1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "register_line.h" 18 19 #include "base/stringprintf.h" 20 #include "dex_instruction-inl.h" 21 #include "method_verifier-inl.h" 22 #include "register_line-inl.h" 23 #include "reg_type-inl.h" 24 25 namespace art { 26 namespace verifier { 27 28 bool RegisterLine::CheckConstructorReturn(MethodVerifier* verifier) const { 29 if (kIsDebugBuild && this_initialized_) { 30 // Ensure that there is no UninitializedThisReference type anymore if this_initialized_ is true. 31 for (size_t i = 0; i < num_regs_; i++) { 32 const RegType& type = GetRegisterType(verifier, i); 33 CHECK(!type.IsUninitializedThisReference() && 34 !type.IsUnresolvedAndUninitializedThisReference()) 35 << i << ": " << type.IsUninitializedThisReference() << " in " 36 << PrettyMethod(verifier->GetMethodReference().dex_method_index, 37 *verifier->GetMethodReference().dex_file); 38 } 39 } 40 if (!this_initialized_) { 41 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) 42 << "Constructor returning without calling superclass constructor"; 43 } 44 return this_initialized_; 45 } 46 47 const RegType& RegisterLine::GetInvocationThis(MethodVerifier* verifier, const Instruction* inst, 48 bool is_range, bool allow_failure) { 49 const size_t args_count = is_range ? inst->VRegA_3rc() : inst->VRegA_35c(); 50 if (args_count < 1) { 51 if (!allow_failure) { 52 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "invoke lacks 'this'"; 53 } 54 return verifier->GetRegTypeCache()->Conflict(); 55 } 56 /* Get the element type of the array held in vsrc */ 57 const uint32_t this_reg = (is_range) ? inst->VRegC_3rc() : inst->VRegC_35c(); 58 const RegType& this_type = GetRegisterType(verifier, this_reg); 59 if (!this_type.IsReferenceTypes()) { 60 if (!allow_failure) { 61 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) 62 << "tried to get class from non-reference register v" << this_reg 63 << " (type=" << this_type << ")"; 64 } 65 return verifier->GetRegTypeCache()->Conflict(); 66 } 67 return this_type; 68 } 69 70 bool RegisterLine::VerifyRegisterTypeWide(MethodVerifier* verifier, uint32_t vsrc, 71 const RegType& check_type1, 72 const RegType& check_type2) { 73 DCHECK(check_type1.CheckWidePair(check_type2)); 74 // Verify the src register type against the check type refining the type of the register 75 const RegType& src_type = GetRegisterType(verifier, vsrc); 76 if (!check_type1.IsAssignableFrom(src_type)) { 77 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "register v" << vsrc << " has type " << src_type 78 << " but expected " << check_type1; 79 return false; 80 } 81 const RegType& src_type_h = GetRegisterType(verifier, vsrc + 1); 82 if (!src_type.CheckWidePair(src_type_h)) { 83 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "wide register v" << vsrc << " has type " 84 << src_type << "/" << src_type_h; 85 return false; 86 } 87 // The register at vsrc has a defined type, we know the lower-upper-bound, but this is less 88 // precise than the subtype in vsrc so leave it for reference types. For primitive types 89 // if they are a defined type then they are as precise as we can get, however, for constant 90 // types we may wish to refine them. Unfortunately constant propagation has rendered this useless. 91 return true; 92 } 93 94 void RegisterLine::MarkRefsAsInitialized(MethodVerifier* verifier, const RegType& uninit_type, 95 uint32_t this_reg, uint32_t dex_pc) { 96 DCHECK(uninit_type.IsUninitializedTypes()); 97 bool is_string = !uninit_type.IsUnresolvedTypes() && uninit_type.GetClass()->IsStringClass(); 98 const RegType& init_type = verifier->GetRegTypeCache()->FromUninitialized(uninit_type); 99 size_t changed = 0; 100 for (uint32_t i = 0; i < num_regs_; i++) { 101 if (GetRegisterType(verifier, i).Equals(uninit_type)) { 102 line_[i] = init_type.GetId(); 103 changed++; 104 if (is_string && i != this_reg) { 105 auto it = verifier->GetStringInitPcRegMap().find(dex_pc); 106 if (it != verifier->GetStringInitPcRegMap().end()) { 107 it->second.insert(i); 108 } else { 109 std::set<uint32_t> reg_set = { i }; 110 verifier->GetStringInitPcRegMap().Put(dex_pc, reg_set); 111 } 112 } 113 } 114 } 115 // Is this initializing "this"? 116 if (uninit_type.IsUninitializedThisReference() || 117 uninit_type.IsUnresolvedAndUninitializedThisReference()) { 118 this_initialized_ = true; 119 } 120 DCHECK_GT(changed, 0u); 121 } 122 123 void RegisterLine::MarkAllRegistersAsConflicts(MethodVerifier* verifier) { 124 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId(); 125 for (uint32_t i = 0; i < num_regs_; i++) { 126 line_[i] = conflict_type_id; 127 } 128 } 129 130 void RegisterLine::MarkAllRegistersAsConflictsExcept(MethodVerifier* verifier, uint32_t vsrc) { 131 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId(); 132 for (uint32_t i = 0; i < num_regs_; i++) { 133 if (i != vsrc) { 134 line_[i] = conflict_type_id; 135 } 136 } 137 } 138 139 void RegisterLine::MarkAllRegistersAsConflictsExceptWide(MethodVerifier* verifier, uint32_t vsrc) { 140 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId(); 141 for (uint32_t i = 0; i < num_regs_; i++) { 142 if ((i != vsrc) && (i != (vsrc + 1))) { 143 line_[i] = conflict_type_id; 144 } 145 } 146 } 147 148 std::string RegisterLine::Dump(MethodVerifier* verifier) const { 149 std::string result; 150 for (size_t i = 0; i < num_regs_; i++) { 151 result += StringPrintf("%zd:[", i); 152 result += GetRegisterType(verifier, i).Dump(); 153 result += "],"; 154 } 155 for (const auto& monitor : monitors_) { 156 result += StringPrintf("{%d},", monitor); 157 } 158 return result; 159 } 160 161 void RegisterLine::MarkUninitRefsAsInvalid(MethodVerifier* verifier, const RegType& uninit_type) { 162 for (size_t i = 0; i < num_regs_; i++) { 163 if (GetRegisterType(verifier, i).Equals(uninit_type)) { 164 line_[i] = verifier->GetRegTypeCache()->Conflict().GetId(); 165 ClearAllRegToLockDepths(i); 166 } 167 } 168 } 169 170 void RegisterLine::CopyResultRegister1(MethodVerifier* verifier, uint32_t vdst, bool is_reference) { 171 const RegType& type = verifier->GetRegTypeCache()->GetFromId(result_[0]); 172 if ((!is_reference && !type.IsCategory1Types()) || 173 (is_reference && !type.IsReferenceTypes())) { 174 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) 175 << "copyRes1 v" << vdst << "<- result0" << " type=" << type; 176 } else { 177 DCHECK(verifier->GetRegTypeCache()->GetFromId(result_[1]).IsUndefined()); 178 SetRegisterType(verifier, vdst, type); 179 result_[0] = verifier->GetRegTypeCache()->Undefined().GetId(); 180 } 181 } 182 183 /* 184 * Implement "move-result-wide". Copy the category-2 value from the result 185 * register to another register, and reset the result register. 186 */ 187 void RegisterLine::CopyResultRegister2(MethodVerifier* verifier, uint32_t vdst) { 188 const RegType& type_l = verifier->GetRegTypeCache()->GetFromId(result_[0]); 189 const RegType& type_h = verifier->GetRegTypeCache()->GetFromId(result_[1]); 190 if (!type_l.IsCategory2Types()) { 191 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) 192 << "copyRes2 v" << vdst << "<- result0" << " type=" << type_l; 193 } else { 194 DCHECK(type_l.CheckWidePair(type_h)); // Set should never allow this case 195 SetRegisterTypeWide(verifier, vdst, type_l, type_h); // also sets the high 196 result_[0] = verifier->GetRegTypeCache()->Undefined().GetId(); 197 result_[1] = verifier->GetRegTypeCache()->Undefined().GetId(); 198 } 199 } 200 201 void RegisterLine::CheckUnaryOp(MethodVerifier* verifier, const Instruction* inst, 202 const RegType& dst_type, const RegType& src_type) { 203 if (VerifyRegisterType(verifier, inst->VRegB_12x(), src_type)) { 204 SetRegisterType(verifier, inst->VRegA_12x(), dst_type); 205 } 206 } 207 208 void RegisterLine::CheckUnaryOpWide(MethodVerifier* verifier, const Instruction* inst, 209 const RegType& dst_type1, const RegType& dst_type2, 210 const RegType& src_type1, const RegType& src_type2) { 211 if (VerifyRegisterTypeWide(verifier, inst->VRegB_12x(), src_type1, src_type2)) { 212 SetRegisterTypeWide(verifier, inst->VRegA_12x(), dst_type1, dst_type2); 213 } 214 } 215 216 void RegisterLine::CheckUnaryOpToWide(MethodVerifier* verifier, const Instruction* inst, 217 const RegType& dst_type1, const RegType& dst_type2, 218 const RegType& src_type) { 219 if (VerifyRegisterType(verifier, inst->VRegB_12x(), src_type)) { 220 SetRegisterTypeWide(verifier, inst->VRegA_12x(), dst_type1, dst_type2); 221 } 222 } 223 224 void RegisterLine::CheckUnaryOpFromWide(MethodVerifier* verifier, const Instruction* inst, 225 const RegType& dst_type, 226 const RegType& src_type1, const RegType& src_type2) { 227 if (VerifyRegisterTypeWide(verifier, inst->VRegB_12x(), src_type1, src_type2)) { 228 SetRegisterType(verifier, inst->VRegA_12x(), dst_type); 229 } 230 } 231 232 void RegisterLine::CheckBinaryOp(MethodVerifier* verifier, const Instruction* inst, 233 const RegType& dst_type, 234 const RegType& src_type1, const RegType& src_type2, 235 bool check_boolean_op) { 236 const uint32_t vregB = inst->VRegB_23x(); 237 const uint32_t vregC = inst->VRegC_23x(); 238 if (VerifyRegisterType(verifier, vregB, src_type1) && 239 VerifyRegisterType(verifier, vregC, src_type2)) { 240 if (check_boolean_op) { 241 DCHECK(dst_type.IsInteger()); 242 if (GetRegisterType(verifier, vregB).IsBooleanTypes() && 243 GetRegisterType(verifier, vregC).IsBooleanTypes()) { 244 SetRegisterType(verifier, inst->VRegA_23x(), verifier->GetRegTypeCache()->Boolean()); 245 return; 246 } 247 } 248 SetRegisterType(verifier, inst->VRegA_23x(), dst_type); 249 } 250 } 251 252 void RegisterLine::CheckBinaryOpWide(MethodVerifier* verifier, const Instruction* inst, 253 const RegType& dst_type1, const RegType& dst_type2, 254 const RegType& src_type1_1, const RegType& src_type1_2, 255 const RegType& src_type2_1, const RegType& src_type2_2) { 256 if (VerifyRegisterTypeWide(verifier, inst->VRegB_23x(), src_type1_1, src_type1_2) && 257 VerifyRegisterTypeWide(verifier, inst->VRegC_23x(), src_type2_1, src_type2_2)) { 258 SetRegisterTypeWide(verifier, inst->VRegA_23x(), dst_type1, dst_type2); 259 } 260 } 261 262 void RegisterLine::CheckBinaryOpWideShift(MethodVerifier* verifier, const Instruction* inst, 263 const RegType& long_lo_type, const RegType& long_hi_type, 264 const RegType& int_type) { 265 if (VerifyRegisterTypeWide(verifier, inst->VRegB_23x(), long_lo_type, long_hi_type) && 266 VerifyRegisterType(verifier, inst->VRegC_23x(), int_type)) { 267 SetRegisterTypeWide(verifier, inst->VRegA_23x(), long_lo_type, long_hi_type); 268 } 269 } 270 271 void RegisterLine::CheckBinaryOp2addr(MethodVerifier* verifier, const Instruction* inst, 272 const RegType& dst_type, const RegType& src_type1, 273 const RegType& src_type2, bool check_boolean_op) { 274 const uint32_t vregA = inst->VRegA_12x(); 275 const uint32_t vregB = inst->VRegB_12x(); 276 if (VerifyRegisterType(verifier, vregA, src_type1) && 277 VerifyRegisterType(verifier, vregB, src_type2)) { 278 if (check_boolean_op) { 279 DCHECK(dst_type.IsInteger()); 280 if (GetRegisterType(verifier, vregA).IsBooleanTypes() && 281 GetRegisterType(verifier, vregB).IsBooleanTypes()) { 282 SetRegisterType(verifier, vregA, verifier->GetRegTypeCache()->Boolean()); 283 return; 284 } 285 } 286 SetRegisterType(verifier, vregA, dst_type); 287 } 288 } 289 290 void RegisterLine::CheckBinaryOp2addrWide(MethodVerifier* verifier, const Instruction* inst, 291 const RegType& dst_type1, const RegType& dst_type2, 292 const RegType& src_type1_1, const RegType& src_type1_2, 293 const RegType& src_type2_1, const RegType& src_type2_2) { 294 const uint32_t vregA = inst->VRegA_12x(); 295 const uint32_t vregB = inst->VRegB_12x(); 296 if (VerifyRegisterTypeWide(verifier, vregA, src_type1_1, src_type1_2) && 297 VerifyRegisterTypeWide(verifier, vregB, src_type2_1, src_type2_2)) { 298 SetRegisterTypeWide(verifier, vregA, dst_type1, dst_type2); 299 } 300 } 301 302 void RegisterLine::CheckBinaryOp2addrWideShift(MethodVerifier* verifier, const Instruction* inst, 303 const RegType& long_lo_type, const RegType& long_hi_type, 304 const RegType& int_type) { 305 const uint32_t vregA = inst->VRegA_12x(); 306 const uint32_t vregB = inst->VRegB_12x(); 307 if (VerifyRegisterTypeWide(verifier, vregA, long_lo_type, long_hi_type) && 308 VerifyRegisterType(verifier, vregB, int_type)) { 309 SetRegisterTypeWide(verifier, vregA, long_lo_type, long_hi_type); 310 } 311 } 312 313 void RegisterLine::CheckLiteralOp(MethodVerifier* verifier, const Instruction* inst, 314 const RegType& dst_type, const RegType& src_type, 315 bool check_boolean_op, bool is_lit16) { 316 const uint32_t vregA = is_lit16 ? inst->VRegA_22s() : inst->VRegA_22b(); 317 const uint32_t vregB = is_lit16 ? inst->VRegB_22s() : inst->VRegB_22b(); 318 if (VerifyRegisterType(verifier, vregB, src_type)) { 319 if (check_boolean_op) { 320 DCHECK(dst_type.IsInteger()); 321 /* check vB with the call, then check the constant manually */ 322 const uint32_t val = is_lit16 ? inst->VRegC_22s() : inst->VRegC_22b(); 323 if (GetRegisterType(verifier, vregB).IsBooleanTypes() && (val == 0 || val == 1)) { 324 SetRegisterType(verifier, vregA, verifier->GetRegTypeCache()->Boolean()); 325 return; 326 } 327 } 328 SetRegisterType(verifier, vregA, dst_type); 329 } 330 } 331 332 void RegisterLine::PushMonitor(MethodVerifier* verifier, uint32_t reg_idx, int32_t insn_idx) { 333 const RegType& reg_type = GetRegisterType(verifier, reg_idx); 334 if (!reg_type.IsReferenceTypes()) { 335 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-enter on non-object (" 336 << reg_type << ")"; 337 } else if (monitors_.size() >= 32) { 338 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-enter stack overflow: " 339 << monitors_.size(); 340 } else { 341 if (SetRegToLockDepth(reg_idx, monitors_.size())) { 342 monitors_.push_back(insn_idx); 343 } else { 344 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "unexpected monitor-enter on register v" << 345 reg_idx; 346 } 347 } 348 } 349 350 void RegisterLine::PopMonitor(MethodVerifier* verifier, uint32_t reg_idx) { 351 const RegType& reg_type = GetRegisterType(verifier, reg_idx); 352 if (!reg_type.IsReferenceTypes()) { 353 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-exit on non-object (" << reg_type << ")"; 354 } else if (monitors_.empty()) { 355 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-exit stack underflow"; 356 } else { 357 monitors_.pop_back(); 358 if (!IsSetLockDepth(reg_idx, monitors_.size())) { 359 // Bug 3215458: Locks and unlocks are on objects, if that object is a literal then before 360 // format "036" the constant collector may create unlocks on the same object but referenced 361 // via different registers. 362 ((verifier->DexFileVersion() >= 36) ? verifier->Fail(VERIFY_ERROR_BAD_CLASS_SOFT) 363 : verifier->LogVerifyInfo()) 364 << "monitor-exit not unlocking the top of the monitor stack"; 365 } else { 366 // Record the register was unlocked 367 ClearRegToLockDepth(reg_idx, monitors_.size()); 368 } 369 } 370 } 371 372 bool RegisterLine::MergeRegisters(MethodVerifier* verifier, const RegisterLine* incoming_line) { 373 bool changed = false; 374 DCHECK(incoming_line != nullptr); 375 for (size_t idx = 0; idx < num_regs_; idx++) { 376 if (line_[idx] != incoming_line->line_[idx]) { 377 const RegType& incoming_reg_type = incoming_line->GetRegisterType(verifier, idx); 378 const RegType& cur_type = GetRegisterType(verifier, idx); 379 const RegType& new_type = cur_type.Merge(incoming_reg_type, verifier->GetRegTypeCache()); 380 changed = changed || !cur_type.Equals(new_type); 381 line_[idx] = new_type.GetId(); 382 } 383 } 384 if (monitors_.size() > 0 || incoming_line->monitors_.size() > 0) { 385 if (monitors_.size() != incoming_line->monitors_.size()) { 386 LOG(WARNING) << "mismatched stack depths (depth=" << MonitorStackDepth() 387 << ", incoming depth=" << incoming_line->MonitorStackDepth() << ")"; 388 } else if (reg_to_lock_depths_ != incoming_line->reg_to_lock_depths_) { 389 for (uint32_t idx = 0; idx < num_regs_; idx++) { 390 size_t depths = reg_to_lock_depths_.count(idx); 391 size_t incoming_depths = incoming_line->reg_to_lock_depths_.count(idx); 392 if (depths != incoming_depths) { 393 if (depths == 0 || incoming_depths == 0) { 394 reg_to_lock_depths_.erase(idx); 395 } else { 396 LOG(WARNING) << "mismatched stack depths for register v" << idx 397 << ": " << depths << " != " << incoming_depths; 398 break; 399 } 400 } 401 } 402 } 403 } 404 // Check whether "this" was initialized in both paths. 405 if (this_initialized_ && !incoming_line->this_initialized_) { 406 this_initialized_ = false; 407 changed = true; 408 } 409 return changed; 410 } 411 412 void RegisterLine::WriteReferenceBitMap(MethodVerifier* verifier, 413 std::vector<uint8_t>* data, size_t max_bytes) { 414 for (size_t i = 0; i < num_regs_; i += 8) { 415 uint8_t val = 0; 416 for (size_t j = 0; j < 8 && (i + j) < num_regs_; j++) { 417 // Note: we write 1 for a Reference but not for Null 418 if (GetRegisterType(verifier, i + j).IsNonZeroReferenceTypes()) { 419 val |= 1 << j; 420 } 421 } 422 if ((i / 8) >= max_bytes) { 423 DCHECK_EQ(0, val); 424 continue; 425 } 426 DCHECK_LT(i / 8, max_bytes) << "val=" << static_cast<uint32_t>(val); 427 data->push_back(val); 428 } 429 } 430 431 } // namespace verifier 432 } // namespace art 433