The class File Format
This chapter describes the Java virtual machine
class file format. Each
class file contains the definition of a single class or interface. Although a class or interface need not have an external representation literally contained in a file (for instance, because the class is generated by a class loader), we will colloquially refer to any valid representation of a class or interface as being in the
class file format.
A
class file consists of a stream of 8-bit bytes. All 16-bit, 32-bit, and 64-bit quantities are constructed by reading in two, four, and eight consecutive 8-bit bytes, respectively. Multibyte data items are always stored in big-endian order, where the high bytes come first. In the Java and Java 2 platforms, this format is supported by interfaces
java.io.DataInput and
java.io.DataOutput and classes such as
java.io.DataInputStream and
java.io.DataOutputStream.
This chapter defines its own set of data types representing
class file data: The types
u1,
u2, and
u4 represent an unsigned one-, two-, or four-byte quantity, respectively. In the Java and Java 2 platforms, these types may be read by methods such as
readUnsignedByte,
readUnsignedShort, and
readInt of the interface
java.io.DataInput.
This chapter presents the
class file format using pseudostructures written in a C-like structure notation. To avoid confusion with the fields of classes and class instances, etc., the contents of the structures describing the
class file format are referred to as
items. Successive items are stored in the
class file sequentially, without padding or alignment.
Tables, consisting of zero or more variable-sized items, are used in several
class file structures. Although we use C-like array syntax to refer to table items, the fact that tables are streams of varying-sized structures means that it is not possible to translate a table index directly to a byte offset into the table.
Where we refer to a data structure as an array, it consists of zero or more contiguous fixed-sized items and can be indexed like an array.
4.1 The ClassFile Structure
A
class file consists of a single
ClassFile structure:
ClassFile { u4 magic; u2 minor_version; u2 major_version; u2 constant_pool_count; cp_info constant_pool[constant_pool_count-1]; u2 access_flags; u2 this_class; u2 super_class; u2 interfaces_count; u2 interfaces[interfaces_count]; u2 fields_count; field_info fields[fields_count]; u2 methods_count; method_info methods[methods_count]; u2 attributes_count; attribute_info attributes[attributes_count]; }
The items in the
ClassFile structure are as follows:
magic - The
magic item supplies the magic number identifying the class file format; it has the value 0xCAFEBABE.
minor_version, major_version - The values of the
minor_version and major_version items are the minor and major version numbers of this class file.Together, a major and a minor version number determine the version of the class file format. If a class file has major version number M and minor version number m, we denote the version of its class file format as M.m. Thus, class file format versions may be ordered lexicographically, for example, 1.5 < 2.0 < 2.1. A Java virtual machine implementation can support a class file format of version v if and only if v lies in some contiguous range Mi.0 
v Mj.m. Only Sun can specify what range of versions a Java virtual machine implementation conforming to a certain release level of the Java platform may support.1
constant_pool_count - The value of the
constant_pool_count item is equal to the number of entries in the constant_pool table plus one. A constant_pool index is considered valid if it is greater than zero and less than constant_pool_count, with the exception for constants of type long and double noted in §4.4.5.
constant_pool[] - The
constant_pool is a table of structures (§4.4) representing various string constants, class and interface names, field names, and other constants that are referred to within the ClassFile structure and its substructures. The format of each constant_pool table entry is indicated by its first "tag" byte. The constant_pool table is indexed from 1 to constant_pool_count-1.
access_flags - The value of the
access_flags item is a mask of flags used to denote access permissions to and properties of this class or interface. The interpretation of each flag, when set, is as shown in Table 4.1.
| Flag Name | Value | Interpretation |
ACC_PUBLIC | 0x0001 | Declared public; may be accessed from outside its package. |
ACC_FINAL | 0x0010 | Declared final; no subclasses allowed. |
ACC_SUPER | 0x0020 | Treat superclass methods specially when invoked by the invokespecial instruction. |
ACC_INTERFACE | 0x0200 | Is an interface, not a class. |
ACC_ABSTRACT | 0x0400 | Declared abstract; may not be instantiated. |
An interface is distinguished by its
ACC_INTERFACE flag being set. If its
ACC_INTERFACE flag is not set, this
class file defines a class, not an interface.
If the
ACC_INTERFACE flag of this
class file is set, its
ACC_ABSTRACT flag must also be set
(§2.13.1) and its
ACC_PUBLIC flag may be set. Such a
class file may not have any of the other flags in
Table 4.1 set.
If the
ACC_INTERFACE flag of this
class file is not set, it may have any of the other flags in
Table 4.1 set. However, such a
class file cannot have both its
ACC_FINAL and
ACC_ABSTRACT flags set
(§2.8.2).
The setting of the
ACC_SUPER flag indicates which of two alternative semantics for its
invokespecial instruction the Java virtual machine is to express; the
ACC_SUPER flag exists for backward compatibility for code compiled by Sun's older compilers for the Java programming language. All new implementations of the Java virtual machine should implement the semantics for
invokespecial documented in this specification. All new compilers to the instruction set of the Java virtual machine should set the
ACC_SUPER flag. Sun's older compilers generated
ClassFile flags with
ACC_SUPER unset. Sun's older Java virtual machine implementations ignore the flag if it is set.
All bits of the
access_flags item not assigned in
Table 4.1 are reserved for future use. They should be set to zero in generated
class files and should be ignored by Java virtual machine implementations.
this_class - The value of the
this_class item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing the class or interface defined by this class file.
super_class - For a class, the value of the
super_class item either must be zero or must be a valid index into the constant_pool table. If the value of the super_class item is nonzero, the constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing the direct superclass of the class defined by this class file. Neither the direct superclass nor any of its superclasses may be a final class. If the value of the super_class item is zero, then this class file must represent the class Object, the only class or interface without a direct superclass. For an interface, the value of the super_class item must always be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info structure representing the class Object.
interfaces_count - The value of the
interfaces_count item gives the number of direct superinterfaces of this class or interface type.
interfaces[] - Each value in the
interfaces array must be a valid index into the constant_pool table. The constant_pool entry at each value of interfaces[i], where 0 i < interfaces_count, must be a CONSTANT_Class_info (§4.4.1) structure representing an interface that is a direct superinterface of this class or interface type, in the left-to-right order given in the source for the type.
- fields_count
- The value of the
fields_count item gives the number of field_info structures in the fields table. The field_info (§4.5) structures represent all fields, both class variables and instance variables, declared by this class or interface type.
fields[] - Each value in the
fields table must be a field_info (§4.5) structure giving a complete description of a field in this class or interface. The fields table includes only those fields that are declared by this class or interface. It does not include items representing fields that are inherited from superclasses or superinterfaces.
methods_count - The value of the
methods_count item gives the number of method_info structures in the methods table.
methods[] - Each value in the
methods table must be a method_info (§4.6) structure giving a complete description of a method in this class or interface. If the method is not native or abstract, the Java virtual machine instructions implementing the method are also supplied. The method_info structures represent all methods declared by this class or interface type, including instance methods, class (static) methods, instance initialization methods (§3.9), and any class or interface initialization method (§3.9). The methods table does not include items representing methods that are inherited from superclasses or superinterfaces.
attributes_count - The value of the
attributes_count item gives the number of attributes (§4.7) in the attributes table of this class.
attributes[] - Each value of the
attributes table must be an attribute structure (§4.7). The only attributes defined by this specification as appearing in the attributes table of a ClassFile structure are the SourceFile attribute (§4.7.7) and the Deprecated (§4.7.10) attribute. A Java virtual machine implementation is required to silently ignore any or all attributes in the attributes table of a ClassFile structure that it does not recognize. Attributes not defined in this specification are not allowed to affect the semantics of the class file, but only to provide additional descriptive information (§4.7.1).
4.2 The Internal Form of Fully Qualified Class and Interface Names
Class and interface names that appear in
class file structures are always represented in a fully qualified form
(§2.7.5). Such names are always represented as
CONSTANT_Utf8_info (§4.4.7) structures and thus may be drawn, where not further constrained, from the entire Unicode character set. Class names and interfaces are referenced both from those
CONSTANT_NameAndType_info (§4.4.6) structures that have such names as part of their descriptor
(§4.3) and from all
CONSTANT_Class_info (§4.4.1) structures.
For historical reasons the syntax of fully qualified class and interface names that appear in
class file structures differs from the familiar syntax of fully qualified names documented in
§2.7.5. In this internal form, the ASCII periods (
'.
') that normally separate the identifiers that make up the fully qualified name are replaced by ASCII forward slashes (
'/'). For example, the normal fully qualified name of class
Thread is
java.lang.Thread. In the form used in descriptors in the
class file format, a reference to the name of class
Thread is implemented using a
CONSTANT_Utf8_info structure representing the string
"java/lang/Thread".
4.3 Descriptors
A
descriptor is a string representing the type of a field or method. Descriptors are represented in the
class file format using UTF-8 strings
(§4.4.7) and thus may be drawn, where not further constrained, from the entire Unicode character set.
4.3.1 Grammar Notation
Descriptors are specified using a grammar. This grammar is a set of productions that describe how sequences of characters can form syntactically correct descriptors of various types. Terminal symbols of the grammar are shown in bold fixed-width font. Nonterminal symbols are shown in
italic type. The definition of a nonterminal is introduced by the name of the nonterminal being defined, followed by a colon. One or more alternative right-hand sides for the nonterminal then follow on succeeding lines. For example, the production:
FieldType:
BaseType
ObjectType
ArrayType
states that a
FieldType may represent either a
BaseType, an
ObjectType, or an
ArrayType.
A nonterminal symbol on the right-hand side of a production that is followed by an asterisk (*) represents zero or more possibly different values produced from that nonterminal, appended without any intervening space. The production:
MethodDescriptor:
(
ParameterDescriptor* )
ReturnDescriptor
states that a
MethodDescriptor represents a left parenthesis, followed by zero or more
ParameterDescriptor values, followed by a right parenthesis, followed by a
ReturnDescriptor.
4.3.2 Field Descriptors
A
field descriptor represents the type of a class, instance, or local variable. It is a series of characters generated by the grammar:
FieldDescriptor:
FieldType
ComponentType:
FieldType
FieldType:
BaseType ObjectType
ArrayType
BaseType:
B C
D
F
I
J
S
Z
ObjectType:
L <classname> ;
ArrayType:
[ ComponentType
The characters of
BaseType, the L and ; of
ObjectType, and the [ of
ArrayType are all ASCII characters. The <classname> represents a fully qualified class or interface name. For historical reasons it is encoded in internal form (
§4.2).
The interpretation of the field types is as shown in
Table 4.2.
| BaseType Character | Type | Interpretation |
| B | byte | signed byte |
| C | char | Unicode character |
| D | double | double-precision floating-point value |
| F | float | single-precision floating-point value |
| I | int | integer |
| J | long | long integer |
| L<classname>; | reference | an instance of class <classname> |
| S | short | signed short |
| Z | boolean | true or false |
| [ | reference | one array dimension |
For example, the descriptor of an instance variable of type
int is simply I. The descriptor of an instance variable of type
Object is Ljava/lang/Object;. Note that the internal form of the fully qualified name for class
Object is used. The descriptor of an instance variable that is a multidimensional
double array,
double d[][][];
is
[[[D
4.3.3 Method Descriptors
A
method descriptor represents the parameters that the method takes and the value that it returns:
MethodDescriptor:
( ParameterDescriptor* ) ReturnDescriptor
A
parameter descriptor represents a parameter passed to a method:
ParameterDescriptor:
FieldType
A
return descriptor represents the type of the value returned from a method. It is a series of characters generated by the grammar:
ReturnDescriptor:
FieldType
V
The character V indicates that the method returns no value (its return type is
void).
A method descriptor is valid only if it represents method parameters with a total length of 255 or less, where that length includes the contribution for
this in the case of instance or interface method invocations. The total length is calculated by summing the contributions of the individual parameters, where a parameter of type
long or
double contributes two units to the length and a parameter of any other type contributes one unit.
For example, the method descriptor for the method
Object mymethod(int i, double d, Thread t)
is
(IDLjava/lang/Thread;)Ljava/lang/Object;
Note that internal forms of the fully qualified names of
Thread and
Object are used in the method descriptor.
The method descriptor for
mymethod is the same whether
mymethod is a class or an instance method. Although an instance method is passed
this, a reference to the current class instance, in addition to its intended parameters, that fact is not reflected in the method descriptor. (A reference to
this is not passed to a class method.) The reference to
this is passed implicitly by the method invocation instructions of the Java virtual machine used to invoke instance methods.
4.4 The Constant Pool
Java virtual machine instructions do not rely on the runtime layout of classes, interfaces, class instances, or arrays. Instead, instructions refer to symbolic information in the
constant_pool table.
All
constant_pool table entries have the following general format:
cp_info { u1 tag; u1 info[]; }
Each item in the
constant_pool table must begin with a 1-byte tag indicating the kind of
cp_info entry. The contents of the
info array vary with the value of
tag. The valid tags and their values are listed in
Table 4.3. Each tag byte must be followed by two or more bytes giving information about the specific constant. The format of the additional information varies with the tag value.
| Constant Type | Value |
|---|
CONSTANT_Class | 7 |
CONSTANT_Fieldref | 9 |
CONSTANT_Methodref | 10 |
CONSTANT_InterfaceMethodref | 11 |
CONSTANT_String | 8 |
CONSTANT_Integer | 3 |
CONSTANT_Float | 4 |
CONSTANT_Long | 5 |
CONSTANT_Double | 6 |
CONSTANT_NameAndType | 12 |
CONSTANT_Utf8 | 1 |
4.4.1 The CONSTANT_Class_info Structure
The
CONSTANT_Class_info structure is used to represent a class or an interface:
CONSTANT_Class_info { u1 tag; u2 name_index; }
The items of the
CONSTANT_Class_info structure are the following:
tag - The
tag item has the value CONSTANT_Class (7).
name_index - The value of the
name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing a valid fully qualified class or interface name (§2.8.1) encoded in internal form (§4.2).
Because arrays are objects, the opcodes
anewarray and
multianewarray can reference array "classes" via
CONSTANT_Class_info (§4.4.1) structures in the
constant_pool table. For such array classes, the name of the class is the descriptor of the array type. For example, the class name representing a two-dimensional
int array type
int[][]
is
[[I
The class name representing the type array of class
Thread
Thread[]
is
[Ljava/lang/Thread;
An array type descriptor is valid only if it represents 255 or fewer dimensions.
4.4.2 The CONSTANT_Fieldref_info, CONSTANT_Methodref_info, and CONSTANT_InterfaceMethodref_info Structures
Fields, methods, and interface methods are represented by similar structures:
CONSTANT_Fieldref_info { u1 tag; u2 class_index; u2 name_and_type_index; }
CONSTANT_Methodref_info { u1 tag; u2 class_index; u2 name_and_type_index; }
CONSTANT_InterfaceMethodref_info { u1 tag; u2 class_index; u2 name_and_type_index; }
The items of these structures are as follows:
tag - The
tag item of a CONSTANT_Fieldref_info structure has the value CONSTANT_Fieldref (9). The tag item of a CONSTANT_Methodref_info structure has the value CONSTANT_Methodref (10). The tag item of a CONSTANT_InterfaceMethodref_info structure has the value CONSTANT_InterfaceMethodref (11).
class_index - The value of the
class_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing the class or interface type that contains the declaration of the field or method. The class_index item of a CONSTANT_Methodref_info structure must be a class type, not an interface type. The class_index item of a CONSTANT_InterfaceMethodref_info structure must be an interface type. The class_index item of a CONSTANT_Fieldref_info structure may be either a class type or an interface type.
name_and_type_index - The value of the
name_and_type_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_NameAndType_info (§4.4.6) structure. This constant_pool entry indicates the name and descriptor of the field or method. In a CONSTANT_Fieldref_info the indicated descriptor must be a field descriptor (§4.3.2). Otherwise, the indicated descriptor must be a method descriptor (§4.3.3). If the name of the method of a CONSTANT_Methodref_info structure begins with a' <' ('\u003c'), then the name must be the special name <init>, representing an instance initialization method (§3.9). Such a method must return no value.
4.4.3 The CONSTANT_String_info Structure
The
CONSTANT_String_info structure is used to represent constant objects of the type
String:
CONSTANT_String_info { u1 tag; u2 string_index; }
The items of the
CONSTANT_String_info structure are as follows:
tag
- The
tag item of the CONSTANT_String_info structure has the value CONSTANT_String (8).
string_index
- The value of the
string_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the sequence of characters to which the String object is to be initialized.
4.4.4 The CONSTANT_Integer_info and CONSTANT_Float_info Structures
The
CONSTANT_Integer_info and
CONSTANT_Float_info structures represent 4-byte numeric (
int and
float) constants:
CONSTANT_Integer_info { u1 tag; u4 bytes; }
CONSTANT_Float_info { u1 tag; u4 bytes; }
The items of these structures are as follows:
tag - The
tag item of the CONSTANT_Integer_info structure has the value CONSTANT_Integer (3). The tag item of the CONSTANT_Float_info structure has the value CONSTANT_Float (4).
bytes - The
bytes item of the CONSTANT_Integer_info structure represents the value of the int constant. The bytes of the value are stored in big-endian (high byte first) order. The bytes item of the CONSTANT_Float_info structure represents the value of the float constant in IEEE 754 floating-point single format (§3.3.2). The bytes of the single format representation are stored in big-endian (high byte first) order. The value represented by the CONSTANT_Float_info structure is determined as follows. The bytes of the value are first converted into an int constant bits. Then:
- If bits is
0x7f800000, the float value will be positive infinity.
- If bits is
0xff800000, the float value will be negative infinity.
- If bits is in the range
0x7f800001 through 0x7fffffff or in the range 0xff800001 through 0xffffffff, the float value will be NaN.
- In all other cases, let
s, e, and m be three values that might be computed from bits:
int s = ((bits >> 31) == 0) ? 1 : -1; int e = ((bits >> 23) & 0xff); int m = (e == 0) ? (bits & 0x7fffff) << 1 : (bits & 0x7fffff) | 0x800000;
Then the float value equals the result of the mathematical expression s·m·2e-150.
4.4.5 The CONSTANT_Long_info and CONSTANT_Double_info Structures
The CONSTANT_Long_info and CONSTANT_Double_info represent 8-byte numeric (long and double) constants:
CONSTANT_Long_info { u1 tag; u4 high_bytes; u4 low_bytes; }
CONSTANT_Double_info { u1 tag; u4 high_bytes; u4 low_bytes; }
All 8-byte constants take up two entries in the constant_pool table of the class file. If a CONSTANT_Long_info or CONSTANT_Double_info structure is the item in the constant_pool table at index n, then the next usable item in the pool is located at index n+2. The constant_pool index n+1 must be valid but is considered unusable.2 The items of these structures are as follows:
tag - The
tag item of the CONSTANT_Long_info structure has the value CONSTANT_Long (5). The tag item of the CONSTANT_Double_info structure has the value CONSTANT_Double (6).
high_bytes, low_bytes - The unsigned
high_bytes and low_bytes items of the CONSTANT_Long_info structure together represent the value of the long constant ((long) high_bytes << 32) + low_bytes, where the bytes of each of high_bytes and low_bytes are stored in big-endian (high byte first) order. The high_bytes and low_bytes items of the CONSTANT_Double_info structure together represent the double value in IEEE 754 floating-point double format (§3.3.2). The bytes of each item are stored in big-endian (high byte first) order. The value represented by the CONSTANT_Double_info structure is determined as follows. The high_bytes and low_bytes items are first converted into the long constant bits, which is equal to ((long) high_bytes << 32) + low_bytes. Then:
- If bits is
0x7ff0000000000000L, the double value will be positive infinity.
- If bits is
0xfff0000000000000L, the double value will be negative infinity.
- If bits is in the range
0x7ff0000000000001L through 0x7fffffffffffffffL or in the range 0xfff0000000000001L through 0xffffffffffffffffL, the double value will be NaN.
- In all other cases, let
s, e, and m be three values that might be computed from bits:
int s = ((bits >> 63) == 0) ? 1 : -1; int e = (int)((bits >> 52) & 0x7ffL); long m = (e == 0) ? (bits & 0xfffffffffffffL) << 1 : (bits & 0xfffffffffffffL) | 0x10000000000000L;
Then the floating-point value equals the double value of the mathematical expression s·m·2e-1075.
4.4.6 The CONSTANT_NameAndType_info Structure
The CONSTANT_NameAndType_info structure is used to represent a field or method, without indicating which class or interface type it belongs to:
CONSTANT_NameAndType_info { u1 tag; u2 name_index; u2 descriptor_index; }
The items of the CONSTANT_NameAndType_info structure are as follows:
tag - The
tag item of the CONSTANT_NameAndType_info structure has the value CONSTANT_NameAndType (12).
name_index - The value of the
name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing either a valid field or method name (§2.7) stored as a simple name (§2.7.1), that is, as a Java programming language identifier (§2.2) or as the special method name <init> (§3.9).
descriptor_index - The value of the
descriptor_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing a valid field descriptor (§4.3.2) or method descriptor (§4.3.3).
4.4.7 The CONSTANT_Utf8_info Structure
The CONSTANT_Utf8_info structure is used to represent constant string values. UTF-8 strings are encoded so that character sequences that contain only non-null ASCII characters can be represented using only 1 byte per character, but characters of up to 16 bits can be represented. All characters in the range '\u0001' to '\u007F' are represented by a single byte:
The 7 bits of data in the byte give the value of the character represented. The null character ('\u0000') and characters in the range '\u0080' to '\u07FF' are represented by a pair of bytes x and y:
x:
y:
The bytes represent the character with the value ((x & 0x1f) << 6) + (y & 0x3f).
Characters in the range '\u0800' to '\uFFFF' are represented by 3 bytes x, y, and z:
x:
y:
z:
The character with the value ((x & 0xf) << 12) + ((y & 0x3f) << 6) + (z & 0x3f) is represented by the bytes.
The bytes of multibyte characters are stored in the class file in big-endian (high byte first) order.
There are two differences between this format and the "standard" UTF-8 format. First, the null byte (byte)0 is encoded using the 2-byte format rather than the 1-byte format, so that Java virtual machine UTF-8 strings never have embedded nulls. Second, only the 1-byte, 2-byte, and 3-byte formats are used. The Java virtual machine does not recognize the longer UTF-8 formats.
For more information regarding the UTF-8 format, see File System Safe UCS Transformation Format (FSS_UTF), X/Open Preliminary Specification (X/Open Company Ltd., Document Number: P316). This information also appears in ISO/IEC 10646, Annex P.
The CONSTANT_Utf8_info structure is
CONSTANT_Utf8_info { u1 tag; u2 length; u1 bytes[length]; }
The items of the CONSTANT_Utf8_info structure are the following:
tag - The
tag item of the CONSTANT_Utf8_info structure has the value CONSTANT_Utf8 (1).
length - The value of the
length item gives the number of bytes in the bytes array (not the length of the resulting string). The strings in the CONSTANT_Utf8_info structure are not null-terminated.
bytes[] - The
bytes array contains the bytes of the string. No byte may have the value (byte)0 or lie in the range (byte)0xf0-(byte)0xff.
4.5 Fields
Each field is described by a field_info structure. No two fields in one class file may have the same name and descriptor (§4.3.2). The format of this structure is
field_info { u2 access_flags; u2 name_index; u2 descriptor_index; u2 attributes_count; attribute_info attributes[attributes_count]; }
The items of the field_info structure are as follows:
access_flags - The value of the
access_flags item is a mask of flags used to denote access permission to and properties of this field. The interpretation of each flag, when set, is as shown in Table 4.4. Fields of classes may set any of the flags in Table 4.4. However, a specific field of a class may have at most one of its ACC_PRIVATE, ACC_PROTECTED, and ACC_PUBLIC flags set (§2.7.4) and may not have both its ACC_FINAL and ACC_VOLATILE flags set (§2.9.1).
| Flag Name | Value | Interpretation |
ACC_PUBLIC | 0x0001 | Declared public; may be accessed from outside its package. |
ACC_PRIVATE | 0x0002 | Declared private; usable only within the defining class. |
ACC_PROTECTED | 0x0004 | Declared protected; may be accessed within subclasses. |
ACC_STATIC | 0x0008 | Declared static. |
ACC_FINAL | 0x0010 | Declared final; no further assignment after initialization. |
ACC_VOLATILE | 0x0040 | Declared volatile; cannot be cached. |
ACC_TRANSIENT | 0x0080 | Declared transient; not written or read by a persistent object manager. |
Fields of classes may set any of the flags in Table 4.4. However, a specific field of a class may have at most one of its ACC_PRIVATE, ACC_PROTECTED, and ACC_PUBLIC flags set (§2.7.4) and may not have both its ACC_FINAL and ACC_VOLATILE flags set (§2.9.1). All fields of interfaces must have their ACC_PUBLIC, ACC_STATIC, and ACC_FINAL flags set and may not have any of the other flags in Table 4.4 set (§2.13.3.1). All bits of the access_flags item not assigned in Table 4.4 are reserved for future use. They should be set to zero in generated class files and should be ignored by Java virtual machine implementations. name_index - The value of the
name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure which must represent a valid field name (§2.7) stored as a simple name (§2.7.1), that is, as a Java programming language identifier (§2.2).
descriptor_index - The value of the
descriptor_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure that must represent a valid field descriptor (§4.3.2).
attributes_count - The value of the
attributes_count item indicates the number of additional attributes (§4.7) of this field.
attributes[] - Each value of the
attributes table must be an attribute structure (§4.7). A field can have any number of attributes associated with it. The attributes defined by this specification as appearing in the attributes table of a field_info structure are the ConstantValue (§4.7.2), Synthetic (§4.7.6), and Deprecated (§4.7.10) attributes. A Java virtual machine implementation must recognize and correctly read ConstantValue (§4.7.2) attributes found in the attributes table of a field_info structure. A Java virtual machine implementation is required to silently ignore any or all other attributes in the attributes table that it does not recognize. Attributes not defined in this specification are not allowed to affect the semantics of the class file, but only to provide additional descriptive information (§4.7.1).
4.6 Methods
Each method, including each instance initialization method (§3.9) and the class or interface initialization method (§3.9), is described by a method_info structure. No two methods in one class file may have the same name and descriptor (§4.3.3). The structure has the following format:
method_info { u2 access_flags; u2 name_index; u2 descriptor_index; u2 attributes_count; attribute_info attributes[attributes_count]; }
The items of the method_info structure are as follows:
access_flags - The value of the
access_flags item is a mask of flags used to denote access permission to and properties of this method. The interpretation of each flag, when set, is as shown in Table 4.5.
| Flag Name | Value | Interpretation |
ACC_PUBLIC | 0x0001 | Declared public; may be accessed from outside its package. |
ACC_PRIVATE | 0x0002 | Declared private; accessible only within the defining class. |
ACC_PROTECTED | 0x0004 | Declared protected; may be accessed within subclasses. |
ACC_STATIC | 0x0008 | Declared static. |
ACC_FINAL | 0x0010 | Declared final; may not be overridden. |
ACC_SYNCHRONIZED | 0x0020 | Declared synchronized; invocation is wrapped in a monitor lock. |
ACC_NATIVE | 0x0100 | Declared native; implemented in a language other than Java. |
ACC_ABSTRACT | 0x0400 | Declared abstract; no implementation is provided. |
ACC_STRICT | 0x0800 | Declared strictfp; floating-point mode is FP-strict |
Methods of classes may set any of the flags in Table 4.5. However, a specific method of a class may have at most one of its ACC_PRIVATE, ACC_PROTECTED, and ACC_PUBLIC flags set (§2.7.4). If such a method has its ACC_ABSTRACT flag set it may not have any of its ACC_FINAL, ACC_NATIVE, ACC_PRIVATE, ACC_STATIC, ACC_STRICT, or ACC_SYNCHRONIZED flags set (§2.13.3.2). All interface methods must have their ACC_ABSTRACT and ACC_PUBLIC flags set and may not have any of the other flags in Table 4.5 set (§2.13.3.2). A specific instance initialization method (§3.9) may have at most one of its ACC_PRIVATE, ACC_PROTECTED, and ACC_PUBLIC flags set and may also have its ACC_STRICT flag set, but may not have any of the other flags in Table 4.5 set. Class and interface initialization methods (§3.9) are called implicitly by the Java virtual machine; the value of their access_flags item is ignored except for the settings of the ACC_STRICT flag. All bits of the access_flags item not assigned in Table 4.5 are reserved for future use. They should be set to zero in generated class files and should be ignored by Java virtual machine implementations.
name_index - The value of the
name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing either one of the special method names (§3.9), <init> or <clinit>, or a valid method name in the Java programming language (§2.7), stored as a simple name (§2.7.1).
descriptor_index - The value of the
descriptor_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing a valid method descriptor (§4.3.3).
attributes_count - The value of the
attributes_count item indicates the number of additional attributes (§4.7) of this method.
attributes[] - Each value of the
attributes table must be an attribute structure (§4.7). A method can have any number of optional attributes associated with it. The only attributes defined by this specification as appearing in the attributes table of a method_info structure are the Code (§4.7.3), Exceptions (§4.7.4), Synthetic (§4.7.6), and Deprecated (§4.7.10) attributes. A Java virtual machine implementation must recognize and correctly read Code (§4.7.3) and Exceptions (§4.7.4) attributes found in the attributes table of a method_info structure. A Java virtual machine implementation is required to silently ignore any or all other attributes in the attributes table of a method_info structure that it does not recognize. Attributes not defined in this specification are not allowed to affect the semantics of the class file, but only to provide additional descriptive information (§4.7.1).
4.7 Attributes
Attributes are used in the ClassFile (§4.1), field_info (§4.5), method_info (§4.6), and Code_attribute (§4.7.3) structures of the class file format. All attributes have the following general format:
attribute_info { u2 attribute_name_index; u4 attribute_length; u1 info[attribute_length]; }
For all attributes, the attribute_name_index must be a valid unsigned 16-bit index into the constant pool of the class. The constant_pool entry at attribute_name_index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the name of the attribute. The value of the attribute_length item indicates the length of the subsequent information in bytes. The length does not include the initial six bytes that contain the attribute_name_index and attribute_length items. Certain attributes are predefined as part of the class file specification. The predefined attributes are the SourceFile (§4.7.7), ConstantValue (§4.7.2), Code (§4.7.3), Exceptions (§4.7.4), InnerClasses (§4.7.5), Synthetic (§4.7.6), LineNumberTable (§4.7.8), LocalVariableTable (§4.7.9), and Deprecated (§4.7.10) attributes. Within the context of their use in this specification, that is, in the attributes tables of the class file structures in which they appear, the names of these predefined attributes are reserved.
Of the predefined attributes, the Code, ConstantValue, and Exceptions attributes must be recognized and correctly read by a class file reader for correct interpretation of the class file by a Java virtual machine implementation. The InnerClasses and Synthetic attributes must be recognized and correctly read by a class file reader in order to properly implement the Java and Java 2 platform class libraries (§3.12). Use of the remaining predefined attributes is optional; a class file reader may use the information they contain, or otherwise must silently ignore those attributes.
4.7.1 Defining and Naming New Attributes
Compilers are permitted to define and emit class files containing new attributes in the attributes tables of class file structures. Java virtual machine implementations are permitted to recognize and use new attributes found in the attributes tables of class file structures. However, any attribute not defined as part of this Java virtual machine specification must not affect the semantics of class or interface types. Java virtual machine implementations are required to silently ignore attributes they do not recognize. For instance, defining a new attribute to support vendor-specific debugging is permitted. Because Java virtual machine implementations are required to ignore attributes they do not recognize, class files intended for that particular Java virtual machine implementation will be usable by other implementations even if those implementations cannot make use of the additional debugging information that the class files contain.
Java virtual machine implementations are specifically prohibited from throwing an exception or otherwise refusing to use class files simply because of the presence of some new attribute. Of course, tools operating on class files may not run correctly if given class files that do not contain all the attributes they require.
Two attributes that are intended to be distinct, but that happen to use the same attribute name and are of the same length, will conflict on implementations that recognize either attribute. Attributes defined other than by Sun must have names chosen according to the package naming convention defined by The Java Language Specification. For instance, a new attribute defined by Netscape might have the name "com.Netscape.new-attribute".3
Sun may define additional attributes in future versions of this class file specification.
4.7.2 The ConstantValue Attribute
The ConstantValue attribute is a fixed-length attribute used in the attributes table of the field_info (§4.5) structures. A ConstantValue attribute represents the value of a constant field that must be (explicitly or implicitly) static; that is, the ACC_STATIC bit (Table 4.4) in the flags item of the field_info structure must be set. There can be no more than one ConstantValue attribute in the attributes table of a given field_info structure. The constant field represented by the field_info structure is assigned the value referenced by its ConstantValue attribute as part of the initialization of the class or interface declaring the constant field (§2.17.4). This occurs immediately prior to the invocation of the class or interface initialization method (§3.9) of that class or interface. If a field_info structure representing a non-static field has a ConstantValue attribute, then that attribute must silently be ignored. Every Java virtual machine implementation must recognize ConstantValue attributes.
The ConstantValue attribute has the following format:
ConstantValue_attribute { u2 attribute_name_index; u4 attribute_length; u2 constantvalue_index; }
The items of the ConstantValue_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "ConstantValue".
attribute_length - The value of the
attribute_length item of a ConstantValue_attribute structure must be 2.
constantvalue_index - The value of the
constantvalue_index item must be a valid index into the constant_pool table. The constant_pool entry at that index gives the constant value represented by this attribute. The constant_pool entry must be of a type appropriate to the field, as shown by Table 4.6.
| Field Type | Entry Type |
long | CONSTANT_Long |
float | CONSTANT_Float |
double | CONSTANT_Double |
int, short, char, byte, boolean | CONSTANT_Integer |
String | CONSTANT_String |
4.7.3 The Code Attribute
The Code attribute is a variable-length attribute used in the attributes table of method_info structures. A Code attribute contains the Java virtual machine instructions and auxiliary information for a single method, instance initialization method (§3.9), or class or interface initialization method (§3.9). Every Java virtual machine implementation must recognize Code attributes. If the method is either native or abstract, its method_info structure must not have a Code attribute. Otherwise, its method_info structure must have exactly one Code attribute. The Code attribute has the following format:
Code_attribute { u2 attribute_name_index; u4 attribute_length; u2 max_stack; u2 max_locals; u4 code_length; u1 code[code_length]; u2 exception_table_length; { u2 start_pc; u2 end_pc; u2 handler_pc; u2 catch_type; } exception_table[exception_table_length]; u2 attributes_count; attribute_info attributes[attributes_count]; }
The items of the Code_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "Code".
attribute_length - The value of the
attribute_length item indicates the length of the attribute, excluding the initial six bytes.
max_stack - The value of the
max_stack item gives the maximum depth (§3.6.2) of the operand stack of this method at any point during execution of the method.
max_locals - The value of the
max_locals item gives the number of local variables in the local variable array allocated upon invocation of this method, including the local variables used to pass parameters to the method on its invocation. The greatest local variable index for a value of type long or double is max_locals-2. The greatest local variable index for a value of any other type is max_locals-1.
code_length - The value of the
code_length item gives the number of bytes in the code array for this method. The value of code_length must be greater than zero; the code array must not be empty.
code[] - The
code array gives the actual bytes of Java virtual machine code that implement the method. When the code array is read into memory on a byte-addressable machine, if the first byte of the array is aligned on a 4-byte boundary, the tableswitch and lookupswitch 32-bit offsets will be 4-byte aligned. (Refer to the descriptions of those instructions for more information on the consequences of code array alignment.) The detailed constraints on the contents of the code array are extensive and are given in a separate section (§4.8).
exception_table_length - The value of the
exception_table_length item gives the number of entries in the exception_table table.
exception_table[] - Each entry in the
exception_table array describes one exception handler in the code array. The order of the handlers in the exception_table array is significant. See Section 3.10 for more details. Each exception_table entry contains the following four items:
start_pc, end_pc - The values of the two items
start_pc and end_pc indicate the ranges in the code array at which the exception handler is active. The value of start_pc must be a valid index into the code array of the opcode of an instruction. The value of end_pc either must be a valid index into the code array of the opcode of an instruction or must be equal to code_length, the length of the code array. The value of start_pc must be less than the value of end_pc. The start_pc is inclusive and end_pc is exclusive; that is, the exception handler must be active while the program counter is within the interval [start_pc, end_pc).4
handler_pc - The value of the
handler_pc item indicates the start of the exception handler. The value of the item must be a valid index into the code array and must be the index of the opcode of an instruction.
catch_type - If the value of the
catch_type item is nonzero, it must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing a class of exceptions that this exception handler is designated to catch. This class must be the class Throwable or one of its subclasses. The exception handler will be called only if the thrown exception is an instance of the given class or one of its subclasses. If the value of the catch_type item is zero, this exception handler is called for all exceptions. This is used to implement finally (see Section 7.13, "Compiling finally").
attributes_count
- The value of the
attributes_count item indicates the number of attributes of the Code attribute.
attributes[]
- Each value of the
attributes table must be an attribute structure (§4.7). A Code attribute can have any number of optional attributes associated with it. Currently, the LineNumberTable (§4.7.8) and LocalVariableTable (§4.7.9) attributes, both of which contain debugging information, are defined and used with the Code attribute.
A Java virtual machine implementation is permitted to silently ignore any or all attributes in the attributes table of a Code attribute. Attributes not defined in this specification are not allowed to affect the semantics of the class file, but only to provide additional descriptive information (§4.7.1).
4.7.4 The Exceptions Attribute
The Exceptions attribute is a variable-length attribute used in the attributes table of a method_info (§4.6) structure. The Exceptions attribute indicates which checked exceptions a method may throw. There may be at most one Exceptions attribute in each method_info structure. The Exceptions attribute has the following format:
Exceptions_attribute { u2 attribute_name_index; u4 attribute_length; u2 number_of_exceptions; u2 exception_index_table[number_of_exceptions]; }
The items of the Exceptions_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be the CONSTANT_Utf8_info (§4.4.7) structure representing the string "Exceptions".
attribute_length - The value of the
attribute_length item indicates the attribute length, excluding the initial six bytes.
number_of_exceptions - The value of the
number_of_exceptions item indicates the number of entries in the exception_index_table.
exception_index_table[] - Each value in the
exception_index_table array must be a valid index into the constant_pool table. The constant_pool entry referenced by each table item must be a CONSTANT_Class_info (§4.4.1) structure representing a class type that this method is declared to throw.
A method should throw an exception only if at least one of the following three criteria is met:
- The exception is an instance of
RuntimeException or one of its subclasses.
- The exception is an instance of
Error or one of its subclasses.
- The exception is an instance of one of the exception classes specified in the
exception_index_table just described, or one of their subclasses.
These requirements are not enforced in the Java virtual machine; they are enforced only at compile time.
4.7.5 The InnerClasses Attribute
The InnerClasses attribute5 is a variable-length attribute in the attributes table of the ClassFile (§4.1) structure. If the constant pool of a class or interface refers to any class or interface that is not a member of a package, its ClassFile structure must have exactly one InnerClasses attribute in its attributes table. The InnerClasses attribute has the following format:
InnerClasses_attribute { u2 attribute_name_index; u4 attribute_length; u2 number_of_classes; { u2 inner_class_info_index; u2 outer_class_info_index; u2 inner_name_index; u2 inner_class_access_flags; } classes[number_of_classes]; }
The items of the InnerClasses_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "InnerClasses".
attribute_length - The value of the
attribute_length item indicates the length of the attribute, excluding the initial six bytes.
number_of_classes - The value of the
number_of_classes item indicates the number of entries in the classes array.
classes[] - Every
CONSTANT_Class_info entry in the constant_pool table which represents a class or interface C that is not a package member must have exactly one corresponding entry in the classes array. If a class has members that are classes or interfaces, its constant_pool table (and hence its InnerClasses attribute) must refer to each such member, even if that member is not otherwise mentioned by the class. These rules imply that a nested class or interface member will have InnerClasses information for each enclosing class and for each immediate member. Each classes array entry contains the following four items:
inner_class_info_index - The value of the
inner_class_info_index item must be zero or a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing C. The remaining items in the classes array entry give information about C.
outer_class_info_index - If C is not a member, the value of the
outer_class_info_index item must be zero. Otherwise, the value of the outer_class_info_index item must be a valid index into the constant_pool table, and the entry at that index must be a CONSTANT_Class_info (§4.4.1) structure representing the class or interface of which C is a member.
inner_name_index - If C is anonymous, the value of the
inner_name_index item must be zero. Otherwise, the value of the inner_name_index item must be a valid index into the constant_pool table, and the entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure that represents the original simple name of C, as given in the source code from which this class file was compiled.
inner_class_access_flags - The value of the
inner_class_access_flags item is a mask of flags used to denote access permissions to and properties of class or interface C as declared in the source code from which this class file was compiled. It is used by compilers to recover the original information when source code is not available. The flags are shown in Table 4.7.
| Flag Name | Value | Meaning |
ACC_PUBLIC | 0x0001 | Marked or implicitly public in source. |
ACC_PRIVATE | 0x0002 | Marked private in source. |
ACC_PROTECTED | 0x0004 | Marked protected in source. |
ACC_STATIC | 0x0008 | Marked or implicitly static in source. |
ACC_FINAL | 0x0010 | Marked final in source. |
ACC_INTERFACE | 0x0200 | Was an interface in source. |
ACC_ABSTRACT | 0x0400 | Marked or implicitly abstract in source. |
All bits of the inner_class_access_flags item not assigned in Table 4.7 are reserved for future use. They should be set to zero in generated class files and should be ignored by Java virtual machine implementations.
The Java virtual machine does not currently check the consistency of the InnerClasses attribute with any class file actually representing a class or interface referenced by the attribute.
4.7.6 The Synthetic Attribute
The Synthetic attribute6 is a fixed-length attribute in the attributes table of ClassFile (§4.1), field_info (§4.5), and method_info (§4.6) structures. A class member that does not appear in the source code must be marked using a Synthetic attribute.
The Synthetic attribute has the following format:
Synthetic_attribute { u2 attribute_name_index; u4 attribute_length; }
The items of the Synthetic_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "Synthetic".
attribute_length - The value of the
attribute_length item is zero.
4.7.7 The SourceFile Attribute
The SourceFile attribute is an optional fixed-length attribute in the attributes table of the ClassFile (§4.1) structure. There can be no more than one SourceFile attribute in the attributes table of a given ClassFile structure. The SourceFile attribute has the following format:
SourceFile_attribute { u2 attribute_name_index; u4 attribute_length; u2 sourcefile_index; }
The items of the SourceFile_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "SourceFile".
attribute_length - The value of the
attribute_length item of a SourceFile_attribute structure must be 2.
sourcefile_index - The value of the
sourcefile_index item must be a valid index into the constant_pool table. The constant pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing a string. The string referenced by the sourcefile_index item will be interpreted as indicating the name of the source file from which this class file was compiled. It will not be interpreted as indicating the name of a directory containing the file or an absolute path name for the file; such platform-specific additional information must be supplied by the runtime interpreter or development tool at the time the file name is actually used.
4.7.8 The LineNumberTable Attribute
The LineNumberTable attribute is an optional variable-length attribute in the attributes table of a Code (§4.7.3) attribute. It may be used by debuggers to determine which part of the Java virtual machine code array corresponds to a given line number in the original source file. If LineNumberTable attributes are present in the attributes table of a given Code attribute, then they may appear in any order. Furthermore, multiple LineNumberTable attributes may together represent a given line of a source file; that is, LineNumberTable attributes need not be one-to-one with source lines. The LineNumberTable attribute has the following format:
LineNumberTable_attribute { u2 attribute_name_index; u4 attribute_length; u2 line_number_table_length; { u2 start_pc; u2 line_number; } line_number_table[line_number_table_length]; }
The items of the LineNumberTable_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "LineNumberTable".
attribute_length - The value of the
attribute_length item indicates the length of the attribute, excluding the initial six bytes.
line_number_table_length - The value of the
line_number_table_length item indicates the number of entries in the line_number_table array.
line_number_table[] - Each entry in the
line_number_table array indicates that the line number in the original source file changes at a given point in the code array. Each line_number_table entry must contain the following two items:
start_pc - The value of the
start_pc item must indicate the index into the code array at which the code for a new line in the original source file begins. The value of start_pc must be less than the value of the code_length item of the Code attribute of which this LineNumberTable is an attribute.
line_number - The value of the
line_number item must give the corresponding line number in the original source file.
4.7.9 The LocalVariableTable Attribute
The LocalVariableTable attribute is an optional variable-length attribute of a Code (§4.7.3) attribute. It may be used by debuggers to determine the value of a given local variable during the execution of a method. If LocalVariableTable attributes are present in the attributes table of a given Code attribute, then they may appear in any order. There may be no more than one LocalVariableTable attribute per local variable in the Code attribute. The LocalVariableTable attribute has the following format:
LocalVariableTable_attribute { u2 attribute_name_index; u4 attribute_length; u2 local_variable_table_length; { u2 start_pc; u2 length; u2 name_index; u2 descriptor_index; u2 index; } local_variable_table[local_variable_table_length]; }
The items of the LocalVariableTable_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "LocalVariableTable".
attribute_length - The value of the
attribute_length item indicates the length of the attribute, excluding the initial six bytes.
local_variable_table_length - The value of the
local_variable_table_length item indicates the number of entries in the local_variable_table array.
local_variable_table[] - Each entry in the
local_variable_table array indicates a range of code array offsets within which a local variable has a value. It also indicates the index into the local variable array of the current frame at which that local variable can be found. Each entry must contain the following five items:
start_pc, length - The given local variable must have a value at indices into the
code array in the interval [start_pc, start_pc+length], that is, between start_pc and start_pc+length inclusive. The value of start_pc must be a valid index into the code array of this Code attribute and must be the index of the opcode of an instruction. Either the value of start_pc+length must be a valid index into the code array of this Code attribute and be the index of the opcode of an instruction, or it must be the first index beyond the end of that code array.
name_index, descriptor_index - The value of the
name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must contain a CONSTANT_Utf8_info (§4.4.7) structure representing a valid local variable name stored as a simple name (§2.7.1). The value of the descriptor_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must contain a CONSTANT_Utf8_info (§4.4.7) structure representing a field descriptor (§4.3.2) encoding the type of a local variable in the source program.
index - The given local variable must be at
index in the local variable array of the current frame. If the local variable at index is of type double or long, it occupies both index and index+1.
4.7.10 The Deprecated Attribute
The Deprecated attribute7 is an optional fixed-length attribute in the attributes table of ClassFile (§4.1), field_info (§4.5), and method_info (§4.6) structures. A class, interface, method, or field may be marked using a Deprecated attribute to indicate that the class, interface, method, or field has been superseded. A runtime interpreter or tool that reads the class file format, such as a compiler, can use this marking to advise the user that a superseded class, interface, method, or field is being referred to. The presence of a Deprecated attribute does not alter the semantics of a class or interface. The Deprecated attribute has the following format:
Deprecated_attribute { u2 attribute_name_index; u4 attribute_length; }
The items of the Deprecated_attribute structure are as follows:
attribute_name_index - The value of the
attribute_name_index item must be a valid index into the constant_pool table. The constant_pool entry at that index must be a CONSTANT_Utf8_info (§4.4.7) structure representing the string "Deprecated".
attribute_length - The value of the
attribute_length item is zero.
4.8 Constraints on Java Virtual Machine Code
The Java virtual machine code for a method, instance initialization method (§3.9), or class or interface initialization method (§3.9) is stored in the code array of the Code attribute of a method_info structure of a class file. This section describes the constraints associated with the contents of the Code_attribute structure.
4.8.1 Static Constraints
The static constraints on a class file are those defining the well-formedness of the file. With the exception of the static constraints on the Java virtual machine code of the class file, these constraints have been given in the previous section. The static constraints on the Java virtual machine code in a class file specify how Java virtual machine instructions must be laid out in the code array and what the operands of individual instructions must be.
The static constraints on the instructions in the code array are as follows:
- The
code array must not be empty, so the code_length item cannot have the value 0.
- The value of the
code_length item must be less than 65536.
- The opcode of the first instruction in the
code array begins at index 0.
- Only instances of the instructions documented in Section 6.4 may appear in the
code array. Instances of instructions using the reserved opcodes (§6.2) or any opcodes not documented in this specification may not appear in the code array.
- For each instruction in the
code array except the last, the index of the opcode of the next instruction equals the index of the opcode of the current instruction plus the length of that instruction, including all its operands. The wide instruction is treated like any other instruction for these purposes; the opcode specifying the operation that a wide instruction is to modify is treated as one of the operands of that wide instruction. That opcode must never be directly reachable by the computation.
- The last byte of the last instruction in the
code array must be the byte at index code_length-1.
The static constraints on the operands of instructions in the code array are as follows:
- The target of each jump and branch instruction (jsr, jsr_w, goto, goto_w, ifeq, ifne, ifle, iflt, ifge, ifgt, ifnull, ifnonnull, if_icmpeq, if_icmpne, if_icmple, if_icmplt, if_icmpge, if_icmpgt, if_acmpeq, if_acmpne) must be the opcode of an instruction within this method. The target of a jump or branch instruction must never be the opcode used to specify the operation to be modified by a wide instruction; a jump or branch target may be the wide instruction itself.
- Each target, including the default, of each tableswitch instruction must be the opcode of an instruction within this method. Each tableswitch instruction must have a number of entries in its jump table that is consistent with the value of its low and high jump table operands, and its low value must be less than or equal to its high value. No target of a tableswitch instruction may be the opcode used to specify the operation to be modified by a wide instruction; a tableswitch target may be a wide instruction itself.
- Each target, including the default, of each lookupswitch instruction must be the opcode of an instruction within this method. Each lookupswitch instruction must have a number of match-offset pairs that is consistent with the value of its npairs operand. The match-offset pairs must be sorted in increasing numerical order by signed match value. No target of a lookupswitch instruction may be the opcode used to specify the operation to be modified by a wide instruction; a lookupswitch target may be a wide instruction itself.
- The operand of each ldc instruction must be a valid index into the
constant_pool table. The operands of each ldc_w instruction must represent a valid index into the constant_pool table. In both cases the constant pool entry referenced by that index must be of type CONSTANT_Integer, CONSTANT_Float, or CONSTANT_String.
- The operands of each ldc2_w instruction must represent a valid index into the
constant_pool table. The constant pool entry referenced by that index must be of type CONSTANT_Long or CONSTANT_Double. In addition, the subsequent constant pool index must also be a valid index into the constant pool, and the constant pool entry at that index must not be used.
- The operands of each getfield, putfield, getstatic, and putstatic instruction must represent a valid index into the
constant_pool table. The constant pool entry referenced by that index must be of type CONSTANT_Fieldref.
- The indexbyte operands of each invokevirtual, invokespecial, and invokestatic instruction must represent a valid index into the
constant_pool table. The constant pool entry referenced by that index must be of type CONSTANT_Methodref.
- Only the invokespecial instruction is allowed to invoke an instance initialization method (§3.9). No other method whose name begins with the character
'<' ('\u003c') may be called by the method invocation instructions. In particular, the class or interface initialization method specially named <clinit> is never called explicitly from Java virtual machine instructions, but only implicitly by the Java virtual machine itself.
- The indexbyte operands of each invokeinterface instruction must represent a valid index into the
constant_pool table. The constant pool entry referenced by that index must be of type CONSTANT_InterfaceMethodref. The value of the count operand of each invokeinterface instruction must reflect the number of local variables necessary to store the arguments to be passed to the interface method, as implied by the descriptor of the CONSTANT_NameAndType_info structure referenced by the CONSTANT_InterfaceMethodref constant pool entry. The fourth operand byte of each invokeinterface instruction must have the value zero.
- The operands of each instanceof, checkcast, new, and anewarray instruction and the indexbyte operands of each multianewarray instruction must represent a valid index into the
constant_pool table. The constant pool entry referenced by that index must be of type CONSTANT_Class.
- No anewarray instruction may be used to create an array of more than 255 dimensions.
- No new instruction may reference a
CONSTANT_Class constant_pool table entry representing an array class. The new instruction cannot be used to create an array. The new instruction also cannot be used to create an instance of an interface or an instance of an abstract class.
- A multianewarray instruction must be used only to create an array of a type that has at least as many dimensions as the value of its dimensions operand. That is, while a multianewarray instruction is not required to create all of the dimensions of the array type referenced by its indexbyte operands, it must not attempt to create more dimensions than are in the array type. The dimensions operand of each multianewarray instruction must not be zero.
- The atype operand of each newarray instruction must take one of the values
T_BOOLEAN (4), T_CHAR (5), T_FLOAT (6), T_DOUBLE (7), T_BYTE (8), T_SHORT (9), T_INT (10), or T_LONG (11).
- The index operand of each iload, fload, aload, istore, fstore, astore, iinc, and ret instruction must be a nonnegative integer no greater than
max_locals-1.
- The implicit index of each iload_<n>, fload_<n>, aload_<n>, istore_<n>, fstore_<n>, and astore_<n> instruction must be no greater than the value of
max_locals-1.
- The index operand of each lload, dload, lstore, and dstore instruction must be no greater than the value of
max_locals-2.
- The implicit index of each lload_<n>, dload_<n>, lstore_<n>, and dstore_<n> instruction must be no greater than the value of
max_locals-2.
- The indexbyte operands of each wide instruction modifying an iload, fload, aload, istore, fstore, astore, ret, or iinc instruction must represent a nonnegative integer no greater than
max_locals-1. The indexbyte operands of each wide instruction modifying an lload, dload, lstore, or dstore instruction must represent a nonnegative integer no greater than max_locals-2.
4.8.2 Structural Constraints
The structural constraints on the code array specify constraints on relationships between Java virtual machine instructions. The structural constraints are as follows:
- Each instruction must only be executed with the appropriate type and number of arguments in the operand stack and local variable array, regardless of the execution path that leads to its invocation. An instruction operating on values of type
int is also permitted to operate on values of type boolean, byte, char, and short. (As noted in §3.3.4 and §3.11.1, the Java virtual machine internally converts values of types boolean, byte, char, and short to type int.)
- If an instruction can be executed along several different execution paths, the operand stack must have the same depth (§3.6.2) prior to the execution of the instruction, regardless of the path taken.
- At no point during execution can the order of the local variable pair holding a value of type
long or double be reversed or the pair split up. At no point can the local variables of such a pair be operated on individually.
- No local variable (or local variable pair, in the case of a value of type
long or double) can be accessed before it is assigned a value.
- At no point during execution can the operand stack grow to a depth (§3.6.2) greater than that implied by the
max_stack item.
- At no point during execution can more values be popped from the operand stack than it contains.
- Each invokespecial instruction must name an instance initialization method (§3.9), a method in the current class, or a method in a superclass of the current class.
- When the instance initialization method (§3.9) is invoked, an uninitialized class instance must be in an appropriate position on the operand stack. An instance initialization method must never be invoked on an initialized class instance.
- When any instance method is invoked or when any instance variable is accessed, the class instance that contains the instance method or instance variable must already be initialized.
- There must never be an uninitialized class instance on the operand stack or in a local variable when any backwards branch is taken. There must never be an uninitialized class instance in a local variable in code protected by an exception handler. However, an uninitialized class instance may be on the operand stack in code protected by an exception handler. When an exception is thrown, the contents of the operand stack are discarded.
- Each instance initialization method (§3.9), except for the instance initialization method derived from the constructor of class
Object, must call either another instance initialization method of this or an instance initialization method of its direct superclass super before its instance members are accessed. However, instance fields of this that are declared in the current class may be assigned before calling any instance initialization method.
- The arguments to each method invocation must be method invocation compatible (§2.6.8) with the method descriptor (§4.3.3).
- The type of every class instance that is the target of a method invocation instruction must be assignment compatible (§2.6.7) with the class or interface type specified in the instruction.
- Each return instruction must match its method's return type. If the method returns a
boolean, byte, char, short, or int, only the ireturn instruction may be used. If the method returns a float, long, or double, only an freturn, lreturn, or dreturn instruction, respectively, may be used. If the method returns a reference type, it must do so using an areturn instruction, and the type of the returned value must be assignment compatible (§2.6.7) with the return descriptor (§4.3.3) of the method. All instance initialization methods, class or interface initialization methods, and methods declared to return void must use only the return instruction.
- If getfield or putfield is used to access a
protected field of a superclass, then the type of the class instance being accessed must be the same as or a subclass of the current class. If invokevirtual or invokespecial is used to access a protected method of a superclass, then the type of the class instance being accessed must be the same as or a subclass of the current class.
- The type of every class instance accessed by a getfield instruction or modified by a putfield instruction must be assignment compatible (§2.6.7) with the class type specified in the instruction.
- The type of every value stored by a putfield or putstatic instruction must be compatible with the descriptor of the field (§4.3.2) of the class instance or class being stored into. If the descriptor type is
boolean, byte, char, short, or int, then the value must be an int. If the descriptor type is float, long, or double, then the value must be a float, long, or double, respectively. If the descriptor type is a reference type, then the value must be of a type that is assignment compatible (§2.6.7) with the descriptor type.
- The type of every value stored into an array of type
reference by an aastore instruction must be assignment compatible (§2.6.7) with the component type of the array.
- Each athrow instruction must throw only values that are instances of class
Throwable or of subclasses of Throwable.
- Execution never falls off the bottom of the
code array.
- No return address (a value of type
returnAddress) may be loaded from a local variable.
- The instruction following each jsr or jsr_w instruction may be returned to only by a single ret instruction.
- No jsr or jsr_w instruction may be used to recursively call a subroutine if that subroutine is already present in the subroutine call chain. (Subroutines can be nested when using
try-finally constructs from within a finally clause. For more information on Java virtual machine subroutines, see §4.9.6.)
- Each instance of type
returnAddress can be returned to at most once. If a ret instruction returns to a point in the subroutine call chain above the ret instruction corresponding to a given instance of type returnAddress, then that instance can never be used as a return address.
4.9 Verification of class Files
Even though Sun's compiler for the Java programming language attempts to produce only class files that satisfy all the static constraints in the previous sections, the Java virtual machine has no guarantee that any file it is asked to load was generated by that compiler or is properly formed. Applications such as Sun's HotJava World Wide Web browser do not download source code, which they then compile; these applications download already-compiled class files. The HotJava browser needs to determine whether the class file was produced by a trustworthy compiler or by an adversary attempting to exploit the virtual machine. An additional problem with compile-time checking is version skew. A user may have successfully compiled a class, say PurchaseStockOptions, to be a subclass of TradingClass. But the definition of TradingClass might have changed since the time the class was compiled in a way that is not compatible with preexisting binaries. Methods might have been deleted or had their return types or modifiers changed. Fields might have changed types or changed from instance variables to class variables. The access modifiers of a method or variable may have changed from public to private. For a discussion of these issues, see Chapter 13, "Binary Compatibility," in the first edition of The Java Language Specification or the equivalent chapter in the second edition.
Because of these potential problems, the Java virtual machine needs to verify for itself that the desired constraints are satisfied by the class files it attempts to incorporate. A Java virtual machine implementation verifies that each class file satisfies the necessary constraints at linking time (§2.17.3). Structural constraints on the Java virtual machine code may be checked using a simple theorem prover.
Linking-time verification enhances the performance of the interpreter. Expensive checks that would otherwise have to be performed to verify constraints at run time for each interpreted instruction can be eliminated. The Java virtual machine can assume that these checks have already been performed. For example, the Java virtual machine will already know the following:
- There are no operand stack overflows or underflows.
- All local variable uses and stores are valid.
- The arguments to all the Java virtual machine instructions are of valid types.
Sun's class file verifier is independent of any compiler. It should certify all code generated by Sun's compiler for the Java programming language; it should also certify code that other compilers can generate, as well as code that the current compiler could not possibly generate. Any class file that satisfies the structural criteria and static constraints will be certified by the verifier. The class file verifier is also independent of the Java programming language. Programs written in other languages can be compiled into the class file format, but will pass verification only if all the same constraints are satisfied.
4.9.1 The Verification Process
The class file verifier operates in four passes: Pass 1:
When a prospective class file is loaded (§2.17.2) by the Java virtual machine, the Java virtual machine first ensures that the file has the basic format of a class file. The first four bytes must contain the right magic number. All recognized attributes must be of the proper length. The class file must not be truncated or have extra bytes at the end. The constant pool must not contain any superficially unrecognizable information.
While class file verification properly occurs during class linking (§2.17.3), this check for basic class file integrity is necessary for any interpretation of the class file contents and can be considered to be logically part of the verification process.
Pass 2:
When the class file is linked, the verifier performs all additional verification that can be done without looking at the code array of the Code attribute (§4.7.3). The checks performed by this pass include the following:
- Ensuring that
final classes are not subclassed and that final methods are not overridden.
- Checking that every class (except
Object) has a direct superclass.
- Ensuring that the constant pool satisfies the documented static constraints: for example, that each
CONSTANT_Class_info structure in the constant pool contains in its name_index item a valid constant pool index for a CONSTANT_Utf8_info structure.
- Checking that all field references and method references in the constant pool have valid names, valid classes, and a valid type descriptor.
Note that when it looks at field and method references, this pass does not check to make sure that the given field or method actually exists in the given class, nor does it check that the type descriptors given refer to real classes. It checks only that these items are well formed. More detailed checking is delayed until passes 3 and 4. Pass 3:
During linking, the verifier checks the code array of the Code attribute for each method of the class file by performing data-flow analysis on each method. The verifier ensures that at any given point in the program, no matter what code path is taken to reach that point, the following is true:
- The operand stack is always the same size and contains the same types of values.
- No local variable is accessed unless it is known to contain a value of an appropriate type.
- Methods are invoked with the appropriate arguments.
- Fields are assigned only using values of appropriate types.
- All opcodes have appropriate type arguments on the operand stack and in the local variable array.
For further information on this pass, see Section 4.9.2, "The Bytecode Verifier." Pass 4:
For efficiency reasons, certain tests that could in principle be performed in Pass 3 are delayed until the first time the code for the method is actually invoked. In so doing, Pass 3 of the verifier avoids loading class files unless it has to.
For example, if a method invokes another method that returns an instance of class A, and that instance is assigned only to a field of the same type, the verifier does not bother to check if the class A actually exists. However, if it is assigned to a field of the type B, the definitions of both A and B must be loaded in to ensure that A is a subclass of B.
Pass 4 is a virtual pass whose checking is done by the appropriate Java virtual machine instructions. The first time an instruction that references a type is executed, the executing instruction does the following:
- Loads in the definition of the referenced type if it has not already been loaded.
- Checks that the currently executing type is allowed to reference the type.
The first time an instruction invokes a method, or accesses or modifies a field, the executing instruction does the following:
- Ensures that the referenced method or field exists in the given class.
- Checks that the referenced method or field has the indicated descriptor.
- Checks that the currently executing method has access to the referenced method or field.
The Java virtual machine does not have to check the type of the object on the operand stack. That check has already been done by Pass 3. Errors that are detected in Pass 4 cause instances of subclasses of LinkageError to be thrown. A Java virtual machine implementation is allowed to perform any or all of the Pass 4 steps as part of Pass 3; see 2.17.1, "Virtual Machine Start-up" for an example and more discussion.
In one of Sun's Java virtual machine implementations, after the verification has been performed, the instruction in the Java virtual machine code is replaced with an alternative form of the instruction. This alternative instruction indicates that the verification needed by this instruction has taken place and does not need to be performed again. Subsequent invocations of the method will thus be faster. It is illegal for these alternative instruction forms to appear in class files, and they should never be encountered by the verifier.
4.9.2 The Bytecode Verifier
As indicated earlier, Pass 3 of the verification process is the most complex of the four passes of class file verification. This section looks at the verification of Java virtual machine code in Pass 3 in more detail. The code for each method is verified independently. First, the bytes that make up the code are broken up into a sequence of instructions, and the index into the code array of the start of each instruction is placed in an array. The verifier then goes through the code a second time and parses the instructions. During this pass a data structure is built to hold information about each Java virtual machine instruction in the method. The operands, if any, of each instruction are checked to make sure they are valid. For instance:
- Branches must be within the bounds of the
code array for the method.
- The targets of all control-flow instructions are each the start of an instruction. In the case of a wide instruction, the wide opcode is considered the start of the instruction, and the opcode giving the operation modified by that wide instruction is not considered to start an instruction. Branches into the middle of an instruction are disallowed.
- No instruction can access or modify a local variable at an index greater than or equal to the number of local variables that its method indicates it allocates.
- All references to the constant pool must be to an entry of the appropriate type. For example: the instruction ldc can be used only for data of type
int or float or for instances of class String; the instruction getfield must reference a field.
- The code does not end in the middle of an instruction.
- Execution cannot fall off the end of the code.
- For each exception handler, the starting and ending point of code protected by the handler must be at the beginning of an instruction or, in the case of the ending point, immediately past the end of the code. The starting point must be before the ending point. The exception handler code must start at a valid instruction, and it may not start at an opcode being modified by the wide instruction.
For each instruction of the method, the verifier records the contents of the operand stack and the contents of the local variable array prior to the execution of that instruction. For the operand stack, it needs to know the stack height and the type of each value on it. For each local variable, it needs to know either the type of the contents of that local variable or that the local variable contains an unusable or unknown value (it might be uninitialized). The bytecode verifier does not need to distinguish between the integral types (e.g., byte, short, char) when determining the value types on the operand stack. Next, a data-flow analyzer is initialized. For the first instruction of the method, the local variables that represent parameters initially contain values of the types indicated by the method's type descriptor; the operand stack is empty. All other local variables contain an illegal value. For the other instructions, which have not been examined yet, no information is available regarding the operand stack or local variables.
Finally, the data-flow analyzer is run. For each instruction, a "changed" bit indicates whether this instruction needs to be looked at. Initially, the "changed" bit is set only for the first instruction. The data-flow analyzer executes the following loop:
- Select a virtual machine instruction whose "changed" bit is set. If no instruction remains whose "changed" bit is set, the method has successfully been verified. Otherwise, turn off the "changed" bit of the selected instruction.
- Model the effect of the instruction on the operand stack and local variable array by doing the following:
- If the instruction uses values from the operand stack, ensure that there are a sufficient number of values on the stack and that the top values on the stack are of an appropriate type. Otherwise, verification fails.
- If the instruction uses a local variable, ensure that the specified local variable contains a value of the appropriate type. Otherwise, verification fails.
- If the instruction pushes values onto the operand stack, ensure that there is sufficient room on the operand stack for the new values. Add the indicated types to the top of the modeled operand stack.
- If the instruction modifies a local variable, record that the local variable now contains the new type.
- Determine the instructions that can follow the current instruction. Successor instructions can be one of the following:
- The next instruction, if the current instruction is not an unconditional control transfer instruction (for instance goto, return, or athrow). Verification fails if it is possible to "fall off" the last instruction of the method.
- The target(s) of a conditional or unconditional branch or switch.
- Any exception handlers for this instruction.
- Merge the state of the operand stack and local variable array at the end of the execution of the current instruction into each of the successor instructions. In the special case of control transfer to an exception handler, the operand stack is set to contain a single object of the exception type indicated by the exception handler information.
- If this is the first time the successor instruction has been visited, record that the operand stack and local variable values calculated in steps 2 and 3 are the state of the operand stack and local variable array prior to executing the successor instruction. Set the "changed" bit for the successor instruction.
- If the successor instruction has been seen before, merge the operand stack and local variable values calculated in steps 2 and 3 into the values already there. Set the "changed" bit if there is any modification to the values.
- Continue at step 1.
To merge two operand stacks, the number of values on each stack must be identical. The types of values on the stacks must also be identical, except that differently typed reference values may appear at corresponding places on the two stacks. In this case, the merged operand stack contains a reference to an instance of the first common superclass of the two types. Such a reference type always exists because the type Object is a superclass of all class and interface types. If the operand stacks cannot be merged, verification of the method fails. To merge two local variable array states, corresponding pairs of local variables are compared. If the two types are not identical, then unless both contain reference values, the verifier records that the local variable contains an unusable value. If both of the pair of local variables contain reference values, the merged state contains a reference to an instance of the first common superclass of the two types.
If the data-flow analyzer runs on a method without reporting a verification failure, then the method has been successfully verified by Pass 3 of the class file verifier.
Certain instructions and data types complicate the data-flow analyzer. We now examine each of these in more detail.
4.9.3 Values of Types long and double
Values of the long and double types are treated specially by the verification process. Whenever a value of type long or double is moved into a local variable at index n, index n + 1 is specially marked to indicate that it has been reserved by the value at index n and may not be used as a local variable index. Any value previously at index n + 1 becomes unusable.
Whenever a value is moved to a local variable at index n, the index n - 1 is examined to see if it is the index of a value of type long or double. If so, the local variable at index n - 1 is changed to indicate that it now contains an unusable value. Since the local variable at index n has been overwritten, the local variable at index n - 1 cannot represent a value of type long or double.
Dealing with values of types long or double on the operand stack is simpler; the verifier treats them as single values on the stack. For example, the verification code for the dadd opcode (add two double values) checks that the top two items on the stack are both of type double. When calculating operand stack length, values of type long and double have length two.
Untyped instructions that manipulate the operand stack must treat values of type double and long as atomic (indivisible). For example, the verifier reports a failure if the top value on the stack is a double and it encounters an instruction such as pop or dup. The instructions pop2 or dup2 must be used instead.
4.9.4 Instance Initialization Methods and Newly Created Objects
Creating a new class instance is a multistep process. The statement
... new myClass(i, j, k); ...
can be implemented by the following:
...
new #1 // Allocate uninitialized space for myClass dup // Duplicate object on the operand stack
iload_1 // Push i
iload_2 // Push j
iload_3 // Push k
invokespecial #5 // Invoke myClass.<init>
...
This instruction sequence leaves the newly created and initialized object on top of the operand stack. (Additional examples of compilation to the instruction set of the Java virtual machine are given in Chapter 7, "Compiling for the Java Virtual Machine.") The instance initialization method (§3.9) for class myClass sees the new uninitialized object as its this argument in local variable 0. Before that method invokes another instance initialization method of myClass or its direct superclass on this, the only operation the method can perform on this is assigning fields declared within myClass.
When doing dataflow analysis on instance methods, the verifier initializes local variable 0 to contain an object of the current class, or, for instance initialization methods, local variable 0 contains a special type indicating an uninitialized object. After an appropriate instance initialization method is invoked (from the current class or the current superclass) on this object, all occurrences of this special type on the verifier's model of the operand stack and in the local variable array are replaced by the current class type. The verifier rejects code that uses the new object before it has been initialized or that initializes the object more than once. In addition, it ensures that every normal return of the method has invoked an instance initialization method either in the class of this method or in the direct superclass.
Similarly, a special type is created and pushed on the verifier's model of the operand stack as the result of the Java virtual machine instruction new. The special type indicates the instruction by which the class instance was created and the type of the uninitialized class instance created. When an instance initialization method is invoked on that class instance, all occurrences of the special type are replaced by the intended type of the class instance. This change in type may propagate to subsequent instructions as the dataflow analysis proceeds.
The instruction number needs to be stored as part of the special type, as there may be multiple not-yet-initialized instances of a class in existence on the operand stack at one time. For example, the Java virtual machine instruction sequence that implements
new InputStream(new Foo(), new InputStream("foo"))
may have two uninitialized instances of InputStream on the operand stack at once. When an instance initialization method is invoked on a class instance, only those occurrences of the special type on the operand stack or in the local variable array that are the same object as the class instance are replaced.
A valid instruction sequence must not have an uninitialized object on the operand stack or in a local variable during a backwards branch, or in a local variable in code protected by an exception handler or a finally clause. Otherwise, a devious piece of code might fool the verifier into thinking it had initialized a class instance when it had, in fact, initialized a class instance created in a previous pass through a loop.
4.9.5 Exception Handlers
Java virtual machine code produced by Sun's compiler for the Java programming language always generates exception handlers such that:
- Either the ranges of instructions protected by two different exception handlers always are completely disjoint, or else one is a subrange of the other. There is never a partial overlap of ranges.
- The handler for an exception will never be inside the code that is being protected.
- The only entry to an exception handler is through an exception. It is impossible to fall through or "goto" the exception handler.
These restrictions are not enforced by the class file verifier since they do not pose a threat to the integrity of the Java virtual machine. As long as every nonexceptional path to the exception handler causes there to be a single object on the operand stack, and as long as all other criteria of the verifier are met, the verifier will pass the code.
4.9.6 Exceptions and finally
Given the code fragment
... try { startFaucet(); waterLawn(); } finally { stopFaucet(); } ...
the Java programming language guarantees that stopFaucet is invoked (the faucet is turned off) whether we finish watering the lawn or whether an exception occurs while starting the faucet or watering the lawn. That is, the finally clause is guaranteed to be executed whether its try clause completes normally or completes abruptly by throwing an exception. To implement the try-finally construct, Sun's compiler for the Java programming language uses the exception-handling facilities together with two special instructions: jsr ("jump to subroutine") and ret ("return from subroutine"). The finally clause is compiled as a subroutine within the Java virtual machine code for its method, much like the code for an exception handler. When a jsr instruction that invokes the subroutine is executed, it pushes its return address, the address of the instruction after the jsr that is being executed, onto the operand stack as a value of type returnAddress. The code for the subroutine stores the return address in a local variable. At the end of the subroutine, a ret instruction fetches the return address from the local variable and transfers control to the instruction at the return address.
Control can be transferred to the finally clause (the finally subroutine can be invoked) in several different ways. If the try clause completes normally, the finally subroutine is invoked via a jsr instruction before evaluating the next expression. A break or continue inside the try clause that transfers control outside the try clause executes a jsr to the code for the finally clause first. If the try clause executes a return, the compiled code does the following:
- Saves the return value (if any) in a local variable.
- Executes a jsr to the code for the
finally clause.
- Upon return from the
finally clause, returns the value saved in the local variable.
The compiler sets up a special exception handler, which catches any exception thrown by the try clause. If an exception is thrown in the try clause, this exception handler does the following:
- Saves the exception in a local variable.
- Executes a jsr to the
finally clause.
- Upon return from the
finally clause, rethrows the exception.
For more information about the implementation of the try-finally construct, see Section 7.13, "Compiling finally." The code for the finally clause presents a special problem to the verifier. Usually, if a particular instruction can be reached via multiple paths and a particular local variable contains incompatible values through those multiple paths, then the local variable becomes unusable. However, a finally clause might be called from several different places, yielding several different circumstances:
- The invocation from the exception handler may have a certain local variable that contains an exception.
- The invocation to implement
return may have some local variable that contains the return value.
- The invocation from the bottom of the
try clause may have an indeterminate value in that same local variable.
The code for the finally clause itself might pass verification, but after completing the updating all the successors of the ret instruction, the verifier would note that the local variable that the exception handler expects to hold an exception, or that the return code expects to hold a return value, now contains an indeterminate value. Verifying code that contains a finally clause is complicated. The basic idea is the following:
- Each instruction keeps track of the list of jsr targets needed to reach that instruction. For most code, this list is empty. For instructions inside code for the
finally clause, it is of length one. For multiply nested finally code (extremely rare!), it may be longer than one.
- For each instruction and each jsr needed to reach that instruction, a bit vector is maintained of all local variables accessed or modified since the execution of the jsr instruction.
- When executing the ret instruction, which implements a return from a subroutine, there must be only one possible subroutine from which the instruction can be returning. Two different subroutines cannot "merge" their execution to a single ret instruction.
- To perform the data-flow analysis on a ret instruction, a special procedure is used. Since the verifier knows the subroutine from which the instruction must be returning, it can find all the jsr instructions that call the subroutine and merge the state of the operand stack and local variable array at the time of the ret instruction into the operand stack and local variable array of the instructions following the jsr. Merging uses a special set of values for local variables:
- For any local variable that the bit vector (constructed above) indicates has been accessed or modified by the subroutine, use the type of the local variable at the time of the ret.
- For other local variables, use the type of the local variable before the jsr instruction.
4.10 Limitations of the Java Virtual Machine
The following limitations of the Java virtual machine are implicit in the class file format:
- The per-class or per-interface constant pool is limited to 65535 entries by the 16-bit
constant_pool_count field of the ClassFile structure (§4.1). This acts as an internal limit on the total complexity of a single class or interface.
- The amount of code per non-
native, non-abstract method is limited to 65536 bytes by the sizes of the indices in the exception_table of the Code attribute (§4.7.3), in the LineNumberTable attribute (§4.7.8), and in the LocalVariableTable attribute (§4.7.9).
- The greatest number of local variables in the local variables array of a frame created upon invocation of a method is limited to 65535 by the size of the
max_locals item of the Code attribute (§4.7.3) giving the code of the method. Note that values of type long and double are each considered to reserve two local variables and contribute two units toward the max_locals value, so use of local variables of those types further reduces this limit.
- The number of fields that may be declared by a class or interface is limited to 65535 by the size of the
fields_count item of the ClassFile structure (§4.1). Note that the value of the fields_count item of the ClassFile structure does not include fields that are inherited from superclasses or superinterfaces.
- The number of methods that may be declared by a class or interface is limited to 65535 by the size of the
methods_count item of the ClassFile structure (§4.1). Note that the value of the methods_count item of the ClassFile structure does not include methods that are inherited from superclasses or superinterfaces.
- The number of direct superinterfaces of a class or interface is limited to 65535 by the size of the
interfaces_count item of the ClassFile structure (§4.1).
- The size of an operand stack in a frame (§3.6) is limited to 65535 values by the
max_stack field of the Code_attribute structure (§4.7.3). Note that values of type long and double are each considered to contribute two units toward the max_stack value, so use of values of these types on the operand stack further reduces this limit.
- The number of local variables in a frame (§3.6) is limited to 65535 by the
max_locals field of the Code_attribute structure (§4.7.3) and the 16-bit local variable indexing of the Java virtual machine instruction set.
- The number of dimensions in an array is limited to 255 by the size of the dimensions opcode of the multianewarray instruction and by the constraints imposed on the multianewarray, anewarray, and newarray instructions by §4.8.2.
- The number of method parameters is limited to 255 by the definition of a method descriptor (§4.3.3), where the limit includes one unit for
this in the case of instance or interface method invocations. Note that a method descriptor is defined in terms of a notion of method parameter length in which a parameter of type long or double contributes two units to the length, so parameters of these types further reduce the limit.
- The length of field and method names, field and method descriptors, and other constant string values is limited to 65535 characters by the 16-bit unsigned
length item of the CONSTANT_Utf8_info structure (§4.4.7). Note that the limit is on the number of bytes in the encoding and not on the number of encoded characters. UTF-8 encodes some characters using two or three bytes. Thus, strings incorporating multibyte characters are further constrained.
1 The Java virtual machine implementation of Sun's JDK release 1.0.2 supports class file format versions 45.0 through 45.3 inclusive. Sun's JDK releases 1.1.X can support class file formats of versions in the range 45.0 through 45.65535 inclusive. Implementations of version 1.2 of the Java 2 platform can support class file formats of versions in the range 45.0 through 46.0 inclusive. 2 In retrospect, making 8-byte constants take two constant pool entries was a poor choice.
3 The first edition of The Java Language Specification required that "com" be in uppercase in this example. The second edition will reverse that convention and use lowercase.
4 The fact that end_pc is exclusive is a historical mistake in the design of the Java virtual machine: if the Java virtual machine code for a method is exactly 65535 bytes long and ends with an instruction that is 1 byte long, then that instruction cannot be protected by an exception handler. A compiler writer can work around this bug by limiting the maximum size of the generated Java virtual machine code for any method, instance initialization method, or static initializer (the size of any code array) to 65534 bytes.
5 The InnerClasses attribute was introduced in JDK release 1.1 to support nested classes and interfaces.
6 The Synthetic attribute was introduced in JDK release 1.1 to support nested classes and interfaces.
7 The Deprecated attribute was introduced in JDK release 1.1 to support the @deprecated tag in documentation comments.
Contents | Prev | Next | Index
The Java Virtual Machine Specification
Copyright © 1999 Sun Microsystems, Inc. All rights reserved
Please send any comments or corrections through our feedback form
