Java Class Loading and Bytecode Verification

Similar documents
Java Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code

Static Program Analysis

Java byte code verification

Exercise 7 Bytecode Verification self-study exercise sheet

JVML Instruction Set. How to get more than 256 local variables! Method Calls. Example. Method Calls

CS2110 Fall 2011 Lecture 25. Under the Hood: The Java Virtual Machine, Part II

Today. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time

The Java Language Implementation

Compiling Techniques

Run-time Program Management. Hwansoo Han

JVM. What This Topic is About. Course Overview. Recap: Interpretive Compilers. Abstract Machines. Abstract Machines. Class Files and Class File Format

CMPSC 497: Java Security

Course Overview. PART I: overview material. PART II: inside a compiler. PART III: conclusion

SOFTWARE ARCHITECTURE 7. JAVA VIRTUAL MACHINE

Problem: Too Many Platforms!

CSCE 314 Programming Languages

CSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1

Java: framework overview and in-the-small features

Problems of Bytecode Verification

The Java Virtual Machine

CSC 4181 Handout : JVM

Compiling for Different Platforms. Problem: Too Many Platforms! Dream: Platform Independence. Java Platform 5/3/2011

Agenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1

Oak Intermediate Bytecodes

LaboratoriodiProgrammazione III

Under the Hood: The Java Virtual Machine. Lecture 23 CS2110 Fall 2008

The Java Virtual Machine

Java Instrumentation for Dynamic Analysis

Plan for Today. Safe Programming Languages. What is a secure programming language?

Compiler construction 2009

COMP 520 Fall 2009 Virtual machines (1) Virtual machines

Building a Compiler with. JoeQ. Outline of this lecture. Building a compiler: what pieces we need? AKA, how to solve Homework 2

02 B The Java Virtual Machine

An Introduction to Multicodes. Ben Stephenson Department of Computer Science University of Western Ontario

The Java Virtual Machine. CSc 553. Principles of Compilation. 3 : The Java VM. Department of Computer Science University of Arizona

Code Generation Introduction

Translating JVM Code to MIPS Code 1 / 43

CS263: Runtime Systems Lecture: High-level language virtual machines. Part 1 of 2. Chandra Krintz UCSB Computer Science Department

Under the Hood: The Java Virtual Machine. Problem: Too Many Platforms! Compiling for Different Platforms. Compiling for Different Platforms

Programming Language Systems

Part VII : Code Generation

Copyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16

Compilation 2012 Code Generation

Mnemonics Type-Safe Bytecode Generation in Scala

Over-view. CSc Java programs. Java programs. Logging on, and logging o. Slides by Michael Weeks Copyright Unix basics. javac.

Genetic Programming in the Wild:

Shared Mutable State SWEN-220

Portable Resource Control in Java: Application to Mobile Agent Security

Compiler construction 2009

Java and C II. CSE 351 Spring Instructor: Ruth Anderson

Introduction to Reflection

JAM 16: The Instruction Set & Sample Programs

Portable Resource Control in Java The J-SEAL2 Approach

CSc 372 Comparative Programming Languages. Getting started... Getting started. B: Java Bytecode BCEL

Let s make some Marc R. Hoffmann Eclipse Summit Europe

Recap: Printing Trees into Bytecodes

Improving Java Code Performance. Make your Java/Dalvik VM happier

Tutorial 3: Code Generation

invokedynamic IN 45 MINUTES!!! Wednesday, February 6, 13

Static Analysis of Dynamic Languages. Jennifer Strater

CSc 620 Debugging, Profiling, Tracing, and Visualizing Programs. Getting started... Getting started. 2 : Java Bytecode BCEL

COMP3131/9102: Programming Languages and Compilers

Object Oriented Programming Exception Handling

CSc 620 Debugging, Profiling, Tracing, and Visualizing Programs

Roadmap. Java: Assembly language: OS: Machine code: Computer system:

Reflection. Computer Science and Engineering College of Engineering The Ohio State University. Lecture 28

Chapter 5. A Closer Look at Instruction Set Architectures. Chapter 5 Objectives. 5.1 Introduction. 5.2 Instruction Formats

CSc 453 Interpreters & Interpretation

A Quantitative Analysis of Java Bytecode Sequences

Chapter 5. A Closer Look at Instruction Set Architectures

1 Shyam sir JAVA Notes

JoeQ Framework CS243, Winter 20156

CSC System Development with Java. Exception Handling. Department of Statistics and Computer Science. Budditha Hettige

Java TM. Multi-Dispatch in the. Virtual Machine: Design and Implementation. Computing Science University of Saskatchewan

Java An example of a secured architecture

Last name:... First name:... Department (if not D-INFK):...

Program Dynamic Analysis. Overview

3/15/18. Overview. Program Dynamic Analysis. What is dynamic analysis? [3] Why dynamic analysis? Why dynamic analysis? [3]

Joeq Analysis Framework. CS 243, Winter

Improving Java Performance

Jaos - Java on Aos. Oberon Event 03 Patrik Reali

Vulnerability analysis of a smart card Run Time

Compiling Faster, Compiling Better with Falcon. Iván

CSE 431S Final Review. Washington University Spring 2013

Final Exam. 12 December 2018, 120 minutes, 26 questions, 100 points

Implementing on Object-Oriented Language 2.14

High-Level Language VMs

1 Compilation (Chapter 1) 2. 2 Lexical Analysis (Chapter 2) 4. 3 Parsing (Chapter 3) 7. 4 Type Checking (Chapter 4) 13

CSCE 314 Programming Languages

Chapter 5. A Closer Look at Instruction Set Architectures. Chapter 5 Objectives. 5.1 Introduction. 5.2 Instruction Formats

Space Exploration EECS /25

Chapter 5. A Closer Look at Instruction Set Architectures

EXAMINATIONS 2014 TRIMESTER 1 SWEN 430. Compiler Engineering. This examination will be marked out of 180 marks.

Scala: Byte-code Fancypants. David Pollak JVM Language Summit 2009

Java Vulnerability Analysis with JAPCT: Java. Access Permission Checking Tree

CS5233 Components Models and Engineering

Homework 6. Reading. Problems. Handout 7 CS242: Autumn November

Chair of Software Engineering. Java and C# in depth. Carlo A. Furia, Marco Piccioni, Bertrand Meyer. Java: reflection

Code Generation. Frédéric Haziza Spring Department of Computer Systems Uppsala University

Java Language Basics: Introduction To Java, Basic Features, Java Virtual Machine Concepts, Primitive Data Type And Variables, Java Operators,

Transcription:

Java Class Loading and Bytecode Verification Every object is a member of some class. The Class class: its members are the (definitions of) various classes that the JVM knows about. The classes can be dynamically loaded by the JVM by reading local or remote class files. Loading of classes is done by class loaders which are objects of the ClassLoader class. The class loader coordinates with the security manager and the access controller to provide the sandbox functions. 175

public class getclasstest { public static void main (String args[]) { String s = abc ; Class c1 = s.getclass(); System.out.println ( string \ + s + \ is of class + c1.getname()); Class c2 = c1.getclass(); System.out.println ( class + c1.getname() + is of class + c2.getname()); Class c3 = c2.getclass(); System.out.println ( class + c2.getname() + is of class + c3.getname()); } } 176

public class getclasstest { public static void main (String args[]) { String s = abc ; Class c1 = s.getclass(); System.out.println ( string \ + s + \ is of class + c1.getname()); Class c2 = c1.getclass(); System.out.println ( class + c1.getname() + is of class + c2.getname()); Class c3 = c2.getclass(); System.out.println ( class + c2.getname() + is of class + c3.getname()); } } string abc is of class java.lang.string class java.lang.string is of class java.lang.class class java.lang.class is of class java.lang.class 176-a

An example involving dynamic class loading import java.lang.reflect. ; public class runhello { public static void main (String args[]) { Class c = null; Method m = null; // First we load the required class into the JVM try { c = Class.forName ( hello ); } catch (ClassNotFoundException e) { System.out.println ( The class was not found ); }; 177

// Get the main method of the class Class argtypes[] = new Class[] { String[].class }; try { m = c.getmethod ( main, argtypes); } catch (NoSuchMethodException e) { System.out.println ( The main method was not found ); }; } } // Invoke the method Object arglist[] = new Object[1]; try { m.invoke (null, arglist); } catch (Exception e) { System.out.println ( Error upon invocation + e); }; Hello! 178

The forname function finds, loads and links the class specified by the name. forname(string name, boolean initialize, ClassLoader loader) tries to find the class specified by the name, load it using the specified class loader and link it. The class is initialized if asked for. forname ( hello ) above is equivalent to forname ( hello, true, this.getclass().getclassloader()) 179

Security and the class loader The security manager and access controller allow or prevent various operations depending upon the context of the request. This information is provided by the class loader. The class loader has information about origin: where the class was loaded from whether the class comes from the local filesystem or from the network whether the class comes with a digital signature 180

Suppose we visit a website www.site1.com which uses a class named C1. Then we visit a second website www.site2.com which also uses a class C1. How to distinguish between the two classes? Worse, www.site2.com could be untrusted and provide some malicious code in class C1 A class loaded from an untrusted site should not be put in the same package as a class loaded from a trusted site. 181

Each class loader defines a name space. All classes loaded by particular class loader belong to its name space. class loader cl1 class loader cl2 C1 C1... C2 C3... Web-browsers typically create different class loaders for loading classes from different sites. Hence classes from different sites can be put in different name spaces. Hence the class C1 provided by www.site1.com is different from the class C1 provided by www.site2.com. 182

If class C1 from a particular name space needs a class C2, then the associated class loader is looked up. The class loader associated with that namespace provides the required class C2. Hence the class C2 provided will be from the same namespace. In this way, name spaces provide a way to prevent untrsuted classes from accessing trusted classes. A class from an untrusted site cannot pretend to be a trusted class from the java API. 183

Hierarchy of class loaders The bootstrap class loader (primordial class loader, internal class loader) is responsible for loading a few initial classes when the JVM is launched. All new user defined class loaders have a parent class loader. bootstrap class loader class loader 1 class loader 2 class loader 3 class loader 4 184

Typical class loading mechanism 1. return already existing class object, if found 2. ask the security manager for permission to access this class 3. attempt to load the class using the parent class loader 4. ask the security manager for permission to create this class 5. read the class file into an array of bytes 6. perform bytecode verification 7. create the class object 8. resolve the class 185

Using a class loader Class loaders are members of (subclasses of) the abstract ClassLoader class. Classes are loaded using the loadclass function of class loaders: protected Class loadclass (String name, boolean resolve) where name is the name of the class, and resolve tells us whether the class should be resolved or not. Typically new classes of class loaders are defined by extending standard ones like SecureClassLoader or URLClassLoader. 186

Defining a new class of class loader Either extend ClassLoader or one of its subclasses. import java.net. ; // a trivial extension of URLClassLoader public class myclassloader extends URLClassLoader { myclassloader (URL url) { super (new URL[] {url}); } } protected Class loadclass (String name, boolean resolve) { Class c = null; try { c = super.loadclass(name, resolve); } catch (ClassNotFoundException e) { System.out.println ( Class not found ); } return c; } 187

Using a class loader import java.lang.reflect. ; import java.net. ; public class runclass { public static void main (String args[]) { // Create a class loader URL url = null; try { url = new URL ( file:/home/userxyz/classes ); } catch (MalformedURLException e) { } myclassloader cl = new myclassloader(url); 188

Class c = null; Method m = null; c = cl.loadclass (args[0]); // Load the class } } //Compute the argument vector and invoke the main method Class argtypes[] = new Class[] { String[].class }; try { m = c.getmethod ( main, argtypes); } catch (NoSuchMethodException e) { System.out.println ( The main method was not found ); }; Object arglist[] = new Object[1]; arglist[0] = new String[args.length 1]; for (int i=0; i < args.length 1; i++) ((String[])arglist[0])[i] = args[i+1]; try { m.invoke (null, arglist); } catch (Exception e) { System.out.println ( Error upon invocation + e); }; 189

Java Bytecode Verification Static analysis of the bytecodes to ensure security properties like operations follow typing rules no illegal casts no conversion from integers to pointers no calling of directly private methods of another class no jumping into the middle of a method no confusion between data and code 190

The JVM Stack based abstract machine: operations pop arguments and push results A set of registers, typically used for local variables and parameters: accessed by load and store instructions Stack and registers are preserved across method calls For each method, the number of stack slots and registers is specified in the bytecode unconditional, conditional and multiway (switch) intra-procedural branches Exception handlers table of entries (pc 1,pc 2,C,h): if exception of class C is raised between locations pc 1 and pc 2, then handler is at location h. Most JVM instructions are typed. 191

Example bytecode The source code: public class test { public static int factorial (int n) { int res; for (res = 1; n > 0; n ) res = res n; return res; } } and the JVM bytecode (shown by running javap on the class file)... 192

... public static int factorial ( int ); 2 stack slots, 2 registers 0: iconst 1 // push integer constant 1 1: istore 1 // store it in register 1 (res) 2: iload 0 // push register 0 (n) 3: ifle 16 // if negative or zero, goto 16 6: iload 1 // push register 1 (res) 7: iload 0 // push register 0 (n) 8: imul // multiply 9: istore 1 // store in register 1 (res) 10: iinc 0, 1 // increment register 0 (n) by -1 13: goto 2 // goto beginning of loop 16: iload 1 // load register 1 (res) 17: ireturn // return this value... 193

Some properties to be verified Type correctness: the arguments of an instruction are always of the right type. No stack overflow or underflow Code containment: the PC points within the code for the method, at the beginning of an instruction Register initialization before use Object initialization before use Minimize runtime checks = efficient execution 194

Verification idea: type level abstract interpretation Use types as the abstract values. The partial ordering on types is the subtype relation. Hence for example C D Object if class C extends class D. We introduce special types Null and to abstract null pointers and uninitialized values. Also T for every T. An abstract stack S is a sequence of types. The sequence S = Int Int String abstracts a stack having a string at the bottom of the stack and just two integers above it. 195

An abstract register assignment R maps registers to types. R : {0,...,M reg 1} T where M reg is the maximum number of registers and T is the set of types. An abstract state is either (unreachable state) or (S,R) where S is an abstract stack and R is an abstract register assignment. 196

Executing instructions modifies the abstract state. (S,R) iconst n (Int S,R) if S < M stack where M stack is the maximum size of the stack 197

Executing instructions modifies the abstract state. (S,R) iconst n (Int S,R) if S < M stack where M stack is the maximum size of the stack (Int Int S,R) iadd (Int S,R) 197-a

Executing instructions modifies the abstract state. (S,R) iconst n (Int S,R) if S < M stack where M stack is the maximum size of the stack (Int Int S,R) iadd (Int S,R) (S,R) iload n (Int S,R) if 0 n < M reg and R(n) = Int and S < M stack 197-b

Executing instructions modifies the abstract state. (S,R) iconst n (Int S,R) if S < M stack where M stack is the maximum size of the stack (Int Int S,R) iadd (Int S,R) (S,R) iload n (Int S,R) if 0 n < M reg and R(n) = Int and S < M stack (Int S,R) istore n (S,R{n Int}) if 0 n < M reg 197-c

(Int S,R) ifle n (S,R) if n is a valid instruction location (S,R) goto n (S,R) if n is a valid instruction location 198

(S,R) aconst null (Null S,R) if S < M stack 199

(S,R) aconst null (Null S,R) if S < M stack (S,R) aload n (R(n) S,R) if 0 n < M reg and R(n) Object and S < M stack 199-a

(S,R) aconst null (Null S,R) if S < M stack (S,R) aload n (R(n) S,R) if 0 n < M reg and R(n) Object and S < M stack (τ S,R) astore n (S,R{n τ}) if 0 n < M reg and τ Object 199-b

Accessing fields and methods (τ S,R) getfield C.f.τ (τ S,R) if τ C 200

Accessing fields and methods (τ S,R) getfield C.f.τ (τ S,R) if τ C (τ 1 τ 2 S,R) putfield C.f.τ (S,R) if τ 1 τ and τ 2 C 200-a

Accessing fields and methods (τ S,R) getfield C.f.τ (τ S,R) if τ C (τ 1 τ 2 S,R) putfield C.f.τ (S,R) if τ 1 τ and τ 2 C (τ n... τ 1 S,R) invokestatic C.m.σ (τ S,R) if σ = τ(τ 1,...,τ n ),τ i τ i for 1 i n and τ S M stack 200-b

Accessing fields and methods (τ S,R) getfield C.f.τ (τ S,R) if τ C (τ 1 τ 2 S,R) putfield C.f.τ (S,R) if τ 1 τ and τ 2 C (τ n... τ 1 S,R) invokestatic C.m.σ (τ S,R) if σ = τ(τ 1,...,τ n ),τ i τ i for 1 i n and τ S M stack (τ n... τ 1 τ S,R) invokevirtual C.m.σ (τ S,R) if σ = τ(τ 1,...,τ n ),τ C,τ i τ i for 1 i n and τ S M stack 200-c

Another example public class testclass { public testclass () { } public Class testfunction (String s) { Class c = s.getclass(); return c; } } public java.lang.class testfunction(java.lang.string); 1 stack slots, 3 registers 0: aload 1 1: invokevirtual #2; //Method java/lang/object.getclass:()ljava/lang/class; 4: astore 2 5: aload 2 6: areturn 201

Our analysis on this example public java.lang.class testfunction(java.lang.string); 1 stack slots, 3 registers // stack, R(0), R(1), R(2) // ǫ, (testclass, String, ) 0: aload 1 // String, (testclass, String, ) 1: invokevirtual #2; // Class, (testclass, String, ) 4: astore 2 // ǫ, (testclass, String, Class) 5: aload 2 // Class, (testclass, String, Class) 6: areturn 202

In case of several paths to a node, we need to compute least upper bounds. Comparison of abstract stacks: T 1... T n U 1... U n iff T i U i for 1 i n. T 1... T n U 1... U n = T 1 U 1... T n U n Comparison of abstract register assignments: R 1 R 2 iff R 1 (i) R 2 (i) for 0 i < M reg. (R 1 R 2 )(n) = R 1 (n) R 2 (n) Comparison of abstract states (S 1,R 1 ) (S 2,R 2 ) iff S 1 S 2 and R 1 R 2 (S 1,R 1 ) (S 2,R 2 ) = (S 1 S 2,R 1 R 2 ) Also (R,S) and (R,S) = (R,S). 203

Initial abstract state: (S start,r start ) where S start = ǫ is the empty stack and R start (0),...,R start (n 1) are the n arguments, and R start (i) = for i n If π : pc 1 pc 2 is a path (possibly with loops) from pc 1 to pc 2 with corresponding instruction sequence I 1,...,I k and (R i 1,S i 1 ) I i (S i,r i ) for 1 i n then we write π : (S 0,R 0 ) (S k,r k ). For every valid location pc we define Merge Over All Paths (MOP): S[pc] = {(S,R) π : (S start,r start ) (S,R)} 204

Example Suppose classes D and E are defined by extending class C, so that D E = C. // Int, (D, E) 10: ifle 17 // ǫ,(d, E) 13: aload 0 // D, (D, E) 14: goto 18 // ǫ,(d, E) 17: aload 1 // C, (D, E) 18: areturn (According to our notation, C,(D,E) is the abstract state before the execution of the instruction at location 18.) 205

Another example // ǫ,(int, String) 9: iload 0 // Int, (Int, String) 10: ifle 17 // ǫ,(int, String) 13: iload 0 // Int, (Int, String) 14: goto 18 // ǫ,(int, String) 17: aload 1 //, (Int, String) 18: areturn The bytecode verification fails because the return value is of unknown type. 206

public static int factorial ( int ); 2 stack slots, 2 registers // ǫ, (Int, ) 0: iconst 1 // Int,(Int, ) 1: istore 1 // ǫ, (Int, Int) 2: iload 0 // Int,(Int, Int) 3: ifle 16 // ǫ, (Int, Int) 6: iload 1 // Int,(Int, Int) 7: iload 0 // Int Int, (Int, Int) 8: imul // Int,(Int, Int) 9: istore 1 // ǫ, (Int, Int) 10: iinc 0, 1 // ǫ, (Int, Int) 13: goto 2 // ǫ, (Int, Int) 16: iload 1 // Int,(Int, Int) 17: ireturn 207

Other issues to be tackled in the full Java bytecode language: initialization of objects exception handling 208

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback