Skip to main content

On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines

  • Conference paper
  • First Online:
Static Analysis (SAS 1998)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1503))

Included in the following conference series:

  • 360 Accesses

Abstract

The bytecode verifier of the Java Virtual Machine, which statically checks the type safety of Java bytecode, is the basis of the security model of Java and guarantees the safety of mobile code sent from an untrusted remote host. However, the type system for Java bytecode has some technical problems, one of which is in the handling of sub-routines. Based on the work of Stata and Abadi and that of Qian, this paper presents yet another type system for Java Virtual Machine sub-routines. Our type system includes types of the form last(x). A value whose type is last(x) is the same as that of the x-th variable of the caller of the subroutine. In addition, we represent the type of a return address by the form return(n), which means returning to the n-th outer caller. By virtue of these types, we can analyze instructions purely in terms of type, and as a result the correctness proof of bytecode verification becomes extremely simple. Moreover, for some programs, our method is more powerful than existing ones. In particular, our method has no restrictions on the number of entries and exits of a subroutine.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Richard M. Cohen: The Defensive Java Virtual Machine Specification, Version Alpha 1 Release, DRAFT VERSION, 1997. http://www.cli.com/software/djvm/html-0.5/djvm-report.html

  2. Drew Dean: The Security of Static Typing with Dynamic Linking, Fourth ACM Conference on Computer and Communication Security, 1997, pp.18–27. http://www.cs.princeton.edu/sip/pub/ccs4.html

  3. Sophia Drossopoulou and Susan Eisenbach: Java is Type Safe-Probably, ECOOP’97-Object-Oriented Programming, Lecture Notes in Computer Science, Vol.1241, 1997, pp.389–418. http://outoften.doc.ic.ac.uk/projects/slurp/papers.html\#ecoop

    Chapter  Google Scholar 

  4. Sophia Drossopoulou, Susan Eisenbach and Sarfraz Khurshid: Is the Java Type System Sound? Proceedings of the Fourth International Workshop on Foundations of Object-Oriented Languages, 1997. http://outoften.doc.ic.ac.uk/projects/slurp/papers.html\#tapos

  5. Allen Goldberg: A Specification of Java Loading and Bytecode Verification, 1997. http://www.kestrel.edu/~goldberg/

  6. James Gosling, Bill Joy and Guy Steele: The Java TM Language Specification, Addison-Weslay, 1996.

    Google Scholar 

  7. Kimera: http://kimera.cs.washington.edu/

  8. Tim Lindholm and Frank Yellin: The Java TM Virtual Machine Specification, Addison-Weslay, 1997.

    Google Scholar 

  9. Gary McGraw and Edward W. Felten: Java Security: Hostile Applets, Holes and Antidotes, John Wiley and Sons, 1996.

    Google Scholar 

  10. George C. Necula: Proof-Carrying Code, the Proceedings of the 24th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1997, pp.106–117.

    Google Scholar 

  11. George C. Necula, Peter Lee: The Design and Implementation of a Certifying Compiler, submitted to PLDI’98.

    Google Scholar 

  12. Tobias Nipkow and David von Oheimb: Javalight is Type-Safe-Definitely, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.161–170.

    Google Scholar 

  13. Zhenyu Qian: A Formal Specification of JavaTM Virtual Machine Instructions, 1997. http://www.informatik.uni-bremen.de/~qian/abs-fsjvm.html

  14. Vijay Saraswat: Java is not type-safe, 1997. http://www.research.att.com/~vj/bug.html

  15. Secure Internet Programming: http://www.cs.princeton/edu/sip/

  16. Raymie Stata and Martín Abadi: A Type System for Java Bytecode Subroutines, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.149–160.

    Google Scholar 

  17. Don Syme: Proving Java Type Soundness, 1997. http://www.cl.cam.ac.uk/users/drs1004/java.ps

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hagiya, M., Tozawa, A. (1998). On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines. In: Levi, G. (eds) Static Analysis. SAS 1998. Lecture Notes in Computer Science, vol 1503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49727-7_2

Download citation

  • DOI: https://doi.org/10.1007/3-540-49727-7_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-65014-0

  • Online ISBN: 978-3-540-49727-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics