2 #include <mono/metadata/object-internals.h>
3 #include <mono/metadata/verify.h>
4 #include <mono/metadata/opcodes.h>
5 #include <mono/metadata/tabledefs.h>
6 #include <mono/metadata/reflection.h>
7 #include <mono/metadata/debug-helpers.h>
8 #include <mono/metadata/mono-endian.h>
9 #include <mono/metadata/metadata.h>
10 #include <mono/metadata/metadata-internals.h>
11 #include <mono/metadata/class-internals.h>
12 #include <mono/metadata/tokentype.h>
19 * Pull the list of opcodes
21 #define OPDEF(a,b,c,d,e,f,g,h,i,j) \
25 #include "mono/cil/opcode.def"
30 #ifdef MONO_VERIFIER_DEBUG
31 #define VERIFIER_DEBUG(code) do { code } while (0)
33 #define VERIFIER_DEBUG(code)
36 //////////////////////////////////////////////////////////////////
37 #define IS_STRICT_MODE(ctx) (((ctx)->level & MONO_VERIFY_NON_STRICT) == 0)
38 #define IS_FAIL_FAST_MODE(ctx) (((ctx)->level & MONO_VERIFY_FAIL_FAST) == MONO_VERIFY_FAIL_FAST)
39 #define IS_SKIP_VISIBILITY(ctx) (((ctx)->level & MONO_VERIFY_SKIP_VISIBILITY) == MONO_VERIFY_SKIP_VISIBILITY)
41 #define ADD_VERIFY_INFO(__ctx, __msg, __status, __exception) \
43 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
44 vinfo->info.status = __status; \
45 vinfo->info.message = ( __msg ); \
46 vinfo->exception_type = (__exception); \
47 (__ctx)->list = g_slist_prepend ((__ctx)->list, vinfo); \
50 #define ADD_VERIFY_ERROR(__ctx, __msg) \
52 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, MONO_EXCEPTION_INVALID_PROGRAM); \
56 #define CODE_NOT_VERIFIABLE(__ctx, __msg) \
58 if ((__ctx)->verifiable) { \
59 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, MONO_EXCEPTION_UNVERIFIABLE_IL); \
60 (__ctx)->verifiable = 0; \
61 if (IS_FAIL_FAST_MODE (__ctx)) \
66 #define ADD_VERIFY_ERROR2(__ctx, __msg, __exception) \
68 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, __exception); \
72 #define CODE_NOT_VERIFIABLE2(__ctx, __msg, __exception) \
74 if ((__ctx)->verifiable) { \
75 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, __exception); \
76 (__ctx)->verifiable = 0; \
77 if (IS_FAIL_FAST_MODE (__ctx)) \
81 /*Flags to be used with ILCodeDesc::flags */
83 /*Instruction has not been processed.*/
84 IL_CODE_FLAG_NOT_PROCESSED = 0,
85 /*Instruction was decoded by mono_method_verify loop.*/
86 IL_CODE_FLAG_SEEN = 1,
87 /*Instruction was target of a branch or is at a protected block boundary.*/
88 IL_CODE_FLAG_WAS_TARGET = 2,
89 /*Used by stack_init to avoid double initialize each entry.*/
90 IL_CODE_FLAG_STACK_INITED = 4,
91 /*Used by merge_stacks to decide if it should just copy the eval stack.*/
92 IL_CODE_STACK_MERGED = 8,
93 /*This instruction is part of the delegate construction sequence, it cannot be target of a branch.*/
94 IL_CODE_DELEGATE_SEQUENCE = 0x10,
95 /*This is a delegate created from a ldftn to a non final virtual method*/
96 IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL = 0x20,
97 /*This is a call to a non final virtual method*/
98 IL_CODE_CALL_NONFINAL_VIRTUAL = 0x40,
127 /*Allocated fnptr MonoType that should be freed by us.*/
133 /*TODO get rid of target here, need_merge in mono_method_verify and hoist the merging code in the branching code*/
137 MonoMethodSignature *signature;
138 MonoMethodHeader *header;
140 MonoGenericContext *generic_context;
144 /*This flag helps solving a corner case of delegate verification in that you cannot have a "starg 0"
145 *on a method that creates a delegate for a non-final virtual method using ldftn*/
146 gboolean has_this_store;
149 MonoType *constrained_type;
153 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external);
156 get_stack_type (MonoType *type);
159 mono_delegate_signature_equal (MonoMethodSignature *sig1, MonoMethodSignature *sig2);
160 //////////////////////////////////////////////////////////////////
165 TYPE_INV = 0, /* leave at 0. */
170 /* Used by operator tables to resolve pointer types (managed & unmanaged) and by unmanaged pointer types*/
172 /* value types and classes */
174 /* Number of types, used to define the size of the tables*/
177 /* Used by tables to signal that a result is not verifiable*/
178 NON_VERIFIABLE_RESULT = 0x80,
180 /*Mask used to extract just the type, excluding flags */
183 /* The stack type is a managed pointer, unmask the value to res */
184 POINTER_MASK = 0x100,
186 /*Stack type with the pointer mask*/
187 RAW_TYPE_MASK = 0x10F,
189 /* Controlled Mutability Manager Pointer */
192 /* The stack type is a null literal*/
193 NULL_LITERAL_MASK = 0x400,
195 /**Used by ldarg.0 and family to let delegate verification happens.*/
196 THIS_POINTER_MASK = 0x800,
198 /**Signals that this is a boxed value type*/
203 static const char* const
204 type_names [TYPE_MAX + 1] = {
215 PREFIX_UNALIGNED = 1,
218 PREFIX_CONSTRAINED = 8,
221 //////////////////////////////////////////////////////////////////
224 /*Token validation macros and functions */
225 #define IS_MEMBER_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_MEMBERREF)
226 #define IS_METHOD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_METHOD)
227 #define IS_METHOD_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_METHODSPEC)
228 #define IS_FIELD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_FIELD)
230 #define IS_TYPE_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEREF)
231 #define IS_TYPE_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEDEF)
232 #define IS_TYPE_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPESPEC)
233 #define IS_METHOD_DEF_OR_REF_OR_SPEC(token) (IS_METHOD_DEF (token) || IS_MEMBER_REF (token) || IS_METHOD_SPEC (token))
234 #define IS_TYPE_DEF_OR_REF_OR_SPEC(token) (IS_TYPE_DEF (token) || IS_TYPE_REF (token) || IS_TYPE_SPEC (token))
235 #define IS_FIELD_DEF_OR_REF(token) (IS_FIELD_DEF (token) || IS_MEMBER_REF (token))
238 * Verify if @token refers to a valid row on int's table.
241 token_bounds_check (MonoImage *image, guint32 token)
244 return mono_reflection_is_valid_dynamic_token ((MonoDynamicImage*)image, token);
245 return image->tables [mono_metadata_token_table (token)].rows >= mono_metadata_token_index (token);
249 mono_type_create_fnptr_from_mono_method (VerifyContext *ctx, MonoMethod *method)
251 MonoType *res = g_new0 (MonoType, 1);
252 //FIXME use mono_method_get_signature_full
253 res->data.method = mono_method_signature (method);
254 res->type = MONO_TYPE_FNPTR;
255 ctx->funptrs = g_slist_prepend (ctx->funptrs, res);
260 * mono_type_is_enum_type:
262 * Returns TRUE if @type is an enum type.
265 mono_type_is_enum_type (MonoType *type)
267 if (type->type == MONO_TYPE_VALUETYPE && type->data.klass->enumtype)
269 if (type->type == MONO_TYPE_GENERICINST && type->data.generic_class->container_class->enumtype)
275 * mono_type_is_value_type:
277 * Returns TRUE if @type is named after @namespace.@name.
281 mono_type_is_value_type (MonoType *type, const char *namespace, const char *name)
283 return type->type == MONO_TYPE_VALUETYPE &&
284 !strcmp (namespace, type->data.klass->name_space) &&
285 !strcmp (name, type->data.klass->name);
288 * mono_type_get_underlying_type_any:
290 * This functions is just like mono_type_get_underlying_type but it doesn't care if the type is byref.
292 * Returns the underlying type of @type regardless if it is byref or not.
295 mono_type_get_underlying_type_any (MonoType *type)
297 if (type->type == MONO_TYPE_VALUETYPE && type->data.klass->enumtype)
298 return type->data.klass->enum_basetype;
299 if (type->type == MONO_TYPE_GENERICINST && type->data.generic_class->container_class->enumtype)
300 return type->data.generic_class->container_class->enum_basetype;
305 mono_type_get_stack_name (MonoType *type)
307 return type_names [get_stack_type (type) & TYPE_MASK];
310 #define CTOR_REQUIRED_FLAGS (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_RT_SPECIAL_NAME)
311 #define CTOR_INVALID_FLAGS (METHOD_ATTRIBUTE_STATIC)
314 mono_method_is_constructor (MonoMethod *method)
316 return ((method->flags & CTOR_REQUIRED_FLAGS) == CTOR_REQUIRED_FLAGS &&
317 !(method->flags & CTOR_INVALID_FLAGS) &&
318 !strcmp (".ctor", method->name));
322 static MonoClassField*
323 verifier_load_field (VerifyContext *ctx, int token, MonoClass **klass, const char *opcode) {
324 MonoClassField *field;
326 if (!IS_FIELD_DEF_OR_REF (token) || !token_bounds_check (ctx->image, token)) {
327 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid field token 0x%x08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
331 field = mono_field_from_token (ctx->image, token, klass, ctx->generic_context);
333 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load field from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
341 verifier_load_method (VerifyContext *ctx, int token, const char *opcode) {
344 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
345 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid method token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
349 method = mono_get_method_full (ctx->image, token, NULL, ctx->generic_context);
352 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load method from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
360 verifier_load_type (VerifyContext *ctx, int token, const char *opcode) {
363 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
364 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid type token 0x%08x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
368 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
371 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load type from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
378 /* stack_slot_get_type:
380 * Returns the stack type of @value. This value includes POINTER_MASK.
382 * Use this function to checks that account for a managed pointer.
385 stack_slot_get_type (ILStackDesc *value)
387 return value->stype & RAW_TYPE_MASK;
390 /* stack_slot_get_underlying_type:
392 * Returns the stack type of @value. This value does not include POINTER_MASK.
394 * Use this function is cases where the fact that the value could be a managed pointer is
395 * irrelevant. For example, field load doesn't care about this fact of type on stack.
398 stack_slot_get_underlying_type (ILStackDesc *value)
400 return value->stype & TYPE_MASK;
403 /* stack_slot_is_managed_pointer:
405 * Returns TRUE is @value is a managed pointer.
408 stack_slot_is_managed_pointer (ILStackDesc *value)
410 return (value->stype & POINTER_MASK) == POINTER_MASK;
413 /* stack_slot_is_managed_mutability_pointer:
415 * Returns TRUE is @value is a managed mutability pointer.
417 static G_GNUC_UNUSED gboolean
418 stack_slot_is_managed_mutability_pointer (ILStackDesc *value)
420 return (value->stype & CMMP_MASK) == CMMP_MASK;
423 /* stack_slot_is_null_literal:
425 * Returns TRUE is @value is the null literal.
428 stack_slot_is_null_literal (ILStackDesc *value)
430 return (value->stype & NULL_LITERAL_MASK) == NULL_LITERAL_MASK;
434 /* stack_slot_is_this_pointer:
436 * Returns TRUE is @value is the this literal
439 stack_slot_is_this_pointer (ILStackDesc *value)
441 return (value->stype & THIS_POINTER_MASK) == THIS_POINTER_MASK;
444 /* stack_slot_is_boxed_value:
446 * Returns TRUE is @value is a boxed value
449 stack_slot_is_boxed_value (ILStackDesc *value)
451 return (value->stype & BOXED_MASK) == BOXED_MASK;
455 stack_slot_get_name (ILStackDesc *value)
457 return type_names [value->stype & TYPE_MASK];
459 //////////////////////////////////////////////////////////////////
461 mono_free_verify_list (GSList *list)
463 MonoVerifyInfoExtended *info;
466 for (tmp = list; tmp; tmp = tmp->next) {
468 g_free (info->info.message);
474 #define ADD_ERROR(list,msg) \
476 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
477 vinfo->info.status = MONO_VERIFY_ERROR; \
478 vinfo->info.message = (msg); \
479 (list) = g_slist_prepend ((list), vinfo); \
482 #define ADD_WARN(list,code,msg) \
484 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
485 vinfo->info.status = (code); \
486 vinfo->info.message = (msg); \
487 (list) = g_slist_prepend ((list), vinfo); \
491 valid_cultures[][9] = {
492 "ar-SA", "ar-IQ", "ar-EG", "ar-LY",
493 "ar-DZ", "ar-MA", "ar-TN", "ar-OM",
494 "ar-YE", "ar-SY", "ar-JO", "ar-LB",
495 "ar-KW", "ar-AE", "ar-BH", "ar-QA",
496 "bg-BG", "ca-ES", "zh-TW", "zh-CN",
497 "zh-HK", "zh-SG", "zh-MO", "cs-CZ",
498 "da-DK", "de-DE", "de-CH", "de-AT",
499 "de-LU", "de-LI", "el-GR", "en-US",
500 "en-GB", "en-AU", "en-CA", "en-NZ",
501 "en-IE", "en-ZA", "en-JM", "en-CB",
502 "en-BZ", "en-TT", "en-ZW", "en-PH",
503 "es-ES-Ts", "es-MX", "es-ES-Is", "es-GT",
504 "es-CR", "es-PA", "es-DO", "es-VE",
505 "es-CO", "es-PE", "es-AR", "es-EC",
506 "es-CL", "es-UY", "es-PY", "es-BO",
507 "es-SV", "es-HN", "es-NI", "es-PR",
508 "Fi-FI", "fr-FR", "fr-BE", "fr-CA",
509 "Fr-CH", "fr-LU", "fr-MC", "he-IL",
510 "hu-HU", "is-IS", "it-IT", "it-CH",
511 "Ja-JP", "ko-KR", "nl-NL", "nl-BE",
512 "nb-NO", "nn-NO", "pl-PL", "pt-BR",
513 "pt-PT", "ro-RO", "ru-RU", "hr-HR",
514 "Lt-sr-SP", "Cy-sr-SP", "sk-SK", "sq-AL",
515 "sv-SE", "sv-FI", "th-TH", "tr-TR",
516 "ur-PK", "id-ID", "uk-UA", "be-BY",
517 "sl-SI", "et-EE", "lv-LV", "lt-LT",
518 "fa-IR", "vi-VN", "hy-AM", "Lt-az-AZ",
520 "eu-ES", "mk-MK", "af-ZA",
521 "ka-GE", "fo-FO", "hi-IN", "ms-MY",
522 "ms-BN", "kk-KZ", "ky-KZ", "sw-KE",
523 "Lt-uz-UZ", "Cy-uz-UZ", "tt-TA", "pa-IN",
524 "gu-IN", "ta-IN", "te-IN", "kn-IN",
525 "mr-IN", "sa-IN", "mn-MN", "gl-ES",
526 "kok-IN", "syr-SY", "div-MV"
530 is_valid_culture (const char *cname)
536 for (i = 0; i < G_N_ELEMENTS (valid_cultures); ++i) {
537 if (g_strcasecmp (valid_cultures [i], cname)) {
546 is_valid_assembly_flags (guint32 flags) {
547 /* Metadata: 22.1.2 */
548 flags &= ~(0x8000 | 0x4000); /* ignore reserved bits 0x0030? */
549 return ((flags == 1) || (flags == 0));
553 is_valid_blob (MonoImage *image, guint32 blob_index, int notnull)
556 const char *p, *blob_end;
558 if (blob_index >= image->heap_blob.size)
560 p = mono_metadata_blob_heap (image, blob_index);
561 size = mono_metadata_decode_blob_size (p, &blob_end);
562 if (blob_index + size + (blob_end-p) > image->heap_blob.size)
564 if (notnull && !size)
570 is_valid_string (MonoImage *image, guint32 str_index, int notnull)
572 const char *p, *blob_end, *res;
574 if (str_index >= image->heap_strings.size)
576 res = p = mono_metadata_string_heap (image, str_index);
577 blob_end = mono_metadata_string_heap (image, image->heap_strings.size - 1);
581 * FIXME: should check it's a valid utf8 string, too.
583 while (p <= blob_end) {
588 return *p? NULL: res;
592 is_valid_cls_ident (const char *p)
595 * FIXME: we need the full unicode glib support for this.
596 * Check: http://www.unicode.org/unicode/reports/tr15/Identifier.java
597 * We do the lame thing for now.
603 if (!isalnum (*p) && *p != '_')
611 is_valid_filename (const char *p)
615 return strpbrk (p, "\\//:")? 0: 1;
619 verify_assembly_table (MonoImage *image, GSList *list, int level)
621 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLY];
622 guint32 cols [MONO_ASSEMBLY_SIZE];
625 if (level & MONO_VERIFY_ERROR) {
627 ADD_ERROR (list, g_strdup ("Assembly table may only have 0 or 1 rows"));
628 mono_metadata_decode_row (t, 0, cols, MONO_ASSEMBLY_SIZE);
630 switch (cols [MONO_ASSEMBLY_HASH_ALG]) {
631 case ASSEMBLY_HASH_NONE:
632 case ASSEMBLY_HASH_MD5:
633 case ASSEMBLY_HASH_SHA1:
636 ADD_ERROR (list, g_strdup_printf ("Hash algorithm 0x%x unknown", cols [MONO_ASSEMBLY_HASH_ALG]));
639 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLY_FLAGS]))
640 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assembly: 0x%x", cols [MONO_ASSEMBLY_FLAGS]));
642 if (!is_valid_blob (image, cols [MONO_ASSEMBLY_PUBLIC_KEY], FALSE))
643 ADD_ERROR (list, g_strdup ("Assembly public key is an invalid index"));
645 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_NAME], TRUE))) {
646 ADD_ERROR (list, g_strdup ("Assembly name is invalid"));
648 if (strpbrk (p, ":\\/."))
649 ADD_ERROR (list, g_strdup_printf ("Assembly name `%s' contains invalid chars", p));
652 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_CULTURE], FALSE))) {
653 ADD_ERROR (list, g_strdup ("Assembly culture is an invalid index"));
655 if (!is_valid_culture (p))
656 ADD_ERROR (list, g_strdup_printf ("Assembly culture `%s' is invalid", p));
663 verify_assemblyref_table (MonoImage *image, GSList *list, int level)
665 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLYREF];
666 guint32 cols [MONO_ASSEMBLYREF_SIZE];
670 if (level & MONO_VERIFY_ERROR) {
671 for (i = 0; i < t->rows; ++i) {
672 mono_metadata_decode_row (t, i, cols, MONO_ASSEMBLYREF_SIZE);
673 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLYREF_FLAGS]))
674 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assemblyref row %d: 0x%x", i + 1, cols [MONO_ASSEMBLY_FLAGS]));
676 if (!is_valid_blob (image, cols [MONO_ASSEMBLYREF_PUBLIC_KEY], FALSE))
677 ADD_ERROR (list, g_strdup_printf ("AssemblyRef public key in row %d is an invalid index", i + 1));
679 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLYREF_CULTURE], FALSE))) {
680 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture in row %d is invalid", i + 1));
682 if (!is_valid_culture (p))
683 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture `%s' in row %d is invalid", p, i + 1));
686 if (cols [MONO_ASSEMBLYREF_HASH_VALUE] && !is_valid_blob (image, cols [MONO_ASSEMBLYREF_HASH_VALUE], TRUE))
687 ADD_ERROR (list, g_strdup_printf ("AssemblyRef hash value in row %d is invalid or not null and empty", i + 1));
690 if (level & MONO_VERIFY_WARNING) {
691 /* check for duplicated rows */
692 for (i = 0; i < t->rows; ++i) {
699 verify_class_layout_table (MonoImage *image, GSList *list, int level)
701 MonoTableInfo *t = &image->tables [MONO_TABLE_CLASSLAYOUT];
702 MonoTableInfo *tdef = &image->tables [MONO_TABLE_TYPEDEF];
703 guint32 cols [MONO_CLASS_LAYOUT_SIZE];
706 if (level & MONO_VERIFY_ERROR) {
707 for (i = 0; i < t->rows; ++i) {
708 mono_metadata_decode_row (t, i, cols, MONO_CLASS_LAYOUT_SIZE);
710 if (cols [MONO_CLASS_LAYOUT_PARENT] > tdef->rows || !cols [MONO_CLASS_LAYOUT_PARENT]) {
711 ADD_ERROR (list, g_strdup_printf ("Parent in class layout is invalid in row %d", i + 1));
713 value = mono_metadata_decode_row_col (tdef, cols [MONO_CLASS_LAYOUT_PARENT] - 1, MONO_TYPEDEF_FLAGS);
714 if (value & TYPE_ATTRIBUTE_INTERFACE)
715 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is an interface", i + 1));
716 if (value & TYPE_ATTRIBUTE_AUTO_LAYOUT)
717 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is AutoLayout", i + 1));
718 if (value & TYPE_ATTRIBUTE_SEQUENTIAL_LAYOUT) {
719 switch (cols [MONO_CLASS_LAYOUT_PACKING_SIZE]) {
720 case 0: case 1: case 2: case 4: case 8: case 16:
721 case 32: case 64: case 128: break;
723 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
725 } else if (value & TYPE_ATTRIBUTE_EXPLICIT_LAYOUT) {
727 * FIXME: LAMESPEC: it claims it must be 0 (it's 1, instead).
728 if (cols [MONO_CLASS_LAYOUT_PACKING_SIZE])
729 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid with explicit layout", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
733 * FIXME: we need to check that if class size != 0,
734 * it needs to be greater than the class calculated size.
735 * If parent is a valuetype it also needs to be smaller than
736 * 1 MByte (0x100000 bytes).
737 * To do both these checks we need to load the referenced
738 * assemblies, though (the spec claims we didn't have to, bah).
741 * We need to check that the parent types have the same layout
752 verify_constant_table (MonoImage *image, GSList *list, int level)
754 MonoTableInfo *t = &image->tables [MONO_TABLE_CONSTANT];
755 guint32 cols [MONO_CONSTANT_SIZE];
757 GHashTable *dups = g_hash_table_new (NULL, NULL);
759 for (i = 0; i < t->rows; ++i) {
760 mono_metadata_decode_row (t, i, cols, MONO_CONSTANT_SIZE);
762 if (level & MONO_VERIFY_ERROR)
763 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT])))
764 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Constant row %d", cols [MONO_CONSTANT_PARENT], i + 1));
765 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]),
766 GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]));
768 switch (cols [MONO_CONSTANT_TYPE]) {
769 case MONO_TYPE_U1: /* LAMESPEC: it says I1...*/
773 if (level & MONO_VERIFY_CLS)
774 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Type 0x%x not CLS compliant in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
775 case MONO_TYPE_BOOLEAN:
783 case MONO_TYPE_STRING:
784 case MONO_TYPE_CLASS:
787 if (level & MONO_VERIFY_ERROR)
788 ADD_ERROR (list, g_strdup_printf ("Type 0x%x is invalid in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
790 if (level & MONO_VERIFY_ERROR) {
791 value = cols [MONO_CONSTANT_PARENT] >> MONO_HASCONSTANT_BITS;
792 switch (cols [MONO_CONSTANT_PARENT] & MONO_HASCONSTANT_MASK) {
793 case MONO_HASCONSTANT_FIEDDEF:
794 if (value > image->tables [MONO_TABLE_FIELD].rows)
795 ADD_ERROR (list, g_strdup_printf ("Parent (field) is invalid in Constant row %d", i + 1));
797 case MONO_HASCONSTANT_PARAM:
798 if (value > image->tables [MONO_TABLE_PARAM].rows)
799 ADD_ERROR (list, g_strdup_printf ("Parent (param) is invalid in Constant row %d", i + 1));
801 case MONO_HASCONSTANT_PROPERTY:
802 if (value > image->tables [MONO_TABLE_PROPERTY].rows)
803 ADD_ERROR (list, g_strdup_printf ("Parent (property) is invalid in Constant row %d", i + 1));
806 ADD_ERROR (list, g_strdup_printf ("Parent is invalid in Constant row %d", i + 1));
810 if (level & MONO_VERIFY_CLS) {
812 * FIXME: verify types is consistent with the enum type
813 * is parent is an enum.
817 g_hash_table_destroy (dups);
822 verify_event_map_table (MonoImage *image, GSList *list, int level)
824 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENTMAP];
825 guint32 cols [MONO_EVENT_MAP_SIZE];
826 guint32 i, last_event;
827 GHashTable *dups = g_hash_table_new (NULL, NULL);
831 for (i = 0; i < t->rows; ++i) {
832 mono_metadata_decode_row (t, i, cols, MONO_EVENT_MAP_SIZE);
833 if (level & MONO_VERIFY_ERROR)
834 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT])))
835 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
836 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]),
837 GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]));
838 if (level & MONO_VERIFY_ERROR) {
839 if (cols [MONO_EVENT_MAP_PARENT] > image->tables [MONO_TABLE_TYPEDEF].rows)
840 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
841 if (cols [MONO_EVENT_MAP_EVENTLIST] > image->tables [MONO_TABLE_EVENT].rows)
842 ADD_ERROR (list, g_strdup_printf ("EventList 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_EVENTLIST], i + 1));
844 if (cols [MONO_EVENT_MAP_EVENTLIST] <= last_event)
845 ADD_ERROR (list, g_strdup_printf ("EventList overlap in Event Map row %d", i + 1));
846 last_event = cols [MONO_EVENT_MAP_EVENTLIST];
850 g_hash_table_destroy (dups);
855 verify_event_table (MonoImage *image, GSList *list, int level)
857 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENT];
858 guint32 cols [MONO_EVENT_SIZE];
862 for (i = 0; i < t->rows; ++i) {
863 mono_metadata_decode_row (t, i, cols, MONO_EVENT_SIZE);
865 if (cols [MONO_EVENT_FLAGS] & ~(EVENT_SPECIALNAME|EVENT_RTSPECIALNAME)) {
866 if (level & MONO_VERIFY_ERROR)
867 ADD_ERROR (list, g_strdup_printf ("Flags 0x%04x invalid in Event row %d", cols [MONO_EVENT_FLAGS], i + 1));
869 if (!(p = is_valid_string (image, cols [MONO_EVENT_NAME], TRUE))) {
870 if (level & MONO_VERIFY_ERROR)
871 ADD_ERROR (list, g_strdup_printf ("Invalid name in Event row %d", i + 1));
873 if (level & MONO_VERIFY_CLS) {
874 if (!is_valid_cls_ident (p))
875 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Event row %d", p, i + 1));
879 if (level & MONO_VERIFY_ERROR && cols [MONO_EVENT_TYPE]) {
880 value = cols [MONO_EVENT_TYPE] >> MONO_TYPEDEFORREF_BITS;
881 switch (cols [MONO_EVENT_TYPE] & MONO_TYPEDEFORREF_MASK) {
882 case MONO_TYPEDEFORREF_TYPEDEF:
883 if (!value || value > image->tables [MONO_TABLE_TYPEDEF].rows)
884 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
886 case MONO_TYPEDEFORREF_TYPEREF:
887 if (!value || value > image->tables [MONO_TABLE_TYPEREF].rows)
888 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
890 case MONO_TYPEDEFORREF_TYPESPEC:
891 if (!value || value > image->tables [MONO_TABLE_TYPESPEC].rows)
892 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
895 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
899 * FIXME: check that there is 1 add and remove row in methodsemantics
900 * and 0 or 1 raise and 0 or more other (maybe it's better to check for
901 * these while checking methodsemantics).
902 * check for duplicated names for the same type [ERROR]
903 * check for CLS duplicate names for the same type [CLS]
910 verify_field_table (MonoImage *image, GSList *list, int level)
912 MonoTableInfo *t = &image->tables [MONO_TABLE_FIELD];
913 guint32 cols [MONO_FIELD_SIZE];
917 for (i = 0; i < t->rows; ++i) {
918 mono_metadata_decode_row (t, i, cols, MONO_FIELD_SIZE);
920 * Check this field has only one owner and that the owner is not
921 * an interface (done in verify_typedef_table() )
923 flags = cols [MONO_FIELD_FLAGS];
924 switch (flags & FIELD_ATTRIBUTE_FIELD_ACCESS_MASK) {
925 case FIELD_ATTRIBUTE_COMPILER_CONTROLLED:
926 case FIELD_ATTRIBUTE_PRIVATE:
927 case FIELD_ATTRIBUTE_FAM_AND_ASSEM:
928 case FIELD_ATTRIBUTE_ASSEMBLY:
929 case FIELD_ATTRIBUTE_FAMILY:
930 case FIELD_ATTRIBUTE_FAM_OR_ASSEM:
931 case FIELD_ATTRIBUTE_PUBLIC:
934 if (level & MONO_VERIFY_ERROR)
935 ADD_ERROR (list, g_strdup_printf ("Invalid access mask in Field row %d", i + 1));
938 if (level & MONO_VERIFY_ERROR) {
939 if ((flags & FIELD_ATTRIBUTE_LITERAL) && (flags & FIELD_ATTRIBUTE_INIT_ONLY))
940 ADD_ERROR (list, g_strdup_printf ("Literal and InitOnly cannot be both set in Field row %d", i + 1));
941 if ((flags & FIELD_ATTRIBUTE_LITERAL) && !(flags & FIELD_ATTRIBUTE_STATIC))
942 ADD_ERROR (list, g_strdup_printf ("Literal needs also Static set in Field row %d", i + 1));
943 if ((flags & FIELD_ATTRIBUTE_RT_SPECIAL_NAME) && !(flags & FIELD_ATTRIBUTE_SPECIAL_NAME))
944 ADD_ERROR (list, g_strdup_printf ("RTSpecialName needs also SpecialName set in Field row %d", i + 1));
946 * FIXME: check there is only one owner in the respective table.
947 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_MARSHAL)
948 * if (flags & FIELD_ATTRIBUTE_HAS_DEFAULT)
949 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_RVA)
952 if (!(p = is_valid_string (image, cols [MONO_FIELD_NAME], TRUE))) {
953 if (level & MONO_VERIFY_ERROR)
954 ADD_ERROR (list, g_strdup_printf ("Invalid name in Field row %d", i + 1));
956 if (level & MONO_VERIFY_CLS) {
957 if (!is_valid_cls_ident (p))
958 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Field row %d", p, i + 1));
963 * if owner is module needs to be static, access mask needs to be compilercontrolled,
964 * public or private (not allowed in cls mode).
965 * if owner is an enum ...
974 verify_file_table (MonoImage *image, GSList *list, int level)
976 MonoTableInfo *t = &image->tables [MONO_TABLE_FILE];
977 guint32 cols [MONO_FILE_SIZE];
980 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
982 for (i = 0; i < t->rows; ++i) {
983 mono_metadata_decode_row (t, i, cols, MONO_FILE_SIZE);
984 if (level & MONO_VERIFY_ERROR) {
985 if (cols [MONO_FILE_FLAGS] != FILE_CONTAINS_METADATA && cols [MONO_FILE_FLAGS] != FILE_CONTAINS_NO_METADATA)
986 ADD_ERROR (list, g_strdup_printf ("Invalid flags in File row %d", i + 1));
987 if (!is_valid_blob (image, cols [MONO_FILE_HASH_VALUE], TRUE))
988 ADD_ERROR (list, g_strdup_printf ("File hash value in row %d is invalid or not null and empty", i + 1));
990 if (!(p = is_valid_string (image, cols [MONO_FILE_NAME], TRUE))) {
991 if (level & MONO_VERIFY_ERROR)
992 ADD_ERROR (list, g_strdup_printf ("Invalid name in File row %d", i + 1));
994 if (level & MONO_VERIFY_ERROR) {
995 if (!is_valid_filename (p))
996 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in File row %d", p, i + 1));
997 else if (g_hash_table_lookup (dups, p)) {
998 ADD_ERROR (list, g_strdup_printf ("Duplicate name '%s` in File row %d", p, i + 1));
1000 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
1004 * FIXME: I don't understand what this means:
1005 * If this module contains a row in the Assembly table (that is, if this module "holds the manifest")
1006 * then there shall not be any row in the File table for this module - i.e., no self-reference [ERROR]
1010 if (level & MONO_VERIFY_WARNING) {
1011 if (!t->rows && image->tables [MONO_TABLE_EXPORTEDTYPE].rows)
1012 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup ("ExportedType table should be empty if File table is empty"));
1014 g_hash_table_destroy (dups);
1019 verify_moduleref_table (MonoImage *image, GSList *list, int level)
1021 MonoTableInfo *t = &image->tables [MONO_TABLE_MODULEREF];
1022 MonoTableInfo *tfile = &image->tables [MONO_TABLE_FILE];
1023 guint32 cols [MONO_MODULEREF_SIZE];
1025 guint32 found, i, j, value;
1026 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
1028 for (i = 0; i < t->rows; ++i) {
1029 mono_metadata_decode_row (t, i, cols, MONO_MODULEREF_SIZE);
1030 if (!(p = is_valid_string (image, cols [MONO_MODULEREF_NAME], TRUE))) {
1031 if (level & MONO_VERIFY_ERROR)
1032 ADD_ERROR (list, g_strdup_printf ("Invalid name in ModuleRef row %d", i + 1));
1034 if (level & MONO_VERIFY_ERROR) {
1035 if (!is_valid_filename (p))
1036 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in ModuleRef row %d", p, i + 1));
1037 else if (g_hash_table_lookup (dups, p)) {
1038 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup_printf ("Duplicate name '%s` in ModuleRef row %d", p, i + 1));
1039 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
1041 for (j = 0; j < tfile->rows; ++j) {
1042 value = mono_metadata_decode_row_col (tfile, j, MONO_FILE_NAME);
1043 if ((pf = is_valid_string (image, value, TRUE)))
1044 if (strcmp (p, pf) == 0) {
1050 ADD_ERROR (list, g_strdup_printf ("Name '%s` in ModuleRef row %d doesn't have a match in File table", p, i + 1));
1055 g_hash_table_destroy (dups);
1060 verify_standalonesig_table (MonoImage *image, GSList *list, int level)
1062 MonoTableInfo *t = &image->tables [MONO_TABLE_STANDALONESIG];
1063 guint32 cols [MONO_STAND_ALONE_SIGNATURE_SIZE];
1067 for (i = 0; i < t->rows; ++i) {
1068 mono_metadata_decode_row (t, i, cols, MONO_STAND_ALONE_SIGNATURE_SIZE);
1069 if (level & MONO_VERIFY_ERROR) {
1070 if (!is_valid_blob (image, cols [MONO_STAND_ALONE_SIGNATURE], TRUE)) {
1071 ADD_ERROR (list, g_strdup_printf ("Signature is invalid in StandAloneSig row %d", i + 1));
1073 p = mono_metadata_blob_heap (image, cols [MONO_STAND_ALONE_SIGNATURE]);
1074 /* FIXME: check it's a valid locals or method sig.*/
1082 mono_image_verify_tables (MonoImage *image, int level)
1084 GSList *error_list = NULL;
1086 error_list = verify_assembly_table (image, error_list, level);
1088 * AssemblyOS, AssemblyProcessor, AssemblyRefOs and
1089 * AssemblyRefProcessor should be ignored,
1090 * though we may want to emit a warning, since it should not
1091 * be present in a PE file.
1093 error_list = verify_assemblyref_table (image, error_list, level);
1094 error_list = verify_class_layout_table (image, error_list, level);
1095 error_list = verify_constant_table (image, error_list, level);
1097 * cutom attribute, declsecurity
1099 error_list = verify_event_map_table (image, error_list, level);
1100 error_list = verify_event_table (image, error_list, level);
1101 error_list = verify_field_table (image, error_list, level);
1102 error_list = verify_file_table (image, error_list, level);
1103 error_list = verify_moduleref_table (image, error_list, level);
1104 error_list = verify_standalonesig_table (image, error_list, level);
1106 return g_slist_reverse (error_list);
1109 #define ADD_INVALID(list,msg) \
1111 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
1112 vinfo->status = MONO_VERIFY_ERROR; \
1113 vinfo->message = (msg); \
1114 (list) = g_slist_prepend ((list), vinfo); \
1115 /*G_BREAKPOINT ();*/ \
1119 #define CHECK_STACK_UNDERFLOW(num) \
1121 if (cur_stack < (num)) \
1122 ADD_INVALID (list, g_strdup_printf ("Stack underflow at 0x%04x (%d items instead of %d)", ip_offset, cur_stack, (num))); \
1125 #define CHECK_STACK_OVERFLOW() \
1127 if (cur_stack >= max_stack) \
1128 ADD_INVALID (list, g_strdup_printf ("Maxstack exceeded at 0x%04x", ip_offset)); \
1133 in_any_block (MonoMethodHeader *header, guint offset)
1136 MonoExceptionClause *clause;
1138 for (i = 0; i < header->num_clauses; ++i) {
1139 clause = &header->clauses [i];
1140 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1142 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1144 if (MONO_OFFSET_IN_FILTER (clause, offset))
1151 * in_any_exception_block:
1153 * Returns TRUE is @offset is part of any exception clause (filter, handler, catch, finally or fault).
1156 in_any_exception_block (MonoMethodHeader *header, guint offset)
1159 MonoExceptionClause *clause;
1161 for (i = 0; i < header->num_clauses; ++i) {
1162 clause = &header->clauses [i];
1163 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1165 if (MONO_OFFSET_IN_FILTER (clause, offset))
1172 * is_valid_branch_instruction:
1174 * Verify if it's valid to perform a branch from @offset to @target.
1175 * This should be used with br and brtrue/false.
1176 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1177 * The major diferent from other similiar functions is that branching into a
1178 * finally/fault block is invalid instead of just unverifiable.
1181 is_valid_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1184 MonoExceptionClause *clause;
1186 for (i = 0; i < header->num_clauses; ++i) {
1187 clause = &header->clauses [i];
1188 /*branching into a finally block is invalid*/
1189 if ((clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY || clause->flags == MONO_EXCEPTION_CLAUSE_FAULT) &&
1190 !MONO_OFFSET_IN_HANDLER (clause, offset) &&
1191 MONO_OFFSET_IN_HANDLER (clause, target))
1194 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1196 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1198 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1205 * is_valid_cmp_branch_instruction:
1207 * Verify if it's valid to perform a branch from @offset to @target.
1208 * This should be used with binary comparison branching instruction, like beq, bge and similars.
1209 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1211 * The major diferences from other similar functions are that most errors lead to invalid
1212 * code and only branching out of finally, filter or fault clauses is unverifiable.
1215 is_valid_cmp_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1218 MonoExceptionClause *clause;
1220 for (i = 0; i < header->num_clauses; ++i) {
1221 clause = &header->clauses [i];
1222 /*branching out of a handler or finally*/
1223 if (clause->flags != MONO_EXCEPTION_CLAUSE_NONE &&
1224 MONO_OFFSET_IN_HANDLER (clause, offset) &&
1225 !MONO_OFFSET_IN_HANDLER (clause, target))
1228 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1230 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1232 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1239 * A leave can't escape a finally block
1242 is_correct_leave (MonoMethodHeader *header, guint offset, guint target)
1245 MonoExceptionClause *clause;
1247 for (i = 0; i < header->num_clauses; ++i) {
1248 clause = &header->clauses [i];
1249 if (clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY && MONO_OFFSET_IN_HANDLER (clause, offset) && !MONO_OFFSET_IN_HANDLER (clause, target))
1251 if (MONO_OFFSET_IN_FILTER (clause, offset))
1258 * A rethrow can't happen outside of a catch handler.
1261 is_correct_rethrow (MonoMethodHeader *header, guint offset)
1264 MonoExceptionClause *clause;
1266 for (i = 0; i < header->num_clauses; ++i) {
1267 clause = &header->clauses [i];
1268 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1270 if (MONO_OFFSET_IN_FILTER (clause, offset))
1277 * An endfinally can't happen outside of a finally/fault handler.
1280 is_correct_endfinally (MonoMethodHeader *header, guint offset)
1283 MonoExceptionClause *clause;
1285 for (i = 0; i < header->num_clauses; ++i) {
1286 clause = &header->clauses [i];
1287 if (MONO_OFFSET_IN_HANDLER (clause, offset) && (clause->flags == MONO_EXCEPTION_CLAUSE_FAULT || clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY))
1295 * An endfilter can only happens inside a filter clause.
1296 * In non-strict mode filter is allowed inside the handler clause too
1298 static MonoExceptionClause *
1299 is_correct_endfilter (VerifyContext *ctx, guint offset)
1302 MonoExceptionClause *clause;
1304 for (i = 0; i < ctx->header->num_clauses; ++i) {
1305 clause = &ctx->header->clauses [i];
1306 if (clause->flags != MONO_EXCEPTION_CLAUSE_FILTER)
1308 if (MONO_OFFSET_IN_FILTER (clause, offset))
1310 if (!IS_STRICT_MODE (ctx) && MONO_OFFSET_IN_HANDLER (clause, offset))
1318 * Non-strict endfilter can happens inside a try block or any handler block
1321 is_unverifiable_endfilter (VerifyContext *ctx, guint offset)
1324 MonoExceptionClause *clause;
1326 for (i = 0; i < ctx->header->num_clauses; ++i) {
1327 clause = &ctx->header->clauses [i];
1328 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1335 is_valid_bool_arg (ILStackDesc *arg)
1337 if (stack_slot_is_managed_pointer (arg) || stack_slot_is_boxed_value (arg) || stack_slot_is_null_literal (arg))
1341 switch (stack_slot_get_underlying_type (arg)) {
1344 case TYPE_NATIVE_INT:
1348 g_assert (arg->type);
1349 switch (arg->type->type) {
1350 case MONO_TYPE_CLASS:
1351 case MONO_TYPE_STRING:
1352 case MONO_TYPE_OBJECT:
1353 case MONO_TYPE_SZARRAY:
1354 case MONO_TYPE_ARRAY:
1355 case MONO_TYPE_FNPTR:
1358 case MONO_TYPE_GENERICINST:
1359 /*We need to check if the container class
1360 * of the generic type is a valuetype, iow:
1361 * is it a "class Foo<T>" or a "struct Foo<T>"?
1363 return !arg->type->data.generic_class->container_class->valuetype;
1371 /*Type manipulation helper*/
1373 /*Returns the byref version of the supplied MonoType*/
1375 mono_type_get_type_byref (MonoType *type)
1379 return &mono_class_from_mono_type (type)->this_arg;
1383 /*Returns the byval version of the supplied MonoType*/
1385 mono_type_get_type_byval (MonoType *type)
1389 return &mono_class_from_mono_type (type)->byval_arg;
1393 mono_type_from_stack_slot (ILStackDesc *slot)
1395 if (stack_slot_is_managed_pointer (slot))
1396 return mono_type_get_type_byref (slot->type);
1400 /*Stack manipulation code*/
1403 stack_init (VerifyContext *ctx, ILCodeDesc *state)
1405 if (state->flags & IL_CODE_FLAG_STACK_INITED)
1408 state->flags |= IL_CODE_FLAG_STACK_INITED;
1410 state->stack = g_new0 (ILStackDesc, ctx->max_stack);
1414 stack_copy (ILCodeDesc *to, ILCodeDesc *from)
1416 to->size = from->size;
1417 memcpy (to->stack, from->stack, sizeof (ILStackDesc) * from->size);
1421 copy_stack_value (ILStackDesc *to, ILStackDesc *from)
1423 to->stype = from->stype;
1424 to->type = from->type;
1425 to->method = from->method;
1429 check_underflow (VerifyContext *ctx, int size)
1431 if (ctx->eval.size < size) {
1432 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack underflow, required %d, but have %d at 0x%04x", size, ctx->eval.size, ctx->ip_offset));
1439 check_overflow (VerifyContext *ctx)
1441 if (ctx->eval.size >= ctx->max_stack) {
1442 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have stack-depth %d at 0x%04x", ctx->eval.size + 1, ctx->ip_offset));
1449 check_unmanaged_pointer (VerifyContext *ctx, ILStackDesc *value)
1451 if (stack_slot_get_type (value) == TYPE_PTR) {
1452 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1459 check_unverifiable_type (VerifyContext *ctx, MonoType *type)
1461 if (type->type == MONO_TYPE_PTR || type->type == MONO_TYPE_FNPTR) {
1462 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1469 static ILStackDesc *
1470 stack_push (VerifyContext *ctx)
1472 return & ctx->eval.stack [ctx->eval.size++];
1475 static ILStackDesc *
1476 stack_push_val (VerifyContext *ctx, int stype, MonoType *type)
1478 ILStackDesc *top = stack_push (ctx);
1484 static ILStackDesc *
1485 stack_pop (VerifyContext *ctx)
1487 return ctx->eval.stack + --ctx->eval.size;
1490 static inline ILStackDesc *
1491 stack_top (VerifyContext *ctx)
1493 return ctx->eval.stack + (ctx->eval.size - 1);
1496 static inline ILStackDesc *
1497 stack_get (VerifyContext *ctx, int distance)
1499 return ctx->eval.stack + (ctx->eval.size - distance - 1);
1502 /* Returns the MonoType associated with the token, or NULL if it is invalid.
1504 * A boxable type can be either a reference or value type, but cannot be a byref type or an unmanaged pointer
1507 get_boxable_mono_type (VerifyContext* ctx, int token, const char *opcode)
1512 if (!(type = verifier_load_type (ctx, token, opcode)))
1515 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
1516 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type for %s at 0x%04x", opcode, ctx->ip_offset));
1520 if (type->type == MONO_TYPE_VOID) {
1521 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type for %s at 0x%04x", opcode, ctx->ip_offset));
1525 if (type->type == MONO_TYPE_TYPEDBYREF)
1526 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid use of typedbyref for %s at 0x%04x", opcode, ctx->ip_offset));
1528 check_unverifiable_type (ctx, type);
1533 /*operation result tables */
1535 static const unsigned char bin_op_table [TYPE_MAX][TYPE_MAX] = {
1536 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1537 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1538 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1539 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1540 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1541 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1544 static const unsigned char add_table [TYPE_MAX][TYPE_MAX] = {
1545 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1546 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1547 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1548 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1549 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1550 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1553 static const unsigned char sub_table [TYPE_MAX][TYPE_MAX] = {
1554 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1555 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1556 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1557 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1558 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1559 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1562 static const unsigned char int_bin_op_table [TYPE_MAX][TYPE_MAX] = {
1563 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1564 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1565 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1566 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1567 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1568 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1571 static const unsigned char shift_op_table [TYPE_MAX][TYPE_MAX] = {
1572 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1573 {TYPE_I8, TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV},
1574 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1575 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1576 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1577 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1580 static const unsigned char cmp_br_op [TYPE_MAX][TYPE_MAX] = {
1581 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1582 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1583 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1584 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1585 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV},
1586 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1589 static const unsigned char cmp_br_eq_op [TYPE_MAX][TYPE_MAX] = {
1590 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1591 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1592 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV},
1593 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1594 {TYPE_INV, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_I4, TYPE_INV},
1595 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4},
1598 static const unsigned char add_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1599 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1600 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1601 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1602 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1603 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1604 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1607 static const unsigned char sub_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1608 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1609 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1610 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1611 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1612 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1613 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1616 static const unsigned char bin_ovf_table [TYPE_MAX][TYPE_MAX] = {
1617 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1618 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1619 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1620 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1621 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1622 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1625 #ifdef MONO_VERIFIER_DEBUG
1629 dump_stack_value (ILStackDesc *value)
1631 printf ("[(%x)(%x)", value->type->type, value->stype);
1633 if (stack_slot_is_this_pointer (value))
1636 if (stack_slot_is_boxed_value (value))
1637 printf ("[boxed] ");
1639 if (stack_slot_is_null_literal (value))
1642 if (stack_slot_is_managed_mutability_pointer (value))
1643 printf ("Controled Mutability MP: ");
1645 if (stack_slot_is_managed_pointer (value))
1646 printf ("Managed Pointer to: ");
1648 switch (stack_slot_get_underlying_type (value)) {
1650 printf ("invalid type]");
1658 case TYPE_NATIVE_INT:
1659 printf ("native int]");
1662 printf ("float64]");
1665 printf ("unmanaged pointer]");
1668 switch (value->type->type) {
1669 case MONO_TYPE_CLASS:
1670 case MONO_TYPE_VALUETYPE:
1671 printf ("complex] (%s)", value->type->data.klass->name);
1673 case MONO_TYPE_STRING:
1674 printf ("complex] (string)");
1676 case MONO_TYPE_OBJECT:
1677 printf ("complex] (object)");
1679 case MONO_TYPE_SZARRAY:
1680 printf ("complex] (%s [])", value->type->data.klass->name);
1682 case MONO_TYPE_ARRAY:
1683 printf ("complex] (%s [%d %d %d])",
1684 value->type->data.array->eklass->name,
1685 value->type->data.array->rank,
1686 value->type->data.array->numsizes,
1687 value->type->data.array->numlobounds);
1689 case MONO_TYPE_GENERICINST:
1690 printf ("complex] (inst of %s )", value->type->data.generic_class->container_class->name);
1693 printf ("complex] (type generic param !%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1695 case MONO_TYPE_MVAR:
1696 printf ("complex] (method generic param !!%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1699 //should be a boxed value
1700 char * name = mono_type_full_name (value->type);
1701 printf ("complex] %s", name);
1707 printf ("unknown stack %x type]\n", value->stype);
1708 g_assert_not_reached ();
1713 dump_stack_state (ILCodeDesc *state)
1717 printf ("(%d) ", state->size);
1718 for (i = 0; i < state->size; ++i)
1719 dump_stack_value (state->stack + i);
1724 /*Returns TRUE if candidate array type can be assigned to target.
1725 *Both parameters MUST be of type MONO_TYPE_ARRAY (target->type == MONO_TYPE_ARRAY)
1728 is_array_type_compatible (MonoType *target, MonoType *candidate)
1731 MonoArrayType *left = target->data.array;
1732 MonoArrayType *right = candidate->data.array;
1734 g_assert (target->type == MONO_TYPE_ARRAY);
1735 g_assert (candidate->type == MONO_TYPE_ARRAY);
1738 if ((left->rank != right->rank) ||
1739 (left->numsizes != right->numsizes) ||
1740 (left->numlobounds != right->numlobounds))
1743 for (i = 0; i < left->numsizes; ++i)
1744 if (left->sizes [i] != right->sizes [i])
1747 for (i = 0; i < left->numlobounds; ++i)
1748 if (left->lobounds [i] != right->lobounds [i])
1751 return mono_class_is_assignable_from (left->eklass, right->eklass);
1755 get_stack_type (MonoType *type)
1758 int type_kind = type->type;
1760 mask = POINTER_MASK;
1761 /*TODO handle CMMP_MASK */
1764 switch (type_kind) {
1767 case MONO_TYPE_BOOLEAN:
1770 case MONO_TYPE_CHAR:
1773 return TYPE_I4 | mask;
1777 return TYPE_NATIVE_INT | mask;
1779 /* FIXME: the spec says that you cannot have a pointer to method pointer, do we need to check this here? */
1780 case MONO_TYPE_FNPTR:
1782 case MONO_TYPE_TYPEDBYREF:
1783 return TYPE_PTR | mask;
1786 case MONO_TYPE_MVAR:
1788 case MONO_TYPE_CLASS:
1789 case MONO_TYPE_STRING:
1790 case MONO_TYPE_OBJECT:
1791 case MONO_TYPE_SZARRAY:
1792 case MONO_TYPE_ARRAY:
1793 return TYPE_COMPLEX | mask;
1795 case MONO_TYPE_GENERICINST:
1796 if (mono_type_is_enum_type (type)) {
1797 type = mono_type_get_underlying_type_any (type);
1798 type_kind = type->type;
1801 return TYPE_COMPLEX | mask;
1806 return TYPE_I8 | mask;
1810 return TYPE_R8 | mask;
1812 case MONO_TYPE_VALUETYPE:
1813 if (mono_type_is_enum_type (type)) {
1814 type = mono_type_get_underlying_type_any (type);
1815 type_kind = type->type;
1818 return TYPE_COMPLEX | mask;
1822 VERIFIER_DEBUG ( printf ("unknown type %02x in eval stack type\n", type->type); );
1823 g_assert_not_reached ();
1828 /* convert MonoType to ILStackDesc format (stype) */
1830 set_stack_value (VerifyContext *ctx, ILStackDesc *stack, MonoType *type, int take_addr)
1833 int type_kind = type->type;
1835 if (type->byref || take_addr)
1836 mask = POINTER_MASK;
1837 /* TODO handle CMMP_MASK */
1842 switch (type_kind) {
1845 case MONO_TYPE_BOOLEAN:
1848 case MONO_TYPE_CHAR:
1851 stack->stype = TYPE_I4 | mask;
1855 stack->stype = TYPE_NATIVE_INT | mask;
1858 /*FIXME: Do we need to check if it's a pointer to the method pointer? The spec says it' illegal to have that.*/
1859 case MONO_TYPE_FNPTR:
1861 case MONO_TYPE_TYPEDBYREF:
1862 stack->stype = TYPE_PTR | mask;
1865 case MONO_TYPE_CLASS:
1866 case MONO_TYPE_STRING:
1867 case MONO_TYPE_OBJECT:
1868 case MONO_TYPE_SZARRAY:
1869 case MONO_TYPE_ARRAY:
1872 case MONO_TYPE_MVAR:
1873 stack->stype = TYPE_COMPLEX | mask;
1876 case MONO_TYPE_GENERICINST:
1877 if (mono_type_is_enum_type (type)) {
1878 type = mono_type_get_underlying_type_any (type);
1879 type_kind = type->type;
1882 stack->stype = TYPE_COMPLEX | mask;
1888 stack->stype = TYPE_I8 | mask;
1892 stack->stype = TYPE_R8 | mask;
1894 case MONO_TYPE_VALUETYPE:
1895 if (mono_type_is_enum_type (type)) {
1896 type = mono_type_get_underlying_type_any (type);
1897 type_kind = type->type;
1900 stack->stype = TYPE_COMPLEX | mask;
1904 VERIFIER_DEBUG ( printf ("unknown type 0x%02x in eval stack type\n", type->type); );
1905 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Illegal value set on stack 0x%02x at %d", type->type, ctx->ip_offset));
1912 * init_stack_with_value_at_exception_boundary:
1914 * Initialize the stack and push a given type.
1915 * The instruction is marked as been on the exception boundary.
1918 init_stack_with_value_at_exception_boundary (VerifyContext *ctx, ILCodeDesc *code, MonoClass *klass)
1920 stack_init (ctx, code);
1921 set_stack_value (ctx, code->stack, &klass->byval_arg, FALSE);
1923 code->flags |= IL_CODE_FLAG_WAS_TARGET;
1926 /*Verify if type 'candidate' can be stored in type 'target'.
1928 * If strict, check for the underlying type and not the verification stack types
1931 verify_type_compatibility_full (VerifyContext *ctx, MonoType *target, MonoType *candidate, gboolean strict)
1933 #define IS_ONE_OF3(T, A, B, C) (T == A || T == B || T == C)
1934 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
1936 MonoType *original_candidate = candidate;
1937 VERIFIER_DEBUG ( printf ("checking type compatibility %p %p[%x][%x] %p[%x][%x]\n", ctx, target, target->type, target->byref, candidate, candidate->type, candidate->byref); );
1939 /*only one is byref */
1940 if (candidate->byref ^ target->byref) {
1941 /* converting from native int to byref*/
1942 if (get_stack_type (candidate) == TYPE_NATIVE_INT && target->byref) {
1943 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("using byref native int at 0x%04x", ctx->ip_offset));
1948 strict |= target->byref;
1949 /*From now on we don't care about byref anymore, so it's ok to discard it here*/
1950 candidate = mono_type_get_underlying_type_any (candidate);
1953 switch (target->type) {
1954 case MONO_TYPE_VOID:
1955 return candidate->type == MONO_TYPE_VOID;
1958 case MONO_TYPE_BOOLEAN:
1960 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I1, MONO_TYPE_U1, MONO_TYPE_BOOLEAN);
1963 case MONO_TYPE_CHAR:
1965 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I2, MONO_TYPE_U2, MONO_TYPE_CHAR);
1967 case MONO_TYPE_U4: {
1968 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
1969 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
1971 return is_native_int || is_int4;
1972 return is_native_int || get_stack_type (candidate) == TYPE_I4;
1977 return IS_ONE_OF2 (candidate->type, MONO_TYPE_I8, MONO_TYPE_U8);
1982 return candidate->type == target->type;
1983 return IS_ONE_OF2 (candidate->type, MONO_TYPE_R4, MONO_TYPE_R8);
1987 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
1988 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
1990 return is_native_int || is_int4;
1991 return is_native_int || get_stack_type (candidate) == TYPE_I4;
1995 if (!IS_STRICT_MODE (ctx) && IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U))
1997 if (candidate->type != MONO_TYPE_PTR)
1999 /* check the underlying type */
2000 return verify_type_compatibility_full (ctx, target->data.type, candidate->data.type, TRUE);
2002 case MONO_TYPE_FNPTR: {
2003 MonoMethodSignature *left, *right;
2004 if (candidate->type != MONO_TYPE_FNPTR)
2007 left = mono_type_get_signature (target);
2008 right = mono_type_get_signature (candidate);
2009 return mono_metadata_signature_equal (left, right) && left->call_convention == right->call_convention;
2012 case MONO_TYPE_GENERICINST: {
2013 if (mono_type_is_enum_type (target)) {
2014 target = mono_type_get_underlying_type_any (target);
2017 return mono_class_is_assignable_from (mono_class_from_mono_type (target), mono_class_from_mono_type (candidate));
2020 case MONO_TYPE_STRING:
2021 return candidate->type == MONO_TYPE_STRING;
2023 case MONO_TYPE_CLASS:
2024 /* If candidate is an enum it should return true for System.Enum and supertypes.
2025 * That's why here we use the original type and not the underlying type.
2027 return mono_class_is_assignable_from (target->data.klass, mono_class_from_mono_type (original_candidate));
2029 case MONO_TYPE_OBJECT:
2030 return MONO_TYPE_IS_REFERENCE (candidate);
2032 case MONO_TYPE_SZARRAY: {
2035 if (candidate->type != MONO_TYPE_SZARRAY)
2038 left = target->data.klass;
2039 right = candidate->data.klass;
2040 return mono_class_is_assignable_from(left, right);
2043 case MONO_TYPE_ARRAY:
2044 if (candidate->type != MONO_TYPE_ARRAY)
2046 return is_array_type_compatible (target, candidate);
2048 case MONO_TYPE_TYPEDBYREF:
2049 return candidate->type == MONO_TYPE_TYPEDBYREF;
2051 case MONO_TYPE_VALUETYPE:
2052 if (candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass)
2054 if (mono_type_is_enum_type (target)) {
2055 target = mono_type_get_underlying_type_any (target);
2061 if (candidate->type != MONO_TYPE_VAR)
2063 return candidate->data.generic_param->num == target->data.generic_param->num;
2065 case MONO_TYPE_MVAR:
2066 if (candidate->type != MONO_TYPE_MVAR)
2068 return candidate->data.generic_param->num == target->data.generic_param->num;
2071 VERIFIER_DEBUG ( printf ("unknown store type %d\n", target->type); );
2072 g_assert_not_reached ();
2081 verify_type_compatibility (VerifyContext *ctx, MonoType *target, MonoType *candidate)
2083 return verify_type_compatibility_full (ctx, target, candidate, FALSE);
2087 * is_compatible_boxed_valuetype:
2089 * Returns TRUE if @candidate / @stack is a valid boxed valuetype.
2091 * @type The source type. It it tested to be of the proper type.
2092 * @candidate type of the boxed valuetype.
2093 * @stack stack slot of the boxed valuetype, separate from @candidade since one could be changed before calling this function
2094 * @type_must_be_object if TRUE @type must be System.Object, otherwise can be any reference type.
2098 is_compatible_boxed_valuetype (MonoType *type, MonoType *candidate, ILStackDesc *stack, gboolean type_must_be_object)
2100 if (type_must_be_object && type->type != MONO_TYPE_OBJECT)
2102 if (!type_must_be_object && !MONO_TYPE_IS_REFERENCE (type))
2104 return !type->byref && !candidate->byref && stack_slot_is_boxed_value (stack);
2108 verify_stack_type_compatibility (VerifyContext *ctx, MonoType *type, ILStackDesc *stack)
2110 MonoType *candidate = mono_type_from_stack_slot (stack);
2111 if (MONO_TYPE_IS_REFERENCE (type) && !type->byref && stack_slot_is_null_literal (stack))
2114 if (is_compatible_boxed_valuetype (type, candidate, stack, TRUE))
2117 return verify_type_compatibility_full (ctx, type, candidate, FALSE);
2121 mono_delegate_type_equal (MonoType *target, MonoType *candidate)
2123 if (candidate->byref ^ target->byref)
2126 switch (target->type) {
2127 case MONO_TYPE_VOID:
2130 case MONO_TYPE_BOOLEAN:
2133 case MONO_TYPE_CHAR:
2142 case MONO_TYPE_STRING:
2143 case MONO_TYPE_TYPEDBYREF:
2144 return candidate->type == target->type;
2147 return mono_delegate_type_equal (target->data.type, candidate->data.type);
2149 case MONO_TYPE_FNPTR:
2150 if (candidate->type != MONO_TYPE_FNPTR)
2152 return mono_delegate_signature_equal (mono_type_get_signature (target), mono_type_get_signature (candidate));
2154 case MONO_TYPE_GENERICINST:
2156 g_assert_not_reached ();
2159 return candidate->type == MONO_TYPE_STRING;
2161 case MONO_TYPE_OBJECT:
2162 return MONO_TYPE_IS_REFERENCE (candidate);
2164 case MONO_TYPE_CLASS:
2165 if (candidate->type != MONO_TYPE_CLASS)
2167 return mono_class_is_assignable_from(target->data.klass, candidate->data.klass);
2169 case MONO_TYPE_SZARRAY:
2170 if (candidate->type != MONO_TYPE_SZARRAY)
2172 return mono_class_is_assignable_from (target->data.array->eklass, candidate->data.array->eklass);
2174 case MONO_TYPE_ARRAY:
2175 if (candidate->type != MONO_TYPE_ARRAY)
2177 return is_array_type_compatible (target, candidate);
2179 case MONO_TYPE_VALUETYPE:
2180 return candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass;
2184 g_assert_not_reached ();
2187 case MONO_TYPE_MVAR:
2189 g_assert_not_reached ();
2193 VERIFIER_DEBUG ( printf ("Unknown type %d. Implement me!\n", target->type); );
2194 g_assert_not_reached ();
2200 mono_delegate_param_equal (MonoType *delegate, MonoType *method)
2202 if (mono_metadata_type_equal_full (delegate, method, TRUE))
2205 return mono_delegate_type_equal (method, delegate);
2209 mono_delegate_ret_equal (MonoType *delegate, MonoType *method)
2211 if (mono_metadata_type_equal_full (delegate, method, TRUE))
2214 return mono_delegate_type_equal (delegate, method);
2218 * mono_delegate_signature_equal:
2220 * Compare two signatures in the way expected by delegates.
2222 * This function only exists due to the fact that it should ignore the 'has_this' part of the signature.
2224 * FIXME can this function be eliminated and proper metadata functionality be used?
2227 mono_delegate_signature_equal (MonoMethodSignature *sig1, MonoMethodSignature *sig2)
2230 if (sig1->param_count != sig2->param_count)
2233 if (sig1->generic_param_count != sig2->generic_param_count)
2236 if (sig1->call_convention != sig2->call_convention)
2239 for (i = 0; i < sig1->param_count; i++) {
2240 MonoType *p1 = sig1->params [i];
2241 MonoType *p2 = sig2->params [i];
2243 if (!mono_delegate_param_equal (p1, p2))
2247 if (!mono_delegate_ret_equal (sig1->ret, sig2->ret))
2254 * verify_ldftn_delegate:
2256 * Verify properties of ldftn based delegates.
2259 verify_ldftn_delegate (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2261 MonoMethod *method = funptr->method;
2263 /*ldftn non-final virtuals only allowed if method is not static,
2264 * the object is a this arg (comes from a ldarg.0), and there is no starg.0.
2265 * This rules doesn't apply if the object on stack is a boxed valuetype.
2267 if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !(method->klass->flags & TYPE_ATTRIBUTE_SEALED) && !stack_slot_is_boxed_value (value)) {
2268 /*A stdarg 0 must not happen, we fail here only in fail fast mode to avoid double error reports*/
2269 if (IS_FAIL_FAST_MODE (ctx) && ctx->has_this_store)
2270 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", ctx->ip_offset));
2272 /*current method must not be static*/
2273 if (ctx->method->flags & METHOD_ATTRIBUTE_STATIC)
2274 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function at 0x%04x", ctx->ip_offset));
2276 /*value is the this pointer, loaded using ldarg.0 */
2277 if (!stack_slot_is_this_pointer (value))
2278 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object argument, it is not the this pointer, to ldftn with virtual method at 0x%04x", ctx->ip_offset));
2280 ctx->code [ctx->ip_offset].flags |= IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL;
2285 * verify_delegate_compatibility:
2287 * Verify delegate creation sequence.
2291 verify_delegate_compatibility (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2293 #define IS_VALID_OPCODE(offset, opcode) (ip [ip_offset - offset] == opcode && (ctx->code [ip_offset - offset].flags & IL_CODE_FLAG_SEEN))
2294 #define IS_LOAD_FUN_PTR(kind) (IS_VALID_OPCODE (6, CEE_PREFIX1) && ip [ip_offset - 5] == kind)
2296 MonoMethod *invoke, *method;
2297 const guint8 *ip = ctx->header->code;
2298 guint32 ip_offset = ctx->ip_offset;
2300 if (stack_slot_get_type (funptr) != TYPE_PTR || !funptr->method) {
2301 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid function pointer parameter for delegate constructor at 0x%04x", ctx->ip_offset));
2305 invoke = mono_get_delegate_invoke (delegate);
2306 method = funptr->method;
2308 if (!mono_delegate_signature_equal (mono_method_signature (invoke), mono_method_signature (method)))
2309 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Function pointer parameter for delegate constructor has diferent signature at 0x%04x", ctx->ip_offset));
2312 * Delegate code sequences:
2318 * [-6] ldvirtftn token
2322 if (ip_offset > 5 && IS_LOAD_FUN_PTR (CEE_LDFTN)) {
2323 verify_ldftn_delegate (ctx, delegate, value, funptr);
2324 } else if (ip_offset > 6 && IS_VALID_OPCODE (7, CEE_DUP) && IS_LOAD_FUN_PTR (CEE_LDVIRTFTN)) {
2325 ctx->code [ip_offset - 6].flags |= IL_CODE_DELEGATE_SEQUENCE;
2327 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid code sequence for delegate creation at 0x%04x", ctx->ip_offset));
2329 ctx->code [ip_offset].flags |= IL_CODE_DELEGATE_SEQUENCE;
2332 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, value->type) && !stack_slot_is_null_literal (value))
2333 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
2335 if (stack_slot_get_type (value) != TYPE_COMPLEX)
2336 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid first parameter for delegate creation at 0x%04x", ctx->ip_offset));
2338 #undef IS_VALID_OPCODE
2339 #undef IS_LOAD_FUN_PTR
2342 /* implement the opcode checks*/
2344 push_arg (VerifyContext *ctx, unsigned int arg, int take_addr)
2346 if (arg >= ctx->max_args) {
2348 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2350 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2351 if (check_overflow (ctx)) //FIXME: what sane value could we ever push?
2352 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2354 } else if (check_overflow (ctx)) {
2355 /*We must let the value be pushed, otherwise we would get an underflow error*/
2356 check_unverifiable_type (ctx, ctx->params [arg]);
2357 if (ctx->params [arg]->byref && take_addr)
2358 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2359 if (!set_stack_value (ctx, stack_push (ctx), ctx->params [arg], take_addr))
2362 if (arg == 0 && !(ctx->method->flags & METHOD_ATTRIBUTE_STATIC)) {
2364 ctx->has_this_store = TRUE;
2366 stack_top (ctx)->stype |= THIS_POINTER_MASK;
2372 push_local (VerifyContext *ctx, guint32 arg, int take_addr)
2374 if (arg >= ctx->num_locals) {
2375 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local %d", arg + 1));
2376 } else if (check_overflow (ctx)) {
2377 /*We must let the value be pushed, otherwise we would get an underflow error*/
2378 check_unverifiable_type (ctx, ctx->locals [arg]);
2379 if (ctx->locals [arg]->byref && take_addr)
2380 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2382 set_stack_value (ctx, stack_push (ctx), ctx->locals [arg], take_addr);
2387 store_arg (VerifyContext *ctx, guint32 arg)
2391 if (arg >= ctx->max_args) {
2392 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d at 0x%04x", arg + 1, ctx->ip_offset));
2393 check_underflow (ctx, 1);
2398 if (check_underflow (ctx, 1)) {
2399 value = stack_pop (ctx);
2400 if (!verify_stack_type_compatibility (ctx, ctx->params [arg], value)) {
2401 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in argument store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2404 if (arg == 0 && !(ctx->method->flags & METHOD_ATTRIBUTE_STATIC))
2405 ctx->has_this_store = 1;
2409 store_local (VerifyContext *ctx, guint32 arg)
2412 if (arg >= ctx->num_locals) {
2413 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local var %d at 0x%04x", arg + 1, ctx->ip_offset));
2417 /*TODO verify definite assigment */
2418 if (check_underflow (ctx, 1)) {
2419 value = stack_pop(ctx);
2420 if (!verify_stack_type_compatibility (ctx, ctx->locals [arg], value)) {
2421 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type [%s], type [%s] was expected in local store at 0x%04x",
2422 stack_slot_get_name (value),
2423 mono_type_get_stack_name (ctx->locals [arg]),
2429 /*FIXME add and sub needs special care here*/
2431 do_binop (VerifyContext *ctx, unsigned int opcode, const unsigned char table [TYPE_MAX][TYPE_MAX])
2434 int idxa, idxb, complexMerge = 0;
2437 if (!check_underflow (ctx, 2))
2439 a = stack_get (ctx, 1);
2440 b = stack_top (ctx);
2442 idxa = stack_slot_get_underlying_type (a);
2443 if (stack_slot_is_managed_pointer (a)) {
2448 idxb = stack_slot_get_underlying_type (b);
2449 if (stack_slot_is_managed_pointer (b)) {
2456 res = table [idxa][idxb];
2458 VERIFIER_DEBUG ( printf ("binop res %d\n", res); );
2459 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2462 if (res == TYPE_INV) {
2463 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction applyed to ill formed stack (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2467 if (res & NON_VERIFIABLE_RESULT) {
2468 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction is not verifiable (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2470 res = res & ~NON_VERIFIABLE_RESULT;
2473 if (complexMerge && res == TYPE_PTR) {
2474 if (complexMerge == 1)
2475 copy_stack_value (stack_top (ctx), a);
2476 else if (complexMerge == 2)
2477 copy_stack_value (stack_top (ctx), b);
2479 * There is no need to merge the type of two pointers.
2480 * The only valid operation is subtraction, that returns a native
2481 * int as result and can be used with any 2 pointer kinds.
2482 * This is valid acording to Patition III 1.1.4
2485 stack_top (ctx)->stype = res;
2491 do_boolean_branch_op (VerifyContext *ctx, int delta)
2493 int target = ctx->ip_offset + delta;
2496 VERIFIER_DEBUG ( printf ("boolean branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2498 if (target < 0 || target >= ctx->code_size) {
2499 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Boolean branch target out of code at 0x%04x", ctx->ip_offset));
2503 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2505 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2508 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2512 ctx->target = target;
2514 if (!check_underflow (ctx, 1))
2517 top = stack_pop (ctx);
2518 if (!is_valid_bool_arg (top))
2519 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Argument type %s not valid for brtrue/brfalse at 0x%04x", stack_slot_get_name (stack_get (ctx, -1)), ctx->ip_offset));
2521 check_unmanaged_pointer (ctx, top);
2526 do_branch_op (VerifyContext *ctx, signed int delta, const unsigned char table [TYPE_MAX][TYPE_MAX])
2531 int target = ctx->ip_offset + delta;
2533 VERIFIER_DEBUG ( printf ("branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2535 if (target < 0 || target >= ctx->code_size) {
2536 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
2540 switch (is_valid_cmp_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2542 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2545 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2549 ctx->target = target;
2551 if (!check_underflow (ctx, 2))
2554 b = stack_pop (ctx);
2555 a = stack_pop (ctx);
2557 idxa = stack_slot_get_underlying_type (a);
2558 if (stack_slot_is_managed_pointer (a))
2561 idxb = stack_slot_get_underlying_type (b);
2562 if (stack_slot_is_managed_pointer (b))
2567 res = table [idxa][idxb];
2569 VERIFIER_DEBUG ( printf ("branch res %d\n", res); );
2570 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2572 if (res == TYPE_INV) {
2573 CODE_NOT_VERIFIABLE (ctx,
2574 g_strdup_printf ("Compare and Branch instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2575 } else if (res & NON_VERIFIABLE_RESULT) {
2576 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare and Branch instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2577 res = res & ~NON_VERIFIABLE_RESULT;
2582 do_cmp_op (VerifyContext *ctx, const unsigned char table [TYPE_MAX][TYPE_MAX], guint32 opcode)
2588 if (!check_underflow (ctx, 2))
2590 b = stack_pop (ctx);
2591 a = stack_pop (ctx);
2593 if (opcode == CEE_CGT_UN) {
2594 if (stack_slot_get_type (a) == TYPE_COMPLEX && stack_slot_get_type (b) == TYPE_COMPLEX) {
2595 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2600 idxa = stack_slot_get_underlying_type (a);
2601 if (stack_slot_is_managed_pointer (a))
2604 idxb = stack_slot_get_underlying_type (b);
2605 if (stack_slot_is_managed_pointer (b))
2610 res = table [idxa][idxb];
2612 if(res == TYPE_INV) {
2613 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf("Compare instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2614 } else if (res & NON_VERIFIABLE_RESULT) {
2615 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2616 res = res & ~NON_VERIFIABLE_RESULT;
2618 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2622 do_ret (VerifyContext *ctx)
2624 MonoType *ret = ctx->signature->ret;
2625 VERIFIER_DEBUG ( printf ("checking ret\n"); );
2626 if (ret->type != MONO_TYPE_VOID) {
2628 if (!check_underflow (ctx, 1))
2631 top = stack_pop(ctx);
2633 if (!verify_stack_type_compatibility (ctx, ctx->signature->ret, top)) {
2634 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible return value on stack with method signature ret at 0x%04x", ctx->ip_offset));
2638 if (ret->byref || ret->type == MONO_TYPE_TYPEDBYREF || mono_type_is_value_type (ret, "System", "ArgIterator") || mono_type_is_value_type (ret, "System", "RuntimeArgumentHandle"))
2639 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method returns byref, TypedReference, ArgIterator or RuntimeArgumentHandle at 0x%04x", ctx->ip_offset));
2642 if (ctx->eval.size > 0) {
2643 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack not empty (%d) after ret at 0x%04x", ctx->eval.size, ctx->ip_offset));
2645 if (in_any_block (ctx->header, ctx->ip_offset))
2646 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ret cannot escape exception blocks at 0x%04x", ctx->ip_offset));
2650 * FIXME we need to fix the case of a non-virtual instance method defined in the parent but call using a token pointing to a subclass.
2651 * This is illegal but mono_get_method_full decoded it.
2652 * TODO handle calling .ctor outside one or calling the .ctor for other class but super
2655 do_invoke_method (VerifyContext *ctx, int method_token, gboolean virtual)
2658 MonoMethodSignature *sig;
2661 gboolean virt_check_this = FALSE;
2662 gboolean constrained = ctx->prefix_set & PREFIX_CONSTRAINED;
2664 if (!(method = verifier_load_method (ctx, method_token, virtual ? "callvirt" : "call")))
2668 ctx->prefix_set &= ~PREFIX_CONSTRAINED;
2670 if (method->klass->valuetype) // && !constrained ???
2671 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use callvirtual with valuetype method at 0x%04x", ctx->ip_offset));
2673 if ((method->flags & METHOD_ATTRIBUTE_STATIC))
2674 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use callvirtual with static method at 0x%04x", ctx->ip_offset));
2677 if (method->flags & METHOD_ATTRIBUTE_ABSTRACT)
2678 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use call with an abstract method at 0x%04x", ctx->ip_offset));
2680 if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL)) {
2681 virt_check_this = TRUE;
2682 ctx->code [ctx->ip_offset].flags |= IL_CODE_CALL_NONFINAL_VIRTUAL;
2686 if (!(sig = mono_method_get_signature_full (method, ctx->image, method_token, ctx->generic_context)))
2687 sig = mono_method_get_signature (method, ctx->image, method_token);
2689 param_count = sig->param_count + sig->hasthis;
2690 if (!check_underflow (ctx, param_count))
2693 for (i = sig->param_count - 1; i >= 0; --i) {
2694 VERIFIER_DEBUG ( printf ("verifying argument %d\n", i); );
2695 value = stack_pop (ctx);
2696 if (!verify_stack_type_compatibility (ctx, sig->params[i], value))
2697 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
2699 if (stack_slot_is_managed_mutability_pointer (value))
2700 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer as argument of %s at 0x%04x", virtual ? "callvirt" : "call", ctx->ip_offset));
2704 MonoType *type = &method->klass->byval_arg;
2706 value = stack_pop (ctx);
2707 copy_stack_value (©, value);
2708 //TODO we should extract this to a 'drop_byref_argument' and use everywhere
2709 //Other parts of the code suffer from the same issue of
2710 copy.type = mono_type_get_type_byval (copy.type);
2711 copy.stype &= ~POINTER_MASK;
2713 if (virt_check_this && !stack_slot_is_this_pointer (value) && !(method->klass->valuetype || stack_slot_is_boxed_value (value)))
2714 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a non-final virtual method from an objet diferent thant the this pointer at 0x%04x", ctx->ip_offset));
2716 if (constrained && virtual) {
2717 if (!stack_slot_is_managed_pointer (value))
2718 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Object is not a managed pointer for a constrained call at 0x%04x", ctx->ip_offset));
2719 if (!mono_metadata_type_equal_full (mono_type_get_type_byval (value->type), ctx->constrained_type, TRUE))
2720 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Object not compatible with constrained type at 0x%04x", ctx->ip_offset));
2721 copy.stype |= BOXED_MASK;
2723 if (stack_slot_is_managed_pointer (value) && !mono_class_from_mono_type (value->type)->valuetype)
2724 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a reference type using a managed pointer to the this arg at 0x%04x", ctx->ip_offset));
2726 if (!virtual && mono_class_from_mono_type (value->type)->valuetype && !method->klass->valuetype && !stack_slot_is_boxed_value (value))
2727 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a valuetype baseclass at 0x%04x", ctx->ip_offset));
2729 if (virtual && mono_class_from_mono_type (value->type)->valuetype && !stack_slot_is_boxed_value (value))
2730 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a valuetype with callvirt at 0x%04x", ctx->ip_offset));
2732 if (method->klass->valuetype && (stack_slot_is_boxed_value (value) || !stack_slot_is_managed_pointer (value)))
2733 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a boxed or literal valuetype to call a valuetype method at 0x%04x", ctx->ip_offset));
2735 if (!verify_stack_type_compatibility (ctx, type, ©))
2736 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible this argument on stack with method signature at 0x%04x", ctx->ip_offset));
2739 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_method (ctx->method, method))
2740 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Method is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
2742 if (sig->ret->type != MONO_TYPE_VOID) {
2743 if (check_overflow (ctx)) {
2744 value = stack_push (ctx);
2745 set_stack_value (ctx, value, sig->ret, FALSE);
2746 if ((ctx->prefix_set & PREFIX_READONLY) && method->klass->rank && !strcmp (method->name, "Address")) {
2747 ctx->prefix_set &= ~PREFIX_READONLY;
2748 value->stype |= CMMP_MASK;
2755 do_push_static_field (VerifyContext *ctx, int token, gboolean take_addr)
2757 MonoClassField *field;
2760 if (!(field = verifier_load_field (ctx, token, &klass, take_addr ? "ldsflda" : "ldsfld")))
2763 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2764 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot load non static field at 0x%04x", ctx->ip_offset));
2767 /*taking the address of initonly field only works from the static constructor */
2768 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2769 !(field->parent == ctx->method->klass && (ctx->method->flags & (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_STATIC)) && !strcmp (".cctor", ctx->method->name)))
2770 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2772 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2773 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2775 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2779 do_store_static_field (VerifyContext *ctx, int token) {
2780 MonoClassField *field;
2784 if (!check_underflow (ctx, 1))
2787 value = stack_pop (ctx);
2789 if (!(field = verifier_load_field (ctx, token, &klass, "stsfld")))
2792 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2793 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot store non static field at 0x%04x", ctx->ip_offset));
2797 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2798 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type in store static field at 0x%04x", ctx->ip_offset));
2802 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2803 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2805 if (!verify_stack_type_compatibility (ctx, field->type, value))
2806 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in static field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2810 check_is_valid_type_for_field_ops (VerifyContext *ctx, int token, ILStackDesc *obj, MonoClassField **ret_field, const char *opcode)
2812 MonoClassField *field;
2815 /*must be one of: complex type, managed pointer (to complex type), unmanaged pointer (native int) or an instance of a value type */
2816 if (!( stack_slot_get_underlying_type (obj) == TYPE_COMPLEX
2817 || stack_slot_get_type (obj) == TYPE_NATIVE_INT
2818 || stack_slot_get_type (obj) == TYPE_PTR)) {
2819 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument %s to load field at 0x%04x", stack_slot_get_name (obj), ctx->ip_offset));
2822 if (!(field = verifier_load_field (ctx, token, &klass, opcode)))
2825 //TODO verify if type loaded correctly.
2828 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2829 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type at 0x%04x", ctx->ip_offset));
2832 g_assert (obj->type);
2834 /*The value on the stack must be a subclass of the defining type of the field*/
2835 /* we need to check if we can load the field from the stack value*/
2836 if (stack_slot_get_underlying_type (obj) == TYPE_COMPLEX) {
2837 if (!field->parent->valuetype && stack_slot_is_managed_pointer (obj))
2838 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a managed pointer to a reference type and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2840 /*a value type can be loaded from a value or a managed pointer, but not a boxed object*/
2841 if (field->parent->valuetype && stack_slot_is_boxed_value (obj))
2842 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a boxed valuetype and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2844 if (!stack_slot_is_null_literal (obj) && !verify_type_compatibility (ctx, &field->parent->byval_arg, mono_type_get_type_byval (obj->type)))
2845 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2847 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2848 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2851 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2852 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2854 if (stack_slot_get_underlying_type (obj) == TYPE_NATIVE_INT)
2855 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Native int is not a verifiable type to reference a field at 0x%04x", ctx->ip_offset));
2857 check_unmanaged_pointer (ctx, obj);
2862 do_push_field (VerifyContext *ctx, int token, gboolean take_addr)
2865 MonoClassField *field;
2867 if (!check_underflow (ctx, 1))
2869 obj = stack_pop (ctx);
2871 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field, take_addr ? "ldflda" : "ldfld"))
2874 if (take_addr && field->parent->valuetype && !stack_slot_is_managed_pointer (obj))
2875 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a temporary value-type at 0x%04x", ctx->ip_offset));
2877 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2878 !(field->parent == ctx->method->klass && mono_method_is_constructor (ctx->method)))
2879 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2881 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2885 do_store_field (VerifyContext *ctx, int token)
2887 ILStackDesc *value, *obj;
2888 MonoClassField *field;
2890 if (!check_underflow (ctx, 2))
2893 value = stack_pop (ctx);
2894 obj = stack_pop (ctx);
2896 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field, "stfld"))
2899 if (!verify_stack_type_compatibility (ctx, field->type, value))
2900 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2903 /*TODO proper handle for Nullable<T>*/
2905 do_box_value (VerifyContext *ctx, int klass_token)
2908 MonoType *type = get_boxable_mono_type (ctx, klass_token, "box");
2913 if (!check_underflow (ctx, 1))
2916 value = stack_top (ctx);
2917 /*box is a nop for reference types*/
2919 if (stack_slot_get_underlying_type (value) == TYPE_COMPLEX && MONO_TYPE_IS_REFERENCE (value->type) && MONO_TYPE_IS_REFERENCE (type)) {
2920 value->stype |= BOXED_MASK;
2924 value = stack_pop (ctx);
2926 if (!verify_stack_type_compatibility (ctx, type, value))
2927 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for boxing operation at 0x%04x", ctx->ip_offset));
2929 stack_push_val (ctx, TYPE_COMPLEX | BOXED_MASK, type);
2933 do_unbox_value (VerifyContext *ctx, int klass_token)
2936 MonoType *type = get_boxable_mono_type (ctx, klass_token, "unbox");
2941 if (!check_underflow (ctx, 1))
2944 if (!mono_class_from_mono_type (type)->valuetype)
2945 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid reference type for unbox at 0x%04x", ctx->ip_offset));
2947 value = stack_pop (ctx);
2949 /*Value should be: a boxed valuetype or a reference type*/
2950 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
2951 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
2952 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2954 set_stack_value (ctx, value = stack_push (ctx), mono_type_get_type_byref (type), FALSE);
2955 value->stype |= CMMP_MASK;
2959 do_unbox_any (VerifyContext *ctx, int klass_token)
2962 MonoType *type = get_boxable_mono_type (ctx, klass_token, "unbox.any");
2967 if (!check_underflow (ctx, 1))
2970 value = stack_pop (ctx);
2972 /*Value should be: a boxed valuetype or a reference type*/
2973 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
2974 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
2975 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox.any operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2977 set_stack_value (ctx, stack_push (ctx), type, FALSE);
2981 do_unary_math_op (VerifyContext *ctx, int op)
2984 if (!check_underflow (ctx, 1))
2986 value = stack_top (ctx);
2987 switch (stack_slot_get_type (value)) {
2990 case TYPE_NATIVE_INT:
2995 case TYPE_COMPLEX: /*only enums are ok*/
2996 if (mono_type_is_enum_type (value->type))
2999 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for unary not at 0x%04x", ctx->ip_offset));
3004 do_conversion (VerifyContext *ctx, int kind)
3007 if (!check_underflow (ctx, 1))
3009 value = stack_pop (ctx);
3011 switch (stack_slot_get_type (value)) {
3014 case TYPE_NATIVE_INT:
3018 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type (%s) at stack for conversion operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3023 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
3026 stack_push_val (ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
3029 stack_push_val (ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
3031 case TYPE_NATIVE_INT:
3032 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
3035 g_error ("unknown type %02x in conversion", kind);
3041 do_load_token (VerifyContext *ctx, int token)
3044 MonoClass *handle_class;
3045 if (!check_overflow (ctx))
3047 handle = mono_ldtoken (ctx->image, token, &handle_class, ctx->generic_context);
3049 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid token 0x%x for ldtoken at 0x%04x", token, ctx->ip_offset));
3052 stack_push_val (ctx, TYPE_COMPLEX, mono_class_get_type (handle_class));
3056 do_ldobj_value (VerifyContext *ctx, int token)
3059 MonoType *type = get_boxable_mono_type (ctx, token, "ldobj");
3064 if (!check_underflow (ctx, 1))
3067 value = stack_pop (ctx);
3068 if (!stack_slot_is_managed_pointer (value)
3069 && stack_slot_get_type (value) != TYPE_NATIVE_INT
3070 && !(stack_slot_get_type (value) == TYPE_PTR && value->type->type != MONO_TYPE_FNPTR)) {
3071 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid argument %s to ldobj at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3075 if (stack_slot_get_type (value) == TYPE_NATIVE_INT)
3076 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Using native pointer to ldobj at 0x%04x", ctx->ip_offset));
3078 /*We have a byval on the stack, but the comparison must be strict. */
3079 if (!verify_type_compatibility_full (ctx, type, mono_type_get_type_byval (value->type), TRUE))
3080 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldojb operation at 0x%04x", ctx->ip_offset));
3082 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3086 do_stobj (VerifyContext *ctx, int token)
3088 ILStackDesc *dest, *src;
3089 MonoType *type = get_boxable_mono_type (ctx, token, "stobj");
3093 if (!check_underflow (ctx, 2))
3096 src = stack_pop (ctx);
3097 dest = stack_pop (ctx);
3099 if (stack_slot_is_managed_mutability_pointer (dest))
3100 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer with stobj at 0x%04x", ctx->ip_offset));
3102 if (!stack_slot_is_managed_pointer (dest))
3103 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of stobj operation at 0x%04x", ctx->ip_offset));
3105 if (!verify_stack_type_compatibility (ctx, type, src))
3106 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of stobj don't match at 0x%04x", ctx->ip_offset));
3108 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
3109 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of stobj don't match at 0x%04x", ctx->ip_offset));
3113 do_cpobj (VerifyContext *ctx, int token)
3115 ILStackDesc *dest, *src;
3116 MonoType *type = get_boxable_mono_type (ctx, token, "cpobj");
3120 if (!check_underflow (ctx, 2))
3123 src = stack_pop (ctx);
3124 dest = stack_pop (ctx);
3126 if (!stack_slot_is_managed_pointer (src))
3127 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid source of cpobj operation at 0x%04x", ctx->ip_offset));
3129 if (!stack_slot_is_managed_pointer (dest))
3130 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of cpobj operation at 0x%04x", ctx->ip_offset));
3132 if (stack_slot_is_managed_mutability_pointer (dest))
3133 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer with cpobj at 0x%04x", ctx->ip_offset));
3135 if (!verify_type_compatibility (ctx, type, mono_type_get_type_byval (src->type)))
3136 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of cpobj don't match at 0x%04x", ctx->ip_offset));
3138 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
3139 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of cpobj don't match at 0x%04x", ctx->ip_offset));
3143 do_initobj (VerifyContext *ctx, int token)
3146 MonoType *stack, *type = get_boxable_mono_type (ctx, token, "initobj");
3150 if (!check_underflow (ctx, 1))
3153 obj = stack_pop (ctx);
3155 if (!stack_slot_is_managed_pointer (obj))
3156 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object address for initobj at 0x%04x", ctx->ip_offset));
3158 if (stack_slot_is_managed_mutability_pointer (obj))
3159 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer with initobj at 0x%04x", ctx->ip_offset));
3161 stack = mono_type_get_type_byval (obj->type);
3162 if (MONO_TYPE_IS_REFERENCE (stack)) {
3163 if (!verify_type_compatibility (ctx, stack, type))
3164 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3165 else if (IS_STRICT_MODE (ctx) && !mono_metadata_type_equal (type, stack))
3166 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3167 } else if (!verify_type_compatibility (ctx, stack, type)) {
3168 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3173 do_newobj (VerifyContext *ctx, int token)
3177 MonoMethodSignature *sig;
3179 gboolean is_delegate = FALSE;
3181 if (!(method = verifier_load_method (ctx, token, "newobj")))
3184 if (!mono_method_is_constructor (method)) {
3185 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method from token 0x%08x not a constructor at 0x%04x", token, ctx->ip_offset));
3189 if (method->klass->flags & (TYPE_ATTRIBUTE_ABSTRACT | TYPE_ATTRIBUTE_INTERFACE))
3190 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Trying to instantiate an abstract or interface type at 0x%04x", ctx->ip_offset));
3192 if (!mono_method_can_access_method (ctx->method, method))
3193 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Constructor not visible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
3195 //FIXME use mono_method_get_signature_full
3196 sig = mono_method_signature (method);
3197 if (!check_underflow (ctx, sig->param_count))
3200 is_delegate = method->klass->parent == mono_defaults.multicastdelegate_class;
3203 ILStackDesc *funptr;
3204 //first arg is object, second arg is fun ptr
3205 if (sig->param_count != 2) {
3206 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid delegate constructor at 0x%04x", ctx->ip_offset));
3209 funptr = stack_pop (ctx);
3210 value = stack_pop (ctx);
3211 verify_delegate_compatibility (ctx, method->klass, value, funptr);
3213 for (i = sig->param_count - 1; i >= 0; --i) {
3214 VERIFIER_DEBUG ( printf ("verifying constructor argument %d\n", i); );
3215 value = stack_pop (ctx);
3216 if (!verify_stack_type_compatibility (ctx, sig->params [i], value))
3217 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
3219 if (stack_slot_is_managed_mutability_pointer (value))
3220 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer as argument of newobj at 0x%04x", ctx->ip_offset));
3224 if (check_overflow (ctx))
3225 set_stack_value (ctx, stack_push (ctx), &method->klass->byval_arg, FALSE);
3229 do_cast (VerifyContext *ctx, int token, const char *opcode) {
3234 if (!check_underflow (ctx, 1))
3237 if (!(type = verifier_load_type (ctx, token, opcode)))
3241 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid %s type at 0x%04x", opcode, ctx->ip_offset));
3245 value = stack_pop (ctx);
3246 is_boxed = stack_slot_is_boxed_value (value);
3248 if (stack_slot_is_managed_pointer (value))
3249 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode, ctx->ip_offset));
3250 else if (mono_class_from_mono_type (value->type)->valuetype && !is_boxed)
3251 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Value cannot be a valuetype for %s at 0x%04x", opcode, ctx->ip_offset));
3253 switch (value->type->type) {
3254 case MONO_TYPE_FNPTR:
3256 case MONO_TYPE_TYPEDBYREF:
3257 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode, ctx->ip_offset));
3260 stack_push_val (ctx, TYPE_COMPLEX | (mono_class_from_mono_type (type)->valuetype || is_boxed ? BOXED_MASK : 0), type);
3264 mono_type_from_opcode (int opcode) {
3272 return &mono_defaults.sbyte_class->byval_arg;
3280 return &mono_defaults.int16_class->byval_arg;
3288 return &mono_defaults.int32_class->byval_arg;
3294 return &mono_defaults.int64_class->byval_arg;
3300 return &mono_defaults.single_class->byval_arg;
3306 return &mono_defaults.double_class->byval_arg;
3312 return &mono_defaults.int_class->byval_arg;
3316 case CEE_LDELEM_REF:
3317 case CEE_STELEM_REF:
3318 return &mono_defaults.object_class->byval_arg;
3321 g_error ("unknown opcode %02x in mono_type_from_opcode ", opcode);
3327 do_load_indirect (VerifyContext *ctx, int opcode)
3330 if (!check_underflow (ctx, 1))
3333 value = stack_pop (ctx);
3334 if (!stack_slot_is_managed_pointer (value)) {
3335 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Load indirect not using a manager pointer at 0x%04x", ctx->ip_offset));
3336 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3340 if (opcode == CEE_LDIND_REF) {
3341 if (stack_slot_get_underlying_type (value) != TYPE_COMPLEX || mono_class_from_mono_type (value->type)->valuetype)
3342 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind_ref expected object byref operation at 0x%04x", ctx->ip_offset));
3343 set_stack_value (ctx, stack_push (ctx), mono_type_get_type_byval (value->type), FALSE);
3345 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (value->type), TRUE))
3346 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3347 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3352 do_store_indirect (VerifyContext *ctx, int opcode)
3354 ILStackDesc *addr, *val;
3355 if (!check_underflow (ctx, 2))
3358 val = stack_pop (ctx);
3359 addr = stack_pop (ctx);
3361 check_unmanaged_pointer (ctx, addr);
3363 if (!stack_slot_is_managed_pointer (addr) && stack_slot_get_type (addr) != TYPE_PTR) {
3364 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid non-pointer argument to stind at 0x%04x", ctx->ip_offset));
3368 if (stack_slot_is_managed_mutability_pointer (addr)) {
3369 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer with stind at 0x%04x", ctx->ip_offset));
3373 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (addr->type), TRUE))
3374 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid addr type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3376 if (!verify_stack_type_compatibility (ctx, mono_type_from_opcode (opcode), val))
3377 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3381 do_newarr (VerifyContext *ctx, int token)
3384 MonoType *type = get_boxable_mono_type (ctx, token, "newarr");
3389 if (!check_underflow (ctx, 1))
3392 value = stack_pop (ctx);
3393 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3394 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Array size type on stack (%s) is not a verifiable type at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3396 set_stack_value (ctx, stack_push (ctx), mono_class_get_type (mono_array_class_get (mono_class_from_mono_type (type), 1)), FALSE);
3399 /*FIXME handle arrays that are not 0-indexed*/
3401 do_ldlen (VerifyContext *ctx)
3405 if (!check_underflow (ctx, 1))
3408 value = stack_pop (ctx);
3410 if (stack_slot_get_type (value) != TYPE_COMPLEX || value->type->type != MONO_TYPE_SZARRAY)
3411 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type for ldlen at 0x%04x", ctx->ip_offset));
3413 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
3416 /*FIXME handle arrays that are not 0-indexed*/
3417 /*FIXME handle readonly prefix and CMMP*/
3419 do_ldelema (VerifyContext *ctx, int klass_token)
3421 ILStackDesc *index, *array, *res;
3422 MonoType *type = get_boxable_mono_type (ctx, klass_token, "ldelema");
3428 if (!check_underflow (ctx, 2))
3431 index = stack_pop (ctx);
3432 array = stack_pop (ctx);
3434 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3435 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelema is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3437 if (!stack_slot_is_null_literal (array)) {
3438 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3439 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelema at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3441 if (get_stack_type (type) == TYPE_I4 || get_stack_type (type) == TYPE_NATIVE_INT) {
3442 valid = verify_type_compatibility_full (ctx, type, &array->type->data.klass->byval_arg, TRUE);
3444 valid = mono_metadata_type_equal (type, &array->type->data.klass->byval_arg);
3447 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelema at 0x%04x", ctx->ip_offset));
3451 res = stack_push (ctx);
3452 set_stack_value (ctx, res, type, TRUE);
3453 if (ctx->prefix_set & PREFIX_READONLY) {
3454 ctx->prefix_set &= ~PREFIX_READONLY;
3455 res->stype |= CMMP_MASK;
3460 * FIXME handle arrays that are not 0-indexed
3461 * FIXME handle readonly prefix and CMMP
3464 do_ldelem (VerifyContext *ctx, int opcode, int token)
3466 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
3467 ILStackDesc *index, *array;
3469 if (!check_underflow (ctx, 2))
3472 if (opcode == CEE_LDELEM_ANY) {
3473 if (!(type = verifier_load_type (ctx, token, "ldelem.any"))) {
3474 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3478 type = mono_type_from_opcode (opcode);
3481 index = stack_pop (ctx);
3482 array = stack_pop (ctx);
3484 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3485 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3487 if (!stack_slot_is_null_literal (array)) {
3488 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3489 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3491 if (opcode == CEE_LDELEM_REF) {
3492 if (array->type->data.klass->valuetype)
3493 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for ldelem.ref 0x%04x", ctx->ip_offset));
3494 type = &array->type->data.klass->byval_arg;
3496 MonoType *candidate = &array->type->data.klass->byval_arg;
3497 if (IS_STRICT_MODE (ctx)) {
3498 MonoType *underlying_type = mono_type_get_underlying_type_any (type);
3499 MonoType *underlying_candidate = mono_type_get_underlying_type_any (candidate);
3500 if ((IS_ONE_OF2 (underlying_type->type, MONO_TYPE_I4, MONO_TYPE_U4) && IS_ONE_OF2 (underlying_candidate->type, MONO_TYPE_I, MONO_TYPE_U)) ||
3501 (IS_ONE_OF2 (underlying_candidate->type, MONO_TYPE_I4, MONO_TYPE_U4) && IS_ONE_OF2 (underlying_type->type, MONO_TYPE_I, MONO_TYPE_U)))
3502 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx->ip_offset));
3504 if (!verify_type_compatibility_full (ctx, type, candidate, TRUE))
3505 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx->ip_offset));
3510 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3515 * FIXME handle arrays that are not 0-indexed
3518 do_stelem (VerifyContext *ctx, int opcode, int token)
3520 ILStackDesc *index, *array, *value;
3522 if (!check_underflow (ctx, 3))
3525 if (opcode == CEE_STELEM_ANY) {
3526 if (!(type = verifier_load_type (ctx, token, "stelem.any"))) {
3527 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3531 type = mono_type_from_opcode (opcode);
3534 value = stack_pop (ctx);
3535 index = stack_pop (ctx);
3536 array = stack_pop (ctx);
3538 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3539 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for stdelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3541 if (!stack_slot_is_null_literal (array)) {
3542 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY) {
3543 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for stelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3545 if (opcode == CEE_STELEM_REF) {
3546 if (array->type->data.klass->valuetype)
3547 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3548 } else if (!verify_type_compatibility_full (ctx, &array->type->data.klass->byval_arg, type, TRUE)) {
3549 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3554 if (opcode == CEE_STELEM_REF) {
3555 if (!stack_slot_is_boxed_value (value) && mono_class_from_mono_type (value->type)->valuetype)
3556 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3557 } else if (opcode != CEE_STELEM_REF && !verify_type_compatibility_full (ctx, type, mono_type_from_stack_slot (value), FALSE)) {
3558 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3563 do_throw (VerifyContext *ctx)
3565 ILStackDesc *exception;
3566 if (!check_underflow (ctx, 1))
3568 exception = stack_pop (ctx);
3570 if (!stack_slot_is_null_literal (exception) && !(stack_slot_get_type (exception) == TYPE_COMPLEX && !mono_class_from_mono_type (exception->type)->valuetype))
3571 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type on stack for throw, expected reference type at 0x%04x", ctx->ip_offset));
3573 /*The stack is left empty after a throw*/
3579 do_endfilter (VerifyContext *ctx)
3581 MonoExceptionClause *clause;
3583 if (IS_STRICT_MODE (ctx)) {
3584 if (ctx->eval.size != 1)
3585 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack size must have one item for endfilter at 0x%04x", ctx->ip_offset));
3587 if (ctx->eval.size >= 1 && stack_slot_get_type (stack_pop (ctx)) != TYPE_I4)
3588 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack item type is not an int32 for endfilter at 0x%04x", ctx->ip_offset));
3591 if ((clause = is_correct_endfilter (ctx, ctx->ip_offset))) {
3592 if (IS_STRICT_MODE (ctx)) {
3593 if (ctx->ip_offset != clause->handler_offset - 2)
3594 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3596 if ((ctx->ip_offset != clause->handler_offset - 2) && !MONO_OFFSET_IN_HANDLER (clause, ctx->ip_offset))
3597 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3600 if (IS_STRICT_MODE (ctx) && !is_unverifiable_endfilter (ctx, ctx->ip_offset))
3601 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3603 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3610 do_leave (VerifyContext *ctx, int delta)
3612 int target = ((gint32)ctx->ip_offset) + delta;
3613 if (target >= ctx->code_size || target < 0)
3614 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
3616 if (!is_correct_leave (ctx->header, ctx->ip_offset, target))
3617 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Leave not allowed in finally block at 0x%04x", ctx->ip_offset));
3623 * Verify br and br.s opcodes.
3626 do_static_branch (VerifyContext *ctx, int delta)
3628 int target = ctx->ip_offset + delta;
3629 if (target < 0 || target >= ctx->code_size) {
3630 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("branch target out of code at 0x%04x", ctx->ip_offset));
3634 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3636 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3639 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3643 ctx->target = target;
3647 do_switch (VerifyContext *ctx, int count, const unsigned char *data)
3649 int i, base = ctx->ip_offset + 5 + count * 4;
3652 if (!check_underflow (ctx, 1))
3655 value = stack_pop (ctx);
3657 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3658 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to switch at 0x%04x", ctx->ip_offset));
3660 for (i = 0; i < count; ++i) {
3661 int target = base + read32 (data + i * 4);
3663 if (target < 0 || target >= ctx->code_size)
3664 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x out of code at 0x%04x", i, ctx->ip_offset));
3666 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3668 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3671 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3674 merge_stacks (ctx, &ctx->eval, &ctx->code [target], FALSE, TRUE);
3679 do_load_function_ptr (VerifyContext *ctx, guint32 token, gboolean virtual)
3684 if (virtual && !check_underflow (ctx, 1))
3687 if (!virtual && !check_overflow (ctx))
3690 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3691 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid token %x for ldftn at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3695 if (!(method = verifier_load_method (ctx, token, virtual ? "ldvirtfrn" : "ldftn")))
3698 if (mono_method_is_constructor (method))
3699 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldftn with a constructor at 0x%04x", ctx->ip_offset));
3702 ILStackDesc *top = stack_pop (ctx);
3704 if (stack_slot_get_type (top) != TYPE_COMPLEX || top->type->type == MONO_TYPE_VALUETYPE)
3705 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to ldvirtftn at 0x%04x", ctx->ip_offset));
3707 if (method->flags & METHOD_ATTRIBUTE_STATIC)
3708 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldvirtftn with a constructor at 0x%04x", ctx->ip_offset));
3710 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, top->type))
3711 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unexpected object for ldvirtftn at 0x%04x", ctx->ip_offset));
3714 if (!mono_method_can_access_method (ctx->method, method))
3715 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Loaded method is not visible for ldftn/ldvirtftn at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
3717 top = stack_push_val(ctx, TYPE_PTR, mono_type_create_fnptr_from_mono_method (ctx, method));
3718 top->method = method;
3722 do_sizeof (VerifyContext *ctx, int token)
3726 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3727 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid type token %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3731 if (!(type = verifier_load_type (ctx, token, "sizeof")))
3734 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
3735 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type at 0x%04x", ctx->ip_offset));
3739 if (type->type == MONO_TYPE_VOID) {
3740 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type at 0x%04x", ctx->ip_offset));
3744 if (check_overflow (ctx))
3745 set_stack_value (ctx, stack_push (ctx), &mono_defaults.uint32_class->byval_arg, FALSE);
3748 /* Stack top can be of any type, the runtime doesn't care and treat everything as an int. */
3750 do_localloc (VerifyContext *ctx)
3752 if (ctx->eval.size != 1) {
3753 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3757 if (in_any_exception_block (ctx->header, ctx->ip_offset)) {
3758 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3762 set_stack_value (ctx, stack_top (ctx), &mono_defaults.int_class->byval_arg, FALSE);
3763 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Instruction localloc in never verifiable at 0x%04x", ctx->ip_offset));
3767 do_ldstr (VerifyContext *ctx, guint32 token)
3769 if (mono_metadata_token_code (token) != MONO_TOKEN_STRING) {
3770 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string token %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3774 if (mono_metadata_token_index (token) >= ctx->image->heap_us.size) {
3775 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string index %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3779 if (check_overflow (ctx))
3780 stack_push_val (ctx, TYPE_COMPLEX, &mono_defaults.string_class->byval_arg);
3784 do_refanyval (VerifyContext *ctx, int token)
3788 if (!check_underflow (ctx, 1))
3791 if (!(type = get_boxable_mono_type (ctx, token, "refanyval")))
3794 top = stack_pop (ctx);
3796 if (top->stype != TYPE_PTR || top->type->type != MONO_TYPE_TYPEDBYREF)
3797 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Expected a typedref as argument for refanyval, but found %s at 0x%04x", stack_slot_get_name (top), ctx->ip_offset));
3799 set_stack_value (ctx, stack_push (ctx), type, TRUE);
3803 do_refanytype (VerifyContext *ctx)
3807 if (!check_underflow (ctx, 1))
3810 top = stack_pop (ctx);
3812 if (top->stype != TYPE_PTR || top->type->type != MONO_TYPE_TYPEDBYREF)
3813 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Expected a typedref as argument for refanytype, but found %s at 0x%04x", stack_slot_get_name (top), ctx->ip_offset));
3815 set_stack_value (ctx, stack_push (ctx), &mono_defaults.typehandle_class->byval_arg, FALSE);
3820 do_mkrefany (VerifyContext *ctx, int token)
3824 if (!check_underflow (ctx, 1))
3827 if (!(type = get_boxable_mono_type (ctx, token, "refanyval")))
3830 top = stack_pop (ctx);
3832 if (stack_slot_is_managed_mutability_pointer (top))
3833 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly pointer with mkrefany at 0x%04x", ctx->ip_offset));
3835 if (!stack_slot_is_managed_pointer (top)) {
3836 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Expected a managed pointer for mkrefany, but found %s at 0x%04x", stack_slot_get_name (top), ctx->ip_offset));
3838 MonoType *stack_type = mono_type_get_type_byval (top->type);
3839 if (MONO_TYPE_IS_REFERENCE (type) && !mono_metadata_type_equal (type, stack_type))
3840 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx->ip_offset));
3842 if (!MONO_TYPE_IS_REFERENCE (type) && !verify_type_compatibility_full (ctx, type, stack_type, TRUE))
3843 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx->ip_offset));
3846 set_stack_value (ctx, stack_push (ctx), &mono_defaults.typed_reference_class->byval_arg, FALSE);
3851 * Merge the stacks and perform compat checks. The merge check if types of @from are mergeable with type of @to
3853 * @from holds new values for a given control path
3854 * @to holds the current values of a given control path
3856 * TODO we can eliminate the from argument as all callers pass &ctx->eval
3859 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external)
3862 stack_init (ctx, to);
3865 if (to->flags == IL_CODE_FLAG_NOT_PROCESSED)
3868 stack_copy (&ctx->eval, to);
3870 } else if (!(to->flags & IL_CODE_STACK_MERGED)) {
3871 stack_copy (to, &ctx->eval);
3874 VERIFIER_DEBUG ( printf ("performing stack merge %d x %d\n", from->size, to->size); );
3876 if (from->size != to->size) {
3877 VERIFIER_DEBUG ( printf ("different stack sizes %d x %d at 0x%04x\n", from->size, to->size, ctx->ip_offset); );
3878 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not merge stacks, different sizes (%d x %d) at 0x%04x", from->size, to->size, ctx->ip_offset));
3882 //FIXME we need to preserve CMMP attributes
3883 //FIXME we must take null literals into consideration.
3884 for (i = 0; i < from->size; ++i) {
3885 ILStackDesc *new_slot = from->stack + i;
3886 ILStackDesc *old_slot = to->stack + i;
3887 MonoType *new_type = mono_type_from_stack_slot (new_slot);
3888 MonoType *old_type = mono_type_from_stack_slot (old_slot);
3889 MonoClass *old_class = mono_class_from_mono_type (old_type);
3890 MonoClass *new_class = mono_class_from_mono_type (new_type);
3891 MonoClass *match_class = NULL;
3893 // S := T then U = S (new value is compatible with current value, keep current)
3894 if (verify_type_compatibility (ctx, old_type, new_type)) {
3895 copy_stack_value (new_slot, old_slot);
3899 // T := S then U = T (old value is compatible with current value, use new)
3900 if (verify_type_compatibility (ctx, new_type, old_type)) {
3901 copy_stack_value (old_slot, new_slot);
3905 //both are reference types, use closest common super type
3906 if (!mono_class_from_mono_type (old_type)->valuetype
3907 && !mono_class_from_mono_type (new_type)->valuetype
3908 && !stack_slot_is_managed_pointer (old_slot)
3909 && !stack_slot_is_managed_pointer (new_slot)) {
3911 for (j = MIN (old_class->idepth, new_class->idepth) - 1; j > 0; --j) {
3912 if (mono_metadata_type_equal (&old_class->supertypes [j]->byval_arg, &new_class->supertypes [j]->byval_arg)) {
3913 match_class = old_class->supertypes [j];
3918 for (j = 0; j < old_class->interface_count; ++j) {
3919 for (k = 0; k < new_class->interface_count; ++k) {
3920 if (mono_metadata_type_equal (&old_class->interfaces [j]->byval_arg, &new_class->interfaces [k]->byval_arg)) {
3921 match_class = old_class->interfaces [j];
3927 //No decent super type found, use object
3928 match_class = mono_defaults.object_class;
3930 } else if (is_compatible_boxed_valuetype (old_type, new_type, new_slot, FALSE) || is_compatible_boxed_valuetype (new_type, old_type, old_slot, FALSE)) {
3931 match_class = mono_defaults.object_class;
3935 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Could not merge stack at depth %d, types not compatible old [%s] new [%s] at 0x%04x", i, stack_slot_get_name (old_slot), stack_slot_get_name (new_slot), ctx->ip_offset));
3939 g_assert (match_class);
3940 set_stack_value (ctx, old_slot, &match_class->byval_arg, stack_slot_is_managed_pointer (old_slot));
3941 set_stack_value (ctx, new_slot, &match_class->byval_arg, stack_slot_is_managed_pointer (old_slot));
3947 to->flags |= IL_CODE_FLAG_WAS_TARGET;
3948 to->flags |= IL_CODE_STACK_MERGED;
3951 #define HANDLER_START(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER ? (clause)->data.filter_offset : clause->handler_offset)
3952 #define IS_CATCH_OR_FILTER(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER || (clause)->flags == MONO_EXCEPTION_CLAUSE_NONE)
3955 * is_clause_in_range :
3957 * Returns TRUE if either the protected block or the handler of @clause is in the @start - @end range.
3960 is_clause_in_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3962 if (clause->try_offset >= start && clause->try_offset < end)
3964 if (HANDLER_START (clause) >= start && HANDLER_START (clause) < end)
3970 * is_clause_inside_range :
3972 * Returns TRUE if @clause lies completely inside the @start - @end range.
3975 is_clause_inside_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3977 if (clause->try_offset < start || (clause->try_offset + clause->try_len) > end)
3979 if (HANDLER_START (clause) < start || (clause->handler_offset + clause->handler_len) > end)
3985 * is_clause_nested :
3987 * Returns TRUE if @nested is nested in @clause.
3990 is_clause_nested (MonoExceptionClause *clause, MonoExceptionClause *nested)
3992 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && is_clause_inside_range (nested, clause->data.filter_offset, clause->handler_offset))
3994 return is_clause_inside_range (nested, clause->try_offset, clause->try_offset + clause->try_len) ||
3995 is_clause_inside_range (nested, clause->handler_offset, clause->handler_offset + clause->handler_len);
3998 /* Test the relationship between 2 exception clauses. Follow P.1 12.4.2.7 of ECMA
3999 * the each pair of exception must have the following properties:
4000 * - one is fully nested on another (the outer must not be a filter clause) (the nested one must come earlier)
4001 * - completely disjoin (none of the 3 regions of each entry overlap with the other 3)
4002 * - mutual protection (protected block is EXACT the same, handlers are disjoin and all handler are catch or all handler are filter)
4005 verify_clause_relationship (VerifyContext *ctx, MonoExceptionClause *clause, MonoExceptionClause *to_test)
4007 /*clause is nested*/
4008 if (is_clause_nested (to_test, clause)) {
4009 if (to_test->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
4010 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clause inside filter"));
4015 /*wrong nesting order.*/
4016 if (is_clause_nested (clause, to_test)) {
4017 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Nested exception clause appears after enclosing clause"));
4021 /*mutual protection*/
4022 if (clause->try_offset == to_test->try_offset && clause->try_len == to_test->try_len) {
4023 /*handlers are not disjoint*/
4024 if (is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len)) {
4025 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception handlers overlap"));
4028 /* handlers are not catch or filter */
4029 if (!IS_CATCH_OR_FILTER (clause) || !IS_CATCH_OR_FILTER (to_test)) {
4030 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses with shared protected block are neither catch or filter"));
4037 /*not completelly disjoint*/
4038 if (is_clause_in_range (to_test, clause->try_offset, clause->try_offset + clause->try_len) ||
4039 is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len))
4040 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses overlap"));
4044 * FIXME: need to distinguish between valid and verifiable.
4045 * Need to keep track of types on the stack.
4046 * Verify types for opcodes.
4049 mono_method_verify (MonoMethod *method, int level)
4051 const unsigned char *ip;
4052 const unsigned char *end;
4053 int i, n, need_merge = 0, start = 0;
4054 guint token, ip_offset = 0, prefix = 0;
4055 MonoGenericContext *generic_context = NULL;
4060 VERIFIER_DEBUG ( printf ("Verify IL for method %s %s %s\n", method->klass->name_space, method->klass->name, method->name); );
4062 if (method->iflags & (METHOD_IMPL_ATTRIBUTE_INTERNAL_CALL | METHOD_IMPL_ATTRIBUTE_RUNTIME) ||
4063 (method->flags & (METHOD_ATTRIBUTE_PINVOKE_IMPL | METHOD_ATTRIBUTE_ABSTRACT))) {
4067 memset (&ctx, 0, sizeof (VerifyContext));
4069 //FIXME use mono_method_get_signature_full
4070 ctx.signature = mono_method_signature (method);
4071 if (!ctx.signature) {
4072 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method signature"));
4075 ctx.header = mono_method_get_header (method);
4077 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method header"));
4080 ctx.method = method;
4081 ip = ctx.header->code;
4082 end = ip + ctx.header->code_size;
4083 ctx.image = image = method->klass->image;
4086 ctx.max_args = ctx.signature->param_count + ctx.signature->hasthis;
4087 ctx.max_stack = ctx.header->max_stack;
4088 ctx.verifiable = ctx.valid = 1;
4091 ctx.code = g_new0 (ILCodeDesc, ctx.header->code_size);
4092 ctx.code_size = ctx.header->code_size;
4094 memset(ctx.code, 0, sizeof (ILCodeDesc) * ctx.header->code_size);
4097 ctx.num_locals = ctx.header->num_locals;
4098 ctx.locals = ctx.header->locals;
4100 if (ctx.num_locals > 0 && !ctx.header->init_locals)
4101 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Method with locals variable but without init locals set"));
4103 if (ctx.signature->hasthis) {
4104 ctx.params = g_new0 (MonoType*, ctx.max_args);
4105 ctx.params [0] = method->klass->valuetype ? &method->klass->this_arg : &method->klass->byval_arg;
4106 memcpy (ctx.params + 1, ctx.signature->params, sizeof (MonoType *) * ctx.signature->param_count);
4108 ctx.params = ctx.signature->params;
4111 if (ctx.signature->is_inflated)
4112 ctx.generic_context = generic_context = mono_method_get_context (method);
4114 if (!generic_context && (method->klass->generic_container || method->generic_container)) {
4115 if (method->generic_container)
4116 ctx.generic_context = generic_context = &method->generic_container->context;
4118 ctx.generic_context = generic_context = &method->klass->generic_container->context;
4121 stack_init (&ctx, &ctx.eval);
4123 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
4124 MonoExceptionClause *clause = ctx.header->clauses + i;
4125 VERIFIER_DEBUG (printf ("clause try %x len %x filter at %x handler at %x len %x\n", clause->try_offset, clause->try_len, clause->data.filter_offset, clause->handler_offset, clause->handler_len); );
4127 if (clause->try_offset > ctx.code_size)
4128 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
4130 if (clause->try_len <= 0)
4131 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
4133 if (clause->handler_offset > ctx.code_size)
4134 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
4136 if (clause->handler_len <= 0)
4137 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
4139 if (clause->try_offset < clause->handler_offset && clause->try_offset + clause->try_len > HANDLER_START (clause))
4140 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try block (at 0x%04x) includes handler block (at 0x%04x)", clause->try_offset, clause->handler_offset));
4142 for (n = i + 1; n < ctx.header->num_clauses && ctx.valid; ++n)
4143 verify_clause_relationship (&ctx, clause, ctx.header->clauses + n);
4148 ctx.code [clause->try_offset].flags |= IL_CODE_FLAG_WAS_TARGET;
4149 ctx.code [clause->try_offset + clause->try_len].flags |= IL_CODE_FLAG_WAS_TARGET;
4150 ctx.code [clause->handler_offset + clause->handler_len].flags |= IL_CODE_FLAG_WAS_TARGET;
4152 if (clause->flags == MONO_EXCEPTION_CLAUSE_NONE) {
4153 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, clause->data.catch_class);
4155 else if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
4156 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->data.filter_offset, mono_defaults.exception_class);
4157 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, mono_defaults.exception_class);
4161 while (ip < end && ctx.valid) {
4162 ctx.ip_offset = ip_offset = ip - ctx.header->code;
4164 /*We need to check against fallthrou in and out of protected blocks.
4165 * For fallout we check the once a protected block ends, if the start flag is not set.
4166 * Likewise for fallthru in, we check if ip is the start of a protected block and start is not set
4167 * TODO convert these checks to be done using flags and not this loop
4169 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
4170 MonoExceptionClause *clause = ctx.header->clauses + i;
4172 if ((clause->try_offset + clause->try_len == ip_offset) && start == 0) {
4173 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru off try block at 0x%04x", ip_offset));
4177 if ((clause->handler_offset + clause->handler_len == ip_offset) && start == 0) {
4178 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER)
4179 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
4181 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
4185 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && clause->handler_offset == ip_offset && start == 0) {
4186 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of filter block at 0x%04x", ip_offset));
4190 if (clause->handler_offset == ip_offset && start == 0) {
4191 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru handler block at 0x%04x", ip_offset));
4195 if (clause->try_offset == ip_offset && ctx.eval.size > 0) {
4196 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Try to enter try block with a non-empty stack at 0x%04x", ip_offset));
4205 VERIFIER_DEBUG ( printf ("extra merge needed! 0x%04x \n", ctx.target); );
4206 merge_stacks (&ctx, &ctx.eval, &ctx.code [ctx.target], FALSE, TRUE);
4209 merge_stacks (&ctx, &ctx.eval, &ctx.code[ip_offset], start, FALSE);
4212 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
4213 #ifdef MONO_VERIFIER_DEBUG
4216 discode = mono_disasm_code_one (NULL, method, ip, NULL);
4217 discode [strlen (discode) - 1] = 0; /* no \n */
4218 g_print ("[%d] %-29s (%d)\n", ip_offset, discode, ctx.eval.size);
4221 dump_stack_state (&ctx.code [ip_offset]);
4222 dump_stack_state (&ctx.eval);
4235 push_arg (&ctx, *ip - CEE_LDARG_0, FALSE);
4241 push_arg (&ctx, ip [1], *ip == CEE_LDARGA_S);
4245 case CEE_ADD_OVF_UN:
4246 do_binop (&ctx, *ip, add_ovf_un_table);
4250 case CEE_SUB_OVF_UN:
4251 do_binop (&ctx, *ip, sub_ovf_un_table);
4258 case CEE_MUL_OVF_UN:
4259 do_binop (&ctx, *ip, bin_ovf_table);
4264 do_binop (&ctx, *ip, add_table);
4269 do_binop (&ctx, *ip, sub_table);
4276 do_binop (&ctx, *ip, bin_op_table);
4285 do_binop (&ctx, *ip, int_bin_op_table);
4292 do_binop (&ctx, *ip, shift_op_table);
4297 if (!check_underflow (&ctx, 1))
4313 /*TODO support definite assignment verification? */
4314 push_local (&ctx, *ip - CEE_LDLOC_0, FALSE);
4322 store_local (&ctx, *ip - CEE_STLOC_0);
4327 store_local (&ctx, ip [1]);
4332 store_arg (&ctx, ip [1]);
4346 if (check_overflow (&ctx))
4347 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4352 if (check_overflow (&ctx))
4353 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4358 if (check_overflow (&ctx))
4359 stack_push_val (&ctx,TYPE_I4, &mono_defaults.int32_class->byval_arg);
4364 if (check_overflow (&ctx))
4365 stack_push_val (&ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
4370 if (check_overflow (&ctx))
4371 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4376 if (check_overflow (&ctx))
4377 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4382 if (check_overflow (&ctx))
4383 stack_push_val (&ctx, TYPE_COMPLEX | NULL_LITERAL_MASK, &mono_defaults.object_class->byval_arg);
4389 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_eq_op);
4402 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_op);
4409 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_eq_op);
4422 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_op);
4429 push_local (&ctx, ip[1], *ip == CEE_LDLOCA_S);
4433 /* FIXME: warn/error instead? */
4440 if (!check_underflow (&ctx, 1))
4442 if (!check_overflow (&ctx))
4444 top = stack_push (&ctx);
4445 copy_stack_value (top, stack_get (&ctx, 1));
4452 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Eval stack must be empty in jmp at 0x%04x", ip_offset));
4453 token = read32 (ip + 1);
4454 if (in_any_block (ctx.header, ip_offset))
4455 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("jmp cannot escape exception blocks at 0x%04x", ip_offset));
4457 * FIXME: check signature, retval, arguments etc.
4463 do_invoke_method (&ctx, read32 (ip + 1), *ip == CEE_CALLVIRT);
4468 token = read32 (ip + 1);
4470 * FIXME: check signature, retval, arguments etc.
4475 do_static_branch (&ctx, (signed char)ip [1] + 2);
4483 do_boolean_branch_op (&ctx, (signed char)ip [1] + 2);
4489 do_static_branch (&ctx, (gint32)read32 (ip + 1) + 5);
4497 do_boolean_branch_op (&ctx, (gint32)read32 (ip + 1) + 5);
4503 n = read32 (ip + 1);
4504 do_switch (&ctx, n, (ip + 5));
4506 ip += 5 + sizeof (guint32) * n;
4520 do_load_indirect (&ctx, *ip);
4532 do_store_indirect (&ctx, *ip);
4538 do_unary_math_op (&ctx, *ip);
4548 do_conversion (&ctx, TYPE_I4);
4554 do_conversion (&ctx, TYPE_I8);
4561 do_conversion (&ctx, TYPE_R8);
4567 do_conversion (&ctx, TYPE_NATIVE_INT);
4572 do_cpobj (&ctx, read32 (ip + 1));
4577 do_ldobj_value (&ctx, read32 (ip + 1));
4582 do_ldstr (&ctx, read32 (ip + 1));
4587 do_newobj (&ctx, read32 (ip + 1));
4593 do_cast (&ctx, read32 (ip + 1), *ip == CEE_CASTCLASS ? "castclass" : "isinst");
4599 ++ip; /* warn, error ? */
4602 do_unbox_value (&ctx, read32 (ip + 1));
4614 do_push_field (&ctx, read32 (ip + 1), *ip == CEE_LDFLDA);
4620 do_push_static_field (&ctx, read32 (ip + 1), *ip == CEE_LDSFLDA);
4625 do_store_field (&ctx, read32 (ip + 1));
4630 do_store_static_field (&ctx, read32 (ip + 1));
4635 do_stobj (&ctx, read32 (ip + 1));
4639 case CEE_CONV_OVF_I1_UN:
4640 case CEE_CONV_OVF_I2_UN:
4641 case CEE_CONV_OVF_I4_UN:
4642 case CEE_CONV_OVF_U1_UN:
4643 case CEE_CONV_OVF_U2_UN:
4644 case CEE_CONV_OVF_U4_UN:
4645 do_conversion (&ctx, TYPE_I4);
4649 case CEE_CONV_OVF_I8_UN:
4650 case CEE_CONV_OVF_U8_UN:
4651 do_conversion (&ctx, TYPE_I8);
4655 case CEE_CONV_OVF_I_UN:
4656 case CEE_CONV_OVF_U_UN:
4657 do_conversion (&ctx, TYPE_NATIVE_INT);
4662 do_box_value (&ctx, read32 (ip + 1));
4667 do_newarr (&ctx, read32 (ip + 1));
4677 do_ldelema (&ctx, read32 (ip + 1));
4691 case CEE_LDELEM_REF:
4692 do_ldelem (&ctx, *ip, 0);
4703 case CEE_STELEM_REF:
4704 do_stelem (&ctx, *ip, 0);
4708 case CEE_LDELEM_ANY:
4709 do_ldelem (&ctx, *ip, read32 (ip + 1));
4713 case CEE_STELEM_ANY:
4714 do_stelem (&ctx, *ip, read32 (ip + 1));
4719 do_unbox_any (&ctx, read32 (ip + 1));
4736 ++ip; /* warn, error ? */
4739 case CEE_CONV_OVF_I1:
4740 case CEE_CONV_OVF_U1:
4741 case CEE_CONV_OVF_I2:
4742 case CEE_CONV_OVF_U2:
4743 case CEE_CONV_OVF_I4:
4744 case CEE_CONV_OVF_U4:
4745 do_conversion (&ctx, TYPE_I4);
4749 case CEE_CONV_OVF_I8:
4750 case CEE_CONV_OVF_U8:
4751 do_conversion (&ctx, TYPE_I8);
4755 case CEE_CONV_OVF_I:
4756 case CEE_CONV_OVF_U:
4757 do_conversion (&ctx, TYPE_NATIVE_INT);
4768 ++ip; /* warn, error ? */
4771 do_refanyval (&ctx, read32 (ip + 1));
4775 if (!check_underflow (&ctx, 1))
4781 ++ip; /* warn, error ? */
4785 do_mkrefany (&ctx, read32 (ip + 1));
4798 ++ip; /* warn, error ? */
4801 do_load_token (&ctx, read32 (ip + 1));
4805 case CEE_ENDFINALLY:
4806 if (!is_correct_endfinally (ctx.header, ip_offset))
4807 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("endfinally must be used inside a finally/fault handler at 0x%04x", ctx.ip_offset));
4814 do_leave (&ctx, read32 (ip + 1) + 5);
4820 do_leave (&ctx, (signed char)ip [1] + 2);
4863 store_local (&ctx, read16 (ip + 1));
4868 do_cmp_op (&ctx, cmp_br_eq_op, *ip);
4876 do_cmp_op (&ctx, cmp_br_op, *ip);
4881 store_arg (&ctx, read16 (ip + 1) );
4887 check_overflow (&ctx);
4888 if (ctx.signature->call_convention != MONO_CALL_VARARG)
4889 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Cannot use arglist on method without VARGARG calling convention at 0x%04x", ctx.ip_offset));
4890 set_stack_value (&ctx, stack_push (&ctx), &mono_defaults.argumenthandle_class->byval_arg, FALSE);
4895 do_load_function_ptr (&ctx, read32 (ip + 1), FALSE);
4900 do_load_function_ptr (&ctx, read32 (ip + 1), TRUE);
4910 push_arg (&ctx, read16 (ip + 1), *ip == CEE_LDARGA);
4916 push_local (&ctx, read16 (ip + 1), *ip == CEE_LDLOCA);
4929 do_endfilter (&ctx);
4933 case CEE_UNALIGNED_:
4934 prefix |= PREFIX_UNALIGNED;
4938 prefix |= PREFIX_VOLATILE;
4942 prefix |= PREFIX_TAIL;
4944 if (ip < end && (*ip != CEE_CALL && *ip != CEE_CALLI && *ip != CEE_CALLVIRT))
4945 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("tail prefix must be used only with call opcodes at 0x%04x", ip_offset));
4949 do_initobj (&ctx, read32 (ip + 1));
4953 case CEE_CONSTRAINED_:
4954 ctx.constrained_type = get_boxable_mono_type (&ctx, read32 (ip + 1), "constrained.");
4955 prefix |= PREFIX_CONSTRAINED;
4960 prefix |= PREFIX_READONLY;
4965 if (!check_underflow (&ctx, 3))
4970 if (!check_underflow (&ctx, 3))
4978 if (!is_correct_rethrow (ctx.header, ip_offset))
4979 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("rethrow must be used inside a catch handler at 0x%04x", ctx.ip_offset));
4988 do_sizeof (&ctx, read32 (ip + 1));
4992 case CEE_REFANYTYPE:
4993 do_refanytype (&ctx);
5006 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
5008 if (!ctx.prefix_set) //first prefix
5009 ctx.code [ctx.ip_offset].flags |= IL_CODE_FLAG_SEEN;
5010 ctx.prefix_set |= prefix;
5013 ctx.code [ctx.ip_offset].flags |= IL_CODE_FLAG_SEEN;
5014 if (ctx.prefix_set & PREFIX_CONSTRAINED)
5015 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid instruction after constrained prefix at 0x%04x", ctx.ip_offset));
5016 if (ctx.prefix_set & PREFIX_READONLY)
5017 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid instruction after readonly prefix at 0x%04x", ctx.ip_offset));
5018 ctx.prefix_set = prefix = 0;
5022 * if ip != end we overflowed: mark as error.
5024 if ((ip != end || !start) && ctx.verifiable && !ctx.list) {
5025 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Run ahead of method code at 0x%04x", ip_offset));
5028 /*We should guard against the last decoded opcode, otherwise we might add errors that doesn't make sense.*/
5029 for (i = 0; i < ctx.code_size && i < ip_offset; ++i) {
5030 if (ctx.code [i].flags & IL_CODE_FLAG_WAS_TARGET) {
5031 if (!(ctx.code [i].flags & IL_CODE_FLAG_SEEN))
5032 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Branch or exception block target middle of intruction at 0x%04x", i));
5034 if (ctx.code [i].flags & IL_CODE_DELEGATE_SEQUENCE)
5035 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Branch to delegate code sequence at 0x%04x", i));
5037 if ((ctx.code [i].flags & IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL) && ctx.has_this_store)
5038 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", i));
5040 if ((ctx.code [i].flags & IL_CODE_CALL_NONFINAL_VIRTUAL) && ctx.has_this_store)
5041 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid call to a non-final virtual function in method with stdarg.0 or ldarga.0 at 0x%04x", i));
5045 for (i = 0; i < ctx.header->code_size; ++i) {
5046 if (ctx.code [i].stack)
5047 g_free (ctx.code [i].stack);
5051 for (tmp = ctx.funptrs; tmp; tmp = tmp->next)
5053 g_slist_free (ctx.funptrs);
5056 g_free (ctx.eval.stack);
5059 if (ctx.signature->hasthis)
5060 g_free (ctx.params);
5066 mono_verify_corlib ()
5068 /* This is a public API function so cannot be removed */
projects / mono.git / blob