// If the operation requests a specific type, we make sure its input is of that type.
if (type != value->GetType()) {
if (Primitive::IsFloatingPointType(type)) {
- return ssa_builder_->GetFloatOrDoubleEquivalent(value, type);
+ value = ssa_builder_->GetFloatOrDoubleEquivalent(value, type);
} else if (type == Primitive::kPrimNot) {
- return ssa_builder_->GetReferenceTypeEquivalent(value);
+ value = ssa_builder_->GetReferenceTypeEquivalent(value);
}
+ DCHECK(value != nullptr);
}
return value;
ArtField* MethodVerifier::GetInstanceField(const RegType& obj_type, int field_idx) {
const DexFile::FieldId& field_id = dex_file_->GetFieldId(field_idx);
- // Check access to class
+ // Check access to class.
const RegType& klass_type = ResolveClassAndCheckAccess(field_id.class_idx_);
if (klass_type.IsConflict()) {
AppendToLastFailMessage(StringPrintf(" in attempt to access instance field %d (%s) in %s",
DCHECK(self_->IsExceptionPending());
self_->ClearException();
return nullptr;
- } else if (!GetDeclaringClass().CanAccessMember(field->GetDeclaringClass(),
- field->GetAccessFlags())) {
- Fail(VERIFY_ERROR_ACCESS_FIELD) << "cannot access instance field " << PrettyField(field)
- << " from " << GetDeclaringClass();
- return nullptr;
- } else if (field->IsStatic()) {
- Fail(VERIFY_ERROR_CLASS_CHANGE) << "expected field " << PrettyField(field)
- << " to not be static";
- return nullptr;
} else if (obj_type.IsZero()) {
- // Cannot infer and check type, however, access will cause null pointer exception
- return field;
+ // Cannot infer and check type, however, access will cause null pointer exception.
+ // Fall through into a few last soft failure checks below.
} else if (!obj_type.IsReferenceTypes()) {
- // Trying to read a field from something that isn't a reference
+ // Trying to read a field from something that isn't a reference.
Fail(VERIFY_ERROR_BAD_CLASS_HARD) << "instance field access on object that has "
<< "non-reference type " << obj_type;
return nullptr;
<< " of " << PrettyMethod(dex_method_idx_, *dex_file_);
return nullptr;
}
- return field;
} else if (!field_klass.IsAssignableFrom(obj_type)) {
// Trying to access C1.field1 using reference of type C2, which is neither C1 or a sub-class
// of C1. For resolution to occur the declared class of the field must be compatible with
Fail(type) << "cannot access instance field " << PrettyField(field)
<< " from object of type " << obj_type;
return nullptr;
- } else {
- return field;
}
}
+
+ // Few last soft failure checks.
+ if (!GetDeclaringClass().CanAccessMember(field->GetDeclaringClass(),
+ field->GetAccessFlags())) {
+ Fail(VERIFY_ERROR_ACCESS_FIELD) << "cannot access instance field " << PrettyField(field)
+ << " from " << GetDeclaringClass();
+ return nullptr;
+ } else if (field->IsStatic()) {
+ Fail(VERIFY_ERROR_CLASS_CHANGE) << "expected field " << PrettyField(field)
+ << " to not be static";
+ return nullptr;
+ }
+
+ return field;
}
template <MethodVerifier::FieldAccessType kAccType>
// Initialize them as conflicts so they don't add to GC and deoptimization information.
const Instruction* ret_inst = Instruction::At(code_item_->insns_ + next_insn);
AdjustReturnLine(this, ret_inst, target_line);
+ // Directly bail if a hard failure was found.
if (have_pending_hard_failure_) {
return false;
}
The situations in these tests were discovered by running the mutating
dexfuzz on the DEX files of fuzzingly random generated Java test.
-(1) b/28908555:
- soft verification fail (on the final field modification) should
- not hide the hard verification fail (on the type mismatch) to
+(A) b/28908555:
+ soft verification failure (on the final field modification) should
+ not hide the hard verification failure (on the type mismatch) to
avoid compiler crash later on
-(2) b/29070461:
- hard failure (not calling super in constructor) should bail
- immediately and not allow soft fails to pile up behind it to
- avoid fatal message later on
-(3) b/29068831:
+(B) b/29070461:
+ hard verification failure (not calling super in constructor) should
+ bail immediately and not allow soft verification failures to pile up
+ behind it to avoid fatal message later on
+(C) b/29068831:
access validation should occur prior to null reference check
+(D) b/29126870:
+ soft verification failure (cannot access) should not hide the hard
+ verification failure (non-reference type) to avoid a compiler crash
+ later on
--- /dev/null
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+.class public LD;
+.super Ljava/lang/Object;
+
+.method public constructor <init>()V
+ .registers 2
+ invoke-direct {v1}, Ljava/lang/Object;-><init>()V
+ const v0, 2
+ iget v1, v0, LMain;->privateField:I
+ return-void
+.end method