JVML Instruction Set. How to get more than 256 local variables! Method Calls. Example. Method Calls

Similar documents
Plan for Today. Safe Programming Languages. What is a secure programming language?

Plan for Today. Class 21: Hair-Dryer Attacks. Recap: Java Platform. Project Design Documents. Running Mistyped Code. Running Mistyped Code

The Java Virtual Machine. CSc 553. Principles of Compilation. 3 : The Java VM. Department of Computer Science University of Arizona

Let s make some Marc R. Hoffmann Eclipse Summit Europe

Programming Language Systems

JVM. What This Topic is About. Course Overview. Recap: Interpretive Compilers. Abstract Machines. Abstract Machines. Class Files and Class File Format

Course Overview. PART I: overview material. PART II: inside a compiler. PART III: conclusion

Run-time Program Management. Hwansoo Han

CS2110 Fall 2011 Lecture 25. Under the Hood: The Java Virtual Machine, Part II

CSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1

Running Mistyped Code. Lecture 19: Java Security. Running Mistyped Code. Java Security Architecture. JavaVM. Reference Monitors

javac 29: pop 30: iconst_0 31: istore_3 32: jsr [label_51]

Delft-Java Dynamic Translation

Agenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1

Over-view. CSc Java programs. Java programs. Logging on, and logging o. Slides by Michael Weeks Copyright Unix basics. javac.

CSc 620 Debugging, Profiling, Tracing, and Visualizing Programs. Compiling Java. The Java Class File Format 1 : JVM

Compiling Techniques

Java Class Loading and Bytecode Verification

02 B The Java Virtual Machine

The Java Virtual Machine

The Java Virtual Machine

CMPSC 497: Java Security

Java Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code

Improving Java Performance

Improving Java Code Performance. Make your Java/Dalvik VM happier

Exercise 7 Bytecode Verification self-study exercise sheet

Compiler construction 2009

301AA - Advanced Programming [AP-2017]

The Java Language Implementation

Java byte code verification

An Introduction to Multicodes. Ben Stephenson Department of Computer Science University of Western Ontario

Under the Hood: The Java Virtual Machine. Lecture 23 CS2110 Fall 2008

Jaos - Java on Aos. Oberon Event 03 Patrik Reali

CSC 4181 Handout : JVM

Space Exploration EECS /25

Java and C II. CSE 351 Spring Instructor: Ruth Anderson

Static Analysis of Dynamic Languages. Jennifer Strater

CS263: Runtime Systems Lecture: High-level language virtual machines. Part 1 of 2. Chandra Krintz UCSB Computer Science Department

Problem: Too Many Platforms!

Under the Hood: The Java Virtual Machine. Problem: Too Many Platforms! Compiling for Different Platforms. Compiling for Different Platforms

Compilation 2012 Code Generation

Part VII : Code Generation

Copyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16

SOFTWARE ARCHITECTURE 7. JAVA VIRTUAL MACHINE

JAM 16: The Instruction Set & Sample Programs

Today. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time

Tutorial 3: Code Generation

COMP3131/9102: Programming Languages and Compilers

Program Dynamic Analysis. Overview

3/15/18. Overview. Program Dynamic Analysis. What is dynamic analysis? [3] Why dynamic analysis? Why dynamic analysis? [3]

Taming the Java Virtual Machine. Li Haoyi, Chicago Scala Meetup, 19 Apr 2017

CSCE 314 Programming Languages

Building a Compiler with. JoeQ. Outline of this lecture. Building a compiler: what pieces we need? AKA, how to solve Homework 2

COMP 520 Fall 2009 Virtual machines (1) Virtual machines

Shared Mutable State SWEN-220

Administration CS 412/413. Why build a compiler? Compilers. Architectural independence. Source-to-source translator

Code Generation Introduction

to perform dependence analysis on Java bytecode, we must extend existing dependence analysis techniques for adapting Java bytecode. In this paper we p

Java: framework overview and in-the-small features

Compiling Faster, Compiling Better with Falcon. Iván

Joeq Analysis Framework. CS 243, Winter

Compiler construction 2009

A Quantitative Analysis of Java Bytecode Sequences

Scala: Byte-code Fancypants. David Pollak JVM Language Summit 2009

Advances in Programming Languages: Generics, interoperability and implementation

This project is supported by DARPA under contract ARPA F C-0057 through a subcontract from Syracuse University. 2

CSE 431S Final Review. Washington University Spring 2013

Compiling for Different Platforms. Problem: Too Many Platforms! Dream: Platform Independence. Java Platform 5/3/2011

INTERMEDIATE REPRESENTATIONS RTL EXAMPLE

Oak Intermediate Bytecodes

Michael Rasmussen ZeroTurnaround

Roadmap. Java: Assembly language: OS: Machine code: Computer system:

Chapter 5. A Closer Look at Instruction Set Architectures. Chapter 5 Objectives. 5.1 Introduction. 5.2 Instruction Formats

LaboratoriodiProgrammazione III

EXAMINATIONS 2014 TRIMESTER 1 SWEN 430. Compiler Engineering. This examination will be marked out of 180 marks.

Chapter 5. A Closer Look at Instruction Set Architectures

Mnemonics Type-Safe Bytecode Generation in Scala

Introduction Basic elements of Java

COMP3131/9102: Programming Languages and Compilers

Static Program Analysis

Recap: Printing Trees into Bytecodes

Problems of Bytecode Verification

Computer Components. Software{ User Programs. Operating System. Hardware

301AA - Advanced Programming [AP-2017]

Java Card Platform. Virtual Machine Specification, Classic Edition. Version 3.1. January 2019

CSE 431S Code Generation. Washington University Spring 2013

JoeQ Framework CS243, Winter 20156

Translating Java bytecode to Simple

Java Instrumentation for Dynamic Analysis

Code Profiling. CSE260, Computer Science B: Honors Stony Brook University

Living in the Matrix with Bytecode Manipulation

Practical VM exploiting based on CACAO

Java TM. Multi-Dispatch in the. Virtual Machine: Design and Implementation. Computing Science University of Saskatchewan

CSc 453 Interpreters & Interpretation

Delft-Java Dynamic Translation

CS11 Java. Fall Lecture 1

Design and Implementation of Pep, a Java Just-In-Time Translator

High-Level Language VMs

Vulnerability analysis of a smart card Run Time

Verifying a Compiler for Java Threads

Transcription:

CS6: Program and Data Representation University of Virginia Computer Science Spring 006 David Evans Lecture 8: Code Safety and Virtual Machines (Duke suicide picture by Gary McGraw) pushing constants JVML Instruction Set loads, stores (0-3 for each iload, lload, fload, dload, aload) pop, dup, swap, etc. arithmetic conversion (e.g., il) comparisons (lcmp) goto, jsr, goto_w, jsr_w, ret tableswitch, lookupswitch 0 getstatic, putstatic newarray, anewarray, 66 multianewarray,arraylength 9 invoke methods, throw 37 new getfield, putfield checkcast instanceof monitorenter, monitorexit http://www.cs.virginia.edu/cs6 returns (e.g., ireturn) conditional jumps (ifeq, ifnull, ifnonnull) 6 wide nop, breakpoint, unused, implementation 6 dependent (0 out of 6 possible opcodes used) How to get more than 6 local variables! wide <opcode> <byte> <byte> Opcode is one of iload, fload, aload, lload, dload, istore, fstore, astore, lstore, dstore, or ret Modifies instruction to take byte operand (byte << 8 byte) Method Calls invokevirtual <method> Invokes the method <method> on the parameters and object on the top of the stack. Finds the appropriate method at run-time based on the actual type of the this object. invokevirtual <Method void println(java.lang.string)> 3 Method Calls Example invokestatic <method> Invokes a static (class) method <method> on the parameters on the top of the stack. Finds the appropriate method at runtime based on the actual type of the this object. public class Sample { System.err.println ("Hello!"); System.exit (); 6

> javap -c Sample Compiled from Sample.java public class Sample extends java.lang.object { public Sample(); public static void main(java.lang.string[]); public class Sample { System.err.println ("Hello!"); System.exit (); Method Sample() 0 aload_0 invokespecial # <Method java.lang.object()> return 0 getstatic # <Field java.io.printstream err> 3 ldc #3 <String "Hello!"> invokevirtual # <Method void println(java.lang.string)> 8 iconst_ 9 invokestatic # <Method void exit(int)> return Cast Instruction public class Cast { Object x; x = (Object) args[0]; System.out.println ("result: " + (String) x); 7 8 0 aload_0 iconst_0 public class Cast { aaload 3 astore_ Object x; getstatic # <Field java.io.printstream x = (Object) out> args[0]; 7 new #3 <Class java.lang.stringbuffer> System.out.println ("result: " + (String) x); 0 dup invokespecial # <Method java.lang.stringbuffer()> ldc # <String "result: "> 6 invokevirtual #6 <Method java.lang.stringbuffer append(java.lang.string)> 9 aload_ 0 checkcast #7 <Class java.lang.string> 3 invokevirtual #6 <Method java.lang.stringbuffer append(java.lang.string)> 6 invokevirtual #8 <Method java.lang.string tostring()> 9 invokevirtual #9 <Method void println(java.lang.string)> 3 return pushing constants JVML Instruction Set loads, stores (0-3 for each iload, lload, fload, dload, aload) pop, dup, swap, etc. arithmetic conversion (e.g., il) comparisons (lcmp) goto, jsr, goto_w, jsr_w, ret tableswitch, lookupswitch returns (e.g., ireturn) conditional jumps (ifeq, ifnull, ifnonnull) 0 getstatic, putstatic newarray, anewarray, 66 multianewarray,arraylength 9 invoke methods, throw 37 new getfield, putfield checkcast instanceof monitorenter, monitorexit 6 wide nop, breakpoint, unused, implementation 6 dependent (0 out of 6 possible opcodes used) 9 0 The Worst Instruction http://java.sun.com/docs/books/vmspec/nd-edition/html/instructions.doc7.html jsr [branchbyte] [branchbyte] Forms jsr = 68 (0xa8) Operand Stack......, address Description The address of the opcode of the instruction immediately following this jsr instruction is pushed onto the operand stack as a value of type returnaddress. The unsignedbranchbyte and branchbyte are used to construct a signed 6-bit offset, where the offset is (branchbyte << 8) branchbyte. Execution proceeds at that offset from the address of this jsr instruction. The target address must be that of an opcode of an instruction within the method that contains this jsr instruction. Notes The jsr instruction is used with the ret instruction in the implementation of the finally clauses of the Java programming language. Note that jsr pushes the address onto the operand stack and ret gets it out of a local variable. This asymmetry is intentional. public class JSR { try { System.out.println("hello"); catch (Exception e) { System.out.println ("There was an exception!"); finally { System.out.println ("I am finally here!"); Try-Catch-Finally

public class JSR { 0 getstatic # <Field java.io.printstream out> 3 ldc #3 <String "hello"> try { System.out.println("hello"); invokevirtual # <Method void println(java.lang.string)> catch (Exception e) { 8 jsr 3 System.out.println (... exception!"); finally { goto 6 System.out.println ("I am finally"); astore_ getstatic # <Field java.io.printstream out> 8 ldc #6 <String "There was an exception!"> 0 invokevirtual # <Method void println(java.lang.string)> 3 jsr 3 6 goto 6 9 astore_ 30 jsr 3 33 aload_ 3 athrow Exception table: from to target type 3 astore_3 0 8 <Class java.lang.exception> 36 getstatic # <Field java.io.printstream 0 out> 9 any 39 ldc #7 <String "I am finally here!"> 6 9 any invokevirtual # <Method void 9 println(java.lang.string)> 33 9 any ret 3 6 return Java : Programming Language compared to C++, not to C ^ sort of A simple, object-oriented, ^ distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic language. [Sun9] Java: int is 3 bits C: int is >= 6 bits 3 What is a secure programming language?. Language is designed so it cannot express certain computations considered insecure. A few attempt to do this: PLAN, packet filters. Language is designed so that (accidental) program bugs are likely to be caught by the compiler or run-time environment instead of leading to security vulnerabilities. Safe Programming Languages Type Safety Compiler and run-time environment ensure that bits are treated as the type they represent Memory Safety Compiler and run-time environment ensure that program cannot access memory outside defined storage Control Flow Safety Can t jump to arbitrary addresses Which of these does C/C++ have? Is Java the first language to have them? No way! LISP had them all in 960. 6 Java Safety Type Safety Most types checked statically Coercions, array assignments type checked at run time Memory Safety No direct memory access (e.g., pointers) Primitive array type with mandatory runtime bounds checking Control Flow Safety Structured control flow, no arbitrary jumps Malicious Code Can a safe programming language protect you from malcode?. Code your servers in it to protect from buffer overflow bugs. Only allow programs from untrustworthy origins to run if the are programmed in the safe language 7 8 3

Safe Languages? But how can you tell program was written in the safe language? Get the source code and compile it (most vendors, and all malicious attackers refuse to provide source code) Special compilation service cryptographically signs object files generated from the safe language (SPIN, [Bershad96]) Verify object files preserve safety properties of source language (Java) code.java Java Source Code User JVML javac Compiler JavaVM code.class JVML Object Code Wants to know JVML code satisfies Java s safety properties. 9 0 Does JVML satisfy Java s safety properties? Java Security Architecture JAR iconst_ push integer constant on stack istore_0 store top of stack in variable 0 as int aload_0 load object reference from variable 0 No! This code violates Java s type rules. Verify Exception Security exception ClassLoader Class Verifier Java VM Operating System Protected Resource Mistyped Code.method public static main([ljava/lang/string;)v JAR iconst_ > java Simple ClassLoader istore_0 Exception in thread aload_0 Class "main" iconst_ Verify Verifier java.lang.verifyerror: iconst_3 Exception (class: Simple, method: iadd Security main signature: Java VM exception Operating System ([Ljava/lang/String;)V).end method Protected Resource Register 0 contains wrong type Verifier error before any code runs 3 Runtime Error public class Cast { Object o = new Object (); String s; s = (String) o; System.out.println(s); return; 0 new # <Class java.lang.object> 3 dup invokespecial # <Method java.lang.object()> 7 astore_ 8 aload_ 9 checkcast #3 <Class java.lang.string> astore_ 3 getstatic # <Field java.io.printstream out> 6 aload_ 7 invokevirtual # <Method void println(java.lang.string)> 0 return

Bytecode Verifier Checks class file is formatted correctly Magic number: class file starts with 0xCAFEBABE String table, code, methods, etc. Checks JVML code satisfies safety properties Simulates program execution to know types are correct, but doesn t need to examine any instruction more than once Verifying Safety Properties Type safe Stack and variable slots must store and load as same type Only use operations valid for the data type Memory safe Must not attempt to pop more values from stack than are on it Doesn t access private fields and methods outside class implementation Control flow safe Jumps must be to valid addresses within function, or call/return 6 Charge PS6 will be out (electronically) on Friday If you would like to be assigned a partner for PS6, send me email as soon as possible 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback