method_verifier.h revision 53e32d14d7a51198c6ef09120c15bafdd1d055c2
1/* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef ART_RUNTIME_VERIFIER_METHOD_VERIFIER_H_ 18#define ART_RUNTIME_VERIFIER_METHOD_VERIFIER_H_ 19 20#include <memory> 21#include <sstream> 22#include <vector> 23 24#include "base/arena_allocator.h" 25#include "base/macros.h" 26#include "base/scoped_arena_containers.h" 27#include "base/stl_util.h" 28#include "dex_file.h" 29#include "handle.h" 30#include "instruction_flags.h" 31#include "method_reference.h" 32#include "reg_type_cache.h" 33 34namespace art { 35 36class CompilerCallbacks; 37class Instruction; 38struct ReferenceMap2Visitor; 39class Thread; 40class VariableIndentationOutputStream; 41 42namespace verifier { 43 44class DexPcToReferenceMap; 45class MethodVerifier; 46class RegisterLine; 47class RegType; 48 49/* 50 * "Direct" and "virtual" methods are stored independently. The type of call used to invoke the 51 * method determines which list we search, and whether we travel up into superclasses. 52 * 53 * (<clinit>, <init>, and methods declared "private" or "static" are stored in the "direct" list. 54 * All others are stored in the "virtual" list.) 55 */ 56enum MethodType { 57 METHOD_UNKNOWN = 0, 58 METHOD_DIRECT, // <init>, private 59 METHOD_STATIC, // static 60 METHOD_VIRTUAL, // virtual, super 61 METHOD_INTERFACE // interface 62}; 63std::ostream& operator<<(std::ostream& os, const MethodType& rhs); 64 65/* 66 * An enumeration of problems that can turn up during verification. 67 * Both VERIFY_ERROR_BAD_CLASS_SOFT and VERIFY_ERROR_BAD_CLASS_HARD denote failures that cause 68 * the entire class to be rejected. However, VERIFY_ERROR_BAD_CLASS_SOFT denotes a soft failure 69 * that can potentially be corrected, and the verifier will try again at runtime. 70 * VERIFY_ERROR_BAD_CLASS_HARD denotes a hard failure that can't be corrected, and will cause 71 * the class to remain uncompiled. Other errors denote verification errors that cause bytecode 72 * to be rewritten to fail at runtime. 73 */ 74enum VerifyError { 75 VERIFY_ERROR_BAD_CLASS_HARD = 1, // VerifyError; hard error that skips compilation. 76 VERIFY_ERROR_BAD_CLASS_SOFT = 2, // VerifyError; soft error that verifies again at runtime. 77 78 VERIFY_ERROR_NO_CLASS = 4, // NoClassDefFoundError. 79 VERIFY_ERROR_NO_FIELD = 8, // NoSuchFieldError. 80 VERIFY_ERROR_NO_METHOD = 16, // NoSuchMethodError. 81 VERIFY_ERROR_ACCESS_CLASS = 32, // IllegalAccessError. 82 VERIFY_ERROR_ACCESS_FIELD = 64, // IllegalAccessError. 83 VERIFY_ERROR_ACCESS_METHOD = 128, // IllegalAccessError. 84 VERIFY_ERROR_CLASS_CHANGE = 256, // IncompatibleClassChangeError. 85 VERIFY_ERROR_INSTANTIATION = 512, // InstantiationError. 86 // For opcodes that don't have complete verifier support (such as lambda opcodes), 87 // we need a way to continue execution at runtime without attempting to re-verify 88 // (since we know it will fail no matter what). Instead, run as the interpreter 89 // in a special "do access checks" mode which will perform verifier-like checking 90 // on the fly. 91 // 92 // TODO: Once all new opcodes have implemented full verifier support, this can be removed. 93 VERIFY_ERROR_FORCE_INTERPRETER = 1024, // Skip the verification phase at runtime; 94 // force the interpreter to do access checks. 95 // (sets a soft fail at compile time). 96 VERIFY_ERROR_LOCKING = 2048, // Could not guarantee balanced locking. This should be 97 // punted to the interpreter with access checks. 98}; 99std::ostream& operator<<(std::ostream& os, const VerifyError& rhs); 100 101// We don't need to store the register data for many instructions, because we either only need 102// it at branch points (for verification) or GC points and branches (for verification + 103// type-precise register analysis). 104enum RegisterTrackingMode { 105 kTrackRegsBranches, 106 kTrackCompilerInterestPoints, 107 kTrackRegsAll, 108}; 109 110// A mapping from a dex pc to the register line statuses as they are immediately prior to the 111// execution of that instruction. 112class PcToRegisterLineTable { 113 public: 114 explicit PcToRegisterLineTable(ScopedArenaAllocator& arena); 115 ~PcToRegisterLineTable(); 116 117 // Initialize the RegisterTable. Every instruction address can have a different set of information 118 // about what's in which register, but for verification purposes we only need to store it at 119 // branch target addresses (because we merge into that). 120 void Init(RegisterTrackingMode mode, InstructionFlags* flags, uint32_t insns_size, 121 uint16_t registers_size, MethodVerifier* verifier); 122 123 RegisterLine* GetLine(size_t idx) const { 124 return register_lines_[idx].get(); 125 } 126 127 private: 128 ScopedArenaVector<ArenaUniquePtr<RegisterLine>> register_lines_; 129 130 DISALLOW_COPY_AND_ASSIGN(PcToRegisterLineTable); 131}; 132 133// The verifier 134class MethodVerifier { 135 public: 136 enum FailureKind { 137 kNoFailure, 138 kSoftFailure, 139 kHardFailure, 140 }; 141 142 /* Verify a class. Returns "kNoFailure" on success. */ 143 static FailureKind VerifyClass(Thread* self, 144 mirror::Class* klass, 145 CompilerCallbacks* callbacks, 146 bool allow_soft_failures, 147 bool log_hard_failures, 148 std::string* error) 149 SHARED_REQUIRES(Locks::mutator_lock_); 150 static FailureKind VerifyClass(Thread* self, 151 const DexFile* dex_file, 152 Handle<mirror::DexCache> dex_cache, 153 Handle<mirror::ClassLoader> class_loader, 154 const DexFile::ClassDef* class_def, 155 CompilerCallbacks* callbacks, 156 bool allow_soft_failures, 157 bool log_hard_failures, 158 std::string* error) 159 SHARED_REQUIRES(Locks::mutator_lock_); 160 161 static MethodVerifier* VerifyMethodAndDump(Thread* self, 162 VariableIndentationOutputStream* vios, 163 uint32_t method_idx, 164 const DexFile* dex_file, 165 Handle<mirror::DexCache> dex_cache, 166 Handle<mirror::ClassLoader> class_loader, 167 const DexFile::ClassDef* class_def, 168 const DexFile::CodeItem* code_item, ArtMethod* method, 169 uint32_t method_access_flags) 170 SHARED_REQUIRES(Locks::mutator_lock_); 171 172 uint8_t EncodePcToReferenceMapData() const; 173 174 uint32_t DexFileVersion() const { 175 return dex_file_->GetVersion(); 176 } 177 178 RegTypeCache* GetRegTypeCache() { 179 return ®_types_; 180 } 181 182 // Log a verification failure. 183 std::ostream& Fail(VerifyError error); 184 185 // Log for verification information. 186 std::ostream& LogVerifyInfo(); 187 188 // Dump the failures encountered by the verifier. 189 std::ostream& DumpFailures(std::ostream& os); 190 191 // Dump the state of the verifier, namely each instruction, what flags are set on it, register 192 // information 193 void Dump(std::ostream& os) SHARED_REQUIRES(Locks::mutator_lock_); 194 void Dump(VariableIndentationOutputStream* vios) SHARED_REQUIRES(Locks::mutator_lock_); 195 196 // Fills 'monitor_enter_dex_pcs' with the dex pcs of the monitor-enter instructions corresponding 197 // to the locks held at 'dex_pc' in method 'm'. 198 static void FindLocksAtDexPc(ArtMethod* m, uint32_t dex_pc, 199 std::vector<uint32_t>* monitor_enter_dex_pcs) 200 SHARED_REQUIRES(Locks::mutator_lock_); 201 202 // Returns the accessed field corresponding to the quick instruction's field 203 // offset at 'dex_pc' in method 'm'. 204 static ArtField* FindAccessedFieldAtDexPc(ArtMethod* m, uint32_t dex_pc) 205 SHARED_REQUIRES(Locks::mutator_lock_); 206 207 // Returns the invoked method corresponding to the quick instruction's vtable 208 // index at 'dex_pc' in method 'm'. 209 static ArtMethod* FindInvokedMethodAtDexPc(ArtMethod* m, uint32_t dex_pc) 210 SHARED_REQUIRES(Locks::mutator_lock_); 211 212 static SafeMap<uint32_t, std::set<uint32_t>> FindStringInitMap(ArtMethod* m) 213 SHARED_REQUIRES(Locks::mutator_lock_); 214 215 static void Init() SHARED_REQUIRES(Locks::mutator_lock_); 216 static void Shutdown(); 217 218 bool CanLoadClasses() const { 219 return can_load_classes_; 220 } 221 222 MethodVerifier(Thread* self, 223 const DexFile* dex_file, 224 Handle<mirror::DexCache> dex_cache, 225 Handle<mirror::ClassLoader> class_loader, 226 const DexFile::ClassDef* class_def, 227 const DexFile::CodeItem* code_item, 228 uint32_t method_idx, 229 ArtMethod* method, 230 uint32_t access_flags, 231 bool can_load_classes, 232 bool allow_soft_failures, 233 bool need_precise_constants, 234 bool allow_thread_suspension) 235 SHARED_REQUIRES(Locks::mutator_lock_) 236 : MethodVerifier(self, 237 dex_file, 238 dex_cache, 239 class_loader, 240 class_def, 241 code_item, 242 method_idx, 243 method, 244 access_flags, 245 can_load_classes, 246 allow_soft_failures, 247 need_precise_constants, 248 false, 249 allow_thread_suspension) {} 250 251 ~MethodVerifier(); 252 253 // Run verification on the method. Returns true if verification completes and false if the input 254 // has an irrecoverable corruption. 255 bool Verify() SHARED_REQUIRES(Locks::mutator_lock_); 256 257 // Describe VRegs at the given dex pc. 258 std::vector<int32_t> DescribeVRegs(uint32_t dex_pc); 259 260 static void VisitStaticRoots(RootVisitor* visitor) 261 SHARED_REQUIRES(Locks::mutator_lock_); 262 void VisitRoots(RootVisitor* visitor, const RootInfo& roots) 263 SHARED_REQUIRES(Locks::mutator_lock_); 264 265 // Accessors used by the compiler via CompilerCallback 266 const DexFile::CodeItem* CodeItem() const; 267 RegisterLine* GetRegLine(uint32_t dex_pc); 268 ALWAYS_INLINE const InstructionFlags& GetInstructionFlags(size_t index) const; 269 ALWAYS_INLINE InstructionFlags& GetInstructionFlags(size_t index); 270 mirror::ClassLoader* GetClassLoader() SHARED_REQUIRES(Locks::mutator_lock_); 271 mirror::DexCache* GetDexCache() SHARED_REQUIRES(Locks::mutator_lock_); 272 MethodReference GetMethodReference() const; 273 uint32_t GetAccessFlags() const; 274 bool HasCheckCasts() const; 275 bool HasVirtualOrInterfaceInvokes() const; 276 bool HasFailures() const; 277 bool HasInstructionThatWillThrow() const { 278 return have_any_pending_runtime_throw_failure_; 279 } 280 281 const RegType& ResolveCheckedClass(uint32_t class_idx) 282 SHARED_REQUIRES(Locks::mutator_lock_); 283 // Returns the method of a quick invoke or null if it cannot be found. 284 ArtMethod* GetQuickInvokedMethod(const Instruction* inst, RegisterLine* reg_line, 285 bool is_range, bool allow_failure) 286 SHARED_REQUIRES(Locks::mutator_lock_); 287 // Returns the access field of a quick field access (iget/iput-quick) or null 288 // if it cannot be found. 289 ArtField* GetQuickFieldAccess(const Instruction* inst, RegisterLine* reg_line) 290 SHARED_REQUIRES(Locks::mutator_lock_); 291 292 SafeMap<uint32_t, std::set<uint32_t>>& GetStringInitPcRegMap() { 293 return string_init_pc_reg_map_; 294 } 295 296 uint32_t GetEncounteredFailureTypes() { 297 return encountered_failure_types_; 298 } 299 300 bool IsInstanceConstructor() const { 301 return IsConstructor() && !IsStatic(); 302 } 303 304 ScopedArenaAllocator& GetArena() { 305 return arena_; 306 } 307 308 private: 309 void UninstantiableError(const char* descriptor); 310 static bool IsInstantiableOrPrimitive(mirror::Class* klass) SHARED_REQUIRES(Locks::mutator_lock_); 311 312 // Is the method being verified a constructor? See the comment on the field. 313 bool IsConstructor() const { 314 return is_constructor_; 315 } 316 317 // Is the method verified static? 318 bool IsStatic() const { 319 return (method_access_flags_ & kAccStatic) != 0; 320 } 321 322 // Private constructor for dumping. 323 MethodVerifier(Thread* self, 324 const DexFile* dex_file, 325 Handle<mirror::DexCache> dex_cache, 326 Handle<mirror::ClassLoader> class_loader, 327 const DexFile::ClassDef* class_def, 328 const DexFile::CodeItem* code_item, 329 uint32_t method_idx, 330 ArtMethod* method, 331 uint32_t access_flags, 332 bool can_load_classes, 333 bool allow_soft_failures, 334 bool need_precise_constants, 335 bool verify_to_dump, 336 bool allow_thread_suspension) 337 SHARED_REQUIRES(Locks::mutator_lock_); 338 339 // Adds the given string to the beginning of the last failure message. 340 void PrependToLastFailMessage(std::string); 341 342 // Adds the given string to the end of the last failure message. 343 void AppendToLastFailMessage(std::string); 344 345 // Verify all direct or virtual methods of a class. The method assumes that the iterator is 346 // positioned correctly, and the iterator will be updated. 347 template <bool kDirect> 348 static void VerifyMethods(Thread* self, 349 ClassLinker* linker, 350 const DexFile* dex_file, 351 const DexFile::ClassDef* class_def, 352 ClassDataItemIterator* it, 353 Handle<mirror::DexCache> dex_cache, 354 Handle<mirror::ClassLoader> class_loader, 355 CompilerCallbacks* callbacks, 356 bool allow_soft_failures, 357 bool log_hard_failures, 358 bool need_precise_constants, 359 bool* hard_fail, 360 size_t* error_count, 361 std::string* error_string) 362 SHARED_REQUIRES(Locks::mutator_lock_); 363 364 /* 365 * Perform verification on a single method. 366 * 367 * We do this in three passes: 368 * (1) Walk through all code units, determining instruction locations, 369 * widths, and other characteristics. 370 * (2) Walk through all code units, performing static checks on 371 * operands. 372 * (3) Iterate through the method, checking type safety and looking 373 * for code flow problems. 374 */ 375 static FailureKind VerifyMethod(Thread* self, uint32_t method_idx, 376 const DexFile* dex_file, 377 Handle<mirror::DexCache> dex_cache, 378 Handle<mirror::ClassLoader> class_loader, 379 const DexFile::ClassDef* class_def_idx, 380 const DexFile::CodeItem* code_item, 381 ArtMethod* method, 382 uint32_t method_access_flags, 383 CompilerCallbacks* callbacks, 384 bool allow_soft_failures, 385 bool log_hard_failures, 386 bool need_precise_constants, 387 std::string* hard_failure_msg) 388 SHARED_REQUIRES(Locks::mutator_lock_); 389 390 void FindLocksAtDexPc() SHARED_REQUIRES(Locks::mutator_lock_); 391 392 ArtField* FindAccessedFieldAtDexPc(uint32_t dex_pc) 393 SHARED_REQUIRES(Locks::mutator_lock_); 394 395 ArtMethod* FindInvokedMethodAtDexPc(uint32_t dex_pc) 396 SHARED_REQUIRES(Locks::mutator_lock_); 397 398 SafeMap<uint32_t, std::set<uint32_t>>& FindStringInitMap() 399 SHARED_REQUIRES(Locks::mutator_lock_); 400 401 /* 402 * Compute the width of the instruction at each address in the instruction stream, and store it in 403 * insn_flags_. Addresses that are in the middle of an instruction, or that are part of switch 404 * table data, are not touched (so the caller should probably initialize "insn_flags" to zero). 405 * 406 * The "new_instance_count_" and "monitor_enter_count_" fields in vdata are also set. 407 * 408 * Performs some static checks, notably: 409 * - opcode of first instruction begins at index 0 410 * - only documented instructions may appear 411 * - each instruction follows the last 412 * - last byte of last instruction is at (code_length-1) 413 * 414 * Logs an error and returns "false" on failure. 415 */ 416 bool ComputeWidthsAndCountOps(); 417 418 /* 419 * Set the "in try" flags for all instructions protected by "try" statements. Also sets the 420 * "branch target" flags for exception handlers. 421 * 422 * Call this after widths have been set in "insn_flags". 423 * 424 * Returns "false" if something in the exception table looks fishy, but we're expecting the 425 * exception table to be somewhat sane. 426 */ 427 bool ScanTryCatchBlocks() SHARED_REQUIRES(Locks::mutator_lock_); 428 429 /* 430 * Perform static verification on all instructions in a method. 431 * 432 * Walks through instructions in a method calling VerifyInstruction on each. 433 */ 434 bool VerifyInstructions(); 435 436 /* 437 * Perform static verification on an instruction. 438 * 439 * As a side effect, this sets the "branch target" flags in InsnFlags. 440 * 441 * "(CF)" items are handled during code-flow analysis. 442 * 443 * v3 4.10.1 444 * - target of each jump and branch instruction must be valid 445 * - targets of switch statements must be valid 446 * - operands referencing constant pool entries must be valid 447 * - (CF) operands of getfield, putfield, getstatic, putstatic must be valid 448 * - (CF) operands of method invocation instructions must be valid 449 * - (CF) only invoke-direct can call a method starting with '<' 450 * - (CF) <clinit> must never be called explicitly 451 * - operands of instanceof, checkcast, new (and variants) must be valid 452 * - new-array[-type] limited to 255 dimensions 453 * - can't use "new" on an array class 454 * - (?) limit dimensions in multi-array creation 455 * - local variable load/store register values must be in valid range 456 * 457 * v3 4.11.1.2 458 * - branches must be within the bounds of the code array 459 * - targets of all control-flow instructions are the start of an instruction 460 * - register accesses fall within range of allocated registers 461 * - (N/A) access to constant pool must be of appropriate type 462 * - code does not end in the middle of an instruction 463 * - execution cannot fall off the end of the code 464 * - (earlier) for each exception handler, the "try" area must begin and 465 * end at the start of an instruction (end can be at the end of the code) 466 * - (earlier) for each exception handler, the handler must start at a valid 467 * instruction 468 */ 469 bool VerifyInstruction(const Instruction* inst, uint32_t code_offset); 470 471 /* Ensure that the register index is valid for this code item. */ 472 bool CheckRegisterIndex(uint32_t idx); 473 474 /* Ensure that the wide register index is valid for this code item. */ 475 bool CheckWideRegisterIndex(uint32_t idx); 476 477 // Perform static checks on a field Get or set instruction. All we do here is ensure that the 478 // field index is in the valid range. 479 bool CheckFieldIndex(uint32_t idx); 480 481 // Perform static checks on a method invocation instruction. All we do here is ensure that the 482 // method index is in the valid range. 483 bool CheckMethodIndex(uint32_t idx); 484 485 // Perform static checks on a "new-instance" instruction. Specifically, make sure the class 486 // reference isn't for an array class. 487 bool CheckNewInstance(uint32_t idx); 488 489 /* Ensure that the string index is in the valid range. */ 490 bool CheckStringIndex(uint32_t idx); 491 492 // Perform static checks on an instruction that takes a class constant. Ensure that the class 493 // index is in the valid range. 494 bool CheckTypeIndex(uint32_t idx); 495 496 // Perform static checks on a "new-array" instruction. Specifically, make sure they aren't 497 // creating an array of arrays that causes the number of dimensions to exceed 255. 498 bool CheckNewArray(uint32_t idx); 499 500 // Verify an array data table. "cur_offset" is the offset of the fill-array-data instruction. 501 bool CheckArrayData(uint32_t cur_offset); 502 503 // Verify that the target of a branch instruction is valid. We don't expect code to jump directly 504 // into an exception handler, but it's valid to do so as long as the target isn't a 505 // "move-exception" instruction. We verify that in a later stage. 506 // The dex format forbids certain instructions from branching to themselves. 507 // Updates "insn_flags_", setting the "branch target" flag. 508 bool CheckBranchTarget(uint32_t cur_offset); 509 510 // Verify a switch table. "cur_offset" is the offset of the switch instruction. 511 // Updates "insn_flags_", setting the "branch target" flag. 512 bool CheckSwitchTargets(uint32_t cur_offset); 513 514 // Check the register indices used in a "vararg" instruction, such as invoke-virtual or 515 // filled-new-array. 516 // - vA holds word count (0-5), args[] have values. 517 // There are some tests we don't do here, e.g. we don't try to verify that invoking a method that 518 // takes a double is done with consecutive registers. This requires parsing the target method 519 // signature, which we will be doing later on during the code flow analysis. 520 bool CheckVarArgRegs(uint32_t vA, uint32_t arg[]); 521 522 // Check the register indices used in a "vararg/range" instruction, such as invoke-virtual/range 523 // or filled-new-array/range. 524 // - vA holds word count, vC holds index of first reg. 525 bool CheckVarArgRangeRegs(uint32_t vA, uint32_t vC); 526 527 // Extract the relative offset from a branch instruction. 528 // Returns "false" on failure (e.g. this isn't a branch instruction). 529 bool GetBranchOffset(uint32_t cur_offset, int32_t* pOffset, bool* pConditional, 530 bool* selfOkay); 531 532 /* Perform detailed code-flow analysis on a single method. */ 533 bool VerifyCodeFlow() SHARED_REQUIRES(Locks::mutator_lock_); 534 535 // Set the register types for the first instruction in the method based on the method signature. 536 // This has the side-effect of validating the signature. 537 bool SetTypesFromSignature() SHARED_REQUIRES(Locks::mutator_lock_); 538 539 /* 540 * Perform code flow on a method. 541 * 542 * The basic strategy is as outlined in v3 4.11.1.2: set the "changed" bit on the first 543 * instruction, process it (setting additional "changed" bits), and repeat until there are no 544 * more. 545 * 546 * v3 4.11.1.1 547 * - (N/A) operand stack is always the same size 548 * - operand stack [registers] contain the correct types of values 549 * - local variables [registers] contain the correct types of values 550 * - methods are invoked with the appropriate arguments 551 * - fields are assigned using values of appropriate types 552 * - opcodes have the correct type values in operand registers 553 * - there is never an uninitialized class instance in a local variable in code protected by an 554 * exception handler (operand stack is okay, because the operand stack is discarded when an 555 * exception is thrown) [can't know what's a local var w/o the debug info -- should fall out of 556 * register typing] 557 * 558 * v3 4.11.1.2 559 * - execution cannot fall off the end of the code 560 * 561 * (We also do many of the items described in the "static checks" sections, because it's easier to 562 * do them here.) 563 * 564 * We need an array of RegType values, one per register, for every instruction. If the method uses 565 * monitor-enter, we need extra data for every register, and a stack for every "interesting" 566 * instruction. In theory this could become quite large -- up to several megabytes for a monster 567 * function. 568 * 569 * NOTE: 570 * The spec forbids backward branches when there's an uninitialized reference in a register. The 571 * idea is to prevent something like this: 572 * loop: 573 * move r1, r0 574 * new-instance r0, MyClass 575 * ... 576 * if-eq rN, loop // once 577 * initialize r0 578 * 579 * This leaves us with two different instances, both allocated by the same instruction, but only 580 * one is initialized. The scheme outlined in v3 4.11.1.4 wouldn't catch this, so they work around 581 * it by preventing backward branches. We achieve identical results without restricting code 582 * reordering by specifying that you can't execute the new-instance instruction if a register 583 * contains an uninitialized instance created by that same instruction. 584 */ 585 bool CodeFlowVerifyMethod() SHARED_REQUIRES(Locks::mutator_lock_); 586 587 /* 588 * Perform verification for a single instruction. 589 * 590 * This requires fully decoding the instruction to determine the effect it has on registers. 591 * 592 * Finds zero or more following instructions and sets the "changed" flag if execution at that 593 * point needs to be (re-)evaluated. Register changes are merged into "reg_types_" at the target 594 * addresses. Does not set or clear any other flags in "insn_flags_". 595 */ 596 bool CodeFlowVerifyInstruction(uint32_t* start_guess) 597 SHARED_REQUIRES(Locks::mutator_lock_); 598 599 // Perform verification of a new array instruction 600 void VerifyNewArray(const Instruction* inst, bool is_filled, bool is_range) 601 SHARED_REQUIRES(Locks::mutator_lock_); 602 603 // Helper to perform verification on puts of primitive type. 604 void VerifyPrimitivePut(const RegType& target_type, const RegType& insn_type, 605 const uint32_t vregA) SHARED_REQUIRES(Locks::mutator_lock_); 606 607 // Perform verification of an aget instruction. The destination register's type will be set to 608 // be that of component type of the array unless the array type is unknown, in which case a 609 // bottom type inferred from the type of instruction is used. is_primitive is false for an 610 // aget-object. 611 void VerifyAGet(const Instruction* inst, const RegType& insn_type, 612 bool is_primitive) SHARED_REQUIRES(Locks::mutator_lock_); 613 614 // Perform verification of an aput instruction. 615 void VerifyAPut(const Instruction* inst, const RegType& insn_type, 616 bool is_primitive) SHARED_REQUIRES(Locks::mutator_lock_); 617 618 // Lookup instance field and fail for resolution violations 619 ArtField* GetInstanceField(const RegType& obj_type, int field_idx) 620 SHARED_REQUIRES(Locks::mutator_lock_); 621 622 // Lookup static field and fail for resolution violations 623 ArtField* GetStaticField(int field_idx) SHARED_REQUIRES(Locks::mutator_lock_); 624 625 // Perform verification of an iget/sget/iput/sput instruction. 626 enum class FieldAccessType { // private 627 kAccGet, 628 kAccPut 629 }; 630 template <FieldAccessType kAccType> 631 void VerifyISFieldAccess(const Instruction* inst, const RegType& insn_type, 632 bool is_primitive, bool is_static) 633 SHARED_REQUIRES(Locks::mutator_lock_); 634 635 template <FieldAccessType kAccType> 636 void VerifyQuickFieldAccess(const Instruction* inst, const RegType& insn_type, bool is_primitive) 637 SHARED_REQUIRES(Locks::mutator_lock_); 638 639 // Resolves a class based on an index and performs access checks to ensure the referrer can 640 // access the resolved class. 641 const RegType& ResolveClassAndCheckAccess(uint32_t class_idx) 642 SHARED_REQUIRES(Locks::mutator_lock_); 643 644 /* 645 * For the "move-exception" instruction at "work_insn_idx_", which must be at an exception handler 646 * address, determine the Join of all exceptions that can land here. Fails if no matching 647 * exception handler can be found or if the Join of exception types fails. 648 */ 649 const RegType& GetCaughtExceptionType() 650 SHARED_REQUIRES(Locks::mutator_lock_); 651 652 /* 653 * Resolves a method based on an index and performs access checks to ensure 654 * the referrer can access the resolved method. 655 * Does not throw exceptions. 656 */ 657 ArtMethod* ResolveMethodAndCheckAccess(uint32_t method_idx, MethodType method_type) 658 SHARED_REQUIRES(Locks::mutator_lock_); 659 660 /* 661 * Verify the arguments to a method. We're executing in "method", making 662 * a call to the method reference in vB. 663 * 664 * If this is a "direct" invoke, we allow calls to <init>. For calls to 665 * <init>, the first argument may be an uninitialized reference. Otherwise, 666 * calls to anything starting with '<' will be rejected, as will any 667 * uninitialized reference arguments. 668 * 669 * For non-static method calls, this will verify that the method call is 670 * appropriate for the "this" argument. 671 * 672 * The method reference is in vBBBB. The "is_range" parameter determines 673 * whether we use 0-4 "args" values or a range of registers defined by 674 * vAA and vCCCC. 675 * 676 * Widening conversions on integers and references are allowed, but 677 * narrowing conversions are not. 678 * 679 * Returns the resolved method on success, null on failure (with *failure 680 * set appropriately). 681 */ 682 ArtMethod* VerifyInvocationArgs(const Instruction* inst, 683 MethodType method_type, 684 bool is_range, bool is_super) 685 SHARED_REQUIRES(Locks::mutator_lock_); 686 687 // Similar checks to the above, but on the proto. Will be used when the method cannot be 688 // resolved. 689 void VerifyInvocationArgsUnresolvedMethod(const Instruction* inst, MethodType method_type, 690 bool is_range) 691 SHARED_REQUIRES(Locks::mutator_lock_); 692 693 template <class T> 694 ArtMethod* VerifyInvocationArgsFromIterator(T* it, const Instruction* inst, 695 MethodType method_type, bool is_range, 696 ArtMethod* res_method) 697 SHARED_REQUIRES(Locks::mutator_lock_); 698 699 ArtMethod* VerifyInvokeVirtualQuickArgs(const Instruction* inst, bool is_range) 700 SHARED_REQUIRES(Locks::mutator_lock_); 701 702 /* 703 * Verify that the target instruction is not "move-exception". It's important that the only way 704 * to execute a move-exception is as the first instruction of an exception handler. 705 * Returns "true" if all is well, "false" if the target instruction is move-exception. 706 */ 707 bool CheckNotMoveException(const uint16_t* insns, int insn_idx); 708 709 /* 710 * Verify that the target instruction is not "move-result". It is important that we cannot 711 * branch to move-result instructions, but we have to make this a distinct check instead of 712 * adding it to CheckNotMoveException, because it is legal to continue into "move-result" 713 * instructions - as long as the previous instruction was an invoke, which is checked elsewhere. 714 */ 715 bool CheckNotMoveResult(const uint16_t* insns, int insn_idx); 716 717 /* 718 * Verify that the target instruction is not "move-result" or "move-exception". This is to 719 * be used when checking branch and switch instructions, but not instructions that can 720 * continue. 721 */ 722 bool CheckNotMoveExceptionOrMoveResult(const uint16_t* insns, int insn_idx); 723 724 /* 725 * Control can transfer to "next_insn". Merge the registers from merge_line into the table at 726 * next_insn, and set the changed flag on the target address if any of the registers were changed. 727 * In the case of fall-through, update the merge line on a change as its the working line for the 728 * next instruction. 729 * Returns "false" if an error is encountered. 730 */ 731 bool UpdateRegisters(uint32_t next_insn, RegisterLine* merge_line, bool update_merge_line) 732 SHARED_REQUIRES(Locks::mutator_lock_); 733 734 // Return the register type for the method. 735 const RegType& GetMethodReturnType() SHARED_REQUIRES(Locks::mutator_lock_); 736 737 // Get a type representing the declaring class of the method. 738 const RegType& GetDeclaringClass() SHARED_REQUIRES(Locks::mutator_lock_); 739 740 InstructionFlags* CurrentInsnFlags(); 741 742 const RegType& DetermineCat1Constant(int32_t value, bool precise) 743 SHARED_REQUIRES(Locks::mutator_lock_); 744 745 // Try to create a register type from the given class. In case a precise type is requested, but 746 // the class is not instantiable, a soft error (of type NO_CLASS) will be enqueued and a 747 // non-precise reference will be returned. 748 // Note: we reuse NO_CLASS as this will throw an exception at runtime, when the failing class is 749 // actually touched. 750 const RegType& FromClass(const char* descriptor, mirror::Class* klass, bool precise) 751 SHARED_REQUIRES(Locks::mutator_lock_); 752 753 // The thread we're verifying on. 754 Thread* const self_; 755 756 // Arena allocator. 757 ArenaStack arena_stack_; 758 ScopedArenaAllocator arena_; 759 760 RegTypeCache reg_types_; 761 762 PcToRegisterLineTable reg_table_; 763 764 // Storage for the register status we're currently working on. 765 ArenaUniquePtr<RegisterLine> work_line_; 766 767 // The address of the instruction we're currently working on, note that this is in 2 byte 768 // quantities 769 uint32_t work_insn_idx_; 770 771 // Storage for the register status we're saving for later. 772 ArenaUniquePtr<RegisterLine> saved_line_; 773 774 const uint32_t dex_method_idx_; // The method we're working on. 775 // Its object representation if known. 776 ArtMethod* mirror_method_ GUARDED_BY(Locks::mutator_lock_); 777 const uint32_t method_access_flags_; // Method's access flags. 778 const RegType* return_type_; // Lazily computed return type of the method. 779 const DexFile* const dex_file_; // The dex file containing the method. 780 // The dex_cache for the declaring class of the method. 781 Handle<mirror::DexCache> dex_cache_ GUARDED_BY(Locks::mutator_lock_); 782 // The class loader for the declaring class of the method. 783 Handle<mirror::ClassLoader> class_loader_ GUARDED_BY(Locks::mutator_lock_); 784 const DexFile::ClassDef* const class_def_; // The class def of the declaring class of the method. 785 const DexFile::CodeItem* const code_item_; // The code item containing the code for the method. 786 const RegType* declaring_class_; // Lazily computed reg type of the method's declaring class. 787 // Instruction widths and flags, one entry per code unit. 788 // Owned, but not unique_ptr since insn_flags_ are allocated in arenas. 789 ArenaUniquePtr<InstructionFlags[]> insn_flags_; 790 // The dex PC of a FindLocksAtDexPc request, -1 otherwise. 791 uint32_t interesting_dex_pc_; 792 // The container into which FindLocksAtDexPc should write the registers containing held locks, 793 // null if we're not doing FindLocksAtDexPc. 794 std::vector<uint32_t>* monitor_enter_dex_pcs_; 795 796 // The types of any error that occurs. 797 std::vector<VerifyError> failures_; 798 // Error messages associated with failures. 799 std::vector<std::ostringstream*> failure_messages_; 800 // Is there a pending hard failure? 801 bool have_pending_hard_failure_; 802 // Is there a pending runtime throw failure? A runtime throw failure is when an instruction 803 // would fail at runtime throwing an exception. Such an instruction causes the following code 804 // to be unreachable. This is set by Fail and used to ensure we don't process unreachable 805 // instructions that would hard fail the verification. 806 // Note: this flag is reset after processing each instruction. 807 bool have_pending_runtime_throw_failure_; 808 // Is there a pending experimental failure? 809 bool have_pending_experimental_failure_; 810 811 // A version of the above that is not reset and thus captures if there were *any* throw failures. 812 bool have_any_pending_runtime_throw_failure_; 813 814 // Info message log use primarily for verifier diagnostics. 815 std::ostringstream info_messages_; 816 817 // The number of occurrences of specific opcodes. 818 size_t new_instance_count_; 819 size_t monitor_enter_count_; 820 821 // Bitset of the encountered failure types. Bits are according to the values in VerifyError. 822 uint32_t encountered_failure_types_; 823 824 const bool can_load_classes_; 825 826 // Converts soft failures to hard failures when false. Only false when the compiler isn't 827 // running and the verifier is called from the class linker. 828 const bool allow_soft_failures_; 829 830 // An optimization where instead of generating unique RegTypes for constants we use imprecise 831 // constants that cover a range of constants. This isn't good enough for deoptimization that 832 // avoids loading from registers in the case of a constant as the dex instruction set lost the 833 // notion of whether a value should be in a floating point or general purpose register file. 834 const bool need_precise_constants_; 835 836 // Indicates the method being verified contains at least one check-cast or aput-object 837 // instruction. Aput-object operations implicitly check for array-store exceptions, similar to 838 // check-cast. 839 bool has_check_casts_; 840 841 // Indicates the method being verified contains at least one invoke-virtual/range 842 // or invoke-interface/range. 843 bool has_virtual_or_interface_invokes_; 844 845 // Indicates whether we verify to dump the info. In that case we accept quickened instructions 846 // even though we might detect to be a compiler. Should only be set when running 847 // VerifyMethodAndDump. 848 const bool verify_to_dump_; 849 850 // Whether or not we call AllowThreadSuspension periodically, we want a way to disable this for 851 // thread dumping checkpoints since we may get thread suspension at an inopportune time due to 852 // FindLocksAtDexPC, resulting in deadlocks. 853 const bool allow_thread_suspension_; 854 855 // Whether the method seems to be a constructor. Note that this field exists as we can't trust 856 // the flags in the dex file. Some older code does not mark methods named "<init>" and "<clinit>" 857 // correctly. 858 // 859 // Note: this flag is only valid once Verify() has started. 860 bool is_constructor_; 861 862 // Link, for the method verifier root linked list. 863 MethodVerifier* link_; 864 865 friend class art::Thread; 866 867 // Map of dex pcs of invocations of java.lang.String.<init> to the set of other registers that 868 // contain the uninitialized this pointer to that invoke. Will contain no entry if there are 869 // no other registers. 870 SafeMap<uint32_t, std::set<uint32_t>> string_init_pc_reg_map_; 871 872 DISALLOW_COPY_AND_ASSIGN(MethodVerifier); 873}; 874std::ostream& operator<<(std::ostream& os, const MethodVerifier::FailureKind& rhs); 875 876} // namespace verifier 877} // namespace art 878 879#endif // ART_RUNTIME_VERIFIER_METHOD_VERIFIER_H_ 880