MetaCartSign in to MyCiteSeer

Include Citations | Advanced Search | Help

Include Citations | Advanced Search | Help

  A type system for Java bytecode subroutines (1998) [187 citations — 0 self]

Download:
Download as a PDF | Download as a PS
by Raymie Stata
ACM Transactions on Programming Languages and Systems
http://www.research.digital.com/SRC/personal/Martin_Abadi/Papers/jvm-short-preprint.ps
Add To MetaCart

Abstract:

Java is typically compiled into an intermediate language, JVML, that is interpreted by the Java Virtual Machine. Because mobile JVML code is not always trusted, a bytecode verifier enforces static constraints that prevent various dynamic errors. Given the importance of the bytecode verifier for security, its current descriptions are inadequate. This paper proposes using typing rules to describe the bytecode verifier because they are more precise than prose, clearer than code, and easier to reason about than either. JVML has a subroutine construct used for the compilation of Java's try-finally statement. Subroutines are a major source of complexity for the bytecode verifier because they are not obviously last-in/first-out and because they require a kind of polymorphism. Focusing on subroutines, we isolate an interesting, small subset of JVML. We give typing rules for this subset and prove their correctness. Our type system constitutes a sound basis for bytecode verification and a rational reconstruction of a delicate part of Sun's bytecode verifier. 1 Bytecode verification and typing rules The Java language is typically compiled into an intermediate language that is interpreted by the Java Virtual Machine (VM) [LY96]. This intermediate language, which we call JVML, is an object-oriented language similar to Java. Its features include packages, classes with single inheritance, and interfaces with multiple inheritance. However, unlike method bodies in Java, method bodies in JVML are sequences of bytecode instructions. These instructions are fairly high-level but, compared to the structured statements used in Java, they are more compact and easier to interpret. JVML code is often shipped across networks to Java VMs embedded in web browsers and other applications. Mobile JVML code is not always trusted by the VM that receives it. Therefore, a bytecode verifier enforces static constraints on mobile JVML code. These constraints rule out type errors (such as dereferencing an integer), access control violations (such as accessing a private method from outside its class),

Citations

943 The Java Virtual Machine Specification – Lindholm, Yellin - 1996
113 A type system for object initialization in the java bytecode language – Freund, Mitchell - 1998
104 Compiling with Types – Morrisett - 1995
91 Proving Java type soundness – Syme - 1997
49 A formal specification of Java Virtual Machine instructions for objects, methods and subroutines – Qian - 1998
43 The TIL/ML compiler: Performance and safety through types – Morrisett, Tarditi, et al. - 1996
22 On a new method for dataflow analysis of Java virtual machine subroutines – Hagiya, Tozawa - 1998
21 A formal specification of Java tm virtual machine instructions for objects, methods and subroutines – Qian - 1998
19 Defensive Java Virtual Machine Version 0.5 alpha Release. Available from http://www.cli.com/software/djvm/index.html – Cohen - 1997
18 Java is type safe-probably – Drossopoulou, Eisenbach - 1997
13 A Java system security architecture. http://kimera.cs.washington.edu – Sirer, McDirmid, et al. - 1997
9 von Oheimb. Javalight is type-safe—definitely – Nipkow, David - 1998
4 Private communication – Yellin - 1997
2 The Java bytecode verification problem. Web page at http://www.research.att.com/~vj/main.html – Saraswat - 1997
2 A specification of Java loading and bytecode verification. To appear – Goldberg - 1998
View or Download | Add to My Collection | Correct Errors