Journal of Automated Reasoning

, Volume 30, Issue 3–4, pp 363–398 | Cite as

Verified Bytecode Subroutines

  • G. Klein
  • M. Wildmoser
Article

Abstract

Bytecode subroutines are a major complication for Java bytecode verification: They are difficult to fit into the dataflow analysis that the JVM specification suggests. Hence, subroutines are left out or are restricted in most formalizations of the bytecode verifier. We examine the problems that occur with subroutines and give an overview of the most prominent solutions in the literature. Using the theorem prover Isabelle/HOL, we have extended our substantial formalization of the JVM and the bytecode verifier with its proof of correctness by the most general solution for bytecode subroutines.

Java bytecode verification subroutines theorem proving dataflow analysis Isabelle 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barthe, G., Dufay, G., Jakubiec, L., Melo de Sousa, S. and Serpette, B.: A formal executable semantics of the JavaCard platform, in D. Sands (ed.), Proceedings of ESOP'01, Lecture Notes in Comput. Sci. 2028, Springer, 2001, pp. 302-319.Google Scholar
  2. 2.
    Barthe, G., Dufay, G., Jakubiec, L., Melo de Sousa, S. and Serpette, B.: A formal correspondence between offensive and defensive JavaCard virtual machines, in A. Cortesi (ed.), Proceedings of VMCAI'02, 2002, to appear.Google Scholar
  3. 3.
    Basin, D., Friedrich, S. and Gawkowski, M.: Verified bytecode model checkers, in Theorem Proving in Higher Order Logics (TPHOLs'02), Lecture Notes in Comput. Sci. 2410, Springer, 2002, pp. 47-66.Google Scholar
  4. 4.
    Berghofer, S. and Nipkow, T.: Executing higher order logic, in P. Callaghan, Z. Luo, J. McKinna and R. Pollack (eds.), Types for Proofs and Programs (TYPES 2000), Lecture Notes in Comput. Sci. 2277, Springer, 2002, pp. 24-40.Google Scholar
  5. 5.
    Bertot, Y.: Formalizing a JVML verifier for initialization in a theorem prover, in Computer Aided Verification (CAV'2001), Lecture Notes in Comput. Sci. 2102, Springer, 2001, pp. 14-24.Google Scholar
  6. 6.
    Casset, L.: Development of an embedded verifier for Java Card byte code using formal method, in L.-H. Eriksson and P. A. Lindsay (eds.), FME 2002: Formal Methods - Getting IT Right, International Symposium of Formal Methods Europe, Copenhagen, Denmark, July 22-24, 2002, Proceedings, Lecture Notes in Comput. Sci. 2391, Springer, 2002, pp. 290-309.Google Scholar
  7. 7.
    Coglio, A.: Simple verification technique for complex Java bytecode subroutines, Technical Report, Kestrel Institute, December 2001.Google Scholar
  8. 8.
    Coglio, A.: Simple verification technique for complex Java bytecode subroutines, in Proc. 4th ECOOP Workshop on Formal Techniques for Java-like Programs, June 2002.Google Scholar
  9. 9.
    Coglio, A., Goldberg, A. and Qian, Z.: Toward a provably-correct implementation of the JVM bytecode verifier, in Proc. DARPA Information Survivability Conference and Eposition (DISCEX'00), Vol. 2, IEEE Computer Society Press, 2000, pp. 403-410.Google Scholar
  10. 10.
    Coglio, A.: Improving the official specification of Java bytecode verification, in 3rd ECOOP Workshop on Formal Techniques for Java Programs, 2001.Google Scholar
  11. 11.
    Coglio, A. and Goldberg, A.: Type safety in the JVM: Some problems in Java 2 sdk 1.2 and proposed solutions, in Concurrency and Computation: Practice and Experience, 2001, pp. 1153-1171.Google Scholar
  12. 12.
    Freund, S. N.: The costs and benefits of Java bytecode subroutines, in OOPSLA'98 Workshop Formal Underpinnings of Java, 1998.Google Scholar
  13. 13.
    Freund, S. N.: Type systems for object-oriented intermediate languages, Ph.D. thesis, Stanford University, 2000.Google Scholar
  14. 14.
    Freund, S. N. and Mitchell, J. C.: A type system for object initialiazation in the Java bytecode language, in ACM Transactions on Programming Languages and Systems, 1998.Google Scholar
  15. 15.
    Freund, S. N. and Mitchell, J. C.: Specification and verification of Java bytecode subroutines and exceptions, Technical Report, Stanford University, 1999.Google Scholar
  16. 16.
    Freund, S. N. and Mitchell, J. C.: A type system for object initialization in the Java bytecode language, in ACMConf. Object-Oriented Programming: Systems, Languages and Applications, 1998.Google Scholar
  17. 17.
    Goldberg, A.: A specification of Java loading and bytecode verification, in Proc. 5th ACMConf. Computer and Communications Security, 1998.Google Scholar
  18. 18.
    Hagiya, M. and Tozawa, A.: On a new method for dataflow analysis of Java virtual machine subroutines, in G. Levi (ed.), Static Analysis (SAS'98), Lecture Notes in Comput. Sci. 1503, Springer, 1998, pp. 17-32.Google Scholar
  19. 19.
    Isabelle Home Page, http://isabelle.in.tum.de/, 2002.Google Scholar
  20. 20.
    Kildall, G. A.: A unified approach to global program optimization, in Proc. ACM Symp. Principles of Programming Languages, 1973, pp. 194-206.Google Scholar
  21. 21.
    Klein, G.: Verified Java bytecode verification, Ph.D. thesis, Institut für Informatik, Technische Universität München, 2003.Google Scholar
  22. 22.
    Klein, G. and Nipkow, T.: Verified lightweight bytecode verification, Concurrency and Computation: Practice and Experience 13(13) (2001), 1133-1151. Invited contribution to special issue on Formal Techniques for Java.MATHCrossRefGoogle Scholar
  23. 23.
    Klein, G. and Nipkow, T.: Verified bytecode verifiers, Theoret. Comput. Sci. (2002), to appear.Google Scholar
  24. 24.
    Leroy, X.: Java bytecode verification: An overview, in G. Berry, H. Comon and A. Finkel (eds.), Computer Aided Verification, CAV 2001, Lecture Notes in Comput. Sci. 2102, Springer, 2001, pp. 265-285.Google Scholar
  25. 25.
    Leroy, X.: Bytecode verification for Java smart card, Software Practice & Experience 32 (2002), 319-340.MATHCrossRefGoogle Scholar
  26. 26.
    Lindholm, T. and Yellin, F.: The Java Virtual Machine Specification, Addison-Wesley, 1996.Google Scholar
  27. 27.
    Muchnick, S. S.: Advanced Compiler Design and Implementation, Morgan Kaufmann, 1997.Google Scholar
  28. 28.
    Nipkow, T.: Verified bytecode verifiers, in F. Honsell (ed.), Foundations of Software Science and Computation Structures (FOSSACS 2001), Lecture Notes in Comput Sci. 2030, Springer, 2001, pp. 347-363.Google Scholar
  29. 29.
    Nipkow, T. and von Oheimb, D.: Javaℓight is type-safe - definitely, in Proc. 25th ACM Symp. Principles of Programming Languages, 1998, pp. 161-170.Google Scholar
  30. 30.
    Nipkow, T., von Oheimb, D. and Pusch, C.: µJava: Embedding a programming language in a theorem prover, in F. Bauer and R. Steinbrüggen (eds.), Foundations of Secure Computation, IOS Press, 2000, pp. 117-144.Google Scholar
  31. 31.
    Nipkow, T., Paulson, L. C. and Wenzel, M.: Isabelle/HOL - A Proof Assistant for Higher-Order Logic, Lecture Notes in Comput. Sci. 2283, Springer, 2002.Google Scholar
  32. 32.
    O'Callahn, R.: A simple, comprehensive type system for Java bytecode subroutines, in Proc. 26th ACM Symp. Principles of Programming Languages, ACM Press, 1999, pp. 70-78.Google Scholar
  33. 33.
    Posegga, J. and Vogt, H.: Java bytecode verification using model checking, in OOPSLA'98 Workshop Formal Underpinnings of Java, 1998.Google Scholar
  34. 34.
    Pusch, C.: Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL, in W. R. Cleaveland (ed.), Tools and Algorithms for the Construction and Analysis of Systems (TACAS'99), Lecture Notes in Comput. Sci. 1579, Springer, 1999, pp. 89-103.Google Scholar
  35. 35.
    Qian, Z.: A formal specification of Java virtual machine instructions for objects, methods and subroutines, in J. Alves-Foss (ed.), Formal Syntax and Semantics of Java, Lecture Notes in Comput. Sci. 1523, Springer, 1999, pp. 271-311.Google Scholar
  36. 36.
    Qian, Z.: Standard fixpoint iteration for Java bytecode verification, ACM Transactions on Programming Languages and Systems (TOPLAS) 22(4) (2000), 638-672.CrossRefGoogle Scholar
  37. 37.
    Rose, E. and Rose, K.: Lightweight bytecode verification, in OOPSLA'98 Workshop Formal Underpinnings of Java, 1998.Google Scholar
  38. 38.
    Sirer, E. G., McDirmid, S. and Bershad, B.: Kimera: A Java system security architecture, Technical Report, University of Washington, 1997.Google Scholar
  39. 39.
    Stärk, R., Schmid, J. and Börger, E.: Java and the Java Virtual Machine - Definition, Verification, Validation, Springer, 2001.Google Scholar
  40. 40.
    Stärk, R. and Schmid, J.: Java bytecode verification is not possible, in R. Moreno-Díaz and A. Quesada-Arencibia (eds.), Formal Methods and Tools for Computer Science (Proceedings of Eurocast 2001), February 2001, pp. 232-234.Google Scholar
  41. 41.
    Stata, R. and Abadi, M.: A type system for Java bytecode subroutines, in Proc. 25th ACMSymp. Principles of Programming Languages, ACM Press, 1998, pp. 149-161.Google Scholar
  42. 42.
    Sun Microsystems, Connected, limited device configuration. Specification version 1.0, http://java.sun.com/aboutJava/communityprocess/final/jsr030/, May 2000.Google Scholar
  43. 43.
    Verificard project website in Munich, http://isabelle.in.tum.de/verificard/, 2002.Google Scholar
  44. 44.
    Wildmoser, M.: Subroutines and Java bytecode verification, Master's thesis, Technische Universität München, 2002.Google Scholar

Copyright information

© Kluwer Academic Publishers 2003

Authors and Affiliations

  • G. Klein
    • 1
  • M. Wildmoser
    • 1
  1. 1.Technische Universität MünchenGermany

Personalised recommendations