1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "verified_method.h"
#include <algorithm>
#include <memory>
#include <vector>
#include "base/logging.h"
#include "base/stl_util.h"
#include "dex_file.h"
#include "dex_instruction.h"
#include "dex_instruction-inl.h"
#include "base/mutex.h"
#include "base/mutex-inl.h"
#include "mirror/art_method.h"
#include "mirror/art_method-inl.h"
#include "mirror/class.h"
#include "mirror/class-inl.h"
#include "mirror/dex_cache.h"
#include "mirror/dex_cache-inl.h"
#include "mirror/object.h"
#include "mirror/object-inl.h"
#include "verifier/dex_gc_map.h"
#include "verifier/method_verifier.h"
#include "verifier/method_verifier-inl.h"
#include "verifier/register_line.h"
#include "verifier/register_line-inl.h"
namespace art {
const VerifiedMethod* VerifiedMethod::Create(verifier::MethodVerifier* method_verifier,
bool compile) {
std::unique_ptr<VerifiedMethod> verified_method(new VerifiedMethod);
if (compile) {
/* Generate a register map. */
if (!verified_method->GenerateGcMap(method_verifier)) {
CHECK(method_verifier->HasFailures());
return nullptr; // Not a real failure, but a failure to encode.
}
if (kIsDebugBuild) {
VerifyGcMap(method_verifier, verified_method->dex_gc_map_);
}
// TODO: move this out when DEX-to-DEX supports devirtualization.
if (method_verifier->HasVirtualOrInterfaceInvokes()) {
verified_method->GenerateDevirtMap(method_verifier);
}
}
if (method_verifier->HasCheckCasts()) {
verified_method->GenerateSafeCastSet(method_verifier);
}
return verified_method.release();
}
const MethodReference* VerifiedMethod::GetDevirtTarget(uint32_t dex_pc) const {
auto it = devirt_map_.find(dex_pc);
return (it != devirt_map_.end()) ? &it->second : nullptr;
}
bool VerifiedMethod::IsSafeCast(uint32_t pc) const {
return std::binary_search(safe_cast_set_.begin(), safe_cast_set_.end(), pc);
}
bool VerifiedMethod::GenerateGcMap(verifier::MethodVerifier* method_verifier) {
DCHECK(dex_gc_map_.empty());
size_t num_entries, ref_bitmap_bits, pc_bits;
ComputeGcMapSizes(method_verifier, &num_entries, &ref_bitmap_bits, &pc_bits);
// There's a single byte to encode the size of each bitmap.
if (ref_bitmap_bits >= (8 /* bits per byte */ * 8192 /* 13-bit size */ )) {
// TODO: either a better GC map format or per method failures
method_verifier->Fail(verifier::VERIFY_ERROR_BAD_CLASS_HARD)
<< "Cannot encode GC map for method with " << ref_bitmap_bits << " registers";
return false;
}
size_t ref_bitmap_bytes = (ref_bitmap_bits + 7) / 8;
// There are 2 bytes to encode the number of entries.
if (num_entries >= 65536) {
// TODO: Either a better GC map format or per method failures.
method_verifier->Fail(verifier::VERIFY_ERROR_BAD_CLASS_HARD)
<< "Cannot encode GC map for method with " << num_entries << " entries";
return false;
}
size_t pc_bytes;
verifier::RegisterMapFormat format;
if (pc_bits <= 8) {
format = verifier::kRegMapFormatCompact8;
pc_bytes = 1;
} else if (pc_bits <= 16) {
format = verifier::kRegMapFormatCompact16;
pc_bytes = 2;
} else {
// TODO: Either a better GC map format or per method failures.
method_verifier->Fail(verifier::VERIFY_ERROR_BAD_CLASS_HARD)
<< "Cannot encode GC map for method with "
<< (1 << pc_bits) << " instructions (number is rounded up to nearest power of 2)";
return false;
}
size_t table_size = ((pc_bytes + ref_bitmap_bytes) * num_entries) + 4;
dex_gc_map_.reserve(table_size);
// Write table header.
dex_gc_map_.push_back(format | ((ref_bitmap_bytes & ~0xFF) >> 5));
dex_gc_map_.push_back(ref_bitmap_bytes & 0xFF);
dex_gc_map_.push_back(num_entries & 0xFF);
dex_gc_map_.push_back((num_entries >> 8) & 0xFF);
// Write table data.
const DexFile::CodeItem* code_item = method_verifier->CodeItem();
for (size_t i = 0; i < code_item->insns_size_in_code_units_; i++) {
if (method_verifier->GetInstructionFlags(i).IsCompileTimeInfoPoint()) {
dex_gc_map_.push_back(i & 0xFF);
if (pc_bytes == 2) {
dex_gc_map_.push_back((i >> 8) & 0xFF);
}
verifier::RegisterLine* line = method_verifier->GetRegLine(i);
line->WriteReferenceBitMap(dex_gc_map_, ref_bitmap_bytes);
}
}
DCHECK_EQ(dex_gc_map_.size(), table_size);
return true;
}
void VerifiedMethod::VerifyGcMap(verifier::MethodVerifier* method_verifier,
const std::vector<uint8_t>& data) {
// Check that for every GC point there is a map entry, there aren't entries for non-GC points,
// that the table data is well formed and all references are marked (or not) in the bitmap.
verifier::DexPcToReferenceMap map(&data[0]);
DCHECK_EQ(data.size(), map.RawSize());
size_t map_index = 0;
const DexFile::CodeItem* code_item = method_verifier->CodeItem();
for (size_t i = 0; i < code_item->insns_size_in_code_units_; i++) {
const uint8_t* reg_bitmap = map.FindBitMap(i, false);
if (method_verifier->GetInstructionFlags(i).IsCompileTimeInfoPoint()) {
DCHECK_LT(map_index, map.NumEntries());
DCHECK_EQ(map.GetDexPc(map_index), i);
DCHECK_EQ(map.GetBitMap(map_index), reg_bitmap);
map_index++;
verifier::RegisterLine* line = method_verifier->GetRegLine(i);
for (size_t j = 0; j < code_item->registers_size_; j++) {
if (line->GetRegisterType(j).IsNonZeroReferenceTypes()) {
DCHECK_LT(j / 8, map.RegWidth());
DCHECK_EQ((reg_bitmap[j / 8] >> (j % 8)) & 1, 1);
} else if ((j / 8) < map.RegWidth()) {
DCHECK_EQ((reg_bitmap[j / 8] >> (j % 8)) & 1, 0);
} else {
// If a register doesn't contain a reference then the bitmap may be shorter than the line.
}
}
} else {
DCHECK(reg_bitmap == NULL);
}
}
}
void VerifiedMethod::ComputeGcMapSizes(verifier::MethodVerifier* method_verifier,
size_t* gc_points, size_t* ref_bitmap_bits,
size_t* log2_max_gc_pc) {
size_t local_gc_points = 0;
size_t max_insn = 0;
size_t max_ref_reg = -1;
const DexFile::CodeItem* code_item = method_verifier->CodeItem();
for (size_t i = 0; i < code_item->insns_size_in_code_units_; i++) {
if (method_verifier->GetInstructionFlags(i).IsCompileTimeInfoPoint()) {
local_gc_points++;
max_insn = i;
verifier::RegisterLine* line = method_verifier->GetRegLine(i);
max_ref_reg = line->GetMaxNonZeroReferenceReg(max_ref_reg);
}
}
*gc_points = local_gc_points;
*ref_bitmap_bits = max_ref_reg + 1; // If max register is 0 we need 1 bit to encode (ie +1).
size_t i = 0;
while ((1U << i) <= max_insn) {
i++;
}
*log2_max_gc_pc = i;
}
void VerifiedMethod::GenerateDevirtMap(verifier::MethodVerifier* method_verifier) {
// It is risky to rely on reg_types for sharpening in cases of soft
// verification, we might end up sharpening to a wrong implementation. Just abort.
if (method_verifier->HasFailures()) {
return;
}
const DexFile::CodeItem* code_item = method_verifier->CodeItem();
const uint16_t* insns = code_item->insns_;
const Instruction* inst = Instruction::At(insns);
const Instruction* end = Instruction::At(insns + code_item->insns_size_in_code_units_);
for (; inst < end; inst = inst->Next()) {
bool is_virtual = (inst->Opcode() == Instruction::INVOKE_VIRTUAL) ||
(inst->Opcode() == Instruction::INVOKE_VIRTUAL_RANGE);
bool is_interface = (inst->Opcode() == Instruction::INVOKE_INTERFACE) ||
(inst->Opcode() == Instruction::INVOKE_INTERFACE_RANGE);
if (!is_interface && !is_virtual) {
continue;
}
// Get reg type for register holding the reference to the object that will be dispatched upon.
uint32_t dex_pc = inst->GetDexPc(insns);
verifier::RegisterLine* line = method_verifier->GetRegLine(dex_pc);
bool is_range = (inst->Opcode() == Instruction::INVOKE_VIRTUAL_RANGE) ||
(inst->Opcode() == Instruction::INVOKE_INTERFACE_RANGE);
const verifier::RegType&
reg_type(line->GetRegisterType(is_range ? inst->VRegC_3rc() : inst->VRegC_35c()));
if (!reg_type.HasClass()) {
// We will compute devirtualization information only when we know the Class of the reg type.
continue;
}
mirror::Class* reg_class = reg_type.GetClass();
if (reg_class->IsInterface()) {
// We can't devirtualize when the known type of the register is an interface.
continue;
}
if (reg_class->IsAbstract() && !reg_class->IsArrayClass()) {
// We can't devirtualize abstract classes except on arrays of abstract classes.
continue;
}
mirror::ArtMethod* abstract_method = method_verifier->GetDexCache()->GetResolvedMethod(
is_range ? inst->VRegB_3rc() : inst->VRegB_35c());
if (abstract_method == NULL) {
// If the method is not found in the cache this means that it was never found
// by ResolveMethodAndCheckAccess() called when verifying invoke_*.
continue;
}
// Find the concrete method.
mirror::ArtMethod* concrete_method = NULL;
if (is_interface) {
concrete_method = reg_type.GetClass()->FindVirtualMethodForInterface(abstract_method);
}
if (is_virtual) {
concrete_method = reg_type.GetClass()->FindVirtualMethodForVirtual(abstract_method);
}
if (concrete_method == NULL || concrete_method->IsAbstract()) {
// In cases where concrete_method is not found, or is abstract, continue to the next invoke.
continue;
}
if (reg_type.IsPreciseReference() || concrete_method->IsFinal() ||
concrete_method->GetDeclaringClass()->IsFinal()) {
// If we knew exactly the class being dispatched upon, or if the target method cannot be
// overridden record the target to be used in the compiler driver.
MethodReference concrete_ref(
concrete_method->GetDeclaringClass()->GetDexCache()->GetDexFile(),
concrete_method->GetDexMethodIndex());
devirt_map_.Put(dex_pc, concrete_ref);
}
}
}
void VerifiedMethod::GenerateSafeCastSet(verifier::MethodVerifier* method_verifier) {
/*
* Walks over the method code and adds any cast instructions in which
* the type cast is implicit to a set, which is used in the code generation
* to elide these casts.
*/
if (method_verifier->HasFailures()) {
return;
}
const DexFile::CodeItem* code_item = method_verifier->CodeItem();
const Instruction* inst = Instruction::At(code_item->insns_);
const Instruction* end = Instruction::At(code_item->insns_ +
code_item->insns_size_in_code_units_);
for (; inst < end; inst = inst->Next()) {
Instruction::Code code = inst->Opcode();
if ((code == Instruction::CHECK_CAST) || (code == Instruction::APUT_OBJECT)) {
uint32_t dex_pc = inst->GetDexPc(code_item->insns_);
const verifier::RegisterLine* line = method_verifier->GetRegLine(dex_pc);
bool is_safe_cast = false;
if (code == Instruction::CHECK_CAST) {
const verifier::RegType& reg_type(line->GetRegisterType(inst->VRegA_21c()));
const verifier::RegType& cast_type =
method_verifier->ResolveCheckedClass(inst->VRegB_21c());
is_safe_cast = cast_type.IsStrictlyAssignableFrom(reg_type);
} else {
const verifier::RegType& array_type(line->GetRegisterType(inst->VRegB_23x()));
// We only know its safe to assign to an array if the array type is precise. For example,
// an Object[] can have any type of object stored in it, but it may also be assigned a
// String[] in which case the stores need to be of Strings.
if (array_type.IsPreciseReference()) {
const verifier::RegType& value_type(line->GetRegisterType(inst->VRegA_23x()));
const verifier::RegType& component_type = method_verifier->GetRegTypeCache()
->GetComponentType(array_type, method_verifier->GetClassLoader());
is_safe_cast = component_type.IsStrictlyAssignableFrom(value_type);
}
}
if (is_safe_cast) {
// Verify ordering for push_back() to the sorted vector.
DCHECK(safe_cast_set_.empty() || safe_cast_set_.back() < dex_pc);
safe_cast_set_.push_back(dex_pc);
}
}
}
}
} // namespace art
|
