| # LyX 1.1 created this file. For more info see http://www.lyx.org/ |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| \lyxformat 218 |
| \textclass scrbook |
| \begin_preamble |
| |
| \end_preamble |
| \language english |
| \inputencoding latin1 |
| \fontscheme default |
| \graphics default |
| \float_placement !htp |
| \paperfontsize default |
| \spacing single |
| \papersize Default |
| \paperpackage a4wide |
| \use_geometry 0 |
| \use_amsmath 0 |
| \paperorientation portrait |
| \secnumdepth 2 |
| \tocdepth 2 |
| \paragraph_separation indent |
| \defskip medskip |
| \quotes_language english |
| \quotes_times 2 |
| \papercolumns 1 |
| \papersides 2 |
| \paperpagestyle default |
| |
| \layout Subject |
| |
| |
| \emph on |
| Diplomarbeit |
| \layout Title |
| |
| JustIce |
| \newline |
| |
| \size small |
| A Free Class File Verifier for Java |
| \latex latex |
| |
| \backslash |
| texttrademark\SpecialChar ~ |
| |
| \layout Author |
| |
| Enver Haase |
| \newline |
| |
| \size tiny |
| <ehaase@inf.fu-berlin.de> |
| \layout Date |
| |
| September 2001 |
| \layout Publishers |
| |
| Freie Universität Berlin |
| \newline |
| Institut für Informatik |
| \newline |
| Takustraße 9 |
| \newline |
| D-14195 Berlin |
| \layout Lowertitleback |
| |
| |
| \series bold |
| \size scriptsize |
| Revision |
| \series default |
| |
| \series bold |
| \shape smallcaps |
| $Id$ |
| \layout Minisec |
| |
| Erklärung |
| \begin_float footnote |
| \layout Standard |
| |
| I declare that I wrote this |
| \emph on |
| Diplomarbeit |
| \emph default |
| completely on my own and without the help of persons not listed. |
| All sources of information are listed in the Bibliography section. |
| \end_float |
| \layout Standard |
| |
| Hiermit versichere ich, die vorliegende Diplomarbeit selbständig und ohne |
| fremde Hilfe verfaßt zu haben. |
| Es wurden nur die in der Bibliographie angegebenen Quellen benutzt. |
| \layout Minisec |
| |
| Danksagung |
| \begin_float footnote |
| \layout Standard |
| |
| The creation of this |
| \emph on |
| Diplomarbeit |
| \emph default |
| paper was supported and supervised by Prof. |
| Dr. |
| Elfriede Fehr and Dipl.-Inform. |
| Markus Dahm. |
| Keith Seymour suggested a lot of language-related improvements. |
| Thank you. |
| \end_float |
| \layout Standard |
| |
| Während der Anfertigung dieser Diplomarbeit wurde ich von Prof. |
| Dr. |
| Elfriede Fehr und Dipl.-Inform. |
| Markus Dahm betreut, wofür ich mich an dieser Stelle herzlich bedanke. |
| \layout Standard |
| |
| Desweiteren bedanke ich mich bei Keith Seymour, der mir eine Reihe sprachspezifi |
| scher Verbesserungsvorschläge sandte. |
| \layout Minisec |
| |
| Autor |
| \begin_float footnote |
| \layout Standard |
| |
| Author |
| \end_float |
| \layout Standard |
| |
| Enver Haase |
| \newline |
| Gubener Straße 18 |
| \newline |
| D-10243 Berlin |
| \newline |
| |
| \layout Standard |
| |
| |
| \begin_inset LatexCommand \tableofcontents{} |
| |
| \end_inset |
| |
| |
| \layout Addchap |
| |
| Abstract |
| \layout Standard |
| |
| When Sun Microsystems developed their |
| \emph on |
| Java Platform |
| \emph default |
| in the early 1990s, it was originally designed for use in networked and |
| embedded consumer-electronics applications. |
| But when they introduced it around 1995, it quickly became used in World |
| Wide Web browser software. |
| This was a way to bring interactive content to demanding World Wide Web |
| users. |
| Sun took great care for the robustness of the platform: they planned to |
| connect embedded devices and let them share data and code over a network. |
| Defective devices transmitting bad data or unreliable network connections |
| should not cause other devices to crash. |
| This property made Java a good choice for the code-executing engine in |
| World Wide Web browsers: defective server software or transmission errors |
| would not cause the |
| \emph on |
| Java Platform |
| \emph default |
| to crash; this is also true for purposely malicious code hidden on the |
| Web. |
| The code-executing part of the |
| \emph on |
| Java Platform |
| \emph default |
| is called |
| \emph on |
| The Java Virtual Machine |
| \emph default |
| (the |
| \emph on |
| JVM |
| \emph default |
| , for short). |
| This execution engine has to assure that the code to be executed is well-behave |
| d; it has to |
| \emph on |
| verify |
| \emph default |
| the code. |
| Therefore, the |
| \emph on |
| verifier |
| \emph default |
| is an integral part of every JVM, but JustIce implements a verifier that |
| is not integrated in a JVM. |
| It was implemented using a software library called the |
| \emph on |
| Byte Code Engineering Library |
| \emph default |
| (the |
| \emph on |
| BCEL |
| \emph default |
| , for short) by Markus Dahm |
| \begin_inset LatexCommand \cite{BCEL98,BCEL-WWW} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| The BCEL is intended to give users a convenient mechanism to analyze, create |
| and manipulate (binary) Java class files. |
| It offers an object-oriented view of otherwise raw data, including program |
| code. |
| This library is, therefore, well-respected especially in the compiler-writer |
| community whenever the JVM is chosen as the target machine of the compiler. |
| Compiler back-ends use the BCEL to produce code for the JVM; and as new |
| compilers may be faulty, they may produce bad code. |
| Testing these compilers often is a difficult task. |
| The generated code should not only be semantically correct, but it also |
| has to pass the verifiers of all existing JVM implementations. |
| Normally, a lot of human interaction is required to run test cases. |
| If the code is rejected by a verifier, one often does not know why. |
| Most verifiers emit error messages which do not identify the offending |
| instruction. |
| \layout Standard |
| |
| JustIce presents an Application Programming Interface (API) that may be |
| used to automate the procedure sketched above. |
| The constraints imposed on class files are designed to be strict, therefore |
| eleminating the need to run several verifiers on the generated code. |
| If code passes the JustIce verifier, it should pass all other verifiers. |
| JustIce was also designed to output human-understandable messages if the |
| verification of some code fails. |
| \layout Standard |
| |
| The application range of JustIce is not limited to compiler back-ends, in |
| the same sense as the BCEL is not only useful in this area. |
| Transformations of existing code and even generation of hand-crafted code |
| fall into its scope, too. |
| As a side effect, JustIce exports some data structures such as a control |
| flow graph; so its API may also be used for applications targeting other |
| problem areas such as static analyses of program code. |
| \layout Chapter |
| |
| Introduction |
| \layout Section |
| |
| Low Level Security as a Part of a Many-Tiered Strategy |
| \layout Standard |
| |
| The Java programming language is well-known for its inherent security facilities |
| such as the lack of pointer arithmetic or the need for memory allocation |
| and deallocation. |
| Lesser known is that this is only the top of an iceberg; the |
| \emph on |
| Java Platform |
| \emph default |
| implements a many-tiered security strategy |
| \begin_inset LatexCommand \cite{Yellin-WWW} |
| |
| \end_inset |
| |
| . |
| It was designed to run even untrusted code -- code that possibly was not |
| produced by a compiler for the Java programming language, code that may |
| be corrupt or code that may have malicious intent (such as stealing credit |
| card number information from a hard disk drive). |
| Three considerations were made: |
| \layout Itemize |
| |
| Untrusted code could damage hardware, software, or information on the host |
| machine. |
| \layout Itemize |
| |
| It could pass unauthorized information to anyone. |
| \layout Itemize |
| |
| It could cause the host machine to become unusable through resource depletion. |
| \layout Standard |
| |
| While some security features such as type-safety or the already-mentioned |
| lack of pointer arithmetic of the Java programming language are a convenient |
| help for programmers, they can only help to reduce programming errors. |
| Of course these features do not help targeting the above problems. |
| At a lower level, however, the |
| \emph on |
| Java Plat\SpecialChar \- |
| form |
| \emph default |
| implements a so-called sandbox: an area where code can be executed but |
| that has well-defined boundaries shielding the rest of the system. |
| This is achieved by means of a |
| \emph on |
| Java Virtual Machine |
| \emph default |
| (JVM) emulation; the host platform does not directly run untrusted code, |
| but a |
| \emph on |
| run-time system |
| \emph default |
| which in turn runs the code, restricting its access to system resources. |
| \layout Standard |
| |
| A run-time system cannot safely assume that untrusted code is well-behaved. |
| Code could cause stack overflows, stack underruns, or otherwise erroneous |
| behaviour that may bring the run-time system into an undefined state -- |
| possibly allowing access to protected memory areas. |
| One could protect the run-time system by letting it predict the effects |
| of every single instruction just in time while actually executing it -- |
| but that would be too time-consuming to be applicable in practice. |
| \layout Standard |
| |
| Therefore, good behaviour of program code has to be enforced |
| \emph on |
| before |
| \emph default |
| it is actually executed -- at least as far as this is possible. |
| This is the lowest level of Java security; there has to be an integral |
| component in every JVM implementation doing so ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 420). |
| This part of the JVM is called the |
| \emph on |
| class file verifier |
| \emph default |
| , yet better known as the |
| \emph on |
| bytecode verifier. |
| |
| \emph default |
| Technically speaking, bytecode verification is only a part of class file |
| verification so |
| \emph on |
| class file verifier |
| \emph default |
| is a more embracing term. |
| JustIce implements a whole class file verifier. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 396 |
| file chap1.eps |
| width 3 100 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| Concept of Class File Verification |
| \end_float |
| \layout Section |
| |
| Why Another Verifier? |
| \layout Standard |
| |
| As said before, every JVM implementation must contain a class file verifier, |
| so it is reasonable to ask for the motivation behind creating just another |
| class file verifier -- especially one that is |
| \emph on |
| not |
| \emph default |
| part of a JVM implementation. |
| \layout Subsection |
| |
| Bytecode Engineers Need JustIce |
| \layout Standard |
| |
| Shortly after the |
| \emph on |
| Java Platform |
| \emph default |
| was introduced, it was adopted with pleasure because of its inherent independen |
| ce from operating systems and concrete hardware. |
| Industry and educational institutions with heterogenous networked computers |
| could now run the same software program on different host machines. |
| Soon, many efforts were put into research and development of compilers |
| for programming languages other than the Java programming language that |
| use the JVM bytecode as target. |
| \layout Standard |
| |
| Nowadays, many other programming languages do have the JVM as its target |
| platform; e.g. |
| Fortran |
| \begin_inset LatexCommand \cite{f2j} |
| |
| \end_inset |
| |
| , Ada |
| \begin_inset LatexCommand \cite{AppMag-WWW} |
| |
| \end_inset |
| |
| , Scheme |
| \begin_inset LatexCommand \cite{KAWA-WWW} |
| |
| \end_inset |
| |
| or modified Java language versions |
| \begin_inset LatexCommand \cite{GJ-WWW,PMG-WWW} |
| |
| \end_inset |
| |
| . |
| A vast collection of programming languages targeting the JVM can be found |
| on the World Wide Web |
| \begin_inset LatexCommand \cite{PL4JVM} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| All these compilers emit code for the JVM -- and so all these compilers |
| have to pass the JVM's verifier. |
| Implementors of such compilers have to consider the security related constraint |
| s the JVM poses on the generated code. |
| It is difficult to test if the emitted code works on all JVM implementations, |
| passing all JVM verifier implementations. |
| This is especially problematic if not all of the project's class files |
| are loaded into the JVM during a test run, because then they will not be |
| verified. |
| \layout Standard |
| |
| Having an opportunity to verify the transitive hull of referenced class |
| files (starting with some main class file) would be of help; JustIce offers |
| it. |
| \layout Standard |
| |
| The Bytecode Engineering Library by Markus Dahm is often used as a compiler |
| back-end to emit code, but it is also used to hand-craft code or to implement |
| bytecode transformations. |
| Because JustIce works closely together with the BCEL, users of the BCEL |
| do not even have to leave their development environment to run the JustIce |
| verifier. |
| \layout Standard |
| |
| To our knowledge, JustIce is the only implementation of a Java class file |
| verifier that was written in the Java programming language |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| itself |
| \begin_float footnote |
| \layout Standard |
| |
| In a personal communication, Robert Stärk told the author that there was |
| a Java implementation of the verifier discussed in |
| \begin_inset LatexCommand \cite{JBook} |
| |
| \end_inset |
| |
| , written by Joachim Schmid using the BCEL. |
| However, it is not released for public use yet. |
| \end_float |
| . |
| Because of its |
| \emph on |
| Verification API |
| \emph default |
| , it can be included in other software projects written in Java with more |
| ease than any other verifier implementation in a different programming |
| language could provide. |
| \layout Subsection |
| |
| JustIce is Verbose |
| \layout Standard |
| |
| Usually, when classes pass the verifier, it is mute. |
| JustIce, in contrast, distinguishes between verification results and messages. |
| Messages are often warnings, but the reason for emitting such a warning |
| instead of a negative verification result is because the class file does |
| not pose a threat to the integrity of the JVM and thus does not have to |
| be rejected. |
| \layout Standard |
| |
| When a verification error occurs and the class file is rejected, even the |
| built-in verifiers usually produce some output saying so. |
| As an example, consider the following verifier run: |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| ehaase@haneman:/home/ehaase > java Cc |
| \newline |
| Exception in thread "main" java.lang.VerifyError: |
| \newline |
| (class: Cc, method: ttt signature: ()V) |
| \newline |
| Recursive call to jsr entry |
| \family default |
| |
| \newline |
| |
| \latex latex |
| |
| \newline |
| |
| \layout Standard |
| |
| One might ask |
| \emph on |
| which |
| \emph default |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| jsr entry |
| \begin_inset Quotes erd |
| \end_inset |
| |
| (a branch target of a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or a |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction) is called recursively and which instructions may be responsible |
| for this. |
| Compare this to JustIce's output: |
| \newline |
| |
| \newline |
| [...] |
| \layout Standard |
| |
| |
| \family typewriter |
| Pass 3b, method number 0 ['public static void ttt()']: |
| \layout Standard |
| |
| |
| \family typewriter |
| VERIFIED_REJECTED |
| \layout Standard |
| |
| |
| \family typewriter |
| Constraint violated in method 'public static void ttt()': |
| \layout Standard |
| |
| |
| \family typewriter |
| Subroutine with local variable '1', JSRs '[ 36: jsr[168](3) -> astore_1, |
| 8: jsr[168](3) -> astore_1, 30: jsr[168](3) -> astore_1, 23: jsr[168](3) |
| -> astore_1]', RET ' 62: ret[169](2) 1' is called by a subroutine which |
| uses the same local variable index as itself; maybe even a recursive call? |
| JustIce's clean definition of a subroutine forbids both. |
| \newline |
| |
| \family default |
| [...] |
| \layout Standard |
| |
| |
| \family typewriter |
| Warnings: |
| \layout Standard |
| |
| |
| \family typewriter |
| Pass 2: Attribute 'LineNumber(0, 4), LineNumber(0, 5), LineNumber(15, 8), |
| LineNumber(39, 11), LineNumber(47, 12), LineNumber(57, 13), LineNumber(64, |
| 15)' as an attribute of Code attribute '<CODE>' (method 'public static |
| void ttt()') will effectively be ignored and is only useful for debuggers |
| and such. |
| \layout Standard |
| |
| |
| \family typewriter |
| Pass 2: Attribute 'LineNumber(0, 1), LineNumber(4, 1)' as an attribute of |
| Code attribute '<CODE>' (method 'public void <init>()') will effectively |
| be ignored and is only useful for debuggers and such. |
| \layout Standard |
| |
| |
| \family typewriter |
| Pass 3a: LineNumberTable attribute 'LineNumber(0, 4), LineNumber(0, 5), |
| LineNumber(15, 8), LineNumber(39, 11), LineNumber(47, 12), LineNumber(57, |
| 13), LineNumber(64, 15)' refers to the same code offset ('0') more than |
| once which is violating the semantics [but is sometimes produced by IBM's |
| 'jikes' compiler]. |
| \newline |
| |
| \layout Standard |
| |
| This output obviously has an answer to the above question; it shows the |
| only |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instructions possibly responsible for a recursive call (which is not allowed |
| by the specification of the JVM). |
| For the special --but clean-- definition of subroutines JustIce uses, please |
| see section |
| \begin_inset LatexCommand \ref{Subroutines_Def} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| Note also the warning messages. |
| Class files that were not generated by Sun's |
| \emph on |
| javac |
| \emph default |
| compiler have a tendency to look a little different in some corner cases. |
| IBM's |
| \emph on |
| jikes |
| \emph default |
| compiler, for instance, produces LineNumberTable attributes (see |
| \begin_inset LatexCommand \ref{LineNumberTableAttribute} |
| |
| \end_inset |
| |
| ) which look different from those created by |
| \emph on |
| javac |
| \emph default |
| . |
| Detecting such differences is desirable because future JVMs will have stricter |
| verification checks |
| \begin_float footnote |
| \layout Standard |
| |
| The Solaris port of Sun's JVM, version 1.3.0_01, already has (some of) the |
| stricter checks built in. |
| You may enable them using the command-line option '-Xfuture'. |
| Nothing about this issue is mentioned in the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| \end_float |
| (which most old |
| \emph on |
| javac |
| \emph default |
| -compiled class files will probably still pass). |
| JustIce guides bytecode engineers to create class files that are indistinguisha |
| ble from those created by |
| \emph on |
| javac |
| \emph default |
| to retain compatibility with Sun's future JVM implementations. |
| Figure |
| \begin_inset LatexCommand \ref{FigVenn} |
| |
| \end_inset |
| |
| graphically shows the relationship between class files and the verifier |
| \begin_float footnote |
| \layout Standard |
| |
| This is a simplicistic figure; unfortunately, there are class files produced |
| by the |
| \emph on |
| javac |
| \emph default |
| compiler that do not pass the verifier. |
| Please see section |
| \begin_inset LatexCommand \ref{javacRejected} |
| |
| \end_inset |
| |
| for more details. |
| \end_float |
| . |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 378 |
| file VennDiag.eps |
| width 3 100 |
| height 3 45 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{FigVenn} |
| |
| \end_inset |
| |
| Venn diagram showing the operating domain of the Java verifier. |
| \end_float |
| \layout Subsection |
| |
| JustIce is Free |
| \layout Standard |
| |
| Currently, there is no other free and complete open source verifier available |
| known to the author. |
| You may have a look at the JVM's source code by Sun Microsystems but you |
| are not allowed to use the knowledge from that inspection for your own |
| projects or even use their code. |
| JustIce is a clean-room implementation: the author wrote JustIce by only |
| reading the Java |
| \latex latex |
| |
| \backslash |
| texttrademark |
| \latex default |
| \SpecialChar ~ |
| Virtual Machine Specification, Second Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| and comparing the behaviour of JustIce with the behaviour of commercial |
| implementations of Sun Microsystems and IBM Corporation. |
| \layout Standard |
| |
| The open source JVM implementation |
| \emph on |
| Kaffe |
| \emph default |
| |
| \begin_inset LatexCommand \cite{Kaffe-WWW} |
| |
| \end_inset |
| |
| , for example |
| \emph on |
| , |
| \emph default |
| does not have a |
| \emph on |
| complete |
| \emph default |
| verifier built in (although mandated by the JVM specification). |
| \layout Standard |
| |
| |
| \emph on |
| Kissme |
| \emph default |
| |
| \begin_inset LatexCommand \cite{kissme-WWW} |
| |
| \end_inset |
| |
| , another open source JVM implementation, currently does not include any |
| verifier at all. |
| |
| \layout Standard |
| |
| The JVM implementations |
| \emph on |
| SableVM |
| \emph default |
| |
| \begin_inset LatexCommand \cite{SableVM-WWW} |
| |
| \end_inset |
| |
| and Intel Corporation's |
| \emph on |
| Open Runtime Platform |
| \emph default |
| |
| \begin_inset LatexCommand \cite{ORP-WWW} |
| |
| \end_inset |
| |
| are platforms to experiment with performance-enhancements. |
| They are not intended to work as general-purpose JVMs so they do not need |
| to implement verifiers. |
| \layout Standard |
| |
| Other open source projects that could make use of a free verifier include |
| the Java compiler |
| \emph on |
| gcj |
| \emph default |
| which is part of the GNU compiler collection |
| \begin_inset LatexCommand \cite{GCC-WWW} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| JustIce is covered by the well-known and respected software license |
| \emph on |
| GNU General Public License |
| \emph default |
| (GPL); see section |
| \begin_inset LatexCommand \ref{GPL} |
| |
| \end_inset |
| |
| . |
| The author hopes other free software will benefit from it; from the JustIce |
| software |
| \begin_inset LatexCommand \cite{JustIce} |
| |
| \end_inset |
| |
| as well as from this paper describing some of the inner workings of JustIce. |
| \layout Chapter |
| |
| The Java Virtual Machine |
| \layout Standard |
| |
| The Java Virtual Machine (JVM) is an abstract machine specified in |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| It has no knowledge about the Java programming language; but only of a |
| certain binary file format: the class file format. |
| A class file contains machine instructions for the JVM (called |
| \emph on |
| bytecodes |
| \emph default |
| ), a symbol table (called |
| \emph on |
| constant pool |
| \emph default |
| ) and some other ancillary information. |
| \layout Standard |
| |
| On method invocation, a local stack frame is set up called the |
| \emph on |
| execution frame |
| \emph default |
| . |
| It consists of an |
| \emph on |
| operand stack |
| \emph default |
| and |
| \emph on |
| local variables |
| \emph default |
| (which may be compared to registers of traditional machines). |
| \layout Standard |
| |
| The instructions in the code arrays of class files are interpreted by the |
| JVM. |
| There are 212 legal instructions; they have read-access to the class file's |
| constant pool and they can modify the operand stack and the local variables |
| in their execution frame. |
| An invoked method reads its arguments from the local variables. |
| Certain instructions pass a return value to the invoking method. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{Classfile Structure} |
| |
| \end_inset |
| |
| The ClassFile Structure |
| \layout Standard |
| |
| Traditionally, the JVM loads its programs from files stored on file systems |
| of host machines; these files have names that end with |
| \emph on |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| .class |
| \begin_inset Quotes erd |
| \end_inset |
| |
| |
| \emph default |
| . |
| It is possible to store the files in various other ways; a so-called |
| \emph on |
| class loader |
| \emph default |
| is then used to transform the files internally to the desired, basic class |
| file format. |
| Therefore, it suffices to explain the structure of traditional class files. |
| Every class file consists of a single |
| \family typewriter |
| ClassFile |
| \family default |
| structure as defined below. |
| It defines a single class as known from the Java Programming Language |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| . |
| The terms |
| \emph on |
| class |
| \emph default |
| and |
| \emph on |
| class file |
| \emph default |
| may therefore be used interchangeably. |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 526 |
| file classfile.eps |
| width 3 100 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Standard |
| |
| A class file consists of constants, fields, methods, attributes and some |
| ancillary information. |
| This figure was taken from |
| \begin_inset LatexCommand \cite{BCEL98} |
| |
| \end_inset |
| |
| , used with permission of the author. |
| \layout Caption |
| |
| A Class File |
| \end_float |
| \layout Standard |
| |
| As we will see, the |
| \family typewriter |
| ClassFile |
| \family default |
| structure and its sub-structures are defined for upwards compatibility, |
| i.e., new structure definitions can be added to the specification easily |
| at a later time. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| ClassFile { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 magic; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 minor_version; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 major_version; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 constant_pool_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| cp_info constant_pool[constant_pool_count-1]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 access_flags; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 this_class; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 super_class; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 interfaces_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 interfaces[interfaces_count]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 fields_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| field_info fields[fields_count]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 methods_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| method_info methods[methods_count]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attributes_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| attribute_info attributes[attributes_count]; |
| \newline |
| } |
| \newline |
| |
| \newline |
| |
| \family default |
| You may read an ' |
| \family typewriter |
| u |
| \family default |
| ' as 'byte times'; e.g., ' |
| \family typewriter |
| u2 |
| \family default |
| ' means 'two bytes in size'. |
| We will not delve into too much detail here; the exact specification of |
| the entries are published by Sun |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| But one should note that besides some other information, a class file basically |
| defines |
| \emph on |
| attributes |
| \emph default |
| , |
| \emph on |
| constants |
| \emph default |
| , |
| \emph on |
| fields |
| \emph default |
| and |
| \emph on |
| methods |
| \emph default |
| . |
| Also, there are strong structural constraints imposed on class files. |
| It is a verifier's task to validate them. |
| \layout Subsection |
| |
| Attributes |
| \layout Standard |
| |
| The general format of an attribute is defined below. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| attribute_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attribute_name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 attribute_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 info[attribute_length]; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| An attribute is basically a typed data container; its type is determined |
| by its name. |
| Every JVM is required to be silent about attributes of types it does not |
| know. |
| On the other hand, newly defined attributes are required not to impose |
| a semantical change on the class file. |
| These attributes should be uniquely named; in fact, the pair (<attribute |
| name>, <attribute length>) is required to be unique. |
| This is guaranteed because attributes not defined by Sun Microsystems have |
| to be named according to the package naming scheme of the Java Programming |
| Language |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| . |
| Certain basic attributes are predefined. |
| They are used in the |
| \family typewriter |
| ClassFile |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Classfile Structure} |
| |
| \end_inset |
| |
| ), |
| \family typewriter |
| field_info |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Fields} |
| |
| \end_inset |
| |
| ) and |
| \family typewriter |
| method_info |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Methods} |
| |
| \end_inset |
| |
| ). |
| Also, attributes may be nested: the |
| \family typewriter |
| Code |
| \family default |
| attribute references other attributes. |
| \layout Standard |
| |
| Some examples for predefined attributes are listed below. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{ConstantValueAttribute} |
| |
| \end_inset |
| |
| The ConstantValue attribute |
| \layout Standard |
| |
| The ConstantValue attribute has the following format: |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| ConstantValue_attribute { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attribute_name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 attribute_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 constantvalue_index; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| The |
| \family typewriter |
| ConstantValue |
| \family default |
| attribute represents the value of a constant field. |
| It has a fixed length: it contains only a two-byte reference into the constant |
| pool. |
| Only |
| \family typewriter |
| field_info |
| \family default |
| structures (see section |
| \begin_inset LatexCommand \ref{Fields} |
| |
| \end_inset |
| |
| ) contain this type of attribute. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{CodeAttribute} |
| |
| \end_inset |
| |
| The Code Attribute |
| \layout Standard |
| |
| The |
| \family typewriter |
| Code |
| \family default |
| attribute is used in the |
| \family typewriter |
| method_info |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Methods} |
| |
| \end_inset |
| |
| ) structure. |
| It represents the program code of a method and it is defined as follows: |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| Code_attribute { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attribute_name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 attribute_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 max_stack; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 max_locals; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 code_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 code[code_length]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 exception_table_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 start_pc; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 end_pc; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 handler_pc; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 catch_type; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } exception_table[exception_table_length]; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attributes_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| attribute_info attributes[attributes_count]; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| This is the most complex of all predefined attributes. |
| Every method that has code (i.e., every non-native, non-abstract method) |
| must have such an attribute. |
| Note that the maximum stack depth and the number of local variables for |
| a method invocation are defined here. |
| This is important for the JVM when it creates an |
| \emph on |
| execution frame |
| \emph default |
| (see section |
| \begin_inset LatexCommand \ref{LV_and_OpStack} |
| |
| \end_inset |
| |
| ) at the time the method is invoked. |
| \layout Standard |
| |
| Also, the exception handlers are defined here. |
| Exception handlers prevent an executing method from an abrupt completion |
| if an exceptional situation occurs. |
| Code areas are said to be protected against a class of exceptional situations |
| by an exception handler |
| \begin_float footnote |
| \layout Standard |
| |
| The JVM closely reflects the |
| \emph on |
| exception |
| \emph default |
| mechanism of the Java programming language |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| . |
| In the Java programming language, exceptions can be |
| \emph on |
| thrown |
| \emph default |
| , and they can be |
| \emph on |
| caught |
| \emph default |
| explicitly. |
| If an internal JVM error occurs, the JVM also --implicitly-- throws an |
| exception. |
| \end_float |
| . |
| Algorithm |
| \begin_inset LatexCommand \ref{ExcHdAlgo} |
| |
| \end_inset |
| |
| shows an example for the use of exception handlers. |
| The exact meaning of the instruction opcodes is not important here, the |
| most common instructions are explained later in this paper. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Standard |
| |
| [Let |
| \family typewriter |
| start_pc |
| \family default |
| and |
| \family typewriter |
| end_pc |
| \family default |
| protect the area A to B, inclusive. |
| Let the |
| \family typewriter |
| catch_type |
| \family default |
| be |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \family typewriter |
| java.lang.NullPointerException |
| \family default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| Let the |
| \family typewriter |
| handler_pc |
| \family default |
| point to C.] |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| aconst_null\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; push a NULL onto the operand stack. |
| \layout Standard |
| |
| |
| \family typewriter |
| A:\SpecialChar ~ |
| nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; do nothing |
| \layout Standard |
| |
| |
| \family typewriter |
| B:\SpecialChar ~ |
| getfield Foo::bar\SpecialChar ~ |
| \SpecialChar ~ |
| ; dereference NULL, cause NullPointerExc. |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ;\SpecialChar ~ |
| never executed |
| \layout Standard |
| |
| |
| \family typewriter |
| C:\SpecialChar ~ |
| nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ;\SpecialChar ~ |
| this is executed: we could handle |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ;\SpecialChar ~ |
| the NullPointerException |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ;\SpecialChar ~ |
| leave method (complete normally) |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{ExcHdAlgo} |
| |
| \end_inset |
| |
| Use of Exception Handlers |
| \end_float |
| \layout Standard |
| |
| The most important item, however, is the |
| \family typewriter |
| code |
| \family default |
| item. |
| It defines the bytecode of this method; i.e., the JVM machine instructions. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{LineNumberTableAttribute} |
| |
| \end_inset |
| |
| The LineNumberTable Attribute |
| \layout Standard |
| |
| The |
| \family typewriter |
| LineNumberTable |
| \family default |
| attribute is defined as follows: |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| LineNumberTable_attribute { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attribute_name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u4 attribute_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 line_number_table_length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 start_pc; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 line_number; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } line_number_table[line_number_table_length]; |
| \newline |
| } |
| \newline |
| |
| \family default |
| |
| \newline |
| This attribute describes the relation between source code line numbers and |
| JVM instruction offsets in the |
| \family typewriter |
| code |
| \family default |
| array of the |
| \family typewriter |
| Code_attribute |
| \family default |
| ; it can be used by debuggers to show the source code of currently executing |
| JVM machine instructions. |
| This attribute is usually a sub-attribute of a |
| \family typewriter |
| Code_attribute |
| \family default |
| . |
| Multiple |
| \family typewriter |
| LineNumberTable |
| \family default |
| attributes may together represent a given line of a source code file. |
| |
| \layout Subsection |
| |
| Constants |
| \layout Standard |
| |
| All the constants together form the |
| \emph on |
| constant pool |
| \emph default |
| . |
| The general |
| \family typewriter |
| cp_info |
| \family default |
| structure is straightforward. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| cp_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 tag; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 info[]; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| The 'tag' defines what 'info' follows it. |
| Constants define either constant values or constant symbolic references, |
| such as references to other classes. |
| Currently, eleven constant types are defined: |
| \family typewriter |
| Class |
| \family default |
| , |
| \family typewriter |
| Field\SpecialChar \- |
| ref |
| \family default |
| , |
| \family typewriter |
| Method\SpecialChar \- |
| ref |
| \family default |
| , |
| \family typewriter |
| In\SpecialChar \- |
| ter\SpecialChar \- |
| face\SpecialChar \- |
| Method\SpecialChar \- |
| ref |
| \family default |
| , |
| \family typewriter |
| String |
| \family default |
| , |
| \family typewriter |
| In\SpecialChar \- |
| teger |
| \family default |
| , |
| \family typewriter |
| Float |
| \family default |
| , |
| \family typewriter |
| Long |
| \family default |
| , |
| \family typewriter |
| Double |
| \family default |
| , |
| \family typewriter |
| Name\SpecialChar \- |
| And\SpecialChar \- |
| Type |
| \family default |
| and |
| \family typewriter |
| Utf8 |
| \family default |
| . |
| \layout Standard |
| |
| Most of the names are self-explanatory; the interested reader will find |
| more information in the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| Constants can be nested; this is done by referring to the constant pool |
| index of the enclosed constant. |
| \layout Standard |
| |
| See the following examples. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| CONSTANT_Utf8_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 tag; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 length; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 bytes[length]; |
| \newline |
| } |
| \newline |
| |
| \newline |
| |
| \family default |
| A CONSTANT_Utf8 represents a constant string. |
| Such a string is e.g. |
| used to describe names of methods, names of fields, names of attributes, |
| types of methods or types of fields. |
| This string is encoded in UTF-8 format, a variant of the unicode character |
| set |
| \begin_inset LatexCommand \cite{Unicode} |
| |
| \end_inset |
| |
| . |
| |
| \family typewriter |
| |
| \family default |
| The tag for this type of constant is simply the number 1, as defined in |
| the Java Virtual Machine Specification, Second Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| \family typewriter |
| |
| \newline |
| |
| \newline |
| CONSTANT_NameAndType_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 tag; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 descriptor_index; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| A Constant_NameAndType represents a name and a signature of a method, the |
| tag is the number 12. |
| |
| \family typewriter |
| |
| \family default |
| Both |
| \family typewriter |
| class_index |
| \family default |
| and |
| \family typewriter |
| descriptor_index |
| \family default |
| refer to a |
| \family typewriter |
| CONSTANT_Utf8 |
| \family default |
| . |
| \family typewriter |
| |
| \newline |
| |
| \newline |
| CONSTANT_InterfaceMethodref_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u1 tag; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 class_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 name_and_type_index; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| A |
| \family typewriter |
| CONSTANT_InterfaceMethodref |
| \family default |
| describes a reference to a method defined in an interface class (see section |
| |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| for an explanation of interfaces), the tag is number 11. |
| The interface class is referenced via a two-byte index into the constant |
| pool. |
| A |
| \family typewriter |
| Constant_Class |
| \family default |
| is expected there describing a reference to some class file. |
| Every method has a name, zero or more argument types and a return type; |
| this is described in the |
| \family typewriter |
| CONSTANT_NameAndType |
| \family default |
| that is also referenced via a two-byte constant pool index. |
| \layout Standard |
| |
| Note that there are implicit constraints on the integrity of a class file: |
| for example, there must not be a |
| \family typewriter |
| CONSTANT_Integer |
| \family default |
| where a |
| \family typewriter |
| CONSTANT_Utf8 |
| \family default |
| is expected for a certain entity. |
| As another example, the names and the types of methods are encoded as strings |
| in UTF-8 format |
| \begin_inset LatexCommand \cite{Unicode} |
| |
| \end_inset |
| |
| . |
| They have to be well-formed (according to the specification) to be valid. |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{Fields} |
| |
| \end_inset |
| |
| Fields |
| \layout Standard |
| |
| Each field is described by a field_info structure as defined below. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| field_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 access_flags; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 descriptor_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attributes_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| attribute_info attributes[attributes_count]; |
| \family default |
| |
| \newline |
| } |
| \newline |
| |
| \newline |
| A field has to be unique in a class file with respect to its name and descriptor |
| \begin_float footnote |
| \layout Standard |
| |
| The descriptor of a field describes its type. |
| E.g., a descriptor of |
| \begin_inset Quotes eld |
| \end_inset |
| |
| [I |
| \begin_inset Quotes erd |
| \end_inset |
| |
| means |
| \begin_inset Quotes eld |
| \end_inset |
| |
| one-dimensional array of |
| \family typewriter |
| int |
| \family default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| \end_float |
| . |
| We see that fields reference constants in the constant pool via their constant |
| pool indices (such as a |
| \family typewriter |
| CONSTANT_Utf8 |
| \family default |
| describing a field's name). |
| An important attribute used by fields is the ConstantValue attribute (see |
| section |
| \begin_inset LatexCommand \ref{ConstantValueAttribute} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| The |
| \family typewriter |
| access_flags |
| \family default |
| entry is a bit vector that specifies the accessibility and other properties |
| \begin_float footnote |
| \layout Standard |
| |
| Often called |
| \emph on |
| visibility |
| \emph default |
| . |
| \end_float |
| of the field. |
| E.g., a field with the |
| \family typewriter |
| ACC_PRIVATE |
| \begin_float footnote |
| \layout Standard |
| |
| Bit number 1. |
| \end_float |
| bit set is not accessible to other classes. |
| A field with the |
| \family typewriter |
| ACC_PUBLIC |
| \begin_float footnote |
| \layout Standard |
| |
| Bit number 0. |
| \end_float |
| bit set is accessible to any other class. |
| Any combination with both the |
| \family typewriter |
| ACC_PRIVATE |
| \family default |
| and the |
| \family typewriter |
| ACC_PUBLIC |
| \family default |
| bit set is not valid. |
| \layout Standard |
| |
| The |
| \family typewriter |
| descriptor_index |
| \family default |
| refers to a |
| \family typewriter |
| CONSTANT_Utf8 |
| \family default |
| that symbolically encodes the type of the field. |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{Methods} |
| |
| \end_inset |
| |
| Methods |
| \layout Standard |
| |
| Each method is described by a method_info structure as defined below. |
| \newline |
| |
| \newline |
| |
| \family typewriter |
| method_info { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 access_flags; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 name_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 descriptor_index; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| u2 attributes_count; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| attribute_info attributes[attributes_count]; |
| \newline |
| } |
| \family default |
| |
| \newline |
| |
| \newline |
| As we can easily see, this is exactly the same structure we already know |
| as |
| \family typewriter |
| field_info |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Fields} |
| |
| \end_inset |
| |
| ). |
| The difference lies in the meaning of the enlisted entities. |
| For example, an access flag saying a field was volatile (non-cacheable) |
| would not make any sense if set in a |
| \family typewriter |
| method_info |
| \family default |
| structure. |
| Vice versa, an access flag saying the floating point instructions should |
| work in |
| \begin_inset Quotes eld |
| \end_inset |
| |
| FP-strict |
| \begin_inset Quotes erd |
| \end_inset |
| |
| mode would be of no use if set in a |
| \family typewriter |
| field_info |
| \family default |
| structure. |
| \layout Standard |
| |
| Methods use a different set of attributes than fields; for example, the |
| |
| \family typewriter |
| Constant\SpecialChar \- |
| Value |
| \family default |
| attribute (see section |
| \begin_inset LatexCommand \ref{ConstantValueAttribute} |
| |
| \end_inset |
| |
| ) is of no use here. |
| The |
| \family typewriter |
| Code |
| \family default |
| and |
| \family typewriter |
| Exceptions |
| \family default |
| attributes frequently used by methods are of no use for fields on the other |
| hand. |
| \layout Section |
| |
| The Execution Engine |
| \layout Standard |
| |
| Before a piece of code (the code of a |
| \begin_inset Quotes eld |
| \end_inset |
| |
| method |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ) is executed, an |
| \emph on |
| execution frame |
| \emph default |
| is set up. |
| It consists of a program counter (as known from traditional CPUs), a set |
| of local variables (similar to registers known from traditional CPUs), |
| and an operand stack. |
| For each new invocation instance of a method, a new execution frame is |
| set up; it is destroyed on method termination. |
| \layout Standard |
| |
| Because a method may invoke other methods or itself recursively, there is |
| a global method invocation stack. |
| \layout Standard |
| |
| There also is a garbage-collected heap shared among the execution frames. |
| This heap is used for object allocation (see section |
| \begin_inset LatexCommand \ref{Instructions} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| The number of local variables is not fixed. |
| Every method defines how many local variables are used for its code (up |
| to 65536). |
| \layout Standard |
| |
| Also note that there is no equivalent of a |
| \emph on |
| Processor Status Word |
| \emph default |
| (PSW) in the JVM. |
| Traditionally, a PSW has flags that are set implicitly during execution |
| of the instructions (such as an overflow or is-zero flag). |
| This is often used for conditional branching. |
| The JVM, however, uses the operand stack to store the result of a comparison |
| instruction explicitly. |
| This result is often read from the stack by the JVM's conditional branching |
| instructions. |
| \layout Standard |
| |
| Should exceptional situations occur (such as an out-of-memory situation), |
| the JVM does not lock up. |
| Instead, an |
| \begin_inset Quotes eld |
| \end_inset |
| |
| exception is thrown |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ; the currently executing program is signalled. |
| These signals can be processed ( |
| \begin_inset Quotes eld |
| \end_inset |
| |
| exceptions can be caught |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ). |
| If such a signal is not handled by the currently executing method, the |
| JVM will search a handler through the invocation hierarchy and stop execution |
| only if none was found. |
| \layout Standard |
| |
| There is a thread mechanism in the JVM. |
| Basically every thread creates an own method invocation stack (so there |
| may be more than one active execution frame at a time), but this feature |
| is not important for the rest of this text. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 379 |
| file exframe.eps |
| width 3 100 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Standard |
| |
| This figure shows a method invocation stack. |
| Method |
| \family typewriter |
| main |
| \family default |
| was invoked by the system, |
| \family typewriter |
| main |
| \family default |
| invoked |
| \family typewriter |
| foo |
| \family default |
| , |
| \family typewriter |
| foo |
| \family default |
| invoked |
| \family typewriter |
| bar |
| \family default |
| , and |
| \family typewriter |
| bar |
| \family default |
| invoked |
| \family typewriter |
| foo |
| \family default |
| recursively. |
| This figure assumes |
| \family typewriter |
| main |
| \family default |
| allocates one local variable and one operand stack slot, |
| \family typewriter |
| foo |
| \family default |
| allocates three local variables and two operand stack slots and |
| \family typewriter |
| bar |
| \family default |
| allocates one local variable and two operand stack slots. |
| \layout Caption |
| |
| Method Invocation Stack |
| \end_float |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{LV_and_OpStack} |
| |
| \end_inset |
| |
| Local Variables and the Operand Stack |
| \layout Standard |
| |
| The method information in a class file defines how many local variables |
| are used on this method's invocation. |
| It also defines the maximum operand stack size. |
| Together, the local variables array and the operand stack are called the |
| |
| \emph on |
| execution frame |
| \emph default |
| . |
| \layout Standard |
| |
| A single stack slot has a width of 32 bits, which is also the width of a |
| local variable. |
| Therefore, values of types that occupy 64 bits ( |
| \emph on |
| double |
| \emph default |
| and |
| \emph on |
| long |
| \emph default |
| ) must be stored in two consecutive stack slots or local variables. |
| \layout Standard |
| |
| The verifier takes care that the stack cannot overflow and that it cannot |
| underflow. |
| Also, it takes care that instructions may only access local variables if |
| they contain a value of a known, correct type (see section |
| \begin_inset LatexCommand \ref{Pass3Spec} |
| |
| \end_inset |
| |
| ). |
| |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{Instructions} |
| |
| \end_inset |
| |
| Introduction to JVM Instructions |
| \layout Standard |
| |
| This section is derived from section 2.2 of |
| \begin_inset LatexCommand \cite{BCEL98} |
| |
| \end_inset |
| |
| , used with permission of the author. |
| \layout Standard |
| |
| The JVM's instruction set currently consists of 212 instructions, 44 opcodes |
| are marked as reserved and may be used for future extensions or intermediate |
| optimizations within the Virtual Machine. |
| The instruction set can be roughly grouped as follows: |
| \layout Description |
| |
| Stack\SpecialChar ~ |
| operations: Constants can be pushed onto the stack either by loading |
| them from the constant pool with the |
| \latex latex |
| |
| \backslash |
| texttt{ldc} |
| \latex default |
| instruction or with special ``short-cut'' instructions where the operand |
| is encoded into the instructions, e.g., |
| \latex latex |
| |
| \backslash |
| texttt{iconst |
| \backslash |
| _0} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{bipush} |
| \latex default |
| (push byte value). |
| \layout Description |
| |
| Arithmetic\SpecialChar ~ |
| operations: The instruction set of the JVM distinguishes its operand |
| types using different instructions to operate on values of specific type. |
| Arithmetic operations starting with |
| \latex latex |
| |
| \backslash |
| texttt{i} |
| \latex default |
| , for example, denote an integer operation. |
| E.g., |
| \latex latex |
| |
| \backslash |
| texttt{iadd} |
| \latex default |
| that adds two integers and pushes the result back on the operand stack. |
| The Java types |
| \latex latex |
| |
| \backslash |
| texttt{boolean} |
| \latex default |
| , |
| \latex latex |
| |
| \backslash |
| texttt{byte} |
| \latex default |
| , |
| \latex latex |
| |
| \backslash |
| texttt{short} |
| \latex default |
| , and |
| \latex latex |
| |
| \backslash |
| texttt{char} |
| \latex default |
| are handled as integers by the JVM. |
| \layout Description |
| |
| |
| \begin_inset LatexCommand \label{RetDesc} |
| |
| \end_inset |
| |
| Control\SpecialChar ~ |
| flow: There are branch instructions like |
| \latex latex |
| |
| \backslash |
| texttt{goto} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{if |
| \backslash |
| _icmpeq} |
| \latex default |
| , which compares two integers for equality. |
| There is also a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \begin_float footnote |
| \layout Standard |
| |
| There is a |
| \begin_inset Quotes eld |
| \end_inset |
| |
| wide |
| \begin_inset Quotes erd |
| \end_inset |
| |
| version of |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| called |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| . |
| The instructions |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| play in important role in chapter |
| \begin_inset LatexCommand \ref{Pass3Spec} |
| |
| \end_inset |
| |
| . |
| \end_float |
| (jump into subroutine) and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| (return from subroutine) pair of instructions. |
| Exceptions may be thrown with the |
| \latex latex |
| |
| \backslash |
| texttt{athrow} |
| \latex default |
| instruction. |
| Branch targets are coded as offsets from the current byte code position, |
| i.e., they are coded with an integer number. |
| \layout Description |
| |
| Load\SpecialChar ~ |
| and\SpecialChar ~ |
| store\SpecialChar ~ |
| operations for local variables like |
| \latex latex |
| |
| \backslash |
| texttt{iload} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{istore} |
| \latex default |
| . |
| There are also array operations like |
| \latex latex |
| |
| \backslash |
| texttt{iastore} |
| \latex default |
| which stores an integer value into an array. |
| \layout Description |
| |
| Field\SpecialChar ~ |
| access: The value of an instance field may be retrieved with |
| \latex latex |
| |
| \backslash |
| texttt{getfield} |
| \latex default |
| and written with |
| \latex latex |
| |
| \backslash |
| texttt{putfield} |
| \latex default |
| . |
| For static fields, there are |
| \latex latex |
| |
| \backslash |
| texttt{getstatic} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{putstatic} |
| \latex default |
| counterparts. |
| \layout Description |
| |
| Method\SpecialChar ~ |
| invocation: Methods may either be called via static references with |
| |
| \latex latex |
| |
| \backslash |
| texttt{invokestatic} |
| \latex default |
| or be bound virtually with the |
| \latex latex |
| |
| \backslash |
| texttt{invokevirtual} |
| \latex default |
| instruction. |
| Super class methods and private methods are invoked with |
| \latex latex |
| |
| \backslash |
| texttt{invokespecial} |
| \latex default |
| . |
| \layout Description |
| |
| Object\SpecialChar ~ |
| allocation: Class instances are allocated with the |
| \latex latex |
| |
| \backslash |
| texttt{new} |
| \latex default |
| instruction, arrays of basic type like |
| \latex latex |
| |
| \backslash |
| texttt{int[]} |
| \latex default |
| with |
| \latex latex |
| |
| \backslash |
| texttt{newarray} |
| \latex default |
| , arrays of references like |
| \latex latex |
| |
| \backslash |
| texttt{String[][]} |
| \latex default |
| with |
| \latex latex |
| |
| \backslash |
| texttt{anewarray} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{multianewarray} |
| \latex default |
| . |
| \layout Description |
| |
| Conversion\SpecialChar ~ |
| and\SpecialChar ~ |
| type\SpecialChar ~ |
| checking: For stack operands of basic type there exist |
| casting operations like |
| \latex latex |
| |
| \backslash |
| texttt{f2i} |
| \latex default |
| which converts a float value into an integer. |
| The validity of a type cast may be checked with |
| \latex latex |
| |
| \backslash |
| texttt{checkcast} |
| \latex default |
| and the |
| \latex latex |
| |
| \backslash |
| texttt{instanceof} |
| \latex default |
| operator can be directly mapped to the equally named instruction. |
| \layout Standard |
| |
| Most instructions have a fixed length, but there are also some variable-length |
| instructions: In particular, the |
| \latex latex |
| |
| \backslash |
| texttt{lookupswitch} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{tableswitch} |
| \latex default |
| instructions, which are often used by compilers to implement the Java language |
| |
| \latex latex |
| |
| \backslash |
| texttt{switch()} |
| \latex default |
| statements. |
| Since the number of |
| \latex latex |
| |
| \backslash |
| texttt{case} |
| \latex default |
| clauses may vary, these instructions contain a variable number of statements. |
| \layout Standard |
| |
| In a class file, the |
| \family typewriter |
| code |
| \family default |
| item in the |
| \family typewriter |
| Code |
| \family default |
| attributes (which in turn are attributes of |
| \family typewriter |
| method_info |
| \family default |
| structures), is a byte array in which binary representations of JVM instruction |
| s are stored sequentially. |
| This is also called |
| \emph on |
| bytecode |
| \emph default |
| . |
| \layout Standard |
| |
| The JVM is a stack-based machine. |
| There are local variables which may be compared to registers, but most |
| instructions work on the operand stack. |
| E.g., the |
| \latex latex |
| |
| \backslash |
| texttt{iadd} |
| \latex default |
| instruction pops two integers from the operand stack and pushes the result |
| of the add operation on top of the stack. |
| \layout Standard |
| |
| We will not list all of the instructions here, since these are explained |
| in detail in the JVM specification. |
| However, you will find the most common instructions in table |
| \begin_inset LatexCommand \ref{typeprefixes} |
| |
| \end_inset |
| |
| , cited with slight corrections and modifications from chapter 4 of |
| \begin_inset LatexCommand \cite{JNS} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| \begin_float tab |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{typeprefixes} |
| |
| \end_inset |
| |
| Type Prefixes and the Most Common JVM Instructions |
| \layout Standard |
| \align center |
| |
| \begin_inset Tabular |
| <lyxtabular version="2" rows="9" columns="2"> |
| <features rotate="false" islongtable="false" endhead="0" endfirsthead="0" endfoot="0" endlastfoot="0"> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="true" width="" special=""> |
| <row topline="true" bottomline="true" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Prefix |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Bytecode type |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| i |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Integer |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| f |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Floating point |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| l |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Long |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| d |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Double precision floating point |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| b |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Byte |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| s |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Short |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| c |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Character |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="true" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| a |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Object reference |
| \end_inset |
| </cell> |
| </row> |
| </lyxtabular> |
| |
| \end_inset |
| |
| |
| \end_float |
| \layout Standard |
| |
| |
| \begin_inset Tabular |
| <lyxtabular version="2" rows="29" columns="10"> |
| <features rotate="false" islongtable="true" endhead="1" endfirsthead="0" endfoot="0" endlastfoot="0"> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="left" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> |
| <column alignment="left" valignment="top" leftline="true" rightline="true" width="4cm" special=""> |
| <row topline="true" bottomline="true" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| Instruction |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="left" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| int |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| long |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| float |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| double |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| byte |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| char |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| short |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| object ref. |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| |
| \size scriptsize |
| Function |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2c |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="left" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to character |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2d |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to double |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2i |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to integer |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2f |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to float |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2l |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to long |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?2s |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Convert value of type <?> to short |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?add |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Add two values of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?aload |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Push an element of type <?> from an array onto the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?and |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform logical AND on two values of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?astore |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Pop an element of type <?> from the stack and store it in an array of type |
| <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?cmp |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Compare two long values. |
| If they are equal push 0, if the first is greater push 1, else push -1 |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?cmpg |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Compare two IEEE values of type <?> from the stack. |
| If they are equal push 0, if the first is greater push 1, if the second |
| is greater push -1. |
| If either is NaN (not a number) push 1 |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?cmpl |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Compare two IEEE values of type <?> from the stack. |
| If they are equal push 0, if the first is greater push 1, if the second |
| is greater push -1. |
| If either is NaN (not a number) push -1 |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?const |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Push a constant value of type <?> onto the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?div |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform a division using two values of type <?> and push the quotient onto |
| the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?inc |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Increment the top of the stack (possibly by a negative value) |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?ipush |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Push a sign extended byte or short value onto the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?load |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Push a value of type <?> from a local variable onto the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?mul |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform multiplication of two values of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?neg |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Negate a value of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?newarray |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Create a new array of object references |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?or |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform logical OR on two values of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?rem |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform a division using two values of type <?> and push the remainder onto |
| the stack |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?return |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Return a value of type <?> to the invoking method |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?shl |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform arithmetic shift left on a value of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?shr |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform arithmetic shift right on a value of type <?> |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="false" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?store |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Pop a value of type <?> and store it into a local variable |
| \end_inset |
| </cell> |
| </row> |
| <row topline="true" bottomline="true" newpage="false"> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| ?sub |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| X |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| \end_inset |
| </cell> |
| <cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> |
| \begin_inset Text |
| |
| \layout Standard |
| |
| Perform a subtraction using two values of type <?> |
| \end_inset |
| </cell> |
| </row> |
| </lyxtabular> |
| |
| \end_inset |
| |
| |
| \layout Standard |
| |
| The opcode names are mostly self-explanatory. |
| In this paper, all bytecode is commented to support the intuitive understanding. |
| Algorithms |
| \begin_inset LatexCommand \ref{facjavapl} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{facjavabytecode} |
| |
| \end_inset |
| |
| show an example bytecode taken from |
| \begin_inset LatexCommand \cite{BCEL98} |
| |
| \end_inset |
| |
| . |
| It implements the well-known faculty function. |
| To understand this example, it is important to know that method arguments |
| are stored into the local variables of a newly created execution frame |
| upon method invocation. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{facjavapl} |
| |
| \end_inset |
| |
| Methed |
| \emph on |
| fac |
| \emph default |
| in a class |
| \emph on |
| Faculty |
| \emph default |
| , Java programming language version |
| \layout Standard |
| |
| |
| \family typewriter |
| public static final int fac(int n){ |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return (n==0)?1:n*fac(n-1); |
| \layout Standard |
| |
| |
| \family typewriter |
| } |
| \end_float |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{facjavabytecode} |
| |
| \end_inset |
| |
| Method |
| \emph on |
| fac |
| \emph default |
| in a class |
| \emph on |
| Faculty |
| \emph default |
| , Java bytecode version |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| Faculty.fac (I)I |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 0:\SpecialChar ~ |
| \SpecialChar ~ |
| iload_0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; load argument onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 1:\SpecialChar ~ |
| \SpecialChar ~ |
| ifne #8\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; non-zero? Then branch to 8. |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 4:\SpecialChar ~ |
| \SpecialChar ~ |
| iconst_1\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; push constant 1 onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 5:\SpecialChar ~ |
| \SpecialChar ~ |
| goto #16\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; jump to 16 |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 8:\SpecialChar ~ |
| \SpecialChar ~ |
| iload_0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; load argument onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 9:\SpecialChar ~ |
| \SpecialChar ~ |
| iload_0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; load argument onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 10:\SpecialChar ~ |
| iconst_1\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; push constant 1 onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 11:\SpecialChar ~ |
| isub\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; subtract the stack top from |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; the stack next-to-top which becomes |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; the new stack top |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 12:\SpecialChar ~ |
| invokestatic Faculty.fac (I)I\SpecialChar ~ |
| \SpecialChar ~ |
| ; call method fac recursively, |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; the new invocation |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; instance's argument is the stack top |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 15:\SpecialChar ~ |
| imul\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; multiply the return value with the |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; argument given to the current |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; invocation instance |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| 16:\SpecialChar ~ |
| ireturn\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; return value on top of the |
| \layout Standard |
| |
| |
| \family typewriter |
| \size footnotesize |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; stack to the invoking method |
| \end_float |
| \layout Chapter |
| |
| |
| \begin_inset LatexCommand \label{SpecPasses} |
| |
| \end_inset |
| |
| Specification of the Verification Passes |
| \layout Standard |
| |
| Sun describes a four-pass class file verifier in The Java Virtual Machine |
| Specification, Second Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| It is not necessary to implement the verification algorithms literally; |
| and it is not possible anyway (see section |
| \begin_inset LatexCommand \ref{SpecSubroutines} |
| |
| \end_inset |
| |
| ). |
| However, implementing a verifier with a multiple-pass architecture makes |
| sense. |
| It is a good thing to stay close to the specification because it is well-known |
| throughout the bytecode engineering community. |
| Also, the boundaries between the passes are not arbitrary. |
| They are drawn to improve the performance of the verifiers built into JVMs. |
| For example, classes are not verified (completely) before they are actually |
| used but they are loaded as soon as they are referenced in a certain way. |
| Most verifiers use the traditional multiple-pass architecture, including |
| Kimera |
| \begin_inset LatexCommand \cite{Kimera-WWW} |
| |
| \end_inset |
| |
| . |
| Work in other directions (for instance, the one-pass-architecture proposed |
| by Fong |
| \begin_inset LatexCommand \cite{Fong-WWW} |
| |
| \end_inset |
| |
| ) did not yield lasting results. |
| \layout Standard |
| |
| Pass one is basically about loading a class file into the JVM in a sane |
| way and pass two verifies that the loaded class file information is consistent. |
| Pass three verifies that the program code is well-behaved; pass four verifies |
| things that conceptually belong to pass three but are delayed to the run-time |
| for performance reasons. |
| \layout Standard |
| |
| Sometimes implementation details are discussed in this chapter. |
| Whenever the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| was ambigous about some issue, the behaviour of Sun's JVM implementations |
| was observed. |
| The discussed details are part of the specification of the JustIce verifier. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{PassOneSpec} |
| |
| \end_inset |
| |
| Pass One |
| \layout Standard |
| |
| The first pass of the verifier is only vaguely specified. |
| It is there to assure a class file |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \series bold |
| has the basic format of a class file. |
| The first four bytes must contain the right magic number. |
| All recognized attributes must be of the proper length. |
| The class file must not be truncated or have any extra bytes at the end. |
| The constant pool must not contain any superficially unrecognizable information |
| \series default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 141). |
| \layout Standard |
| |
| The right magic number is 0xCAFEBABE ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 94), which is easy to assure. |
| \layout Standard |
| |
| It is not clear what |
| \begin_inset Quotes eld |
| \end_inset |
| |
| superficially unrecognizable information |
| \begin_inset Quotes erd |
| \end_inset |
| |
| exactly is, however. |
| If an attribute is not known to the JVM (or verifier) implementation, it |
| has to be ignored -- so this does not seem to be |
| \begin_inset Quotes eld |
| \end_inset |
| |
| superficially unrecognizable information |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| Attributes that are not used cannot be detected in pass one. |
| One would have to look at the bytecodes to decide whether an attribute |
| is used or not (which is not the domain of pass one, but of pass three). |
| \layout Standard |
| |
| Observations show that most existing JVM verifiers |
| \begin_float footnote |
| \layout Standard |
| |
| An example of a verifier with this behaviour is the one implemented in Sun's |
| Solaris port of the JVM, version 1.3.0_01. |
| \end_float |
| ignore |
| \begin_inset Quotes eld |
| \end_inset |
| |
| extra bytes at the end |
| \begin_inset Quotes erd |
| \end_inset |
| |
| instead of rejecting class files bearing them. |
| \layout Standard |
| |
| The other two statements specify verification of the class file structure |
| (and the structure of the attributes therein). |
| But this is also the domain of pass two! Only by inspecting the way the |
| JVM |
| \emph on |
| loads |
| \emph default |
| , |
| \emph on |
| resolves |
| \emph default |
| and |
| \emph on |
| prepares |
| \emph default |
| classes one will understand the precise boundary between verification passes |
| one and two |
| \begin_inset LatexCommand \cite{Fong-WWW} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| 'Being careful when loading a class file' is a good definition for pass |
| one: the structure of the file to load is untrusted. |
| Every implicit statement such as |
| \begin_inset Quotes eld |
| \end_inset |
| |
| this attribute has a length of 1234 bytes in total |
| \begin_inset Quotes erd |
| \end_inset |
| |
| is validated. |
| \layout Standard |
| |
| |
| \emph on |
| Resolution |
| \emph default |
| is the transformation of a symbolic reference to an actual reference -- |
| i.e., as long as there is only a symbolic reference to an entity, this entity |
| cannot be verified at all because it has not been loaded yet. |
| Passes two and three are performed during the |
| \emph on |
| resolution |
| \emph default |
| of a class file; while loading of the class file --pass one-- must have |
| been performed before. |
| |
| \emph on |
| Resolution |
| \emph default |
| as such is meaningless to JustIce; the term is only used to draw the borders |
| between the verification passes. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{SpecPassTwo} |
| |
| \end_inset |
| |
| Pass Two |
| \layout Standard |
| |
| The checks performed in pass two enforce that the following constraints |
| are satisfied. |
| \layout Itemize |
| |
| Ensuring that final classes are not subclassed and that final methods are |
| not overridden. |
| \layout Itemize |
| |
| Checking that every class (except |
| \family typewriter |
| java.lang.Object |
| \family default |
| ) has a direct superclass. |
| \layout Itemize |
| |
| Ensuring that the constant pool satisfies the documented static constraints: |
| for example, that each |
| \family typewriter |
| CONSTANT_Class_info |
| \family default |
| structure in the constant pool contains in its |
| \family typewriter |
| name_index |
| \family default |
| item a valid constant pool index for a |
| \family typewriter |
| CONSTANT_Utf8_info |
| \family default |
| structure. |
| \layout Itemize |
| |
| Checking that all field references and method references in the constant |
| pool have valid names, valid classes, and a valid type descriptor. |
| \layout Standard |
| |
| As Frank Yellin puts it |
| \begin_inset LatexCommand \cite{Yellin-WWW} |
| |
| \end_inset |
| |
| : pass two |
| \begin_inset Quotes eld |
| \end_inset |
| |
| performs all verification that can be performed without looking at the bytecodes |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| Also, |
| \begin_inset Quotes eld |
| \end_inset |
| |
| this pass does not actually check to make sure that the given field or method |
| really exists in the given class; nor does it check that the type signatures |
| given refer to real classes. |
| \begin_inset Quotes erd |
| \end_inset |
| |
| Note that again |
| \emph on |
| resolution |
| \emph default |
| plays an important role to create the boundary between two passes; here |
| it is the boundary between pass two and pass three. |
| Because linking-time verification enhances the performance of the JVM, |
| checks that basically belong to pass two are delayed to pass three. |
| This leads to the obvious contradiction in the sentences cited above. |
| \layout Standard |
| |
| This performance enhancement has an ugly side effect. |
| Consider a reference to a method m contained in a class file C that does |
| not exist. |
| As long as this reference is not |
| \emph on |
| used |
| \emph default |
| , i.e., |
| \emph on |
| resolved |
| \emph default |
| , the absence of C cannot be detected. |
| Such a reference should in the author's opinion regarded as |
| \begin_inset Quotes eld |
| \end_inset |
| |
| superficially unrecognizable information |
| \begin_inset Quotes erd |
| \end_inset |
| |
| (see section |
| \begin_inset LatexCommand \ref{PassOneSpec} |
| |
| \end_inset |
| |
| ) and therefore be detected. |
| \layout Standard |
| |
| This pass has to verify the integrity of the clas file's data structures |
| as explained in section |
| \begin_inset LatexCommand \ref{Classfile Structure} |
| |
| \end_inset |
| |
| . |
| As an example, consider the Line\SpecialChar \- |
| Number\SpecialChar \- |
| Table atribute. |
| Sun did not specify there has to be exactly one |
| \family typewriter |
| Line\SpecialChar \- |
| Number\SpecialChar \- |
| Table |
| \family default |
| attribute (or none at all) per method, so possibly there is more than one |
| attribute of that kind. |
| This lax specification is not necessary due to the fact that you can put |
| all information in a single |
| \family typewriter |
| Line\SpecialChar \- |
| Number\SpecialChar \- |
| Table_attri\SpecialChar \- |
| bute |
| \begin_float footnote |
| \layout Standard |
| |
| Any number of |
| \family typewriter |
| line_number_table |
| \family default |
| array entries fits nicely in a single |
| \family typewriter |
| LineNumberTable_attribute |
| \family default |
| attribute. |
| \end_float |
| , but Sun did specify it this way ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 129). |
| \layout Standard |
| |
| Verifiers are requested to reject class files with inconsistent information |
| in their attributes. |
| However, here it may be that only by looking at all |
| \family typewriter |
| Line\SpecialChar \- |
| Number\SpecialChar \- |
| Table_attribute |
| \family default |
| s of a method, an inconsistency can be detected. |
| JustIce does so and rejects class files with inconsistent |
| \family typewriter |
| Line\SpecialChar \- |
| Number\SpecialChar \- |
| Table |
| \family default |
| information. |
| \layout Standard |
| |
| Furthermore, it issues warnings if such an attribute is detected at all |
| to discourage its use (see section |
| \begin_inset LatexCommand \ref{Pass2Impl} |
| |
| \end_inset |
| |
| ). |
| This is done because of possible different interpretations of the specification. |
| \layout Standard |
| |
| It should be noted that the use of attributes raises a few more problems |
| to class file verification. |
| A simple case is the presence of an unknown attribute that may safely be |
| ignored. |
| It is explicitly stated that such a class file must not be rejected. |
| On the other hand, how should a verifier react if --for example-- a |
| \family typewriter |
| field_info |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{Fields} |
| |
| \end_inset |
| |
| ) structure encloses a |
| \family typewriter |
| Code_attribute |
| \family default |
| ? JustIce will issue a warning but not reject the class file. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{Pass3Spec} |
| |
| \end_inset |
| |
| Pass Three |
| \layout Standard |
| |
| Performing pass three basically means |
| \emph on |
| verifying the bytecode |
| \emph default |
| . |
| There are so-called |
| \begin_inset Quotes eld |
| \end_inset |
| |
| static constraints |
| \begin_inset Quotes erd |
| \end_inset |
| |
| on both the instructions in the code array and their operands. |
| There are also so-called |
| \begin_inset Quotes eld |
| \end_inset |
| |
| structural constraints |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| The structural constraints specify constraints on relationships between |
| JVM instructions, so some people (including the author) regard |
| \begin_inset Quotes eld |
| \end_inset |
| |
| structural constraints |
| \begin_inset Quotes erd |
| \end_inset |
| |
| as a misnomer; they should be called |
| \begin_inset Quotes eld |
| \end_inset |
| |
| dynamic constraints |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| Static constraints are easily enforced using very simple checks. |
| Here is an example for such a check: let there be a |
| \family typewriter |
| Code |
| \family default |
| (see section |
| \begin_inset LatexCommand \ref{CodeAttribute} |
| |
| \end_inset |
| |
| ) attribute with a |
| \family typewriter |
| max_locals |
| \family default |
| value of 2. |
| Only local variables number 0 and 1 may be accessed by the bytecode in |
| this |
| \family typewriter |
| Code |
| \family default |
| attribute. |
| For all instructions accessing local variables, make sure they do not access |
| any other local variable. |
| \layout Standard |
| |
| Structural constraints are enforced using an algorithm sketched by Sun; |
| it implements a symbolic execution of a method's code, by means of data |
| flow analysis including type inference ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , pages 143-151). |
| This algorithm is called the |
| \emph on |
| data flow analyzer. |
| |
| \emph default |
| It is intuitively easy to understand, but it is hard to prove its correctness. |
| The reason for that is the very weak specification of its subtleties; especiall |
| y |
| \emph on |
| subroutines |
| \emph default |
| , |
| \emph on |
| wide date types |
| \emph default |
| and |
| \emph on |
| object initialization |
| \emph default |
| (see below). |
| The general approach, however, is sound |
| \begin_inset LatexCommand \cite{BCV-Soundness} |
| |
| \end_inset |
| |
| . |
| Here is an example for a structural constraint enforced by this algorithm: |
| during program execution, at any given point in the program the operand |
| stack is always of the same height, no matter which code path was taken |
| to reach that point. |
| |
| \layout Standard |
| |
| Pass three is the core of the verifier. |
| Note that we will split this pass up into two passes, namely a pass verifying |
| the static constraints and a pass verifying the structural constraints |
| of a method's code. |
| We will call these passes |
| \begin_inset Quotes eld |
| \end_inset |
| |
| pass 3a |
| \begin_inset Quotes erd |
| \end_inset |
| |
| and |
| \begin_inset Quotes eld |
| \end_inset |
| |
| pass 3b |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| In a way, they resemble pass one and pass two: the former pass carefully |
| parses an entity, while the latter pass performs additional verification. |
| |
| \layout Standard |
| |
| By defining pass four, the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| implicitly excludes |
| \begin_inset Quotes eld |
| \end_inset |
| |
| certain tests that could in principle be performed in Pass 3 |
| \begin_inset Quotes erd |
| \end_inset |
| |
| , because they are |
| \begin_inset Quotes eld |
| \end_inset |
| |
| delayed until the first time the code for the method is actually invoked |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| On the other hand, verifiers are allowed to perform pass four partially |
| or completely as a part of pass three. |
| JustIce performs the pass four checks in pass 3a. |
| \layout Subsection |
| |
| Static Constraints: Pass 3a |
| \layout Standard |
| |
| Sun gives examples of what the verifier does before starting the data flow |
| analyzer ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , pages 143-144): |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Branches must be within the bounds of the code array for the method. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| The targets of all control-flow instructions are each the start of an instructio |
| n. |
| In the case of a |
| \latex latex |
| |
| \backslash |
| texttt{wide} |
| \latex default |
| instruction the |
| \latex latex |
| |
| \backslash |
| texttt{wide} |
| \latex default |
| opcode is considered the start of the instruction, and the opcode giving |
| the operation modified by that |
| \latex latex |
| |
| \backslash |
| texttt{wide} |
| \latex default |
| instruction is not considered to start an instruction. |
| Branches into the middle of an instruction are disallowed. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| No instruction can access or modify a local variable at an index greater |
| than or equal to the number of local variables that its method indicates |
| it allocates. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| All references to the constant pool must be an entry of the appropriate |
| type. |
| For example: the instruction |
| \latex latex |
| |
| \backslash |
| texttt{ldc} |
| \latex default |
| can be used only for data of type int or float or for instances of class |
| String; the instruction |
| \latex latex |
| |
| \backslash |
| texttt{getfield} |
| \latex default |
| must reference a field. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| The code does not end in the middle of an instruction. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Execution cannot fall off the end of the code. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| For each exception handler, the starting and ending point of the code protected |
| by the handler must be at the beginning of an instruction or, in the case |
| of the ending point, immediately past the end of the code. |
| The starting point must be before the ending point. |
| The exception handler code must start at a valid instruction, and it may |
| not start at an opcode being modified by the |
| \latex latex |
| |
| \backslash |
| texttt{wide} |
| \latex default |
| instruction. |
| \layout Standard |
| |
| Most of these constraints are either static constraints on instructions |
| or on their operands. |
| A full list of constraints can be found in the Java Virtual Machine Specificati |
| on, Second Edition ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , pages 133-137). |
| \layout Standard |
| |
| The check for execution falling off the end of the code is an exception: |
| this is a structural constraint and should therefore be performed in pass |
| 3b. |
| Sun's verifiers, however, reject code that has an unreachable |
| \latex latex |
| |
| \backslash |
| texttt{nop} |
| \latex default |
| at the end of the code array. |
| Obviously, they reject the code before performing data flow analysis. |
| For the sake of compatibility, JustIce performs this check in pass 3a. |
| \layout Standard |
| |
| Note that the JVM's instructions differ in length. |
| Some instructions occupy only one byte (such as |
| \family typewriter |
| nop |
| \family default |
| ), others occupy three bytes (such as |
| \family typewriter |
| goto |
| \family default |
| ). |
| Branch instructions could therefore target operands of instructions. |
| For example, line 1 of algorithm |
| \begin_inset LatexCommand \ref{facjavabytecode} |
| |
| \end_inset |
| |
| reads |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \family typewriter |
| 1: ifne #8 |
| \family default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| If it would read |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \family typewriter |
| 1: ifne #7 |
| \family default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| , this code was malformed. |
| A special case is the instruction |
| \family typewriter |
| wide |
| \family default |
| . |
| This instruction takes another instruction |
| \emph on |
| as its operand |
| \emph default |
| , so one could be misguided into thinking this embedded instruction was |
| a valid target for branches. |
| It is not. |
| \layout Standard |
| |
| The checks Sun delays until pass four are performed in pass 3a by JustIce. |
| These are checks to ensure allowed and possible access to a referenced |
| type, listed below. |
| |
| \layout Itemize |
| |
| Is the type (class or interface) currently under examination allowed to |
| reference the type |
| \begin_float footnote |
| \layout Standard |
| |
| Interfaces may contain code, this is normally used for static initialization |
| of |
| \family typewriter |
| final |
| \family default |
| variables. |
| \end_float |
| ? |
| \layout Itemize |
| |
| Does the referenced method or field exist in the given class? |
| \layout Itemize |
| |
| Does the referenced method or field have the indicated descriptor (signature)? |
| \layout Itemize |
| |
| Does the method currently under examination have access to the referenced |
| method or field? |
| \layout Subsection |
| |
| Structural Constraints: Pass 3b |
| \layout Standard |
| |
| The structural constraints of JVM instructions are enforced by a data flow |
| analyzer. |
| This algorithm ensures the following constraints ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 142). |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| The operand stack is always the same size and contains the same types of |
| values. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| No local variable is accessed unless it is known to contain a value of an |
| appropriate type. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Methods are invoked with the appropriate arguments. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Fields are assigned only using values of appropriate types. |
| \layout Itemize |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| All opcodes have appropriate type arguments on the operand stack and in |
| the local variable array. |
| \layout Standard |
| |
| A full list of structural constraints can be found in The Java Virtual Machine |
| Specification, Second Edition ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , pages 137-139). |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{SunCoreAlgo} |
| |
| \end_inset |
| |
| Sun's Verification Algorithm |
| \layout Standard |
| |
| Sun specifies the data flow analyzer by giving an informal algorithm ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , pages 144-146). |
| This algorithm it cited here completely because it is the very core of |
| the verifier. |
| According to this algorithm, every bytecode instruction has a |
| \begin_inset Quotes eld |
| \end_inset |
| |
| changed |
| \begin_inset Quotes erd |
| \end_inset |
| |
| bit. |
| Initially, only the |
| \begin_inset Quotes eld |
| \end_inset |
| |
| changed |
| \begin_inset Quotes erd |
| \end_inset |
| |
| bit of the first instruction is set. |
| \layout Enumerate |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Select a virtual machine instruction whose "changed" bit is set. |
| If no instruction remains whose "changed" bit is set, the method has successful |
| ly been verified. |
| Otherwise, turn off the "changed" bit of the selected instruction. |
| \layout Enumerate |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Model the effect of the instruction on the operand stack and local variable |
| array by doing the following: |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If the instruction uses values from the operand stack, ensure that there |
| are a sufficient number of values on the stack and that the top values |
| on the stack are of an appropriate type. |
| Otherwise, verification fails. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If the instruction uses a local variable, ensure that the specified local |
| variable contains a value of the appropriate type. |
| Otherwise, verification fails. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If the instruction pushes values onto the operand stack, ensure that there |
| is sufficient room on the operand stack for the new values. |
| Add the indicated types to the top of the modeled operand stack. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If the instruction modifies a local variable, record that the local variable |
| now contains the new type. |
| \layout Enumerate |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Determine the instructions that can follow the current instruction. |
| Successor instructions can be one of the following: |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| The next instruction, if the current instruction is not an unconditional |
| control transfer instruction (for instance goto, return, or athrow). |
| Verification fails if it is possible to "fall off" the last instruction |
| of the method. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| The target(s) of a conditional or unconditional branch or switch. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| Any exception handlers for this instruction. |
| |
| \layout Enumerate |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Merge the state of the operand stack and local variable array at the end |
| of the execution of the current instruction into each of the successor |
| instructions. |
| In the special case of control transfer to an exception handler, the operand |
| stack is set to contain a single object of the exception type indicated |
| by the exception handler information. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If this is the first time the successor instruction has been visited, record |
| that the operand stack and local variable values calculated in steps 2 |
| and 3 are the state of the operand stack and local variable array prior |
| to executing the successor instruction. |
| Set the "changed" bit for the successor instruction. |
| \newline |
| |
| \latex latex |
| |
| \backslash |
| textbullet\SpecialChar ~ |
| |
| \latex default |
| If the successor instruction has been seen before, merge the operand stack |
| and local variable values calculated in steps 2 and 3 into the values already |
| there. |
| Set the "changed" bit if there is any modification to the values. |
| \layout Enumerate |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| Continue at step 1. |
| |
| \layout Standard |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| To merge two operand stacks, the number of values on each stack must be |
| identical. |
| The types of values on the stacks must also be identical, except that different |
| ly typed reference values may appear at corresponding places on the two |
| stacks. |
| In this case, the merged operand stack contains a reference to an instance |
| of the first common superclass of the two types. |
| Such a reference type always exists because the type Object is a superclass |
| of all class and interface types. |
| If the operand stacks cannot be merged, verification of the method fails. |
| \layout Standard |
| \pextra_type 1 \pextra_width 10mm |
| |
| |
| \series bold |
| To merge two local variable array states, corresponding pairs of local variables |
| are compared. |
| If the two types are not identical, then unless both contain reference |
| values, the verifier records that the local variable contains an unusable |
| value. |
| If both of the pair of local variables contain reference values, the merged |
| state contains a reference to an instance of the first common superclass |
| of the two types. |
| \layout Standard |
| |
| Certain instructions and data types complicate the data flow analyzer, most |
| notably the instruction |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| (see section |
| \begin_inset LatexCommand \ref{RetDesc} |
| |
| \end_inset |
| |
| ). |
| The algorithm above even uses a special definition of |
| \emph on |
| merging |
| \emph default |
| for the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction (see |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 151). |
| The |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction is parameterized with a value of type |
| \family typewriter |
| returnaddress |
| \family default |
| which is read from a local variable and used as a branching target. |
| The |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction is there to implement a (control flow) return from a |
| \emph on |
| subroutine |
| \emph default |
| . |
| \layout Subsubsection |
| |
| Reachability of Instructions |
| \layout Standard |
| |
| For the data flow analysis algorithm, you need to know all the possible |
| control flow successors of every instruction, i.e., you need to build a |
| \emph on |
| control flow graph |
| \emph default |
| (see below). |
| Without the instructions |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \begin_float footnote |
| \layout Standard |
| |
| Remember, a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction is an unconditional branch instruction that jumps into a |
| \emph on |
| subroutine |
| \emph default |
| . |
| Usually a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction leaves the |
| \emph on |
| subroutine |
| \emph default |
| . |
| \end_float |
| , |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| this calculation would be easy. |
| But to calculate successors of a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction, you need a complete control flow graph: you need to find out |
| which |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| pairs belong together. |
| Therefore, a cycle of self-dependency is created that has to be broken |
| somewhere. |
| This is explained in detail below. |
| \layout Standard |
| |
| This was also an issue that led to the definition of the term |
| \emph on |
| subroutine |
| \emph default |
| that JustIce uses. |
| This definition allows the prediction of a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction's target without performing control flow analysis. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{SpecSubroutines} |
| |
| \end_inset |
| |
| Subroutines |
| \layout Standard |
| |
| Subroutines make the verification algorithm extremely difficult. |
| They are harshly underspecified. |
| Although |
| \begin_inset Quotes eld |
| \end_inset |
| |
| the Java virtual machine has no guarantee that any file it is asked to load |
| was generated by that compiler |
| \begin_inset Quotes erd |
| \end_inset |
| |
| , the subroutine specification explains how |
| \emph on |
| javac |
| \emph default |
| transforms |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \latex latex |
| |
| \backslash |
| texttt{try} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{catch} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{finally} |
| \latex default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| clauses into subroutines |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| Intuitively, one gets the idea that a subroutine starts with some jump |
| target of a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction and ends with a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction. |
| But the specification fails to correctly specify what subroutines exactly |
| are at machine instruction level. |
| Consider algorithm |
| \begin_inset LatexCommand \ref{jsrpopalgo} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| \begin_float alg |
| \layout Standard |
| |
| |
| \family typewriter |
| 00 jsr\SpecialChar ~ |
| 03\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Jump to |
| \begin_inset Quotes eld |
| \end_inset |
| |
| subroutine |
| \begin_inset Quotes erd |
| \end_inset |
| |
| at offset 03; push return |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; address 03 onto stack. |
| \layout Standard |
| |
| |
| \family typewriter |
| 03 pop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Pop the return address off the stack. |
| \layout Standard |
| |
| |
| \family typewriter |
| 04 nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; No operation. |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{jsrpopalgo} |
| |
| \end_inset |
| |
| Is This a Subroutine? |
| \end_float |
| \layout Standard |
| |
| What is this? Is the |
| \emph on |
| NOP |
| \emph default |
| instruction part of a subroutine or not? Algorithm |
| \begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} |
| |
| \end_inset |
| |
| shows another example. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{OneOrTwoSubroutinesAlgo} |
| |
| \end_inset |
| |
| One or Two Subroutines? |
| \layout Standard |
| |
| |
| \family typewriter |
| 00 iload_0\SpecialChar ~ |
| \SpecialChar ~ |
| ; Load a numerical 0 onto the stack. |
| \layout Standard |
| |
| |
| \family typewriter |
| 01 jsr\SpecialChar ~ |
| 05\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Jump to "subroutine" at offset 05; push return |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; address 04 onto stack. |
| \layout Standard |
| |
| |
| \family typewriter |
| 04 return\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Leave the method. |
| \layout Standard |
| |
| |
| \family typewriter |
| 05 dup\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Duplicate the stack's top. |
| \layout Standard |
| |
| |
| \family typewriter |
| 06 astore\SpecialChar ~ |
| 0\SpecialChar ~ |
| ; Store the return address from the stack into |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; local variable 0. |
| \layout Standard |
| |
| |
| \family typewriter |
| 07 astore\SpecialChar ~ |
| 1\SpecialChar ~ |
| ; Store the return address from the stack into |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; local variable 1. |
| \layout Standard |
| |
| |
| \family typewriter |
| 08 ifeq\SpecialChar ~ |
| 12\SpecialChar ~ |
| \SpecialChar ~ |
| ; If there is a 0 on top of the stack, jump to |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; offset 12. |
| \layout Standard |
| |
| |
| \family typewriter |
| 11 ret\SpecialChar ~ |
| 0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Return to offset 4 (because this is in local |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; variable 0 here). |
| \layout Standard |
| |
| |
| \family typewriter |
| 12 nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; No operation. |
| \layout Standard |
| |
| |
| \family typewriter |
| 13 ret\SpecialChar ~ |
| 1\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Return to offset 4 (because this is in local |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; variable 1 here). |
| \end_float |
| \layout Standard |
| |
| Do we deal with one subroutine (which is the case if you define subroutines |
| to start with a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| 's target) or are these two subroutines (which is the case if you count |
| the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instructions and believe that there must be exactly one |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| per subroutine)? |
| \layout Standard |
| |
| Recursive calls to subroutines are forbidden by the specification; however, |
| Sun's verifier implementations are not consequently deciding which recursive |
| calls to reject |
| \begin_float footnote |
| \layout Standard |
| |
| This was experimentally found by the author and also published in |
| \begin_inset LatexCommand \cite{JBook} |
| |
| \end_inset |
| |
| . |
| \end_float |
| . |
| This is a failure due to a missing definition of the term |
| \emph on |
| subroutine |
| \emph default |
| . |
| \layout Standard |
| |
| While the first example passes Sun's verifier, the second example is rejected. |
| The exact definition of the term |
| \emph on |
| subroutine |
| \emph default |
| cannot be deducted from ther behaviour of Sun's verifier. |
| \layout Standard |
| |
| A new, clean specification had to be defined. |
| Such a specification can of course not be compatible with the behaviour |
| of Sun's verifier in all corner cases. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{Subroutines_Def} |
| |
| \end_inset |
| |
| A Precise Definition of the Term |
| \emph on |
| Subroutine |
| \layout Standard |
| |
| Because Sun --inappropriately-- describes how |
| \emph on |
| javac |
| \emph default |
| creates subroutines, the definition presented here is based on the observation |
| of |
| \emph on |
| javac |
| \emph default |
| 's behaviour. |
| This makes the definition compatible with a lot of existing code, but without |
| violating the validity of far-reaching conclusions earned by exploiting |
| a clean definition |
| \begin_float footnote |
| \layout Standard |
| |
| Unfortunately, in some rare cases, |
| \emph on |
| javac |
| \emph default |
| produces code that is incompatible with the constraints related to our |
| definition of |
| \emph on |
| subroutine |
| \emph default |
| . |
| However, |
| \emph on |
| javac |
| \emph default |
| also produces code which is incompatible with Sun's verifier (see section |
| |
| \begin_inset LatexCommand \ref{StaerkJreject} |
| |
| \end_inset |
| |
| ). |
| \end_float |
| . |
| |
| \layout Itemize |
| |
| Every instruction of a method is part of exactly one subroutine (or the |
| top-level). |
| \layout Itemize |
| |
| The first instruction of a subroutine is an |
| \latex latex |
| |
| \backslash |
| texttt{astore N} |
| \latex default |
| instruction that stores the return address in local variable number |
| \emph on |
| N |
| \emph default |
| . |
| \layout Itemize |
| |
| There must be exactly one |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction per subroutine. |
| This instruction must work on the local variable |
| \emph on |
| N |
| \emph default |
| ; i.e., it is a |
| \latex latex |
| |
| \backslash |
| texttt{ret N} |
| \latex default |
| instruction. |
| \layout Itemize |
| |
| Subroutines are not protected by exception handlers. |
| \layout Itemize |
| |
| No instruction that is part of a subroutine is the target of an exception |
| handler. |
| \layout Itemize |
| |
| Subroutines of a subroutine do not access local variable |
| \emph on |
| N |
| \emph default |
| . |
| A subsubroutine of a subroutine is also considered a subroutine here, in |
| a recursive sense. |
| \layout Standard |
| |
| As we can see, a subroutine can be characterized by its set of instructions, |
| the most important instruction being the target of some |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction that is not part of the subroutine itself. |
| Another important property is the local variable |
| \emph on |
| N |
| \emph default |
| the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction is working on. |
| \layout Standard |
| |
| This way, we can make sure subroutines are properly nested, so that JustIce |
| would reject both the example bytecodes in algorithms |
| \begin_inset LatexCommand \ref{jsrpopalgo} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| The |
| \latex latex |
| |
| \backslash |
| texttt{astore} |
| \latex default |
| instruction mentioned above is so important because there is no JVM instruction |
| that can read values of a |
| \latex latex |
| |
| \backslash |
| texttt{returnaddress} |
| \latex default |
| type from local variables. |
| After entering a subroutine, the |
| \latex latex |
| |
| \backslash |
| texttt{astore} |
| \latex default |
| instruction pops the return address off the operand stack and writes it |
| into local variable number |
| \emph on |
| N |
| \emph default |
| . |
| Therefore we can be sure it will not be duplicated or deleted as in algorithms |
| |
| \begin_inset LatexCommand \ref{jsrpopalgo} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| The constraints concerning exception handlers are defined to make sure that |
| we can observe the control flow statically. |
| If an exception is thrown from within a subroutine, the method simply |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \emph on |
| completes abruptly |
| \emph default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 74). |
| If we would allow subroutine instructions to be protected by exception |
| handlers, it would not be clear if the handling instructions are part of |
| the subroutine or not. |
| \layout Standard |
| |
| We can also derive subsubroutines of subroutines recursively by exploiting |
| the properly-nested property explained above. |
| \layout Subsubsection |
| |
| The Control Flow Graph |
| \layout Standard |
| |
| A control flow graph is a directed graph with edges that represent possible |
| branches of control flow. |
| Similarly, the nodes describe groups of physically adjacent instructions |
| that have to be executed one after another -- without any possible control |
| flow branch to another instruction but the physical successor |
| \begin_float footnote |
| \layout Standard |
| |
| More information about control flow graphs can be found in |
| \begin_inset LatexCommand \cite{DragonBook} |
| |
| \end_inset |
| |
| . |
| \end_float |
| . |
| Figure |
| \begin_inset LatexCommand \ref{convcfg} |
| |
| \end_inset |
| |
| shows such a control flow graph for algorithm |
| \begin_inset LatexCommand \ref{facjavabytecode} |
| |
| \end_inset |
| |
| , the implementation of the faculty function discussed earlier. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 368 |
| file conventcfg.eps |
| width 3 100 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{convcfg} |
| |
| \end_inset |
| |
| A Conventional Control Flow Graph |
| \end_float |
| \layout Standard |
| |
| The JVM defines a sort of control flow orthogonal to the common execution |
| of instructions, namely, the exception mechanism. |
| Because every instruction could possibly throw an exception (say, a |
| \family typewriter |
| java.lang.VirtualMachineError |
| \family default |
| ) during its execution, the control flow graph calculated by JustIce always |
| uses only one instruction per node. |
| This also reflects the original verification algorithm given by Sun Microsystem |
| s. |
| Figure |
| \begin_inset LatexCommand \ref{justicecfg} |
| |
| \end_inset |
| |
| shows an example for such a control flow graph. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 473 |
| file justicecfg.eps |
| width 3 100 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{justicecfg} |
| |
| \end_inset |
| |
| A Control Flow Graph as Used by JustIce |
| \end_float |
| \layout Standard |
| |
| Instruction nodes are augmented with a data structure that represents the |
| simulated operand stack and the simulated local variables array. |
| When running the core verification algorithm, these nodes are put into |
| a queue which is equivalent to tagging them with a |
| \emph on |
| changed |
| \emph default |
| bit as Sun describes |
| \begin_float footnote |
| \layout Standard |
| |
| As explained later, JustIce uses a queue that allows duplicates: this is |
| a slight semantical change. |
| \end_float |
| . |
| \layout Subsubsection |
| |
| Subroutines Revisited: Interplay With the Data Flow Analyzer |
| \layout Standard |
| |
| There is another problem concerning subroutines. |
| Normally, when merging the type information of two simulated local variables, |
| the common type is recorded as |
| \emph on |
| unusable |
| \emph default |
| if the types differ. |
| This |
| \emph on |
| unusable |
| \emph default |
| value is then propagated to subsequent instructions to prevent read access. |
| \layout Standard |
| |
| This is not the case with the successors of the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction. |
| These successors are physical successors of some |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instructions. |
| \layout Standard |
| |
| Subroutines are said to be |
| \emph on |
| polymorphic |
| \emph default |
| with respect to their local variables arrays. |
| As an example, consider algorithm |
| \begin_inset LatexCommand \ref{lvpolymorphalgo} |
| |
| \end_inset |
| |
| . |
| This algorithm shows legal JVM code. |
| In line 11, local variable 0 may contain a value of the |
| \family typewriter |
| integer |
| \family default |
| or the |
| \family typewriter |
| float |
| \family default |
| type; depending on the |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| instruction that entered the subroutine. |
| Normally, this would cause the verifier to mark local variable 0 as |
| \emph on |
| unusable |
| \emph default |
| and propagate this information. |
| The successors of the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction are the instructions in lines 5 and 10. |
| However, a correct verifier does |
| \emph on |
| not |
| \emph default |
| mark local variable 0 as |
| \emph on |
| unusable |
| \emph default |
| for them, because the local variable 0 was not accessed or modified in |
| the subroutine. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{lvpolymorphalgo} |
| |
| \end_inset |
| |
| Local Variables are Polymorphic in Subroutines |
| \layout Standard |
| |
| |
| \family typewriter |
| 0 : iconst_0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; load integer constant 0 onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| 1 : istore 0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; move it into local variable 0 |
| \layout Standard |
| |
| |
| \family typewriter |
| 2 : jsr 11\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; enter subroutine |
| \layout Standard |
| |
| |
| \family typewriter |
| 5 : fconst 0.0\SpecialChar ~ |
| ; load float constant 0.0 onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| 6 : fstore 0\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; move it into local variable 0 |
| \layout Standard |
| |
| |
| \family typewriter |
| 7 : jsr 11\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; enter subroutine again |
| \layout Standard |
| |
| |
| \family typewriter |
| 10: return\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; complete method |
| \layout Standard |
| |
| |
| \family typewriter |
| 11: astore 1\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Subroutine entry: move return address |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; into local variable 1 |
| \layout Standard |
| |
| |
| \family typewriter |
| 12: nop\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; do nothing |
| \layout Standard |
| |
| |
| \family typewriter |
| 13: ret 1\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; return from subroutine |
| \end_float |
| \layout Standard |
| |
| Basically, only the local variables accessed in the called subroutine (and |
| the subroutines called from there, recursively) are merged with the correspondi |
| ng successor of a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction. |
| This means that in this special case, three sources are used to construct |
| the merged array of local variables type information (instead of only two): |
| the |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction, the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction and the "old" type information of the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction's target (which is the physical successor of the |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction). |
| \layout Standard |
| |
| One possibility to deal with this situation is |
| \emph on |
| inlining |
| \emph default |
| . |
| For instance, the verifier of the ElectricalFire JVM |
| \begin_inset LatexCommand \cite{EF} |
| |
| \end_inset |
| |
| uses this approach: instruction nodes of subroutines are duplicated for |
| every calling |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| or |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction. |
| This approach is equivalent to the one sketched by Sun (see |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 151). |
| |
| \layout Standard |
| |
| JustIce uses a variant of this approach: instruction nodes are augmented |
| with sets of local variables arrays. |
| The local variables array used for merging a |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| 's type information with the physical successor of some |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction is keyed by that |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction itself. |
| This still implies a special merging mechanism for the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instruction: only the physical successor of one |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instruction can be merged with the |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| at a time, because other |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| instructions have possibly not been symbolically executed yet and thus |
| bear no type information at the time of merging. |
| In this scenario, an instruction in a subroutine plays multiple roles; |
| one for each occurence of a |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| that is calling the subroutine. |
| The queue holding the instructions to symbolically execute is therefore |
| required to allow duplicates. |
| \layout Subsubsection |
| |
| Wide Data Types |
| \layout Standard |
| |
| The types |
| \family typewriter |
| long |
| \family default |
| and |
| \family typewriter |
| double |
| \family default |
| use two consecutive local variables if written to or read from a local variables |
| array. |
| Similarly, they use two operand stack slots. |
| This makes type verification a bit more difficult because of subtle special |
| cases. |
| For example, when a method uses three local variables at maximum (local |
| variables 0, 1 and 2), the code is not allowed to store a |
| \family typewriter |
| double |
| \family default |
| value in local variable 2 (because local variable 3 would have to be occupied, |
| too). |
| \layout Subsubsection |
| |
| Instance Initialization and Newly Created Objects |
| \layout Standard |
| |
| It would be difficult to verify that a newly created instance is initialized |
| exactly once, given all possible paths of execution flow in a method. |
| Fortunately (from a verifier implementor's view), Sun puts constraints |
| on object initialization that match the behaviour of the verifier --- instead |
| of putting sane constraints on object initialization and actually verifying |
| them. |
| \layout Standard |
| |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| A valid instruction sequence must not have an uninitialized object on the |
| operand stack or in a local variable during a backwards branch [\SpecialChar \ldots{} |
| ]. |
| Otherwise, a devious piece of code might fool the verifier into thinking |
| it had initialized a class instance when it had, in fact, initialized a |
| class instance created in a previous pass through a loop |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 148). |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{Pass4Spec} |
| |
| \end_inset |
| |
| Pass Four |
| \layout Standard |
| |
| Pass four performs |
| \begin_inset Quotes eld |
| \end_inset |
| |
| certain tests that could in principle be performed in Pass 3 |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 142). |
| These tests are usually delayed by JVM implementations until run-time, |
| because they possibly trigger the loading of referenced class file definitions. |
| This is a performance enhancement. |
| However, |
| \begin_inset Quotes eld |
| \end_inset |
| |
| A Java virtual machine implementation is allowed to perform any or all of |
| the Pass 4 steps as part of Pass 3 |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 143). |
| The tests |
| \layout Itemize |
| |
| ensure that the referenced method or field exists in the given class |
| \layout Itemize |
| |
| check that the referenced method or field has the indicated descriptor (signatur |
| e) |
| \layout Itemize |
| |
| check that the currently executing method has access to the referenced method |
| or field. |
| \layout Standard |
| |
| JustIce has no run-time system and so the tests of pass four are performed |
| in pass 3a. |
| \layout Standard |
| |
| There are tests that have to be performed at run-time: for example, if an |
| object referenced by an object reference on top of the operand stack implements |
| a certain interface or not |
| \begin_inset LatexCommand \cite{Fong2-WWW} |
| |
| \end_inset |
| |
| . |
| These are not considered part of the pass four verification. |
| \layout Chapter |
| |
| Implementation of the Verification Passes |
| \layout Standard |
| |
| Occasionally, the behaviour of other verifier implementations was explained |
| in section |
| \begin_inset LatexCommand \ref{SpecPasses} |
| |
| \end_inset |
| |
| |
| \emph on |
| . |
| |
| \emph default |
| This is not a mistake; the Java Virtual Machine Specification, Second Edition |
| |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| is unfortunately not detailed enough to make a clean-room implementation |
| of the JVM verifier possible. |
| Having a close look at the behaviour of existing verifier implementations |
| is sometimes necessary to interpret the specification correctly. |
| For that reason, the behaviour of these implementations is part of the |
| specification of JustIce whereever appropriate. |
| Still, there are some minor differences in behaviour between JustIce and |
| the traditional JVM built-in verifiers. |
| These differences were observed by using the traditional verifiers, not |
| by inspecting their source code. |
| \layout Standard |
| |
| JustIce is implemented in the Java programming language |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| using the Byte Code Engineering Library |
| \begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} |
| |
| \end_inset |
| |
| . |
| \layout Section |
| |
| Pass One |
| \layout Standard |
| |
| The Byte Code Engineering Library (BCEL) presents an object oriented view |
| of the class file structure. |
| Therefore, an integral part of that library is parsing class files. |
| JustIce uses the BCEL, so there was nothing left to do to load a class |
| file in. |
| Only minor changes were made to the BCEL to make it more verbose when exception |
| al situations occur; i.e., when a garbled class file is loaded in. |
| The BCEL uses Java's exception mechanism to signal these situations; JustIce |
| transforms this behaviour into the behaviour expected by users of the Verificat |
| ion API (see section |
| \begin_inset LatexCommand \ref{Verification API} |
| |
| \end_inset |
| |
| ). |
| \layout Subsubsection |
| |
| Comparison to Sun's Implementation |
| \layout Standard |
| |
| There does not seem to be any difference in behaviour between JustIce and |
| the traditional verifiers. |
| Still, this conviction is a result of black box tests so it might not be |
| true in corner cases. |
| \layout Standard |
| |
| Unknown attributes are ignored (though JustIce records a warning message, |
| where the traditional verifiers don't). |
| \layout Standard |
| |
| Trailing bytes at the end of the class file are ignored in both versions, |
| contradicting the specification. |
| This was necessary because some Java run-time environments are broken concernin |
| g the handling of .JAR archive files. |
| The mechanism of loading class files from these archives files using the |
| Java Platform's API is used by BCEL and probably by Sun's JVM, too. |
| It is possible that this is the reason why Sun's verifier itself does not |
| enforce this constraint. |
| However, it does not really pose a threat to the integrity of any JVM known |
| to the author. |
| There is no entry in the |
| \family typewriter |
| ClassFile |
| \family default |
| structure (see section |
| \begin_inset LatexCommand \ref{Classfile Structure} |
| |
| \end_inset |
| |
| ) stating how long the class file is in its entirety, so a JVM implementor |
| cannot possibly base a wrong decision on that. |
| |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{Pass2Impl} |
| |
| \end_inset |
| |
| Pass Two |
| \layout Standard |
| |
| JustIce does perform |
| \begin_inset Quotes eld |
| \end_inset |
| |
| all verification that can be performed without looking at the bytecodes |
| \begin_inset Quotes erd |
| \end_inset |
| |
| in pass two. |
| For some reasons (like determining a valid ancestor hierarchy of a class), |
| pass two of JustIce has to load referenced classes. |
| Of course, this is done in a careful way: by pass-one-verifying them. |
| If loading of a referenced class should fail (i.e., verification pass one |
| fails on this class), the referencing class is rejected by JustIce's pass |
| two. |
| Pass two of JustIce does not pass-two-verify any referenced classes. |
| \layout Standard |
| |
| Also, JustIce's pass two emits a wealth of (warning) messages. |
| Their target is to guide a bytecode engineer to create class files that |
| are indistinguishable from those created by Sun's |
| \emph on |
| javac |
| \emph default |
| compiler with no debugging output. |
| For example, the use of |
| \family typewriter |
| LineNumberTable |
| \family default |
| attributes (see section |
| \begin_inset LatexCommand \ref{LineNumberTableAttribute} |
| |
| \end_inset |
| |
| ) is discouraged, because these atributes are only useful for debugging |
| purposes. |
| Still, they can be the reason for a class file to be rejected -- to be |
| on the safe side, finished applications for the JVM should not be shipped |
| with this debug information. |
| \layout Standard |
| |
| Most of the checks of pass two were implemented using the Visitor programming |
| pattern |
| \begin_inset LatexCommand \cite{DesignPatterns} |
| |
| \end_inset |
| |
| provided by the BCEL's |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.class\SpecialChar \- |
| file |
| \emph default |
| API. |
| This made it possible to have all the verification split into several methods |
| without having to define artificial boundaries. |
| For instance, a |
| \family typewriter |
| ConstantValue |
| \family default |
| attribute is verified in a method called |
| \emph on |
| visitConstantValue(ConstantValue) |
| \emph default |
| . |
| This is a use of the object oriented view of class files the BCEL offers. |
| \layout Subsubsection |
| |
| Comparison to Sun's Implementation |
| \layout Standard |
| |
| JustIce does not distinguish between run-time or link-time because it was |
| not intended to implement a JVM. |
| Therefore, the notion of |
| \emph on |
| resolving |
| \emph default |
| (see section |
| \begin_inset LatexCommand \ref{SpecPassTwo} |
| |
| \end_inset |
| |
| ) is useless for JustIce. |
| The author believes that the specification of pass two given by Sun closely |
| reflects their implementation (or the other way around) |
| \begin_float footnote |
| \layout Standard |
| |
| The Java Virtual Machine Specification, Second Edition, began as an internal |
| project documentation ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page xiv). |
| Unfortunately, this can still be felt sometimes. |
| \end_float |
| . |
| \layout Standard |
| |
| Sometimes, there are ambiguities in the specification. |
| For instance, it is said that |
| \begin_inset Quotes eld |
| \end_inset |
| |
| If the constant pool of a class or interface refers to any class or interface |
| that is not a member of a package, its |
| \family typewriter |
| ClassFile |
| \family default |
| structure must have exactly one |
| \family typewriter |
| InnerClasses |
| \family default |
| attribute in its |
| \family typewriter |
| attributes |
| \family default |
| table |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| A class or interface that is |
| \begin_inset Quotes eld |
| \end_inset |
| |
| not member of a package |
| \begin_inset Quotes erd |
| \end_inset |
| |
| is better known as a |
| \emph on |
| nested class |
| \emph default |
| or |
| \emph on |
| inner class |
| \emph default |
| |
| \begin_inset LatexCommand \cite{InnerSpec} |
| |
| \end_inset |
| |
| , but this is something specific to the Java language. |
| The |
| \emph on |
| javac |
| \emph default |
| compiler creates multiple, often funny-named |
| \begin_float footnote |
| \layout Standard |
| |
| For anonymous classes defined in a class |
| \emph on |
| X |
| \emph default |
| the names are |
| \emph on |
| X$1 |
| \emph default |
| , |
| \emph on |
| X$2 |
| \emph default |
| and so on. |
| For a named inner class |
| \emph on |
| I |
| \emph default |
| defined in class |
| \emph on |
| C |
| \emph default |
| the name is |
| \emph on |
| C$I |
| \emph default |
| . |
| There is, however, no guarantee for that: this is only observed behaviour |
| of javac. |
| Please see section |
| \begin_inset LatexCommand \ref{InnerBug} |
| |
| \end_inset |
| |
| for an example how this behaviour can lead to unexpected problems. |
| \end_float |
| class files that are otherwise indistinguishable from normal class files. |
| \layout Standard |
| |
| Therefore, it is generally not possible to decide if such an attribute is |
| missing; therefore Sun's implementation does not check this constraint. |
| JustIce, in contrast, uses its warning mechanism if the name of a referenced |
| class or interface could be a name of an inner class created by the |
| \emph on |
| javac |
| \emph default |
| compiler and the |
| \family typewriter |
| InnerClass |
| \family default |
| attribute is missing. |
| \layout Standard |
| |
| The sets of accepted or rejected class files concerning pass two are equal |
| using both Sun's implementation and JustIce, as exhaustive tests show. |
| This can, however, not be proven because one would need to analyze Sun's |
| source code for that (which is not intended: as already mentioned, JustIce |
| is a clean-room implementation). |
| \layout Section |
| |
| Pass Three |
| \layout Subsection |
| |
| Pass 3a |
| \layout Standard |
| |
| One feature of the BCEL's |
| \emph on |
| de.fub.bytecode.generic |
| \emph default |
| package is parsing code attributes of methods and transforming them into |
| so-called |
| \family typewriter |
| Instruction\SpecialChar \- |
| List |
| \family default |
| objects. |
| Consequently, this feature is used to implement pass 3a; a few additional |
| checks have been implemented where BCEL is too |
| \begin_inset Quotes eld |
| \end_inset |
| |
| trustful |
| \begin_inset Quotes erd |
| \end_inset |
| |
| when parsing, i.e., where BCEL relies on the correctness of the class file. |
| \layout Standard |
| |
| Pass 3a consists of the checking of static constraints on instructions and |
| static constraints on operands of these instructions. |
| The successful creation an an |
| \family typewriter |
| Instruction\SpecialChar \- |
| List |
| \family default |
| object already implies that the static constraints on instructions are |
| satisfied. |
| Similar to pass one, JustIce transforms the behaviour of BCEL's exception |
| mechanism into the behaviour expected by users of the Verification API |
| (see section |
| \begin_inset LatexCommand \ref{Verification API} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| The |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.ge\SpecialChar \- |
| ne\SpecialChar \- |
| ric |
| \emph default |
| API provided by BCEL offers a Visitor design pattern similar to the one |
| of the |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.class\SpecialChar \- |
| file |
| \emph default |
| API. |
| The tests for the static constraints on operands of instructions are implemente |
| d by using it. |
| For example, the constraints put on the operands of any |
| \latex latex |
| |
| \backslash |
| texttt{iload} |
| \latex default |
| instruction are verified using a |
| \emph on |
| visitILOAD(ILOAD) |
| \emph default |
| method defined in a Visitor class. |
| This Visitor class implements all the checks for integrity of all instruction's |
| operands. |
| Algorithm |
| \begin_inset LatexCommand \ref{visitILOADstaticoperands} |
| |
| \end_inset |
| |
| shows the impementation of the |
| \emph on |
| visitILOAD(ILOAD) |
| \emph default |
| method. |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{visitILOADstaticoperands} |
| |
| \end_inset |
| |
| visitILOAD, Visitor ensuring static constraints on operands of instructions |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar \- |
| \SpecialChar ~ |
| /** Checks if the constraints of operands of the said instruction(s) are |
| satisfied. |
| */ |
| \newline |
| \SpecialChar \- |
| public void visitILOAD(ILOAD o){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int idx = o.getIndex(); |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (idx < 0){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| constraintViolated(o, "Index '"+idx+"' must be non-negative."); |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| else{ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int maxminus1 = max_locals()-1; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (idx > maxminus1){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 |
| '"+maxminus1+"'."); |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| } |
| \end_float |
| \layout Standard |
| |
| JustIce does not provide any run-time, so the tests of pass four (see section |
| |
| \begin_inset LatexCommand \ref{Pass4Spec} |
| |
| \end_inset |
| |
| ) are not delayed until run-time, but performed here. |
| \layout Subsubsection |
| |
| Comparison to Sun's Implementation |
| \layout Standard |
| |
| Sun does not distinguish pass 3a and pass 3b. |
| However, Sun's verifiers also have to ensure that the static constraints |
| on instructions are satisfied before starting data flow analysis. |
| \layout Standard |
| |
| This is obvious because a data structure has to be built before the data |
| flow analyzer can be run; and this data structure has to be built carefully |
| \begin_float footnote |
| \layout Standard |
| |
| This actually means verifying the structural integrity of the bytecodes. |
| \end_float |
| because passes one and two did not look at the bytecodes before. |
| \layout Standard |
| |
| JustIce does implement pass four checks in pass 3a which Sun's verifiers |
| do not. |
| Because JustIce provides no run-time, the outcome of a verification failure |
| is reported instantly. |
| Traditional JVMs are required to silently delay the actions triggered by |
| that knowledge until run-time. |
| \layout Subsection |
| |
| Pass 3b |
| \layout Standard |
| |
| JustIce aims at implementing Sun's data flow analyzing algorithm as closely |
| as possible. |
| First, a control flow graph is built --- which implies analyzing a method's |
| subroutine calling structure first. |
| \layout Standard |
| |
| After that an implementation of the core algorithm sketched by Sun Microsystems |
| is started. |
| Verification failure is internally signalled by the Java exception handling |
| mechanism which is then transformed to match the Verification API (see |
| section |
| \begin_inset LatexCommand \ref{Verification API} |
| |
| \end_inset |
| |
| ). |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{SubroutineImpl} |
| |
| \end_inset |
| |
| Subroutines |
| \layout Standard |
| |
| Subroutines are modeled as instances of the |
| \family typewriter |
| Subroutine |
| \family default |
| interface |
| \emph on |
| . |
| |
| \emph default |
| They provide the following methods (note that an |
| \family typewriter |
| InstructionHandle |
| \family default |
| is the BCEL's programming handle to instruction objects and that |
| \emph on |
| X[] |
| \emph default |
| is the common Java notation for |
| \emph on |
| array of |
| \emph default |
| |
| \emph on |
| X |
| \emph default |
| ): |
| \layout Itemize |
| |
| |
| \emph on |
| boolean contains(InstructionHandle) |
| \emph default |
| |
| \newline |
| Returns true if and only if the given |
| \family typewriter |
| InstructionHandle |
| \family default |
| refers to an instruction that is part of this subroutine, |
| \layout Itemize |
| |
| |
| \emph on |
| InstructionHandle[] getInstructions() |
| \emph default |
| |
| \newline |
| Returns all instructions that together form this subroutine, |
| \layout Itemize |
| |
| |
| \emph on |
| int[] getAccessedLocalsIndices() |
| \emph default |
| |
| \newline |
| Returns an array containing the indices of the local variable slots accessed |
| by this subroutine (read-accessed, write-accessed or both); local variables |
| referenced by subroutines of this subroutine are not included, |
| \layout Itemize |
| |
| |
| \emph on |
| int[] getRecursivelyAccessedLocalsIndices() |
| \emph default |
| |
| \emph on |
| |
| \newline |
| |
| \emph default |
| Returns an array containing the indices of the local variable slots accessed |
| by this subroutine (read-accessed, write-accessed or both); local variables |
| referenced by subroutines of this subroutine are included, |
| \layout Itemize |
| |
| |
| \emph on |
| Subroutine[] subSubs() |
| \emph default |
| |
| \emph on |
| |
| \newline |
| |
| \emph default |
| Returns the subroutines that are directly called from this subroutine, |
| \layout Itemize |
| |
| |
| \emph on |
| InstructionHandle[] getEnteringJsrInstructions() |
| \emph default |
| |
| \newline |
| Returns all the JsrInstructions that have the first instruction of this |
| subroutine as their target, |
| \layout Itemize |
| |
| |
| \emph on |
| InstructionHandle getLeavingRET() |
| \emph default |
| |
| \newline |
| Returns the one and only RET that leaves the subroutine. |
| \layout Standard |
| |
| Together with information from a simple analysis of the possible control |
| flow transfer of all the other instructions but |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| (see section |
| \begin_inset LatexCommand \ref{Pass3Spec} |
| |
| \end_inset |
| |
| ), a control flow graph is built. |
| \layout Subsubsection |
| |
| The Control Flow Graph |
| \layout Standard |
| |
| The control flow graph is a single instance with respect to a given method |
| to verify. |
| It is defined by providing access to a set of contexts of instructions. |
| These are modeled as instances of the |
| \emph on |
| |
| \family typewriter |
| \emph default |
| In\SpecialChar \- |
| struc\SpecialChar \- |
| tion\SpecialChar \- |
| Con\SpecialChar \- |
| text |
| \family default |
| interface. |
| \layout Standard |
| |
| These instances enclose |
| \family typewriter |
| InstructionHandle |
| \family default |
| objects (which represent an instruction in the bytecode), but they augment |
| these objects with type information (a set of |
| \family typewriter |
| Frame |
| \family default |
| s, see below) as needed by the data flow analysis algorithm. |
| Also, a method called |
| \emph on |
| getSuccessors() |
| \emph default |
| is provided that calculates the possible control flow successors of a given |
| |
| \family typewriter |
| In\SpecialChar \- |
| struc\SpecialChar \- |
| tion\SpecialChar \- |
| Con\SpecialChar \- |
| text |
| \family default |
| instance. |
| \layout Standard |
| |
| The most notable method defined in the |
| \family typewriter |
| In\SpecialChar \- |
| struc\SpecialChar \- |
| tion\SpecialChar \- |
| Con\SpecialChar \- |
| text |
| \family default |
| \emph on |
| |
| \emph default |
| interface is, however, the |
| \emph on |
| execute(Frame, ArrayList, InstConstraintVisitor, ExecutionVisitor) |
| \emph default |
| method. |
| This method is used to symbolically execute a given instruction. |
| \layout Standard |
| |
| The |
| \family typewriter |
| ArrayList |
| \family default |
| \emph on |
| |
| \emph default |
| argument is there to record the subroutine calling chain. |
| The properly-nested property of JustIce subroutines is exploited here: |
| one can simply count |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| / |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| instructions, similar to counting opened and closed braces in mathematical |
| expressions. |
| \layout Standard |
| |
| A |
| \family typewriter |
| Frame |
| \family default |
| is JustIce's model of an |
| \emph on |
| execution frame |
| \emph default |
| : a local variables array model together with an operand stack model. |
| Every |
| \emph on |
| InstructionContext |
| \emph default |
| instance is augmented with such a frame (to be precise, a set of such frames |
| as discussed in the specification of subroutines, see section |
| \begin_inset LatexCommand \ref{Pass3Spec} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| When frames are merged, the |
| \emph on |
| execute(Frame, ArrayList, InstConstraintVisitor, ExecutionVisitor) |
| \emph default |
| method of some successor |
| \family typewriter |
| InstructionContext |
| \family default |
| is called. |
| The |
| \family typewriter |
| Frame |
| \family default |
| argument represents is the current type information of the predecessing |
| |
| \family typewriter |
| InstructionContext. |
| \layout Subsubsection |
| |
| Visitors |
| \layout Standard |
| |
| As in pass 3a, the Visitor pattern of the BCEL |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.ge\SpecialChar \- |
| ne\SpecialChar \- |
| ric |
| \emph default |
| API is also used in pass 3b. |
| While it was used to verify the static constraints of pass three in pass |
| 3a, it is now used to verify the structural constraints. |
| \layout Standard |
| |
| Before an instruction |
| \family typewriter |
| X |
| \family default |
| is symbolically executed, the corresponding |
| \emph on |
| visitX(X) |
| \emph default |
| method is invoked on an |
| \family typewriter |
| InstConstraintVisitor |
| \family default |
| instance. |
| This instance is there to verify all the preconditions are met to safely |
| execute the instruction |
| \family typewriter |
| X |
| \family default |
| . |
| The |
| \family typewriter |
| InstConstraintVisitor |
| \family default |
| class therefore holds information about the preconditions of all 212 valid |
| Java bytecode instructions. |
| A simplified version of this Visitor's |
| \emph on |
| visitILOAD(ILOAD) |
| \emph default |
| method is listed in algorithm |
| \begin_inset LatexCommand \ref{visitILOADInstConstraints} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| Similarly, the |
| \emph on |
| |
| \family typewriter |
| \emph default |
| ExecutionVisitor |
| \family default |
| class contains information about the behaviour of every bytecode instruction. |
| An instance of this class is used to model the effect of the bytecode instructi |
| ons on a |
| \emph on |
| Frame |
| \emph default |
| instance. |
| Algorithm |
| \begin_inset LatexCommand \ref{visitILOADExecution} |
| |
| \end_inset |
| |
| shows the |
| \emph on |
| visitILOAD(ILOAD) |
| \emph default |
| method of this Visitor. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{visitILOADInstConstraints} |
| |
| \end_inset |
| |
| visitILOAD, Visitor ensuring the structural (dynamic) constraints of instruction |
| s |
| \layout Standard |
| |
| |
| \family typewriter |
| public void visitILOAD(ILOAD o){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int produce = o.produceStack(cpg); |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if ( produce + stack().slotsUsed() > stack().maxStack() ){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| constraintViolated(o, "Cannot produce "+produce+" stack slots: only "+(stack().ma |
| xStack()-stack().slotsUsed())+" free stack slot(s) left. |
| \backslash |
| nStack: |
| \backslash |
| n"+stack()); |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| [\SpecialChar \ldots{} |
| ] |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \end_float |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{visitILOADExecution} |
| |
| \end_inset |
| |
| visitILOAD, Visitor symbolically executing instructions |
| \layout Standard |
| |
| |
| \family typewriter |
| /** Symbolically executes the corresponding Java Virtual Machine instruction. |
| */ |
| \newline |
| \SpecialChar \- |
| public void visitILOAD(ILOAD o){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| stack().push(Type.INT); |
| \newline |
| \SpecialChar \- |
| } |
| \end_float |
| \begin_float alg |
| \layout Caption |
| |
| Simplified Core Verification Algorithm of Pass 3b |
| \layout Standard |
| |
| |
| \series bold |
| \size small |
| public VerificationResult do_verify(Method m) |
| \series default |
| { |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ControlFlowGraph cfg; |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (m.hasCode()) |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| cfg = new ControlFlowGraph(m) |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| else |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return Good_VerificationResult; |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Frame f = new Frame(); |
| \shape slanted |
| // local variables and operand stack |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| f.localVariables().initialize(m.signature()); |
| \shape slanted |
| // put formal param types into loc. |
| vars |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| InstConstraintVisitor icv = new InstConstraintVisitor(); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ExecutionVisitor ev = new ExecutionVisitor(); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| try{ |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| circulationPump(cfg, f, icv, ev); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| catch(VerificationFailure){ |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return Bad_VerificationResult; |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return Good_VerificationResult; |
| \layout Standard |
| |
| |
| \size small |
| } |
| \newline |
| |
| \layout Standard |
| |
| |
| \series bold |
| \size small |
| public void circulationPump(ControlflowGraph cfg, Frame startFrame, InstConstrai |
| ntVisitor icv, ExecutionVisitor ev) throws VerificationFailure |
| \series default |
| { |
| \layout Standard |
| |
| |
| \size small |
| Instruction start = cfg.getFirstInstruction(); |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| /* |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| Now merge the first frame (type info) into the first instruction. |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| Empty list -> no instructions have been executed before. |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| */ |
| \layout Standard |
| |
| |
| \size small |
| start.execute(startFrame, EmptyInstructionList, icv, ev); |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| /* |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| Q is a Queue of pairs (Instruction, InstructionList). |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| */ |
| \layout Standard |
| |
| |
| \size small |
| Queue Q = EmptyQueue; |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| /* |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| Put the first instruction into the queue. |
| This is similar to initializing a breadth first search. |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| */ |
| \layout Standard |
| |
| |
| \size small |
| Q.add (start, EmptyInstructionList); |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| /* |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| The main loop |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| */ |
| \layout Standard |
| |
| |
| \size small |
| while (Q.isNotEmpty()){ |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Instruction u = fst(Q.head()); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| InstructionList ec = snd(Q.head()); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Q.removeHead(); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| InstructionList oldchain = ec; |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| InstructionList newchain = ec++[u]; |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| for (all successors v of u){ |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| |
| \shape slanted |
| /* |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| execute returns true if type info has changed. |
| It may throw VerificationFailures. |
| \layout Standard |
| |
| |
| \shape slanted |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| */ |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (v.execute(u.getOutFrame(oldchain), newchain,icv,ev)) |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Q.add((v, newchain)); |
| \layout Standard |
| |
| |
| \size small |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \layout Standard |
| |
| |
| \size small |
| } |
| \end_float |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{ComparisonSubroutines} |
| |
| \end_inset |
| |
| Comparison to Sun's Implementation |
| \layout Standard |
| |
| JustIce was originally aimed to be as compatible to Sun's implementation |
| as possible. |
| However, the unclear specification prevents clean room implementations |
| (i.e., implementations whose programmers did not look into Sun's code) from |
| perfect compatibility. |
| \layout Standard |
| |
| Fortunately, it JustIce closely matches Sun's implementation in its behaviour. |
| As a test case, the author verified the transitive hull of the referenced |
| class files starting with the |
| \emph on |
| de.fub.bytecode.verifier.Verifier |
| \emph default |
| class. |
| This set includes most of the classes of the Java 2 API supplied by Sun |
| Microsystems, i.e., a few hundreds of apparently correct classes. |
| A very small number of class files was rejected by JustIce because of its |
| different specification of subroutine constraints. |
| No other rejects were encountered. |
| \layout Standard |
| |
| Most class files that are found to be rejected by Sun's verifier implementations |
| are rejected by JustIce, too. |
| \layout Standard |
| |
| However, there are class file rejected by Sun's verifier implementations |
| but not by JustIce. |
| This should not occur, but JustIce does not mimic the programming errors |
| of Sun's verifiers so far. |
| Please see section |
| \begin_inset LatexCommand \ref{javacRejected} |
| |
| \end_inset |
| |
| for a discussion on a selected incompatibility issue. |
| \layout Standard |
| |
| An automated testing suite could solidify the trust in JustIce's implementation |
| which is not implemented yet. |
| Please see section |
| \begin_inset LatexCommand \ref{VerifierValidationSuite} |
| |
| \end_inset |
| |
| for a discussion on that topic. |
| \layout Section |
| |
| Pass Four |
| \layout Standard |
| |
| The tests Sun's verifiers perform during run-time but which in principle |
| could be performed in pass three |
| \emph on |
| are |
| \emph default |
| performed in pass 3a by JustIce. |
| \layout Subsubsection |
| |
| Comparison to Sun's Implementation |
| \layout Standard |
| |
| It sems natural that Sun's verifier implements the specification by Sun. |
| Obviously, JustIce has no run-time so JustIce has no pass four. |
| The checks Sun performs in pass four |
| \begin_float footnote |
| \layout Standard |
| |
| Some JVMs expose implementation mistakes concerning pass four verification. |
| See section |
| \begin_inset LatexCommand \ref{PassFourBug} |
| |
| \end_inset |
| |
| . |
| \end_float |
| are performed in pass 3a by JustIce. |
| \layout Chapter |
| |
| |
| \begin_inset LatexCommand \label{Verification API} |
| |
| \end_inset |
| |
| The Verification API |
| \layout Section |
| |
| Introduction |
| \layout Standard |
| |
| The Application Programming Interface (API) of JustIce uses object oriented |
| design patterns |
| \begin_inset LatexCommand \cite{DesignPatterns} |
| |
| \end_inset |
| |
| . |
| Readers not familiar with design patterns are encouraged to read at least |
| about the |
| \emph on |
| Visitor |
| \emph default |
| , |
| \emph on |
| Singleton |
| \emph default |
| , |
| \emph on |
| Observer |
| \emph default |
| and |
| \emph on |
| Factory |
| \emph default |
| patterns. |
| \layout Standard |
| |
| JustIce currently consists of four packages: |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.veri\SpecialChar \- |
| fier |
| \emph default |
| , |
| \emph on |
| de.fub. |
| byte\SpecialChar \- |
| code.veri\SpecialChar \- |
| fier.exc |
| \emph default |
| , |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.veri\SpecialChar \- |
| fier.statics |
| \emph default |
| and |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code.veri\SpecialChar \- |
| fier. |
| struc\SpecialChar \- |
| tu\SpecialChar \- |
| rals |
| \emph default |
| . |
| (We shall from now on omit the preceding |
| \emph on |
| de.fub.byte\SpecialChar \- |
| code |
| \emph default |
| .) The most important of them is the |
| \emph on |
| verifier |
| \emph default |
| package. |
| The class |
| \family typewriter |
| VerifierFactory |
| \family default |
| can be found here; this is the place where all verification starts. |
| The |
| \family typewriter |
| Veri\SpecialChar \- |
| fier\SpecialChar \- |
| Fac\SpecialChar \- |
| tory |
| \family default |
| creates |
| \family typewriter |
| Verifier |
| \family default |
| instances; only the |
| \family typewriter |
| VerifierFactory |
| \family default |
| can create these instances. |
| A |
| \family typewriter |
| Verifier |
| \family default |
| instance, in turn, has a one-to-one relationship with a class file to verify, |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| its class |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| You can instruct a |
| \family typewriter |
| Verifier |
| \family default |
| instance to run a verification pass on its class yielding a |
| \family typewriter |
| VerificationResult |
| \family default |
| . |
| \layout Standard |
| |
| All class files are fetched from the BCEL's class file repository, i.e., the |
| class |
| \family typewriter |
| Re\SpecialChar \- |
| po\SpecialChar \- |
| si\SpecialChar \- |
| to\SpecialChar \- |
| ry |
| \family default |
| . |
| The class files stored there are either put there by the user or they are |
| read from the file system. |
| For a bytecode engineer who uses the BCEL this is convenient, because one |
| does not have to save the dynamically created class file first in order |
| to load it into JustIce. |
| \layout Standard |
| |
| Pass 1 and pass 2 are related to the |
| \family typewriter |
| ClassFile |
| \family default |
| structure as such; passes 3a and 3b verify the bytecode of a method. |
| If a class file was created using the BCEL, the BCEL user already knows |
| how the |
| \family typewriter |
| JavaClass |
| \family default |
| object looks like |
| \begin_float footnote |
| \layout Standard |
| |
| A |
| \family typewriter |
| JavaClass |
| \family default |
| object represents a class file in the BCEL. |
| \end_float |
| . |
| The number of methods is known and the order of the methods in the class |
| file is known. |
| \layout Standard |
| |
| However, if this is not the case, one usually does not know the number of |
| methods in a class file or the order of these methods. |
| To carefully extract this information from an untrusted class file, one |
| should first let a pass-2-verification run on this file. |
| Afterwards, the information can be read from the |
| \family typewriter |
| JavaClass |
| \family default |
| object the BCEL offers. |
| \layout Standard |
| |
| Finally, one is able to supply the |
| \begin_inset Quotes eld |
| \end_inset |
| |
| method index |
| \begin_inset Quotes erd |
| \end_inset |
| |
| needed by verification passes 3a and 3b. |
| \layout Standard |
| |
| Basically, after pass 2 has been run successfully on a class file, one can |
| safely use the methods in the BCEL's |
| \emph on |
| classfile |
| \emph default |
| package |
| \emph on |
| |
| \emph default |
| on that class file. |
| After pass 3a has been run successfully on a method, one can safely work |
| on that method using the BCEL's |
| \emph on |
| generic |
| \emph default |
| package. |
| After pass 3b has been run successfully on all methods in a class file, |
| this class file will not be rejected by other verifiers. |
| \layout Standard |
| |
| Often, the run of a verification pass implies recursively verifying other |
| class files as well (because they are somehow referenced). |
| Therefore, |
| \emph on |
| Verifier |
| \emph default |
| instances for these referenced classes are created transparently. |
| To be notified when such an event occurs, one can implement the |
| \emph on |
| VerifierFactoryObserver |
| \emph default |
| interface and let the |
| \emph on |
| VerifierFactory |
| \emph default |
| register your implementation. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 863 |
| file VerificationAPI.eps |
| width 3 100 |
| angle 90 |
| flags 1 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| UML class diagram of the Verification API |
| \end_float |
| \layout Standard |
| |
| A Verifier creates instances of PassVerifiers. |
| A PassVerifier instance in charge of performing some later verification |
| pass transparently creates PassVerifier instances for the preceding passes. |
| Therefore, users of the Verification API do not have to care about the |
| order of verification passes; i.e., earlier passes are run always before |
| later passes. |
| All verification results are cached; this way an unsual order of calls |
| to the |
| \emph on |
| doPassX() |
| \emph default |
| methods of the |
| \emph on |
| Verifier |
| \emph default |
| class does not even waste computing time. |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 631 |
| file V_API_SD.eps |
| width 3 100 |
| height 3 75 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| Informal UML sequence diagram showing the dependency of verification pass |
| two on verification pass one. |
| \end_float |
| \layout Section |
| |
| Some Example Code |
| \layout Standard |
| |
| The code below shows an example of how to use the API provided by JustIce. |
| It will verify the transitive hull of all referenced class files. |
| Normally, while verifying a class, referenced classes are recursively verified |
| performing |
| \emph on |
| earlier |
| \emph default |
| passes. |
| Verifiers that are using pass 1 on their class will not load in any other |
| classes (see section |
| \begin_inset LatexCommand \ref{SpecPasses} |
| |
| \end_inset |
| |
| ). |
| Therefore, normally the transitive hull is |
| \emph on |
| not |
| \emph default |
| verified completely (it usually does not make sense to verify it, though |
| -- it's done here only to give an example of what can be done). |
| \family typewriter |
| \size small |
| |
| \newline |
| |
| \newline |
| 01\SpecialChar ~ |
| package de.fub.bytecode.verifier; |
| \newline |
| 02\SpecialChar ~ |
| import de.fub.bytecode.verifier.*; |
| \newline |
| 03\SpecialChar ~ |
| import de.fub.bytecode.classfile.*; |
| \newline |
| 04\SpecialChar ~ |
| import de.fub.bytecode.*; |
| \newline |
| 05\SpecialChar ~ |
| /** |
| \newline |
| 06\SpecialChar ~ |
| \SpecialChar ~ |
| * This class has a main method implementing a demonstration program |
| \newline |
| 07\SpecialChar ~ |
| \SpecialChar ~ |
| * of how to use the VerifierFactoryObserver. |
| It transitively verifies |
| \newline |
| 08\SpecialChar ~ |
| \SpecialChar ~ |
| * all class files encountered; this may take up a lot of time and, |
| \newline |
| 09\SpecialChar ~ |
| \SpecialChar ~ |
| * more notably, memory. |
| |
| \newline |
| 10\SpecialChar ~ |
| \SpecialChar ~ |
| * |
| \newline |
| 11\SpecialChar ~ |
| \SpecialChar ~ |
| * @author Enver Haase |
| \newline |
| 12\SpecialChar ~ |
| \SpecialChar ~ |
| */ |
| \newline |
| 13\SpecialChar ~ |
| public class TransitiveHull implements VerifierFactoryObserver{ |
| \newline |
| 14\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| /** Used for indentation. |
| */ |
| \newline |
| 15\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| private int indent = 0; |
| \newline |
| 16\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| /** Not publicly instantiable. |
| */ |
| \newline |
| 17\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| private TransitiveHull(){ } |
| \newline |
| 18 |
| \newline |
| 19\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| /* Implementing VerifierFactoryObserver. |
| */ |
| \newline |
| 20\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| public void update(String classname){ |
| \newline |
| 21\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| for (int i=0; i<indent; i++) { |
| \newline |
| 22\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.print(" "); |
| \newline |
| 23\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 24\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println(classname); |
| \newline |
| 25\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| indent += 1; |
| \newline |
| 26\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Verifier v = VerifierFactory.getVerifier(classname); |
| \newline |
| 27\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| VerificationResult vr; |
| \newline |
| 28\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| vr = v.doPass1(); |
| \newline |
| 29\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (vr != VerificationResult.VR_OK) |
| \newline |
| 30\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println("Pass 1: |
| \backslash |
| n"+vr); |
| \newline |
| 31\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| vr = v.doPass2(); |
| \newline |
| 32\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (vr != VerificationResult.VR_OK) |
| \newline |
| 33\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println("Pass 2: |
| \backslash |
| n"+vr); |
| \newline |
| 34\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (vr == VerificationResult.VR_OK){ |
| \newline |
| 35\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| JavaClass jc = Repository.lookupClass(v.getClassName()); |
| \newline |
| 36\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| for (int i=0; i<jc.getMethods().length; i++){ |
| \newline |
| 37\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| vr = v.doPass3a(i); |
| \newline |
| 38\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (vr != VerificationResult.VR_OK) |
| \newline |
| 39\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println(v.getClassName()+", Pass 3a, method "+ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| i+" ['"+jc.getMethods()[i]+"']: |
| \backslash |
| n"+vr); |
| \newline |
| 40\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| vr = v.doPass3b(i); |
| \newline |
| 41\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (vr != VerificationResult.VR_OK) |
| \newline |
| 42\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println(v.getClassName()+", Pass 3b, method "+ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| i+" ['"+jc.getMethods()[i]+"']: |
| \backslash |
| n"+vr); |
| \newline |
| 43\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 44\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 45\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| indent -= 1; |
| \newline |
| 46\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 47 |
| \newline |
| 48\SpecialChar ~ |
| \SpecialChar ~ |
| /** |
| \newline |
| 49\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| * This method implements a demonstration program |
| \newline |
| 50\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| * of how to use the VerifierFactoryObserver. |
| It transitively |
| \newline |
| 51\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| * verifies all class files encountered; this may take up a |
| \newline |
| 52\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| * lot of time and, more notably, memory. |
| |
| \newline |
| 53\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| */ |
| \newline |
| 54\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| public static void main(String[] args){ |
| \newline |
| 55\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (args.length != 1){ |
| \newline |
| 56\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.out.println("Need exactly one argument: The root class |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| to verify."); |
| \newline |
| 57\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| System.exit(1); |
| \newline |
| 58\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 59\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int dotclasspos = args[0].lastIndexOf(".class"); |
| \newline |
| 60\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (dotclasspos != -1) |
| \newline |
| 61\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| args[0] = args[0].substring(0,dotclasspos); args[0] = |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| args[0].replace('/', '.'); |
| \newline |
| 62\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| TransitiveHull th = new TransitiveHull(); |
| \newline |
| 63\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| VerifierFactory.attach(th); |
| \newline |
| 64\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| VerifierFactory.getVerifier(args[0]); // the observer is called |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| back and does the actual trick. |
| \newline |
| 65\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| VerifierFactory.detach(th); |
| \newline |
| 66\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| 67\SpecialChar ~ |
| } |
| \newline |
| |
| \layout Standard |
| |
| |
| \size small |
| First, an instance of the |
| \emph on |
| TransitiveHull |
| \emph default |
| class is created in line 62. |
| Note that this class implements the |
| \emph on |
| VerifierFactoryObserver |
| \emph default |
| interface. |
| \layout Standard |
| |
| |
| \size small |
| A reference to the newly created instance is then passed to the |
| \emph on |
| VerifierFactory |
| \emph default |
| in line 63 by invoking its |
| \emph on |
| attach(VerifierFactoryObserver) |
| \emph default |
| method. |
| After registering the new observer, the |
| \emph on |
| VerifierFactory |
| \emph default |
| will call the instance's |
| \emph on |
| update(String) |
| \emph default |
| method (defined in lines 20-46) whenever a new |
| \emph on |
| Verifier |
| \emph default |
| instance is created. |
| \layout Standard |
| |
| |
| \size small |
| To trigger the verification, a first |
| \emph on |
| Verifier |
| \emph default |
| instance is fetched from the |
| \emph on |
| VerifierFactory |
| \emph default |
| . |
| Because it is the very first |
| \emph on |
| Verifier |
| \emph default |
| instance that is fetched, we know that it has to be newly created. |
| This is done in line 64. |
| This instance is not used in the |
| \emph on |
| main(String[]) |
| \emph default |
| method; but its creation leads to a invocation of the |
| \emph on |
| update(String) |
| \emph default |
| method which is defined in lines 20-46. |
| \layout Standard |
| |
| There, the name of the class to verify is printed (lines 21-25, line 45) |
| and the four verification passes provided by JustIce are run. |
| Note that one has to be careful not to try to verify a method that does |
| not exist. |
| JustIce would in this case throw an |
| \emph on |
| InvalidMethodException |
| \emph default |
| . |
| Therefore, after successfully verifying that the structure of the class |
| file to verify is well-formed (verification up to and including pass two, |
| lines 26-31), the number of methods is fetched from the corresponding JavaClass |
| object. |
| (It is necessary to perform verification pass two on a class file to safely |
| find out how many methods are defined in this class file.) |
| \layout Standard |
| |
| After determining the number of methods, these methods are verified performing |
| passes 3a and 3b on them (lines 32-44). |
| \layout Standard |
| |
| By applying all verification passes on some class file |
| \emph on |
| C |
| \emph default |
| , all class files referenced by |
| \emph on |
| C |
| \emph default |
| are found. |
| Therefore, new |
| \emph on |
| Verifier |
| \emph default |
| instances are created which are responsible for them. |
| Because of that, the |
| \emph on |
| update(String) |
| \emph default |
| method described above is called for every referenced class. |
| This is a recursive loop; the program terminates when there is no referenced |
| class left to be verified. |
| \layout Standard |
| |
| The example above is simple yet powerful. |
| Admittedly, it is of limited use to verify classes provided by the JVM |
| vendor; therefore one would not normally verify all the transitive hull |
| of referenced class files. |
| However, a common use is verifying all classes of a project. |
| Inserting a new line between line 20 and 21 like |
| \layout Standard |
| |
| |
| \family typewriter |
| if (!(classname.startsWith( |
| \begin_inset Quotes eld |
| \end_inset |
| |
| de.fub.bytecode.verifier |
| \begin_inset Quotes erd |
| \end_inset |
| |
| )) return; |
| \newline |
| |
| \family default |
| would easily accomplish this goal if JustIce itself is the project to verify |
| and all the project's class files are referenced by another class file |
| in the project. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{GUI_APP} |
| |
| \end_inset |
| |
| An Application Prototype |
| \layout Standard |
| |
| The API of JustIce is used to offer bytecode engineers an opportunity to |
| create their own application programs. |
| However, this dimension of configurability is often not needed. |
| \layout Standard |
| |
| JustIce comes with an application prototype which provides an easy-to-use |
| user interface. |
| Figures |
| \begin_inset LatexCommand \ref{GUI1fig} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{GUI2fig} |
| |
| \end_inset |
| |
| show screen shots of this prototype built on the JustIce verifier. |
| The boxes to the right contain verification information. |
| From the top to the bottom the boxes represent the verification passes |
| one, two, 3a and 3b and the warning messages, respectively. |
| \layout Standard |
| |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 757 |
| file GUI1.eps |
| width 3 100 |
| height 3 90 |
| angle 90 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{GUI1fig} |
| |
| \end_inset |
| |
| Verification of the Mini.MiniParser class file. |
| Verification is passed, but JustIce suggests to remove unnecessary (debug |
| information) attributes. |
| \end_float |
| \begin_float fig |
| \layout Standard |
| \align center |
| |
| \begin_inset Figure size 595 757 |
| file GUI2.eps |
| width 3 100 |
| height 3 90 |
| angle 90 |
| flags 9 |
| |
| \end_inset |
| |
| |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{GUI2fig} |
| |
| \end_inset |
| |
| Verification of the java.io.ObjectInputStream class file. |
| Verification is not passed because of an unsatisfied constraint related |
| to subroutines. |
| \end_float |
| \layout Chapter |
| |
| Conclusion |
| \layout Section |
| |
| What Was Achieved |
| \layout Standard |
| |
| About a third of the development time of JustIce was spent examining the |
| various issues in connection with subroutines, i.e., issues concerning the |
| bytecode instructions |
| \latex latex |
| |
| \backslash |
| texttt{jsr} |
| \latex default |
| , |
| \latex latex |
| |
| \backslash |
| texttt{jsr |
| \backslash |
| _w} |
| \latex default |
| and |
| \latex latex |
| |
| \backslash |
| texttt{ret} |
| \latex default |
| . |
| This led to a new definition of the term |
| \emph on |
| subroutine |
| \emph default |
| (section |
| \begin_inset LatexCommand \ref{SpecSubroutines} |
| |
| \end_inset |
| |
| ) |
| \begin_float footnote |
| \layout Standard |
| |
| A request for clarification of the subroutine issue, sent to the electronic |
| mail address |
| \family typewriter |
| jvm@java.sun.com |
| \family default |
| was not answered. |
| \end_float |
| , a new implementation of this verification area (section |
| \begin_inset LatexCommand \ref{SubroutineImpl} |
| |
| \end_inset |
| |
| ) and a discussion on the arising incompatibilities (sections |
| \begin_inset LatexCommand \ref{ComparisonSubroutines} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{StaerkJreject} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| Only a few different verifier implementations exist at all, and most of |
| them are incomplete. |
| JustIce is a complete class file verifier implementation including a bytecode |
| verifier. |
| \layout Standard |
| |
| The development of JustIce also led to improvements of the Byte Code Engineering |
| Library |
| \begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} |
| |
| \end_inset |
| |
| . |
| For instance, the |
| \family typewriter |
| returnaddress |
| \family default |
| data type was introduced there. |
| It was modeled as a parameterized type. |
| Also, a programming error was repaired that led to inconsistent treatment |
| of exception handlers in the BCEL. |
| \layout Standard |
| |
| The control flow graph used by JustIce can also be used in other projects; |
| the Verification API provides access to this data structure |
| \begin_float footnote |
| \layout Standard |
| |
| A |
| \family typewriter |
| Control\SpecialChar \- |
| Flow\SpecialChar \- |
| Graph |
| \family default |
| instance can be created by invoking the |
| \emph on |
| Control\SpecialChar \- |
| Flow\SpecialChar \- |
| Graph(Method\SpecialChar \- |
| Gen) |
| \emph default |
| constructor. |
| A |
| \family typewriter |
| Method\SpecialChar \- |
| Gen |
| \family default |
| is the BCEL's representation of a method. |
| \end_float |
| . |
| Only because of the clarification of the subroutine issues could such a |
| data structure be defined statically. |
| \layout Standard |
| |
| As an Open Source project, JustIce provides algorithms which may be re-used |
| in own projects. |
| For example, every compiler targeting the JVM has to calculate the maximum |
| amount of stack memory used by a method. |
| This is also done by JustIce. |
| \layout Standard |
| |
| Finally, the need for a discussion on the meaning of |
| \emph on |
| Java security |
| \emph default |
| was identified (see section |
| \begin_inset LatexCommand \ref{LinePrincipleInfoHidingAndSecurity} |
| |
| \end_inset |
| |
| ). |
| \layout Section |
| |
| What Could Not Be Achieved |
| \layout Subsection |
| |
| A Constraint Database |
| \layout Standard |
| |
| Efforts have been made to make JustIce verifier highly configurable. |
| Unfortunately, this could not be accomplished by the author. |
| For instance, it was planned to build a constraint database which would |
| make it possible to turn on or off single checks during verification. |
| \layout Standard |
| |
| While this might be possible in some cases, in general the constraints of |
| the class file verifier are highly intertwined. |
| For instance, without a well-formed constant pool one could not run the |
| data flow analyzer in a sane way. |
| As another example, if a user preferred not to care about stack underflow |
| the verification algorithm would require complicated user interaction; |
| i.e., the user would have to decide what type to put onto the simulated operand |
| stack just before it is read. |
| \layout Standard |
| |
| One could model the interdependencies of the various constraints and allow |
| only groups of checks to be turned on or off together. |
| However, the author doubts this could be done in a way that is not prone |
| to errors and that can be validated easily. |
| \layout Standard |
| |
| This is also the reason why only one error is reported if verification fails. |
| Trying to continue verification and find more constraint violations leads |
| only to consequential verification errors. |
| \layout Standard |
| |
| JustIce implements caching of verification results. |
| If a bytecode engineer works on a class file and needs to run JustIce several |
| times against it, JustIce will cache the verification results of the recursivel |
| y referenced class files. |
| Because of this, JustIce will be fast every subsequent time it is used |
| to verify the class. |
| This minimizes the impact of the above shortcomings. |
| \layout Subsection |
| |
| A Perfect Verifier |
| \layout Standard |
| |
| JustIce does not implement a perfect verifier. |
| Some class files with code that is safe to execute are rejected. |
| Unfortunately, there has to be some degree of uncertainty concerning which |
| class files to reject. |
| \layout Standard |
| |
| The JVM performs |
| \emph on |
| initialization |
| \emph default |
| of class files after loading and verifying them without error. |
| This includes running the code in the special class initialization method |
| called |
| \emph on |
| <clinit> |
| \emph default |
| if it exists (see |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 53). |
| For the correct operation of the JVM it is important that this method does |
| not contain an infinite loop. |
| Verifying if this constraint is true is similar to the Halting Problem |
| and therefore not generally computable |
| \begin_inset LatexCommand \cite{Unknowable} |
| |
| \end_inset |
| |
| . |
| A verifier has to omit the check and pass potentially unsafe class files. |
| \layout Standard |
| |
| For another example, consider algorithm |
| \begin_inset LatexCommand \ref{StackOverflowAlgo} |
| |
| \end_inset |
| |
| below. |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{StackOverflowAlgo} |
| |
| \end_inset |
| |
| Rejected class |
| \layout Standard |
| |
| |
| \family typewriter |
| public static int always_true() |
| \layout Standard |
| |
| |
| \family typewriter |
| Code(max_stack = 1, max_locals = 1, code_length = 2) |
| \layout Standard |
| |
| |
| \family typewriter |
| 0: iconst_1\SpecialChar ~ |
| \SpecialChar ~ |
| ; push constant 1 onto stack |
| \layout Standard |
| |
| |
| \family typewriter |
| 1: ireturn\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; return constant 1 ( |
| \begin_inset Quotes eld |
| \end_inset |
| |
| true |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ) |
| \newline |
| |
| \layout Standard |
| |
| |
| \family typewriter |
| public static void good_method() |
| \layout Standard |
| |
| |
| \family typewriter |
| 0: invokestatic NewClass0.always_true ()I (18) |
| \layout Standard |
| |
| |
| \family typewriter |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Push |
| \begin_inset Quotes eld |
| \end_inset |
| |
| true |
| \begin_inset Quotes erd |
| \end_inset |
| |
| on stack |
| \layout Standard |
| |
| |
| \family typewriter |
| 3: ifne #10\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; If |
| \begin_inset Quotes eld |
| \end_inset |
| |
| true |
| \begin_inset Quotes erd |
| \end_inset |
| |
| is on stack jump to 10 |
| \layout Standard |
| |
| |
| \family typewriter |
| 6: pop \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; Pop a value off the stack |
| \layout Standard |
| |
| |
| \family typewriter |
| 7: goto #6 \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; jump to 6 |
| \layout Standard |
| |
| |
| \family typewriter |
| 10:return\SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| ; complete method |
| \end_float |
| This code is harmless, because lines 6 and 7 can never be executed (it would |
| underflow the operand stack in an infinite loop). |
| A class file with this code is rejected by JustIce and other verifiers, |
| because the endless loop seems to be a malicious threat to the integrity |
| of the JVM. |
| \layout Standard |
| |
| We conclude that there cannot be a perfect verifier. |
| All that could be done is reduce the degree of uncertainty. |
| For practical purposes, i.e., to be compatible with Sun's implementation, |
| one should not even do that. |
| \layout Standard |
| |
| There is also a simple proof showing a perfect verifier does not exist in |
| |
| \begin_inset LatexCommand \cite{JNS} |
| |
| \end_inset |
| |
| , chapter 6. |
| It uses a diagonalization argument. |
| \layout Section |
| |
| Future Work |
| \layout Standard |
| |
| Class file verification is an integral component of Java security; and applicati |
| on programs running on the Java Virtual Machine are often used in security |
| critical areas. |
| Several security holes and flaws have been found both in implementations |
| and the specification of the Java class file verifier since it was introduced. |
| \layout Standard |
| |
| Recently, the area has experienced a leap as a theoretically founded, sound |
| and complete Java environment was defined in |
| \begin_inset LatexCommand \cite{JBook} |
| |
| \end_inset |
| |
| . |
| Possibly Sun's engineers will use this work to improve Java and the Java |
| verifier. |
| JustIce will have to change to always keep close to the industry standard. |
| |
| \layout Standard |
| |
| But JustIce itself can also be improved concerning practicability, and new |
| software can be developed on top of the Verification API. |
| \layout Subsection |
| |
| Improvements to JustIce |
| \layout Subsubsection |
| |
| Introduction of Unique Identifers for Verification Results and Warning Messages |
| \layout Standard |
| |
| Currently, warning messages and verification results are conceptually text-based. |
| Only |
| \emph on |
| VerificationResult |
| \emph default |
| objects include a numeric value which programs can use to decide if some |
| class verification failed or not. |
| A program like the prototype introduced in section |
| \begin_inset LatexCommand \ref{GUI_APP} |
| |
| \end_inset |
| |
| can currently not hide specific messages from the user without parsing |
| text. |
| This limitation should be removed in the future by using unique message |
| numbers. |
| This would also make translation of the messages into other languages easier. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{NewVerificationStrategy} |
| |
| \end_inset |
| |
| A New Verification Strategy |
| \layout Standard |
| |
| The core verification algorithm cited in section |
| \begin_inset LatexCommand \ref{SunCoreAlgo} |
| |
| \end_inset |
| |
| works by generalizing the knowledge about an object type along the inheritance |
| hierarchy. |
| \layout Standard |
| |
| For instance, let there be an object of type |
| \family typewriter |
| java.util.Ab\SpecialChar \- |
| stract\SpecialChar \- |
| List |
| \family default |
| on the simulated stack of some modeled instruction. |
| Let there be a loop so that the algorithm has to visit that same instruction |
| again, this time with an object of type |
| \family typewriter |
| java.util.Ab\SpecialChar \- |
| stract\SpecialChar \- |
| Set |
| \family default |
| in that same stack slot. |
| The verifier will compute the meet of the two types and record that there |
| is some object of type |
| \family typewriter |
| java.util.Ab\SpecialChar \- |
| stract\SpecialChar \- |
| Collection |
| \family default |
| in that stack slot. |
| \layout Standard |
| |
| Remember that the instruction will be marked with a |
| \emph on |
| changed |
| \emph default |
| bit until no such re-typing change occurs any more (JustIce will actually |
| put it into a queue). |
| \layout Standard |
| |
| This approach does not work very well when it comes to interface types instead |
| of class files. |
| For example, the meet of a |
| \family typewriter |
| java.lang.In\SpecialChar \- |
| teger |
| \family default |
| and a |
| \family typewriter |
| java.lang.Doub\SpecialChar \- |
| le |
| \family default |
| is a |
| \family typewriter |
| java.lang.Num\SpecialChar \- |
| ber |
| \family default |
| because |
| \family typewriter |
| java.lang.Num\SpecialChar \- |
| ber |
| \family default |
| \emph on |
| |
| \emph default |
| is the first common super class. |
| Both classes also implement the |
| \family typewriter |
| java.lang.Com\SpecialChar \- |
| parable |
| \family default |
| interface, but |
| \family typewriter |
| java.lang.Num\SpecialChar \- |
| ber |
| \family default |
| does not. |
| This information is lost when replacing the type information. |
| However, current verifiers do not reject the class files but make additional |
| run-time checks necessary. |
| \layout Standard |
| |
| Fong noticed that this could be the reason for the |
| \latex latex |
| |
| \backslash |
| texttt{invoke\SpecialChar \- |
| interface} |
| \latex default |
| opcode to be underspecified |
| \begin_inset LatexCommand \cite{Fong2-WWW} |
| |
| \end_inset |
| |
| (also see section |
| \begin_inset LatexCommand \ref{InvokeInterfaceDescFONG} |
| |
| \end_inset |
| |
| ). |
| \layout Standard |
| |
| Stärk et al. |
| suggest the use of |
| \emph on |
| sets |
| \emph default |
| of reference types instead ( |
| \begin_inset LatexCommand \cite{JBook} |
| |
| \end_inset |
| |
| , pages 229-231). |
| This could also be implemented in JustIce. |
| \layout Subsubsection |
| |
| Keeping up with Specification Clarifications |
| \layout Standard |
| |
| As a clean-room implementation, JustIce depends on the clearness of the |
| specification. |
| Ambiguities could lead to programming errors. |
| \layout Standard |
| |
| Here we give one example: methods can be inherited in Java (for example, |
| the method |
| \emph on |
| clone() |
| \emph default |
| is declared in the |
| \family typewriter |
| java.lang.Ob\SpecialChar \- |
| ject |
| \family default |
| class and therefore inherited by every other class). |
| \layout Standard |
| |
| Let a class |
| \family typewriter |
| A |
| \family default |
| be a subclass of |
| \family typewriter |
| java.lang.Ob\SpecialChar \- |
| ject |
| \family default |
| and let class |
| \family typewriter |
| B |
| \family default |
| be a subclass of |
| \family typewriter |
| A |
| \family default |
| . |
| Also, let class |
| \family typewriter |
| B |
| \family default |
| override the definition of |
| \emph on |
| clone() |
| \emph default |
| with an own implementation. |
| \layout Standard |
| |
| If |
| \emph on |
| javac |
| \emph default |
| compiles a Java program that invokes this method, it is either referenced |
| as |
| \emph on |
| java.lang.Ob\SpecialChar \- |
| ject::clone() |
| \emph default |
| or as |
| \emph on |
| B::clone() |
| \emph default |
| . |
| However, because |
| \family typewriter |
| A |
| \family default |
| inherits this method, the reference |
| \emph on |
| A::clone() |
| \emph default |
| is legal, too. |
| \layout Standard |
| |
| In The Java Virtual Machine Specification, Second Edition ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 291) it is said that the reference must be a |
| \begin_inset Quotes eld |
| \end_inset |
| |
| symbolic reference to the class in which the method is to be found |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| Statically, the method |
| \emph on |
| clone() |
| \emph default |
| can of course not be found in class |
| \family typewriter |
| A |
| \family default |
| . |
| One could therefore think the reference |
| \emph on |
| A::clone() |
| \emph default |
| was not legal. |
| \layout Standard |
| |
| In the meanwhile, Sun's engineer Gilad Bracha clarified this issue: |
| \begin_inset Quotes eld |
| \end_inset |
| |
| Of course. |
| This is discussed in JVMS 5.4.3.4, which describes interface method resolution. |
| I don't see the text on page 280 as contradicting that. |
| The symbolic reference does give an interface in which the required method |
| can be found, albeit as an inherited member. |
| We could try and reword it in a more precise way, to eliminate any misunderstan |
| dings. |
| \begin_inset Quotes erd |
| \end_inset |
| |
| |
| \layout Standard |
| |
| Keeping up with clarifications like this is an inevitable and on-going part |
| of the development of JustIce. |
| \layout Subsubsection |
| |
| Keeping up with Java Extensions |
| \layout Standard |
| |
| Recently, Sun Microsystems introduced a new attribute: the |
| \family typewriter |
| StackMap |
| \family default |
| attribute which is an attribute local to the |
| \family typewriter |
| Code |
| \family default |
| attribute (see section |
| \emph on |
| |
| \begin_inset LatexCommand \ref{CodeAttribute} |
| |
| \end_inset |
| |
| |
| \emph default |
| ). |
| It was specified in |
| \begin_inset LatexCommand \cite{J2ME-CLDCS} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| It is there to provide |
| \begin_inset Quotes eld |
| \end_inset |
| |
| limited devices |
| \begin_inset Quotes erd |
| \end_inset |
| |
| that perform a one-pass verification with type information that would normally |
| have to be inferred by the verifier. |
| \layout Standard |
| |
| It is not used by the verification algorithm of JustIce now: it's currently |
| an |
| \emph on |
| unknown attribute |
| \emph default |
| to JustIce. |
| \layout Subsubsection |
| |
| Detecting Local Variable Accesses out of Scope |
| \layout Standard |
| |
| The |
| \family typewriter |
| LocalVariableTable |
| \family default |
| attribute is a debug information attribute. |
| Basically, it gives debuggers information about the original (source code) |
| name and type of a given local variable. |
| \layout Standard |
| |
| JustIce builds data structures to warn if it detects contradicting and overlappi |
| ng areas; e.g., if some local variable is anounced to carry an |
| \family typewriter |
| int |
| \family default |
| value and a |
| \family typewriter |
| float |
| \family default |
| value at the same time. |
| \layout Standard |
| |
| It could also be interesting to warn if a local variable is accessed for |
| which no debug information exists. |
| This is currently not implemented. |
| \layout Subsubsection |
| |
| Extending the Verification API |
| \layout Standard |
| |
| JustIce can easily be extended to run certain analyses related to symbolic |
| bytecode execution. |
| \layout Standard |
| |
| This includes the computation of the maximum number of used operand stack |
| slots in a method or the computation of unused local variables in a method. |
| \layout Standard |
| |
| These analyses are normally costly to implement |
| \begin_float footnote |
| \layout Standard |
| |
| Often, heuristics are used such as the method MethodGen.getMaxStack() in |
| the BCEL |
| \begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} |
| |
| \end_inset |
| |
| . |
| \end_float |
| , but they are a waste product of the verifier's core algorithm. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{VerifierValidationSuite} |
| |
| \end_inset |
| |
| A Verifier Validation Suite |
| \layout Standard |
| |
| The Kimera project |
| \begin_inset LatexCommand \cite{Kimera-WWW} |
| |
| \end_inset |
| |
| was the first known project to implement a stand-alone Java verifier. |
| The people behind the project had to test the behaviour of their verifier |
| against the behaviour of the previous implementations. |
| Tests have been run in order to validate the Kimera verifier. |
| These tests range from simply introducing random one-byte errors into class |
| files and automatically running Kimera against other verifiers to elaborate |
| research work |
| \begin_inset LatexCommand \cite{Kimera-ProdGram,Kimera-TestingJVM} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| Currently, JustIce comes only with a very limited possibility of running |
| test cases against the native verifier of the host machine's JVM. |
| The pioneering work of the Kimera project could be used to implement a |
| validation suite for JustIce. |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{Firewall} |
| |
| \end_inset |
| |
| A Verifier Protecting an Intranet |
| \layout Standard |
| |
| Often, Java Virtual Machines are built into software used to browse the |
| World Wide Web such as the KDE project's |
| \emph on |
| Konqueror |
| \begin_inset LatexCommand \cite{KDE} |
| |
| \end_inset |
| |
| |
| \emph default |
| or Mozilla.org's |
| \emph on |
| Mozilla |
| \emph default |
| |
| \begin_inset LatexCommand \cite{Mozilla} |
| |
| \end_inset |
| |
| products. |
| Such Internet technology is also often used in corporate networks. |
| Corporate networks based on internet technology are called |
| \emph on |
| intranets |
| \emph default |
| ; these networks are normally protected from the Internet by a so-called |
| |
| \emph on |
| firewall |
| \emph default |
| computer. |
| |
| \layout Standard |
| |
| This computer's task is to provide access to the internet only to privileged |
| employees and --even more important-- it blocks access from unauthorized |
| persons outside the intranet. |
| The firewall machine is a single, bi-directional point of access. |
| \layout Standard |
| |
| However, normally web-browsing is considered harmless, so that the employees |
| can unrestrictedly gather information, possibly visiting Java-enabled web |
| sites. |
| The JVMs built into the browser software run software downloaded from the |
| World Wide Web; while the the built-in verifiers make sure that no dangerous |
| code can be executed. |
| \layout Standard |
| |
| Let us assume someone discovered a security hole in the verifier implementation |
| or implementations that are used on the corporate network's workstations; |
| let us also assume a patch exists that would fix the problem. |
| |
| \layout Standard |
| |
| A system administrator would have to spent a lot of time to repair every |
| single verifier. |
| A cheaper solution would be a verifier built into the firewall machine; |
| such a verifier can easily be implemented using JustIce and its Verification |
| API. |
| \layout Subsection |
| |
| A Java Virtual Machine Implementation Using JustIce |
| \layout Standard |
| |
| The Java verifier is originally a part of the Java Virtual Machine. |
| JustIce could also be part of a Java Virtual Machine. |
| JustIce's class files (the program code JustIce consists of) could simply |
| be integrated into the core Java class files. |
| The execution engine would then run JustIce without actually verifying |
| JustIce's class files themselves. |
| |
| \layout Standard |
| |
| For scientific purposes one could also implement a JVM in the Java programming |
| language. |
| Such an implementation could, for example, serve as a debugger. |
| \layout Subsection |
| |
| |
| \begin_inset LatexCommand \label{LinePrincipleInfoHidingAndSecurity} |
| |
| \end_inset |
| |
| Drawing a Clear Line Between the Principle of Information Hiding and Security |
| \layout Standard |
| |
| The principle of information hiding has been (and still is!) a practice |
| of experienced programmers for many years. |
| It is there to reduce programming errors. |
| \layout Standard |
| |
| In the Modula-2 programming language |
| \begin_inset LatexCommand \cite{M2} |
| |
| \end_inset |
| |
| this is achieved by explicitely dividing the program code in definition |
| modules and implementation modules. |
| In older programming languages, such as in the C programming language |
| \begin_inset LatexCommand \cite{C} |
| |
| \end_inset |
| |
| , this principle is implicitely used, too. |
| Basically this is achieved by defining interfaces that only describe what |
| the code of a program module does. |
| These interface |
| \begin_inset Quotes eld |
| \end_inset |
| |
| headers |
| \begin_inset Quotes erd |
| \end_inset |
| |
| are included into user code instead of simply including the code itself. |
| |
| \layout Standard |
| |
| In object-oriented programming languages such as in Delphi |
| \begin_inset LatexCommand \cite{D3} |
| |
| \end_inset |
| |
| , C++ |
| \begin_inset LatexCommand \cite{CPP-D,CPP-E} |
| |
| \end_inset |
| |
| or Java |
| \begin_inset LatexCommand \cite{langspec2} |
| |
| \end_inset |
| |
| , this principle is refined to what is called object encapsulation. |
| When a class is defined, certain key words such as |
| \family typewriter |
| private |
| \family default |
| , |
| \family typewriter |
| protected |
| \family default |
| , |
| \family typewriter |
| friend |
| \family default |
| , |
| \family typewriter |
| public |
| \family default |
| , |
| \family typewriter |
| published |
| \family default |
| set the access rules for the members |
| \begin_float footnote |
| \layout Standard |
| |
| The members of a class are its components: methods (program code) and fields |
| (also called attributes or variables). |
| \end_float |
| of an object of the given class. |
| \layout Standard |
| |
| Still, this refined technique does not have anything to do with security. |
| It is only there to aid programmers create a reasonable design. |
| If every piece of code could manipulate every data structure, one would |
| not know where to look for a programming error in the program source code. |
| On the other hand, if some field is private in C++, one could (with some |
| knowledge about the compiler used) still reference and modify this field |
| by pointer manipulation. |
| In addition to that, a second program like a debugger could watch even |
| the data of private fields. |
| \layout Standard |
| |
| However, when a Java program is compiled into the language of the JVM, the |
| information about the access rights of the fields and methods is included. |
| This is where the principle of information hiding is exploited to provide |
| security. |
| For example, the verifier of the JVM has to make sure private fields are |
| never accessed from a foreign piece of code. |
| But there are many implementations of the JVM which have security flaws |
| such as not honouring the access rights. |
| There are debuggers for JVM bytecodes, too. |
| \layout Standard |
| |
| When one thinks about security, one has to think of some enemy who could |
| try to harm the computer or information stored on that computer. |
| From a JVM user's point of view, the JVM is relatively secure. |
| Even running untrusted code cannot do much harm. |
| Because the security flaws in different JVM implementations differ, they |
| are probably not exploited most times. |
| \layout Standard |
| |
| From a Java programmer's point of view, the JVM is not secure. |
| Untrusted users can do much harm. |
| For example, an online banking application storing important data in Java |
| fields (such as access information to the bank's database management system) |
| is a threat to both the bank and its customers. |
| This information could easily be extracted by a malicious user. |
| \layout Standard |
| |
| Another problem for Java programmers is the amount of symbolical information |
| stored in class files. |
| Today, it is easy to de-compile a Java class file back to Java language |
| source code |
| \begin_inset LatexCommand \cite{JODE-WWW} |
| |
| \end_inset |
| |
| . |
| This source code can then be read and analyzed by the user. |
| Facing this problem, the |
| \begin_inset Quotes eld |
| \end_inset |
| |
| only safe course of action is to assume that ALL Java code will at some |
| point be decompiled |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ( |
| \begin_inset LatexCommand \cite{JNS} |
| |
| \end_inset |
| |
| , page 68). |
| \layout Standard |
| |
| We conclude that the principle of information hiding is not enough to provide |
| a degree of security that both --users and programmers-- could accept. |
| Programmers should not believe a good design makes a program |
| \emph on |
| secure |
| \emph default |
| . |
| |
| \layout Chapter |
| |
| Appendix |
| \layout Section |
| |
| History of JustIce |
| \layout Standard |
| |
| The author of JustIce once started to implement a class file decompiler |
| like Jode |
| \begin_inset LatexCommand \cite{JODE-WWW} |
| |
| \end_inset |
| |
| . |
| It soon became clear that to successfully implement it, one should exploit |
| the |
| \begin_inset Quotes eld |
| \end_inset |
| |
| well-behaved |
| \begin_inset Quotes erd |
| \end_inset |
| |
| property of class files (which essentially means that they pass a verifier, |
| especially pass three) |
| \begin_inset LatexCommand \cite{Krakatoa-WWW} |
| |
| \end_inset |
| |
| . |
| |
| \layout Standard |
| |
| JustIce was then developed to understand the |
| \begin_inset Quotes eld |
| \end_inset |
| |
| well-behaved |
| \begin_inset Quotes erd |
| \end_inset |
| |
| property of usual class files. |
| It took much longer to complete than estimated because of the many inherent |
| bugs and ambiguities in The Java Virtual Machine Specification, Second |
| Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| Its name starts with a |
| \emph on |
| J |
| \emph default |
| like Java does, referring to the tradition of giving Java-related software |
| such names. |
| The second part of the name, |
| \emph on |
| ICE |
| \emph default |
| , was inspired by a novel by William Gibson |
| \begin_inset LatexCommand \cite{Neuromancer} |
| |
| \end_inset |
| |
| . |
| It is an acronym for |
| \emph on |
| Intrusion Countermeasures Electronics |
| \emph default |
| , something that is very much like today's firewall systems (see section |
| |
| \begin_inset LatexCommand \ref{Firewall} |
| |
| \end_inset |
| |
| ). |
| He credits the invention of |
| \emph on |
| ICE |
| \emph default |
| to Tom Maddox. |
| The missing three letters were inserted to create a word that makes sense; |
| in fact, choosing the three-letter combination |
| \emph on |
| ust |
| \emph default |
| resulted in the creation of a word with a double sense via bi-capitalization. |
| \layout Standard |
| |
| JustIce was written using and extending the excellent Byte Code Engineering |
| Library |
| \begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} |
| |
| \end_inset |
| |
| by Markus Dahm. |
| It really helped a lot and sped up development time. |
| \layout Standard |
| |
| It was also --last but not least-- written to earn its author a German |
| \emph on |
| Dipl.-Inform. |
| |
| \emph default |
| degree which one may compare to a |
| \emph on |
| master |
| \emph default |
| degree. |
| \layout Section |
| |
| Flaws and Ambiguities Encountered |
| \layout Standard |
| |
| While designing, implementing and testing JustIce, a lot of interesting |
| flaws and ambiguities were found in the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , the Java compiler |
| \emph on |
| javac |
| \emph default |
| and the JVM |
| \emph on |
| java |
| \emph default |
| . |
| \layout Subsection |
| |
| Flaws in the Java Virtual Machine Specification |
| \layout Standard |
| |
| The Java Virtual Machine Specification, Second Edition was derived from |
| an in-house document describing the as-is implementation of Sun's genuine |
| Java Virtual Machine ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page xiv). |
| This sometimes leads to problems as there are still a few points left where |
| Sun's engineers forgot to describe specification details to the public, |
| in error assuming they would be implementation details. |
| Another source of mistakes are ambiguities, inherent to natural languages |
| auch as English. |
| \layout Subsubsection |
| |
| A Code Length Maximum of 65535 Bytes per Method |
| \layout Standard |
| |
| On page 152, The Java Virtual Machine Specification, Second Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| says that code arrays may at most have a length of 65536 bytes because |
| certain indices that point into the code are only 16 bits of width. |
| Page 134 states the code must have |
| \begin_inset Quotes gld |
| \end_inset |
| |
| less than |
| \begin_inset Quotes grd |
| \end_inset |
| |
| 65536 bytes. |
| Therefore, the limitation stated on page 152 is not helpful, but only confusing. |
| \layout Subsubsection |
| |
| Subroutines |
| \layout Standard |
| |
| The implementation of a provably correct verifier is not possible because |
| of the ambiguities in the specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| To reach this goal, various efforts have been made to describe the verifier |
| and the JVM formally |
| \begin_inset LatexCommand \cite{Qian,StataAbadi,FreundMitchell,JBook,JPaper} |
| |
| \end_inset |
| |
| . |
| By restricting the code |
| \emph on |
| javac |
| \emph default |
| produces or by redefining the verifier's behaviour, however, they are never |
| one-to-one with the behaviour of the existing JVMs. |
| \layout Standard |
| |
| Sun's specification does not define the term |
| \emph on |
| subroutine |
| \emph default |
| although it is used. |
| Instead, it is explained what bytecode the Java |
| \emph on |
| compiler |
| \emph default |
| generates when a |
| \family typewriter |
| finally |
| \family default |
| clause appears in the Java |
| \emph on |
| language |
| \emph default |
| source code -- this definitely does not belong there, because a verifier |
| must never assume the code it verifies was created by Sun's |
| \emph on |
| javac |
| \emph default |
| compiler. |
| \layout Standard |
| |
| Clarifying this issue could lead to an |
| \emph on |
| official |
| \emph default |
| formal specification. |
| \layout Subsubsection |
| |
| The Specification Sometimes Satisfies the Verifier |
| \layout Standard |
| |
| |
| \begin_inset LatexCommand \label{InvokeInterfaceDescFONG} |
| |
| \end_inset |
| |
| Fong |
| \begin_inset LatexCommand \cite{Fong2-WWW} |
| |
| \end_inset |
| |
| found in 1997 that the |
| \family typewriter |
| invokeinterface |
| \family default |
| opcode was underspecified in the first edition of the Java Virtual Machine |
| Specification. |
| He managed to create a class file that did not implement a specific interface |
| but nevertheless used |
| \family typewriter |
| invokeinterface |
| \family default |
| to invoke a method. |
| This class file passed the verifier (up to pass three), but the JVM found |
| the problem during run-time (pass four). |
| Fong concluded that the omission in the specification was done on purpose |
| because the implementation of the data flow analyzer does not allow to |
| check this constraint (please see section |
| \begin_inset LatexCommand \ref{NewVerificationStrategy} |
| |
| \end_inset |
| |
| for a description of how this limitation could be overcome). |
| However, in The Java Virtual Machine Specification, Second Edition |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , the specification of |
| \family typewriter |
| invokeinterface |
| \family default |
| is corrected. |
| \layout Standard |
| |
| Still, there is another case where one would suspect the specification describes |
| the behaviour of the verifier: on pages 147 and 148 of the specification |
| |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , verification of instance initialization methods and newly created objects |
| is explained. |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| A valid instruction sequence must not have an uninitialized object on the |
| operand stack or in a local variable during a backwards branch, or in a |
| local variable in code protected by an exception handler or a |
| \family typewriter |
| finally |
| \family default |
| clause |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| Note that the Java language keyword |
| \family typewriter |
| finally |
| \family default |
| does not really belong here (Sun should speak of |
| \emph on |
| subroutines |
| \emph default |
| ), but more important is that this specification is made to satisfy the |
| verification algorithm: |
| \begin_inset Quotes eld |
| \end_inset |
| |
| Otherwise, a devious piece of code might fool the verifier |
| \begin_inset Quotes erd |
| \end_inset |
| |
| . |
| |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{InnerBug} |
| |
| \end_inset |
| |
| The '$' Character as a Valid Part of a Java Name |
| \layout Standard |
| |
| Because the |
| \emph on |
| javac |
| \emph default |
| compiler may create class files with a '$' character in their names as |
| a result of Java source files defining inner classes, this character should |
| no longer be a valid part of a Java name to avoid problems. |
| I.e., the method invocation |
| \emph on |
| ja\SpecialChar \- |
| va.lang.Cha\SpecialChar \- |
| rac\SpecialChar \- |
| ter.is\SpecialChar \- |
| Ja\SpecialChar \- |
| va\SpecialChar \- |
| Iden\SpecialChar \- |
| tifier\SpecialChar \- |
| Part('$'); |
| \emph default |
| should return the value |
| \family typewriter |
| false |
| \family default |
| . |
| \layout Subsection |
| |
| Flaws in the Implementation of the |
| \emph on |
| Java Platform |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{javacRejected} |
| |
| \end_inset |
| |
| Sun's Verifier Rejects Code Produced by Sun's Compiler |
| \layout Standard |
| |
| Surprisingly, there are a number of examples in which such a thing happens. |
| \layout Paragraph |
| |
| |
| \begin_inset LatexCommand \label{StaerkJreject} |
| |
| \end_inset |
| |
| Another Problem With Subroutines |
| \layout Standard |
| |
| In |
| \begin_inset LatexCommand \cite{JPaper} |
| |
| \end_inset |
| |
| , Stärk and Schmid give a few code examples which are compiled correctly |
| by the |
| \emph on |
| javac |
| \emph default |
| compiler but the resulting code is rejected by the traditional verifiers. |
| Algorithms |
| \begin_inset LatexCommand \ref{StaerkJLang} |
| |
| \end_inset |
| |
| and |
| \begin_inset LatexCommand \ref{StaerkJByteCode} |
| |
| \end_inset |
| |
| show one of their examples given in the Java programming language and the |
| resulting output of the |
| \emph on |
| javac |
| \emph default |
| compiler. |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{StaerkJLang} |
| |
| \end_inset |
| |
| Stärk and Schmid's Rejected Class, Java Language Version |
| \layout Standard |
| |
| |
| \family typewriter |
| class Test1{ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int test(boolean b){ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| int i; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| try{ |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (b) return 1; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| i=2; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| finally { |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| if (b) i = 3; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| return i; |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \newline |
| \SpecialChar ~ |
| \SpecialChar ~ |
| \SpecialChar ~ |
| } |
| \end_float |
| \layout Standard |
| |
| \begin_float alg |
| \layout Caption |
| |
| |
| \begin_inset LatexCommand \label{StaerkJByteCode} |
| |
| \end_inset |
| |
| Stärk and Schmid's Rejected Class, JVM Bytecode Version |
| \layout Standard |
| |
| |
| \family typewriter |
| int test(boolean arg1) |
| \layout Standard |
| |
| |
| \family typewriter |
| Code(max_stack = 1, max_locals = 6, code_length = 39) |
| \layout Standard |
| |
| |
| \family typewriter |
| 0: iload_1 |
| \layout Standard |
| |
| |
| \family typewriter |
| 1: ifeq #11 |
| \layout Standard |
| |
| |
| \family typewriter |
| 4: iconst_1 |
| \layout Standard |
| |
| |
| \family typewriter |
| 5: istore_3 |
| \layout Standard |
| |
| |
| \family typewriter |
| 6: jsr #27 |
| \layout Standard |
| |
| |
| \family typewriter |
| 9: iload_3 |
| \layout Standard |
| |
| |
| \family typewriter |
| 10: ireturn |
| \layout Standard |
| |
| |
| \family typewriter |
| 11: iconst_2 |
| \layout Standard |
| |
| |
| \family typewriter |
| 12: istore_2 |
| \layout Standard |
| |
| |
| \family typewriter |
| 13: jsr #27 |
| \layout Standard |
| |
| |
| \family typewriter |
| 16: goto #37 |
| \layout Standard |
| |
| |
| \family typewriter |
| 19: astore %4 |
| \layout Standard |
| |
| |
| \family typewriter |
| 21: jsr #27 |
| \layout Standard |
| |
| |
| \family typewriter |
| 24: aload %4 |
| \layout Standard |
| |
| |
| \family typewriter |
| 26: athrow |
| \layout Standard |
| |
| |
| \family typewriter |
| 27: astore %5 |
| \layout Standard |
| |
| |
| \family typewriter |
| 29: iload_1 |
| \layout Standard |
| |
| |
| \family typewriter |
| 30: ifeq #35 |
| \layout Standard |
| |
| |
| \family typewriter |
| 33: iconst_3 |
| \layout Standard |
| |
| |
| \family typewriter |
| 34: istore_2 |
| \layout Standard |
| |
| |
| \family typewriter |
| 35: ret %5 |
| \layout Standard |
| |
| |
| \family typewriter |
| 37: iload_2 |
| \layout Standard |
| |
| |
| \family typewriter |
| 38: ireturn |
| \end_float |
| If one tries to run this bytecode using a JVM by IBM Corporation, the code |
| is rejected |
| \begin_float footnote |
| \layout Standard |
| |
| It is also rejected by Sun's JVMs and the Kimera verifier |
| \begin_inset LatexCommand \cite{Kimera-WWW} |
| |
| \end_inset |
| |
| . |
| \end_float |
| : |
| \newline |
| |
| \family typewriter |
| ehaase@haneman:/home/ehaase > java Test1 |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Exception in thread "main" java.lang.VerifyError: |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| (class: Test1, method: test signature: (Z)I) |
| \newline |
| \SpecialChar \- |
| \SpecialChar ~ |
| \SpecialChar ~ |
| Localvariable 2 contains wrong type |
| \newline |
| |
| \newline |
| |
| \family default |
| In his lectures, Stärk explains that the problem lies in the polymorphic |
| nature of JVM subroutines |
| \begin_inset LatexCommand \cite{JLectures} |
| |
| \end_inset |
| |
| . |
| Consider algorithm |
| \begin_inset LatexCommand \ref{StaerkJByteCode} |
| |
| \end_inset |
| |
| . |
| In line 12, an |
| \family typewriter |
| int |
| \family default |
| is put into local variable number 2. |
| The subroutine starting at line 27 is then called from line number 13. |
| Note that this subroutine accesses the local variable number 2. |
| Finally, line 16 transfers control to line 37 where the verification problem |
| occurs. |
| An |
| \family typewriter |
| int |
| \family default |
| should be read from local variable number 2, but this is marked |
| \family typewriter |
| unusable |
| \family default |
| , because it was accessed in the subroutine. |
| \layout Standard |
| |
| However, the specification ( |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| , page 151) states: |
| \layout Itemize |
| |
| For any local variable that [\SpecialChar \ldots{} |
| ] has been accessed or modified by the subroutine, |
| use the type of the local variable at the time of the |
| \family typewriter |
| ret |
| \family default |
| . |
| \layout Itemize |
| |
| For any other local variables, use the type of the local variable before |
| the |
| \family typewriter |
| jsr |
| \family default |
| instruction. |
| \layout Standard |
| |
| As one can see, in the above example local variable number 2 holds an |
| \family typewriter |
| int |
| \family default |
| data type in both cases; there is no need to mark it |
| \family typewriter |
| unusable |
| \family default |
| . |
| This is the reason why JustIce does not reject the above bytecode, thus |
| being slightly incompatible with the behaviour of other verifiers. |
| \layout Paragraph |
| |
| The Maximum Method Length May Be Exceeded |
| \layout Standard |
| |
| The |
| \emph on |
| javac |
| \emph default |
| compiler Sun included in the Java Development Kit version 1.3.0_01 does not |
| check for the maximum method length of the |
| \family typewriter |
| code |
| \family default |
| array in a |
| \family typewriter |
| Code |
| \family default |
| attribute (see section |
| \begin_inset LatexCommand \ref{CodeAttribute} |
| |
| \end_inset |
| |
| ). |
| A test file containing 65000 lines like |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \family typewriter |
| Sys\SpecialChar \- |
| tem.out.println( |
| \begin_inset Quotes eld |
| \end_inset |
| |
| Test |
| \begin_inset Quotes erd |
| \end_inset |
| |
| ); |
| \family default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| was compiled, but the resulting class file was rejected by the verifier. |
| \layout Standard |
| |
| IBM Corporation's |
| \emph on |
| jikes |
| \emph default |
| compiler does not even generate code, but it locks up while compiling the |
| test file. |
| \layout Subsubsection |
| |
| A Compiler Issue Related to Inner Classes |
| \layout Standard |
| |
| The |
| \emph on |
| javac |
| \emph default |
| compiler has to name class files, even those of so-called anonymous classes |
| |
| \begin_inset LatexCommand \cite{InnerSpec} |
| |
| \end_inset |
| |
| . |
| \layout Standard |
| |
| This can cause problems: an inner class |
| \emph on |
| I |
| \emph default |
| defined in a class |
| \emph on |
| A |
| \emph default |
| will be compiled into a class file called |
| \emph on |
| A$I.class |
| \emph default |
| . |
| A Java class named |
| \emph on |
| A$I |
| \emph default |
| will also be compiled into a class file named |
| \emph on |
| A$I.class |
| \emph default |
| overwriting the former class file. |
| Because Sun did not forbid the ' |
| \emph on |
| $ |
| \emph default |
| ' character as a legal part of a Java identifier, the |
| \emph on |
| javac |
| \emph default |
| compiler should use a more sophisticated naming scheme. |
| \layout Subsubsection |
| |
| |
| \begin_inset LatexCommand \label{PassFourBug} |
| |
| \end_inset |
| |
| Pass Four is Only Partially Implemented |
| \layout Standard |
| |
| Pass four defines run-time tests for constraints that could also be verified |
| in pass three; it is only for performance reasons that these tests are |
| delayed. |
| Instead of having all the tests in one place, they are unnecessarily spread |
| |
| \begin_inset Quotes eld |
| \end_inset |
| |
| making the validation of the verification algorithm itself extremely difficult |
| \begin_inset Quotes erd |
| \end_inset |
| |
| |
| \begin_inset LatexCommand \cite{Fong-WWW} |
| |
| \end_inset |
| |
| . |
| Risking security for better performance is often regarded as a bad decision. |
| For instance, in the |
| \layout Standard |
| |
| |
| \family typewriter |
| java version "1.3.0_01" |
| \layout Standard |
| |
| |
| \family typewriter |
| Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_01) |
| \layout Standard |
| |
| |
| \family typewriter |
| Java HotSpot(TM) Client VM (build 1.3.0_01, mixed mode) |
| \layout Standard |
| |
| Java Virtual Machine, the pass four check for access rights was unintentionally |
| omitted. |
| Sadly, other vendors license Sun's code and base their own implementations |
| on that code. |
| Therefore, mistakes are often inherited throughout the JVM vendors. |
| The |
| \layout Standard |
| |
| |
| \family typewriter |
| java version "1.3.0" |
| \layout Standard |
| |
| |
| \family typewriter |
| Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0) |
| \layout Standard |
| |
| |
| \family typewriter |
| Classic VM (build 1.3.0, J2RE 1.3.0 IBM build cx130-20010626 (JIT enabled: jitc)) |
| \layout Standard |
| |
| Java Virtual Machine by IBM Corporation, for example, exposes the same mistake. |
| \layout Section |
| |
| Related Work |
| \layout Subsection |
| |
| The Kimera Project |
| \layout Standard |
| |
| It is a misfortune that the Kimera |
| \begin_inset LatexCommand \cite{Kimera-WWW} |
| |
| \end_inset |
| |
| project closed the World Wide Web presence and that the source code of |
| the Kimera verifier was never released -- it would have been quite interesting |
| to see how that respected verifier implementation deals with the problems |
| arising concerning subroutine verification. |
| \layout Standard |
| |
| However, Kimera is the single other stand-alone verifier besides JustIce |
| the author knows of. |
| The people behind the project found important security breaches in JVM |
| implementations of various World Wide Web browsers. |
| \layout Standard |
| |
| Also, they validated their verifier implementation and published several |
| papers on JVM implementation verification |
| \begin_inset LatexCommand \cite{Kimera-ProdGram,Kimera-TestingJVM} |
| |
| \end_inset |
| |
| . |
| \layout Subsection |
| |
| The Verifier by Stärk, Schmid and Börger |
| \layout Standard |
| |
| In |
| \begin_inset LatexCommand \cite{JBook} |
| |
| \end_inset |
| |
| , the authors define the Java programming language and the Java virtual |
| machine formally using |
| \emph on |
| Abstract State Machines |
| \emph default |
| (ASM). |
| This also includes the verifier; its specifications have also been implemented |
| in the functional programming language AsmGofer |
| \begin_inset LatexCommand \cite{AsmGofer} |
| |
| \end_inset |
| |
| . |
| This implementation is included on the CD-ROM that accompanies the book. |
| \layout Standard |
| |
| The |
| \begin_inset Quotes eld |
| \end_inset |
| |
| |
| \emph on |
| JBook verifier |
| \emph default |
| |
| \begin_inset Quotes erd |
| \end_inset |
| |
| does not implement a complete class file verifier. |
| It currently only implements the bytecode verification. |
| Its input files are not class files itself, but a textual representation |
| of class files in so-called Jasmin format |
| \begin_inset LatexCommand \cite{JVM} |
| |
| \end_inset |
| |
| . |
| Therefore, this implementation is merely of theoretical interest. |
| \layout Standard |
| |
| It does, however, implement a bytecode verifier that is founded on a |
| \emph on |
| solid |
| \emph default |
| theory. |
| This theory could become the standard for the interpretation of the JVM |
| specification |
| \begin_inset LatexCommand \cite{vmspec2} |
| |
| \end_inset |
| |
| . |
| It could even change the specification to remove its ambiguities. |
| \layout Standard |
| |
| There is also an unreleased version of this verifier implemented in the |
| Java programming language using the BCEL. |
| This implementation, if it should ever be released, promises a lot as it |
| could combine usability and a solid theory. |
| \layout Section |
| |
| |
| \begin_inset LatexCommand \label{GPL} |
| |
| \end_inset |
| |
| The GNU General Public License |
| \layout Standard |
| |
| |
| \emph on |
| GNU GENERAL PUBLIC LICENSE |
| \layout Standard |
| |
| Version 2, June 1991 |
| \layout Standard |
| |
| Copyright (C) 1989, 1991 Free Software Foundation, Inc. |
| \layout Standard |
| |
| 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| \layout Standard |
| |
| Everyone is permitted to copy and distribute verbatim copies of this license |
| document, but changing it is not allowed. |
| \layout Standard |
| |
| |
| \emph on |
| Preamble |
| \layout Standard |
| |
| The licenses for most software are designed to take away your freedom to |
| share and change it. |
| By contrast, the GNU General Public License is intended to guarantee your |
| freedom to share and change free software--to make sure the software is |
| free for all its users. |
| This General Public License applies to most of the Free Software Foundation's |
| software and to any other program whose authors commit to using it. |
| (Some other Free Software Foundation software is covered by the GNU Library |
| General Public License instead.) You can apply it to your programs, too.When |
| we speak of free software, we are referring to freedom, not price. |
| Our General Public Licenses are designed to make sure that you have the |
| freedom to distribute copies of free software (and charge for this service |
| if you wish), that you receive source code or can get it if you want it, |
| that you can change the software or use pieces of it in new free programs; |
| and that you know you can do these things. |
| \layout Standard |
| |
| To protect your rights, we need to make restrictions that forbid anyone |
| to deny you these rights or to ask you to surrender the rights. |
| \layout Standard |
| |
| These restrictions translate to certain responsibilities for you if you |
| distribute copies of the software, or if you modify it. |
| For example, if you distribute copies of such a program, whether gratis |
| or for a fee, you must give the recipients all the rights that you have. |
| You must make sure that they, too, receive or can get the source code. |
| And you must show them these terms so they know their rights. |
| \layout Standard |
| |
| We protect your rights with two steps: |
| \layout Standard |
| |
| (1) copyright the software, and |
| \layout Standard |
| |
| (2) offer you this license which gives you legal permission to copy, distribute |
| and/or modify the software. |
| \layout Standard |
| |
| Also, for each author's protection and ours, we want to make certain that |
| everyone understands that there is no warranty for this free software. |
| If the software is modified by someone else and passed on, we want its |
| recipients to know that what they have is not the original, so that any |
| problems introduced by others will not reflect on the original authors' |
| reputations. |
| \layout Standard |
| |
| Finally, any free program is threatened constantly by software patents. |
| We wish to avoid the danger that redistributors of a free program will |
| individually obtain patent licenses, in effect making the program proprietary. |
| To prevent this, we have made it clear that any patent must be licensed |
| for everyone's free use or not licensed at all. |
| \layout Standard |
| |
| The precise terms and conditions for copying, distribution and modification |
| follow. |
| \layout Standard |
| |
| |
| \emph on |
| GNU GENERAL PUBLIC LICENSE |
| \layout Standard |
| |
| |
| \emph on |
| TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION |
| \layout Standard |
| |
| 0. |
| This License applies to any program or other work which contains a notice |
| placed by the copyright holder saying it may be distributed under the terms |
| of this General Public License. |
| The "Program", below, refers to any such program or work, and a "work based |
| on the Program" means either the Program or any derivative work under copyright |
| law: that is to say, a work containing the Program or a portion of it, |
| either verbatim or with modifications and/or translated into another language. |
| (Hereinafter, translation is included without limitation in the term "modificat |
| ion".) Each licensee is addressed as "you". |
| Activities other than copying, distribution and modification are not covered |
| by this License; they are outside its scope. |
| The act of running the Program is not restricted, and the output from the |
| Program is covered only if its contents constitute a work based on the |
| Program (independent of having been made by running the Program). |
| Whether that is true depends on what the Program does. |
| \layout Standard |
| |
| 1. |
| You may copy and distribute verbatim copies of the Program's source code |
| as you receive it, in any medium, provided that you conspicuously and appropria |
| tely publish on each copy an appropriate copyright notice and disclaimer |
| of warranty; keep intact all the notices that refer to this License and |
| to the absence of any warranty; and give any other recipients of the Program |
| a copy of this License along with the Program. |
| You may charge a fee for the physical act of transferring a copy, and you |
| may at your option offer warranty protection in exchange for a fee. |
| \layout Standard |
| |
| 2. |
| You may modify your copy or copies of the Program or any portion of it, |
| thus forming a work based on the Program, and copy and distribute such |
| modifications or work under the terms of Section 1 above, provided that |
| you also meet all of these conditions: |
| \layout Standard |
| |
| a) You must cause the modified files to carry prominent notices stating |
| that you changed the files and the date of any change. |
| \layout Standard |
| |
| b) You must cause any work that you distribute or publish, that in whole |
| or in part contains or is derived from the Program or any part thereof, |
| to be licensed as a whole at no charge to all third parties under the terms |
| of this License. |
| \layout Standard |
| |
| c) If the modified program normally reads commands interactively when run, |
| you must cause it, when started running for such interactive use in the |
| most ordinary way, to print or display an announcement including an appropriate |
| copyright notice and a notice that there is no warranty (or else, saying |
| that you provide a warranty) and that users may redistribute the program |
| under these conditions, and telling the user how to view a copy of this |
| License. |
| (Exception: if the Program itself is interactive but does not normally |
| print such an announcement, your work based on the Program is not required |
| to print an announcement.) These requirements apply to the modified work |
| as a whole. |
| If identifiable sections of that work are not derived from the Program, |
| and can be reasonably considered independent and separate works in themselves, |
| then this License, and its terms, do not apply to those sections when you |
| distribute them as separate works. |
| But when you distribute the same sections as part of a whole which is a |
| work based on the Program, the distribution of the whole must be on the |
| terms of this License, whose permissions for other licensees extend to |
| the entire whole, and thus to each and every part regardless of who wrote |
| it. |
| Thus, it is not the intent of this section to claim rights or contest your |
| rights to work written entirely by you; rather, the intent is to exercise |
| the right to control the distribution of derivative or collective works |
| based on the Program. |
| In addition, mere aggregation of another work not based on the Program |
| with the Program (or with a work based on the Program) on a volume of a |
| storage or distribution medium does not bring the other work under the |
| scope of this License. |
| \layout Standard |
| |
| 3. |
| You may copy and distribute the Program (or a work based on it, under Section |
| 2) in object code or executable form under the terms of Sections 1 and |
| 2 above provided that you also do one of the following: |
| \layout Standard |
| |
| a) Accompany it with the complete corresponding machine-readable source |
| code, which must be distributed under the terms of Sections 1 and 2 above |
| on a medium customarily used for software interchange; or, |
| \layout Standard |
| |
| b) Accompany it with a written offer, valid for at least three years, to |
| give any third party, for a charge no more than your cost of physically |
| performing source distribution, a complete machine-readable copy of the |
| corresponding source code, to be distributed under the terms of Sections |
| 1 and 2 above on a medium customarily used for software interchange; or, |
| \layout Standard |
| |
| c) Accompany it with the information you received as to the offer to distribute |
| corresponding source code. |
| (This alternative is allowed only for noncommercial distribution and only |
| if you received the program in object code or executable form with such |
| an offer, in accord with Subsection b above.) The source code for a work |
| means the preferred form of the work for making modifications to it. |
| For an executable work, complete source code means all the source code |
| for all modules it contains, plus any associated interface definition files, |
| plus the scripts used to control compilation and installation of the executable. |
| However, as a special exception, the source code distributed need not include |
| anything that is normally distributed (in either source or binary form) |
| with the major components (compiler, kernel, and so on) of the operating |
| system on which the executable runs, unless that component itself accompanies |
| the executable. |
| If distribution of executable or object code is made by offering access |
| to copy from a designated place, then offering equivalent access to copy |
| the source code from the same place counts as distribution of the source |
| code, even though third parties are not compelled to copy the source along |
| with the object code. |
| \layout Standard |
| |
| 4. |
| You may not copy, modify, sublicense, or distribute the Program except |
| as expressly provided under this License. |
| Any attempt otherwise to copy, modify, sublicense or distribute the Program |
| is void, and will automatically terminate your rights under this License. |
| However, parties who have received copies, or rights, from you under this |
| License will not have their licenses terminated so long as such parties |
| remain in full compliance. |
| \layout Standard |
| |
| 5. |
| You are not required to accept this License, since you have not signed |
| it. |
| However, nothing else grants you permission to modify or distribute the |
| Program or its derivative works. |
| These actions are prohibited by law if you do not accept this License. |
| Therefore, by modifying or distributing the Program (or any work based |
| on the Program), you indicate your acceptance of this License to do so, |
| and all its terms and conditions for copying, distributing or modifying |
| the Program or works based on it. |
| \layout Standard |
| |
| 6. |
| Each time you redistribute the Program (or any work based on the Program), |
| the recipient automatically receives a license from the original licensor |
| to copy, distribute or modify the Program subject to these terms and conditions. |
| You may not impose any further restrictions on the recipients' exercise |
| of the rights granted herein. |
| You are not responsible for enforcing compliance by third parties to this |
| License. |
| \layout Standard |
| |
| 7. |
| If, as a consequence of a court judgment or allegation of patent infringement |
| or for any other reason (not limited to patent issues), conditions are |
| imposed on you (whether by court order, agreement or otherwise) that contradict |
| the conditions of this License, they do not excuse you from the conditions |
| of this License. |
| If you cannot distribute so as to satisfy simultaneously your obligations |
| under this License and any other pertinent obligations, then as a consequence |
| you may not distribute the Program at all. |
| For example, if a patent license would not permit royalty-free redistribution |
| of the Program by all those who receive copies directly or indirectly through |
| you, then the only way you could satisfy both it and this License would |
| be to refrain entirely from distribution of the Program. |
| If any portion of this section is held invalid or unenforceable under any |
| particular circumstance, the balance of the section is intended to apply |
| and the section as a whole is intended to apply in other circumstances. |
| It is not the purpose of this section to induce you to infringe any patents |
| or other property right claims or to contest validity of any such claims; |
| this section has the sole purpose of protecting the integrity of the free |
| software distribution system, which is implemented by public license practices. |
| Many people have made generous contributions to the wide range of software |
| distributed through that system in reliance on consistent application of |
| that system; it is up to the author/donor to decide if he or she is willing |
| to distribute software through any other system and a licensee cannot impose |
| that choice. |
| This section is intended to make thoroughly clear what is believed to be |
| a consequence of the rest of this License. |
| \layout Standard |
| |
| 8. |
| If the distribution and/or use of the Program is restricted in certain |
| countries either by patents or by copyrighted interfaces, the original |
| copyright holder who places the Program under this License may add an explicit |
| geographical distribution limitation excluding those countries, so that |
| distribution is permitted only in or among countries not thus excluded. |
| In such case, this License incorporates the limitation as if written in |
| the body of this License. |
| \layout Standard |
| |
| 9. |
| The Free Software Foundation may publish revised and/or new versions of |
| the General Public License from time to time. |
| Such new versions will be similar in spirit to the present version, but |
| may differ in detail to address new problems or concerns. |
| Each version is given a distinguishing version number. |
| If the Program specifies a version number of this License which applies |
| to it and "any later version", you have the option of following the terms |
| and conditions either of that version or of any later version published |
| by the Free Software Foundation. |
| If the Program does not specify a version number of this License, you may |
| choose any version ever published by the Free Software Foundation. |
| \layout Standard |
| |
| 10. |
| If you wish to incorporate parts of the Program into other free programs |
| whose distribution conditions are different, write to the author to ask |
| for permission. |
| For software which is copyrighted by the Free Software Foundation, write |
| to the Free Software Foundation; we sometimes make exceptions for this. |
| Our decision will be guided by the two goals of preserving the free status |
| of all derivatives of our free software and of promoting the sharing and |
| reuse of software generally. |
| \layout Standard |
| |
| |
| \emph on |
| NO WARRANTY |
| \layout Standard |
| |
| 11. |
| BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR |
| THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. |
| EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER |
| PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER |
| EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH |
| YOU. |
| SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY |
| SERVICING, REPAIR OR CORRECTION. |
| \layout Standard |
| |
| 12. |
| IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL |
| ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE |
| THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING |
| ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF |
| THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS |
| OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR |
| THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), |
| EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY |
| OF SUCH DAMAGES. |
| \layout Standard |
| |
| |
| \emph on |
| END OF TERMS AND CONDITIONS |
| \layout Addchap |
| |
| Glossary |
| \layout Description |
| |
| Access\SpecialChar ~ |
| modifiers In the Java programming language, the use of the keywords |
| |
| \family typewriter |
| private |
| \family default |
| , |
| \family typewriter |
| protected |
| \family default |
| , |
| \family typewriter |
| public |
| \family default |
| (or the use of no keyword) defines the access rights for data or program |
| code (also called visibility). |
| This information is also used by the JVM: it is part of the class files. |
| The most important modifier is |
| \family typewriter |
| private |
| \family default |
| which is used to globally deny access to a field or method. |
| \layout Description |
| |
| Access\SpecialChar ~ |
| rights Access rights are granted or denied by the use of |
| \latex latex |
| |
| \backslash |
| ( |
| \backslash |
| triangleright |
| \backslash |
| ) |
| \latex default |
| access modifiers. |
| \layout Description |
| |
| API Applications Programming Interface. |
| Such an interface is used to include functionality of foreign program modules |
| (often |
| \latex latex |
| |
| \latex default |
| Java |
| \latex latex |
| |
| \backslash |
| ( |
| \backslash |
| triangleright |
| \backslash |
| ) |
| \latex default |
| packages) into own programs. |
| \layout Description |
| |
| Debugger A program used to investigate the behaviour of another program. |
| Often used to find and remove programming errors, so-called bugs. |
| \layout Description |
| |
| Descriptor A symbolic description of type information. |
| In the JVM's class files, strings in UTF-8 format |
| \begin_inset LatexCommand \cite{Unicode} |
| |
| \end_inset |
| |
| are used to describe type information. |
| \layout Description |
| |
| Field A member of a Java object or class, also called variable or attribute. |
| \layout Description |
| |
| Method A member of a Java object or class. |
| Methods include program code or they are abstract representatives for program |
| code. |
| A method can be compared to a |
| \emph on |
| function |
| \emph default |
| in programming languages like C or Pascal. |
| \layout Description |
| |
| Opcode Operation Code. |
| This denotes an instruction in an assembly-like computer language; to some |
| people it means its binary representation. |
| \layout Description |
| |
| Package A package is an entity used in both the Java programming language |
| and the Java Virtual Machine definition. |
| It is used to group classes that in the eyes of the programmer belong together. |
| Package definitions have impact on |
| \latex latex |
| |
| \backslash |
| ( |
| \backslash |
| triangleright |
| \backslash |
| ) |
| \latex default |
| access rights granted to other classes. |
| \layout Description |
| |
| Signature A method has a (possibly empty) set of arguments it expects, and |
| it has a return type (possibly the |
| \family typewriter |
| void |
| \family default |
| type). |
| The type information of the arguments and the return type together is called |
| signature. |
| A signature can be expressed in terms of a |
| \latex latex |
| |
| \backslash |
| ( |
| \backslash |
| triangleright |
| \backslash |
| ) |
| \latex default |
| descriptor. |
| \layout Description |
| |
| Type A field or a method argument has a type such as |
| \family typewriter |
| int |
| \family default |
| or |
| \family typewriter |
| String |
| \family default |
| . |
| In the JVM's context, all values are typed. |
| Types can be expressed in terms of a |
| \latex latex |
| |
| \backslash |
| ( |
| \backslash |
| triangleright |
| \backslash |
| ) |
| \latex default |
| descriptor. |
| \layout Standard |
| |
| |
| \begin_inset LatexCommand \listoffigures{} |
| |
| \end_inset |
| |
| |
| \layout Standard |
| |
| |
| \latex latex |
| |
| \backslash |
| addcontentsline{toc}{chapter}{List Of Figures} |
| \layout Standard |
| |
| |
| \begin_inset LatexCommand \listofalgorithms{} |
| |
| \end_inset |
| |
| |
| \layout Standard |
| |
| |
| \latex latex |
| |
| \backslash |
| addcontentsline{toc}{chapter}{List Of Algorithms} |
| \layout Bibliography |
| \bibitem [AppMag-WWW]{AppMag-WWW} |
| |
| |
| \latex latex |
| |
| \backslash |
| addcontentsline{toc}{chapter}{Bibliography} |
| \latex default |
| AverStar's AppletMagic(tm): Ada for the Java Virtual Machine. |
| \newline |
| |
| \emph on |
| http://www.appletmagic.com |
| \layout Bibliography |
| \bibitem [AsmGofer]{AsmGofer} |
| |
| Joachim Schmid: AsmGofer. |
| \newline |
| |
| \emph on |
| http://www.tydo.org |
| \layout Bibliography |
| \bibitem [BCEL98]{BCEL98} |
| |
| Markus Dahm: Byte Code Engineering with the BCEL API. |
| Freie Universität Berlin, Institut für Informatik. |
| Technical Report B-17-98. |
| \layout Bibliography |
| \bibitem [BCEL-WWW]{BCEL-WWW} |
| |
| Markus Dahm: Byte Code Engineering Library. |
| \emph on |
| |
| \newline |
| http://bcel.sourceforge.net |
| \layout Bibliography |
| \bibitem [BCV-Soundness]{BCV-Soundness} |
| |
| Cornelia Pusch: Proving the Soundness of a Java Bytecode Verifier Specification |
| in Isabelle/HOL. |
| Technische Universität München, Institut für Informatik. |
| |
| \newline |
| |
| \emph on |
| http://www.in.tum.de/~pusch/ |
| \layout Bibliography |
| \bibitem [C]{C} |
| |
| Brian W. |
| Kerninghan, Dennis M. |
| Ritchie: The C Programming Language, Second Edition, ANSI C. |
| Prentice-Hall 1998, ISBN 0131103628. |
| \layout Bibliography |
| \bibitem [CPP-D]{CPP-D} |
| |
| Bjarne Stroustrup: Die C++ Programmiersprache. |
| Addison-Wesly-Longman, 1998, ISBN 3-8273-1296-5. |
| \layout Bibliography |
| \bibitem [CPP-E]{CPP-E} |
| |
| Bjarne Stroustrup: The C++-Programming Language, Third Edition. |
| Addison-Wesley 1997, ISBN 0-201-88954-4. |
| \layout Bibliography |
| \bibitem [D3]{D3} |
| |
| Guido Lang, Andreas Bohne: Delphi 3.0 lernen. |
| Addison-Wesley-Longman 1997, ISBN 3-8273-1190-x. |
| \layout Bibliography |
| \bibitem [DesignPatterns]{DesignPatterns} |
| |
| Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides: Design Patterns |
| Elements of Reusable Object-Oriented Software. |
| Addison-Wesley 1995, ISBN: 0201633612. |
| \layout Bibliography |
| \bibitem [DragonBook]{DragonBook} |
| |
| Alfred V. |
| Aho, Ravi Sethi, Jeffrey D. |
| Ullman: Compilers: Principles, Techniques, and Tools. |
| Addison-Wesley 1985, ISBN: 0201100886. |
| \layout Bibliography |
| \bibitem [EF]{EF} |
| |
| ElectricalFire. |
| \emph on |
| |
| \newline |
| http://www.mozilla.org/projects/ef/ |
| \layout Bibliography |
| \bibitem [f2j]{f2j} |
| |
| Keith Seymour: f2j - Fortran-to-Java Compiler. |
| \newline |
| |
| \emph on |
| http://cs.utk.edu/f2j/ |
| \layout Bibliography |
| \bibitem [Fong-WWW]{Fong-WWW} |
| |
| Philip W. |
| L. |
| Fong: The mysterious Pass One, first draft, September 2, 1997. |
| |
| \newline |
| |
| \emph on |
| http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/ JVM/pass1/ |
| \layout Bibliography |
| \bibitem [Fong2-WWW]{Fong2-WWW} |
| |
| Philip W. |
| L. |
| Fong: A Flaw with the Specification of the Invokeinterface Opcode. |
| |
| \newline |
| |
| \emph on |
| http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/ JVM/invokeinterface/ |
| \layout Bibliography |
| \bibitem [FreundMitchell]{FreundMitchell} |
| |
| Stephen N. |
| Freund, John Mitchell: A Formal Framework for the Java Bytecode Language |
| and Verifier. |
| Department of Computer Science, Stanford University. |
| Stanford, CA 94305-9045. |
| Appeared in OOPSLA '99. |
| \layout Bibliography |
| \bibitem [GCC-WWW]{GCC-WWW} |
| |
| GCC, The GNU compiler collection. |
| \emph on |
| |
| \newline |
| http://gcc.gnu.org |
| \layout Bibliography |
| \bibitem [GJ-WWW]{GJ-WWW} |
| |
| GJ. |
| A Generic Java Language Extension. |
| \newline |
| |
| \emph on |
| http://www.cis.unisa.edu.au/~pizza/gj/ |
| \layout Bibliography |
| \bibitem [InnerSpec]{InnerSpec} |
| |
| Sun Microsystems: Inner Classes Specification. |
| \newline |
| |
| \emph on |
| http://java.sun.com/products/jdk/1.1/docs/guide/ |
| \newline |
| innerclasses/spec/innerclasses.doc.html |
| \layout Bibliography |
| \bibitem [J2ME-CLDCS]{J2ME-CLDCS} |
| |
| Sun Microsystems: J2ME |
| \latex latex |
| |
| \backslash |
| texttrademark |
| \latex default |
| \SpecialChar ~ |
| Connected Limited Device Configuration Specification. |
| \newline |
| |
| \emph on |
| http://jcp.org/aboutJava/communityprocess/final/jsr030/ |
| \layout Bibliography |
| \bibitem [JBook]{JBook} |
| |
| Robert Stärk, Joachim Schmid, Egon Börger: Java |
| \latex latex |
| |
| \backslash |
| texttrademark\SpecialChar ~ |
| |
| \latex default |
| and the Java |
| \latex latex |
| |
| \backslash |
| texttrademark\SpecialChar ~ |
| |
| \latex default |
| Virtual Machine. |
| Springer-Verlag 2001, ISBN 3-540-42088-6. |
| \newline |
| |
| \emph on |
| http://www.inf.ethz.ch/~jbook/ |
| \layout Bibliography |
| \bibitem [JPaper]{JPaper} |
| |
| Robert F. |
| Stärk, Joachim Schmid: Java bytecode verification is not possible. |
| ETH Zürich, Department of Computer Science 2000. |
| \emph on |
| |
| \newline |
| http://www.inf.ethz.ch/~staerk/pdf/jbv00.pdf |
| \layout Bibliography |
| \bibitem [JLectures]{JLectures} |
| |
| Robert F. |
| Stärk: Java and the JVM: Definition and Verification (37-474). |
| \newline |
| |
| \emph on |
| http://www.inf.ethz.ch/~jbook/eth37474/ |
| \newline |
| http://www.inf.ethz.ch/~jbook/eth37474/javaBV.pdf |
| \layout Bibliography |
| \bibitem [JNS]{JNS} |
| |
| Robert Macgregor, Dave Durbin, John Owlett, Andrew Yeomans: JAVA |
| \latex latex |
| |
| \backslash |
| texttrademark |
| \latex default |
| \SpecialChar ~ |
| Network Security. |
| Prentice Hall 1998, ISBN 0137615299. |
| \layout Bibliography |
| \bibitem [JODE-WWW]{JODE-WWW} |
| |
| JODE is a java package containing a decompiler and an optimizer for java. |
| \newline |
| |
| \emph on |
| http://jode.sourceforge.net |
| \layout Bibliography |
| \bibitem [JustIce]{JustIce} |
| |
| Enver Haase: JustIce. |
| A Free Class File Verifier for Java |
| \latex latex |
| |
| \backslash |
| texttrademark |
| \latex default |
| \SpecialChar ~ |
| .Freie Universität Berlin, Takustraße 9, D-14195 Berlin; September 2001. |
| \newline |
| |
| \emph on |
| http://bcel.sourceforge.net/ |
| \newline |
| http://bcel.sourceforge.net/justice |
| \layout Bibliography |
| \bibitem [JVM]{JVM} |
| |
| Jon Meyer, Troy Downing: JAVA Virtual Machine. |
| O'Reilly 1997, ISBN 1-56592-194-1. |
| \layout Bibliography |
| \bibitem [Kaffe-WWW]{Kaffe-WWW} |
| |
| Kaffe. |
| Kaffe is a cleanroom, open source implementation of a Java virtual machine |
| and class libraries. |
| \emph on |
| |
| \newline |
| http://www.kaffe.org |
| \layout Bibliography |
| \bibitem [KAWA-WWW]{KAWA-WWW} |
| |
| Kawa, the Java-based Scheme system. |
| \emph on |
| |
| \newline |
| http://http://www.gnu.org/software/kawa/ |
| \layout Bibliography |
| \bibitem [KDE]{KDE} |
| |
| KDE, the K desktop environment. |
| \newline |
| |
| \emph on |
| http://www.kde.org |
| \layout Bibliography |
| \bibitem [Kimera-WWW]{Kimera-WWW} |
| |
| The Kimera Verifier. |
| |
| \emph on |
| |
| \emph default |
| |
| \newline |
| Currently off-line because of a World Wide Web presentation rework. |
| \emph on |
| |
| \newline |
| http://kimera.cs.washington.edu/verifier.html |
| \newline |
| http://www-kimera.cs.washington.edu |
| \layout Bibliography |
| \bibitem [Kimera-TestingJVM]{Kimera-TestingJVM} |
| |
| Emin Gün Sirer: Testing Java Virtual Machines. |
| An Experience Report on Automatically Testing Java Virtual Machines. |
| University of Washington, Dept. |
| of Computer Science and Engineering. |
| \newline |
| |
| \emph on |
| http://kimera.cs.washington.edu |
| \layout Bibliography |
| \bibitem [Kimera-ProdGram]{Kimera-ProdGram} |
| |
| Emin Gün Sirer, Brian N. |
| Bershad: Using Production Grammars in Software Testing. |
| University of Washington, Department of Computer Science. |
| \newline |
| |
| \emph on |
| http://kimera.cs.washington.edu |
| \layout Bibliography |
| \bibitem [kissme-WWW]{kissme-WWW} |
| |
| kissme. |
| A free Java Virtual Machine. |
| \emph on |
| |
| \newline |
| http://kissme.sourceforge.net |
| \layout Bibliography |
| \bibitem [Krakatoa-WWW]{Krakatoa-WWW} |
| |
| Todd A. |
| Proebsting, Scott A. |
| Watterson: Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). |
| The University of Arizona, Department of Computer Science. |
| \newline |
| |
| \emph on |
| http://www.cs.arizona.edu/people/saw/papers/Krakatoa-COOTS97.ps.Z |
| \layout Bibliography |
| \bibitem [langspec2]{langspec2} |
| |
| James Gosling, Bill Joy, Guy Steele, Gilad Bracha: The Java Language Specificati |
| on, Second Edition. |
| Addison-Wesley 2000, ISBN 0201310082. |
| \layout Bibliography |
| \bibitem [M2]{M2} |
| |
| Niklaus Wirth: Programming in Modula-2, Fourth Edition. |
| Springer-Verlag 1988, ISBN 3-540-50150-9. |
| \layout Bibliography |
| \bibitem [Mozilla]{Mozilla} |
| |
| Mozilla.org (The Mozilla Origanization): Mozilla. |
| \newline |
| |
| \emph on |
| http://www.mozilla.org |
| \layout Bibliography |
| \bibitem [Neuromancer]{Neuromancer} |
| |
| William Gibson: Neuromancer. |
| Ace Books 1994, ISBN 0441000681. |
| \layout Bibliography |
| \bibitem [ORP-WWW]{ORP-WWW} |
| |
| Open Runtime Platform. |
| A Platform For Bytecode System Research. |
| \newline |
| |
| \emph on |
| http://www.intel.com/research/mrl/orp/index.htm |
| \layout Bibliography |
| \bibitem [PL4JVM]{PL4JVM} |
| |
| Robert Tolksdorf: Programming Languages for the Java Virtual Machine. |
| \newline |
| |
| \emph on |
| http://www.robert-tolksdorf.de/vmlanguages.html |
| \layout Bibliography |
| \bibitem [PMG-WWW]{PMG-WWW} |
| |
| PMG. |
| Poor Man's Genericity for Java. |
| |
| \newline |
| |
| \emph on |
| |
| \layout Bibliography |
| \bibitem [Qian]{Qian} |
| |
| Zhenyu Qian: A Formal Specification of Java |
| \latex latex |
| |
| \backslash |
| texttrademark |
| \latex default |
| \SpecialChar ~ |
| Virtual Machine Instructions for Objects, Methods and Subroutines. |
| Bremen Institute for Safe Systems (BISS), FB3 Informatik, Universität Bremen, |
| D-28334 Bremen, Germany. |
| \layout Bibliography |
| \bibitem [SableVM-WWW]{SableVM-WWW} |
| |
| SableVM. |
| A Bytecode Interpreter. |
| \emph on |
| |
| \newline |
| http://www.sablevm.org |
| \layout Bibliography |
| \bibitem [StataAbadi]{StataAbadi} |
| |
| Raymie Stata and Martin Abadi: A Type System for Java Bytecode Subroutines. |
| In: ACM Transactions on Programming Languages and Systems, Vol. |
| 21, No. |
| 1, January 1999, Pages 90-137. |
| \layout Bibliography |
| \bibitem [Unknowable]{Unknowable} |
| |
| G.J. |
| Chaitin: The Unknowable. |
| Springer-Verlag 1999, ISBN 981-4021-72-5. |
| \newline |
| |
| \emph on |
| http://www.umcs.maine.edu/~chaitin/unknowable/ |
| \layout Bibliography |
| \bibitem [Unicode]{Unicode} |
| |
| The Unicode Consortium: The Unicode Standard, Version 2.0. |
| Niso Press 1996, ISBN 0-201-48345-9. |
| \newline |
| |
| \emph on |
| http://www.unicode.org |
| \layout Bibliography |
| \bibitem [Yellin-WWW]{Yellin-WWW} |
| |
| Frank Yellin: Low Level Security in Java. |
| \emph on |
| |
| \newline |
| http://java.sun.com/sfaq/verifier.html |
| \layout Bibliography |
| \bibitem [VMSPEC2]{vmspec2} |
| |
| Tim Lindholm, Frank Yellin: The Java |
| \latex latex |
| |
| \backslash |
| texttrademark\SpecialChar ~ |
| |
| \latex default |
| Virtual Machine Specification, Second Edition. |
| Addison-Wesley 1999, ISBN 0-201-43294-4. |
| \the_end |
