Abstract
Java Virtual Machines (JVMs) traditionally perform bytecode verification by way of an iterative dataflow analysis. Bytecode verification is necessary to ensure type safety because temporary variables in the JVM are not statically typed. We present an alternative verification mechanism that transforms JVM bytecode into Static Single Assignment Form (SSA) and thereby propagates definitions directly to uses. Type checking at control flow merge points can then be performed in a single pass.
Our prototype implementation of the new algorithm is faster than the standard JVM bytecode verifier. It has the additional benefit of generating SSA as a side effect, which may be immediately useful for a subsequent dynamic compilation stage.
- Amme, W., Dalton, N., von Ronne, J., and Franz, M. 2001. SafeTSA: A type safe and referentially secure mobile-code representation based on static single assignment form. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM Press, New York, NY, 137--147. Google Scholar
Digital Library
- Davey, B. A. and Priestley, H. A. 1990. Introduction to Lattices and Order. Cambridge University Press.Google Scholar
- Fitzgerald, R., Knoblock, T. B., Ruf, E., Steensgaard, B., and Tarditi, D. 2000. Marmot: An optimizing compiler for Java. Softw. Prac. Exper. 30, 3, 199--232. Google Scholar
Digital Library
- Freund, S. N. 1998. The costs and benefits of java bytecode subroutines. In Proceedings of the Formal Underpinnings of Java Workshop at OOPSLA.Google Scholar
- Freund, S. N. and Mitchell, J. C. 1999a. A formal specification of the Java bytecode language and bytecode verifier. In Proceeings of the ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA'99). ACM Press, NY, NY, 147--166. Google Scholar
Digital Library
- Freund, S. N. and Mitchell, J. C. 1999b. Specification and verification of Java bytecode subroutines and exceptions. Tech. rep. CS-TN-99-91, Stanford University.Google Scholar
- Freund, S. N. and Mitchell, J. C. 2003. A type system for the Java bytecode language and verifier. J. Automa. Reason. 30, 3-4, 271--321. Google Scholar
Digital Library
- Gal, A., Probst, C. W., and Franz, M. 2005. Structural encoding of static single assignment form. In Proceedings of the 4th International Workshop on Compiler Optimization Meets Compiler Verification (COCV'05). Elsevier Science Publishers, Amsterdam, The Netherlands.Google Scholar
- League, C., Trifonov, V., and Shao, Z. 2001. Functional Java Bytecode. In Proceedings of the 5th World Conference on Systemics, Cybernetics, and Informatics Workshop on Intermediate Representation Engineering for the Java Virtual Machine.Google Scholar
- Leroy, X. 2003. Java bytecode verification: Algorithms and formalizations. J. Automat. Reason. 30, 3/4, 235--269. Google Scholar
Digital Library
- Lindholm, T. and Yellin, F. 1996. The Java Virtual Machine Specification. Addison Wesley, Reading, MA. Google Scholar
Digital Library
- Stärk R. and Schmid, J. 2001. Java bytecode verification is not possible (extended abstract). In Proceedings of Eurocast'01 Formal Methods and Tools for Computer Science, R. Moreno-Díaz and A. Quesada-Arencibia, Eds. 232--234.Google Scholar
- Stärk, R., Schmid, J., and Börger, E. 2001. Java and the Java Virtual Machine: Definition, Verification, Validation. Springer-Verlag, Berlin, Germany. Google Scholar
Digital Library
- Stata, R. and Abadi, M. 1999. A type system for Java bytecode subroutines. ACM Trans. Program. Lang. Syst. 21, 1, 90--137. Google Scholar
Digital Library
Index Terms
Java bytecode verification via static single assignment form
Recommendations
Standard fixpoint iteration for Java bytecode verification
Java bytecode verification forms the basis for Java-based Internet security and needs a rigorous description. One important aspect of bytecode verification is to check if a Java Virtual Machine (JVM) program is statically well-typed. So far, several ...
Java Bytecode Verification: Algorithms and Formalizations
Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper reviews the various bytecode verification algorithms that have been proposed, recasts them in a common framework ...
Java bytecode specification and verification
SAC '06: Proceedings of the 2006 ACM symposium on Applied computingWe propose a framework for establishing the correctness of untrusted Java bytecode components w.r.t. to complex functional and/or security policies. To this end, we define a bytecode specification language (BCSL) and a weakest precondition calculus for ...






Comments