2 #include <mono/metadata/object-internals.h>
3 #include <mono/metadata/verify.h>
4 #include <mono/metadata/opcodes.h>
5 #include <mono/metadata/tabledefs.h>
6 #include <mono/metadata/reflection.h>
7 #include <mono/metadata/debug-helpers.h>
8 #include <mono/metadata/mono-endian.h>
9 #include <mono/metadata/metadata.h>
10 #include <mono/metadata/metadata-internals.h>
11 #include <mono/metadata/class-internals.h>
12 #include <mono/metadata/tokentype.h>
19 * Pull the list of opcodes
21 #define OPDEF(a,b,c,d,e,f,g,h,i,j) \
25 #include "mono/cil/opcode.def"
30 #ifdef MONO_VERIFIER_DEBUG
31 #define VERIFIER_DEBUG(code) do { code } while (0)
33 #define VERIFIER_DEBUG(code)
36 //////////////////////////////////////////////////////////////////
37 #define IS_STRICT_MODE(ctx) (((ctx)->level & MONO_VERIFY_NON_STRICT) == 0)
38 #define IS_FAIL_FAST_MODE(ctx) (((ctx)->level & MONO_VERIFY_FAIL_FAST) == MONO_VERIFY_FAIL_FAST)
39 #define IS_SKIP_VISIBILITY(ctx) (((ctx)->level & MONO_VERIFY_SKIP_VISIBILITY) == MONO_VERIFY_SKIP_VISIBILITY)
41 #define ADD_VERIFY_INFO(__ctx, __msg, __status, __exception) \
43 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
44 vinfo->info.status = __status; \
45 vinfo->info.message = ( __msg ); \
46 vinfo->exception_type = (__exception); \
47 (__ctx)->list = g_slist_prepend ((__ctx)->list, vinfo); \
50 #define ADD_VERIFY_ERROR(__ctx, __msg) \
52 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, MONO_EXCEPTION_INVALID_PROGRAM); \
56 #define CODE_NOT_VERIFIABLE(__ctx, __msg) \
58 if ((__ctx)->verifiable) { \
59 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, MONO_EXCEPTION_UNVERIFIABLE_IL); \
60 (__ctx)->verifiable = 0; \
61 if (IS_FAIL_FAST_MODE (__ctx)) \
66 #define ADD_VERIFY_ERROR2(__ctx, __msg, __exception) \
68 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR, __exception); \
72 #define CODE_NOT_VERIFIABLE2(__ctx, __msg, __exception) \
74 if ((__ctx)->verifiable) { \
75 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE, __exception); \
76 (__ctx)->verifiable = 0; \
77 if (IS_FAIL_FAST_MODE (__ctx)) \
81 /*Flags to be used with ILCodeDesc::flags */
83 /*Instruction has not been processed.*/
84 IL_CODE_FLAG_NOT_PROCESSED = 0,
85 /*Instruction was decoded by mono_method_verify loop.*/
86 IL_CODE_FLAG_SEEN = 1,
87 /*Instruction was target of a branch or is at a protected block boundary.*/
88 IL_CODE_FLAG_WAS_TARGET = 2,
89 /*Used by stack_init to avoid double initialize each entry.*/
90 IL_CODE_FLAG_STACK_INITED = 4,
91 /*Used by merge_stacks to decide if it should just copy the eval stack.*/
92 IL_CODE_STACK_MERGED = 8,
93 /*This instruction is part of the delegate construction sequence, it cannot be target of a branch.*/
94 IL_CODE_DELEGATE_SEQUENCE = 0x10,
95 /*This is a delegate created from a ldftn to a non final virtual method*/
96 IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL = 0x20,
97 /*This is a call to a non final virtual method*/
98 IL_CODE_CALL_NONFINAL_VIRTUAL = 0x40,
127 /*Allocated fnptr MonoType that should be freed by us.*/
133 /*TODO get rid of target here, need_merge in mono_method_verify and hoist the merging code in the branching code*/
137 MonoMethodSignature *signature;
138 MonoMethodHeader *header;
140 MonoGenericContext *generic_context;
144 /*This flag helps solving a corner case of delegate verification in that you cannot have a "starg 0"
145 *on a method that creates a delegate for a non-final virtual method using ldftn*/
146 gboolean has_this_store;
150 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external);
153 get_stack_type (MonoType *type);
155 //////////////////////////////////////////////////////////////////
160 TYPE_INV = 0, /* leave at 0. */
165 /* Used by operator tables to resolve pointer types (managed & unmanaged) and by unmanaged pointer types*/
167 /* value types and classes */
169 /* Number of types, used to define the size of the tables*/
172 /* Used by tables to signal that a result is not verifiable*/
173 NON_VERIFIABLE_RESULT = 0x80,
175 /*Mask used to extract just the type, excluding flags */
178 /* The stack type is a managed pointer, unmask the value to res */
179 POINTER_MASK = 0x100,
181 /*Stack type with the pointer mask*/
182 RAW_TYPE_MASK = 0x10F,
184 /* Controlled Mutability Manager Pointer */
187 /* The stack type is a null literal*/
188 NULL_LITERAL_MASK = 0x400,
190 /**Used by ldarg.0 and family to let delegate verification happens.*/
191 THIS_POINTER_MASK = 0x800,
193 /**Signals that this is a boxed value type*/
198 static const char* const
199 type_names [TYPE_MAX + 1] = {
210 PREFIX_UNALIGNED = 1,
213 PREFIX_ADDR_MASK = 3,
216 //////////////////////////////////////////////////////////////////
219 /*Token validation macros and functions */
220 #define IS_MEMBER_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_MEMBERREF)
221 #define IS_METHOD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_METHOD)
222 #define IS_METHOD_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_METHODSPEC)
223 #define IS_FIELD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_FIELD)
225 #define IS_TYPE_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEREF)
226 #define IS_TYPE_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEDEF)
227 #define IS_TYPE_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPESPEC)
228 #define IS_METHOD_DEF_OR_REF_OR_SPEC(token) (IS_METHOD_DEF (token) || IS_MEMBER_REF (token) || IS_METHOD_SPEC (token))
229 #define IS_TYPE_DEF_OR_REF_OR_SPEC(token) (IS_TYPE_DEF (token) || IS_TYPE_REF (token) || IS_TYPE_SPEC (token))
230 #define IS_FIELD_DEF_OR_REF(token) (IS_FIELD_DEF (token) || IS_MEMBER_REF (token))
233 * Verify if @token refers to a valid row on int's table.
236 token_bounds_check (MonoImage *image, guint32 token)
238 return image->tables [mono_metadata_token_table (token)].rows >= mono_metadata_token_index (token);
242 mono_type_create_fnptr_from_mono_method (VerifyContext *ctx, MonoMethod *method)
244 MonoType *res = g_new0 (MonoType, 1);
245 //FIXME use mono_method_get_signature_full
246 res->data.method = mono_method_signature (method);
247 res->type = MONO_TYPE_FNPTR;
248 ctx->funptrs = g_slist_prepend (ctx->funptrs, res);
253 * mono_type_is_enum_type:
255 * Returns TRUE if @type is an enum type.
258 mono_type_is_enum_type (MonoType *type)
260 if (type->type == MONO_TYPE_VALUETYPE && type->data.klass->enumtype)
262 if (type->type == MONO_TYPE_GENERICINST && type->data.generic_class->container_class->enumtype)
268 * mono_type_get_underlying_type_any:
270 * This functions is just like mono_type_get_underlying_type but it doesn't care if the type is byref.
272 * Returns the underlying type of @type regardless if it is byref or not.
275 mono_type_get_underlying_type_any (MonoType *type)
277 if (type->type == MONO_TYPE_VALUETYPE && type->data.klass->enumtype)
278 return type->data.klass->enum_basetype;
279 if (type->type == MONO_TYPE_GENERICINST && type->data.generic_class->container_class->enumtype)
280 return type->data.generic_class->container_class->enum_basetype;
285 mono_type_get_stack_name (MonoType *type)
287 return type_names [get_stack_type (type) & TYPE_MASK];
290 #define CTOR_REQUIRED_FLAGS (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_RT_SPECIAL_NAME)
291 #define CTOR_INVALID_FLAGS (METHOD_ATTRIBUTE_STATIC)
294 mono_method_is_constructor (MonoMethod *method)
296 return ((method->flags & CTOR_REQUIRED_FLAGS) == CTOR_REQUIRED_FLAGS &&
297 !(method->flags & CTOR_INVALID_FLAGS) &&
298 !strcmp (".ctor", method->name));
302 static MonoClassField*
303 verifier_load_field (VerifyContext *ctx, int token, MonoClass **klass, const char *opcode) {
304 MonoClassField *field;
306 if (!IS_FIELD_DEF_OR_REF (token) || !token_bounds_check (ctx->image, token)) {
307 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid field token 0x%x08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
311 field = mono_field_from_token (ctx->image, token, klass, ctx->generic_context);
313 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load field from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
321 verifier_load_method (VerifyContext *ctx, int token, const char *opcode) {
324 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
325 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid field token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
329 method = mono_get_method_full (ctx->image, token, NULL, ctx->generic_context);
332 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load method from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
340 verifier_load_type (VerifyContext *ctx, int token, const char *opcode) {
343 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
344 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid type token 0x%08x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
348 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
351 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load type from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
358 /* stack_slot_get_type:
360 * Returns the stack type of @value. This value includes POINTER_MASK.
362 * Use this function to checks that account for a managed pointer.
365 stack_slot_get_type (ILStackDesc *value)
367 return value->stype & RAW_TYPE_MASK;
370 /* stack_slot_get_underlying_type:
372 * Returns the stack type of @value. This value does not include POINTER_MASK.
374 * Use this function is cases where the fact that the value could be a managed pointer is
375 * irrelevant. For example, field load doesn't care about this fact of type on stack.
378 stack_slot_get_underlying_type (ILStackDesc *value)
380 return value->stype & TYPE_MASK;
383 /* stack_slot_is_managed_pointer:
385 * Returns TRUE is @value is a managed pointer.
388 stack_slot_is_managed_pointer (ILStackDesc *value)
390 return (value->stype & POINTER_MASK) == POINTER_MASK;
393 /* stack_slot_is_managed_mutability_pointer:
395 * Returns TRUE is @value is a managed mutability pointer.
398 stack_slot_is_managed_mutability_pointer (ILStackDesc *value)
400 return (value->stype & CMMP_MASK) == CMMP_MASK;
403 /* stack_slot_is_null_literal:
405 * Returns TRUE is @value is the null literal.
408 stack_slot_is_null_literal (ILStackDesc *value)
410 return (value->stype & NULL_LITERAL_MASK) == NULL_LITERAL_MASK;
414 /* stack_slot_is_this_pointer:
416 * Returns TRUE is @value is the this literal
419 stack_slot_is_this_pointer (ILStackDesc *value)
421 return (value->stype & THIS_POINTER_MASK) == THIS_POINTER_MASK;
424 /* stack_slot_is_boxed_value:
426 * Returns TRUE is @value is a boxed value
429 stack_slot_is_boxed_value (ILStackDesc *value)
431 return (value->stype & BOXED_MASK) == BOXED_MASK;
435 stack_slot_get_name (ILStackDesc *value)
437 return type_names [value->stype & TYPE_MASK];
439 //////////////////////////////////////////////////////////////////
441 mono_free_verify_list (GSList *list)
443 MonoVerifyInfoExtended *info;
446 for (tmp = list; tmp; tmp = tmp->next) {
448 g_free (info->info.message);
454 #define ADD_ERROR(list,msg) \
456 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
457 vinfo->info.status = MONO_VERIFY_ERROR; \
458 vinfo->info.message = (msg); \
459 (list) = g_slist_prepend ((list), vinfo); \
462 #define ADD_WARN(list,code,msg) \
464 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
465 vinfo->info.status = (code); \
466 vinfo->info.message = (msg); \
467 (list) = g_slist_prepend ((list), vinfo); \
471 valid_cultures[][9] = {
472 "ar-SA", "ar-IQ", "ar-EG", "ar-LY",
473 "ar-DZ", "ar-MA", "ar-TN", "ar-OM",
474 "ar-YE", "ar-SY", "ar-JO", "ar-LB",
475 "ar-KW", "ar-AE", "ar-BH", "ar-QA",
476 "bg-BG", "ca-ES", "zh-TW", "zh-CN",
477 "zh-HK", "zh-SG", "zh-MO", "cs-CZ",
478 "da-DK", "de-DE", "de-CH", "de-AT",
479 "de-LU", "de-LI", "el-GR", "en-US",
480 "en-GB", "en-AU", "en-CA", "en-NZ",
481 "en-IE", "en-ZA", "en-JM", "en-CB",
482 "en-BZ", "en-TT", "en-ZW", "en-PH",
483 "es-ES-Ts", "es-MX", "es-ES-Is", "es-GT",
484 "es-CR", "es-PA", "es-DO", "es-VE",
485 "es-CO", "es-PE", "es-AR", "es-EC",
486 "es-CL", "es-UY", "es-PY", "es-BO",
487 "es-SV", "es-HN", "es-NI", "es-PR",
488 "Fi-FI", "fr-FR", "fr-BE", "fr-CA",
489 "Fr-CH", "fr-LU", "fr-MC", "he-IL",
490 "hu-HU", "is-IS", "it-IT", "it-CH",
491 "Ja-JP", "ko-KR", "nl-NL", "nl-BE",
492 "nb-NO", "nn-NO", "pl-PL", "pt-BR",
493 "pt-PT", "ro-RO", "ru-RU", "hr-HR",
494 "Lt-sr-SP", "Cy-sr-SP", "sk-SK", "sq-AL",
495 "sv-SE", "sv-FI", "th-TH", "tr-TR",
496 "ur-PK", "id-ID", "uk-UA", "be-BY",
497 "sl-SI", "et-EE", "lv-LV", "lt-LT",
498 "fa-IR", "vi-VN", "hy-AM", "Lt-az-AZ",
500 "eu-ES", "mk-MK", "af-ZA",
501 "ka-GE", "fo-FO", "hi-IN", "ms-MY",
502 "ms-BN", "kk-KZ", "ky-KZ", "sw-KE",
503 "Lt-uz-UZ", "Cy-uz-UZ", "tt-TA", "pa-IN",
504 "gu-IN", "ta-IN", "te-IN", "kn-IN",
505 "mr-IN", "sa-IN", "mn-MN", "gl-ES",
506 "kok-IN", "syr-SY", "div-MV"
510 is_valid_culture (const char *cname)
516 for (i = 0; i < G_N_ELEMENTS (valid_cultures); ++i) {
517 if (g_strcasecmp (valid_cultures [i], cname)) {
526 is_valid_assembly_flags (guint32 flags) {
527 /* Metadata: 22.1.2 */
528 flags &= ~(0x8000 | 0x4000); /* ignore reserved bits 0x0030? */
529 return ((flags == 1) || (flags == 0));
533 is_valid_blob (MonoImage *image, guint32 blob_index, int notnull)
536 const char *p, *blob_end;
538 if (blob_index >= image->heap_blob.size)
540 p = mono_metadata_blob_heap (image, blob_index);
541 size = mono_metadata_decode_blob_size (p, &blob_end);
542 if (blob_index + size + (blob_end-p) > image->heap_blob.size)
544 if (notnull && !size)
550 is_valid_string (MonoImage *image, guint32 str_index, int notnull)
552 const char *p, *blob_end, *res;
554 if (str_index >= image->heap_strings.size)
556 res = p = mono_metadata_string_heap (image, str_index);
557 blob_end = mono_metadata_string_heap (image, image->heap_strings.size - 1);
561 * FIXME: should check it's a valid utf8 string, too.
563 while (p <= blob_end) {
568 return *p? NULL: res;
572 is_valid_cls_ident (const char *p)
575 * FIXME: we need the full unicode glib support for this.
576 * Check: http://www.unicode.org/unicode/reports/tr15/Identifier.java
577 * We do the lame thing for now.
583 if (!isalnum (*p) && *p != '_')
591 is_valid_filename (const char *p)
595 return strpbrk (p, "\\//:")? 0: 1;
599 verify_assembly_table (MonoImage *image, GSList *list, int level)
601 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLY];
602 guint32 cols [MONO_ASSEMBLY_SIZE];
605 if (level & MONO_VERIFY_ERROR) {
607 ADD_ERROR (list, g_strdup ("Assembly table may only have 0 or 1 rows"));
608 mono_metadata_decode_row (t, 0, cols, MONO_ASSEMBLY_SIZE);
610 switch (cols [MONO_ASSEMBLY_HASH_ALG]) {
611 case ASSEMBLY_HASH_NONE:
612 case ASSEMBLY_HASH_MD5:
613 case ASSEMBLY_HASH_SHA1:
616 ADD_ERROR (list, g_strdup_printf ("Hash algorithm 0x%x unknown", cols [MONO_ASSEMBLY_HASH_ALG]));
619 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLY_FLAGS]))
620 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assembly: 0x%x", cols [MONO_ASSEMBLY_FLAGS]));
622 if (!is_valid_blob (image, cols [MONO_ASSEMBLY_PUBLIC_KEY], FALSE))
623 ADD_ERROR (list, g_strdup ("Assembly public key is an invalid index"));
625 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_NAME], TRUE))) {
626 ADD_ERROR (list, g_strdup ("Assembly name is invalid"));
628 if (strpbrk (p, ":\\/."))
629 ADD_ERROR (list, g_strdup_printf ("Assembly name `%s' contains invalid chars", p));
632 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_CULTURE], FALSE))) {
633 ADD_ERROR (list, g_strdup ("Assembly culture is an invalid index"));
635 if (!is_valid_culture (p))
636 ADD_ERROR (list, g_strdup_printf ("Assembly culture `%s' is invalid", p));
643 verify_assemblyref_table (MonoImage *image, GSList *list, int level)
645 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLYREF];
646 guint32 cols [MONO_ASSEMBLYREF_SIZE];
650 if (level & MONO_VERIFY_ERROR) {
651 for (i = 0; i < t->rows; ++i) {
652 mono_metadata_decode_row (t, i, cols, MONO_ASSEMBLYREF_SIZE);
653 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLYREF_FLAGS]))
654 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assemblyref row %d: 0x%x", i + 1, cols [MONO_ASSEMBLY_FLAGS]));
656 if (!is_valid_blob (image, cols [MONO_ASSEMBLYREF_PUBLIC_KEY], FALSE))
657 ADD_ERROR (list, g_strdup_printf ("AssemblyRef public key in row %d is an invalid index", i + 1));
659 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLYREF_CULTURE], FALSE))) {
660 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture in row %d is invalid", i + 1));
662 if (!is_valid_culture (p))
663 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture `%s' in row %d is invalid", p, i + 1));
666 if (cols [MONO_ASSEMBLYREF_HASH_VALUE] && !is_valid_blob (image, cols [MONO_ASSEMBLYREF_HASH_VALUE], TRUE))
667 ADD_ERROR (list, g_strdup_printf ("AssemblyRef hash value in row %d is invalid or not null and empty", i + 1));
670 if (level & MONO_VERIFY_WARNING) {
671 /* check for duplicated rows */
672 for (i = 0; i < t->rows; ++i) {
679 verify_class_layout_table (MonoImage *image, GSList *list, int level)
681 MonoTableInfo *t = &image->tables [MONO_TABLE_CLASSLAYOUT];
682 MonoTableInfo *tdef = &image->tables [MONO_TABLE_TYPEDEF];
683 guint32 cols [MONO_CLASS_LAYOUT_SIZE];
686 if (level & MONO_VERIFY_ERROR) {
687 for (i = 0; i < t->rows; ++i) {
688 mono_metadata_decode_row (t, i, cols, MONO_CLASS_LAYOUT_SIZE);
690 if (cols [MONO_CLASS_LAYOUT_PARENT] > tdef->rows || !cols [MONO_CLASS_LAYOUT_PARENT]) {
691 ADD_ERROR (list, g_strdup_printf ("Parent in class layout is invalid in row %d", i + 1));
693 value = mono_metadata_decode_row_col (tdef, cols [MONO_CLASS_LAYOUT_PARENT] - 1, MONO_TYPEDEF_FLAGS);
694 if (value & TYPE_ATTRIBUTE_INTERFACE)
695 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is an interface", i + 1));
696 if (value & TYPE_ATTRIBUTE_AUTO_LAYOUT)
697 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is AutoLayout", i + 1));
698 if (value & TYPE_ATTRIBUTE_SEQUENTIAL_LAYOUT) {
699 switch (cols [MONO_CLASS_LAYOUT_PACKING_SIZE]) {
700 case 0: case 1: case 2: case 4: case 8: case 16:
701 case 32: case 64: case 128: break;
703 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
705 } else if (value & TYPE_ATTRIBUTE_EXPLICIT_LAYOUT) {
707 * FIXME: LAMESPEC: it claims it must be 0 (it's 1, instead).
708 if (cols [MONO_CLASS_LAYOUT_PACKING_SIZE])
709 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid with explicit layout", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
713 * FIXME: we need to check that if class size != 0,
714 * it needs to be greater than the class calculated size.
715 * If parent is a valuetype it also needs to be smaller than
716 * 1 MByte (0x100000 bytes).
717 * To do both these checks we need to load the referenced
718 * assemblies, though (the spec claims we didn't have to, bah).
721 * We need to check that the parent types have the same layout
732 verify_constant_table (MonoImage *image, GSList *list, int level)
734 MonoTableInfo *t = &image->tables [MONO_TABLE_CONSTANT];
735 guint32 cols [MONO_CONSTANT_SIZE];
737 GHashTable *dups = g_hash_table_new (NULL, NULL);
739 for (i = 0; i < t->rows; ++i) {
740 mono_metadata_decode_row (t, i, cols, MONO_CONSTANT_SIZE);
742 if (level & MONO_VERIFY_ERROR)
743 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT])))
744 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Constant row %d", cols [MONO_CONSTANT_PARENT], i + 1));
745 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]),
746 GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]));
748 switch (cols [MONO_CONSTANT_TYPE]) {
749 case MONO_TYPE_U1: /* LAMESPEC: it says I1...*/
753 if (level & MONO_VERIFY_CLS)
754 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Type 0x%x not CLS compliant in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
755 case MONO_TYPE_BOOLEAN:
763 case MONO_TYPE_STRING:
764 case MONO_TYPE_CLASS:
767 if (level & MONO_VERIFY_ERROR)
768 ADD_ERROR (list, g_strdup_printf ("Type 0x%x is invalid in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
770 if (level & MONO_VERIFY_ERROR) {
771 value = cols [MONO_CONSTANT_PARENT] >> MONO_HASCONSTANT_BITS;
772 switch (cols [MONO_CONSTANT_PARENT] & MONO_HASCONSTANT_MASK) {
773 case MONO_HASCONSTANT_FIEDDEF:
774 if (value > image->tables [MONO_TABLE_FIELD].rows)
775 ADD_ERROR (list, g_strdup_printf ("Parent (field) is invalid in Constant row %d", i + 1));
777 case MONO_HASCONSTANT_PARAM:
778 if (value > image->tables [MONO_TABLE_PARAM].rows)
779 ADD_ERROR (list, g_strdup_printf ("Parent (param) is invalid in Constant row %d", i + 1));
781 case MONO_HASCONSTANT_PROPERTY:
782 if (value > image->tables [MONO_TABLE_PROPERTY].rows)
783 ADD_ERROR (list, g_strdup_printf ("Parent (property) is invalid in Constant row %d", i + 1));
786 ADD_ERROR (list, g_strdup_printf ("Parent is invalid in Constant row %d", i + 1));
790 if (level & MONO_VERIFY_CLS) {
792 * FIXME: verify types is consistent with the enum type
793 * is parent is an enum.
797 g_hash_table_destroy (dups);
802 verify_event_map_table (MonoImage *image, GSList *list, int level)
804 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENTMAP];
805 guint32 cols [MONO_EVENT_MAP_SIZE];
806 guint32 i, last_event;
807 GHashTable *dups = g_hash_table_new (NULL, NULL);
811 for (i = 0; i < t->rows; ++i) {
812 mono_metadata_decode_row (t, i, cols, MONO_EVENT_MAP_SIZE);
813 if (level & MONO_VERIFY_ERROR)
814 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT])))
815 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
816 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]),
817 GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]));
818 if (level & MONO_VERIFY_ERROR) {
819 if (cols [MONO_EVENT_MAP_PARENT] > image->tables [MONO_TABLE_TYPEDEF].rows)
820 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
821 if (cols [MONO_EVENT_MAP_EVENTLIST] > image->tables [MONO_TABLE_EVENT].rows)
822 ADD_ERROR (list, g_strdup_printf ("EventList 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_EVENTLIST], i + 1));
824 if (cols [MONO_EVENT_MAP_EVENTLIST] <= last_event)
825 ADD_ERROR (list, g_strdup_printf ("EventList overlap in Event Map row %d", i + 1));
826 last_event = cols [MONO_EVENT_MAP_EVENTLIST];
830 g_hash_table_destroy (dups);
835 verify_event_table (MonoImage *image, GSList *list, int level)
837 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENT];
838 guint32 cols [MONO_EVENT_SIZE];
842 for (i = 0; i < t->rows; ++i) {
843 mono_metadata_decode_row (t, i, cols, MONO_EVENT_SIZE);
845 if (cols [MONO_EVENT_FLAGS] & ~(EVENT_SPECIALNAME|EVENT_RTSPECIALNAME)) {
846 if (level & MONO_VERIFY_ERROR)
847 ADD_ERROR (list, g_strdup_printf ("Flags 0x%04x invalid in Event row %d", cols [MONO_EVENT_FLAGS], i + 1));
849 if (!(p = is_valid_string (image, cols [MONO_EVENT_NAME], TRUE))) {
850 if (level & MONO_VERIFY_ERROR)
851 ADD_ERROR (list, g_strdup_printf ("Invalid name in Event row %d", i + 1));
853 if (level & MONO_VERIFY_CLS) {
854 if (!is_valid_cls_ident (p))
855 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Event row %d", p, i + 1));
859 if (level & MONO_VERIFY_ERROR && cols [MONO_EVENT_TYPE]) {
860 value = cols [MONO_EVENT_TYPE] >> MONO_TYPEDEFORREF_BITS;
861 switch (cols [MONO_EVENT_TYPE] & MONO_TYPEDEFORREF_MASK) {
862 case MONO_TYPEDEFORREF_TYPEDEF:
863 if (!value || value > image->tables [MONO_TABLE_TYPEDEF].rows)
864 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
866 case MONO_TYPEDEFORREF_TYPEREF:
867 if (!value || value > image->tables [MONO_TABLE_TYPEREF].rows)
868 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
870 case MONO_TYPEDEFORREF_TYPESPEC:
871 if (!value || value > image->tables [MONO_TABLE_TYPESPEC].rows)
872 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
875 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
879 * FIXME: check that there is 1 add and remove row in methodsemantics
880 * and 0 or 1 raise and 0 or more other (maybe it's better to check for
881 * these while checking methodsemantics).
882 * check for duplicated names for the same type [ERROR]
883 * check for CLS duplicate names for the same type [CLS]
890 verify_field_table (MonoImage *image, GSList *list, int level)
892 MonoTableInfo *t = &image->tables [MONO_TABLE_FIELD];
893 guint32 cols [MONO_FIELD_SIZE];
897 for (i = 0; i < t->rows; ++i) {
898 mono_metadata_decode_row (t, i, cols, MONO_FIELD_SIZE);
900 * Check this field has only one owner and that the owner is not
901 * an interface (done in verify_typedef_table() )
903 flags = cols [MONO_FIELD_FLAGS];
904 switch (flags & FIELD_ATTRIBUTE_FIELD_ACCESS_MASK) {
905 case FIELD_ATTRIBUTE_COMPILER_CONTROLLED:
906 case FIELD_ATTRIBUTE_PRIVATE:
907 case FIELD_ATTRIBUTE_FAM_AND_ASSEM:
908 case FIELD_ATTRIBUTE_ASSEMBLY:
909 case FIELD_ATTRIBUTE_FAMILY:
910 case FIELD_ATTRIBUTE_FAM_OR_ASSEM:
911 case FIELD_ATTRIBUTE_PUBLIC:
914 if (level & MONO_VERIFY_ERROR)
915 ADD_ERROR (list, g_strdup_printf ("Invalid access mask in Field row %d", i + 1));
918 if (level & MONO_VERIFY_ERROR) {
919 if ((flags & FIELD_ATTRIBUTE_LITERAL) && (flags & FIELD_ATTRIBUTE_INIT_ONLY))
920 ADD_ERROR (list, g_strdup_printf ("Literal and InitOnly cannot be both set in Field row %d", i + 1));
921 if ((flags & FIELD_ATTRIBUTE_LITERAL) && !(flags & FIELD_ATTRIBUTE_STATIC))
922 ADD_ERROR (list, g_strdup_printf ("Literal needs also Static set in Field row %d", i + 1));
923 if ((flags & FIELD_ATTRIBUTE_RT_SPECIAL_NAME) && !(flags & FIELD_ATTRIBUTE_SPECIAL_NAME))
924 ADD_ERROR (list, g_strdup_printf ("RTSpecialName needs also SpecialName set in Field row %d", i + 1));
926 * FIXME: check there is only one owner in the respective table.
927 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_MARSHAL)
928 * if (flags & FIELD_ATTRIBUTE_HAS_DEFAULT)
929 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_RVA)
932 if (!(p = is_valid_string (image, cols [MONO_FIELD_NAME], TRUE))) {
933 if (level & MONO_VERIFY_ERROR)
934 ADD_ERROR (list, g_strdup_printf ("Invalid name in Field row %d", i + 1));
936 if (level & MONO_VERIFY_CLS) {
937 if (!is_valid_cls_ident (p))
938 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Field row %d", p, i + 1));
943 * if owner is module needs to be static, access mask needs to be compilercontrolled,
944 * public or private (not allowed in cls mode).
945 * if owner is an enum ...
954 verify_file_table (MonoImage *image, GSList *list, int level)
956 MonoTableInfo *t = &image->tables [MONO_TABLE_FILE];
957 guint32 cols [MONO_FILE_SIZE];
960 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
962 for (i = 0; i < t->rows; ++i) {
963 mono_metadata_decode_row (t, i, cols, MONO_FILE_SIZE);
964 if (level & MONO_VERIFY_ERROR) {
965 if (cols [MONO_FILE_FLAGS] != FILE_CONTAINS_METADATA && cols [MONO_FILE_FLAGS] != FILE_CONTAINS_NO_METADATA)
966 ADD_ERROR (list, g_strdup_printf ("Invalid flags in File row %d", i + 1));
967 if (!is_valid_blob (image, cols [MONO_FILE_HASH_VALUE], TRUE))
968 ADD_ERROR (list, g_strdup_printf ("File hash value in row %d is invalid or not null and empty", i + 1));
970 if (!(p = is_valid_string (image, cols [MONO_FILE_NAME], TRUE))) {
971 if (level & MONO_VERIFY_ERROR)
972 ADD_ERROR (list, g_strdup_printf ("Invalid name in File row %d", i + 1));
974 if (level & MONO_VERIFY_ERROR) {
975 if (!is_valid_filename (p))
976 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in File row %d", p, i + 1));
977 else if (g_hash_table_lookup (dups, p)) {
978 ADD_ERROR (list, g_strdup_printf ("Duplicate name '%s` in File row %d", p, i + 1));
980 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
984 * FIXME: I don't understand what this means:
985 * If this module contains a row in the Assembly table (that is, if this module "holds the manifest")
986 * then there shall not be any row in the File table for this module - i.e., no self-reference [ERROR]
990 if (level & MONO_VERIFY_WARNING) {
991 if (!t->rows && image->tables [MONO_TABLE_EXPORTEDTYPE].rows)
992 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup ("ExportedType table should be empty if File table is empty"));
994 g_hash_table_destroy (dups);
999 verify_moduleref_table (MonoImage *image, GSList *list, int level)
1001 MonoTableInfo *t = &image->tables [MONO_TABLE_MODULEREF];
1002 MonoTableInfo *tfile = &image->tables [MONO_TABLE_FILE];
1003 guint32 cols [MONO_MODULEREF_SIZE];
1005 guint32 found, i, j, value;
1006 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
1008 for (i = 0; i < t->rows; ++i) {
1009 mono_metadata_decode_row (t, i, cols, MONO_MODULEREF_SIZE);
1010 if (!(p = is_valid_string (image, cols [MONO_MODULEREF_NAME], TRUE))) {
1011 if (level & MONO_VERIFY_ERROR)
1012 ADD_ERROR (list, g_strdup_printf ("Invalid name in ModuleRef row %d", i + 1));
1014 if (level & MONO_VERIFY_ERROR) {
1015 if (!is_valid_filename (p))
1016 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in ModuleRef row %d", p, i + 1));
1017 else if (g_hash_table_lookup (dups, p)) {
1018 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup_printf ("Duplicate name '%s` in ModuleRef row %d", p, i + 1));
1019 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
1021 for (j = 0; j < tfile->rows; ++j) {
1022 value = mono_metadata_decode_row_col (tfile, j, MONO_FILE_NAME);
1023 if ((pf = is_valid_string (image, value, TRUE)))
1024 if (strcmp (p, pf) == 0) {
1030 ADD_ERROR (list, g_strdup_printf ("Name '%s` in ModuleRef row %d doesn't have a match in File table", p, i + 1));
1035 g_hash_table_destroy (dups);
1040 verify_standalonesig_table (MonoImage *image, GSList *list, int level)
1042 MonoTableInfo *t = &image->tables [MONO_TABLE_STANDALONESIG];
1043 guint32 cols [MONO_STAND_ALONE_SIGNATURE_SIZE];
1047 for (i = 0; i < t->rows; ++i) {
1048 mono_metadata_decode_row (t, i, cols, MONO_STAND_ALONE_SIGNATURE_SIZE);
1049 if (level & MONO_VERIFY_ERROR) {
1050 if (!is_valid_blob (image, cols [MONO_STAND_ALONE_SIGNATURE], TRUE)) {
1051 ADD_ERROR (list, g_strdup_printf ("Signature is invalid in StandAloneSig row %d", i + 1));
1053 p = mono_metadata_blob_heap (image, cols [MONO_STAND_ALONE_SIGNATURE]);
1054 /* FIXME: check it's a valid locals or method sig.*/
1062 mono_image_verify_tables (MonoImage *image, int level)
1064 GSList *error_list = NULL;
1066 error_list = verify_assembly_table (image, error_list, level);
1068 * AssemblyOS, AssemblyProcessor, AssemblyRefOs and
1069 * AssemblyRefProcessor should be ignored,
1070 * though we may want to emit a warning, since it should not
1071 * be present in a PE file.
1073 error_list = verify_assemblyref_table (image, error_list, level);
1074 error_list = verify_class_layout_table (image, error_list, level);
1075 error_list = verify_constant_table (image, error_list, level);
1077 * cutom attribute, declsecurity
1079 error_list = verify_event_map_table (image, error_list, level);
1080 error_list = verify_event_table (image, error_list, level);
1081 error_list = verify_field_table (image, error_list, level);
1082 error_list = verify_file_table (image, error_list, level);
1083 error_list = verify_moduleref_table (image, error_list, level);
1084 error_list = verify_standalonesig_table (image, error_list, level);
1086 return g_slist_reverse (error_list);
1089 #define ADD_INVALID(list,msg) \
1091 MonoVerifyInfoExtended *vinfo = g_new (MonoVerifyInfoExtended, 1); \
1092 vinfo->status = MONO_VERIFY_ERROR; \
1093 vinfo->message = (msg); \
1094 (list) = g_slist_prepend ((list), vinfo); \
1095 /*G_BREAKPOINT ();*/ \
1099 #define CHECK_STACK_UNDERFLOW(num) \
1101 if (cur_stack < (num)) \
1102 ADD_INVALID (list, g_strdup_printf ("Stack underflow at 0x%04x (%d items instead of %d)", ip_offset, cur_stack, (num))); \
1105 #define CHECK_STACK_OVERFLOW() \
1107 if (cur_stack >= max_stack) \
1108 ADD_INVALID (list, g_strdup_printf ("Maxstack exceeded at 0x%04x", ip_offset)); \
1113 in_any_block (MonoMethodHeader *header, guint offset)
1116 MonoExceptionClause *clause;
1118 for (i = 0; i < header->num_clauses; ++i) {
1119 clause = &header->clauses [i];
1120 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1122 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1124 if (MONO_OFFSET_IN_FILTER (clause, offset))
1131 * in_any_exception_block:
1133 * Returns TRUE is @offset is part of any exception clause (filter, handler, catch, finally or fault).
1136 in_any_exception_block (MonoMethodHeader *header, guint offset)
1139 MonoExceptionClause *clause;
1141 for (i = 0; i < header->num_clauses; ++i) {
1142 clause = &header->clauses [i];
1143 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1145 if (MONO_OFFSET_IN_FILTER (clause, offset))
1152 * is_valid_branch_instruction:
1154 * Verify if it's valid to perform a branch from @offset to @target.
1155 * This should be used with br and brtrue/false.
1156 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1157 * The major diferent from other similiar functions is that branching into a
1158 * finally/fault block is invalid instead of just unverifiable.
1161 is_valid_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1164 MonoExceptionClause *clause;
1166 for (i = 0; i < header->num_clauses; ++i) {
1167 clause = &header->clauses [i];
1168 /*branching into a finally block is invalid*/
1169 if ((clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY || clause->flags == MONO_EXCEPTION_CLAUSE_FAULT) &&
1170 !MONO_OFFSET_IN_HANDLER (clause, offset) &&
1171 MONO_OFFSET_IN_HANDLER (clause, target))
1174 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1176 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1178 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1185 * is_valid_cmp_branch_instruction:
1187 * Verify if it's valid to perform a branch from @offset to @target.
1188 * This should be used with binary comparison branching instruction, like beq, bge and similars.
1189 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1191 * The major diferences from other similar functions are that most errors lead to invalid
1192 * code and only branching out of finally, filter or fault clauses is unverifiable.
1195 is_valid_cmp_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1198 MonoExceptionClause *clause;
1200 for (i = 0; i < header->num_clauses; ++i) {
1201 clause = &header->clauses [i];
1202 /*branching out of a handler or finally*/
1203 if (clause->flags != MONO_EXCEPTION_CLAUSE_NONE &&
1204 MONO_OFFSET_IN_HANDLER (clause, offset) &&
1205 !MONO_OFFSET_IN_HANDLER (clause, target))
1208 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1210 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1212 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1219 * A leave can't escape a finally block
1222 is_correct_leave (MonoMethodHeader *header, guint offset, guint target)
1225 MonoExceptionClause *clause;
1227 for (i = 0; i < header->num_clauses; ++i) {
1228 clause = &header->clauses [i];
1229 if (clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY && MONO_OFFSET_IN_HANDLER (clause, offset) && !MONO_OFFSET_IN_HANDLER (clause, target))
1231 if (MONO_OFFSET_IN_FILTER (clause, offset))
1238 * A rethrow can't happen outside of a catch handler.
1241 is_correct_rethrow (MonoMethodHeader *header, guint offset)
1244 MonoExceptionClause *clause;
1246 for (i = 0; i < header->num_clauses; ++i) {
1247 clause = &header->clauses [i];
1248 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1250 if (MONO_OFFSET_IN_FILTER (clause, offset))
1257 * An endfinally can't happen outside of a finally/fault handler.
1260 is_correct_endfinally (MonoMethodHeader *header, guint offset)
1263 MonoExceptionClause *clause;
1265 for (i = 0; i < header->num_clauses; ++i) {
1266 clause = &header->clauses [i];
1267 if (MONO_OFFSET_IN_HANDLER (clause, offset) && (clause->flags == MONO_EXCEPTION_CLAUSE_FAULT || clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY))
1275 * An endfilter can only happens inside a filter clause.
1276 * In non-strict mode filter is allowed inside the handler clause too
1278 static MonoExceptionClause *
1279 is_correct_endfilter (VerifyContext *ctx, guint offset)
1282 MonoExceptionClause *clause;
1284 for (i = 0; i < ctx->header->num_clauses; ++i) {
1285 clause = &ctx->header->clauses [i];
1286 if (clause->flags != MONO_EXCEPTION_CLAUSE_FILTER)
1288 if (MONO_OFFSET_IN_FILTER (clause, offset))
1290 if (!IS_STRICT_MODE (ctx) && MONO_OFFSET_IN_HANDLER (clause, offset))
1298 * Non-strict endfilter can happens inside a try block or any handler block
1301 is_unverifiable_endfilter (VerifyContext *ctx, guint offset)
1304 MonoExceptionClause *clause;
1306 for (i = 0; i < ctx->header->num_clauses; ++i) {
1307 clause = &ctx->header->clauses [i];
1308 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1315 is_valid_bool_arg (ILStackDesc *arg)
1317 if (stack_slot_is_managed_pointer (arg) || stack_slot_is_boxed_value (arg) || stack_slot_is_null_literal (arg))
1321 switch (stack_slot_get_underlying_type (arg)) {
1324 case TYPE_NATIVE_INT:
1328 g_assert (arg->type);
1329 switch (arg->type->type) {
1330 case MONO_TYPE_CLASS:
1331 case MONO_TYPE_STRING:
1332 case MONO_TYPE_OBJECT:
1333 case MONO_TYPE_SZARRAY:
1334 case MONO_TYPE_ARRAY:
1335 case MONO_TYPE_FNPTR:
1338 case MONO_TYPE_GENERICINST:
1339 /*We need to check if the container class
1340 * of the generic type is a valuetype, iow:
1341 * is it a "class Foo<T>" or a "struct Foo<T>"?
1343 return !arg->type->data.generic_class->container_class->valuetype;
1351 /*Type manipulation helper*/
1353 /*Returns the byref version of the supplied MonoType*/
1355 mono_type_get_type_byref (MonoType *type)
1359 return &mono_class_from_mono_type (type)->this_arg;
1363 /*Returns the byval version of the supplied MonoType*/
1365 mono_type_get_type_byval (MonoType *type)
1369 return &mono_class_from_mono_type (type)->byval_arg;
1373 mono_type_from_stack_slot (ILStackDesc *slot)
1375 if (stack_slot_is_managed_pointer (slot))
1376 return mono_type_get_type_byref (slot->type);
1380 /*Stack manipulation code*/
1383 stack_init (VerifyContext *ctx, ILCodeDesc *state)
1385 if (state->flags & IL_CODE_FLAG_STACK_INITED)
1388 state->flags |= IL_CODE_FLAG_STACK_INITED;
1390 state->stack = g_new0 (ILStackDesc, ctx->max_stack);
1394 stack_copy (ILCodeDesc *to, ILCodeDesc *from)
1396 to->size = from->size;
1397 memcpy (to->stack, from->stack, sizeof (ILStackDesc) * from->size);
1401 copy_stack_value (ILStackDesc *to, ILStackDesc *from)
1403 to->stype = from->stype;
1404 to->type = from->type;
1405 to->method = from->method;
1409 check_underflow (VerifyContext *ctx, int size)
1411 if (ctx->eval.size < size) {
1412 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack underflow, required %d, but have %d at 0x%04x", size, ctx->eval.size, ctx->ip_offset));
1419 check_overflow (VerifyContext *ctx)
1421 if (ctx->eval.size >= ctx->max_stack) {
1422 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have stack-depth %d at 0x%04x", ctx->eval.size + 1, ctx->ip_offset));
1429 check_unmanaged_pointer (VerifyContext *ctx, ILStackDesc *value)
1431 if (stack_slot_get_type (value) == TYPE_PTR) {
1432 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1439 check_unverifiable_type (VerifyContext *ctx, MonoType *type)
1441 if (type->type == MONO_TYPE_PTR || type->type == MONO_TYPE_FNPTR) {
1442 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1449 static ILStackDesc *
1450 stack_push (VerifyContext *ctx)
1452 return & ctx->eval.stack [ctx->eval.size++];
1455 static ILStackDesc *
1456 stack_push_val (VerifyContext *ctx, int stype, MonoType *type)
1458 ILStackDesc *top = stack_push (ctx);
1464 static ILStackDesc *
1465 stack_pop (VerifyContext *ctx)
1467 return ctx->eval.stack + --ctx->eval.size;
1470 static inline ILStackDesc *
1471 stack_top (VerifyContext *ctx)
1473 return ctx->eval.stack + (ctx->eval.size - 1);
1476 static inline ILStackDesc *
1477 stack_get (VerifyContext *ctx, int distance)
1479 return ctx->eval.stack + (ctx->eval.size - distance - 1);
1482 /* Returns the MonoType associated with the token, or NULL if it is invalid.
1484 * A boxable type can be either a reference or value type, but cannot be a byref type or an unmanaged pointer
1487 get_boxable_mono_type (VerifyContext* ctx, int token, const char *opcode)
1492 if (!(type = verifier_load_type (ctx, token, opcode)))
1495 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
1496 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type for %s at 0x%04x", opcode, ctx->ip_offset));
1500 if (type->type == MONO_TYPE_VOID) {
1501 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type for %s at 0x%04x", opcode, ctx->ip_offset));
1505 if (type->type == MONO_TYPE_TYPEDBYREF)
1506 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid use of typedbyref for %s at 0x%04x", opcode, ctx->ip_offset));
1508 check_unverifiable_type (ctx, type);
1513 /*operation result tables */
1515 static const unsigned char bin_op_table [TYPE_MAX][TYPE_MAX] = {
1516 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1517 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1518 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1519 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1520 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1521 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1524 static const unsigned char add_table [TYPE_MAX][TYPE_MAX] = {
1525 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1526 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1527 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1528 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1529 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1530 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1533 static const unsigned char sub_table [TYPE_MAX][TYPE_MAX] = {
1534 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1535 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1536 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1537 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1538 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1539 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1542 static const unsigned char int_bin_op_table [TYPE_MAX][TYPE_MAX] = {
1543 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1544 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1545 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1546 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1547 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1548 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1551 static const unsigned char shift_op_table [TYPE_MAX][TYPE_MAX] = {
1552 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1553 {TYPE_I8, TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV},
1554 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1555 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1556 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1557 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1560 static const unsigned char cmp_br_op [TYPE_MAX][TYPE_MAX] = {
1561 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1562 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1563 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1564 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1565 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV},
1566 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1569 static const unsigned char cmp_br_eq_op [TYPE_MAX][TYPE_MAX] = {
1570 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1571 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1572 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV},
1573 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1574 {TYPE_INV, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_I4, TYPE_INV},
1575 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4},
1578 static const unsigned char add_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1579 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1580 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1581 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1582 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1583 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1584 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1587 static const unsigned char sub_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1588 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1589 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1590 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1591 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1592 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1593 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1596 static const unsigned char bin_ovf_table [TYPE_MAX][TYPE_MAX] = {
1597 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1598 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1599 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1600 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1601 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1602 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1605 #ifdef MONO_VERIFIER_DEBUG
1609 dump_stack_value (ILStackDesc *value)
1611 printf ("[(%x)(%x)", value->type->type, value->stype);
1613 if (stack_slot_is_this_pointer (value))
1616 if (stack_slot_is_boxed_value (value))
1617 printf ("[boxed] ");
1619 if (stack_slot_is_null_literal (value))
1622 if (stack_slot_is_managed_mutability_pointer (value))
1623 printf ("Controled Mutability MP: ");
1625 if (stack_slot_is_managed_pointer (value))
1626 printf ("Managed Pointer to: ");
1628 switch (stack_slot_get_underlying_type (value)) {
1630 printf ("invalid type]");
1638 case TYPE_NATIVE_INT:
1639 printf ("native int]");
1642 printf ("float64]");
1645 printf ("unmanaged pointer]");
1648 switch (value->type->type) {
1649 case MONO_TYPE_CLASS:
1650 case MONO_TYPE_VALUETYPE:
1651 printf ("complex] (%s)", value->type->data.klass->name);
1653 case MONO_TYPE_STRING:
1654 printf ("complex] (string)");
1656 case MONO_TYPE_OBJECT:
1657 printf ("complex] (object)");
1659 case MONO_TYPE_SZARRAY:
1660 printf ("complex] (%s [])", value->type->data.klass->name);
1662 case MONO_TYPE_ARRAY:
1663 printf ("complex] (%s [%d %d %d])",
1664 value->type->data.array->eklass->name,
1665 value->type->data.array->rank,
1666 value->type->data.array->numsizes,
1667 value->type->data.array->numlobounds);
1669 case MONO_TYPE_GENERICINST:
1670 printf ("complex] (inst of %s )", value->type->data.generic_class->container_class->name);
1673 printf ("complex] (type generic param !%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1675 case MONO_TYPE_MVAR:
1676 printf ("complex] (method generic param !!%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1679 //should be a boxed value
1680 char * name = mono_type_full_name (value->type);
1681 printf ("complex] %s", name);
1687 printf ("unknown stack %x type]\n", value->stype);
1688 g_assert_not_reached ();
1693 dump_stack_state (ILCodeDesc *state)
1697 printf ("(%d) ", state->size);
1698 for (i = 0; i < state->size; ++i)
1699 dump_stack_value (state->stack + i);
1704 /*Returns TRUE if candidate array type can be assigned to target.
1705 *Both parameters MUST be of type MONO_TYPE_ARRAY (target->type == MONO_TYPE_ARRAY)
1708 is_array_type_compatible (MonoType *target, MonoType *candidate)
1711 MonoArrayType *left = target->data.array;
1712 MonoArrayType *right = candidate->data.array;
1714 g_assert (target->type == MONO_TYPE_ARRAY);
1715 g_assert (candidate->type == MONO_TYPE_ARRAY);
1718 if ((left->rank != right->rank) ||
1719 (left->numsizes != right->numsizes) ||
1720 (left->numlobounds != right->numlobounds))
1723 for (i = 0; i < left->numsizes; ++i)
1724 if (left->sizes [i] != right->sizes [i])
1727 for (i = 0; i < left->numlobounds; ++i)
1728 if (left->lobounds [i] != right->lobounds [i])
1731 return mono_class_is_assignable_from (left->eklass, right->eklass);
1735 get_stack_type (MonoType *type)
1738 int type_kind = type->type;
1740 mask = POINTER_MASK;
1741 /*TODO handle CMMP_MASK */
1744 switch (type_kind) {
1747 case MONO_TYPE_BOOLEAN:
1750 case MONO_TYPE_CHAR:
1753 return TYPE_I4 | mask;
1757 return TYPE_NATIVE_INT | mask;
1759 /* FIXME: the spec says that you cannot have a pointer to method pointer, do we need to check this here? */
1760 case MONO_TYPE_FNPTR:
1762 case MONO_TYPE_TYPEDBYREF:
1763 return TYPE_PTR | mask;
1766 case MONO_TYPE_MVAR:
1768 case MONO_TYPE_CLASS:
1769 case MONO_TYPE_STRING:
1770 case MONO_TYPE_OBJECT:
1771 case MONO_TYPE_SZARRAY:
1772 case MONO_TYPE_ARRAY:
1773 return TYPE_COMPLEX | mask;
1775 case MONO_TYPE_GENERICINST:
1776 if (mono_type_is_enum_type (type)) {
1777 type = mono_type_get_underlying_type_any (type);
1778 type_kind = type->type;
1781 return TYPE_COMPLEX | mask;
1786 return TYPE_I8 | mask;
1790 return TYPE_R8 | mask;
1792 case MONO_TYPE_VALUETYPE:
1793 if (mono_type_is_enum_type (type)) {
1794 type = mono_type_get_underlying_type_any (type);
1795 type_kind = type->type;
1798 return TYPE_COMPLEX | mask;
1802 VERIFIER_DEBUG ( printf ("unknown type %02x in eval stack type\n", type->type); );
1803 g_assert_not_reached ();
1808 /* convert MonoType to ILStackDesc format (stype) */
1810 set_stack_value (VerifyContext *ctx, ILStackDesc *stack, MonoType *type, int take_addr)
1813 int type_kind = type->type;
1815 if (type->byref || take_addr)
1816 mask = POINTER_MASK;
1817 /* TODO handle CMMP_MASK */
1822 switch (type_kind) {
1825 case MONO_TYPE_BOOLEAN:
1828 case MONO_TYPE_CHAR:
1831 stack->stype = TYPE_I4 | mask;
1835 stack->stype = TYPE_NATIVE_INT | mask;
1838 /*FIXME: Do we need to check if it's a pointer to the method pointer? The spec says it' illegal to have that.*/
1839 case MONO_TYPE_FNPTR:
1841 case MONO_TYPE_TYPEDBYREF:
1842 stack->stype = TYPE_PTR | mask;
1845 case MONO_TYPE_CLASS:
1846 case MONO_TYPE_STRING:
1847 case MONO_TYPE_OBJECT:
1848 case MONO_TYPE_SZARRAY:
1849 case MONO_TYPE_ARRAY:
1852 case MONO_TYPE_MVAR:
1853 stack->stype = TYPE_COMPLEX | mask;
1856 case MONO_TYPE_GENERICINST:
1857 if (mono_type_is_enum_type (type)) {
1858 type = mono_type_get_underlying_type_any (type);
1859 type_kind = type->type;
1862 stack->stype = TYPE_COMPLEX | mask;
1868 stack->stype = TYPE_I8 | mask;
1872 stack->stype = TYPE_R8 | mask;
1874 case MONO_TYPE_VALUETYPE:
1875 if (mono_type_is_enum_type (type)) {
1876 type = mono_type_get_underlying_type_any (type);
1877 type_kind = type->type;
1880 stack->stype = TYPE_COMPLEX | mask;
1884 VERIFIER_DEBUG ( printf ("unknown type 0x%02x in eval stack type\n", type->type); );
1885 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Illegal value set on stack 0x%02x at %d", type->type, ctx->ip_offset));
1892 * init_stack_with_value_at_exception_boundary:
1894 * Initialize the stack and push a given type.
1895 * The instruction is marked as been on the exception boundary.
1898 init_stack_with_value_at_exception_boundary (VerifyContext *ctx, ILCodeDesc *code, MonoClass *klass)
1900 stack_init (ctx, code);
1901 set_stack_value (ctx, code->stack, &klass->byval_arg, FALSE);
1903 code->flags |= IL_CODE_FLAG_WAS_TARGET;
1906 /* Generics validation stuff, should be moved to another metadata/? file */
1908 mono_is_generic_type_compatible (MonoType *target, MonoType *candidate)
1910 if (target->byref != candidate->byref)
1914 switch (target->type) {
1915 case MONO_TYPE_STRING:
1916 if (candidate->type == MONO_TYPE_STRING)
1920 case MONO_TYPE_CLASS:
1921 if (candidate->type != MONO_TYPE_CLASS)
1924 VERIFIER_DEBUG ( printf ("verifying type class %p %p\n", target->data.klass, candidate->data.klass); );
1925 return mono_class_is_assignable_from (target->data.klass, candidate->data.klass);
1927 case MONO_TYPE_OBJECT:
1928 return MONO_TYPE_IS_REFERENCE (candidate);
1930 case MONO_TYPE_SZARRAY:
1931 if (candidate->type != MONO_TYPE_SZARRAY)
1933 return mono_class_is_assignable_from (target->data.klass, candidate->data.klass);
1935 case MONO_TYPE_VALUETYPE:
1936 if (mono_type_is_enum_type (target)) {
1937 target = mono_type_get_underlying_type_any (target);
1940 if (candidate->type != MONO_TYPE_VALUETYPE)
1942 return candidate->data.klass == target->data.klass;
1945 case MONO_TYPE_ARRAY:
1946 if (candidate->type != MONO_TYPE_ARRAY)
1948 return is_array_type_compatible (target, candidate);
1951 VERIFIER_DEBUG ( printf ("unknown target type %d\n", target->type); );
1952 g_assert_not_reached ();
1960 mono_is_generic_instance_compatible (MonoGenericClass *target, MonoGenericClass *candidate, MonoGenericClass *root_candidate) {
1961 MonoGenericContainer *container;
1964 VERIFIER_DEBUG ( printf ("candidate container %p\n", candidate->container_class->generic_container); );
1965 if (target->container_class != candidate->container_class) {
1966 MonoType *param_class;
1967 MonoClass *cand_class;
1968 VERIFIER_DEBUG ( printf ("generic class != target\n"); );
1969 param_class = candidate->context.class_inst->type_argv [0];
1970 VERIFIER_DEBUG ( printf ("param 0 %d\n", param_class->type); );
1971 cand_class = candidate->container_class;
1973 /* We must check if it's an interface type*/
1974 if (MONO_CLASS_IS_INTERFACE (target->container_class)) {
1975 VERIFIER_DEBUG ( printf ("generic type is an interface\n"); );
1978 int iface_count = cand_class->interface_count;
1979 MonoClass **ifaces = cand_class->interfaces;
1981 VERIFIER_DEBUG ( printf ("type has %d interfaces\n", iface_count); );
1982 for (i = 0; i< iface_count; ++i) {
1983 MonoClass *ifc = ifaces[i];
1984 VERIFIER_DEBUG ( printf ("analysing %s\n", ifc->name); );
1985 if (ifc->generic_class) {
1986 VERIFIER_DEBUG ( printf ("interface has generic info\n"); );
1988 if (mono_is_generic_instance_compatible (target, ifc->generic_class, root_candidate)) {
1989 VERIFIER_DEBUG ( printf ("we got compatible stuff!\n"); );
1994 cand_class = cand_class->parent;
1995 } while (cand_class);
1997 VERIFIER_DEBUG ( printf ("don't implements an interface\n"); );
2000 VERIFIER_DEBUG ( printf ("verifying upper classes\n"); );
2002 cand_class = cand_class->parent;
2004 while (cand_class) {
2005 VERIFIER_DEBUG ( printf ("verifying parent class name %s\n", cand_class->name); );
2006 if (cand_class->generic_class) {
2007 VERIFIER_DEBUG ( printf ("super type has generic context\n"); );
2009 /* TODO break loop if target->container_class == cand_class->generic_class->container_class */
2010 return mono_is_generic_instance_compatible (target, cand_class->generic_class, root_candidate);
2012 VERIFIER_DEBUG ( printf ("super class has no generic context\n"); );
2013 cand_class = cand_class->parent;
2019 /* now we verify if the instantiations are compatible*/
2020 if (target->context.class_inst == candidate->context.class_inst) {
2021 VERIFIER_DEBUG ( printf ("generic types are compatible, both have the same instantiation\n"); );
2025 if (target->context.class_inst->type_argc != candidate->context.class_inst->type_argc) {
2026 VERIFIER_DEBUG ( printf ("generic instantiations with different arg counts\n"); );
2030 //verify if open instance -- none should be
2032 container = target->container_class->generic_container;
2034 for (i = 0; i < container->type_argc; ++i) {
2035 MonoGenericParam *param = container->type_params + i;
2036 MonoType *target_type = target->context.class_inst->type_argv [i];
2037 MonoType *candidate_type = candidate->context.class_inst->type_argv [i];
2038 /* We resolve TYPE_VAR types before proceeding */
2040 if (candidate_type->type == MONO_TYPE_VAR) {
2041 MonoGenericParam *var_param = candidate_type->data.generic_param;
2042 candidate_type = root_candidate->context.class_inst->type_argv [var_param->num];
2045 if ((param->flags & GENERIC_PARAMETER_ATTRIBUTE_VARIANCE_MASK) == 0) {
2046 VERIFIER_DEBUG ( printf ("generic type have no variance flag, checking each type %d %d \n",target_type->type, candidate_type->type); );
2048 if (!mono_metadata_type_equal (target_type, candidate_type))
2051 VERIFIER_DEBUG ( printf ("generic type has variance flag, need to perform deeper check\n"); );
2052 /* first we check if they are the same kind */
2053 /* byref generic params are forbiden, but better safe than sorry.*/
2055 if ((param->flags & GENERIC_PARAMETER_ATTRIBUTE_COVARIANT) == GENERIC_PARAMETER_ATTRIBUTE_COVARIANT) {
2056 if (!mono_is_generic_type_compatible (target_type, candidate_type))
2058 /* the attribute must be contravariant */
2059 } else if (!mono_is_generic_type_compatible (candidate_type, target_type))
2068 /*Verify if type 'candidate' can be stored in type 'target'.
2070 * If strict, check for the underlying type and not the verification stack types
2073 verify_type_compatibility_full (VerifyContext *ctx, MonoType *target, MonoType *candidate, gboolean strict)
2075 #define IS_ONE_OF3(T, A, B, C) (T == A || T == B || T == C)
2076 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
2078 MonoType *original_candidate = candidate;
2079 VERIFIER_DEBUG ( printf ("checking type compatibility %p %p[%x][%x] %p[%x][%x]\n", ctx, target, target->type, target->byref, candidate, candidate->type, candidate->byref); );
2081 /*only one is byref */
2082 if (candidate->byref ^ target->byref) {
2083 /* converting from native int to byref*/
2084 if (get_stack_type (candidate) == TYPE_NATIVE_INT && target->byref) {
2085 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("using byref native int at 0x%04x", ctx->ip_offset));
2090 strict |= target->byref;
2091 /*From now on we don't care about byref anymore, so it's ok to discard it here*/
2092 candidate = mono_type_get_underlying_type_any (candidate);
2095 switch (target->type) {
2096 case MONO_TYPE_VOID:
2097 return candidate->type == MONO_TYPE_VOID;
2100 case MONO_TYPE_BOOLEAN:
2102 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I1, MONO_TYPE_U1, MONO_TYPE_BOOLEAN);
2105 case MONO_TYPE_CHAR:
2107 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I2, MONO_TYPE_U2, MONO_TYPE_CHAR);
2109 case MONO_TYPE_U4: {
2110 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
2111 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
2113 return is_native_int || is_int4;
2114 return is_native_int || get_stack_type (candidate) == TYPE_I4;
2119 return IS_ONE_OF2 (candidate->type, MONO_TYPE_I8, MONO_TYPE_U8);
2124 return candidate->type == target->type;
2125 return IS_ONE_OF2 (candidate->type, MONO_TYPE_R4, MONO_TYPE_R8);
2129 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
2130 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
2132 return is_native_int || is_int4;
2133 return is_native_int || get_stack_type (candidate) == TYPE_I4;
2137 if (candidate->type != MONO_TYPE_PTR)
2139 /* check the underlying type */
2140 return verify_type_compatibility_full (ctx, target->data.type, candidate->data.type, TRUE);
2142 case MONO_TYPE_FNPTR: {
2143 MonoMethodSignature *left, *right;
2144 if (candidate->type != MONO_TYPE_FNPTR)
2147 left = mono_type_get_signature (target);
2148 right = mono_type_get_signature (candidate);
2149 return mono_metadata_signature_equal (left, right) && left->call_convention == right->call_convention;
2152 case MONO_TYPE_GENERICINST: {
2153 MonoGenericClass *left;
2154 MonoGenericClass *right;
2155 if (mono_type_is_enum_type (target)) {
2156 target = mono_type_get_underlying_type_any (target);
2160 if (candidate->type != MONO_TYPE_GENERICINST)
2161 return mono_class_is_assignable_from (mono_class_from_mono_type (target), mono_class_from_mono_type (candidate));
2162 left = target->data.generic_class;
2163 right = candidate->data.generic_class;
2165 return mono_is_generic_instance_compatible (left, right, right);
2168 case MONO_TYPE_STRING:
2169 return candidate->type == MONO_TYPE_STRING;
2171 case MONO_TYPE_CLASS:
2172 /* If candidate is an enum it should return true for System.Enum and supertypes.
2173 * That's why here we use the original type and not the underlying type.
2175 return mono_class_is_assignable_from (target->data.klass, mono_class_from_mono_type (original_candidate));
2177 case MONO_TYPE_OBJECT:
2178 return MONO_TYPE_IS_REFERENCE (candidate);
2180 case MONO_TYPE_SZARRAY: {
2183 if (candidate->type != MONO_TYPE_SZARRAY)
2186 left = target->data.klass;
2187 right = candidate->data.klass;
2188 return mono_class_is_assignable_from(left, right);
2191 case MONO_TYPE_ARRAY:
2192 if (candidate->type != MONO_TYPE_ARRAY)
2194 return is_array_type_compatible (target, candidate);
2196 case MONO_TYPE_TYPEDBYREF:
2197 return candidate->type == MONO_TYPE_TYPEDBYREF;
2199 case MONO_TYPE_VALUETYPE:
2200 if (candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass)
2202 if (mono_type_is_enum_type (target)) {
2203 target = mono_type_get_underlying_type_any (target);
2209 if (candidate->type != MONO_TYPE_VAR)
2211 return candidate->data.generic_param->num == target->data.generic_param->num;
2213 case MONO_TYPE_MVAR:
2214 if (candidate->type != MONO_TYPE_MVAR)
2216 return candidate->data.generic_param->num == target->data.generic_param->num;
2219 VERIFIER_DEBUG ( printf ("unknown store type %d\n", target->type); );
2220 g_assert_not_reached ();
2229 verify_type_compatibility (VerifyContext *ctx, MonoType *target, MonoType *candidate)
2231 return verify_type_compatibility_full (ctx, target, candidate, FALSE);
2235 * is_compatible_boxed_valuetype:
2237 * Returns TRUE if @candidate / @stack is a valid boxed valuetype.
2239 * @type The source type. It it tested to be of the proper type.
2240 * @candidate type of the boxed valuetype.
2241 * @stack stack slot of the boxed valuetype, separate from @candidade since one could be changed before calling this function
2242 * @type_must_be_object if TRUE @type must be System.Object, otherwise can be any reference type.
2246 is_compatible_boxed_valuetype (MonoType *type, MonoType *candidate, ILStackDesc *stack, gboolean type_must_be_object)
2248 if (type_must_be_object && type->type != MONO_TYPE_OBJECT)
2250 if (!type_must_be_object && !MONO_TYPE_IS_REFERENCE (type))
2252 return !type->byref && mono_class_from_mono_type (candidate)->valuetype && !candidate->byref && stack_slot_is_boxed_value (stack);
2256 verify_stack_type_compatibility (VerifyContext *ctx, MonoType *type, ILStackDesc *stack)
2258 MonoType *candidate = mono_type_from_stack_slot (stack);
2259 if (MONO_TYPE_IS_REFERENCE (type) && !type->byref && stack_slot_is_null_literal (stack))
2262 if (is_compatible_boxed_valuetype (type, candidate, stack, TRUE))
2265 return verify_type_compatibility_full (ctx, type, candidate, FALSE);
2269 * mono_delegate_signature_equal:
2271 * Compare two signatures in the way expected by delegates.
2273 * This function only exists due to the fact that it should ignore the 'has_this' part of the signature.
2275 * FIXME can this function be eliminated and proper metadata functionality be used?
2278 mono_delegate_signature_equal (MonoMethodSignature *sig1, MonoMethodSignature *sig2)
2282 //FIXME do we need to check for explicit_this?
2283 //We don't check for has_this since this is irrelevant for delegate signatures
2284 if (sig1->param_count != sig2->param_count)
2287 if (sig1->generic_param_count != sig2->generic_param_count)
2290 for (i = 0; i < sig1->param_count; i++) {
2291 MonoType *p1 = sig1->params [i];
2292 MonoType *p2 = sig2->params [i];
2294 if (!mono_metadata_type_equal_full (p1, p2, TRUE))
2298 if (!mono_metadata_type_equal_full (sig1->ret, sig2->ret, TRUE))
2305 * verify_ldftn_delegate:
2307 * Verify properties of ldftn based delegates.
2310 verify_ldftn_delegate (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2312 MonoMethod *method = funptr->method;
2314 /*ldftn non-final virtuals only allowed if method is not static,
2315 * the object is a this arg (comes from a ldarg.0), and there is no starg.0.
2316 * This rules doesn't apply if the object on stack is a boxed valuetype.
2318 if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !stack_slot_is_boxed_value (value)) {
2319 /*A stdarg 0 must not happen, we fail here only in fail fast mode to avoid double error reports*/
2320 if (IS_FAIL_FAST_MODE (ctx) && ctx->has_this_store)
2321 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", ctx->ip_offset));
2323 /*current method must not be static*/
2324 if (ctx->method->flags & METHOD_ATTRIBUTE_STATIC)
2325 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function at 0x%04x", ctx->ip_offset));
2327 /*value is the this pointer, loaded using ldarg.0 */
2328 if (!stack_slot_is_this_pointer (value))
2329 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object argument, it is not the this pointer, to ldftn with virtual method at 0x%04x", ctx->ip_offset));
2331 ctx->code [ctx->ip_offset].flags |= IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL;
2336 * verify_delegate_compatibility:
2338 * Verify delegate creation sequence.
2342 verify_delegate_compatibility (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2344 #define IS_VALID_OPCODE(offset, opcode) (ip [ip_offset - offset] == opcode && (ctx->code [ip_offset - offset].flags & IL_CODE_FLAG_SEEN))
2345 #define IS_LOAD_FUN_PTR(kind) (IS_VALID_OPCODE (6, CEE_PREFIX1) && ip [ip_offset - 5] == kind)
2347 MonoMethod *invoke, *method;
2348 const guint8 *ip = ctx->header->code;
2349 guint32 ip_offset = ctx->ip_offset;
2351 if (stack_slot_get_type (funptr) != TYPE_PTR || !funptr->method) {
2352 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid function pointer parameter for delegate constructor at %d", ctx->ip_offset));
2356 invoke = mono_get_delegate_invoke (delegate);
2357 method = funptr->method;
2359 if (!mono_delegate_signature_equal (mono_method_signature (invoke), mono_method_signature (method)))
2360 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Function pointer parameter for delegate constructor has diferent signature at %d", ctx->ip_offset));
2363 * Delegate code sequences:
2369 * [-6] ldvirtftn token
2373 if (ip_offset > 5 && IS_LOAD_FUN_PTR (CEE_LDFTN)) {
2374 verify_ldftn_delegate (ctx, delegate, value, funptr);
2375 } else if (ip_offset > 6 && IS_VALID_OPCODE (7, CEE_DUP) && IS_LOAD_FUN_PTR (CEE_LDVIRTFTN)) {
2376 ctx->code [ip_offset - 6].flags |= IL_CODE_DELEGATE_SEQUENCE;
2378 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid code sequence for delegate creation at 0x%04x", ctx->ip_offset));
2380 ctx->code [ip_offset].flags |= IL_CODE_DELEGATE_SEQUENCE;
2383 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, value->type) && !stack_slot_is_null_literal (value))
2384 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
2386 if (stack_slot_get_type (value) != TYPE_COMPLEX)
2387 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid first parameter for delegate creation at 0x%04x", ctx->ip_offset));
2389 #undef IS_VALID_OPCODE
2390 #undef IS_LOAD_FUN_PTR
2393 /* implement the opcode checks*/
2395 push_arg (VerifyContext *ctx, unsigned int arg, int take_addr)
2397 if (arg >= ctx->max_args) {
2399 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2401 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2402 if (check_overflow (ctx)) //FIXME: what sane value could we ever push?
2403 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2405 } else if (check_overflow (ctx)) {
2406 /*We must let the value be pushed, otherwise we would get an underflow error*/
2407 check_unverifiable_type (ctx, ctx->params [arg]);
2408 if (ctx->params [arg]->byref && take_addr)
2409 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2410 if (!set_stack_value (ctx, stack_push (ctx), ctx->params [arg], take_addr))
2413 if (arg == 0 && !(ctx->method->flags & METHOD_ATTRIBUTE_STATIC)) {
2415 ctx->has_this_store = TRUE;
2417 stack_top (ctx)->stype |= THIS_POINTER_MASK;
2423 push_local (VerifyContext *ctx, guint32 arg, int take_addr)
2425 if (arg >= ctx->num_locals) {
2426 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local %d", arg + 1));
2427 } else if (check_overflow (ctx)) {
2428 /*We must let the value be pushed, otherwise we would get an underflow error*/
2429 check_unverifiable_type (ctx, ctx->locals [arg]);
2430 if (ctx->locals [arg]->byref && take_addr)
2431 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2433 set_stack_value (ctx, stack_push (ctx), ctx->locals [arg], take_addr);
2438 store_arg (VerifyContext *ctx, guint32 arg)
2442 if (arg >= ctx->max_args) {
2443 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d at 0x%04x", arg + 1, ctx->ip_offset));
2444 check_underflow (ctx, 1);
2449 if (check_underflow (ctx, 1)) {
2450 value = stack_pop (ctx);
2451 if (!verify_stack_type_compatibility (ctx, ctx->params [arg], value)) {
2452 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in argument store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2455 if (arg == 0 && !(ctx->method->flags & METHOD_ATTRIBUTE_STATIC))
2456 ctx->has_this_store = 1;
2460 store_local (VerifyContext *ctx, guint32 arg)
2463 if (arg >= ctx->num_locals) {
2464 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local var %d at 0x%04x", arg + 1, ctx->ip_offset));
2468 /*TODO verify definite assigment */
2469 if (check_underflow (ctx, 1)) {
2470 value = stack_pop(ctx);
2471 if (!verify_stack_type_compatibility (ctx, ctx->locals [arg], value)) {
2472 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type [%s], type [%s] was expected in local store at 0x%04x",
2473 stack_slot_get_name (value),
2474 mono_type_get_stack_name (ctx->locals [arg]),
2480 /*FIXME add and sub needs special care here*/
2482 do_binop (VerifyContext *ctx, unsigned int opcode, const unsigned char table [TYPE_MAX][TYPE_MAX])
2485 int idxa, idxb, complexMerge = 0;
2488 if (!check_underflow (ctx, 2))
2490 a = stack_get (ctx, 1);
2491 b = stack_top (ctx);
2493 idxa = stack_slot_get_underlying_type (a);
2494 if (stack_slot_is_managed_pointer (a)) {
2499 idxb = stack_slot_get_underlying_type (b);
2500 if (stack_slot_is_managed_pointer (b)) {
2507 res = table [idxa][idxb];
2509 VERIFIER_DEBUG ( printf ("binop res %d\n", res); );
2510 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2513 if (res == TYPE_INV) {
2514 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction applyed to ill formed stack (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2518 if (res & NON_VERIFIABLE_RESULT) {
2519 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction is not verifiable (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2521 res = res & ~NON_VERIFIABLE_RESULT;
2524 if (complexMerge && res == TYPE_PTR) {
2525 if (complexMerge == 1)
2526 copy_stack_value (stack_top (ctx), a);
2527 else if (complexMerge == 2)
2528 copy_stack_value (stack_top (ctx), b);
2530 * There is no need to merge the type of two pointers.
2531 * The only valid operation is subtraction, that returns a native
2532 * int as result and can be used with any 2 pointer kinds.
2533 * This is valid acording to Patition III 1.1.4
2536 stack_top (ctx)->stype = res;
2542 do_boolean_branch_op (VerifyContext *ctx, int delta)
2544 int target = ctx->ip_offset + delta;
2547 VERIFIER_DEBUG ( printf ("boolean branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2549 if (target < 0 || target >= ctx->code_size) {
2550 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Boolean branch target out of code at 0x%04x", ctx->ip_offset));
2554 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2556 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2559 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2563 ctx->target = target;
2565 if (!check_underflow (ctx, 1))
2568 top = stack_pop (ctx);
2569 if (!is_valid_bool_arg (top))
2570 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Argument type %s not valid for brtrue/brfalse at 0x%04x", stack_slot_get_name (stack_get (ctx, -1)), ctx->ip_offset));
2572 check_unmanaged_pointer (ctx, top);
2577 do_branch_op (VerifyContext *ctx, signed int delta, const unsigned char table [TYPE_MAX][TYPE_MAX])
2582 int target = ctx->ip_offset + delta;
2584 VERIFIER_DEBUG ( printf ("branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2586 if (target < 0 || target >= ctx->code_size) {
2587 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
2591 switch (is_valid_cmp_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2593 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2596 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2600 ctx->target = target;
2602 if (!check_underflow (ctx, 2))
2605 b = stack_pop (ctx);
2606 a = stack_pop (ctx);
2608 idxa = stack_slot_get_underlying_type (a);
2609 if (stack_slot_is_managed_pointer (a))
2612 idxb = stack_slot_get_underlying_type (b);
2613 if (stack_slot_is_managed_pointer (b))
2618 res = table [idxa][idxb];
2620 VERIFIER_DEBUG ( printf ("branch res %d\n", res); );
2621 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2623 if (res == TYPE_INV) {
2624 CODE_NOT_VERIFIABLE (ctx,
2625 g_strdup_printf ("Compare and Branch instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2626 } else if (res & NON_VERIFIABLE_RESULT) {
2627 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare and Branch instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2628 res = res & ~NON_VERIFIABLE_RESULT;
2633 do_cmp_op (VerifyContext *ctx, const unsigned char table [TYPE_MAX][TYPE_MAX], guint32 opcode)
2639 if (!check_underflow (ctx, 2))
2641 b = stack_pop (ctx);
2642 a = stack_pop (ctx);
2644 if (opcode == CEE_CGT_UN) {
2645 if (stack_slot_get_type (a) == TYPE_COMPLEX && stack_slot_get_type (b) == TYPE_COMPLEX) {
2646 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2651 idxa = stack_slot_get_underlying_type (a);
2652 if (stack_slot_is_managed_pointer (a))
2655 idxb = stack_slot_get_underlying_type (b);
2656 if (stack_slot_is_managed_pointer (b))
2661 res = table [idxa][idxb];
2663 if(res == TYPE_INV) {
2664 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf("Compare instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2665 } else if (res & NON_VERIFIABLE_RESULT) {
2666 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2667 res = res & ~NON_VERIFIABLE_RESULT;
2669 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2673 do_ret (VerifyContext *ctx)
2675 VERIFIER_DEBUG ( printf ("checking ret\n"); );
2676 if (ctx->signature->ret->type != MONO_TYPE_VOID) {
2678 if (!check_underflow (ctx, 1))
2681 top = stack_pop(ctx);
2683 if (!verify_stack_type_compatibility (ctx, ctx->signature->ret, top)) {
2684 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible return value on stack with method signature ret at 0x%04x", ctx->ip_offset));
2689 if (ctx->eval.size > 0) {
2690 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack not empty (%d) after ret at 0x%04x", ctx->eval.size, ctx->ip_offset));
2692 if (in_any_block (ctx->header, ctx->ip_offset))
2693 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ret cannot escape exception blocks at 0x%04x", ctx->ip_offset));
2697 * FIXME we need to fix the case of a non-virtual instance method defined in the parent but call using a token pointing to a subclass.
2698 * This is illegal but mono_get_method_full decoded it.
2699 * TODO handle vararg calls
2700 * TODO handle calling .ctor outside one or calling the .ctor for other class but super
2703 do_invoke_method (VerifyContext *ctx, int method_token, gboolean virtual)
2706 MonoMethodSignature *sig;
2709 gboolean virt_check_this = FALSE;
2711 if (!(method = verifier_load_method (ctx, method_token, virtual ? "callvirt" : "call")))
2714 if (!virtual && (method->flags & METHOD_ATTRIBUTE_ABSTRACT))
2715 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use call with an abstract method at 0x%04x", ctx->ip_offset));
2717 if (virtual && method->klass->valuetype)
2718 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use callvirtual with valuetype method at 0x%04x", ctx->ip_offset));
2720 if (!virtual && (method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL)) {
2721 virt_check_this = TRUE;
2722 ctx->code [ctx->ip_offset].flags |= IL_CODE_CALL_NONFINAL_VIRTUAL;
2725 if (!(sig = mono_method_get_signature_full (method, ctx->image, method_token, ctx->generic_context)))
2726 sig = mono_method_get_signature (method, ctx->image, method_token);
2728 param_count = sig->param_count + sig->hasthis;
2729 if (!check_underflow (ctx, param_count))
2732 for (i = sig->param_count - 1; i >= 0; --i) {
2733 VERIFIER_DEBUG ( printf ("verifying argument %d\n", i); );
2734 value = stack_pop (ctx);
2735 if (!verify_stack_type_compatibility (ctx, sig->params[i], value))
2736 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
2740 MonoType *type = &method->klass->byval_arg;
2742 value = stack_pop (ctx);
2743 copy_stack_value (©, value);
2744 //TODO we should extract this to a 'drop_byref_argument' and use everywhere
2745 //Other parts of the code suffer from the same issue of
2746 copy.type = mono_type_get_type_byval (copy.type);
2747 copy.stype &= ~POINTER_MASK;
2749 if (virt_check_this && !stack_slot_is_this_pointer (value) && !(method->klass->valuetype || stack_slot_is_boxed_value (value)))
2750 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a non-final virtual method from an objet diferent thant the this pointer at 0x%04x", ctx->ip_offset));
2752 if (stack_slot_is_managed_pointer (value) && !mono_class_from_mono_type (value->type)->valuetype)
2753 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a reference type using a managed pointer to the this arg at 0x%04x", ctx->ip_offset));
2755 if (!virtual && mono_class_from_mono_type (value->type)->valuetype && !method->klass->valuetype && !stack_slot_is_boxed_value (value))
2756 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a valuetype baseclass at 0x%04x", ctx->ip_offset));
2758 if (virtual && mono_class_from_mono_type (value->type)->valuetype && !stack_slot_is_boxed_value (value))
2759 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a valuetype with callvirt at 0x%04x", ctx->ip_offset));
2761 if (method->klass->valuetype && (stack_slot_is_boxed_value (value) || !stack_slot_is_managed_pointer (value)))
2762 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a boxed or literal valuetype to call a valuetype method at 0x%04x", ctx->ip_offset));
2764 if (!verify_stack_type_compatibility (ctx, type, ©))
2765 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible this argument on stack with method signature at 0x%04x", ctx->ip_offset));
2768 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_method (ctx->method, method))
2769 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Method is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
2771 if (sig->ret->type != MONO_TYPE_VOID) {
2772 if (check_overflow (ctx))
2773 set_stack_value (ctx, stack_push (ctx), sig->ret, FALSE);
2776 if (sig->ret->byref)
2777 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method returns typedbyref, byref or ArgIterator at 0x%04x", ctx->ip_offset));
2781 do_push_static_field (VerifyContext *ctx, int token, gboolean take_addr)
2783 MonoClassField *field;
2786 if (!(field = verifier_load_field (ctx, token, &klass, take_addr ? "ldsflda" : "ldsfld")))
2789 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2790 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot load non static field at 0x%04x", ctx->ip_offset));
2793 /*taking the address of initonly field only works from the static constructor */
2794 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2795 !(field->parent == ctx->method->klass && (ctx->method->flags & (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_STATIC)) && !strcmp (".cctor", ctx->method->name)))
2796 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2798 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2799 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2801 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2805 do_store_static_field (VerifyContext *ctx, int token) {
2806 MonoClassField *field;
2810 if (!check_underflow (ctx, 1))
2813 value = stack_pop (ctx);
2815 if (!(field = verifier_load_field (ctx, token, &klass, "stsfld")))
2818 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2819 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot store non static field at 0x%04x", ctx->ip_offset));
2823 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2824 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type in store static field at 0x%04x", ctx->ip_offset));
2828 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2829 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2831 if (!verify_stack_type_compatibility (ctx, field->type, value))
2832 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in static field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2836 check_is_valid_type_for_field_ops (VerifyContext *ctx, int token, ILStackDesc *obj, MonoClassField **ret_field, const char *opcode)
2838 MonoClassField *field;
2841 /*must be one of: complex type, managed pointer (to complex type), unmanaged pointer (native int) or an instance of a value type */
2842 if (!( stack_slot_get_underlying_type (obj) == TYPE_COMPLEX
2843 || stack_slot_get_type (obj) == TYPE_NATIVE_INT
2844 || stack_slot_get_type (obj) == TYPE_PTR)) {
2845 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument %s to load field at 0x%04x", stack_slot_get_name (obj), ctx->ip_offset));
2848 if (!(field = verifier_load_field (ctx, token, &klass, opcode)))
2851 //TODO verify if type loaded correctly.
2854 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2855 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type at 0x%04x", ctx->ip_offset));
2858 g_assert (obj->type);
2860 /*The value on the stack must be a subclass of the defining type of the field*/
2861 /* we need to check if we can load the field from the stack value*/
2862 if (stack_slot_get_underlying_type (obj) == TYPE_COMPLEX) {
2863 if (!field->parent->valuetype && stack_slot_is_managed_pointer (obj))
2864 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a managed pointer to a reference type and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2866 /*a value type can be loaded from a value or a managed pointer, but not a boxed object*/
2867 if (field->parent->valuetype && stack_slot_is_boxed_value (obj))
2868 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a boxed valuetype and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2870 if (!stack_slot_is_null_literal (obj) && !verify_type_compatibility (ctx, &field->parent->byval_arg, mono_type_get_type_byval (obj->type)))
2871 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2873 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2874 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2877 if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field (ctx->method, field))
2878 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
2880 if (stack_slot_get_underlying_type (obj) == TYPE_NATIVE_INT)
2881 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Native int is not a verifiable type to reference a field at 0x%04x", ctx->ip_offset));
2883 check_unmanaged_pointer (ctx, obj);
2888 do_push_field (VerifyContext *ctx, int token, gboolean take_addr)
2891 MonoClassField *field;
2893 if (!check_underflow (ctx, 1))
2895 obj = stack_pop (ctx);
2897 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field, take_addr ? "ldflda" : "ldfld"))
2900 if (take_addr && field->parent->valuetype && !stack_slot_is_managed_pointer (obj))
2901 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a temporary value-type at 0x%04x", ctx->ip_offset));
2903 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2904 !(field->parent == ctx->method->klass && mono_method_is_constructor (ctx->method)))
2905 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2907 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2911 do_store_field (VerifyContext *ctx, int token)
2913 ILStackDesc *value, *obj;
2914 MonoClassField *field;
2916 if (!check_underflow (ctx, 2))
2919 value = stack_pop (ctx);
2920 obj = stack_pop (ctx);
2922 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field, "stfld"))
2925 if (!verify_stack_type_compatibility (ctx, field->type, value))
2926 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2929 /*TODO proper handle for Nullable<T>*/
2931 do_box_value (VerifyContext *ctx, int klass_token)
2934 MonoType *type = get_boxable_mono_type (ctx, klass_token, "box");
2939 if (!check_underflow (ctx, 1))
2942 value = stack_top (ctx);
2943 /*box is a nop for reference types*/
2945 if (stack_slot_get_underlying_type (value) == TYPE_COMPLEX && MONO_TYPE_IS_REFERENCE (value->type) && MONO_TYPE_IS_REFERENCE (type)) {
2946 value->stype |= BOXED_MASK;
2950 value = stack_pop (ctx);
2952 if (!verify_stack_type_compatibility (ctx, type, value))
2953 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for boxing operation at 0x%04x", ctx->ip_offset));
2955 stack_push_val (ctx, TYPE_COMPLEX | BOXED_MASK, type);
2959 do_unbox_value (VerifyContext *ctx, int klass_token)
2962 MonoType *type = get_boxable_mono_type (ctx, klass_token, "unbox");
2967 if (!check_underflow (ctx, 1))
2970 if (!mono_class_from_mono_type (type)->valuetype)
2971 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid reference type for unbox at 0x%04x", ctx->ip_offset));
2973 value = stack_pop (ctx);
2975 /*Value should be: a boxed valuetype or a reference type*/
2976 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
2977 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
2978 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2980 set_stack_value (ctx, value = stack_push (ctx), mono_type_get_type_byref (type), FALSE);
2981 value->stype |= CMMP_MASK;
2985 do_unbox_any (VerifyContext *ctx, int klass_token)
2988 MonoType *type = get_boxable_mono_type (ctx, klass_token, "unbox.any");
2993 if (!check_underflow (ctx, 1))
2996 value = stack_pop (ctx);
2998 /*Value should be: a boxed valuetype or a reference type*/
2999 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
3000 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
3001 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox.any operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3003 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3007 do_unary_math_op (VerifyContext *ctx, int op)
3010 if (!check_underflow (ctx, 1))
3012 value = stack_top (ctx);
3013 switch (stack_slot_get_type (value)) {
3016 case TYPE_NATIVE_INT:
3021 case TYPE_COMPLEX: /*only enums are ok*/
3022 if (mono_type_is_enum_type (value->type))
3025 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for unary not at 0x%04x", ctx->ip_offset));
3030 do_conversion (VerifyContext *ctx, int kind)
3033 if (!check_underflow (ctx, 1))
3035 value = stack_pop (ctx);
3037 switch (stack_slot_get_type (value)) {
3040 case TYPE_NATIVE_INT:
3044 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type (%s) at stack for conversion operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3049 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
3052 stack_push_val (ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
3055 stack_push_val (ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
3057 case TYPE_NATIVE_INT:
3058 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
3061 g_error ("unknown type %02x in conversion", kind);
3067 * FIXME validate the token
3070 do_load_token (VerifyContext *ctx, int token)
3073 MonoClass *handle_class;
3074 if (!check_overflow (ctx))
3076 handle = mono_ldtoken (ctx->image, token, &handle_class, ctx->generic_context);
3078 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid token 0x%x for ldtoken at 0x%04x", token, ctx->ip_offset));
3081 stack_push_val (ctx, TYPE_COMPLEX, mono_class_get_type (handle_class));
3085 do_ldobj_value (VerifyContext *ctx, int token)
3088 MonoType *type = get_boxable_mono_type (ctx, token, "ldobj");
3093 if (!check_underflow (ctx, 1))
3096 value = stack_pop (ctx);
3097 if (!stack_slot_is_managed_pointer (value)
3098 && stack_slot_get_type (value) != TYPE_NATIVE_INT
3099 && !(stack_slot_get_type (value) == TYPE_PTR && value->type->type != MONO_TYPE_FNPTR)) {
3100 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid argument %s to ldobj at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3104 if (stack_slot_get_type (value) == TYPE_NATIVE_INT)
3105 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Using native pointer to ldobj at 0x%04x", ctx->ip_offset));
3107 /*We have a byval on the stack, but the comparison must be strict. */
3108 if (!verify_type_compatibility_full (ctx, type, mono_type_get_type_byval (value->type), TRUE))
3109 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldojb operation at 0x%04x", ctx->ip_offset));
3111 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3115 do_stobj (VerifyContext *ctx, int token)
3117 ILStackDesc *dest, *src;
3118 MonoType *type = get_boxable_mono_type (ctx, token, "stobj");
3122 if (!check_underflow (ctx, 2))
3125 src = stack_pop (ctx);
3126 dest = stack_pop (ctx);
3128 if (!stack_slot_is_managed_pointer (dest))
3129 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of stobj operation at 0x%04x", ctx->ip_offset));
3131 if (!verify_stack_type_compatibility (ctx, type, src))
3132 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of stobj don't match at 0x%04x", ctx->ip_offset));
3134 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
3135 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of stobj don't match at 0x%04x", ctx->ip_offset));
3139 do_cpobj (VerifyContext *ctx, int token)
3141 ILStackDesc *dest, *src;
3142 MonoType *type = get_boxable_mono_type (ctx, token, "cpobj");
3146 if (!check_underflow (ctx, 2))
3149 src = stack_pop (ctx);
3150 dest = stack_pop (ctx);
3152 if (!stack_slot_is_managed_pointer (src))
3153 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid source of cpobj operation at 0x%04x", ctx->ip_offset));
3155 if (!stack_slot_is_managed_pointer (dest))
3156 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of cpobj operation at 0x%04x", ctx->ip_offset));
3158 if (!verify_type_compatibility (ctx, type, mono_type_get_type_byval (src->type)))
3159 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of cpobj don't match at 0x%04x", ctx->ip_offset));
3161 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
3162 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of cpobj don't match at 0x%04x", ctx->ip_offset));
3166 do_initobj (VerifyContext *ctx, int token)
3169 MonoType *stack, *type = get_boxable_mono_type (ctx, token, "initobj");
3173 if (!check_underflow (ctx, 1))
3176 obj = stack_pop (ctx);
3178 if (!stack_slot_is_managed_pointer (obj))
3179 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object address for initobj at 0x%04x", ctx->ip_offset));
3181 stack = mono_type_get_type_byval (obj->type);
3182 if (MONO_TYPE_IS_REFERENCE (stack)) {
3183 if (!verify_type_compatibility (ctx, stack, type))
3184 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3185 else if (IS_STRICT_MODE (ctx) && !mono_metadata_type_equal (type, stack))
3186 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3187 } else if (!verify_type_compatibility (ctx, stack, type)) {
3188 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3193 * FIXME, validate the token
3196 do_newobj (VerifyContext *ctx, int token)
3200 MonoMethodSignature *sig;
3202 gboolean is_delegate = FALSE;
3204 if (!(method = verifier_load_method (ctx, token, "newobj")))
3207 if (!mono_method_is_constructor (method)) {
3208 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method from token 0x%08x not a constructor at 0x%04x", token, ctx->ip_offset));
3212 if (method->klass->flags & (TYPE_ATTRIBUTE_ABSTRACT | TYPE_ATTRIBUTE_INTERFACE))
3213 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Trying to instantiate an abstract or interface type at 0x%04x", ctx->ip_offset));
3215 if (!mono_method_can_access_method (ctx->method, method))
3216 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Constructor not visible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
3218 //FIXME use mono_method_get_signature_full
3219 sig = mono_method_signature (method);
3220 if (!check_underflow (ctx, sig->param_count))
3223 is_delegate = method->klass->parent == mono_defaults.multicastdelegate_class;
3226 ILStackDesc *funptr;
3227 //first arg is object, second arg is fun ptr
3228 if (sig->param_count != 2) {
3229 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid delegate constructor at 0x%04x", ctx->ip_offset));
3232 funptr = stack_pop (ctx);
3233 value = stack_pop (ctx);
3234 verify_delegate_compatibility (ctx, method->klass, value, funptr);
3236 for (i = sig->param_count - 1; i >= 0; --i) {
3237 VERIFIER_DEBUG ( printf ("verifying constructor argument %d\n", i); );
3238 value = stack_pop (ctx);
3239 if (!verify_stack_type_compatibility (ctx, sig->params [i], value))
3240 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
3244 if (check_overflow (ctx))
3245 set_stack_value (ctx, stack_push (ctx), &method->klass->byval_arg, FALSE);
3249 do_cast (VerifyContext *ctx, int token, const char *opcode) {
3254 if (!check_underflow (ctx, 1))
3257 if (!(type = verifier_load_type (ctx, token, opcode)))
3261 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid %s type at 0x%04x", opcode, ctx->ip_offset));
3265 value = stack_pop (ctx);
3266 is_boxed = stack_slot_is_boxed_value (value);
3268 if (stack_slot_is_managed_pointer (value))
3269 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode, ctx->ip_offset));
3270 else if (mono_class_from_mono_type (value->type)->valuetype && !is_boxed)
3271 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Value cannot be a valuetype for %s at 0x%04x", opcode, ctx->ip_offset));
3273 switch (value->type->type) {
3274 case MONO_TYPE_FNPTR:
3276 case MONO_TYPE_TYPEDBYREF:
3277 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode, ctx->ip_offset));
3280 stack_push_val (ctx, TYPE_COMPLEX | (mono_class_from_mono_type (type)->valuetype ? BOXED_MASK : 0), type);
3284 mono_type_from_opcode (int opcode) {
3292 return &mono_defaults.sbyte_class->byval_arg;
3300 return &mono_defaults.int16_class->byval_arg;
3308 return &mono_defaults.int32_class->byval_arg;
3314 return &mono_defaults.int64_class->byval_arg;
3320 return &mono_defaults.single_class->byval_arg;
3326 return &mono_defaults.double_class->byval_arg;
3332 return &mono_defaults.int_class->byval_arg;
3336 case CEE_LDELEM_REF:
3337 case CEE_STELEM_REF:
3338 return &mono_defaults.object_class->byval_arg;
3341 g_error ("unknown opcode %02x in mono_type_from_opcode ", opcode);
3347 do_load_indirect (VerifyContext *ctx, int opcode)
3350 if (!check_underflow (ctx, 1))
3353 value = stack_pop (ctx);
3354 if (!stack_slot_is_managed_pointer (value)) {
3355 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Load indirect not using a manager pointer at 0x%04x", ctx->ip_offset));
3356 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3360 if (opcode == CEE_LDIND_REF) {
3361 if (stack_slot_get_underlying_type (value) != TYPE_COMPLEX || mono_class_from_mono_type (value->type)->valuetype)
3362 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind_ref expected object byref operation at 0x%04x", ctx->ip_offset));
3363 set_stack_value (ctx, stack_push (ctx), mono_type_get_type_byval (value->type), FALSE);
3365 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (value->type), TRUE))
3366 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3367 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3372 do_store_indirect (VerifyContext *ctx, int opcode)
3374 ILStackDesc *addr, *val;
3375 if (!check_underflow (ctx, 2))
3378 val = stack_pop (ctx);
3379 addr = stack_pop (ctx);
3381 check_unmanaged_pointer (ctx, addr);
3383 if (!stack_slot_is_managed_pointer (addr) && stack_slot_get_type (addr) != TYPE_PTR) {
3384 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid non-pointer argument to stind at 0x%04x", ctx->ip_offset));
3388 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (addr->type), TRUE))
3389 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid addr type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3391 if (!verify_stack_type_compatibility (ctx, mono_type_from_opcode (opcode), val))
3392 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3396 do_newarr (VerifyContext *ctx, int token)
3399 MonoType *type = get_boxable_mono_type (ctx, token, "newarr");
3404 if (!check_underflow (ctx, 1))
3407 value = stack_pop (ctx);
3408 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3409 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Array size type on stack (%s) is not a verifiable type at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3411 set_stack_value (ctx, stack_push (ctx), mono_class_get_type (mono_array_class_get (mono_class_from_mono_type (type), 1)), FALSE);
3414 /*FIXME handle arrays that are not 0-indexed*/
3416 do_ldlen (VerifyContext *ctx)
3420 if (!check_underflow (ctx, 1))
3423 value = stack_pop (ctx);
3425 if (stack_slot_get_type (value) != TYPE_COMPLEX || value->type->type != MONO_TYPE_SZARRAY)
3426 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type for ldlen at 0x%04x", ctx->ip_offset));
3428 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
3431 /*FIXME handle arrays that are not 0-indexed*/
3432 /*FIXME handle readonly prefix and CMMP*/
3434 do_ldelema (VerifyContext *ctx, int klass_token)
3436 ILStackDesc *index, *array;
3437 MonoType *type = get_boxable_mono_type (ctx, klass_token, "ldelema");
3443 if (!check_underflow (ctx, 2))
3446 index = stack_pop (ctx);
3447 array = stack_pop (ctx);
3449 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3450 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelema is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3452 if (!stack_slot_is_null_literal (array)) {
3453 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3454 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelema at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3456 if (get_stack_type (type) == TYPE_I4 || get_stack_type (type) == TYPE_NATIVE_INT) {
3457 valid = verify_type_compatibility_full (ctx, type, &array->type->data.klass->byval_arg, TRUE);
3459 valid = mono_metadata_type_equal (type, &array->type->data.klass->byval_arg);
3462 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelema at 0x%04x", ctx->ip_offset));
3466 set_stack_value (ctx, stack_push (ctx), type, TRUE);
3470 * FIXME handle arrays that are not 0-indexed
3471 * FIXME handle readonly prefix and CMMP
3474 do_ldelem (VerifyContext *ctx, int opcode, int token)
3476 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
3477 ILStackDesc *index, *array;
3479 if (!check_underflow (ctx, 2))
3482 if (opcode == CEE_LDELEM_ANY) {
3483 if (!(type = verifier_load_type (ctx, token, "ldelem.any"))) {
3484 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3488 type = mono_type_from_opcode (opcode);
3491 index = stack_pop (ctx);
3492 array = stack_pop (ctx);
3494 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3495 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3497 if (!stack_slot_is_null_literal (array)) {
3498 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3499 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3501 if (opcode == CEE_LDELEM_REF) {
3502 if (array->type->data.klass->valuetype)
3503 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for ldelem.ref 0x%04x", ctx->ip_offset));
3504 type = &array->type->data.klass->byval_arg;
3506 MonoType *candidate = &array->type->data.klass->byval_arg;
3507 if (IS_STRICT_MODE (ctx)) {
3508 MonoType *underlying_type = mono_type_get_underlying_type_any (type);
3509 MonoType *underlying_candidate = mono_type_get_underlying_type_any (candidate);
3510 if ((IS_ONE_OF2 (underlying_type->type, MONO_TYPE_I4, MONO_TYPE_U4) && IS_ONE_OF2 (underlying_candidate->type, MONO_TYPE_I, MONO_TYPE_U)) ||
3511 (IS_ONE_OF2 (underlying_candidate->type, MONO_TYPE_I4, MONO_TYPE_U4) && IS_ONE_OF2 (underlying_type->type, MONO_TYPE_I, MONO_TYPE_U)))
3512 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx->ip_offset));
3514 if (!verify_type_compatibility_full (ctx, type, candidate, TRUE))
3515 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx->ip_offset));
3520 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3525 * FIXME handle arrays that are not 0-indexed
3528 do_stelem (VerifyContext *ctx, int opcode, int token)
3530 ILStackDesc *index, *array, *value;
3532 if (!check_underflow (ctx, 3))
3535 if (opcode == CEE_STELEM_ANY) {
3536 if (!(type = verifier_load_type (ctx, token, "stelem.any"))) {
3537 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3541 type = mono_type_from_opcode (opcode);
3544 value = stack_pop (ctx);
3545 index = stack_pop (ctx);
3546 array = stack_pop (ctx);
3548 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3549 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for stdelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3551 if (!stack_slot_is_null_literal (array)) {
3552 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY) {
3553 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for stelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3555 if (opcode == CEE_STELEM_REF) {
3556 if (array->type->data.klass->valuetype)
3557 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3558 } else if (!verify_type_compatibility_full (ctx, &array->type->data.klass->byval_arg, type, TRUE)) {
3559 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3564 if (opcode == CEE_STELEM_REF) {
3565 if (!stack_slot_is_boxed_value (value) && mono_class_from_mono_type (value->type)->valuetype)
3566 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3567 } else if (opcode != CEE_STELEM_REF && !verify_type_compatibility_full (ctx, type, mono_type_from_stack_slot (value), FALSE)) {
3568 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3573 do_throw (VerifyContext *ctx)
3575 ILStackDesc *exception;
3576 if (!check_underflow (ctx, 1))
3578 exception = stack_pop (ctx);
3580 if (!stack_slot_is_null_literal (exception) && !(stack_slot_get_type (exception) == TYPE_COMPLEX && !mono_class_from_mono_type (exception->type)->valuetype))
3581 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type on stack for throw, expected reference type at 0x%04x", ctx->ip_offset));
3583 /*The stack is left empty after a throw*/
3589 do_endfilter (VerifyContext *ctx)
3591 MonoExceptionClause *clause;
3593 if (IS_STRICT_MODE (ctx)) {
3594 if (ctx->eval.size != 1)
3595 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack size must have one item for endfilter at 0x%04x", ctx->ip_offset));
3597 if (ctx->eval.size >= 1 && stack_slot_get_type (stack_pop (ctx)) != TYPE_I4)
3598 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack item type is not an int32 for endfilter at 0x%04x", ctx->ip_offset));
3601 if ((clause = is_correct_endfilter (ctx, ctx->ip_offset))) {
3602 if (IS_STRICT_MODE (ctx)) {
3603 if (ctx->ip_offset != clause->handler_offset - 2)
3604 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3606 if ((ctx->ip_offset != clause->handler_offset - 2) && !MONO_OFFSET_IN_HANDLER (clause, ctx->ip_offset))
3607 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3610 if (IS_STRICT_MODE (ctx) && !is_unverifiable_endfilter (ctx, ctx->ip_offset))
3611 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3613 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3620 do_leave (VerifyContext *ctx, int delta)
3622 int target = ((gint32)ctx->ip_offset) + delta;
3623 if (target >= ctx->code_size || target < 0)
3624 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
3626 if (!is_correct_leave (ctx->header, ctx->ip_offset, target))
3627 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Leave not allowed in finally block at 0x%04x", ctx->ip_offset));
3633 * Verify br and br.s opcodes.
3636 do_static_branch (VerifyContext *ctx, int delta)
3638 int target = ctx->ip_offset + delta;
3639 if (target < 0 || target >= ctx->code_size) {
3640 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("branch target out of code at 0x%04x", ctx->ip_offset));
3644 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3646 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3649 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3653 ctx->target = target;
3657 do_switch (VerifyContext *ctx, int count, const unsigned char *data)
3659 int i, base = ctx->ip_offset + 5 + count * 4;
3662 if (!check_underflow (ctx, 1))
3665 value = stack_pop (ctx);
3667 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3668 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to switch at 0x%04x", ctx->ip_offset));
3670 for (i = 0; i < count; ++i) {
3671 int target = base + read32 (data + i * 4);
3673 if (target < 0 || target >= ctx->code_size)
3674 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x out of code at 0x%04x", i, ctx->ip_offset));
3676 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3678 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3681 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3684 merge_stacks (ctx, &ctx->eval, &ctx->code [target], FALSE, TRUE);
3689 do_load_function_ptr (VerifyContext *ctx, guint32 token, gboolean virtual)
3694 if (virtual && !check_underflow (ctx, 1))
3697 if (!virtual && !check_overflow (ctx))
3700 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3701 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid token %x for ldftn at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3705 if (!(method = verifier_load_method (ctx, token, virtual ? "ldvirtfrn" : "ldftn")))
3708 if (mono_method_is_constructor (method))
3709 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldftn with a constructor at 0x%04x", ctx->ip_offset));
3712 ILStackDesc *top = stack_pop (ctx);
3714 if (stack_slot_get_type (top) != TYPE_COMPLEX || top->type->type == MONO_TYPE_VALUETYPE)
3715 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to ldvirtftn at 0x%04x", ctx->ip_offset));
3717 if (method->flags & METHOD_ATTRIBUTE_STATIC)
3718 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldvirtftn with a constructor at 0x%04x", ctx->ip_offset));
3720 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, top->type))
3721 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unexpected object for ldvirtftn at 0x%04x", ctx->ip_offset));
3724 if (!mono_method_can_access_method (ctx->method, method))
3725 CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Loaded method is not visible for ldftn/ldvirtftn at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
3727 top = stack_push_val(ctx, TYPE_PTR, mono_type_create_fnptr_from_mono_method (ctx, method));
3728 top->method = method;
3732 do_sizeof (VerifyContext *ctx, int token)
3736 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3737 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid type token %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3741 if (!(type = verifier_load_type (ctx, token, "sizeof")))
3744 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
3745 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type at 0x%04x", ctx->ip_offset));
3749 if (type->type == MONO_TYPE_VOID) {
3750 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type at 0x%04x", ctx->ip_offset));
3754 if (check_overflow (ctx))
3755 set_stack_value (ctx, stack_push (ctx), &mono_defaults.uint32_class->byval_arg, FALSE);
3758 /* Stack top can be of any type, the runtime doesn't care and treat everything as an int. */
3760 do_localloc (VerifyContext *ctx)
3762 if (ctx->eval.size != 1) {
3763 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3767 if (in_any_exception_block (ctx->header, ctx->ip_offset)) {
3768 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3772 set_stack_value (ctx, stack_top (ctx), &mono_defaults.int_class->byval_arg, FALSE);
3773 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Instruction localloc in never verifiable at 0x%04x", ctx->ip_offset));
3777 do_ldstr (VerifyContext *ctx, guint32 token)
3779 if (mono_metadata_token_code (token) != MONO_TOKEN_STRING) {
3780 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string token %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3784 if (mono_metadata_token_index (token) >= ctx->image->heap_us.size) {
3785 ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string index %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
3789 if (check_overflow (ctx))
3790 stack_push_val (ctx, TYPE_COMPLEX, &mono_defaults.string_class->byval_arg);
3794 do_refanyval (VerifyContext *ctx, int token)
3798 if (!check_underflow (ctx, 1))
3801 if (!(type = get_boxable_mono_type (ctx, token, "refanyval")))
3804 top = stack_pop (ctx);
3806 if (top->stype != TYPE_PTR || top->type->type != MONO_TYPE_TYPEDBYREF)
3807 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Expected a typedref as argument for refanyval, but found %s at 0x%04x", stack_slot_get_name (top), ctx->ip_offset));
3809 set_stack_value (ctx, stack_push (ctx), type, TRUE);
3813 do_mkrefany (VerifyContext *ctx, int token)
3817 if (!check_underflow (ctx, 1))
3820 if (!(type = get_boxable_mono_type (ctx, token, "refanyval")))
3823 top = stack_pop (ctx);
3825 if (!stack_slot_is_managed_pointer (top)) {
3826 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Expected a managed pointer for mkrefany, but found %s at 0x%04x", stack_slot_get_name (top), ctx->ip_offset));
3828 MonoType *stack_type = mono_type_get_type_byval (top->type);
3829 if (MONO_TYPE_IS_REFERENCE (type) && !mono_metadata_type_equal (type, stack_type))
3830 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx->ip_offset));
3832 if (!MONO_TYPE_IS_REFERENCE (type) && !verify_type_compatibility_full (ctx, type, stack_type, TRUE))
3833 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type not compatible for mkrefany at 0x%04x", ctx->ip_offset));
3836 set_stack_value (ctx, stack_push (ctx), &mono_defaults.typed_reference_class->byval_arg, FALSE);
3841 * Merge the stacks and perform compat checks. The merge check if types of @from are mergeable with type of @to
3843 * @from holds new values for a given control path
3844 * @to holds the current values of a given control path
3846 * TODO we can eliminate the from argument as all callers pass &ctx->eval
3849 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external)
3852 stack_init (ctx, to);
3855 if (to->flags == IL_CODE_FLAG_NOT_PROCESSED)
3858 stack_copy (&ctx->eval, to);
3860 } else if (!(to->flags & IL_CODE_STACK_MERGED)) {
3861 stack_copy (to, &ctx->eval);
3864 VERIFIER_DEBUG ( printf ("performing stack merge %d x %d\n", from->size, to->size); );
3866 if (from->size != to->size) {
3867 VERIFIER_DEBUG ( printf ("different stack sizes %d x %d at 0x%04x\n", from->size, to->size, ctx->ip_offset); );
3868 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not merge stacks, different sizes (%d x %d) at 0x%04x", from->size, to->size, ctx->ip_offset));
3872 //FIXME we need to preserve CMMP attributes
3873 //FIXME we must take null literals into consideration.
3874 for (i = 0; i < from->size; ++i) {
3875 ILStackDesc *new_slot = from->stack + i;
3876 ILStackDesc *old_slot = to->stack + i;
3877 MonoType *new_type = mono_type_from_stack_slot (new_slot);
3878 MonoType *old_type = mono_type_from_stack_slot (old_slot);
3879 MonoClass *old_class = mono_class_from_mono_type (old_type);
3880 MonoClass *new_class = mono_class_from_mono_type (new_type);
3881 MonoClass *match_class = NULL;
3883 // S := T then U = S (new value is compatible with current value, keep current)
3884 if (verify_type_compatibility (ctx, old_type, new_type)) {
3885 copy_stack_value (new_slot, old_slot);
3889 // T := S then U = T (old value is compatible with current value, use new)
3890 if (verify_type_compatibility (ctx, new_type, old_type)) {
3891 copy_stack_value (old_slot, new_slot);
3895 //both are reference types, use closest common super type
3896 if (!mono_class_from_mono_type (old_type)->valuetype
3897 && !mono_class_from_mono_type (new_type)->valuetype
3898 && !stack_slot_is_managed_pointer (old_slot)
3899 && !stack_slot_is_managed_pointer (new_slot)) {
3901 for (j = MIN (old_class->idepth, new_class->idepth) - 1; j > 0; --j) {
3902 if (mono_metadata_type_equal (&old_class->supertypes [j]->byval_arg, &new_class->supertypes [j]->byval_arg)) {
3903 match_class = old_class->supertypes [j];
3908 for (j = 0; j < old_class->interface_count; ++j) {
3909 for (k = 0; k < new_class->interface_count; ++k) {
3910 if (mono_metadata_type_equal (&old_class->interfaces [j]->byval_arg, &new_class->interfaces [k]->byval_arg)) {
3911 match_class = old_class->interfaces [j];
3917 //No decent super type found, use object
3918 match_class = mono_defaults.object_class;
3920 } else if (is_compatible_boxed_valuetype (old_type, new_type, new_slot, FALSE) || is_compatible_boxed_valuetype (new_type, old_type, old_slot, FALSE)) {
3921 match_class = mono_defaults.object_class;
3925 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Could not merge stack at depth %d, types not compatible old [%s] new [%s] at 0x%04x", i, stack_slot_get_name (old_slot), stack_slot_get_name (new_slot), ctx->ip_offset));
3929 g_assert (match_class);
3930 set_stack_value (ctx, old_slot, &match_class->byval_arg, stack_slot_is_managed_pointer (old_slot));
3931 set_stack_value (ctx, new_slot, &match_class->byval_arg, stack_slot_is_managed_pointer (old_slot));
3937 to->flags |= IL_CODE_FLAG_WAS_TARGET;
3938 to->flags |= IL_CODE_STACK_MERGED;
3941 #define HANDLER_START(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER ? (clause)->data.filter_offset : clause->handler_offset)
3942 #define IS_CATCH_OR_FILTER(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER || (clause)->flags == MONO_EXCEPTION_CLAUSE_NONE)
3945 * is_clause_in_range :
3947 * Returns TRUE if either the protected block or the handler of @clause is in the @start - @end range.
3950 is_clause_in_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3952 if (clause->try_offset >= start && clause->try_offset < end)
3954 if (HANDLER_START (clause) >= start && HANDLER_START (clause) < end)
3960 * is_clause_inside_range :
3962 * Returns TRUE if @clause lies completely inside the @start - @end range.
3965 is_clause_inside_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3967 if (clause->try_offset < start || (clause->try_offset + clause->try_len) > end)
3969 if (HANDLER_START (clause) < start || (clause->handler_offset + clause->handler_len) > end)
3975 * is_clause_nested :
3977 * Returns TRUE if @nested is nested in @clause.
3980 is_clause_nested (MonoExceptionClause *clause, MonoExceptionClause *nested)
3982 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && is_clause_inside_range (nested, clause->data.filter_offset, clause->handler_offset))
3984 return is_clause_inside_range (nested, clause->try_offset, clause->try_offset + clause->try_len) ||
3985 is_clause_inside_range (nested, clause->handler_offset, clause->handler_offset + clause->handler_len);
3988 /* Test the relationship between 2 exception clauses. Follow P.1 12.4.2.7 of ECMA
3989 * the each pair of exception must have the following properties:
3990 * - one is fully nested on another (the outer must not be a filter clause) (the nested one must come earlier)
3991 * - completely disjoin (none of the 3 regions of each entry overlap with the other 3)
3992 * - mutual protection (protected block is EXACT the same, handlers are disjoin and all handler are catch or all handler are filter)
3995 verify_clause_relationship (VerifyContext *ctx, MonoExceptionClause *clause, MonoExceptionClause *to_test)
3997 /*clause is nested*/
3998 if (is_clause_nested (to_test, clause)) {
3999 if (to_test->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
4000 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clause inside filter"));
4005 /*wrong nesting order.*/
4006 if (is_clause_nested (clause, to_test)) {
4007 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Nested exception clause appears after enclosing clause"));
4011 /*mutual protection*/
4012 if (clause->try_offset == to_test->try_offset && clause->try_len == to_test->try_len) {
4013 /*handlers are not disjoint*/
4014 if (is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len)) {
4015 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception handlers overlap"));
4018 /* handlers are not catch or filter */
4019 if (!IS_CATCH_OR_FILTER (clause) || !IS_CATCH_OR_FILTER (to_test)) {
4020 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses with shared protected block are neither catch or filter"));
4027 /*not completelly disjoint*/
4028 if (is_clause_in_range (to_test, clause->try_offset, clause->try_offset + clause->try_len) ||
4029 is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len))
4030 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses overlap"));
4034 * FIXME: need to distinguish between valid and verifiable.
4035 * Need to keep track of types on the stack.
4036 * Verify types for opcodes.
4039 mono_method_verify (MonoMethod *method, int level)
4041 const unsigned char *ip;
4042 const unsigned char *end;
4043 int i, n, need_merge = 0, start = 0;
4044 guint token, ip_offset = 0, prefix = 0, prefix_list = 0;
4045 MonoGenericContext *generic_context = NULL;
4050 VERIFIER_DEBUG ( printf ("Verify IL for method %s %s %s\n", method->klass->name, method->klass->name, method->name); );
4052 if (method->iflags & (METHOD_IMPL_ATTRIBUTE_INTERNAL_CALL | METHOD_IMPL_ATTRIBUTE_RUNTIME) ||
4053 (method->flags & (METHOD_ATTRIBUTE_PINVOKE_IMPL | METHOD_ATTRIBUTE_ABSTRACT))) {
4057 memset (&ctx, 0, sizeof (VerifyContext));
4059 //FIXME use mono_method_get_signature_full
4060 ctx.signature = mono_method_signature (method);
4061 if (!ctx.signature) {
4062 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method signature"));
4065 ctx.header = mono_method_get_header (method);
4067 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method header"));
4070 ctx.method = method;
4071 ip = ctx.header->code;
4072 end = ip + ctx.header->code_size;
4073 ctx.image = image = method->klass->image;
4076 ctx.max_args = ctx.signature->param_count + ctx.signature->hasthis;
4077 ctx.max_stack = ctx.header->max_stack;
4078 ctx.verifiable = ctx.valid = 1;
4081 ctx.code = g_new0 (ILCodeDesc, ctx.header->code_size);
4082 ctx.code_size = ctx.header->code_size;
4084 memset(ctx.code, 0, sizeof (ILCodeDesc) * ctx.header->code_size);
4087 ctx.num_locals = ctx.header->num_locals;
4088 ctx.locals = ctx.header->locals;
4090 if (ctx.num_locals > 0 && !ctx.header->init_locals)
4091 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Method with locals variable but without init locals set"));
4093 if (ctx.signature->hasthis) {
4094 ctx.params = g_new0 (MonoType*, ctx.max_args);
4095 ctx.params [0] = method->klass->valuetype ? &method->klass->this_arg : &method->klass->byval_arg;
4096 memcpy (ctx.params + 1, ctx.signature->params, sizeof (MonoType *) * ctx.signature->param_count);
4098 ctx.params = ctx.signature->params;
4101 if (ctx.signature->is_inflated)
4102 ctx.generic_context = generic_context = mono_method_get_context (method);
4104 stack_init (&ctx, &ctx.eval);
4106 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
4107 MonoExceptionClause *clause = ctx.header->clauses + i;
4108 VERIFIER_DEBUG (printf ("clause try %x len %x filter at %x handler at %x len %x\n", clause->try_offset, clause->try_len, clause->data.filter_offset, clause->handler_offset, clause->handler_len); );
4110 if (clause->try_offset > ctx.code_size)
4111 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
4113 if (clause->try_len <= 0)
4114 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
4116 if (clause->handler_offset > ctx.code_size)
4117 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
4119 if (clause->handler_len <= 0)
4120 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
4122 if (clause->try_offset < clause->handler_offset && clause->try_offset + clause->try_len > HANDLER_START (clause))
4123 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try block (at 0x%04x) includes handler block (at 0x%04x)", clause->try_offset, clause->handler_offset));
4125 for (n = i + 1; n < ctx.header->num_clauses && ctx.valid; ++n)
4126 verify_clause_relationship (&ctx, clause, ctx.header->clauses + n);
4131 ctx.code [clause->try_offset].flags |= IL_CODE_FLAG_WAS_TARGET;
4132 ctx.code [clause->try_offset + clause->try_len].flags |= IL_CODE_FLAG_WAS_TARGET;
4133 ctx.code [clause->handler_offset + clause->handler_len].flags |= IL_CODE_FLAG_WAS_TARGET;
4135 if (clause->flags == MONO_EXCEPTION_CLAUSE_NONE) {
4136 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, clause->data.catch_class);
4138 else if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
4139 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->data.filter_offset, mono_defaults.exception_class);
4140 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, mono_defaults.exception_class);
4144 while (ip < end && ctx.valid) {
4145 ctx.ip_offset = ip_offset = ip - ctx.header->code;
4147 /*We need to check against fallthrou in and out of protected blocks.
4148 * For fallout we check the once a protected block ends, if the start flag is not set.
4149 * Likewise for fallthru in, we check if ip is the start of a protected block and start is not set
4150 * TODO convert these checks to be done using flags and not this loop
4152 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
4153 MonoExceptionClause *clause = ctx.header->clauses + i;
4155 if ((clause->try_offset + clause->try_len == ip_offset) && start == 0) {
4156 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru off try block at 0x%04x", ip_offset));
4160 if ((clause->handler_offset + clause->handler_len == ip_offset) && start == 0) {
4161 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER)
4162 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
4164 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
4168 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && clause->handler_offset == ip_offset && start == 0) {
4169 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of filter block at 0x%04x", ip_offset));
4173 if (clause->handler_offset == ip_offset && start == 0) {
4174 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru handler block at 0x%04x", ip_offset));
4178 if (clause->try_offset == ip_offset && ctx.eval.size > 0) {
4179 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Try to enter try block with a non-empty stack at 0x%04x", ip_offset));
4188 VERIFIER_DEBUG ( printf ("extra merge needed! 0x%04x \n", ctx.target); );
4189 merge_stacks (&ctx, &ctx.eval, &ctx.code [ctx.target], FALSE, TRUE);
4192 merge_stacks (&ctx, &ctx.eval, &ctx.code[ip_offset], start, FALSE);
4195 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
4197 prefix_list |= prefix;
4200 ctx.code [ip_offset].flags |= IL_CODE_FLAG_SEEN;
4204 #ifdef MONO_VERIFIER_DEBUG
4207 discode = mono_disasm_code_one (NULL, method, ip, NULL);
4208 discode [strlen (discode) - 1] = 0; /* no \n */
4209 g_print ("[%d] %-29s (%d)\n", ip_offset, discode, ctx.eval.size);
4212 dump_stack_state (&ctx.code [ip_offset]);
4213 dump_stack_state (&ctx.eval);
4226 push_arg (&ctx, *ip - CEE_LDARG_0, FALSE);
4232 push_arg (&ctx, ip [1], *ip == CEE_LDARGA_S);
4236 case CEE_ADD_OVF_UN:
4237 do_binop (&ctx, *ip, add_ovf_un_table);
4241 case CEE_SUB_OVF_UN:
4242 do_binop (&ctx, *ip, sub_ovf_un_table);
4249 case CEE_MUL_OVF_UN:
4250 do_binop (&ctx, *ip, bin_ovf_table);
4255 do_binop (&ctx, *ip, add_table);
4260 do_binop (&ctx, *ip, sub_table);
4267 do_binop (&ctx, *ip, bin_op_table);
4276 do_binop (&ctx, *ip, int_bin_op_table);
4283 do_binop (&ctx, *ip, shift_op_table);
4288 if (!check_underflow (&ctx, 1))
4304 /*TODO support definite assignment verification? */
4305 push_local (&ctx, *ip - CEE_LDLOC_0, FALSE);
4313 store_local (&ctx, *ip - CEE_STLOC_0);
4318 store_local (&ctx, ip [1]);
4323 store_arg (&ctx, ip [1]);
4337 if (check_overflow (&ctx))
4338 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4343 if (check_overflow (&ctx))
4344 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4349 if (check_overflow (&ctx))
4350 stack_push_val (&ctx,TYPE_I4, &mono_defaults.int32_class->byval_arg);
4355 if (check_overflow (&ctx))
4356 stack_push_val (&ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
4361 if (check_overflow (&ctx))
4362 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4367 if (check_overflow (&ctx))
4368 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4373 if (check_overflow (&ctx))
4374 stack_push_val (&ctx, TYPE_COMPLEX | NULL_LITERAL_MASK, &mono_defaults.object_class->byval_arg);
4380 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_eq_op);
4393 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_op);
4400 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_eq_op);
4413 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_op);
4420 push_local (&ctx, ip[1], *ip == CEE_LDLOCA_S);
4424 /* FIXME: warn/error instead? */
4431 if (!check_underflow (&ctx, 1))
4433 if (!check_overflow (&ctx))
4435 top = stack_push (&ctx);
4436 copy_stack_value (top, stack_get (&ctx, 1));
4443 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Eval stack must be empty in jmp at 0x%04x", ip_offset));
4444 token = read32 (ip + 1);
4445 if (in_any_block (ctx.header, ip_offset))
4446 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("jmp cannot escape exception blocks at 0x%04x", ip_offset));
4448 * FIXME: check signature, retval, arguments etc.
4454 do_invoke_method (&ctx, read32 (ip + 1), *ip == CEE_CALLVIRT);
4459 token = read32 (ip + 1);
4461 * FIXME: check signature, retval, arguments etc.
4466 do_static_branch (&ctx, (signed char)ip [1] + 2);
4474 do_boolean_branch_op (&ctx, (signed char)ip [1] + 2);
4480 do_static_branch (&ctx, (gint32)read32 (ip + 1) + 5);
4488 do_boolean_branch_op (&ctx, (gint32)read32 (ip + 1) + 5);
4494 n = read32 (ip + 1);
4495 do_switch (&ctx, n, (ip + 5));
4497 ip += 5 + sizeof (guint32) * n;
4511 do_load_indirect (&ctx, *ip);
4523 do_store_indirect (&ctx, *ip);
4529 do_unary_math_op (&ctx, *ip);
4539 do_conversion (&ctx, TYPE_I4);
4545 do_conversion (&ctx, TYPE_I8);
4552 do_conversion (&ctx, TYPE_R8);
4558 do_conversion (&ctx, TYPE_NATIVE_INT);
4563 do_cpobj (&ctx, read32 (ip + 1));
4568 do_ldobj_value (&ctx, read32 (ip + 1));
4573 do_ldstr (&ctx, read32 (ip + 1));
4578 do_newobj (&ctx, read32 (ip + 1));
4584 do_cast (&ctx, read32 (ip + 1), *ip == CEE_CASTCLASS ? "castclass" : "isinst");
4590 ++ip; /* warn, error ? */
4593 do_unbox_value (&ctx, read32 (ip + 1));
4605 do_push_field (&ctx, read32 (ip + 1), *ip == CEE_LDFLDA);
4611 do_push_static_field (&ctx, read32 (ip + 1), *ip == CEE_LDSFLDA);
4616 do_store_field (&ctx, read32 (ip + 1));
4621 do_store_static_field (&ctx, read32 (ip + 1));
4626 do_stobj (&ctx, read32 (ip + 1));
4630 case CEE_CONV_OVF_I1_UN:
4631 case CEE_CONV_OVF_I2_UN:
4632 case CEE_CONV_OVF_I4_UN:
4633 case CEE_CONV_OVF_U1_UN:
4634 case CEE_CONV_OVF_U2_UN:
4635 case CEE_CONV_OVF_U4_UN:
4636 do_conversion (&ctx, TYPE_I4);
4640 case CEE_CONV_OVF_I8_UN:
4641 case CEE_CONV_OVF_U8_UN:
4642 do_conversion (&ctx, TYPE_I8);
4646 case CEE_CONV_OVF_I_UN:
4647 case CEE_CONV_OVF_U_UN:
4648 do_conversion (&ctx, TYPE_NATIVE_INT);
4653 do_box_value (&ctx, read32 (ip + 1));
4658 do_newarr (&ctx, read32 (ip + 1));
4668 do_ldelema (&ctx, read32 (ip + 1));
4682 case CEE_LDELEM_REF:
4683 do_ldelem (&ctx, *ip, 0);
4694 case CEE_STELEM_REF:
4695 do_stelem (&ctx, *ip, 0);
4699 case CEE_LDELEM_ANY:
4700 do_ldelem (&ctx, *ip, read32 (ip + 1));
4704 case CEE_STELEM_ANY:
4705 do_stelem (&ctx, *ip, read32 (ip + 1));
4710 do_unbox_any (&ctx, read32 (ip + 1));
4727 ++ip; /* warn, error ? */
4730 case CEE_CONV_OVF_I1:
4731 case CEE_CONV_OVF_U1:
4732 case CEE_CONV_OVF_I2:
4733 case CEE_CONV_OVF_U2:
4734 case CEE_CONV_OVF_I4:
4735 case CEE_CONV_OVF_U4:
4736 do_conversion (&ctx, TYPE_I4);
4740 case CEE_CONV_OVF_I8:
4741 case CEE_CONV_OVF_U8:
4742 do_conversion (&ctx, TYPE_I8);
4746 case CEE_CONV_OVF_I:
4747 case CEE_CONV_OVF_U:
4748 do_conversion (&ctx, TYPE_NATIVE_INT);
4759 ++ip; /* warn, error ? */
4762 do_refanyval (&ctx, read32 (ip + 1));
4766 if (!check_underflow (&ctx, 1))
4772 ++ip; /* warn, error ? */
4776 do_mkrefany (&ctx, read32 (ip + 1));
4789 ++ip; /* warn, error ? */
4792 do_load_token (&ctx, read32 (ip + 1));
4796 case CEE_ENDFINALLY:
4797 if (!is_correct_endfinally (ctx.header, ip_offset))
4798 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("endfinally must be used inside a finally/fault handler at 0x%04x", ctx.ip_offset));
4805 do_leave (&ctx, read32 (ip + 1) + 5);
4811 do_leave (&ctx, (signed char)ip [1] + 2);
4854 store_local (&ctx, read16 (ip + 1));
4859 do_cmp_op (&ctx, cmp_br_eq_op, *ip);
4867 do_cmp_op (&ctx, cmp_br_op, *ip);
4872 store_arg (&ctx, read16 (ip + 1) );
4878 check_overflow (&ctx);
4879 if (ctx.signature->call_convention != MONO_CALL_VARARG)
4880 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Cannot use arglist on method without VARGARG calling convention at 0x%04x", ctx.ip_offset));
4881 set_stack_value (&ctx, stack_push (&ctx), &mono_defaults.argumenthandle_class->byval_arg, FALSE);
4886 do_load_function_ptr (&ctx, read32 (ip + 1), FALSE);
4891 do_load_function_ptr (&ctx, read32 (ip + 1), TRUE);
4901 push_arg (&ctx, read16 (ip + 1), *ip == CEE_LDARGA);
4907 push_local (&ctx, read16 (ip + 1), *ip == CEE_LDLOCA);
4920 do_endfilter (&ctx);
4924 case CEE_UNALIGNED_:
4925 prefix |= PREFIX_UNALIGNED;
4929 prefix |= PREFIX_VOLATILE;
4933 prefix |= PREFIX_TAIL;
4935 if (ip < end && (*ip != CEE_CALL && *ip != CEE_CALLI && *ip != CEE_CALLVIRT))
4936 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("tail prefix must be used only with call opcodes at 0x%04x", ip_offset));
4940 do_initobj (&ctx, read32 (ip + 1));
4944 case CEE_CONSTRAINED_:
4945 token = read32 (ip + 1);
4949 if (!check_underflow (&ctx, 3))
4954 if (!check_underflow (&ctx, 3))
4962 if (!is_correct_rethrow (ctx.header, ip_offset))
4963 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("rethrow must be used inside a catch handler at 0x%04x", ctx.ip_offset));
4972 do_sizeof (&ctx, read32 (ip + 1));
4976 case CEE_REFANYTYPE:
4977 if (!check_underflow (&ctx, 1))
4991 * if ip != end we overflowed: mark as error.
4993 if ((ip != end || !start) && ctx.verifiable && !ctx.list) {
4994 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Run ahead of method code at 0x%04x", ip_offset));
4997 /*We should guard against the last decoded opcode, otherwise we might add errors that doesn't make sense.*/
4998 for (i = 0; i < ctx.code_size && i < ip_offset; ++i) {
4999 if (ctx.code [i].flags & IL_CODE_FLAG_WAS_TARGET) {
5000 if (!(ctx.code [i].flags & IL_CODE_FLAG_SEEN))
5001 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Branch or exception block target middle of intruction at 0x%04x", i));
5003 if (ctx.code [i].flags & IL_CODE_DELEGATE_SEQUENCE)
5004 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Branch to delegate code sequence at 0x%04x", i));
5006 if ((ctx.code [i].flags & IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL) && ctx.has_this_store)
5007 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", i));
5009 if ((ctx.code [i].flags & IL_CODE_CALL_NONFINAL_VIRTUAL) && ctx.has_this_store)
5010 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid call to a non-final virtual function in method with stdarg.0 or ldarga.0 at 0x%04x", i));
5014 for (i = 0; i < ctx.header->code_size; ++i) {
5015 if (ctx.code [i].stack)
5016 g_free (ctx.code [i].stack);
5020 for (tmp = ctx.funptrs; tmp; tmp = tmp->next)
5022 g_slist_free (ctx.funptrs);
5025 g_free (ctx.eval.stack);
5028 if (ctx.signature->hasthis)
5029 g_free (ctx.params);
5035 mono_verify_corlib ()
5037 /* This is a public API function so cannot be removed */