 case op_dconst_0: 1686 case op_dconst_1: 1687 case op_iload_0: 1688 case op_iload_1: 1689 case op_iload_2: 1690 case op_iload_3: 1691 case op_lload_0: 1692 case op_lload_1: 1693 case op_lload_2: 1694 case op_lload_3: 1695 case op_fload_0: 1696 case op_fload_1: 1697 case op_fload_2: 1698 case op_fload_3: 1699 case op_dload_0: 1700 case op_dload_1: 1701 case op_dload_2: 1702 case op_dload_3: 1703 case op_aload_0: 1704 case op_aload_1: 1705 case op_aload_2: 1706 case op_aload_3: 1707 case op_iaload: 1708 case op_laload: 1709 case op_faload: 1710 case op_daload: 1711 case op_aaload: 1712 case op_baload: 1713 case op_caload: 1714 case op_saload: 1715 case op_istore_0: 1716 case op_istore_1: 1717 case op_istore_2: 1718 case op_istore_3: 1719 case op_lstore_0: 1720 case op_lstore_1: 1721 case op_lstore_2: 1722 case op_lstore_3: 1723 case op_fstore_0: 1724 case op_fstore_1: 1725 case op_fstore_2: 1726 case op_fstore_3: 1727 case op_dstore_0: 1728 case op_dstore_1: 1729 case op_dstore_2: 1730 case op_dstore_3: 1731 case op_astore_0: 1732 case op_astore_1: 1733 case op_astore_2: 1734 case op_astore_3: 1735 case op_iastore: 1736 case op_lastore: 1737 case op_fastore: 1738 case op_dastore: 1739 case op_aastore: 1740 case op_bastore: 1741 case op_castore: 1742 case op_sastore: 1743 case op_pop: 1744 case op_pop2: 1745 case op_dup: 1746 case op_dup_x1: 1747 case op_dup_x2: 1748 case op_dup2: 1749 case op_dup2_x1: 1750 case op_dup2_x2: 1751 case op_swap: 1752 case op_iadd: 1753 case op_isub: 1754 case op_imul: 1755 case op_idiv: 1756 case op_irem: 1757 case op_ishl: 1758 case op_ishr: 1759 case op_iushr: 1760 case op_iand: 1761 case op_ior: 1762 case op_ixor: 1763 case op_ladd: 1764 case op_lsub: 1765 case op_lmul: 1766 case op_ldiv: 1767 case op_lrem: 1768 case op_lshl: 1769 case op_lshr: 1770 case op_lushr: 1771 case op_land: 1772 case op_lor: 1773 case op_lxor: 1774 case op_fadd: 1775 case op_fsub: 1776 case op_fmul: 1777 case op_fdiv: 1778 case op_frem: 1779 case op_dadd: 1780 case op_dsub: 1781 case op_dmul: 1782 case op_ddiv: 1783 case op_drem: 1784 case op_ineg: 1785 case op_i2b: 1786 case op_i2c: 1787 case op_i2s: 1788 case op_lneg: 1789 case op_fneg: 1790 case op_dneg: 1791 case op_i2l: 1792 case op_i2f: 1793 case op_i2d: 1794 case op_l2i: 1795 case op_l2f: 1796 case op_l2d: 1797 case op_f2i: 1798 case op_f2l: 1799 case op_f2d: 1800 case op_d2i: 1801 case op_d2l: 1802 case op_d2f: 1803 case op_lcmp: 1804 case op_fcmpl: 1805 case op_fcmpg: 1806 case op_dcmpl: 1807 case op_dcmpg: 1808 case op_monitorenter: 1809 case op_monitorexit: 1810 case op_ireturn: 1811 case op_lreturn: 1812 case op_freturn: 1813 case op_dreturn: 1814 case op_areturn: 1815 case op_return: 1816 case op_athrow: 1817 case op_arraylength: 1818 break; 1819 1820 case op_bipush: 1821 case op_ldc: 1822 case op_iload: 1823 case op_lload: 1824 case op_fload: 1825 case op_dload: 1826 case op_aload: 1827 case op_istore: 1828 case op_lstore: 1829 case op_fstore: 1830 case op_dstore: 1831 case op_astore: 1832 case op_ret: 1833 case op_newarray: 1834 get_byte (); 1835 break; 1836 1837 case op_iinc: 1838 case op_sipush: 1839 case op_ldc_w: 1840 case op_ldc2_w: 1841 case op_getstatic: 1842 case op_getfield: 1843 case op_putfield: 1844 case op_putstatic: 1845 case op_new: 1846 case op_anewarray: 1847 case op_instanceof: 1848 case op_checkcast: 1849 case op_invokespecial: 1850 case op_invokestatic: 1851 case op_invokevirtual: 1852 get_short (); 1853 break; 1854 1855 case op_multianewarray: 1856 get_short (); 1857 get_byte (); 1858 break; 1859 1860 case op_jsr: 1861 last_was_jsr = true; 1862 // Fall through. 1863 case op_ifeq: 1864 case op_ifne: 1865 case op_iflt: 1866 case op_ifge: 1867 case op_ifgt: 1868 case op_ifle: 1869 case op_if_icmpeq: 1870 case op_if_icmpne: 1871 case op_if_icmplt: 1872 case op_if_icmpge: 1873 case op_if_icmpgt: 1874 case op_if_icmple: 1875 case op_if_acmpeq: 1876 case op_if_acmpne: 1877 case op_ifnull: 1878 case op_ifnonnull: 1879 case op_goto: 1880 note_branch_target (compute_jump (get_short ()), last_was_jsr); 1881 break; 1882 1883 case op_tableswitch: 1884 { 1885 skip_padding (); 1886 note_branch_target (compute_jump (get_int ())); 1887 jint low = get_int (); 1888 jint hi = get_int (); 1889 if (low > hi) 1890 verify_fail ("invalid tableswitch", start_PC); 1891 for (int i = low; i <= hi; ++i) 1892 note_branch_target (compute_jump (get_int ())); 1893 } 1894 break; 1895 1896 case op_lookupswitch: 1897 { 1898 skip_padding (); 1899 note_branch_target (compute_jump (get_int ())); 1900 int npairs = get_int (); 1901 if (npairs < 0) 1902 verify_fail ("too few pairs in lookupswitch", start_PC); 1903 while (npairs-- > 0) 1904 { 1905 get_int (); 1906 note_branch_target (compute_jump (get_int ())); 1907 } 1908 } 1909 break; 1910 1911 case op_invokeinterface: 1912 get_short (); 1913 get_byte (); 1914 get_byte (); 1915 break; 1916 1917 case op_wide: 1918 { 1919 opcode = (java_opcode) get_byte (); 1920 get_short (); 1921 if (opcode == op_iinc) 1922 get_short (); 1923 } 1924 break; 1925 1926 case op_jsr_w: 1927 last_was_jsr = true; 1928 // Fall through. 1929 case op_goto_w: 1930 note_branch_target (compute_jump (get_int ()), last_was_jsr); 1931 break; 1932 1933 // These are unused here, but we call them out explicitly 1934 // so that -Wswitch-enum doesn't complain. 1935 case op_putfield_1: 1936 case op_putfield_2: 1937 case op_putfield_4: 1938 case op_putfield_8: 1939 case op_putfield_a: 1940 case op_putstatic_1: 1941 case op_putstatic_2: 1942 case op_putstatic_4: 1943 case op_putstatic_8: 1944 case op_putstatic_a: 1945 case op_getfield_1: 1946 case op_getfield_2s: 1947 case op_getfield_2u: 1948 case op_getfield_4: 1949 case op_getfield_8: 1950 case op_getfield_a: 1951 case op_getstatic_1: 1952 case op_getstatic_2s: 1953 case op_getstatic_2u: 1954 case op_getstatic_4: 1955 case op_getstatic_8: 1956 case op_getstatic_a: 1957 default: 1958 verify_fail ("unrecognized instruction in branch_prepass", 1959 start_PC); 1960 } 1961 1962 // See if any previous branch tried to branch to the middle of 1963 // this instruction. 1964 for (int pc = start_PC + 1; pc < PC; ++pc) 1965 { 1966 if ((flags[pc] & FLAG_BRANCH_TARGET)) 1967 verify_fail ("branch to middle of instruction", pc); 1968 } 1969 } 1970 1971 // Verify exception handlers. 1972 for (int i = 0; i < current_method->exc_count; ++i) 1973 { 1974 if (! (flags[exception[i].handler_pc.i] & FLAG_INSN_START)) 1975 verify_fail ("exception handler not at instruction start", 1976 exception[i].handler_pc.i); 1977 if (! (flags[exception[i].start_pc.i] & FLAG_INSN_START)) 1978 verify_fail ("exception start not at instruction start", 1979 exception[i].start_pc.i); 1980 if (exception[i].end_pc.i != current_method->code_length 1981 && ! (flags[exception[i].end_pc.i] & FLAG_INSN_START)) 1982 verify_fail ("exception end not at instruction start", 1983 exception[i].end_pc.i); 1984 1985 flags[exception[i].handler_pc.i] |= FLAG_BRANCH_TARGET; 1986 } 1987 } 1988 1989 void check_pool_index (int index) 1990 { 1991 if (index < 0 || index >= current_class->constants.size) 1992 verify_fail ("constant pool index out of range", start_PC); 1993 } 1994 1995 type check_class_constant (int index) 1996 { 1997 check_pool_index (index); 1998 _Jv_Constants *pool = ¤t_class->constants; 1999 if (pool->tags[index] == JV_CONSTANT_ResolvedClass) 2000 return type (pool->data[index].clazz); 2001 else if (pool->tags[index] == JV_CONSTANT_Class) 2002 return type (pool->data[index].utf8); 2003 verify_fail ("expected class constant", start_PC); 2004 } 2005 2006 type check_constant (int index) 2007 { 2008 check_pool_index (index); 2009 _Jv_Constants *pool = ¤t_class->constants; 2010 if (pool->tags[index] == JV_CONSTANT_ResolvedString 2011 || pool->tags[index] == JV_CONSTANT_String) 2012 return type (&java::lang::String::class$); 2013 else if (pool->tags[index] == JV_CONSTANT_Integer) 2014 return type (int_type); 2015 else if (pool->tags[index] == JV_CONSTANT_Float) 2016 return type (float_type); 2017 verify_fail ("String, int, or float constant expected", start_PC); 2018 } 2019 2020 type check_wide_constant (int index) 2021 { 2022 check_pool_index (index); 2023 _Jv_Constants *pool = ¤t_class->constants; 2024 if (pool->tags[index] == JV_CONSTANT_Long) 2025 return type (long_type); 2026 else if (pool->tags[index] == JV_CONSTANT_Double) 2027 return type (double_type); 2028 verify_fail ("long or double constant expected", start_PC); 2029 } 2030 2031 // Helper for both field and method. These are laid out the same in 2032 // the constant pool. 2033 type handle_field_or_method (int index, int expected, 2034 _Jv_Utf8Const **name, 2035 _Jv_Utf8Const **fmtype) 2036 { 2037 check_pool_index (index); 2038 _Jv_Constants *pool = ¤t_class->constants; 2039 if (pool->tags[index] != expected) 2040 verify_fail ("didn't see expected constant", start_PC); 2041 // Once we know we have a Fieldref or Methodref we assume that it 2042 // is correctly laid out in the constant pool. I think the code 2043 // in defineclass.cc guarantees this. 2044 _Jv_ushort class_index, name_and_type_index; 2045 _Jv_loadIndexes (&pool->data[index], 2046 class_index, 2047 name_and_type_index); 2048 _Jv_ushort name_index, desc_index; 2049 _Jv_loadIndexes (&pool->data[name_and_type_index], 2050 name_index, desc_index); 2051 2052 *name = pool->data[name_index].utf8; 2053 *fmtype = pool->data[desc_index].utf8; 2054 2055 return check_class_constant (class_index); 2056 } 2057 2058 // Return field's type, compute class' type if requested. 2059 type check_field_constant (int index, type *class_type = NULL) 2060 { 2061 _Jv_Utf8Const *name, *field_type; 2062 type ct = handle_field_or_method (index, 2063 JV_CONSTANT_Fieldref, 2064 &name, &field_type); 2065 if (class_type) 2066 *class_type = ct; 2067 if (field_type->data[0] == '[' || field_type->data[0] == 'L') 2068 return type (field_type); 2069 return get_type_val_for_signature (field_type->data[0]); 2070 } 2071 2072 type check_method_constant (int index, bool is_interface, 2073 _Jv_Utf8Const **method_name, 2074 _Jv_Utf8Const **method_signature) 2075 { 2076 return handle_field_or_method (index, 2077 (is_interface 2078 ? JV_CONSTANT_InterfaceMethodref 2079 : JV_CONSTANT_Methodref), 2080 method_name, method_signature); 2081 } 2082 2083 type get_one_type (char *&p) 2084 { 2085 char *start = p; 2086 2087 int arraycount = 0; 2088 while (*p == '[') 2089 { 2090 ++arraycount; 2091 ++p; 2092 } 2093 2094 char v = *p++; 2095 2096 if (v == 'L') 2097 { 2098 while (*p != ';') 2099 ++p; 2100 ++p; 2101 _Jv_Utf8Const *name = make_utf8_const (start, p - start); 2102 return type (name); 2103 } 2104 2105 // Casting to jchar here is ok since we are looking at an ASCII 2106 // character. 2107 type_val rt = get_type_val_for_signature (jchar (v)); 2108 2109 if (arraycount == 0) 2110 { 2111 // Callers of this function eventually push their arguments on 2112 // the stack. So, promote them here. 2113 return type (rt).promote (); 2114 } 2115 2116 jclass k = construct_primitive_array_type (rt); 2117 while (--arraycount > 0) 2118 k = _Jv_GetArrayClass (k, NULL); 2119 return type (k); 2120 } 2121 2122 void compute_argument_types (_Jv_Utf8Const *signature, 2123 type *types) 2124 { 2125 char *p = signature->data; 2126 // Skip `('. 2127 ++p; 2128 2129 int i = 0; 2130 while (*p != ')') 2131 types[i++] = get_one_type (p); 2132 } 2133 2134 type compute_return_type (_Jv_Utf8Const *signature) 2135 { 2136 char *p = signature->data; 2137 while (*p != ')') 2138 ++p; 2139 ++p; 2140 return get_one_type (p); 2141 } 2142 2143 void check_return_type (type onstack) 2144 { 2145 type rt = compute_return_type (current_method->self->signature); 2146 if (! rt.compatible (onstack, this)) 2147 verify_fail ("incompatible return type"); 2148 } 2149 2150 // Initialize the stack for the new method. Returns true if this 2151 // method is an instance initializer. 2152 bool initialize_stack () 2153 { 2154 int var = 0; 2155 bool is_init = _Jv_equalUtf8Consts (current_method->self->name, 2156 gcj::init_name); 2157 bool is_clinit = _Jv_equalUtf8Consts (current_method->self->name, 2158 gcj::clinit_name); 2159 2160 using namespace java::lang::reflect; 2161 if (! Modifier::isStatic (current_method->self->accflags)) 2162 { 2163 type kurr (current_class); 2164 if (is_init) 2165 { 2166 kurr.set_uninitialized (type::SELF, this); 2167 is_init = true; 2168 } 2169 else if (is_clinit) 2170 verify_fail ("<clinit> method must be static"); 2171 set_variable (0, kurr); 2172 current_state->set_this_type (kurr); 2173 ++var; 2174 } 2175 else 2176 { 2177 if (is_init) 2178 verify_fail ("<init> method must be non-static"); 2179 } 2180 2181 // We have to handle wide arguments specially here. 2182 int arg_count = _Jv_count_arguments (current_method->self->signature); 2183 type arg_types[arg_count]; 2184 compute_argument_types (current_method->self->signature, arg_types); 2185 for (int i = 0; i < arg_count; ++i) 2186 { 2187 set_variable (var, arg_types[i]); 2188 ++var; 2189 if (arg_types[i].iswide ()) 2190 ++var; 2191 } 2192 2193 return is_init; 2194 } 2195 2196 void verify_instructions_0 () 2197 { 2198 current_state = new state (current_method->max_stack, 2199 current_method->max_locals); 2200 2201 PC = 0; 2202 start_PC = 0; 2203 2204 // True if we are verifying an instance initializer. 2205 bool this_is_init = initialize_stack (); 2206 2207 states = (state **) _Jv_Malloc (sizeof (state *) 2208 * current_method->code_length); 2209 for (int i = 0; i < current_method->code_length; ++i) 2210 states[i] = NULL; 2211 2212 next_verify_pc = state::NO_NEXT; 2213 2214 while (true) 2215 { 2216 // If the PC was invalidated, get a new one from the work list. 2217 if (PC == state::NO_NEXT) 2218 { 2219 PC = pop_jump (); 2220 if (PC == state::INVALID) 2221 verify_fail ("can't happen: saw state::INVALID"); 2222 if (PC == state::NO_NEXT) 2223 break; 2224 debug_print ("== State pop from pending list\n"); 2225 // Set up the current state. 2226 current_state->copy (states[PC], current_method->max_stack, 2227 current_method->max_locals); 2228 } 2229 else 2230 { 2231 // Control can't fall off the end of the bytecode. We 2232 // only need to check this in the fall-through case, 2233 // because branch bounds are checked when they are 2234 // pushed. 2235 if (PC >= current_method->code_length) 2236 verify_fail ("fell off end"); 2237 2238 // We only have to do this checking in the situation where 2239 // control flow falls through from the previous 2240 // instruction. Otherwise merging is done at the time we 2241 // push the branch. 2242 if (states[PC] != NULL) 2243 { 2244 // We've already visited this instruction. So merge 2245 // the states together. If this yields no change then 2246 // we don't have to re-verify. However, if the new 2247 // state is an the result of an unmerged `ret', we 2248 // must continue through it. 2249 debug_print ("== Fall through merge\n"); 2250 states[PC]->print ("Old", PC, current_method->max_stack, 2251 current_method->max_locals); 2252 current_state->print ("Cur", PC, current_method->max_stack, 2253 current_method->max_locals); 2254 if (! current_state->merge (states[PC], false, 2255 current_method->max_locals, this) 2256 && ! states[PC]->is_unmerged_ret_state (current_method->max_locals)) 2257 { 2258 debug_print ("== Fall through optimization\n"); 2259 invalidate_pc (); 2260 continue; 2261 } 2262 // Save a copy of it for later. 2263 states[PC]->copy (current_state, current_method->max_stack, 2264 current_method->max_locals); 2265 current_state->print ("New", PC, current_method->max_stack, 2266 current_method->max_locals); 2267 } 2268 } 2269 2270 // We only have to keep saved state at branch targets. If 2271 // we're at a branch target and the state here hasn't been set 2272 // yet, we set it now. 2273 if (states[PC] == NULL && (flags[PC] & FLAG_BRANCH_TARGET)) 2274 { 2275 states[PC] = new state (current_state, current_method->max_stack, 2276 current_method->max_locals); 2277 } 2278 2279 // Set this before handling exceptions so that debug output is 2280 // sane. 2281 start_PC = PC; 2282 2283 // Update states for all active exception handlers. Ordinarily 2284 // there are not many exception handlers. So we simply run 2285 // through them all. 2286 for (int i = 0; i < current_method->exc_count; ++i) 2287 { 2288 if (PC >= exception[i].start_pc.i && PC < exception[i].end_pc.i) 2289 { 2290 type handler (&java::lang::Throwable::class$); 2291 if (exception[i].handler_type.i != 0) 2292 handler = check_class_constant (exception[i].handler_type.i); 2293 push_exception_jump (handler, exception[i].handler_pc.i); 2294 } 2295 } 2296 2297 current_state->print (" ", PC, current_method->max_stack, 2298 current_method->max_locals); 2299 java_opcode opcode = (java_opcode) bytecode[PC++]; 2300 switch (opcode) 2301 { 2302 case op_nop: 2303 break; 2304 2305 case op_aconst_null: 2306 push_type (null_type); 2307 break; 2308 2309 case op_iconst_m1: 2310 case op_iconst_0: 2311 case op_iconst_1: 2312 case op_iconst_2: 2313 case op_iconst_3: 2314 case op_iconst_4: 2315 case op_iconst_5: 2316 push_type (int_type); 2317 break; 2318 2319 case op_lconst_0: 2320 case op_lconst_1: 2321 push_type (long_type); 2322 break; 2323 2324 case op_fconst_0: 2325 case op_fconst_1: 2326 case op_fconst_2: 2327 push_type (float_type); 2328 break; 2329 2330 case op_dconst_0: 2331 case op_dconst_1: 2332 push_type (double_type); 2333 break; 2334 2335 case op_bipush: 2336 get_byte (); 2337 push_type (int_type); 2338 break; 2339 2340 case op_sipush: 2341 get_short (); 2342 push_type (int_type); 2343 break; 2344 2345 case op_ldc: 2346 push_type (check_constant (get_byte ())); 2347 break; 2348 case op_ldc_w: 2349 push_type (check_constant (get_ushort ())); 2350 break; 2351 case op_ldc2_w: 2352 push_type (check_wide_constant (get_ushort ())); 2353 break; 2354 2355 case op_iload: 2356 push_type (get_variable (get_byte (), int_type)); 2357 break; 2358 case op_lload: 2359 push_type (get_variable (get_byte (), long_type)); 2360 break; 2361 case op_fload: 2362 push_type (get_variable (get_byte (), float_type)); 2363 break; 2364 case op_dload: 2365 push_type (get_variable (get_byte (), double_type)); 2366 break; 2367 case op_aload: 2368 push_type (get_variable (get_byte (), reference_type)); 2369 break; 2370 2371 case op_iload_0: 2372 case op_iload_1: 2373 case op_iload_2: 2374 case op_iload_3: 2375 push_type (get_variable (opcode - op_iload_0, int_type)); 2376 break; 2377 case op_lload_0: 2378 case op_lload_1: 2379 case op_lload_2: 2380 case op_lload_3: 2381 push_type (get_variable (opcode - op_lload_0, long_type)); 2382 break; 2383 case op_fload_0: 2384 case op_fload_1: 2385 case op_fload_2: 2386 case op_fload_3: 2387 push_type (get_variable (opcode - op_fload_0, float_type)); 2388 break; 2389 case op_dload_0: 2390 case op_dload_1: 2391 case op_dload_2: 2392 case op_dload_3: 2393 push_type (get_variable (opcode - op_dload_0, double_type)); 2394 break; 2395 case op_aload_0: 2396 case op_aload_1: 2397 case op_aload_2: 2398 case op_aload_3: 2399 push_type (get_variable (opcode - op_aload_0, reference_type)); 2400 break; 2401 case op_iaload: 2402 pop_type (int_type); 2403 push_type (require_array_type (pop_init_ref (reference_type), 2404 int_type)); 2405 break; 2406 case op_laload: 2407 pop_type (int_type); 2408 push_type (require_array_type (pop_init_ref (reference_type), 2409 long_type)); 2410 break; 2411 case op_faload: 2412 pop_type (int_type); 2413 push_type (require_array_type (pop_init_ref (reference_type), 2414 float_type)); 2415 break; 2416 case op_daload: 2417 pop_type (int_type); 2418 push_type (require_array_type (pop_init_ref (reference_type), 2419 double_type)); 2420 break; 2421 case op_aaload: 2422 pop_type (int_type); 2423 push_type (require_array_type (pop_init_ref (reference_type), 2424 reference_type)); 2425 break; 2426 case op_baload: 2427 pop_type (int_type); 2428 require_array_type (pop_init_ref (reference_type), byte_type); 2429 push_type (int_type); 2430 break; 2431 case op_caload: 2432 pop_type (int_type); 2433 require_array_type (pop_init_ref (reference_type), char_type); 2434 push_type (int_type); 2435 break; 2436 case op_saload: 2437 pop_type (int_type); 2438 require_array_type (pop_init_ref (reference_type), short_type); 2439 push_type (int_type); 2440 break; 2441 case op_istore: 2442 set_variable (get_byte (), pop_type (int_type)); 2443 break; 2444 case op_lstore: