1   package org.apache.bcel.verifier.statics;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache BCEL" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache BCEL", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import org.apache.bcel.Constants;
58  import org.apache.bcel.Repository;
59  import org.apache.bcel.classfile.*;
60  import org.apache.bcel.classfile.DescendingVisitor; // Use _this_ one!
61  import org.apache.bcel.classfile.EmptyVisitor; // Use _this_ one!
62  import org.apache.bcel.classfile.Visitor; // Use _this_ one!
63  import org.apache.bcel.generic.*;
64  import org.apache.bcel.verifier.*;
65  import org.apache.bcel.verifier.exc.*;
66  import java.util.HashMap;
67  import java.util.HashSet;
68  
69  /***
70   * This PassVerifier verifies a class file according to
71   * pass 2 as described in The Java Virtual Machine
72   * Specification, 2nd edition.
73   * More detailed information is to be found at the do_verify()
74   * method's documentation.
75   *
76   * @version $Id: Pass2Verifier.java,v 1.2 2002/06/13 09:32:50 enver Exp $
77   * @author <A HREF="http://www.inf.fu-berlin.de/~ehaase"/>Enver Haase</A>
78   * @see #do_verify()
79   */
80  public final class Pass2Verifier extends PassVerifier implements Constants{
81  
82  	/***
83  	 * The LocalVariableInfo instances used by Pass3bVerifier.
84  	 * localVariablesInfos[i] denotes the information for the
85  	 * local variables of method number i in the
86  	 * JavaClass this verifier operates on.
87  	 */
88  	private LocalVariablesInfo[] localVariablesInfos;
89  	
90  	/*** The Verifier that created this. */
91  	private Verifier myOwner;
92  
93  	/***
94  	 * Should only be instantiated by a Verifier.
95  	 *
96  	 * @see Verifier
97  	 */
98  	public Pass2Verifier(Verifier owner){
99  		myOwner = owner;
100 	}
101 
102 	/***
103 	 * Returns a LocalVariablesInfo object containing information
104 	 * about the usage of the local variables in the Code attribute
105 	 * of the said method or <B>null</B> if the class file this
106 	 * Pass2Verifier operates on could not be pass-2-verified correctly.
107 	 * The method number method_nr is the method you get using
108 	 * <B>Repository.lookupClass(myOwner.getClassname()).getMethods()[method_nr];</B>.
109 	 * You should not add own information. Leave that to JustIce.
110 	 */
111 	public LocalVariablesInfo getLocalVariablesInfo(int method_nr){
112 		if (this.verify() != VerificationResult.VR_OK) return null; // It's cached, don't worry.
113 		if (method_nr < 0 || method_nr >= localVariablesInfos.length){
114 			throw new AssertionViolatedException("Method number out of range.");
115 		}
116 		return localVariablesInfos[method_nr];
117 	}
118 	
119 	/***
120 	 * Pass 2 is the pass where static properties of the
121 	 * class file are checked without looking into "Code"
122 	 * arrays of methods.
123 	 * This verification pass is usually invoked when
124 	 * a class is resolved; and it may be possible that
125 	 * this verification pass has to load in other classes
126 	 * such as superclasses or implemented interfaces.
127 	 * Therefore, Pass 1 is run on them.<BR>
128 	 * Note that most referenced classes are <B>not</B> loaded
129 	 * in for verification or for an existance check by this
130 	 * pass; only the syntactical correctness of their names
131 	 * and descriptors (a.k.a. signatures) is checked.<BR>
132 	 * Very few checks that conceptually belong here
133 	 * are delayed until pass 3a in JustIce. JustIce does
134 	 * not only check for syntactical correctness but also
135 	 * for semantical sanity - therefore it needs access to
136 	 * the "Code" array of methods in a few cases. Please
137 	 * see the pass 3a documentation, too.
138 	 *
139 	 * @see org.apache.bcel.verifier.statics.Pass3aVerifier
140 	 */
141 	public VerificationResult do_verify(){
142 		VerificationResult vr1 = myOwner.doPass1();
143 		if (vr1.equals(VerificationResult.VR_OK)){
144 			
145 			// For every method, we could have information about the local variables out of LocalVariableTable attributes of
146 			// the Code attributes.
147 			localVariablesInfos = new LocalVariablesInfo[Repository.lookupClass(myOwner.getClassName()).getMethods().length];
148 
149 			VerificationResult vr = VerificationResult.VR_OK; // default.
150 			try{
151 				constant_pool_entries_satisfy_static_constraints();
152 				field_and_method_refs_are_valid();
153 				every_class_has_an_accessible_superclass();
154 				final_methods_are_not_overridden();
155 			}
156 			catch (ClassConstraintException cce){
157 				vr = new VerificationResult(VerificationResult.VERIFIED_REJECTED, cce.getMessage());
158 			}
159 			return vr;
160 		}
161 		else
162 			return VerificationResult.VR_NOTYET;
163 	}
164 
165 	/***
166 	 * Ensures that every class has a super class and that
167 	 * <B>final</B> classes are not subclassed.
168 	 * This means, the class this Pass2Verifier operates
169 	 * on has proper super classes (transitively) up to
170 	 * java.lang.Object.
171 	 * The reason for really loading (and Pass1-verifying)
172 	 * all of those classes here is that we need them in
173 	 * Pass2 anyway to verify no final methods are overridden
174 	 * (that could be declared anywhere in the ancestor hierarchy).
175 	 *
176 	 * @throws ClassConstraintException otherwise.
177 	 */
178 	private void every_class_has_an_accessible_superclass(){
179 		HashSet hs = new HashSet(); // save class names to detect circular inheritance
180 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
181 		int supidx = -1;
182 
183 		while (supidx != 0){
184 			supidx = jc.getSuperclassNameIndex();
185 		
186 			if (supidx == 0){
187 				if (jc != Repository.lookupClass(Type.OBJECT.getClassName())){
188 					throw new ClassConstraintException("Superclass of '"+jc.getClassName()+"' missing but not "+Type.OBJECT.getClassName()+" itself!");
189 				}
190 			}
191 			else{
192 				String supername = jc.getSuperclassName();
193 				if (! hs.add(supername)){	// If supername already is in the list
194 					throw new ClassConstraintException("Circular superclass hierarchy detected.");
195 				}
196 				Verifier v = VerifierFactory.getVerifier(supername);
197 				VerificationResult vr = v.doPass1();
198 
199 				if (vr != VerificationResult.VR_OK){
200 					throw new ClassConstraintException("Could not load in ancestor class '"+supername+"'.");
201 				}
202 				jc = Repository.lookupClass(supername);
203 
204 				if (jc.isFinal()){
205 					throw new ClassConstraintException("Ancestor class '"+supername+"' has the FINAL access modifier and must therefore not be subclassed.");
206 				}
207 			}
208 		}
209 	}
210 
211 	/***
212 	 * Ensures that <B>final</B> methods are not overridden.
213 	 * <B>Precondition to run this method:
214 	 * constant_pool_entries_satisfy_static_constraints() and
215 	 * every_class_has_an_accessible_superclass() have to be invoked before
216 	 * (in that order).</B>
217 	 *
218 	 * @throws ClassConstraintException otherwise.
219 	 * @see #constant_pool_entries_satisfy_static_constraints()
220 	 * @see #every_class_has_an_accessible_superclass()
221 	 */
222 	private void final_methods_are_not_overridden(){
223 		HashMap hashmap = new HashMap();
224 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
225 		
226 		int supidx = -1;
227 		while (supidx != 0){
228 			supidx = jc.getSuperclassNameIndex();
229 
230 			Method[] methods = jc.getMethods();
231 			for (int i=0; i<methods.length; i++){
232 				String name_and_sig = (methods[i].getName()+methods[i].getSignature());
233 
234 				if (hashmap.containsKey(name_and_sig)){
235 					if (methods[i].isFinal()){
236 						throw new ClassConstraintException("Method '"+name_and_sig+"' in class '"+hashmap.get(name_and_sig)+"' overrides the final (not-overridable) definition in class '"+jc.getClassName()+"'.");
237 					}
238 					else{
239 						if (!methods[i].isStatic()){ // static methods don't inherit
240 							hashmap.put(name_and_sig, jc.getClassName());
241 						}
242 					}
243 				}
244 				else{
245 					if (!methods[i].isStatic()){ // static methods don't inherit
246 						hashmap.put(name_and_sig, jc.getClassName());
247 					}
248 				}
249 			}
250 		
251 			jc = Repository.lookupClass(jc.getSuperclassName());	// Well, for OBJECT this returns OBJECT so it works (could return anything but must not throw an Exception).
252 		}
253 
254 	}
255 
256 	/***
257 	 * Ensures that the constant pool entries satisfy the static constraints
258 	 * as described in The Java Virtual Machine Specification, 2nd Edition.
259 	 *
260 	 * @throws ClassConstraintException otherwise.
261 	 */
262 	private void constant_pool_entries_satisfy_static_constraints(){
263 		// Most of the consistency is handled internally by BCEL; here
264 		// we only have to verify if the indices of the constants point
265 		// to constants of the appropriate type and such.
266 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
267 		new CPESSC_Visitor(jc); // constructor implicitely traverses jc
268 	}
269 
270 	/***
271 	 * A Visitor class that ensures the constant pool satisfies the static
272 	 * constraints.
273    * The visitXXX() methods throw ClassConstraintException instances otherwise.
274    *
275    * @see #constant_pool_entries_satisfy_static_constraints()
276 	 */
277 	private class CPESSC_Visitor extends org.apache.bcel.classfile.EmptyVisitor implements Visitor{
278 		private Class CONST_Class;
279 		/*
280         private Class CONST_Fieldref;
281 		private Class CONST_Methodref;
282 		private Class CONST_InterfaceMethodref;
283         */
284 		private Class CONST_String;
285 		private Class CONST_Integer;
286 		private Class CONST_Float;
287 		private Class CONST_Long;
288 		private Class CONST_Double;
289 		private Class CONST_NameAndType;
290 		private Class CONST_Utf8;
291 
292 		private final JavaClass jc;
293 		private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work and computing power.
294 		private final int cplen; // == cp.getLength() -- to save computing power.
295 		private DescendingVisitor carrier;
296 
297 		private HashSet field_names = new HashSet();
298 		private HashSet field_names_and_desc = new HashSet();
299 		private HashSet method_names_and_desc = new HashSet();
300 
301 		private CPESSC_Visitor(JavaClass _jc){
302 			jc = _jc;
303 			cp = _jc.getConstantPool();
304 			cplen = cp.getLength();
305 
306 			CONST_Class = org.apache.bcel.classfile.ConstantClass.class;
307 			/*
308             CONST_Fieldref = org.apache.bcel.classfile.ConstantFieldref.class;
309 			CONST_Methodref = org.apache.bcel.classfile.ConstantMethodref.class;
310 			CONST_InterfaceMethodref = org.apache.bcel.classfile.ConstantInterfaceMethodref.class;
311             */
312 			CONST_String = org.apache.bcel.classfile.ConstantString.class;
313 			CONST_Integer = org.apache.bcel.classfile.ConstantInteger.class;
314 			CONST_Float = org.apache.bcel.classfile.ConstantFloat.class;
315 			CONST_Long = org.apache.bcel.classfile.ConstantLong.class;
316 			CONST_Double = org.apache.bcel.classfile.ConstantDouble.class;
317 			CONST_NameAndType = org.apache.bcel.classfile.ConstantNameAndType.class;
318 			CONST_Utf8 = org.apache.bcel.classfile.ConstantUtf8.class;
319 
320 			carrier = new DescendingVisitor(_jc, this);
321 			carrier.visit();
322 		}
323 
324 		private void checkIndex(Node referrer, int index, Class shouldbe){
325 			if ((index < 0) || (index >= cplen)){
326 				throw new ClassConstraintException("Invalid index '"+index+"' used by '"+tostring(referrer)+"'.");
327 			}
328 			Constant c = cp.getConstant(index);
329 			if (! shouldbe.isInstance(c)){
330 				/* String isnot = shouldbe.toString().substring(shouldbe.toString().lastIndexOf(".")+1); //Cut all before last "." */
331 				throw new ClassCastException("Illegal constant '"+tostring(c)+"' at index '"+index+"'. '"+tostring(referrer)+"' expects a '"+shouldbe+"'.");
332 			}
333 		}
334 		///////////////////////////////////////
335 		// ClassFile structure (vmspec2 4.1) //
336 		///////////////////////////////////////
337 		public void visitJavaClass(JavaClass obj){
338 			Attribute[] atts = obj.getAttributes();
339 			boolean foundSourceFile = false;
340 			boolean foundInnerClasses = false;
341 
342 			// Is there an InnerClass referenced?
343 			// This is a costly check; existing verifiers don't do it!
344 			boolean hasInnerClass = new InnerClassDetector(jc).innerClassReferenced();
345 
346 			for (int i=0; i<atts.length; i++){
347 				if ((! (atts[i] instanceof SourceFile)) &&
348 				    (! (atts[i] instanceof Deprecated))     &&
349 				    (! (atts[i] instanceof InnerClasses)) &&
350 				    (! (atts[i] instanceof Synthetic))){
351 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of the ClassFile structure '"+tostring(obj)+"' is unknown and will therefore be ignored.");
352 				}
353 
354 				if (atts[i] instanceof SourceFile){
355 					if (foundSourceFile == false) foundSourceFile = true;
356 					else throw new ClassConstraintException("A ClassFile structure (like '"+tostring(obj)+"') may have no more than one SourceFile attribute."); //vmspec2 4.7.7
357 				}
358 
359 				if (atts[i] instanceof InnerClasses){
360 					if (foundInnerClasses == false) foundInnerClasses = true;
361 					else{
362 						if (hasInnerClass){
363 							throw new ClassConstraintException("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). More than one InnerClasses attribute was found.");
364 						}
365 					}
366 					if (!hasInnerClass){
367 						addMessage("No referenced Inner Class found, but InnerClasses attribute '"+tostring(atts[i])+"' found. Strongly suggest removal of that attribute.");
368 					}
369 				}
370 
371 			}
372 			if (hasInnerClass && !foundInnerClasses){
373 				//throw new ClassConstraintException("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). No InnerClasses attribute was found.");
374 				//vmspec2, page 125 says it would be a constraint: but existing verifiers
375 				//don't check it and javac doesn't satisfy it when it comes to anonymous
376 				//inner classes
377 				addMessage("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). No InnerClasses attribute was found.");
378 			}
379 		}
380 		/////////////////////////////
381 		// CONSTANTS (vmspec2 4.4) //
382 		/////////////////////////////
383 		public void visitConstantClass(ConstantClass obj){
384 			if (obj.getTag() != Constants.CONSTANT_Class){
385 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
386 			}
387 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
388 
389 		}
390 		public void visitConstantFieldref(ConstantFieldref obj){
391 			if (obj.getTag() != Constants.CONSTANT_Fieldref){
392 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
393 			}
394 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
395 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
396 		}
397 		public void visitConstantMethodref(ConstantMethodref obj){
398 			if (obj.getTag() != Constants.CONSTANT_Methodref){
399 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
400 			}
401 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
402 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
403 		}
404 		public void visitConstantInterfaceMethodref(ConstantInterfaceMethodref obj){
405 			if (obj.getTag() != Constants.CONSTANT_InterfaceMethodref){
406 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
407 			}
408 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
409 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
410 		}
411 		public void visitConstantString(ConstantString obj){
412 			if (obj.getTag() != Constants.CONSTANT_String){
413 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
414 			}
415 			checkIndex(obj, obj.getStringIndex(), CONST_Utf8);
416 		}
417 		public void visitConstantInteger(ConstantInteger obj){
418 			if (obj.getTag() != Constants.CONSTANT_Integer){
419 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
420 			}
421 			// no indices to check
422 		}
423 		public void visitConstantFloat(ConstantFloat obj){
424 			if (obj.getTag() != Constants.CONSTANT_Float){
425 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
426 			}
427 			//no indices to check
428 		}
429 		public void visitConstantLong(ConstantLong obj){
430 			if (obj.getTag() != Constants.CONSTANT_Long){
431 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
432 			}
433 			//no indices to check
434 		}
435 		public void visitConstantDouble(ConstantDouble obj){
436 			if (obj.getTag() != Constants.CONSTANT_Double){
437 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
438 			}
439 			//no indices to check
440 		}
441 		public void visitConstantNameAndType(ConstantNameAndType obj){
442 			if (obj.getTag() != Constants.CONSTANT_NameAndType){
443 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
444 			}
445 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
446 			//checkIndex(obj, obj.getDescriptorIndex(), CONST_Utf8); //inconsistently named in BCEL, see below.
447 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
448 		}
449 		public void visitConstantUtf8(ConstantUtf8 obj){
450 			if (obj.getTag() != Constants.CONSTANT_Utf8){
451 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
452 			}
453 			//no indices to check
454 		}
455 		//////////////////////////
456 		// FIELDS (vmspec2 4.5) //
457 		//////////////////////////
458 		public void visitField(Field obj){
459 
460 			if (jc.isClass()){
461 				int maxone=0;
462 				if (obj.isPrivate()) maxone++;
463 				if (obj.isProtected()) maxone++;
464 				if (obj.isPublic()) maxone++;
465 				if (maxone > 1){
466 					throw new ClassConstraintException("Field '"+tostring(obj)+"' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
467 				}
468 
469 				if (obj.isFinal() && obj.isVolatile()){
470 					throw new ClassConstraintException("Field '"+tostring(obj)+"' must only have at most one of its ACC_FINAL, ACC_VOLATILE modifiers set.");
471 				}
472 			}
473 			else{ // isInterface!
474 				if (!obj.isPublic()){
475 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_PUBLIC modifier set but hasn't!");
476 				}
477 				if (!obj.isStatic()){
478 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_STATIC modifier set but hasn't!");
479 				}
480 				if (!obj.isFinal()){
481 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_FINAL modifier set but hasn't!");
482 				}
483 			}
484 
485 			if ((obj.getAccessFlags() & ~(ACC_PUBLIC|ACC_PRIVATE|ACC_PROTECTED|ACC_STATIC|ACC_FINAL|ACC_VOLATILE|ACC_TRANSIENT)) > 0){
486 				addMessage("Field '"+tostring(obj)+"' has access flag(s) other than ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_VOLATILE, ACC_TRANSIENT set (ignored).");
487 			}
488 
489 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
490 
491 			String name = obj.getName();
492 			if (! validFieldName(name)){
493 				throw new ClassConstraintException("Field '"+tostring(obj)+"' has illegal name '"+obj.getName()+"'.");
494 			}
495 
496 			// A descriptor is often named signature in BCEL
497 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
498 
499 			String sig  = ((ConstantUtf8) (cp.getConstant(obj.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
500 
501 			try{
502 				Type.getType(sig);  /* Don't need the return value */
503 			}
504 			catch (ClassFormatError cfe){ // sometimes BCEL is a little harsh describing exceptional situations.
505 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.");
506 			}
507 
508 			String nameanddesc = (name+sig);
509 			if (field_names_and_desc.contains(nameanddesc)){
510 				throw new ClassConstraintException("No two fields (like '"+tostring(obj)+"') are allowed have same names and descriptors!");
511 			}
512 			if (field_names.contains(name)){
513 				addMessage("More than one field of name '"+name+"' detected (but with different type descriptors). This is very unusual.");
514 			}
515 			field_names_and_desc.add(nameanddesc);
516 			field_names.add(name);
517 
518 			Attribute[] atts = obj.getAttributes();
519 			for (int i=0; i<atts.length; i++){
520 				if ((! (atts[i] instanceof ConstantValue)) &&
521 				    (! (atts[i] instanceof Synthetic))     &&
522 				    (! (atts[i] instanceof Deprecated))){
523 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Field '"+tostring(obj)+"' is unknown and will therefore be ignored.");
524 				}
525 				if  (! (atts[i] instanceof ConstantValue)){
526 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Field '"+tostring(obj)+"' is not a ConstantValue and is therefore only of use for debuggers and such.");
527 				}
528 			}
529 		}
530 		///////////////////////////
531 		// METHODS (vmspec2 4.6) //
532 		///////////////////////////
533 		public void visitMethod(Method obj){
534 
535 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
536 
537 			String name = obj.getName();
538 			if (! validMethodName(name, true)){
539 				throw new ClassConstraintException("Method '"+tostring(obj)+"' has illegal name '"+name+"'.");
540 			}
541 
542 			// A descriptor is often named signature in BCEL
543 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
544 
545 			String sig  = ((ConstantUtf8) (cp.getConstant(obj.getSignatureIndex()))).getBytes(); // Method's signature(=descriptor)
546 
547 			Type t;
548 			Type[] ts; // needed below the try block.
549 			try{
550 				t  = Type.getReturnType(sig);
551 				ts = Type.getArgumentTypes(sig);
552 			}
553 			catch (ClassFormatError cfe){
554 				// Well, BCEL sometimes is a little harsh describing exceptional situations.
555 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by Method '"+tostring(obj)+"'.");
556 			}
557 
558 			// Check if referenced objects exist.
559 			Type act = t;
560 			if (act instanceof ArrayType) act = ((ArrayType) act).getBasicType();
561 			if (act instanceof ObjectType){
562 				Verifier v = VerifierFactory.getVerifier( ((ObjectType) act).getClassName() );
563 				VerificationResult vr = v.doPass1();
564 				if (vr != VerificationResult.VR_OK) {
565 					throw new ClassConstraintException("Method '"+tostring(obj)+"' has a return type that does not pass verification pass 1: '"+vr+"'.");
566 				}
567 			}
568 
569 			for (int i=0; i<ts.length; i++){
570 				act = ts[i];
571 				if (act instanceof ArrayType) act = ((ArrayType) act).getBasicType();
572 				if (act instanceof ObjectType){
573 					Verifier v = VerifierFactory.getVerifier( ((ObjectType) act).getClassName() );
574 					VerificationResult vr = v.doPass1();
575 					if (vr != VerificationResult.VR_OK) {
576 						throw new ClassConstraintException("Method '"+tostring(obj)+"' has an argument type that does not pass verification pass 1: '"+vr+"'.");
577 					}
578 				}
579 			}
580 
581 			// Nearly forgot this! Funny return values are allowed, but a non-empty arguments list makes a different method out of it!
582 			if (name.equals(STATIC_INITIALIZER_NAME) && (ts.length != 0)){
583 				throw new ClassConstraintException("Method '"+tostring(obj)+"' has illegal name '"+name+"'. It's name resembles the class or interface initialization method which it isn't because of its arguments (==descriptor).");
584 			}
585 
586 			if (jc.isClass()){
587 				int maxone=0;
588 				if (obj.isPrivate()) maxone++;
589 				if (obj.isProtected()) maxone++;
590 				if (obj.isPublic()) maxone++;
591 				if (maxone > 1){
592 					throw new ClassConstraintException("Method '"+tostring(obj)+"' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
593 				}
594 
595 				if (obj.isAbstract()){
596 					if (obj.isFinal()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_FINAL modifier set.");
597 					if (obj.isNative()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_NATIVE modifier set.");
598 					if (obj.isPrivate()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_PRIVATE modifier set.");
599 					if (obj.isStatic()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_STATIC modifier set.");
600 					if (obj.isStrictfp()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_STRICT modifier set.");
601 					if (obj.isSynchronized()) throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_SYNCHRONIZED modifier set.");
602 				}
603 			}
604 			else{ // isInterface!
605 				if (!name.equals(STATIC_INITIALIZER_NAME)){//vmspec2, p.116, 2nd paragraph
606 					if (!obj.isPublic()){
607 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must have the ACC_PUBLIC modifier set but hasn't!");
608 					}
609 					if (!obj.isAbstract()){
610 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must have the ACC_STATIC modifier set but hasn't!");
611 					}
612 					if (	obj.isPrivate() ||
613 								obj.isProtected() ||
614 								obj.isStatic() ||
615 								obj.isFinal() ||
616 								obj.isSynchronized() ||
617 								obj.isNative() ||
618 								obj.isStrictfp() ){
619 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must not have any of the ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT modifiers set.");
620 					}
621 				}
622 			}
623 
624 			// A specific instance initialization method... (vmspec2,Page 116).
625 			if (name.equals(CONSTRUCTOR_NAME)){
626 				//..may have at most one of ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC set: is checked above.
627 				//..may also have ACC_STRICT set, but none of the other flags in table 4.5 (vmspec2, page 115)
628 				if (	obj.isStatic() ||
629 							obj.isFinal() ||
630 							obj.isSynchronized() ||
631 							obj.isNative() ||
632 							obj.isAbstract() ){
633 					throw new ClassConstraintException("Instance initialization method '"+tostring(obj)+"' must not have any of the ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT modifiers set.");
634 				}
635 			}
636 
637 			// Class and interface initialization methods...
638 			if (name.equals(STATIC_INITIALIZER_NAME)){
639 				if ((obj.getAccessFlags() & (~ACC_STRICT)) > 0){
640 					addMessage("Class or interface initialization method '"+tostring(obj)+"' has superfluous access modifier(s) set: everything but ACC_STRICT is ignored.");
641 				}
642 				if (obj.isAbstract()){
643 					throw new ClassConstraintException("Class or interface initialization method '"+tostring(obj)+"' must not be abstract. This contradicts the Java Language Specification, Second Edition (which omits this constraint) but is common practice of existing verifiers.");
644 				}
645 			}
646 
647 			if ((obj.getAccessFlags() & ~(ACC_PUBLIC|ACC_PRIVATE|ACC_PROTECTED|ACC_STATIC|ACC_FINAL|ACC_SYNCHRONIZED|ACC_NATIVE|ACC_ABSTRACT|ACC_STRICT)) > 0){
648 				addMessage("Method '"+tostring(obj)+"' has access flag(s) other than ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT set (ignored).");
649 			}
650 
651 			String nameanddesc = (name+sig);
652 			if (method_names_and_desc.contains(nameanddesc)){
653 				throw new ClassConstraintException("No two methods (like '"+tostring(obj)+"') are allowed have same names and desciptors!");
654 			}
655 			method_names_and_desc.add(nameanddesc);
656 
657 			Attribute[] atts = obj.getAttributes();
658 			int num_code_atts = 0;
659 			for (int i=0; i<atts.length; i++){
660 				if ((! (atts[i] instanceof Code)) &&
661 				    (! (atts[i] instanceof ExceptionTable))     &&
662 				    (! (atts[i] instanceof Synthetic)) &&
663 				    (! (atts[i] instanceof Deprecated))){
664 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Method '"+tostring(obj)+"' is unknown and will therefore be ignored.");
665 				}
666 				if ((! (atts[i] instanceof Code)) &&
667 						(! (atts[i] instanceof ExceptionTable))){
668 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Method '"+tostring(obj)+"' is neither Code nor Exceptions and is therefore only of use for debuggers and such.");
669 				}
670 				if ((atts[i] instanceof Code) && (obj.isNative() || obj.isAbstract())){
671 					throw new ClassConstraintException("Native or abstract methods like '"+tostring(obj)+"' must not have a Code attribute like '"+tostring(atts[i])+"'."); //vmspec2 page120, 4.7.3
672 				}
673 				if (atts[i] instanceof Code) num_code_atts++;
674 			}
675 			if ( !obj.isNative() && !obj.isAbstract() && num_code_atts != 1){
676 				throw new ClassConstraintException("Non-native, non-abstract methods like '"+tostring(obj)+"' must have exactly one Code attribute (found: "+num_code_atts+").");
677 			}
678 		}
679 		///////////////////////////////////////////////////////
680 		// ClassFile-structure-ATTRIBUTES (vmspec2 4.1, 4.7) //
681 		///////////////////////////////////////////////////////
682 		public void visitSourceFile(SourceFile obj){//vmspec2 4.7.7
683 
684 			// zero or one SourceFile attr per ClassFile: see visitJavaClass()
685 
686 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
687 
688 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
689 			if (! name.equals("SourceFile")){
690 				throw new ClassConstraintException("The SourceFile attribute '"+tostring(obj)+"' is not correctly named 'SourceFile' but '"+name+"'.");
691 			}
692 
693 			checkIndex(obj, obj.getSourceFileIndex(), CONST_Utf8);
694 
695 			String sourcefilename = ((ConstantUtf8) cp.getConstant(obj.getSourceFileIndex())).getBytes(); //==obj.getSourceFileName() ?
696 			String sourcefilenamelc = sourcefilename.toLowerCase();
697 
698 			if (	(sourcefilename.indexOf('/') != -1) ||
699 						(sourcefilename.indexOf('//') != -1) ||
700 						(sourcefilename.indexOf(':') != -1) ||
701 						(sourcefilenamelc.lastIndexOf(".java") == -1)	){
702 				addMessage("SourceFile attribute '"+tostring(obj)+"' has a funny name: remember not to confuse certain parsers working on javap's output. Also, this name ('"+sourcefilename+"') is considered an unqualified (simple) file name only.");
703 			}
704 		}
705 		public void visitDeprecated(Deprecated obj){//vmspec2 4.7.10
706 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
707 
708 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
709 			if (! name.equals("Deprecated")){
710 				throw new ClassConstraintException("The Deprecated attribute '"+tostring(obj)+"' is not correctly named 'Deprecated' but '"+name+"'.");
711 			}
712 		}
713 		public void visitSynthetic(Synthetic obj){//vmspec2 4.7.6
714 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
715 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
716 			if (! name.equals("Synthetic")){
717 				throw new ClassConstraintException("The Synthetic attribute '"+tostring(obj)+"' is not correctly named 'Synthetic' but '"+name+"'.");
718 			}
719 		}
720 		public void visitInnerClasses(InnerClasses obj){//vmspec2 4.7.5
721 
722 			// exactly one InnerClasses attr per ClassFile if some inner class is refernced: see visitJavaClass()
723 
724 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
725 
726 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
727 			if (! name.equals("InnerClasses")){
728 				throw new ClassConstraintException("The InnerClasses attribute '"+tostring(obj)+"' is not correctly named 'InnerClasses' but '"+name+"'.");
729 			}
730 
731 			InnerClass[] ics = obj.getInnerClasses();
732 
733 			for (int i=0; i<ics.length; i++){
734 				checkIndex(obj, ics[i].getInnerClassIndex(), CONST_Class);
735 				int outer_idx = ics[i].getOuterClassIndex();
736 				if (outer_idx != 0){
737 					checkIndex(obj, outer_idx, CONST_Class);
738 				}
739 				int innername_idx = ics[i].getInnerNameIndex();
740 				if (innername_idx != 0){
741 					checkIndex(obj, innername_idx, CONST_Utf8);
742 				}
743 				int acc = ics[i].getInnerAccessFlags();
744 				acc = acc & (~ (ACC_PUBLIC | ACC_PRIVATE | ACC_PROTECTED | ACC_STATIC | ACC_FINAL | ACC_INTERFACE | ACC_ABSTRACT));
745 				if (acc != 0){
746 					addMessage("Unknown access flag for inner class '"+tostring(ics[i])+"' set (InnerClasses attribute '"+tostring(obj)+"').");
747 				}
748 			}
749 			// Semantical consistency is not yet checked by Sun, see vmspec2 4.7.5.
750 			// [marked TODO in JustIce]
751 		}
752 		////////////////////////////////////////////////////////
753 		// field_info-structure-ATTRIBUTES (vmspec2 4.5, 4.7) //
754 		////////////////////////////////////////////////////////
755 		public void visitConstantValue(ConstantValue obj){//vmspec2 4.7.2
756 			// Despite its name, this really is an Attribute,
757 			// not a constant!
758 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
759 
760 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
761 			if (! name.equals("ConstantValue")){
762 				throw new ClassConstraintException("The ConstantValue attribute '"+tostring(obj)+"' is not correctly named 'ConstantValue' but '"+name+"'.");
763 			}
764 
765 			Object pred = carrier.predecessor();
766 			if (pred instanceof Field){ //ConstantValue attributes are quite senseless if the predecessor is not a field.
767 				Field f = (Field) pred;
768 				// Field constraints have been checked before -- so we are safe using their type information.
769 				Type field_type = Type.getType(((ConstantUtf8) (cp.getConstant(f.getSignatureIndex()))).getBytes());
770 
771 				int index = obj.getConstantValueIndex();
772 				if ((index < 0) || (index >= cplen)){
773 					throw new ClassConstraintException("Invalid index '"+index+"' used by '"+tostring(obj)+"'.");
774 				}
775 				Constant c = cp.getConstant(index);
776 
777 				if (CONST_Long.isInstance(c) && field_type.equals(Type.LONG)){
778 					return;
779 				}
780 				if (CONST_Float.isInstance(c) && field_type.equals(Type.FLOAT)){
781 					return;
782 				}
783 				if (CONST_Double.isInstance(c) && field_type.equals(Type.DOUBLE)){
784 					return;
785 				}
786 				if (CONST_Integer.isInstance(c) && (field_type.equals(Type.INT) || field_type.equals(Type.SHORT) || field_type.equals(Type.CHAR) || field_type.equals(Type.BYTE) || field_type.equals(Type.BOOLEAN))){
787 					return;
788 				}
789 				if (CONST_String.isInstance(c) && field_type.equals(Type.STRING)){
790 					return;
791 				}
792 
793 				throw new ClassConstraintException("Illegal type of ConstantValue '"+obj+"' embedding Constant '"+c+"'. It is referenced by field '"+tostring(f)+"' expecting a different type: '"+field_type+"'.");
794 			}
795 		}
796 		// SYNTHETIC: see above
797 		// DEPRECATED: see above
798 		/////////////////////////////////////////////////////////
799 		// method_info-structure-ATTRIBUTES (vmspec2 4.6, 4.7) //
800 		/////////////////////////////////////////////////////////
801 		public void visitCode(Code obj){//vmspec2 4.7.3
802 			// No code attribute allowed for native or abstract methods: see visitMethod(Method).
803 			// Code array constraints are checked in Pass3 (3a and 3b).
804 
805 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
806 
807 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
808 			if (! name.equals("Code")){
809 				throw new ClassConstraintException("The Code attribute '"+tostring(obj)+"' is not correctly named 'Code' but '"+name+"'.");
810 			}
811 
812 			Method m = null; // satisfy compiler
813 			if (!(carrier.predecessor() instanceof Method)){
814 				addMessage("Code attribute '"+tostring(obj)+"' is not declared in a method_info structure but in '"+carrier.predecessor()+"'. Ignored.");
815 				return;
816 			}
817 			else{
818 				m = (Method) carrier.predecessor();	// we can assume this method was visited before;
819 																						// i.e. the data consistency was verified.
820 			}
821 
822 			if (obj.getCode().length == 0){
823 				throw new ClassConstraintException("Code array of Code attribute '"+tostring(obj)+"' (method '"+m+"') must not be empty.");
824 			}
825 
826 			//In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
827 			CodeException[] exc_table = obj.getExceptionTable();
828 			for (int i=0; i<exc_table.length; i++){
829 				int exc_index = exc_table[i].getCatchType();
830 				if (exc_index != 0){ // if 0, it catches all Throwables
831 					checkIndex(obj, exc_index, CONST_Class);
832 					ConstantClass cc = (ConstantClass) (cp.getConstant(exc_index));
833 					checkIndex(cc, cc.getNameIndex(), CONST_Utf8); // cannot be sure this ConstantClass has already been visited (checked)!
834 					String cname = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes().replace('/','.');
835 
836 					Verifier v = VerifierFactory.getVerifier(cname);
837 					VerificationResult vr = v.doPass1();
838 
839 					if (vr != VerificationResult.VR_OK){
840 						throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(exc_table[i])+"' that references '"+cname+"' as an Exception but it does not pass verification pass 1: "+vr);
841 					}
842 					else{
843 						// We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
844 						// the ancestor hierarchy.
845 						JavaClass e = Repository.lookupClass(cname);
846 						JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
847 						JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
848 						while (e != o){
849 							if (e == t) break; // It's a subclass of Throwable, OKAY, leave.
850 
851 							v = VerifierFactory.getVerifier(e.getSuperclassName());
852 							vr = v.doPass1();
853 							if (vr != VerificationResult.VR_OK){
854 								throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(exc_table[i])+"' that references '"+cname+"' as an Exception but '"+e.getSuperclassName()+"' in the ancestor hierachy does not pass verification pass 1: "+vr);
855 							}
856 							else{
857 								e = Repository.lookupClass(e.getSuperclassName());
858 							}
859 						}
860 						if (e != t) throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(exc_table[i])+"' that references '"+cname+"' as an Exception but it is not a subclass of '"+t.getClassName()+"'.");
861 					}
862 				}
863 			}
864 
865 			// Create object for local variables information
866 			// This is highly unelegant due to usage of the Visitor pattern.
867 			// TODO: rework it.
868 			int method_number = -1;
869 			Method[] ms = Repository.lookupClass(myOwner.getClassName()).getMethods();
870 			for (int mn=0; mn<ms.length; mn++){
871 				if (m == ms[mn]){
872 					method_number = mn;
873 					break;
874 				}
875 			}
876 			if (method_number < 0){ // Mmmmh. Can we be sure BCEL does not sometimes instantiate new objects?
877 				throw new AssertionViolatedException("Could not find a known BCEL Method object in the corresponding BCEL JavaClass object.");
878 			}
879 			localVariablesInfos[method_number] = new LocalVariablesInfo(obj.getMaxLocals());
880 
881 			int num_of_lvt_attribs = 0;
882 			// Now iterate through the attributes the Code attribute has.
883 			Attribute[] atts = obj.getAttributes();
884 			for (int a=0; a<atts.length; a++){
885 				if ((! (atts[a] instanceof LineNumberTable)) &&
886 				    (! (atts[a] instanceof LocalVariableTable))){
887 					addMessage("Attribute '"+tostring(atts[a])+"' as an attribute of Code attribute '"+tostring(obj)+"' (method '"+m+"') is unknown and will therefore be ignored.");
888 				}
889 				else{// LineNumberTable or LocalVariableTable
890 					addMessage("Attribute '"+tostring(atts[a])+"' as an attribute of Code attribute '"+tostring(obj)+"' (method '"+m+"') will effectively be ignored and is only useful for debuggers and such.");
891 				}
892 
893 				//LocalVariableTable check (partially delayed to Pass3a).
894 				//Here because its easier to collect the information of the
895 				//(possibly more than one) LocalVariableTables belonging to
896 				//one certain Code attribute.
897 				if (atts[a] instanceof LocalVariableTable){ // checks conforming to vmspec2 4.7.9
898 
899 					LocalVariableTable lvt = (LocalVariableTable) atts[a];
900 
901 					checkIndex(lvt, lvt.getNameIndex(), CONST_Utf8);
902 
903 					String lvtname = ((ConstantUtf8) cp.getConstant(lvt.getNameIndex())).getBytes();
904 					if (! lvtname.equals("LocalVariableTable")){
905 						throw new ClassConstraintException("The LocalVariableTable attribute '"+tostring(lvt)+"' is not correctly named 'LocalVariableTable' but '"+lvtname+"'.");
906 					}
907 
908 					Code code = obj;
909 
910 					//In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
911 					LocalVariable[] localvariables = lvt.getLocalVariableTable();
912 
913 					for (int i=0; i<localvariables.length; i++){
914 						checkIndex(lvt, localvariables[i].getNameIndex(), CONST_Utf8);
915 						String localname = ((ConstantUtf8) cp.getConstant(localvariables[i].getNameIndex())).getBytes();
916 						if (!validJavaIdentifier(localname)){
917 							throw new ClassConstraintException("LocalVariableTable '"+tostring(lvt)+"' references a local variable by the name '"+localname+"' which is not a legal Java simple name.");
918 						}
919 
920 						checkIndex(lvt, localvariables[i].getSignatureIndex(), CONST_Utf8);
921 						String localsig  = ((ConstantUtf8) (cp.getConstant(localvariables[i].getSignatureIndex()))).getBytes(); // Local signature(=descriptor)
922 						Type t;
923 						try{
924 							t = Type.getType(localsig);
925 						}
926 						catch (ClassFormatError cfe){ // sometimes BCEL is a little harsh describing exceptional situations.
927 							throw new ClassConstraintException("Illegal descriptor (==signature) '"+localsig+"' used by LocalVariable '"+tostring(localvariables[i])+"' referenced by '"+tostring(lvt)+"'.");
928 						}
929 						int localindex = localvariables[i].getIndex();
930 						if ( ( (t==Type.LONG || t==Type.DOUBLE)? localindex+1:localindex) >= code.getMaxLocals()){
931 							throw new ClassConstraintException("LocalVariableTable attribute '"+tostring(lvt)+"' references a LocalVariable '"+tostring(localvariables[i])+"' with an index that exceeds the surrounding Code attribute's max_locals value of '"+code.getMaxLocals()+"'.");
932 						}
933 
934 						try{
935 							localVariablesInfos[method_number].add(localindex, localname, localvariables[i].getStartPC(), localvariables[i].getLength(), t);
936 						}
937 						catch(LocalVariableInfoInconsistentException lviie){
938 							throw new ClassConstraintException("Conflicting information in LocalVariableTable '"+tostring(lvt)+"' found in Code attribute '"+tostring(obj)+"' (method '"+tostring(m)+"'). "+lviie.getMessage());
939 						}
940 					}// for all local variables localvariables[i] in the LocalVariableTable attribute atts[a] END
941 
942 					num_of_lvt_attribs++;
943 					if (num_of_lvt_attribs > obj.getMaxLocals()){
944 						throw new ClassConstraintException("Number of LocalVariableTable attributes of Code attribute '"+tostring(obj)+"' (method '"+tostring(m)+"') exceeds number of local variable slots '"+obj.getMaxLocals()+"' ('There may be no more than one LocalVariableTable attribute per local variable in the Code attribute.').");
945 					}
946 				}// if atts[a] instanceof LocalVariableTable END
947 			}// for all attributes atts[a] END
948 		}// visitCode(Code) END
949 
950 		public void visitExceptionTable(ExceptionTable obj){//vmspec2 4.7.4
951 			// incorrectly named, it's the Exceptions attribute (vmspec2 4.7.4)
952 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
953 
954 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
955 			if (! name.equals("Exceptions")){
956 				throw new ClassConstraintException("The Exceptions attribute '"+tostring(obj)+"' is not correctly named 'Exceptions' but '"+name+"'.");
957 			}
958 
959 			int[] exc_indices = obj.getExceptionIndexTable();
960 
961 			for (int i=0; i<exc_indices.length; i++){
962 				checkIndex(obj, exc_indices[i], CONST_Class);
963 
964 				ConstantClass cc = (ConstantClass) (cp.getConstant(exc_indices[i]));
965 				checkIndex(cc, cc.getNameIndex(), CONST_Utf8); // cannot be sure this ConstantClass has already been visited (checked)!
966 				String cname = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes().replace('/','.'); //convert internal notation on-the-fly to external notation
967 
968 				Verifier v = VerifierFactory.getVerifier(cname);
969 				VerificationResult vr = v.doPass1();
970 
971 				if (vr != VerificationResult.VR_OK){
972 					throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but it does not pass verification pass 1: "+vr);
973 				}
974 				else{
975 					// We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
976 					// the ancestor hierarchy.
977 					JavaClass e = Repository.lookupClass(cname);
978 					JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
979 					JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
980 					while (e != o){
981 						if (e == t) break; // It's a subclass of Throwable, OKAY, leave.
982 
983 						v = VerifierFactory.getVerifier(e.getSuperclassName());
984 						vr = v.doPass1();
985 						if (vr != VerificationResult.VR_OK){
986 							throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but '"+e.getSuperclassName()+"' in the ancestor hierachy does not pass verification pass 1: "+vr);
987 						}
988 						else{
989 							e = Repository.lookupClass(e.getSuperclassName());
990 						}
991 					}
992 					if (e != t) throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but it is not a subclass of '"+t.getClassName()+"'.");
993 				}
994 			}
995 		}
996 		// SYNTHETIC: see above
997 		// DEPRECATED: see above
998 		//////////////////////////////////////////////////////////////
999 		// code_attribute-structure-ATTRIBUTES (vmspec2 4.7.3, 4.7) //
1000 		//////////////////////////////////////////////////////////////
1001 		public void visitLineNumberTable(LineNumberTable obj){//vmspec2 4.7.8
1002 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
1003 
1004 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
1005 			if (! name.equals("LineNumberTable")){
1006 				throw new ClassConstraintException("The LineNumberTable attribute '"+tostring(obj)+"' is not correctly named 'LineNumberTable' but '"+name+"'.");
1007 			}
1008 
1009 			//In JustIce,this check is delayed to Pass 3a.
1010 			//LineNumber[] linenumbers = obj.getLineNumberTable();
1011 			// ...validity check...
1012 
1013 		}
1014 		public void visitLocalVariableTable(LocalVariableTable obj){//vmspec2 4.7.9
1015 			//In JustIce,this check is partially delayed to Pass 3a.
1016 			//The other part can be found in the visitCode(Code) method.
1017 		}
1018 		////////////////////////////////////////////////////
1019 		// MISC-structure-ATTRIBUTES (vmspec2 4.7.1, 4.7) //
1020 		////////////////////////////////////////////////////
1021 		public void visitUnknown(Unknown obj){//vmspec2 4.7.1
1022 			// Represents an unknown attribute.
1023 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
1024 
1025 			// Maybe only misnamed? Give a (warning) message.
1026 			addMessage("Unknown attribute '"+tostring(obj)+"'. This attribute is not known in any context!");
1027 		}
1028 		//////////
1029 		// BCEL //
1030 		//////////
1031 		public void visitLocalVariable(LocalVariable obj){
1032 			// This does not represent an Attribute but is only
1033 			// related to internal BCEL data representation.
1034 
1035 			// see visitLocalVariableTable(LocalVariableTable)
1036 		}
1037 		public void visitCodeException(CodeException obj){
1038 			// Code constraints are checked in Pass3 (3a and 3b).
1039 			// This does not represent an Attribute but is only
1040 			// related to internal BCEL data representation.
1041 
1042 			// see visitCode(Code)
1043 		}
1044 		public void visitConstantPool(ConstantPool obj){
1045 			// No need to. We're piggybacked by the DescendingVisitor.
1046 			// This does not represent an Attribute but is only
1047 			// related to internal BCEL data representation.
1048 		}
1049 		public void visitInnerClass(InnerClass obj){
1050 			// This does not represent an Attribute but is only
1051 			// related to internal BCEL data representation.
1052 		}
1053 		public void visitLineNumber(LineNumber obj){
1054 			// This does not represent an Attribute but is only
1055 			// related to internal BCEL data representation.
1056 
1057 			// see visitLineNumberTable(LineNumberTable)
1058 		}
1059 	}
1060 
1061 	/***
1062 	 * Ensures that the ConstantCP-subclassed entries of the constant
1063 	 * pool are valid. According to "Yellin: Low Level Security in Java",
1064 	 * this method does not verify the existence of referenced entities
1065 	 * (such as classes) but only the formal correctness (such as well-formed
1066 	 * signatures).
1067    * The visitXXX() methods throw ClassConstraintException instances otherwise.
1068 	 * <B>Precondition: index-style cross referencing in the constant
1069 	 * pool must be valid. Simply invoke constant_pool_entries_satisfy_static_constraints()
1070 	 * before.</B>
1071 	 *
1072 	 * @throws ClassConstraintException otherwise.
1073 	 * @see #constant_pool_entries_satisfy_static_constraints()
1074 	 */
1075 	private void field_and_method_refs_are_valid(){
1076 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
1077 		DescendingVisitor v = new DescendingVisitor(jc, new FAMRAV_Visitor(jc));
1078 		v.visit();
1079 	}
1080 
1081 	/***
1082 	 * A Visitor class that ensures the ConstantCP-subclassed entries
1083 	 * of the constant pool are valid.
1084    * <B>Precondition: index-style cross referencing in the constant
1085    * pool must be valid.</B>
1086 	 *
1087    * @see #constant_pool_entries_satisfy_static_constraints()
1088 	 * @see org.apache.bcel.classfile.ConstantCP
1089 	 */
1090 	private class FAMRAV_Visitor extends EmptyVisitor implements Visitor{
1091 		private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work.
1092 		private FAMRAV_Visitor(JavaClass _jc){
1093 			cp = _jc.getConstantPool();
1094 		}
1095 		
1096 		public void visitConstantFieldref(ConstantFieldref obj){
1097 			if (obj.getTag() != Constants.CONSTANT_Fieldref){
1098 				throw new ClassConstraintException("ConstantFieldref '"+tostring(obj)+"' has wrong tag!");
1099 			}
1100 			int name_and_type_index = obj.getNameAndTypeIndex();
1101 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1102 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1103 			if (!validFieldName(name)){
1104 				throw new ClassConstraintException("Invalid field name '"+name+"' referenced by '"+tostring(obj)+"'.");
1105 			}
1106 			
1107 			int class_index = obj.getClassIndex();
1108 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1109 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1110 			if (! validClassName(className)){
1111 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1112 			}
1113 
1114 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1115 						
1116 			try{
1117 				Type.getType(sig); /* Don't need the return value */
1118 			}
1119 			catch (ClassFormatError cfe){
1120 				// Well, BCEL sometimes is a little harsh describing exceptional situations.
1121 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.");
1122 			}
1123 		}
1124 
1125 		public void visitConstantMethodref(ConstantMethodref obj){
1126 			if (obj.getTag() != Constants.CONSTANT_Methodref){
1127 				throw new ClassConstraintException("ConstantMethodref '"+tostring(obj)+"' has wrong tag!");
1128 			}
1129 			int name_and_type_index = obj.getNameAndTypeIndex();
1130 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1131 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1132 			if (!validClassMethodName(name)){
1133 				throw new ClassConstraintException("Invalid (non-interface) method name '"+name+"' referenced by '"+tostring(obj)+"'.");
1134 			}
1135 
1136 			int class_index = obj.getClassIndex();
1137 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1138 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1139 			if (! validClassName(className)){
1140 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1141 			}
1142 
1143 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1144 						
1145 			try{
1146 				Type   t  = Type.getReturnType(sig);
1147 				if ( name.equals(CONSTRUCTOR_NAME) && (t != Type.VOID) ){
1148 					throw new ClassConstraintException("Instance initialization method must have VOID return type.");
1149 				}
1150 			}
1151 			catch (ClassFormatError cfe){
1152 				// Well, BCEL sometimes is a little harsh describing exceptional situations.
1153 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.");
1154 			}
1155 		}
1156 
1157 		public void visitConstantInterfaceMethodref(ConstantInterfaceMethodref obj){
1158 			if (obj.getTag() != Constants.CONSTANT_InterfaceMethodref){
1159 				throw new ClassConstraintException("ConstantInterfaceMethodref '"+tostring(obj)+"' has wrong tag!");
1160 			}
1161 			int name_and_type_index = obj.getNameAndTypeIndex();
1162 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1163 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1164 			if (!validInterfaceMethodName(name)){
1165 				throw new ClassConstraintException("Invalid (interface) method name '"+name+"' referenced by '"+tostring(obj)+"'.");
1166 			}
1167 
1168 			int class_index = obj.getClassIndex();
1169 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1170 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1171 			if (! validClassName(className)){
1172 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1173 			}
1174 
1175 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1176 						
1177 			try{
1178 				Type   t  = Type.getReturnType(sig);
1179 				if ( name.equals(STATIC_INITIALIZER_NAME) && (t != Type.VOID) ){
1180 					addMessage("Class or interface initialization method '"+STATIC_INITIALIZER_NAME+"' usually has VOID return type instead of '"+t+"'. Note this is really not a requirement of The Java Virtual Machine Specification, Second Edition.");
1181 				}
1182 			}
1183 			catch (ClassFormatError cfe){
1184 				// Well, BCEL sometimes is a little harsh describing exceptional situations.
1185 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.");
1186 			}
1187 
1188 		}
1189 		
1190 	}
1191 
1192 	/***
1193 	 * This method returns true if and only if the supplied String
1194 	 * represents a valid Java class name.
1195 	 */
1196 	private static final boolean validClassName(String name){
1197         /*
1198          * TODO: implement.
1199 		 * Are there any restrictions?
1200          */
1201 		return true;
1202 	}
1203 	/***
1204 	 * This method returns true if and only if the supplied String
1205 	 * represents a valid method name.
1206 	 * This is basically the same as a valid identifier name in the
1207 	 * Java programming language, but the special name for
1208 	 * the instance initialization method is allowed and the special name
1209 	 * for the class/interface initialization method may be allowed.
1210 	 */
1211 	private static boolean validMethodName(String name, boolean allowStaticInit){
1212 		if (validJavaLangMethodName(name)) return true;
1213 		
1214 		if (allowStaticInit){
1215 			return (name.equals(CONSTRUCTOR_NAME) || name.equals(STATIC_INITIALIZER_NAME));
1216 		}
1217 		else{
1218 			return name.equals(CONSTRUCTOR_NAME);
1219 		}
1220 	}
1221 
1222 	/***
1223 	 * This method returns true if and only if the supplied String
1224 	 * represents a valid method name that may be referenced by
1225 	 * ConstantMethodref objects.
1226 	 */
1227 	private static boolean validClassMethodName(String name){
1228 		return validMethodName(name, false);
1229 	}
1230 
1231 	/***
1232 	 * This method returns true if and only if the supplied String
1233 	 * represents a valid Java programming language method name stored as a simple
1234 	 * (non-qualified) name.
1235 	 * Conforming to: The Java Virtual Machine Specification, Second Edition, §2.7, §2.7.1, §2.2.
1236 	 */
1237 	private static boolean validJavaLangMethodName(String name){
1238 		if (!Character.isJavaIdentifierStart(name.charAt(0))) return false;
1239 		
1240 		for (int i=1; i<name.length(); i++){
1241 			if (!Character.isJavaIdentifierPart(name.charAt(i))) return false;
1242 		}
1243 		return true;
1244 	}
1245 
1246 	/***
1247 	 * This method returns true if and only if the supplied String
1248 	 * represents a valid Java interface method name that may be
1249 	 * referenced by ConstantInterfaceMethodref objects.
1250 	 */
1251 	private static boolean validInterfaceMethodName(String name){
1252 		// I guess we should assume special names forbidden here.
1253 		if (name.startsWith("<")) return false;
1254 		return validJavaLangMethodName(name);
1255 	}
1256 
1257 	/***
1258 	 * This method returns true if and only if the supplied String
1259 	 * represents a valid Java identifier (so-called simple name).
1260 	 */
1261 	private static boolean validJavaIdentifier(String name){
1262 		// vmspec2 2.7, vmspec2 2.2
1263 		if (!Character.isJavaIdentifierStart(name.charAt(0))) return false;
1264 		
1265 		for (int i=1; i<name.length(); i++){
1266 			if (!Character.isJavaIdentifierPart(name.charAt(i))) return false;
1267 		}
1268 		return true;
1269 	}
1270 
1271 	/***
1272 	 * This method returns true if and only if the supplied String
1273 	 * represents a valid Java field name.
1274 	 */
1275 	private static boolean validFieldName(String name){
1276 		// vmspec2 2.7, vmspec2 2.2
1277 		return validJavaIdentifier(name);
1278 	}
1279 
1280 	/***
1281 	 * This class serves for finding out if a given JavaClass' ConstantPool
1282 	 * references an Inner Class.
1283 	 * The Java Virtual Machine Specification, Second Edition is not very precise
1284 	 * about when an "InnerClasses" attribute has to appear. However, it states that
1285 	 * there has to be exactly one InnerClasses attribute in the ClassFile structure
1286 	 * if the constant pool of a class or interface refers to any class or interface
1287 	 * "that is not a member of a package". Sun does not mean "member of the default
1288 	 * package". In "Inner Classes Specification" they point out how a "bytecode name"
1289 	 * is derived so one has to deduce what a class name of a class "that is not a
1290 	 * member of a package" looks like: there is at least one character in the byte-
1291 	 * code name that cannot be part of a legal Java Language Class name (and not equal
1292 	 * to '/'). This assumption is wrong as the delimiter is '$' for which
1293 	 * Character.isJavaIdentifierPart() == true.
1294 	 * Hence, you really run into trouble if you have a toplevel class called
1295 	 * "A$XXX" and another toplevel class called "A" with in inner class called "XXX".
1296 	 * JustIce cannot repair this; please note that existing verifiers at this
1297 	 * time even fail to detect missing InnerClasses attributes in pass 2.
1298 	 */
1299 	private class InnerClassDetector extends EmptyVisitor{
1300 		private boolean hasInnerClass = false;
1301 		private JavaClass jc;
1302 		private ConstantPool cp;
1303 		private InnerClassDetector(){} // Don't use.
1304 		/*** Constructs an InnerClassDetector working on the JavaClass _jc. */
1305 		public InnerClassDetector(JavaClass _jc){
1306 			jc = _jc;
1307 			cp = jc.getConstantPool();
1308 			(new DescendingVisitor(jc, this)).visit();
1309 		}
1310 		/***
1311 		 * Returns if the JavaClass this InnerClassDetector is working on
1312 		 * has an Inner Class reference in its constant pool.
1313 		 */
1314 		public boolean innerClassReferenced(){
1315 			return hasInnerClass;
1316 		}
1317 		/*** This method casually visits ConstantClass references. */
1318 		public void visitConstantClass(ConstantClass obj){
1319 			Constant c = cp.getConstant(obj.getNameIndex());
1320 			if (c instanceof ConstantUtf8){ //Ignore the case where it's not a ConstantUtf8 here, we'll find out later.
1321 				String classname = ((ConstantUtf8) c).getBytes();
1322 				if (classname.startsWith(jc.getClassName().replace('.','/')+"$")){
1323 					hasInnerClass = true;
1324 				}
1325 			}
1326 		}
1327 	}
1328 	
1329 	/***
1330 	 * This method is here to save typing work and improve code readability.
1331 	 */
1332 	private static String tostring(Node n){
1333 		return new StringRepresentation(n).toString();
1334 	}
1335 }
This page was automatically generated by Maven