1## Current layout model of a method 2 3``` 4========= 5 ... 6 code 7 ... 8--------- 9 ... 10exception 11handler 12 ... 13--------- 14 ... 15 code 16 ... 17--------- 18 ... 19exception 20handler 21 ... 22 ------- 23 inner 24 exc. 25 handler 26 ------- 27 ... 28--------- 29 ... 30 code 31 ... 32========= 33 34``` 35 36I.e. layout of exception handlers is rather flexible, even 37handler in handler is allowed. 38 39## Cflow transitions, which are subjects for checks 40 41### Execution beyond method body 42 43``` 44========= 45 ... 46 code 47 ... 48--------- 49 ... 50exception 51handler 52 ... 53--------- 54 ... 55 code 56 ... 57 ldai 0 ---\ 58========= | 59 <----/ 60``` 61 62``` 63========= 64 ... 65 code 66 ... 67--------- 68 ... 69exception 70handler 71 ... 72 jmp -----\ 73 ... | 74========= | 75 <----/ 76``` 77 78Mis-jumps, or improper termination of cflow at the end of the body are prohibited. 79 80``` 81========= 82 ... 83 code 84 ... 85--------- 86 ... 87exception 88handler 89 ... 90--------- 91 ... 92lbl: <-----\ 93 ... | 94 code | 95 ... | 96 jeqz lbl -+ 97========= | 98 <----/ 99``` 100 101Conditional jumps are in grey zone, if they may be proven as always jump 102into code, then they will be considered ok. Currently, due to imprecision 103of verifier, conditional jumps at the end of the method are prohibited. 104 105### Code to exception handler 106 107direct jumps: 108 109``` 110========= 111 ... 112 code 113 ... 114 jmp catch1--\ 115 ... | 116--------- | 117catch1: <------/ 118 ... 119exception 120handler 121 ... 122--------- 123 ... 124``` 125 126fallthrough: 127 128``` 129========= 130 ... 131 code 132 ... 133 ldai 3 --\ 134--------- | 135catch1: <---/ 136 ... 137exception 138handler 139 ... 140--------- 141 ... 142``` 143 144By default only `throw` transition is allowed. Neither `jmp`, nor 145fallthrough on beginning of exception handler are allowed. 146 147This behavior may be altered by option `C-TO-H`. 148 149### Code into exception handler 150 151``` 152========= 153 ... 154 code 155 ... 156 jmp lbl1 --\ 157 ... | 158--------- | 159catch: | 160 ... | 161lbl1: <----/ 162 ldai 3 163 ... 164exception 165handler 166 ... 167--------- 168 ... 169``` 170 171Jumps into body of exception handler from code is prohibited by default. 172 173### Handler to handler 174 175direct jumps: 176 177``` 178========= 179 ... 180 code 181 ... 182--------- 183catch1: 184 ... 185exception 186handler 187 ... 188 jmp catch2--\ 189 ... | 190--------- | 191catch2: <------/ 192 ... 193exception 194handler 195 ... 196--------- 197 ... 198``` 199 200fallthrough: 201 202``` 203========= 204 ... 205 code 206 ... 207--------- 208catch1: 209 ... 210exception 211handler 212 ... 213 ldai 3 --\ 214--------- | 215catch2: <---/ 216 ... 217exception 218handler 219 ... 220--------- 221 ... 222``` 223 224By default such transition of control flow is prohibited. 225 226### Handler into handler 227 228direct jumps: 229 230``` 231========= 232 ... 233 code 234 ... 235--------- 236catch1: 237 ... 238exception 239handler 240 ... 241 jmp lbl ---\ 242 ... | 243--------- | 244catch2: | 245 ... | 246lbl: <------/ 247 ldai 3 248 ... 249exception 250handler 251 ... 252--------- 253 ... 254``` 255 256fallthrough from inner handler: 257 258``` 259========= 260 ... 261 code 262 ... 263--------- 264catch1: 265 ... 266outer 267exception 268handler 269 ... 270 ------- 271catch2: 272 ... 273lbl: 274 ldai 3 275 ... 276 inner 277 exc. 278 handler 279 ... 280 ldai 0 --\ 281 ------- | 282 ... <--/ 283outer 284exc. 285handler 286 ... 287--------- 288 ... 289``` 290 291By default such cflow transitions are prohibited. 292 293### Handler into code 294 295``` 296========= 297 ... 298 code 299 ... 300lbl: <-------\ 301 ... | 302--------- | 303 ... | 304exception | 305handler | 306 ... | 307 jmp lbl ---/ 308 ... 309--------- 310 ... 311``` 312 313By default such jumps are prohibited currently. 314