View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License. 
16   *
17   */ 
18  package org.apache.bcel.verifier.statics;
19  
20  
21  import java.util.HashMap;
22  import java.util.HashSet;
23  import java.util.Locale;
24  import java.util.Map;
25  import java.util.Set;
26  import org.apache.bcel.Constants;
27  import org.apache.bcel.Repository;
28  import org.apache.bcel.classfile.Attribute;
29  import org.apache.bcel.classfile.ClassFormatException;
30  import org.apache.bcel.classfile.Code;
31  import org.apache.bcel.classfile.CodeException;
32  import org.apache.bcel.classfile.Constant;
33  import org.apache.bcel.classfile.ConstantClass;
34  import org.apache.bcel.classfile.ConstantDouble;
35  import org.apache.bcel.classfile.ConstantFieldref;
36  import org.apache.bcel.classfile.ConstantFloat;
37  import org.apache.bcel.classfile.ConstantInteger;
38  import org.apache.bcel.classfile.ConstantInterfaceMethodref;
39  import org.apache.bcel.classfile.ConstantLong;
40  import org.apache.bcel.classfile.ConstantMethodref;
41  import org.apache.bcel.classfile.ConstantNameAndType;
42  import org.apache.bcel.classfile.ConstantPool;
43  import org.apache.bcel.classfile.ConstantString;
44  import org.apache.bcel.classfile.ConstantUtf8;
45  import org.apache.bcel.classfile.ConstantValue;
46  import org.apache.bcel.classfile.Deprecated;
47  import org.apache.bcel.classfile.DescendingVisitor;
48  import org.apache.bcel.classfile.EmptyVisitor;
49  import org.apache.bcel.classfile.ExceptionTable;
50  import org.apache.bcel.classfile.Field;
51  import org.apache.bcel.classfile.InnerClass;
52  import org.apache.bcel.classfile.InnerClasses;
53  import org.apache.bcel.classfile.JavaClass;
54  import org.apache.bcel.classfile.LineNumber;
55  import org.apache.bcel.classfile.LineNumberTable;
56  import org.apache.bcel.classfile.LocalVariable;
57  import org.apache.bcel.classfile.LocalVariableTable;
58  import org.apache.bcel.classfile.Method;
59  import org.apache.bcel.classfile.Node;
60  import org.apache.bcel.classfile.SourceFile;
61  import org.apache.bcel.classfile.Synthetic;
62  import org.apache.bcel.classfile.Unknown;
63  import org.apache.bcel.generic.ArrayType;
64  import org.apache.bcel.generic.ObjectType;
65  import org.apache.bcel.generic.Type;
66  import org.apache.bcel.verifier.PassVerifier;
67  import org.apache.bcel.verifier.VerificationResult;
68  import org.apache.bcel.verifier.Verifier;
69  import org.apache.bcel.verifier.VerifierFactory;
70  import org.apache.bcel.verifier.exc.AssertionViolatedException;
71  import org.apache.bcel.verifier.exc.ClassConstraintException;
72  import org.apache.bcel.verifier.exc.LocalVariableInfoInconsistentException;
73  
74  /**
75   * This PassVerifier verifies a class file according to
76   * pass 2 as described in The Java Virtual Machine
77   * Specification, 2nd edition.
78   * More detailed information is to be found at the do_verify()
79   * method's documentation.
80   *
81   * @version $Id: Pass2Verifier.html 898356 2014-02-18 05:44:40Z ggregory $
82   * @author Enver Haase
83   * @see #do_verify()
84   */
85  public final class Pass2Verifier extends PassVerifier implements Constants{
86  
87  	/**
88  	 * The LocalVariableInfo instances used by Pass3bVerifier.
89  	 * localVariablesInfos[i] denotes the information for the
90  	 * local variables of method number i in the
91  	 * JavaClass this verifier operates on.
92  	 */
93  	private LocalVariablesInfo[] localVariablesInfos;
94  	
95  	/** The Verifier that created this. */
96  	private Verifier myOwner;
97  
98  	/**
99  	 * Should only be instantiated by a Verifier.
100 	 *
101 	 * @see Verifier
102 	 */
103 	public Pass2Verifier(Verifier owner){
104 		myOwner = owner;
105 	}
106 
107 	/**
108 	 * Returns a LocalVariablesInfo object containing information
109 	 * about the usage of the local variables in the Code attribute
110 	 * of the said method or <B>null</B> if the class file this
111 	 * Pass2Verifier operates on could not be pass-2-verified correctly.
112 	 * The method number method_nr is the method you get using
113 	 * <B>Repository.lookupClass(myOwner.getClassname()).getMethods()[method_nr];</B>.
114 	 * You should not add own information. Leave that to JustIce.
115 	 */
116 	public LocalVariablesInfo getLocalVariablesInfo(int method_nr){
117 		if (this.verify() != VerificationResult.VR_OK) {
118             return null; // It's cached, don't worry.
119         }
120 		if (method_nr < 0 || method_nr >= localVariablesInfos.length){
121 			throw new AssertionViolatedException("Method number out of range.");
122 		}
123 		return localVariablesInfos[method_nr];
124 	}
125 	
126 	/**
127 	 * Pass 2 is the pass where static properties of the
128 	 * class file are checked without looking into "Code"
129 	 * arrays of methods.
130 	 * This verification pass is usually invoked when
131 	 * a class is resolved; and it may be possible that
132 	 * this verification pass has to load in other classes
133 	 * such as superclasses or implemented interfaces.
134 	 * Therefore, Pass 1 is run on them.<BR>
135 	 * Note that most referenced classes are <B>not</B> loaded
136 	 * in for verification or for an existance check by this
137 	 * pass; only the syntactical correctness of their names
138 	 * and descriptors (a.k.a. signatures) is checked.<BR>
139 	 * Very few checks that conceptually belong here
140 	 * are delayed until pass 3a in JustIce. JustIce does
141 	 * not only check for syntactical correctness but also
142 	 * for semantical sanity - therefore it needs access to
143 	 * the "Code" array of methods in a few cases. Please
144 	 * see the pass 3a documentation, too.
145 	 *
146 	 * @see org.apache.bcel.verifier.statics.Pass3aVerifier
147 	 */
148 	@Override
149     public VerificationResult do_verify(){
150 	    try {
151 		VerificationResult vr1 = myOwner.doPass1();
152 		if (vr1.equals(VerificationResult.VR_OK)){
153 			
154 			// For every method, we could have information about the local variables out of LocalVariableTable attributes of
155 			// the Code attributes.
156 			localVariablesInfos = new LocalVariablesInfo[Repository.lookupClass(myOwner.getClassName()).getMethods().length];
157 
158 			VerificationResult vr = VerificationResult.VR_OK; // default.
159 			try{
160 				constant_pool_entries_satisfy_static_constraints();
161 				field_and_method_refs_are_valid();
162 				every_class_has_an_accessible_superclass();
163 				final_methods_are_not_overridden();
164 			}
165 			catch (ClassConstraintException cce){
166 				vr = new VerificationResult(VerificationResult.VERIFIED_REJECTED, cce.getMessage());
167 			}
168 			return vr;
169 		} else {
170             return VerificationResult.VR_NOTYET;
171         }
172 
173 	    } catch (ClassNotFoundException e) {
174 		// FIXME: this might not be the best way to handle missing classes.
175 		throw new AssertionViolatedException("Missing class: " + e, e);
176 	    }
177 	}
178 
179 	/**
180 	 * Ensures that every class has a super class and that
181 	 * <B>final</B> classes are not subclassed.
182 	 * This means, the class this Pass2Verifier operates
183 	 * on has proper super classes (transitively) up to
184 	 * java.lang.Object.
185 	 * The reason for really loading (and Pass1-verifying)
186 	 * all of those classes here is that we need them in
187 	 * Pass2 anyway to verify no final methods are overridden
188 	 * (that could be declared anywhere in the ancestor hierarchy).
189 	 *
190 	 * @throws ClassConstraintException otherwise.
191 	 */
192 	private void every_class_has_an_accessible_superclass(){
193 	    try {
194 		Set<String> hs = new HashSet<String>(); // save class names to detect circular inheritance
195 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
196 		int supidx = -1;
197 
198 		while (supidx != 0){
199 			supidx = jc.getSuperclassNameIndex();
200 		
201 			if (supidx == 0){
202 				if (jc != Repository.lookupClass(Type.OBJECT.getClassName())){
203 					throw new ClassConstraintException("Superclass of '"+jc.getClassName()+"' missing but not "+Type.OBJECT.getClassName()+" itself!");
204 				}
205 			}
206 			else{
207 				String supername = jc.getSuperclassName();
208 				if (! hs.add(supername)){	// If supername already is in the list
209 					throw new ClassConstraintException("Circular superclass hierarchy detected.");
210 				}
211 				Verifier v = VerifierFactory.getVerifier(supername);
212 				VerificationResult vr = v.doPass1();
213 
214 				if (vr != VerificationResult.VR_OK){
215 					throw new ClassConstraintException("Could not load in ancestor class '"+supername+"'.");
216 				}
217 				jc = Repository.lookupClass(supername);
218 
219 				if (jc.isFinal()){
220 					throw new ClassConstraintException("Ancestor class '"+supername+"' has the FINAL access modifier and must therefore not be subclassed.");
221 				}
222 			}
223 		}
224 
225 	    } catch (ClassNotFoundException e) {
226 		// FIXME: this might not be the best way to handle missing classes.
227 		throw new AssertionViolatedException("Missing class: " + e, e);
228 	    }
229 	}
230 
231 	/**
232 	 * Ensures that <B>final</B> methods are not overridden.
233 	 * <B>Precondition to run this method:
234 	 * constant_pool_entries_satisfy_static_constraints() and
235 	 * every_class_has_an_accessible_superclass() have to be invoked before
236 	 * (in that order).</B>
237 	 *
238 	 * @throws ClassConstraintException otherwise.
239 	 * @see #constant_pool_entries_satisfy_static_constraints()
240 	 * @see #every_class_has_an_accessible_superclass()
241 	 */
242 	private void final_methods_are_not_overridden(){
243 	    try {
244 		Map<String, String> hashmap = new HashMap<String, String>();
245 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
246 		
247 		int supidx = -1;
248 		while (supidx != 0){
249 			supidx = jc.getSuperclassNameIndex();
250 
251 			Method[] methods = jc.getMethods();
252 			for (int i=0; i<methods.length; i++){
253 				String name_and_sig = (methods[i].getName()+methods[i].getSignature());
254 
255 				if (hashmap.containsKey(name_and_sig)){
256 					if ( methods[i].isFinal() ){
257 					  if (!(methods[i].isPrivate())) {
258 						  throw new ClassConstraintException("Method '"+name_and_sig+"' in class '"+hashmap.get(name_and_sig)+"' overrides the final (not-overridable) definition in class '"+jc.getClassName()+"'.");
259 					  }
260 					  else{
261 						  addMessage("Method '"+name_and_sig+"' in class '"+hashmap.get(name_and_sig)+"' overrides the final (not-overridable) definition in class '"+jc.getClassName()+"'. This is okay, as the original definition was private; however this constraint leverage was introduced by JLS 8.4.6 (not vmspec2) and the behaviour of the Sun verifiers.");
262 					  }
263 					}
264 					else{
265 						if (!methods[i].isStatic()){ // static methods don't inherit
266 							hashmap.put(name_and_sig, jc.getClassName());
267 						}
268 					}
269 				}
270 				else{
271 					if (!methods[i].isStatic()){ // static methods don't inherit
272 						hashmap.put(name_and_sig, jc.getClassName());
273 					}
274 				}
275 			}
276 		
277 			jc = Repository.lookupClass(jc.getSuperclassName());	// Well, for OBJECT this returns OBJECT so it works (could return anything but must not throw an Exception).
278 		}
279 
280 	    } catch (ClassNotFoundException e) {
281 		// FIXME: this might not be the best way to handle missing classes.
282 		throw new AssertionViolatedException("Missing class: " + e, e);
283 	    }
284 
285 	}
286 
287 	/**
288 	 * Ensures that the constant pool entries satisfy the static constraints
289 	 * as described in The Java Virtual Machine Specification, 2nd Edition.
290 	 *
291 	 * @throws ClassConstraintException otherwise.
292 	 */
293 	private void constant_pool_entries_satisfy_static_constraints(){
294 	    try {
295 		// Most of the consistency is handled internally by BCEL; here
296 		// we only have to verify if the indices of the constants point
297 		// to constants of the appropriate type and such.
298 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
299 		new CPESSC_Visitor(jc); // constructor implicitly traverses jc
300 
301 	    } catch (ClassNotFoundException e) {
302 		// FIXME: this might not be the best way to handle missing classes.
303 		throw new AssertionViolatedException("Missing class: " + e, e);
304 	    }
305 	}
306 
307 	/**
308 	 * A Visitor class that ensures the constant pool satisfies the static
309 	 * constraints.
310    * The visitXXX() methods throw ClassConstraintException instances otherwise.
311    *
312    * @see #constant_pool_entries_satisfy_static_constraints()
313 	 */
314 	private class CPESSC_Visitor extends org.apache.bcel.classfile.EmptyVisitor{
315 		private Class<?> CONST_Class;
316 		/*
317         private Class<?> CONST_Fieldref;
318 		private Class<?> CONST_Methodref;
319 		private Class<?> CONST_InterfaceMethodref;
320         */
321 		private Class<?> CONST_String;
322 		private Class<?> CONST_Integer;
323 		private Class<?> CONST_Float;
324 		private Class<?> CONST_Long;
325 		private Class<?> CONST_Double;
326 		private Class<?> CONST_NameAndType;
327 		private Class<?> CONST_Utf8;
328 
329 		private final JavaClass jc;
330 		private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work and computing power.
331 		private final int cplen; // == cp.getLength() -- to save computing power.
332 		private DescendingVisitor carrier;
333 
334 		private Set<String> field_names = new HashSet<String>();
335 		private Set<String> field_names_and_desc = new HashSet<String>();
336 		private Set<String> method_names_and_desc = new HashSet<String>();
337 
338 		private CPESSC_Visitor(JavaClass _jc){
339 			jc = _jc;
340 			cp = _jc.getConstantPool();
341 			cplen = cp.getLength();
342 
343 			CONST_Class = org.apache.bcel.classfile.ConstantClass.class;
344 			/*
345             CONST_Fieldref = org.apache.bcel.classfile.ConstantFieldref.class;
346 			CONST_Methodref = org.apache.bcel.classfile.ConstantMethodref.class;
347 			CONST_InterfaceMethodref = org.apache.bcel.classfile.ConstantInterfaceMethodref.class;
348             */
349 			CONST_String = org.apache.bcel.classfile.ConstantString.class;
350 			CONST_Integer = org.apache.bcel.classfile.ConstantInteger.class;
351 			CONST_Float = org.apache.bcel.classfile.ConstantFloat.class;
352 			CONST_Long = org.apache.bcel.classfile.ConstantLong.class;
353 			CONST_Double = org.apache.bcel.classfile.ConstantDouble.class;
354 			CONST_NameAndType = org.apache.bcel.classfile.ConstantNameAndType.class;
355 			CONST_Utf8 = org.apache.bcel.classfile.ConstantUtf8.class;
356 
357 			carrier = new DescendingVisitor(_jc, this);
358 			carrier.visit();
359 		}
360 
361 		private void checkIndex(Node referrer, int index, Class<?> shouldbe){
362 			if ((index < 0) || (index >= cplen)){
363 				throw new ClassConstraintException("Invalid index '"+index+"' used by '"+tostring(referrer)+"'.");
364 			}
365 			Constant c = cp.getConstant(index);
366 			if (! shouldbe.isInstance(c)){
367 				/* String isnot = shouldbe.toString().substring(shouldbe.toString().lastIndexOf(".")+1); //Cut all before last "." */
368 				throw new ClassCastException("Illegal constant '"+tostring(c)+"' at index '"+index+"'. '"+tostring(referrer)+"' expects a '"+shouldbe+"'.");
369 			}
370 		}
371 		///////////////////////////////////////
372 		// ClassFile structure (vmspec2 4.1) //
373 		///////////////////////////////////////
374 		@Override
375         public void visitJavaClass(JavaClass obj){
376 			Attribute[] atts = obj.getAttributes();
377 			boolean foundSourceFile = false;
378 			boolean foundInnerClasses = false;
379 
380 			// Is there an InnerClass referenced?
381 			// This is a costly check; existing verifiers don't do it!
382 			boolean hasInnerClass = new InnerClassDetector(jc).innerClassReferenced();
383 
384 			for (int i=0; i<atts.length; i++){
385 				if ((! (atts[i] instanceof SourceFile)) &&
386 				    (! (atts[i] instanceof Deprecated))     &&
387 				    (! (atts[i] instanceof InnerClasses)) &&
388 				    (! (atts[i] instanceof Synthetic))){
389 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of the ClassFile structure '"+tostring(obj)+"' is unknown and will therefore be ignored.");
390 				}
391 
392 				if (atts[i] instanceof SourceFile){
393 					if (foundSourceFile == false) {
394                         foundSourceFile = true;
395                     } else {
396                         throw new ClassConstraintException("A ClassFile structure (like '"+tostring(obj)+"') may have no more than one SourceFile attribute."); //vmspec2 4.7.7
397                     }
398 				}
399 
400 				if (atts[i] instanceof InnerClasses){
401 					if (foundInnerClasses == false) {
402                         foundInnerClasses = true;
403                     } else{
404 						if (hasInnerClass){
405 							throw new ClassConstraintException("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). More than one InnerClasses attribute was found.");
406 						}
407 					}
408 					if (!hasInnerClass){
409 						addMessage("No referenced Inner Class found, but InnerClasses attribute '"+tostring(atts[i])+"' found. Strongly suggest removal of that attribute.");
410 					}
411 				}
412 
413 			}
414 			if (hasInnerClass && !foundInnerClasses){
415 				//throw new ClassConstraintException("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). No InnerClasses attribute was found.");
416 				//vmspec2, page 125 says it would be a constraint: but existing verifiers
417 				//don't check it and javac doesn't satisfy it when it comes to anonymous
418 				//inner classes
419 				addMessage("A Classfile structure (like '"+tostring(obj)+"') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case). No InnerClasses attribute was found.");
420 			}
421 		}
422 		/////////////////////////////
423 		// CONSTANTS (vmspec2 4.4) //
424 		/////////////////////////////
425 		@Override
426         public void visitConstantClass(ConstantClass obj){
427 			if (obj.getTag() != Constants.CONSTANT_Class){
428 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
429 			}
430 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
431 
432 		}
433 		@Override
434         public void visitConstantFieldref(ConstantFieldref obj){
435 			if (obj.getTag() != Constants.CONSTANT_Fieldref){
436 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
437 			}
438 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
439 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
440 		}
441 		@Override
442         public void visitConstantMethodref(ConstantMethodref obj){
443 			if (obj.getTag() != Constants.CONSTANT_Methodref){
444 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
445 			}
446 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
447 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
448 		}
449 		@Override
450         public void visitConstantInterfaceMethodref(ConstantInterfaceMethodref obj){
451 			if (obj.getTag() != Constants.CONSTANT_InterfaceMethodref){
452 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
453 			}
454 			checkIndex(obj, obj.getClassIndex(), CONST_Class);
455 			checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
456 		}
457 		@Override
458         public void visitConstantString(ConstantString obj){
459 			if (obj.getTag() != Constants.CONSTANT_String){
460 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
461 			}
462 			checkIndex(obj, obj.getStringIndex(), CONST_Utf8);
463 		}
464 		@Override
465         public void visitConstantInteger(ConstantInteger obj){
466 			if (obj.getTag() != Constants.CONSTANT_Integer){
467 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
468 			}
469 			// no indices to check
470 		}
471 		@Override
472         public void visitConstantFloat(ConstantFloat obj){
473 			if (obj.getTag() != Constants.CONSTANT_Float){
474 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
475 			}
476 			//no indices to check
477 		}
478 		@Override
479         public void visitConstantLong(ConstantLong obj){
480 			if (obj.getTag() != Constants.CONSTANT_Long){
481 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
482 			}
483 			//no indices to check
484 		}
485 		@Override
486         public void visitConstantDouble(ConstantDouble obj){
487 			if (obj.getTag() != Constants.CONSTANT_Double){
488 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
489 			}
490 			//no indices to check
491 		}
492 		@Override
493         public void visitConstantNameAndType(ConstantNameAndType obj){
494 			if (obj.getTag() != Constants.CONSTANT_NameAndType){
495 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
496 			}
497 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
498 			//checkIndex(obj, obj.getDescriptorIndex(), CONST_Utf8); //inconsistently named in BCEL, see below.
499 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
500 		}
501 		@Override
502         public void visitConstantUtf8(ConstantUtf8 obj){
503 			if (obj.getTag() != Constants.CONSTANT_Utf8){
504 				throw new ClassConstraintException("Wrong constant tag in '"+tostring(obj)+"'.");
505 			}
506 			//no indices to check
507 		}
508 		//////////////////////////
509 		// FIELDS (vmspec2 4.5) //
510 		//////////////////////////
511 		@Override
512         public void visitField(Field obj){
513 
514 			if (jc.isClass()){
515 				int maxone=0;
516 				if (obj.isPrivate()) {
517                     maxone++;
518                 }
519 				if (obj.isProtected()) {
520                     maxone++;
521                 }
522 				if (obj.isPublic()) {
523                     maxone++;
524                 }
525 				if (maxone > 1){
526 					throw new ClassConstraintException("Field '"+tostring(obj)+"' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
527 				}
528 
529 				if (obj.isFinal() && obj.isVolatile()){
530 					throw new ClassConstraintException("Field '"+tostring(obj)+"' must only have at most one of its ACC_FINAL, ACC_VOLATILE modifiers set.");
531 				}
532 			}
533 			else{ // isInterface!
534 				if (!obj.isPublic()){
535 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_PUBLIC modifier set but hasn't!");
536 				}
537 				if (!obj.isStatic()){
538 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_STATIC modifier set but hasn't!");
539 				}
540 				if (!obj.isFinal()){
541 					throw new ClassConstraintException("Interface field '"+tostring(obj)+"' must have the ACC_FINAL modifier set but hasn't!");
542 				}
543 			}
544 
545 			if ((obj.getAccessFlags() & ~(ACC_PUBLIC|ACC_PRIVATE|ACC_PROTECTED|ACC_STATIC|ACC_FINAL|ACC_VOLATILE|ACC_TRANSIENT)) > 0){
546 				addMessage("Field '"+tostring(obj)+"' has access flag(s) other than ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_VOLATILE, ACC_TRANSIENT set (ignored).");
547 			}
548 
549 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
550 
551 			String name = obj.getName();
552 			if (! validFieldName(name)){
553 				throw new ClassConstraintException("Field '"+tostring(obj)+"' has illegal name '"+obj.getName()+"'.");
554 			}
555 
556 			// A descriptor is often named signature in BCEL
557 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
558 
559 			String sig  = ((ConstantUtf8) (cp.getConstant(obj.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
560 
561 			try{
562 				Type.getType(sig);  /* Don't need the return value */
563 			}
564 			catch (ClassFormatException cfe){
565                 throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.", cfe);
566 			}
567 
568 			String nameanddesc = (name+sig);
569 			if (field_names_and_desc.contains(nameanddesc)){
570 				throw new ClassConstraintException("No two fields (like '"+tostring(obj)+"') are allowed have same names and descriptors!");
571 			}
572 			if (field_names.contains(name)){
573 				addMessage("More than one field of name '"+name+"' detected (but with different type descriptors). This is very unusual.");
574 			}
575 			field_names_and_desc.add(nameanddesc);
576 			field_names.add(name);
577 
578 			Attribute[] atts = obj.getAttributes();
579 			for (int i=0; i<atts.length; i++){
580 				if ((! (atts[i] instanceof ConstantValue)) &&
581 				    (! (atts[i] instanceof Synthetic))     &&
582 				    (! (atts[i] instanceof Deprecated))){
583 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Field '"+tostring(obj)+"' is unknown and will therefore be ignored.");
584 				}
585 				if  (! (atts[i] instanceof ConstantValue)){
586 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Field '"+tostring(obj)+"' is not a ConstantValue and is therefore only of use for debuggers and such.");
587 				}
588 			}
589 		}
590 		///////////////////////////
591 		// METHODS (vmspec2 4.6) //
592 		///////////////////////////
593 		@Override
594         public void visitMethod(Method obj){
595 
596 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
597 
598 			String name = obj.getName();
599 			if (! validMethodName(name, true)){
600 				throw new ClassConstraintException("Method '"+tostring(obj)+"' has illegal name '"+name+"'.");
601 			}
602 
603 			// A descriptor is often named signature in BCEL
604 			checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
605 
606 			String sig  = ((ConstantUtf8) (cp.getConstant(obj.getSignatureIndex()))).getBytes(); // Method's signature(=descriptor)
607 
608 			Type t;
609 			Type[] ts; // needed below the try block.
610 			try{
611 				t  = Type.getReturnType(sig);
612 				ts = Type.getArgumentTypes(sig);
613 			}
614 			catch (ClassFormatException cfe){
615                 throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by Method '"+tostring(obj)+"'.", cfe);
616 			}
617 
618 			// Check if referenced objects exist.
619 			Type act = t;
620 			if (act instanceof ArrayType) {
621                 act = ((ArrayType) act).getBasicType();
622             }
623 			if (act instanceof ObjectType){
624 				Verifier v = VerifierFactory.getVerifier( ((ObjectType) act).getClassName() );
625 				VerificationResult vr = v.doPass1();
626 				if (vr != VerificationResult.VR_OK) {
627 					throw new ClassConstraintException("Method '"+tostring(obj)+"' has a return type that does not pass verification pass 1: '"+vr+"'.");
628 				}
629 			}
630 
631 			for (Type element : ts) {
632 				act = element;
633 				if (act instanceof ArrayType) {
634                     act = ((ArrayType) act).getBasicType();
635                 }
636 				if (act instanceof ObjectType){
637 					Verifier v = VerifierFactory.getVerifier( ((ObjectType) act).getClassName() );
638 					VerificationResult vr = v.doPass1();
639 					if (vr != VerificationResult.VR_OK) {
640 						throw new ClassConstraintException("Method '"+tostring(obj)+"' has an argument type that does not pass verification pass 1: '"+vr+"'.");
641 					}
642 				}
643 			}
644 
645 			// Nearly forgot this! Funny return values are allowed, but a non-empty arguments list makes a different method out of it!
646 			if (name.equals(STATIC_INITIALIZER_NAME) && (ts.length != 0)){
647 				throw new ClassConstraintException("Method '"+tostring(obj)+"' has illegal name '"+name+"'. It's name resembles the class or interface initialization method which it isn't because of its arguments (==descriptor).");
648 			}
649 
650 			if (jc.isClass()){
651 				int maxone=0;
652 				if (obj.isPrivate()) {
653                     maxone++;
654                 }
655 				if (obj.isProtected()) {
656                     maxone++;
657                 }
658 				if (obj.isPublic()) {
659                     maxone++;
660                 }
661 				if (maxone > 1){
662 					throw new ClassConstraintException("Method '"+tostring(obj)+"' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
663 				}
664 
665 				if (obj.isAbstract()){
666 					if (obj.isFinal()) {
667                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_FINAL modifier set.");
668                     }
669 					if (obj.isNative()) {
670                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_NATIVE modifier set.");
671                     }
672 					if (obj.isPrivate()) {
673                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_PRIVATE modifier set.");
674                     }
675 					if (obj.isStatic()) {
676                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_STATIC modifier set.");
677                     }
678 					if (obj.isStrictfp()) {
679                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_STRICT modifier set.");
680                     }
681 					if (obj.isSynchronized()) {
682                         throw new ClassConstraintException("Abstract method '"+tostring(obj)+"' must not have the ACC_SYNCHRONIZED modifier set.");
683                     }
684 				}
685 			}
686 			else{ // isInterface!
687 				if (!name.equals(STATIC_INITIALIZER_NAME)){//vmspec2, p.116, 2nd paragraph
688 					if (!obj.isPublic()){
689 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must have the ACC_PUBLIC modifier set but hasn't!");
690 					}
691 					if (!obj.isAbstract()){
692 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must have the ACC_STATIC modifier set but hasn't!");
693 					}
694 					if (	obj.isPrivate() ||
695 								obj.isProtected() ||
696 								obj.isStatic() ||
697 								obj.isFinal() ||
698 								obj.isSynchronized() ||
699 								obj.isNative() ||
700 								obj.isStrictfp() ){
701 						throw new ClassConstraintException("Interface method '"+tostring(obj)+"' must not have any of the ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT modifiers set.");
702 					}
703 				}
704 			}
705 
706 			// A specific instance initialization method... (vmspec2,Page 116).
707 			if (name.equals(CONSTRUCTOR_NAME)){
708 				//..may have at most one of ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC set: is checked above.
709 				//..may also have ACC_STRICT set, but none of the other flags in table 4.5 (vmspec2, page 115)
710 				if (	obj.isStatic() ||
711 							obj.isFinal() ||
712 							obj.isSynchronized() ||
713 							obj.isNative() ||
714 							obj.isAbstract() ){
715 					throw new ClassConstraintException("Instance initialization method '"+tostring(obj)+"' must not have any of the ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT modifiers set.");
716 				}
717 			}
718 
719 			// Class and interface initialization methods...
720 			if (name.equals(STATIC_INITIALIZER_NAME)){
721 				if ((obj.getAccessFlags() & (~ACC_STRICT)) > 0){
722 					addMessage("Class or interface initialization method '"+tostring(obj)+"' has superfluous access modifier(s) set: everything but ACC_STRICT is ignored.");
723 				}
724 				if (obj.isAbstract()){
725 					throw new ClassConstraintException("Class or interface initialization method '"+tostring(obj)+"' must not be abstract. This contradicts the Java Language Specification, Second Edition (which omits this constraint) but is common practice of existing verifiers.");
726 				}
727 			}
728 
729 			if ((obj.getAccessFlags() & ~(ACC_PUBLIC|ACC_PRIVATE|ACC_PROTECTED|ACC_STATIC|ACC_FINAL|ACC_SYNCHRONIZED|ACC_NATIVE|ACC_ABSTRACT|ACC_STRICT)) > 0){
730 				addMessage("Method '"+tostring(obj)+"' has access flag(s) other than ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT set (ignored).");
731 			}
732 
733 			String nameanddesc = (name+sig);
734 			if (method_names_and_desc.contains(nameanddesc)){
735 				throw new ClassConstraintException("No two methods (like '"+tostring(obj)+"') are allowed have same names and desciptors!");
736 			}
737 			method_names_and_desc.add(nameanddesc);
738 
739 			Attribute[] atts = obj.getAttributes();
740 			int num_code_atts = 0;
741 			for (int i=0; i<atts.length; i++){
742 				if ((! (atts[i] instanceof Code)) &&
743 				    (! (atts[i] instanceof ExceptionTable))     &&
744 				    (! (atts[i] instanceof Synthetic)) &&
745 				    (! (atts[i] instanceof Deprecated))){
746 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Method '"+tostring(obj)+"' is unknown and will therefore be ignored.");
747 				}
748 				if ((! (atts[i] instanceof Code)) &&
749 						(! (atts[i] instanceof ExceptionTable))){
750 					addMessage("Attribute '"+tostring(atts[i])+"' as an attribute of Method '"+tostring(obj)+"' is neither Code nor Exceptions and is therefore only of use for debuggers and such.");
751 				}
752 				if ((atts[i] instanceof Code) && (obj.isNative() || obj.isAbstract())){
753 					throw new ClassConstraintException("Native or abstract methods like '"+tostring(obj)+"' must not have a Code attribute like '"+tostring(atts[i])+"'."); //vmspec2 page120, 4.7.3
754 				}
755 				if (atts[i] instanceof Code) {
756                     num_code_atts++;
757                 }
758 			}
759 			if ( !obj.isNative() && !obj.isAbstract() && num_code_atts != 1){
760 				throw new ClassConstraintException("Non-native, non-abstract methods like '"+tostring(obj)+"' must have exactly one Code attribute (found: "+num_code_atts+").");
761 			}
762 		}
763 		///////////////////////////////////////////////////////
764 		// ClassFile-structure-ATTRIBUTES (vmspec2 4.1, 4.7) //
765 		///////////////////////////////////////////////////////
766 		@Override
767         public void visitSourceFile(SourceFile obj){//vmspec2 4.7.7
768 
769 			// zero or one SourceFile attr per ClassFile: see visitJavaClass()
770 
771 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
772 
773 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
774 			if (! name.equals("SourceFile")){
775 				throw new ClassConstraintException("The SourceFile attribute '"+tostring(obj)+"' is not correctly named 'SourceFile' but '"+name+"'.");
776 			}
777 
778 			checkIndex(obj, obj.getSourceFileIndex(), CONST_Utf8);
779 
780 			String sourcefilename = ((ConstantUtf8) cp.getConstant(obj.getSourceFileIndex())).getBytes(); //==obj.getSourceFileName() ?
781 			String sourcefilenamelc = sourcefilename.toLowerCase(Locale.ENGLISH);
782 
783 			if (	(sourcefilename.indexOf('/') != -1) ||
784 						(sourcefilename.indexOf('\\') != -1) ||
785 						(sourcefilename.indexOf(':') != -1) ||
786 						(sourcefilenamelc.lastIndexOf(".java") == -1)	){
787 				addMessage("SourceFile attribute '"+tostring(obj)+"' has a funny name: remember not to confuse certain parsers working on javap's output. Also, this name ('"+sourcefilename+"') is considered an unqualified (simple) file name only.");
788 			}
789 		}
790 		@Override
791         public void visitDeprecated(Deprecated obj){//vmspec2 4.7.10
792 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
793 
794 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
795 			if (! name.equals("Deprecated")){
796 				throw new ClassConstraintException("The Deprecated attribute '"+tostring(obj)+"' is not correctly named 'Deprecated' but '"+name+"'.");
797 			}
798 		}
799 		@Override
800         public void visitSynthetic(Synthetic obj){//vmspec2 4.7.6
801 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
802 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
803 			if (! name.equals("Synthetic")){
804 				throw new ClassConstraintException("The Synthetic attribute '"+tostring(obj)+"' is not correctly named 'Synthetic' but '"+name+"'.");
805 			}
806 		}
807 		@Override
808         public void visitInnerClasses(InnerClasses obj){//vmspec2 4.7.5
809 
810 			// exactly one InnerClasses attr per ClassFile if some inner class is refernced: see visitJavaClass()
811 
812 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
813 
814 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
815 			if (! name.equals("InnerClasses")){
816 				throw new ClassConstraintException("The InnerClasses attribute '"+tostring(obj)+"' is not correctly named 'InnerClasses' but '"+name+"'.");
817 			}
818 
819 			InnerClass[] ics = obj.getInnerClasses();
820 
821 			for (InnerClass ic : ics) {
822 				checkIndex(obj, ic.getInnerClassIndex(), CONST_Class);
823 				int outer_idx = ic.getOuterClassIndex();
824 				if (outer_idx != 0){
825 					checkIndex(obj, outer_idx, CONST_Class);
826 				}
827 				int innername_idx = ic.getInnerNameIndex();
828 				if (innername_idx != 0){
829 					checkIndex(obj, innername_idx, CONST_Utf8);
830 				}
831 				int acc = ic.getInnerAccessFlags();
832 				acc = acc & (~ (ACC_PUBLIC | ACC_PRIVATE | ACC_PROTECTED | ACC_STATIC | ACC_FINAL | ACC_INTERFACE | ACC_ABSTRACT));
833 				if (acc != 0){
834 					addMessage("Unknown access flag for inner class '"+tostring(ic)+"' set (InnerClasses attribute '"+tostring(obj)+"').");
835 				}
836 			}
837 			// Semantical consistency is not yet checked by Sun, see vmspec2 4.7.5.
838 			// [marked TODO in JustIce]
839 		}
840 		////////////////////////////////////////////////////////
841 		// field_info-structure-ATTRIBUTES (vmspec2 4.5, 4.7) //
842 		////////////////////////////////////////////////////////
843 		@Override
844         public void visitConstantValue(ConstantValue obj){//vmspec2 4.7.2
845 			// Despite its name, this really is an Attribute,
846 			// not a constant!
847 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
848 
849 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
850 			if (! name.equals("ConstantValue")){
851 				throw new ClassConstraintException("The ConstantValue attribute '"+tostring(obj)+"' is not correctly named 'ConstantValue' but '"+name+"'.");
852 			}
853 
854 			Object pred = carrier.predecessor();
855 			if (pred instanceof Field){ //ConstantValue attributes are quite senseless if the predecessor is not a field.
856 				Field f = (Field) pred;
857 				// Field constraints have been checked before -- so we are safe using their type information.
858 				Type field_type = Type.getType(((ConstantUtf8) (cp.getConstant(f.getSignatureIndex()))).getBytes());
859 
860 				int index = obj.getConstantValueIndex();
861 				if ((index < 0) || (index >= cplen)){
862 					throw new ClassConstraintException("Invalid index '"+index+"' used by '"+tostring(obj)+"'.");
863 				}
864 				Constant c = cp.getConstant(index);
865 
866 				if (CONST_Long.isInstance(c) && field_type.equals(Type.LONG)){
867 					return;
868 				}
869 				if (CONST_Float.isInstance(c) && field_type.equals(Type.FLOAT)){
870 					return;
871 				}
872 				if (CONST_Double.isInstance(c) && field_type.equals(Type.DOUBLE)){
873 					return;
874 				}
875 				if (CONST_Integer.isInstance(c) && (field_type.equals(Type.INT) || field_type.equals(Type.SHORT) || field_type.equals(Type.CHAR) || field_type.equals(Type.BYTE) || field_type.equals(Type.BOOLEAN))){
876 					return;
877 				}
878 				if (CONST_String.isInstance(c) && field_type.equals(Type.STRING)){
879 					return;
880 				}
881 
882 				throw new ClassConstraintException("Illegal type of ConstantValue '"+obj+"' embedding Constant '"+c+"'. It is referenced by field '"+tostring(f)+"' expecting a different type: '"+field_type+"'.");
883 			}
884 		}
885 		// SYNTHETIC: see above
886 		// DEPRECATED: see above
887 		/////////////////////////////////////////////////////////
888 		// method_info-structure-ATTRIBUTES (vmspec2 4.6, 4.7) //
889 		/////////////////////////////////////////////////////////
890 		@Override
891         public void visitCode(Code obj){//vmspec2 4.7.3
892 		    try {
893 			// No code attribute allowed for native or abstract methods: see visitMethod(Method).
894 			// Code array constraints are checked in Pass3 (3a and 3b).
895 
896 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
897 
898 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
899 			if (! name.equals("Code")){
900 				throw new ClassConstraintException("The Code attribute '"+tostring(obj)+"' is not correctly named 'Code' but '"+name+"'.");
901 			}
902 
903 			Method m = null; // satisfy compiler
904 			if (!(carrier.predecessor() instanceof Method)){
905 				addMessage("Code attribute '"+tostring(obj)+"' is not declared in a method_info structure but in '"+carrier.predecessor()+"'. Ignored.");
906 				return;
907 			}
908 			else{
909 				m = (Method) carrier.predecessor();	// we can assume this method was visited before;
910 																						// i.e. the data consistency was verified.
911 			}
912 
913 			if (obj.getCode().length == 0){
914 				throw new ClassConstraintException("Code array of Code attribute '"+tostring(obj)+"' (method '"+m+"') must not be empty.");
915 			}
916 
917 			//In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
918 			CodeException[] exc_table = obj.getExceptionTable();
919 			for (CodeException element : exc_table) {
920 				int exc_index = element.getCatchType();
921 				if (exc_index != 0){ // if 0, it catches all Throwables
922 					checkIndex(obj, exc_index, CONST_Class);
923 					ConstantClass cc = (ConstantClass) (cp.getConstant(exc_index));
924 					checkIndex(cc, cc.getNameIndex(), CONST_Utf8); // cannot be sure this ConstantClass has already been visited (checked)!
925 					String cname = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes().replace('/','.');
926 
927 					Verifier v = VerifierFactory.getVerifier(cname);
928 					VerificationResult vr = v.doPass1();
929 
930 					if (vr != VerificationResult.VR_OK){
931 						throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(element)+"' that references '"+cname+"' as an Exception but it does not pass verification pass 1: "+vr);
932 					}
933 					else{
934 						// We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
935 						// the ancestor hierarchy.
936 						JavaClass e = Repository.lookupClass(cname);
937 						JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
938 						JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
939 						while (e != o){
940 							if (e == t) {
941                                 break; // It's a subclass of Throwable, OKAY, leave.
942                             }
943 
944 							v = VerifierFactory.getVerifier(e.getSuperclassName());
945 							vr = v.doPass1();
946 							if (vr != VerificationResult.VR_OK){
947 								throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(element)+"' that references '"+cname+"' as an Exception but '"+e.getSuperclassName()+"' in the ancestor hierachy does not pass verification pass 1: "+vr);
948 							}
949 							else{
950 								e = Repository.lookupClass(e.getSuperclassName());
951 							}
952 						}
953 						if (e != t) {
954                             throw new ClassConstraintException("Code attribute '"+tostring(obj)+"' (method '"+m+"') has an exception_table entry '"+tostring(element)+"' that references '"+cname+"' as an Exception but it is not a subclass of '"+t.getClassName()+"'.");
955                         }
956 					}
957 				}
958 			}
959 
960 			// Create object for local variables information
961 			// This is highly unelegant due to usage of the Visitor pattern.
962 			// TODO: rework it.
963 			int method_number = -1;
964 			Method[] ms = Repository.lookupClass(myOwner.getClassName()).getMethods();
965 			for (int mn=0; mn<ms.length; mn++){
966 				if (m == ms[mn]){
967 					method_number = mn;
968 					break;
969 				}
970 			}
971 			if (method_number < 0){ // Mmmmh. Can we be sure BCEL does not sometimes instantiate new objects?
972 				throw new AssertionViolatedException("Could not find a known BCEL Method object in the corresponding BCEL JavaClass object.");
973 			}
974 			localVariablesInfos[method_number] = new LocalVariablesInfo(obj.getMaxLocals());
975 
976 			int num_of_lvt_attribs = 0;
977 			// Now iterate through the attributes the Code attribute has.
978 			Attribute[] atts = obj.getAttributes();
979 			for (int a=0; a<atts.length; a++){
980 				if ((! (atts[a] instanceof LineNumberTable)) &&
981 				    (! (atts[a] instanceof LocalVariableTable))){
982 					addMessage("Attribute '"+tostring(atts[a])+"' as an attribute of Code attribute '"+tostring(obj)+"' (method '"+m+"') is unknown and will therefore be ignored.");
983 				}
984 				else{// LineNumberTable or LocalVariableTable
985 					addMessage("Attribute '"+tostring(atts[a])+"' as an attribute of Code attribute '"+tostring(obj)+"' (method '"+m+"') will effectively be ignored and is only useful for debuggers and such.");
986 				}
987 
988 				//LocalVariableTable check (partially delayed to Pass3a).
989 				//Here because its easier to collect the information of the
990 				//(possibly more than one) LocalVariableTables belonging to
991 				//one certain Code attribute.
992 				if (atts[a] instanceof LocalVariableTable){ // checks conforming to vmspec2 4.7.9
993 
994 					LocalVariableTable lvt = (LocalVariableTable) atts[a];
995 
996 					checkIndex(lvt, lvt.getNameIndex(), CONST_Utf8);
997 
998 					String lvtname = ((ConstantUtf8) cp.getConstant(lvt.getNameIndex())).getBytes();
999 					if (! lvtname.equals("LocalVariableTable")){
1000 						throw new ClassConstraintException("The LocalVariableTable attribute '"+tostring(lvt)+"' is not correctly named 'LocalVariableTable' but '"+lvtname+"'.");
1001 					}
1002 
1003 					Code code = obj;
1004 
1005 					//In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
1006 					LocalVariable[] localvariables = lvt.getLocalVariableTable();
1007 
1008 					for (LocalVariable localvariable : localvariables) {
1009 						checkIndex(lvt, localvariable.getNameIndex(), CONST_Utf8);
1010 						String localname = ((ConstantUtf8) cp.getConstant(localvariable.getNameIndex())).getBytes();
1011 						if (!validJavaIdentifier(localname)){
1012 							throw new ClassConstraintException("LocalVariableTable '"+tostring(lvt)+"' references a local variable by the name '"+localname+"' which is not a legal Java simple name.");
1013 						}
1014 
1015 						checkIndex(lvt, localvariable.getSignatureIndex(), CONST_Utf8);
1016 						String localsig  = ((ConstantUtf8) (cp.getConstant(localvariable.getSignatureIndex()))).getBytes(); // Local signature(=descriptor)
1017 						Type t;
1018 						try{
1019 							t = Type.getType(localsig);
1020 						}
1021 						catch (ClassFormatException cfe){
1022 							throw new ClassConstraintException("Illegal descriptor (==signature) '"+localsig+"' used by LocalVariable '"+tostring(localvariable)+"' referenced by '"+tostring(lvt)+"'.", cfe);
1023 						}
1024 						int localindex = localvariable.getIndex();
1025 						if ( ( (t==Type.LONG || t==Type.DOUBLE)? localindex+1:localindex) >= code.getMaxLocals()){
1026 							throw new ClassConstraintException("LocalVariableTable attribute '"+tostring(lvt)+"' references a LocalVariable '"+tostring(localvariable)+"' with an index that exceeds the surrounding Code attribute's max_locals value of '"+code.getMaxLocals()+"'.");
1027 						}
1028 
1029 						try{
1030 							localVariablesInfos[method_number].add(localindex, localname, localvariable.getStartPC(), localvariable.getLength(), t);
1031 						}
1032 						catch(LocalVariableInfoInconsistentException lviie){
1033 							throw new ClassConstraintException("Conflicting information in LocalVariableTable '"+tostring(lvt)+"' found in Code attribute '"+tostring(obj)+"' (method '"+tostring(m)+"'). "+lviie.getMessage(), lviie);
1034 						}
1035 					}// for all local variables localvariables[i] in the LocalVariableTable attribute atts[a] END
1036 
1037 					num_of_lvt_attribs++;
1038 					if (!m.isStatic() && num_of_lvt_attribs > obj.getMaxLocals()){
1039 						throw new ClassConstraintException("Number of LocalVariableTable attributes of Code attribute '"+tostring(obj)+"' (method '"+tostring(m)+"') exceeds number of local variable slots '"+obj.getMaxLocals()+"' ('There may be no more than one LocalVariableTable attribute per local variable in the Code attribute.').");
1040 					}
1041 				}// if atts[a] instanceof LocalVariableTable END
1042 			}// for all attributes atts[a] END
1043 
1044 		    } catch (ClassNotFoundException e) {
1045 			// FIXME: this might not be the best way to handle missing classes.
1046 			throw new AssertionViolatedException("Missing class: " + e, e);
1047 		    }
1048 
1049 		}// visitCode(Code) END
1050 
1051 		@Override
1052         public void visitExceptionTable(ExceptionTable obj){//vmspec2 4.7.4
1053 		    try {
1054 			// incorrectly named, it's the Exceptions attribute (vmspec2 4.7.4)
1055 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
1056 
1057 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
1058 			if (! name.equals("Exceptions")){
1059 				throw new ClassConstraintException("The Exceptions attribute '"+tostring(obj)+"' is not correctly named 'Exceptions' but '"+name+"'.");
1060 			}
1061 
1062 			int[] exc_indices = obj.getExceptionIndexTable();
1063 
1064 			for (int exc_indice : exc_indices) {
1065 				checkIndex(obj, exc_indice, CONST_Class);
1066 
1067 				ConstantClass cc = (ConstantClass) (cp.getConstant(exc_indice));
1068 				checkIndex(cc, cc.getNameIndex(), CONST_Utf8); // cannot be sure this ConstantClass has already been visited (checked)!
1069 				String cname = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes().replace('/','.'); //convert internal notation on-the-fly to external notation
1070 
1071 				Verifier v = VerifierFactory.getVerifier(cname);
1072 				VerificationResult vr = v.doPass1();
1073 
1074 				if (vr != VerificationResult.VR_OK){
1075 					throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but it does not pass verification pass 1: "+vr);
1076 				}
1077 				else{
1078 					// We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
1079 					// the ancestor hierarchy.
1080 					JavaClass e = Repository.lookupClass(cname);
1081 					JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
1082 					JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
1083 					while (e != o){
1084 						if (e == t) {
1085                             break; // It's a subclass of Throwable, OKAY, leave.
1086                         }
1087 
1088 						v = VerifierFactory.getVerifier(e.getSuperclassName());
1089 						vr = v.doPass1();
1090 						if (vr != VerificationResult.VR_OK){
1091 							throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but '"+e.getSuperclassName()+"' in the ancestor hierachy does not pass verification pass 1: "+vr);
1092 						}
1093 						else{
1094 							e = Repository.lookupClass(e.getSuperclassName());
1095 						}
1096 					}
1097 					if (e != t) {
1098                         throw new ClassConstraintException("Exceptions attribute '"+tostring(obj)+"' references '"+cname+"' as an Exception but it is not a subclass of '"+t.getClassName()+"'.");
1099                     }
1100 				}
1101 			}
1102 
1103 		    } catch (ClassNotFoundException e) {
1104 			// FIXME: this might not be the best way to handle missing classes.
1105 			throw new AssertionViolatedException("Missing class: " + e, e);
1106 		    }
1107 		}
1108 		// SYNTHETIC: see above
1109 		// DEPRECATED: see above
1110 		//////////////////////////////////////////////////////////////
1111 		// code_attribute-structure-ATTRIBUTES (vmspec2 4.7.3, 4.7) //
1112 		//////////////////////////////////////////////////////////////
1113 		@Override
1114         public void visitLineNumberTable(LineNumberTable obj){//vmspec2 4.7.8
1115 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
1116 
1117 			String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
1118 			if (! name.equals("LineNumberTable")){
1119 				throw new ClassConstraintException("The LineNumberTable attribute '"+tostring(obj)+"' is not correctly named 'LineNumberTable' but '"+name+"'.");
1120 			}
1121 
1122 			//In JustIce,this check is delayed to Pass 3a.
1123 			//LineNumber[] linenumbers = obj.getLineNumberTable();
1124 			// ...validity check...
1125 
1126 		}
1127 		@Override
1128         public void visitLocalVariableTable(LocalVariableTable obj){//vmspec2 4.7.9
1129 			//In JustIce,this check is partially delayed to Pass 3a.
1130 			//The other part can be found in the visitCode(Code) method.
1131 		}
1132 		////////////////////////////////////////////////////
1133 		// MISC-structure-ATTRIBUTES (vmspec2 4.7.1, 4.7) //
1134 		////////////////////////////////////////////////////
1135 		@Override
1136         public void visitUnknown(Unknown obj){//vmspec2 4.7.1
1137 			// Represents an unknown attribute.
1138 			checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
1139 
1140 			// Maybe only misnamed? Give a (warning) message.
1141 			addMessage("Unknown attribute '"+tostring(obj)+"'. This attribute is not known in any context!");
1142 		}
1143 		//////////
1144 		// BCEL //
1145 		//////////
1146 		@Override
1147         public void visitLocalVariable(LocalVariable obj){
1148 			// This does not represent an Attribute but is only
1149 			// related to internal BCEL data representation.
1150 
1151 			// see visitLocalVariableTable(LocalVariableTable)
1152 		}
1153 		@Override
1154         public void visitCodeException(CodeException obj){
1155 			// Code constraints are checked in Pass3 (3a and 3b).
1156 			// This does not represent an Attribute but is only
1157 			// related to internal BCEL data representation.
1158 
1159 			// see visitCode(Code)
1160 		}
1161 		@Override
1162         public void visitConstantPool(ConstantPool obj){
1163 			// No need to. We're piggybacked by the DescendingVisitor.
1164 			// This does not represent an Attribute but is only
1165 			// related to internal BCEL data representation.
1166 		}
1167 		@Override
1168         public void visitInnerClass(InnerClass obj){
1169 			// This does not represent an Attribute but is only
1170 			// related to internal BCEL data representation.
1171 		}
1172 		@Override
1173         public void visitLineNumber(LineNumber obj){
1174 			// This does not represent an Attribute but is only
1175 			// related to internal BCEL data representation.
1176 
1177 			// see visitLineNumberTable(LineNumberTable)
1178 		}
1179 	}
1180 
1181 	/**
1182 	 * Ensures that the ConstantCP-subclassed entries of the constant
1183 	 * pool are valid. According to "Yellin: Low Level Security in Java",
1184 	 * this method does not verify the existence of referenced entities
1185 	 * (such as classes) but only the formal correctness (such as well-formed
1186 	 * signatures).
1187    * The visitXXX() methods throw ClassConstraintException instances otherwise.
1188 	 * <B>Precondition: index-style cross referencing in the constant
1189 	 * pool must be valid. Simply invoke constant_pool_entries_satisfy_static_constraints()
1190 	 * before.</B>
1191 	 *
1192 	 * @throws ClassConstraintException otherwise.
1193 	 * @see #constant_pool_entries_satisfy_static_constraints()
1194 	 */
1195 	private void field_and_method_refs_are_valid(){
1196 	    try {
1197 		JavaClass jc = Repository.lookupClass(myOwner.getClassName());
1198 		DescendingVisitor v = new DescendingVisitor(jc, new FAMRAV_Visitor(jc));
1199 		v.visit();
1200 
1201 	    } catch (ClassNotFoundException e) {
1202 		// FIXME: this might not be the best way to handle missing classes.
1203 		throw new AssertionViolatedException("Missing class: " + e, e);
1204 	    }
1205 	}
1206 
1207 	/**
1208 	 * A Visitor class that ensures the ConstantCP-subclassed entries
1209 	 * of the constant pool are valid.
1210    * <B>Precondition: index-style cross referencing in the constant
1211    * pool must be valid.</B>
1212 	 *
1213    * @see #constant_pool_entries_satisfy_static_constraints()
1214 	 * @see org.apache.bcel.classfile.ConstantCP
1215 	 */
1216 	private class FAMRAV_Visitor extends EmptyVisitor{
1217 		private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work.
1218 		private FAMRAV_Visitor(JavaClass _jc){
1219 			cp = _jc.getConstantPool();
1220 		}
1221 		
1222 		@Override
1223         public void visitConstantFieldref(ConstantFieldref obj){
1224 			if (obj.getTag() != Constants.CONSTANT_Fieldref){
1225 				throw new ClassConstraintException("ConstantFieldref '"+tostring(obj)+"' has wrong tag!");
1226 			}
1227 			int name_and_type_index = obj.getNameAndTypeIndex();
1228 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1229 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1230 			if (!validFieldName(name)){
1231 				throw new ClassConstraintException("Invalid field name '"+name+"' referenced by '"+tostring(obj)+"'.");
1232 			}
1233 			
1234 			int class_index = obj.getClassIndex();
1235 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1236 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1237 			if (! validClassName(className)){
1238 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1239 			}
1240 
1241 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1242 						
1243 			try{
1244 				Type.getType(sig); /* Don't need the return value */
1245 			}
1246 			catch (ClassFormatException cfe){
1247 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.", cfe);
1248 			}
1249 		}
1250 
1251 		@Override
1252         public void visitConstantMethodref(ConstantMethodref obj){
1253 			if (obj.getTag() != Constants.CONSTANT_Methodref){
1254 				throw new ClassConstraintException("ConstantMethodref '"+tostring(obj)+"' has wrong tag!");
1255 			}
1256 			int name_and_type_index = obj.getNameAndTypeIndex();
1257 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1258 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1259 			if (!validClassMethodName(name)){
1260 				throw new ClassConstraintException("Invalid (non-interface) method name '"+name+"' referenced by '"+tostring(obj)+"'.");
1261 			}
1262 
1263 			int class_index = obj.getClassIndex();
1264 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1265 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1266 			if (! validClassName(className)){
1267 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1268 			}
1269 
1270 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1271 						
1272 			try{
1273 				Type   t  = Type.getReturnType(sig);
1274 				if ( name.equals(CONSTRUCTOR_NAME) && (t != Type.VOID) ){
1275 					throw new ClassConstraintException("Instance initialization method must have VOID return type.");
1276 				}
1277 			}
1278 			catch (ClassFormatException cfe){
1279 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.", cfe);
1280 			}
1281 		}
1282 
1283 		@Override
1284         public void visitConstantInterfaceMethodref(ConstantInterfaceMethodref obj){
1285 			if (obj.getTag() != Constants.CONSTANT_InterfaceMethodref){
1286 				throw new ClassConstraintException("ConstantInterfaceMethodref '"+tostring(obj)+"' has wrong tag!");
1287 			}
1288 			int name_and_type_index = obj.getNameAndTypeIndex();
1289 			ConstantNameAndType cnat = (ConstantNameAndType) (cp.getConstant(name_and_type_index));
1290 			String name = ((ConstantUtf8) (cp.getConstant(cnat.getNameIndex()))).getBytes(); // Field or Method name
1291 			if (!validInterfaceMethodName(name)){
1292 				throw new ClassConstraintException("Invalid (interface) method name '"+name+"' referenced by '"+tostring(obj)+"'.");
1293 			}
1294 
1295 			int class_index = obj.getClassIndex();
1296 			ConstantClass cc = (ConstantClass) (cp.getConstant(class_index));
1297 			String className = ((ConstantUtf8) (cp.getConstant(cc.getNameIndex()))).getBytes(); // Class Name in internal form
1298 			if (! validClassName(className)){
1299 				throw new ClassConstraintException("Illegal class name '"+className+"' used by '"+tostring(obj)+"'.");
1300 			}
1301 
1302 			String sig  = ((ConstantUtf8) (cp.getConstant(cnat.getSignatureIndex()))).getBytes(); // Field or Method signature(=descriptor)
1303 						
1304 			try{
1305 				Type   t  = Type.getReturnType(sig);
1306 				if ( name.equals(STATIC_INITIALIZER_NAME) && (t != Type.VOID) ){
1307 					addMessage("Class or interface initialization method '"+STATIC_INITIALIZER_NAME+"' usually has VOID return type instead of '"+t+"'. Note this is really not a requirement of The Java Virtual Machine Specification, Second Edition.");
1308 				}
1309 			}
1310 			catch (ClassFormatException cfe){
1311 				throw new ClassConstraintException("Illegal descriptor (==signature) '"+sig+"' used by '"+tostring(obj)+"'.", cfe);
1312 			}
1313 
1314 		}
1315 		
1316 	}
1317 
1318 	/**
1319 	 * This method returns true if and only if the supplied String
1320 	 * represents a valid Java class name.
1321 	 */
1322 	private static final boolean validClassName(String name){
1323         /*
1324          * TODO: implement.
1325 		 * Are there any restrictions?
1326          */
1327 		return true;
1328 	}
1329 	/**
1330 	 * This method returns true if and only if the supplied String
1331 	 * represents a valid method name.
1332 	 * This is basically the same as a valid identifier name in the
1333 	 * Java programming language, but the special name for
1334 	 * the instance initialization method is allowed and the special name
1335 	 * for the class/interface initialization method may be allowed.
1336 	 */
1337 	private static boolean validMethodName(String name, boolean allowStaticInit){
1338 		if (validJavaLangMethodName(name)) {
1339             return true;
1340         }
1341 		
1342 		if (allowStaticInit){
1343 			return (name.equals(CONSTRUCTOR_NAME) || name.equals(STATIC_INITIALIZER_NAME));
1344 		}
1345 		else{
1346 			return name.equals(CONSTRUCTOR_NAME);
1347 		}
1348 	}
1349 
1350 	/**
1351 	 * This method returns true if and only if the supplied String
1352 	 * represents a valid method name that may be referenced by
1353 	 * ConstantMethodref objects.
1354 	 */
1355 	private static boolean validClassMethodName(String name){
1356 		return validMethodName(name, false);
1357 	}
1358 
1359 	/**
1360 	 * This method returns true if and only if the supplied String
1361 	 * represents a valid Java programming language method name stored as a simple
1362 	 * (non-qualified) name.
1363 	 * Conforming to: The Java Virtual Machine Specification, Second Edition, �2.7, �2.7.1, �2.2.
1364 	 */
1365 	private static boolean validJavaLangMethodName(String name){
1366 		if (!Character.isJavaIdentifierStart(name.charAt(0))) {
1367             return false;
1368         }
1369 		
1370 		for (int i=1; i<name.length(); i++){
1371 			if (!Character.isJavaIdentifierPart(name.charAt(i))) {
1372                 return false;
1373             }
1374 		}
1375 		return true;
1376 	}
1377 
1378 	/**
1379 	 * This method returns true if and only if the supplied String
1380 	 * represents a valid Java interface method name that may be
1381 	 * referenced by ConstantInterfaceMethodref objects.
1382 	 */
1383 	private static boolean validInterfaceMethodName(String name){
1384 		// I guess we should assume special names forbidden here.
1385 		if (name.startsWith("<")) {
1386             return false;
1387         }
1388 		return validJavaLangMethodName(name);
1389 	}
1390 
1391 	/**
1392 	 * This method returns true if and only if the supplied String
1393 	 * represents a valid Java identifier (so-called simple name).
1394 	 */
1395 	private static boolean validJavaIdentifier(String name){
1396     if  (name.length() == 0) {
1397         return false; // must not be empty, reported by <francis.andre@easynet.fr>, thanks!
1398     }
1399 
1400 		// vmspec2 2.7, vmspec2 2.2
1401 		if (!Character.isJavaIdentifierStart(name.charAt(0))) {
1402             return false;
1403         }
1404 		
1405 		for (int i=1; i<name.length(); i++){
1406 			if (!Character.isJavaIdentifierPart(name.charAt(i))) {
1407                 return false;
1408             }
1409 		}
1410 		return true;
1411 	}
1412 
1413 	/**
1414 	 * This method returns true if and only if the supplied String
1415 	 * represents a valid Java field name.
1416 	 */
1417 	private static boolean validFieldName(String name){
1418 		// vmspec2 2.7, vmspec2 2.2
1419 		return validJavaIdentifier(name);
1420 	}
1421 
1422 	/**
1423 	 * This class serves for finding out if a given JavaClass' ConstantPool
1424 	 * references an Inner Class.
1425 	 * The Java Virtual Machine Specification, Second Edition is not very precise
1426 	 * about when an "InnerClasses" attribute has to appear. However, it states that
1427 	 * there has to be exactly one InnerClasses attribute in the ClassFile structure
1428 	 * if the constant pool of a class or interface refers to any class or interface
1429 	 * "that is not a member of a package". Sun does not mean "member of the default
1430 	 * package". In "Inner Classes Specification" they point out how a "bytecode name"
1431 	 * is derived so one has to deduce what a class name of a class "that is not a
1432 	 * member of a package" looks like: there is at least one character in the byte-
1433 	 * code name that cannot be part of a legal Java Language Class name (and not equal
1434 	 * to '/'). This assumption is wrong as the delimiter is '$' for which
1435 	 * Character.isJavaIdentifierPart() == true.
1436 	 * Hence, you really run into trouble if you have a toplevel class called
1437 	 * "A$XXX" and another toplevel class called "A" with in inner class called "XXX".
1438 	 * JustIce cannot repair this; please note that existing verifiers at this
1439 	 * time even fail to detect missing InnerClasses attributes in pass 2.
1440 	 */
1441 	private static class InnerClassDetector extends EmptyVisitor{
1442 		private boolean hasInnerClass = false;
1443 		private JavaClass jc;
1444 		private ConstantPool cp;
1445 
1446 		/** Constructs an InnerClassDetector working on the JavaClass _jc. */
1447 		public InnerClassDetector(JavaClass _jc){
1448 			jc = _jc;
1449 			cp = jc.getConstantPool();
1450 			(new DescendingVisitor(jc, this)).visit();
1451 		}
1452 		/**
1453 		 * Returns if the JavaClass this InnerClassDetector is working on
1454 		 * has an Inner Class reference in its constant pool.
1455 		 */
1456 		public boolean innerClassReferenced(){
1457 			return hasInnerClass;
1458 		}
1459 		/** This method casually visits ConstantClass references. */
1460 		@Override
1461         public void visitConstantClass(ConstantClass obj){
1462 			Constant c = cp.getConstant(obj.getNameIndex());
1463 			if (c instanceof ConstantUtf8){ //Ignore the case where it's not a ConstantUtf8 here, we'll find out later.
1464 				String classname = ((ConstantUtf8) c).getBytes();
1465 				if (classname.startsWith(jc.getClassName().replace('.','/')+"$")){
1466 					hasInnerClass = true;
1467 				}
1468 			}
1469 		}
1470 	}
1471 	
1472 	/**
1473 	 * This method is here to save typing work and improve code readability.
1474 	 */
1475 	private static String tostring(Node n){
1476 		return new StringRepresentation(n).toString();
1477 	}
1478 }