Summary

Explicitly permit java.lang.classfile.CodeBuilder.BlockCodeBuilder to potentially generate corrupted bytecode (by reaching the end of the code body) if both it and its parent terminate the control flow.

Problem

BlockCodeBuilder has a facility to track the control flow and inserts jumps when the control flow does not terminate.

However, if it ends with a nested block, it always consider the break of that nested block reachable.

Therefore, it inserts jumps for theoretically-unreachable code, which results in out of code bounds jumps, which is malformed bytecode.

Solution

Explicitly document this restriction in the specification of BlockCodeBuilder.

Alternative solution considered includes more advanced control flow analysis. However, per JEP 484, ClassFile API should not provide code analysis, and it would be costly for maintenance.

Specification

In the class docs of CodeBuilder.BlockCodeBuilder:

--- a/src/java.base/share/classes/java/lang/classfile/CodeBuilder.java
+++ b/src/java.base/share/classes/java/lang/classfile/CodeBuilder.java
@@ -175,6 +175,11 @@ default CodeBuilder transforming(CodeTransform transform, Consumer<CodeBuilder>
      * A builder for blocks of code.  Its {@link #startLabel()} and {@link
      * #endLabel()} do not enclose the entire method body, but from the start to
      * the end of the block.
+     * <p>
+     * The location where a block of code merges back to its parent block, as
+     * represented by the {@link #breakLabel()}, is expected to be reachable,
+     * either from this block or the parent block.  The built code may be
+     * malformed if there is no executable code at that location.
      *
      * @since 24
      */