public void transferInstruction(InstructionHandle handle, BasicBlock basicBlock, LockSet fact) throws DataflowAnalysisException { Instruction ins = handle.getInstruction(); short opcode = ins.getOpcode(); if (opcode == Constants.MONITORENTER || opcode == Constants.MONITOREXIT) { ValueNumberFrame frame = vnaDataflow.getFactAtLocation(new Location(handle, basicBlock)); // NOTE: if the CFG is pruned, there may be unreachable instructions, // so make sure frame is valid. if (frame.isValid()) { int lockNumber = frame.getTopValue().getNumber(); lockOp(fact, lockNumber, opcode == Constants.MONITORENTER ? 1 : -1); } } else if ((ins instanceof ReturnInstruction) && isSynchronized && !isStatic) { lockOp(fact, vna.getThisValue().getNumber(), -1); } }
public static boolean isThrower(BasicBlock target) { InstructionHandle ins = target.getFirstInstruction(); int maxCount = 7; while (ins != null) { if (maxCount-- <= 0) break; Instruction i = ins.getInstruction(); if (i instanceof ATHROW) { return true; } if (i instanceof InstructionTargeter || i instanceof ReturnInstruction) return false; ins = ins.getNext(); } return false; }
private void registerInstructionSinks() throws DataflowAnalysisException { TypeQualifierAnnotation returnValueAnnotation = null; if (!xmethod.getSignature().endsWith(")V")) { returnValueAnnotation = TypeQualifierApplications.getEffectiveTypeQualifierAnnotation(xmethod, typeQualifierValue); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (ins instanceof ReturnInstruction && !(ins instanceof RETURN)) { // Return instruction which returns a value modelReturn(returnValueAnnotation, location); } else { short opcode = ins.getOpcode(); if (opcode == Constants.PUTFIELD || opcode == Constants.PUTSTATIC) { modelFieldStore(location); } else if (location.getHandle().getInstruction() instanceof InvokeInstruction) { modelArguments(location); } } } }
/** * Return whether or not the given instruction can throw exceptions. * * @param handle * the instruction * @return true if the instruction can throw an exception, false otherwise */ private boolean isPEI(InstructionHandle handle) { Instruction ins = handle.getInstruction(); if (!(ins instanceof ExceptionThrower)) return false; if (ins instanceof NEW) return false; // if (ins instanceof ATHROW) return false; if (ins instanceof GETSTATIC) return false; if (ins instanceof PUTSTATIC) return false; if (ins instanceof ReturnInstruction) return false; if (ins instanceof INSTANCEOF) return false; if (ins instanceof MONITOREXIT) return false; if (ins instanceof LDC) return false; return true; }
void insertAllDeleteLocalRecords(MethodGen m) { int maxLocals = m.getMaxLocals(); InstructionList il = m.getInstructionList(); for (InstructionHandle i = il.getStart(); i != null; i = i.getNext()) { Instruction ins = i.getInstruction(); if (ins instanceof ReturnInstruction) { i = insertDeleteLocalRecord(m, il, i, maxLocals); } } }
/** * @param nextHandle * @return */ private boolean potentialInitialization(InstructionHandle nextHandle) { if (nextHandle == null) return true; Instruction instruction = nextHandle.getInstruction(); if (instruction instanceof ReturnInstruction) return false; if (instruction instanceof IfInstruction) return false; return true; }
private boolean visitInstruction( Instruction i ) { short opcode = i.getOpcode(); if ((InstructionConstants.INSTRUCTIONS[opcode] != null) && !(i instanceof ConstantPushInstruction) && !(i instanceof ReturnInstruction)) { // Handled below _out.println("il.append(InstructionConstants." + i.getName().toUpperCase(Locale.ENGLISH) + ");"); return true; } return false; }
InstructionList getAndRemoveStoreIns(InstructionList il, InstructionHandle i) { int netto_stack_inc = 0; InstructionHandle storeStart = i; do { if (i == null) { // Could not find store sequence. return null; } int inc = i.getInstruction().produceStack(cpg) - i.getInstruction().consumeStack(cpg); netto_stack_inc += inc; i = i.getNext(); } while (netto_stack_inc >= 0); if (i == null) { // may happen if the result is used like, for instance: // return f().clone(); // No store sequence, so this is wrong as well. return null; } Instruction store = i.getPrev().getInstruction(); if (store instanceof ReturnInstruction) { return null; } if (store instanceof POP || store instanceof POP2) { return null; } InstructionList result = new InstructionList(); InstructionHandle ip = storeStart; do { result.append(ip.getInstruction()); ip = ip.getNext(); } while (ip != i); deleteIns(il, storeStart, ip.getPrev(), ip); return result; }
private boolean isEndInstruction(InstructionContext context) { return context.getInstruction().getInstruction() instanceof ReturnInstruction || context.getInstruction().getInstruction() instanceof ATHROW; }
boolean isEndInstruction(InstructionContext context) { return context.getInstruction().getInstruction() instanceof ReturnInstruction || context.getInstruction().getInstruction() instanceof ATHROW; }
@Override public void visitReturnInstruction(ReturnInstruction ins) { isReturn = true; }
/** * These are the checks if constraints are satisfied which are described in the * Java Virtual Machine Specification, Second Edition as Static Constraints on * the instructions of Java Virtual Machine Code (chapter 4.8.1). * * @throws StaticCodeConstraintException if the verification fails. */ private void pass3StaticInstructionChecks(){ // Code array must not be empty: // Enforced in pass 2 (also stated in the static constraints of the Code // array in vmspec2), together with pass 1 (reading code_length bytes and // interpreting them as code[]). So this must not be checked again here. if (! (code.getCode().length < 65536)){// contradicts vmspec2 page 152 ("Limitations"), but is on page 134. throw new StaticCodeInstructionConstraintException("Code array in code attribute '"+code+"' too big: must be smaller than 65536 bytes."); } // First opcode at offset 0: okay, that's clear. Nothing to do. // Only instances of the instructions documented in Section 6.4 may appear in // the code array. // For BCEL's sake, we cannot handle WIDE stuff, but hopefully BCEL does its job right :) // The last byte of the last instruction in the code array must be the byte at index // code_length-1 : See the do_verify() comments. We actually don't iterate through the // byte array, but use an InstructionList so we cannot check for this. But BCEL does // things right, so it's implicitly okay. // TODO: Check how BCEL handles (and will handle) instructions like IMPDEP1, IMPDEP2, // BREAKPOINT... that BCEL knows about but which are illegal anyway. // We currently go the safe way here. InstructionHandle ih = instructionList.getStart(); while (ih != null){ Instruction i = ih.getInstruction(); if (i instanceof IMPDEP1){ throw new StaticCodeInstructionConstraintException("IMPDEP1 must not be in the code, it is an illegal instruction for _internal_ JVM use!"); } if (i instanceof IMPDEP2){ throw new StaticCodeInstructionConstraintException("IMPDEP2 must not be in the code, it is an illegal instruction for _internal_ JVM use!"); } if (i instanceof BREAKPOINT){ throw new StaticCodeInstructionConstraintException("BREAKPOINT must not be in the code, it is an illegal instruction for _internal_ JVM use!"); } ih = ih.getNext(); } // The original verifier seems to do this check here, too. // An unreachable last instruction may also not fall through the // end of the code, which is stupid -- but with the original // verifier's subroutine semantics one cannot predict reachability. Instruction last = instructionList.getEnd().getInstruction(); if (! ((last instanceof ReturnInstruction) || (last instanceof RET) || (last instanceof GotoInstruction) || (last instanceof ATHROW) )) { throw new StaticCodeInstructionConstraintException("Execution must not fall off the bottom of the code array. This constraint is enforced statically as some existing verifiers do - so it may be a false alarm if the last instruction is not reachable."); } }
/** * A utility method that calculates the successors of a given InstructionHandle * <B>in the same subroutine</B>. That means, a RET does not have any successors * as defined here. A JsrInstruction has its physical successor as its successor * (opposed to its target) as defined here. */ private static InstructionHandle[] getSuccessors(InstructionHandle instruction){ final InstructionHandle[] empty = new InstructionHandle[0]; final InstructionHandle[] single = new InstructionHandle[1]; final InstructionHandle[] pair = new InstructionHandle[2]; Instruction inst = instruction.getInstruction(); if (inst instanceof RET){ return empty; } // Terminates method normally. if (inst instanceof ReturnInstruction){ return empty; } // Terminates method abnormally, because JustIce mandates // subroutines not to be protected by exception handlers. if (inst instanceof ATHROW){ return empty; } // See method comment. if (inst instanceof JsrInstruction){ single[0] = instruction.getNext(); return single; } if (inst instanceof GotoInstruction){ single[0] = ((GotoInstruction) inst).getTarget(); return single; } if (inst instanceof BranchInstruction){ if (inst instanceof Select){ // BCEL's getTargets() returns only the non-default targets, // thanks to Eli Tilevich for reporting. InstructionHandle[] matchTargets = ((Select) inst).getTargets(); InstructionHandle[] ret = new InstructionHandle[matchTargets.length+1]; ret[0] = ((Select) inst).getTarget(); System.arraycopy(matchTargets, 0, ret, 1, matchTargets.length); return ret; } else{ pair[0] = instruction.getNext(); pair[1] = ((BranchInstruction) inst).getTarget(); return pair; } } // default case: Fall through. single[0] = instruction.getNext(); return single; }
public void visitReturnInstruction( ReturnInstruction i ) { Type type = i.getType(_cp); _out.println("il.append(_factory.createReturn(" + BCELifier.printType(type) + "));"); }
/** * A utility method that calculates the successors of a given InstructionHandle * <B>in the same subroutine</B>. That means, a RET does not have any successors * as defined here. A JsrInstruction has its physical successor as its successor * (opposed to its target) as defined here. */ private static InstructionHandle[] getSuccessors(InstructionHandle instruction){ Instruction inst = instruction.getInstruction(); if (inst instanceof RET){ return empty; } // Terminates method normally. if (inst instanceof ReturnInstruction){ return empty; } // Terminates method abnormally, because JustIce mandates // subroutines not to be protected by exception handlers. if (inst instanceof ATHROW){ return empty; } final InstructionHandle[] single = new InstructionHandle[1]; // See method comment. if (inst instanceof JsrInstruction){ single[0] = instruction.getNext(); return single; } if (inst instanceof GotoInstruction){ single[0] = ((GotoInstruction) inst).getTarget(); return single; } if (inst instanceof BranchInstruction){ if (inst instanceof Select){ // BCEL's getTargets() returns only the non-default targets, // thanks to Eli Tilevich for reporting. InstructionHandle[] matchTargets = ((Select) inst).getTargets(); InstructionHandle[] ret = new InstructionHandle[matchTargets.length+1]; ret[0] = ((Select) inst).getTarget(); System.arraycopy(matchTargets, 0, ret, 1, matchTargets.length); return ret; } else{ final InstructionHandle[] pair = new InstructionHandle[2]; pair[0] = instruction.getNext(); pair[1] = ((BranchInstruction) inst).getTarget(); return pair; } } // default case: Fall through. single[0] = instruction.getNext(); return single; }
/** * A utility method that calculates the successors of a given InstructionHandle * That means, a RET does have successors as defined here. * A JsrInstruction has its target as its successor * (opposed to its physical successor) as defined here. */ // TODO: implement caching! private InstructionHandle[] _getSuccessors(){ final InstructionHandle[] empty = new InstructionHandle[0]; final InstructionHandle[] single = new InstructionHandle[1]; final InstructionHandle[] pair = new InstructionHandle[2]; Instruction inst = getInstruction().getInstruction(); if (inst instanceof RET){ Subroutine s = subroutines.subroutineOf(getInstruction()); if (s==null){ //return empty; // RET in dead code. "empty" would be the correct answer, but we know something about the surrounding project... throw new AssertionViolatedException("Asking for successors of a RET in dead code?!"); } //TODO: remove throw new AssertionViolatedException("DID YOU REALLY WANT TO ASK FOR RET'S SUCCS?"); /* InstructionHandle[] jsrs = s.getEnteringJsrInstructions(); InstructionHandle[] ret = new InstructionHandle[jsrs.length]; for (int i=0; i<jsrs.length; i++){ ret[i] = jsrs[i].getNext(); } return ret; */ } // Terminates method normally. if (inst instanceof ReturnInstruction){ return empty; } // Terminates method abnormally, because JustIce mandates // subroutines not to be protected by exception handlers. if (inst instanceof ATHROW){ return empty; } // See method comment. if (inst instanceof JsrInstruction){ single[0] = ((JsrInstruction) inst).getTarget(); return single; } if (inst instanceof GotoInstruction){ single[0] = ((GotoInstruction) inst).getTarget(); return single; } if (inst instanceof BranchInstruction){ if (inst instanceof Select){ // BCEL's getTargets() returns only the non-default targets, // thanks to Eli Tilevich for reporting. InstructionHandle[] matchTargets = ((Select) inst).getTargets(); InstructionHandle[] ret = new InstructionHandle[matchTargets.length+1]; ret[0] = ((Select) inst).getTarget(); System.arraycopy(matchTargets, 0, ret, 1, matchTargets.length); return ret; } else{ pair[0] = getInstruction().getNext(); pair[1] = ((BranchInstruction) inst).getTarget(); return pair; } } // default case: Fall through. single[0] = getInstruction().getNext(); return single; }
