-/*
- * verify.c:
+/**
+ * \file
*
* Author:
* Mono Project (http://www.mono-project.com)
#include <mono/metadata/tokentype.h>
#include <mono/metadata/mono-basic-block.h>
#include <mono/metadata/attrdefs.h>
-#include <mono/metadata/class-internals.h>
#include <mono/utils/mono-counters.h>
#include <mono/utils/monobitset.h>
#include <string.h>
int num_locals;
MonoType **locals;
+ char *locals_verification_state;
/*TODO get rid of target here, need_merge in mono_method_verify and hoist the merging code in the branching code*/
int target;
/*This is an unitialized this ref*/
UNINIT_THIS_MASK = 0x2000,
+
+ /* This is a safe to return byref */
+ SAFE_BYREF_MASK = 0x4000,
};
static const char* const
if (mono_class_has_failure (klass))
return FALSE;
- for (i = 0; i < klass->method.count; ++i) {
+ int mcount = mono_class_get_method_count (klass);
+ for (i = 0; i < mcount; ++i) {
method = klass->methods [i];
if (mono_method_is_constructor (method) &&
mono_method_signature (method) &&
/**
* mono_generic_param_is_constraint_compatible:
*
- * Returns: TRUE if @candidate is constraint compatible with @target.
+ * \returns TRUE if \p candidate is constraint compatible with \p target.
*
- * This means that @candidate constraints are a super set of @target constaints
+ * This means that \p candidate constraints are a super set of \p target constaints
*/
static gboolean
mono_generic_param_is_constraint_compatible (VerifyContext *ctx, MonoGenericParam *target, MonoGenericParam *candidate, MonoClass *candidate_param_class, MonoGenericContext *context)
return (value->stype & BOXED_MASK) == BOXED_MASK;
}
+/* stack_slot_is_safe_byref:
+ *
+ * Returns TRUE is @value is a safe byref
+ */
+static gboolean
+stack_slot_is_safe_byref (ILStackDesc *value)
+{
+ return (value->stype & SAFE_BYREF_MASK) == SAFE_BYREF_MASK;
+}
+
static const char *
stack_slot_get_name (ILStackDesc *value)
{
return type_names [value->stype & TYPE_MASK];
}
+enum {
+ SAFE_BYREF_LOCAL = 1,
+ UNSAFE_BYREF_LOCAL = 2
+};
+static gboolean
+local_is_safe_byref (VerifyContext *ctx, unsigned int arg)
+{
+ return ctx->locals_verification_state [arg] == SAFE_BYREF_LOCAL;
+}
+
+static gboolean
+local_is_unsafe_byref (VerifyContext *ctx, unsigned int arg)
+{
+ return ctx->locals_verification_state [arg] == UNSAFE_BYREF_LOCAL;
+}
+
#define APPEND_WITH_PREDICATE(PRED,NAME) do {\
if (PRED (value)) { \
if (!first) \
APPEND_WITH_PREDICATE (stack_slot_is_null_literal, "null");
APPEND_WITH_PREDICATE (stack_slot_is_managed_mutability_pointer, "cmmp");
APPEND_WITH_PREDICATE (stack_slot_is_managed_pointer, "mp");
+ APPEND_WITH_PREDICATE (stack_slot_is_safe_byref, "safe-byref");
has_pred = TRUE;
}
}
//////////////////////////////////////////////////////////////////
+
+/**
+ * mono_free_verify_list:
+ */
void
mono_free_verify_list (GSList *list)
{
if (stack_slot_is_managed_pointer (value))
printf ("Managed Pointer to: ");
+ if (stack_slot_is_safe_byref (value))
+ printf ("Safe ByRef to: ");
+
switch (stack_slot_get_underlying_type (value)) {
case TYPE_INV:
printf ("invalid type]");
code->stack->stype |= BOXED_MASK;
}
/* Class lazy loading functions */
-static GENERATE_GET_CLASS_WITH_CACHE (ienumerable, System.Collections.Generic, IEnumerable`1)
-static GENERATE_GET_CLASS_WITH_CACHE (icollection, System.Collections.Generic, ICollection`1)
-static GENERATE_GET_CLASS_WITH_CACHE (ireadonly_list, System.Collections.Generic, IReadOnlyList`1)
-static GENERATE_GET_CLASS_WITH_CACHE (ireadonly_collection, System.Collections.Generic, IReadOnlyCollection`1)
+static GENERATE_GET_CLASS_WITH_CACHE (ienumerable, "System.Collections.Generic", "IEnumerable`1")
+static GENERATE_GET_CLASS_WITH_CACHE (icollection, "System.Collections.Generic", "ICollection`1")
+static GENERATE_GET_CLASS_WITH_CACHE (ireadonly_list, "System.Collections.Generic", "IReadOnlyList`1")
+static GENERATE_GET_CLASS_WITH_CACHE (ireadonly_collection, "System.Collections.Generic", "IReadOnlyCollection`1")
static MonoClass*
* the object is a this arg (comes from a ldarg.0), and there is no starg.0.
* This rules doesn't apply if the object on stack is a boxed valuetype.
*/
- if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !(mono_class_get_flags (method->klass) & TYPE_ATTRIBUTE_SEALED) && !stack_slot_is_boxed_value (value)) {
+ if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !mono_class_is_sealed (method->klass) && !stack_slot_is_boxed_value (value)) {
/*A stdarg 0 must not happen, we fail here only in fail fast mode to avoid double error reports*/
if (IS_FAIL_FAST_MODE (ctx) && ctx->has_this_store)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid ldftn with virtual function in method with stdarg 0 at 0x%04x", ctx->ip_offset));
#undef IS_LOAD_FUN_PTR
}
+static gboolean
+is_this_arg_of_struct_instance_method (unsigned int arg, VerifyContext *ctx)
+{
+ if (arg != 0)
+ return FALSE;
+ if (ctx->method->flags & METHOD_ATTRIBUTE_STATIC)
+ return FALSE;
+ if (!ctx->method->klass->valuetype)
+ return FALSE;
+ return TRUE;
+}
+
/* implement the opcode checks*/
static void
push_arg (VerifyContext *ctx, unsigned int arg, int take_addr)
if (mono_method_is_constructor (ctx->method) && !ctx->super_ctor_called && !ctx->method->klass->valuetype)
top->stype |= UNINIT_THIS_MASK;
}
+ if (!take_addr && ctx->params [arg]->byref && !is_this_arg_of_struct_instance_method (arg, ctx))
+ top->stype |= SAFE_BYREF_MASK;
}
}
if (ctx->locals [arg]->byref && take_addr)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("ByRef of ByRef at 0x%04x", ctx->ip_offset));
- set_stack_value (ctx, stack_push (ctx), ctx->locals [arg], take_addr);
- }
+ ILStackDesc *value = stack_push (ctx);
+ set_stack_value (ctx, value, ctx->locals [arg], take_addr);
+ if (local_is_safe_byref (ctx, arg))
+ value->stype |= SAFE_BYREF_MASK;
+ }
}
static void
return;
value = stack_pop (ctx);
- if (ctx->locals [arg]->byref && stack_slot_is_managed_mutability_pointer (value))
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly managed reference when storing on a local variable at 0x%04x", ctx->ip_offset));
-
+ if (ctx->locals [arg]->byref) {
+ if (stack_slot_is_managed_mutability_pointer (value))
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use a readonly managed reference when storing on a local variable at 0x%04x", ctx->ip_offset));
+
+ if (local_is_safe_byref (ctx, arg) && !stack_slot_is_safe_byref (value))
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot store an unsafe ret byref to a local that was previously stored a save ret byref value at 0x%04x", ctx->ip_offset));
+
+ if (stack_slot_is_safe_byref (value) && !local_is_unsafe_byref (ctx, arg))
+ ctx->locals_verification_state [arg] |= SAFE_BYREF_LOCAL;
+
+ if (!stack_slot_is_safe_byref (value))
+ ctx->locals_verification_state [arg] |= UNSAFE_BYREF_LOCAL;
+
+ }
if (!verify_stack_type_compatibility (ctx, ctx->locals [arg], value)) {
char *expected = mono_type_full_name (ctx->locals [arg]);
char *found = stack_slot_full_name (value);
return;
}
- if (ret->byref || ret->type == MONO_TYPE_TYPEDBYREF || mono_type_is_value_type (ret, "System", "ArgIterator") || mono_type_is_value_type (ret, "System", "RuntimeArgumentHandle"))
+ if (ret->byref && !stack_slot_is_safe_byref (top))
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method returns byref and return value is not a safe-to-return-byref at 0x%04x", ctx->ip_offset));
+
+ if (ret->type == MONO_TYPE_TYPEDBYREF || mono_type_is_value_type (ret, "System", "ArgIterator") || mono_type_is_value_type (ret, "System", "RuntimeArgumentHandle"))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Method returns byref, TypedReference, ArgIterator or RuntimeArgumentHandle at 0x%04x", ctx->ip_offset));
}
if (method->flags & METHOD_ATTRIBUTE_ABSTRACT)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use call with an abstract method at 0x%04x", ctx->ip_offset));
- if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !(mono_class_get_flags (method->klass) & TYPE_ATTRIBUTE_SEALED)) {
+ if ((method->flags & METHOD_ATTRIBUTE_VIRTUAL) && !(method->flags & METHOD_ATTRIBUTE_FINAL) && !mono_class_is_sealed (method->klass)) {
virt_check_this = TRUE;
ctx->code [ctx->ip_offset].flags |= IL_CODE_CALL_NONFINAL_VIRTUAL;
}
if (!check_underflow (ctx, param_count))
return;
+ gboolean is_safe_byref_call = TRUE;
+
for (i = sig->param_count - 1; i >= 0; --i) {
VERIFIER_DEBUG ( printf ("verifying argument %d\n", i); );
value = stack_pop (ctx);
ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Cannot pass a byref argument to a tail %s at 0x%04x", virtual_ ? "callvirt" : "call", ctx->ip_offset));
return;
}
+ if (stack_slot_is_managed_pointer (value) && !stack_slot_is_safe_byref (value))
+ is_safe_byref_call = FALSE;
}
if (sig->hasthis) {
value = stack_pop_safe (ctx);
if (IS_STRICT_MODE (ctx) && (value->stype & THIS_POINTER_MASK) != THIS_POINTER_MASK)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid 'this ptr' argument for constructor at 0x%04x", ctx->ip_offset));
+ if (!(value->stype & UNINIT_THIS_MASK))
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Calling the base constructor on an initialized this pointer at 0x%04x", ctx->ip_offset));
} else {
value = stack_pop (ctx);
}
ctx->prefix_set &= ~PREFIX_READONLY;
value->stype |= CMMP_MASK;
}
+ if (sig->ret->byref && is_safe_byref_call)
+ value->stype |= SAFE_BYREF_MASK;
}
}
if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_field_full (ctx->method, field, NULL))
CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Type at stack is not accessible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_FIELD_ACCESS);
- set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
+ ILStackDesc *value = stack_push (ctx);
+ set_stack_value (ctx, value, field->type, take_addr);
+ if (take_addr)
+ value->stype |= SAFE_BYREF_MASK;
}
static void
{
ILStackDesc *obj;
MonoClassField *field;
+ gboolean is_safe_byref = FALSE;
if (!take_addr)
CLEAR_PREFIX (ctx, PREFIX_UNALIGNED | PREFIX_VOLATILE);
!(field->parent == ctx->method->klass && mono_method_is_constructor (ctx->method)))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot take the address of a init-only field at 0x%04x", ctx->ip_offset));
- set_stack_value (ctx, stack_push (ctx), field->type, take_addr);
+ //must do it here cuz stack_push will return the same slot as obj above
+ is_safe_byref = take_addr && (stack_slot_is_reference_value (obj) || stack_slot_is_safe_byref (obj));
+
+ ILStackDesc *value = stack_push (ctx);
+ set_stack_value (ctx, value, field->type, take_addr);
+
+ if (is_safe_byref)
+ value->stype |= SAFE_BYREF_MASK;
}
static void
ctx->prefix_set &= ~PREFIX_READONLY;
res->stype |= CMMP_MASK;
}
+
+ res->stype |= SAFE_BYREF_MASK;
}
/*
MonoClass *new_class = mono_class_from_mono_type (new_type);
MonoClass *match_class = NULL;
+ // check for safe byref before the next steps override new_slot
+ if (stack_slot_is_safe_byref (old_slot) ^ stack_slot_is_safe_byref (new_slot)) {
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot merge stack at depth %d byref types are safe byref incompatible at %0x04x ", i, ctx->ip_offset));
+ goto end_verify;
+ }
+
// S := T then U = S (new value is compatible with current value, keep current)
if (verify_stack_type_compatibility (ctx, old_type, new_slot)) {
copy_stack_value (new_slot, old_slot);
}
/* if old class is an interface that new class implements */
- if (mono_class_get_flags (old_class) & TYPE_ATTRIBUTE_INTERFACE) {
+ if (mono_class_is_interface (old_class)) {
if (verifier_class_is_assignable_from (old_class, new_class)) {
match_class = old_class;
goto match_found;
}
}
- if (mono_class_get_flags (new_class) & TYPE_ATTRIBUTE_INTERFACE) {
+ if (mono_class_is_interface (new_class)) {
if (verifier_class_is_assignable_from (new_class, old_class)) {
match_class = new_class;
goto match_found;
/*
* FIXME: need to distinguish between valid and verifiable.
* Need to keep track of types on the stack.
+ */
+
+/**
+ * mono_method_verify:
* Verify types for opcodes.
*/
GSList*
ctx.num_locals = ctx.header->num_locals;
ctx.locals = (MonoType **)g_memdup (ctx.header->locals, sizeof (MonoType*) * ctx.header->num_locals);
_MEM_ALLOC (sizeof (MonoType*) * ctx.header->num_locals);
+ ctx.locals_verification_state = g_new0 (char, ctx.num_locals);
if (ctx.num_locals > 0 && !ctx.header->init_locals)
CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Method with locals variable but without init locals set"));
for (i = 0; i < ctx.code_size && i < ip_offset; ++i) {
if (ctx.code [i].flags & IL_CODE_FLAG_WAS_TARGET) {
if (!(ctx.code [i].flags & IL_CODE_FLAG_SEEN))
- ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Branch or exception block target middle of intruction at 0x%04x", i));
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Branch or exception block target middle of instruction at 0x%04x", i));
if (ctx.code [i].flags & IL_CODE_DELEGATE_SEQUENCE)
CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Branch to delegate code sequence at 0x%04x", i));
if (ctx.code)
g_free (ctx.code);
g_free (ctx.locals);
+ g_free (ctx.locals_verification_state);
g_free (ctx.params);
mono_basic_block_free (original_bb);
mono_metadata_free_mh (ctx.header);
/**
* mono_verifier_is_enabled_for_method:
- * @method: the method to probe
- *
- * Returns TRUE if @method needs to be verified.
- *
+ * \param method the method to probe
+ * \returns TRUE if \p method needs to be verified.
*/
gboolean
mono_verifier_is_enabled_for_method (MonoMethod *method)
/**
* mono_verifier_is_enabled_for_class:
- * @klass: The `MonoClass` to probe
- *
- * Returns TRUE if @klass need to be verified.
- *
+ * \param klass The \c MonoClass to probe
+ * \returns TRUE if \p klass need to be verified.
*/
gboolean
mono_verifier_is_enabled_for_class (MonoClass *klass)
MonoClassField *field;
gboolean is_fulltrust = mono_verifier_is_class_full_trust (klass);
/*We can't skip types with !has_references since this is calculated after we have run.*/
- if (!((mono_class_get_flags (klass) & TYPE_ATTRIBUTE_LAYOUT_MASK) == TYPE_ATTRIBUTE_EXPLICIT_LAYOUT))
+ if (!mono_class_is_explicit_layout (klass))
return TRUE;
if (mono_field_is_deleted (field) || (field->type->attrs & FIELD_ATTRIBUTE_STATIC))
continue;
- for (j = i; j < klass->field.count; ++j) {
+ int fcount = mono_class_get_field_count (klass);
+ for (j = i; j < fcount; ++j) {
MonoClassField *other = &klass->fields [j];
int otherEnd = get_field_end (other);
if (mono_field_is_deleted (other) || (is_valuetype && !MONO_TYPE_IS_REFERENCE (other->type)) || (other->type->attrs & FIELD_ATTRIBUTE_STATIC))
int i;
for (i = 0; i < klass->interface_count; ++i) {
MonoClass *iface = klass->interfaces [i];
- if (!(mono_class_get_flags (iface) & TYPE_ATTRIBUTE_INTERFACE))
+ if (!mono_class_get_flags (iface))
return FALSE;
}
return TRUE;
return FALSE;
}
}
- if (mono_class_is_gtd (klass) && (mono_class_get_flags (klass) & TYPE_ATTRIBUTE_LAYOUT_MASK) == TYPE_ATTRIBUTE_EXPLICIT_LAYOUT)
+ if (mono_class_is_gtd (klass) && (mono_class_is_explicit_layout (klass)))
return FALSE;
if (mono_class_is_gtd (klass) && !verify_generic_parameters (klass))
return FALSE;