1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
# Copyright (C) 2007 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Bytecode definition file
#
# One line per instruction format family. Each line consists of a
# series of instruction formats that all take (potentially) compatible
# arguments. The order is the preferred order (most to least
# preferable) of formats, when more than one opcode could be used for
# a given instruction's arguments.
#
# Note: The family that starts with 12x has a mix of both two- and
# three- register formats. This is because some of the two-register
# opcodes effectively take three, with a destination and two sources
# where the destination and one of the sources have to be the same.
# Regular formats
format 10t 20t 30t
format 10x
format 11n 21s 21h 31i 51l
format 11x
format 12x 22x 23x 32x # See note, above.
format 21c 31c
format 21t 31t
format 22b 22s
format 22c
format 22t
format 35c 3rc
format 45cc 4rcc
# Optimized formats
format 00x
format 20bc
format 22cs
format 35mi
format 35ms
format 3rmi
format 3rms
# One line per opcode. Columns are:
# hex for opcode
# opcode name
# format
# has result register; one of:
# y
# n
# index type; one of:
# unknown -- used for undefined opcodes and breakpoint
# none
# varies
# type-ref
# string-ref
# method-ref
# field-ref
# inline-method
# vtable-offset
# field-offset
# method-and-proto-ref
# call-site-ref
# method-handle-ref
# proto-ref
# flags; pipe-combined combo of one or more of:
# optimized -- optimized; not to be included in unoptimized dex files
# branch -- might branch to an address
# continue -- might continue to the next address in sequence
# switch -- is a switch
# throw -- might throw an exception
# return -- is a return from method
# invoke -- is a method invoke; this is only used for true
# method invokes and notably *not* vm-implemented
# execute-inline nor the nop-equivalent
# invoke-direct-empty
#
# Regular opcodes (with a couple holes)
#
op 00 nop 10x n none continue
op 01 move 12x y none continue
op 02 move/from16 22x y none continue
op 03 move/16 32x y none continue
op 04 move-wide 12x y none continue
op 05 move-wide/from16 22x y none continue
op 06 move-wide/16 32x y none continue
op 07 move-object 12x y none continue
op 08 move-object/from16 22x y none continue
op 09 move-object/16 32x y none continue
op 0a move-result 11x y none continue
op 0b move-result-wide 11x y none continue
op 0c move-result-object 11x y none continue
op 0d move-exception 11x y none continue
op 0e return-void 10x n none return
op 0f return 11x n none return
op 10 return-wide 11x n none return
op 11 return-object 11x n none return
op 12 const/4 11n y none continue
op 13 const/16 21s y none continue
op 14 const 31i y none continue
op 15 const/high16 21h y none continue
op 16 const-wide/16 21s y none continue
op 17 const-wide/32 31i y none continue
op 18 const-wide 51l y none continue
op 19 const-wide/high16 21h y none continue
op 1a const-string 21c y string-ref continue|throw
op 1b const-string/jumbo 31c y string-ref continue|throw
op 1c const-class 21c y type-ref continue|throw
op 1d monitor-enter 11x n none continue|throw
op 1e monitor-exit 11x n none continue|throw
op 1f check-cast 21c y type-ref continue|throw
op 20 instance-of 22c y type-ref continue|throw
op 21 array-length 12x y none continue|throw
op 22 new-instance 21c y type-ref continue|throw
op 23 new-array 22c y type-ref continue|throw
op 24 filled-new-array 35c n type-ref continue|throw
op 25 filled-new-array/range 3rc n type-ref continue|throw
op 26 fill-array-data 31t n none continue
op 27 throw 11x n none throw
op 28 goto 10t n none branch
op 29 goto/16 20t n none branch
op 2a goto/32 30t n none branch
op 2b packed-switch 31t n none continue|switch
op 2c sparse-switch 31t n none continue|switch
op 2d cmpl-float 23x y none continue
op 2e cmpg-float 23x y none continue
op 2f cmpl-double 23x y none continue
op 30 cmpg-double 23x y none continue
op 31 cmp-long 23x y none continue
op 32 if-eq 22t n none continue|branch
op 33 if-ne 22t n none continue|branch
op 34 if-lt 22t n none continue|branch
op 35 if-ge 22t n none continue|branch
op 36 if-gt 22t n none continue|branch
op 37 if-le 22t n none continue|branch
op 38 if-eqz 21t n none continue|branch
op 39 if-nez 21t n none continue|branch
op 3a if-ltz 21t n none continue|branch
op 3b if-gez 21t n none continue|branch
op 3c if-gtz 21t n none continue|branch
op 3d if-lez 21t n none continue|branch
# unused: op 3e..43
op 44 aget 23x y none continue|throw
op 45 aget-wide 23x y none continue|throw
op 46 aget-object 23x y none continue|throw
op 47 aget-boolean 23x y none continue|throw
op 48 aget-byte 23x y none continue|throw
op 49 aget-char 23x y none continue|throw
op 4a aget-short 23x y none continue|throw
op 4b aput 23x n none continue|throw
op 4c aput-wide 23x n none continue|throw
op 4d aput-object 23x n none continue|throw
op 4e aput-boolean 23x n none continue|throw
op 4f aput-byte 23x n none continue|throw
op 50 aput-char 23x n none continue|throw
op 51 aput-short 23x n none continue|throw
op 52 iget 22c y field-ref continue|throw
op 53 iget-wide 22c y field-ref continue|throw
op 54 iget-object 22c y field-ref continue|throw
op 55 iget-boolean 22c y field-ref continue|throw
op 56 iget-byte 22c y field-ref continue|throw
op 57 iget-char 22c y field-ref continue|throw
op 58 iget-short 22c y field-ref continue|throw
op 59 iput 22c n field-ref continue|throw
op 5a iput-wide 22c n field-ref continue|throw
op 5b iput-object 22c n field-ref continue|throw
op 5c iput-boolean 22c n field-ref continue|throw
op 5d iput-byte 22c n field-ref continue|throw
op 5e iput-char 22c n field-ref continue|throw
op 5f iput-short 22c n field-ref continue|throw
op 60 sget 21c y field-ref continue|throw
op 61 sget-wide 21c y field-ref continue|throw
op 62 sget-object 21c y field-ref continue|throw
op 63 sget-boolean 21c y field-ref continue|throw
op 64 sget-byte 21c y field-ref continue|throw
op 65 sget-char 21c y field-ref continue|throw
op 66 sget-short 21c y field-ref continue|throw
op 67 sput 21c n field-ref continue|throw
op 68 sput-wide 21c n field-ref continue|throw
op 69 sput-object 21c n field-ref continue|throw
op 6a sput-boolean 21c n field-ref continue|throw
op 6b sput-byte 21c n field-ref continue|throw
op 6c sput-char 21c n field-ref continue|throw
op 6d sput-short 21c n field-ref continue|throw
op 6e invoke-virtual 35c n method-ref continue|throw|invoke
op 6f invoke-super 35c n method-ref continue|throw|invoke
op 70 invoke-direct 35c n method-ref continue|throw|invoke
op 71 invoke-static 35c n method-ref continue|throw|invoke
op 72 invoke-interface 35c n method-ref continue|throw|invoke
# unused: op 73
op 74 invoke-virtual/range 3rc n method-ref continue|throw|invoke
op 75 invoke-super/range 3rc n method-ref continue|throw|invoke
op 76 invoke-direct/range 3rc n method-ref continue|throw|invoke
op 77 invoke-static/range 3rc n method-ref continue|throw|invoke
op 78 invoke-interface/range 3rc n method-ref continue|throw|invoke
# unused: op 79..7a
op 7b neg-int 12x y none continue
op 7c not-int 12x y none continue
op 7d neg-long 12x y none continue
op 7e not-long 12x y none continue
op 7f neg-float 12x y none continue
op 80 neg-double 12x y none continue
op 81 int-to-long 12x y none continue
op 82 int-to-float 12x y none continue
op 83 int-to-double 12x y none continue
op 84 long-to-int 12x y none continue
op 85 long-to-float 12x y none continue
op 86 long-to-double 12x y none continue
op 87 float-to-int 12x y none continue
op 88 float-to-long 12x y none continue
op 89 float-to-double 12x y none continue
op 8a double-to-int 12x y none continue
op 8b double-to-long 12x y none continue
op 8c double-to-float 12x y none continue
op 8d int-to-byte 12x y none continue
op 8e int-to-char 12x y none continue
op 8f int-to-short 12x y none continue
op 90 add-int 23x y none continue
op 91 sub-int 23x y none continue
op 92 mul-int 23x y none continue
op 93 div-int 23x y none continue|throw
op 94 rem-int 23x y none continue|throw
op 95 and-int 23x y none continue
op 96 or-int 23x y none continue
op 97 xor-int 23x y none continue
op 98 shl-int 23x y none continue
op 99 shr-int 23x y none continue
op 9a ushr-int 23x y none continue
op 9b add-long 23x y none continue
op 9c sub-long 23x y none continue
op 9d mul-long 23x y none continue
op 9e div-long 23x y none continue|throw
op 9f rem-long 23x y none continue|throw
op a0 and-long 23x y none continue
op a1 or-long 23x y none continue
op a2 xor-long 23x y none continue
op a3 shl-long 23x y none continue
op a4 shr-long 23x y none continue
op a5 ushr-long 23x y none continue
op a6 add-float 23x y none continue
op a7 sub-float 23x y none continue
op a8 mul-float 23x y none continue
op a9 div-float 23x y none continue
op aa rem-float 23x y none continue
op ab add-double 23x y none continue
op ac sub-double 23x y none continue
op ad mul-double 23x y none continue
op ae div-double 23x y none continue
op af rem-double 23x y none continue
op b0 add-int/2addr 12x y none continue
op b1 sub-int/2addr 12x y none continue
op b2 mul-int/2addr 12x y none continue
op b3 div-int/2addr 12x y none continue|throw
op b4 rem-int/2addr 12x y none continue|throw
op b5 and-int/2addr 12x y none continue
op b6 or-int/2addr 12x y none continue
op b7 xor-int/2addr 12x y none continue
op b8 shl-int/2addr 12x y none continue
op b9 shr-int/2addr 12x y none continue
op ba ushr-int/2addr 12x y none continue
op bb add-long/2addr 12x y none continue
op bc sub-long/2addr 12x y none continue
op bd mul-long/2addr 12x y none continue
op be div-long/2addr 12x y none continue|throw
op bf rem-long/2addr 12x y none continue|throw
op c0 and-long/2addr 12x y none continue
op c1 or-long/2addr 12x y none continue
op c2 xor-long/2addr 12x y none continue
op c3 shl-long/2addr 12x y none continue
op c4 shr-long/2addr 12x y none continue
op c5 ushr-long/2addr 12x y none continue
op c6 add-float/2addr 12x y none continue
op c7 sub-float/2addr 12x y none continue
op c8 mul-float/2addr 12x y none continue
op c9 div-float/2addr 12x y none continue
op ca rem-float/2addr 12x y none continue
op cb add-double/2addr 12x y none continue
op cc sub-double/2addr 12x y none continue
op cd mul-double/2addr 12x y none continue
op ce div-double/2addr 12x y none continue
op cf rem-double/2addr 12x y none continue
op d0 add-int/lit16 22s y none continue
op d1 rsub-int 22s y none continue
op d2 mul-int/lit16 22s y none continue
op d3 div-int/lit16 22s y none continue|throw
op d4 rem-int/lit16 22s y none continue|throw
op d5 and-int/lit16 22s y none continue
op d6 or-int/lit16 22s y none continue
op d7 xor-int/lit16 22s y none continue
op d8 add-int/lit8 22b y none continue
op d9 rsub-int/lit8 22b y none continue
op da mul-int/lit8 22b y none continue
op db div-int/lit8 22b y none continue|throw
op dc rem-int/lit8 22b y none continue|throw
op dd and-int/lit8 22b y none continue
op de or-int/lit8 22b y none continue
op df xor-int/lit8 22b y none continue
op e0 shl-int/lit8 22b y none continue
op e1 shr-int/lit8 22b y none continue
op e2 ushr-int/lit8 22b y none continue
#
# Optimized opcodes (not valid in an unoptimized dex file)
#
op e3 +iget-volatile 22c y field-ref optimized|continue|throw
op e4 +iput-volatile 22c n field-ref optimized|continue|throw
op e5 +sget-volatile 21c y field-ref optimized|continue|throw
op e6 +sput-volatile 21c n field-ref optimized|continue|throw
op e7 +iget-object-volatile 22c y field-ref optimized|continue|throw
op e8 +iget-wide-volatile 22c y field-ref optimized|continue|throw
op e9 +iput-wide-volatile 22c n field-ref optimized|continue|throw
op ea +sget-wide-volatile 21c y field-ref optimized|continue|throw
op eb +sput-wide-volatile 21c n field-ref optimized|continue|throw
# Technically "breakpoint" isn't really an optimized opcode, but it
# fits the label in terms of not being valid in regular dex files.
op ec ^breakpoint 00x n unknown optimized
op ed ^throw-verification-error 20bc n varies optimized|throw
op ee +execute-inline 35mi n inline-method optimized|continue|throw
op ef +execute-inline/range 3rmi n inline-method optimized|continue|throw
op f0 +invoke-object-init/range 35c n method-ref optimized|continue|throw|invoke
op f1 +return-void-barrier 10x n none optimized|return
op f2 +iget-quick 22cs y field-offset optimized|continue|throw
# unused: op f3..f9
#
# Bytecodes relating to method handles API.
#
# Invoke-polymorphic
op fa invoke-polymorphic 45cc n method-and-proto-ref continue|throw|invoke
op fb invoke-polymorphic/range 4rcc n method-and-proto-ref continue|throw|invoke
op fc invoke-custom 35c n call-site-ref continue|throw|invoke
op fd invoke-custom/range 3rc n call-site-ref continue|throw|invoke
# Constant loading for method handles and method types. NB these may throw OOME
op fe const-method-handle 21c y method-handle-ref continue|throw
op ff const-method-type 21c y proto-ref continue|throw
|
