cs205: engineering software university of virginia fall 2006
cs205: engineering software 1

• 0: nop
• 1-20: putting constants on the stack
• 96-119: arithmetic on ints, longs, floats, doubles
• What other kinds of instructions do we need?
cs205: engineering software 2

• Loading and Storing Variables (65 instructions)
• Control Flow (~20 instructions)
– if, goto, return
• Method Calls (4 instructions)
• Creating objects (1 instruction)
• Using object fields (4 instructions)
• Arrays (3 instructions)
• checkcast, instanceof cs205: engineering software 3

• iload <varnum>
– Pushes the int in local variable
<varnum> (1 byte) on the stack
• istore <varnum>
– Pops the int on the top of the stack and stores it in local variable <varnum>
What if you have more than
256 local variables?
cs205: engineering software 4

Method void main(java.lang.String[])
0 iconst_2 public class Locals1 {
1 istore_1
2 iconst_3
3 istore_2
4 iload_1
5 iload_2 static public void main (String args[]) { int a = 2; int b = 3; int c = a + b;
6 iadd
7 istore_3
System.err.println ("c: " + c); } }
8 getstatic #2 <Field java.io.PrintStream err>
11 new #3 <Class java.lang.StringBuffer>
14 dup
15 invokespecial #4 <Method java.lang.StringBuffer()>
18 ldc #5 <String "c: ">
20 invokevirtual #6 <Method java.lang.StringBuffer append(java.lang.String)>
23 iload_3
24 invokevirtual #7 <Method java.lang.StringBuffer append(int)>
27 invokevirtual #8 <Method java.lang.String toString()>
30 invokevirtual #9 <Method void println(java.lang.String)>
33 return cs205: engineering software 5

• ifeq <label>
Pop an int off the stack. If it is zero, jump to the label. Otherwise, continue normally.
• if_icmple <label>
Pop two ints off the stack. If the second one is <= the first one, jump to the label. Otherwise, continue normally.
cs205: engineering software 6

• invokevirtual <method>
– Invokes the method <method> on the parameters and object on the top of the stack.
– Finds the appropriate method at runtime based on the actual type of the this object.
invokevirtual <Method void println(java.lang.String)> cs205: engineering software 7

• invokestatic <method>
– Invokes a static (class) method
<method> on the parameters on the top of the stack.
– Finds the appropriate method at runtime based on the actual type of the this object.
cs205: engineering software 8

public class Sample1 { static public void main (String args[]) {
System.err.println ("Hello!");
System.exit (1);
}
} cs205: engineering software 9

> javap -c Sample1
Compiled from Sample1.java
public class Sample1 { static public void main (String args[]) {
System.err.println ("Hello!");
System.exit (1); } } public class Sample1 extends java.lang.Object { public Sample1(); public static void main(java.lang.String[]);
}
Method Sample1()
0 aload_0
1 invokespecial #1 <Method java.lang.Object()>
4 return
Method void main(java.lang.String[])
0 getstatic #2 <Field java.io.PrintStream err>
3 ldc #3 <String "Hello!">
5 invokevirtual #4 <Method void println(java.lang.String)>
8 iconst_1
9 invokestatic #5 <Method void exit(int)>
12 return cs205: engineering software 10

http://java.sun.com/docs/books/vmspec/2nd-edition/html/Instructions2.doc7.html
jsr [branchbyte1] [branchbyte2]
Operand Stack
...  ..., address
Description
The address of the opcode of the instruction immediately following this
jsr instruction is pushed onto the operand stack as a value of type returnAddress . The unsigned branchbyte1 and branchbyte2 are used to construct a signed 16-bit offset, where the offset is (branchbyte1 << 8)
| branchbyte2. Execution proceeds at that offset from the address of this jsr instruction. The target address must be that of an opcode of an instruction within the method that contains this jsr instruction.
Notes
The jsr instruction is used with the ret instruction in the implementation of the finally clauses of the Java programming language. Note that jsr pushes the address onto the operand stack and ret gets it out of a local variable. This asymmetry is intentional. cs205: engineering software 11

public class JSR { static public void main (String args[]) { try {
System.out.println("hello");
} catch (Exception e) {
System.out.println ("There was an exception!");
} finally {
System.out.println ("I am finally here!");
}
}
} cs205: engineering software 12

Method void main(java.lang.String[])
0 getstatic #2 <Field java.io.PrintStream out>
3 ldc #3 <String "hello"> public class JSR {
8 jsr 35
11 goto 46
14 astore_1
15 getstatic #2 <Field java.io.PrintStream out>
}
System.out.println("hello");
5 invokevirtual #4 <Method void println(java.lang.String)>
}
System.out.println (“... exception!");
} finally {
System.out.println ("I am finally");
18 ldc #6 <String "There was an exception!">
20 invokevirtual #4 <Method void println(java.lang.String)>
23 jsr 35
26 goto 46
29 astore_2
30 jsr 35
33 aload_2
34 athrow
35 astore_3
39 ldc #7 <String "I am finally here!">
41 invokevirtual #4 <Method void println(java.lang.String)>
44 ret 3
46 return
Exception table: from to target type
0 8 14
36 getstatic #2 <Field java.io.PrintStream out>
<Class java.lang.Exception>
0 11 29 any
14 26 29 any
29 33 29 any cs205: engineering software 13

malcode.java
javac
Compiler
Trusted Computing Base malcode.class
JVML
Java Bytecode Verifier
Invalid
“Okay”
STOP
JavaVM
Joe User cs205: engineering software 14

.method public static main([Ljava/lang/String;)V
… iconst_2 aload_0 iconst_2 iconst_3 iadd
Exception in thread "main" java.lang.VerifyError:
(class: Simple, method: main signature:
([Ljava/lang/String;)V)
Register 0 contains wrong type
… return
.end method
> java –noverify Simple result: 5 cs205: engineering software 15

.method public static main([Ljava/lang/String;)V
… ldc 205 istore_0 aload_0 iconst_2 iconst_3 iadd
…
.end method
> java –noverify Simple
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION
(0xc0000005) occurred at PC=0x809DCEB
Function=JVM_FindSignal+0x1105F
Library=C:\j2sdk1.4.2\jre\bin\client\jvm.dll
Current Java thread: at Simple.main(Simple.java:7)
…
#
# HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode) cs205: engineering software 16

• Checks class file is formatted correctly
– Magic number: class file starts with
0xCAFEBABE
– String table, code, methods, etc.
• Checks JVML code satisfies safety properties
– Simulates program execution to know types are correct, but doesn’t need to examine any instruction more than once cs205: engineering software 17

• Type safe
– Stack and variable slots must store and load as same type
• Memory safe
– Must not attempt to pop more values from stack than are on it
– Doesn’t access private fields and methods outside class implementation
• Control flow safe
– Jumps must be to valid addresses within function, or call/return cs205: engineering software 18

• The bytecode verifier verifies type safety for all possible executions of the program
• Since there are infinitely many paths through the program, how is this possible?
cs205: engineering software 19

JVML programs
Safe programs
Verifiable programs cs205: engineering software
(Slide from Nate
Paul’s ACSAC talk)
20

JVML programs
Safe programs
Verifiable programs cs205: engineering software
Bug (Slide from Nate
Paul’s ACSAC talk)
21

15
10
5
30
25
20
45
40
35
0
0
July 1996
1 2 3 4 5 6
Years Since First Release
7 8 9
July 2005 cs205: engineering software 22

Verification
API bugs
Class loading
Other or unknown
Missing policy checks
Configuration
DoS attacks (crash, consumption) several of these were because of jsr complexity cs205: engineering software
12
10
8
2
3
4
5
23

• Low-level Code Safety:
– Type safety, memory safety, control flow safety
– Needed to prevent malcode from circumventing any policy mechanism
• Policy Security:
– Control access and use of resources
(files, network, display, etc.)
– Enforced by Java class
– Hard part is deciding on a good policy cs205: engineering software 24

• Monday:
– Quiz 4: will cover through Friday’s lecture on the Java bytecode verifier
– Using CVS (Dan)
• Friday: project design documents due cs205: engineering software 25