Skip to main content
SpringerLink
Log in

A Type System for the Java Bytecode Language and Verifier

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

The Java Virtual Machine executes bytecode programs that may have been sent from other, possibly untrusted, locations on the network. Since the transmitted code may be written by a malicious party or corrupted during network transmission, the Java Virtual Machine contains a bytecode verifier to check the code for type errors before it is run. As illustrated by reported attacks on Java run-time systems, the verifier is essential for system security. However, no formal specification of the bytecode verifier exists in the Java Virtual Machine Specification published by Sun. In this paper, we develop such a specification in the form of a type system for a subset of the bytecode language. The subset includes classes, interfaces, constructors, methods, exceptions, and bytecode subroutines. We also present a type checking algorithm and prototype bytecode verifier implementation, and we conclude by discussing other applications of this work. For example, we show how to extend our formal system to check other program properties, such as the correct use of object locks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bertelsen, P.: Dynamic semantics of Java bytecode, in Workshop on Principles of Abstract Machines, 1998.

  2. Bertot, Y.: Formalizing a JVML verifier for initialization in a theorem prover, in CAV 01: Computer Aided Verification, 2001, pp. 14-24.

  3. Bigliardi, G. and Laneve, C.: A type system for JVM threads, in Workshop on Types in Compilation, 2000.

  4. Börger, E. and Schulte, W.: Programmer friendly modular definition of the semantics of Java, in J. Alves-Foss (ed.), Formal Syntax and Semantics of Java, Lecture Notes in Comput. Sci. 1523, Springer-Verlag, 1999, pp. 353-404.

  5. Coglio, A.: Simple verification technique for complex Java bytecode subroutines, in Proc. 4th ECOOP Workshop on Formal Techniques for Java-like Programs, 2002.

  6. Coglio, A. and Goldberg, A.: Type safety in the JVM: Some problems in the Java 2 SDK 1.2 and proposed solutions, Concurrency and Computation: Practice and Experience 13(13) (2001), 1153-1171.

    Article  MATH  Google Scholar 

  7. Coglio, A., Goldberg, A. and Qian, Z.: Toward a provably-correct implementation of the JVM bytecode verifier, in Workshop on the Formal Underpinnings of the Java Paradigm, 1998.

  8. Cohen, R.: Defensive Java Virtual Machine version 0.5 alpha release, available from http://www.cli.com/software/djvm/index.html, 1997.

  9. Czajkowski, G. and von Eicken, T.: JRes: A resource accounting interface for Java, in Proceedings of the ACM Conference on Object Oriented Languages and Systems, 1998, pp. 21-35.

  10. Dean, D.: The security of static typing with dynamic linking, in Proceedings of the Fourth ACM Conference on Computer and Communications Security, 1997, pp. 18-27.

  11. Dean, D., Felten, E. W. and Wallach, D. S.: Java security: From HotJava to Netscape and beyond, in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 1996, pp. 190-200.

  12. Dean, R. D.: Formal aspects of mobile code security, Ph.D. thesis, Princeton University, 1999.

  13. Drossopoulou, S.: An abstract model of Java dynamic linking, loading and verification, in R. Harper (ed.), Workshop on Types in Compilation, Lecture Notes in Comput. Sci. 2071, 2001, pp. 53-84.

  14. Drossopoulou, S. and Eisenbach, S.: Java is type safe - probably, in European Conference On Object Oriented Programming, 1997, pp. 389-418.

  15. Freund, S. N.: Type systems for object-oriented intermediate languages, Ph.D. thesis, Stanford University, 2000.

  16. Freund, S. N. and Mitchell, J. C.: A formal framework for the Java bytecode language and verifier, in Proceedings of the ACM Conference on Object-Oriented Programming: Languages, Systems, and Applications, 1999.

  17. Freund, S. N. and Mitchell, J. C.: Specification and verification of Java bytecode subroutines and exceptions, Stanford Computer Science Technical Note STAN-CS-TN-99-91, 1999.

  18. Freund, S. N. and Mitchell, J. C.: A type system for object initialization in the Java bytecode language, ACM Transactions on Programming Languages and Systems 21(6) (1999), 1196-1250.

    Article  Google Scholar 

  19. Ghemawat, S.: Srcjava implementation, 1999. Available from http://www.research. digital.com/SRC/java.

  20. Goldberg, A.: A specification of Java loading and bytecode verification, in ACM Conference on Computer and Communication Security, 1998, pp. 49-58.

  21. Hagiya, M. and Tozawa, A.: On a new method for dataflow analysis of Java virtual machine subroutines, in Static Analysis Symposium, 1998, pp. 17-32.

  22. Jensen, T., Metayer, D. L. and Thorn, T.: Security and dynamic class loading in Java: A formalisation, in Proceedings of the International Conference on Computer Languages, 1998, pp. 4-15.

  23. Jones, M.: The functions of Java bytecode, in Workshop on the Formal Underpinnings of the Java Paradigm, 1998.

  24. Kildall, G. A.: A unified approach to global program optimization, in Proceedings of ACM Symposium on Principles of Programming Languages, 1973, pp. 194-206.

  25. Klein, G. and Nipkow, T.: Verified bytecode verifiers, Theoret. Comput. Sci. (2002). To appear.

  26. Klein, G. and Wildmoser, M.: Verified bytecode subroutines, J. Automated Reasoning (2003). To appear.

  27. Leroy, X.: Java bytecode verification: An overview, in CAV 01: Computer Aided Verification, 2001, pp. 265-285.

  28. Leroy, X.: Java bytecode verification: Algorithms and formalizations, J. Automated Reasoning (2003). To appear.

  29. Lindholm, T. and Yellin, F.: The Java Virtual Machine Specification, 2nd edn, Addison-Wesley, 1999.

  30. Morrisett, G., Crary, K., Glew, N. and Walker, D.: From system F to typed assembly language, in Proceedings of the ACM Symposium on Principles of Programming Languages, 1998, pp. 85-97.

  31. Nipkow, T. and von Oheimb, D.: Javalight is type-safe - definitely, in Proceedings of the ACM Symposium on Principles of Programming Languages, 1998, pp. 161-170.

  32. O'Callahan, R.: A simple, comprehensive type system for Java bytecode subroutines, in Proceedings of the ACM Symposium on Principles of Programming Languages, 1999, pp. 70-78.

  33. Platt, D.: Introduducing Microsoft. NET, Microsoft Press, 2001.

  34. Posegga, J. and Vogt, H.: Byte code verification for Java smart cards based on model checking, in 5th European Symposium on Research in Computer Security (ESORICS), 1998, pp. 175-190.

  35. Pusch, C.: Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL, in Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems, 1999, pp. 89-103.

  36. Qian, Z.: A formal specification of Java Virtual Machine instructions for objects, methods and subrountines, in J. Alves-Foss (ed.), Formal Syntax and Semantics of Java, Lecture Notes in Comput. Sci. 1523, Springer-Verlag, 1999, pp. 271-312.

  37. Qian, Z.: Standard fixpoint iteration for Java bytecode verification, ACM Transactions on Programming Languages and Systems 22(4) (2000), 638-672.

    Article  Google Scholar 

  38. Qian, Z., Goldberg, A. and Coglio, A.: A formal specification of Java class loading, in Proc. 15th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, 2000, pp. 325-336.

  39. Rose, E. and Rose, K. H.: Toward a provably-correct implementation of the JVM bytecode verifier, in Workshop on the Formal Underpinnings of the Java Paradigm, 1998.

  40. Sirer, E. G., McDirmid, S. and Bershad, B.: Kimera: A Java system architecture, 1997. Available from http://kimera.cs.washington.edu.

  41. Stärk, R., Schmid, J. and Börger, E.: Java and the Java Virtual Machine - Definition, Verification, Validation, Springer-Verlag, 2001.

  42. Stärk, R. F. and Schmid, J.: Completeness of a bytecode verifier and a certifying Java-to-JVM compiler, J. Automated Reasoning (2003). To appear.

  43. Stata, R. and Abadi, M.: A type system for Java bytecode subroutines, ACM Transactions on Programming Languages and Systems 21(1) (1999), 90-137.

    Article  Google Scholar 

  44. Syme, D.: Proving Java type soundness, Technical Report 427, University of Cambridge, 1997.

  45. Tarjan, R. E.: A unified approach to path problems, J. ACM 28 (1981), 577-593.

    Article  MATH  MathSciNet  Google Scholar 

  46. Tozawa, A. and Hagiya, M.: Careful analysis of type spoofing, in Java-Informations-Tage, 1999, pp. 290-296.

  47. Wallach, D. S. and Felten, E.W.: Understanding Java stack inspection, in Proceedings of IEEE Symposium on Security and Privacy, 1998, pp. 52-63.

  48. Xi, H. and Pfenning, F.: Dependent types in practical programming, in Proceedings of the ACM Symposium on Principles of Programming Languages, 1999, pp. 214-227.

  49. Yelland, P.: A compositional account of the Java Virtual Machine, in Proceedings of the ACM Symposium on Principles of Programming Languages, 1999, pp. 57-69.

Download references

Author information

Authors and Affiliations

  1. Williams College, USA

    Stephen N. Freund

  2. Stanford University, USA

    John C. Mitchell

Authors
  1. Stephen N. Freund
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John C. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Freund, S.N., Mitchell, J.C. A Type System for the Java Bytecode Language and Verifier. Journal of Automated Reasoning 30, 271–321 (2003). https://doi.org/10.1023/A:1025011624925

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1025011624925

Search

Navigation