CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines

Slides:



Advertisements
Similar presentations
Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
Advertisements

Virtual Machines Matthew Dwyer 324E Nichols Hall
1 Lecture 10 Intermediate Representations. 2 front end »produces an intermediate representation (IR) for the program. optimizer »transforms the code in.
Compilation 2007 Code Generation Michael I. Schwartzbach BRICS, University of Aarhus.
1 1 Lecture 14 Java Virtual Machine Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung Institute of Technology.
Class 20: Verifying Bytecodes Fall 2010 UVa David Evans cs2220: Engineering Software Image: Joseph Featherston.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 20: Hair-Dryer Attacks and Introducing x86.
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Lab 9 Java Bytecode & The Jasmin Assembler
JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.
IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
5/6/99 Ashish Sabharwal1 JVM Architecture n Local storage area –Randomly accessible –Just like standard RAM –Stores variables (eg. an array) –Have to specify.
1 Languages and Compilers (SProg og Oversættere) Lecture 9 (2) Bent Thomsen Department of Computer Science Aalborg University With acknowledgement to Norm.
Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.
Code Generation Introduction. Compiler (scalac, gcc) Compiler (scalac, gcc) machine code (e.g. x86, arm, JVM) efficient to execute i=0 while (i < 10)
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Compiler Construction Lecture 17 Mapping Variables to Memory.
Java Programming Robert Chatley William Lee
Application Security Tom Chothia Computer Security, Lecture 14.
1 The Java Virtual Machine Yearly Programming Project.
The Java Virtual Machine 1 Course Overview PART I: overview material 1Introduction 2Language processors (tombstone diagrams, bootstrapping) 3Architecture.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 19: Security in Java Real or.
IT253: Computer Organization Lecture 4: Instruction Set Architecture Tonga Institute of Higher Education.
1 October 1, October 1, 2015October 1, 2015October 1, 2015 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University Azusa.
Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at
Java Bytecode What is a.class file anyway? Dan Fleck George Mason University Fall 2007.
Lecture 10 : Introduction to Java Virtual Machine
University of Houston-Clear Lake Proprietary© 1997 Evolution of Programming Languages Basic cycle of improvement –Experience software difficulties –Theory.
1 Introduction to JVM Based on material produced by Bill Venners.
Class 14: Object-Oriented Programming Fall 2010 University of Virginia David Evans cs2220: Engineering Software.
Syntax Directed Translation Compiler Design Lecture (03/16//98) Computer Science Rensselaer Polytechnic.
Introduction to java Prepared By:-Pragnesh Patel Lect. In Computer Dept. NSIT,Jetalpur 1.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
1 Introduction to Java. 2 What is Java? A programming language. A platform –A virtual machine (JVM) definition. –Runtime environments in diverse hardware.
CS Software Studio Java Lab 1 Meng-Ting Wang PLLAB, Computer Science Department, National Tsing-Hua University.
Runtime System CS 153: Compilers. Runtime System Runtime system: all the stuff that the language implicitly assumes and that is not described in the program.
More on MIPS programs n SPIM does not support everything supported by a general MIPS assembler. For example, –.end doesn’t work Use j $ra –.macro doesn’t.
CS 153: Concepts of Compiler Design November 23 Class Meeting Department of Computer Science San Jose State University Fall 2015 Instructor: Ron Mak
#include "dump.h" int main ( int argc, char* argv[] ) { __asm { mov eax, 1// init eax to 1 mov ebx, esp; keep a copy of esp mov ecx, 3/* init ecx to 3.
Chap. 10, Intermediate Representations J. H. Wang Dec. 14, 2015.
Programming Languages and Paradigms Activation Records in Java.
CS 153: Concepts of Compiler Design November 18 Class Meeting Department of Computer Science San Jose State University Fall 2015 Instructor: Ron Mak
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 18: Malcode Countermeasures.
Chap. 10, Intermediate Representations J. H. Wang Dec. 27, 2011.
20-Feb-16 javap. Bytecode Java is compiled into bytecode, which is intermediate between Java and a “real” assembly language To implement Java, it is only.
UNDER THE HOOD: THE JAVA VIRTUAL MACHINE II CS2110 Fall 200 Lecture 25 1.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 21: Countering Malicious Code.
Review on Program Challenge CSc3210 Yuan Long.
RealTimeSystems Lab Jong-Koo, Lim
Object Oriented Programming Lecture 2: BallWorld.
Spring 2006 Special Topics in Computer Engineering: Java Intro 1 Crash Course in Java Based on notes from D. Hollinger Based in part on notes from J.J.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
CS 432: Compiler Construction Lecture 15
The Java Virtual Machine (JVM)
CS216: Program and Data Representation
Java Programming Language
CS216: Program and Data Representation
Java Virtual Machine (JVM)
Lecture 18: Java™ Decaffeinated CS551: Security and Privacy
Java Byte Codes (0xCAFEBABE) cs205: engineering software
Security in Java Real or Decaf? cs205: engineering software
Lecture 19: 0xCAFEBABE (Java Byte Codes) CS201j: Engineering Software
Byte Code Verification
Course Overview PART I: overview material PART II: inside a compiler
CS 153: Concepts of Compiler Design November 6 Class Meeting
Presentation transcript:

CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines (Duke suicide picture by Gary McGraw)

2 UVa CS216 Spring Lecture 18: Code Safety JVML Instruction Set pushing constants20getstatic, putstatic2 loads, stores (0-3 for each iload, lload, fload, dload, aload)66 newarray, anewarray, multianewarray,arraylength4 pop, dup, swap, etc.9invoke methods, throw5 arithmetic37new1 conversion (e.g., i2l)15getfield, putfield2 comparisons (lcmp)5checkcast1 goto, jsr, goto_w, jsr_w, ret5instanceof1 tableswitch, lookupswitch2monitorenter, monitorexit2 returns (e.g., ireturn)6wide1 conditional jumps (ifeq, ifnull, ifnonnull)16 nop, breakpoint, unused, implementation dependent5 (205 out of 256 possible opcodes used)

3 UVa CS216 Spring Lecture 18: Code Safety How to get more than 256 local variables! wide Opcode is one of iload, fload, aload, lload, dload, istore, fstore, astore, lstore, dstore, or ret Modifies instruction to take 2 byte operand (byte1 << 8 | byte2)

4 UVa CS216 Spring Lecture 18: Code Safety Method Calls invokevirtual –Invokes the method on the parameters and object on the top of the stack. –Finds the appropriate method at run-time based on the actual type of the this object. invokevirtual

5 UVa CS216 Spring Lecture 18: Code Safety Method Calls invokestatic –Invokes a static (class) method on the parameters on the top of the stack. –Finds the appropriate method at run- time based on the actual type of the this object.

6 UVa CS216 Spring Lecture 18: Code Safety Example public class Sample1 { static public void main (String args[]) { System.err.println ("Hello!"); System.exit (1); }

7 UVa CS216 Spring Lecture 18: Code Safety > javap -c Sample1 Compiled from Sample1.java public class Sample1 extends java.lang.Object { public Sample1(); public static void main(java.lang.String[]); } Method Sample1() 0 aload_0 1 invokespecial #1 4 return Method void main(java.lang.String[]) 0 getstatic #2 3 ldc #3 5 invokevirtual #4 8 iconst_1 9 invokestatic #5 12 return public class Sample1 { static public void main (String args[]) { System.err.println ("Hello!"); System.exit (1); } }

8 UVa CS216 Spring Lecture 18: Code Safety Cast Instruction public class Cast { static public void main (String args[]) { Object x; x = (Object) args[0]; System.out.println ("result: " + (String) x); }

9 UVa CS216 Spring Lecture 18: Code Safety Method void main(java.lang.String[]) 0 aload_0 1 iconst_0 2 aaload 3 astore_1 4 getstatic #2 7 new #3 10 dup 11 invokespecial #4 14 ldc #5 16 invokevirtual #6 19 aload_1 20 checkcast #7 23 invokevirtual #6 26 invokevirtual #8 29 invokevirtual #9 32 return public class Cast { static public void main (String args[]) { Object x; x = (Object) args[0]; System.out.println ("result: " + (String) x); }

10 UVa CS216 Spring Lecture 18: Code Safety JVML Instruction Set pushing constants20getstatic, putstatic2 loads, stores (0-3 for each iload, lload, fload, dload, aload)66 newarray, anewarray, multianewarray,arraylength4 pop, dup, swap, etc.9invoke methods, throw5 arithmetic37new1 conversion (e.g., i2l)15getfield, putfield2 comparisons (lcmp)5checkcast1 goto, jsr, goto_w, jsr_w, ret5instanceof1 tableswitch, lookupswitch2monitorenter, monitorexit2 returns (e.g., ireturn)6wide1 conditional jumps (ifeq, ifnull, ifnonnull)16 nop, breakpoint, unused, implementation dependent5 (205 out of 256 possible opcodes used)

11 UVa CS216 Spring Lecture 18: Code Safety The Worst Instruction jsr Operation Jump subroutine Format jsr branchbyte1 branchbyte2 jsr [branchbyte1] [branchbyte2] Forms jsr = 168 (0xa8) Operand Stack... ..., address Description The address of the opcode of the instruction immediately following this jsr instruction is pushed onto the operand stack as a value of type returnAddress. The unsigned branchbyte1 and branchbyte2 are used to construct a signed 16-bit offset, where the offset is (branchbyte1 << 8) | branchbyte2. Execution proceeds at that offset from the address of this jsr instruction. The target address must be that of an opcode of an instruction within the method that contains this jsr instruction. Notes The jsr instruction is used with the ret instruction in the implementation of the finally clauses of the Java programming language. Note that jsr pushes the address onto the operand stack and ret gets it out of a local variable. This asymmetry is intentional.

12 UVa CS216 Spring Lecture 18: Code Safety public class JSR { static public void main (String args[]) { try { System.out.println("hello"); } catch (Exception e) { System.out.println ("There was an exception!"); } finally { System.out.println ("I am finally here!"); } Try-Catch-Finally

13 UVa CS216 Spring Lecture 18: Code Safety Method void main(java.lang.String[]) 0 getstatic #2 3 ldc #3 5 invokevirtual #4 8 jsr goto astore_1 15 getstatic #2 18 ldc #6 20 invokevirtual #4 23 jsr goto astore_2 30 jsr aload_2 34 athrow 35 astore_3 36 getstatic #2 39 ldc #7 41 invokevirtual #4 44 ret 3 46 return public class JSR { static public void main (String args[]) { try { System.out.println("hello"); } catch (Exception e) { System.out.println (“... exception!"); } finally { System.out.println ("I am finally"); } Exception table: from to target type any any any

14 UVa CS216 Spring Lecture 18: Code Safety Java: Programming Language “A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high­performance, multithreaded, and dynamic language.”[Sun95] compared to C++, not to C ^ sort of ^ Java: int is 32 bits C: int is >= 16 bits

15 UVa CS216 Spring Lecture 18: Code Safety What is a secure programming language? 1.Language is designed so it cannot express certain computations considered insecure. 2.Language is designed so that (accidental) program bugs are likely to be caught by the compiler or run-time environment instead of leading to security vulnerabilities. A few attempt to do this: PLAN, packet filters

16 UVa CS216 Spring Lecture 18: Code Safety Safe Programming Languages Type Safety –Compiler and run-time environment ensure that bits are treated as the type they represent Memory Safety –Compiler and run-time environment ensure that program cannot access memory outside defined storage Control Flow Safety –Can’t jump to arbitrary addresses Which of these does C/C++ have? Is Java the first language to have them? No way! LISP had them all in 1960.

17 UVa CS216 Spring Lecture 18: Code Safety Java Safety Type Safety –Most types checked statically –Coercions, array assignments type checked at run time Memory Safety –No direct memory access (e.g., pointers) –Primitive array type with mandatory run- time bounds checking Control Flow Safety –Structured control flow, no arbitrary jumps

18 UVa CS216 Spring Lecture 18: Code Safety Malicious Code Can a safe programming language protect you from malcode? 1.Code your servers in it to protect from buffer overflow bugs 2.Only allow programs from untrustworthy origins to run if the are programmed in the safe language

19 UVa CS216 Spring Lecture 18: Code Safety Safe Languages? But how can you tell program was written in the safe language? –Get the source code and compile it (most vendors, and all malicious attackers refuse to provide source code) –Special compilation service cryptographically signs object files generated from the safe language (SPIN, [Bershad96]) –Verify object files preserve safety properties of source language (Java)

20 UVa CS216 Spring Lecture 18: Code Safety JVML javac Compiler code.java Java  Source Code code.class JVML Object Code JavaVM User Wants to know JVML code satisfies Java  ’s safety properties.

21 UVa CS216 Spring Lecture 18: Code Safety Does JVML satisfy Java  ’s safety properties? iconst_2 push integer constant 2 on stack istore_0 store top of stack in variable 0 as int aload_0 load object reference from variable 0 No! This code violates Java  ’s type rules.

22 UVa CS216 Spring Lecture 18: Code Safety Java Security Architecture Java VM Operating System Protected Resource ClassLoader Security exception Verify Exception JAR Class Verifier

23 UVa CS216 Spring Lecture 18: Code Safety Mistyped Code > java Simple Exception in thread "main" java.lang.VerifyError: (class: Simple, method: main signature: ([Ljava/lang/String;)V) Register 0 contains wrong type.method public static main([Ljava/lang/String;)V … iconst_2 istore_0 aload_0 iconst_2 iconst_3 iadd ….end method Java VM Operating System Protected Resource ClassLoader Security exception Verify Exception JAR Class Verifier Verifier error before any code runs

24 UVa CS216 Spring Lecture 18: Code Safety Runtime Error public class Cast { static public void main (String args[]) { Object o = new Object (); String s; s = (String) o; System.out.println(s); return; } Method void main(java.lang.String[]) 0 new #2 3 dup 4 invokespecial #1 7 astore_1 8 aload_1 9 checkcast #3 12 astore_2 13 getstatic #4 16 aload_2 17 invokevirtual #5 20 return

25 UVa CS216 Spring Lecture 18: Code Safety Bytecode Verifier Checks class file is formatted correctly –Magic number: class file starts with 0xCAFEBABE –String table, code, methods, etc. Checks JVML code satisfies safety properties –Simulates program execution to know types are correct, but doesn’t need to examine any instruction more than once

26 UVa CS216 Spring Lecture 18: Code Safety Verifying Safety Properties Type safe –Stack and variable slots must store and load as same type –Only use operations valid for the data type Memory safe –Must not attempt to pop more values from stack than are on it –Doesn’t access private fields and methods outside class implementation Control flow safe –Jumps must be to valid addresses within function, or call/return

27 UVa CS216 Spring Lecture 18: Code Safety Charge PS6 will be out (electronically) on Friday If you would like to be assigned a partner for PS6, send me as soon as possible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.