1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "register_line.h"
18
19 #include "base/stringprintf.h"
20 #include "dex_instruction-inl.h"
21 #include "method_verifier-inl.h"
22 #include "register_line-inl.h"
23 #include "reg_type-inl.h"
24
25 namespace art {
26 namespace verifier {
27
CheckConstructorReturn(MethodVerifier * verifier) const28 bool RegisterLine::CheckConstructorReturn(MethodVerifier* verifier) const {
29 if (kIsDebugBuild && this_initialized_) {
30 // Ensure that there is no UninitializedThisReference type anymore if this_initialized_ is true.
31 for (size_t i = 0; i < num_regs_; i++) {
32 const RegType& type = GetRegisterType(verifier, i);
33 CHECK(!type.IsUninitializedThisReference() &&
34 !type.IsUnresolvedAndUninitializedThisReference())
35 << i << ": " << type.IsUninitializedThisReference() << " in "
36 << PrettyMethod(verifier->GetMethodReference().dex_method_index,
37 *verifier->GetMethodReference().dex_file);
38 }
39 }
40 if (!this_initialized_) {
41 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD)
42 << "Constructor returning without calling superclass constructor";
43 }
44 return this_initialized_;
45 }
46
GetInvocationThis(MethodVerifier * verifier,const Instruction * inst,bool is_range,bool allow_failure)47 const RegType& RegisterLine::GetInvocationThis(MethodVerifier* verifier, const Instruction* inst,
48 bool is_range, bool allow_failure) {
49 const size_t args_count = is_range ? inst->VRegA_3rc() : inst->VRegA_35c();
50 if (args_count < 1) {
51 if (!allow_failure) {
52 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "invoke lacks 'this'";
53 }
54 return verifier->GetRegTypeCache()->Conflict();
55 }
56 /* Get the element type of the array held in vsrc */
57 const uint32_t this_reg = (is_range) ? inst->VRegC_3rc() : inst->VRegC_35c();
58 const RegType& this_type = GetRegisterType(verifier, this_reg);
59 if (!this_type.IsReferenceTypes()) {
60 if (!allow_failure) {
61 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD)
62 << "tried to get class from non-reference register v" << this_reg
63 << " (type=" << this_type << ")";
64 }
65 return verifier->GetRegTypeCache()->Conflict();
66 }
67 return this_type;
68 }
69
VerifyRegisterTypeWide(MethodVerifier * verifier,uint32_t vsrc,const RegType & check_type1,const RegType & check_type2)70 bool RegisterLine::VerifyRegisterTypeWide(MethodVerifier* verifier, uint32_t vsrc,
71 const RegType& check_type1,
72 const RegType& check_type2) {
73 DCHECK(check_type1.CheckWidePair(check_type2));
74 // Verify the src register type against the check type refining the type of the register
75 const RegType& src_type = GetRegisterType(verifier, vsrc);
76 if (!check_type1.IsAssignableFrom(src_type)) {
77 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "register v" << vsrc << " has type " << src_type
78 << " but expected " << check_type1;
79 return false;
80 }
81 const RegType& src_type_h = GetRegisterType(verifier, vsrc + 1);
82 if (!src_type.CheckWidePair(src_type_h)) {
83 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "wide register v" << vsrc << " has type "
84 << src_type << "/" << src_type_h;
85 return false;
86 }
87 // The register at vsrc has a defined type, we know the lower-upper-bound, but this is less
88 // precise than the subtype in vsrc so leave it for reference types. For primitive types
89 // if they are a defined type then they are as precise as we can get, however, for constant
90 // types we may wish to refine them. Unfortunately constant propagation has rendered this useless.
91 return true;
92 }
93
MarkRefsAsInitialized(MethodVerifier * verifier,const RegType & uninit_type,uint32_t this_reg,uint32_t dex_pc)94 void RegisterLine::MarkRefsAsInitialized(MethodVerifier* verifier, const RegType& uninit_type,
95 uint32_t this_reg, uint32_t dex_pc) {
96 DCHECK(uninit_type.IsUninitializedTypes());
97 bool is_string = !uninit_type.IsUnresolvedTypes() && uninit_type.GetClass()->IsStringClass();
98 const RegType& init_type = verifier->GetRegTypeCache()->FromUninitialized(uninit_type);
99 size_t changed = 0;
100 for (uint32_t i = 0; i < num_regs_; i++) {
101 if (GetRegisterType(verifier, i).Equals(uninit_type)) {
102 line_[i] = init_type.GetId();
103 changed++;
104 if (is_string && i != this_reg) {
105 auto it = verifier->GetStringInitPcRegMap().find(dex_pc);
106 if (it != verifier->GetStringInitPcRegMap().end()) {
107 it->second.insert(i);
108 } else {
109 std::set<uint32_t> reg_set = { i };
110 verifier->GetStringInitPcRegMap().Put(dex_pc, reg_set);
111 }
112 }
113 }
114 }
115 // Is this initializing "this"?
116 if (uninit_type.IsUninitializedThisReference() ||
117 uninit_type.IsUnresolvedAndUninitializedThisReference()) {
118 this_initialized_ = true;
119 }
120 DCHECK_GT(changed, 0u);
121 }
122
MarkAllRegistersAsConflicts(MethodVerifier * verifier)123 void RegisterLine::MarkAllRegistersAsConflicts(MethodVerifier* verifier) {
124 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId();
125 for (uint32_t i = 0; i < num_regs_; i++) {
126 line_[i] = conflict_type_id;
127 }
128 }
129
MarkAllRegistersAsConflictsExcept(MethodVerifier * verifier,uint32_t vsrc)130 void RegisterLine::MarkAllRegistersAsConflictsExcept(MethodVerifier* verifier, uint32_t vsrc) {
131 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId();
132 for (uint32_t i = 0; i < num_regs_; i++) {
133 if (i != vsrc) {
134 line_[i] = conflict_type_id;
135 }
136 }
137 }
138
MarkAllRegistersAsConflictsExceptWide(MethodVerifier * verifier,uint32_t vsrc)139 void RegisterLine::MarkAllRegistersAsConflictsExceptWide(MethodVerifier* verifier, uint32_t vsrc) {
140 uint16_t conflict_type_id = verifier->GetRegTypeCache()->Conflict().GetId();
141 for (uint32_t i = 0; i < num_regs_; i++) {
142 if ((i != vsrc) && (i != (vsrc + 1))) {
143 line_[i] = conflict_type_id;
144 }
145 }
146 }
147
Dump(MethodVerifier * verifier) const148 std::string RegisterLine::Dump(MethodVerifier* verifier) const {
149 std::string result;
150 for (size_t i = 0; i < num_regs_; i++) {
151 result += StringPrintf("%zd:[", i);
152 result += GetRegisterType(verifier, i).Dump();
153 result += "],";
154 }
155 for (const auto& monitor : monitors_) {
156 result += StringPrintf("{%d},", monitor);
157 }
158 return result;
159 }
160
MarkUninitRefsAsInvalid(MethodVerifier * verifier,const RegType & uninit_type)161 void RegisterLine::MarkUninitRefsAsInvalid(MethodVerifier* verifier, const RegType& uninit_type) {
162 for (size_t i = 0; i < num_regs_; i++) {
163 if (GetRegisterType(verifier, i).Equals(uninit_type)) {
164 line_[i] = verifier->GetRegTypeCache()->Conflict().GetId();
165 ClearAllRegToLockDepths(i);
166 }
167 }
168 }
169
CopyResultRegister1(MethodVerifier * verifier,uint32_t vdst,bool is_reference)170 void RegisterLine::CopyResultRegister1(MethodVerifier* verifier, uint32_t vdst, bool is_reference) {
171 const RegType& type = verifier->GetRegTypeCache()->GetFromId(result_[0]);
172 if ((!is_reference && !type.IsCategory1Types()) ||
173 (is_reference && !type.IsReferenceTypes())) {
174 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD)
175 << "copyRes1 v" << vdst << "<- result0" << " type=" << type;
176 } else {
177 DCHECK(verifier->GetRegTypeCache()->GetFromId(result_[1]).IsUndefined());
178 SetRegisterType(verifier, vdst, type);
179 result_[0] = verifier->GetRegTypeCache()->Undefined().GetId();
180 }
181 }
182
183 /*
184 * Implement "move-result-wide". Copy the category-2 value from the result
185 * register to another register, and reset the result register.
186 */
CopyResultRegister2(MethodVerifier * verifier,uint32_t vdst)187 void RegisterLine::CopyResultRegister2(MethodVerifier* verifier, uint32_t vdst) {
188 const RegType& type_l = verifier->GetRegTypeCache()->GetFromId(result_[0]);
189 const RegType& type_h = verifier->GetRegTypeCache()->GetFromId(result_[1]);
190 if (!type_l.IsCategory2Types()) {
191 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD)
192 << "copyRes2 v" << vdst << "<- result0" << " type=" << type_l;
193 } else {
194 DCHECK(type_l.CheckWidePair(type_h)); // Set should never allow this case
195 SetRegisterTypeWide(verifier, vdst, type_l, type_h); // also sets the high
196 result_[0] = verifier->GetRegTypeCache()->Undefined().GetId();
197 result_[1] = verifier->GetRegTypeCache()->Undefined().GetId();
198 }
199 }
200
CheckUnaryOp(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type,const RegType & src_type)201 void RegisterLine::CheckUnaryOp(MethodVerifier* verifier, const Instruction* inst,
202 const RegType& dst_type, const RegType& src_type) {
203 if (VerifyRegisterType(verifier, inst->VRegB_12x(), src_type)) {
204 SetRegisterType(verifier, inst->VRegA_12x(), dst_type);
205 }
206 }
207
CheckUnaryOpWide(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type1,const RegType & dst_type2,const RegType & src_type1,const RegType & src_type2)208 void RegisterLine::CheckUnaryOpWide(MethodVerifier* verifier, const Instruction* inst,
209 const RegType& dst_type1, const RegType& dst_type2,
210 const RegType& src_type1, const RegType& src_type2) {
211 if (VerifyRegisterTypeWide(verifier, inst->VRegB_12x(), src_type1, src_type2)) {
212 SetRegisterTypeWide(verifier, inst->VRegA_12x(), dst_type1, dst_type2);
213 }
214 }
215
CheckUnaryOpToWide(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type1,const RegType & dst_type2,const RegType & src_type)216 void RegisterLine::CheckUnaryOpToWide(MethodVerifier* verifier, const Instruction* inst,
217 const RegType& dst_type1, const RegType& dst_type2,
218 const RegType& src_type) {
219 if (VerifyRegisterType(verifier, inst->VRegB_12x(), src_type)) {
220 SetRegisterTypeWide(verifier, inst->VRegA_12x(), dst_type1, dst_type2);
221 }
222 }
223
CheckUnaryOpFromWide(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type,const RegType & src_type1,const RegType & src_type2)224 void RegisterLine::CheckUnaryOpFromWide(MethodVerifier* verifier, const Instruction* inst,
225 const RegType& dst_type,
226 const RegType& src_type1, const RegType& src_type2) {
227 if (VerifyRegisterTypeWide(verifier, inst->VRegB_12x(), src_type1, src_type2)) {
228 SetRegisterType(verifier, inst->VRegA_12x(), dst_type);
229 }
230 }
231
CheckBinaryOp(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type,const RegType & src_type1,const RegType & src_type2,bool check_boolean_op)232 void RegisterLine::CheckBinaryOp(MethodVerifier* verifier, const Instruction* inst,
233 const RegType& dst_type,
234 const RegType& src_type1, const RegType& src_type2,
235 bool check_boolean_op) {
236 const uint32_t vregB = inst->VRegB_23x();
237 const uint32_t vregC = inst->VRegC_23x();
238 if (VerifyRegisterType(verifier, vregB, src_type1) &&
239 VerifyRegisterType(verifier, vregC, src_type2)) {
240 if (check_boolean_op) {
241 DCHECK(dst_type.IsInteger());
242 if (GetRegisterType(verifier, vregB).IsBooleanTypes() &&
243 GetRegisterType(verifier, vregC).IsBooleanTypes()) {
244 SetRegisterType(verifier, inst->VRegA_23x(), verifier->GetRegTypeCache()->Boolean());
245 return;
246 }
247 }
248 SetRegisterType(verifier, inst->VRegA_23x(), dst_type);
249 }
250 }
251
CheckBinaryOpWide(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type1,const RegType & dst_type2,const RegType & src_type1_1,const RegType & src_type1_2,const RegType & src_type2_1,const RegType & src_type2_2)252 void RegisterLine::CheckBinaryOpWide(MethodVerifier* verifier, const Instruction* inst,
253 const RegType& dst_type1, const RegType& dst_type2,
254 const RegType& src_type1_1, const RegType& src_type1_2,
255 const RegType& src_type2_1, const RegType& src_type2_2) {
256 if (VerifyRegisterTypeWide(verifier, inst->VRegB_23x(), src_type1_1, src_type1_2) &&
257 VerifyRegisterTypeWide(verifier, inst->VRegC_23x(), src_type2_1, src_type2_2)) {
258 SetRegisterTypeWide(verifier, inst->VRegA_23x(), dst_type1, dst_type2);
259 }
260 }
261
CheckBinaryOpWideShift(MethodVerifier * verifier,const Instruction * inst,const RegType & long_lo_type,const RegType & long_hi_type,const RegType & int_type)262 void RegisterLine::CheckBinaryOpWideShift(MethodVerifier* verifier, const Instruction* inst,
263 const RegType& long_lo_type, const RegType& long_hi_type,
264 const RegType& int_type) {
265 if (VerifyRegisterTypeWide(verifier, inst->VRegB_23x(), long_lo_type, long_hi_type) &&
266 VerifyRegisterType(verifier, inst->VRegC_23x(), int_type)) {
267 SetRegisterTypeWide(verifier, inst->VRegA_23x(), long_lo_type, long_hi_type);
268 }
269 }
270
CheckBinaryOp2addr(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type,const RegType & src_type1,const RegType & src_type2,bool check_boolean_op)271 void RegisterLine::CheckBinaryOp2addr(MethodVerifier* verifier, const Instruction* inst,
272 const RegType& dst_type, const RegType& src_type1,
273 const RegType& src_type2, bool check_boolean_op) {
274 const uint32_t vregA = inst->VRegA_12x();
275 const uint32_t vregB = inst->VRegB_12x();
276 if (VerifyRegisterType(verifier, vregA, src_type1) &&
277 VerifyRegisterType(verifier, vregB, src_type2)) {
278 if (check_boolean_op) {
279 DCHECK(dst_type.IsInteger());
280 if (GetRegisterType(verifier, vregA).IsBooleanTypes() &&
281 GetRegisterType(verifier, vregB).IsBooleanTypes()) {
282 SetRegisterType(verifier, vregA, verifier->GetRegTypeCache()->Boolean());
283 return;
284 }
285 }
286 SetRegisterType(verifier, vregA, dst_type);
287 }
288 }
289
CheckBinaryOp2addrWide(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type1,const RegType & dst_type2,const RegType & src_type1_1,const RegType & src_type1_2,const RegType & src_type2_1,const RegType & src_type2_2)290 void RegisterLine::CheckBinaryOp2addrWide(MethodVerifier* verifier, const Instruction* inst,
291 const RegType& dst_type1, const RegType& dst_type2,
292 const RegType& src_type1_1, const RegType& src_type1_2,
293 const RegType& src_type2_1, const RegType& src_type2_2) {
294 const uint32_t vregA = inst->VRegA_12x();
295 const uint32_t vregB = inst->VRegB_12x();
296 if (VerifyRegisterTypeWide(verifier, vregA, src_type1_1, src_type1_2) &&
297 VerifyRegisterTypeWide(verifier, vregB, src_type2_1, src_type2_2)) {
298 SetRegisterTypeWide(verifier, vregA, dst_type1, dst_type2);
299 }
300 }
301
CheckBinaryOp2addrWideShift(MethodVerifier * verifier,const Instruction * inst,const RegType & long_lo_type,const RegType & long_hi_type,const RegType & int_type)302 void RegisterLine::CheckBinaryOp2addrWideShift(MethodVerifier* verifier, const Instruction* inst,
303 const RegType& long_lo_type, const RegType& long_hi_type,
304 const RegType& int_type) {
305 const uint32_t vregA = inst->VRegA_12x();
306 const uint32_t vregB = inst->VRegB_12x();
307 if (VerifyRegisterTypeWide(verifier, vregA, long_lo_type, long_hi_type) &&
308 VerifyRegisterType(verifier, vregB, int_type)) {
309 SetRegisterTypeWide(verifier, vregA, long_lo_type, long_hi_type);
310 }
311 }
312
CheckLiteralOp(MethodVerifier * verifier,const Instruction * inst,const RegType & dst_type,const RegType & src_type,bool check_boolean_op,bool is_lit16)313 void RegisterLine::CheckLiteralOp(MethodVerifier* verifier, const Instruction* inst,
314 const RegType& dst_type, const RegType& src_type,
315 bool check_boolean_op, bool is_lit16) {
316 const uint32_t vregA = is_lit16 ? inst->VRegA_22s() : inst->VRegA_22b();
317 const uint32_t vregB = is_lit16 ? inst->VRegB_22s() : inst->VRegB_22b();
318 if (VerifyRegisterType(verifier, vregB, src_type)) {
319 if (check_boolean_op) {
320 DCHECK(dst_type.IsInteger());
321 /* check vB with the call, then check the constant manually */
322 const uint32_t val = is_lit16 ? inst->VRegC_22s() : inst->VRegC_22b();
323 if (GetRegisterType(verifier, vregB).IsBooleanTypes() && (val == 0 || val == 1)) {
324 SetRegisterType(verifier, vregA, verifier->GetRegTypeCache()->Boolean());
325 return;
326 }
327 }
328 SetRegisterType(verifier, vregA, dst_type);
329 }
330 }
331
PushMonitor(MethodVerifier * verifier,uint32_t reg_idx,int32_t insn_idx)332 void RegisterLine::PushMonitor(MethodVerifier* verifier, uint32_t reg_idx, int32_t insn_idx) {
333 const RegType& reg_type = GetRegisterType(verifier, reg_idx);
334 if (!reg_type.IsReferenceTypes()) {
335 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-enter on non-object ("
336 << reg_type << ")";
337 } else if (monitors_.size() >= 32) {
338 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-enter stack overflow: "
339 << monitors_.size();
340 } else {
341 if (SetRegToLockDepth(reg_idx, monitors_.size())) {
342 monitors_.push_back(insn_idx);
343 } else {
344 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "unexpected monitor-enter on register v" <<
345 reg_idx;
346 }
347 }
348 }
349
PopMonitor(MethodVerifier * verifier,uint32_t reg_idx)350 void RegisterLine::PopMonitor(MethodVerifier* verifier, uint32_t reg_idx) {
351 const RegType& reg_type = GetRegisterType(verifier, reg_idx);
352 if (!reg_type.IsReferenceTypes()) {
353 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-exit on non-object (" << reg_type << ")";
354 } else if (monitors_.empty()) {
355 verifier->Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "monitor-exit stack underflow";
356 } else {
357 monitors_.pop_back();
358 if (!IsSetLockDepth(reg_idx, monitors_.size())) {
359 // Bug 3215458: Locks and unlocks are on objects, if that object is a literal then before
360 // format "036" the constant collector may create unlocks on the same object but referenced
361 // via different registers.
362 ((verifier->DexFileVersion() >= 36) ? verifier->Fail(VERIFY_ERROR_BAD_CLASS_SOFT)
363 : verifier->LogVerifyInfo())
364 << "monitor-exit not unlocking the top of the monitor stack";
365 } else {
366 // Record the register was unlocked
367 ClearRegToLockDepth(reg_idx, monitors_.size());
368 }
369 }
370 }
371
MergeRegisters(MethodVerifier * verifier,const RegisterLine * incoming_line)372 bool RegisterLine::MergeRegisters(MethodVerifier* verifier, const RegisterLine* incoming_line) {
373 bool changed = false;
374 DCHECK(incoming_line != nullptr);
375 for (size_t idx = 0; idx < num_regs_; idx++) {
376 if (line_[idx] != incoming_line->line_[idx]) {
377 const RegType& incoming_reg_type = incoming_line->GetRegisterType(verifier, idx);
378 const RegType& cur_type = GetRegisterType(verifier, idx);
379 const RegType& new_type = cur_type.Merge(incoming_reg_type, verifier->GetRegTypeCache());
380 changed = changed || !cur_type.Equals(new_type);
381 line_[idx] = new_type.GetId();
382 }
383 }
384 if (monitors_.size() > 0 || incoming_line->monitors_.size() > 0) {
385 if (monitors_.size() != incoming_line->monitors_.size()) {
386 LOG(WARNING) << "mismatched stack depths (depth=" << MonitorStackDepth()
387 << ", incoming depth=" << incoming_line->MonitorStackDepth() << ")";
388 } else if (reg_to_lock_depths_ != incoming_line->reg_to_lock_depths_) {
389 for (uint32_t idx = 0; idx < num_regs_; idx++) {
390 size_t depths = reg_to_lock_depths_.count(idx);
391 size_t incoming_depths = incoming_line->reg_to_lock_depths_.count(idx);
392 if (depths != incoming_depths) {
393 if (depths == 0 || incoming_depths == 0) {
394 reg_to_lock_depths_.erase(idx);
395 } else {
396 LOG(WARNING) << "mismatched stack depths for register v" << idx
397 << ": " << depths << " != " << incoming_depths;
398 break;
399 }
400 }
401 }
402 }
403 }
404 // Check whether "this" was initialized in both paths.
405 if (this_initialized_ && !incoming_line->this_initialized_) {
406 this_initialized_ = false;
407 changed = true;
408 }
409 return changed;
410 }
411
WriteReferenceBitMap(MethodVerifier * verifier,std::vector<uint8_t> * data,size_t max_bytes)412 void RegisterLine::WriteReferenceBitMap(MethodVerifier* verifier,
413 std::vector<uint8_t>* data, size_t max_bytes) {
414 for (size_t i = 0; i < num_regs_; i += 8) {
415 uint8_t val = 0;
416 for (size_t j = 0; j < 8 && (i + j) < num_regs_; j++) {
417 // Note: we write 1 for a Reference but not for Null
418 if (GetRegisterType(verifier, i + j).IsNonZeroReferenceTypes()) {
419 val |= 1 << j;
420 }
421 }
422 if ((i / 8) >= max_bytes) {
423 DCHECK_EQ(0, val);
424 continue;
425 }
426 DCHECK_LT(i / 8, max_bytes) << "val=" << static_cast<uint32_t>(val);
427 data->push_back(val);
428 }
429 }
430
431 } // namespace verifier
432 } // namespace art
433