Dalvik字节码

Posted 天堂1223

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Dalvik字节码相关的知识,希望对你有一定的参考价值。

总体设计


  • 机器模型和调用约定是近似模仿常见的真实的架构和C风格调用约定。

    • 机器是基于寄存器的,并且框架在被创建的时候是固定大小的。每一框架包含一个特定数量的寄存器(由函数指定)和一些需要执行该函数的附属的数据,例如(但不限制在这些)程序计数器和包含该方法的.dex文件的引用。

    • 当用于位值的时候(例如整数和浮点数),寄存器被认为是32位宽度。相邻的寄存器对被用于64位值。对于寄存器对没有对齐要求。

    • 当用于对象引用的时候,寄存器被认为有足够的宽度来维持整个引用。

    • 在按位表示方面,(Object)null == (int)0。

    • 一个方法的N个参数顺序排列在函数调用框架的后N个寄存器中。长参数消耗两个寄存器。实例函数被传送一个this引用作为他的第一个参数。

  • 在指令流中的存储单元是一个16位的无符号数。在一些指令中的一些为被忽略或者必须为0。

  • 指令不能被平白限制到一个特定类型。例如,指令在没有解释下移动32位寄存器值不必指定他们移动了整数还是浮点数。

  • 有针对字符串,属性,类型和函数引用的分离的枚举和索引的连续的空间。

  • 按位文字数据在指令流中代表内嵌的。

  • 在实际情况中,因为一个函数需要使用超过16个寄存器是不寻常的,并且因为需要超过8个寄存器是相当普遍的,所以很多指令被限制只能寻址前16个寄存器。当合理的可能的情况下,指令允许寻址达到前256个寄存器。除此之外,有些变型指令允许更多数量的寄存器,包括一对捕捉所有move指令的可以寻址寄存器的范围是v0-v65535。当一个指令变型不能够寻址期望的寄存器,他期望的是,寄存器的内容从原始的寄存器移动到了一个低寄存器上(在操作前)并且/或者从一个低结果寄存器移动到了一个高寄存器上(在操作之后)。

  • 有一些”伪指令”,被用于持有可变长度的数据的有效载荷,他们被常规指令引用(例如,fill-array-data)。在执行的正常流中,这样的指令是决不能遇到的。除此之外,指令必须位于偶数字节偏移(也就是。4字节对齐)。为了满足这个要求,dex生成工具必须生成一个额外的nop指令作为一个空格,如果这样一个指令没有被对齐的话。最终,虽然不是必须的,但是大多数工具将会选择在函数的最后提供这些指令,否则可能会需要额外的指令在他们周围分支。

  • 在安装到一个运行的系统中的时候,一些指令可能被改变,改变他们的格式,作为一个安装时静态链接优化。一旦链接被知晓,这将会获得更快的执行速度。我们将在后面学习指令格式的相关知识用于”suggested variants”。”suggested”被故意使用。实施这些并不是强制性的。

  • 人类语法和记忆:

    • 用于参数的先目的地后源头的排序

    • 一些操作码会有消除歧义的名称后缀来显示他们操作的类型:

      1. 通用型32位操作码是不被标记的。

      2. 通用型64位操作码带有后缀-wide

      3. 指定类型的操作码使用他们的类型(或者是一个直接的缩略词)作为后缀,例如-boolean -byte -char -short -int -long -float -double -object -string -class -void

    • 一些操作码有一个消除歧义的后缀去区分那么否则会有相同操作的指令,这些指令有不同的指令布局或选项。这些后缀与主名称之间使用一个斜杠”/”进行分离,并且主要存在与使生成或解释可执行程序的代码中具有静态常亮的一对一映射的地方(这是为了降低人类歧义)。

    • 在这里的解释中,一个值的宽度(一个常亮的范围或者是可能寻址的寄存器数量)被每四位宽度一个字符的使用所强调了。

    • 例如,在指令move-wide/from 16 vAA,vBBBB

      1. “move”是基础的操作码,代表基本的操作(move是一个寄存器值)。

      2. “wide”是名称后缀,代表他操作宽(64位)数据。

      3. “from 16”是操作码后缀,代表拥有一个16位的寄存器引用的变量作为源。

      4. “vAA”是目的寄存器(由操作指出;规则就是目的参数永远第一个出现),目的寄存器的范围是v0-v255

      5. “vBBBB”是源寄存器,他的范围是v0-v65535

  • 在后面的文章”指令格式文档”中,我们将会学习关于变量指令格式的细节,还有一些关于操作码语法的细节。

  • 后面文章”.dex文件格式文档”将会学习更多的关于字节码与大环境的适应。

字节码集合的总结


Op & FormatMnemonic / SyntaxArgumentsDescription
00 10xnop Waste cycles.

Note: Data-bearing pseudo-instructions are tagged with this opcode, in which case the high-order byte of the opcode unit indicates the nature of the data. See “packed-switch-payload Format”, “sparse-switch-payload Format”, and “fill-array-data-payload Format” below.

01 12xmove vA, vBA: destination register (4 bits)
B: source register (4 bits)
Move the contents of one non-object register to another.
02 22xmove/from16 vAA, vBBBBA: destination register (8 bits)
B: source register (16 bits)
Move the contents of one non-object register to another.
03 32xmove/16 vAAAA, vBBBBA: destination register (16 bits)
B: source register (16 bits)
Move the contents of one non-object register to another.
04 12xmove-wide vA, vBA: destination register pair (4 bits)
B: source register pair (4 bits)
Move the contents of one register-pair to another.

Note: It is legal to move from vN to either vN-1 or vN+1, so implementations must arrange for both halves of a register pair to be read before anything is written.

05 22xmove-wide/from16 vAA, vBBBBA: destination register pair (8 bits)
B: source register pair (16 bits)
Move the contents of one register-pair to another.

Note: Implementation considerations are the same as move-wide, above.

06 32xmove-wide/16 vAAAA, vBBBBA: destination register pair (16 bits)
B: source register pair (16 bits)
Move the contents of one register-pair to another.

Note: Implementation considerations are the same as move-wide, above.

07 12xmove-object vA, vBA: destination register (4 bits)
B: source register (4 bits)
Move the contents of one object-bearing register to another.
08 22xmove-object/from16 vAA, vBBBBA: destination register (8 bits)
B: source register (16 bits)
Move the contents of one object-bearing register to another.
09 32xmove-object/16 vAAAA, vBBBBA: destination register (16 bits)
B: source register (16 bits)
Move the contents of one object-bearing register to another.
0a 11xmove-result vAAA: destination register (8 bits)Move the single-word non-object result of the most recent invoke-kind into the indicated register. This must be done as the instruction immediately after an invoke-kind whose (single-word, non-object) result is not to be ignored; anywhere else is invalid.
0b 11xmove-result-wide vAAA: destination register pair (8 bits)Move the double-word result of the most recent invoke-kind into the indicated register pair. This must be done as the instruction immediately after an invoke-kind whose (double-word) result is not to be ignored; anywhere else is invalid.
0c 11xmove-result-object vAAA: destination register (8 bits)Move the object result of the most recent invoke-kind into the indicated register. This must be done as the instruction immediately after an invoke-kind or filled-new-array whose (object) result is not to be ignored; anywhere else is invalid.
0d 11xmove-exception vAAA: destination register (8 bits)Save a just-caught exception into the given register. This must be the first instruction of any exception handler whose caught exception is not to be ignored, and this instruction must only ever occur as the first instruction of an exception handler; anywhere else is invalid.
0e 10xreturn-void Return from a void method.
0f 11xreturn vAAA: return value register (8 bits)Return from a single-width (32-bit) non-object value-returning method.
10 11xreturn-wide vAAA: return value register-pair (8 bits)Return from a double-width (64-bit) value-returning method.
11 11xreturn-object vAAA: return value register (8 bits)Return from an object-returning method.
12 11nconst/4 vA, #+BA: destination register (4 bits)
B: signed int (4 bits)
Move the given literal value (sign-extended to 32 bits) into the specified register.
13 21sconst/16 vAA, #+BBBBA: destination register (8 bits)
B: signed int (16 bits)
Move the given literal value (sign-extended to 32 bits) into the specified register.
14 31iconst vAA, #+BBBBBBBBA: destination register (8 bits)
B: arbitrary 32-bit constant
Move the given literal value into the specified register.
15 21hconst/high16 vAA, #+BBBB0000A: destination register (8 bits)
B: signed int (16 bits)
Move the given literal value (right-zero-extended to 32 bits) into the specified register.
16 21sconst-wide/16 vAA, #+BBBBA: destination register (8 bits)
B: signed int (16 bits)
Move the given literal value (sign-extended to 64 bits) into the specified register-pair.
17 31iconst-wide/32 vAA, #+BBBBBBBBA: destination register (8 bits)
B: signed int (32 bits)
Move the given literal value (sign-extended to 64 bits) into the specified register-pair.
18 51lconst-wide vAA, #+BBBBBBBBBBBBBBBBA: destination register (8 bits)
B: arbitrary double-width (64-bit) constant
Move the given literal value into the specified register-pair.
19 21hconst-wide/high16 vAA, #+BBBB000000000000A: destination register (8 bits)
B: signed int (16 bits)
Move the given literal value (right-zero-extended to 64 bits) into the specified register-pair.
1a 21cconst-string vAA, string@BBBBA: destination register (8 bits)
B: string index
Move a reference to the string specified by the given index into the specified register.
1b 31cconst-string/jumbo vAA, string@BBBBBBBBA: destination register (8 bits)
B: string index
Move a reference to the string specified by the given index into the specified register.
1c 21cconst-class vAA, type@BBBBA: destination register (8 bits)
B: type index
Move a reference to the class specified by the given index into the specified register. In the case where the indicated type is primitive, this will store a reference to the primitive type’s degenerate class.
1d 11xmonitor-enter vAAA: reference-bearing register (8 bits)Acquire the monitor for the indicated object.
1e 11xmonitor-exit vAAA: reference-bearing register (8 bits)Release the monitor for the indicated object.

Note: If this instruction needs to throw an exception, it must do so as if the pc has already advanced past the instruction. It may be useful to think of this as the instruction successfully executing (in a sense), and the exception getting thrown after the instruction but before the next one gets a chance to run. This definition makes it possible for a method to use a monitor cleanup catch-all (e.g., finally) block as the monitor cleanup for that block itself, as a way to handle the arbitrary exceptions that might get thrown due to the historical implementation of Thread.stop(), while still managing to have proper monitor hygiene.

1f 21ccheck-cast vAA, type@BBBBA: reference-bearing register (8 bits)
B: type index (16 bits)
Throw a ClassCastException if the reference in the given register cannot be cast to the indicated type.

Note: Since A must always be a reference (and not a primitive value), this will necessarily fail at runtime (that is, it will throw an exception) if B refers to a primitive type.

20 22cinstance-of vA, vB, type@CCCCA: destination register (4 bits)
B: reference-bearing register (4 bits)
C: type index (16 bits)
Store in the given destination register 1 if the indicated reference is an instance of the given type, or 0 if not.

Note: Since B must always be a reference (and not a primitive value), this will always result in 0 being stored if C refers to a primitive type.

21 12xarray-length vA, vBA: destination register (4 bits)
B: array reference-bearing register (4 bits)
Store in the given destination register the length of the indicated array, in entries
22 21cnew-instance vAA, type@BBBBA: destination register (8 bits)
B: type index
Construct a new instance of the indicated type, storing a reference to it in the destination. The type must refer to a non-array class.
23 22cnew-array vA, vB, type@CCCCA: destination register (4 bits)
B: size register
C: type index
Construct a new array of the indicated type and size. The type must be an array type.
24 35cfilled-new-array vC, vD, vE, vF, vG, type@BBBB A: array size and argument word count (4 bits)
B: type index (16 bits)
C..G: argument registers (4 bits each)
Construct an array of the given type and size, filling it with the supplied contents. The type must be an array type. The array’s contents must be single-word (that is, no arrays of long or double, but reference types are acceptable). The constructed instance is stored as a “result” in the same way that the method invocation instructions store their results, so the constructed instance must be moved to a register with an immediately subsequent move-result-object instruction (if it is to be used).
25 3rcfilled-new-array/range vCCCC .. vNNNN, type@BBBBA: array size and argument word count (8 bits)
B: type index (16 bits)
C: first argument register (16 bits)
N = A + C - 1
Construct an array of the given type and size, filling it with the supplied contents. Clarifications and restrictions are the same as filled-new-array, described above.
26 31tfill-array-data vAA, +BBBBBBBB (with supplemental data as specified below in “fill-array-data-payload Format”)A: array reference (8 bits)
B: signed “branch” offset to table data pseudo-instruction (32 bits)
Fill the given array with the indicated data. The reference must be to an array of primitives, and the data table must match it in type and must contain no more elements than will fit in the array. That is, the array may be larger than the table, and if so, only the initial elements of the array are set, leaving the remainder alone.
27 11xthrow vAAA: exception-bearing register (8 bits)
Throw the indicated exception.
28 10tgoto +AAA: signed branch offset (8 bits)Unconditionally jump to the indicated instruction.

Note: The branch offset must not be 0. (A spin loop may be legally constructed either with goto/32 or by including a nop as a target before the branch.)

29 20tgoto/16 +AAAAA: signed branch offset (16 bits)
Unconditionally jump to the indicated instruction.

Note: The branch offset must not be 0. (A spin loop may be legally constructed either with goto/32 or by including a nop as a target before the branch.)

2a 30tgoto/32 +AAAAAAAAA: signed branch offset (32 bits)
Unconditionally jump to the indicated instruction.
2b 31tpacked-switch vAA, +BBBBBBBB (with supplemental data as specified below in “packed-switch-payload Format”)A: register to test
B: signed “branch” offset to table data pseudo-instruction (32 bits)
Jump to a new instruction based on the value in the given register, using a table of offsets corresponding to each value in a particular integral range, or fall through to the next instruction if there is no match.
2c 31tsparse-switch vAA, +BBBBBBBB (with supplemental data as specified below in “sparse-switch-payload Format”)A: register to test
B: signed “branch” offset to table data pseudo-instruction (32 bits)
Jump to a new instruction based on the value in the given register, using an ordered table of value-offset pairs, or fall through to the next instruction if there is no match.
2d..31 23xcmpkind vAA, vBB, vCC
2d: cmpl-float (lt bias)
2e: cmpg-float (gt bias)
2f: cmpl-double (lt bias)
30: cmpg-double (gt bias)
31: cmp-long
A: destination register (8 bits)
B: first source register or pair
C: second source register or pair
Perform the indicated floating point or long comparison, setting a to 0 if b == c, 1 if b > c, or -1 if b < c. The “bias” listed for the floating point operations indicates how NaN comparisons are treated: “gt bias” instructions return 1 for NaN comparisons, and “lt bias” instructions return -1.

For example, to check to see if floating point x < y it is advisable to use cmpg-float; a result of -1 indicates that the test was true, and the other values indicate it was false either due to a valid comparison or because one of the values was NaN.

32..37 22tif-test vA, vB, +CCCC
32: if-eq
33: if-ne
34: if-lt
35: if-ge
36: if-gt
37: if-le
A: first register to test (4 bits)
B: second register to test (4 bits)
C: signed branch offset (16 bits)
Branch to the given destination if the given two registers’ values compare as specified.

Note: The branch offset must not be 0. (A spin loop may be legally constructed either by branching around a backward goto or by including a nop as a target before the branch.)

38..3d 21tif-testz vAA, +BBBB
38: if-eqz
39: if-nez
3a: if-ltz
3b: if-gez
3c: if-gtz
3d: if-lez
A: register to test (8 bits)
B: signed branch offset (16 bits)
Branch to the given destination if the given register’s value compares with 0 as specified.

Note: The branch offset must not be 0. (A spin loop may be legally constructed either by branching around a backward goto or by including a nop as a target before the branch.)

3e..43 10x(unused) (unused)
44..51 23xarrayop vAA, vBB, vCC
44: aget
45: aget-wide
46: aget-object
47: aget-boolean
48: aget-byte
49: aget-char
4a: aget-short
4b: aput
4c: aput-wide
4d: aput-object
4e: aput-boolean
4f: aput-byte
50: aput-char
51: aput-short
A: value register or pair; may be source or dest (8 bits)
B: array register (8 bits)
C: index register (8 bits)
Perform the identified array operation at the identified index of the given array, loading or storing into the value register.
52..5f 22ciinstanceop vA, vB, field@CCCC
52: iget
53: iget-wide
54: iget-object
55: iget-boolean
56: iget-byte
57: iget-char
58: iget-short
59: iput
5a: iput-wide
5b: iput-object
5c: iput-boolean
5d: iput-byte
5e: iput-char
5f: iput-short
A: value register or pair; may be source or dest (4 bits)
B: object register (4 bits)
C: instance field reference index (16 bits)
Perform the identified object instance field operation with the identified field, loading or storing into the value register.

Note: These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset.

60..6d 21csstaticop vAA, field@BBBB
60: sget
61: sget-wide
62: sget-object
63: sget-boolean
64: sget-byte
65: sget-char
66: sget-short
67: sput
68: sput-wide
69: sput-object
6a: sput-boolean
6b: sput-byte
6c: sput-char
6d: sput-short
A: value register or pair; may be source or dest (8 bits)
B: static field reference index (16 bits)
Perform the identified object static field operation with the identified static field, loading or storing into the value register.

Note: These opcodes are reasonable candidates for static linking, altering the field argument to be a more direct offset.

6e..72 35cinvoke-kind vC, vD, vE, vF, vG, meth@BBBB
6e: invoke-virtual
6f: invoke-super
70: invoke-direct
71: invoke-static
72: invoke-interface
A: argument word count (4 bits)
B: method reference index (16 bits)
C..G: argument registers (4 bits each)
Call the indicated method. The result (if any) may be stored with an appropriate move-result* variant as the immediately subsequent instruction.

invoke-virtual is used to invoke a normal virtual method (a method that is not private, static, or final, and is also not a constructor).

When the method_id references a method of a non-interface class, invoke-super is used to invoke the closest superclass’s virtual method (as opposed to the one with the same method_id in the calling class). The same method restrictions hold as for invoke-virtual.

In Dex files version 037 or later, if the method_id refers to an interface method, invoke-super is used to invoke the most specific, non-overridden version of that method defined on that interface. The same method restrictions hold as for invoke-virtual. In Dex files prior to version 037, having an interface method_id is illegal and undefined.

invoke-direct is used to invoke a non-static direct method (that is, an instance method that is by its nature non-overridable, namely either a private instance method or a constructor).

invoke-static is used to invoke a static method (which is always considered a direct method).

invoke-interface is used to invoke an interface method, that is, on an object whose concrete class isn’t known, using a method_id that refers to an interface.

Note: These opcodes are reasonable candidates for static linking, altering the method argument to be a more direct offset (or pair thereof).

73 10x(unused) (unused)
74..78 3rcinvoke-kind/range vCCCC .. vNNNN, meth@BBBB
74: invoke-virtual/range
75: invoke-super/range
76: invoke-direct/range
77: invoke-static/range
78: invoke-interface/range
A: argument word count (8 bits)
B: method reference index (16 bits)
C: first argument register (16 bits)
N = A + C - 1
Call the indicated method. See first invoke-kind description above for details, caveats, and suggestions.
79..7a 10x(unused) (unused)
7b..8f 12xunop vA, vB
7b: neg-int
7c: not-int
7d: neg-long
7e: not-long
7f: neg-float
80: neg-double
81: int-to-long
82: int-to-float
83: int-to-double
84: long-to-int
85: long-to-float
86: long-to-double
87: float-to-int
88: float-to-long
89: float-to-double
8a: double-to-int
8b: double-to-long
8c: double-to-float
8d: int-to-byte
8e: int-to-char
8f: int-to-short
A: destination register or pair (4 bits)
B: source register or pair (4 bits)
Perform the identified unary operation on the source register, storing the result in the destination register.
90..af 23xbinop vAA, vBB, vCC
90: add-int
91: sub-int
92: mul-int
93: div-int
94: rem-int
95: and-int
96: or-int
97: xor-int
98: shl-int
99: shr-int
9a: ushr-int
9b: add-long
9c: sub-long
9d: mul-long
9e: div-long
9f: rem-long
a0: and-long
a1: or-long
a2: xor-long
a3: shl-long
a4: shr-long
a5: ushr-long
a6: add-float
a7: sub-float
a8: mul-float
a9: div-float
aa: rem-float
ab: add-double
ac: sub-double
ad: mul-double
ae: div-double
af: rem-double
A: destination register or pair (8 bits)
B: first source register or pair (8 bits)
C: second source register or pair (8 bits)
Perform the identified binary operation on the two source registers, storing the result in the destination register.

Note: Contrary to other -long mathematical operations (which take register pairs for both their first and their second source), shl-long, shr-long, and ushr-long take a register pair for their first source (the value to be shifted), but a single register for their second source (the shifting distance).

b0..cf 12xbinop/2addr vA, vB
b0: add-int/2addr
b1: sub-int/2addr
b2: mul-int/2addr
b3: div-int/2addr
b4: rem-int/2addr
b5: and-int/2addr
b6: or-int/2addr
b7: xor-int/2addr
b8: shl-int/2addr
b9: shr-int/2addr
ba: ushr-int/2addr
bb: add-long/2addr
bc: sub-long/2addr
bd: mul-long/2addr
be: div-long/2addr
bf: rem-long/2addr
c0: and-long/2addr
c1: or-long/2addr
c2: xor-long/2addr
c3: shl-long/2addr
c4: shr-long/2addr
c5: ushr-long/2addr
c6: add-float/2addr
c7: sub-float/2addr
c8: mul-float/2addr
c9: div-float/2addr
ca: rem-float/2addr
cb: add-double/2addr
cc: sub-double/2addr
cd: mul-double/2addr
ce: div-double/2addr
cf: rem-double/2addr
A: destination and first source register or pair (4 bits)
B: second source register or pair (4 bits)
Perform the identified binary operation on the two source registers, storing the result in the first source register.

Note: Contrary to other -long/2addr mathematical operations (which take register pairs for both their destination/first source and their second source), shl-long/2addr, shr-long/2addr, and ushr-long/2addr take a register pair for their destination/first source (the value to be shifted), but a single register for their second source (the shifting distance).

d0..d7 22sbinop/lit16 vA, vB, #+CCCC
d0: add-int/lit16
d1: rsub-int (reverse subtract)
d2: mul-int/lit16
d3: div-int/lit16
d4: rem-int/lit16
d5: and-int/lit16
d6: or-int/lit16
d7: xor-int/lit16
A: destination register (4 bits)
B: source register (4 bits)
C: signed int constant (16 bits)
Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register.

Note: rsub-int does not have a suffix since this version is the main opcode of its family. Also, see below for details on its semantics.

d8..e2 22bbinop/lit8 vAA, vBB, #+CC
d8: add-int/lit8
d9: rsub-int/lit8
da: mul-int/lit8
db: div-int/lit8
dc: rem-int/lit8
dd: and-int/lit8
de: or-int/lit8
df: xor-int/lit8
e0: shl-int/lit8
e1: shr-int/lit8
e2: ushr-int/lit8
A: destination register (8 bits)
B: source register (8 bits)
C: signed int constant (8 bits)
Perform the indicated binary op on the indicated register (first argument) and literal value (second argument), storing the result in the destination register.

Note: See below for details on the semantics of rsub-int.

e3..f9 10x(unused) (unused)
fa 45ccinvoke-polymorphic vC, vD, vE, vF, vG, meth@BBBB, proto@HHHH A: argument word count (4 bits)
B: method reference index (16 bits)
C: method handle reference to invoke (16 bits)
D..G: argument registers (4 bits each)
H: prototype reference index (16 bits)
Invoke the indicated method handle. The result (if any) may be stored with an appropriate move-result* variant as the immediately subsequent instruction.

The method reference must be to java.lang.invoke.MethodHandle.invoke or java.lang.invoke.MethodHandle.invokeExact.

The prototype reference describes the argument types provided and the expected return type.

The invoke-polymorphic bytecode may raise exceptions when it executes. The exceptions are described in the API documentation for java.lang.invoke.MethodHandle.invoke and java.lang.invoke.MethodHandle.invokeExact.

Present in Dex files from version 038 onwards.

fb 4rccinvoke-polymorphic/range vCCCC .. vNNNN, meth@BBBB, proto@HHHH A: argument word count (8 bits)
B: method reference index (16 bits)
C: method handle reference to invoke (16 bits)
H: prototype reference index (16 bits)
N = A + C - 1
Invoke the indicated method handle. See the invoke-polymorphic description above for details.

Present in Dex files from version 038 onwards.

fc 35cinvoke-custom vC, vD, vE, vF, vG, call_site@BBBB A: argument word count (4 bits)
B: call site reference index (16 bits)
C..G: argument registers (4 bits each)
Resolves and invokes the indicated call site. The result from the invocation (if any) may be stored with an appropriate move-result* variant as the immediately subsequent instruction.

This instruction executes in two phases: call site resolution and call site invocation.

Call site resolution checks whether the indicated call site has an associated java.lang.invoke.CallSite instance. If not, the bootstrap linker method for the indicated call site is invoked using arguments present in the DEX file (see call_site_item). The bootstrap linker method returns a java.lang.invoke.CallSite instance that will then be associated with the indicated call site if no association exists. Another thread may have already made the association first, and if so execution of the instruction continues with the first associated java.lang.invoke.CallSite instance.

Call site invocation is made on the java.lang.invoke.MethodHandle target of the resolved java.lang.invoke.CallSite instance. The target is invoked as if executing invoke-polymorphic (described above) using the method handle and arguments to the invoke-custom instruction as the arguments to an exact method handle invocation.

Exceptions raised by the bootstrap linker method are wrapped in a java.lang.BootstrapMethodError. A BootstrapMethodError is also raised if:

  • the bootstrap linker method fails to return a java.lang.invoke.CallSite instance.
  • the returned java.lang.invoke.CallSite has a null method handle target.
  • the method handle target is not of the requested type.

Present in Dex files from version 038 onwards.

fd 3rcinvoke-custom/range vCCCC .. vNNNN, call_site@BBBB A: argument word count (8 bits)
B: call site reference index (16 bits)
C: first argument register (16-bits)
N = A + C - 1
Resolve and invoke a call site. See the invoke-custom description above for details.

Present in Dex files from version 038 onwards.

fe..ff 10x(unused) (unused)

压缩开关有效载荷格式


NameFormatDescription
identushort = 0x0100identifying pseudo-opcode
sizeushortnumber of entries in the table
first_keyintfirst (and lowest) switch case value
targetsint[]list of size relative branch targets. The targets are relative to the address of the switch opcode, not of this table.
注意:这个表中每一个实例的编码单元的总数为`(size * 2) + 4`。

稀疏开关有效载荷格式


NameFormatDescription
identushort = 0x0200identifying pseudo-opcode
sizeushortnumber of entries in the table
keysint[]list of size key values, sorted low-to-high
targetsint[]list of size relative branch targets, each corresponding to the key value at the same index. The targets are relative to the address of the switch opcode, not of this table.
注意:这个表中每一个实例的编码单元的总数为`(size * 4) + 2`。

填充数组数据有效载荷格式


NameFormatDescription
identushort = 0x0300identifying pseudo-opcode
element_widthushortnumber of bytes in each element
sizeuintnumber of elements in the table
dataubyte[]data values
注意:这个表中每一个实例的编码单元的总数为`(size * element_width + 1)  / 2 + 4`。

数学操作细节


注意:浮点操作必须要遵守IEEE 754规则,使用舍入到最接近的和渐进下溢算法,除非在哪里明确指出。
OpcodeC SemanticsNotes
neg-intint32 a;
int32 result = -a;
Unary twos-complement.
not-intint32 a;
int32 result = ~a;
Unary ones-complement.
neg-longint64 a;
int64 result = -a;
Unary twos-complement.
not-longint64 a;
int64 result = ~a;
Unary ones-complement.
neg-floatfloat a;
float result = -a;
Floating point negation.
neg-doubledouble a;
double result = -a;
Floating point negation.
int-to-longint32 a;
int64 result = (int64) a;
Sign extension of int32 into int64.
int-to-floatint32 a;
float result = (float) a;
Conversion of int32 to float, using round-to-nearest. This loses precision for some values.
int-to-doubleint32 a;
double result = (double) a;
Conversion of int32 to double.
long-to-intint64 a;
int32 result = (int32) a;
Truncation of int64 into int32.
long-to-floatint64 a;
float result = (float) a;
Conversion of int64 to float, using round-to-nearest. This loses precision for some values.
long-to-doubleint64 a;
double result = (double) a;
Conversion of int64 to double, using round-to-nearest. This loses precision for some values.
float-to-intfloat a;
int32 result = (int32) a;
Conversion of float to int32, using round-toward-zero. NaN and -0.0 (negative zero) convert to the integer 0. Infinities and values with too large a magnitude to be represented get converted to either 0x7fffffff or -0x80000000 depending on sign.
float-to-longfloat a;
int64 result = (int64) a;
Conversion of float to int64, using round-toward-zero. The same special case rules as for float-to-int apply here, except that out-of-range values get converted to either 0x7fffffffffffffff or -0x8000000000000000 depending on sign.
float-to-doublefloat a;
double result = (double) a;
Conversion of float to double, preserving the value exactly.
double-to-intdouble a;
int32 result = (int32) a;
Conversion of double to int32, using round-toward-zero. The same special case rules as for float-to-int apply here.
double-to-longdouble a;
int64 result = (int64) a;
Conversion of double to int64, using round-toward-zero. The same special case rules as for float-to-long apply here.
double-to-floatdouble a;
float result = (float) a;
Conversion of double to float, using round-to-nearest. This loses precision for some values.
int-to-byteint32 a;
int32 result = (a << 24) >> 24;
Truncation of int32 to int8, sign extending the result.
int-to-charint32 a;
int32 result = a & 0xffff;
Truncation of int32 to uint16, without sign extension.
int-to-shortint32 a;
int32 result = (a << 16) >> 16;
Truncation of int32 to int16, sign extending the result.
add-intint32 a, b;
int32 result = a + b;
Twos-complement addition.
sub-intint32 a, b;
int32 result = a - b;
Twos-complement subtraction.
rsub-intint32 a, b;
int32 result = b - a;
Twos-complement reverse subtraction.
mul-intint32 a, b;
int32 result = a * b;
Twos-complement multiplication.
div-intint32 a, b;
int32 result = a / b;
Twos-complement division, rounded towards zero (that is, truncated to integer). This throws ArithmeticException if b == 0.
rem-intint32 a, b;
int32 result = a % b;
Twos-complement remainder after division. The sign of the result is the same as that of a, and it is more precisely defined as result == a - (a / b) * b. This throws ArithmeticException if b == 0.
and-intint32 a, b;
int32 result = a & b;
Bitwise AND.
or-intint32 a, b;
int32 result = a | b;
Bitwise OR.
xor-intint32 a, b;
int32 result = a ^ b;
Bitwise XOR.
shl-intint32 a, b;
int32 result = a << (b & 0x1f);
Bitwise shift left (with masked argument).
shr-intint32 a, b;
int32 result = a >> (b & 0x1f);
Bitwise signed shift right (with masked argument).
ushr-intuint32 a, b;
int32 result = a >> (b & 0x1f);
Bitwise unsigned shift right (with masked argument).
add-longint64 a, b;
int64 result = a + b;
Twos-complement addition.
sub-longint64 a, b;
int64 result = a - b;
Twos-complement subtraction.
mul-longint64 a, b;
int64 result = a * b;
Twos-complement multiplication.
div-longint64 a, b;
int64 result = a / b;
Twos-complement division, rounded towards zero (that is, truncated to integer). This throws ArithmeticException if b == 0.
rem-longint64 a, b;
int64 result = a % b;
Twos-complement remainder after division. The sign of the result is the same as that of a, and it is more precisely defined as result == a - (a / b) * b. This throws ArithmeticException if b == 0.
and-longint64 a, b;
int64 result = a & b;
Bitwise AND.
or-longint64 a, b;
int64 result = a | b;
Bitwise OR.
xor-longint64 a, b;
int64 result = a ^ b;
Bitwise XOR.
shl-longint64 a;
int32 b;
int64 result = a << (b & 0x3f);
Bitwise shift left (with masked argument).
shr-longint64 a;
int32 b;
int64 result = a >> (b & 0x3f);
Bitwise signed shift right (with masked argument).
ushr-longuint64 a;
int32 b;
int64 result = a >> (b & 0x3f);
Bitwise unsigned shift right (with masked argument).
add-floatfloat a, b;
float result = a + b;
Floating point addition.
sub-floatfloat a, b;
float result = a - b;
Floating point subtraction.
mul-floatfloat a, b;
float result = a * b;
Floating point multiplication.
div-floatfloat a, b;
float result = a / b;
Floating point division.
rem-floatfloat a, b;
float result = a % b;
Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as result == a - roundTowardZero(a / b) * b.
add-doubledouble a, b;
double result = a + b;
Floating point addition.
sub-doubledouble a, b;
double result = a - b;
Floating point subtraction.
mul-doubledouble a, b;
double result = a * b;
Floating point multiplication.
div-doubledouble a, b;
double result = a / b;
Floating point division.
rem-doubledouble a, b;
double result = a % b;
Floating point remainder after division. This function is different than IEEE 754 remainder and is defined as result == a - roundTowardZero(a / b) * b.

以上是关于Dalvik字节码的主要内容,如果未能解决你的问题,请参考以下文章

Android逆向基础----Dalvik字节码

Dalvik字节码

参考 Dalvik 或 Java 虚拟机?

Dalvik与jvm区别

Dalvik指令格式

Android的ART和Dalvik