2 #include <mono/metadata/object-internals.h>
3 #include <mono/metadata/verify.h>
4 #include <mono/metadata/opcodes.h>
5 #include <mono/metadata/tabledefs.h>
6 #include <mono/metadata/reflection.h>
7 #include <mono/metadata/debug-helpers.h>
8 #include <mono/metadata/mono-endian.h>
9 #include <mono/metadata/metadata.h>
10 #include <mono/metadata/metadata-internals.h>
11 #include <mono/metadata/class-internals.h>
12 #include <mono/metadata/tokentype.h>
19 * Pull the list of opcodes
21 #define OPDEF(a,b,c,d,e,f,g,h,i,j) \
25 #include "mono/cil/opcode.def"
30 #ifdef MONO_VERIFIER_DEBUG
31 #define VERIFIER_DEBUG(code) do { code } while (0)
33 #define VERIFIER_DEBUG(code)
36 //////////////////////////////////////////////////////////////////
37 #define IS_STRICT_MODE(ctx) (((ctx)->level & MONO_VERIFY_NON_STRICT) == 0)
38 #define IS_FAIL_FAST_MODE(ctx) (((ctx)->level & MONO_VERIFY_FAIL_FAST) == MONO_VERIFY_FAIL_FAST)
40 #define ADD_VERIFY_INFO(__ctx, __msg, __status) \
42 MonoVerifyInfo *vinfo = g_new (MonoVerifyInfo, 1); \
43 vinfo->status = __status; \
44 vinfo->message = ( __msg ); \
45 (__ctx)->list = g_slist_prepend ((__ctx)->list, vinfo); \
48 #define ADD_VERIFY_ERROR(__ctx, __msg) \
50 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_ERROR); \
54 #define CODE_NOT_VERIFIABLE(__ctx, __msg) \
56 if ((__ctx)->verifiable) { \
57 ADD_VERIFY_INFO(__ctx, __msg, MONO_VERIFY_NOT_VERIFIABLE); \
58 (__ctx)->verifiable = 0; \
59 if (IS_FAIL_FAST_MODE (__ctx)) \
64 /*Flags to be used with ILCodeDesc::flags */
66 /*Instruction has not been processed.*/
67 IL_CODE_FLAG_NOT_PROCESSED = 0,
68 /*Instruction was decoded by mono_method_verify loop.*/
69 IL_CODE_FLAG_SEEN = 1,
70 /*Instruction was target of a branch or is at a protected block boundary.*/
71 IL_CODE_FLAG_WAS_TARGET = 2,
72 /*Used by stack_init to avoid double initialize each entry.*/
73 IL_CODE_FLAG_STACK_INITED = 4,
74 /*Used by merge_stacks to decide if it should just copy the eval stack.*/
75 IL_CODE_STACK_MERGED = 8,
76 /*This instruction is part of the delegate construction sequence, it cannot be target of a branch.*/
77 IL_CODE_DELEGATE_SEQUENCE = 0x10,
78 /*This is a delegate created from a ldftn to a non final virtual method*/
79 IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL = 0x20,
80 /*This is a call to a non final virtual method*/
81 IL_CODE_CALL_NONFINAL_VIRTUAL = 0x40,
110 /*Allocated fnptr MonoType that should be freed by us.*/
116 /*TODO get rid of target here, need_merge in mono_method_verify and hoist the merging code in the branching code*/
120 MonoMethodSignature *signature;
121 MonoMethodHeader *header;
123 MonoGenericContext *generic_context;
127 /*This flag helps solving a corner case of delegate verification in that you cannot have a "starg 0"
128 *on a method that creates a delegate for a non-final virtual method using ldftn*/
129 gboolean has_this_store;
133 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external);
135 //////////////////////////////////////////////////////////////////
140 TYPE_INV = 0, /* leave at 0. */
145 /* Used by operator tables to resolve pointer types (managed & unmanaged) and by unmanaged pointer types*/
147 /* value types and classes */
149 /* Number of types, used to define the size of the tables*/
152 /* Used by tables to signal that a result is not verifiable*/
153 NON_VERIFIABLE_RESULT = 0x80,
155 /*Mask used to extract just the type, excluding flags */
158 /* The stack type is a managed pointer, unmask the value to res */
159 POINTER_MASK = 0x100,
161 /*Stack type with the pointer mask*/
162 RAW_TYPE_MASK = 0x10F,
164 /* Controlled Mutability Manager Pointer */
167 /* The stack type is a null literal*/
168 NULL_LITERAL_MASK = 0x400,
170 /**Used by ldarg.0 and family to let delegate verification happens.*/
171 THIS_POINTER_MASK = 0x800,
173 /**Signals that this is a boxed value type*/
178 static const char* const
179 type_names [TYPE_MAX + 1] = {
190 PREFIX_UNALIGNED = 1,
193 PREFIX_ADDR_MASK = 3,
196 //////////////////////////////////////////////////////////////////
199 /*Token validation macros and functions */
200 #define IS_MEMBER_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_MEMBERREF)
201 #define IS_METHOD_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_METHOD)
202 #define IS_METHOD_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_METHODSPEC)
204 #define IS_TYPE_REF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEREF)
205 #define IS_TYPE_DEF(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPEDEF)
206 #define IS_TYPE_SPEC(token) (mono_metadata_token_table (token) == MONO_TABLE_TYPESPEC)
207 #define IS_METHOD_DEF_OR_REF_OR_SPEC(token) (IS_METHOD_DEF (token) || IS_MEMBER_REF (token) || IS_METHOD_SPEC (token))
208 #define IS_TYPE_DEF_OR_REF_OR_SPEC(token) (IS_TYPE_DEF (token) || IS_TYPE_REF (token) || IS_TYPE_SPEC (token))
211 * Verify if @token refers to a valid row on int's table.
214 token_bounds_check (MonoImage *image, guint32 token)
216 return image->tables [mono_metadata_token_table (token)].rows >= mono_metadata_token_index (token);
220 mono_type_create_fnptr_from_mono_method (VerifyContext *ctx, MonoMethod *method)
222 MonoType *res = g_new0 (MonoType, 1);
223 res->data.method = mono_method_signature (method);
224 res->type = MONO_TYPE_FNPTR;
225 ctx->funptrs = g_slist_prepend (ctx->funptrs, res);
229 #define CTOR_REQUIRED_FLAGS (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_RT_SPECIAL_NAME)
230 #define CTOR_INVALID_FLAGS (METHOD_ATTRIBUTE_STATIC)
233 mono_method_is_constructor (MonoMethod *method)
235 return ((method->flags & CTOR_REQUIRED_FLAGS) == CTOR_REQUIRED_FLAGS &&
236 !(method->flags & CTOR_INVALID_FLAGS) &&
237 !strcmp (".ctor", method->name));
241 /* stack_slot_get_type:
243 * Returns the stack type of @value. This value includes POINTER_MASK.
245 * Use this function to checks that account for a managed pointer.
248 stack_slot_get_type (ILStackDesc *value)
250 return value->stype & RAW_TYPE_MASK;
253 /* stack_slot_get_underlying_type:
255 * Returns the stack type of @value. This value does not include POINTER_MASK.
257 * Use this function is cases where the fact that the value could be a managed pointer is
258 * irrelevant. For example, field load doesn't care about this fact of type on stack.
261 stack_slot_get_underlying_type (ILStackDesc *value)
263 return value->stype & TYPE_MASK;
266 /* stack_slot_is_managed_pointer:
268 * Returns TRUE is @value is a managed pointer.
271 stack_slot_is_managed_pointer (ILStackDesc *value)
273 return (value->stype & POINTER_MASK) == POINTER_MASK;
276 /* stack_slot_is_managed_mutability_pointer:
278 * Returns TRUE is @value is a managed mutability pointer.
281 stack_slot_is_managed_mutability_pointer (ILStackDesc *value)
283 return (value->stype & CMMP_MASK) == CMMP_MASK;
286 /* stack_slot_is_null_literal:
288 * Returns TRUE is @value is the null literal.
291 stack_slot_is_null_literal (ILStackDesc *value)
293 return (value->stype & NULL_LITERAL_MASK) == NULL_LITERAL_MASK;
297 /* stack_slot_is_this_pointer:
299 * Returns TRUE is @value is the this literal
302 stack_slot_is_this_pointer (ILStackDesc *value)
304 return (value->stype & THIS_POINTER_MASK) == THIS_POINTER_MASK;
307 /* stack_slot_is_boxed_value:
309 * Returns TRUE is @value is a boxed value
312 stack_slot_is_boxed_value (ILStackDesc *value)
314 return (value->stype & BOXED_MASK) == BOXED_MASK;
318 stack_slot_get_name (ILStackDesc *value)
320 return type_names [value->stype & TYPE_MASK];
322 //////////////////////////////////////////////////////////////////
324 mono_free_verify_list (GSList *list)
326 MonoVerifyInfo *info;
329 for (tmp = list; tmp; tmp = tmp->next) {
331 g_free (info->message);
337 #define ADD_ERROR(list,msg) \
339 MonoVerifyInfo *vinfo = g_new (MonoVerifyInfo, 1); \
340 vinfo->status = MONO_VERIFY_ERROR; \
341 vinfo->message = (msg); \
342 (list) = g_slist_prepend ((list), vinfo); \
345 #define ADD_WARN(list,code,msg) \
347 MonoVerifyInfo *vinfo = g_new (MonoVerifyInfo, 1); \
348 vinfo->status = (code); \
349 vinfo->message = (msg); \
350 (list) = g_slist_prepend ((list), vinfo); \
354 valid_cultures[][9] = {
355 "ar-SA", "ar-IQ", "ar-EG", "ar-LY",
356 "ar-DZ", "ar-MA", "ar-TN", "ar-OM",
357 "ar-YE", "ar-SY", "ar-JO", "ar-LB",
358 "ar-KW", "ar-AE", "ar-BH", "ar-QA",
359 "bg-BG", "ca-ES", "zh-TW", "zh-CN",
360 "zh-HK", "zh-SG", "zh-MO", "cs-CZ",
361 "da-DK", "de-DE", "de-CH", "de-AT",
362 "de-LU", "de-LI", "el-GR", "en-US",
363 "en-GB", "en-AU", "en-CA", "en-NZ",
364 "en-IE", "en-ZA", "en-JM", "en-CB",
365 "en-BZ", "en-TT", "en-ZW", "en-PH",
366 "es-ES-Ts", "es-MX", "es-ES-Is", "es-GT",
367 "es-CR", "es-PA", "es-DO", "es-VE",
368 "es-CO", "es-PE", "es-AR", "es-EC",
369 "es-CL", "es-UY", "es-PY", "es-BO",
370 "es-SV", "es-HN", "es-NI", "es-PR",
371 "Fi-FI", "fr-FR", "fr-BE", "fr-CA",
372 "Fr-CH", "fr-LU", "fr-MC", "he-IL",
373 "hu-HU", "is-IS", "it-IT", "it-CH",
374 "Ja-JP", "ko-KR", "nl-NL", "nl-BE",
375 "nb-NO", "nn-NO", "pl-PL", "pt-BR",
376 "pt-PT", "ro-RO", "ru-RU", "hr-HR",
377 "Lt-sr-SP", "Cy-sr-SP", "sk-SK", "sq-AL",
378 "sv-SE", "sv-FI", "th-TH", "tr-TR",
379 "ur-PK", "id-ID", "uk-UA", "be-BY",
380 "sl-SI", "et-EE", "lv-LV", "lt-LT",
381 "fa-IR", "vi-VN", "hy-AM", "Lt-az-AZ",
383 "eu-ES", "mk-MK", "af-ZA",
384 "ka-GE", "fo-FO", "hi-IN", "ms-MY",
385 "ms-BN", "kk-KZ", "ky-KZ", "sw-KE",
386 "Lt-uz-UZ", "Cy-uz-UZ", "tt-TA", "pa-IN",
387 "gu-IN", "ta-IN", "te-IN", "kn-IN",
388 "mr-IN", "sa-IN", "mn-MN", "gl-ES",
389 "kok-IN", "syr-SY", "div-MV"
393 is_valid_culture (const char *cname)
399 for (i = 0; i < G_N_ELEMENTS (valid_cultures); ++i) {
400 if (g_strcasecmp (valid_cultures [i], cname)) {
409 is_valid_assembly_flags (guint32 flags) {
410 /* Metadata: 22.1.2 */
411 flags &= ~(0x8000 | 0x4000); /* ignore reserved bits 0x0030? */
412 return ((flags == 1) || (flags == 0));
416 is_valid_blob (MonoImage *image, guint32 blob_index, int notnull)
419 const char *p, *blob_end;
421 if (blob_index >= image->heap_blob.size)
423 p = mono_metadata_blob_heap (image, blob_index);
424 size = mono_metadata_decode_blob_size (p, &blob_end);
425 if (blob_index + size + (blob_end-p) > image->heap_blob.size)
427 if (notnull && !size)
433 is_valid_string (MonoImage *image, guint32 str_index, int notnull)
435 const char *p, *blob_end, *res;
437 if (str_index >= image->heap_strings.size)
439 res = p = mono_metadata_string_heap (image, str_index);
440 blob_end = mono_metadata_string_heap (image, image->heap_strings.size - 1);
444 * FIXME: should check it's a valid utf8 string, too.
446 while (p <= blob_end) {
451 return *p? NULL: res;
455 is_valid_cls_ident (const char *p)
458 * FIXME: we need the full unicode glib support for this.
459 * Check: http://www.unicode.org/unicode/reports/tr15/Identifier.java
460 * We do the lame thing for now.
466 if (!isalnum (*p) && *p != '_')
474 is_valid_filename (const char *p)
478 return strpbrk (p, "\\//:")? 0: 1;
482 verify_assembly_table (MonoImage *image, GSList *list, int level)
484 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLY];
485 guint32 cols [MONO_ASSEMBLY_SIZE];
488 if (level & MONO_VERIFY_ERROR) {
490 ADD_ERROR (list, g_strdup ("Assembly table may only have 0 or 1 rows"));
491 mono_metadata_decode_row (t, 0, cols, MONO_ASSEMBLY_SIZE);
493 switch (cols [MONO_ASSEMBLY_HASH_ALG]) {
494 case ASSEMBLY_HASH_NONE:
495 case ASSEMBLY_HASH_MD5:
496 case ASSEMBLY_HASH_SHA1:
499 ADD_ERROR (list, g_strdup_printf ("Hash algorithm 0x%x unknown", cols [MONO_ASSEMBLY_HASH_ALG]));
502 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLY_FLAGS]))
503 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assembly: 0x%x", cols [MONO_ASSEMBLY_FLAGS]));
505 if (!is_valid_blob (image, cols [MONO_ASSEMBLY_PUBLIC_KEY], FALSE))
506 ADD_ERROR (list, g_strdup ("Assembly public key is an invalid index"));
508 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_NAME], TRUE))) {
509 ADD_ERROR (list, g_strdup ("Assembly name is invalid"));
511 if (strpbrk (p, ":\\/."))
512 ADD_ERROR (list, g_strdup_printf ("Assembly name `%s' contains invalid chars", p));
515 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLY_CULTURE], FALSE))) {
516 ADD_ERROR (list, g_strdup ("Assembly culture is an invalid index"));
518 if (!is_valid_culture (p))
519 ADD_ERROR (list, g_strdup_printf ("Assembly culture `%s' is invalid", p));
526 verify_assemblyref_table (MonoImage *image, GSList *list, int level)
528 MonoTableInfo *t = &image->tables [MONO_TABLE_ASSEMBLYREF];
529 guint32 cols [MONO_ASSEMBLYREF_SIZE];
533 if (level & MONO_VERIFY_ERROR) {
534 for (i = 0; i < t->rows; ++i) {
535 mono_metadata_decode_row (t, i, cols, MONO_ASSEMBLYREF_SIZE);
536 if (!is_valid_assembly_flags (cols [MONO_ASSEMBLYREF_FLAGS]))
537 ADD_ERROR (list, g_strdup_printf ("Invalid flags in assemblyref row %d: 0x%x", i + 1, cols [MONO_ASSEMBLY_FLAGS]));
539 if (!is_valid_blob (image, cols [MONO_ASSEMBLYREF_PUBLIC_KEY], FALSE))
540 ADD_ERROR (list, g_strdup_printf ("AssemblyRef public key in row %d is an invalid index", i + 1));
542 if (!(p = is_valid_string (image, cols [MONO_ASSEMBLYREF_CULTURE], FALSE))) {
543 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture in row %d is invalid", i + 1));
545 if (!is_valid_culture (p))
546 ADD_ERROR (list, g_strdup_printf ("AssemblyRef culture `%s' in row %d is invalid", p, i + 1));
549 if (cols [MONO_ASSEMBLYREF_HASH_VALUE] && !is_valid_blob (image, cols [MONO_ASSEMBLYREF_HASH_VALUE], TRUE))
550 ADD_ERROR (list, g_strdup_printf ("AssemblyRef hash value in row %d is invalid or not null and empty", i + 1));
553 if (level & MONO_VERIFY_WARNING) {
554 /* check for duplicated rows */
555 for (i = 0; i < t->rows; ++i) {
562 verify_class_layout_table (MonoImage *image, GSList *list, int level)
564 MonoTableInfo *t = &image->tables [MONO_TABLE_CLASSLAYOUT];
565 MonoTableInfo *tdef = &image->tables [MONO_TABLE_TYPEDEF];
566 guint32 cols [MONO_CLASS_LAYOUT_SIZE];
569 if (level & MONO_VERIFY_ERROR) {
570 for (i = 0; i < t->rows; ++i) {
571 mono_metadata_decode_row (t, i, cols, MONO_CLASS_LAYOUT_SIZE);
573 if (cols [MONO_CLASS_LAYOUT_PARENT] > tdef->rows || !cols [MONO_CLASS_LAYOUT_PARENT]) {
574 ADD_ERROR (list, g_strdup_printf ("Parent in class layout is invalid in row %d", i + 1));
576 value = mono_metadata_decode_row_col (tdef, cols [MONO_CLASS_LAYOUT_PARENT] - 1, MONO_TYPEDEF_FLAGS);
577 if (value & TYPE_ATTRIBUTE_INTERFACE)
578 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is an interface", i + 1));
579 if (value & TYPE_ATTRIBUTE_AUTO_LAYOUT)
580 ADD_ERROR (list, g_strdup_printf ("Parent in class layout row %d is AutoLayout", i + 1));
581 if (value & TYPE_ATTRIBUTE_SEQUENTIAL_LAYOUT) {
582 switch (cols [MONO_CLASS_LAYOUT_PACKING_SIZE]) {
583 case 0: case 1: case 2: case 4: case 8: case 16:
584 case 32: case 64: case 128: break;
586 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
588 } else if (value & TYPE_ATTRIBUTE_EXPLICIT_LAYOUT) {
590 * FIXME: LAMESPEC: it claims it must be 0 (it's 1, instead).
591 if (cols [MONO_CLASS_LAYOUT_PACKING_SIZE])
592 ADD_ERROR (list, g_strdup_printf ("Packing size %d in class layout row %d is invalid with explicit layout", cols [MONO_CLASS_LAYOUT_PACKING_SIZE], i + 1));
596 * FIXME: we need to check that if class size != 0,
597 * it needs to be greater than the class calculated size.
598 * If parent is a valuetype it also needs to be smaller than
599 * 1 MByte (0x100000 bytes).
600 * To do both these checks we need to load the referenced
601 * assemblies, though (the spec claims we didn't have to, bah).
604 * We need to check that the parent types have the same layout
615 verify_constant_table (MonoImage *image, GSList *list, int level)
617 MonoTableInfo *t = &image->tables [MONO_TABLE_CONSTANT];
618 guint32 cols [MONO_CONSTANT_SIZE];
620 GHashTable *dups = g_hash_table_new (NULL, NULL);
622 for (i = 0; i < t->rows; ++i) {
623 mono_metadata_decode_row (t, i, cols, MONO_CONSTANT_SIZE);
625 if (level & MONO_VERIFY_ERROR)
626 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT])))
627 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Constant row %d", cols [MONO_CONSTANT_PARENT], i + 1));
628 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]),
629 GUINT_TO_POINTER (cols [MONO_CONSTANT_PARENT]));
631 switch (cols [MONO_CONSTANT_TYPE]) {
632 case MONO_TYPE_U1: /* LAMESPEC: it says I1...*/
636 if (level & MONO_VERIFY_CLS)
637 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Type 0x%x not CLS compliant in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
638 case MONO_TYPE_BOOLEAN:
646 case MONO_TYPE_STRING:
647 case MONO_TYPE_CLASS:
650 if (level & MONO_VERIFY_ERROR)
651 ADD_ERROR (list, g_strdup_printf ("Type 0x%x is invalid in Constant row %d", cols [MONO_CONSTANT_TYPE], i + 1));
653 if (level & MONO_VERIFY_ERROR) {
654 value = cols [MONO_CONSTANT_PARENT] >> MONO_HASCONSTANT_BITS;
655 switch (cols [MONO_CONSTANT_PARENT] & MONO_HASCONSTANT_MASK) {
656 case MONO_HASCONSTANT_FIEDDEF:
657 if (value > image->tables [MONO_TABLE_FIELD].rows)
658 ADD_ERROR (list, g_strdup_printf ("Parent (field) is invalid in Constant row %d", i + 1));
660 case MONO_HASCONSTANT_PARAM:
661 if (value > image->tables [MONO_TABLE_PARAM].rows)
662 ADD_ERROR (list, g_strdup_printf ("Parent (param) is invalid in Constant row %d", i + 1));
664 case MONO_HASCONSTANT_PROPERTY:
665 if (value > image->tables [MONO_TABLE_PROPERTY].rows)
666 ADD_ERROR (list, g_strdup_printf ("Parent (property) is invalid in Constant row %d", i + 1));
669 ADD_ERROR (list, g_strdup_printf ("Parent is invalid in Constant row %d", i + 1));
673 if (level & MONO_VERIFY_CLS) {
675 * FIXME: verify types is consistent with the enum type
676 * is parent is an enum.
680 g_hash_table_destroy (dups);
685 verify_event_map_table (MonoImage *image, GSList *list, int level)
687 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENTMAP];
688 guint32 cols [MONO_EVENT_MAP_SIZE];
689 guint32 i, last_event;
690 GHashTable *dups = g_hash_table_new (NULL, NULL);
694 for (i = 0; i < t->rows; ++i) {
695 mono_metadata_decode_row (t, i, cols, MONO_EVENT_MAP_SIZE);
696 if (level & MONO_VERIFY_ERROR)
697 if (g_hash_table_lookup (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT])))
698 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is duplicated in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
699 g_hash_table_insert (dups, GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]),
700 GUINT_TO_POINTER (cols [MONO_EVENT_MAP_PARENT]));
701 if (level & MONO_VERIFY_ERROR) {
702 if (cols [MONO_EVENT_MAP_PARENT] > image->tables [MONO_TABLE_TYPEDEF].rows)
703 ADD_ERROR (list, g_strdup_printf ("Parent 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_PARENT], i + 1));
704 if (cols [MONO_EVENT_MAP_EVENTLIST] > image->tables [MONO_TABLE_EVENT].rows)
705 ADD_ERROR (list, g_strdup_printf ("EventList 0x%08x is invalid in Event Map row %d", cols [MONO_EVENT_MAP_EVENTLIST], i + 1));
707 if (cols [MONO_EVENT_MAP_EVENTLIST] <= last_event)
708 ADD_ERROR (list, g_strdup_printf ("EventList overlap in Event Map row %d", i + 1));
709 last_event = cols [MONO_EVENT_MAP_EVENTLIST];
713 g_hash_table_destroy (dups);
718 verify_event_table (MonoImage *image, GSList *list, int level)
720 MonoTableInfo *t = &image->tables [MONO_TABLE_EVENT];
721 guint32 cols [MONO_EVENT_SIZE];
725 for (i = 0; i < t->rows; ++i) {
726 mono_metadata_decode_row (t, i, cols, MONO_EVENT_SIZE);
728 if (cols [MONO_EVENT_FLAGS] & ~(EVENT_SPECIALNAME|EVENT_RTSPECIALNAME)) {
729 if (level & MONO_VERIFY_ERROR)
730 ADD_ERROR (list, g_strdup_printf ("Flags 0x%04x invalid in Event row %d", cols [MONO_EVENT_FLAGS], i + 1));
732 if (!(p = is_valid_string (image, cols [MONO_EVENT_NAME], TRUE))) {
733 if (level & MONO_VERIFY_ERROR)
734 ADD_ERROR (list, g_strdup_printf ("Invalid name in Event row %d", i + 1));
736 if (level & MONO_VERIFY_CLS) {
737 if (!is_valid_cls_ident (p))
738 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Event row %d", p, i + 1));
742 if (level & MONO_VERIFY_ERROR && cols [MONO_EVENT_TYPE]) {
743 value = cols [MONO_EVENT_TYPE] >> MONO_TYPEDEFORREF_BITS;
744 switch (cols [MONO_EVENT_TYPE] & MONO_TYPEDEFORREF_MASK) {
745 case MONO_TYPEDEFORREF_TYPEDEF:
746 if (!value || value > image->tables [MONO_TABLE_TYPEDEF].rows)
747 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
749 case MONO_TYPEDEFORREF_TYPEREF:
750 if (!value || value > image->tables [MONO_TABLE_TYPEREF].rows)
751 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
753 case MONO_TYPEDEFORREF_TYPESPEC:
754 if (!value || value > image->tables [MONO_TABLE_TYPESPEC].rows)
755 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
758 ADD_ERROR (list, g_strdup_printf ("Type invalid in Event row %d", i + 1));
762 * FIXME: check that there is 1 add and remove row in methodsemantics
763 * and 0 or 1 raise and 0 or more other (maybe it's better to check for
764 * these while checking methodsemantics).
765 * check for duplicated names for the same type [ERROR]
766 * check for CLS duplicate names for the same type [CLS]
773 verify_field_table (MonoImage *image, GSList *list, int level)
775 MonoTableInfo *t = &image->tables [MONO_TABLE_FIELD];
776 guint32 cols [MONO_FIELD_SIZE];
780 for (i = 0; i < t->rows; ++i) {
781 mono_metadata_decode_row (t, i, cols, MONO_FIELD_SIZE);
783 * Check this field has only one owner and that the owner is not
784 * an interface (done in verify_typedef_table() )
786 flags = cols [MONO_FIELD_FLAGS];
787 switch (flags & FIELD_ATTRIBUTE_FIELD_ACCESS_MASK) {
788 case FIELD_ATTRIBUTE_COMPILER_CONTROLLED:
789 case FIELD_ATTRIBUTE_PRIVATE:
790 case FIELD_ATTRIBUTE_FAM_AND_ASSEM:
791 case FIELD_ATTRIBUTE_ASSEMBLY:
792 case FIELD_ATTRIBUTE_FAMILY:
793 case FIELD_ATTRIBUTE_FAM_OR_ASSEM:
794 case FIELD_ATTRIBUTE_PUBLIC:
797 if (level & MONO_VERIFY_ERROR)
798 ADD_ERROR (list, g_strdup_printf ("Invalid access mask in Field row %d", i + 1));
801 if (level & MONO_VERIFY_ERROR) {
802 if ((flags & FIELD_ATTRIBUTE_LITERAL) && (flags & FIELD_ATTRIBUTE_INIT_ONLY))
803 ADD_ERROR (list, g_strdup_printf ("Literal and InitOnly cannot be both set in Field row %d", i + 1));
804 if ((flags & FIELD_ATTRIBUTE_LITERAL) && !(flags & FIELD_ATTRIBUTE_STATIC))
805 ADD_ERROR (list, g_strdup_printf ("Literal needs also Static set in Field row %d", i + 1));
806 if ((flags & FIELD_ATTRIBUTE_RT_SPECIAL_NAME) && !(flags & FIELD_ATTRIBUTE_SPECIAL_NAME))
807 ADD_ERROR (list, g_strdup_printf ("RTSpecialName needs also SpecialName set in Field row %d", i + 1));
809 * FIXME: check there is only one owner in the respective table.
810 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_MARSHAL)
811 * if (flags & FIELD_ATTRIBUTE_HAS_DEFAULT)
812 * if (flags & FIELD_ATTRIBUTE_HAS_FIELD_RVA)
815 if (!(p = is_valid_string (image, cols [MONO_FIELD_NAME], TRUE))) {
816 if (level & MONO_VERIFY_ERROR)
817 ADD_ERROR (list, g_strdup_printf ("Invalid name in Field row %d", i + 1));
819 if (level & MONO_VERIFY_CLS) {
820 if (!is_valid_cls_ident (p))
821 ADD_WARN (list, MONO_VERIFY_CLS, g_strdup_printf ("Invalid CLS name '%s` in Field row %d", p, i + 1));
826 * if owner is module needs to be static, access mask needs to be compilercontrolled,
827 * public or private (not allowed in cls mode).
828 * if owner is an enum ...
837 verify_file_table (MonoImage *image, GSList *list, int level)
839 MonoTableInfo *t = &image->tables [MONO_TABLE_FILE];
840 guint32 cols [MONO_FILE_SIZE];
843 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
845 for (i = 0; i < t->rows; ++i) {
846 mono_metadata_decode_row (t, i, cols, MONO_FILE_SIZE);
847 if (level & MONO_VERIFY_ERROR) {
848 if (cols [MONO_FILE_FLAGS] != FILE_CONTAINS_METADATA && cols [MONO_FILE_FLAGS] != FILE_CONTAINS_NO_METADATA)
849 ADD_ERROR (list, g_strdup_printf ("Invalid flags in File row %d", i + 1));
850 if (!is_valid_blob (image, cols [MONO_FILE_HASH_VALUE], TRUE))
851 ADD_ERROR (list, g_strdup_printf ("File hash value in row %d is invalid or not null and empty", i + 1));
853 if (!(p = is_valid_string (image, cols [MONO_FILE_NAME], TRUE))) {
854 if (level & MONO_VERIFY_ERROR)
855 ADD_ERROR (list, g_strdup_printf ("Invalid name in File row %d", i + 1));
857 if (level & MONO_VERIFY_ERROR) {
858 if (!is_valid_filename (p))
859 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in File row %d", p, i + 1));
860 else if (g_hash_table_lookup (dups, p)) {
861 ADD_ERROR (list, g_strdup_printf ("Duplicate name '%s` in File row %d", p, i + 1));
863 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
867 * FIXME: I don't understand what this means:
868 * If this module contains a row in the Assembly table (that is, if this module "holds the manifest")
869 * then there shall not be any row in the File table for this module - i.e., no self-reference [ERROR]
873 if (level & MONO_VERIFY_WARNING) {
874 if (!t->rows && image->tables [MONO_TABLE_EXPORTEDTYPE].rows)
875 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup ("ExportedType table should be empty if File table is empty"));
877 g_hash_table_destroy (dups);
882 verify_moduleref_table (MonoImage *image, GSList *list, int level)
884 MonoTableInfo *t = &image->tables [MONO_TABLE_MODULEREF];
885 MonoTableInfo *tfile = &image->tables [MONO_TABLE_FILE];
886 guint32 cols [MONO_MODULEREF_SIZE];
888 guint32 found, i, j, value;
889 GHashTable *dups = g_hash_table_new (g_str_hash, g_str_equal);
891 for (i = 0; i < t->rows; ++i) {
892 mono_metadata_decode_row (t, i, cols, MONO_MODULEREF_SIZE);
893 if (!(p = is_valid_string (image, cols [MONO_MODULEREF_NAME], TRUE))) {
894 if (level & MONO_VERIFY_ERROR)
895 ADD_ERROR (list, g_strdup_printf ("Invalid name in ModuleRef row %d", i + 1));
897 if (level & MONO_VERIFY_ERROR) {
898 if (!is_valid_filename (p))
899 ADD_ERROR (list, g_strdup_printf ("Invalid name '%s` in ModuleRef row %d", p, i + 1));
900 else if (g_hash_table_lookup (dups, p)) {
901 ADD_WARN (list, MONO_VERIFY_WARNING, g_strdup_printf ("Duplicate name '%s` in ModuleRef row %d", p, i + 1));
902 g_hash_table_insert (dups, (gpointer)p, (gpointer)p);
904 for (j = 0; j < tfile->rows; ++j) {
905 value = mono_metadata_decode_row_col (tfile, j, MONO_FILE_NAME);
906 if ((pf = is_valid_string (image, value, TRUE)))
907 if (strcmp (p, pf) == 0) {
913 ADD_ERROR (list, g_strdup_printf ("Name '%s` in ModuleRef row %d doesn't have a match in File table", p, i + 1));
918 g_hash_table_destroy (dups);
923 verify_standalonesig_table (MonoImage *image, GSList *list, int level)
925 MonoTableInfo *t = &image->tables [MONO_TABLE_STANDALONESIG];
926 guint32 cols [MONO_STAND_ALONE_SIGNATURE_SIZE];
930 for (i = 0; i < t->rows; ++i) {
931 mono_metadata_decode_row (t, i, cols, MONO_STAND_ALONE_SIGNATURE_SIZE);
932 if (level & MONO_VERIFY_ERROR) {
933 if (!is_valid_blob (image, cols [MONO_STAND_ALONE_SIGNATURE], TRUE)) {
934 ADD_ERROR (list, g_strdup_printf ("Signature is invalid in StandAloneSig row %d", i + 1));
936 p = mono_metadata_blob_heap (image, cols [MONO_STAND_ALONE_SIGNATURE]);
937 /* FIXME: check it's a valid locals or method sig.*/
945 mono_image_verify_tables (MonoImage *image, int level)
947 GSList *error_list = NULL;
949 error_list = verify_assembly_table (image, error_list, level);
951 * AssemblyOS, AssemblyProcessor, AssemblyRefOs and
952 * AssemblyRefProcessor should be ignored,
953 * though we may want to emit a warning, since it should not
954 * be present in a PE file.
956 error_list = verify_assemblyref_table (image, error_list, level);
957 error_list = verify_class_layout_table (image, error_list, level);
958 error_list = verify_constant_table (image, error_list, level);
960 * cutom attribute, declsecurity
962 error_list = verify_event_map_table (image, error_list, level);
963 error_list = verify_event_table (image, error_list, level);
964 error_list = verify_field_table (image, error_list, level);
965 error_list = verify_file_table (image, error_list, level);
966 error_list = verify_moduleref_table (image, error_list, level);
967 error_list = verify_standalonesig_table (image, error_list, level);
969 return g_slist_reverse (error_list);
972 #define ADD_INVALID(list,msg) \
974 MonoVerifyInfo *vinfo = g_new (MonoVerifyInfo, 1); \
975 vinfo->status = MONO_VERIFY_ERROR; \
976 vinfo->message = (msg); \
977 (list) = g_slist_prepend ((list), vinfo); \
978 /*G_BREAKPOINT ();*/ \
982 #define CHECK_STACK_UNDERFLOW(num) \
984 if (cur_stack < (num)) \
985 ADD_INVALID (list, g_strdup_printf ("Stack underflow at 0x%04x (%d items instead of %d)", ip_offset, cur_stack, (num))); \
988 #define CHECK_STACK_OVERFLOW() \
990 if (cur_stack >= max_stack) \
991 ADD_INVALID (list, g_strdup_printf ("Maxstack exceeded at 0x%04x", ip_offset)); \
996 in_any_block (MonoMethodHeader *header, guint offset)
999 MonoExceptionClause *clause;
1001 for (i = 0; i < header->num_clauses; ++i) {
1002 clause = &header->clauses [i];
1003 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1005 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1007 if (MONO_OFFSET_IN_FILTER (clause, offset))
1014 * in_any_exception_block:
1016 * Returns TRUE is @offset is part of any exception clause (filter, handler, catch, finally or fault).
1019 in_any_exception_block (MonoMethodHeader *header, guint offset)
1022 MonoExceptionClause *clause;
1024 for (i = 0; i < header->num_clauses; ++i) {
1025 clause = &header->clauses [i];
1026 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1028 if (MONO_OFFSET_IN_FILTER (clause, offset))
1035 * is_valid_branch_instruction:
1037 * Verify if it's valid to perform a branch from @offset to @target.
1038 * This should be used with br and brtrue/false.
1039 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1040 * The major diferent from other similiar functions is that branching into a
1041 * finally/fault block is invalid instead of just unverifiable.
1044 is_valid_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1047 MonoExceptionClause *clause;
1049 for (i = 0; i < header->num_clauses; ++i) {
1050 clause = &header->clauses [i];
1051 /*branching into a finally block is invalid*/
1052 if ((clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY || clause->flags == MONO_EXCEPTION_CLAUSE_FAULT) &&
1053 !MONO_OFFSET_IN_HANDLER (clause, offset) &&
1054 MONO_OFFSET_IN_HANDLER (clause, target))
1057 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1059 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1061 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1068 * is_valid_cmp_branch_instruction:
1070 * Verify if it's valid to perform a branch from @offset to @target.
1071 * This should be used with binary comparison branching instruction, like beq, bge and similars.
1072 * It returns 0 if valid, 1 for unverifiable and 2 for invalid.
1074 * The major diferences from other similar functions are that most errors lead to invalid
1075 * code and only branching out of finally, filter or fault clauses is unverifiable.
1078 is_valid_cmp_branch_instruction (MonoMethodHeader *header, guint offset, guint target)
1081 MonoExceptionClause *clause;
1083 for (i = 0; i < header->num_clauses; ++i) {
1084 clause = &header->clauses [i];
1085 /*branching out of a handler or finally*/
1086 if (clause->flags != MONO_EXCEPTION_CLAUSE_NONE &&
1087 MONO_OFFSET_IN_HANDLER (clause, offset) &&
1088 !MONO_OFFSET_IN_HANDLER (clause, target))
1091 if (clause->try_offset != target && (MONO_OFFSET_IN_CLAUSE (clause, offset) ^ MONO_OFFSET_IN_CLAUSE (clause, target)))
1093 if (MONO_OFFSET_IN_HANDLER (clause, offset) ^ MONO_OFFSET_IN_HANDLER (clause, target))
1095 if (MONO_OFFSET_IN_FILTER (clause, offset) ^ MONO_OFFSET_IN_FILTER (clause, target))
1102 * A leave can't escape a finally block
1105 is_correct_leave (MonoMethodHeader *header, guint offset, guint target)
1108 MonoExceptionClause *clause;
1110 for (i = 0; i < header->num_clauses; ++i) {
1111 clause = &header->clauses [i];
1112 if (clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY && MONO_OFFSET_IN_HANDLER (clause, offset) && !MONO_OFFSET_IN_HANDLER (clause, target))
1114 if (MONO_OFFSET_IN_FILTER (clause, offset))
1121 * A rethrow can't happen outside of a catch handler.
1124 is_correct_rethrow (MonoMethodHeader *header, guint offset)
1127 MonoExceptionClause *clause;
1129 for (i = 0; i < header->num_clauses; ++i) {
1130 clause = &header->clauses [i];
1131 if (MONO_OFFSET_IN_HANDLER (clause, offset))
1133 if (MONO_OFFSET_IN_FILTER (clause, offset))
1140 * An endfinally can't happen outside of a finally/fault handler.
1143 is_correct_endfinally (MonoMethodHeader *header, guint offset)
1146 MonoExceptionClause *clause;
1148 for (i = 0; i < header->num_clauses; ++i) {
1149 clause = &header->clauses [i];
1150 if (MONO_OFFSET_IN_HANDLER (clause, offset) && (clause->flags == MONO_EXCEPTION_CLAUSE_FAULT || clause->flags == MONO_EXCEPTION_CLAUSE_FINALLY))
1158 * An endfilter can only happens inside a filter clause.
1159 * In non-strict mode filter is allowed inside the handler clause too
1161 static MonoExceptionClause *
1162 is_correct_endfilter (VerifyContext *ctx, guint offset)
1165 MonoExceptionClause *clause;
1167 for (i = 0; i < ctx->header->num_clauses; ++i) {
1168 clause = &ctx->header->clauses [i];
1169 if (clause->flags != MONO_EXCEPTION_CLAUSE_FILTER)
1171 if (MONO_OFFSET_IN_FILTER (clause, offset))
1173 if (!IS_STRICT_MODE (ctx) && MONO_OFFSET_IN_HANDLER (clause, offset))
1181 * Non-strict endfilter can happens inside a try block or any handler block
1184 is_unverifiable_endfilter (VerifyContext *ctx, guint offset)
1187 MonoExceptionClause *clause;
1189 for (i = 0; i < ctx->header->num_clauses; ++i) {
1190 clause = &ctx->header->clauses [i];
1191 if (MONO_OFFSET_IN_CLAUSE (clause, offset))
1198 is_valid_bool_arg (ILStackDesc *arg)
1200 if (stack_slot_is_managed_pointer (arg) || stack_slot_is_boxed_value (arg) || stack_slot_is_null_literal (arg))
1204 switch (stack_slot_get_underlying_type (arg)) {
1207 case TYPE_NATIVE_INT:
1211 g_assert (arg->type);
1212 switch (arg->type->type) {
1213 case MONO_TYPE_CLASS:
1214 case MONO_TYPE_STRING:
1215 case MONO_TYPE_OBJECT:
1216 case MONO_TYPE_SZARRAY:
1217 case MONO_TYPE_ARRAY:
1218 case MONO_TYPE_FNPTR:
1221 case MONO_TYPE_GENERICINST:
1222 /*We need to check if the container class
1223 * of the generic type is a valuetype, iow:
1224 * is it a "class Foo<T>" or a "struct Foo<T>"?
1226 return !arg->type->data.generic_class->container_class->valuetype;
1234 /*Type manipulation helper*/
1236 /*Returns the byref version of the supplied MonoType*/
1238 mono_type_get_type_byref (MonoType *type)
1242 return &mono_class_from_mono_type (type)->this_arg;
1246 /*Returns the byval version of the supplied MonoType*/
1248 mono_type_get_type_byval (MonoType *type)
1252 return &mono_class_from_mono_type (type)->byval_arg;
1256 mono_type_from_stack_slot (ILStackDesc *slot)
1258 if (stack_slot_is_managed_pointer (slot))
1259 return mono_type_get_type_byref (slot->type);
1263 /*Stack manipulation code*/
1266 stack_init (VerifyContext *ctx, ILCodeDesc *state)
1268 if (state->flags & IL_CODE_FLAG_STACK_INITED)
1271 state->flags |= IL_CODE_FLAG_STACK_INITED;
1273 state->stack = g_new0 (ILStackDesc, ctx->max_stack);
1277 stack_copy (ILCodeDesc *to, ILCodeDesc *from)
1279 to->size = from->size;
1280 memcpy (to->stack, from->stack, sizeof (ILStackDesc) * from->size);
1284 copy_stack_value (ILStackDesc *to, ILStackDesc *from)
1286 to->stype = from->stype;
1287 to->type = from->type;
1288 to->method = from->method;
1292 check_underflow (VerifyContext *ctx, int size)
1294 if (ctx->eval.size < size) {
1295 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack underflow, required %d, but have %d at 0x%04x", size, ctx->eval.size, ctx->ip_offset));
1302 check_overflow (VerifyContext *ctx)
1304 if (ctx->eval.size >= ctx->max_stack) {
1305 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have stack-depth %d at 0x%04x", ctx->eval.size + 1, ctx->ip_offset));
1312 check_unmanaged_pointer (VerifyContext *ctx, ILStackDesc *value)
1314 if (stack_slot_get_type (value) == TYPE_PTR) {
1315 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1322 check_unverifiable_type (VerifyContext *ctx, MonoType *type)
1324 if (type->type == MONO_TYPE_PTR || type->type == MONO_TYPE_FNPTR) {
1325 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unmanaged pointer is not a verifiable type at 0x%04x", ctx->ip_offset));
1332 static ILStackDesc *
1333 stack_push (VerifyContext *ctx)
1335 return & ctx->eval.stack [ctx->eval.size++];
1338 static ILStackDesc *
1339 stack_push_val (VerifyContext *ctx, int stype, MonoType *type)
1341 ILStackDesc *top = stack_push (ctx);
1347 static ILStackDesc *
1348 stack_pop (VerifyContext *ctx)
1350 return ctx->eval.stack + --ctx->eval.size;
1353 static inline ILStackDesc *
1354 stack_top (VerifyContext *ctx)
1356 return ctx->eval.stack + (ctx->eval.size - 1);
1359 static inline ILStackDesc *
1360 stack_get (VerifyContext *ctx, int distance)
1362 return ctx->eval.stack + (ctx->eval.size - distance - 1);
1365 /* Returns the MonoType associated with the token, or NULL if it is invalid.
1367 * A boxable type can be either a reference or value type, but cannot be a byref type or an unmanaged pointer
1370 get_boxable_mono_type (VerifyContext* ctx, int token)
1373 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
1374 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid type token %x at 0x%04x", token, ctx->ip_offset));
1378 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
1381 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
1385 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
1386 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type at 0x%04x", ctx->ip_offset));
1390 if (type->type == MONO_TYPE_VOID) {
1391 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type at 0x%04x", ctx->ip_offset));
1395 if (type->type == MONO_TYPE_TYPEDBYREF)
1396 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid use of typedbyref at 0x%04x", ctx->ip_offset));
1398 check_unverifiable_type (ctx, type);
1403 /*operation result tables */
1405 static const unsigned char bin_op_table [TYPE_MAX][TYPE_MAX] = {
1406 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1407 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1408 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1409 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1410 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1411 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1414 static const unsigned char add_table [TYPE_MAX][TYPE_MAX] = {
1415 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1416 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1417 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1418 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1419 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1420 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1423 static const unsigned char sub_table [TYPE_MAX][TYPE_MAX] = {
1424 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1425 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1426 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1427 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_R8, TYPE_INV, TYPE_INV},
1428 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1429 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1432 static const unsigned char int_bin_op_table [TYPE_MAX][TYPE_MAX] = {
1433 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1434 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1435 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1436 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1437 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1438 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1441 static const unsigned char shift_op_table [TYPE_MAX][TYPE_MAX] = {
1442 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1443 {TYPE_I8, TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV},
1444 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1445 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1446 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1447 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1450 static const unsigned char cmp_br_op [TYPE_MAX][TYPE_MAX] = {
1451 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1452 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1453 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1454 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1455 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV},
1456 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1459 static const unsigned char cmp_br_eq_op [TYPE_MAX][TYPE_MAX] = {
1460 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV},
1461 {TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1462 {TYPE_I4, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV},
1463 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4, TYPE_INV, TYPE_INV},
1464 {TYPE_INV, TYPE_INV, TYPE_I4 | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_I4, TYPE_INV},
1465 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_I4},
1468 static const unsigned char add_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1469 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1470 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1471 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV},
1472 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1473 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_INV, TYPE_INV},
1474 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1477 static const unsigned char sub_ovf_un_table [TYPE_MAX][TYPE_MAX] = {
1478 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1479 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1480 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1481 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1482 {TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_PTR | NON_VERIFIABLE_RESULT, TYPE_INV, TYPE_NATIVE_INT | NON_VERIFIABLE_RESULT, TYPE_INV},
1483 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1486 static const unsigned char bin_ovf_table [TYPE_MAX][TYPE_MAX] = {
1487 {TYPE_I4, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1488 {TYPE_INV, TYPE_I8, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1489 {TYPE_NATIVE_INT, TYPE_INV, TYPE_NATIVE_INT, TYPE_INV, TYPE_INV, TYPE_INV},
1490 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1491 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1492 {TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV, TYPE_INV},
1498 dump_stack_value (ILStackDesc *value)
1500 printf ("[(%x)(%x)", value->type->type, value->stype);
1502 if (stack_slot_is_this_pointer (value))
1505 if (stack_slot_is_boxed_value (value))
1506 printf ("[boxed] ");
1508 if (stack_slot_is_null_literal (value))
1511 if (stack_slot_is_managed_mutability_pointer (value))
1512 printf ("Controled Mutability MP: ");
1514 if (stack_slot_is_managed_pointer (value))
1515 printf ("Managed Pointer to: ");
1517 switch (stack_slot_get_underlying_type (value)) {
1519 printf ("invalid type]");
1527 case TYPE_NATIVE_INT:
1528 printf ("native int]");
1531 printf ("float64]");
1534 printf ("unmanaged pointer]");
1537 switch (value->type->type) {
1538 case MONO_TYPE_CLASS:
1539 case MONO_TYPE_VALUETYPE:
1540 printf ("complex] (%s)", value->type->data.klass->name);
1542 case MONO_TYPE_STRING:
1543 printf ("complex] (string)");
1545 case MONO_TYPE_OBJECT:
1546 printf ("complex] (object)");
1548 case MONO_TYPE_SZARRAY:
1549 printf ("complex] (%s [])", value->type->data.klass->name);
1551 case MONO_TYPE_ARRAY:
1552 printf ("complex] (%s [%d %d %d])",
1553 value->type->data.array->eklass->name,
1554 value->type->data.array->rank,
1555 value->type->data.array->numsizes,
1556 value->type->data.array->numlobounds);
1558 case MONO_TYPE_GENERICINST:
1559 printf ("complex] (inst of %s )", value->type->data.generic_class->container_class->name);
1562 printf ("complex] (type generic param !%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1564 case MONO_TYPE_MVAR:
1565 printf ("complex] (method generic param !!%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
1568 //should be a boxed value
1569 char * name = mono_type_full_name (value->type);
1570 printf ("complex] %s", name);
1576 printf ("unknown stack %x type]\n", value->stype);
1577 g_assert_not_reached ();
1582 dump_stack_state (ILCodeDesc *state)
1586 printf ("(%d) ", state->size);
1587 for (i = 0; i < state->size; ++i)
1588 dump_stack_value (state->stack + i);
1592 /*Returns TRUE if candidate array type can be assigned to target.
1593 *Both parameters MUST be of type MONO_TYPE_ARRAY (target->type == MONO_TYPE_ARRAY)
1596 is_array_type_compatible (MonoType *target, MonoType *candidate)
1599 MonoArrayType *left = target->data.array;
1600 MonoArrayType *right = candidate->data.array;
1602 g_assert (target->type == MONO_TYPE_ARRAY);
1603 g_assert (candidate->type == MONO_TYPE_ARRAY);
1606 if ((left->rank != right->rank) ||
1607 (left->numsizes != right->numsizes) ||
1608 (left->numlobounds != right->numlobounds))
1611 for (i = 0; i < left->numsizes; ++i)
1612 if (left->sizes [i] != right->sizes [i])
1615 for (i = 0; i < left->numlobounds; ++i)
1616 if (left->lobounds [i] != right->lobounds [i])
1619 return mono_class_is_assignable_from (left->eklass, right->eklass);
1623 get_stack_type (MonoType *type)
1626 int type_kind = type->type;
1628 mask = POINTER_MASK;
1629 /*TODO handle CMMP_MASK */
1632 switch (type_kind) {
1635 case MONO_TYPE_BOOLEAN:
1638 case MONO_TYPE_CHAR:
1641 return TYPE_I4 | mask;
1645 return TYPE_NATIVE_INT | mask;
1647 /* FIXME: the spec says that you cannot have a pointer to method pointer, do we need to check this here? */
1648 case MONO_TYPE_FNPTR:
1650 case MONO_TYPE_TYPEDBYREF:
1651 return TYPE_PTR | mask;
1654 case MONO_TYPE_MVAR:
1656 case MONO_TYPE_CLASS:
1657 case MONO_TYPE_STRING:
1658 case MONO_TYPE_OBJECT:
1659 case MONO_TYPE_SZARRAY:
1660 case MONO_TYPE_ARRAY:
1661 case MONO_TYPE_GENERICINST:
1662 return TYPE_COMPLEX | mask;
1666 return TYPE_I8 | mask;
1670 return TYPE_R8 | mask;
1672 case MONO_TYPE_VALUETYPE:
1673 if (type->data.klass->enumtype) {
1674 type = type->data.klass->enum_basetype;
1675 type_kind = type->type;
1678 return TYPE_COMPLEX | mask;
1681 VERIFIER_DEBUG ( printf ("unknown type %02x in eval stack type\n", type->type); );
1682 g_assert_not_reached ();
1687 /* convert MonoType to ILStackDesc format (stype) */
1689 set_stack_value (VerifyContext *ctx, ILStackDesc *stack, MonoType *type, int take_addr)
1692 int type_kind = type->type;
1694 if (type->byref || take_addr)
1695 mask = POINTER_MASK;
1696 /* TODO handle CMMP_MASK */
1701 switch (type_kind) {
1704 case MONO_TYPE_BOOLEAN:
1707 case MONO_TYPE_CHAR:
1710 stack->stype = TYPE_I4 | mask;
1714 stack->stype = TYPE_NATIVE_INT | mask;
1717 /*FIXME: Do we need to check if it's a pointer to the method pointer? The spec says it' illegal to have that.*/
1718 case MONO_TYPE_FNPTR:
1720 case MONO_TYPE_TYPEDBYREF:
1721 stack->stype = TYPE_PTR | mask;
1724 case MONO_TYPE_CLASS:
1725 case MONO_TYPE_STRING:
1726 case MONO_TYPE_OBJECT:
1727 case MONO_TYPE_SZARRAY:
1728 case MONO_TYPE_ARRAY:
1730 case MONO_TYPE_GENERICINST:
1732 case MONO_TYPE_MVAR:
1733 stack->stype = TYPE_COMPLEX | mask;
1737 stack->stype = TYPE_I8 | mask;
1741 stack->stype = TYPE_R8 | mask;
1743 case MONO_TYPE_VALUETYPE:
1744 if (type->data.klass->enumtype) {
1745 type = type->data.klass->enum_basetype;
1746 type_kind = type->type;
1749 stack->stype = TYPE_COMPLEX | mask;
1753 VERIFIER_DEBUG ( printf ("unknown type 0x%02x in eval stack type\n", type->type); );
1754 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Illegal value set on stack 0x%02x at %d", type->type, ctx->ip_offset));
1761 * init_stack_with_value_at_exception_boundary:
1763 * Initialize the stack and push a given type.
1764 * The instruction is marked as been on the exception boundary.
1767 init_stack_with_value_at_exception_boundary (VerifyContext *ctx, ILCodeDesc *code, MonoClass *klass)
1769 stack_init (ctx, code);
1770 set_stack_value (ctx, code->stack, &klass->byval_arg, FALSE);
1772 code->flags |= IL_CODE_FLAG_WAS_TARGET;
1775 /* Generics validation stuff, should be moved to another metadata/? file */
1777 mono_is_generic_type_compatible (MonoType *target, MonoType *candidate)
1779 if (target->byref != candidate->byref)
1783 switch (target->type) {
1784 case MONO_TYPE_STRING:
1785 if (candidate->type == MONO_TYPE_STRING)
1789 case MONO_TYPE_CLASS:
1790 if (candidate->type != MONO_TYPE_CLASS)
1793 VERIFIER_DEBUG ( printf ("verifying type class %p %p\n", target->data.klass, candidate->data.klass); );
1794 return mono_class_is_assignable_from (target->data.klass, candidate->data.klass);
1796 case MONO_TYPE_OBJECT:
1797 return MONO_TYPE_IS_REFERENCE (candidate);
1799 case MONO_TYPE_SZARRAY:
1800 if (candidate->type != MONO_TYPE_SZARRAY)
1802 return mono_class_is_assignable_from (target->data.klass, candidate->data.klass);
1804 case MONO_TYPE_VALUETYPE:
1805 if (target->data.klass->enumtype) {
1806 target = target->data.klass->enum_basetype;
1809 if (candidate->type != MONO_TYPE_VALUETYPE)
1811 return candidate->data.klass == target->data.klass;
1814 case MONO_TYPE_ARRAY:
1815 if (candidate->type != MONO_TYPE_ARRAY)
1817 return is_array_type_compatible (target, candidate);
1820 VERIFIER_DEBUG ( printf ("unknown target type %d\n", target->type); );
1821 g_assert_not_reached ();
1829 mono_is_generic_instance_compatible (MonoGenericClass *target, MonoGenericClass *candidate, MonoGenericClass *root_candidate) {
1830 MonoGenericContainer *container;
1833 VERIFIER_DEBUG ( printf ("candidate container %p\n", candidate->container_class->generic_container); );
1834 if (target->container_class != candidate->container_class) {
1835 MonoType *param_class;
1836 MonoClass *cand_class;
1837 VERIFIER_DEBUG ( printf ("generic class != target\n"); );
1838 param_class = candidate->context.class_inst->type_argv [0];
1839 VERIFIER_DEBUG ( printf ("param 0 %d\n", param_class->type); );
1840 cand_class = candidate->container_class;
1842 /* We must check if it's an interface type*/
1843 if (MONO_CLASS_IS_INTERFACE (target->container_class)) {
1844 VERIFIER_DEBUG ( printf ("generic type is an interface\n"); );
1847 int iface_count = cand_class->interface_count;
1848 MonoClass **ifaces = cand_class->interfaces;
1850 VERIFIER_DEBUG ( printf ("type has %d interfaces\n", iface_count); );
1851 for (i = 0; i< iface_count; ++i) {
1852 MonoClass *ifc = ifaces[i];
1853 VERIFIER_DEBUG ( printf ("analysing %s\n", ifc->name); );
1854 if (ifc->generic_class) {
1855 VERIFIER_DEBUG ( printf ("interface has generic info\n"); );
1857 if (mono_is_generic_instance_compatible (target, ifc->generic_class, root_candidate)) {
1858 VERIFIER_DEBUG ( printf ("we got compatible stuff!\n"); );
1863 cand_class = cand_class->parent;
1864 } while (cand_class);
1866 VERIFIER_DEBUG ( printf ("don't implements an interface\n"); );
1869 VERIFIER_DEBUG ( printf ("verifying upper classes\n"); );
1871 cand_class = cand_class->parent;
1873 while (cand_class) {
1874 VERIFIER_DEBUG ( printf ("verifying parent class name %s\n", cand_class->name); );
1875 if (cand_class->generic_class) {
1876 VERIFIER_DEBUG ( printf ("super type has generic context\n"); );
1878 /* TODO break loop if target->container_class == cand_class->generic_class->container_class */
1879 return mono_is_generic_instance_compatible (target, cand_class->generic_class, root_candidate);
1881 VERIFIER_DEBUG ( printf ("super class has no generic context\n"); );
1882 cand_class = cand_class->parent;
1888 /* now we verify if the instantiations are compatible*/
1889 if (target->context.class_inst == candidate->context.class_inst) {
1890 VERIFIER_DEBUG ( printf ("generic types are compatible, both have the same instantiation\n"); );
1894 if (target->context.class_inst->type_argc != candidate->context.class_inst->type_argc) {
1895 VERIFIER_DEBUG ( printf ("generic instantiations with different arg counts\n"); );
1899 //verify if open instance -- none should be
1901 container = target->container_class->generic_container;
1903 for (i = 0; i < container->type_argc; ++i) {
1904 MonoGenericParam *param = container->type_params + i;
1905 MonoType *target_type = target->context.class_inst->type_argv [i];
1906 MonoType *candidate_type = candidate->context.class_inst->type_argv [i];
1907 /* We resolve TYPE_VAR types before proceeding */
1909 if (candidate_type->type == MONO_TYPE_VAR) {
1910 MonoGenericParam *var_param = candidate_type->data.generic_param;
1911 candidate_type = root_candidate->context.class_inst->type_argv [var_param->num];
1914 if ((param->flags & GENERIC_PARAMETER_ATTRIBUTE_VARIANCE_MASK) == 0) {
1915 VERIFIER_DEBUG ( printf ("generic type have no variance flag, checking each type %d %d \n",target_type->type, candidate_type->type); );
1917 if (!mono_metadata_type_equal (target_type, candidate_type))
1920 VERIFIER_DEBUG ( printf ("generic type has variance flag, need to perform deeper check\n"); );
1921 /* first we check if they are the same kind */
1922 /* byref generic params are forbiden, but better safe than sorry.*/
1924 if ((param->flags & GENERIC_PARAMETER_ATTRIBUTE_COVARIANT) == GENERIC_PARAMETER_ATTRIBUTE_COVARIANT) {
1925 if (!mono_is_generic_type_compatible (target_type, candidate_type))
1927 /* the attribute must be contravariant */
1928 } else if (!mono_is_generic_type_compatible (candidate_type, target_type))
1937 /*Verify if type 'candidate' can be stored in type 'target'.
1939 * If strict, check for the underlying type and not the verification stack types
1942 verify_type_compatibility_full (VerifyContext *ctx, MonoType *target, MonoType *candidate, gboolean strict)
1944 #define IS_ONE_OF3(T, A, B, C) (T == A || T == B || T == C)
1945 #define IS_ONE_OF2(T, A, B) (T == A || T == B)
1947 VERIFIER_DEBUG ( printf ("checking type compatibility %p %p[%x][%x] %p[%x][%x]\n", ctx, target, target->type, target->byref, candidate, candidate->type, candidate->byref); );
1949 /*only one is byref */
1950 if (candidate->byref ^ target->byref) {
1951 /* converting from native int to byref*/
1952 if (get_stack_type (candidate) == TYPE_NATIVE_INT && target->byref) {
1953 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("using byref native int at 0x%04x", ctx->ip_offset));
1958 strict |= target->byref;
1961 switch (target->type) {
1964 case MONO_TYPE_BOOLEAN:
1966 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I1, MONO_TYPE_U1, MONO_TYPE_BOOLEAN);
1969 case MONO_TYPE_CHAR:
1971 return IS_ONE_OF3 (candidate->type, MONO_TYPE_I2, MONO_TYPE_U2, MONO_TYPE_CHAR);
1973 case MONO_TYPE_U4: {
1974 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
1975 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
1977 return is_native_int || is_int4;
1978 return is_native_int || get_stack_type (candidate) == TYPE_I4;
1983 return IS_ONE_OF2 (candidate->type, MONO_TYPE_I8, MONO_TYPE_U8);
1988 return candidate->type == target->type;
1989 return IS_ONE_OF2 (candidate->type, MONO_TYPE_R4, MONO_TYPE_R8);
1993 gboolean is_native_int = IS_ONE_OF2 (candidate->type, MONO_TYPE_I, MONO_TYPE_U);
1994 gboolean is_int4 = IS_ONE_OF2 (candidate->type, MONO_TYPE_I4, MONO_TYPE_U4);
1996 return is_native_int || is_int4;
1997 return is_native_int || get_stack_type (candidate) == TYPE_I4;
2001 if (candidate->type != MONO_TYPE_PTR)
2003 /* check the underlying type */
2004 return verify_type_compatibility_full (ctx, target->data.type, candidate->data.type, TRUE);
2006 case MONO_TYPE_FNPTR: {
2007 MonoMethodSignature *left, *right;
2008 if (candidate->type != MONO_TYPE_FNPTR)
2011 left = mono_type_get_signature (target);
2012 right = mono_type_get_signature (candidate);
2013 return mono_metadata_signature_equal (left, right) && left->call_convention == right->call_convention;
2016 case MONO_TYPE_GENERICINST: {
2017 MonoGenericClass *left;
2018 MonoGenericClass *right;
2019 if (candidate->type != MONO_TYPE_GENERICINST)
2020 return mono_class_is_assignable_from (mono_class_from_mono_type (target), mono_class_from_mono_type (candidate));
2021 left = target->data.generic_class;
2022 right = candidate->data.generic_class;
2024 return mono_is_generic_instance_compatible (left, right, right);
2027 case MONO_TYPE_STRING:
2028 return candidate->type == MONO_TYPE_STRING;
2030 case MONO_TYPE_CLASS:
2031 return mono_class_is_assignable_from (target->data.klass, mono_class_from_mono_type (candidate));
2033 case MONO_TYPE_OBJECT:
2034 return MONO_TYPE_IS_REFERENCE (candidate);
2036 case MONO_TYPE_SZARRAY: {
2039 if (candidate->type != MONO_TYPE_SZARRAY)
2042 left = target->data.klass;
2043 right = candidate->data.klass;
2044 return mono_class_is_assignable_from(left, right);
2047 case MONO_TYPE_ARRAY:
2048 if (candidate->type != MONO_TYPE_ARRAY)
2050 return is_array_type_compatible (target, candidate);
2052 case MONO_TYPE_TYPEDBYREF:
2053 return candidate->type == MONO_TYPE_TYPEDBYREF;
2055 case MONO_TYPE_VALUETYPE:
2056 if (candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass)
2058 if (target->data.klass->enumtype) {
2059 target = target->data.klass->enum_basetype;
2065 if (candidate->type != MONO_TYPE_VAR)
2067 return candidate->data.generic_param->num == target->data.generic_param->num;
2069 case MONO_TYPE_MVAR:
2070 if (candidate->type != MONO_TYPE_MVAR)
2072 return candidate->data.generic_param->num == target->data.generic_param->num;
2075 VERIFIER_DEBUG ( printf ("unknown store type %d\n", target->type); );
2076 g_assert_not_reached ();
2085 verify_type_compatibility (VerifyContext *ctx, MonoType *target, MonoType *candidate)
2087 return verify_type_compatibility_full (ctx, target, candidate, FALSE);
2092 verify_stack_type_compatibility (VerifyContext *ctx, MonoType *type, ILStackDesc *stack)
2094 MonoType *candidate = mono_type_from_stack_slot (stack);
2095 if (MONO_TYPE_IS_REFERENCE (type) && !type->byref && stack_slot_is_null_literal (stack))
2098 if (type->type == MONO_TYPE_OBJECT && mono_class_from_mono_type (candidate)->valuetype && !candidate->byref && stack_slot_is_boxed_value (stack))
2101 return verify_type_compatibility_full (ctx, type, candidate, FALSE);
2105 * mono_delegate_signature_equal:
2107 * Compare two signatures in the way expected by delegates.
2109 * This function only exists due to the fact that it should ignore the 'has_this' part of the signature.
2111 * FIXME can this function be eliminated and proper metadata functionality be used?
2114 mono_delegate_signature_equal (MonoMethodSignature *sig1, MonoMethodSignature *sig2)
2118 //FIXME do we need to check for explicit_this?
2119 //We don't check for has_this since this is irrelevant for delegate signatures
2120 if (sig1->param_count != sig2->param_count)
2123 if (sig1->generic_param_count != sig2->generic_param_count)
2126 for (i = 0; i < sig1->param_count; i++) {
2127 MonoType *p1 = sig1->params [i];
2128 MonoType *p2 = sig2->params [i];
2130 if (!mono_metadata_type_equal_full (p1, p2, TRUE))
2134 if (!mono_metadata_type_equal_full (sig1->ret, sig2->ret, TRUE))
2141 * verify_ldftn_delegate:
2143 * Verify properties of ldftn based delegates.
2146 verify_ldftn_delegate (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2148 MonoMethod *method = funptr->method;
2150 /*ldftn non-final virtuals only allowed if method is not static,
2151 * the object is a this arg (comes from a ldarg.0), and there is no starg.0.
2152 * This rules doesn't apply if the object on stack is a boxed valuetype.
2154 if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !stack_slot_is_boxed_value (value)) {
2155 /*A stdarg 0 must not happen, we fail here only in fail fast mode to avoid double error reports*/
2156 if (IS_FAIL_FAST_MODE (ctx) && ctx->has_this_store)
2157 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", ctx->ip_offset));
2159 /*current method must not be static*/
2160 if (ctx->method->flags & METHOD_ATTRIBUTE_STATIC)
2161 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function at 0x%04x", ctx->ip_offset));
2163 /*value is the this pointer, loaded using ldarg.0 */
2164 if (!stack_slot_is_this_pointer (value))
2165 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object argument, it is not the this pointer, to ldftn with virtual method at 0x%04x", ctx->ip_offset));
2167 ctx->code [ctx->ip_offset].flags |= IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL;
2172 * verify_delegate_compatibility:
2174 * Verify delegate creation sequence.
2178 verify_delegate_compatibility (VerifyContext *ctx, MonoClass *delegate, ILStackDesc *value, ILStackDesc *funptr)
2180 #define IS_VALID_OPCODE(offset, opcode) (ip [ip_offset - offset] == opcode && (ctx->code [ip_offset - offset].flags & IL_CODE_FLAG_SEEN))
2181 #define IS_LOAD_FUN_PTR(kind) (IS_VALID_OPCODE (6, CEE_PREFIX1) && ip [ip_offset - 5] == kind)
2183 MonoMethod *invoke, *method;
2184 const guint8 *ip = ctx->header->code;
2185 guint32 ip_offset = ctx->ip_offset;
2187 if (stack_slot_get_type (funptr) != TYPE_PTR || !funptr->method) {
2188 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid function pointer parameter for delegate constructor at %d", ctx->ip_offset));
2192 invoke = mono_get_delegate_invoke (delegate);
2193 method = funptr->method;
2195 if (!mono_delegate_signature_equal (mono_method_signature (invoke), mono_method_signature (method)))
2196 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Function pointer parameter for delegate constructor has diferent signature at %d", ctx->ip_offset));
2199 * Delegate code sequences:
2205 * [-6] ldvirtftn token
2209 if (ip_offset > 5 && IS_LOAD_FUN_PTR (CEE_LDFTN)) {
2210 verify_ldftn_delegate (ctx, delegate, value, funptr);
2211 } else if (ip_offset > 6 && IS_VALID_OPCODE (7, CEE_DUP) && IS_LOAD_FUN_PTR (CEE_LDVIRTFTN)) {
2212 ctx->code [ip_offset - 6].flags |= IL_CODE_DELEGATE_SEQUENCE;
2214 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid code sequence for delegate creation at 0x%04x", ctx->ip_offset));
2216 ctx->code [ip_offset].flags |= IL_CODE_DELEGATE_SEQUENCE;
2219 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, value->type) && !stack_slot_is_null_literal (value))
2220 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
2222 if (stack_slot_get_type (value) != TYPE_COMPLEX)
2223 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid first parameter for delegate creation at 0x%04x", ctx->ip_offset));
2225 #undef IS_VALID_OPCODE
2226 #undef IS_LOAD_FUN_PTR
2229 /* implement the opcode checks*/
2231 push_arg (VerifyContext *ctx, unsigned int arg, int take_addr)
2233 if (arg >= ctx->max_args) {
2235 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2237 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d", arg + 1));
2238 if (check_overflow (ctx)) //FIXME: what sane value could we ever push?
2239 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2241 } else if (check_overflow (ctx)) {
2242 /*We must let the value be pushed, otherwise we would get an underflow error*/
2243 check_unverifiable_type (ctx, ctx->params [arg]);
2244 if (ctx->params [arg]->byref && take_addr)
2245 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2246 if (!set_stack_value (ctx, stack_push (ctx), ctx->params [arg], take_addr))
2249 if (arg == 0 && !(ctx->method->flags & METHOD_ATTRIBUTE_STATIC)) {
2251 ctx->has_this_store = TRUE;
2253 stack_top (ctx)->stype |= THIS_POINTER_MASK;
2259 push_local (VerifyContext *ctx, guint32 arg, int take_addr)
2261 if (arg >= ctx->num_locals) {
2262 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local %d", arg + 1));
2263 } else if (check_overflow (ctx)) {
2264 /*We must let the value be pushed, otherwise we would get an underflow error*/
2265 check_unverifiable_type (ctx, ctx->locals [arg]);
2266 if (ctx->locals [arg]->byref && take_addr)
2267 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
2269 set_stack_value (ctx, stack_push (ctx), ctx->locals [arg], take_addr);
2274 store_arg (VerifyContext *ctx, guint32 arg)
2278 if (arg >= ctx->max_args) {
2279 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method doesn't have argument %d at 0x%04x", arg + 1, ctx->ip_offset));
2280 check_underflow (ctx, 1);
2285 if (check_underflow (ctx, 1)) {
2286 value = stack_pop (ctx);
2287 if (!verify_stack_type_compatibility (ctx, ctx->params [arg], value)) {
2288 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in argument store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2292 ctx->has_this_store = 1;
2296 store_local (VerifyContext *ctx, guint32 arg)
2299 if (arg >= ctx->num_locals) {
2300 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method doesn't have local var %d at 0x%04x", arg + 1, ctx->ip_offset));
2304 /*TODO verify definite assigment */
2305 if (check_underflow (ctx, 1)) {
2306 value = stack_pop(ctx);
2307 if (!verify_stack_type_compatibility (ctx, ctx->locals [arg], value)) {
2308 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in local store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2313 /*FIXME add and sub needs special care here*/
2315 do_binop (VerifyContext *ctx, unsigned int opcode, const unsigned char table [TYPE_MAX][TYPE_MAX])
2318 int idxa, idxb, complexMerge = 0;
2321 if (!check_underflow (ctx, 2))
2323 a = stack_get (ctx, 1);
2324 b = stack_top (ctx);
2326 idxa = stack_slot_get_underlying_type (a);
2327 if (stack_slot_is_managed_pointer (a)) {
2332 idxb = stack_slot_get_underlying_type (b);
2333 if (stack_slot_is_managed_pointer (b)) {
2340 res = table [idxa][idxb];
2342 VERIFIER_DEBUG ( printf ("binop res %d\n", res); );
2343 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2346 if (res == TYPE_INV) {
2347 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction applyed to ill formed stack (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2351 if (res & NON_VERIFIABLE_RESULT) {
2352 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Binary instruction is not verifiable (%s x %s)", stack_slot_get_name (a), stack_slot_get_name (b)));
2354 res = res & ~NON_VERIFIABLE_RESULT;
2357 if (complexMerge && res == TYPE_PTR) {
2358 if (complexMerge == 1)
2359 copy_stack_value (stack_top (ctx), a);
2360 else if (complexMerge == 2)
2361 copy_stack_value (stack_top (ctx), b);
2363 * There is no need to merge the type of two pointers.
2364 * The only valid operation is subtraction, that returns a native
2365 * int as result and can be used with any 2 pointer kinds.
2366 * This is valid acording to Patition III 1.1.4
2369 stack_top (ctx)->stype = res;
2375 do_boolean_branch_op (VerifyContext *ctx, int delta)
2377 int target = ctx->ip_offset + delta;
2380 VERIFIER_DEBUG ( printf ("boolean branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2382 if (target < 0 || target >= ctx->code_size) {
2383 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Boolean branch target out of code at 0x%04x", ctx->ip_offset));
2387 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2389 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2392 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2396 ctx->target = target;
2398 if (!check_underflow (ctx, 1))
2401 top = stack_pop (ctx);
2402 if (!is_valid_bool_arg (top))
2403 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Argument type %s not valid for brtrue/brfalse at 0x%04x", stack_slot_get_name (stack_get (ctx, -1)), ctx->ip_offset));
2405 check_unmanaged_pointer (ctx, top);
2410 do_branch_op (VerifyContext *ctx, signed int delta, const unsigned char table [TYPE_MAX][TYPE_MAX])
2415 int target = ctx->ip_offset + delta;
2417 VERIFIER_DEBUG ( printf ("branch offset %d delta %d target %d\n", ctx->ip_offset, delta, target); );
2419 if (target < 0 || target >= ctx->code_size) {
2420 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
2424 switch (is_valid_cmp_branch_instruction (ctx->header, ctx->ip_offset, target)) {
2426 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2429 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
2433 ctx->target = target;
2435 if (!check_underflow (ctx, 2))
2438 b = stack_pop (ctx);
2439 a = stack_pop (ctx);
2441 idxa = stack_slot_get_underlying_type (a);
2442 if (stack_slot_is_managed_pointer (a))
2445 idxb = stack_slot_get_underlying_type (b);
2446 if (stack_slot_is_managed_pointer (b))
2451 res = table [idxa][idxb];
2453 VERIFIER_DEBUG ( printf ("branch res %d\n", res); );
2454 VERIFIER_DEBUG ( printf ("idxa %d idxb %d\n", idxa, idxb); );
2456 if (res == TYPE_INV) {
2457 ADD_VERIFY_ERROR (ctx,
2458 g_strdup_printf ("Compare and Branch instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2459 } else if (res & NON_VERIFIABLE_RESULT) {
2460 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare and Branch instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2461 res = res & ~NON_VERIFIABLE_RESULT;
2466 do_cmp_op (VerifyContext *ctx, const unsigned char table [TYPE_MAX][TYPE_MAX], guint32 opcode)
2472 if (!check_underflow (ctx, 2))
2474 b = stack_pop (ctx);
2475 a = stack_pop (ctx);
2477 if (opcode == CEE_CGT_UN) {
2478 if (stack_slot_get_type (a) == TYPE_COMPLEX && stack_slot_get_type (b) == TYPE_COMPLEX) {
2479 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2484 idxa = stack_slot_get_underlying_type (a);
2485 if (stack_slot_is_managed_pointer (a))
2488 idxb = stack_slot_get_underlying_type (b);
2489 if (stack_slot_is_managed_pointer (b))
2494 res = table [idxa][idxb];
2496 if(res == TYPE_INV) {
2497 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf("Compare instruction applyed to ill formed stack (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2498 } else if (res & NON_VERIFIABLE_RESULT) {
2499 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Compare instruction is not verifiable (%s x %s) at 0x%04x", stack_slot_get_name (a), stack_slot_get_name (b), ctx->ip_offset));
2500 res = res & ~NON_VERIFIABLE_RESULT;
2502 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2506 do_ret (VerifyContext *ctx)
2508 VERIFIER_DEBUG ( printf ("checking ret\n"); );
2509 if (ctx->signature->ret->type != MONO_TYPE_VOID) {
2511 if (!check_underflow (ctx, 1))
2514 top = stack_pop(ctx);
2516 if (!verify_stack_type_compatibility (ctx, ctx->signature->ret, top)) {
2517 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible return value on stack with method signature ret at 0x%04x", ctx->ip_offset));
2522 if (ctx->eval.size > 0) {
2523 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack not empty (%d) after ret at 0x%04x", ctx->eval.size, ctx->ip_offset));
2525 if (in_any_block (ctx->header, ctx->ip_offset))
2526 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ret cannot escape exception blocks at 0x%04x", ctx->ip_offset));
2530 * FIXME we need to fix the case of a non-virtual instance method defined in the parent but call using a token pointing to a subclass.
2531 * This is illegal but mono_get_method_full decoded it.
2533 * TODO handle vararg calls
2534 * TODO handle calling .ctor outside one or calling the .ctor for other class but super
2537 do_invoke_method (VerifyContext *ctx, int method_token, gboolean virtual)
2540 MonoMethodSignature *sig;
2542 MonoMethod *method = mono_get_method_full (ctx->image, method_token, NULL, ctx->generic_context);
2543 gboolean virt_check_this = FALSE;
2546 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method 0x%08x not found at 0x%04x", method_token, ctx->ip_offset));
2550 if (!virtual && (method->flags & METHOD_ATTRIBUTE_ABSTRACT))
2551 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use call with an abstract method at 0x%04x", ctx->ip_offset));
2553 if (virtual && method->klass->valuetype)
2554 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use callvirtual with valuetype method at 0x%04x", ctx->ip_offset));
2556 if (!virtual && (method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL)) {
2557 virt_check_this = TRUE;
2558 ctx->code [ctx->ip_offset].flags |= IL_CODE_CALL_NONFINAL_VIRTUAL;
2561 if (!(sig = mono_method_signature (method)))
2562 sig = mono_method_get_signature (method, ctx->image, method_token);
2564 param_count = sig->param_count + sig->hasthis;
2565 if (!check_underflow (ctx, param_count))
2568 for (i = sig->param_count - 1; i >= 0; --i) {
2569 VERIFIER_DEBUG ( printf ("verifying argument %d\n", i); );
2570 value = stack_pop (ctx);
2571 if (!verify_stack_type_compatibility (ctx, sig->params[i], value))
2572 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
2576 MonoType *type = &method->klass->byval_arg;
2578 value = stack_pop (ctx);
2579 copy_stack_value (©, value);
2580 //TODO we should extract this to a 'drop_byref_argument' and use everywhere
2581 //Other parts of the code suffer from the same issue of
2582 copy.type = mono_type_get_type_byval (copy.type);
2583 copy.stype &= ~POINTER_MASK;
2585 if (virt_check_this && !stack_slot_is_this_pointer (value) && !(method->klass->valuetype || stack_slot_is_boxed_value (value)))
2586 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a non-final virtual method from an objet diferent thant the this pointer at 0x%04x", ctx->ip_offset));
2588 if (stack_slot_is_managed_pointer (value) && !mono_class_from_mono_type (value->type)->valuetype)
2589 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a reference type using a managed pointer to the this arg at 0x%04x", ctx->ip_offset));
2591 if (!virtual && mono_class_from_mono_type (value->type)->valuetype && !method->klass->valuetype && !stack_slot_is_boxed_value (value))
2592 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot call a valuetype baseclass at 0x%04x", ctx->ip_offset));
2594 if (virtual && mono_class_from_mono_type (value->type)->valuetype && !stack_slot_is_boxed_value (value))
2595 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a valuetype with callvirt at 0x%04x", ctx->ip_offset));
2597 if (method->klass->valuetype && (stack_slot_is_boxed_value (value) || !stack_slot_is_managed_pointer (value)))
2598 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a boxed or literal valuetype to call a valuetype method at 0x%04x", ctx->ip_offset));
2600 if (!verify_stack_type_compatibility (ctx, type, ©))
2601 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible this argument on stack with method signature at 0x%04x", ctx->ip_offset));
2604 if (!mono_method_can_access_method (ctx->method, method))
2605 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method is not accessible at 0x%04x", ctx->ip_offset));
2607 if (sig->ret->type != MONO_TYPE_VOID) {
2608 if (check_overflow (ctx))
2609 set_stack_value (ctx, stack_push (ctx), sig->ret, FALSE);
2612 if (sig->ret->type == MONO_TYPE_TYPEDBYREF
2614 || (sig->ret->type == MONO_TYPE_VALUETYPE && !strcmp ("System", sig->ret->data.klass->name_space) && !strcmp ("ArgIterator", sig->ret->data.klass->name)))
2615 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method returns typedbyref, byref or ArgIterator at 0x%04x", ctx->ip_offset));
2619 do_push_static_field (VerifyContext *ctx, int token, gboolean take_addr)
2621 MonoClassField *field;
2624 field = mono_field_from_token (ctx->image, token, &klass, ctx->generic_context);
2626 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot load field from token 0x%08x at 0x%04x", token, ctx->ip_offset));
2630 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2631 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot load non static field at 0x%04x", ctx->ip_offset));
2634 /*taking the address of initonly field only works from the static constructor */
2635 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2636 !(field->parent == ctx->method->klass && (ctx->method->flags & (METHOD_ATTRIBUTE_SPECIAL_NAME | METHOD_ATTRIBUTE_STATIC)) && !strcmp (".cctor", ctx->method->name)))
2637 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2639 if (!mono_method_can_access_field (ctx->method, field))
2640 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset));
2642 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2646 do_store_static_field (VerifyContext *ctx, int token) {
2647 MonoClassField *field;
2651 if (!check_underflow (ctx, 1))
2654 value = stack_pop (ctx);
2656 field = mono_field_from_token (ctx->image, token, &klass, ctx->generic_context);
2658 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot store field from token 0x%08x at 0x%04x", token, ctx->ip_offset));
2662 if (!(field->type->attrs & FIELD_ATTRIBUTE_STATIC)) {
2663 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot store non static field at 0x%04x", ctx->ip_offset));
2667 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2668 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type in store static field at 0x%04x", ctx->ip_offset));
2672 if (!mono_method_can_access_field (ctx->method, field))
2673 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset));
2675 if (!verify_stack_type_compatibility (ctx, field->type, value))
2676 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in static field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2680 check_is_valid_type_for_field_ops (VerifyContext *ctx, int token, ILStackDesc *obj, MonoClassField **ret_field)
2682 MonoClassField *field;
2685 /*must be one of: complex type, managed pointer (to complex type), unmanaged pointer (native int) or an instance of a value type */
2686 if (!( stack_slot_get_underlying_type (obj) == TYPE_COMPLEX
2687 || stack_slot_get_type (obj) == TYPE_NATIVE_INT
2688 || stack_slot_get_type (obj) == TYPE_PTR)) {
2689 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument %s to load field at 0x%04x", stack_slot_get_name (obj), ctx->ip_offset));
2692 field = mono_field_from_token (ctx->image, token, &klass, ctx->generic_context);
2694 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot load field from token 0x%08x at 0x%04x", token, ctx->ip_offset));
2700 if (field->type->type == MONO_TYPE_TYPEDBYREF) {
2701 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Typedbyref field is an unverfiable type at 0x%04x", ctx->ip_offset));
2704 g_assert (obj->type);
2706 /*The value on the stack must be a subclass of the defining type of the field*/
2707 /* we need to check if we can load the field from the stack value*/
2708 if (stack_slot_get_underlying_type (obj) == TYPE_COMPLEX) {
2709 if (!field->parent->valuetype && stack_slot_is_managed_pointer (obj))
2710 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a managed pointer to a reference type and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2712 /*a value type can be loaded from a value or a managed pointer, but not a boxed object*/
2713 if (field->parent->valuetype && stack_slot_is_boxed_value (obj))
2714 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is a boxed valuetype and is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2716 if (!stack_slot_is_null_literal (obj) && !verify_type_compatibility (ctx, &field->parent->byval_arg, mono_type_get_type_byval (obj->type)))
2717 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not compatible to reference the field at 0x%04x", ctx->ip_offset));
2719 if (!mono_method_can_access_field (ctx->method, field))
2720 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset));
2723 if (!mono_method_can_access_field (ctx->method, field))
2724 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset));
2726 if (stack_slot_get_underlying_type (obj) == TYPE_NATIVE_INT)
2727 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Native int is not a verifiable type to reference a field at 0x%04x", ctx->ip_offset));
2729 check_unmanaged_pointer (ctx, obj);
2734 do_push_field (VerifyContext *ctx, int token, gboolean take_addr)
2737 MonoClassField *field;
2739 if (!check_underflow (ctx, 1))
2741 obj = stack_pop (ctx);
2743 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field))
2746 if (take_addr && field->parent->valuetype && !stack_slot_is_managed_pointer (obj))
2747 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a temporary value-type at 0x%04x", ctx->ip_offset));
2749 if (take_addr && (field->type->attrs & FIELD_ATTRIBUTE_INIT_ONLY) &&
2750 !(field->parent == ctx->method->klass && mono_method_is_constructor (ctx->method)))
2751 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
2753 set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
2757 do_store_field (VerifyContext *ctx, int token)
2759 ILStackDesc *value, *obj;
2760 MonoClassField *field;
2762 if (!check_underflow (ctx, 2))
2765 value = stack_pop (ctx);
2766 obj = stack_pop (ctx);
2768 if (!check_is_valid_type_for_field_ops (ctx, token, obj, &field))
2771 if (!verify_stack_type_compatibility (ctx, field->type, value))
2772 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible type %s in field store at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2775 /*TODO proper handle for Nullable<T>*/
2777 do_box_value (VerifyContext *ctx, int klass_token)
2780 MonoType *type = get_boxable_mono_type (ctx, klass_token);
2785 if (!check_underflow (ctx, 1))
2788 value = stack_top (ctx);
2789 /*box is a nop for reference types*/
2791 if (stack_slot_get_underlying_type (value) == TYPE_COMPLEX && MONO_TYPE_IS_REFERENCE (value->type) && MONO_TYPE_IS_REFERENCE (type)) {
2792 value->stype |= BOXED_MASK;
2796 value = stack_pop (ctx);
2798 if (!verify_stack_type_compatibility (ctx, type, value))
2799 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for boxing operation at 0x%04x", ctx->ip_offset));
2801 stack_push_val (ctx, TYPE_COMPLEX | BOXED_MASK, type);
2805 do_unbox_value (VerifyContext *ctx, int klass_token)
2808 MonoType *type = get_boxable_mono_type (ctx, klass_token);
2813 if (!check_underflow (ctx, 1))
2816 if (!mono_class_from_mono_type (type)->valuetype)
2817 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid reference type for unbox at 0x%04x", ctx->ip_offset));
2819 value = stack_pop (ctx);
2821 /*Value should be: a boxed valuetype or a reference type*/
2822 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
2823 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
2824 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2826 set_stack_value (ctx, value = stack_push (ctx), mono_type_get_type_byref (type), FALSE);
2827 value->stype |= CMMP_MASK;
2831 do_unbox_any (VerifyContext *ctx, int klass_token)
2834 MonoType *type = get_boxable_mono_type (ctx, klass_token);
2839 if (!check_underflow (ctx, 1))
2842 value = stack_pop (ctx);
2844 /*Value should be: a boxed valuetype or a reference type*/
2845 if (!(stack_slot_get_type (value) == TYPE_COMPLEX &&
2846 (stack_slot_is_boxed_value (value) || !mono_class_from_mono_type (value->type)->valuetype)))
2847 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type %s at stack for unbox.any operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2849 set_stack_value (ctx, stack_push (ctx), type, FALSE);
2853 do_unary_math_op (VerifyContext *ctx, int op)
2856 if (!check_underflow (ctx, 1))
2858 value = stack_top (ctx);
2859 switch (stack_slot_get_type (value)) {
2862 case TYPE_NATIVE_INT:
2867 case TYPE_COMPLEX: /*only enums are ok*/
2868 if (value->type->type == MONO_TYPE_VALUETYPE && value->type->data.klass->enumtype)
2871 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for unary not at 0x%04x", ctx->ip_offset));
2876 do_conversion (VerifyContext *ctx, int kind)
2879 if (!check_underflow (ctx, 1))
2881 value = stack_pop (ctx);
2883 switch (stack_slot_get_type (value)) {
2886 case TYPE_NATIVE_INT:
2890 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type (%s) at stack for conversion operation at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2895 stack_push_val (ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
2898 stack_push_val (ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
2901 stack_push_val (ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
2903 case TYPE_NATIVE_INT:
2904 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
2907 g_error ("unknown type %02x in conversion", kind);
2913 do_load_token (VerifyContext *ctx, int token)
2916 MonoClass *handle_class;
2917 if (!check_overflow (ctx))
2919 handle = mono_ldtoken (ctx->image, token, &handle_class, ctx->generic_context);
2921 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid token 0x%x for ldtoken at 0x%04x", token, ctx->ip_offset));
2924 stack_push_val (ctx, TYPE_COMPLEX, mono_class_get_type (handle_class));
2928 do_ldobj_value (VerifyContext *ctx, int token)
2931 MonoType *type = get_boxable_mono_type (ctx, token);
2936 if (!check_underflow (ctx, 1))
2939 value = stack_pop (ctx);
2940 if (!stack_slot_is_managed_pointer (value)
2941 && stack_slot_get_type (value) != TYPE_NATIVE_INT
2942 && !(stack_slot_get_type (value) == TYPE_PTR && value->type->type != MONO_TYPE_FNPTR)) {
2943 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid argument %s to ldobj at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
2947 if (stack_slot_get_type (value) == TYPE_NATIVE_INT)
2948 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Using native pointer to ldobj at 0x%04x", ctx->ip_offset));
2950 /*We have a byval on the stack, but the comparison must be strict. */
2951 if (!verify_type_compatibility_full (ctx, type, mono_type_get_type_byval (value->type), TRUE))
2952 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldojb operation at 0x%04x", ctx->ip_offset));
2954 set_stack_value (ctx, stack_push (ctx), type, FALSE);
2958 do_stobj (VerifyContext *ctx, int token)
2960 ILStackDesc *dest, *src;
2961 MonoType *type = get_boxable_mono_type (ctx, token);
2965 if (!check_underflow (ctx, 2))
2968 src = stack_pop (ctx);
2969 dest = stack_pop (ctx);
2971 if (!stack_slot_is_managed_pointer (dest))
2972 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of stobj operation at 0x%04x", ctx->ip_offset));
2974 if (!verify_stack_type_compatibility (ctx, type, src))
2975 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of stobj don't match at 0x%04x", ctx->ip_offset));
2977 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
2978 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of stobj don't match at 0x%04x", ctx->ip_offset));
2982 do_cpobj (VerifyContext *ctx, int token)
2984 ILStackDesc *dest, *src;
2985 MonoType *type = get_boxable_mono_type (ctx, token);
2989 if (!check_underflow (ctx, 2))
2992 src = stack_pop (ctx);
2993 dest = stack_pop (ctx);
2995 if (!stack_slot_is_managed_pointer (src))
2996 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid source of cpobj operation at 0x%04x", ctx->ip_offset));
2998 if (!stack_slot_is_managed_pointer (dest))
2999 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid destination of cpobj operation at 0x%04x", ctx->ip_offset));
3001 if (!verify_type_compatibility (ctx, type, mono_type_get_type_byval (src->type)))
3002 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Token and source types of cpobj don't match at 0x%04x", ctx->ip_offset));
3004 if (!verify_type_compatibility (ctx, mono_type_get_type_byval (dest->type), type))
3005 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Destination and token types of cpobj don't match at 0x%04x", ctx->ip_offset));
3009 do_initobj (VerifyContext *ctx, int token)
3012 MonoType *stack, *type = get_boxable_mono_type (ctx, token);
3016 if (!check_underflow (ctx, 1))
3019 obj = stack_pop (ctx);
3021 if (!stack_slot_is_managed_pointer (obj))
3022 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid object address for initobj at 0x%04x", ctx->ip_offset));
3024 stack = mono_type_get_type_byval (obj->type);
3025 if (MONO_TYPE_IS_REFERENCE (stack)) {
3026 if (!verify_type_compatibility (ctx, stack, type))
3027 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3028 else if (IS_STRICT_MODE (ctx) && !mono_metadata_type_equal (type, stack))
3029 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3030 } else if (!verify_type_compatibility (ctx, stack, type)) {
3031 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
3036 do_newobj (VerifyContext *ctx, int token)
3040 MonoMethodSignature *sig;
3041 MonoMethod *method = mono_get_method_full (ctx->image, token, NULL, ctx->generic_context);
3042 gboolean is_delegate = FALSE;
3045 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Constructor 0x%08x not found at 0x%04x", token, ctx->ip_offset));
3049 if (!mono_method_is_constructor (method)) {
3050 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Method from token 0x%08x not a constructor at 0x%04x", token, ctx->ip_offset));
3054 if (method->klass->flags & (TYPE_ATTRIBUTE_ABSTRACT | TYPE_ATTRIBUTE_INTERFACE))
3055 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Trying to instantiate an abstract or interface type at 0x%04x", ctx->ip_offset));
3057 if (!mono_method_can_access_method (ctx->method, method))
3058 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Constructor not visible at 0x%04x", ctx->ip_offset));
3060 sig = mono_method_signature (method);
3061 if (!check_underflow (ctx, sig->param_count))
3064 is_delegate = method->klass->parent == mono_defaults.multicastdelegate_class;
3067 ILStackDesc *funptr;
3068 //first arg is object, second arg is fun ptr
3069 if (sig->param_count != 2) {
3070 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid delegate constructor at 0x%04x", ctx->ip_offset));
3073 funptr = stack_pop (ctx);
3074 value = stack_pop (ctx);
3075 verify_delegate_compatibility (ctx, method->klass, value, funptr);
3077 for (i = sig->param_count - 1; i >= 0; --i) {
3078 VERIFIER_DEBUG ( printf ("verifying constructor argument %d\n", i); );
3079 value = stack_pop (ctx);
3080 if (!verify_stack_type_compatibility (ctx, sig->params [i], value))
3081 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature at 0x%04x", ctx->ip_offset));
3085 if (check_overflow (ctx))
3086 set_stack_value (ctx, stack_push (ctx), &method->klass->byval_arg, FALSE);
3090 do_cast (VerifyContext *ctx, int token) {
3095 if (!check_underflow (ctx, 1))
3098 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
3101 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3106 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid castclass type at 0x%04x", ctx->ip_offset));
3110 value = stack_pop (ctx);
3111 is_boxed = stack_slot_is_boxed_value (value);
3113 if (stack_slot_is_managed_pointer (value))
3114 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for checkcast at 0x%04x", ctx->ip_offset));
3115 else if (mono_class_from_mono_type (value->type)->valuetype && !is_boxed)
3116 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Value cannot be a valuetype for checkast at 0x%04x", ctx->ip_offset));
3118 switch (value->type->type) {
3119 case MONO_TYPE_FNPTR:
3121 case MONO_TYPE_TYPEDBYREF:
3122 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for checkast at 0x%04x", ctx->ip_offset));
3125 stack_push_val (ctx, TYPE_COMPLEX | (mono_class_from_mono_type (type)->valuetype ? BOXED_MASK : 0), type);
3129 mono_type_from_opcode (int opcode) {
3137 return &mono_defaults.sbyte_class->byval_arg;
3145 return &mono_defaults.int16_class->byval_arg;
3153 return &mono_defaults.int32_class->byval_arg;
3159 return &mono_defaults.int64_class->byval_arg;
3165 return &mono_defaults.single_class->byval_arg;
3171 return &mono_defaults.double_class->byval_arg;
3177 return &mono_defaults.int_class->byval_arg;
3181 case CEE_LDELEM_REF:
3182 case CEE_STELEM_REF:
3183 return &mono_defaults.object_class->byval_arg;
3186 g_error ("unknown opcode %02x in mono_type_from_opcode ", opcode);
3192 do_load_indirect (VerifyContext *ctx, int opcode)
3195 if (!check_underflow (ctx, 1))
3198 value = stack_pop (ctx);
3199 if (!stack_slot_is_managed_pointer (value)) {
3200 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Load indirect not using a manager pointer at 0x%04x", ctx->ip_offset));
3201 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3205 if (opcode == CEE_LDIND_REF) {
3206 if (stack_slot_get_underlying_type (value) != TYPE_COMPLEX || mono_class_from_mono_type (value->type)->valuetype)
3207 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind_ref expected object byref operation at 0x%04x", ctx->ip_offset));
3208 set_stack_value (ctx, stack_push (ctx), mono_type_get_type_byval (value->type), FALSE);
3210 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (value->type), TRUE))
3211 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type at stack for ldind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3212 set_stack_value (ctx, stack_push (ctx), mono_type_from_opcode (opcode), FALSE);
3217 do_store_indirect (VerifyContext *ctx, int opcode)
3219 ILStackDesc *addr, *val;
3220 if (!check_underflow (ctx, 2))
3223 val = stack_pop (ctx);
3224 addr = stack_pop (ctx);
3226 check_unmanaged_pointer (ctx, addr);
3228 if (!stack_slot_is_managed_pointer (addr) && stack_slot_get_type (addr) != TYPE_PTR) {
3229 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid non-pointer argument to stind at 0x%04x", ctx->ip_offset));
3233 if (!verify_type_compatibility_full (ctx, mono_type_from_opcode (opcode), mono_type_get_type_byval (addr->type), TRUE))
3234 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid addr type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3236 if (!verify_stack_type_compatibility (ctx, mono_type_from_opcode (opcode), val))
3237 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value type at stack for stind 0x%x operation at 0x%04x", opcode, ctx->ip_offset));
3241 do_newarr (VerifyContext *ctx, int token)
3244 MonoType *type = get_boxable_mono_type (ctx, token);
3249 if (!check_underflow (ctx, 1))
3252 value = stack_pop (ctx);
3253 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3254 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Array size type on stack (%s) is not a verifiable type at 0x%04x", stack_slot_get_name (value), ctx->ip_offset));
3256 set_stack_value (ctx, stack_push (ctx), mono_class_get_type (mono_array_class_get (mono_class_from_mono_type (type), 1)), FALSE);
3259 /*FIXME handle arrays that are not 0-indexed*/
3261 do_ldlen (VerifyContext *ctx)
3265 if (!check_underflow (ctx, 1))
3268 value = stack_pop (ctx);
3270 if (stack_slot_get_type (value) != TYPE_COMPLEX || value->type->type != MONO_TYPE_SZARRAY)
3271 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type for ldlen at 0x%04x", ctx->ip_offset));
3273 stack_push_val (ctx, TYPE_NATIVE_INT, &mono_defaults.int_class->byval_arg);
3276 /*FIXME handle arrays that are not 0-indexed*/
3277 /*FIXME handle readonly prefix and CMMP*/
3279 do_ldelema (VerifyContext *ctx, int klass_token)
3281 ILStackDesc *index, *array;
3282 MonoType *type = get_boxable_mono_type (ctx, klass_token);
3288 if (!check_underflow (ctx, 2))
3291 index = stack_pop (ctx);
3292 array = stack_pop (ctx);
3294 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3295 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelema is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3297 if (!stack_slot_is_null_literal (array)) {
3298 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3299 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelema at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3301 if (get_stack_type (type) == TYPE_I4 || get_stack_type (type) == TYPE_NATIVE_INT) {
3302 valid = verify_type_compatibility_full (ctx, type, &array->type->data.klass->byval_arg, TRUE);
3304 valid = mono_metadata_type_equal (type, &array->type->data.klass->byval_arg);
3307 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelema at 0x%04x", ctx->ip_offset));
3311 set_stack_value (ctx, stack_push (ctx), type, TRUE);
3314 /*FIXME handle arrays that are not 0-indexed*/
3315 /*FIXME handle readonly prefix and CMMP*/
3317 do_ldelem (VerifyContext *ctx, int opcode, int token)
3319 ILStackDesc *index, *array;
3321 if (!check_underflow (ctx, 2))
3324 if (opcode == CEE_LDELEM_ANY) {
3325 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
3327 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3331 type = mono_type_from_opcode (opcode);
3334 index = stack_pop (ctx);
3335 array = stack_pop (ctx);
3337 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3338 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for ldelema is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3340 if (!stack_slot_is_null_literal (array)) {
3341 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY)
3342 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for ldelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3344 if (opcode == CEE_LDELEM_REF) {
3345 if (array->type->data.klass->valuetype)
3346 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for ldelem.ref 0x%04x", ctx->ip_offset));
3347 type = &array->type->data.klass->byval_arg;
3348 } else if (!verify_type_compatibility_full (ctx, type, &array->type->data.klass->byval_arg, TRUE)) {
3349 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for ldelem.X at 0x%04x", ctx->ip_offset));
3354 set_stack_value (ctx, stack_push (ctx), type, FALSE);
3357 /*FIXME handle arrays that are not 0-indexed*/
3359 do_stelem (VerifyContext *ctx, int opcode, int token)
3361 ILStackDesc *index, *array, *value;
3363 if (!check_underflow (ctx, 3))
3366 if (opcode == CEE_STELEM_ANY) {
3367 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
3369 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3373 type = mono_type_from_opcode (opcode);
3376 value = stack_pop (ctx);
3377 index = stack_pop (ctx);
3378 array = stack_pop (ctx);
3380 if (stack_slot_get_type (index) != TYPE_I4 && stack_slot_get_type (index) != TYPE_NATIVE_INT)
3381 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Index type(%s) for stdelem.X is not an int or a native int at 0x%04x", stack_slot_get_name (index), ctx->ip_offset));
3383 if (!stack_slot_is_null_literal (array)) {
3384 if (stack_slot_get_type (array) != TYPE_COMPLEX || array->type->type != MONO_TYPE_SZARRAY) {
3385 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type(%s) for stelem.X at 0x%04x", stack_slot_get_name (array), ctx->ip_offset));
3387 if (opcode == CEE_STELEM_REF) {
3388 if (array->type->data.klass->valuetype)
3389 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3390 } else if (!verify_type_compatibility_full (ctx, &array->type->data.klass->byval_arg, type, TRUE)) {
3391 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid array type on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3396 if (opcode == CEE_STELEM_REF) {
3397 if (!stack_slot_is_boxed_value (value) && mono_class_from_mono_type (value->type)->valuetype)
3398 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value is not a reference type for stelem.ref 0x%04x", ctx->ip_offset));
3399 } else if (opcode != CEE_STELEM_REF && !verify_type_compatibility_full (ctx, type, mono_type_from_stack_slot (value), FALSE)) {
3400 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value on stack for stdelem.X at 0x%04x", ctx->ip_offset));
3405 do_throw (VerifyContext *ctx)
3407 ILStackDesc *exception;
3408 if (!check_underflow (ctx, 1))
3410 exception = stack_pop (ctx);
3412 if (!stack_slot_is_null_literal (exception) && !(stack_slot_get_type (exception) == TYPE_COMPLEX && !mono_class_from_mono_type (exception->type)->valuetype))
3413 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid type on stack for throw, expected reference type at 0x%04x", ctx->ip_offset));
3415 /*The stack is left empty after a throw*/
3421 do_endfilter (VerifyContext *ctx)
3423 MonoExceptionClause *clause;
3425 if (IS_STRICT_MODE (ctx)) {
3426 if (ctx->eval.size != 1)
3427 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack size must have one item for endfilter at 0x%04x", ctx->ip_offset));
3429 if (ctx->eval.size >= 1 && stack_slot_get_type (stack_pop (ctx)) != TYPE_I4)
3430 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Stack item type is not an int32 for endfilter at 0x%04x", ctx->ip_offset));
3433 if ((clause = is_correct_endfilter (ctx, ctx->ip_offset))) {
3434 if (IS_STRICT_MODE (ctx)) {
3435 if (ctx->ip_offset != clause->handler_offset - 2)
3436 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3438 if ((ctx->ip_offset != clause->handler_offset - 2) && !MONO_OFFSET_IN_HANDLER (clause, ctx->ip_offset))
3439 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter is not the last instruction of the filter clause at 0x%04x", ctx->ip_offset));
3442 if (IS_STRICT_MODE (ctx) && !is_unverifiable_endfilter (ctx, ctx->ip_offset))
3443 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3445 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("endfilter outside filter clause at 0x%04x", ctx->ip_offset));
3452 do_leave (VerifyContext *ctx, int delta)
3454 int target = ((gint32)ctx->ip_offset) + delta;
3455 if (target >= ctx->code_size || target < 0)
3456 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target out of code at 0x%04x", ctx->ip_offset));
3458 if (!is_correct_leave (ctx->header, ctx->ip_offset, target))
3459 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Leave not allowed in finally block at 0x%04x", ctx->ip_offset));
3465 * Verify br and br.s opcodes.
3468 do_static_branch (VerifyContext *ctx, int delta)
3470 int target = ctx->ip_offset + delta;
3471 if (target < 0 || target >= ctx->code_size) {
3472 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("branch target out of code at 0x%04x", ctx->ip_offset));
3476 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3478 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3481 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Branch target escapes out of exception block at 0x%04x", ctx->ip_offset));
3485 ctx->target = target;
3489 do_switch (VerifyContext *ctx, int count, const unsigned char *data)
3491 int i, base = ctx->ip_offset + 5 + count * 4;
3494 if (!check_underflow (ctx, 1))
3497 value = stack_pop (ctx);
3499 if (stack_slot_get_type (value) != TYPE_I4 && stack_slot_get_type (value) != TYPE_NATIVE_INT)
3500 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to switch at 0x%04x", ctx->ip_offset));
3502 for (i = 0; i < count; ++i) {
3503 int target = base + read32 (data + i * 4);
3505 if (target < 0 || target >= ctx->code_size)
3506 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x out of code at 0x%04x", i, ctx->ip_offset));
3508 switch (is_valid_branch_instruction (ctx->header, ctx->ip_offset, target)) {
3510 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3513 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Switch target %x escapes out of exception block at 0x%04x", i, ctx->ip_offset));
3516 merge_stacks (ctx, &ctx->eval, &ctx->code [target], FALSE, TRUE);
3521 do_load_function_ptr (VerifyContext *ctx, guint32 token, gboolean virtual)
3526 if (virtual && !check_underflow (ctx, 1))
3529 if (!virtual && !check_overflow (ctx))
3532 if (!IS_METHOD_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3533 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid token %x for ldftn at 0x%04x", token, ctx->ip_offset));
3537 method = mono_get_method_full (ctx->image, token, NULL, ctx->generic_context);
3540 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not resolve ldftn token %x at 0x%04x", token, ctx->ip_offset));
3544 if (mono_method_is_constructor (method))
3545 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldftn with a constructor at 0x%04x", ctx->ip_offset));
3548 ILStackDesc *top = stack_pop (ctx);
3550 if (stack_slot_get_type (top) != TYPE_COMPLEX || top->type->type == MONO_TYPE_VALUETYPE)
3551 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid argument to ldvirtftn at 0x%04x", ctx->ip_offset));
3553 if (method->flags & METHOD_ATTRIBUTE_STATIC)
3554 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use ldvirtftn with a constructor at 0x%04x", ctx->ip_offset));
3556 if (!verify_type_compatibility (ctx, &method->klass->byval_arg, top->type))
3557 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Unexpected object for ldvirtftn at 0x%04x", ctx->ip_offset));
3560 if (!mono_method_can_access_method (ctx->method, method))
3561 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Loaded method is not visible for ldftn/ldvirtftn at 0x%04x", ctx->ip_offset));
3563 top = stack_push_val(ctx, TYPE_PTR, mono_type_create_fnptr_from_mono_method (ctx, method));
3564 top->method = method;
3568 do_sizeof (VerifyContext *ctx, int token)
3572 if (!IS_TYPE_DEF_OR_REF_OR_SPEC (token) || !token_bounds_check (ctx->image, token)) {
3573 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid type token %x at 0x%04x", token, ctx->ip_offset));
3577 type = mono_type_get_full (ctx->image, token, ctx->generic_context);
3580 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
3584 if (type->byref && type->type != MONO_TYPE_TYPEDBYREF) {
3585 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of byref type at 0x%04x", ctx->ip_offset));
3589 if (type->type == MONO_TYPE_VOID) {
3590 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid use of void type at 0x%04x", ctx->ip_offset));
3594 if (check_overflow (ctx))
3595 set_stack_value (ctx, stack_push (ctx), &mono_defaults.uint32_class->byval_arg, FALSE);
3598 /* Stack top can be of any type, the runtime doesn't care and treat everything as an int. */
3600 do_localloc (VerifyContext *ctx)
3602 if (ctx->eval.size != 1) {
3603 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3607 if (in_any_exception_block (ctx->header, ctx->ip_offset)) {
3608 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack must have only size item in localloc at 0x%04x", ctx->ip_offset));
3612 set_stack_value (ctx, stack_top (ctx), &mono_defaults.int_class->byval_arg, FALSE);
3613 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Instruction localloc in never verifiable at 0x%04x", ctx->ip_offset));
3617 do_ldstr (VerifyContext *ctx, guint32 token)
3619 if (mono_metadata_token_code (token) != MONO_TOKEN_STRING) {
3620 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid string token %x at 0x%04x", token, ctx->ip_offset));
3624 if (mono_metadata_token_index (token) >= ctx->image->heap_us.size) {
3625 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid string index %x at 0x%04x", token, ctx->ip_offset));
3629 if (check_overflow (ctx))
3630 stack_push_val (ctx, TYPE_COMPLEX, &mono_defaults.string_class->byval_arg);
3633 /*Merge the stacks and perform compat checks*/
3635 merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, int start, gboolean external)
3638 stack_init (ctx, to);
3641 if (to->flags == IL_CODE_FLAG_NOT_PROCESSED)
3644 stack_copy (&ctx->eval, to);
3646 } else if (!(to->flags & IL_CODE_STACK_MERGED)) {
3647 stack_copy (to, &ctx->eval);
3650 VERIFIER_DEBUG ( printf ("performing stack merge %d x %d\n", from->size, to->size); );
3652 if (from->size != to->size) {
3653 VERIFIER_DEBUG ( printf ("different stack sizes %d x %d at 0x%04x\n", from->size, to->size, ctx->ip_offset); );
3654 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not merge stacks, different sizes (%d x %d) at 0x%04x", from->size, to->size, ctx->ip_offset));
3658 for (i = 0; i < from->size; ++i) {
3659 ILStackDesc *from_slot = from->stack + i;
3660 ILStackDesc *to_slot = to->stack + i;
3662 if (!verify_type_compatibility (ctx, mono_type_from_stack_slot (to_slot), mono_type_from_stack_slot (from_slot))) {
3663 CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Could not merge stacks, types not compatible at 0x%04x", ctx->ip_offset));
3667 /*TODO we need to choose the base class for merging reference types*/
3668 copy_stack_value (to_slot, from_slot);
3673 to->flags |= IL_CODE_FLAG_WAS_TARGET;
3674 to->flags |= IL_CODE_STACK_MERGED;
3677 #define HANDLER_START(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER ? (clause)->data.filter_offset : clause->handler_offset)
3678 #define IS_CATCH_OR_FILTER(clause) ((clause)->flags == MONO_EXCEPTION_CLAUSE_FILTER || (clause)->flags == MONO_EXCEPTION_CLAUSE_NONE)
3681 * is_clause_in_range :
3683 * Returns TRUE if either the protected block or the handler of @clause is in the @start - @end range.
3686 is_clause_in_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3688 if (clause->try_offset >= start && clause->try_offset < end)
3690 if (HANDLER_START (clause) >= start && HANDLER_START (clause) < end)
3696 * is_clause_inside_range :
3698 * Returns TRUE if @clause lies completely inside the @start - @end range.
3701 is_clause_inside_range (MonoExceptionClause *clause, guint32 start, guint32 end)
3703 if (clause->try_offset < start || (clause->try_offset + clause->try_len) > end)
3705 if (HANDLER_START (clause) < start || (clause->handler_offset + clause->handler_len) > end)
3711 * is_clause_nested :
3713 * Returns TRUE if @nested is nested in @clause.
3716 is_clause_nested (MonoExceptionClause *clause, MonoExceptionClause *nested)
3718 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && is_clause_inside_range (nested, clause->data.filter_offset, clause->handler_offset))
3720 return is_clause_inside_range (nested, clause->try_offset, clause->try_offset + clause->try_len) ||
3721 is_clause_inside_range (nested, clause->handler_offset, clause->handler_offset + clause->handler_len);
3724 /* Test the relationship between 2 exception clauses. Follow P.1 12.4.2.7 of ECMA
3725 * the each pair of exception must have the following properties:
3726 * - one is fully nested on another (the outer must not be a filter clause) (the nested one must come earlier)
3727 * - completely disjoin (none of the 3 regions of each entry overlap with the other 3)
3728 * - mutual protection (protected block is EXACT the same, handlers are disjoin and all handler are catch or all handler are filter)
3731 verify_clause_relationship (VerifyContext *ctx, MonoExceptionClause *clause, MonoExceptionClause *to_test)
3733 /*clause is nested*/
3734 if (is_clause_nested (to_test, clause)) {
3735 if (to_test->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
3736 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clause inside filter"));
3741 /*wrong nesting order.*/
3742 if (is_clause_nested (clause, to_test)) {
3743 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Nested exception clause appears after enclosing clause"));
3747 /*mutual protection*/
3748 if (clause->try_offset == to_test->try_offset && clause->try_len == to_test->try_len) {
3749 /*handlers are not disjoint*/
3750 if (is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len)) {
3751 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception handlers overlap"));
3754 /* handlers are not catch or filter */
3755 if (!IS_CATCH_OR_FILTER (clause) || !IS_CATCH_OR_FILTER (to_test)) {
3756 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses with shared protected block are neither catch or filter"));
3763 /*not completelly disjoint*/
3764 if (is_clause_in_range (to_test, clause->try_offset, clause->try_offset + clause->try_len) ||
3765 is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len))
3766 ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses overlap"));
3770 * FIXME: need to distinguish between valid and verifiable.
3771 * Need to keep track of types on the stack.
3772 * Verify types for opcodes.
3775 mono_method_verify (MonoMethod *method, int level)
3777 const unsigned char *ip;
3778 const unsigned char *end;
3779 int i, n, need_merge = 0, start = 0;
3780 guint token, ip_offset = 0, prefix = 0, prefix_list = 0;
3781 MonoGenericContext *generic_context = NULL;
3786 VERIFIER_DEBUG ( printf ("Verify IL for method %s %s %s\n", method->klass->name, method->klass->name, method->name); );
3788 if (method->iflags & (METHOD_IMPL_ATTRIBUTE_INTERNAL_CALL | METHOD_IMPL_ATTRIBUTE_RUNTIME) ||
3789 (method->flags & (METHOD_ATTRIBUTE_PINVOKE_IMPL | METHOD_ATTRIBUTE_ABSTRACT))) {
3793 memset (&ctx, 0, sizeof (VerifyContext));
3795 ctx.signature = mono_method_signature (method);
3796 if (!ctx.signature) {
3797 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method signature"));
3800 ctx.header = mono_method_get_header (method);
3802 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Could not decode method header"));
3805 ctx.method = method;
3806 ip = ctx.header->code;
3807 end = ip + ctx.header->code_size;
3808 ctx.image = image = method->klass->image;
3811 ctx.max_args = ctx.signature->param_count + ctx.signature->hasthis;
3812 ctx.max_stack = ctx.header->max_stack;
3813 ctx.verifiable = ctx.valid = 1;
3816 ctx.code = g_new0 (ILCodeDesc, ctx.header->code_size);
3817 ctx.code_size = ctx.header->code_size;
3819 memset(ctx.code, 0, sizeof (ILCodeDesc) * ctx.header->code_size);
3822 ctx.num_locals = ctx.header->num_locals;
3823 ctx.locals = ctx.header->locals;
3826 if (ctx.signature->hasthis) {
3827 ctx.params = g_new0 (MonoType*, ctx.max_args);
3828 ctx.params [0] = method->klass->valuetype ? &method->klass->this_arg : &method->klass->byval_arg;
3829 memcpy (ctx.params + 1, ctx.signature->params, sizeof (MonoType *) * ctx.signature->param_count);
3831 ctx.params = ctx.signature->params;
3834 if (ctx.signature->is_inflated)
3835 ctx.generic_context = generic_context = mono_method_get_context (method);
3837 stack_init (&ctx, &ctx.eval);
3839 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
3840 MonoExceptionClause *clause = ctx.header->clauses + i;
3841 VERIFIER_DEBUG (printf ("clause try %x len %x filter at %x handler at %x len %x\n", clause->try_offset, clause->try_len, clause->data.filter_offset, clause->handler_offset, clause->handler_len); );
3843 if (clause->try_offset > ctx.code_size)
3844 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
3846 if (clause->try_len <= 0)
3847 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
3849 if (clause->handler_offset > ctx.code_size)
3850 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
3852 if (clause->handler_len <= 0)
3853 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
3855 if (clause->try_offset < clause->handler_offset && clause->try_offset + clause->try_len > HANDLER_START (clause))
3856 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try block (at 0x%04x) includes handler block (at 0x%04x)", clause->try_offset, clause->handler_offset));
3858 for (n = i + 1; n < ctx.header->num_clauses && ctx.valid; ++n)
3859 verify_clause_relationship (&ctx, clause, ctx.header->clauses + n);
3864 ctx.code [clause->try_offset].flags |= IL_CODE_FLAG_WAS_TARGET;
3865 ctx.code [clause->try_offset + clause->try_len].flags |= IL_CODE_FLAG_WAS_TARGET;
3866 ctx.code [clause->handler_offset + clause->handler_len].flags |= IL_CODE_FLAG_WAS_TARGET;
3868 if (clause->flags == MONO_EXCEPTION_CLAUSE_NONE) {
3869 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, clause->data.catch_class);
3871 else if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
3872 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->data.filter_offset, mono_defaults.exception_class);
3873 init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, mono_defaults.exception_class);
3877 while (ip < end && ctx.valid) {
3878 ctx.ip_offset = ip_offset = ip - ctx.header->code;
3880 /*We need to check against fallthrou in and out of protected blocks.
3881 * For fallout we check the once a protected block ends, if the start flag is not set.
3882 * Likewise for fallthru in, we check if ip is the start of a protected block and start is not set
3883 * TODO convert these checks to be done using flags and not this loop
3885 for (i = 0; i < ctx.header->num_clauses && ctx.valid; ++i) {
3886 MonoExceptionClause *clause = ctx.header->clauses + i;
3888 if ((clause->try_offset + clause->try_len == ip_offset) && start == 0) {
3889 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru off try block at 0x%04x", ip_offset));
3893 if ((clause->handler_offset + clause->handler_len == ip_offset) && start == 0) {
3894 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER)
3895 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
3897 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallout of handler block at 0x%04x", ip_offset));
3901 if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && clause->handler_offset == ip_offset && start == 0) {
3902 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("fallout of filter block at 0x%04x", ip_offset));
3906 if (clause->handler_offset == ip_offset && start == 0) {
3907 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("fallthru handler block at 0x%04x", ip_offset));
3911 if (clause->try_offset == ip_offset && ctx.eval.size > 0) {
3912 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Try to enter try block with a non-empty stack at 0x%04x", ip_offset));
3921 VERIFIER_DEBUG ( printf ("extra merge needed! 0x%04x \n", ctx.target); );
3922 merge_stacks (&ctx, &ctx.eval, &ctx.code [ctx.target], FALSE, TRUE);
3925 merge_stacks (&ctx, &ctx.eval, &ctx.code[ip_offset], start, FALSE);
3928 /*TODO we can fast detect a forward branch or exception block targeting code after prefix, we should fail fast*/
3930 prefix_list |= prefix;
3933 ctx.code [ip_offset].flags |= IL_CODE_FLAG_SEEN;
3937 #ifdef MONO_VERIFIER_DEBUG
3940 discode = mono_disasm_code_one (NULL, method, ip, NULL);
3941 discode [strlen (discode) - 1] = 0; /* no \n */
3942 g_print ("[%d] %-29s (%d)\n", ip_offset, discode, ctx.eval.size);
3945 dump_stack_state (&ctx.code [ip_offset]);
3946 dump_stack_state (&ctx.eval);
3959 push_arg (&ctx, *ip - CEE_LDARG_0, FALSE);
3965 push_arg (&ctx, ip [1], *ip == CEE_LDARGA_S);
3969 case CEE_ADD_OVF_UN:
3970 do_binop (&ctx, *ip, add_ovf_un_table);
3974 case CEE_SUB_OVF_UN:
3975 do_binop (&ctx, *ip, sub_ovf_un_table);
3982 case CEE_MUL_OVF_UN:
3983 do_binop (&ctx, *ip, bin_ovf_table);
3988 do_binop (&ctx, *ip, add_table);
3993 do_binop (&ctx, *ip, sub_table);
4000 do_binop (&ctx, *ip, bin_op_table);
4009 do_binop (&ctx, *ip, int_bin_op_table);
4016 do_binop (&ctx, *ip, shift_op_table);
4021 if (!check_underflow (&ctx, 1))
4037 /*TODO support definite assignment verification? */
4038 push_local (&ctx, *ip - CEE_LDLOC_0, FALSE);
4046 store_local (&ctx, *ip - CEE_STLOC_0);
4051 store_local (&ctx, ip [1]);
4056 store_arg (&ctx, ip [1]);
4070 if (check_overflow (&ctx))
4071 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4076 if (check_overflow (&ctx))
4077 stack_push_val (&ctx, TYPE_I4, &mono_defaults.int32_class->byval_arg);
4082 if (check_overflow (&ctx))
4083 stack_push_val (&ctx,TYPE_I4, &mono_defaults.int32_class->byval_arg);
4088 if (check_overflow (&ctx))
4089 stack_push_val (&ctx,TYPE_I8, &mono_defaults.int64_class->byval_arg);
4094 if (check_overflow (&ctx))
4095 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4100 if (check_overflow (&ctx))
4101 stack_push_val (&ctx, TYPE_R8, &mono_defaults.double_class->byval_arg);
4106 if (check_overflow (&ctx))
4107 stack_push_val (&ctx, TYPE_COMPLEX | NULL_LITERAL_MASK, &mono_defaults.object_class->byval_arg);
4113 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_eq_op);
4126 do_branch_op (&ctx, (signed char)ip [1] + 2, cmp_br_op);
4133 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_eq_op);
4146 do_branch_op (&ctx, (gint32)read32 (ip + 1) + 5, cmp_br_op);
4153 push_local (&ctx, ip[1], *ip == CEE_LDLOCA_S);
4157 /* FIXME: warn/error instead? */
4164 if (!check_underflow (&ctx, 1))
4166 if (!check_overflow (&ctx))
4168 top = stack_push (&ctx);
4169 copy_stack_value (top, stack_get (&ctx, 1));
4176 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Eval stack must be empty in jmp at 0x%04x", ip_offset));
4177 token = read32 (ip + 1);
4178 if (in_any_block (ctx.header, ip_offset))
4179 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("jmp cannot escape exception blocks at 0x%04x", ip_offset));
4181 * FIXME: check signature, retval, arguments etc.
4187 do_invoke_method (&ctx, read32 (ip + 1), *ip == CEE_CALLVIRT);
4192 token = read32 (ip + 1);
4194 * FIXME: check signature, retval, arguments etc.
4199 do_static_branch (&ctx, (signed char)ip [1] + 2);
4207 do_boolean_branch_op (&ctx, (signed char)ip [1] + 2);
4213 do_static_branch (&ctx, (gint32)read32 (ip + 1) + 5);
4221 do_boolean_branch_op (&ctx, (gint32)read32 (ip + 1) + 5);
4227 n = read32 (ip + 1);
4228 do_switch (&ctx, n, (ip + 5));
4230 ip += 5 + sizeof (guint32) * n;
4244 do_load_indirect (&ctx, *ip);
4256 do_store_indirect (&ctx, *ip);
4262 do_unary_math_op (&ctx, *ip);
4272 do_conversion (&ctx, TYPE_I4);
4278 do_conversion (&ctx, TYPE_I8);
4285 do_conversion (&ctx, TYPE_R8);
4291 do_conversion (&ctx, TYPE_NATIVE_INT);
4296 do_cpobj (&ctx, read32 (ip + 1));
4301 do_ldobj_value (&ctx, read32 (ip + 1));
4306 do_ldstr (&ctx, read32 (ip + 1));
4311 do_newobj (&ctx, read32 (ip + 1));
4317 do_cast (&ctx, read32 (ip + 1));
4323 ++ip; /* warn, error ? */
4326 do_unbox_value (&ctx, read32 (ip + 1));
4338 do_push_field (&ctx, read32 (ip + 1), *ip == CEE_LDFLDA);
4344 do_push_static_field (&ctx, read32 (ip + 1), *ip == CEE_LDSFLDA);
4349 do_store_field (&ctx, read32 (ip + 1));
4354 do_store_static_field (&ctx, read32 (ip + 1));
4359 do_stobj (&ctx, read32 (ip + 1));
4363 case CEE_CONV_OVF_I1_UN:
4364 case CEE_CONV_OVF_I2_UN:
4365 case CEE_CONV_OVF_I4_UN:
4366 case CEE_CONV_OVF_U1_UN:
4367 case CEE_CONV_OVF_U2_UN:
4368 case CEE_CONV_OVF_U4_UN:
4369 do_conversion (&ctx, TYPE_I4);
4373 case CEE_CONV_OVF_I8_UN:
4374 case CEE_CONV_OVF_U8_UN:
4375 do_conversion (&ctx, TYPE_I8);
4379 case CEE_CONV_OVF_I_UN:
4380 case CEE_CONV_OVF_U_UN:
4381 do_conversion (&ctx, TYPE_NATIVE_INT);
4386 do_box_value (&ctx, read32 (ip + 1));
4391 do_newarr (&ctx, read32 (ip + 1));
4401 do_ldelema (&ctx, read32 (ip + 1));
4415 case CEE_LDELEM_REF:
4416 do_ldelem (&ctx, *ip, 0);
4427 case CEE_STELEM_REF:
4428 do_stelem (&ctx, *ip, 0);
4432 case CEE_LDELEM_ANY:
4433 do_ldelem (&ctx, *ip, read32 (ip + 1));
4437 case CEE_STELEM_ANY:
4438 do_stelem (&ctx, *ip, read32 (ip + 1));
4443 do_unbox_any (&ctx, read32 (ip + 1));
4460 ++ip; /* warn, error ? */
4463 case CEE_CONV_OVF_I1:
4464 case CEE_CONV_OVF_U1:
4465 case CEE_CONV_OVF_I2:
4466 case CEE_CONV_OVF_U2:
4467 case CEE_CONV_OVF_I4:
4468 case CEE_CONV_OVF_U4:
4469 do_conversion (&ctx, TYPE_I4);
4473 case CEE_CONV_OVF_I8:
4474 case CEE_CONV_OVF_U8:
4475 do_conversion (&ctx, TYPE_I8);
4479 case CEE_CONV_OVF_I:
4480 case CEE_CONV_OVF_U:
4481 do_conversion (&ctx, TYPE_NATIVE_INT);
4492 ++ip; /* warn, error ? */
4495 if (!check_underflow (&ctx, 1))
4500 if (!check_underflow (&ctx, 1))
4506 ++ip; /* warn, error ? */
4509 if (!check_underflow (&ctx, 1))
4511 token = read32 (ip + 1);
4523 ++ip; /* warn, error ? */
4526 do_load_token (&ctx, read32 (ip + 1));
4530 case CEE_ENDFINALLY:
4531 if (!is_correct_endfinally (ctx.header, ip_offset))
4532 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("endfinally must be used inside a finally/fault handler at 0x%04x", ctx.ip_offset));
4539 do_leave (&ctx, read32 (ip + 1) + 5);
4545 do_leave (&ctx, (signed char)ip [1] + 2);
4588 store_local (&ctx, read16 (ip + 1));
4593 do_cmp_op (&ctx, cmp_br_eq_op, *ip);
4601 do_cmp_op (&ctx, cmp_br_op, *ip);
4606 store_arg (&ctx, read16 (ip + 1) );
4612 check_overflow (&ctx);
4616 do_load_function_ptr (&ctx, read32 (ip + 1), FALSE);
4621 do_load_function_ptr (&ctx, read32 (ip + 1), TRUE);
4631 push_arg (&ctx, read16 (ip + 1), *ip == CEE_LDARGA);
4637 push_local (&ctx, read16 (ip + 1), *ip == CEE_LDLOCA);
4650 do_endfilter (&ctx);
4654 case CEE_UNALIGNED_:
4655 prefix |= PREFIX_UNALIGNED;
4659 prefix |= PREFIX_VOLATILE;
4663 prefix |= PREFIX_TAIL;
4665 if (ip < end && (*ip != CEE_CALL && *ip != CEE_CALLI && *ip != CEE_CALLVIRT))
4666 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("tail prefix must be used only with call opcodes at 0x%04x", ip_offset));
4670 do_initobj (&ctx, read32 (ip + 1));
4674 case CEE_CONSTRAINED_:
4675 token = read32 (ip + 1);
4679 if (!check_underflow (&ctx, 3))
4684 if (!check_underflow (&ctx, 3))
4692 if (!is_correct_rethrow (ctx.header, ip_offset))
4693 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("rethrow must be used inside a catch handler at 0x%04x", ctx.ip_offset));
4702 do_sizeof (&ctx, read32 (ip + 1));
4706 case CEE_REFANYTYPE:
4707 if (!check_underflow (&ctx, 1))
4721 * if ip != end we overflowed: mark as error.
4723 if ((ip != end || !start) && ctx.verifiable && !ctx.list) {
4724 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Run ahead of method code at 0x%04x", ip_offset));
4727 /*We should guard against the last decoded opcode, otherwise we might add errors that doesn't make sense.*/
4728 for (i = 0; i < ctx.code_size && i < ip_offset; ++i) {
4729 if (ctx.code [i].flags & IL_CODE_FLAG_WAS_TARGET) {
4730 if (!(ctx.code [i].flags & IL_CODE_FLAG_SEEN))
4731 ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Branch or exception block target middle of intruction at 0x%04x", i));
4733 if (ctx.code [i].flags & IL_CODE_DELEGATE_SEQUENCE)
4734 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Branch to delegate code sequence at 0x%04x", i));
4736 if ((ctx.code [i].flags & IL_CODE_LDFTN_DELEGATE_NONFINAL_VIRTUAL) && ctx.has_this_store)
4737 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", i));
4739 if ((ctx.code [i].flags & IL_CODE_CALL_NONFINAL_VIRTUAL) && ctx.has_this_store)
4740 CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid call to a non-final virtual function in method with stdarg.0 or ldarga.0 at 0x%04x", i));
4744 for (i = 0; i < ctx.header->code_size; ++i) {
4745 if (ctx.code [i].stack)
4746 g_free (ctx.code [i].stack);
4750 for (tmp = ctx.funptrs; tmp; tmp = tmp->next)
4752 g_slist_free (ctx.funptrs);
4755 g_free (ctx.eval.stack);
4758 if (ctx.signature->hasthis)
4759 g_free (ctx.params);
4765 mono_verify_corlib ()
4767 /* This is a public API function so cannot be removed */