本文参考: http://www.vuln.cn/7115
常量入栈指令有 iconst,bipush,sipush,ldc,ldc2_w 分别对应不同的使用场景
以下两个表简单总结了使用场景
八大基本类型场景表
常量类型 | 常量范围 | 指令 |
×××int | -1~5 | iconst_0~ iconst_5 iconst_m1 |
-128~127 | bipush | |
-32768~32767 | sipush | |
-2147483648~2147483647 | #2 = Integer 12345678 0: ldc #2 // int 12345678 | |
布尔型 boolean | true | iconst_1 |
false | iconst_0 | |
短整型 short | -1~5 | iconst_0~ iconst_5 iconst_m1 |
-128~127 | bipush | |
-32768~32767 | sipush | |
字符型 char | \u0000~\u0005 | iconst_0~ iconst_5 |
\u0000~\u00FF | bipush | |
\u0000~\uFFFF | sipush | |
字节型 byte | -1~5 | iconst_0~ iconst_5 iconst_m1 |
-128~127 | bipush | |
长整型 long | -2^63~2^63-1 | #2 = Long 1234567890123456789l ldc2_w #2 // long 1234567890123456789l |
浮点型 double | 8 字节 | #2 = Double 123.456d ldc2_w #2 // double 123.456d |
浮点型 float | 4 字节 | #2 = Float 123.456f ldc #2 // float 123.456f |
指令场景表
指令 | 使用场景 |
iconst | int,short,byte,int(char a) 数值在 - 1~5 之间,boolean 类型,注意不包括 long |
bipush | int,short,byte,int(char a)数值在 - 128~127 之间,注意不包括 long,范围内的值在 iconst 之内的优先用 iconst |
sipush | int,short,int(char a)数值在 - 32768~32767 之间,boolean 类型,注意不包括 long,范围内的值在 bipush 之内的优先用 bipush |
ldc | int 的数值 - 2147483648~2147483647 之间(范围内的值在 sipush 之内的优先用 sipush),float 类型 |
ldc2_w | long 类型,double 类型 |
以下是简单的例子
××× 常量 0 的例子 iconst
- public class ret
- {
- public static int main(String[] args)
- {
- return 0;
- }
- }
编译
javac ret.java
Java 标准反编译
javap -c -verbose ret.class
- ...
- major version: 52
- ...
- public static int main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)I
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: iconst_0
- 1: ireturn
- LineNumberTable:
- line 5: 0
注意其中的 0: iconst_0 即可
××× 常量 123 的例子 bipush
- public class ret
- {
- public static int main(String[] args)
- {
- return 123;
- }
- }
反编译
- ...
- major version: 52
- ...
- public static int main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)I
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: bipush 123
- 2: ireturn
- LineNumberTable:
- line 5: 0
注意其中的 0: bipush 123
××× 常量 1234 的例子 sipush
- public class ret
- {
- public static int main(String[] args)
- {
- return 1234;
- }
- }
反编译
- ...
- major version: 52
- ...
- public static int main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)I
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: sipush 1234
- 3: ireturn
- LineNumberTable:
- line 5: 0
注意其中的 0: sipush 1234
××× 常量 12345678 的例子 ldc
- public class ret
- {
- public static int main(String[] args)
- {
- return 12345678;
- }
- }
反编译
- ...
- major version: 52
- ...
- #2 = Integer 12345678
- ...
- public static int main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)I
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: ldc #2 // int 12345678
- 2: ireturn
- LineNumberTable:
- line 5: 0
布尔型 true 例子 iconst
- public class ret
- {
- public static boolean main(String[] args)
- {
- return true;
- }
- }
反编译
- ...
- major version: 52
- ...
- public static boolean main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)Z
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: iconst_1
- 1: ireturn
- LineNumberTable:
- line 5: 0
注意 0: iconst_1 即 ture 用常量 1 表示
短整型 short 例子
- public class ret
- {
- public static short main(String[] args)
- {
- return 1234;
- }
- }
反编译
- ...
- major version: 52
- ...
- public static short main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)S
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: sipush 1234
- 3: ireturn
- LineNumberTable:
- line 5: 0
注意 0: sipush 1234
字符型 A 例子
- public class ret
- {
- public static char main(String[] args)
- {
- return 'A';
- }
- }
反编译
- ...
- major version: 52
- ...
- public static char main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)C
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: bipush 65
- 2: ireturn
- LineNumberTable:
- line 5: 0
注意 0: bipush 65
字符型中例子
- public class ret
- {
- public static char main(String[] args)
- {
- return '中';
- }
- }
反编译
- ...
- major version: 52
- ...
- public static char main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)C
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: sipush 20013
- 3: ireturn
- LineNumberTable:
- line 5: 0
注意 0: sipush 20013
byte 类型 123 列子
- public class ret
- {
- public static byte main(String[] args)
- {
- return 123;
- }
- }
反编译
- ...
- major version: 52
- ...
- public static byte main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)B
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: bipush 123
- 2: ireturn
- LineNumberTable:
- line 5: 0
注意 0: bipush 123
long 类型 1234567890123456789L 例子
- public class ret
- {
- public static long main(String[] args)
- {
- return 1234567890123456789l;
- }
- }
反编译
- ...
- major version: 52
- ...
- #2 = Long 1234567890123456789l
- ...
- public static long main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)J
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=2, locals=1, args_size=1
- 0: ldc2_w #2 // long 1234567890123456789l
- 3: lreturn
- LineNumberTable:
- line 5: 0
注意 0: ldc2_w #2 // long 1234567890123456789l
浮点类型 123.456d 的例子
- public class ret
- {
- public static double main(String[] args)
- {
- return 123.456d;
- }
- }
反编译
- ...
- major version: 52
- ...
- #2 = Double 123.456d
- ...
- public static double main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)D
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=2, locals=1, args_size=1
- 0: ldc2_w #2 // double 123.456d
- 3: dreturn
- LineNumberTable:
- line 5: 0
注意 0: ldc2_w #2 // double 123.456d
浮点类型 123.456f 的例子
- public class ret
- {
- public static float main(String[] args)
- {
- return 123.456f;
- }
- }
反编译
- ...
- major version: 52
- ...
- #2 = Float 123.456f
- ...
- public static float main(java.lang.String[]);
- descriptor: ([Ljava/lang/String;)F
- flags: ACC_PUBLIC, ACC_STATIC
- Code:
- stack=1, locals=1, args_size=1
- 0: ldc #2 // float 123.456f
- 2: freturn
- LineNumberTable:
- line 5: 0
注意 0: ldc #2 // float 123.456f
来源: http://www.bubuko.com/infodetail-2567685.html