View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License. 
16   *
17   */ 
18  package org.apache.bcel.verifier.statics;
19  
20  
21  import org.apache.bcel.Repository;
22  import org.apache.bcel.classfile.ClassFormatException;
23  import org.apache.bcel.classfile.JavaClass;
24  import org.apache.bcel.verifier.PassVerifier;
25  import org.apache.bcel.verifier.VerificationResult;
26  import org.apache.bcel.verifier.Verifier;
27  import org.apache.bcel.verifier.exc.LoadingException;
28  import org.apache.bcel.verifier.exc.Utility;
29  
30  /**
31   * This PassVerifier verifies a class file according to pass 1 as
32   * described in The Java Virtual Machine Specification, 2nd edition.
33   * More detailed information is to be found at the do_verify() method's
34   * documentation.
35   *
36   * @version $Id: Pass1Verifier.html 898356 2014-02-18 05:44:40Z ggregory $
37   * @author Enver Haase
38   * @see #do_verify()
39   */
40  public final class Pass1Verifier extends PassVerifier{
41  	/**
42  	 * DON'T USE THIS EVEN PRIVATELY! USE getJavaClass() INSTEAD.
43  	 * @see #getJavaClass()
44  	 */
45  	private JavaClass jc;
46  
47  	/**
48  	 * The Verifier that created this.
49  	 */
50  	private Verifier myOwner;
51  
52  	/** Used to load in and return the myOwner-matching JavaClass object when needed. Avoids loading in a class file when it's not really needed! */
53  	private JavaClass getJavaClass(){
54  		if (jc == null){
55  			try {
56  				jc = Repository.lookupClass(myOwner.getClassName());
57  			} catch (ClassNotFoundException e) {
58  				// FIXME: currently, Pass1Verifier treats jc == null as a special
59  				// case, so we don't need to do anything here.  A better solution
60  				// would be to simply throw the ClassNotFoundException
61  				// out of this method.
62  			}
63  		}
64  		return jc;
65  	}
66  	
67  	/**
68  	 * Should only be instantiated by a Verifier.
69  	 *
70  	 * @see org.apache.bcel.verifier.Verifier
71  	 */
72  	public Pass1Verifier(Verifier owner){
73  		myOwner = owner;
74  	}
75  
76  	/**
77  	 * Pass-one verification basically means loading in a class file.
78  	 * The Java Virtual Machine Specification is not too precise about
79  	 * what makes the difference between passes one and two.
80  	 * The answer is that only pass one is performed on a class file as
81  	 * long as its resolution is not requested; whereas pass two and
82  	 * pass three are performed during the resolution process.
83  	 * Only four constraints to be checked are explicitely stated by
84  	 * The Java Virtual Machine Specification, 2nd edition:
85  	 * <UL>
86  	 *  <LI>The first four bytes must contain the right magic number (0xCAFEBABE).
87  	 *  <LI>All recognized attributes must be of the proper length.
88  	 *  <LI>The class file must not be truncated or have extra bytes at the end.
89  	 *  <LI>The constant pool must not contain any superficially unrecognizable information.
90  	 * </UL>
91  	 * A more in-depth documentation of what pass one should do was written by
92  	 * <A HREF=mailto:pwfong@cs.sfu.ca>Philip W. L. Fong</A>:
93  	 * <UL>
94  	 *  <LI> the file should not be truncated.
95  	 *  <LI> the file should not have extra bytes at the end.
96  	 *  <LI> all variable-length structures should be well-formatted:
97  	 *  <UL>
98  	 *   <LI> there should only be constant_pool_count-1 many entries in the constant pool.
99  	 *   <LI> all constant pool entries should have size the same as indicated by their type tag.
100 	 *   <LI> there are exactly interfaces_count many entries in the interfaces array of the class file.
101 	 *   <LI> there are exactly fields_count many entries in the fields array of the class file.
102 	 *   <LI> there are exactly methods_count many entries in the methods array of the class file.
103 	 *   <LI> there are exactly attributes_count many entries in the attributes array of the class file, fields, methods, and code attribute.
104 	 *   <LI> there should be exactly attribute_length many bytes in each attribute. Inconsistency between attribute_length and the actually size of the attribute content should be uncovered. For example, in an Exceptions attribute, the actual number of exceptions as required by the number_of_exceptions field might yeild an attribute size that doesn't match the attribute_length. Such an anomaly should be detected.
105 	 *   <LI> all attributes should have proper length. In particular, under certain context (e.g. while parsing method_info), recognizable attributes (e.g. "Code" attribute) should have correct format (e.g. attribute_length is 2).
106 	 *  </UL>
107 	 *  <LI> Also, certain constant values are checked for validity:
108 	 *  <UL>
109 	 *   <LI> The magic number should be 0xCAFEBABE.
110 	 *   <LI> The major and minor version numbers are valid.
111 	 *   <LI> All the constant pool type tags are recognizable.
112 	 *   <LI> All undocumented access flags are masked off before use. Strictly speaking, this is not really a check.
113 	 *   <LI> The field this_class should point to a string that represents a legal non-array class name, and this name should be the same as the class file being loaded.
114 	 *   <LI> the field super_class should point to a string that represents a legal non-array class name.
115 	 *   <LI> Because some of the above checks require cross referencing the constant pool entries, guards are set up to make sure that the referenced entries are of the right type and the indices are within the legal range (0 < index < constant_pool_count).
116 	 *  </UL>
117 	 *  <LI> Extra checks done in pass 1:
118 	 *  <UL>
119 	 *   <LI> the constant values of static fields should have the same type as the fields.
120 	 *   <LI> the number of words in a parameter list does not exceed 255 and locals_max.
121 	 *   <LI> the name and signature of fields and methods are verified to be of legal format.
122 	 *  </UL>
123 	 * </UL>
124 	 * (From the Paper <A HREF=http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/JVM/pass1/>The Mysterious Pass One, first draft, September 2, 1997</A>.)
125 	 * </BR>
126 	 * However, most of this is done by parsing a class file or generating a class file into BCEL's internal data structure.
127 	 * <B>Therefore, all that is really done here is look up the class file from BCEL's repository.</B>
128 	 * This is also motivated by the fact that some omitted things
129 	 * (like the check for extra bytes at the end of the class file) are handy when actually using BCEL to repair a class file (otherwise you would not be
130 	 * able to load it into BCEL).
131 	 *
132 	 * @see org.apache.bcel.Repository
133 	 */
134 	@Override
135     public VerificationResult do_verify(){
136 		JavaClass jc;
137 		try{
138 			jc = getJavaClass();	//loads in the class file if not already done.
139 
140 			if (jc != null){
141 				/* If we find more constraints to check, we should do this in an own method. */
142 				if (! myOwner.getClassName().equals(jc.getClassName())){
143 					// This should maybe caught by BCEL: In case of renamed .class files we get wrong
144 					// JavaClass objects here.
145 					throw new LoadingException("Wrong name: the internal name of the .class file '"+jc.getClassName()+"' does not match the file's name '"+myOwner.getClassName()+"'.");
146 				}
147 			}
148 			
149 		}
150 		catch(LoadingException e){
151 			return new VerificationResult(VerificationResult.VERIFIED_REJECTED, e.getMessage());
152 		}
153 		catch(ClassFormatException e){
154 			return new VerificationResult(VerificationResult.VERIFIED_REJECTED, e.getMessage());
155 		}
156 		catch(RuntimeException e){
157 			// BCEL does not catch every possible RuntimeException; e.g. if
158 			// a constant pool index is referenced that does not exist.
159 			return new VerificationResult(VerificationResult.VERIFIED_REJECTED, "Parsing via BCEL did not succeed. "+e.getClass().getName()+" occured:\n"+Utility.getStackTrace(e));
160 		}
161 
162 		if (jc != null){
163 			return VerificationResult.VR_OK;
164 		}
165 		else{
166 			//TODO: Maybe change Repository's behaviour to throw a LoadingException instead of just returning "null"
167 			//      if a class file cannot be found or in another way be looked up.
168 			return new VerificationResult(VerificationResult.VERIFIED_REJECTED, "Repository.lookup() failed. FILE NOT FOUND?");
169 		}
170 	}
171 
172 	/**
173 	 * Currently this returns an empty array of String.
174 	 * One could parse the error messages of BCEL
175 	 * (written to java.lang.System.err) when loading
176 	 * a class file such as detecting unknown attributes
177 	 * or trailing garbage at the end of a class file.
178 	 * However, Markus Dahm does not like the idea so this
179 	 * method is currently useless and therefore marked as
180 	 * <B>TODO</B>.
181 	 */
182 	@Override
183     public String[] getMessages(){
184 		// This method is only here to override the javadoc-comment.
185 		return super.getMessages();
186 	}
187 
188 }