<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Java bytecode constraints</title>
<link rel=stylesheet href="java-constraints.css">
</head>
<body>
<h1>
Bytecode constraints
</h1>
<p>
From the point of view of a piece of code written in the Java
programming language or targeted in the same way to <code>.class</code>
files, the Dalvik VM aims to behave in a way
that is fully consistent with the language's definition.
That is, the code running in Dalvik will behave the same as it
would have running in any other virtual machine. This includes
verification failures.
The Dx/Dalvik system will check roughly the same
constraints that any other VM would, except as noted in the file
<a href="verifier.html">verifier.html</a>. The following table briefly
lists all Dx/Dalvik verification constraints together their analogs
from the book <i>The Java<super>TM</super> Language Specification</i>,
second edition. In the numbering scheme, the first three
elements refer to the specification chapter, the fourth one to the
bullet inside that chapter. The failure mode specifies whether the
constraint will fail during the Dx conversion or during verification in
the VM itself.
</p>
<h2>
Static constraints
</h2>
<p>
Static constraints are constraints on individual elements of the bytecode.
They usually can be checked without employing control or data-flow analysis
techniques.
</p>
<table>
<tr>
<th>
Identifier
</th>
<th>
Description
</th>
<th>
Spec equivalent
</th>
<th>
Failure mode
</th>
</tr>
<tr>
<td>
A1
</td>
<td>
The <code>code</code> array must not be empty.
</td>
<td>
4.8.1.1
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A2
</td>
<td>
The <code>code</code> array must not be larger than 65535 bytes.
</td>
<td>
4.8.1.2
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A3
</td>
<td>
The first opcode in <code>code</code> array must have index
<code>0</code>.
</td>
<td>
4.8.1.3
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A4
</td>
<td>
The <code>code</code> array must only contain valid opcodes.
</td>
<td>
4.8.1.4
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A5
</td>
<td>
The index of instruction <code>n+1</code> must equal the index of
instruction <code>n</code> plus the length of instruction
<code>n</code>, taking into account a possible <code>wide</code>
instruction. Opcodes modified by a <code>wide</code> instruction must
not be directly reachable.
</td>
<td>
4.8.1.5
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A6
</td>
<td>
The last instruction in <code>code</code> array must end at index
<code>code_length-1</code>.
</td>
<td>
4.8.1.6
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A7
</td>
<td>
All jump and branch targets must be opcodes within the same method.
Opcodes modified by a <code>wide</code> instruction must not be
directly reachable via a jump or branch instruction.
</td>
<td>
4.8.1.7
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A8
</td>
<td>
All targets of a <code>tableswitch</code> instruction must be opcodes
within the same method. Upper and lower bounds must be consistent.
Opcodes modified by a <code>wide</code> instruction must not be
directly reachable via a <code>tableswitch</code> instruction.
</td>
<td>
4.8.1.8
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A9
</td>
<td>
All targets of a <code>lookupswitch</code> instruction must be opcodes
within the same method. Its table must be consistent and sorted
low-to-high. Opcodes modified by a <code>wide</code> instruction must
not be directly reachable via a <code>lookupswitch</code> instruction.
</td>
<td>
4.8.1.9
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A10
</td>
<td>
The operands of <code>ldc</code> and <code>ldc_w</code> instructions
must be valid indices into the constant pool. The respective entries
must be of type <code>CONSTANT_Integer</code>,
<code>CONSTANT_Float</code>, or <code>CONSTANT_String</code>.
</td>
<td>
4.8.1.10
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A11
</td>
<td>
The operands of <code>ldc2_w</code> instructions must be valid indices
into the constant pool. The respective entries must be of type
<code>CONSTANT_Long</code> or <code>CONSTANT_Double</code>. The
subsequent constant pool entry must be valid and remain unused.
</td>
<td>
4.8.1.11
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A12
</td>
<td>
The Operands of <code>get<kind></code> and
<code>put<kind></code> instructions must be valid indices into
constant pool. The respective entries must be of type
<code>CONSTANT_Fieldref</code>.
</td>
<td>
4.8.1.12
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A13
</td>
<td>
The first two operands of <code>invokevirtual</code>,
<code>invokespecial</code>, and <code>invokestatic</code> must form a
valid 16-bit index into the constant pool. The respective entries must
be of type <code>CONSTANT_Methodref</code>.
</td>
<td>
4.8.1.13
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A14
</td>
<td>
Methods whose names start with '<' must only be invoked implicitly by
the VM, not by class file code. The only exception is the instance
initializer, which may be invoked by <code>invokespecial</code>.
</td>
<td>
4.8.1.14
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A15
</td>
<td>
The first two operands of <code>invokeinterface</code> must form a
valid 16-bit index into the constant pool. The entry must be of type
<code>CONSTANT_Interface_Methodref</code>. The third operand must
specify number of local variables and the fourth operand must always
be zero.
</td>
<td>
4.8.1.15
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A16
</td>
<td>
The operands of <code>instanceof</code>, <code>checkcast</code>,
<code>new</code>, and <code>anewarray</code> instructions must
be a valid index into the constant pool. The first two operands of
<code>multianewarray</code> instruction must form a valid 16-bit index
into the constant pool. All respective entries must be of type
<code>CONSTANT_Class</code>.
</td>
<td>
4.8.1.16
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A17
</td>
<td>
The dimensions of an array created by <code>anewarray</code>
instructions must be less than <code>256</code>.
</td>
<td>
4.8.1.17
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A18
</td>
<td>
The <code>new</code> instruction must not reference array classes,
interfaces, or abstract classes.
</td>
<td>
4.8.1.18
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A19
</td>
<td>
The type referenced by a <code>multinewarray</code> instruction must
have at least as many dimensions as specified in the instruction. The
dimensions operand must not be <code>0</code>
</td>
<td>
4.8.1.19
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A20
</td>
<td>
The type referenced by a <code>newarray</code> instruction must be a
valid, non-reference type.
</td>
<td>
4.8.1.20
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A21
</td>
<td>
The index operand of instructions explicitly referencing single-width
local variables must be non-negative and smaller than
<code>max_locals</code>.
</td>
<td>
4.8.1.21
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A22
</td>
<td>
The index operand of instructions implicitly referencing single-width
local variables must be non-negative and smaller than
<code>max_locals</code>.
</td>
<td>
4.8.1.22
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A23
</td>
<td>
The index operand of instructions explicitly referencing double-width
local variables must be non-negative and smaller than
<code>max_locals-1</code>.
</td>
<td>
4.8.1.23
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A24
</td>
<td>
The index operand of instructions implicitly referencing double-width
local variables must be non-negative and smaller than
<code>max_locals-1</code>.
</td>
<td>
4.8.1.24
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A25
</td>
<td>
The index operand of <code>wide</code> instructions explicitly
referencing single-width local variables must be non-negative and
smaller than <code>max_locals</code>.
</td>
<td>
4.8.1.25
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
A26
</td>
<td>
The index operand of <code>wide</code> instructions explicitly
referencing double-width local variables must be non-negative and
smaller than <code>max_locals-1</code>.
</td>
<td>
4.8.1.25
</td>
<td>
DX
</td>
</tr>
</table>
<h2>
Structural constraints
</h2>
<p>
Structural constraints are constraints on relationships between several
elements of the bytecode. They usually can't be checked without employing
control or data-flow analysis techniques.
</p>
<table>
<tr>
<th>
Identifier
</th>
<th>
Description
</th>
<th>
Spec equivalent
</th>
<th>
Failure mode
</th>
</tr>
<tr>
<td>
B1
</td>
<td>
The number and types of arguments (operands and local variables) must
always match the instruction.
</td>
<td>
4.8.2.1
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B2
</td>
<td>
The operand stack must have the same depth for all executions paths
leading to an instruction.
</td>
<td>
4.8.2.2
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B3
</td>
<td>
Local variable pairs must never be broken up.
</td>
<td>
4.8.2.3
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B4
</td>
<td>
A local variable (or pair) has to be assigned first before it can be
read.
</td>
<td>
4.8.2.4
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B5
</td>
<td>
The operand stack must never grow beyond <code>max_stack</code>.
</td>
<td>
4.8.2.5
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B6
</td>
<td>
The operand stack must never underflow.
</td>
<td>
4.8.2.6
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B7
</td>
<td>
An <code>invokespecial</code> instruction must only invoke an instance
initializer or a method in the current class or one of its
superclasses.
</td>
<td>
4.8.2.7
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B8
</td>
<td>
An instance initializer must only be invoked on an uninitialized
instance residing on the operand stack.
</td>
<td>
4.8.2.8
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B9
</td>
<td>
Instance methods may only be invoked on and instance fields may only
be accessed on already initialized instances.
</td>
<td>
4.8.2.9
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B10
</td>
<td>
The must be no backwards branches with uninitialized instances on the
operand stack or in local variables. There must be no code protected
by an exception handler that contains local variables with
uninitialized instances.
</td>
<td>
4.8.2.10
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B11
</td>
<td>
An instance initializer must call another instance initializer (same
class or superclass) before any instance members can be accessed.
Exceptions are non-inherited instance fields, which can be assigned
before calling another initializer, and the <code>Object</code> class
in general.
</td>
<td>
4.8.2.11
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B12
</td>
<td>
All actual method arguments must be assignment-compatible with formal
arguments.
</td>
<td>
4.8.2.12
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B13
</td>
<td>
For each instance method invocation, the actual instance must be
assignment-compatible with the class or interface specified in the
instruction.
</td>
<td>
4.8.2.13
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B14
</td>
<td>
A returns instruction must match its method's return type.
</td>
<td>
4.8.2.14
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B15
</td>
<td>
When accessing protected members of a superclass, the actual type of
the instance being accessed must be either the current class or one
of its subclasses.
</td>
<td>
4.8.2.15
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B16
</td>
<td>
The type of a value stored into a static field must be
assignment-compatible with or convertible to the field's type.
</td>
<td>
4.8.2.16
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B17
</td>
<td>
The type of a value stored into a field must be assignment-compatible
with or convertible to the field's type.
</td>
<td>
4.8.2.17
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B18
</td>
<td>
The type of every value stored into an array must be
assignment-compatible with the array's component type.
</td>
<td>
4.8.2.18
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B19
</td>
<td>
The operand of an <code>athrow</code> instruction must be
assignment-compatible with <code>java.lang.Throwable</code>.
</td>
<td>
4.8.2.19
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B20
</td>
<td>
The last reachable instruction of a method must either be a backwards
jump or branch, a return, or an <code>athrow</code> instruction. It
must not be possible to leave the <code>code</code> array at the
bottom.
</td>
<td>
4.8.2.20
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B21
</td>
<td>
Local variable values must not be used as return addresses.
</td>
<td>
4.8.2.21
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B22
</td>
<td>
There must be a single, uniquely determined return instruction per
subroutine call.
</td>
<td>
4.8.2.22
</td>
<td>
VM
</td>
</tr>
<tr>
<td>
B23
</td>
<td>
Subroutine calls must not be directly or indirectly self-recursive.
</td>
<td>
4.8.2.23
</td>
<td>
DX
</td>
</tr>
<tr>
<td>
B24
</td>
<td>
<code>ReturnAddress</code> instances must not be reused. If a
subroutine returns to a <code>ReturnAddress</code> further up the
stack than where its original call instruction is located, then all
<code>ReturnAddress</code> instances further down the stack must
never be used.
</td>
<td>
4.8.2.24
</td>
<td>
DX
</td>
</tr>
</table>
</body>
</html>