1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
5 <title>Dalvik bytecode constraints</title>
6 <link rel=stylesheet href="dalvik-constraints.css">
11 <h1>Dalvik bytecode constraints</h1>
14 <h1>General integrity constraints</h1>
33 The magic number of the DEX file must be "dex\n035\0".
43 The checksum must be an Adler-32 checksum of the whole file contents
44 except magic and checksum field.
49 The signature must be a SHA-1 hash of the whole file contents except magic,
50 checksum, and signature.
52 The file_size must match the actual file size in bytes.
54 The header_size must have the value 0x70.
56 The endian_tag must have either the value ENDIAN_CONSTANT or
57 REVERSE_ENDIAN_CONSTANT.
59 For each of the link, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs
60 and data sections, the offset and size fields must be either both zero or both
61 non-zero. In the latter case, the offset must be four-byte-aligned.
63 All offset fields in the header except map_off must be four-byte-aligned.
65 The map_off field must be either zero or point into the data section. In the
66 latter case, the data section must exist.
68 None of the link, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs
69 and data sections must overlap each other or the header.
71 If a map exists, then each map entry must have a valid type. Each type may
74 If a map exists, then each map entry must have a nonzero offset and size. The
75 offset must point into the corresponding section of the file (i.e. a
76 string_id_item must point into the string_ids section) and the explicit or
77 implicit size of the item must match the actual contents and size of the
80 If a map exists, then the offset of map entry n+1 must be greater or equal to
81 the offset of map entry n plus then size of map entry n. This implies
82 non-overlapping entries and low-to-high ordering.
84 The following types of entries must have an offset that is
85 four-byte-aligned: string_id_item, type_id_item, proto_id_item, field_id_item,
86 method_id_item, class_def_item, type_list, code_item,
87 annotations_directory_item.
89 For each string_id_item, the string_data_off field must contain a valid
90 reference into the data section. For the referenced string_data_item, the data
91 field must contain a valid MUTF-8 string, and the utf16_size must match the
92 decoded length of the string.
94 For each type_id_item, the desciptor_idx field must contain a valid reference
95 into the string_ids list. The referenced string must be a valid type descriptor.
97 For each proto_id_item, the shorty_idx field must contain a valid reference
98 into the string_ids list. The referenced string must be a valid shorty descriptor.
99 Also, the return_type_idx field must be a valid index into the type_ids section,
100 and the parameters_off field must be either zero or a valid offset pointing
101 into the data section. If nonzero, the parameter list must not contain any void
104 For each field_id_item, both the class_idx and type_idx fields must be a valid
106 type_ids list. The entry referenced by class_idx must be a non-array reference type.
107 In addition, the name_idx field must be a valid reference into the string_ids
108 section, and the contents of the referenced entry must conform to the MemberName
111 For each method_id_item, the class_idx field must be a valid index into the
112 type_ids section, and the
113 referenced entry must be a non-array reference type. The proto_id field must
114 be a valid reference into the proto_ids list. The name_idx field must be a
115 valid reference into the string_ids
116 section, and the contents of the referenced entry must conform to the MemberName
119 For each class_def_item, ...
121 For each field_id_item, the class_idx field must be a valid index into the
122 type_ids list. The referenced entry must be a non-array reference type.
133 Static constraints are constraints on individual elements of the bytecode.
134 They usually can be checked without employing control or data-flow analysis
159 The <code>insns</code> array must not be empty.
173 The first opcode in the <code>insns</code> array must have index zero.
187 The <code>insns</code> array must only contain valid Dalvik opcodes.
201 The index of instruction <code>n+1</code> must equal the index of
202 instruction <code>n</code> plus the length of instruction
203 <code>n</code>, taking into account possible operands.
217 The last instruction in the <code>insns</code> array must end at index
218 <code>insns_size-1</code>.
232 All <code>goto</code> and <code>if-<kind></code> targets must
233 be opcodes within in the same method.
247 All targets of a <code>packed-switch</code> instruction must be
248 opcodes within in the same method. The size and the list of targets
263 All targets of a <code>sparse-switch</code> instruction must be
264 opcodes within in the same method. The corresponding table must be
265 consistent and sorted low-to-high.
279 The <code>B</code> operand of the <code>const-string</code> and
280 <code>const-string/jumbo</code> instructions must be a valid index
281 into the string constant pool.
295 The <code>C</code> operand of the <code>iget<kind></code> and
296 <code>iput<kind></code> instructions must be a valid index into
297 the field constant pool. The referenced entry must represent an
312 The <code>C</code> operand of the <code>sget<kind></code> and
313 <code>sput<kind></code> instructions must be a valid index into
314 the field constant pool. The referenced entry must represent a static
329 The <code>C</code> operand of the <code>invoke-virtual</code>,
330 <code>invoke-super</code>, <code<invoke-direct</code> and
331 <code>invoke-static</code> instructions must be a valid index into the
332 method constant pool. In all cases, the referenced
333 <code>method_id</code> must belong to a class (not an interface).
347 The <code>B</code> operand of the <code>invoke-virtual/range</code>,
348 <code>invoke-super/range</code>, <code>invoke-direct/range</code>, and
349 <code>invoke-static/range</code> instructions must be a valid index
350 into the method constant pool. In all cases, the referenced
351 <code>method_id</code> must belong to a class (not an interface).
365 A method the name of which starts with a '<' must only be invoked
366 implicitly by the VM, not by code originating from a Dex file. The
367 only exception is the instance initializer, which may be invoked by
368 <code>invoke-direct</code>.
382 The <code>C</code> operand of the <code>invoke-interface</code>
383 instruction must be a valid index into the method constant pool. The
384 referenced <code>method_id</code> must belong to an interface (not a
399 The <code>B</code> operand of the <code>invoke-interface/range</code>
400 instruction must be a valid index into the method constant pool.
401 The referenced <code>method_id</code> must belong to an interface (not
416 The <code>B</code> operand of the <code>const-class</code>,
417 <code>check-cast</code>, <code>new-instance</code>, and
418 <code>filled-new-array/range</code> instructions must be a valid index
419 into the type constant pool.
433 The <code>C</code> operand of the <code>instance-of</code>,
434 <code>new-array</code>, and <code>filled-new-array</code>
435 instructions must be a valid index into the type constant pool.
449 The dimensions of an array created by a <code>new-array</code>
450 instruction must be less than <code>256</code>.
464 The <code>new</code> instruction must not refer to array classes,
465 interfaces, or abstract classes.
479 The type referred to by a <code>new-array</code> instruction must be
480 a valid, non-reference type.
494 All registers referred to by an instruction in a single-width
495 (non-pair) fashion must be valid for the current method. That is,
496 their indices must be non-negative and smaller than
497 <code>registers_size</code>.
511 All registers referred to by an instruction in a double-width (pair)
512 fashion must be valid for the current method. That is, their indices
513 must be non-negative and smaller than <code>registers_size-1</code>.
523 Structural constraints
527 Structural constraints are constraints on relationships between several
528 elements of the bytecode. They usually can't be checked without employing
529 control or data-flow analysis techniques.
553 The number and types of arguments (registers and immediate values)
554 must always match the instruction.
568 Register pairs must never be broken up.
582 A register (or pair) has to be assigned first before it can be
597 An <code>invoke-direct</code> instruction must only invoke an instance
598 initializer or a method in the current class or one of its
613 An instance initializer must only be invoked on an uninitialized
628 Instance methods may only be invoked on and instance fields may only
629 be accessed on already initialized instances.
643 A register which holds the result of a <code>new-instance</code>code>
644 instruction must not be used if the same
645 <code>new-instance</code>code> instruction is again executed before
646 the instance is initialized.
660 An instance initializer must call another instance initializer (same
661 class or superclass) before any instance members can be accessed.
662 Exceptions are non-inherited instance fields, which can be assigned
663 before calling another initializer, and the <code>Object</code> class
678 All actual method arguments must be assignment-compatible with their
679 respective formal arguments.
693 For each instance method invocation, the actual instance must be
694 assignment-compatible with the class or interface specified in the
709 A <code>return<kind></code> instruction must match its
710 method's return type.
724 When accessing protected members of a superclass, the actual type of
725 the instance being accessed must be either the current class or one
740 The type of a value stored into a static field must be
741 assignment-compatible with or convertible to the field's type.
755 The type of a value stored into a field must be assignment-compatible
756 with or convertible to the field's type.
770 The type of every value stored into an array must be
771 assignment-compatible with the array's component type.
785 The <code>A</code> operand of a <code>throw</code> instruction must
786 be assignment-compatible with <code>java.lang.Throwable</code>.
800 The last reachable instruction of a method must either be a backwards
801 <code>goto</code> or branch, a <code>return</code>, or a
802 <code>throw</code> instruction. It must not be possible to leave the
803 <code>insns</code> array at the bottom.
817 The unassigned half of a former register pair may not be read (is
818 considered invalid) until it has been re-assigned by some other
833 A <code>move-result<kind></code> instruction must be immediately
834 preceded (in the <code>insns</code> array) by an
835 <code><invoke-kind></code> instruction. The only exception is
836 the <code>move-result-object</code> instruction, which may also be
837 preceded by a <code>filled-new-array</code> instruction.
851 A <code>move-result<kind></code> instruction must be immediately
852 preceded (in actual control flow) by a matching
853 <code>return-<kind></code> instruction (it must not be jumped
854 to). The only exception is the <code>move-result-object</code>
855 instruction, which may also be preceded by a
856 <code>filled-new-array</code> instruction.
870 A <code>move-exception</code> instruction must only appear as the
871 first instruction in an exception handler.
885 The <code>packed-switch-data</code>, <code>sparse-switch-data</code>,
886 and <code>fill-array-data</code> pseudo-instructions must not be
887 reachable by control flow.