Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / docs / source.android.com / 4da7c47c136b3f08a4a9264158b7969d3467426b / . / src / devices / tech / dalvik / constraints.jd
blob: c95bae03b8d0901c059c35ced4acaa26f3e6ed2c [file] [log] [blame]
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]1page.title=Constraints
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]2@jd:body
3
4<!--
5 Copyright 2015 The Android Open Source Project
6
7 Licensed under the Apache License, Version 2.0 (the "License");
8 you may not use this file except in compliance with the License.
9 You may obtain a copy of the License at
10
11 http://www.apache.org/licenses/LICENSE-2.0
12
13 Unless required by applicable law or agreed to in writing, software
14 distributed under the License is distributed on an "AS IS" BASIS,
15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 See the License for the specific language governing permissions and
17 limitations under the License.
18-->
19
20
21<div id="qv-wrapper">
22<div id="qv">
23 <h2 id="Contents">In this document</h2>
24 <ol id="auto-toc">
25 </ol>
26</div>
27</div>
28
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]29<p>A <code>.dex</code> file is the transport format for Dalvik Bytecode. There are certain
30syntactical and semantical constraints for a file to be a valid <code>.dex</code> file, and
31a runtime is required to support only valid .dex files.</p>
32
33 <h2 id="gen-constraints">General .dex integrity constraints</h2>
34
35 <p>General integrity constraints are concerned with the larger structure of a
36 <code>.dex</code> file, as described in detail in <a href="dex-format.html"><code>.dex</code>
37 format</a>.</p>
38
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]39 <table>
40 <tr>
41 <th>
42 Identifier
43 </th>
44
45 <th>
46 Description
47 </th>
48 </tr>
49
50 <tr>
51 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]52 G1
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]53 </td>
54
55 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]56 The <code>magic</code> number of the <code>.dex</code> file must be: <code>dex\n035\0</code>
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]57 </td>
58 </tr>
59
60 <tr>
61 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]62 G2
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]63 </td>
64
65 <td>
66 The checksum must be an Adler-32 checksum of the whole file contents
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]67 except <code>magic</code> and <code>checksum</code> field.
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]68 </td>
69 </tr>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]70
71 <tr>
72 <td>
73 G3
74 </td>
75
76 <td>
77 The signature must be a SHA-1 hash of the whole file contents except <code>magic</code>,
78 <code>checksum</code>, and <code>signature</code>.
79 </td>
80 </tr>
81
82 <tr>
83 <td>
84 G4
85 </td>
86
87 <td>
88 The <code>file_size</code> must match the actual file size in bytes.
89 </td>
90 </tr>
91
92
93 <tr>
94 <td>
95 G5
96 </td>
97
98 <td>
99 The <code>header_size</code> must have the value: <code>0x70</code>
100 </td>
101 </tr>
102
103 <tr>
104 <td>
105 G6
106 </td>
107
108 <td>
109 The <code>endian_tag</code> must have either the value:
110 <code>ENDIAN_CONSTANT</code> or <code>REVERSE_ENDIAN_CONSTANT</code>
111 </td>
112 </tr>
113
114 <tr>
115 <td>
116 G7
117 </td>
118
119 <td>
120 For each of the <code>link</code>, <code>string_ids</code>,
121 <code>type_ids</code>, <code>proto_ids</code>,
122 <code>field_ids</code>, <code>method_ids</code>, <code>class_defs</code>, and
123 <code>data</code> sections, the <code>offset</code> and <code>size</code> fields must be
124 either both zero or both non-zero. In the latter case, the offset must be
125 four-byte-aligned.
126 </td>
127 </tr>
128
129 <tr>
130 <td>
131 G8
132 </td>
133
134 <td>
135 All offset fields in the header except <code>map_off</code> must be four-byte-aligned.
136 </td>
137 </tr>
138
139 <tr>
140 <td>
141 G9
142 </td>
143
144 <td>
145 The <code>map_off</code> field must be either zero or point into the
146 data section. In the latter case, the <code>data</code> section must exist.
147 </td>
148 </tr>
149
150 <tr>
151 <td>
152 G10
153 </td>
154
155 <td>
156 None of the <code>link</code>, <code>string_ids</code>,
157 <code>type_ids</code>, <code>proto_ids</code>, <code>field_ids</code>,
158 <code>method_ids</code>, <code>class_defs</code> and <code>data</code> sections
159 must overlap each other or the header.
160 </td>
161 </tr>
162
163 <tr>
164 <td>
165 G11
166 </td>
167
168 <td>
169 If a map exists, then each map entry must have a valid type. Each type may appear at most once.
170 </td>
171 </tr>
172
173 <tr>
174 <td>
175 G12
176 </td>
177
178 <td>
179 If a map exists, then each map entry must have a non-zero offset and
180 size. The offset must point into the corresponding section of the file (i.e. a
181 <code>string_id_item</code> must point into the <code>string_ids</code> section) and the explicit or
182 implicit size of the item must match the actual contents and size of the
183 section.
184 </td>
185 </tr>
186
187 <tr>
188 <td>
189 G13
190 </td>
191
192 <td>
193 If a map exists, then the offset of map entry <code>n+1</code> must be greater or
194 equal to the offset of map entry <code>n plus than size of map entry n</code>. This implies
195 non-overlapping entries and low-to-high ordering.
196 </td>
197 </tr>
198
199 <tr>
200 <td>
201 G14
202 </td>
203
204 <td>
205 The following types of entries must have an offset that is
206 four-byte-aligned: <code>string_id_item</code>,
207 <code>type_id_item</code>, <code>proto_id_item</code>,
208 <code>field_id_item</code>,
209 <code>method_id_item</code>, <code>class_def_item</code>,
210 <code>type_list</code>, <code>code_item</code>,
211 <code>annotations_directory_item</code>.
212 </td>
213 </tr>
214
215 <tr>
216 <td>
217 G15
218 </td>
219
220 <td>
221 For each <code>string_id_item</code>, the <code>string_data_off</code> field must contain a
222 valid reference into the <code>data</code> section. For the referenced <code>string_data_item</code>, the
223 <code>data</code> field must contain a valid MUTF-8 string, and the <code>utf16_size</code> must match
224 the decoded length of the string.
225 </td>
226 </tr>
227
228 <tr>
229 <td>
230 G16
231 </td>
232
233 <td>
David Pursehouse7b8b01d2015-08-21 18:17:28 +0900[diff] [blame]234 For each <code>type_id_item</code>, the <code>descriptor_idx</code> field must contain a valid
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]235 reference into the <code>string_ids</code> list. The referenced string must be a valid type
236 descriptor.
237 </td>
238 </tr>
239
240 <tr>
241 <td>
242 G17
243 </td>
244
245 <td>
246 For each <code>proto_id_item</code>, the <code>shorty_idx</code> field must contain a valid
247 reference into the <code>string_ids</code> list. The referenced string must be a valid
248 shorty descriptor. Also, the <code>return_type_idx</code> field must be a valid index into
249 the <code>type_ids</code> section, and the <code>parameters_off</code> field must be either zero or a
250 valid offset pointing into the <code>data</code> section. If non-zero, the parameter list
251 must not contain any void entries.
252 </td>
253 </tr>
254
255 <tr>
256 <td>
257 G18
258 </td>
259
260 <td>
261 For each <code>field_id_item</code>, both the <code>class_idx</code> and <code>type_idx</code> fields must
262 be valid indices into the <code>type_ids</code> list. The entry referenced by <code>class_idx</code>
263 must be a non-array reference type. In addition, the <code>name_idx</code> field must be a
264 valid reference into the <code>string_ids</code> section, and the contents of the referenced
265 entry must conform to the <code>MemberName</code> specification.
266 </td>
267 </tr>
268
269 <tr>
270 <td>
271 G19
272 </td>
273
274 <td>
275 For each <code>method_id_item</code>, the <code>class_idx</code> field must be a valid index
276 into the <code>type_ids</code> section, and the referenced entry must be a non-array
277 reference type. The <code>proto_id</code> field must be a valid reference into the <code>proto_ids</code>
278 list. The <code>name_idx</code> field must be a valid reference into the <code>string_ids</code> section,
279 and the contents of the referenced entry must conform to the <code>MemberName</code>
280 specification.
281 </td>
282 </tr>
283
284 <tr>
285 <td>
286 G20
287 </td>
288
289 <td>
290 For each <code>field_id_item</code>, the <code>class_idx</code> field must be a valid index
291 into the <code>type_ids</code> list. The referenced entry must be a non-array reference
292 type.
293 </td>
294 </tr>
295
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]296</table>
297
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]298<h2 id="static-constraints">
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]299 Static bytecode constraints
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]300 </h2>
301
302 <p>
303 Static constraints are constraints on individual elements of the bytecode.
304 They usually can be checked without employing control or data-flow analysis
305 techniques.
306 </p>
307
308 <table>
309 <tr>
310 <th>
311 Identifier
312 </th>
313
314 <th>
315 Description
316 </th>
317 </tr>
318
319 <tr>
320 <td>
321 A1
322 </td>
323
324 <td>
325 The <code>insns</code> array must not be empty.
326 </td>
327 </tr>
328
329 <tr>
330 <td>
331 A2
332 </td>
333
334 <td>
335 The first opcode in the <code>insns</code> array must have index zero.
336 </td>
337 </tr>
338
339 <tr>
340 <td>
341 A3
342 </td>
343
344 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]345 The <code>insns</code> array must contain only valid Dalvik opcodes.
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]346 </td>
347 </tr>
348
349 <tr>
350 <td>
351 A4
352 </td>
353
354 <td>
355 The index of instruction <code>n+1</code> must equal the index of
356 instruction <code>n</code> plus the length of instruction
357 <code>n</code>, taking into account possible operands.
358 </td>
359 </tr>
360
361 <tr>
362 <td>
363 A5
364 </td>
365
366 <td>
367 The last instruction in the <code>insns</code> array must end at index
368 <code>insns_size-1</code>.
369 </td>
370 </tr>
371
372 <tr>
373 <td>
374 A6
375 </td>
376
377 <td>
378 All <code>goto</code> and <code>if-&lt;kind&gt;</code> targets must
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]379 be opcodes within the same method.
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]380 </td>
381 </tr>
382
383 <tr>
384 <td>
385 A7
386 </td>
387
388 <td>
389 All targets of a <code>packed-switch</code> instruction must be
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]390 opcodes within the same method. The size and the list of targets
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]391 must be consistent.
392 </td>
393 </tr>
394
395 <tr>
396 <td>
397 A8
398 </td>
399
400 <td>
401 All targets of a <code>sparse-switch</code> instruction must be
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]402 opcodes within the same method. The corresponding table must be
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]403 consistent and sorted low-to-high.
404 </td>
405 </tr>
406
407 <tr>
408 <td>
409 A9
410 </td>
411
412 <td>
413 The <code>B</code> operand of the <code>const-string</code> and
414 <code>const-string/jumbo</code> instructions must be a valid index
415 into the string constant pool.
416 </td>
417 </tr>
418
419 <tr>
420 <td>
421 A10
422 </td>
423
424 <td>
425 The <code>C</code> operand of the <code>iget&lt;kind&gt;</code> and
426 <code>iput&lt;kind&gt;</code> instructions must be a valid index into
427 the field constant pool. The referenced entry must represent an
428 instance field.
429 </td>
430 </tr>
431
432 <tr>
433 <td>
434 A11
435 </td>
436
437 <td>
438 The <code>C</code> operand of the <code>sget&lt;kind&gt;</code> and
439 <code>sput&lt;kind&gt;</code> instructions must be a valid index into
440 the field constant pool. The referenced entry must represent a static
441 field.
442 </td>
443 </tr>
444
445 <tr>
446 <td>
447 A12
448 </td>
449
450 <td>
451 The <code>C</code> operand of the <code>invoke-virtual</code>,
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]452 <code>invoke-super</code>, <code>invoke-direct</code> and
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]453 <code>invoke-static</code> instructions must be a valid index into the
454 method constant pool. In all cases, the referenced
455 <code>method_id</code> must belong to a class (not an interface).
456 </td>
457 </tr>
458
459 <tr>
460 <td>
461 A13
462 </td>
463
464 <td>
465 The <code>B</code> operand of the <code>invoke-virtual/range</code>,
466 <code>invoke-super/range</code>, <code>invoke-direct/range</code>, and
467 <code>invoke-static/range</code> instructions must be a valid index
468 into the method constant pool. In all cases, the referenced
469 <code>method_id</code> must belong to a class (not an interface).
470 </td>
471 </tr>
472
473 <tr>
474 <td>
475 A14
476 </td>
477
478 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]479 A method the name of which starts with a '&lt;' must only be invoked
480 implicitly by the VM, not by code originating from a <code>.dex</code> file. The
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]481 only exception is the instance initializer, which may be invoked by
482 <code>invoke-direct</code>.
483 </td>
484 </tr>
485
486 <tr>
487 <td>
488 A15
489 </td>
490
491 <td>
492 The <code>C</code> operand of the <code>invoke-interface</code>
493 instruction must be a valid index into the method constant pool. The
494 referenced <code>method_id</code> must belong to an interface (not a
495 class).
496 </td>
497 </tr>
498
499 <tr>
500 <td>
501 A16
502 </td>
503
504 <td>
505 The <code>B</code> operand of the <code>invoke-interface/range</code>
506 instruction must be a valid index into the method constant pool.
507 The referenced <code>method_id</code> must belong to an interface (not
508 a class).
509 </td>
510 </tr>
511
512 <tr>
513 <td>
514 A17
515 </td>
516
517 <td>
518 The <code>B</code> operand of the <code>const-class</code>,
519 <code>check-cast</code>, <code>new-instance</code>, and
520 <code>filled-new-array/range</code> instructions must be a valid index
521 into the type constant pool.
522 </td>
523 </tr>
524
525 <tr>
526 <td>
527 A18
528 </td>
529
530 <td>
531 The <code>C</code> operand of the <code>instance-of</code>,
532 <code>new-array</code>, and <code>filled-new-array</code>
533 instructions must be a valid index into the type constant pool.
534 </td>
535 </tr>
536
537 <tr>
538 <td>
539 A19
540 </td>
541
542 <td>
543 The dimensions of an array created by a <code>new-array</code>
544 instruction must be less than <code>256</code>.
545 </td>
546 </tr>
547
548 <tr>
549 <td>
550 A20
551 </td>
552
553 <td>
554 The <code>new</code> instruction must not refer to array classes,
555 interfaces, or abstract classes.
556 </td>
557 </tr>
558
559 <tr>
560 <td>
561 A21
562 </td>
563
564 <td>
565 The type referred to by a <code>new-array</code> instruction must be
566 a valid, non-reference type.
567 </td>
568 </tr>
569
570 <tr>
571 <td>
572 A22
573 </td>
574
575 <td>
576 All registers referred to by an instruction in a single-width
577 (non-pair) fashion must be valid for the current method. That is,
578 their indices must be non-negative and smaller than
579 <code>registers_size</code>.
580 </td>
581 </tr>
582
583 <tr>
584 <td>
585 A23
586 </td>
587
588 <td>
589 All registers referred to by an instruction in a double-width (pair)
590 fashion must be valid for the current method. That is, their indices
591 must be non-negative and smaller than <code>registers_size-1</code>.
592 </td>
593 </tr>
594 </table>
595
596 <h2 id="struct-constraints">
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]597 Structural bytecode constraints
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]598 </h2>
599
600 <p>
601 Structural constraints are constraints on relationships between several
602 elements of the bytecode. They usually can't be checked without employing
603 control or data-flow analysis techniques.
604 </p>
605
606 <table>
607 <tr>
608 <th>
609 Identifier
610 </th>
611
612 <th>
613 Description
614 </th>
615 </tr>
616
617 <tr>
618 <td>
619 B1
620 </td>
621
622 <td>
623 The number and types of arguments (registers and immediate values)
624 must always match the instruction.
625 </td>
626 </tr>
627
628 <tr>
629 <td>
630 B2
631 </td>
632
633 <td>
634 Register pairs must never be broken up.
635 </td>
636 </tr>
637
638 <tr>
639 <td>
640 B3
641 </td>
642
643 <td>
644 A register (or pair) has to be assigned first before it can be
645 read.
646 </td>
647 </tr>
648
649 <tr>
650 <td>
651 B4
652 </td>
653
654 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]655 An <code>invoke-direct</code> instruction must invoke an instance
656 initializer or a method only in the current class or one of its
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]657 superclasses.
658 </td>
659 </tr>
660
661 <tr>
662 <td>
663 B5
664 </td>
665
666 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]667 An instance initializer must be invoked only on an uninitialized
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]668 instance.
669 </td>
670 </tr>
671
672 <tr>
673 <td>
674 B6
675 </td>
676
677 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]678 Instance methods may be invoked only on and instance fields may only
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]679 be accessed on already initialized instances.
680 </td>
681 </tr>
682
683 <tr>
684 <td>
685 B7
686 </td>
687
688 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]689 A register that holds the result of a <code>new-instance</code>
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]690 instruction must not be used if the same
691 <code>new-instance</code> instruction is again executed before
692 the instance is initialized.
693 </td>
694 </tr>
695
696 <tr>
697 <td>
698 B8
699 </td>
700
701 <td>
702 An instance initializer must call another instance initializer (same
703 class or superclass) before any instance members can be accessed.
704 Exceptions are non-inherited instance fields, which can be assigned
705 before calling another initializer, and the <code>Object</code> class
706 in general.
707 </td>
708 </tr>
709
710 <tr>
711 <td>
712 B9
713 </td>
714
715 <td>
716 All actual method arguments must be assignment-compatible with their
717 respective formal arguments.
718 </td>
719 </tr>
720
721 <tr>
722 <td>
723 B10
724 </td>
725
726 <td>
727 For each instance method invocation, the actual instance must be
728 assignment-compatible with the class or interface specified in the
729 instruction.
730 </td>
731 </tr>
732
733 <tr>
734 <td>
735 B11
736 </td>
737
738 <td>
739 A <code>return&lt;kind&gt;</code> instruction must match its
740 method's return type.
741 </td>
742 </tr>
743
744 <tr>
745 <td>
746 B12
747 </td>
748
749 <td>
750 When accessing protected members of a superclass, the actual type of
751 the instance being accessed must be either the current class or one
752 of its subclasses.
753 </td>
754 </tr>
755
756 <tr>
757 <td>
758 B13
759 </td>
760
761 <td>
762 The type of a value stored into a static field must be
763 assignment-compatible with or convertible to the field's type.
764 </td>
765 </tr>
766
767 <tr>
768 <td>
769 B14
770 </td>
771
772 <td>
773 The type of a value stored into a field must be assignment-compatible
774 with or convertible to the field's type.
775 </td>
776 </tr>
777
778 <tr>
779 <td>
780 B15
781 </td>
782
783 <td>
784 The type of every value stored into an array must be
785 assignment-compatible with the array's component type.
786 </td>
787 </tr>
788
789 <tr>
790 <td>
791 B16
792 </td>
793
794 <td>
795 The <code>A</code> operand of a <code>throw</code> instruction must
796 be assignment-compatible with <code>java.lang.Throwable</code>.
797 </td>
798 </tr>
799
800 <tr>
801 <td>
802 B17
803 </td>
804
805 <td>
806 The last reachable instruction of a method must either be a backwards
807 <code>goto</code> or branch, a <code>return</code>, or a
808 <code>throw</code> instruction. It must not be possible to leave the
809 <code>insns</code> array at the bottom.
810 </td>
811 </tr>
812
813 <tr>
814 <td>
815 B18
816 </td>
817
818 <td>
819 The unassigned half of a former register pair may not be read (is
820 considered invalid) until it has been re-assigned by some other
821 instruction.
822 </td>
823 </tr>
824
825 <tr>
826 <td>
827 B19
828 </td>
829
830 <td>
831 A <code>move-result&lt;kind&gt;</code> instruction must be immediately
832 preceded (in the <code>insns</code> array) by an
833 <code>invoke-&lt;kind&gt;</code> instruction. The only exception is
834 the <code>move-result-object</code> instruction, which may also be
835 preceded by a <code>filled-new-array</code> instruction.
836 </td>
837 </tr>
838
839 <tr>
840 <td>
841 B20
842 </td>
843
844 <td>
845 A <code>move-result&lt;kind&gt;</code> instruction must be immediately
846 preceded (in actual control flow) by a matching
847 <code>return-&lt;kind&gt;</code> instruction (it must not be jumped
848 to). The only exception is the <code>move-result-object</code>
849 instruction, which may also be preceded by a
850 <code>filled-new-array</code> instruction.
851 </td>
852 </tr>
853
854 <tr>
855 <td>
856 B21
857 </td>
858
859 <td>
Clay Murphy5ae59ac2015-03-03 11:51:49 -0800[diff] [blame]860 A <code>move-exception</code> instruction must appear only as the
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame]861 first instruction in an exception handler.
862 </td>
863 </tr>
864
865 <tr>
866 <td>
867 B22
868 </td>
869
870 <td>
871 The <code>packed-switch-data</code>, <code>sparse-switch-data</code>,
872 and <code>fill-array-data</code> pseudo-instructions must not be
873 reachable by control flow.
874 </td>
875 </tr>
876 </table>