Pass2Verifier.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.apache.bcel.verifier.statics;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

import org.apache.bcel.Const;
import org.apache.bcel.Constants;
import org.apache.bcel.Repository;
import org.apache.bcel.classfile.Attribute;
import org.apache.bcel.classfile.ClassFormatException;
import org.apache.bcel.classfile.Code;
import org.apache.bcel.classfile.CodeException;
import org.apache.bcel.classfile.Constant;
import org.apache.bcel.classfile.ConstantClass;
import org.apache.bcel.classfile.ConstantDouble;
import org.apache.bcel.classfile.ConstantFieldref;
import org.apache.bcel.classfile.ConstantFloat;
import org.apache.bcel.classfile.ConstantInteger;
import org.apache.bcel.classfile.ConstantInterfaceMethodref;
import org.apache.bcel.classfile.ConstantLong;
import org.apache.bcel.classfile.ConstantMethodref;
import org.apache.bcel.classfile.ConstantNameAndType;
import org.apache.bcel.classfile.ConstantPool;
import org.apache.bcel.classfile.ConstantString;
import org.apache.bcel.classfile.ConstantUtf8;
import org.apache.bcel.classfile.ConstantValue;
import org.apache.bcel.classfile.Deprecated;
import org.apache.bcel.classfile.DescendingVisitor;
import org.apache.bcel.classfile.EmptyVisitor;
import org.apache.bcel.classfile.ExceptionTable;
import org.apache.bcel.classfile.Field;
import org.apache.bcel.classfile.InnerClass;
import org.apache.bcel.classfile.InnerClasses;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.LineNumber;
import org.apache.bcel.classfile.LineNumberTable;
import org.apache.bcel.classfile.LocalVariable;
import org.apache.bcel.classfile.LocalVariableTable;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.classfile.Node;
import org.apache.bcel.classfile.SourceFile;
import org.apache.bcel.classfile.Synthetic;
import org.apache.bcel.classfile.Unknown;
import org.apache.bcel.classfile.Utility;
import org.apache.bcel.generic.ArrayType;
import org.apache.bcel.generic.ObjectType;
import org.apache.bcel.generic.Type;
import org.apache.bcel.verifier.PassVerifier;
import org.apache.bcel.verifier.VerificationResult;
import org.apache.bcel.verifier.Verifier;
import org.apache.bcel.verifier.VerifierFactory;
import org.apache.bcel.verifier.exc.AssertionViolatedException;
import org.apache.bcel.verifier.exc.ClassConstraintException;
import org.apache.bcel.verifier.exc.LocalVariableInfoInconsistentException;

/**
 * This PassVerifier verifies a class file according to pass 2 as described in The Java Virtual Machine Specification,
 * 2nd edition. More detailed information is to be found at the do_verify() method's documentation.
 *
 * @see #do_verify()
 */
public final class Pass2Verifier extends PassVerifier implements Constants {

    /**
     * A Visitor class that ensures the constant pool satisfies the static constraints. The visitXXX() methods throw
     * ClassConstraintException instances otherwise.
     *
     * @see #constantPoolEntriesSatisfyStaticConstraints()
     */
    private final class CPESSC_Visitor extends EmptyVisitor {
        private final Class<?> CONST_Class;

        /*
         * private Class<?> CONST_Fieldref; private Class<?> CONST_Methodref; private Class<?> CONST_InterfaceMethodref;
         */
        private final Class<?> CONST_String;
        private final Class<?> CONST_Integer;
        private final Class<?> CONST_Float;
        private final Class<?> CONST_Long;
        private final Class<?> CONST_Double;
        private final Class<?> CONST_NameAndType;
        private final Class<?> CONST_Utf8;

        private final JavaClass jc;
        private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work and computing power.
        private final int cplen; // == cp.getLength() -- to save computing power.
        private final DescendingVisitor carrier;

        private final Set<String> fieldNames = new HashSet<>();
        private final Set<String> fieldNamesAndDesc = new HashSet<>();
        private final Set<String> methodNamesAndDesc = new HashSet<>();

        private CPESSC_Visitor(final JavaClass jc) {
            this.jc = jc;
            this.cp = jc.getConstantPool();
            this.cplen = cp.getLength();

            this.CONST_Class = ConstantClass.class;
            /*
             * CONST_Fieldref = ConstantFieldref.class; CONST_Methodref = ConstantMethodref.class; CONST_InterfaceMethodref =
             * ConstantInterfaceMethodref.class;
             */
            this.CONST_String = ConstantString.class;
            this.CONST_Integer = ConstantInteger.class;
            this.CONST_Float = ConstantFloat.class;
            this.CONST_Long = ConstantLong.class;
            this.CONST_Double = ConstantDouble.class;
            this.CONST_NameAndType = ConstantNameAndType.class;
            this.CONST_Utf8 = ConstantUtf8.class;

            this.carrier = new DescendingVisitor(jc, this);
            this.carrier.visit();
        }

        private void checkIndex(final Node referrer, final int index, final Class<?> shouldbe) {
            if (index < 0 || index >= cplen) {
                throw new ClassConstraintException("Invalid index '" + index + "' used by '" + tostring(referrer) + "'.");
            }
            final Constant c = cp.getConstant(index);
            if (!shouldbe.isInstance(c)) {
                /* String isnot = shouldbe.toString().substring(shouldbe.toString().lastIndexOf(".")+1); //Cut all before last "." */
                throw new ClassConstraintException(
                    "Illegal constant '" + tostring(c) + "' at index '" + index + "'. '" + tostring(referrer) + "' expects a '" + shouldbe + "'.");
            }
        }

        // SYNTHETIC: see above
        // DEPRECATED: see above
        /////////////////////////////////////////////////////////
        // method_info-structure-ATTRIBUTES (vmspec2 4.6, 4.7) //
        /////////////////////////////////////////////////////////
        @Override
        public void visitCode(final Code obj) { // vmspec2 4.7.3
            try {
                // No code attribute allowed for native or abstract methods: see visitMethod(Method).
                // Code array constraints are checked in Pass3 (3a and 3b).

                checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

                final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
                if (!name.equals("Code")) {
                    throw new ClassConstraintException("The Code attribute '" + tostring(obj) + "' is not correctly named 'Code' but '" + name + "'.");
                }

                if (!(carrier.predecessor() instanceof Method)) {
                    addMessage("Code attribute '" + tostring(obj) + "' is not declared in a method_info structure but in '" + carrier.predecessor()
                            + "'. Ignored.");
                    return;
                }
                final Method m = (Method) carrier.predecessor(); // we can assume this method was visited before;
                                                                 // i.e. the data consistency was verified.

                if (obj.getCode().length == 0) {
                    throw new ClassConstraintException("Code array of Code attribute '" + tostring(obj) + "' (method '" + m + "') must not be empty.");
                }

                // In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
                final CodeException[] excTable = obj.getExceptionTable();
                for (final CodeException element : excTable) {
                    final int excIndex = element.getCatchType();
                    if (excIndex != 0) { // if 0, it catches all Throwables
                        checkIndex(obj, excIndex, CONST_Class);
                        final ConstantClass cc = (ConstantClass) cp.getConstant(excIndex);
                        // cannot be sure this ConstantClass has already been visited (checked)!
                        checkIndex(cc, cc.getNameIndex(), CONST_Utf8);
                        final String cname = Utility.pathToPackage(((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes());

                        Verifier v = VerifierFactory.getVerifier(cname);
                        VerificationResult vr = v.doPass1();

                        if (vr != VerificationResult.VR_OK) {
                            throw new ClassConstraintException("Code attribute '" + tostring(obj) + "' (method '" + m + "') has an exception_table entry '"
                                    + tostring(element) + "' that references '" + cname + "' as an Exception but it does not pass verification pass 1: " + vr);
                        }
                        // We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
                        // the ancestor hierarchy.
                        JavaClass e = Repository.lookupClass(cname);
                        final JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
                        final JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
                        while (e != o) {
                            if (e == t) {
                                break; // It's a subclass of Throwable, OKAY, leave.
                            }

                            v = VerifierFactory.getVerifier(e.getSuperclassName());
                            vr = v.doPass1();
                            if (vr != VerificationResult.VR_OK) {
                                throw new ClassConstraintException("Code attribute '" + tostring(obj) + "' (method '" + m + "') has an exception_table entry '"
                                        + tostring(element) + "' that references '" + cname + "' as an Exception but '" + e.getSuperclassName()
                                        + "' in the ancestor hierachy does not pass verification pass 1: " + vr);
                            }
                            e = Repository.lookupClass(e.getSuperclassName());
                        }
                        if (e != t) {
                            throw new ClassConstraintException(
                                    "Code attribute '" + tostring(obj) + "' (method '" + m + "') has an exception_table entry '" + tostring(element)
                                            + "' that references '" + cname + "' as an Exception but it is not a subclass of '" + t.getClassName() + "'.");
                        }
                    }
                }

                // Create object for local variables information
                // This is highly unelegant due to usage of the Visitor pattern.
                // TODO: rework it.
                int methodNumber = -1;
                final Method[] ms = Repository.lookupClass(verifier.getClassName()).getMethods();
                for (int mn = 0; mn < ms.length; mn++) {
                    if (m == ms[mn]) {
                        methodNumber = mn;
                        break;
                    }
                }
                // If the .class file is malformed the loop above may not find a method.
                // Try matching names instead of pointers.
                if (methodNumber < 0) {
                    for (int mn = 0; mn < ms.length; mn++) {
                        if (m.getName().equals(ms[mn].getName())) {
                            methodNumber = mn;
                            break;
                        }
                    }
                }

                if (methodNumber < 0) { // Mmmmh. Can we be sure BCEL does not sometimes instantiate new objects?
                    throw new AssertionViolatedException("Could not find a known BCEL Method object in the corresponding BCEL JavaClass object.");
                }
                localVariablesInfos[methodNumber] = new LocalVariablesInfo(obj.getMaxLocals());

                int numOfLvtAttribs = 0;
                // Now iterate through the attributes the Code attribute has.
                final Attribute[] atts = obj.getAttributes();
                for (final Attribute att : atts) {
                    if (!(att instanceof LineNumberTable) && !(att instanceof LocalVariableTable)) {
                        addMessage("Attribute '" + tostring(att) + "' as an attribute of Code attribute '" + tostring(obj) + "' (method '" + m
                                + "') is unknown and will therefore be ignored.");
                    } else { // LineNumberTable or LocalVariableTable
                        addMessage("Attribute '" + tostring(att) + "' as an attribute of Code attribute '" + tostring(obj) + "' (method '" + m
                                + "') will effectively be ignored and is only useful for debuggers and such.");
                    }

                    // LocalVariableTable check (partially delayed to Pass3a).
                    // Here because its easier to collect the information of the
                    // (possibly more than one) LocalVariableTables belonging to
                    // one certain Code attribute.
                    if (att instanceof LocalVariableTable) { // checks conforming to vmspec2 4.7.9

                        final LocalVariableTable lvt = (LocalVariableTable) att;

                        checkIndex(lvt, lvt.getNameIndex(), CONST_Utf8);

                        final String lvtname = ((ConstantUtf8) cp.getConstant(lvt.getNameIndex())).getBytes();
                        if (!lvtname.equals("LocalVariableTable")) {
                            throw new ClassConstraintException("The LocalVariableTable attribute '" + tostring(lvt)
                                    + "' is not correctly named 'LocalVariableTable' but '" + lvtname + "'.");
                        }

                        // In JustIce, the check for correct offsets into the code array is delayed to Pass 3a.
                        for (final LocalVariable localvariable : lvt.getLocalVariableTable()) {
                            checkIndex(lvt, localvariable.getNameIndex(), CONST_Utf8);
                            final String localname = ((ConstantUtf8) cp.getConstant(localvariable.getNameIndex())).getBytes();
                            if (!validJavaIdentifier(localname)) {
                                throw new ClassConstraintException("LocalVariableTable '" + tostring(lvt) + "' references a local variable by the name '"
                                        + localname + "' which is not a legal Java simple name.");
                            }

                            checkIndex(lvt, localvariable.getSignatureIndex(), CONST_Utf8);
                            final String localsig = ((ConstantUtf8) cp.getConstant(localvariable.getSignatureIndex())).getBytes(); // Local sig.(=descriptor)
                            Type t;
                            try {
                                t = Type.getType(localsig);
                            } catch (final ClassFormatException cfe) {
                                throw new ClassConstraintException("Illegal descriptor (==signature) '" + localsig + "' used by LocalVariable '"
                                        + tostring(localvariable) + "' referenced by '" + tostring(lvt) + "'.", cfe);
                            }
                            final int localindex = localvariable.getIndex();
                            if ((t == Type.LONG || t == Type.DOUBLE ? localindex + 1 : localindex) >= obj.getMaxLocals()) {
                                throw new ClassConstraintException("LocalVariableTable attribute '" + tostring(lvt) + "' references a LocalVariable '"
                                        + tostring(localvariable) + "' with an index that exceeds the surrounding Code attribute's max_locals value of '"
                                        + obj.getMaxLocals() + "'.");
                            }

                            try {
                                localVariablesInfos[methodNumber].add(localindex, localname, localvariable.getStartPC(), localvariable.getLength(), t);
                            } catch (final LocalVariableInfoInconsistentException lviie) {
                                throw new ClassConstraintException("Conflicting information in LocalVariableTable '" + tostring(lvt)
                                        + "' found in Code attribute '" + tostring(obj) + "' (method '" + tostring(m) + "'). " + lviie.getMessage(), lviie);
                            }
                        } // for all local variables localvariables[i] in the LocalVariableTable attribute atts[a] END

                        numOfLvtAttribs++;
                        if (!m.isStatic() && numOfLvtAttribs > obj.getMaxLocals()) {
                            throw new ClassConstraintException("Number of LocalVariableTable attributes of Code attribute '" + tostring(obj) + "' (method '"
                                    + tostring(m) + "') exceeds number of local variable slots '" + obj.getMaxLocals()
                                    + "' ('There may be at most one LocalVariableTable attribute per local variable in the Code attribute.').");
                        }
                    } // if atts[a] instanceof LocalVariableTable END
                } // for all attributes atts[a] END

            } catch (final ClassNotFoundException e) {
                // FIXME: this might not be the best way to handle missing classes.
                throw new AssertionViolatedException("Missing class: " + e, e);
            }

        } // visitCode(Code) END

        @Override
        public void visitCodeException(final CodeException obj) {
            // Code constraints are checked in Pass3 (3a and 3b).
            // This does not represent an Attribute but is only
            // related to internal BCEL data representation.

            // see visitCode(Code)
        }

        /////////////////////////////
        // CONSTANTS (vmspec2 4.4) //
        /////////////////////////////
        @Override
        public void visitConstantClass(final ConstantClass obj) {
            if (obj.getTag() != Const.CONSTANT_Class) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

        }

        @Override
        public void visitConstantDouble(final ConstantDouble obj) {
            if (obj.getTag() != Const.CONSTANT_Double) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            // no indices to check
        }

        @Override
        public void visitConstantFieldref(final ConstantFieldref obj) {
            if (obj.getTag() != Const.CONSTANT_Fieldref) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getClassIndex(), CONST_Class);
            checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
        }

        @Override
        public void visitConstantFloat(final ConstantFloat obj) {
            if (obj.getTag() != Const.CONSTANT_Float) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            // no indices to check
        }

        @Override
        public void visitConstantInteger(final ConstantInteger obj) {
            if (obj.getTag() != Const.CONSTANT_Integer) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            // no indices to check
        }

        @Override
        public void visitConstantInterfaceMethodref(final ConstantInterfaceMethodref obj) {
            if (obj.getTag() != Const.CONSTANT_InterfaceMethodref) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getClassIndex(), CONST_Class);
            checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
        }

        @Override
        public void visitConstantLong(final ConstantLong obj) {
            if (obj.getTag() != Const.CONSTANT_Long) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            // no indices to check
        }

        @Override
        public void visitConstantMethodref(final ConstantMethodref obj) {
            if (obj.getTag() != Const.CONSTANT_Methodref) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getClassIndex(), CONST_Class);
            checkIndex(obj, obj.getNameAndTypeIndex(), CONST_NameAndType);
        }

        @Override
        public void visitConstantNameAndType(final ConstantNameAndType obj) {
            if (obj.getTag() != Const.CONSTANT_NameAndType) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
            // checkIndex(obj, obj.getDescriptorIndex(), CONST_Utf8); //inconsistently named in BCEL, see below.
            checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);
        }

        @Override
        public void visitConstantPool(final ConstantPool obj) {
            // No need to. We're piggybacked by the DescendingVisitor.
            // This does not represent an Attribute but is only
            // related to internal BCEL data representation.
        }

        @Override
        public void visitConstantString(final ConstantString obj) {
            if (obj.getTag() != Const.CONSTANT_String) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            checkIndex(obj, obj.getStringIndex(), CONST_Utf8);
        }

        @Override
        public void visitConstantUtf8(final ConstantUtf8 obj) {
            if (obj.getTag() != Const.CONSTANT_Utf8) {
                throw new ClassConstraintException("Wrong constant tag in '" + tostring(obj) + "'.");
            }
            // no indices to check
        }

        ////////////////////////////////////////////////////////
        // field_info-structure-ATTRIBUTES (vmspec2 4.5, 4.7) //
        ////////////////////////////////////////////////////////
        @Override
        public void visitConstantValue(final ConstantValue obj) { // vmspec2 4.7.2
            // Despite its name, this really is an Attribute,
            // not a constant!
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
            if (!name.equals("ConstantValue")) {
                throw new ClassConstraintException(
                    "The ConstantValue attribute '" + tostring(obj) + "' is not correctly named 'ConstantValue' but '" + name + "'.");
            }

            final Object pred = carrier.predecessor();
            if (pred instanceof Field) { // ConstantValue attributes are quite senseless if the predecessor is not a field.
                final Field f = (Field) pred;
                // Field constraints have been checked before -- so we are safe using their type information.
                final Type fieldType = Type.getType(((ConstantUtf8) cp.getConstant(f.getSignatureIndex())).getBytes());

                final int index = obj.getConstantValueIndex();
                if (index < 0 || index >= cplen) {
                    throw new ClassConstraintException("Invalid index '" + index + "' used by '" + tostring(obj) + "'.");
                }
                final Constant c = cp.getConstant(index);

                if (CONST_Long.isInstance(c) && fieldType.equals(Type.LONG) || CONST_Float.isInstance(c) && fieldType.equals(Type.FLOAT)) {
                    return;
                }
                if (CONST_Double.isInstance(c) && fieldType.equals(Type.DOUBLE)) {
                    return;
                }
                if (CONST_Integer.isInstance(c) && (fieldType.equals(Type.INT) || fieldType.equals(Type.SHORT) || fieldType.equals(Type.CHAR)
                    || fieldType.equals(Type.BYTE) || fieldType.equals(Type.BOOLEAN))) {
                    return;
                }
                if (CONST_String.isInstance(c) && fieldType.equals(Type.STRING)) {
                    return;
                }

                throw new ClassConstraintException("Illegal type of ConstantValue '" + obj + "' embedding Constant '" + c + "'. It is referenced by field '"
                    + tostring(f) + "' expecting a different type: '" + fieldType + "'.");
            }
        }

        @Override
        public void visitDeprecated(final Deprecated obj) { // vmspec2 4.7.10
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
            if (!name.equals("Deprecated")) {
                throw new ClassConstraintException("The Deprecated attribute '" + tostring(obj) + "' is not correctly named 'Deprecated' but '" + name + "'.");
            }
        }

        @Override
        public void visitExceptionTable(final ExceptionTable obj) { // vmspec2 4.7.4
            try {
                // incorrectly named, it's the Exceptions attribute (vmspec2 4.7.4)
                checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

                final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
                if (!name.equals("Exceptions")) {
                    throw new ClassConstraintException(
                        "The Exceptions attribute '" + tostring(obj) + "' is not correctly named 'Exceptions' but '" + name + "'.");
                }

                final int[] excIndices = obj.getExceptionIndexTable();

                for (final int excIndice : excIndices) {
                    checkIndex(obj, excIndice, CONST_Class);

                    final ConstantClass cc = (ConstantClass) cp.getConstant(excIndice);
                    checkIndex(cc, cc.getNameIndex(), CONST_Utf8); // can't be sure this ConstantClass has already been visited (checked)!
                    // convert internal notation on-the-fly to external notation:
                    final String cname = Utility.pathToPackage(((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes());

                    Verifier v = VerifierFactory.getVerifier(cname);
                    VerificationResult vr = v.doPass1();

                    if (vr != VerificationResult.VR_OK) {
                        throw new ClassConstraintException("Exceptions attribute '" + tostring(obj) + "' references '" + cname
                            + "' as an Exception but it does not pass verification pass 1: " + vr);
                    }
                    // We cannot safely trust any other "instanceof" mechanism. We need to transitively verify
                    // the ancestor hierarchy.
                    JavaClass e = Repository.lookupClass(cname);
                    final JavaClass t = Repository.lookupClass(Type.THROWABLE.getClassName());
                    final JavaClass o = Repository.lookupClass(Type.OBJECT.getClassName());
                    while (e != o) {
                        if (e == t) {
                            break; // It's a subclass of Throwable, OKAY, leave.
                        }

                        v = VerifierFactory.getVerifier(e.getSuperclassName());
                        vr = v.doPass1();
                        if (vr != VerificationResult.VR_OK) {
                            throw new ClassConstraintException("Exceptions attribute '" + tostring(obj) + "' references '" + cname + "' as an Exception but '"
                                + e.getSuperclassName() + "' in the ancestor hierachy does not pass verification pass 1: " + vr);
                        }
                        e = Repository.lookupClass(e.getSuperclassName());
                    }
                    if (e != t) {
                        throw new ClassConstraintException("Exceptions attribute '" + tostring(obj) + "' references '" + cname
                            + "' as an Exception but it is not a subclass of '" + t.getClassName() + "'.");
                    }
                }

            } catch (final ClassNotFoundException e) {
                // FIXME: this might not be the best way to handle missing classes.
                throw new AssertionViolatedException("Missing class: " + e, e);
            }
        }

        //////////////////////////
        // FIELDS (vmspec2 4.5) //
        //////////////////////////
        @Override
        public void visitField(final Field obj) {

            if (jc.isClass()) {
                int maxone = 0;
                if (obj.isPrivate()) {
                    maxone++;
                }
                if (obj.isProtected()) {
                    maxone++;
                }
                if (obj.isPublic()) {
                    maxone++;
                }
                if (maxone > 1) {
                    throw new ClassConstraintException(
                        "Field '" + tostring(obj) + "' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
                }

                if (obj.isFinal() && obj.isVolatile()) {
                    throw new ClassConstraintException(
                        "Field '" + tostring(obj) + "' must only have at most one of its ACC_FINAL, ACC_VOLATILE modifiers set.");
                }
            } else { // isInterface!
                if (!obj.isPublic()) {
                    throw new ClassConstraintException("Interface field '" + tostring(obj) + "' must have the ACC_PUBLIC modifier set but hasn't!");
                }
                if (!obj.isStatic()) {
                    throw new ClassConstraintException("Interface field '" + tostring(obj) + "' must have the ACC_STATIC modifier set but hasn't!");
                }
                if (!obj.isFinal()) {
                    throw new ClassConstraintException("Interface field '" + tostring(obj) + "' must have the ACC_FINAL modifier set but hasn't!");
                }
            }

            if ((obj.getAccessFlags() & ~(Const.ACC_PUBLIC | Const.ACC_PRIVATE | Const.ACC_PROTECTED | Const.ACC_STATIC | Const.ACC_FINAL | Const.ACC_VOLATILE |
                Const.ACC_TRANSIENT)) > 0) {
                addMessage("Field '" + tostring(obj) + "' has access flag(s) other than ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED,"
                    + " ACC_STATIC, ACC_FINAL, ACC_VOLATILE, ACC_TRANSIENT set (ignored).");
            }

            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = obj.getName();
            if (!validFieldName(name)) {
                throw new ClassConstraintException("Field '" + tostring(obj) + "' has illegal name '" + obj.getName() + "'.");
            }

            // A descriptor is often named signature in BCEL
            checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);

            final String sig = ((ConstantUtf8) cp.getConstant(obj.getSignatureIndex())).getBytes(); // Field or Method sig.(=descriptor)

            try {
                Type.getType(sig); /* Don't need the return value */
            } catch (final ClassFormatException cfe) {
                throw new ClassConstraintException("Illegal descriptor (==signature) '" + sig + "' used by '" + tostring(obj) + "'.", cfe);
            }

            final String nameanddesc = name + sig;
            if (fieldNamesAndDesc.contains(nameanddesc)) {
                throw new ClassConstraintException("No two fields (like '" + tostring(obj) + "') are allowed have same names and descriptors!");
            }
            if (fieldNames.contains(name)) {
                addMessage("More than one field of name '" + name + "' detected (but with different type descriptors). This is very unusual.");
            }
            fieldNamesAndDesc.add(nameanddesc);
            fieldNames.add(name);

            final Attribute[] atts = obj.getAttributes();
            for (final Attribute att : atts) {
                if (!(att instanceof ConstantValue) && !(att instanceof Synthetic) && !(att instanceof Deprecated)) {
                    addMessage("Attribute '" + tostring(att) + "' as an attribute of Field '" + tostring(obj) + "' is unknown and will therefore be ignored.");
                }
                if (!(att instanceof ConstantValue)) {
                    addMessage("Attribute '" + tostring(att) + "' as an attribute of Field '" + tostring(obj)
                        + "' is not a ConstantValue and is therefore only of use for debuggers and such.");
                }
            }
        }

        @Override
        public void visitInnerClass(final InnerClass obj) {
            // This does not represent an Attribute but is only
            // related to internal BCEL data representation.
        }

        @Override
        public void visitInnerClasses(final InnerClasses innerClasses) { // vmspec2 4.7.5

            // exactly one InnerClasses attr per ClassFile if some inner class is refernced: see visitJavaClass()

            checkIndex(innerClasses, innerClasses.getNameIndex(), CONST_Utf8);

            final String name = ((ConstantUtf8) cp.getConstant(innerClasses.getNameIndex())).getBytes();
            if (!name.equals("InnerClasses")) {
                throw new ClassConstraintException(
                    "The InnerClasses attribute '" + tostring(innerClasses) + "' is not correctly named 'InnerClasses' but '" + name + "'.");
            }

            innerClasses.forEach(ic -> {
                checkIndex(innerClasses, ic.getInnerClassIndex(), CONST_Class);
                final int outerIdx = ic.getOuterClassIndex();
                if (outerIdx != 0) {
                    checkIndex(innerClasses, outerIdx, CONST_Class);
                }
                final int innernameIdx = ic.getInnerNameIndex();
                if (innernameIdx != 0) {
                    checkIndex(innerClasses, innernameIdx, CONST_Utf8);
                }
                int acc = ic.getInnerAccessFlags();
                acc &= ~(Const.ACC_PUBLIC | Const.ACC_PRIVATE | Const.ACC_PROTECTED | Const.ACC_STATIC | Const.ACC_FINAL | Const.ACC_INTERFACE |
                    Const.ACC_ABSTRACT);
                if (acc != 0) {
                    addMessage("Unknown access flag for inner class '" + tostring(ic) + "' set (InnerClasses attribute '" + tostring(innerClasses) + "').");
                }
            });
            // Semantical consistency is not yet checked by Sun, see vmspec2 4.7.5.
            // [marked TODO in JustIce]
        }

        ///////////////////////////////////////
        // ClassFile structure (vmspec2 4.1) //
        ///////////////////////////////////////
        @Override
        public void visitJavaClass(final JavaClass obj) {
            final Attribute[] atts = obj.getAttributes();
            boolean foundSourceFile = false;
            boolean foundInnerClasses = false;

            // Is there an InnerClass referenced?
            // This is a costly check; existing verifiers don't do it!
            final boolean hasInnerClass = new InnerClassDetector(jc).innerClassReferenced();

            for (final Attribute att : atts) {
                if (!(att instanceof SourceFile) && !(att instanceof Deprecated) && !(att instanceof InnerClasses) && !(att instanceof Synthetic)) {
                    addMessage("Attribute '" + tostring(att) + "' as an attribute of the ClassFile structure '" + tostring(obj)
                        + "' is unknown and will therefore be ignored.");
                }

                if (att instanceof SourceFile) {
                    if (foundSourceFile) {
                        throw new ClassConstraintException(
                            "A ClassFile structure (like '" + tostring(obj) + "') may have no more than one SourceFile attribute."); // vmspec2 4.7.7
                    }
                    foundSourceFile = true;
                }

                if (att instanceof InnerClasses) {
                    if (!foundInnerClasses) {
                        foundInnerClasses = true;
                    } else if (hasInnerClass) {
                        throw new ClassConstraintException("A Classfile structure (like '" + tostring(obj) + "') must have exactly one InnerClasses attribute"
                            + " if at least one Inner Class is referenced (which is the case)." + " More than one InnerClasses attribute was found.");
                    }
                    if (!hasInnerClass) {
                        addMessage("No referenced Inner Class found, but InnerClasses attribute '" + tostring(att)
                            + "' found. Strongly suggest removal of that attribute.");
                    }
                }

            }
            if (hasInnerClass && !foundInnerClasses) {
                // throw new ClassConstraintException("A Classfile structure (like '"+tostring(obj)+
                // "') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case)."+
                // " No InnerClasses attribute was found.");
                // vmspec2, page 125 says it would be a constraint: but existing verifiers
                // don't check it and javac doesn't satisfy it when it comes to anonymous
                // inner classes
                addMessage("A Classfile structure (like '" + tostring(obj)
                    + "') must have exactly one InnerClasses attribute if at least one Inner Class is referenced (which is the case)."
                    + " No InnerClasses attribute was found.");
            }
        }

        @Override
        public void visitLineNumber(final LineNumber obj) {
            // This does not represent an Attribute but is only
            // related to internal BCEL data representation.

            // see visitLineNumberTable(LineNumberTable)
        }

        // SYNTHETIC: see above
        // DEPRECATED: see above
        //////////////////////////////////////////////////////////////
        // code_attribute-structure-ATTRIBUTES (vmspec2 4.7.3, 4.7) //
        //////////////////////////////////////////////////////////////
        @Override
        public void visitLineNumberTable(final LineNumberTable obj) { // vmspec2 4.7.8
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
            if (!name.equals("LineNumberTable")) {
                throw new ClassConstraintException(
                    "The LineNumberTable attribute '" + tostring(obj) + "' is not correctly named 'LineNumberTable' but '" + name + "'.");
            }

            // In JustIce, this check is delayed to Pass 3a.
            // LineNumber[] linenumbers = obj.getLineNumberTable();
            // ...validity check...

        }

        //////////
        // BCEL //
        //////////
        @Override
        public void visitLocalVariable(final LocalVariable obj) {
            // This does not represent an Attribute but is only
            // related to internal BCEL data representation.

            // see visitLocalVariableTable(LocalVariableTable)
        }

        @Override
        public void visitLocalVariableTable(final LocalVariableTable obj) { // vmspec2 4.7.9
            // In JustIce, this check is partially delayed to Pass 3a.
            // The other part can be found in the visitCode(Code) method.
        }

        ///////////////////////////
        // METHODS (vmspec2 4.6) //
        ///////////////////////////
        @Override
        public void visitMethod(final Method obj) {

            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = obj.getName();
            if (!validMethodName(name, true)) {
                throw new ClassConstraintException("Method '" + tostring(obj) + "' has illegal name '" + name + "'.");
            }

            // A descriptor is often named signature in BCEL
            checkIndex(obj, obj.getSignatureIndex(), CONST_Utf8);

            final String sig = ((ConstantUtf8) cp.getConstant(obj.getSignatureIndex())).getBytes(); // Method's signature(=descriptor)

            Type t;
            Type[] ts; // needed below the try block.
            try {
                t = Type.getReturnType(sig);
                ts = Type.getArgumentTypes(sig);
            } catch (final ClassFormatException cfe) {
                throw new ClassConstraintException("Illegal descriptor (==signature) '" + sig + "' used by Method '" + tostring(obj) + "'.", cfe);
            }

            // Check if referenced objects exist.
            Type act = t;
            if (act instanceof ArrayType) {
                act = ((ArrayType) act).getBasicType();
            }
            if (act instanceof ObjectType) {
                final Verifier v = VerifierFactory.getVerifier(((ObjectType) act).getClassName());
                final VerificationResult vr = v.doPass1();
                if (vr != VerificationResult.VR_OK) {
                    throw new ClassConstraintException(
                        "Method '" + tostring(obj) + "' has a return type that does not pass verification pass 1: '" + vr + "'.");
                }
            }

            for (final Type element : ts) {
                act = element;
                if (act instanceof ArrayType) {
                    act = ((ArrayType) act).getBasicType();
                }
                if (act instanceof ObjectType) {
                    final Verifier v = VerifierFactory.getVerifier(((ObjectType) act).getClassName());
                    final VerificationResult vr = v.doPass1();
                    if (vr != VerificationResult.VR_OK) {
                        throw new ClassConstraintException(
                            "Method '" + tostring(obj) + "' has an argument type that does not pass verification pass 1: '" + vr + "'.");
                    }
                }
            }

            // Nearly forgot this! Funny return values are allowed, but a non-empty arguments list makes a different method out of
            // it!
            if (name.equals(Const.STATIC_INITIALIZER_NAME) && ts.length != 0) {
                throw new ClassConstraintException("Method '" + tostring(obj) + "' has illegal name '" + name + "'."
                    + " Its name resembles the class or interface initialization method" + " which it isn't because of its arguments (==descriptor).");
            }

            if (jc.isClass()) {
                int maxone = 0;
                if (obj.isPrivate()) {
                    maxone++;
                }
                if (obj.isProtected()) {
                    maxone++;
                }
                if (obj.isPublic()) {
                    maxone++;
                }
                if (maxone > 1) {
                    throw new ClassConstraintException(
                        "Method '" + tostring(obj) + "' must only have at most one of its ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC modifiers set.");
                }

                if (obj.isAbstract()) {
                    if (obj.isFinal()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_FINAL modifier set.");
                    }
                    if (obj.isNative()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_NATIVE modifier set.");
                    }
                    if (obj.isPrivate()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_PRIVATE modifier set.");
                    }
                    if (obj.isStatic()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_STATIC modifier set.");
                    }
                    if (obj.isStrictfp()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_STRICT modifier set.");
                    }
                    if (obj.isSynchronized()) {
                        throw new ClassConstraintException("Abstract method '" + tostring(obj) + "' must not have the ACC_SYNCHRONIZED modifier set.");
                    }
                }

                // A specific instance initialization method... (vmspec2,Page 116).
                // ..may have at most one of ACC_PRIVATE, ACC_PROTECTED, ACC_PUBLIC set: is checked above.
                // ..may also have ACC_STRICT set, but none of the other flags in table 4.5 (vmspec2, page 115)
                if (name.equals(Const.CONSTRUCTOR_NAME) && (obj.isStatic() || obj.isFinal() || obj.isSynchronized() || obj.isNative() || obj.isAbstract())) {
                    throw new ClassConstraintException("Instance initialization method '" + tostring(obj) + "' must not have"
                            + " any of the ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT modifiers set.");
                }
            } else if (!name.equals(Const.STATIC_INITIALIZER_NAME)) { // vmspec2, p.116, 2nd paragraph
                if (jc.getMajor() >= Const.MAJOR_1_8) {
                    if (obj.isPublic() == obj.isPrivate()) {
                        throw new ClassConstraintException(
                            "Interface method '" + tostring(obj) + "' must have" + " exactly one of its ACC_PUBLIC and ACC_PRIVATE modifiers set.");
                    }
                    if (obj.isProtected() || obj.isFinal() || obj.isSynchronized() || obj.isNative()) {
                        throw new ClassConstraintException("Interface method '" + tostring(obj) + "' must not have"
                            + " any of the ACC_PROTECTED, ACC_FINAL, ACC_SYNCHRONIZED, or ACC_NATIVE modifiers set.");
                    }

                } else {
                    if (!obj.isPublic()) {
                        throw new ClassConstraintException("Interface method '" + tostring(obj) + "' must have the ACC_PUBLIC modifier set but hasn't!");
                    }
                    if (!obj.isAbstract()) {
                        throw new ClassConstraintException("Interface method '" + tostring(obj) + "' must have the ACC_ABSTRACT modifier set but hasn't!");
                    }
                    if (obj.isPrivate() || obj.isProtected() || obj.isStatic() || obj.isFinal() || obj.isSynchronized() || obj.isNative() || obj.isStrictfp()) {
                        throw new ClassConstraintException("Interface method '" + tostring(obj) + "' must not have"
                            + " any of the ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL, ACC_SYNCHRONIZED,"
                            + " ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT modifiers set.");
                    }
                }
            }

            if ((obj.getAccessFlags() & ~(Const.ACC_PUBLIC | Const.ACC_PRIVATE | Const.ACC_PROTECTED | Const.ACC_STATIC | Const.ACC_FINAL |
                Const.ACC_SYNCHRONIZED | Const.ACC_NATIVE | Const.ACC_ABSTRACT | Const.ACC_STRICT)) > 0) {
                addMessage("Method '" + tostring(obj) + "' has access flag(s) other than" + " ACC_PUBLIC, ACC_PRIVATE, ACC_PROTECTED, ACC_STATIC, ACC_FINAL,"
                    + " ACC_SYNCHRONIZED, ACC_NATIVE, ACC_ABSTRACT, ACC_STRICT set (ignored).");
            }

            final String nameanddesc = name + sig;
            if (methodNamesAndDesc.contains(nameanddesc)) {
                throw new ClassConstraintException("No two methods (like '" + tostring(obj) + "') are allowed have same names and desciptors!");
            }
            methodNamesAndDesc.add(nameanddesc);

            final Attribute[] atts = obj.getAttributes();
            int numCodeAtts = 0;
            for (final Attribute att : atts) {
                if (!(att instanceof Code) && !(att instanceof ExceptionTable) && !(att instanceof Synthetic) && !(att instanceof Deprecated)) {
                    addMessage("Attribute '" + tostring(att) + "' as an attribute of Method '" + tostring(obj) + "' is unknown and will therefore be ignored.");
                }
                if (!(att instanceof Code) && !(att instanceof ExceptionTable)) {
                    addMessage("Attribute '" + tostring(att) + "' as an attribute of Method '" + tostring(obj)
                        + "' is neither Code nor Exceptions and is therefore only of use for debuggers and such.");
                }
                if (att instanceof Code && (obj.isNative() || obj.isAbstract())) {
                    throw new ClassConstraintException(
                        "Native or abstract methods like '" + tostring(obj) + "' must not have a Code attribute like '" + tostring(att) + "'."); // vmspec2
                                                                                                                                                 // page120,
                                                                                                                                                 // 4.7.3
                }
                if (att instanceof Code) {
                    numCodeAtts++;
                }
            }
            if (!obj.isNative() && !obj.isAbstract() && numCodeAtts != 1) {
                throw new ClassConstraintException(
                    "Non-native, non-abstract methods like '" + tostring(obj) + "' must have exactly one Code attribute (found: " + numCodeAtts + ").");
            }
        }

        ///////////////////////////////////////////////////////
        // ClassFile-structure-ATTRIBUTES (vmspec2 4.1, 4.7) //
        ///////////////////////////////////////////////////////
        @Override
        public void visitSourceFile(final SourceFile obj) { // vmspec2 4.7.7

            // zero or one SourceFile attr per ClassFile: see visitJavaClass()

            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
            if (!name.equals("SourceFile")) {
                throw new ClassConstraintException("The SourceFile attribute '" + tostring(obj) + "' is not correctly named 'SourceFile' but '" + name + "'.");
            }

            checkIndex(obj, obj.getSourceFileIndex(), CONST_Utf8);

            final String sourceFileName = ((ConstantUtf8) cp.getConstant(obj.getSourceFileIndex())).getBytes(); // ==obj.getSourceFileName() ?
            final String sourceFileNameLc = sourceFileName.toLowerCase(Locale.ENGLISH);

            if (sourceFileName.indexOf('/') != -1 || sourceFileName.indexOf('\\') != -1 || sourceFileName.indexOf(':') != -1
                || sourceFileNameLc.lastIndexOf(".java") == -1) {
                addMessage("SourceFile attribute '" + tostring(obj)
                    + "' has a funny name: remember not to confuse certain parsers working on javap's output. Also, this name ('" + sourceFileName
                    + "') is considered an unqualified (simple) file name only.");
            }
        }

        @Override
        public void visitSynthetic(final Synthetic obj) { // vmspec2 4.7.6
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);
            final String name = ((ConstantUtf8) cp.getConstant(obj.getNameIndex())).getBytes();
            if (!name.equals("Synthetic")) {
                throw new ClassConstraintException("The Synthetic attribute '" + tostring(obj) + "' is not correctly named 'Synthetic' but '" + name + "'.");
            }
        }

        ////////////////////////////////////////////////////
        // MISC-structure-ATTRIBUTES (vmspec2 4.7.1, 4.7) //
        ////////////////////////////////////////////////////
        @Override
        public void visitUnknown(final Unknown obj) { // vmspec2 4.7.1
            // Represents an unknown attribute.
            checkIndex(obj, obj.getNameIndex(), CONST_Utf8);

            // Maybe only misnamed? Give a (warning) message.
            addMessage("Unknown attribute '" + tostring(obj) + "'. This attribute is not known in any context!");
        }
    }

    /**
     * A Visitor class that ensures the ConstantCP-subclassed entries of the constant pool are valid. <B>Precondition:
     * index-style cross referencing in the constant pool must be valid.</B>
     *
     * @see #constantPoolEntriesSatisfyStaticConstraints()
     * @see org.apache.bcel.classfile.ConstantCP
     */
    private final class FAMRAV_Visitor extends EmptyVisitor {
        private final ConstantPool cp; // ==jc.getConstantPool() -- only here to save typing work.

        private FAMRAV_Visitor(final JavaClass jc) {
            this.cp = jc.getConstantPool();
        }

        @Override
        public void visitConstantFieldref(final ConstantFieldref obj) {
            if (obj.getTag() != Const.CONSTANT_Fieldref) {
                throw new ClassConstraintException("ConstantFieldref '" + tostring(obj) + "' has wrong tag!");
            }
            final int nameAndTypeIndex = obj.getNameAndTypeIndex();
            final ConstantNameAndType cnat = (ConstantNameAndType) cp.getConstant(nameAndTypeIndex);
            final String name = ((ConstantUtf8) cp.getConstant(cnat.getNameIndex())).getBytes(); // Field or Method name
            if (!validFieldName(name)) {
                throw new ClassConstraintException("Invalid field name '" + name + "' referenced by '" + tostring(obj) + "'.");
            }

            final int classIndex = obj.getClassIndex();
            final ConstantClass cc = (ConstantClass) cp.getConstant(classIndex);
            final String className = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes(); // Class Name in internal form
            if (!validClassName(className)) {
                throw new ClassConstraintException("Illegal class name '" + className + "' used by '" + tostring(obj) + "'.");
            }

            final String sig = ((ConstantUtf8) cp.getConstant(cnat.getSignatureIndex())).getBytes(); // Field or Method sig.(=descriptor)

            try {
                Type.getType(sig); /* Don't need the return value */
            } catch (final ClassFormatException cfe) {
                throw new ClassConstraintException("Illegal descriptor (==signature) '" + sig + "' used by '" + tostring(obj) + "'.", cfe);
            }
        }

        @Override
        public void visitConstantInterfaceMethodref(final ConstantInterfaceMethodref obj) {
            if (obj.getTag() != Const.CONSTANT_InterfaceMethodref) {
                throw new ClassConstraintException("ConstantInterfaceMethodref '" + tostring(obj) + "' has wrong tag!");
            }
            final int nameAndTypeIndex = obj.getNameAndTypeIndex();
            final ConstantNameAndType cnat = (ConstantNameAndType) cp.getConstant(nameAndTypeIndex);
            final String name = ((ConstantUtf8) cp.getConstant(cnat.getNameIndex())).getBytes(); // Field or Method name
            if (!validInterfaceMethodName(name)) {
                throw new ClassConstraintException("Invalid (interface) method name '" + name + "' referenced by '" + tostring(obj) + "'.");
            }

            final int classIndex = obj.getClassIndex();
            final ConstantClass cc = (ConstantClass) cp.getConstant(classIndex);
            final String className = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes(); // Class Name in internal form
            if (!validClassName(className)) {
                throw new ClassConstraintException("Illegal class name '" + className + "' used by '" + tostring(obj) + "'.");
            }

            final String sig = ((ConstantUtf8) cp.getConstant(cnat.getSignatureIndex())).getBytes(); // Field or Method sig.(=descriptor)

            try {
                final Type t = Type.getReturnType(sig);
                if (name.equals(Const.STATIC_INITIALIZER_NAME) && t != Type.VOID) {
                    addMessage("Class or interface initialization method '" + Const.STATIC_INITIALIZER_NAME + "' usually has VOID return type instead of '" + t
                        + "'. Note this is really not a requirement of The Java Virtual Machine Specification, Second Edition.");
                }
            } catch (final ClassFormatException cfe) {
                throw new ClassConstraintException("Illegal descriptor (==signature) '" + sig + "' used by '" + tostring(obj) + "'.", cfe);
            }

        }

        @Override
        public void visitConstantMethodref(final ConstantMethodref obj) {
            if (obj.getTag() != Const.CONSTANT_Methodref) {
                throw new ClassConstraintException("ConstantMethodref '" + tostring(obj) + "' has wrong tag!");
            }
            final int nameAndTypeIndex = obj.getNameAndTypeIndex();
            final ConstantNameAndType cnat = (ConstantNameAndType) cp.getConstant(nameAndTypeIndex);
            final String name = ((ConstantUtf8) cp.getConstant(cnat.getNameIndex())).getBytes(); // Field or Method name
            if (!validClassMethodName(name)) {
                throw new ClassConstraintException("Invalid (non-interface) method name '" + name + "' referenced by '" + tostring(obj) + "'.");
            }

            final int classIndex = obj.getClassIndex();
            final ConstantClass cc = (ConstantClass) cp.getConstant(classIndex);
            final String className = ((ConstantUtf8) cp.getConstant(cc.getNameIndex())).getBytes(); // Class Name in internal form
            if (!validClassName(className)) {
                throw new ClassConstraintException("Illegal class name '" + className + "' used by '" + tostring(obj) + "'.");
            }

            final String sig = ((ConstantUtf8) cp.getConstant(cnat.getSignatureIndex())).getBytes(); // Field or Method sig.(=descriptor)

            try {
                final Type t = Type.getReturnType(sig);
                if (name.equals(Const.CONSTRUCTOR_NAME) && t != Type.VOID) {
                    throw new ClassConstraintException("Instance initialization method must have VOID return type.");
                }
            } catch (final ClassFormatException cfe) {
                throw new ClassConstraintException("Illegal descriptor (==signature) '" + sig + "' used by '" + tostring(obj) + "'.", cfe);
            }
        }

    }

    /**
     * This class serves for finding out if a given JavaClass' ConstantPool references an Inner Class. The Java Virtual
     * Machine Specification, Second Edition is not very precise about when an "InnerClasses" attribute has to appear.
     * However, it states that there has to be exactly one InnerClasses attribute in the ClassFile structure if the constant
     * pool of a class or interface refers to any class or interface "that is not a member of a package". Sun does not mean
     * "member of the default package". In "Inner Classes Specification" they point out how a "bytecode name" is derived so
     * one has to deduce what a class name of a class "that is not a member of a package" looks like: there is at least one
     * character in the byte- code name that cannot be part of a legal Java Language Class name (and not equal to '/'). This
     * assumption is wrong as the delimiter is '$' for which Character.isJavaIdentifierPart() == true. Hence, you really run
     * into trouble if you have a toplevel class called "A$XXX" and another toplevel class called "A" with in inner class
     * called "XXX". JustIce cannot repair this; please note that existing verifiers at this time even fail to detect
     * missing InnerClasses attributes in pass 2.
     */
    private static final class InnerClassDetector extends EmptyVisitor {
        private boolean hasInnerClass;
        private final JavaClass jc;
        private final ConstantPool cp;

        /** Constructs an InnerClassDetector working on the JavaClass _jc. */
        public InnerClassDetector(final JavaClass javaClass) {
            this.jc = javaClass;
            this.cp = jc.getConstantPool();
            new DescendingVisitor(jc, this).visit();
        }

        /**
         * Returns if the JavaClass this InnerClassDetector is working on has an Inner Class reference in its constant pool.
         *
         * @return Whether this InnerClassDetector is working on has an Inner Class reference in its constant pool.
         */
        public boolean innerClassReferenced() {
            return hasInnerClass;
        }

        /** This method casually visits ConstantClass references. */
        @Override
        public void visitConstantClass(final ConstantClass obj) {
            final Constant c = cp.getConstant(obj.getNameIndex());
            if (c instanceof ConstantUtf8) { // Ignore the case where it's not a ConstantUtf8 here, we'll find out later.
                final String className = ((ConstantUtf8) c).getBytes();
                if (className.startsWith(Utility.packageToPath(jc.getClassName()) + "$")) {
                    hasInnerClass = true;
                }
            }
        }
    }

    /**
     * This method is here to save typing work and improve code readability.
     */
    private static String tostring(final Node n) {
        return new StringRepresentation(n).toString();
    }

    /**
     * This method returns true if and only if the supplied String represents a valid method name that may be referenced by
     * ConstantMethodref objects.
     */
    private static boolean validClassMethodName(final String name) {
        return validMethodName(name, false);
    }

    /**
     * This method returns true if and only if the supplied String represents a valid Java class name.
     */
    private static boolean validClassName(final String name) {
        /*
         * TODO: implement. Are there any restrictions?
         */
        Objects.requireNonNull(name, "name");
        return true;
    }

    /**
     * This method returns true if and only if the supplied String represents a valid Java field name.
     */
    private static boolean validFieldName(final String name) {
        // vmspec2 2.7, vmspec2 2.2
        return validJavaIdentifier(name);
    }

    /**
     * This method returns true if and only if the supplied String represents a valid Java interface method name that may be
     * referenced by ConstantInterfaceMethodref objects.
     */
    private static boolean validInterfaceMethodName(final String name) {
        // I guess we should assume special names forbidden here.
        if (name.startsWith("<")) {
            return false;
        }
        return validJavaLangMethodName(name);
    }

    /**
     * This method returns true if and only if the supplied String represents a valid Java identifier (so-called simple or
     * unqualified name).
     */
    private static boolean validJavaIdentifier(final String name) {
        // vmspec2 2.7, vmspec2 2.2
        if (name.isEmpty() || !Character.isJavaIdentifierStart(name.charAt(0))) {
            return false;
        }

        for (int i = 1; i < name.length(); i++) {
            if (!Character.isJavaIdentifierPart(name.charAt(i))) {
                return false;
            }
        }
        return true;
    }

    /**
     * This method returns true if and only if the supplied String represents a valid Java programming language method name
     * stored as a simple (non-qualified) name. Conforming to: The Java Virtual Machine Specification, Second Edition,
     * �2.7, �2.7.1, �2.2.
     */
    private static boolean validJavaLangMethodName(final String name) {
        return validJavaIdentifier(name);
    }

    /**
     * This method returns true if and only if the supplied String represents a valid method name. This is basically the
     * same as a valid identifier name in the Java programming language, but the special name for the instance
     * initialization method is allowed and the special name for the class/interface initialization method may be allowed.
     */
    private static boolean validMethodName(final String name, final boolean allowStaticInit) {
        if (validJavaLangMethodName(name)) {
            return true;
        }

        if (allowStaticInit) {
            return name.equals(Const.CONSTRUCTOR_NAME) || name.equals(Const.STATIC_INITIALIZER_NAME);
        }
        return name.equals(Const.CONSTRUCTOR_NAME);
    }

    /**
     * The LocalVariableInfo instances used by Pass3bVerifier. localVariablesInfos[i] denotes the information for the local
     * variables of method number i in the JavaClass this verifier operates on.
     */
    private LocalVariablesInfo[] localVariablesInfos;
    /** The Verifier that created this. */
    private final Verifier verifier;

    /**
     * Should only be instantiated by a Verifier.
     *
     * @see Verifier
     */
    public Pass2Verifier(final Verifier verifier) {
        this.verifier = verifier;
    }

    /**
     * Ensures that the constant pool entries satisfy the static constraints as described in The Java Virtual Machine
     * Specification, 2nd Edition.
     *
     * @throws ClassConstraintException otherwise.
     */
    private void constantPoolEntriesSatisfyStaticConstraints() {
        try {
            // Most of the consistency is handled internally by BCEL; here
            // we only have to verify if the indices of the constants point
            // to constants of the appropriate type and such.
            final JavaClass jc = Repository.lookupClass(verifier.getClassName());
            new CPESSC_Visitor(jc); // constructor implicitly traverses jc

        } catch (final ClassNotFoundException e) {
            // FIXME: this might not be the best way to handle missing classes.
            throw new AssertionViolatedException("Missing class: " + e, e);
        }
    }

    /**
     * Pass 2 is the pass where static properties of the class file are checked without looking into "Code" arrays of
     * methods. This verification pass is usually invoked when a class is resolved; and it may be possible that this
     * verification pass has to load in other classes such as superclasses or implemented interfaces. Therefore, Pass 1 is
     * run on them.<BR>
     * Note that most referenced classes are <B>not</B> loaded in for verification or for an existance check by this pass;
     * only the syntactical correctness of their names and descriptors (a.k.a. signatures) is checked.<BR>
     * Very few checks that conceptually belong here are delayed until pass 3a in JustIce. JustIce does not only check for
     * syntactical correctness but also for semantical sanity - therefore it needs access to the "Code" array of methods in
     * a few cases. Please see the pass 3a documentation, too.
     *
     * @see Pass3aVerifier
     */
    @Override
    public VerificationResult do_verify() {
        try {
            final VerificationResult vr1 = verifier.doPass1();
            if (vr1.equals(VerificationResult.VR_OK)) {

                // For every method, we could have information about the local variables out of LocalVariableTable attributes of
                // the Code attributes.
                localVariablesInfos = new LocalVariablesInfo[Repository.lookupClass(verifier.getClassName()).getMethods().length];

                VerificationResult vr = VerificationResult.VR_OK; // default.
                try {
                    constantPoolEntriesSatisfyStaticConstraints();
                    fieldAndMethodRefsAreValid();
                    everyClassHasAnAccessibleSuperclass();
                    finalMethodsAreNotOverridden();
                } catch (final ClassConstraintException cce) {
                    vr = new VerificationResult(VerificationResult.VERIFIED_REJECTED, cce.getMessage());
                }
                return vr;
            }
            return VerificationResult.VR_NOTYET;

        } catch (final ClassNotFoundException e) {
            // FIXME: this might not be the best way to handle missing classes.
            throw new AssertionViolatedException("Missing class: " + e, e);
        }
    }

    /**
     * Ensures that every class has a super class and that <B>final</B> classes are not subclassed. This means, the class
     * this Pass2Verifier operates on has proper super classes (transitively) up to {@link Object}. The reason for really
     * loading (and Pass1-verifying) all of those classes here is that we need them in Pass2 anyway to verify no final
     * methods are overridden (that could be declared anywhere in the ancestor hierarchy).
     *
     * @throws ClassConstraintException otherwise.
     */
    private void everyClassHasAnAccessibleSuperclass() {
        try {
            final Set<String> hs = new HashSet<>(); // save class names to detect circular inheritance
            JavaClass jc = Repository.lookupClass(verifier.getClassName());
            int supidx = -1;

            while (supidx != 0) {
                supidx = jc.getSuperclassNameIndex();

                if (supidx == 0) {
                    if (jc != Repository.lookupClass(Type.OBJECT.getClassName())) {
                        throw new ClassConstraintException(
                            "Superclass of '" + jc.getClassName() + "' missing but not " + Type.OBJECT.getClassName() + " itself!");
                    }
                } else {
                    final String supername = jc.getSuperclassName();
                    if (!hs.add(supername)) { // If supername already is in the list
                        throw new ClassConstraintException("Circular superclass hierarchy detected.");
                    }
                    final Verifier v = VerifierFactory.getVerifier(supername);
                    final VerificationResult vr = v.doPass1();

                    if (vr != VerificationResult.VR_OK) {
                        throw new ClassConstraintException("Could not load in ancestor class '" + supername + "'.");
                    }
                    jc = Repository.lookupClass(supername);

                    if (jc.isFinal()) {
                        throw new ClassConstraintException(
                            "Ancestor class '" + supername + "' has the FINAL access modifier and must therefore not be subclassed.");
                    }
                }
            }

        } catch (final ClassNotFoundException e) {
            // FIXME: this might not be the best way to handle missing classes.
            throw new AssertionViolatedException("Missing class: " + e, e);
        }
    }

    /**
     * Ensures that the ConstantCP-subclassed entries of the constant pool are valid. According to "Yellin: Low Level
     * Security in Java", this method does not verify the existence of referenced entities (such as classes) but only the
     * formal correctness (such as well-formed signatures). The visitXXX() methods throw ClassConstraintException instances
     * otherwise. <B>Precondition: index-style cross referencing in the constant pool must be valid. Simply invoke
     * constant_pool_entries_satisfy_static_constraints() before.</B>
     *
     * @throws ClassConstraintException otherwise.
     * @see #constantPoolEntriesSatisfyStaticConstraints()
     */
    private void fieldAndMethodRefsAreValid() {
        try {
            final JavaClass jc = Repository.lookupClass(verifier.getClassName());
            final DescendingVisitor v = new DescendingVisitor(jc, new FAMRAV_Visitor(jc));
            v.visit();

        } catch (final ClassNotFoundException e) {
            // FIXME: this might not be the best way to handle missing classes.
            throw new AssertionViolatedException("Missing class: " + e, e);
        }
    }

    /**
     * Ensures that <B>final</B> methods are not overridden. <B>Precondition to run this method:
     * constant_pool_entries_satisfy_static_constraints() and every_class_has_an_accessible_superclass() have to be invoked
     * before (in that order).</B>
     *
     * @throws ClassConstraintException otherwise.
     * @see #constantPoolEntriesSatisfyStaticConstraints()
     * @see #everyClassHasAnAccessibleSuperclass()
     */
    private void finalMethodsAreNotOverridden() {
        try {
            final Map<String, String> map = new HashMap<>();
            JavaClass jc = Repository.lookupClass(verifier.getClassName());

            int supidx = -1;
            while (supidx != 0) {
                supidx = jc.getSuperclassNameIndex();

                final Method[] methods = jc.getMethods();
                for (final Method method : methods) {
                    final String nameAndSig = method.getName() + method.getSignature();

                    if (map.containsKey(nameAndSig) && method.isFinal()) {
                        if (!method.isPrivate()) {
                            throw new ClassConstraintException("Method '" + nameAndSig + "' in class '" + map.get(nameAndSig)
                                + "' overrides the final (not-overridable) definition in class '" + jc.getClassName() + "'.");
                        }
                        addMessage("Method '" + nameAndSig + "' in class '" + map.get(nameAndSig)
                            + "' overrides the final (not-overridable) definition in class '" + jc.getClassName()
                            + "'. This is okay, as the original definition was private; however this constraint leverage"
                            + " was introduced by JLS 8.4.6 (not vmspec2) and the behavior of the Sun verifiers.");
                    } else if (!method.isStatic()) { // static methods don't inherit
                        map.put(nameAndSig, jc.getClassName());
                    }
                }

                jc = Repository.lookupClass(jc.getSuperclassName());
                // Well, for OBJECT this returns OBJECT so it works (could return anything but must not throw an Exception).
            }

        } catch (final ClassNotFoundException e) {
            // FIXME: this might not be the best way to handle missing classes.
            throw new AssertionViolatedException("Missing class: " + e, e);
        }

    }

    /**
     * Returns a LocalVariablesInfo object containing information about the usage of the local variables in the Code
     * attribute of the said method or <B>null</B> if the class file this Pass2Verifier operates on could not be
     * pass-2-verified correctly. The method number method_nr is the method you get using
     * <B>Repository.lookupClass(myOwner.getClassname()).getMethods()[method_nr];</B>. You should not add own information.
     * Leave that to JustIce.
     */
    public LocalVariablesInfo getLocalVariablesInfo(final int methodNr) {
        if (verify() != VerificationResult.VR_OK) {
            return null; // It's cached, don't worry.
        }
        if (methodNr < 0 || methodNr >= localVariablesInfos.length) {
            throw new AssertionViolatedException("Method number out of range.");
        }
        return localVariablesInfos[methodNr];
    }
}