Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / docs / source.android.com / cb18098188cc7fdb6c9d2ab5cf20b5d9a51f1952 / . / src / devices / tech / dalvik / constraints.jd
blob: 612b0bffc13ae5c3ac434bb7263d51e5b27cf6e5 [file] [log] [blame]
Clay Murphycb180982015-02-24 11:50:23 -0800[diff] [blame^]1page.title=Dalvik bytecode constraints
2@jd:body
3
4<!--
5 Copyright 2015 The Android Open Source Project
6
7 Licensed under the Apache License, Version 2.0 (the "License");
8 you may not use this file except in compliance with the License.
9 You may obtain a copy of the License at
10
11 http://www.apache.org/licenses/LICENSE-2.0
12
13 Unless required by applicable law or agreed to in writing, software
14 distributed under the License is distributed on an "AS IS" BASIS,
15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 See the License for the specific language governing permissions and
17 limitations under the License.
18-->
19
20
21<div id="qv-wrapper">
22<div id="qv">
23 <h2 id="Contents">In this document</h2>
24 <ol id="auto-toc">
25 </ol>
26</div>
27</div>
28
29 <h2 id="gen-constraints">General integrity constraints </h2>
30 <table>
31 <tr>
32 <th>
33 Identifier
34 </th>
35
36 <th>
37 Description
38 </th>
39 </tr>
40
41 <tr>
42 <td>
43 A1
44 </td>
45
46 <td>
47 The magic number of the DEX file must be "dex\n035\0".
48 </td>
49 </tr>
50
51 <tr>
52 <td>
53 A1
54 </td>
55
56 <td>
57 The checksum must be an Adler-32 checksum of the whole file contents
58 except magic and checksum field.
59 </td>
60 </tr>
61</table>
62
63<p>The signature must be a SHA-1 hash of the whole file contents except magic,
64 checksum, and signature.</p>
65<p>The file_size must match the actual file size in bytes.</p>
66<p>The header_size must have the value 0x70.</p>
67<p>The endian_tag must have either the value ENDIAN_CONSTANT or
68 REVERSE_ENDIAN_CONSTANT.</p>
69<p>For each of the link, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs
70 and data sections, the offset and size fields must be either both zero or both
71 non-zero. In the latter case, the offset must be four-byte-aligned.</p>
72<p>All offset fields in the header except map_off must be four-byte-aligned.</p>
73<p>The map_off field must be either zero or point into the data section. In the
74 latter case, the data section must exist.</p>
75<p>None of the link, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs
76 and data sections must overlap each other or the header.</p>
77<p>If a map exists, then each map entry must have a valid type. Each type may
78 appear at most once.</p>
79<p>If a map exists, then each map entry must have a nonzero offset and size. The
80 offset must point into the corresponding section of the file (i.e. a
81 string_id_item must point into the string_ids section) and the explicit or
82 implicit size of the item must match the actual contents and size of the
83 section.</p>
84<p>If a map exists, then the offset of map entry n+1 must be greater or equal to
85 the offset of map entry n plus then size of map entry n. This implies
86 non-overlapping entries and low-to-high ordering.</p>
87<p>The following types of entries must have an offset that is
88 four-byte-aligned: string_id_item, type_id_item, proto_id_item, field_id_item,
89 method_id_item, class_def_item, type_list, code_item,
90 annotations_directory_item.</p>
91<p>For each string_id_item, the string_data_off field must contain a valid
92 reference into the data section. For the referenced string_data_item, the data
93 field must contain a valid MUTF-8 string, and the utf16_size must match the
94 decoded length of the string.</p>
95<p>For each type_id_item, the desciptor_idx field must contain a valid reference
96 into the string_ids list. The referenced string must be a valid type descriptor.</p>
97<p>For each proto_id_item, the shorty_idx field must contain a valid reference
98 into the string_ids list. The referenced string must be a valid shorty descriptor.
99 Also, the return_type_idx field must be a valid index into the type_ids section,
100 and the parameters_off field must be either zero or a valid offset pointing
101 into the data section. If nonzero, the parameter list must not contain any void
102 entries.</p>
103<p>For each field_id_item, both the class_idx and type_idx fields must be a valid
104 indices into the
105 type_ids list. The entry referenced by class_idx must be a non-array reference type.
106 In addition, the name_idx field must be a valid reference into the string_ids
107 section, and the contents of the referenced entry must conform to the MemberName
108 specification.</p>
109<p>For each method_id_item, the class_idx field must be a valid index into the
110 type_ids section, and the
111 referenced entry must be a non-array reference type. The proto_id field must
112 be a valid reference into the proto_ids list. The name_idx field must be a
113 valid reference into the string_ids
114 section, and the contents of the referenced entry must conform to the MemberName
115 specification.</p>
116<p>For each class_def_item, ...</p>
117<p>For each field_id_item, the class_idx field must be a valid index into the
118 type_ids list. The referenced entry must be a non-array reference type.</p>
119<h2 id="static-constraints">
120 Static constraints
121 </h2>
122
123 <p>
124 Static constraints are constraints on individual elements of the bytecode.
125 They usually can be checked without employing control or data-flow analysis
126 techniques.
127 </p>
128
129 <table>
130 <tr>
131 <th>
132 Identifier
133 </th>
134
135 <th>
136 Description
137 </th>
138 </tr>
139
140 <tr>
141 <td>
142 A1
143 </td>
144
145 <td>
146 The <code>insns</code> array must not be empty.
147 </td>
148 </tr>
149
150 <tr>
151 <td>
152 A2
153 </td>
154
155 <td>
156 The first opcode in the <code>insns</code> array must have index zero.
157 </td>
158 </tr>
159
160 <tr>
161 <td>
162 A3
163 </td>
164
165 <td>
166 The <code>insns</code> array must only contain valid Dalvik opcodes.
167 </td>
168 </tr>
169
170 <tr>
171 <td>
172 A4
173 </td>
174
175 <td>
176 The index of instruction <code>n+1</code> must equal the index of
177 instruction <code>n</code> plus the length of instruction
178 <code>n</code>, taking into account possible operands.
179 </td>
180 </tr>
181
182 <tr>
183 <td>
184 A5
185 </td>
186
187 <td>
188 The last instruction in the <code>insns</code> array must end at index
189 <code>insns_size-1</code>.
190 </td>
191 </tr>
192
193 <tr>
194 <td>
195 A6
196 </td>
197
198 <td>
199 All <code>goto</code> and <code>if-&lt;kind&gt;</code> targets must
200 be opcodes within in the same method.
201 </td>
202 </tr>
203
204 <tr>
205 <td>
206 A7
207 </td>
208
209 <td>
210 All targets of a <code>packed-switch</code> instruction must be
211 opcodes within in the same method. The size and the list of targets
212 must be consistent.
213 </td>
214 </tr>
215
216 <tr>
217 <td>
218 A8
219 </td>
220
221 <td>
222 All targets of a <code>sparse-switch</code> instruction must be
223 opcodes within in the same method. The corresponding table must be
224 consistent and sorted low-to-high.
225 </td>
226 </tr>
227
228 <tr>
229 <td>
230 A9
231 </td>
232
233 <td>
234 The <code>B</code> operand of the <code>const-string</code> and
235 <code>const-string/jumbo</code> instructions must be a valid index
236 into the string constant pool.
237 </td>
238 </tr>
239
240 <tr>
241 <td>
242 A10
243 </td>
244
245 <td>
246 The <code>C</code> operand of the <code>iget&lt;kind&gt;</code> and
247 <code>iput&lt;kind&gt;</code> instructions must be a valid index into
248 the field constant pool. The referenced entry must represent an
249 instance field.
250 </td>
251 </tr>
252
253 <tr>
254 <td>
255 A11
256 </td>
257
258 <td>
259 The <code>C</code> operand of the <code>sget&lt;kind&gt;</code> and
260 <code>sput&lt;kind&gt;</code> instructions must be a valid index into
261 the field constant pool. The referenced entry must represent a static
262 field.
263 </td>
264 </tr>
265
266 <tr>
267 <td>
268 A12
269 </td>
270
271 <td>
272 The <code>C</code> operand of the <code>invoke-virtual</code>,
273 <code>invoke-super</code>, <code<invoke-direct</code> and
274 <code>invoke-static</code> instructions must be a valid index into the
275 method constant pool. In all cases, the referenced
276 <code>method_id</code> must belong to a class (not an interface).
277 </td>
278 </tr>
279
280 <tr>
281 <td>
282 A13
283 </td>
284
285 <td>
286 The <code>B</code> operand of the <code>invoke-virtual/range</code>,
287 <code>invoke-super/range</code>, <code>invoke-direct/range</code>, and
288 <code>invoke-static/range</code> instructions must be a valid index
289 into the method constant pool. In all cases, the referenced
290 <code>method_id</code> must belong to a class (not an interface).
291 </td>
292 </tr>
293
294 <tr>
295 <td>
296 A14
297 </td>
298
299 <td>
300 A method the name of which starts with a '<' must only be invoked
301 implicitly by the VM, not by code originating from a Dex file. The
302 only exception is the instance initializer, which may be invoked by
303 <code>invoke-direct</code>.
304 </td>
305 </tr>
306
307 <tr>
308 <td>
309 A15
310 </td>
311
312 <td>
313 The <code>C</code> operand of the <code>invoke-interface</code>
314 instruction must be a valid index into the method constant pool. The
315 referenced <code>method_id</code> must belong to an interface (not a
316 class).
317 </td>
318 </tr>
319
320 <tr>
321 <td>
322 A16
323 </td>
324
325 <td>
326 The <code>B</code> operand of the <code>invoke-interface/range</code>
327 instruction must be a valid index into the method constant pool.
328 The referenced <code>method_id</code> must belong to an interface (not
329 a class).
330 </td>
331 </tr>
332
333 <tr>
334 <td>
335 A17
336 </td>
337
338 <td>
339 The <code>B</code> operand of the <code>const-class</code>,
340 <code>check-cast</code>, <code>new-instance</code>, and
341 <code>filled-new-array/range</code> instructions must be a valid index
342 into the type constant pool.
343 </td>
344 </tr>
345
346 <tr>
347 <td>
348 A18
349 </td>
350
351 <td>
352 The <code>C</code> operand of the <code>instance-of</code>,
353 <code>new-array</code>, and <code>filled-new-array</code>
354 instructions must be a valid index into the type constant pool.
355 </td>
356 </tr>
357
358 <tr>
359 <td>
360 A19
361 </td>
362
363 <td>
364 The dimensions of an array created by a <code>new-array</code>
365 instruction must be less than <code>256</code>.
366 </td>
367 </tr>
368
369 <tr>
370 <td>
371 A20
372 </td>
373
374 <td>
375 The <code>new</code> instruction must not refer to array classes,
376 interfaces, or abstract classes.
377 </td>
378 </tr>
379
380 <tr>
381 <td>
382 A21
383 </td>
384
385 <td>
386 The type referred to by a <code>new-array</code> instruction must be
387 a valid, non-reference type.
388 </td>
389 </tr>
390
391 <tr>
392 <td>
393 A22
394 </td>
395
396 <td>
397 All registers referred to by an instruction in a single-width
398 (non-pair) fashion must be valid for the current method. That is,
399 their indices must be non-negative and smaller than
400 <code>registers_size</code>.
401 </td>
402 </tr>
403
404 <tr>
405 <td>
406 A23
407 </td>
408
409 <td>
410 All registers referred to by an instruction in a double-width (pair)
411 fashion must be valid for the current method. That is, their indices
412 must be non-negative and smaller than <code>registers_size-1</code>.
413 </td>
414 </tr>
415 </table>
416
417 <h2 id="struct-constraints">
418 Structural constraints
419 </h2>
420
421 <p>
422 Structural constraints are constraints on relationships between several
423 elements of the bytecode. They usually can't be checked without employing
424 control or data-flow analysis techniques.
425 </p>
426
427 <table>
428 <tr>
429 <th>
430 Identifier
431 </th>
432
433 <th>
434 Description
435 </th>
436 </tr>
437
438 <tr>
439 <td>
440 B1
441 </td>
442
443 <td>
444 The number and types of arguments (registers and immediate values)
445 must always match the instruction.
446 </td>
447 </tr>
448
449 <tr>
450 <td>
451 B2
452 </td>
453
454 <td>
455 Register pairs must never be broken up.
456 </td>
457 </tr>
458
459 <tr>
460 <td>
461 B3
462 </td>
463
464 <td>
465 A register (or pair) has to be assigned first before it can be
466 read.
467 </td>
468 </tr>
469
470 <tr>
471 <td>
472 B4
473 </td>
474
475 <td>
476 An <code>invoke-direct</code> instruction must only invoke an instance
477 initializer or a method in the current class or one of its
478 superclasses.
479 </td>
480 </tr>
481
482 <tr>
483 <td>
484 B5
485 </td>
486
487 <td>
488 An instance initializer must only be invoked on an uninitialized
489 instance.
490 </td>
491 </tr>
492
493 <tr>
494 <td>
495 B6
496 </td>
497
498 <td>
499 Instance methods may only be invoked on and instance fields may only
500 be accessed on already initialized instances.
501 </td>
502 </tr>
503
504 <tr>
505 <td>
506 B7
507 </td>
508
509 <td>
510 A register which holds the result of a <code>new-instance</code>
511 instruction must not be used if the same
512 <code>new-instance</code> instruction is again executed before
513 the instance is initialized.
514 </td>
515 </tr>
516
517 <tr>
518 <td>
519 B8
520 </td>
521
522 <td>
523 An instance initializer must call another instance initializer (same
524 class or superclass) before any instance members can be accessed.
525 Exceptions are non-inherited instance fields, which can be assigned
526 before calling another initializer, and the <code>Object</code> class
527 in general.
528 </td>
529 </tr>
530
531 <tr>
532 <td>
533 B9
534 </td>
535
536 <td>
537 All actual method arguments must be assignment-compatible with their
538 respective formal arguments.
539 </td>
540 </tr>
541
542 <tr>
543 <td>
544 B10
545 </td>
546
547 <td>
548 For each instance method invocation, the actual instance must be
549 assignment-compatible with the class or interface specified in the
550 instruction.
551 </td>
552 </tr>
553
554 <tr>
555 <td>
556 B11
557 </td>
558
559 <td>
560 A <code>return&lt;kind&gt;</code> instruction must match its
561 method's return type.
562 </td>
563 </tr>
564
565 <tr>
566 <td>
567 B12
568 </td>
569
570 <td>
571 When accessing protected members of a superclass, the actual type of
572 the instance being accessed must be either the current class or one
573 of its subclasses.
574 </td>
575 </tr>
576
577 <tr>
578 <td>
579 B13
580 </td>
581
582 <td>
583 The type of a value stored into a static field must be
584 assignment-compatible with or convertible to the field's type.
585 </td>
586 </tr>
587
588 <tr>
589 <td>
590 B14
591 </td>
592
593 <td>
594 The type of a value stored into a field must be assignment-compatible
595 with or convertible to the field's type.
596 </td>
597 </tr>
598
599 <tr>
600 <td>
601 B15
602 </td>
603
604 <td>
605 The type of every value stored into an array must be
606 assignment-compatible with the array's component type.
607 </td>
608 </tr>
609
610 <tr>
611 <td>
612 B16
613 </td>
614
615 <td>
616 The <code>A</code> operand of a <code>throw</code> instruction must
617 be assignment-compatible with <code>java.lang.Throwable</code>.
618 </td>
619 </tr>
620
621 <tr>
622 <td>
623 B17
624 </td>
625
626 <td>
627 The last reachable instruction of a method must either be a backwards
628 <code>goto</code> or branch, a <code>return</code>, or a
629 <code>throw</code> instruction. It must not be possible to leave the
630 <code>insns</code> array at the bottom.
631 </td>
632 </tr>
633
634 <tr>
635 <td>
636 B18
637 </td>
638
639 <td>
640 The unassigned half of a former register pair may not be read (is
641 considered invalid) until it has been re-assigned by some other
642 instruction.
643 </td>
644 </tr>
645
646 <tr>
647 <td>
648 B19
649 </td>
650
651 <td>
652 A <code>move-result&lt;kind&gt;</code> instruction must be immediately
653 preceded (in the <code>insns</code> array) by an
654 <code>invoke-&lt;kind&gt;</code> instruction. The only exception is
655 the <code>move-result-object</code> instruction, which may also be
656 preceded by a <code>filled-new-array</code> instruction.
657 </td>
658 </tr>
659
660 <tr>
661 <td>
662 B20
663 </td>
664
665 <td>
666 A <code>move-result&lt;kind&gt;</code> instruction must be immediately
667 preceded (in actual control flow) by a matching
668 <code>return-&lt;kind&gt;</code> instruction (it must not be jumped
669 to). The only exception is the <code>move-result-object</code>
670 instruction, which may also be preceded by a
671 <code>filled-new-array</code> instruction.
672 </td>
673 </tr>
674
675 <tr>
676 <td>
677 B21
678 </td>
679
680 <td>
681 A <code>move-exception</code> instruction must only appear as the
682 first instruction in an exception handler.
683 </td>
684 </tr>
685
686 <tr>
687 <td>
688 B22
689 </td>
690
691 <td>
692 The <code>packed-switch-data</code>, <code>sparse-switch-data</code>,
693 and <code>fill-array-data</code> pseudo-instructions must not be
694 reachable by control flow.
695 </td>
696 </tr>
697 </table>