Thursday, March 31, 2011

How do generics (Vector) work inside the AVM?

Support for generics (currently only Vector.<*>, and called 'postfix type parameters' by Adobe) was added in Flash Player 10, but the only AVM2 documentation does not describe how these objects are accessed.

Specifically, I noticed a new opcode (0x53) and a new multiname kind (0x1D) that seem relevant, but their usage is not documented.

NB: This question was created with the answer already known as it is more easily found here than on my blog or the Adobe Bug DB.

From stackoverflow

  • The reverse engineering work I did on this did not include declaring your own generic types, though it's very likely possible.

    References to the declaring (parameterless) generic type (Vector) are made through a regular qualified name (though any multiname should do).

    References to a typed generic type (Vector.<int> as opposed to Vector.<>) are made by a new multiname kind (0x1D), which I call GenericName. GenericName has a format like so:

    [Kind] [TypeDefinition] [ParamCount] [Param1] [Param2] [ParamN]

    Where:

    • [TypeDefinition] is a U30 into the multiname table
    • [ParamCount] is a U8 (U30?) of how many type parameters there are
    • [ParamX] is a U30 into the multiname table.

    Obviously generics are not generally supported yet, so ParamCount will always be 1 (for Vector.<*>).

    The other interesting thing is how instances of the class are created. A new opcode was added in Flash 10 (0x53), which I will call MakeGenericType. MakeGenericType is declared with the following stack:

    TypeDefinition, ParameterType1, ParameterTypeN -> GenericType

    It also has one parameter, a U8 (U30?) specifying how many parameters are on the stack. You will generally see MakeGenericType being used like this:

    GetLex [TypeDefinitionMultiname]
GetLex [ParameterTypeMultiname]
MakeGeneric [ParamCount]
Coerce [GenericNameMultiname]
Construct [ConstructorParamCount]

    So if you had the following...

    GetLex __AS3__.vec::Vector
GetLex int
MakeGeneric 1
Coerce __AS3__.vec::Vector.<int>
Construct 0

    You would now have an instance of Vector.<int>

    yuku : I really enjoy knowing internals of as3/avm2. Thanks for sharing this!
    Heath Hunnicutt : You are wonderful. Thank you.
    Heath Hunnicutt : Here is a link to a PDF with opcodes 0x35-0x38, 0x3a-0x3e, 0x50-0x52 -- these were new for the "alchemy" project. I know that 0x39 exists and it appears to consume one integer value off the stack, but I do not know what it might do. Link: http://llvm.org/devmtg/2008-08/Petersen_FlashCCompiler.pdf
    Heath Hunnicutt : Per the tamarin source code at http://hg.mozilla.org/tamarin-central/file/072e85a58498/core/Interpreter.cpp, line 2492, the paramcount is a u30. Also, the instruction name given there is, "applytype".
    Heath Hunnicutt : Accourding to tamarin source, PoolObject.cpp, line 552, the ParamCount in the multiname (which must be 1) is also a U30 (in the multiname_info). The paramcount to applytype is a U30 in the opcode stream.
Posted by Mu Cat at 11:54 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)