1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 2 3 <html> 4 <head> 5 <title>Java bytecode constraints</title> 6 <link rel=stylesheet href="java-constraints.css"> 7 </head> 8 9 <body> 10 <h1> 11 Bytecode constraints 12 </h1> 13 14 <p> 15 From the point of view of a piece of code written in the Java 16 programming language or targeted in the same way to <code>.class</code> 17 files, the Dalvik VM aims to behave in a way 18 that is fully consistent with the language's definition. 19 That is, the code running in Dalvik will behave the same as it 20 would have running in any other virtual machine. This includes 21 verification failures. 22 The Dx/Dalvik system will check roughly the same 23 constraints that any other VM would, except as noted in the file 24 <a href="verifier.html">verifier.html</a>. The following table briefly 25 lists all Dx/Dalvik verification constraints together their analogs 26 from the book <i>The Java<super>TM</super> Language Specification</i>, 27 second edition. In the numbering scheme, the first three 28 elements refer to the specification chapter, the fourth one to the 29 bullet inside that chapter. The failure mode specifies whether the 30 constraint will fail during the Dx conversion or during verification in 31 the VM itself. 32 </p> 33 34 <h2> 35 Static constraints 36 </h2> 37 38 <p> 39 Static constraints are constraints on individual elements of the bytecode. 40 They usually can be checked without employing control or data-flow analysis 41 techniques. 42 </p> 43 44 <table> 45 <tr> 46 <th> 47 Identifier 48 </th> 49 50 <th> 51 Description 52 </th> 53 54 <th> 55 Spec equivalent 56 </th> 57 58 <th> 59 Failure mode 60 </th> 61 </tr> 62 63 <tr> 64 <td> 65 A1 66 </td> 67 68 <td> 69 The <code>code</code> array must not be empty. 70 </td> 71 72 <td> 73 4.8.1.1 74 </td> 75 76 <td> 77 DX 78 </td> 79 </tr> 80 81 <tr> 82 <td> 83 A2 84 </td> 85 86 <td> 87 The <code>code</code> array must not be larger than 65535 bytes. 88 </td> 89 90 <td> 91 4.8.1.2 92 </td> 93 94 <td> 95 DX 96 </td> 97 </tr> 98 99 <tr> 100 <td> 101 A3 102 </td> 103 104 <td> 105 The first opcode in <code>code</code> array must have index 106 <code>0</code>. 107 </td> 108 109 <td> 110 4.8.1.3 111 </td> 112 113 <td> 114 DX 115 </td> 116 </tr> 117 118 <tr> 119 <td> 120 A4 121 </td> 122 123 <td> 124 The <code>code</code> array must only contain valid opcodes. 125 </td> 126 127 <td> 128 4.8.1.4 129 </td> 130 131 <td> 132 DX 133 </td> 134 </tr> 135 136 <tr> 137 <td> 138 A5 139 </td> 140 141 <td> 142 The index of instruction <code>n+1</code> must equal the index of 143 instruction <code>n</code> plus the length of instruction 144 <code>n</code>, taking into account a possible <code>wide</code> 145 instruction. Opcodes modified by a <code>wide</code> instruction must 146 not be directly reachable. 147 </td> 148 149 <td> 150 4.8.1.5 151 </td> 152 153 <td> 154 DX 155 </td> 156 </tr> 157 158 <tr> 159 <td> 160 A6 161 </td> 162 163 <td> 164 The last instruction in <code>code</code> array must end at index 165 <code>code_length-1</code>. 166 </td> 167 168 <td> 169 4.8.1.6 170 </td> 171 172 <td> 173 DX 174 </td> 175 </tr> 176 177 <tr> 178 <td> 179 A7 180 </td> 181 182 <td> 183 All jump and branch targets must be opcodes within the same method. 184 Opcodes modified by a <code>wide</code> instruction must not be 185 directly reachable via a jump or branch instruction. 186 </td> 187 188 <td> 189 4.8.1.7 190 </td> 191 192 <td> 193 DX 194 </td> 195 </tr> 196 197 <tr> 198 <td> 199 A8 200 </td> 201 202 <td> 203 All targets of a <code>tableswitch</code> instruction must be opcodes 204 within the same method. Upper and lower bounds must be consistent. 205 Opcodes modified by a <code>wide</code> instruction must not be 206 directly reachable via a <code>tableswitch</code> instruction. 207 </td> 208 209 <td> 210 4.8.1.8 211 </td> 212 213 <td> 214 DX 215 </td> 216 </tr> 217 218 <tr> 219 <td> 220 A9 221 </td> 222 223 <td> 224 All targets of a <code>lookupswitch</code> instruction must be opcodes 225 within the same method. Its table must be consistent and sorted 226 low-to-high. Opcodes modified by a <code>wide</code> instruction must 227 not be directly reachable via a <code>lookupswitch</code> instruction. 228 </td> 229 230 <td> 231 4.8.1.9 232 </td> 233 234 <td> 235 DX 236 </td> 237 </tr> 238 239 <tr> 240 <td> 241 A10 242 </td> 243 244 <td> 245 The operands of <code>ldc</code> and <code>ldc_w</code> instructions 246 must be valid indices into the constant pool. The respective entries 247 must be of type <code>CONSTANT_Integer</code>, 248 <code>CONSTANT_Float</code>, or <code>CONSTANT_String</code>. 249 </td> 250 251 <td> 252 4.8.1.10 253 </td> 254 255 <td> 256 DX 257 </td> 258 </tr> 259 260 <tr> 261 <td> 262 A11 263 </td> 264 265 <td> 266 The operands of <code>ldc2_w</code> instructions must be valid indices 267 into the constant pool. The respective entries must be of type 268 <code>CONSTANT_Long</code> or <code>CONSTANT_Double</code>. The 269 subsequent constant pool entry must be valid and remain unused. 270 </td> 271 272 <td> 273 4.8.1.11 274 </td> 275 276 <td> 277 DX 278 </td> 279 </tr> 280 281 <tr> 282 <td> 283 A12 284 </td> 285 286 <td> 287 The Operands of <code>get<kind></code> and 288 <code>put<kind></code> instructions must be valid indices into 289 constant pool. The respective entries must be of type 290 <code>CONSTANT_Fieldref</code>. 291 </td> 292 293 <td> 294 4.8.1.12 295 </td> 296 297 <td> 298 DX 299 </td> 300 </tr> 301 302 <tr> 303 <td> 304 A13 305 </td> 306 307 <td> 308 The first two operands of <code>invokevirtual</code>, 309 <code>invokespecial</code>, and <code>invokestatic</code> must form a 310 valid 16-bit index into the constant pool. The respective entries must 311 be of type <code>CONSTANT_Methodref</code>. 312 </td> 313 314 <td> 315 4.8.1.13 316 </td> 317 318 <td> 319 DX 320 </td> 321 </tr> 322 323 <tr> 324 <td> 325 A14 326 </td> 327 328 <td> 329 Methods whose names start with '<' must only be invoked implicitly by 330 the VM, not by class file code. The only exception is the instance 331 initializer, which may be invoked byinvokespecial. 332 333 334335 4.8.1.14 336 337 338339 DX 340 341 342 343344 364 365345 A15 346 347 348349 The first two operands of 355 356invokeinterfacemust form a 350 valid 16-bit index into the constant pool. The entry must be of type 351CONSTANT_Interface_Methodref. The third operand must 352 specify number of local variables and the fourth operand must always 353 be zero. 354357 4.8.1.15 358 359 360361 DX 362 363366 387 388367 A16 368 369 370371 The operands of 378 379instanceof,checkcast, 372new, andanewarrayinstructions must 373 be a valid index into the constant pool. The first two operands of 374multianewarrayinstruction must form a valid 16-bit index 375 into the constant pool. All respective entries must be of type 376CONSTANT_Class. 377380 4.8.1.16 381 382 383384 DX 385 386389 406 407390 A17 391 392 393394 The dimensions of an array created by 397 398anewarray395 instructions must be less than256. 396399 4.8.1.17 400 401 402403 DX 404 405408 425 426409 A18 410 411 412413 The 416 417newinstruction must not reference array classes, 414 interfaces, or abstract classes. 415418 4.8.1.18 419 420 421422 DX 423 424427 445 446428 A19 429 430 431432 The type referenced by a 436 437multinewarrayinstruction must 433 have at least as many dimensions as specified in the instruction. The 434 dimensions operand must not be0435438 4.8.1.19 439 440 441442 DX 443 444447 464 465448 A20 449 450 451452 The type referenced by a 455 456newarrayinstruction must be a 453 valid, non-reference type. 454457 4.8.1.20 458 459 460461 DX 462 463466 484 485467 A21 468 469 470471 The index operand of instructions explicitly referencing single-width 472 local variables must be non-negative and smaller than 473 475 476max_locals. 474477 4.8.1.21 478 479 480481 DX 482 483486 504 505487 A22 488 489 490491 The index operand of instructions implicitly referencing single-width 492 local variables must be non-negative and smaller than 493 495 496max_locals. 494497 4.8.1.22 498 499 500501 DX 502 503506 524 525507 A23 508 509 510511 The index operand of instructions explicitly referencing double-width 512 local variables must be non-negative and smaller than 513 515 516max_locals-1. 514517 4.8.1.23 518 519 520521 DX 522 523526 544 545527 A24 528 529 530531 The index operand of instructions implicitly referencing double-width 532 local variables must be non-negative and smaller than 533 535 536max_locals-1. 534537 4.8.1.24 538 539 540541 DX 542 543546 564 565547 A25 548 549 550551 The index operand of 555 556wideinstructions explicitly 552 referencing single-width local variables must be non-negative and 553 smaller thanmax_locals. 554557 4.8.1.25 558 559 560561 DX 562 563566 584 585 586567 A26 568 569 570571 The index operand of 575 576wideinstructions explicitly 572 referencing double-width local variables must be non-negative and 573 smaller thanmax_locals-1. 574577 4.8.1.25 578 579 580581 DX 582 583587 Structural constraints 588
589 590591 Structural constraints are constraints on relationships between several 592 elements of the bytecode. They usually can't be checked without employing 593 control or data-flow analysis techniques. 594 </p> 595 596 <table> 597 <tr> 598 <th> 599 Identifier 600 </th> 601 602 <th> 603 Description 604 </th> 605 606 <th> 607 Spec equivalent 608 </th> 609 610 <th> 611 Failure mode 612 </th> 613 </tr> 614 615 <tr> 616 <td> 617 B1 618 </td> 619 620 <td> 621 The number and types of arguments (operands and local variables) must 622 always match the instruction. 623 </td> 624 625 <td> 626 4.8.2.1 627 </td> 628 629 <td> 630 DX 631 </td> 632 </tr> 633 634 <tr> 635 <td> 636 B2 637 </td> 638 639 <td> 640 The operand stack must have the same depth for all executions paths 641 leading to an instruction. 642 </td> 643 644 <td> 645 4.8.2.2 646 </td> 647 648 <td> 649 DX 650 </td> 651 </tr> 652 653 <tr> 654 <td> 655 B3 656 </td> 657 658 <td> 659 Local variable pairs must never be broken up. 660 </td> 661 662 <td> 663 4.8.2.3 664 </td> 665 666 <td> 667 DX 668 </td> 669 </tr> 670 671 <tr> 672 <td> 673 B4 674 </td> 675 676 <td> 677 A local variable (or pair) has to be assigned first before it can be 678 read. 679 </td> 680 681 <td> 682 4.8.2.4 683 </td> 684 685 <td> 686 DX 687 </td> 688 </tr> 689 690 <tr> 691 <td> 692 B5 693 </td> 694 695 <td> 696 The operand stack must never grow beyond <code>max_stack</code>. 697 </td> 698 699 <td> 700 4.8.2.5 701 </td> 702 703 <td> 704 DX 705 </td> 706 </tr> 707 708 <tr> 709 <td> 710 B6 711 </td> 712 713 <td> 714 The operand stack must never underflow. 715 </td> 716 717 <td> 718 4.8.2.6 719 </td> 720 721 <td> 722 DX 723 </td> 724 </tr> 725 726 <tr> 727 <td> 728 B7 729 </td> 730 731 <td> 732 An <code>invokespecial</code> instruction must only invoke an instance 733 initializer or a method in the current class or one of its 734 superclasses. 735 </td> 736 737 <td> 738 4.8.2.7 739 </td> 740 741 <td> 742 VM 743 </td> 744 </tr> 745 746 <tr> 747 <td> 748 B8 749 </td> 750 751 <td> 752 An instance initializer must only be invoked on an uninitialized 753 instance residing on the operand stack. 754 </td> 755 756 <td> 757 4.8.2.8 758 </td> 759 760 <td> 761 VM 762 </td> 763 </tr> 764 765 <tr> 766 <td> 767 B9 768 </td> 769 770 <td> 771 Instance methods may only be invoked on and instance fields may only 772 be accessed on already initialized instances. 773 </td> 774 775 <td> 776 4.8.2.9 777 </td> 778 779 <td> 780 VM 781 </td> 782 </tr> 783 784 <tr> 785 <td> 786 B10 787 </td> 788 789 <td> 790 The must be no backwards branches with uninitialized instances on the 791 operand stack or in local variables. There must be no code protected 792 by an exception handler that contains local variables with 793 uninitialized instances. 794 </td> 795 796 <td> 797 4.8.2.10 798 </td> 799 800 <td> 801 DX 802 </td> 803 </tr> 804 805 <tr> 806 <td> 807 B11 808 </td> 809 810 <td> 811 An instance initializer must call another instance initializer (same 812 class or superclass) before any instance members can be accessed. 813 Exceptions are non-inherited instance fields, which can be assigned 814 before calling another initializer, and the <code>Object</code> class 815 in general. 816 </td> 817 818 <td> 819 4.8.2.11 820 </td> 821 822 <td> 823 VM 824 </td> 825 </tr> 826 827 <tr> 828 <td> 829 B12 830 </td> 831 832 <td> 833 All actual method arguments must be assignment-compatible with formal 834 arguments. 835 </td> 836 837 <td> 838 4.8.2.12 839 </td> 840 841 <td> 842 VM 843 </td> 844 </tr> 845 846 <tr> 847 <td> 848 B13 849 </td> 850 851 <td> 852 For each instance method invocation, the actual instance must be 853 assignment-compatible with the class or interface specified in the 854 instruction. 855 </td> 856 857 <td> 858 4.8.2.13 859 </td> 860 861 <td> 862 VM 863 </td> 864 </tr> 865 866 <tr> 867 <td> 868 B14 869 </td> 870 871 <td> 872 A returns instruction must match its method's return type. 873 </td> 874 875 <td> 876 4.8.2.14 877 </td> 878 879 <td> 880 VM 881 </td> 882 </tr> 883 884 <tr> 885 <td> 886 B15 887 </td> 888 889 <td> 890 When accessing protected members of a superclass, the actual type of 891 the instance being accessed must be either the current class or one 892 of its subclasses. 893 </td> 894 895 <td> 896 4.8.2.15 897 </td> 898 899 <td> 900 VM 901 </td> 902 </tr> 903 904 <tr> 905 <td> 906 B16 907 </td> 908 909 <td> 910 The type of a value stored into a static field must be 911 assignment-compatible with or convertible to the field's type. 912 </td> 913 914 <td> 915 4.8.2.16 916 </td> 917 918 <td> 919 VM 920 </td> 921 </tr> 922 923 <tr> 924 <td> 925 B17 926 </td> 927 928 <td> 929 The type of a value stored into a field must be assignment-compatible 930 with or convertible to the field's type. 931 </td> 932 933 <td> 934 4.8.2.17 935 </td> 936 937 <td> 938 VM 939 </td> 940 </tr> 941 942 <tr> 943 <td> 944 B18 945 </td> 946 947 <td> 948 The type of every value stored into an array must be 949 assignment-compatible with the array's component type. 950 </td> 951 952 <td> 953 4.8.2.18 954 </td> 955 956 <td> 957 VM 958 </td> 959 </tr> 960 961 <tr> 962 <td> 963 B19 964 </td> 965 966 <td> 967 The operand of an <code>athrow</code> instruction must be 968 assignment-compatible with <code>java.lang.Throwable</code>. 969 </td> 970 971 <td> 972 4.8.2.19 973 </td> 974 975 <td> 976 VM 977 </td> 978 </tr> 979 980 <tr> 981 <td> 982 B20 983 </td> 984 985 <td> 986 The last reachable instruction of a method must either be a backwards 987 jump or branch, a return, or an <code>athrow</code> instruction. It 988 must not be possible to leave the <code>code</code> array at the 989 bottom. 990 </td> 991 992 <td> 993 4.8.2.20 994 </td> 995 996 <td> 997 VM 998 </td> 999 </tr> 1000 1001 <tr> 1002 <td> 1003 B21 1004 </td> 1005 1006 <td> 1007 Local variable values must not be used as return addresses. 1008 </td> 1009 1010 <td> 1011 4.8.2.21 1012 </td> 1013 1014 <td> 1015 VM 1016 </td> 1017 </tr> 1018 1019 <tr> 1020 <td> 1021 B22 1022 </td> 1023 1024 <td> 1025 There must be a single, uniquely determined return instruction per 1026 subroutine call. 1027 </td> 1028 1029 <td> 1030 4.8.2.22 1031 </td> 1032 1033 <td> 1034 VM 1035 </td> 1036 </tr> 1037 1038 <tr> 1039 <td> 1040 B23 1041 </td> 1042 1043 <td> 1044 Subroutine calls must not be directly or indirectly self-recursive. 1045 </td> 1046 1047 <td> 1048 4.8.2.23 1049 </td> 1050 1051 <td> 1052 DX 1053 </td> 1054 </tr> 1055 1056 <tr> 1057 <td> 1058 B24 1059 </td> 1060 1061 <td> 1062 <code>ReturnAddress</code> instances must not be reused. If a 1063 subroutine returns to a <code>ReturnAddress</code> further up the 1064 stack than where its original call instruction is located, then all 1065 <code>ReturnAddress</code> instances further down the stack must 1066 never be used. 1067 </td> 1068 1069 <td> 1070 4.8.2.24 1071 </td> 1072 1073 <td> 1074 DX 1075 </td> 1076 </tr> 1077 1078 </table> 1079 </body> 1080 </html> 1081
