Java Bytecode Verification: An Overview

  • Xavier Leroy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2102)


Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper describes the main bytecode verification algorithms and surveys the variety of formal methods that have been applied to bytecode verification in order to establish its correctness.


Model Check Smart Card Register Type Object Reference Abstract Interpretation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In 26th symp. Principles of Progr. Lang, pages 147–160. ACM Press, 1999.Google Scholar
  2. 2.
    Y. Bertot. A Coq formalization of a type checker for object initialization in the Java virtual machine. Research report 4047, INRIA, 2000. Also published in the proceedings of CAV’01.Google Scholar
  3. 3.
    P. Brisset. Vers un vérifieur de bytecode Java certifié. Seminar given at Ecole Normale Supérieure, Paris, October 2nd 1998.Google Scholar
  4. 4.
    K. Brunnstein. Hostile ActiveX control demonstrated. RISKS Forum, 18(82), Feb. 1997.Google Scholar
  5. 5.
    Z. Chen. Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. The Java Series. Addison-Wesley, 2000.Google Scholar
  6. 6.
    R. Cohen. The defensive Java virtual machine specification. Technical report, Computational Logic Inc., 1997.Google Scholar
  7. 7.
    S. N. Freund and J. C. Mitchell. A type system for object initialization in the Java bytecode language. ACM Trans. Prog. Lang. Syst., 22(5), 2000.Google Scholar
  8. 8.
    L. Gong. Inside Java 2 platform security: architecture, API design, and implementation. The Java Series. Addison-Wesley, 1999.Google Scholar
  9. 9.
    J. A. Gosling. Java intermediate bytecodes. In Proc. ACM SIGPLAN Workshop on Intermediate Representations, pages 111–118. ACM, 1995.Google Scholar
  10. 10.
    M. Hagiya and A. Tozawa. On a new method for dataflow analysis of Java virtual machine subroutines. In G. Levi, editor, SAS’98, volume 1503 of LNCS, pages 17–32. Springer-Verlag, 1998.Google Scholar
  11. 11.
    N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symp. Principles of Progr. Lang, pages 365–377. ACM Press, 1998.Google Scholar
  12. 12.
    M. Huisman, B. Jacobs, and J. van den Berg. A case study in class library verification: Java’s Vector class. Technical Report CSI-R0007, Computing Science Institute, University of Nijmegen, 2000.Google Scholar
  13. 13.
    X. Leroy. On-card bytecode verification for Java Card. Submitted for publication, available from, 2001.
  14. 14.
    X. Leroy and F. Rouaix. Security properties of typed applets, volume 1603 of LNCS, pages 147–182. Springer-Verlag, 1999.Google Scholar
  15. 15.
    T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, 1999. Second edition.Google Scholar
  16. 16.
    G. McGraw and E. Felten. Securing Java. John Wiley & Sons, 1999.Google Scholar
  17. 17.
    S. S. Muchnick. Advanced compiler design and implementation. Morgan Kaufmann, 1997.Google Scholar
  18. 18.
    G. C. Necula. Proof-carrying code. In POPL’97, pages 106–119. ACM Press, 1997.Google Scholar
  19. 19.
    F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer-Verlag, 1999.Google Scholar
  20. 20.
    T. Nipkow. Verified bytecode verifiers. In Foundations of Software Science and Computation Structures (FOSSACS’01). Springer-Verlag, 2001. To appear.Google Scholar
  21. 21.
    R. O'Callahan. A simple, comprehensive type system for Java bytecode subroutines. In POPL’99, pages 70–78. ACM Press, 1999.Google Scholar
  22. 22.
    J. Posegga and H. Vogt. Java bytecode verification using model checking. In Workshop Fundamental Underpinnings of Java, 1998.Google Scholar
  23. 23.
    F. Pottier, C. Skalka, and S. Smith. A systematic approach to static access control. In D. Sands, editor, Proceedings of the 10th European Symposium on Programming (ESOP’01), volume 2028 of LNCS, pages 30–45. Springer-Verlag, 2001.Google Scholar
  24. 24.
    C. Pusch. Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL. In W. R. Cleaveland, editor, TACAS’99, volume 1579 of LNCS, pages 89–103. Springer-Verlag, 1999.Google Scholar
  25. 25.
    Z. Qian. A formal specification of Java virtual machine instructions for objects, methods and subroutines. In J. Alves-Foss, editor, Formal syntax and semantics of Java, volume 1523 of LNCS. Springer-Verlag, 1998.Google Scholar
  26. 26.
    Z. Qian. Standard fixpoint iteration for Java bytecode verification. ACM Trans. Prog. Lang. Syst., 22(4):638–672, 2000.CrossRefGoogle Scholar
  27. 27.
    E. Rose and K. Rose. Lightweight bytecode verification. In Workshop Fundamental Underpinnings of Java, 1998.Google Scholar
  28. 28.
    D. A. Schmidt. Data flow analysis is model checking of abstract interpretations. In POPL’98, pages 38–48. ACM Press, 1998.Google Scholar
  29. 29.
    R. Stata and M. Abadi. A type system for Java bytecode subroutines. ACM Trans. Prog. Lang. Syst., 21(1):90–137, 1999.CrossRefGoogle Scholar
  30. 30.
    Sun Microsystems. Java 2 platform micro edition technology for creating mobile devices. White paper,, 2000.
  31. 31.
    Trusted Logic. Off-card bytecode verifier for Java Card. Distributed as part of Sun’s Java Card Development Kit, 2001.Google Scholar
  32. 32.
    G. Vigna, editor. Mobile Agents and Security, volume 1419 of Lecture Notes in Computer Science. Springer-Verlag, 1998.Google Scholar
  33. 33.
    D. Volpano and G. Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of LNCS, pages 607–621. Springer-Verlag, 1997.Google Scholar
  34. 34.
    D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.Google Scholar
  35. 35.
    D. Walker. A type system for expressive security policies. In 27th symp. Principles of Progr. Lang, pages 254–267. ACM Press, 2000.Google Scholar
  36. 36.
    F. Yellin. Low level security in Java. In Proceedings of the Fourth International World Wide Web Conference, pages 369–379. O'Reilly, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Xavier Leroy
    • 1
  1. 1.INRIA Rocquencourt and Trusted Logic S.A.Le ChesnayFrance

Personalised recommendations