| package org.apache.bcel.verifier.statics; |
| |
| /* ==================================================================== |
| * The Apache Software License, Version 1.1 |
| * |
| * Copyright (c) 2001 The Apache Software Foundation. All rights |
| * reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in |
| * the documentation and/or other materials provided with the |
| * distribution. |
| * |
| * 3. The end-user documentation included with the redistribution, |
| * if any, must include the following acknowledgment: |
| * "This product includes software developed by the |
| * Apache Software Foundation (http://www.apache.org/)." |
| * Alternately, this acknowledgment may appear in the software itself, |
| * if and wherever such third-party acknowledgments normally appear. |
| * |
| * 4. The names "Apache" and "Apache Software Foundation" and |
| * "Apache BCEL" must not be used to endorse or promote products |
| * derived from this software without prior written permission. For |
| * written permission, please contact apache@apache.org. |
| * |
| * 5. Products derived from this software may not be called "Apache", |
| * "Apache BCEL", nor may "Apache" appear in their name, without |
| * prior written permission of the Apache Software Foundation. |
| * |
| * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR |
| * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
| * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| * SUCH DAMAGE. |
| * ==================================================================== |
| * |
| * This software consists of voluntary contributions made by many |
| * individuals on behalf of the Apache Software Foundation. For more |
| * information on the Apache Software Foundation, please see |
| * <http://www.apache.org/>. |
| */ |
| |
| import org.apache.bcel.*; |
| import org.apache.bcel.generic.*; |
| import org.apache.bcel.classfile.*; |
| import org.apache.bcel.verifier.*; |
| import org.apache.bcel.verifier.exc.*; |
| import java.util.ArrayList; |
| import java.util.HashMap; |
| |
| /** |
| * This PassVerifier verifies a class file according to |
| * pass 3, static part as described in The Java Virtual |
| * Machine Specification, 2nd edition. |
| * More detailed information is to be found at the do_verify() |
| * method's documentation. |
| * |
| * @version $Id$ |
| * @author <A HREF="http://www.inf.fu-berlin.de/~ehaase"/>Enver Haase</A> |
| * @see #do_verify() |
| */ |
| public final class Pass3aVerifier extends PassVerifier{ |
| |
| /** The Verifier that created this. */ |
| private Verifier myOwner; |
| |
| /** |
| * The method number to verify. |
| * This is the index in the array returned |
| * by JavaClass.getMethods(). |
| */ |
| private int method_no; |
| |
| /** The one and only InstructionList object used by an instance of this class. It's here for performance reasons by do_verify() and its callees. */ |
| InstructionList instructionList; |
| /** The one and only Code object used by an instance of this class. It's here for performance reasons by do_verify() and its callees. */ |
| Code code; |
| |
| /** Should only be instantiated by a Verifier. */ |
| public Pass3aVerifier(Verifier owner, int method_no){ |
| myOwner = owner; |
| this.method_no = method_no; |
| } |
| |
| /** |
| * Pass 3a is the verification of static constraints of |
| * JVM code (such as legal targets of branch instructions). |
| * This is the part of pass 3 where you do not need data |
| * flow analysis. |
| * JustIce also delays the checks for a correct exception |
| * table of a Code attribute and correct line number entries |
| * in a LineNumberTable attribute of a Code attribute (which |
| * conceptually belong to pass 2) to this pass. Also, most |
| * of the check for valid local variable entries in a |
| * LocalVariableTable attribute of a Code attribute is |
| * delayed until this pass. |
| * All these checks need access to the code array of the |
| * Code attribute. |
| * |
| * @throws InvalidMethodException if the method to verify does not exist. |
| */ |
| public VerificationResult do_verify(){ |
| if (myOwner.doPass2().equals(VerificationResult.VR_OK)){ |
| // Okay, class file was loaded correctly by Pass 1 |
| // and satisfies static constraints of Pass 2. |
| JavaClass jc = Repository.lookupClass(myOwner.getClassName()); |
| Method[] methods = jc.getMethods(); |
| if (method_no >= methods.length){ |
| throw new InvalidMethodException("METHOD DOES NOT EXIST!"); |
| } |
| Method method = methods[method_no]; |
| code = method.getCode(); |
| |
| // No Code? Nothing to verify! |
| if ( method.isAbstract() || method.isNative() ){ // IF mg HAS NO CODE (static constraint of Pass 2) |
| return VerificationResult.VR_OK; |
| } |
| |
| // TODO: |
| // We want a very sophisticated code examination here with good explanations |
| // on where to look for an illegal instruction or such. |
| // Only after that we should try to build an InstructionList and throw an |
| // AssertionViolatedException if after our examination InstructionList building |
| // still fails. |
| // That examination should be implemented in a byte-oriented way, i.e. look for |
| // an instruction, make sure its validity, count its length, find the next |
| // instruction and so on. |
| try{ |
| instructionList = new InstructionList(method.getCode().getCode()); |
| } |
| catch(RuntimeException re){ |
| return new VerificationResult(VerificationResult.VERIFIED_REJECTED, "Bad bytecode in the code array of the Code attribute of method '"+method+"'."); |
| } |
| |
| instructionList.setPositions(true); |
| |
| // Start verification. |
| VerificationResult vr = VerificationResult.VR_OK; //default |
| try{ |
| delayedPass2Checks(); |
| } |
| catch(ClassConstraintException cce){ |
| vr = new VerificationResult(VerificationResult.VERIFIED_REJECTED, cce.getMessage()); |
| return vr; |
| } |
| try{ |
| pass3StaticInstructionChecks(); |
| pass3StaticInstructionOperandsChecks(); |
| } |
| catch(StaticCodeConstraintException scce){ |
| vr = new VerificationResult(VerificationResult.VERIFIED_REJECTED, scce.getMessage()); |
| } |
| return vr; |
| } |
| else{ //did not pass Pass 2. |
| return VerificationResult.VR_NOTYET; |
| } |
| } |
| |
| /** |
| * These are the checks that could be done in pass 2 but are delayed to pass 3 |
| * for performance reasons. Also, these checks need access to the code array |
| * of the Code attribute of a Method so it's okay to perform them here. |
| * Also see the description of the do_verify() method. |
| * |
| * @throws ClassConstraintException if the verification fails. |
| * @see #do_verify() |
| */ |
| private void delayedPass2Checks(){ |
| |
| int[] instructionPositions = instructionList.getInstructionPositions(); |
| int codeLength = code.getCode().length; |
| |
| ///////////////////// |
| // LineNumberTable // |
| ///////////////////// |
| LineNumberTable lnt = code.getLineNumberTable(); |
| if (lnt != null){ |
| LineNumber[] lineNumbers = lnt.getLineNumberTable(); |
| IntList offsets = new IntList(); |
| lineNumber_loop: for (int i=0; i < lineNumbers.length; i++){ // may appear in any order. |
| for (int j=0; j < instructionPositions.length; j++){ |
| // TODO: Make this a binary search! The instructionPositions array is naturally ordered! |
| int offset = lineNumbers[i].getStartPC(); |
| if (instructionPositions[j] == offset){ |
| if (offsets.contains(offset)){ |
| addMessage("LineNumberTable attribute '"+code.getLineNumberTable()+"' refers to the same code offset ('"+offset+"') more than once which is violating the semantics [but is sometimes produced by IBM's 'jikes' compiler]."); |
| } |
| else{ |
| offsets.add(offset); |
| } |
| continue lineNumber_loop; |
| } |
| } |
| throw new ClassConstraintException("Code attribute '"+code+"' has a LineNumberTable attribute '"+code.getLineNumberTable()+"' referring to a code offset ('"+lineNumbers[i].getStartPC()+"') that does not exist."); |
| } |
| } |
| |
| /////////////////////////// |
| // LocalVariableTable(s) // |
| /////////////////////////// |
| /* We cannot use code.getLocalVariableTable() because there could be more |
| than only one. This is a bug in BCEL. */ |
| Attribute[] atts = code.getAttributes(); |
| for (int a=0; a<atts.length; a++){ |
| if (atts[a] instanceof LocalVariableTable){ |
| LocalVariableTable lvt = (LocalVariableTable) atts[a]; |
| if (lvt != null){ |
| LocalVariable[] localVariables = lvt.getLocalVariableTable(); |
| for (int i=0; i<localVariables.length; i++){ |
| int startpc = localVariables[i].getStartPC(); |
| int length = localVariables[i].getLength(); |
| |
| if (!contains(instructionPositions, startpc)){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has a LocalVariableTable attribute '"+code.getLocalVariableTable()+"' referring to a code offset ('"+startpc+"') that does not exist."); |
| } |
| if ( (!contains(instructionPositions, startpc+length)) && (startpc+length != codeLength) ){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has a LocalVariableTable attribute '"+code.getLocalVariableTable()+"' referring to a code offset start_pc+length ('"+(startpc+length)+"') that does not exist."); |
| } |
| } |
| } |
| } |
| } |
| |
| //////////////////// |
| // ExceptionTable // |
| //////////////////// |
| // In BCEL's "classfile" API, the startPC/endPC-notation is |
| // inclusive/exclusive as in the Java Virtual Machine Specification. |
| // WARNING: This is not true for BCEL's "generic" API. |
| CodeException[] exceptionTable = code.getExceptionTable(); |
| for (int i=0; i<exceptionTable.length; i++){ |
| int startpc = exceptionTable[i].getStartPC(); |
| int endpc = exceptionTable[i].getEndPC(); |
| int handlerpc = exceptionTable[i].getHandlerPC(); |
| if (startpc >= endpc){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has an exception_table entry '"+exceptionTable[i]+"' that has its start_pc ('"+startpc+"') not smaller than its end_pc ('"+endpc+"')."); |
| } |
| if (!contains(instructionPositions, startpc)){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has an exception_table entry '"+exceptionTable[i]+"' that has a non-existant bytecode offset as its start_pc ('"+startpc+"')."); |
| } |
| if ( (!contains(instructionPositions, endpc)) && (endpc != codeLength)){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has an exception_table entry '"+exceptionTable[i]+"' that has a non-existant bytecode offset as its end_pc ('"+startpc+"') [that is also not equal to code_length ('"+codeLength+"')]."); |
| } |
| if (!contains(instructionPositions, handlerpc)){ |
| throw new ClassConstraintException("Code attribute '"+code+"' has an exception_table entry '"+exceptionTable[i]+"' that has a non-existant bytecode offset as its handler_pc ('"+handlerpc+"')."); |
| } |
| } |
| } |
| |
| /** |
| * These are the checks if constraints are satisfied which are described in the |
| * Java Virtual Machine Specification, Second Edition as Static Constraints on |
| * the instructions of Java Virtual Machine Code (chapter 4.8.1). |
| * |
| * @throws StaticCodeConstraintException if the verification fails. |
| */ |
| private void pass3StaticInstructionChecks(){ |
| |
| // Code array must not be empty: |
| // Enforced in pass 2 (also stated in the static constraints of the Code |
| // array in vmspec2), together with pass 1 (reading code_length bytes and |
| // interpreting them as code[]). So this must not be checked again here. |
| |
| if (! (code.getCode().length < 65536)){// contradicts vmspec2 page 152 ("Limitations"), but is on page 134. |
| throw new StaticCodeInstructionConstraintException("Code array in code attribute '"+code+"' too big: must be smaller than 65536 bytes."); |
| } |
| |
| // First opcode at offset 0: okay, that's clear. Nothing to do. |
| |
| // Only instances of the instructions documented in Section 6.4 may appear in |
| // the code array. |
| |
| // For BCEL's sake, we cannot handle WIDE stuff, but hopefully BCEL does its job right :) |
| |
| // The last byte of the last instruction in the code array must be the byte at index |
| // code_length-1 : See the do_verify() comments. We actually don't iterate through the |
| // byte array, but use an InstructionList so we cannot check for this. But BCEL does |
| // things right, so it's implicitely okay. |
| |
| // TODO: Check how BCEL handles (and will handle) instructions like IMPDEP1, IMPDEP2, |
| // BREAKPOINT... that BCEL knows about but which are illegal anyway. |
| // We currently go the safe way here. |
| InstructionHandle ih = instructionList.getStart(); |
| while (ih != null){ |
| Instruction i = ih.getInstruction(); |
| if (i instanceof IMPDEP1){ |
| throw new StaticCodeInstructionConstraintException("IMPDEP1 must not be in the code, it is an illegal instruction for _internal_ JVM use!"); |
| } |
| if (i instanceof IMPDEP2){ |
| throw new StaticCodeInstructionConstraintException("IMPDEP2 must not be in the code, it is an illegal instruction for _internal_ JVM use!"); |
| } |
| if (i instanceof BREAKPOINT){ |
| throw new StaticCodeInstructionConstraintException("BREAKPOINT must not be in the code, it is an illegal instruction for _internal_ JVM use!"); |
| } |
| ih = ih.getNext(); |
| } |
| |
| // The original verifier seems to do this check here, too. |
| // An unreachable last instruction may also not fall through the |
| // end of the code, which is stupid -- but with the original |
| // verifier's subroutine semantics one cannot predict reachability. |
| Instruction last = instructionList.getEnd().getInstruction(); |
| if (! ((last instanceof ReturnInstruction) || |
| (last instanceof RET) || |
| (last instanceof GotoInstruction) || |
| (last instanceof ATHROW) )) // JSR / JSR_W would possibly RETurn and then fall off the code! |
| throw new StaticCodeInstructionConstraintException("Execution must not fall off the bottom of the code array. This constraint is enforced statically as some existing verifiers do - so it may be a false alarm if the last instruction is not reachable."); |
| } |
| |
| /** |
| * These are the checks for the satisfaction of constraints which are described in the |
| * Java Virtual Machine Specification, Second Edition as Static Constraints on |
| * the operands of instructions of Java Virtual Machine Code (chapter 4.8.1). |
| * BCEL parses the code array to create an InstructionList and therefore has to check |
| * some of these constraints. Additional checks are also implemented here. |
| * |
| * @throws StaticCodeConstraintException if the verification fails. |
| */ |
| private void pass3StaticInstructionOperandsChecks(){ |
| // When building up the InstructionList, BCEL has already done all those checks |
| // mentioned in The Java Virtual Machine Specification, Second Edition, as |
| // "static constraints on the operands of instructions in the code array". |
| // TODO: see the do_verify() comments. Maybe we should really work on the |
| // byte array first to give more comprehensive messages. |
| // TODO: Review Exception API, possibly build in some "offending instruction" thing |
| // when we're ready to insulate the offending instruction by doing the |
| // above thing. |
| |
| // TODO: Implement as much as possible here. BCEL does _not_ check everything. |
| |
| ConstantPoolGen cpg = new ConstantPoolGen(Repository.lookupClass(myOwner.getClassName()).getConstantPool()); |
| InstOperandConstraintVisitor v = new InstOperandConstraintVisitor(cpg); |
| |
| // Checks for the things BCEL does _not_ handle itself. |
| InstructionHandle ih = instructionList.getStart(); |
| while (ih != null){ |
| Instruction i = ih.getInstruction(); |
| |
| // An "own" constraint, due to JustIce's new definition of what "subroutine" means. |
| if (i instanceof JsrInstruction){ |
| InstructionHandle target = ((JsrInstruction) i).getTarget(); |
| if (target == instructionList.getStart()){ |
| throw new StaticCodeInstructionOperandConstraintException("Due to JustIce's clear definition of subroutines, no JSR or JSR_W may have a top-level instruction (such as the very first instruction, which is targeted by instruction '"+ih+"' as its target."); |
| } |
| if (!(target.getInstruction() instanceof ASTORE)){ |
| throw new StaticCodeInstructionOperandConstraintException("Due to JustIce's clear definition of subroutines, no JSR or JSR_W may target anything else than an ASTORE instruction. Instruction '"+ih+"' targets '"+target+"'."); |
| } |
| } |
| |
| // vmspec2, page 134-137 |
| ih.accept(v); |
| |
| ih = ih.getNext(); |
| } |
| |
| } |
| |
| /** A small utility method returning if a given int i is in the given int[] ints. */ |
| private static boolean contains(int[] ints, int i){ |
| for (int j=0; j<ints.length; j++){ |
| if (ints[j]==i) return true; |
| } |
| return false; |
| } |
| |
| /** Returns the method number as supplied when instantiating. */ |
| public int getMethodNo(){ |
| return method_no; |
| } |
| |
| /** |
| * This visitor class does the actual checking for the instruction |
| * operand's constraints. |
| */ |
| private class InstOperandConstraintVisitor extends org.apache.bcel.generic.EmptyVisitor{ |
| /** The ConstantPoolGen instance this Visitor operates on. */ |
| private ConstantPoolGen cpg; |
| |
| /** The only Constructor. */ |
| InstOperandConstraintVisitor(ConstantPoolGen cpg){ |
| this.cpg = cpg; |
| } |
| |
| /** |
| * Utility method to return the max_locals value of the method verified |
| * by the surrounding Pass3aVerifier instance. |
| */ |
| private int max_locals(){ |
| return Repository.lookupClass(myOwner.getClassName()).getMethods()[method_no].getCode().getMaxLocals(); |
| } |
| |
| /** |
| * A utility method to always raise an exeption. |
| */ |
| private void constraintViolated(Instruction i, String message) { |
| throw new StaticCodeInstructionOperandConstraintException("Instruction "+i+" constraint violated: "+message); |
| } |
| |
| /** |
| * A utility method to raise an exception if the index is not |
| * a valid constant pool index. |
| */ |
| private void indexValid(Instruction i, int idx){ |
| if (idx < 0 || idx >= cpg.getSize()){ |
| constraintViolated(i, "Illegal constant pool index '"+idx+"'."); |
| } |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // The Java Virtual Machine Specification, pages 134-137 // |
| /////////////////////////////////////////////////////////// |
| /** |
| * Assures the generic preconditions of a LoadClass instance. |
| * The referenced class is loaded and pass2-verified. |
| */ |
| public void visitLoadClass(LoadClass o){ |
| ObjectType t = o.getLoadClassType(cpg); |
| if (t != null){// null means "no class is loaded" |
| Verifier v = VerifierFactory.getVerifier(t.getClassName()); |
| VerificationResult vr = v.doPass1(); |
| if (vr.getStatus() != VerificationResult.VERIFIED_OK){ |
| constraintViolated((Instruction) o, "Class '"+o.getLoadClassType(cpg).getClassName()+"' is referenced, but cannot be loaded: '"+vr+"'."); |
| } |
| } |
| } |
| |
| // The target of each jump and branch instruction [...] must be the opcode [...] |
| // BCEL _DOES_ handle this. |
| |
| // tableswitch: BCEL will do it, supposedly. |
| |
| // lookupswitch: BCEL will do it, supposedly. |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| // LDC and LDC_W (LDC_W is a subclass of LDC in BCEL's model) |
| public void visitLDC(LDC o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! ( (c instanceof ConstantInteger) || |
| (c instanceof ConstantFloat) || |
| (c instanceof ConstantString) ) ){ |
| constraintViolated(o, "Operand of LDC or LDC_W must be one of CONSTANT_Integer, CONSTANT_Float or CONSTANT_String, but is '"+c+"'."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| // LDC2_W |
| public void visitLDC2_W(LDC2_W o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! ( (c instanceof ConstantLong) || |
| (c instanceof ConstantDouble) ) ){ |
| constraintViolated(o, "Operand of LDC2_W must be CONSTANT_Long or CONSTANT_Double, but is '"+c+"'."); |
| } |
| try{ |
| indexValid(o, o.getIndex()+1); |
| } |
| catch(StaticCodeInstructionOperandConstraintException e){ |
| throw new AssertionViolatedException("OOPS: Does not BCEL handle that? LDC2_W operand has a problem."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| //getfield, putfield, getstatic, putstatic |
| public void visitFieldInstruction(FieldInstruction o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantFieldref)){ |
| constraintViolated(o, "Indexing a constant that's not a CONSTANT_Fieldref but a '"+c+"'."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitInvokeInstruction(InvokeInstruction o){ |
| indexValid(o, o.getIndex()); |
| if ( (o instanceof INVOKEVIRTUAL) || |
| (o instanceof INVOKESPECIAL) || |
| (o instanceof INVOKESTATIC) ){ |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantMethodref)){ |
| constraintViolated(o, "Indexing a constant that's not a CONSTANT_Methodref but a '"+c+"'."); |
| } |
| else{ |
| // Constants are okay due to pass2. |
| ConstantNameAndType cnat = (ConstantNameAndType) (cpg.getConstant(((ConstantMethodref) c).getNameAndTypeIndex())); |
| ConstantUtf8 cutf8 = (ConstantUtf8) (cpg.getConstant(cnat.getNameIndex())); |
| if (cutf8.getBytes().equals(Constants.CONSTRUCTOR_NAME) && (!(o instanceof INVOKESPECIAL)) ){ |
| constraintViolated(o, "Only INVOKESPECIAL is allowed to invoke instance initialization methods."); |
| } |
| if ( (! (cutf8.getBytes().equals(Constants.CONSTRUCTOR_NAME)) ) && (cutf8.getBytes().startsWith("<")) ){ |
| constraintViolated(o, "No method with a name beginning with '<' other than the instance initialization methods may be called by the method invocation instructions."); |
| } |
| } |
| } |
| else{ //if (o instanceof INVOKEINTERFACE){ |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantInterfaceMethodref)){ |
| constraintViolated(o, "Indexing a constant that's not a CONSTANT_InterfaceMethodref but a '"+c+"'."); |
| } |
| // TODO: From time to time check if BCEL allows to detect if the |
| // 'count' operand is consistent with the information in the |
| // CONSTANT_InterfaceMethodref and if the last operand is zero. |
| // By now, BCEL hides those two operands because they're superfluous. |
| |
| // Invoked method must not be <init> or <clinit> |
| ConstantNameAndType cnat = (ConstantNameAndType) (cpg.getConstant(((ConstantInterfaceMethodref)c).getNameAndTypeIndex())); |
| String name = ((ConstantUtf8) (cpg.getConstant(cnat.getNameIndex()))).getBytes(); |
| if (name.equals(Constants.CONSTRUCTOR_NAME)){ |
| constraintViolated(o, "Method to invoke must not be '"+Constants.CONSTRUCTOR_NAME+"'."); |
| } |
| if (name.equals(Constants.STATIC_INITIALIZER_NAME)){ |
| constraintViolated(o, "Method to invoke must not be '"+Constants.STATIC_INITIALIZER_NAME+"'."); |
| } |
| } |
| |
| // The LoadClassType is the method-declaring class, so we have to check the other types. |
| |
| Type t = o.getReturnType(cpg); |
| if (t instanceof ArrayType){ |
| t = ((ArrayType) t).getBasicType(); |
| } |
| if (t instanceof ObjectType){ |
| Verifier v = VerifierFactory.getVerifier(((ObjectType) t).getClassName()); |
| VerificationResult vr = v.doPass2(); |
| if (vr.getStatus() != VerificationResult.VERIFIED_OK){ |
| constraintViolated(o, "Return type class/interface could not be verified successfully: '"+vr.getMessage()+"'."); |
| } |
| } |
| |
| Type[] ts = o.getArgumentTypes(cpg); |
| for (int i=0; i<ts.length; i++){ |
| t = ts[i]; |
| if (t instanceof ArrayType){ |
| t = ((ArrayType) t).getBasicType(); |
| } |
| if (t instanceof ObjectType){ |
| Verifier v = VerifierFactory.getVerifier(((ObjectType) t).getClassName()); |
| VerificationResult vr = v.doPass2(); |
| if (vr.getStatus() != VerificationResult.VERIFIED_OK){ |
| constraintViolated(o, "Argument type class/interface could not be verified successfully: '"+vr.getMessage()+"'."); |
| } |
| } |
| } |
| |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitINSTANCEOF(INSTANCEOF o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantClass)){ |
| constraintViolated(o, "Expecting a CONSTANT_Class operand, but found a '"+c+"'."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitCHECKCAST(CHECKCAST o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantClass)){ |
| constraintViolated(o, "Expecting a CONSTANT_Class operand, but found a '"+c+"'."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitNEW(NEW o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantClass)){ |
| constraintViolated(o, "Expecting a CONSTANT_Class operand, but found a '"+c+"'."); |
| } |
| else{ |
| ConstantUtf8 cutf8 = (ConstantUtf8) (cpg.getConstant( ((ConstantClass) c).getNameIndex() )); |
| Type t = Type.getType("L"+cutf8.getBytes()+";"); |
| if (t instanceof ArrayType){ |
| constraintViolated(o, "NEW must not be used to create an array."); |
| } |
| } |
| |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitMULTIANEWARRAY(MULTIANEWARRAY o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantClass)){ |
| constraintViolated(o, "Expecting a CONSTANT_Class operand, but found a '"+c+"'."); |
| } |
| int dimensions2create = o.getDimensions(); |
| if (dimensions2create < 1){ |
| constraintViolated(o, "Number of dimensions to create must be greater than zero."); |
| } |
| Type t = o.getType(cpg); |
| if (t instanceof ArrayType){ |
| int dimensions = ((ArrayType) t).getDimensions(); |
| if (dimensions < dimensions2create){ |
| constraintViolated(o, "Not allowed to create array with more dimensions ('+dimensions2create+') than the one referenced by the CONSTANT_Class '"+t+"'."); |
| } |
| } |
| else{ |
| constraintViolated(o, "Expecting a CONSTANT_Class referencing an array type. [Constraint not found in The Java Virtual Machine Specification, Second Edition, 4.8.1]"); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitANEWARRAY(ANEWARRAY o){ |
| indexValid(o, o.getIndex()); |
| Constant c = cpg.getConstant(o.getIndex()); |
| if (! (c instanceof ConstantClass)){ |
| constraintViolated(o, "Expecting a CONSTANT_Class operand, but found a '"+c+"'."); |
| } |
| Type t = o.getType(cpg); |
| if (t instanceof ArrayType){ |
| int dimensions = ((ArrayType) t).getDimensions(); |
| if (dimensions >= 255){ |
| constraintViolated(o, "Not allowed to create an array with more than 255 dimensions."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitNEWARRAY(NEWARRAY o){ |
| byte t = o.getTypecode(); |
| if (! ( (t == Constants.T_BOOLEAN) || |
| (t == Constants.T_CHAR) || |
| (t == Constants.T_FLOAT) || |
| (t == Constants.T_DOUBLE) || |
| (t == Constants.T_BYTE) || |
| (t == Constants.T_SHORT) || |
| (t == Constants.T_INT) || |
| (t == Constants.T_LONG) ) ){ |
| constraintViolated(o, "Illegal type code '+t+' for 'atype' operand."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitILOAD(ILOAD o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitFLOAD(FLOAD o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitALOAD(ALOAD o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitISTORE(ISTORE o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitFSTORE(FSTORE o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitASTORE(ASTORE o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitIINC(IINC o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitRET(RET o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| } |
| else{ |
| int maxminus1 = max_locals()-1; |
| if (idx > maxminus1){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 '"+maxminus1+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitLLOAD(LLOAD o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative. [Constraint by JustIce as an analogon to the single-slot xLOAD/xSTORE instructions; may not happen anyway.]"); |
| } |
| else{ |
| int maxminus2 = max_locals()-2; |
| if (idx > maxminus2){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-2 '"+maxminus2+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitDLOAD(DLOAD o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative. [Constraint by JustIce as an analogon to the single-slot xLOAD/xSTORE instructions; may not happen anyway.]"); |
| } |
| else{ |
| int maxminus2 = max_locals()-2; |
| if (idx > maxminus2){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-2 '"+maxminus2+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitLSTORE(LSTORE o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative. [Constraint by JustIce as an analogon to the single-slot xLOAD/xSTORE instructions; may not happen anyway.]"); |
| } |
| else{ |
| int maxminus2 = max_locals()-2; |
| if (idx > maxminus2){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-2 '"+maxminus2+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitDSTORE(DSTORE o){ |
| int idx = o.getIndex(); |
| if (idx < 0){ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative. [Constraint by JustIce as an analogon to the single-slot xLOAD/xSTORE instructions; may not happen anyway.]"); |
| } |
| else{ |
| int maxminus2 = max_locals()-2; |
| if (idx > maxminus2){ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-2 '"+maxminus2+"'."); |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitLOOKUPSWITCH(LOOKUPSWITCH o){ |
| int[] matchs = o.getMatchs(); |
| int max = Integer.MIN_VALUE; |
| for (int i=0; i<matchs.length; i++){ |
| if (matchs[i] == max && i != 0){ |
| constraintViolated(o, "Match '"+matchs[i]+"' occurs more than once."); |
| } |
| if (matchs[i] < max){ |
| constraintViolated(o, "Lookup table must be sorted but isn't."); |
| } |
| else{ |
| max = matchs[i]; |
| } |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitTABLESWITCH(TABLESWITCH o){ |
| // "high" must be >= "low". We cannot check this, as BCEL hides |
| // it from us. |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitPUTSTATIC(PUTSTATIC o){ |
| String field_name = o.getFieldName(cpg); |
| JavaClass jc = Repository.lookupClass(o.getClassType(cpg).getClassName()); |
| Field[] fields = jc.getFields(); |
| Field f = null; |
| for (int i=0; i<fields.length; i++){ |
| if (fields[i].getName().equals(field_name)){ |
| f = fields[i]; |
| break; |
| } |
| } |
| if (f == null){ |
| throw new AssertionViolatedException("Field not found?!?"); |
| } |
| |
| if (f.isFinal()){ |
| if (!(myOwner.getClassName().equals(o.getClassType(cpg).getClassName()))){ |
| constraintViolated(o, "Referenced field '"+f+"' is final and must therefore be declared in the current class '"+myOwner.getClassName()+"' which is not the case: it is declared in '"+o.getClassType(cpg).getClassName()+"'."); |
| } |
| } |
| |
| if (! (f.isStatic())){ |
| constraintViolated(o, "Referenced field '"+f+"' is not static which it should be."); |
| } |
| |
| String meth_name = Repository.lookupClass(myOwner.getClassName()).getMethods()[method_no].getName(); |
| |
| // If it's an interface, it can be set only in <clinit>. |
| if ((!(jc.isClass())) && (!(meth_name.equals(Constants.STATIC_INITIALIZER_NAME)))){ |
| constraintViolated(o, "Interface field '"+f+"' must be set in a '"+Constants.STATIC_INITIALIZER_NAME+"' method."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitGETSTATIC(GETSTATIC o){ |
| String field_name = o.getFieldName(cpg); |
| JavaClass jc = Repository.lookupClass(o.getClassType(cpg).getClassName()); |
| Field[] fields = jc.getFields(); |
| Field f = null; |
| for (int i=0; i<fields.length; i++){ |
| if (fields[i].getName().equals(field_name)){ |
| f = fields[i]; |
| break; |
| } |
| } |
| if (f == null){ |
| throw new AssertionViolatedException("Field not found?!?"); |
| } |
| |
| if (! (f.isStatic())){ |
| constraintViolated(o, "Referenced field '"+f+"' is not static which it should be."); |
| } |
| } |
| |
| /* Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| //public void visitPUTFIELD(PUTFIELD o){ |
| // for performance reasons done in Pass 3b |
| //} |
| |
| /* Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| //public void visitGETFIELD(GETFIELD o){ |
| // for performance reasons done in Pass 3b |
| //} |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitINVOKEINTERFACE(INVOKEINTERFACE o){ |
| // INVOKEINTERFACE is a LoadClass; the Class where the referenced method is declared in, |
| // is therefore resolved/verified. |
| // INVOKEINTERFACE is an InvokeInstruction, the argument and return types are resolved/verified, |
| // too. So are the allowed method names. |
| String classname = o.getClassName(cpg); |
| JavaClass jc = Repository.lookupClass(classname); |
| Method[] ms = jc.getMethods(); |
| Method m = null; |
| for (int i=0; i<ms.length; i++){ |
| if ( (ms[i].getName().equals(o.getMethodName(cpg))) && |
| (Type.getReturnType(ms[i].getSignature()).equals(o.getReturnType(cpg))) && |
| (objarrayequals(Type.getArgumentTypes(ms[i].getSignature()), o.getArgumentTypes(cpg))) ){ |
| m = ms[i]; |
| break; |
| } |
| } |
| if (m == null){ |
| constraintViolated(o, "Referenced method '"+o.getMethodName(cpg)+"' with expected signature not found in class '"+jc.getClassName()+"'. The native verfier does allow the method to be declared in some superinterface, which the Java Virtual Machine Specification, Second Edition does not."); |
| } |
| if (jc.isClass()){ |
| constraintViolated(o, "Referenced class '"+jc.getClassName()+"' is a class, but not an interface as expected."); |
| } |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitINVOKESPECIAL(INVOKESPECIAL o){ |
| // INVOKESPECIAL is a LoadClass; the Class where the referenced method is declared in, |
| // is therefore resolved/verified. |
| // INVOKESPECIAL is an InvokeInstruction, the argument and return types are resolved/verified, |
| // too. So are the allowed method names. |
| String classname = o.getClassName(cpg); |
| JavaClass jc = Repository.lookupClass(classname); |
| Method[] ms = jc.getMethods(); |
| Method m = null; |
| for (int i=0; i<ms.length; i++){ |
| if ( (ms[i].getName().equals(o.getMethodName(cpg))) && |
| (Type.getReturnType(ms[i].getSignature()).equals(o.getReturnType(cpg))) && |
| (objarrayequals(Type.getArgumentTypes(ms[i].getSignature()), o.getArgumentTypes(cpg))) ){ |
| m = ms[i]; |
| break; |
| } |
| } |
| if (m == null){ |
| constraintViolated(o, "Referenced method '"+o.getMethodName(cpg)+"' with expected signature not found in class '"+jc.getClassName()+"'. The native verfier does allow the method to be declared in some superclass or implemented interface, which the Java Virtual Machine Specification, Second Edition does not."); |
| } |
| |
| JavaClass current = Repository.lookupClass(myOwner.getClassName()); |
| if (current.isSuper()){ |
| |
| if ((Repository.instanceOf( current, jc )) && (!current.equals(jc))){ |
| |
| if (! (o.getMethodName(cpg).equals(Constants.CONSTRUCTOR_NAME) )){ |
| // Special lookup procedure for ACC_SUPER classes. |
| |
| int supidx = -1; |
| |
| Method meth = null; |
| while (supidx != 0){ |
| supidx = current.getSuperclassNameIndex(); |
| current = Repository.lookupClass(current.getSuperclassName()); |
| |
| Method[] meths = current.getMethods(); |
| for (int i=0; i<meths.length; i++){ |
| if ( (meths[i].getName().equals(o.getMethodName(cpg))) && |
| (Type.getReturnType(meths[i].getSignature()).equals(o.getReturnType(cpg))) && |
| (objarrayequals(Type.getArgumentTypes(meths[i].getSignature()), o.getArgumentTypes(cpg))) ){ |
| meth = meths[i]; |
| break; |
| } |
| } |
| if (meth != null) break; |
| } |
| if (meth == null){ |
| constraintViolated(o, "ACC_SUPER special lookup procedure not successful: method '"+o.getMethodName(cpg)+"' with proper signature not declared in superclass hierarchy."); |
| } |
| } |
| } |
| } |
| |
| |
| } |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitINVOKESTATIC(INVOKESTATIC o){ |
| // INVOKESTATIC is a LoadClass; the Class where the referenced method is declared in, |
| // is therefore resolved/verified. |
| // INVOKESTATIC is an InvokeInstruction, the argument and return types are resolved/verified, |
| // too. So are the allowed method names. |
| String classname = o.getClassName(cpg); |
| JavaClass jc = Repository.lookupClass(classname); |
| Method[] ms = jc.getMethods(); |
| Method m = null; |
| for (int i=0; i<ms.length; i++){ |
| if ( (ms[i].getName().equals(o.getMethodName(cpg))) && |
| (Type.getReturnType(ms[i].getSignature()).equals(o.getReturnType(cpg))) && |
| (objarrayequals(Type.getArgumentTypes(ms[i].getSignature()), o.getArgumentTypes(cpg))) ){ |
| m = ms[i]; |
| break; |
| } |
| } |
| if (m == null){ |
| constraintViolated(o, "Referenced method '"+o.getMethodName(cpg)+"' with expected signature not found in class '"+jc.getClassName()+"'. The native verifier possibly allows the method to be declared in some superclass or implemented interface, which the Java Virtual Machine Specification, Second Edition does not."); |
| } |
| |
| if (! (m.isStatic())){ // implies it's not abstract, verified in pass 2. |
| constraintViolated(o, "Referenced method '"+o.getMethodName(cpg)+"' has ACC_STATIC unset."); |
| } |
| |
| } |
| |
| |
| /** Checks if the constraints of operands of the said instruction(s) are satisfied. */ |
| public void visitINVOKEVIRTUAL(INVOKEVIRTUAL o){ |
| // INVOKEVIRTUAL is a LoadClass; the Class where the referenced method is declared in, |
| // is therefore resolved/verified. |
| // INVOKEVIRTUAL is an InvokeInstruction, the argument and return types are resolved/verified, |
| // too. So are the allowed method names. |
| String classname = o.getClassName(cpg); |
| JavaClass jc = Repository.lookupClass(classname); |
| Method[] ms = jc.getMethods(); |
| Method m = null; |
| for (int i=0; i<ms.length; i++){ |
| if ( (ms[i].getName().equals(o.getMethodName(cpg))) && |
| (Type.getReturnType(ms[i].getSignature()).equals(o.getReturnType(cpg))) && |
| (objarrayequals(Type.getArgumentTypes(ms[i].getSignature()), o.getArgumentTypes(cpg))) ){ |
| m = ms[i]; |
| break; |
| } |
| } |
| if (m == null){ |
| constraintViolated(o, "Referenced method '"+o.getMethodName(cpg)+"' with expected signature not found in class '"+jc.getClassName()+"'. The native verfier does allow the method to be declared in some superclass or implemented interface, which the Java Virtual Machine Specification, Second Edition does not."); |
| } |
| if (! (jc.isClass())){ |
| constraintViolated(o, "Referenced class '"+jc.getClassName()+"' is an interface, but not a class as expected."); |
| } |
| |
| } |
| |
| |
| // WIDE stuff is BCEL-internal and cannot be checked here. |
| |
| /** |
| * A utility method like equals(Object) for arrays. |
| * The equality of the elements is based on their equals(Object) |
| * method instead of their object identity. |
| */ |
| private boolean objarrayequals(Object[] o, Object[] p){ |
| if (o.length != p.length){ |
| return false; |
| } |
| |
| for (int i=0; i<o.length; i++){ |
| if (! (o[i].equals(p[i])) ){ |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| } |
| } |
