On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines

  • Masami Hagiya
  • Akihiko Tozawa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1503)


The bytecode verifier of the Java Virtual Machine, which statically checks the type safety of Java bytecode, is the basis of the security model of Java and guarantees the safety of mobile code sent from an untrusted remote host. However, the type system for Java bytecode has some technical problems, one of which is in the handling of sub-routines. Based on the work of Stata and Abadi and that of Qian, this paper presents yet another type system for Java Virtual Machine sub-routines. Our type system includes types of the form last(x). A value whose type is last(x) is the same as that of the x-th variable of the caller of the subroutine. In addition, we represent the type of a return address by the form return(n), which means returning to the n-th outer caller. By virtue of these types, we can analyze instructions purely in terms of type, and as a result the correctness proof of bytecode verification becomes extremely simple. Moreover, for some programs, our method is more powerful than existing ones. In particular, our method has no restrictions on the number of entries and exits of a subroutine.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Richard M. Cohen: The Defensive Java Virtual Machine Specification, Version Alpha 1 Release, DRAFT VERSION, 1997.
  2. 2.
    Drew Dean: The Security of Static Typing with Dynamic Linking, Fourth ACM Conference on Computer and Communication Security, 1997, pp.18–27.
  3. 3.
    Sophia Drossopoulou and Susan Eisenbach: Java is Type Safe-Probably, ECOOP’97-Object-Oriented Programming, Lecture Notes in Computer Science, Vol.1241, 1997, pp.389–418.\#ecoop CrossRefGoogle Scholar
  4. 4.
    Sophia Drossopoulou, Susan Eisenbach and Sarfraz Khurshid: Is the Java Type System Sound? Proceedings of the Fourth International Workshop on Foundations of Object-Oriented Languages, 1997.\#tapos
  5. 5.
    Allen Goldberg: A Specification of Java Loading and Bytecode Verification, 1997.
  6. 6.
    James Gosling, Bill Joy and Guy Steele: The Java TM Language Specification, Addison-Weslay, 1996.Google Scholar
  7. 7.
  8. 8.
    Tim Lindholm and Frank Yellin: The Java TM Virtual Machine Specification, Addison-Weslay, 1997.Google Scholar
  9. 9.
    Gary McGraw and Edward W. Felten: Java Security: Hostile Applets, Holes and Antidotes, John Wiley and Sons, 1996.Google Scholar
  10. 10.
    George C. Necula: Proof-Carrying Code, the Proceedings of the 24th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1997, pp.106–117.Google Scholar
  11. 11.
    George C. Necula, Peter Lee: The Design and Implementation of a Certifying Compiler, submitted to PLDI’98.Google Scholar
  12. 12.
    Tobias Nipkow and David von Oheimb: Javalight is Type-Safe-Definitely, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.161–170.Google Scholar
  13. 13.
    Zhenyu Qian: A Formal Specification of JavaTM Virtual Machine Instructions, 1997.
  14. 14.
    Vijay Saraswat: Java is not type-safe, 1997.
  15. 15.
    Secure Internet Programming: http://www.cs.princeton/edu/sip/
  16. 16.
    Raymie Stata and Martín Abadi: A Type System for Java Bytecode Subroutines, Proceedings of the 25th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998, pp.149–160.Google Scholar
  17. 17.
    Don Syme: Proving Java Type Soundness, 1997.

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Masami Hagiya
    • 1
  • Akihiko Tozawa
    • 1
  1. 1.Department of Information Science, Graduate School of ScienceUniversity of TokyoJapan

Personalised recommendations