1 /* src/vm/jit/verify/typecheck.c - typechecking (part of bytecode verification)
3 Copyright (C) 1996-2005, 2006, 2007 R. Grafl, A. Krall, C. Kruegel,
4 C. Oates, R. Obermaisser, M. Platter, M. Probst, S. Ring,
5 E. Steiner, C. Thalinger, D. Thuernbeck, P. Tomsich, C. Ullrich,
6 J. Wenninger, Institut f. Computersprachen - TU Wien
8 This file is part of CACAO.
10 This program is free software; you can redistribute it and/or
11 modify it under the terms of the GNU General Public License as
12 published by the Free Software Foundation; either version 2, or (at
13 your option) any later version.
15 This program is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
29 What's the purpose of the `typechecker`?
30 ----------------------------------------
32 The typechecker analyses (the intermediate repr. of) the bytecode of
33 each method and ensures that for each instruction the values on the
34 stack and in local variables are of the correct type whenever the
35 instruction is executed.
37 type checking is a mandatory part of bytecode verification.
40 How does the typechecker work?
41 ------------------------------
43 The JVM stack and the local variables are not statically typed, so the
44 typechecker has to *infer* the static types of stack slots and local
45 variables at each point of the method. The JVM spec imposes a lot of
46 restrictions on the bytecode in order to guarantee that this is always
49 Basically the typechecker solves the data flow equations of the method.
50 This is done in the usual way for a forward data flow analysis: Starting
51 from the entry point of the method the typechecker follows the CFG and
52 records the type of each stack slot and local variable at each point[1].
53 When two or more control flow paths merge at a point, the union of the
54 types for each slot/variable is taken. The algorithm continues to follow
55 all possible paths[2] until the recorded types do not change anymore (ie.
56 the equations have been solved).
58 If the solution has been reached and the resulting types are valid for
59 all instructions, then type checking terminates with success, otherwise
60 an exception is thrown.
63 Why is this code so damn complicated?
64 -------------------------------------
66 Short answer: The devil's in the details.
68 While the basic operation of the typechecker is no big deal, there are
69 many properties of Java bytecode which make type checking hard. Some of
70 them are not even addressed in the JVM spec. Some problems and their
73 *) Finding a good representation of the union of two reference types is
74 difficult because of multiple inheritance of interfaces.
76 Solution: The typeinfo system can represent such "merged" types by a
77 list of proper subclasses of a class. Example:
79 typeclass=java.lang.Object merged={ InterfaceA, InterfaceB }
81 represents the result of merging two interface types "InterfaceA"
84 *) When the code of a method is verified, there may still be unresolved
85 references to classes/methods/fields in the code, which we may not force
86 to be resolved eagerly. (A similar problem arises because of the special
87 checks for protected members.)
89 Solution: The typeinfo system knows how to deal with unresolved
90 class references. Whenever a check has to be performed for an
91 unresolved type, the type is annotated with constraints representing
92 the check. Later, when the type is resolved, the constraints are
93 checked. (See the constrain_unresolved_... and the resolve_...
96 *) Checks for uninitialized object instances are hard because after the
97 invocation of <init> on an uninitialized object *all* slots/variables
98 referring to this object (and exactly those slots/variables) must be
99 marked as initialized.
101 Solution: The JVM spec describes a solution, which has been
102 implemented in this typechecker.
104 Note that some checks mentioned in the JVM spec are unnecessary[4] and
105 not performed by either the reference implementation, or this implementation.
110 [1] Actually only the types of slots/variables at the start of each
111 basic block are remembered. Within a basic block the algorithm only keeps
112 the types of the slots/variables for the "current" instruction which is
115 [2] Actually the algorithm iterates through the basic block list until
116 there are no more changes. Theoretically it would be wise to sort the
117 basic blocks topologically beforehand, but the number of average/max
118 iterations observed is so low, that this was not deemed necessary.
120 [3] This is similar to a method proposed by: Alessandro Coglio et al., A
121 Formal Specification of Java Class Loading, Technical Report, Kestrel
122 Institute April 2000, revised July 2000
123 http://www.kestrel.edu/home/people/coglio/loading.pdf
124 An important difference is that Coglio's subtype constraints are checked
125 after loading, while our constraints are checked when the field/method
126 is accessed for the first time, so we can guarantee lexically correct
129 [4] Alessandro Coglio
130 Improving the official specification of Java bytecode verification
131 Proceedings of the 3rd ECOOP Workshop on Formal Techniques for Java Programs
133 citeseer.ist.psu.edu/article/coglio03improving.html
142 #include "vm/types.h"
144 #ifdef ENABLE_VERIFIER
146 #include "mm/memory.h"
148 #include "native/native.h"
150 #include "toolbox/logging.h"
152 #include "vm/access.h"
153 #include "vm/array.h"
154 #include "vm/builtin.h"
155 #include "vm/exceptions.h"
156 #include "vm/global.h"
157 #include "vm/primitive.h"
158 #include "vm/resolve.h"
160 #include "vm/jit/jit.h"
161 #include "vm/jit/parse.h"
162 #include "vm/jit/show.h"
164 #include "vmcore/loader.h"
165 #include "vmcore/options.h"
167 #include <typecheck-common.h>
170 /****************************************************************************/
171 /* MACROS FOR VARIABLE TYPE CHECKING */
172 /****************************************************************************/
174 #define TYPECHECK_CHECK_TYPE(i,tp,msg) \
176 if (VAR(i)->type != (tp)) { \
177 exceptions_throw_verifyerror(state->m, (msg)); \
182 #define TYPECHECK_INT(i) \
183 TYPECHECK_CHECK_TYPE(i,TYPE_INT,"Expected to find integer value")
184 #define TYPECHECK_LNG(i) \
185 TYPECHECK_CHECK_TYPE(i,TYPE_LNG,"Expected to find long value")
186 #define TYPECHECK_FLT(i) \
187 TYPECHECK_CHECK_TYPE(i,TYPE_FLT,"Expected to find float value")
188 #define TYPECHECK_DBL(i) \
189 TYPECHECK_CHECK_TYPE(i,TYPE_DBL,"Expected to find double value")
190 #define TYPECHECK_ADR(i) \
191 TYPECHECK_CHECK_TYPE(i,TYPE_ADR,"Expected to find object value")
193 #define TYPECHECK_INT_OP(o) TYPECHECK_INT((o).varindex)
194 #define TYPECHECK_LNG_OP(o) TYPECHECK_LNG((o).varindex)
195 #define TYPECHECK_FLT_OP(o) TYPECHECK_FLT((o).varindex)
196 #define TYPECHECK_DBL_OP(o) TYPECHECK_DBL((o).varindex)
197 #define TYPECHECK_ADR_OP(o) TYPECHECK_ADR((o).varindex)
200 /* typestate_save_invars *******************************************************
202 Save the invars of the current basic block in the space reserved by
205 This function must be called before an instruction modifies a variable
206 that is an invar of the current block. In such cases the invars of the
207 block must be saved, and restored at the end of the analysis of this
208 basic block, so that the invars again reflect the *input* to this basic
209 block (and do not randomly contain types that appear within the block).
212 state............current state of the verifier
214 *******************************************************************************/
217 typestate_save_invars(verifier_state *state)
222 LOG("saving invars");
224 if (!state->savedindices) {
225 LOG("allocating savedindices buffer");
226 pindex = DMNEW(s4, state->m->maxstack);
227 state->savedindices = pindex;
228 index = state->numlocals + VERIFIER_EXTRA_VARS;
229 for (i=0; i<state->m->maxstack; ++i)
235 typecheck_copy_types(state, state->bptr->invars, state->savedindices,
236 state->bptr->indepth);
238 /* set the invars of the block to the saved variables */
239 /* and remember the original invars */
241 state->savedinvars = state->bptr->invars;
242 state->bptr->invars = state->savedindices;
246 /* typestate_restore_invars ***************************************************
248 Restore the invars of the current basic block that have been previously
249 saved by `typestate_save_invars`.
252 state............current state of the verifier
254 *******************************************************************************/
257 typestate_restore_invars(verifier_state *state)
259 TYPECHECK_COUNT(stat_savedstack);
260 LOG("restoring saved invars");
262 /* restore the invars pointer */
264 state->bptr->invars = state->savedinvars;
266 /* copy the types back */
268 typecheck_copy_types(state, state->savedindices, state->bptr->invars,
269 state->bptr->indepth);
271 /* mark that there are no saved invars currently */
273 state->savedinvars = NULL;
277 /* handle_fieldaccess **********************************************************
279 Verify an ICMD_{GET,PUT}{STATIC,FIELD}(CONST)?
282 state............the current state of the verifier
285 true.............successful verification,
286 false............an exception has been thrown.
288 *******************************************************************************/
291 handle_fieldaccess(verifier_state *state,
299 #define TYPECHECK_VARIABLESBASED
300 #define EXCEPTION do { return false; } while (0)
301 #define VERIFY_ERROR(msg) TYPECHECK_VERIFYERROR_bool(msg)
302 #include <typecheck-fields.inc>
305 #undef TYPECHECK_VARIABLESBASED
311 /* handle_invocation ***********************************************************
313 Verify an ICMD_INVOKE* instruction.
316 state............the current state of the verifier
319 true.............successful verification,
320 false............an exception has been thrown.
322 *******************************************************************************/
325 handle_invocation(verifier_state *state)
328 varinfo *dv; /* output variable of current instruction */
331 dv = VAROP(state->iptr->dst);
333 #define TYPECHECK_VARIABLESBASED
334 #define OP1 VAR(state->iptr->sx.s23.s2.args[0])
335 #include <typecheck-invoke.inc>
337 #undef TYPECHECK_VARIABLESBASED
343 /* handle_builtin **************************************************************
345 Verify the call of a builtin method.
348 state............the current state of the verifier
351 true.............successful verification,
352 false............an exception has been thrown.
354 *******************************************************************************/
357 handle_builtin(verifier_state *state)
360 varinfo *dv; /* output variable of current instruction */
363 dv = VAROP(state->iptr->dst);
365 #define TYPECHECK_VARIABLESBASED
366 #define OP1 state->iptr->sx.s23.s2.args[0]
367 #include <typecheck-builtins.inc>
369 #undef TYPECHECK_VARIABLESBASED
374 /* handle_multianewarray *******************************************************
376 Verify a MULTIANEWARRAY instruction.
379 state............the current state of the verifier
382 true.............successful verification,
383 false............an exception has been thrown.
385 *******************************************************************************/
388 handle_multianewarray(verifier_state *state)
391 varinfo *dv; /* output variable of current instruction */
394 dv = VAROP(state->iptr->dst);
396 #define TYPECHECK_VARIABLESBASED
397 #define VERIFY_ERROR(msg) TYPECHECK_VERIFYERROR_bool(msg)
398 #include <typecheck-multianewarray.inc>
400 #undef TYPECHECK_VARIABLESBASED
405 /* typecheck_invalidate_locals *************************************************
407 Invalidate locals that are overwritten by writing to the given local.
410 state............the current state of the verifier
411 index............the index of the local that is written
412 twoword..........true, if a two-word type is written
414 *******************************************************************************/
416 static void typecheck_invalidate_locals(verifier_state *state, s4 index, bool twoword)
421 jitdata *jd = state->jd;
422 s4 *localmap = jd->local_map;
423 varinfo *vars = jd->var;
425 javaindex = state->reverselocalmap[index];
427 /* invalidate locals of two-word type at index javaindex-1 */
430 localmap += 5 * (javaindex-1);
431 for (t=0; t<5; ++t) {
432 varindex = *localmap++;
433 if (varindex >= 0 && IS_2_WORD_TYPE(vars[varindex].type)) {
434 LOG1("invalidate local %d", varindex);
435 vars[varindex].type = TYPE_VOID;
440 localmap += 5 * javaindex;
443 /* invalidate locals at index javaindex */
445 for (t=0; t<5; ++t) {
446 varindex = *localmap++;
448 LOG1("invalidate local %d", varindex);
449 vars[varindex].type = TYPE_VOID;
453 /* if a two-word type is written, invalidate locals at index javaindex+1 */
456 for (t=0; t<5; ++t) {
457 varindex = *localmap++;
459 LOG1("invalidate local %d", varindex);
460 vars[varindex].type = TYPE_VOID;
467 /* macros used by the generated code ******************************************/
469 #define EXCEPTION do { return false; } while (0)
470 #define VERIFY_ERROR(msg) TYPECHECK_VERIFYERROR_bool(msg)
472 #define CHECK_LOCAL_TYPE(index, t) \
474 if (!typevector_checktype(jd->var, (index), (t))) \
475 VERIFY_ERROR("Local variable type mismatch"); \
478 #define STORE_LOCAL(t, index) \
481 typecheck_invalidate_locals(state, (index), false); \
482 typevector_store(jd->var, (index), (temp_t), NULL); \
485 #define STORE_LOCAL_2_WORD(t, index) \
488 typecheck_invalidate_locals(state, (index), true); \
489 typevector_store(jd->var, (index), (temp_t), NULL); \
492 #define REACH_BLOCK(target) \
494 if (!typestate_reach(state, (target), \
495 state->bptr->outvars, jd->var, \
496 state->bptr->outdepth)) \
500 #define REACH(target) REACH_BLOCK((target).block)
503 /* handle_basic_block **********************************************************
505 Perform bytecode verification of a basic block.
508 state............the current state of the verifier
511 true.............successful verification,
512 false............an exception has been thrown.
514 *******************************************************************************/
517 handle_basic_block(verifier_state *state)
519 int opcode; /* current opcode */
520 int len; /* for counting instructions, etc. */
521 bool superblockend; /* true if no fallthrough to next block */
522 instruction *iptr; /* the current instruction */
523 basicblock *tbptr; /* temporary for target block */
524 bool maythrow; /* true if this instruction may throw */
527 branch_target_t *table;
528 lookup_target_t *lookup;
529 jitdata *jd = state->jd;
531 varinfo constvalue; /* for PUT*CONST */
532 constant_FMIref *fieldref;
534 LOGSTR1("\n---- BLOCK %04d ------------------------------------------------\n",state->bptr->nr);
537 superblockend = false;
538 state->bptr->flags = BBFINISHED;
540 /* prevent compiler warnings */
543 /* determine the active exception handlers for this block */
544 /* XXX could use a faster algorithm with sorted lists or */
547 for (ex = state->jd->exceptiontable; ex ; ex = ex->down) {
548 if ((ex->start->nr <= state->bptr->nr) && (ex->end->nr > state->bptr->nr)) {
549 LOG1("active handler L%03d", ex->handler->nr);
550 state->handlers[len++] = ex;
553 state->handlers[len] = NULL;
555 /* init variable types at the start of this block */
556 typevector_copy_inplace(state->bptr->inlocals, jd->var, state->numlocals);
558 DOLOG(show_basicblock(jd, state->bptr, SHOW_STACK));
559 DOLOG(typecheck_print_vararray(stdout, jd, state->bptr->invars,
560 state->bptr->indepth));
561 DOLOG(typevector_print(stdout, jd->var, state->numlocals));
564 /* loop over the instructions */
565 len = state->bptr->icount;
566 state->iptr = state->bptr->iinstr;
568 TYPECHECK_COUNT(stat_ins);
572 DOLOG(typevector_print(stdout, jd->var, state->numlocals));
574 DOLOG(show_icmd(jd, state->iptr, false, SHOW_STACK)); LOGNL; LOGFLUSH;
581 /* include generated code for ICMDs verification */
583 #define TYPECHECK_VARIABLESBASED
585 #define METHOD (state->m)
587 #define BPTR (state->bptr)
588 #include <typecheck-variablesbased-gen.inc>
593 #undef TYPECHECK_VARIABLESBASED
596 LOG1("ICMD %d\n", opcode);
597 TYPECHECK_VERIFYERROR_bool("Missing ICMD code during typecheck");
600 /* reach exception handlers for this instruction */
603 TYPECHECK_COUNT(stat_ins_maythrow);
604 TYPECHECK_MARK(state->stat_maythrow);
605 LOG("reaching exception handlers");
607 while (state->handlers[i]) {
608 TYPECHECK_COUNT(stat_handlers_reached);
609 if (state->handlers[i]->catchtype.any)
610 VAR(state->exinvars)->typeinfo.typeclass = state->handlers[i]->catchtype;
612 VAR(state->exinvars)->typeinfo.typeclass.cls = class_java_lang_Throwable;
613 if (!typestate_reach(state,
614 state->handlers[i]->handler,
615 &(state->exinvars), jd->var, 1))
621 LOG("\t\tnext instruction");
623 } /* while instructions */
625 LOG("instructions done");
627 DOLOG(typecheck_print_vararray(stdout, jd, state->bptr->outvars,
628 state->bptr->outdepth));
629 DOLOG(typevector_print(stdout, jd->var, state->numlocals));
632 /* propagate stack and variables to the following block */
633 if (!superblockend) {
634 LOG("reaching following block");
635 tbptr = state->bptr->next;
636 while (tbptr->flags == BBDELETED) {
638 #ifdef TYPECHECK_DEBUG
639 /* this must be checked in parse.c */
640 if ((tbptr->nr) >= state->basicblockcount)
641 TYPECHECK_VERIFYERROR_bool("Control flow falls off the last block");
644 if (!typestate_reach(state,tbptr,state->bptr->outvars, jd->var,
645 state->bptr->outdepth))
649 /* We may have to restore the types of the instack slots. They
650 * have been saved if an <init> call inside the block has
651 * modified the instack types. (see INVOKESPECIAL) */
653 if (state->savedinvars)
654 typestate_restore_invars(state);
660 /****************************************************************************/
662 /* This is the main function of the bytecode verifier. It is called */
663 /* directly after analyse_stack. */
666 /* meth.............the method to verify */
667 /* cdata............codegendata for the method */
668 /* rdata............registerdata for the method */
671 /* true.............successful verification */
672 /* false............an exception has been thrown */
674 /****************************************************************************/
676 #define MAXPARAMS 255
678 bool typecheck(jitdata *jd)
682 varinfo *savedlocals;
683 verifier_state state; /* current state of the verifier */
687 /* collect statistics */
689 #ifdef TYPECHECK_STATISTICS
690 int count_iterations = 0;
691 TYPECHECK_COUNT(stat_typechecked);
692 TYPECHECK_COUNT_FREQ(stat_locals,jd->maxlocals,STAT_LOCALS);
693 TYPECHECK_COUNT_FREQ(stat_blocks,cdata->method->basicblockcount/10,STAT_BLOCKS);
694 TYPECHECK_COUNTIF(cdata->method->exceptiontablelength != 0,stat_methods_with_handlers);
695 state.stat_maythrow = false;
698 /* get required compiler data */
703 /* some logging on entry */
706 LOGSTR("\n==============================================================================\n");
707 DOLOG( show_method(jd, SHOW_STACK) );
708 LOGSTR("\n==============================================================================\n");
709 LOGMETHOD("Entering typecheck: ",cd->method);
711 /* initialize the verifier state */
716 state.basicblockcount = jd->basicblockcount;
717 state.basicblocks = jd->basicblocks;
718 state.savedindices = NULL;
719 state.savedinvars = NULL;
721 /* check that the basicblock numbers are valid */
724 jit_check_basicblock_numbers(jd);
727 /* check if this method is an instance initializer method */
729 state.initmethod = (state.m->name == utf_init);
731 /* initialize the basic block flags for the following CFG traversal */
733 typecheck_init_flags(&state, BBFINISHED);
735 /* number of local variables */
737 /* In <init> methods we use an extra local variable to indicate whether */
738 /* the 'this' reference has been initialized. */
739 /* TYPE_VOID...means 'this' has not been initialized, */
740 /* TYPE_INT....means 'this' has been initialized. */
742 state.numlocals = state.jd->localcount;
743 state.validlocals = state.numlocals;
744 if (state.initmethod)
745 state.numlocals++; /* VERIFIER_EXTRA_LOCALS */
747 state.reverselocalmap = DMNEW(s4, state.validlocals);
748 for (i=0; i<jd->maxlocals; ++i)
749 for (t=0; t<5; ++t) {
750 s4 varindex = jd->local_map[5*i + t];
752 state.reverselocalmap[varindex] = i;
756 LOG("reverselocalmap:");
757 for (i=0; i<state.validlocals; ++i) {
758 LOG2(" %i => javaindex %i", i, state.reverselocalmap[i]);
761 /* allocate the buffer of active exception handlers */
763 state.handlers = DMNEW(exception_entry*, state.jd->exceptiontablelength + 1);
765 /* save local variables */
767 savedlocals = DMNEW(varinfo, state.numlocals);
768 MCOPY(savedlocals, jd->var, varinfo, state.numlocals);
770 /* initialized local variables of first block */
772 if (!typecheck_init_locals(&state, true))
775 /* initialize invars of exception handlers */
777 state.exinvars = state.numlocals;
778 VAR(state.exinvars)->type = TYPE_ADR;
779 typeinfo_init_classinfo(&(VAR(state.exinvars)->typeinfo),
780 class_java_lang_Throwable); /* changed later */
782 LOG("Exception handler stacks set.\n");
784 /* loop while there are still blocks to be checked */
786 TYPECHECK_COUNT(count_iterations);
788 state.repeat = false;
790 state.bptr = state.basicblocks;
792 for (; state.bptr; state.bptr = state.bptr->next) {
793 LOGSTR1("---- BLOCK %04d, ",state.bptr->nr);
794 LOGSTR1("blockflags: %d\n",state.bptr->flags);
797 /* verify reached block */
798 if (state.bptr->flags == BBTYPECHECK_REACHED) {
799 if (!handle_basic_block(&state))
804 LOGIF(state.repeat,"state.repeat == true");
805 } while (state.repeat);
809 #ifdef TYPECHECK_STATISTICS
810 LOG1("Typechecker did %4d iterations",count_iterations);
811 TYPECHECK_COUNT_FREQ(stat_iterations,count_iterations,STAT_ITERATIONS);
812 TYPECHECK_COUNTIF(state.jsrencountered,stat_typechecked_jsr);
813 TYPECHECK_COUNTIF(state.stat_maythrow,stat_methods_maythrow);
816 /* reset the flags of blocks we haven't reached */
818 typecheck_reset_flags(&state);
822 MCOPY(jd->var, savedlocals, varinfo, state.numlocals);
824 /* everything's ok */
826 LOGimp("exiting typecheck");
829 #endif /* ENABLE_VERIFIER */
832 * These are local overrides for various environment variables in Emacs.
833 * Please do not remove this and leave it at the end of the file, where
834 * Emacs will automagically detect them.
835 * ---------------------------------------------------------------------
838 * indent-tabs-mode: t
842 * vim:noexpandtab:sw=4:ts=4:
projects / cacao.git / blob