Abstract
The bytecode verifier of the Java Virtual Machine, which statically checks the type safety of Java bytecode, is the basis of the security model of Java and guarantees the safety of mobile code sent from an untrusted remote host. However, the type system for Java bytecode has some technical problems, one of which is in the handling of sub-routines. Based on the work of Stata and Abadi and that of Qian, this paper presents yet another type system for Java Virtual Machine sub-routines. Our type system includes types of the form last(x). A value whose type is last(x) is the same as that of the x-th variable of the caller of the subroutine. In addition, we represent the type of a return address by the form return(n), which means returning to the n-th outer caller. By virtue of these types, we can analyze instructions purely in terms of type, and as a result the correctness proof of bytecode verification becomes extremely simple. Moreover, for some programs, our method is more powerful than existing ones. In particular, our method has no restrictions on the number of entries and exits of a subroutine.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Richard M. Cohen: The Defensive Java Virtual Machine Specification, Version Alpha 1 Release, DRAFT VERSION, 1997. http://www.cli.com/software/djvm/html-0.5/djvm-report.html
Drew Dean: The Security of Static Typing with Dynamic Linking, Fourth ACM Conference on Computer and Communication Security, 1997, pp.18–27. http://www.cs.princeton.edu/sip/pub/ccs4.html
Sophia Drossopoulou and Susan Eisenbach: Java is Type Safe-Probably, ECOOP’97-Object-Oriented Programming, Lecture Notes in Computer Science, Vol.1241, 1997, pp.389–418. http://outoften.doc.ic.ac.uk/projects/slurp/papers.html\#ecoop
Sophia Drossopoulou, Susan Eisenbach and Sarfraz Khurshid: Is the Java Type System Sound? Proceedings of the Fourth International Workshop on Foundations of Object-Oriented Languages, 1997. http://outoften.doc.ic.ac.uk/projects/slurp/papers.html\#tapos
Allen Goldberg: A Specification of Java Loading and Bytecode Verification, 1997. http://www.kestrel.edu/~goldberg/
James Gosling, Bill Joy and Guy Steele: The Java TM Language Specification, Addison-Weslay, 1996.
Kimera: http://kimera.cs.washington.edu/
Tim Lindholm and Frank Yellin: The Java TM Virtual Machine Specification, Addison-Weslay, 1997.
Gary McGraw and Edward W. Felten: Java Security: Hostile Applets, Holes and Antidotes, John Wiley and Sons, 1996.
George C. Necula: Proof-Carrying Code, the Proceedings of the 24th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1997, pp.106–117.
George C. Necula, Peter Lee: The Design and Implementation of a Certifying Compiler, submitted to PLDI’98.
Tobias Nipkow and David von Oheimb: Javalight is Type-Safe-Definitely, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.161–170.
Zhenyu Qian: A Formal Specification of JavaTM Virtual Machine Instructions, 1997. http://www.informatik.uni-bremen.de/~qian/abs-fsjvm.html
Vijay Saraswat: Java is not type-safe, 1997. http://www.research.att.com/~vj/bug.html
Secure Internet Programming: http://www.cs.princeton/edu/sip/
Raymie Stata and MartÃn Abadi: A Type System for Java Bytecode Subroutines, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.149–160.
Don Syme: Proving Java Type Soundness, 1997. http://www.cl.cam.ac.uk/users/drs1004/java.ps
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hagiya, M., Tozawa, A. (1998). On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines. In: Levi, G. (eds) Static Analysis. SAS 1998. Lecture Notes in Computer Science, vol 1503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49727-7_2
Download citation
DOI: https://doi.org/10.1007/3-540-49727-7_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65014-0
Online ISBN: 978-3-540-49727-1
eBook Packages: Springer Book Archive