Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines

Published byJoleen Powell Modified over 9 years ago

Similar presentations

Presentation on theme: "CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines"— Presentation transcript:

1 CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines http://www.cs.virginia.edu/cs216 (Duke suicide picture by Gary McGraw)

2 2 UVa CS216 Spring 2006 - Lecture 18: Code Safety JVML Instruction Set pushing constants20getstatic, putstatic2 loads, stores (0-3 for each iload, lload, fload, dload, aload)66 newarray, anewarray, multianewarray,arraylength4 pop, dup, swap, etc.9invoke methods, throw5 arithmetic37new1 conversion (e.g., i2l)15getfield, putfield2 comparisons (lcmp)5checkcast1 goto, jsr, goto_w, jsr_w, ret5instanceof1 tableswitch, lookupswitch2monitorenter, monitorexit2 returns (e.g., ireturn)6wide1 conditional jumps (ifeq, ifnull, ifnonnull)16 nop, breakpoint, unused, implementation dependent5 (205 out of 256 possible opcodes used)

3 3 UVa CS216 Spring 2006 - Lecture 18: Code Safety How to get more than 256 local variables! wide Opcode is one of iload, fload, aload, lload, dload, istore, fstore, astore, lstore, dstore, or ret Modifies instruction to take 2 byte operand (byte1 << 8 | byte2)

4 4 UVa CS216 Spring 2006 - Lecture 18: Code Safety Method Calls invokevirtual –Invokes the method on the parameters and object on the top of the stack. –Finds the appropriate method at run-time based on the actual type of the this object. invokevirtual

5 5 UVa CS216 Spring 2006 - Lecture 18: Code Safety Method Calls invokestatic –Invokes a static (class) method on the parameters on the top of the stack. –Finds the appropriate method at run- time based on the actual type of the this object.

6 6 UVa CS216 Spring 2006 - Lecture 18: Code Safety Example public class Sample1 { static public void main (String args[]) { System.err.println ("Hello!"); System.exit (1); }

7 7 UVa CS216 Spring 2006 - Lecture 18: Code Safety > javap -c Sample1 Compiled from Sample1.java public class Sample1 extends java.lang.Object { public Sample1(); public static void main(java.lang.String[]); } Method Sample1() 0 aload_0 1 invokespecial #1 4 return Method void main(java.lang.String[]) 0 getstatic #2 3 ldc #3 5 invokevirtual #4 8 iconst_1 9 invokestatic #5 12 return public class Sample1 { static public void main (String args[]) { System.err.println ("Hello!"); System.exit (1); } }

8 8 UVa CS216 Spring 2006 - Lecture 18: Code Safety Cast Instruction public class Cast { static public void main (String args[]) { Object x; x = (Object) args[0]; System.out.println ("result: " + (String) x); }

9 9 UVa CS216 Spring 2006 - Lecture 18: Code Safety Method void main(java.lang.String[]) 0 aload_0 1 iconst_0 2 aaload 3 astore_1 4 getstatic #2 7 new #3 10 dup 11 invokespecial #4 14 ldc #5 16 invokevirtual #6 19 aload_1 20 checkcast #7 23 invokevirtual #6 26 invokevirtual #8 29 invokevirtual #9 32 return public class Cast { static public void main (String args[]) { Object x; x = (Object) args[0]; System.out.println ("result: " + (String) x); }

10 10 UVa CS216 Spring 2006 - Lecture 18: Code Safety JVML Instruction Set pushing constants20getstatic, putstatic2 loads, stores (0-3 for each iload, lload, fload, dload, aload)66 newarray, anewarray, multianewarray,arraylength4 pop, dup, swap, etc.9invoke methods, throw5 arithmetic37new1 conversion (e.g., i2l)15getfield, putfield2 comparisons (lcmp)5checkcast1 goto, jsr, goto_w, jsr_w, ret5instanceof1 tableswitch, lookupswitch2monitorenter, monitorexit2 returns (e.g., ireturn)6wide1 conditional jumps (ifeq, ifnull, ifnonnull)16 nop, breakpoint, unused, implementation dependent5 (205 out of 256 possible opcodes used)

11 11 UVa CS216 Spring 2006 - Lecture 18: Code Safety The Worst Instruction jsr Operation Jump subroutine Format jsr branchbyte1 branchbyte2 jsr [branchbyte1] [branchbyte2] Forms jsr = 168 (0xa8) Operand Stack... ..., address Description The address of the opcode of the instruction immediately following this jsr instruction is pushed onto the operand stack as a value of type returnAddress. The unsigned branchbyte1 and branchbyte2 are used to construct a signed 16-bit offset, where the offset is (branchbyte1 << 8) | branchbyte2. Execution proceeds at that offset from the address of this jsr instruction. The target address must be that of an opcode of an instruction within the method that contains this jsr instruction. Notes The jsr instruction is used with the ret instruction in the implementation of the finally clauses of the Java programming language. Note that jsr pushes the address onto the operand stack and ret gets it out of a local variable. This asymmetry is intentional. http://java.sun.com/docs/books/vmspec/2nd-edition/html/Instructions2.doc7.html

12 12 UVa CS216 Spring 2006 - Lecture 18: Code Safety public class JSR { static public void main (String args[]) { try { System.out.println("hello"); } catch (Exception e) { System.out.println ("There was an exception!"); } finally { System.out.println ("I am finally here!"); } Try-Catch-Finally

13 13 UVa CS216 Spring 2006 - Lecture 18: Code Safety Method void main(java.lang.String[]) 0 getstatic #2 3 ldc #3 5 invokevirtual #4 8 jsr 35 11 goto 46 14 astore_1 15 getstatic #2 18 ldc #6 20 invokevirtual #4 23 jsr 35 26 goto 46 29 astore_2 30 jsr 35 33 aload_2 34 athrow 35 astore_3 36 getstatic #2 39 ldc #7 41 invokevirtual #4 44 ret 3 46 return public class JSR { static public void main (String args[]) { try { System.out.println("hello"); } catch (Exception e) { System.out.println (“... exception!"); } finally { System.out.println ("I am finally"); } Exception table: from to target type 0 8 14 0 11 29 any 14 26 29 any 29 33 29 any

14 14 UVa CS216 Spring 2006 - Lecture 18: Code Safety Java: Programming Language “A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high­performance, multithreaded, and dynamic language.”[Sun95] compared to C++, not to C ^ sort of ^ Java: int is 32 bits C: int is >= 16 bits

15 15 UVa CS216 Spring 2006 - Lecture 18: Code Safety What is a secure programming language? 1.Language is designed so it cannot express certain computations considered insecure. 2.Language is designed so that (accidental) program bugs are likely to be caught by the compiler or run-time environment instead of leading to security vulnerabilities. A few attempt to do this: PLAN, packet filters

16 16 UVa CS216 Spring 2006 - Lecture 18: Code Safety Safe Programming Languages Type Safety –Compiler and run-time environment ensure that bits are treated as the type they represent Memory Safety –Compiler and run-time environment ensure that program cannot access memory outside defined storage Control Flow Safety –Can’t jump to arbitrary addresses Which of these does C/C++ have? Is Java the first language to have them? No way! LISP had them all in 1960.

17 17 UVa CS216 Spring 2006 - Lecture 18: Code Safety Java Safety Type Safety –Most types checked statically –Coercions, array assignments type checked at run time Memory Safety –No direct memory access (e.g., pointers) –Primitive array type with mandatory run- time bounds checking Control Flow Safety –Structured control flow, no arbitrary jumps

18 18 UVa CS216 Spring 2006 - Lecture 18: Code Safety Malicious Code Can a safe programming language protect you from malcode? 1.Code your servers in it to protect from buffer overflow bugs 2.Only allow programs from untrustworthy origins to run if the are programmed in the safe language

19 19 UVa CS216 Spring 2006 - Lecture 18: Code Safety Safe Languages? But how can you tell program was written in the safe language? –Get the source code and compile it (most vendors, and all malicious attackers refuse to provide source code) –Special compilation service cryptographically signs object files generated from the safe language (SPIN, [Bershad96]) –Verify object files preserve safety properties of source language (Java)

20 20 UVa CS216 Spring 2006 - Lecture 18: Code Safety JVML javac Compiler code.java Java  Source Code code.class JVML Object Code JavaVM User Wants to know JVML code satisfies Java  ’s safety properties.

21 21 UVa CS216 Spring 2006 - Lecture 18: Code Safety Does JVML satisfy Java  ’s safety properties? iconst_2 push integer constant 2 on stack istore_0 store top of stack in variable 0 as int aload_0 load object reference from variable 0 No! This code violates Java  ’s type rules.

22 22 UVa CS216 Spring 2006 - Lecture 18: Code Safety Java Security Architecture Java VM Operating System Protected Resource ClassLoader Security exception Verify Exception JAR Class Verifier

23 23 UVa CS216 Spring 2006 - Lecture 18: Code Safety Mistyped Code > java Simple Exception in thread "main" java.lang.VerifyError: (class: Simple, method: main signature: ([Ljava/lang/String;)V) Register 0 contains wrong type.method public static main([Ljava/lang/String;)V … iconst_2 istore_0 aload_0 iconst_2 iconst_3 iadd ….end method Java VM Operating System Protected Resource ClassLoader Security exception Verify Exception JAR Class Verifier Verifier error before any code runs

24 24 UVa CS216 Spring 2006 - Lecture 18: Code Safety Runtime Error public class Cast { static public void main (String args[]) { Object o = new Object (); String s; s = (String) o; System.out.println(s); return; } Method void main(java.lang.String[]) 0 new #2 3 dup 4 invokespecial #1 7 astore_1 8 aload_1 9 checkcast #3 12 astore_2 13 getstatic #4 16 aload_2 17 invokevirtual #5 20 return

25 25 UVa CS216 Spring 2006 - Lecture 18: Code Safety Bytecode Verifier Checks class file is formatted correctly –Magic number: class file starts with 0xCAFEBABE –String table, code, methods, etc. Checks JVML code satisfies safety properties –Simulates program execution to know types are correct, but doesn’t need to examine any instruction more than once

26 26 UVa CS216 Spring 2006 - Lecture 18: Code Safety Verifying Safety Properties Type safe –Stack and variable slots must store and load as same type –Only use operations valid for the data type Memory safe –Must not attempt to pop more values from stack than are on it –Doesn’t access private fields and methods outside class implementation Control flow safe –Jumps must be to valid addresses within function, or call/return

27 27 UVa CS216 Spring 2006 - Lecture 18: Code Safety Charge PS6 will be out (electronically) on Friday If you would like to be assigned a partner for PS6, send me email as soon as possible

Download ppt "CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 18: Code Safety and Virtual Machines"

Similar presentations

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
Virtual Machines Matthew Dwyer 324E Nichols Hall

Virtual Machines Matthew Dwyer 324E Nichols Hall
1 Lecture 10 Intermediate Representations. 2 front end »produces an intermediate representation (IR) for the program. optimizer »transforms the code in.

1 Lecture 10 Intermediate Representations. 2 front end »produces an intermediate representation (IR) for the program. optimizer »transforms the code in.
Compilation 2007 Code Generation Michael I. Schwartzbach BRICS, University of Aarhus.

Compilation 2007 Code Generation Michael I. Schwartzbach BRICS, University of Aarhus.
1 1 Lecture 14 Java Virtual Machine Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung Institute of Technology.

1 1 Lecture 14 Java Virtual Machine Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung Institute of Technology.
Class 20: Verifying Bytecodes Fall 2010 UVa David Evans cs2220: Engineering Software Image: Joseph Featherston.

Class 20: Verifying Bytecodes Fall 2010 UVa David Evans cs2220: Engineering Software Image: Joseph Featherston.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 20: Hair-Dryer Attacks and Introducing x86.

CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 20: Hair-Dryer Attacks and Introducing x86.
Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.

Chapter 5: Elementary Data Types Properties of types and objects –Data objects, variables and constants –Data types –Declarations –Type checking –Assignment.
Lab 9 Java Bytecode & The Jasmin Assembler

Lab 9 Java Bytecode & The Jasmin Assembler
JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.

JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.
IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.

IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.

JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
5/6/99 Ashish Sabharwal1 JVM Architecture n Local storage area –Randomly accessible –Just like standard RAM –Stores variables (eg. an array) –Have to specify.

5/6/99 Ashish Sabharwal1 JVM Architecture n Local storage area –Randomly accessible –Just like standard RAM –Stores variables (eg. an array) –Have to specify.
1 Languages and Compilers (SProg og Oversættere) Lecture 9 (2) Bent Thomsen Department of Computer Science Aalborg University With acknowledgement to Norm.

1 Languages and Compilers (SProg og Oversættere) Lecture 9 (2) Bent Thomsen Department of Computer Science Aalborg University With acknowledgement to Norm.
Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.

Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.
Code Generation Introduction. Compiler (scalac, gcc) Compiler (scalac, gcc) machine code (e.g. x86, arm, JVM) efficient to execute i=0 while (i < 10)

Code Generation Introduction. Compiler (scalac, gcc) Compiler (scalac, gcc) machine code (e.g. x86, arm, JVM) efficient to execute i=0 while (i < 10)
Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Similar presentations

Ads by Google