.class字节码向BAF码的转换

一个最简单的例子：

例子

当经过编译为.class文件时，使用javap -v 的到它的字节码的近汇编码，javap的使用方法看：javap命令简述

得到返汇编后的字节码：

Classfile /home/zhida/soot/test.class

  Last modified 2019-8-9; size 428 bytes

  MD5 checksum d7a1b61cbddf920eda42f6a2c460f0f8

  Compiled from "test.java"

public class test

  SourceFile: "test.java"

  minor version: 0

  major version: 46

  flags: ACC_PUBLIC, ACC_SUPER

Classfile /home/zhida/soot/test.class

  Last modified 2019-8-9; size 428 bytes

  MD5 checksum d7a1b61cbddf920eda42f6a2c460f0f8

  Compiled from "test.java"

public class test

  SourceFile: "test.java"

  minor version: 0

  major version: 46

  flags: ACC_PUBLIC, ACC_SUPER

Constant pool:

  #1 = NameAndType        #23:#26        //  out:Ljava/io/PrintStream;

  #2 = Utf8              ([Ljava/lang/String;)V

  #3 = Utf8              java/lang/Object

  #4 = Utf8              <init>

  #5 = NameAndType        #4:#9          //  "":()V

  #6 = Class              #3            //  java/lang/Object

  #7 = Class              #18            //  java/io/PrintStream

  #8 = Methodref          #7.#25        //  java/io/PrintStream.println:(I)V

  #9 = Utf8              ()V

  #10 = Class              #22            //  java/lang/System

  #11 = Utf8              Code

  #12 = Utf8              main

  #13 = Class              #24            //  test

  #14 = Fieldref          #10.#1        //  java/lang/System.out:Ljava/io/PrintStream;

  #15 = Utf8              SourceFile

  #16 = Utf8              (I)V

  #17 = Utf8              test.java

  #18 = Utf8              java/io/PrintStream

  #19 = Utf8              println

  #20 = Methodref          #6.#5          //  java/lang/Object."":()V

  #21 = Utf8              LineNumberTable

  #22 = Utf8              java/lang/System

  #23 = Utf8              out

  #24 = Utf8              test

  #25 = NameAndType        #19:#16        //  println:(I)V

  #26 = Utf8              Ljava/io/PrintStream;

{

  public static void main(java.lang.String[]);

    flags: ACC_PUBLIC, ACC_STATIC

    Code:

      stack=3, locals=1, args_size=1

        0: getstatic    #14                // Field java/lang/System.out:Ljava/io/PrintStream;

        3: iconst_1     

        4: iconst_2     

        5: iadd         

        6: invokevirtual #8                  // Method java/io/PrintStream.println:(I)V

        9: return       

      LineNumberTable:

        line 6: 0

        line 3: 3

        line 4: 4

        line 5: 5

        line 6: 6

        line 6: 9

  public test();

    flags: ACC_PUBLIC

    Code: LineNumberTable

      stack=1, locals=1, args_size=1

        0: aload_0     

        1: invokespecial #20                // Method java/lang/Object."":()V

        4: return       

      LineNumberTable:

        line 1: 0

        line 1: 0

        line 1: 1

        line 1: 4

      LineNumberTable:

        line 1: 0

        line 1: 1

        line 1: 4

}

转换为BAF时，则先将最前面的那些关于常量池的定义和类与引用的定义给去掉，再将其中的无用解释码给去掉（就是 LineNumberTable，和局部变量表这种）仅仅保留反汇编码：
得到

public static void main(java.lang.String[]);

    flags: ACC_PUBLIC, ACC_STATIC

    Code:

      stack=3, locals=1, args_size=1

         0: getstatic     #14                 // Field java/lang/System.out:Ljava/io/PrintStream;

         3: iconst_1     

         4: iconst_2     

         5: iadd         

         6: invokevirtual #8                  // Method java/io/PrintStream.println:(I)V

         9: return       


public test();

    flags: ACC_PUBLIC

    Code: LineNumberTable

      stack=1, locals=1, args_size=1

         0: aload_0      

         1: invokespecial #20                 // Method java/lang/Object."":()V

         4: return       

可以在进一步简化，得到：

public class test {

  public static void main(java.lang.String[]);

    Code:

      0: getstatic    #14                // Field java/lang/System.out:Ljava/io/PrintStream;

      3: iconst_1           取出声明的int型变量，压入操作数栈

      4: iconst_2           取出声明的int型变量，压入操作数栈

      5: iadd                  从操作数栈中，将操作数取出，进行相加，将结果入栈

      6: invokevirtual #8                  // Method java/io/PrintStream.println:(I)V 

      9: return      赋返回

  public test();

    Code:

      0: aload_0    从本地变量表中引用0的变量值，即this的引用，压入栈中

      1: invokespecial #20                // Method java/lang/Object."":()V

      4: return       

}

然后，经过栈编译器直接转化：

 0: getstatic                   word r0;         r0 := @parameter0: java.lang.String[];

                                      staticget <java.lang.System: java.io.PrizzntStream out>;

  3: iconst_1                   push 1;

  4: iconst_2                   push 2;

  5: iadd                          add.i;

  6: invokevirtual #8        virtualinvoke <java.io.PrintStream: void println(int)>;

  9: return                       return;

将对test类对象初始化，转换为()

  0: aload_0                    word r0;

                                      r0 := @this: test;  load.r r0;

 1: invokespecial #20     specialinvoke <java.lang.Object: void <init>()>;

 4: return                        return;

得到BAF文件：

.baf