1# LyX 1.1 created this file. For more info see http://www.lyx.org/ 2# 3# Licensed to the Apache Software Foundation (ASF) under one or more 4# contributor license agreements. See the NOTICE file distributed with 5# this work for additional information regarding copyright ownership. 6# The ASF licenses this file to You under the Apache License, Version 2.0 7# (the "License"); you may not use this file except in compliance with 8# the License. You may obtain a copy of the License at 9# 10# http://www.apache.org/licenses/LICENSE-2.0 11# 12# Unless required by applicable law or agreed to in writing, software 13# distributed under the License is distributed on an "AS IS" BASIS, 14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15# See the License for the specific language governing permissions and 16# limitations under the License. 17 18\lyxformat 218 19\textclass scrbook 20\begin_preamble 21 22\end_preamble 23\language english 24\inputencoding latin1 25\fontscheme default 26\graphics default 27\float_placement !htp 28\paperfontsize default 29\spacing single 30\papersize Default 31\paperpackage a4wide 32\use_geometry 0 33\use_amsmath 0 34\paperorientation portrait 35\secnumdepth 2 36\tocdepth 2 37\paragraph_separation indent 38\defskip medskip 39\quotes_language english 40\quotes_times 2 41\papercolumns 1 42\papersides 2 43\paperpagestyle default 44 45\layout Subject 46 47 48\emph on 49Diplomarbeit 50\layout Title 51 52JustIce 53\newline 54 55\size small 56A Free Class File Verifier for Java 57\latex latex 58 59\backslash 60texttrademark\SpecialChar ~ 61 62\layout Author 63 64Enver Haase 65\newline 66 67\size tiny 68<ehaase@inf.fu-berlin.de> 69\layout Date 70 71September 2001 72\layout Publishers 73 74Freie Universit�t Berlin 75\newline 76Institut f�r Informatik 77\newline 78Takustra�e 9 79\newline 80D-14195 Berlin 81\layout Lowertitleback 82 83 84\series bold 85\size scriptsize 86Revision 87\series default 88 89\series bold 90\shape smallcaps 91$Id$ 92\layout Minisec 93 94Erkl�rung 95\begin_float footnote 96\layout Standard 97 98I declare that I wrote this 99\emph on 100Diplomarbeit 101\emph default 102 completely on my own and without the help of persons not listed. 103 All sources of information are listed in the Bibliography section. 104\end_float 105\layout Standard 106 107Hiermit versichere ich, die vorliegende Diplomarbeit selbst�ndig und ohne 108 fremde Hilfe verfa�t zu haben. 109 Es wurden nur die in der Bibliographie angegebenen Quellen benutzt. 110\layout Minisec 111 112Danksagung 113\begin_float footnote 114\layout Standard 115 116The creation of this 117\emph on 118Diplomarbeit 119\emph default 120 paper was supported and supervised by Prof. 121 Dr. 122 Elfriede Fehr and Dipl.-Inform. 123 Markus Dahm. 124 Keith Seymour suggested a lot of language-related improvements. 125 Thank you. 126\end_float 127\layout Standard 128 129W�hrend der Anfertigung dieser Diplomarbeit wurde ich von Prof. 130 Dr. 131 Elfriede Fehr und Dipl.-Inform. 132 Markus Dahm betreut, wof�r ich mich an dieser Stelle herzlich bedanke. 133\layout Standard 134 135Desweiteren bedanke ich mich bei Keith Seymour, der mir eine Reihe sprachspezifi 136scher Verbesserungsvorschl�ge sandte. 137\layout Minisec 138 139Autor 140\begin_float footnote 141\layout Standard 142 143Author 144\end_float 145\layout Standard 146 147Enver Haase 148\newline 149Gubener Stra�e 18 150\newline 151D-10243 Berlin 152\newline 153 154\layout Standard 155 156 157\begin_inset LatexCommand \tableofcontents{} 158 159\end_inset 160 161 162\layout Addchap 163 164Abstract 165\layout Standard 166 167When Sun Microsystems developed their 168\emph on 169Java Platform 170\emph default 171 in the early 1990s, it was originally designed for use in networked and 172 embedded consumer-electronics applications. 173 But when they introduced it around 1995, it quickly became used in World 174 Wide Web browser software. 175 This was a way to bring interactive content to demanding World Wide Web 176 users. 177 Sun took great care for the robustness of the platform: they planned to 178 connect embedded devices and let them share data and code over a network. 179 Defective devices transmitting bad data or unreliable network connections 180 should not cause other devices to crash. 181 This property made Java a good choice for the code-executing engine in 182 World Wide Web browsers: defective server software or transmission errors 183 would not cause the 184\emph on 185Java Platform 186\emph default 187 to crash; this is also true for purposely malicious code hidden on the 188 Web. 189 The code-executing part of the 190\emph on 191Java Platform 192\emph default 193 is called 194\emph on 195The Java Virtual Machine 196\emph default 197 (the 198\emph on 199JVM 200\emph default 201, for short). 202 This execution engine has to assure that the code to be executed is well-behave 203d; it has to 204\emph on 205verify 206\emph default 207 the code. 208 Therefore, the 209\emph on 210verifier 211\emph default 212 is an integral part of every JVM, but JustIce implements a verifier that 213 is not integrated in a JVM. 214 It was implemented using a software library called the 215\emph on 216Byte Code Engineering Library 217\emph default 218 (the 219\emph on 220BCEL 221\emph default 222, for short) by Markus Dahm 223\begin_inset LatexCommand \cite{BCEL98,BCEL-WWW} 224 225\end_inset 226 227. 228\layout Standard 229 230The BCEL is intended to give users a convenient mechanism to analyze, create 231 and manipulate (binary) Java class files. 232 It offers an object-oriented view of otherwise raw data, including program 233 code. 234 This library is, therefore, well-respected especially in the compiler-writer 235 community whenever the JVM is chosen as the target machine of the compiler. 236 Compiler back-ends use the BCEL to produce code for the JVM; and as new 237 compilers may be faulty, they may produce bad code. 238 Testing these compilers often is a difficult task. 239 The generated code should not only be semantically correct, but it also 240 has to pass the verifiers of all existing JVM implementations. 241 Normally, a lot of human interaction is required to run test cases. 242 If the code is rejected by a verifier, one often does not know why. 243 Most verifiers emit error messages which do not identify the offending 244 instruction. 245\layout Standard 246 247JustIce presents an Application Programming Interface (API) that may be 248 used to automate the procedure sketched above. 249 The constraints imposed on class files are designed to be strict, therefore 250 eleminating the need to run several verifiers on the generated code. 251 If code passes the JustIce verifier, it should pass all other verifiers. 252 JustIce was also designed to output human-understandable messages if the 253 verification of some code fails. 254\layout Standard 255 256The application range of JustIce is not limited to compiler back-ends, in 257 the same sense as the BCEL is not only useful in this area. 258 Transformations of existing code and even generation of hand-crafted code 259 fall into its scope, too. 260 As a side effect, JustIce exports some data structures such as a control 261 flow graph; so its API may also be used for applications targeting other 262 problem areas such as static analyses of program code. 263\layout Chapter 264 265Introduction 266\layout Section 267 268Low Level Security as a Part of a Many-Tiered Strategy 269\layout Standard 270 271The Java programming language is well-known for its inherent security facilities 272 such as the lack of pointer arithmetic or the need for memory allocation 273 and deallocation. 274 Lesser known is that this is only the top of an iceberg; the 275\emph on 276Java Platform 277\emph default 278 implements a many-tiered security strategy 279\begin_inset LatexCommand \cite{Yellin-WWW} 280 281\end_inset 282 283. 284 It was designed to run even untrusted code -- code that possibly was not 285 produced by a compiler for the Java programming language, code that may 286 be corrupt or code that may have malicious intent (such as stealing credit 287 card number information from a hard disk drive). 288 Three considerations were made: 289\layout Itemize 290 291Untrusted code could damage hardware, software, or information on the host 292 machine. 293\layout Itemize 294 295It could pass unauthorized information to anyone. 296\layout Itemize 297 298It could cause the host machine to become unusable through resource depletion. 299\layout Standard 300 301While some security features such as type-safety or the already-mentioned 302 lack of pointer arithmetic of the Java programming language are a convenient 303 help for programmers, they can only help to reduce programming errors. 304 Of course these features do not help targeting the above problems. 305 At a lower level, however, the 306\emph on 307Java Plat\SpecialChar \- 308form 309\emph default 310 implements a so-called sandbox: an area where code can be executed but 311 that has well-defined boundaries shielding the rest of the system. 312 This is achieved by means of a 313\emph on 314Java Virtual Machine 315\emph default 316 (JVM) emulation; the host platform does not directly run untrusted code, 317 but a 318\emph on 319run-time system 320\emph default 321 which in turn runs the code, restricting its access to system resources. 322\layout Standard 323 324A run-time system cannot safely assume that untrusted code is well-behaved. 325 Code could cause stack overflows, stack underruns, or otherwise erroneous 326 behaviour that may bring the run-time system into an undefined state -- 327 possibly allowing access to protected memory areas. 328 One could protect the run-time system by letting it predict the effects 329 of every single instruction just in time while actually executing it -- 330 but that would be too time-consuming to be applicable in practice. 331\layout Standard 332 333Therefore, good behaviour of program code has to be enforced 334\emph on 335before 336\emph default 337 it is actually executed -- at least as far as this is possible. 338 This is the lowest level of Java security; there has to be an integral 339 component in every JVM implementation doing so ( 340\begin_inset LatexCommand \cite{vmspec2} 341 342\end_inset 343 344, page 420). 345 This part of the JVM is called the 346\emph on 347class file verifier 348\emph default 349, yet better known as the 350\emph on 351bytecode verifier. 352 353\emph default 354Technically speaking, bytecode verification is only a part of class file 355 verification so 356\emph on 357class file verifier 358\emph default 359 is a more embracing term. 360 JustIce implements a whole class file verifier. 361\layout Standard 362 363\begin_float fig 364\layout Standard 365\align center 366 367\begin_inset Figure size 595 396 368file chap1.eps 369width 3 100 370flags 9 371 372\end_inset 373 374 375\layout Caption 376 377Concept of Class File Verification 378\end_float 379\layout Section 380 381Why Another Verifier? 382\layout Standard 383 384As said before, every JVM implementation must contain a class file verifier, 385 so it is reasonable to ask for the motivation behind creating just another 386 class file verifier -- especially one that is 387\emph on 388not 389\emph default 390 part of a JVM implementation. 391\layout Subsection 392 393Bytecode Engineers Need JustIce 394\layout Standard 395 396Shortly after the 397\emph on 398Java Platform 399\emph default 400 was introduced, it was adopted with pleasure because of its inherent independen 401ce from operating systems and concrete hardware. 402 Industry and educational institutions with heterogenous networked computers 403 could now run the same software program on different host machines. 404 Soon, many efforts were put into research and development of compilers 405 for programming languages other than the Java programming language that 406 use the JVM bytecode as target. 407\layout Standard 408 409Nowadays, many other programming languages do have the JVM as its target 410 platform; e.g. 411 Fortran 412\begin_inset LatexCommand \cite{f2j} 413 414\end_inset 415 416, Ada 417\begin_inset LatexCommand \cite{AppMag-WWW} 418 419\end_inset 420 421, Scheme 422\begin_inset LatexCommand \cite{KAWA-WWW} 423 424\end_inset 425 426 or modified Java language versions 427\begin_inset LatexCommand \cite{GJ-WWW,PMG-WWW} 428 429\end_inset 430 431. 432 A vast collection of programming languages targeting the JVM can be found 433 on the World Wide Web 434\begin_inset LatexCommand \cite{PL4JVM} 435 436\end_inset 437 438. 439\layout Standard 440 441All these compilers emit code for the JVM -- and so all these compilers 442 have to pass the JVM's verifier. 443 Implementors of such compilers have to consider the security related constraint 444s the JVM poses on the generated code. 445 It is difficult to test if the emitted code works on all JVM implementations, 446 passing all JVM verifier implementations. 447 This is especially problematic if not all of the project's class files 448 are loaded into the JVM during a test run, because then they will not be 449 verified. 450\layout Standard 451 452Having an opportunity to verify the transitive hull of referenced class 453 files (starting with some main class file) would be of help; JustIce offers 454 it. 455\layout Standard 456 457The Bytecode Engineering Library by Markus Dahm is often used as a compiler 458 back-end to emit code, but it is also used to hand-craft code or to implement 459 bytecode transformations. 460 Because JustIce works closely together with the BCEL, users of the BCEL 461 do not even have to leave their development environment to run the JustIce 462 verifier. 463\layout Standard 464 465To our knowledge, JustIce is the only implementation of a Java class file 466 verifier that was written in the Java programming language 467\begin_inset LatexCommand \cite{langspec2} 468 469\end_inset 470 471 itself 472\begin_float footnote 473\layout Standard 474 475In a personal communication, Robert St�rk told the author that there was 476 a Java implementation of the verifier discussed in 477\begin_inset LatexCommand \cite{JBook} 478 479\end_inset 480 481, written by Joachim Schmid using the BCEL. 482 However, it is not released for public use yet. 483\end_float 484. 485 Because of its 486\emph on 487Verification API 488\emph default 489, it can be included in other software projects written in Java with more 490 ease than any other verifier implementation in a different programming 491 language could provide. 492\layout Subsection 493 494JustIce is Verbose 495\layout Standard 496 497Usually, when classes pass the verifier, it is mute. 498 JustIce, in contrast, distinguishes between verification results and messages. 499 Messages are often warnings, but the reason for emitting such a warning 500 instead of a negative verification result is because the class file does 501 not pose a threat to the integrity of the JVM and thus does not have to 502 be rejected. 503\layout Standard 504 505When a verification error occurs and the class file is rejected, even the 506 built-in verifiers usually produce some output saying so. 507 As an example, consider the following verifier run: 508\newline 509 510\newline 511 512\family typewriter 513ehaase@haneman:/home/ehaase > java Cc 514\newline 515Exception in thread "main" java.lang.VerifyError: 516\newline 517(class: Cc, method: ttt signature: ()V) 518\newline 519Recursive call to jsr entry 520\family default 521 522\newline 523 524\latex latex 525 526\newline 527 528\layout Standard 529 530One might ask 531\emph on 532which 533\emph default 534 535\begin_inset Quotes eld 536\end_inset 537 538jsr entry 539\begin_inset Quotes erd 540\end_inset 541 542 (a branch target of a 543\latex latex 544 545\backslash 546texttt{jsr} 547\latex default 548 or a 549\latex latex 550 551\backslash 552texttt{jsr 553\backslash 554_w} 555\latex default 556 instruction) is called recursively and which instructions may be responsible 557 for this. 558 Compare this to JustIce's output: 559\newline 560 561\newline 562[...] 563\layout Standard 564 565 566\family typewriter 567Pass 3b, method number 0 ['public static void ttt()']: 568\layout Standard 569 570 571\family typewriter 572VERIFIED_REJECTED 573\layout Standard 574 575 576\family typewriter 577Constraint violated in method 'public static void ttt()': 578\layout Standard 579 580 581\family typewriter 582Subroutine with local variable '1', JSRs '[ 36: jsr[168](3) -> astore_1, 583 8: jsr[168](3) -> astore_1, 30: jsr[168](3) -> astore_1, 23: jsr[168](3) 584 -> astore_1]', RET ' 62: ret[169](2) 1' is called by a subroutine which 585 uses the same local variable index as itself; maybe even a recursive call? 586 JustIce's clean definition of a subroutine forbids both. 587\newline 588 589\family default 590[...] 591\layout Standard 592 593 594\family typewriter 595Warnings: 596\layout Standard 597 598 599\family typewriter 600Pass 2: Attribute 'LineNumber(0, 4), LineNumber(0, 5), LineNumber(15, 8), 601 LineNumber(39, 11), LineNumber(47, 12), LineNumber(57, 13), LineNumber(64, 602 15)' as an attribute of Code attribute '<CODE>' (method 'public static 603 void ttt()') will effectively be ignored and is only useful for debuggers 604 and such. 605\layout Standard 606 607 608\family typewriter 609Pass 2: Attribute 'LineNumber(0, 1), LineNumber(4, 1)' as an attribute of 610 Code attribute '<CODE>' (method 'public void <init>()') will effectively 611 be ignored and is only useful for debuggers and such. 612\layout Standard 613 614 615\family typewriter 616Pass 3a: LineNumberTable attribute 'LineNumber(0, 4), LineNumber(0, 5), 617 LineNumber(15, 8), LineNumber(39, 11), LineNumber(47, 12), LineNumber(57, 618 13), LineNumber(64, 15)' refers to the same code offset ('0') more than 619 once which is violating the semantics [but is sometimes produced by IBM's 620 'jikes' compiler]. 621\newline 622 623\layout Standard 624 625This output obviously has an answer to the above question; it shows the 626 only 627\latex latex 628 629\backslash 630texttt{jsr} 631\latex default 632 or 633\latex latex 634 635\backslash 636texttt{jsr 637\backslash 638_w} 639\latex default 640 instructions possibly responsible for a recursive call (which is not allowed 641 by the specification of the JVM). 642 For the special --but clean-- definition of subroutines JustIce uses, please 643 see section 644\begin_inset LatexCommand \ref{Subroutines_Def} 645 646\end_inset 647 648. 649\layout Standard 650 651Note also the warning messages. 652 Class files that were not generated by Sun's 653\emph on 654javac 655\emph default 656 compiler have a tendency to look a little different in some corner cases. 657 IBM's 658\emph on 659jikes 660\emph default 661 compiler, for instance, produces LineNumberTable attributes (see 662\begin_inset LatexCommand \ref{LineNumberTableAttribute} 663 664\end_inset 665 666) which look different from those created by 667\emph on 668javac 669\emph default 670. 671 Detecting such differences is desirable because future JVMs will have stricter 672 verification checks 673\begin_float footnote 674\layout Standard 675 676The Solaris port of Sun's JVM, version 1.3.0_01, already has (some of) the 677 stricter checks built in. 678 You may enable them using the command-line option '-Xfuture'. 679 Nothing about this issue is mentioned in the specification 680\begin_inset LatexCommand \cite{vmspec2} 681 682\end_inset 683 684. 685\end_float 686 (which most old 687\emph on 688javac 689\emph default 690-compiled class files will probably still pass). 691 JustIce guides bytecode engineers to create class files that are indistinguisha 692ble from those created by 693\emph on 694javac 695\emph default 696 to retain compatibility with Sun's future JVM implementations. 697 Figure 698\begin_inset LatexCommand \ref{FigVenn} 699 700\end_inset 701 702 graphically shows the relationship between class files and the verifier 703\begin_float footnote 704\layout Standard 705 706This is a simplicistic figure; unfortunately, there are class files produced 707 by the 708\emph on 709javac 710\emph default 711 compiler that do not pass the verifier. 712 Please see section 713\begin_inset LatexCommand \ref{javacRejected} 714 715\end_inset 716 717 for more details. 718\end_float 719. 720\begin_float fig 721\layout Standard 722\align center 723 724\begin_inset Figure size 595 378 725file VennDiag.eps 726width 3 100 727height 3 45 728flags 9 729 730\end_inset 731 732 733\layout Caption 734 735 736\begin_inset LatexCommand \label{FigVenn} 737 738\end_inset 739 740Venn diagram showing the operating domain of the Java verifier. 741\end_float 742\layout Subsection 743 744JustIce is Free 745\layout Standard 746 747Currently, there is no other free and complete open source verifier available 748 known to the author. 749 You may have a look at the JVM's source code by Sun Microsystems but you 750 are not allowed to use the knowledge from that inspection for your own 751 projects or even use their code. 752 JustIce is a clean-room implementation: the author wrote JustIce by only 753 reading the Java 754\latex latex 755 756\backslash 757texttrademark 758\latex default 759\SpecialChar ~ 760 Virtual Machine Specification, Second Edition 761\begin_inset LatexCommand \cite{vmspec2} 762 763\end_inset 764 765 and comparing the behaviour of JustIce with the behaviour of commercial 766 implementations of Sun Microsystems and IBM Corporation. 767\layout Standard 768 769The open source JVM implementation 770\emph on 771Kaffe 772\emph default 773 774\begin_inset LatexCommand \cite{Kaffe-WWW} 775 776\end_inset 777 778, for example 779\emph on 780, 781\emph default 782 does not have a 783\emph on 784complete 785\emph default 786 verifier built in (although mandated by the JVM specification). 787\layout Standard 788 789 790\emph on 791Kissme 792\emph default 793 794\begin_inset LatexCommand \cite{kissme-WWW} 795 796\end_inset 797 798, another open source JVM implementation, currently does not include any 799 verifier at all. 800 801\layout Standard 802 803The JVM implementations 804\emph on 805 SableVM 806\emph default 807 808\begin_inset LatexCommand \cite{SableVM-WWW} 809 810\end_inset 811 812 and Intel Corporation's 813\emph on 814Open Runtime Platform 815\emph default 816 817\begin_inset LatexCommand \cite{ORP-WWW} 818 819\end_inset 820 821 are platforms to experiment with performance-enhancements. 822 They are not intended to work as general-purpose JVMs so they do not need 823 to implement verifiers. 824\layout Standard 825 826Other open source projects that could make use of a free verifier include 827 the Java compiler 828\emph on 829gcj 830\emph default 831 which is part of the GNU compiler collection 832\begin_inset LatexCommand \cite{GCC-WWW} 833 834\end_inset 835 836. 837\layout Standard 838 839JustIce is covered by the well-known and respected software license 840\emph on 841GNU General Public License 842\emph default 843 (GPL); see section 844\begin_inset LatexCommand \ref{GPL} 845 846\end_inset 847 848. 849 The author hopes other free software will benefit from it; from the JustIce 850 software 851\begin_inset LatexCommand \cite{JustIce} 852 853\end_inset 854 855 as well as from this paper describing some of the inner workings of JustIce. 856\layout Chapter 857 858The Java Virtual Machine 859\layout Standard 860 861The Java Virtual Machine (JVM) is an abstract machine specified in 862\begin_inset LatexCommand \cite{vmspec2} 863 864\end_inset 865 866. 867 It has no knowledge about the Java programming language; but only of a 868 certain binary file format: the class file format. 869 A class file contains machine instructions for the JVM (called 870\emph on 871bytecodes 872\emph default 873), a symbol table (called 874\emph on 875constant pool 876\emph default 877) and some other ancillary information. 878\layout Standard 879 880On method invocation, a local stack frame is set up called the 881\emph on 882execution frame 883\emph default 884. 885 It consists of an 886\emph on 887operand stack 888\emph default 889 and 890\emph on 891local variables 892\emph default 893 (which may be compared to registers of traditional machines). 894\layout Standard 895 896The instructions in the code arrays of class files are interpreted by the 897 JVM. 898 There are 212 legal instructions; they have read-access to the class file's 899 constant pool and they can modify the operand stack and the local variables 900 in their execution frame. 901 An invoked method reads its arguments from the local variables. 902 Certain instructions pass a return value to the invoking method. 903\layout Section 904 905 906\begin_inset LatexCommand \label{Classfile Structure} 907 908\end_inset 909 910The ClassFile Structure 911\layout Standard 912 913Traditionally, the JVM loads its programs from files stored on file systems 914 of host machines; these files have names that end with 915\emph on 916 917\begin_inset Quotes eld 918\end_inset 919 920.class 921\begin_inset Quotes erd 922\end_inset 923 924 925\emph default 926. 927 It is possible to store the files in various other ways; a so-called 928\emph on 929class loader 930\emph default 931 is then used to transform the files internally to the desired, basic class 932 file format. 933 Therefore, it suffices to explain the structure of traditional class files. 934 Every class file consists of a single 935\family typewriter 936ClassFile 937\family default 938 structure as defined below. 939 It defines a single class as known from the Java Programming Language 940\begin_inset LatexCommand \cite{langspec2} 941 942\end_inset 943 944. 945 The terms 946\emph on 947class 948\emph default 949 and 950\emph on 951class file 952\emph default 953 may therefore be used interchangeably. 954\begin_float fig 955\layout Standard 956\align center 957 958\begin_inset Figure size 595 526 959file classfile.eps 960width 3 100 961flags 9 962 963\end_inset 964 965 966\layout Standard 967 968A class file consists of constants, fields, methods, attributes and some 969 ancillary information. 970 This figure was taken from 971\begin_inset LatexCommand \cite{BCEL98} 972 973\end_inset 974 975, used with permission of the author. 976\layout Caption 977 978A Class File 979\end_float 980\layout Standard 981 982As we will see, the 983\family typewriter 984ClassFile 985\family default 986 structure and its sub-structures are defined for upwards compatibility, 987 i.e., new structure definitions can be added to the specification easily 988 at a later time. 989\newline 990 991\newline 992 993\family typewriter 994ClassFile { 995\newline 996\SpecialChar \- 997\SpecialChar ~ 998\SpecialChar ~ 999u4 magic; 1000\newline 1001\SpecialChar \- 1002\SpecialChar ~ 1003\SpecialChar ~ 1004u2 minor_version; 1005\newline 1006\SpecialChar \- 1007\SpecialChar ~ 1008\SpecialChar ~ 1009u2 major_version; 1010\newline 1011\SpecialChar \- 1012\SpecialChar ~ 1013\SpecialChar ~ 1014u2 constant_pool_count; 1015\newline 1016\SpecialChar \- 1017\SpecialChar ~ 1018\SpecialChar ~ 1019cp_info constant_pool[constant_pool_count-1]; 1020\newline 1021\SpecialChar \- 1022\SpecialChar ~ 1023\SpecialChar ~ 1024u2 access_flags; 1025\newline 1026\SpecialChar \- 1027\SpecialChar ~ 1028\SpecialChar ~ 1029u2 this_class; 1030\newline 1031\SpecialChar \- 1032\SpecialChar ~ 1033\SpecialChar ~ 1034u2 super_class; 1035\newline 1036\SpecialChar \- 1037\SpecialChar ~ 1038\SpecialChar ~ 1039u2 interfaces_count; 1040\newline 1041\SpecialChar \- 1042\SpecialChar ~ 1043\SpecialChar ~ 1044u2 interfaces[interfaces_count]; 1045\newline 1046\SpecialChar \- 1047\SpecialChar ~ 1048\SpecialChar ~ 1049u2 fields_count; 1050\newline 1051\SpecialChar \- 1052\SpecialChar ~ 1053\SpecialChar ~ 1054field_info fields[fields_count]; 1055\newline 1056\SpecialChar \- 1057\SpecialChar ~ 1058\SpecialChar ~ 1059u2 methods_count; 1060\newline 1061\SpecialChar \- 1062\SpecialChar ~ 1063\SpecialChar ~ 1064method_info methods[methods_count]; 1065\newline 1066\SpecialChar \- 1067\SpecialChar ~ 1068\SpecialChar ~ 1069u2 attributes_count; 1070\newline 1071\SpecialChar \- 1072\SpecialChar ~ 1073\SpecialChar ~ 1074attribute_info attributes[attributes_count]; 1075\newline 1076} 1077\newline 1078 1079\newline 1080 1081\family default 1082You may read an ' 1083\family typewriter 1084u 1085\family default 1086' as 'byte times'; e.g., ' 1087\family typewriter 1088u2 1089\family default 1090' means 'two bytes in size'. 1091 We will not delve into too much detail here; the exact specification of 1092 the entries are published by Sun 1093\begin_inset LatexCommand \cite{vmspec2} 1094 1095\end_inset 1096 1097. 1098 But one should note that besides some other information, a class file basically 1099 defines 1100\emph on 1101attributes 1102\emph default 1103, 1104\emph on 1105 constants 1106\emph default 1107, 1108\emph on 1109fields 1110\emph default 1111 and 1112\emph on 1113methods 1114\emph default 1115. 1116 Also, there are strong structural constraints imposed on class files. 1117 It is a verifier's task to validate them. 1118\layout Subsection 1119 1120Attributes 1121\layout Standard 1122 1123The general format of an attribute is defined below. 1124\newline 1125 1126\newline 1127 1128\family typewriter 1129attribute_info { 1130\newline 1131\SpecialChar \- 1132\SpecialChar ~ 1133\SpecialChar ~ 1134u2 attribute_name_index; 1135\newline 1136\SpecialChar \- 1137\SpecialChar ~ 1138\SpecialChar ~ 1139u4 attribute_length; 1140\newline 1141\SpecialChar \- 1142\SpecialChar ~ 1143\SpecialChar ~ 1144u1 info[attribute_length]; 1145\newline 1146} 1147\family default 1148 1149\newline 1150 1151\newline 1152An attribute is basically a typed data container; its type is determined 1153 by its name. 1154 Every JVM is required to be silent about attributes of types it does not 1155 know. 1156 On the other hand, newly defined attributes are required not to impose 1157 a semantical change on the class file. 1158 These attributes should be uniquely named; in fact, the pair (<attribute 1159 name>, <attribute length>) is required to be unique. 1160 This is guaranteed because attributes not defined by Sun Microsystems have 1161 to be named according to the package naming scheme of the Java Programming 1162 Language 1163\begin_inset LatexCommand \cite{langspec2} 1164 1165\end_inset 1166 1167. 1168 Certain basic attributes are predefined. 1169 They are used in the 1170\family typewriter 1171ClassFile 1172\family default 1173 (see section 1174\begin_inset LatexCommand \ref{Classfile Structure} 1175 1176\end_inset 1177 1178), 1179\family typewriter 1180field_info 1181\family default 1182 (see section 1183\begin_inset LatexCommand \ref{Fields} 1184 1185\end_inset 1186 1187) and 1188\family typewriter 1189method_info 1190\family default 1191 (see section 1192\begin_inset LatexCommand \ref{Methods} 1193 1194\end_inset 1195 1196). 1197 Also, attributes may be nested: the 1198\family typewriter 1199Code 1200\family default 1201 attribute references other attributes. 1202\layout Standard 1203 1204Some examples for predefined attributes are listed below. 1205\layout Subsubsection 1206 1207 1208\begin_inset LatexCommand \label{ConstantValueAttribute} 1209 1210\end_inset 1211 1212The ConstantValue attribute 1213\layout Standard 1214 1215The ConstantValue attribute has the following format: 1216\newline 1217 1218\newline 1219 1220\family typewriter 1221ConstantValue_attribute { 1222\newline 1223\SpecialChar \- 1224\SpecialChar ~ 1225\SpecialChar ~ 1226u2 attribute_name_index; 1227\newline 1228\SpecialChar \- 1229\SpecialChar ~ 1230\SpecialChar ~ 1231u4 attribute_length; 1232\newline 1233\SpecialChar \- 1234\SpecialChar ~ 1235\SpecialChar ~ 1236u2 constantvalue_index; 1237\newline 1238} 1239\family default 1240 1241\newline 1242 1243\newline 1244The 1245\family typewriter 1246ConstantValue 1247\family default 1248 attribute represents the value of a constant field. 1249 It has a fixed length: it contains only a two-byte reference into the constant 1250 pool. 1251 Only 1252\family typewriter 1253field_info 1254\family default 1255 structures (see section 1256\begin_inset LatexCommand \ref{Fields} 1257 1258\end_inset 1259 1260) contain this type of attribute. 1261\layout Subsubsection 1262 1263 1264\begin_inset LatexCommand \label{CodeAttribute} 1265 1266\end_inset 1267 1268The Code Attribute 1269\layout Standard 1270 1271The 1272\family typewriter 1273Code 1274\family default 1275 attribute is used in the 1276\family typewriter 1277method_info 1278\family default 1279 (see section 1280\begin_inset LatexCommand \ref{Methods} 1281 1282\end_inset 1283 1284) structure. 1285 It represents the program code of a method and it is defined as follows: 1286\newline 1287 1288\newline 1289 1290\family typewriter 1291Code_attribute { 1292\newline 1293\SpecialChar \- 1294\SpecialChar ~ 1295\SpecialChar ~ 1296u2 attribute_name_index; 1297\newline 1298\SpecialChar \- 1299\SpecialChar ~ 1300\SpecialChar ~ 1301u4 attribute_length; 1302\newline 1303\SpecialChar \- 1304\SpecialChar ~ 1305\SpecialChar ~ 1306u2 max_stack; 1307\newline 1308\SpecialChar \- 1309\SpecialChar ~ 1310\SpecialChar ~ 1311u2 max_locals; 1312\newline 1313\SpecialChar \- 1314\SpecialChar ~ 1315\SpecialChar ~ 1316u4 code_length; 1317\newline 1318\SpecialChar \- 1319\SpecialChar ~ 1320\SpecialChar ~ 1321u1 code[code_length]; 1322\newline 1323\SpecialChar \- 1324\SpecialChar ~ 1325\SpecialChar ~ 1326u2 exception_table_length; 1327\newline 1328\SpecialChar \- 1329\SpecialChar ~ 1330\SpecialChar ~ 1331{ 1332\newline 1333\SpecialChar \- 1334\SpecialChar ~ 1335\SpecialChar ~ 1336\SpecialChar \- 1337\SpecialChar ~ 1338\SpecialChar ~ 1339u2 start_pc; 1340\newline 1341\SpecialChar \- 1342\SpecialChar ~ 1343\SpecialChar ~ 1344\SpecialChar \- 1345\SpecialChar ~ 1346\SpecialChar ~ 1347u2 end_pc; 1348\newline 1349\SpecialChar \- 1350\SpecialChar ~ 1351\SpecialChar ~ 1352\SpecialChar \- 1353\SpecialChar ~ 1354\SpecialChar ~ 1355u2 handler_pc; 1356\newline 1357\SpecialChar \- 1358\SpecialChar ~ 1359\SpecialChar ~ 1360\SpecialChar \- 1361\SpecialChar ~ 1362\SpecialChar ~ 1363u2 catch_type; 1364\newline 1365\SpecialChar \- 1366\SpecialChar ~ 1367\SpecialChar ~ 1368} exception_table[exception_table_length]; 1369\newline 1370\SpecialChar \- 1371\SpecialChar ~ 1372\SpecialChar ~ 1373u2 attributes_count; 1374\newline 1375\SpecialChar \- 1376\SpecialChar ~ 1377\SpecialChar ~ 1378attribute_info attributes[attributes_count]; 1379\newline 1380} 1381\family default 1382 1383\newline 1384 1385\newline 1386This is the most complex of all predefined attributes. 1387 Every method that has code (i.e., every non-native, non-abstract method) 1388 must have such an attribute. 1389 Note that the maximum stack depth and the number of local variables for 1390 a method invocation are defined here. 1391 This is important for the JVM when it creates an 1392\emph on 1393execution frame 1394\emph default 1395 (see section 1396\begin_inset LatexCommand \ref{LV_and_OpStack} 1397 1398\end_inset 1399 1400) at the time the method is invoked. 1401\layout Standard 1402 1403Also, the exception handlers are defined here. 1404 Exception handlers prevent an executing method from an abrupt completion 1405 if an exceptional situation occurs. 1406 Code areas are said to be protected against a class of exceptional situations 1407 by an exception handler 1408\begin_float footnote 1409\layout Standard 1410 1411The JVM closely reflects the 1412\emph on 1413exception 1414\emph default 1415 mechanism of the Java programming language 1416\begin_inset LatexCommand \cite{langspec2} 1417 1418\end_inset 1419 1420. 1421 In the Java programming language, exceptions can be 1422\emph on 1423thrown 1424\emph default 1425, and they can be 1426\emph on 1427caught 1428\emph default 1429 explicitly. 1430 If an internal JVM error occurs, the JVM also --implicitly-- throws an 1431 exception. 1432\end_float 1433. 1434 Algorithm 1435\begin_inset LatexCommand \ref{ExcHdAlgo} 1436 1437\end_inset 1438 1439 shows an example for the use of exception handlers. 1440 The exact meaning of the instruction opcodes is not important here, the 1441 most common instructions are explained later in this paper. 1442\layout Standard 1443 1444\begin_float alg 1445\layout Standard 1446 1447[Let 1448\family typewriter 1449start_pc 1450\family default 1451 and 1452\family typewriter 1453end_pc 1454\family default 1455 protect the area A to B, inclusive. 1456 Let the 1457\family typewriter 1458catch_type 1459\family default 1460 be 1461\begin_inset Quotes eld 1462\end_inset 1463 1464 1465\family typewriter 1466java.lang.NullPointerException 1467\family default 1468 1469\begin_inset Quotes erd 1470\end_inset 1471 1472. 1473 Let the 1474\family typewriter 1475handler_pc 1476\family default 1477 point to C.] 1478\layout Standard 1479 1480 1481\family typewriter 1482\SpecialChar ~ 1483\SpecialChar ~ 1484\SpecialChar ~ 1485aconst_null\SpecialChar ~ 1486\SpecialChar ~ 1487\SpecialChar ~ 1488\SpecialChar ~ 1489\SpecialChar ~ 1490\SpecialChar ~ 1491\SpecialChar ~ 1492\SpecialChar ~ 1493; push a NULL onto the operand stack. 1494\layout Standard 1495 1496 1497\family typewriter 1498A:\SpecialChar ~ 1499nop\SpecialChar ~ 1500\SpecialChar ~ 1501\SpecialChar ~ 1502\SpecialChar ~ 1503\SpecialChar ~ 1504\SpecialChar ~ 1505\SpecialChar ~ 1506\SpecialChar ~ 1507\SpecialChar ~ 1508\SpecialChar ~ 1509\SpecialChar ~ 1510\SpecialChar ~ 1511\SpecialChar ~ 1512\SpecialChar ~ 1513\SpecialChar ~ 1514\SpecialChar ~ 1515; do nothing 1516\layout Standard 1517 1518 1519\family typewriter 1520B:\SpecialChar ~ 1521getfield Foo::bar\SpecialChar ~ 1522\SpecialChar ~ 1523; dereference NULL, cause NullPointerExc. 1524\layout Standard 1525 1526 1527\family typewriter 1528\SpecialChar ~ 1529\SpecialChar ~ 1530\SpecialChar ~ 1531return\SpecialChar ~ 1532\SpecialChar ~ 1533\SpecialChar ~ 1534\SpecialChar ~ 1535\SpecialChar ~ 1536\SpecialChar ~ 1537\SpecialChar ~ 1538\SpecialChar ~ 1539\SpecialChar ~ 1540\SpecialChar ~ 1541\SpecialChar ~ 1542\SpecialChar ~ 1543\SpecialChar ~ 1544;\SpecialChar ~ 1545never executed 1546\layout Standard 1547 1548 1549\family typewriter 1550C:\SpecialChar ~ 1551nop\SpecialChar ~ 1552\SpecialChar ~ 1553\SpecialChar ~ 1554\SpecialChar ~ 1555\SpecialChar ~ 1556\SpecialChar ~ 1557\SpecialChar ~ 1558\SpecialChar ~ 1559\SpecialChar ~ 1560\SpecialChar ~ 1561\SpecialChar ~ 1562\SpecialChar ~ 1563\SpecialChar ~ 1564\SpecialChar ~ 1565\SpecialChar ~ 1566\SpecialChar ~ 1567;\SpecialChar ~ 1568this is executed: we could handle 1569\layout Standard 1570 1571 1572\family typewriter 1573\SpecialChar ~ 1574\SpecialChar ~ 1575\SpecialChar ~ 1576nop\SpecialChar ~ 1577\SpecialChar ~ 1578\SpecialChar ~ 1579\SpecialChar ~ 1580\SpecialChar ~ 1581\SpecialChar ~ 1582\SpecialChar ~ 1583\SpecialChar ~ 1584\SpecialChar ~ 1585\SpecialChar ~ 1586\SpecialChar ~ 1587\SpecialChar ~ 1588\SpecialChar ~ 1589\SpecialChar ~ 1590\SpecialChar ~ 1591\SpecialChar ~ 1592;\SpecialChar ~ 1593the NullPointerException 1594\layout Standard 1595 1596 1597\family typewriter 1598\SpecialChar ~ 1599\SpecialChar ~ 1600\SpecialChar ~ 1601return\SpecialChar ~ 1602\SpecialChar ~ 1603\SpecialChar ~ 1604\SpecialChar ~ 1605\SpecialChar ~ 1606\SpecialChar ~ 1607\SpecialChar ~ 1608\SpecialChar ~ 1609\SpecialChar ~ 1610\SpecialChar ~ 1611\SpecialChar ~ 1612\SpecialChar ~ 1613\SpecialChar ~ 1614;\SpecialChar ~ 1615leave method (complete normally) 1616\layout Caption 1617 1618 1619\begin_inset LatexCommand \label{ExcHdAlgo} 1620 1621\end_inset 1622 1623Use of Exception Handlers 1624\end_float 1625\layout Standard 1626 1627The most important item, however, is the 1628\family typewriter 1629code 1630\family default 1631 item. 1632 It defines the bytecode of this method; i.e., the JVM machine instructions. 1633\layout Subsubsection 1634 1635 1636\begin_inset LatexCommand \label{LineNumberTableAttribute} 1637 1638\end_inset 1639 1640The LineNumberTable Attribute 1641\layout Standard 1642 1643The 1644\family typewriter 1645LineNumberTable 1646\family default 1647 attribute is defined as follows: 1648\newline 1649 1650\newline 1651 1652\family typewriter 1653LineNumberTable_attribute { 1654\newline 1655\SpecialChar \- 1656\SpecialChar ~ 1657\SpecialChar ~ 1658u2 attribute_name_index; 1659\newline 1660\SpecialChar \- 1661\SpecialChar ~ 1662\SpecialChar ~ 1663u4 attribute_length; 1664\newline 1665\SpecialChar \- 1666\SpecialChar ~ 1667\SpecialChar ~ 1668u2 line_number_table_length; 1669\newline 1670\SpecialChar \- 1671\SpecialChar ~ 1672\SpecialChar ~ 1673{ 1674\newline 1675\SpecialChar \- 1676\SpecialChar ~ 1677\SpecialChar ~ 1678\SpecialChar \- 1679\SpecialChar ~ 1680\SpecialChar ~ 1681u2 start_pc; 1682\newline 1683\SpecialChar \- 1684\SpecialChar ~ 1685\SpecialChar ~ 1686\SpecialChar \- 1687\SpecialChar ~ 1688\SpecialChar ~ 1689u2 line_number; 1690\newline 1691\SpecialChar \- 1692\SpecialChar ~ 1693\SpecialChar ~ 1694} line_number_table[line_number_table_length]; 1695\newline 1696} 1697\newline 1698 1699\family default 1700 1701\newline 1702This attribute describes the relation between source code line numbers and 1703 JVM instruction offsets in the 1704\family typewriter 1705code 1706\family default 1707 array of the 1708\family typewriter 1709Code_attribute 1710\family default 1711; it can be used by debuggers to show the source code of currently executing 1712 JVM machine instructions. 1713 This attribute is usually a sub-attribute of a 1714\family typewriter 1715Code_attribute 1716\family default 1717. 1718 Multiple 1719\family typewriter 1720LineNumberTable 1721\family default 1722 attributes may together represent a given line of a source code file. 1723 1724\layout Subsection 1725 1726Constants 1727\layout Standard 1728 1729All the constants together form the 1730\emph on 1731constant pool 1732\emph default 1733. 1734 The general 1735\family typewriter 1736cp_info 1737\family default 1738 structure is straightforward. 1739\newline 1740 1741\newline 1742 1743\family typewriter 1744cp_info { 1745\newline 1746\SpecialChar \- 1747\SpecialChar ~ 1748\SpecialChar ~ 1749u1 tag; 1750\newline 1751\SpecialChar \- 1752\SpecialChar ~ 1753\SpecialChar ~ 1754u1 info[]; 1755\newline 1756} 1757\family default 1758 1759\newline 1760 1761\newline 1762The 'tag' defines what 'info' follows it. 1763 Constants define either constant values or constant symbolic references, 1764 such as references to other classes. 1765 Currently, eleven constant types are defined: 1766\family typewriter 1767Class 1768\family default 1769, 1770\family typewriter 1771Field\SpecialChar \- 1772ref 1773\family default 1774, 1775\family typewriter 1776Method\SpecialChar \- 1777ref 1778\family default 1779, 1780\family typewriter 1781In\SpecialChar \- 1782ter\SpecialChar \- 1783face\SpecialChar \- 1784Method\SpecialChar \- 1785ref 1786\family default 1787, 1788\family typewriter 1789String 1790\family default 1791, 1792\family typewriter 1793In\SpecialChar \- 1794teger 1795\family default 1796, 1797\family typewriter 1798Float 1799\family default 1800, 1801\family typewriter 1802Long 1803\family default 1804, 1805\family typewriter 1806Double 1807\family default 1808, 1809\family typewriter 1810Name\SpecialChar \- 1811And\SpecialChar \- 1812Type 1813\family default 1814 and 1815\family typewriter 1816Utf8 1817\family default 1818. 1819\layout Standard 1820 1821Most of the names are self-explanatory; the interested reader will find 1822 more information in the specification 1823\begin_inset LatexCommand \cite{vmspec2} 1824 1825\end_inset 1826 1827. 1828 Constants can be nested; this is done by referring to the constant pool 1829 index of the enclosed constant. 1830\layout Standard 1831 1832See the following examples. 1833\newline 1834 1835\newline 1836 1837\family typewriter 1838CONSTANT_Utf8_info { 1839\newline 1840\SpecialChar \- 1841\SpecialChar ~ 1842\SpecialChar ~ 1843u1 tag; 1844\newline 1845\SpecialChar \- 1846\SpecialChar ~ 1847\SpecialChar ~ 1848u2 length; 1849\newline 1850\SpecialChar \- 1851\SpecialChar ~ 1852\SpecialChar ~ 1853u1 bytes[length]; 1854\newline 1855} 1856\newline 1857 1858\newline 1859 1860\family default 1861A CONSTANT_Utf8 represents a constant string. 1862 Such a string is e.g. 1863 used to describe names of methods, names of fields, names of attributes, 1864 types of methods or types of fields. 1865 This string is encoded in UTF-8 format, a variant of the unicode character 1866 set 1867\begin_inset LatexCommand \cite{Unicode} 1868 1869\end_inset 1870 1871. 1872 1873\family typewriter 1874 1875\family default 1876The tag for this type of constant is simply the number 1, as defined in 1877 the Java Virtual Machine Specification, Second Edition 1878\begin_inset LatexCommand \cite{vmspec2} 1879 1880\end_inset 1881 1882. 1883\family typewriter 1884 1885\newline 1886 1887\newline 1888CONSTANT_NameAndType_info { 1889\newline 1890\SpecialChar \- 1891\SpecialChar ~ 1892\SpecialChar ~ 1893u1 tag; 1894\newline 1895\SpecialChar \- 1896\SpecialChar ~ 1897\SpecialChar ~ 1898u2 name_index; 1899\newline 1900\SpecialChar \- 1901\SpecialChar ~ 1902\SpecialChar ~ 1903u2 descriptor_index; 1904\newline 1905} 1906\family default 1907 1908\newline 1909 1910\newline 1911A Constant_NameAndType represents a name and a signature of a method, the 1912 tag is the number 12. 1913 1914\family typewriter 1915 1916\family default 1917Both 1918\family typewriter 1919class_index 1920\family default 1921and 1922\family typewriter 1923 descriptor_index 1924\family default 1925refer to a 1926\family typewriter 1927 CONSTANT_Utf8 1928\family default 1929. 1930\family typewriter 1931 1932\newline 1933 1934\newline 1935CONSTANT_InterfaceMethodref_info { 1936\newline 1937\SpecialChar \- 1938\SpecialChar ~ 1939\SpecialChar ~ 1940u1 tag; 1941\newline 1942\SpecialChar \- 1943\SpecialChar ~ 1944\SpecialChar ~ 1945u2 class_index; 1946\newline 1947\SpecialChar \- 1948\SpecialChar ~ 1949\SpecialChar ~ 1950u2 name_and_type_index; 1951\newline 1952} 1953\family default 1954 1955\newline 1956 1957\newline 1958A 1959\family typewriter 1960CONSTANT_InterfaceMethodref 1961\family default 1962 describes a reference to a method defined in an interface class (see section 1963 1964\begin_inset LatexCommand \cite{langspec2} 1965 1966\end_inset 1967 1968 for an explanation of interfaces), the tag is number 11. 1969 The interface class is referenced via a two-byte index into the constant 1970 pool. 1971 A 1972\family typewriter 1973Constant_Class 1974\family default 1975 is expected there describing a reference to some class file. 1976 Every method has a name, zero or more argument types and a return type; 1977 this is described in the 1978\family typewriter 1979CONSTANT_NameAndType 1980\family default 1981 that is also referenced via a two-byte constant pool index. 1982\layout Standard 1983 1984Note that there are implicit constraints on the integrity of a class file: 1985 for example, there must not be a 1986\family typewriter 1987CONSTANT_Integer 1988\family default 1989 where a 1990\family typewriter 1991CONSTANT_Utf8 1992\family default 1993 is expected for a certain entity. 1994 As another example, the names and the types of methods are encoded as strings 1995 in UTF-8 format 1996\begin_inset LatexCommand \cite{Unicode} 1997 1998\end_inset 1999 2000. 2001 They have to be well-formed (according to the specification) to be valid. 2002\layout Subsection 2003 2004 2005\begin_inset LatexCommand \label{Fields} 2006 2007\end_inset 2008 2009Fields 2010\layout Standard 2011 2012Each field is described by a field_info structure as defined below. 2013\newline 2014 2015\newline 2016 2017\family typewriter 2018field_info { 2019\newline 2020\SpecialChar \- 2021\SpecialChar ~ 2022\SpecialChar ~ 2023u2 access_flags; 2024\newline 2025\SpecialChar \- 2026\SpecialChar ~ 2027\SpecialChar ~ 2028u2 name_index; 2029\newline 2030\SpecialChar \- 2031\SpecialChar ~ 2032\SpecialChar ~ 2033u2 descriptor_index; 2034\newline 2035\SpecialChar \- 2036\SpecialChar ~ 2037\SpecialChar ~ 2038u2 attributes_count; 2039\newline 2040\SpecialChar \- 2041\SpecialChar ~ 2042\SpecialChar ~ 2043attribute_info attributes[attributes_count]; 2044\family default 2045 2046\newline 2047} 2048\newline 2049 2050\newline 2051A field has to be unique in a class file with respect to its name and descriptor 2052\begin_float footnote 2053\layout Standard 2054 2055The descriptor of a field describes its type. 2056 E.g., a descriptor of 2057\begin_inset Quotes eld 2058\end_inset 2059 2060[I 2061\begin_inset Quotes erd 2062\end_inset 2063 2064 means 2065\begin_inset Quotes eld 2066\end_inset 2067 2068one-dimensional array of 2069\family typewriter 2070int 2071\family default 2072 2073\begin_inset Quotes erd 2074\end_inset 2075 2076. 2077\end_float 2078. 2079 We see that fields reference constants in the constant pool via their constant 2080 pool indices (such as a 2081\family typewriter 2082CONSTANT_Utf8 2083\family default 2084 describing a field's name). 2085 An important attribute used by fields is the ConstantValue attribute (see 2086 section 2087\begin_inset LatexCommand \ref{ConstantValueAttribute} 2088 2089\end_inset 2090 2091). 2092\layout Standard 2093 2094The 2095\family typewriter 2096access_flags 2097\family default 2098 entry is a bit vector that specifies the accessibility and other properties 2099\begin_float footnote 2100\layout Standard 2101 2102Often called 2103\emph on 2104visibility 2105\emph default 2106. 2107\end_float 2108 of the field. 2109 E.g., a field with the 2110\family typewriter 2111ACC_PRIVATE 2112\begin_float footnote 2113\layout Standard 2114 2115Bit number 1. 2116\end_float 2117 bit set is not accessible to other classes. 2118 A field with the 2119\family typewriter 2120ACC_PUBLIC 2121\begin_float footnote 2122\layout Standard 2123 2124Bit number 0. 2125\end_float 2126 bit set is accessible to any other class. 2127 Any combination with both the 2128\family typewriter 2129ACC_PRIVATE 2130\family default 2131 and the 2132\family typewriter 2133ACC_PUBLIC 2134\family default 2135 bit set is not valid. 2136\layout Standard 2137 2138The 2139\family typewriter 2140descriptor_index 2141\family default 2142 refers to a 2143\family typewriter 2144CONSTANT_Utf8 2145\family default 2146 that symbolically encodes the type of the field. 2147\layout Subsection 2148 2149 2150\begin_inset LatexCommand \label{Methods} 2151 2152\end_inset 2153 2154Methods 2155\layout Standard 2156 2157Each method is described by a method_info structure as defined below. 2158\newline 2159 2160\newline 2161 2162\family typewriter 2163method_info { 2164\newline 2165\SpecialChar \- 2166\SpecialChar ~ 2167\SpecialChar ~ 2168u2 access_flags; 2169\newline 2170\SpecialChar \- 2171\SpecialChar ~ 2172\SpecialChar ~ 2173u2 name_index; 2174\newline 2175\SpecialChar \- 2176\SpecialChar ~ 2177\SpecialChar ~ 2178u2 descriptor_index; 2179\newline 2180\SpecialChar \- 2181\SpecialChar ~ 2182\SpecialChar ~ 2183u2 attributes_count; 2184\newline 2185\SpecialChar \- 2186\SpecialChar ~ 2187\SpecialChar ~ 2188attribute_info attributes[attributes_count]; 2189\newline 2190} 2191\family default 2192 2193\newline 2194 2195\newline 2196As we can easily see, this is exactly the same structure we already know 2197 as 2198\family typewriter 2199field_info 2200\family default 2201 (see section 2202\begin_inset LatexCommand \ref{Fields} 2203 2204\end_inset 2205 2206). 2207 The difference lies in the meaning of the enlisted entities. 2208 For example, an access flag saying a field was volatile (non-cacheable) 2209 would not make any sense if set in a 2210\family typewriter 2211method_info 2212\family default 2213 structure. 2214 Vice versa, an access flag saying the floating point instructions should 2215 work in 2216\begin_inset Quotes eld 2217\end_inset 2218 2219FP-strict 2220\begin_inset Quotes erd 2221\end_inset 2222 2223 mode would be of no use if set in a 2224\family typewriter 2225field_info 2226\family default 2227 structure. 2228\layout Standard 2229 2230Methods use a different set of attributes than fields; for example, the 2231 2232\family typewriter 2233Constant\SpecialChar \- 2234Value 2235\family default 2236 attribute (see section 2237\begin_inset LatexCommand \ref{ConstantValueAttribute} 2238 2239\end_inset 2240 2241) is of no use here. 2242 The 2243\family typewriter 2244Code 2245\family default 2246 and 2247\family typewriter 2248Exceptions 2249\family default 2250 attributes frequently used by methods are of no use for fields on the other 2251 hand. 2252\layout Section 2253 2254The Execution Engine 2255\layout Standard 2256 2257Before a piece of code (the code of a 2258\begin_inset Quotes eld 2259\end_inset 2260 2261method 2262\begin_inset Quotes erd 2263\end_inset 2264 2265) is executed, an 2266\emph on 2267execution frame 2268\emph default 2269 is set up. 2270 It consists of a program counter (as known from traditional CPUs), a set 2271 of local variables (similar to registers known from traditional CPUs), 2272 and an operand stack. 2273 For each new invocation instance of a method, a new execution frame is 2274 set up; it is destroyed on method termination. 2275\layout Standard 2276 2277Because a method may invoke other methods or itself recursively, there is 2278 a global method invocation stack. 2279\layout Standard 2280 2281There also is a garbage-collected heap shared among the execution frames. 2282 This heap is used for object allocation (see section 2283\begin_inset LatexCommand \ref{Instructions} 2284 2285\end_inset 2286 2287). 2288\layout Standard 2289 2290The number of local variables is not fixed. 2291 Every method defines how many local variables are used for its code (up 2292 to 65536). 2293\layout Standard 2294 2295Also note that there is no equivalent of a 2296\emph on 2297Processor Status Word 2298\emph default 2299 (PSW) in the JVM. 2300 Traditionally, a PSW has flags that are set implicitly during execution 2301 of the instructions (such as an overflow or is-zero flag). 2302 This is often used for conditional branching. 2303 The JVM, however, uses the operand stack to store the result of a comparison 2304 instruction explicitly. 2305 This result is often read from the stack by the JVM's conditional branching 2306 instructions. 2307\layout Standard 2308 2309Should exceptional situations occur (such as an out-of-memory situation), 2310 the JVM does not lock up. 2311 Instead, an 2312\begin_inset Quotes eld 2313\end_inset 2314 2315exception is thrown 2316\begin_inset Quotes erd 2317\end_inset 2318 2319; the currently executing program is signalled. 2320 These signals can be processed ( 2321\begin_inset Quotes eld 2322\end_inset 2323 2324exceptions can be caught 2325\begin_inset Quotes erd 2326\end_inset 2327 2328). 2329 If such a signal is not handled by the currently executing method, the 2330 JVM will search a handler through the invocation hierarchy and stop execution 2331 only if none was found. 2332\layout Standard 2333 2334There is a thread mechanism in the JVM. 2335 Basically every thread creates an own method invocation stack (so there 2336 may be more than one active execution frame at a time), but this feature 2337 is not important for the rest of this text. 2338\layout Standard 2339 2340\begin_float fig 2341\layout Standard 2342\align center 2343 2344\begin_inset Figure size 595 379 2345file exframe.eps 2346width 3 100 2347flags 9 2348 2349\end_inset 2350 2351 2352\layout Standard 2353 2354This figure shows a method invocation stack. 2355 Method 2356\family typewriter 2357main 2358\family default 2359 was invoked by the system, 2360\family typewriter 2361main 2362\family default 2363 invoked 2364\family typewriter 2365foo 2366\family default 2367, 2368\family typewriter 2369foo 2370\family default 2371 invoked 2372\family typewriter 2373bar 2374\family default 2375, and 2376\family typewriter 2377bar 2378\family default 2379 invoked 2380\family typewriter 2381foo 2382\family default 2383 recursively. 2384 This figure assumes 2385\family typewriter 2386main 2387\family default 2388 allocates one local variable and one operand stack slot, 2389\family typewriter 2390foo 2391\family default 2392 allocates three local variables and two operand stack slots and 2393\family typewriter 2394bar 2395\family default 2396 allocates one local variable and two operand stack slots. 2397\layout Caption 2398 2399Method Invocation Stack 2400\end_float 2401\layout Subsection 2402 2403 2404\begin_inset LatexCommand \label{LV_and_OpStack} 2405 2406\end_inset 2407 2408Local Variables and the Operand Stack 2409\layout Standard 2410 2411The method information in a class file defines how many local variables 2412 are used on this method's invocation. 2413 It also defines the maximum operand stack size. 2414 Together, the local variables array and the operand stack are called the 2415 2416\emph on 2417execution frame 2418\emph default 2419. 2420\layout Standard 2421 2422A single stack slot has a width of 32 bits, which is also the width of a 2423 local variable. 2424 Therefore, values of types that occupy 64 bits ( 2425\emph on 2426double 2427\emph default 2428 and 2429\emph on 2430long 2431\emph default 2432) must be stored in two consecutive stack slots or local variables. 2433\layout Standard 2434 2435The verifier takes care that the stack cannot overflow and that it cannot 2436 underflow. 2437 Also, it takes care that instructions may only access local variables if 2438 they contain a value of a known, correct type (see section 2439\begin_inset LatexCommand \ref{Pass3Spec} 2440 2441\end_inset 2442 2443). 2444 2445\layout Subsection 2446 2447 2448\begin_inset LatexCommand \label{Instructions} 2449 2450\end_inset 2451 2452Introduction to JVM Instructions 2453\layout Standard 2454 2455This section is derived from section 2.2 of 2456\begin_inset LatexCommand \cite{BCEL98} 2457 2458\end_inset 2459 2460, used with permission of the author. 2461\layout Standard 2462 2463The JVM's instruction set currently consists of 212 instructions, 44 opcodes 2464 are marked as reserved and may be used for future extensions or intermediate 2465 optimizations within the Virtual Machine. 2466 The instruction set can be roughly grouped as follows: 2467\layout Description 2468 2469Stack\SpecialChar ~ 2470operations: Constants can be pushed onto the stack either by loading 2471 them from the constant pool with the 2472\latex latex 2473 2474\backslash 2475texttt{ldc} 2476\latex default 2477 instruction or with special ``short-cut'' instructions where the operand 2478 is encoded into the instructions, e.g., 2479\latex latex 2480 2481\backslash 2482texttt{iconst 2483\backslash 2484_0} 2485\latex default 2486 or 2487\latex latex 2488 2489\backslash 2490texttt{bipush} 2491\latex default 2492 (push byte value). 2493\layout Description 2494 2495Arithmetic\SpecialChar ~ 2496operations: The instruction set of the JVM distinguishes its operand 2497 types using different instructions to operate on values of specific type. 2498 Arithmetic operations starting with 2499\latex latex 2500 2501\backslash 2502texttt{i} 2503\latex default 2504, for example, denote an integer operation. 2505 E.g., 2506\latex latex 2507 2508\backslash 2509texttt{iadd} 2510\latex default 2511 that adds two integers and pushes the result back on the operand stack. 2512 The Java types 2513\latex latex 2514 2515\backslash 2516texttt{boolean} 2517\latex default 2518, 2519\latex latex 2520 2521\backslash 2522texttt{byte} 2523\latex default 2524, 2525\latex latex 2526 2527\backslash 2528texttt{short} 2529\latex default 2530, and 2531\latex latex 2532 2533\backslash 2534texttt{char} 2535\latex default 2536 are handled as integers by the JVM. 2537\layout Description 2538 2539 2540\begin_inset LatexCommand \label{RetDesc} 2541 2542\end_inset 2543 2544Control\SpecialChar ~ 2545flow: There are branch instructions like 2546\latex latex 2547 2548\backslash 2549texttt{goto} 2550\latex default 2551and 2552\latex latex 2553 2554\backslash 2555texttt{if 2556\backslash 2557_icmpeq} 2558\latex default 2559, which compares two integers for equality. 2560 There is also a 2561\latex latex 2562 2563\backslash 2564texttt{jsr} 2565\begin_float footnote 2566\layout Standard 2567 2568There is a 2569\begin_inset Quotes eld 2570\end_inset 2571 2572wide 2573\begin_inset Quotes erd 2574\end_inset 2575 2576 version of 2577\latex latex 2578 2579\backslash 2580texttt{jsr} 2581\latex default 2582 called 2583\latex latex 2584 2585\backslash 2586texttt{jsr 2587\backslash 2588_w} 2589\latex default 2590. 2591 The instructions 2592\latex latex 2593 2594\backslash 2595texttt{jsr} 2596\latex default 2597/ 2598\latex latex 2599 2600\backslash 2601texttt{jsr 2602\backslash 2603_w} 2604\latex default 2605 and 2606\latex latex 2607 2608\backslash 2609texttt{ret} 2610\latex default 2611 play in important role in chapter 2612\begin_inset LatexCommand \ref{Pass3Spec} 2613 2614\end_inset 2615 2616. 2617\end_float 2618 (jump into subroutine) and 2619\latex latex 2620 2621\backslash 2622texttt{ret} 2623\latex default 2624 (return from subroutine) pair of instructions. 2625 Exceptions may be thrown with the 2626\latex latex 2627 2628\backslash 2629texttt{athrow} 2630\latex default 2631 instruction. 2632 Branch targets are coded as offsets from the current byte code position, 2633 i.e., they are coded with an integer number. 2634\layout Description 2635 2636Load\SpecialChar ~ 2637and\SpecialChar ~ 2638store\SpecialChar ~ 2639operations for local variables like 2640\latex latex 2641 2642\backslash 2643texttt{iload} 2644\latex default 2645 and 2646\latex latex 2647 2648\backslash 2649texttt{istore} 2650\latex default 2651. 2652 There are also array operations like 2653\latex latex 2654 2655\backslash 2656texttt{iastore} 2657\latex default 2658 which stores an integer value into an array. 2659\layout Description 2660 2661Field\SpecialChar ~ 2662access: The value of an instance field may be retrieved with 2663\latex latex 2664 2665\backslash 2666texttt{getfield} 2667\latex default 2668 and written with 2669\latex latex 2670 2671\backslash 2672texttt{putfield} 2673\latex default 2674. 2675 For static fields, there are 2676\latex latex 2677 2678\backslash 2679texttt{getstatic} 2680\latex default 2681 and 2682\latex latex 2683 2684\backslash 2685texttt{putstatic} 2686\latex default 2687 counterparts. 2688\layout Description 2689 2690Method\SpecialChar ~ 2691invocation: Methods may either be called via static references with 2692 2693\latex latex 2694 2695\backslash 2696texttt{invokestatic} 2697\latex default 2698 or be bound virtually with the 2699\latex latex 2700 2701\backslash 2702texttt{invokevirtual} 2703\latex default 2704 instruction. 2705 Super class methods and private methods are invoked with 2706\latex latex 2707 2708\backslash 2709texttt{invokespecial} 2710\latex default 2711. 2712\layout Description 2713 2714Object\SpecialChar ~ 2715allocation: Class instances are allocated with the 2716\latex latex 2717 2718\backslash 2719texttt{new} 2720\latex default 2721 instruction, arrays of basic type like 2722\latex latex 2723 2724\backslash 2725texttt{int[]} 2726\latex default 2727 with 2728\latex latex 2729 2730\backslash 2731texttt{newarray} 2732\latex default 2733, arrays of references like 2734\latex latex 2735 2736\backslash 2737texttt{String[][]} 2738\latex default 2739 with 2740\latex latex 2741 2742\backslash 2743texttt{anewarray} 2744\latex default 2745 or 2746\latex latex 2747 2748\backslash 2749texttt{multianewarray} 2750\latex default 2751. 2752\layout Description 2753 2754Conversion\SpecialChar ~ 2755and\SpecialChar ~ 2756type\SpecialChar ~ 2757checking: For stack operands of basic type there exist 2758 casting operations like 2759\latex latex 2760 2761\backslash 2762texttt{f2i} 2763\latex default 2764 which converts a float value into an integer. 2765 The validity of a type cast may be checked with 2766\latex latex 2767 2768\backslash 2769texttt{checkcast} 2770\latex default 2771 and the 2772\latex latex 2773 2774\backslash 2775texttt{instanceof} 2776\latex default 2777 operator can be directly mapped to the equally named instruction. 2778\layout Standard 2779 2780Most instructions have a fixed length, but there are also some variable-length 2781 instructions: In particular, the 2782\latex latex 2783 2784\backslash 2785texttt{lookupswitch} 2786\latex default 2787 and 2788\latex latex 2789 2790\backslash 2791texttt{tableswitch} 2792\latex default 2793 instructions, which are often used by compilers to implement the Java language 2794 2795\latex latex 2796 2797\backslash 2798texttt{switch()} 2799\latex default 2800 statements. 2801 Since the number of 2802\latex latex 2803 2804\backslash 2805texttt{case} 2806\latex default 2807 clauses may vary, these instructions contain a variable number of statements. 2808\layout Standard 2809 2810In a class file, the 2811\family typewriter 2812code 2813\family default 2814 item in the 2815\family typewriter 2816Code 2817\family default 2818 attributes (which in turn are attributes of 2819\family typewriter 2820method_info 2821\family default 2822 structures), is a byte array in which binary representations of JVM instruction 2823s are stored sequentially. 2824 This is also called 2825\emph on 2826bytecode 2827\emph default 2828. 2829\layout Standard 2830 2831The JVM is a stack-based machine. 2832 There are local variables which may be compared to registers, but most 2833 instructions work on the operand stack. 2834 E.g., the 2835\latex latex 2836 2837\backslash 2838texttt{iadd} 2839\latex default 2840 instruction pops two integers from the operand stack and pushes the result 2841 of the add operation on top of the stack. 2842\layout Standard 2843 2844We will not list all of the instructions here, since these are explained 2845 in detail in the JVM specification. 2846 However, you will find the most common instructions in table 2847\begin_inset LatexCommand \ref{typeprefixes} 2848 2849\end_inset 2850 2851, cited with slight corrections and modifications from chapter 4 of 2852\begin_inset LatexCommand \cite{JNS} 2853 2854\end_inset 2855 2856. 2857\layout Standard 2858 2859\begin_float tab 2860\layout Caption 2861 2862 2863\begin_inset LatexCommand \label{typeprefixes} 2864 2865\end_inset 2866 2867Type Prefixes and the Most Common JVM Instructions 2868\layout Standard 2869\align center 2870 2871\begin_inset Tabular 2872<lyxtabular version="2" rows="9" columns="2"> 2873<features rotate="false" islongtable="false" endhead="0" endfirsthead="0" endfoot="0" endlastfoot="0"> 2874<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 2875<column alignment="center" valignment="top" leftline="true" rightline="true" width="" special=""> 2876<row topline="true" bottomline="true" newpage="false"> 2877<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2878\begin_inset Text 2879 2880\layout Standard 2881 2882Prefix 2883\end_inset 2884</cell> 2885<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2886\begin_inset Text 2887 2888\layout Standard 2889 2890Bytecode type 2891\end_inset 2892</cell> 2893</row> 2894<row topline="true" bottomline="false" newpage="false"> 2895<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2896\begin_inset Text 2897 2898\layout Standard 2899 2900i 2901\end_inset 2902</cell> 2903<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2904\begin_inset Text 2905 2906\layout Standard 2907 2908Integer 2909\end_inset 2910</cell> 2911</row> 2912<row topline="true" bottomline="false" newpage="false"> 2913<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2914\begin_inset Text 2915 2916\layout Standard 2917 2918f 2919\end_inset 2920</cell> 2921<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2922\begin_inset Text 2923 2924\layout Standard 2925 2926Floating point 2927\end_inset 2928</cell> 2929</row> 2930<row topline="true" bottomline="false" newpage="false"> 2931<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2932\begin_inset Text 2933 2934\layout Standard 2935 2936l 2937\end_inset 2938</cell> 2939<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2940\begin_inset Text 2941 2942\layout Standard 2943 2944Long 2945\end_inset 2946</cell> 2947</row> 2948<row topline="true" bottomline="false" newpage="false"> 2949<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2950\begin_inset Text 2951 2952\layout Standard 2953 2954d 2955\end_inset 2956</cell> 2957<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2958\begin_inset Text 2959 2960\layout Standard 2961 2962Double precision floating point 2963\end_inset 2964</cell> 2965</row> 2966<row topline="true" bottomline="false" newpage="false"> 2967<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2968\begin_inset Text 2969 2970\layout Standard 2971 2972b 2973\end_inset 2974</cell> 2975<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2976\begin_inset Text 2977 2978\layout Standard 2979 2980Byte 2981\end_inset 2982</cell> 2983</row> 2984<row topline="true" bottomline="false" newpage="false"> 2985<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 2986\begin_inset Text 2987 2988\layout Standard 2989 2990s 2991\end_inset 2992</cell> 2993<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 2994\begin_inset Text 2995 2996\layout Standard 2997 2998Short 2999\end_inset 3000</cell> 3001</row> 3002<row topline="true" bottomline="false" newpage="false"> 3003<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3004\begin_inset Text 3005 3006\layout Standard 3007 3008c 3009\end_inset 3010</cell> 3011<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3012\begin_inset Text 3013 3014\layout Standard 3015 3016Character 3017\end_inset 3018</cell> 3019</row> 3020<row topline="true" bottomline="true" newpage="false"> 3021<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3022\begin_inset Text 3023 3024\layout Standard 3025 3026a 3027\end_inset 3028</cell> 3029<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3030\begin_inset Text 3031 3032\layout Standard 3033 3034Object reference 3035\end_inset 3036</cell> 3037</row> 3038</lyxtabular> 3039 3040\end_inset 3041 3042 3043\end_float 3044\layout Standard 3045 3046 3047\begin_inset Tabular 3048<lyxtabular version="2" rows="29" columns="10"> 3049<features rotate="false" islongtable="true" endhead="1" endfirsthead="0" endfoot="0" endlastfoot="0"> 3050<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3051<column alignment="left" valignment="top" leftline="true" rightline="false" width="" special=""> 3052<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3053<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3054<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3055<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3056<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3057<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3058<column alignment="center" valignment="top" leftline="true" rightline="false" width="" special=""> 3059<column alignment="left" valignment="top" leftline="true" rightline="true" width="4cm" special=""> 3060<row topline="true" bottomline="true" newpage="false"> 3061<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3062\begin_inset Text 3063 3064\layout Standard 3065 3066 3067\size scriptsize 3068Instruction 3069\end_inset 3070</cell> 3071<cell multicolumn="0" alignment="left" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3072\begin_inset Text 3073 3074\layout Standard 3075 3076 3077\size scriptsize 3078int 3079\end_inset 3080</cell> 3081<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3082\begin_inset Text 3083 3084\layout Standard 3085 3086 3087\size scriptsize 3088long 3089\end_inset 3090</cell> 3091<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3092\begin_inset Text 3093 3094\layout Standard 3095 3096 3097\size scriptsize 3098float 3099\end_inset 3100</cell> 3101<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3102\begin_inset Text 3103 3104\layout Standard 3105 3106 3107\size scriptsize 3108double 3109\end_inset 3110</cell> 3111<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3112\begin_inset Text 3113 3114\layout Standard 3115 3116 3117\size scriptsize 3118byte 3119\end_inset 3120</cell> 3121<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3122\begin_inset Text 3123 3124\layout Standard 3125 3126 3127\size scriptsize 3128char 3129\end_inset 3130</cell> 3131<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3132\begin_inset Text 3133 3134\layout Standard 3135 3136 3137\size scriptsize 3138short 3139\end_inset 3140</cell> 3141<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3142\begin_inset Text 3143 3144\layout Standard 3145 3146 3147\size scriptsize 3148object ref. 3149\end_inset 3150</cell> 3151<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3152\begin_inset Text 3153 3154\layout Standard 3155 3156 3157\size scriptsize 3158Function 3159\end_inset 3160</cell> 3161</row> 3162<row topline="true" bottomline="false" newpage="false"> 3163<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3164\begin_inset Text 3165 3166\layout Standard 3167 3168?2c 3169\end_inset 3170</cell> 3171<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3172\begin_inset Text 3173 3174\layout Standard 3175 3176X 3177\end_inset 3178</cell> 3179<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3180\begin_inset Text 3181 3182\layout Standard 3183 3184\end_inset 3185</cell> 3186<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3187\begin_inset Text 3188 3189\layout Standard 3190 3191\end_inset 3192</cell> 3193<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3194\begin_inset Text 3195 3196\layout Standard 3197 3198\end_inset 3199</cell> 3200<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3201\begin_inset Text 3202 3203\layout Standard 3204 3205\end_inset 3206</cell> 3207<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3208\begin_inset Text 3209 3210\layout Standard 3211 3212\end_inset 3213</cell> 3214<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3215\begin_inset Text 3216 3217\layout Standard 3218 3219\end_inset 3220</cell> 3221<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3222\begin_inset Text 3223 3224\layout Standard 3225 3226\end_inset 3227</cell> 3228<cell multicolumn="0" alignment="left" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3229\begin_inset Text 3230 3231\layout Standard 3232 3233Convert value of type <?> to character 3234\end_inset 3235</cell> 3236</row> 3237<row topline="true" bottomline="false" newpage="false"> 3238<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3239\begin_inset Text 3240 3241\layout Standard 3242 3243?2d 3244\end_inset 3245</cell> 3246<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3247\begin_inset Text 3248 3249\layout Standard 3250 3251X 3252\end_inset 3253</cell> 3254<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3255\begin_inset Text 3256 3257\layout Standard 3258 3259X 3260\end_inset 3261</cell> 3262<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3263\begin_inset Text 3264 3265\layout Standard 3266 3267X 3268\end_inset 3269</cell> 3270<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3271\begin_inset Text 3272 3273\layout Standard 3274 3275\end_inset 3276</cell> 3277<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3278\begin_inset Text 3279 3280\layout Standard 3281 3282\end_inset 3283</cell> 3284<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3285\begin_inset Text 3286 3287\layout Standard 3288 3289\end_inset 3290</cell> 3291<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3292\begin_inset Text 3293 3294\layout Standard 3295 3296\end_inset 3297</cell> 3298<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3299\begin_inset Text 3300 3301\layout Standard 3302 3303\end_inset 3304</cell> 3305<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3306\begin_inset Text 3307 3308\layout Standard 3309 3310Convert value of type <?> to double 3311\end_inset 3312</cell> 3313</row> 3314<row topline="true" bottomline="false" newpage="false"> 3315<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3316\begin_inset Text 3317 3318\layout Standard 3319 3320?2i 3321\end_inset 3322</cell> 3323<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3324\begin_inset Text 3325 3326\layout Standard 3327 3328\end_inset 3329</cell> 3330<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3331\begin_inset Text 3332 3333\layout Standard 3334 3335X 3336\end_inset 3337</cell> 3338<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3339\begin_inset Text 3340 3341\layout Standard 3342 3343X 3344\end_inset 3345</cell> 3346<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3347\begin_inset Text 3348 3349\layout Standard 3350 3351X 3352\end_inset 3353</cell> 3354<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3355\begin_inset Text 3356 3357\layout Standard 3358 3359\end_inset 3360</cell> 3361<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3362\begin_inset Text 3363 3364\layout Standard 3365 3366\end_inset 3367</cell> 3368<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3369\begin_inset Text 3370 3371\layout Standard 3372 3373\end_inset 3374</cell> 3375<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3376\begin_inset Text 3377 3378\layout Standard 3379 3380\end_inset 3381</cell> 3382<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3383\begin_inset Text 3384 3385\layout Standard 3386 3387Convert value of type <?> to integer 3388\end_inset 3389</cell> 3390</row> 3391<row topline="true" bottomline="false" newpage="false"> 3392<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3393\begin_inset Text 3394 3395\layout Standard 3396 3397?2f 3398\end_inset 3399</cell> 3400<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3401\begin_inset Text 3402 3403\layout Standard 3404 3405X 3406\end_inset 3407</cell> 3408<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3409\begin_inset Text 3410 3411\layout Standard 3412 3413X 3414\end_inset 3415</cell> 3416<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3417\begin_inset Text 3418 3419\layout Standard 3420 3421\end_inset 3422</cell> 3423<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3424\begin_inset Text 3425 3426\layout Standard 3427 3428X 3429\end_inset 3430</cell> 3431<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3432\begin_inset Text 3433 3434\layout Standard 3435 3436\end_inset 3437</cell> 3438<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3439\begin_inset Text 3440 3441\layout Standard 3442 3443\end_inset 3444</cell> 3445<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3446\begin_inset Text 3447 3448\layout Standard 3449 3450\end_inset 3451</cell> 3452<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3453\begin_inset Text 3454 3455\layout Standard 3456 3457\end_inset 3458</cell> 3459<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3460\begin_inset Text 3461 3462\layout Standard 3463 3464Convert value of type <?> to float 3465\end_inset 3466</cell> 3467</row> 3468<row topline="true" bottomline="false" newpage="false"> 3469<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3470\begin_inset Text 3471 3472\layout Standard 3473 3474?2l 3475\end_inset 3476</cell> 3477<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3478\begin_inset Text 3479 3480\layout Standard 3481 3482X 3483\end_inset 3484</cell> 3485<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3486\begin_inset Text 3487 3488\layout Standard 3489 3490\end_inset 3491</cell> 3492<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3493\begin_inset Text 3494 3495\layout Standard 3496 3497X 3498\end_inset 3499</cell> 3500<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3501\begin_inset Text 3502 3503\layout Standard 3504 3505X 3506\end_inset 3507</cell> 3508<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3509\begin_inset Text 3510 3511\layout Standard 3512 3513\end_inset 3514</cell> 3515<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3516\begin_inset Text 3517 3518\layout Standard 3519 3520\end_inset 3521</cell> 3522<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3523\begin_inset Text 3524 3525\layout Standard 3526 3527\end_inset 3528</cell> 3529<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3530\begin_inset Text 3531 3532\layout Standard 3533 3534\end_inset 3535</cell> 3536<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3537\begin_inset Text 3538 3539\layout Standard 3540 3541Convert value of type <?> to long 3542\end_inset 3543</cell> 3544</row> 3545<row topline="true" bottomline="false" newpage="false"> 3546<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3547\begin_inset Text 3548 3549\layout Standard 3550 3551?2s 3552\end_inset 3553</cell> 3554<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3555\begin_inset Text 3556 3557\layout Standard 3558 3559X 3560\end_inset 3561</cell> 3562<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3563\begin_inset Text 3564 3565\layout Standard 3566 3567\end_inset 3568</cell> 3569<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3570\begin_inset Text 3571 3572\layout Standard 3573 3574\end_inset 3575</cell> 3576<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3577\begin_inset Text 3578 3579\layout Standard 3580 3581\end_inset 3582</cell> 3583<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3584\begin_inset Text 3585 3586\layout Standard 3587 3588\end_inset 3589</cell> 3590<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3591\begin_inset Text 3592 3593\layout Standard 3594 3595\end_inset 3596</cell> 3597<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3598\begin_inset Text 3599 3600\layout Standard 3601 3602\end_inset 3603</cell> 3604<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3605\begin_inset Text 3606 3607\layout Standard 3608 3609\end_inset 3610</cell> 3611<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3612\begin_inset Text 3613 3614\layout Standard 3615 3616Convert value of type <?> to short 3617\end_inset 3618</cell> 3619</row> 3620<row topline="true" bottomline="false" newpage="false"> 3621<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3622\begin_inset Text 3623 3624\layout Standard 3625 3626?add 3627\end_inset 3628</cell> 3629<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3630\begin_inset Text 3631 3632\layout Standard 3633 3634X 3635\end_inset 3636</cell> 3637<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3638\begin_inset Text 3639 3640\layout Standard 3641 3642X 3643\end_inset 3644</cell> 3645<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3646\begin_inset Text 3647 3648\layout Standard 3649 3650X 3651\end_inset 3652</cell> 3653<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3654\begin_inset Text 3655 3656\layout Standard 3657 3658X 3659\end_inset 3660</cell> 3661<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3662\begin_inset Text 3663 3664\layout Standard 3665 3666\end_inset 3667</cell> 3668<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3669\begin_inset Text 3670 3671\layout Standard 3672 3673\end_inset 3674</cell> 3675<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3676\begin_inset Text 3677 3678\layout Standard 3679 3680\end_inset 3681</cell> 3682<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3683\begin_inset Text 3684 3685\layout Standard 3686 3687\end_inset 3688</cell> 3689<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3690\begin_inset Text 3691 3692\layout Standard 3693 3694Add two values of type <?> 3695\end_inset 3696</cell> 3697</row> 3698<row topline="true" bottomline="false" newpage="false"> 3699<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3700\begin_inset Text 3701 3702\layout Standard 3703 3704?aload 3705\end_inset 3706</cell> 3707<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3708\begin_inset Text 3709 3710\layout Standard 3711 3712X 3713\end_inset 3714</cell> 3715<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3716\begin_inset Text 3717 3718\layout Standard 3719 3720X 3721\end_inset 3722</cell> 3723<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3724\begin_inset Text 3725 3726\layout Standard 3727 3728X 3729\end_inset 3730</cell> 3731<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3732\begin_inset Text 3733 3734\layout Standard 3735 3736X 3737\end_inset 3738</cell> 3739<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3740\begin_inset Text 3741 3742\layout Standard 3743 3744X 3745\end_inset 3746</cell> 3747<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3748\begin_inset Text 3749 3750\layout Standard 3751 3752X 3753\end_inset 3754</cell> 3755<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3756\begin_inset Text 3757 3758\layout Standard 3759 3760X 3761\end_inset 3762</cell> 3763<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3764\begin_inset Text 3765 3766\layout Standard 3767 3768X 3769\end_inset 3770</cell> 3771<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3772\begin_inset Text 3773 3774\layout Standard 3775 3776Push an element of type <?> from an array onto the stack 3777\end_inset 3778</cell> 3779</row> 3780<row topline="true" bottomline="false" newpage="false"> 3781<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3782\begin_inset Text 3783 3784\layout Standard 3785 3786?and 3787\end_inset 3788</cell> 3789<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3790\begin_inset Text 3791 3792\layout Standard 3793 3794X 3795\end_inset 3796</cell> 3797<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3798\begin_inset Text 3799 3800\layout Standard 3801 3802X 3803\end_inset 3804</cell> 3805<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3806\begin_inset Text 3807 3808\layout Standard 3809 3810\end_inset 3811</cell> 3812<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3813\begin_inset Text 3814 3815\layout Standard 3816 3817\end_inset 3818</cell> 3819<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3820\begin_inset Text 3821 3822\layout Standard 3823 3824\end_inset 3825</cell> 3826<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3827\begin_inset Text 3828 3829\layout Standard 3830 3831\end_inset 3832</cell> 3833<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3834\begin_inset Text 3835 3836\layout Standard 3837 3838\end_inset 3839</cell> 3840<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3841\begin_inset Text 3842 3843\layout Standard 3844 3845\end_inset 3846</cell> 3847<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3848\begin_inset Text 3849 3850\layout Standard 3851 3852Perform logical AND on two values of type <?> 3853\end_inset 3854</cell> 3855</row> 3856<row topline="true" bottomline="false" newpage="false"> 3857<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3858\begin_inset Text 3859 3860\layout Standard 3861 3862?astore 3863\end_inset 3864</cell> 3865<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3866\begin_inset Text 3867 3868\layout Standard 3869 3870X 3871\end_inset 3872</cell> 3873<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3874\begin_inset Text 3875 3876\layout Standard 3877 3878X 3879\end_inset 3880</cell> 3881<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3882\begin_inset Text 3883 3884\layout Standard 3885 3886X 3887\end_inset 3888</cell> 3889<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3890\begin_inset Text 3891 3892\layout Standard 3893 3894X 3895\end_inset 3896</cell> 3897<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3898\begin_inset Text 3899 3900\layout Standard 3901 3902X 3903\end_inset 3904</cell> 3905<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3906\begin_inset Text 3907 3908\layout Standard 3909 3910X 3911\end_inset 3912</cell> 3913<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3914\begin_inset Text 3915 3916\layout Standard 3917 3918X 3919\end_inset 3920</cell> 3921<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3922\begin_inset Text 3923 3924\layout Standard 3925 3926X 3927\end_inset 3928</cell> 3929<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 3930\begin_inset Text 3931 3932\layout Standard 3933 3934Pop an element of type <?> from the stack and store it in an array of type 3935 <?> 3936\end_inset 3937</cell> 3938</row> 3939<row topline="true" bottomline="false" newpage="false"> 3940<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3941\begin_inset Text 3942 3943\layout Standard 3944 3945?cmp 3946\end_inset 3947</cell> 3948<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3949\begin_inset Text 3950 3951\layout Standard 3952 3953\end_inset 3954</cell> 3955<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3956\begin_inset Text 3957 3958\layout Standard 3959 3960X 3961\end_inset 3962</cell> 3963<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3964\begin_inset Text 3965 3966\layout Standard 3967 3968\end_inset 3969</cell> 3970<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3971\begin_inset Text 3972 3973\layout Standard 3974 3975\end_inset 3976</cell> 3977<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3978\begin_inset Text 3979 3980\layout Standard 3981 3982\end_inset 3983</cell> 3984<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3985\begin_inset Text 3986 3987\layout Standard 3988 3989\end_inset 3990</cell> 3991<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3992\begin_inset Text 3993 3994\layout Standard 3995 3996\end_inset 3997</cell> 3998<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 3999\begin_inset Text 4000 4001\layout Standard 4002 4003\end_inset 4004</cell> 4005<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4006\begin_inset Text 4007 4008\layout Standard 4009 4010Compare two long values. 4011 If they are equal push 0, if the first is greater push 1, else push -1 4012\end_inset 4013</cell> 4014</row> 4015<row topline="true" bottomline="false" newpage="false"> 4016<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4017\begin_inset Text 4018 4019\layout Standard 4020 4021?cmpg 4022\end_inset 4023</cell> 4024<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4025\begin_inset Text 4026 4027\layout Standard 4028 4029\end_inset 4030</cell> 4031<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4032\begin_inset Text 4033 4034\layout Standard 4035 4036\end_inset 4037</cell> 4038<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4039\begin_inset Text 4040 4041\layout Standard 4042 4043X 4044\end_inset 4045</cell> 4046<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4047\begin_inset Text 4048 4049\layout Standard 4050 4051X 4052\end_inset 4053</cell> 4054<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4055\begin_inset Text 4056 4057\layout Standard 4058 4059\end_inset 4060</cell> 4061<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4062\begin_inset Text 4063 4064\layout Standard 4065 4066\end_inset 4067</cell> 4068<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4069\begin_inset Text 4070 4071\layout Standard 4072 4073\end_inset 4074</cell> 4075<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4076\begin_inset Text 4077 4078\layout Standard 4079 4080\end_inset 4081</cell> 4082<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4083\begin_inset Text 4084 4085\layout Standard 4086 4087Compare two IEEE values of type <?> from the stack. 4088 If they are equal push 0, if the first is greater push 1, if the second 4089 is greater push -1. 4090 If either is NaN (not a number) push 1 4091\end_inset 4092</cell> 4093</row> 4094<row topline="true" bottomline="false" newpage="false"> 4095<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4096\begin_inset Text 4097 4098\layout Standard 4099 4100?cmpl 4101\end_inset 4102</cell> 4103<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4104\begin_inset Text 4105 4106\layout Standard 4107 4108\end_inset 4109</cell> 4110<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4111\begin_inset Text 4112 4113\layout Standard 4114 4115\end_inset 4116</cell> 4117<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4118\begin_inset Text 4119 4120\layout Standard 4121 4122X 4123\end_inset 4124</cell> 4125<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4126\begin_inset Text 4127 4128\layout Standard 4129 4130X 4131\end_inset 4132</cell> 4133<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4134\begin_inset Text 4135 4136\layout Standard 4137 4138\end_inset 4139</cell> 4140<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4141\begin_inset Text 4142 4143\layout Standard 4144 4145\end_inset 4146</cell> 4147<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4148\begin_inset Text 4149 4150\layout Standard 4151 4152\end_inset 4153</cell> 4154<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4155\begin_inset Text 4156 4157\layout Standard 4158 4159\end_inset 4160</cell> 4161<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4162\begin_inset Text 4163 4164\layout Standard 4165 4166Compare two IEEE values of type <?> from the stack. 4167 If they are equal push 0, if the first is greater push 1, if the second 4168 is greater push -1. 4169 If either is NaN (not a number) push -1 4170\end_inset 4171</cell> 4172</row> 4173<row topline="true" bottomline="false" newpage="false"> 4174<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4175\begin_inset Text 4176 4177\layout Standard 4178 4179?const 4180\end_inset 4181</cell> 4182<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4183\begin_inset Text 4184 4185\layout Standard 4186 4187X 4188\end_inset 4189</cell> 4190<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4191\begin_inset Text 4192 4193\layout Standard 4194 4195X 4196\end_inset 4197</cell> 4198<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4199\begin_inset Text 4200 4201\layout Standard 4202 4203X 4204\end_inset 4205</cell> 4206<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4207\begin_inset Text 4208 4209\layout Standard 4210 4211X 4212\end_inset 4213</cell> 4214<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4215\begin_inset Text 4216 4217\layout Standard 4218 4219\end_inset 4220</cell> 4221<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4222\begin_inset Text 4223 4224\layout Standard 4225 4226\end_inset 4227</cell> 4228<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4229\begin_inset Text 4230 4231\layout Standard 4232 4233\end_inset 4234</cell> 4235<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4236\begin_inset Text 4237 4238\layout Standard 4239 4240X 4241\end_inset 4242</cell> 4243<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4244\begin_inset Text 4245 4246\layout Standard 4247 4248Push a constant value of type <?> onto the stack 4249\end_inset 4250</cell> 4251</row> 4252<row topline="true" bottomline="false" newpage="false"> 4253<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4254\begin_inset Text 4255 4256\layout Standard 4257 4258?div 4259\end_inset 4260</cell> 4261<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4262\begin_inset Text 4263 4264\layout Standard 4265 4266X 4267\end_inset 4268</cell> 4269<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4270\begin_inset Text 4271 4272\layout Standard 4273 4274X 4275\end_inset 4276</cell> 4277<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4278\begin_inset Text 4279 4280\layout Standard 4281 4282X 4283\end_inset 4284</cell> 4285<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4286\begin_inset Text 4287 4288\layout Standard 4289 4290X 4291\end_inset 4292</cell> 4293<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4294\begin_inset Text 4295 4296\layout Standard 4297 4298\end_inset 4299</cell> 4300<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4301\begin_inset Text 4302 4303\layout Standard 4304 4305\end_inset 4306</cell> 4307<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4308\begin_inset Text 4309 4310\layout Standard 4311 4312\end_inset 4313</cell> 4314<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4315\begin_inset Text 4316 4317\layout Standard 4318 4319\end_inset 4320</cell> 4321<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4322\begin_inset Text 4323 4324\layout Standard 4325 4326Perform a division using two values of type <?> and push the quotient onto 4327 the stack 4328\end_inset 4329</cell> 4330</row> 4331<row topline="true" bottomline="false" newpage="false"> 4332<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4333\begin_inset Text 4334 4335\layout Standard 4336 4337?inc 4338\end_inset 4339</cell> 4340<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4341\begin_inset Text 4342 4343\layout Standard 4344 4345X 4346\end_inset 4347</cell> 4348<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4349\begin_inset Text 4350 4351\layout Standard 4352 4353\end_inset 4354</cell> 4355<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4356\begin_inset Text 4357 4358\layout Standard 4359 4360\end_inset 4361</cell> 4362<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4363\begin_inset Text 4364 4365\layout Standard 4366 4367\end_inset 4368</cell> 4369<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4370\begin_inset Text 4371 4372\layout Standard 4373 4374\end_inset 4375</cell> 4376<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4377\begin_inset Text 4378 4379\layout Standard 4380 4381\end_inset 4382</cell> 4383<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4384\begin_inset Text 4385 4386\layout Standard 4387 4388\end_inset 4389</cell> 4390<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4391\begin_inset Text 4392 4393\layout Standard 4394 4395\end_inset 4396</cell> 4397<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4398\begin_inset Text 4399 4400\layout Standard 4401 4402Increment the top of the stack (possibly by a negative value) 4403\end_inset 4404</cell> 4405</row> 4406<row topline="true" bottomline="false" newpage="false"> 4407<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4408\begin_inset Text 4409 4410\layout Standard 4411 4412?ipush 4413\end_inset 4414</cell> 4415<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4416\begin_inset Text 4417 4418\layout Standard 4419 4420\end_inset 4421</cell> 4422<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4423\begin_inset Text 4424 4425\layout Standard 4426 4427\end_inset 4428</cell> 4429<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4430\begin_inset Text 4431 4432\layout Standard 4433 4434\end_inset 4435</cell> 4436<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4437\begin_inset Text 4438 4439\layout Standard 4440 4441\end_inset 4442</cell> 4443<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4444\begin_inset Text 4445 4446\layout Standard 4447 4448X 4449\end_inset 4450</cell> 4451<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4452\begin_inset Text 4453 4454\layout Standard 4455 4456\end_inset 4457</cell> 4458<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4459\begin_inset Text 4460 4461\layout Standard 4462 4463X 4464\end_inset 4465</cell> 4466<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4467\begin_inset Text 4468 4469\layout Standard 4470 4471\end_inset 4472</cell> 4473<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4474\begin_inset Text 4475 4476\layout Standard 4477 4478Push a sign extended byte or short value onto the stack 4479\end_inset 4480</cell> 4481</row> 4482<row topline="true" bottomline="false" newpage="false"> 4483<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4484\begin_inset Text 4485 4486\layout Standard 4487 4488?load 4489\end_inset 4490</cell> 4491<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4492\begin_inset Text 4493 4494\layout Standard 4495 4496X 4497\end_inset 4498</cell> 4499<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4500\begin_inset Text 4501 4502\layout Standard 4503 4504X 4505\end_inset 4506</cell> 4507<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4508\begin_inset Text 4509 4510\layout Standard 4511 4512X 4513\end_inset 4514</cell> 4515<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4516\begin_inset Text 4517 4518\layout Standard 4519 4520X 4521\end_inset 4522</cell> 4523<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4524\begin_inset Text 4525 4526\layout Standard 4527 4528\end_inset 4529</cell> 4530<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4531\begin_inset Text 4532 4533\layout Standard 4534 4535\end_inset 4536</cell> 4537<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4538\begin_inset Text 4539 4540\layout Standard 4541 4542\end_inset 4543</cell> 4544<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4545\begin_inset Text 4546 4547\layout Standard 4548 4549\end_inset 4550</cell> 4551<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4552\begin_inset Text 4553 4554\layout Standard 4555 4556Push a value of type <?> from a local variable onto the stack 4557\end_inset 4558</cell> 4559</row> 4560<row topline="true" bottomline="false" newpage="false"> 4561<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4562\begin_inset Text 4563 4564\layout Standard 4565 4566?mul 4567\end_inset 4568</cell> 4569<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4570\begin_inset Text 4571 4572\layout Standard 4573 4574X 4575\end_inset 4576</cell> 4577<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4578\begin_inset Text 4579 4580\layout Standard 4581 4582X 4583\end_inset 4584</cell> 4585<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4586\begin_inset Text 4587 4588\layout Standard 4589 4590X 4591\end_inset 4592</cell> 4593<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4594\begin_inset Text 4595 4596\layout Standard 4597 4598X 4599\end_inset 4600</cell> 4601<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4602\begin_inset Text 4603 4604\layout Standard 4605 4606\end_inset 4607</cell> 4608<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4609\begin_inset Text 4610 4611\layout Standard 4612 4613\end_inset 4614</cell> 4615<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4616\begin_inset Text 4617 4618\layout Standard 4619 4620\end_inset 4621</cell> 4622<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4623\begin_inset Text 4624 4625\layout Standard 4626 4627\end_inset 4628</cell> 4629<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4630\begin_inset Text 4631 4632\layout Standard 4633 4634Perform multiplication of two values of type <?> 4635\end_inset 4636</cell> 4637</row> 4638<row topline="true" bottomline="false" newpage="false"> 4639<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4640\begin_inset Text 4641 4642\layout Standard 4643 4644?neg 4645\end_inset 4646</cell> 4647<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4648\begin_inset Text 4649 4650\layout Standard 4651 4652X 4653\end_inset 4654</cell> 4655<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4656\begin_inset Text 4657 4658\layout Standard 4659 4660X 4661\end_inset 4662</cell> 4663<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4664\begin_inset Text 4665 4666\layout Standard 4667 4668X 4669\end_inset 4670</cell> 4671<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4672\begin_inset Text 4673 4674\layout Standard 4675 4676X 4677\end_inset 4678</cell> 4679<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4680\begin_inset Text 4681 4682\layout Standard 4683 4684\end_inset 4685</cell> 4686<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4687\begin_inset Text 4688 4689\layout Standard 4690 4691\end_inset 4692</cell> 4693<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4694\begin_inset Text 4695 4696\layout Standard 4697 4698\end_inset 4699</cell> 4700<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4701\begin_inset Text 4702 4703\layout Standard 4704 4705\end_inset 4706</cell> 4707<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4708\begin_inset Text 4709 4710\layout Standard 4711 4712Negate a value of type <?> 4713\end_inset 4714</cell> 4715</row> 4716<row topline="true" bottomline="false" newpage="false"> 4717<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4718\begin_inset Text 4719 4720\layout Standard 4721 4722?newarray 4723\end_inset 4724</cell> 4725<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4726\begin_inset Text 4727 4728\layout Standard 4729 4730\end_inset 4731</cell> 4732<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4733\begin_inset Text 4734 4735\layout Standard 4736 4737\end_inset 4738</cell> 4739<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4740\begin_inset Text 4741 4742\layout Standard 4743 4744\end_inset 4745</cell> 4746<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4747\begin_inset Text 4748 4749\layout Standard 4750 4751\end_inset 4752</cell> 4753<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4754\begin_inset Text 4755 4756\layout Standard 4757 4758\end_inset 4759</cell> 4760<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4761\begin_inset Text 4762 4763\layout Standard 4764 4765\end_inset 4766</cell> 4767<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4768\begin_inset Text 4769 4770\layout Standard 4771 4772\end_inset 4773</cell> 4774<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4775\begin_inset Text 4776 4777\layout Standard 4778 4779X 4780\end_inset 4781</cell> 4782<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4783\begin_inset Text 4784 4785\layout Standard 4786 4787Create a new array of object references 4788\end_inset 4789</cell> 4790</row> 4791<row topline="true" bottomline="false" newpage="false"> 4792<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4793\begin_inset Text 4794 4795\layout Standard 4796 4797?or 4798\end_inset 4799</cell> 4800<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4801\begin_inset Text 4802 4803\layout Standard 4804 4805X 4806\end_inset 4807</cell> 4808<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4809\begin_inset Text 4810 4811\layout Standard 4812 4813X 4814\end_inset 4815</cell> 4816<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4817\begin_inset Text 4818 4819\layout Standard 4820 4821\end_inset 4822</cell> 4823<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4824\begin_inset Text 4825 4826\layout Standard 4827 4828\end_inset 4829</cell> 4830<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4831\begin_inset Text 4832 4833\layout Standard 4834 4835\end_inset 4836</cell> 4837<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4838\begin_inset Text 4839 4840\layout Standard 4841 4842\end_inset 4843</cell> 4844<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4845\begin_inset Text 4846 4847\layout Standard 4848 4849\end_inset 4850</cell> 4851<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4852\begin_inset Text 4853 4854\layout Standard 4855 4856\end_inset 4857</cell> 4858<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4859\begin_inset Text 4860 4861\layout Standard 4862 4863Perform logical OR on two values of type <?> 4864\end_inset 4865</cell> 4866</row> 4867<row topline="true" bottomline="false" newpage="false"> 4868<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4869\begin_inset Text 4870 4871\layout Standard 4872 4873?rem 4874\end_inset 4875</cell> 4876<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4877\begin_inset Text 4878 4879\layout Standard 4880 4881X 4882\end_inset 4883</cell> 4884<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4885\begin_inset Text 4886 4887\layout Standard 4888 4889X 4890\end_inset 4891</cell> 4892<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4893\begin_inset Text 4894 4895\layout Standard 4896 4897X 4898\end_inset 4899</cell> 4900<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4901\begin_inset Text 4902 4903\layout Standard 4904 4905X 4906\end_inset 4907</cell> 4908<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4909\begin_inset Text 4910 4911\layout Standard 4912 4913\end_inset 4914</cell> 4915<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4916\begin_inset Text 4917 4918\layout Standard 4919 4920\end_inset 4921</cell> 4922<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4923\begin_inset Text 4924 4925\layout Standard 4926 4927\end_inset 4928</cell> 4929<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4930\begin_inset Text 4931 4932\layout Standard 4933 4934\end_inset 4935</cell> 4936<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 4937\begin_inset Text 4938 4939\layout Standard 4940 4941Perform a division using two values of type <?> and push the remainder onto 4942 the stack 4943\end_inset 4944</cell> 4945</row> 4946<row topline="true" bottomline="false" newpage="false"> 4947<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4948\begin_inset Text 4949 4950\layout Standard 4951 4952?return 4953\end_inset 4954</cell> 4955<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4956\begin_inset Text 4957 4958\layout Standard 4959 4960X 4961\end_inset 4962</cell> 4963<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4964\begin_inset Text 4965 4966\layout Standard 4967 4968X 4969\end_inset 4970</cell> 4971<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4972\begin_inset Text 4973 4974\layout Standard 4975 4976X 4977\end_inset 4978</cell> 4979<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4980\begin_inset Text 4981 4982\layout Standard 4983 4984X 4985\end_inset 4986</cell> 4987<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4988\begin_inset Text 4989 4990\layout Standard 4991 4992\end_inset 4993</cell> 4994<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 4995\begin_inset Text 4996 4997\layout Standard 4998 4999\end_inset 5000</cell> 5001<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5002\begin_inset Text 5003 5004\layout Standard 5005 5006\end_inset 5007</cell> 5008<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5009\begin_inset Text 5010 5011\layout Standard 5012 5013X 5014\end_inset 5015</cell> 5016<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 5017\begin_inset Text 5018 5019\layout Standard 5020 5021Return a value of type <?> to the invoking method 5022\end_inset 5023</cell> 5024</row> 5025<row topline="true" bottomline="false" newpage="false"> 5026<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5027\begin_inset Text 5028 5029\layout Standard 5030 5031?shl 5032\end_inset 5033</cell> 5034<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5035\begin_inset Text 5036 5037\layout Standard 5038 5039X 5040\end_inset 5041</cell> 5042<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5043\begin_inset Text 5044 5045\layout Standard 5046 5047X 5048\end_inset 5049</cell> 5050<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5051\begin_inset Text 5052 5053\layout Standard 5054 5055\end_inset 5056</cell> 5057<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5058\begin_inset Text 5059 5060\layout Standard 5061 5062\end_inset 5063</cell> 5064<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5065\begin_inset Text 5066 5067\layout Standard 5068 5069\end_inset 5070</cell> 5071<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5072\begin_inset Text 5073 5074\layout Standard 5075 5076\end_inset 5077</cell> 5078<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5079\begin_inset Text 5080 5081\layout Standard 5082 5083\end_inset 5084</cell> 5085<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5086\begin_inset Text 5087 5088\layout Standard 5089 5090\end_inset 5091</cell> 5092<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 5093\begin_inset Text 5094 5095\layout Standard 5096 5097Perform arithmetic shift left on a value of type <?> 5098\end_inset 5099</cell> 5100</row> 5101<row topline="true" bottomline="false" newpage="false"> 5102<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5103\begin_inset Text 5104 5105\layout Standard 5106 5107?shr 5108\end_inset 5109</cell> 5110<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5111\begin_inset Text 5112 5113\layout Standard 5114 5115X 5116\end_inset 5117</cell> 5118<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5119\begin_inset Text 5120 5121\layout Standard 5122 5123X 5124\end_inset 5125</cell> 5126<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5127\begin_inset Text 5128 5129\layout Standard 5130 5131\end_inset 5132</cell> 5133<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5134\begin_inset Text 5135 5136\layout Standard 5137 5138\end_inset 5139</cell> 5140<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5141\begin_inset Text 5142 5143\layout Standard 5144 5145\end_inset 5146</cell> 5147<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5148\begin_inset Text 5149 5150\layout Standard 5151 5152\end_inset 5153</cell> 5154<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5155\begin_inset Text 5156 5157\layout Standard 5158 5159\end_inset 5160</cell> 5161<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5162\begin_inset Text 5163 5164\layout Standard 5165 5166\end_inset 5167</cell> 5168<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 5169\begin_inset Text 5170 5171\layout Standard 5172 5173Perform arithmetic shift right on a value of type <?> 5174\end_inset 5175</cell> 5176</row> 5177<row topline="true" bottomline="false" newpage="false"> 5178<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5179\begin_inset Text 5180 5181\layout Standard 5182 5183?store 5184\end_inset 5185</cell> 5186<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5187\begin_inset Text 5188 5189\layout Standard 5190 5191X 5192\end_inset 5193</cell> 5194<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5195\begin_inset Text 5196 5197\layout Standard 5198 5199X 5200\end_inset 5201</cell> 5202<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5203\begin_inset Text 5204 5205\layout Standard 5206 5207X 5208\end_inset 5209</cell> 5210<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5211\begin_inset Text 5212 5213\layout Standard 5214 5215X 5216\end_inset 5217</cell> 5218<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5219\begin_inset Text 5220 5221\layout Standard 5222 5223\end_inset 5224</cell> 5225<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5226\begin_inset Text 5227 5228\layout Standard 5229 5230\end_inset 5231</cell> 5232<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5233\begin_inset Text 5234 5235\layout Standard 5236 5237\end_inset 5238</cell> 5239<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5240\begin_inset Text 5241 5242\layout Standard 5243 5244X 5245\end_inset 5246</cell> 5247<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 5248\begin_inset Text 5249 5250\layout Standard 5251 5252Pop a value of type <?> and store it into a local variable 5253\end_inset 5254</cell> 5255</row> 5256<row topline="true" bottomline="true" newpage="false"> 5257<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5258\begin_inset Text 5259 5260\layout Standard 5261 5262?sub 5263\end_inset 5264</cell> 5265<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5266\begin_inset Text 5267 5268\layout Standard 5269 5270X 5271\end_inset 5272</cell> 5273<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5274\begin_inset Text 5275 5276\layout Standard 5277 5278X 5279\end_inset 5280</cell> 5281<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5282\begin_inset Text 5283 5284\layout Standard 5285 5286X 5287\end_inset 5288</cell> 5289<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5290\begin_inset Text 5291 5292\layout Standard 5293 5294X 5295\end_inset 5296</cell> 5297<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5298\begin_inset Text 5299 5300\layout Standard 5301 5302\end_inset 5303</cell> 5304<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5305\begin_inset Text 5306 5307\layout Standard 5308 5309\end_inset 5310</cell> 5311<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5312\begin_inset Text 5313 5314\layout Standard 5315 5316\end_inset 5317</cell> 5318<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="false" rotate="false" usebox="none" width="" special=""> 5319\begin_inset Text 5320 5321\layout Standard 5322 5323\end_inset 5324</cell> 5325<cell multicolumn="0" alignment="center" valignment="top" topline="true" bottomline="false" leftline="true" rightline="true" rotate="false" usebox="none" width="" special=""> 5326\begin_inset Text 5327 5328\layout Standard 5329 5330Perform a subtraction using two values of type <?> 5331\end_inset 5332</cell> 5333</row> 5334</lyxtabular> 5335 5336\end_inset 5337 5338 5339\layout Standard 5340 5341The opcode names are mostly self-explanatory. 5342 In this paper, all bytecode is commented to support the intuitive understanding. 5343 Algorithms 5344\begin_inset LatexCommand \ref{facjavapl} 5345 5346\end_inset 5347 5348 and 5349\begin_inset LatexCommand \ref{facjavabytecode} 5350 5351\end_inset 5352 5353 show an example bytecode taken from 5354\begin_inset LatexCommand \cite{BCEL98} 5355 5356\end_inset 5357 5358. 5359 It implements the well-known faculty function. 5360 To understand this example, it is important to know that method arguments 5361 are stored into the local variables of a newly created execution frame 5362 upon method invocation. 5363\layout Standard 5364 5365\begin_float alg 5366\layout Caption 5367 5368 5369\begin_inset LatexCommand \label{facjavapl} 5370 5371\end_inset 5372 5373Methed 5374\emph on 5375fac 5376\emph default 5377 in a class 5378\emph on 5379Faculty 5380\emph default 5381, Java programming language version 5382\layout Standard 5383 5384 5385\family typewriter 5386public static final int fac(int n){ 5387\layout Standard 5388 5389 5390\family typewriter 5391\SpecialChar ~ 5392\SpecialChar ~ 5393return (n==0)?1:n*fac(n-1); 5394\layout Standard 5395 5396 5397\family typewriter 5398} 5399\end_float 5400\layout Standard 5401 5402\begin_float alg 5403\layout Caption 5404 5405 5406\begin_inset LatexCommand \label{facjavabytecode} 5407 5408\end_inset 5409 5410Method 5411\emph on 5412fac 5413\emph default 5414 in a class 5415\emph on 5416Faculty 5417\emph default 5418, Java bytecode version 5419\layout Standard 5420 5421 5422\family typewriter 5423\size footnotesize 5424Faculty.fac (I)I 5425\layout Standard 5426 5427 5428\family typewriter 5429\size footnotesize 54300:\SpecialChar ~ 5431\SpecialChar ~ 5432iload_0\SpecialChar ~ 5433\SpecialChar ~ 5434\SpecialChar ~ 5435\SpecialChar ~ 5436\SpecialChar ~ 5437\SpecialChar ~ 5438\SpecialChar ~ 5439\SpecialChar ~ 5440\SpecialChar ~ 5441\SpecialChar ~ 5442\SpecialChar ~ 5443\SpecialChar ~ 5444\SpecialChar ~ 5445\SpecialChar ~ 5446\SpecialChar ~ 5447\SpecialChar ~ 5448\SpecialChar ~ 5449\SpecialChar ~ 5450\SpecialChar ~ 5451\SpecialChar ~ 5452\SpecialChar ~ 5453\SpecialChar ~ 5454\SpecialChar ~ 5455\SpecialChar ~ 5456; load argument onto stack 5457\layout Standard 5458 5459 5460\family typewriter 5461\size footnotesize 54621:\SpecialChar ~ 5463\SpecialChar ~ 5464ifne #8\SpecialChar ~ 5465\SpecialChar ~ 5466\SpecialChar ~ 5467\SpecialChar ~ 5468\SpecialChar ~ 5469\SpecialChar ~ 5470\SpecialChar ~ 5471\SpecialChar ~ 5472\SpecialChar ~ 5473\SpecialChar ~ 5474\SpecialChar ~ 5475\SpecialChar ~ 5476\SpecialChar ~ 5477\SpecialChar ~ 5478\SpecialChar ~ 5479\SpecialChar ~ 5480\SpecialChar ~ 5481\SpecialChar ~ 5482\SpecialChar ~ 5483\SpecialChar ~ 5484\SpecialChar ~ 5485\SpecialChar ~ 5486\SpecialChar ~ 5487\SpecialChar ~ 5488; non-zero? Then branch to 8. 5489\layout Standard 5490 5491 5492\family typewriter 5493\size footnotesize 54944:\SpecialChar ~ 5495\SpecialChar ~ 5496iconst_1\SpecialChar ~ 5497\SpecialChar ~ 5498\SpecialChar ~ 5499\SpecialChar ~ 5500\SpecialChar ~ 5501\SpecialChar ~ 5502\SpecialChar ~ 5503\SpecialChar ~ 5504\SpecialChar ~ 5505\SpecialChar ~ 5506\SpecialChar ~ 5507\SpecialChar ~ 5508\SpecialChar ~ 5509\SpecialChar ~ 5510\SpecialChar ~ 5511\SpecialChar ~ 5512\SpecialChar ~ 5513\SpecialChar ~ 5514\SpecialChar ~ 5515\SpecialChar ~ 5516\SpecialChar ~ 5517\SpecialChar ~ 5518\SpecialChar ~ 5519; push constant 1 onto stack 5520\layout Standard 5521 5522 5523\family typewriter 5524\size footnotesize 55255:\SpecialChar ~ 5526\SpecialChar ~ 5527goto #16\SpecialChar ~ 5528\SpecialChar ~ 5529\SpecialChar ~ 5530\SpecialChar ~ 5531\SpecialChar ~ 5532\SpecialChar ~ 5533\SpecialChar ~ 5534\SpecialChar ~ 5535\SpecialChar ~ 5536\SpecialChar ~ 5537\SpecialChar ~ 5538\SpecialChar ~ 5539\SpecialChar ~ 5540\SpecialChar ~ 5541\SpecialChar ~ 5542\SpecialChar ~ 5543\SpecialChar ~ 5544\SpecialChar ~ 5545\SpecialChar ~ 5546\SpecialChar ~ 5547\SpecialChar ~ 5548\SpecialChar ~ 5549\SpecialChar ~ 5550; jump to 16 5551\layout Standard 5552 5553 5554\family typewriter 5555\size footnotesize 55568:\SpecialChar ~ 5557\SpecialChar ~ 5558iload_0\SpecialChar ~ 5559\SpecialChar ~ 5560\SpecialChar ~ 5561\SpecialChar ~ 5562\SpecialChar ~ 5563\SpecialChar ~ 5564\SpecialChar ~ 5565\SpecialChar ~ 5566\SpecialChar ~ 5567\SpecialChar ~ 5568\SpecialChar ~ 5569\SpecialChar ~ 5570\SpecialChar ~ 5571\SpecialChar ~ 5572\SpecialChar ~ 5573\SpecialChar ~ 5574\SpecialChar ~ 5575\SpecialChar ~ 5576\SpecialChar ~ 5577\SpecialChar ~ 5578\SpecialChar ~ 5579\SpecialChar ~ 5580\SpecialChar ~ 5581\SpecialChar ~ 5582; load argument onto stack 5583\layout Standard 5584 5585 5586\family typewriter 5587\size footnotesize 55889:\SpecialChar ~ 5589\SpecialChar ~ 5590iload_0\SpecialChar ~ 5591\SpecialChar ~ 5592\SpecialChar ~ 5593\SpecialChar ~ 5594\SpecialChar ~ 5595\SpecialChar ~ 5596\SpecialChar ~ 5597\SpecialChar ~ 5598\SpecialChar ~ 5599\SpecialChar ~ 5600\SpecialChar ~ 5601\SpecialChar ~ 5602\SpecialChar ~ 5603\SpecialChar ~ 5604\SpecialChar ~ 5605\SpecialChar ~ 5606\SpecialChar ~ 5607\SpecialChar ~ 5608\SpecialChar ~ 5609\SpecialChar ~ 5610\SpecialChar ~ 5611\SpecialChar ~ 5612\SpecialChar ~ 5613\SpecialChar ~ 5614; load argument onto stack 5615\layout Standard 5616 5617 5618\family typewriter 5619\size footnotesize 562010:\SpecialChar ~ 5621iconst_1\SpecialChar ~ 5622\SpecialChar ~ 5623\SpecialChar ~ 5624\SpecialChar ~ 5625\SpecialChar ~ 5626\SpecialChar ~ 5627\SpecialChar ~ 5628\SpecialChar ~ 5629\SpecialChar ~ 5630\SpecialChar ~ 5631\SpecialChar ~ 5632\SpecialChar ~ 5633\SpecialChar ~ 5634\SpecialChar ~ 5635\SpecialChar ~ 5636\SpecialChar ~ 5637\SpecialChar ~ 5638\SpecialChar ~ 5639\SpecialChar ~ 5640\SpecialChar ~ 5641\SpecialChar ~ 5642\SpecialChar ~ 5643\SpecialChar ~ 5644; push constant 1 onto stack 5645\layout Standard 5646 5647 5648\family typewriter 5649\size footnotesize 565011:\SpecialChar ~ 5651isub\SpecialChar ~ 5652\SpecialChar ~ 5653\SpecialChar ~ 5654\SpecialChar ~ 5655\SpecialChar ~ 5656\SpecialChar ~ 5657\SpecialChar ~ 5658\SpecialChar ~ 5659\SpecialChar ~ 5660\SpecialChar ~ 5661\SpecialChar ~ 5662\SpecialChar ~ 5663\SpecialChar ~ 5664\SpecialChar ~ 5665\SpecialChar ~ 5666\SpecialChar ~ 5667\SpecialChar ~ 5668\SpecialChar ~ 5669\SpecialChar ~ 5670\SpecialChar ~ 5671\SpecialChar ~ 5672\SpecialChar ~ 5673\SpecialChar ~ 5674\SpecialChar ~ 5675\SpecialChar ~ 5676\SpecialChar ~ 5677\SpecialChar ~ 5678; subtract the stack top from 5679\layout Standard 5680 5681 5682\family typewriter 5683\size footnotesize 5684\SpecialChar ~ 5685\SpecialChar ~ 5686\SpecialChar ~ 5687\SpecialChar ~ 5688\SpecialChar ~ 5689\SpecialChar ~ 5690\SpecialChar ~ 5691\SpecialChar ~ 5692\SpecialChar ~ 5693\SpecialChar ~ 5694\SpecialChar ~ 5695\SpecialChar ~ 5696\SpecialChar ~ 5697\SpecialChar ~ 5698\SpecialChar ~ 5699\SpecialChar ~ 5700\SpecialChar ~ 5701\SpecialChar ~ 5702\SpecialChar ~ 5703\SpecialChar ~ 5704\SpecialChar ~ 5705\SpecialChar ~ 5706\SpecialChar ~ 5707\SpecialChar ~ 5708\SpecialChar ~ 5709\SpecialChar ~ 5710\SpecialChar ~ 5711\SpecialChar ~ 5712\SpecialChar ~ 5713\SpecialChar ~ 5714\SpecialChar ~ 5715\SpecialChar ~ 5716\SpecialChar ~ 5717\SpecialChar ~ 5718\SpecialChar ~ 5719; the stack next-to-top which becomes 5720\layout Standard 5721 5722 5723\family typewriter 5724\size footnotesize 5725\SpecialChar ~ 5726\SpecialChar ~ 5727\SpecialChar ~ 5728\SpecialChar ~ 5729\SpecialChar ~ 5730\SpecialChar ~ 5731\SpecialChar ~ 5732\SpecialChar ~ 5733\SpecialChar ~ 5734\SpecialChar ~ 5735\SpecialChar ~ 5736\SpecialChar ~ 5737\SpecialChar ~ 5738\SpecialChar ~ 5739\SpecialChar ~ 5740\SpecialChar ~ 5741\SpecialChar ~ 5742\SpecialChar ~ 5743\SpecialChar ~ 5744\SpecialChar ~ 5745\SpecialChar ~ 5746\SpecialChar ~ 5747\SpecialChar ~ 5748\SpecialChar ~ 5749\SpecialChar ~ 5750\SpecialChar ~ 5751\SpecialChar ~ 5752\SpecialChar ~ 5753\SpecialChar ~ 5754\SpecialChar ~ 5755\SpecialChar ~ 5756\SpecialChar ~ 5757\SpecialChar ~ 5758\SpecialChar ~ 5759\SpecialChar ~ 5760; the new stack top 5761\layout Standard 5762 5763 5764\family typewriter 5765\size footnotesize 576612:\SpecialChar ~ 5767invokestatic Faculty.fac (I)I\SpecialChar ~ 5768\SpecialChar ~ 5769; call method fac recursively, 5770\layout Standard 5771 5772 5773\family typewriter 5774\size footnotesize 5775\SpecialChar ~ 5776\SpecialChar ~ 5777\SpecialChar ~ 5778\SpecialChar ~ 5779\SpecialChar ~ 5780\SpecialChar ~ 5781\SpecialChar ~ 5782\SpecialChar ~ 5783\SpecialChar ~ 5784\SpecialChar ~ 5785\SpecialChar ~ 5786\SpecialChar ~ 5787\SpecialChar ~ 5788\SpecialChar ~ 5789\SpecialChar ~ 5790\SpecialChar ~ 5791\SpecialChar ~ 5792\SpecialChar ~ 5793\SpecialChar ~ 5794\SpecialChar ~ 5795\SpecialChar ~ 5796\SpecialChar ~ 5797\SpecialChar ~ 5798\SpecialChar ~ 5799\SpecialChar ~ 5800\SpecialChar ~ 5801\SpecialChar ~ 5802\SpecialChar ~ 5803\SpecialChar ~ 5804\SpecialChar ~ 5805\SpecialChar ~ 5806\SpecialChar ~ 5807\SpecialChar ~ 5808\SpecialChar ~ 5809\SpecialChar ~ 5810; the new invocation 5811\layout Standard 5812 5813 5814\family typewriter 5815\size footnotesize 5816\SpecialChar ~ 5817\SpecialChar ~ 5818\SpecialChar ~ 5819\SpecialChar ~ 5820\SpecialChar ~ 5821\SpecialChar ~ 5822\SpecialChar ~ 5823\SpecialChar ~ 5824\SpecialChar ~ 5825\SpecialChar ~ 5826\SpecialChar ~ 5827\SpecialChar ~ 5828\SpecialChar ~ 5829\SpecialChar ~ 5830\SpecialChar ~ 5831\SpecialChar ~ 5832\SpecialChar ~ 5833\SpecialChar ~ 5834\SpecialChar ~ 5835\SpecialChar ~ 5836\SpecialChar ~ 5837\SpecialChar ~ 5838\SpecialChar ~ 5839\SpecialChar ~ 5840\SpecialChar ~ 5841\SpecialChar ~ 5842\SpecialChar ~ 5843\SpecialChar ~ 5844\SpecialChar ~ 5845\SpecialChar ~ 5846\SpecialChar ~ 5847\SpecialChar ~ 5848\SpecialChar ~ 5849\SpecialChar ~ 5850\SpecialChar ~ 5851; instance's argument is the stack top 5852\layout Standard 5853 5854 5855\family typewriter 5856\size footnotesize 585715:\SpecialChar ~ 5858imul\SpecialChar ~ 5859\SpecialChar ~ 5860\SpecialChar ~ 5861\SpecialChar ~ 5862\SpecialChar ~ 5863\SpecialChar ~ 5864\SpecialChar ~ 5865\SpecialChar ~ 5866\SpecialChar ~ 5867\SpecialChar ~ 5868\SpecialChar ~ 5869\SpecialChar ~ 5870\SpecialChar ~ 5871\SpecialChar ~ 5872\SpecialChar ~ 5873\SpecialChar ~ 5874\SpecialChar ~ 5875\SpecialChar ~ 5876\SpecialChar ~ 5877\SpecialChar ~ 5878\SpecialChar ~ 5879\SpecialChar ~ 5880\SpecialChar ~ 5881\SpecialChar ~ 5882\SpecialChar ~ 5883\SpecialChar ~ 5884\SpecialChar ~ 5885; multiply the return value with the 5886\layout Standard 5887 5888 5889\family typewriter 5890\size footnotesize 5891\SpecialChar ~ 5892\SpecialChar ~ 5893\SpecialChar ~ 5894\SpecialChar ~ 5895\SpecialChar ~ 5896\SpecialChar ~ 5897\SpecialChar ~ 5898\SpecialChar ~ 5899\SpecialChar ~ 5900\SpecialChar ~ 5901\SpecialChar ~ 5902\SpecialChar ~ 5903\SpecialChar ~ 5904\SpecialChar ~ 5905\SpecialChar ~ 5906\SpecialChar ~ 5907\SpecialChar ~ 5908\SpecialChar ~ 5909\SpecialChar ~ 5910\SpecialChar ~ 5911\SpecialChar ~ 5912\SpecialChar ~ 5913\SpecialChar ~ 5914\SpecialChar ~ 5915\SpecialChar ~ 5916\SpecialChar ~ 5917\SpecialChar ~ 5918\SpecialChar ~ 5919\SpecialChar ~ 5920\SpecialChar ~ 5921\SpecialChar ~ 5922\SpecialChar ~ 5923\SpecialChar ~ 5924\SpecialChar ~ 5925\SpecialChar ~ 5926; argument given to the current 5927\layout Standard 5928 5929 5930\family typewriter 5931\size footnotesize 5932\SpecialChar ~ 5933\SpecialChar ~ 5934\SpecialChar ~ 5935\SpecialChar ~ 5936\SpecialChar ~ 5937\SpecialChar ~ 5938\SpecialChar ~ 5939\SpecialChar ~ 5940\SpecialChar ~ 5941\SpecialChar ~ 5942\SpecialChar ~ 5943\SpecialChar ~ 5944\SpecialChar ~ 5945\SpecialChar ~ 5946\SpecialChar ~ 5947\SpecialChar ~ 5948\SpecialChar ~ 5949\SpecialChar ~ 5950\SpecialChar ~ 5951\SpecialChar ~ 5952\SpecialChar ~ 5953\SpecialChar ~ 5954\SpecialChar ~ 5955\SpecialChar ~ 5956\SpecialChar ~ 5957\SpecialChar ~ 5958\SpecialChar ~ 5959\SpecialChar ~ 5960\SpecialChar ~ 5961\SpecialChar ~ 5962\SpecialChar ~ 5963\SpecialChar ~ 5964\SpecialChar ~ 5965\SpecialChar ~ 5966\SpecialChar ~ 5967; invocation instance 5968\layout Standard 5969 5970 5971\family typewriter 5972\size footnotesize 597316:\SpecialChar ~ 5974ireturn\SpecialChar ~ 5975\SpecialChar ~ 5976\SpecialChar ~ 5977\SpecialChar ~ 5978\SpecialChar ~ 5979\SpecialChar ~ 5980\SpecialChar ~ 5981\SpecialChar ~ 5982\SpecialChar ~ 5983\SpecialChar ~ 5984\SpecialChar ~ 5985\SpecialChar ~ 5986\SpecialChar ~ 5987\SpecialChar ~ 5988\SpecialChar ~ 5989\SpecialChar ~ 5990\SpecialChar ~ 5991\SpecialChar ~ 5992\SpecialChar ~ 5993\SpecialChar ~ 5994\SpecialChar ~ 5995\SpecialChar ~ 5996\SpecialChar ~ 5997\SpecialChar ~ 5998; return value on top of the 5999\layout Standard 6000 6001 6002\family typewriter 6003\size footnotesize 6004\SpecialChar ~ 6005\SpecialChar ~ 6006\SpecialChar ~ 6007\SpecialChar ~ 6008\SpecialChar ~ 6009\SpecialChar ~ 6010\SpecialChar ~ 6011\SpecialChar ~ 6012\SpecialChar ~ 6013\SpecialChar ~ 6014\SpecialChar ~ 6015\SpecialChar ~ 6016\SpecialChar ~ 6017\SpecialChar ~ 6018\SpecialChar ~ 6019\SpecialChar ~ 6020\SpecialChar ~ 6021\SpecialChar ~ 6022\SpecialChar ~ 6023\SpecialChar ~ 6024\SpecialChar ~ 6025\SpecialChar ~ 6026\SpecialChar ~ 6027\SpecialChar ~ 6028\SpecialChar ~ 6029\SpecialChar ~ 6030\SpecialChar ~ 6031\SpecialChar ~ 6032\SpecialChar ~ 6033\SpecialChar ~ 6034\SpecialChar ~ 6035\SpecialChar ~ 6036\SpecialChar ~ 6037\SpecialChar ~ 6038\SpecialChar ~ 6039; stack to the invoking method 6040\end_float 6041\layout Chapter 6042 6043 6044\begin_inset LatexCommand \label{SpecPasses} 6045 6046\end_inset 6047 6048Specification of the Verification Passes 6049\layout Standard 6050 6051Sun describes a four-pass class file verifier in The Java Virtual Machine 6052 Specification, Second Edition 6053\begin_inset LatexCommand \cite{vmspec2} 6054 6055\end_inset 6056 6057. 6058 It is not necessary to implement the verification algorithms literally; 6059 and it is not possible anyway (see section 6060\begin_inset LatexCommand \ref{SpecSubroutines} 6061 6062\end_inset 6063 6064). 6065 However, implementing a verifier with a multiple-pass architecture makes 6066 sense. 6067 It is a good thing to stay close to the specification because it is well-known 6068 throughout the bytecode engineering community. 6069 Also, the boundaries between the passes are not arbitrary. 6070 They are drawn to improve the performance of the verifiers built into JVMs. 6071 For example, classes are not verified (completely) before they are actually 6072 used but they are loaded as soon as they are referenced in a certain way. 6073 Most verifiers use the traditional multiple-pass architecture, including 6074 Kimera 6075\begin_inset LatexCommand \cite{Kimera-WWW} 6076 6077\end_inset 6078 6079. 6080 Work in other directions (for instance, the one-pass-architecture proposed 6081 by Fong 6082\begin_inset LatexCommand \cite{Fong-WWW} 6083 6084\end_inset 6085 6086) did not yield lasting results. 6087\layout Standard 6088 6089Pass one is basically about loading a class file into the JVM in a sane 6090 way and pass two verifies that the loaded class file information is consistent. 6091 Pass three verifies that the program code is well-behaved; pass four verifies 6092 things that conceptually belong to pass three but are delayed to the run-time 6093 for performance reasons. 6094\layout Standard 6095 6096Sometimes implementation details are discussed in this chapter. 6097 Whenever the specification 6098\begin_inset LatexCommand \cite{vmspec2} 6099 6100\end_inset 6101 6102 was ambigous about some issue, the behaviour of Sun's JVM implementations 6103 was observed. 6104 The discussed details are part of the specification of the JustIce verifier. 6105\layout Section 6106 6107 6108\begin_inset LatexCommand \label{PassOneSpec} 6109 6110\end_inset 6111 6112Pass One 6113\layout Standard 6114 6115The first pass of the verifier is only vaguely specified. 6116 It is there to assure a class file 6117\begin_inset Quotes eld 6118\end_inset 6119 6120 6121\series bold 6122has the basic format of a class file. 6123 The first four bytes must contain the right magic number. 6124 All recognized attributes must be of the proper length. 6125 The class file must not be truncated or have any extra bytes at the end. 6126 The constant pool must not contain any superficially unrecognizable information 6127\series default 6128 6129\begin_inset Quotes erd 6130\end_inset 6131 6132 ( 6133\begin_inset LatexCommand \cite{vmspec2} 6134 6135\end_inset 6136 6137, page 141). 6138\layout Standard 6139 6140The right magic number is 0xCAFEBABE ( 6141\begin_inset LatexCommand \cite{vmspec2} 6142 6143\end_inset 6144 6145, page 94), which is easy to assure. 6146\layout Standard 6147 6148It is not clear what 6149\begin_inset Quotes eld 6150\end_inset 6151 6152superficially unrecognizable information 6153\begin_inset Quotes erd 6154\end_inset 6155 6156 exactly is, however. 6157 If an attribute is not known to the JVM (or verifier) implementation, it 6158 has to be ignored -- so this does not seem to be 6159\begin_inset Quotes eld 6160\end_inset 6161 6162superficially unrecognizable information 6163\begin_inset Quotes erd 6164\end_inset 6165 6166. 6167 Attributes that are not used cannot be detected in pass one. 6168 One would have to look at the bytecodes to decide whether an attribute 6169 is used or not (which is not the domain of pass one, but of pass three). 6170\layout Standard 6171 6172Observations show that most existing JVM verifiers 6173\begin_float footnote 6174\layout Standard 6175 6176An example of a verifier with this behaviour is the one implemented in Sun's 6177 Solaris port of the JVM, version 1.3.0_01. 6178\end_float 6179 ignore 6180\begin_inset Quotes eld 6181\end_inset 6182 6183extra bytes at the end 6184\begin_inset Quotes erd 6185\end_inset 6186 6187 instead of rejecting class files bearing them. 6188\layout Standard 6189 6190The other two statements specify verification of the class file structure 6191 (and the structure of the attributes therein). 6192 But this is also the domain of pass two! Only by inspecting the way the 6193 JVM 6194\emph on 6195loads 6196\emph default 6197, 6198\emph on 6199resolves 6200\emph default 6201 and 6202\emph on 6203prepares 6204\emph default 6205 classes one will understand the precise boundary between verification passes 6206 one and two 6207\begin_inset LatexCommand \cite{Fong-WWW} 6208 6209\end_inset 6210 6211. 6212\layout Standard 6213 6214'Being careful when loading a class file' is a good definition for pass 6215 one: the structure of the file to load is untrusted. 6216 Every implicit statement such as 6217\begin_inset Quotes eld 6218\end_inset 6219 6220this attribute has a length of 1234 bytes in total 6221\begin_inset Quotes erd 6222\end_inset 6223 6224 is validated. 6225\layout Standard 6226 6227 6228\emph on 6229Resolution 6230\emph default 6231 is the transformation of a symbolic reference to an actual reference -- 6232 i.e., as long as there is only a symbolic reference to an entity, this entity 6233 cannot be verified at all because it has not been loaded yet. 6234 Passes two and three are performed during the 6235\emph on 6236resolution 6237\emph default 6238 of a class file; while loading of the class file --pass one-- must have 6239 been performed before. 6240 6241\emph on 6242Resolution 6243\emph default 6244 as such is meaningless to JustIce; the term is only used to draw the borders 6245 between the verification passes. 6246\layout Section 6247 6248 6249\begin_inset LatexCommand \label{SpecPassTwo} 6250 6251\end_inset 6252 6253Pass Two 6254\layout Standard 6255 6256The checks performed in pass two enforce that the following constraints 6257 are satisfied. 6258\layout Itemize 6259 6260Ensuring that final classes are not subclassed and that final methods are 6261 not overridden. 6262\layout Itemize 6263 6264Checking that every class (except 6265\family typewriter 6266java.lang.Object 6267\family default 6268) has a direct superclass. 6269\layout Itemize 6270 6271Ensuring that the constant pool satisfies the documented static constraints: 6272 for example, that each 6273\family typewriter 6274CONSTANT_Class_info 6275\family default 6276 structure in the constant pool contains in its 6277\family typewriter 6278name_index 6279\family default 6280 item a valid constant pool index for a 6281\family typewriter 6282CONSTANT_Utf8_info 6283\family default 6284 structure. 6285\layout Itemize 6286 6287Checking that all field references and method references in the constant 6288 pool have valid names, valid classes, and a valid type descriptor. 6289\layout Standard 6290 6291As Frank Yellin puts it 6292\begin_inset LatexCommand \cite{Yellin-WWW} 6293 6294\end_inset 6295 6296: pass two 6297\begin_inset Quotes eld 6298\end_inset 6299 6300performs all verification that can be performed without looking at the bytecodes 6301\begin_inset Quotes erd 6302\end_inset 6303 6304. 6305 Also, 6306\begin_inset Quotes eld 6307\end_inset 6308 6309this pass does not actually check to make sure that the given field or method 6310 really exists in the given class; nor does it check that the type signatures 6311 given refer to real classes. 6312\begin_inset Quotes erd 6313\end_inset 6314 6315 Note that again 6316\emph on 6317resolution 6318\emph default 6319 plays an important role to create the boundary between two passes; here 6320 it is the boundary between pass two and pass three. 6321 Because linking-time verification enhances the performance of the JVM, 6322 checks that basically belong to pass two are delayed to pass three. 6323 This leads to the obvious contradiction in the sentences cited above. 6324\layout Standard 6325 6326This performance enhancement has an ugly side effect. 6327 Consider a reference to a method m contained in a class file C that does 6328 not exist. 6329 As long as this reference is not 6330\emph on 6331used 6332\emph default 6333, i.e., 6334\emph on 6335resolved 6336\emph default 6337, the absence of C cannot be detected. 6338 Such a reference should in the author's opinion regarded as 6339\begin_inset Quotes eld 6340\end_inset 6341 6342superficially unrecognizable information 6343\begin_inset Quotes erd 6344\end_inset 6345 6346 (see section 6347\begin_inset LatexCommand \ref{PassOneSpec} 6348 6349\end_inset 6350 6351) and therefore be detected. 6352\layout Standard 6353 6354This pass has to verify the integrity of the clas file's data structures 6355 as explained in section 6356\begin_inset LatexCommand \ref{Classfile Structure} 6357 6358\end_inset 6359 6360. 6361 As an example, consider the Line\SpecialChar \- 6362Number\SpecialChar \- 6363Table atribute. 6364 Sun did not specify there has to be exactly one 6365\family typewriter 6366Line\SpecialChar \- 6367Number\SpecialChar \- 6368Table 6369\family default 6370 attribute (or none at all) per method, so possibly there is more than one 6371 attribute of that kind. 6372 This lax specification is not necessary due to the fact that you can put 6373 all information in a single 6374\family typewriter 6375Line\SpecialChar \- 6376Number\SpecialChar \- 6377Table_attri\SpecialChar \- 6378bute 6379\begin_float footnote 6380\layout Standard 6381 6382Any number of 6383\family typewriter 6384line_number_table 6385\family default 6386array entries fits nicely in a single 6387\family typewriter 6388LineNumberTable_attribute 6389\family default 6390 attribute. 6391\end_float 6392, but Sun did specify it this way ( 6393\begin_inset LatexCommand \cite{vmspec2} 6394 6395\end_inset 6396 6397, page 129). 6398\layout Standard 6399 6400Verifiers are requested to reject class files with inconsistent information 6401 in their attributes. 6402 However, here it may be that only by looking at all 6403\family typewriter 6404Line\SpecialChar \- 6405Number\SpecialChar \- 6406Table_attribute 6407\family default 6408s of a method, an inconsistency can be detected. 6409 JustIce does so and rejects class files with inconsistent 6410\family typewriter 6411Line\SpecialChar \- 6412Number\SpecialChar \- 6413Table 6414\family default 6415 information. 6416\layout Standard 6417 6418Furthermore, it issues warnings if such an attribute is detected at all 6419 to discourage its use (see section 6420\begin_inset LatexCommand \ref{Pass2Impl} 6421 6422\end_inset 6423 6424). 6425 This is done because of possible different interpretations of the specification. 6426\layout Standard 6427 6428It should be noted that the use of attributes raises a few more problems 6429 to class file verification. 6430 A simple case is the presence of an unknown attribute that may safely be 6431 ignored. 6432 It is explicitly stated that such a class file must not be rejected. 6433 On the other hand, how should a verifier react if --for example-- a 6434\family typewriter 6435field_info 6436\family default 6437 (see section 6438\begin_inset LatexCommand \ref{Fields} 6439 6440\end_inset 6441 6442) structure encloses a 6443\family typewriter 6444Code_attribute 6445\family default 6446? JustIce will issue a warning but not reject the class file. 6447\layout Section 6448 6449 6450\begin_inset LatexCommand \label{Pass3Spec} 6451 6452\end_inset 6453 6454Pass Three 6455\layout Standard 6456 6457Performing pass three basically means 6458\emph on 6459verifying the bytecode 6460\emph default 6461. 6462 There are so-called 6463\begin_inset Quotes eld 6464\end_inset 6465 6466static constraints 6467\begin_inset Quotes erd 6468\end_inset 6469 6470 on both the instructions in the code array and their operands. 6471 There are also so-called 6472\begin_inset Quotes eld 6473\end_inset 6474 6475structural constraints 6476\begin_inset Quotes erd 6477\end_inset 6478 6479. 6480 The structural constraints specify constraints on relationships between 6481 JVM instructions, so some people (including the author) regard 6482\begin_inset Quotes eld 6483\end_inset 6484 6485structural constraints 6486\begin_inset Quotes erd 6487\end_inset 6488 6489 as a misnomer; they should be called 6490\begin_inset Quotes eld 6491\end_inset 6492 6493dynamic constraints 6494\begin_inset Quotes erd 6495\end_inset 6496 6497. 6498\layout Standard 6499 6500Static constraints are easily enforced using very simple checks. 6501 Here is an example for such a check: let there be a 6502\family typewriter 6503Code 6504\family default 6505 (see section 6506\begin_inset LatexCommand \ref{CodeAttribute} 6507 6508\end_inset 6509 6510) attribute with a 6511\family typewriter 6512max_locals 6513\family default 6514 value of 2. 6515 Only local variables number 0 and 1 may be accessed by the bytecode in 6516 this 6517\family typewriter 6518Code 6519\family default 6520 attribute. 6521 For all instructions accessing local variables, make sure they do not access 6522 any other local variable. 6523\layout Standard 6524 6525Structural constraints are enforced using an algorithm sketched by Sun; 6526 it implements a symbolic execution of a method's code, by means of data 6527 flow analysis including type inference ( 6528\begin_inset LatexCommand \cite{vmspec2} 6529 6530\end_inset 6531 6532, pages 143-151). 6533 This algorithm is called the 6534\emph on 6535data flow analyzer. 6536 6537\emph default 6538 It is intuitively easy to understand, but it is hard to prove its correctness. 6539 The reason for that is the very weak specification of its subtleties; especiall 6540y 6541\emph on 6542subroutines 6543\emph default 6544, 6545\emph on 6546wide date types 6547\emph default 6548 and 6549\emph on 6550object initialization 6551\emph default 6552 (see below). 6553 The general approach, however, is sound 6554\begin_inset LatexCommand \cite{BCV-Soundness} 6555 6556\end_inset 6557 6558. 6559 Here is an example for a structural constraint enforced by this algorithm: 6560 during program execution, at any given point in the program the operand 6561 stack is always of the same height, no matter which code path was taken 6562 to reach that point. 6563 6564\layout Standard 6565 6566Pass three is the core of the verifier. 6567 Note that we will split this pass up into two passes, namely a pass verifying 6568 the static constraints and a pass verifying the structural constraints 6569 of a method's code. 6570 We will call these passes 6571\begin_inset Quotes eld 6572\end_inset 6573 6574pass 3a 6575\begin_inset Quotes erd 6576\end_inset 6577 6578 and 6579\begin_inset Quotes eld 6580\end_inset 6581 6582pass 3b 6583\begin_inset Quotes erd 6584\end_inset 6585 6586. 6587 In a way, they resemble pass one and pass two: the former pass carefully 6588 parses an entity, while the latter pass performs additional verification. 6589 6590\layout Standard 6591 6592By defining pass four, the specification 6593\begin_inset LatexCommand \cite{vmspec2} 6594 6595\end_inset 6596 6597 implicitly excludes 6598\begin_inset Quotes eld 6599\end_inset 6600 6601certain tests that could in principle be performed in Pass 3 6602\begin_inset Quotes erd 6603\end_inset 6604 6605, because they are 6606\begin_inset Quotes eld 6607\end_inset 6608 6609delayed until the first time the code for the method is actually invoked 6610\begin_inset Quotes erd 6611\end_inset 6612 6613. 6614 On the other hand, verifiers are allowed to perform pass four partially 6615 or completely as a part of pass three. 6616 JustIce performs the pass four checks in pass 3a. 6617\layout Subsection 6618 6619Static Constraints: Pass 3a 6620\layout Standard 6621 6622Sun gives examples of what the verifier does before starting the data flow 6623 analyzer ( 6624\begin_inset LatexCommand \cite{vmspec2} 6625 6626\end_inset 6627 6628, pages 143-144): 6629\layout Itemize 6630\pextra_type 1 \pextra_width 10mm 6631 6632 6633\series bold 6634Branches must be within the bounds of the code array for the method. 6635\layout Itemize 6636\pextra_type 1 \pextra_width 10mm 6637 6638 6639\series bold 6640The targets of all control-flow instructions are each the start of an instructio 6641n. 6642 In the case of a 6643\latex latex 6644 6645\backslash 6646texttt{wide} 6647\latex default 6648 instruction the 6649\latex latex 6650 6651\backslash 6652texttt{wide} 6653\latex default 6654opcode is considered the start of the instruction, and the opcode giving 6655 the operation modified by that 6656\latex latex 6657 6658\backslash 6659texttt{wide} 6660\latex default 6661 instruction is not considered to start an instruction. 6662 Branches into the middle of an instruction are disallowed. 6663\layout Itemize 6664\pextra_type 1 \pextra_width 10mm 6665 6666 6667\series bold 6668No instruction can access or modify a local variable at an index greater 6669 than or equal to the number of local variables that its method indicates 6670 it allocates. 6671\layout Itemize 6672\pextra_type 1 \pextra_width 10mm 6673 6674 6675\series bold 6676All references to the constant pool must be an entry of the appropriate 6677 type. 6678 For example: the instruction 6679\latex latex 6680 6681\backslash 6682texttt{ldc} 6683\latex default 6684 can be used only for data of type int or float or for instances of class 6685 String; the instruction 6686\latex latex 6687 6688\backslash 6689texttt{getfield} 6690\latex default 6691 must reference a field. 6692\layout Itemize 6693\pextra_type 1 \pextra_width 10mm 6694 6695 6696\series bold 6697The code does not end in the middle of an instruction. 6698\layout Itemize 6699\pextra_type 1 \pextra_width 10mm 6700 6701 6702\series bold 6703Execution cannot fall off the end of the code. 6704\layout Itemize 6705\pextra_type 1 \pextra_width 10mm 6706 6707 6708\series bold 6709For each exception handler, the starting and ending point of the code protected 6710 by the handler must be at the beginning of an instruction or, in the case 6711 of the ending point, immediately past the end of the code. 6712 The starting point must be before the ending point. 6713 The exception handler code must start at a valid instruction, and it may 6714 not start at an opcode being modified by the 6715\latex latex 6716 6717\backslash 6718texttt{wide} 6719\latex default 6720 instruction. 6721\layout Standard 6722 6723Most of these constraints are either static constraints on instructions 6724 or on their operands. 6725 A full list of constraints can be found in the Java Virtual Machine Specificati 6726on, Second Edition ( 6727\begin_inset LatexCommand \cite{vmspec2} 6728 6729\end_inset 6730 6731, pages 133-137). 6732\layout Standard 6733 6734The check for execution falling off the end of the code is an exception: 6735 this is a structural constraint and should therefore be performed in pass 6736 3b. 6737 Sun's verifiers, however, reject code that has an unreachable 6738\latex latex 6739 6740\backslash 6741texttt{nop} 6742\latex default 6743at the end of the code array. 6744 Obviously, they reject the code before performing data flow analysis. 6745 For the sake of compatibility, JustIce performs this check in pass 3a. 6746\layout Standard 6747 6748Note that the JVM's instructions differ in length. 6749 Some instructions occupy only one byte (such as 6750\family typewriter 6751nop 6752\family default 6753), others occupy three bytes (such as 6754\family typewriter 6755goto 6756\family default 6757). 6758 Branch instructions could therefore target operands of instructions. 6759 For example, line 1 of algorithm 6760\begin_inset LatexCommand \ref{facjavabytecode} 6761 6762\end_inset 6763 6764 reads 6765\begin_inset Quotes eld 6766\end_inset 6767 6768 6769\family typewriter 67701: ifne #8 6771\family default 6772 6773\begin_inset Quotes erd 6774\end_inset 6775 6776. 6777 If it would read 6778\begin_inset Quotes eld 6779\end_inset 6780 6781 6782\family typewriter 67831: ifne #7 6784\family default 6785 6786\begin_inset Quotes erd 6787\end_inset 6788 6789, this code was malformed. 6790 A special case is the instruction 6791\family typewriter 6792wide 6793\family default 6794. 6795 This instruction takes another instruction 6796\emph on 6797as its operand 6798\emph default 6799, so one could be misguided into thinking this embedded instruction was 6800 a valid target for branches. 6801 It is not. 6802\layout Standard 6803 6804The checks Sun delays until pass four are performed in pass 3a by JustIce. 6805 These are checks to ensure allowed and possible access to a referenced 6806 type, listed below. 6807 6808\layout Itemize 6809 6810Is the type (class or interface) currently under examination allowed to 6811 reference the type 6812\begin_float footnote 6813\layout Standard 6814 6815Interfaces may contain code, this is normally used for static initialization 6816 of 6817\family typewriter 6818final 6819\family default 6820 variables. 6821\end_float 6822? 6823\layout Itemize 6824 6825Does the referenced method or field exist in the given class? 6826\layout Itemize 6827 6828Does the referenced method or field have the indicated descriptor (signature)? 6829\layout Itemize 6830 6831Does the method currently under examination have access to the referenced 6832 method or field? 6833\layout Subsection 6834 6835Structural Constraints: Pass 3b 6836\layout Standard 6837 6838The structural constraints of JVM instructions are enforced by a data flow 6839 analyzer. 6840 This algorithm ensures the following constraints ( 6841\begin_inset LatexCommand \cite{vmspec2} 6842 6843\end_inset 6844 6845, page 142). 6846\layout Itemize 6847\pextra_type 1 \pextra_width 10mm 6848 6849 6850\series bold 6851The operand stack is always the same size and contains the same types of 6852 values. 6853\layout Itemize 6854\pextra_type 1 \pextra_width 10mm 6855 6856 6857\series bold 6858No local variable is accessed unless it is known to contain a value of an 6859 appropriate type. 6860\layout Itemize 6861\pextra_type 1 \pextra_width 10mm 6862 6863 6864\series bold 6865Methods are invoked with the appropriate arguments. 6866\layout Itemize 6867\pextra_type 1 \pextra_width 10mm 6868 6869 6870\series bold 6871Fields are assigned only using values of appropriate types. 6872\layout Itemize 6873\pextra_type 1 \pextra_width 10mm 6874 6875 6876\series bold 6877All opcodes have appropriate type arguments on the operand stack and in 6878 the local variable array. 6879\layout Standard 6880 6881A full list of structural constraints can be found in The Java Virtual Machine 6882 Specification, Second Edition ( 6883\begin_inset LatexCommand \cite{vmspec2} 6884 6885\end_inset 6886 6887, pages 137-139). 6888\layout Subsubsection 6889 6890 6891\begin_inset LatexCommand \label{SunCoreAlgo} 6892 6893\end_inset 6894 6895Sun's Verification Algorithm 6896\layout Standard 6897 6898Sun specifies the data flow analyzer by giving an informal algorithm ( 6899\begin_inset LatexCommand \cite{vmspec2} 6900 6901\end_inset 6902 6903, pages 144-146). 6904 This algorithm it cited here completely because it is the very core of 6905 the verifier. 6906 According to this algorithm, every bytecode instruction has a 6907\begin_inset Quotes eld 6908\end_inset 6909 6910changed 6911\begin_inset Quotes erd 6912\end_inset 6913 6914 bit. 6915 Initially, only the 6916\begin_inset Quotes eld 6917\end_inset 6918 6919changed 6920\begin_inset Quotes erd 6921\end_inset 6922 6923 bit of the first instruction is set. 6924\layout Enumerate 6925\pextra_type 1 \pextra_width 10mm 6926 6927 6928\series bold 6929Select a virtual machine instruction whose "changed" bit is set. 6930 If no instruction remains whose "changed" bit is set, the method has successful 6931ly been verified. 6932 Otherwise, turn off the "changed" bit of the selected instruction. 6933\layout Enumerate 6934\pextra_type 1 \pextra_width 10mm 6935 6936 6937\series bold 6938Model the effect of the instruction on the operand stack and local variable 6939 array by doing the following: 6940\newline 6941 6942\latex latex 6943 6944\backslash 6945textbullet\SpecialChar ~ 6946 6947\latex default 6948If the instruction uses values from the operand stack, ensure that there 6949 are a sufficient number of values on the stack and that the top values 6950 on the stack are of an appropriate type. 6951 Otherwise, verification fails. 6952\newline 6953 6954\latex latex 6955 6956\backslash 6957textbullet\SpecialChar ~ 6958 6959\latex default 6960If the instruction uses a local variable, ensure that the specified local 6961 variable contains a value of the appropriate type. 6962 Otherwise, verification fails. 6963\newline 6964 6965\latex latex 6966 6967\backslash 6968textbullet\SpecialChar ~ 6969 6970\latex default 6971If the instruction pushes values onto the operand stack, ensure that there 6972 is sufficient room on the operand stack for the new values. 6973 Add the indicated types to the top of the modeled operand stack. 6974\newline 6975 6976\latex latex 6977 6978\backslash 6979textbullet\SpecialChar ~ 6980 6981\latex default 6982If the instruction modifies a local variable, record that the local variable 6983 now contains the new type. 6984\layout Enumerate 6985\pextra_type 1 \pextra_width 10mm 6986 6987 6988\series bold 6989Determine the instructions that can follow the current instruction. 6990 Successor instructions can be one of the following: 6991\newline 6992 6993\latex latex 6994 6995\backslash 6996textbullet\SpecialChar ~ 6997 6998\latex default 6999The next instruction, if the current instruction is not an unconditional 7000 control transfer instruction (for instance goto, return, or athrow). 7001 Verification fails if it is possible to "fall off" the last instruction 7002 of the method. 7003\newline 7004 7005\latex latex 7006 7007\backslash 7008textbullet\SpecialChar ~ 7009 7010\latex default 7011The target(s) of a conditional or unconditional branch or switch. 7012\newline 7013 7014\latex latex 7015 7016\backslash 7017textbullet\SpecialChar ~ 7018 7019\latex default 7020Any exception handlers for this instruction. 7021 7022\layout Enumerate 7023\pextra_type 1 \pextra_width 10mm 7024 7025 7026\series bold 7027Merge the state of the operand stack and local variable array at the end 7028 of the execution of the current instruction into each of the successor 7029 instructions. 7030 In the special case of control transfer to an exception handler, the operand 7031 stack is set to contain a single object of the exception type indicated 7032 by the exception handler information. 7033\newline 7034 7035\latex latex 7036 7037\backslash 7038textbullet\SpecialChar ~ 7039 7040\latex default 7041If this is the first time the successor instruction has been visited, record 7042 that the operand stack and local variable values calculated in steps 2 7043 and 3 are the state of the operand stack and local variable array prior 7044 to executing the successor instruction. 7045 Set the "changed" bit for the successor instruction. 7046\newline 7047 7048\latex latex 7049 7050\backslash 7051textbullet\SpecialChar ~ 7052 7053\latex default 7054If the successor instruction has been seen before, merge the operand stack 7055 and local variable values calculated in steps 2 and 3 into the values already 7056 there. 7057 Set the "changed" bit if there is any modification to the values. 7058\layout Enumerate 7059\pextra_type 1 \pextra_width 10mm 7060 7061 7062\series bold 7063Continue at step 1. 7064 7065\layout Standard 7066\pextra_type 1 \pextra_width 10mm 7067 7068 7069\series bold 7070To merge two operand stacks, the number of values on each stack must be 7071 identical. 7072 The types of values on the stacks must also be identical, except that different 7073ly typed reference values may appear at corresponding places on the two 7074 stacks. 7075 In this case, the merged operand stack contains a reference to an instance 7076 of the first common superclass of the two types. 7077 Such a reference type always exists because the type Object is a superclass 7078 of all class and interface types. 7079 If the operand stacks cannot be merged, verification of the method fails. 7080\layout Standard 7081\pextra_type 1 \pextra_width 10mm 7082 7083 7084\series bold 7085To merge two local variable array states, corresponding pairs of local variables 7086 are compared. 7087 If the two types are not identical, then unless both contain reference 7088 values, the verifier records that the local variable contains an unusable 7089 value. 7090 If both of the pair of local variables contain reference values, the merged 7091 state contains a reference to an instance of the first common superclass 7092 of the two types. 7093\layout Standard 7094 7095Certain instructions and data types complicate the data flow analyzer, most 7096 notably the instruction 7097\latex latex 7098 7099\backslash 7100texttt{ret} 7101\latex default 7102 (see section 7103\begin_inset LatexCommand \ref{RetDesc} 7104 7105\end_inset 7106 7107). 7108 The algorithm above even uses a special definition of 7109\emph on 7110merging 7111\emph default 7112 for the 7113\latex latex 7114 7115\backslash 7116texttt{ret} 7117\latex default 7118 instruction (see 7119\begin_inset LatexCommand \cite{vmspec2} 7120 7121\end_inset 7122 7123, page 151). 7124 The 7125\latex latex 7126 7127\backslash 7128texttt{ret} 7129\latex default 7130 instruction is parameterized with a value of type 7131\family typewriter 7132returnaddress 7133\family default 7134 which is read from a local variable and used as a branching target. 7135 The 7136\latex latex 7137 7138\backslash 7139texttt{ret} 7140\latex default 7141 instruction is there to implement a (control flow) return from a 7142\emph on 7143subroutine 7144\emph default 7145. 7146\layout Subsubsection 7147 7148Reachability of Instructions 7149\layout Standard 7150 7151For the data flow analysis algorithm, you need to know all the possible 7152 control flow successors of every instruction, i.e., you need to build a 7153\emph on 7154control flow graph 7155\emph default 7156 (see below). 7157 Without the instructions 7158\latex latex 7159 7160\backslash 7161texttt{jsr} 7162\begin_float footnote 7163\layout Standard 7164 7165Remember, a 7166\latex latex 7167 7168\backslash 7169texttt{jsr} 7170\latex default 7171 or 7172\latex latex 7173 7174\backslash 7175texttt{jsr 7176\backslash 7177_w} 7178\latex default 7179 instruction is an unconditional branch instruction that jumps into a 7180\emph on 7181subroutine 7182\emph default 7183. 7184 Usually a 7185\latex latex 7186 7187\backslash 7188texttt{ret} 7189\latex default 7190 instruction leaves the 7191\emph on 7192subroutine 7193\emph default 7194. 7195\end_float 7196, 7197\latex latex 7198 7199\backslash 7200texttt{jsr 7201\backslash 7202_w} 7203\latex default 7204 and 7205\latex latex 7206 7207\backslash 7208texttt{ret} 7209\latex default 7210 this calculation would be easy. 7211 But to calculate successors of a 7212\latex latex 7213 7214\backslash 7215texttt{ret} 7216\latex default 7217 instruction, you need a complete control flow graph: you need to find out 7218 which 7219\latex latex 7220 7221\backslash 7222texttt{jsr} 7223\latex default 7224 or 7225\latex latex 7226 7227\backslash 7228texttt{jsr 7229\backslash 7230_w} 7231\latex default 7232 and 7233\latex latex 7234 7235\backslash 7236texttt{ret} 7237\latex default 7238 pairs belong together. 7239 Therefore, a cycle of self-dependency is created that has to be broken 7240 somewhere. 7241 This is explained in detail below. 7242\layout Standard 7243 7244This was also an issue that led to the definition of the term 7245\emph on 7246 subroutine 7247\emph default 7248 that JustIce uses. 7249 This definition allows the prediction of a 7250\latex latex 7251 7252\backslash 7253texttt{ret} 7254\latex default 7255 instruction's target without performing control flow analysis. 7256\layout Subsubsection 7257 7258 7259\begin_inset LatexCommand \label{SpecSubroutines} 7260 7261\end_inset 7262 7263Subroutines 7264\layout Standard 7265 7266Subroutines make the verification algorithm extremely difficult. 7267 They are harshly underspecified. 7268 Although 7269\begin_inset Quotes eld 7270\end_inset 7271 7272the Java virtual machine has no guarantee that any file it is asked to load 7273 was generated by that compiler 7274\begin_inset Quotes erd 7275\end_inset 7276 7277, the subroutine specification explains how 7278\emph on 7279javac 7280\emph default 7281transforms 7282\begin_inset Quotes eld 7283\end_inset 7284 7285 7286\latex latex 7287 7288\backslash 7289texttt{try} 7290\latex default 7291/ 7292\latex latex 7293 7294\backslash 7295texttt{catch} 7296\latex default 7297/ 7298\latex latex 7299 7300\backslash 7301texttt{finally} 7302\latex default 7303 7304\begin_inset Quotes erd 7305\end_inset 7306 7307 clauses into subroutines 7308\begin_inset LatexCommand \cite{vmspec2} 7309 7310\end_inset 7311 7312. 7313 Intuitively, one gets the idea that a subroutine starts with some jump 7314 target of a 7315\latex latex 7316 7317\backslash 7318texttt{jsr} 7319\latex default 7320 or 7321\latex latex 7322 7323\backslash 7324texttt{jsr 7325\backslash 7326_w} 7327\latex default 7328 instruction and ends with a 7329\latex latex 7330 7331\backslash 7332texttt{ret} 7333\latex default 7334 instruction. 7335 But the specification fails to correctly specify what subroutines exactly 7336 are at machine instruction level. 7337 Consider algorithm 7338\begin_inset LatexCommand \ref{jsrpopalgo} 7339 7340\end_inset 7341 7342. 7343\layout Standard 7344 7345\begin_float alg 7346\layout Standard 7347 7348 7349\family typewriter 735000 jsr\SpecialChar ~ 735103\SpecialChar ~ 7352\SpecialChar ~ 7353\SpecialChar ~ 7354; Jump to 7355\begin_inset Quotes eld 7356\end_inset 7357 7358subroutine 7359\begin_inset Quotes erd 7360\end_inset 7361 7362 at offset 03; push return 7363\layout Standard 7364 7365 7366\family typewriter 7367\SpecialChar ~ 7368\SpecialChar ~ 7369\SpecialChar ~ 7370\SpecialChar ~ 7371\SpecialChar ~ 7372\SpecialChar ~ 7373\SpecialChar ~ 7374\SpecialChar ~ 7375\SpecialChar ~ 7376\SpecialChar ~ 7377\SpecialChar ~ 7378\SpecialChar ~ 7379; address 03 onto stack. 7380\layout Standard 7381 7382 7383\family typewriter 738403 pop\SpecialChar ~ 7385\SpecialChar ~ 7386\SpecialChar ~ 7387\SpecialChar ~ 7388\SpecialChar ~ 7389\SpecialChar ~ 7390; Pop the return address off the stack. 7391\layout Standard 7392 7393 7394\family typewriter 739504 nop\SpecialChar ~ 7396\SpecialChar ~ 7397\SpecialChar ~ 7398\SpecialChar ~ 7399\SpecialChar ~ 7400\SpecialChar ~ 7401; No operation. 7402\layout Caption 7403 7404 7405\begin_inset LatexCommand \label{jsrpopalgo} 7406 7407\end_inset 7408 7409Is This a Subroutine? 7410\end_float 7411\layout Standard 7412 7413What is this? Is the 7414\emph on 7415NOP 7416\emph default 7417 instruction part of a subroutine or not? Algorithm 7418\begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} 7419 7420\end_inset 7421 7422 shows another example. 7423\layout Standard 7424 7425\begin_float alg 7426\layout Caption 7427 7428 7429\begin_inset LatexCommand \label{OneOrTwoSubroutinesAlgo} 7430 7431\end_inset 7432 7433One or Two Subroutines? 7434\layout Standard 7435 7436 7437\family typewriter 743800 iload_0\SpecialChar ~ 7439\SpecialChar ~ 7440; Load a numerical 0 onto the stack. 7441\layout Standard 7442 7443 7444\family typewriter 744501 jsr\SpecialChar ~ 744605\SpecialChar ~ 7447\SpecialChar ~ 7448\SpecialChar ~ 7449; Jump to "subroutine" at offset 05; push return 7450\layout Standard 7451 7452 7453\family typewriter 7454\SpecialChar ~ 7455\SpecialChar ~ 7456\SpecialChar ~ 7457\SpecialChar ~ 7458\SpecialChar ~ 7459\SpecialChar ~ 7460\SpecialChar ~ 7461\SpecialChar ~ 7462\SpecialChar ~ 7463\SpecialChar ~ 7464\SpecialChar ~ 7465\SpecialChar ~ 7466; address 04 onto stack. 7467\layout Standard 7468 7469 7470\family typewriter 747104 return\SpecialChar ~ 7472\SpecialChar ~ 7473\SpecialChar ~ 7474; Leave the method. 7475\layout Standard 7476 7477 7478\family typewriter 747905 dup\SpecialChar ~ 7480\SpecialChar ~ 7481\SpecialChar ~ 7482\SpecialChar ~ 7483\SpecialChar ~ 7484\SpecialChar ~ 7485; Duplicate the stack's top. 7486\layout Standard 7487 7488 7489\family typewriter 749006 astore\SpecialChar ~ 74910\SpecialChar ~ 7492; Store the return address from the stack into 7493\layout Standard 7494 7495 7496\family typewriter 7497\SpecialChar ~ 7498\SpecialChar ~ 7499\SpecialChar ~ 7500\SpecialChar ~ 7501\SpecialChar ~ 7502\SpecialChar ~ 7503\SpecialChar ~ 7504\SpecialChar ~ 7505\SpecialChar ~ 7506\SpecialChar ~ 7507\SpecialChar ~ 7508\SpecialChar ~ 7509; local variable 0. 7510\layout Standard 7511 7512 7513\family typewriter 751407 astore\SpecialChar ~ 75151\SpecialChar ~ 7516; Store the return address from the stack into 7517\layout Standard 7518 7519 7520\family typewriter 7521\SpecialChar ~ 7522\SpecialChar ~ 7523\SpecialChar ~ 7524\SpecialChar ~ 7525\SpecialChar ~ 7526\SpecialChar ~ 7527\SpecialChar ~ 7528\SpecialChar ~ 7529\SpecialChar ~ 7530\SpecialChar ~ 7531\SpecialChar ~ 7532\SpecialChar ~ 7533; local variable 1. 7534\layout Standard 7535 7536 7537\family typewriter 753808 ifeq\SpecialChar ~ 753912\SpecialChar ~ 7540\SpecialChar ~ 7541; If there is a 0 on top of the stack, jump to 7542\layout Standard 7543 7544 7545\family typewriter 7546\SpecialChar ~ 7547\SpecialChar ~ 7548\SpecialChar ~ 7549\SpecialChar ~ 7550\SpecialChar ~ 7551\SpecialChar ~ 7552\SpecialChar ~ 7553\SpecialChar ~ 7554\SpecialChar ~ 7555\SpecialChar ~ 7556\SpecialChar ~ 7557\SpecialChar ~ 7558; offset 12. 7559\layout Standard 7560 7561 7562\family typewriter 756311 ret\SpecialChar ~ 75640\SpecialChar ~ 7565\SpecialChar ~ 7566\SpecialChar ~ 7567\SpecialChar ~ 7568; Return to offset 4 (because this is in local 7569\layout Standard 7570 7571 7572\family typewriter 7573\SpecialChar ~ 7574\SpecialChar ~ 7575\SpecialChar ~ 7576\SpecialChar ~ 7577\SpecialChar ~ 7578\SpecialChar ~ 7579\SpecialChar ~ 7580\SpecialChar ~ 7581\SpecialChar ~ 7582\SpecialChar ~ 7583\SpecialChar ~ 7584\SpecialChar ~ 7585; variable 0 here). 7586\layout Standard 7587 7588 7589\family typewriter 759012 nop\SpecialChar ~ 7591\SpecialChar ~ 7592\SpecialChar ~ 7593\SpecialChar ~ 7594\SpecialChar ~ 7595\SpecialChar ~ 7596; No operation. 7597\layout Standard 7598 7599 7600\family typewriter 760113 ret\SpecialChar ~ 76021\SpecialChar ~ 7603\SpecialChar ~ 7604\SpecialChar ~ 7605\SpecialChar ~ 7606; Return to offset 4 (because this is in local 7607\layout Standard 7608 7609 7610\family typewriter 7611\SpecialChar ~ 7612\SpecialChar ~ 7613\SpecialChar ~ 7614\SpecialChar ~ 7615\SpecialChar ~ 7616\SpecialChar ~ 7617\SpecialChar ~ 7618\SpecialChar ~ 7619\SpecialChar ~ 7620\SpecialChar ~ 7621\SpecialChar ~ 7622\SpecialChar ~ 7623; variable 1 here). 7624\end_float 7625\layout Standard 7626 7627Do we deal with one subroutine (which is the case if you define subroutines 7628 to start with a 7629\latex latex 7630 7631\backslash 7632texttt{jsr} 7633\latex default 7634 or 7635\latex latex 7636 7637\backslash 7638texttt{jsr 7639\backslash 7640_w} 7641\latex default 7642's target) or are these two subroutines (which is the case if you count 7643 the 7644\latex latex 7645 7646\backslash 7647texttt{ret} 7648\latex default 7649 instructions and believe that there must be exactly one 7650\latex latex 7651 7652\backslash 7653texttt{ret} 7654\latex default 7655 per subroutine)? 7656\layout Standard 7657 7658Recursive calls to subroutines are forbidden by the specification; however, 7659 Sun's verifier implementations are not consequently deciding which recursive 7660 calls to reject 7661\begin_float footnote 7662\layout Standard 7663 7664This was experimentally found by the author and also published in 7665\begin_inset LatexCommand \cite{JBook} 7666 7667\end_inset 7668 7669. 7670\end_float 7671. 7672 This is a failure due to a missing definition of the term 7673\emph on 7674subroutine 7675\emph default 7676. 7677\layout Standard 7678 7679While the first example passes Sun's verifier, the second example is rejected. 7680 The exact definition of the term 7681\emph on 7682subroutine 7683\emph default 7684 cannot be deducted from ther behaviour of Sun's verifier. 7685\layout Standard 7686 7687A new, clean specification had to be defined. 7688 Such a specification can of course not be compatible with the behaviour 7689 of Sun's verifier in all corner cases. 7690\layout Subsubsection 7691 7692 7693\begin_inset LatexCommand \label{Subroutines_Def} 7694 7695\end_inset 7696 7697A Precise Definition of the Term 7698\emph on 7699Subroutine 7700\layout Standard 7701 7702Because Sun --inappropriately-- describes how 7703\emph on 7704javac 7705\emph default 7706 creates subroutines, the definition presented here is based on the observation 7707 of 7708\emph on 7709javac 7710\emph default 7711's behaviour. 7712 This makes the definition compatible with a lot of existing code, but without 7713 violating the validity of far-reaching conclusions earned by exploiting 7714 a clean definition 7715\begin_float footnote 7716\layout Standard 7717 7718Unfortunately, in some rare cases, 7719\emph on 7720javac 7721\emph default 7722 produces code that is incompatible with the constraints related to our 7723 definition of 7724\emph on 7725subroutine 7726\emph default 7727. 7728 However, 7729\emph on 7730javac 7731\emph default 7732 also produces code which is incompatible with Sun's verifier (see section 7733 7734\begin_inset LatexCommand \ref{StaerkJreject} 7735 7736\end_inset 7737 7738). 7739\end_float 7740. 7741 7742\layout Itemize 7743 7744Every instruction of a method is part of exactly one subroutine (or the 7745 top-level). 7746\layout Itemize 7747 7748The first instruction of a subroutine is an 7749\latex latex 7750 7751\backslash 7752texttt{astore N} 7753\latex default 7754 instruction that stores the return address in local variable number 7755\emph on 7756N 7757\emph default 7758. 7759\layout Itemize 7760 7761There must be exactly one 7762\latex latex 7763 7764\backslash 7765texttt{ret} 7766\latex default 7767 instruction per subroutine. 7768 This instruction must work on the local variable 7769\emph on 7770N 7771\emph default 7772; i.e., it is a 7773\latex latex 7774 7775\backslash 7776texttt{ret N} 7777\latex default 7778 instruction. 7779\layout Itemize 7780 7781Subroutines are not protected by exception handlers. 7782\layout Itemize 7783 7784No instruction that is part of a subroutine is the target of an exception 7785 handler. 7786\layout Itemize 7787 7788Subroutines of a subroutine do not access local variable 7789\emph on 7790N 7791\emph default 7792. 7793 A subsubroutine of a subroutine is also considered a subroutine here, in 7794 a recursive sense. 7795\layout Standard 7796 7797As we can see, a subroutine can be characterized by its set of instructions, 7798 the most important instruction being the target of some 7799\latex latex 7800 7801\backslash 7802texttt{jsr} 7803\latex default 7804 or 7805\latex latex 7806 7807\backslash 7808texttt{jsr 7809\backslash 7810_w} 7811\latex default 7812 instruction that is not part of the subroutine itself. 7813 Another important property is the local variable 7814\emph on 7815N 7816\emph default 7817 the 7818\latex latex 7819 7820\backslash 7821texttt{ret} 7822\latex default 7823 instruction is working on. 7824\layout Standard 7825 7826This way, we can make sure subroutines are properly nested, so that JustIce 7827 would reject both the example bytecodes in algorithms 7828\begin_inset LatexCommand \ref{jsrpopalgo} 7829 7830\end_inset 7831 7832 and 7833\begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} 7834 7835\end_inset 7836 7837. 7838\layout Standard 7839 7840The 7841\latex latex 7842 7843\backslash 7844texttt{astore} 7845\latex default 7846 instruction mentioned above is so important because there is no JVM instruction 7847 that can read values of a 7848\latex latex 7849 7850\backslash 7851texttt{returnaddress} 7852\latex default 7853 type from local variables. 7854 After entering a subroutine, the 7855\latex latex 7856 7857\backslash 7858texttt{astore} 7859\latex default 7860 instruction pops the return address off the operand stack and writes it 7861 into local variable number 7862\emph on 7863N 7864\emph default 7865. 7866 Therefore we can be sure it will not be duplicated or deleted as in algorithms 7867 7868\begin_inset LatexCommand \ref{jsrpopalgo} 7869 7870\end_inset 7871 7872 and 7873\begin_inset LatexCommand \ref{OneOrTwoSubroutinesAlgo} 7874 7875\end_inset 7876 7877. 7878\layout Standard 7879 7880The constraints concerning exception handlers are defined to make sure that 7881 we can observe the control flow statically. 7882 If an exception is thrown from within a subroutine, the method simply 7883\begin_inset Quotes eld 7884\end_inset 7885 7886 7887\emph on 7888completes abruptly 7889\emph default 7890 7891\begin_inset Quotes erd 7892\end_inset 7893 7894 ( 7895\begin_inset LatexCommand \cite{vmspec2} 7896 7897\end_inset 7898 7899, page 74). 7900 If we would allow subroutine instructions to be protected by exception 7901 handlers, it would not be clear if the handling instructions are part of 7902 the subroutine or not. 7903\layout Standard 7904 7905We can also derive subsubroutines of subroutines recursively by exploiting 7906 the properly-nested property explained above. 7907\layout Subsubsection 7908 7909The Control Flow Graph 7910\layout Standard 7911 7912A control flow graph is a directed graph with edges that represent possible 7913 branches of control flow. 7914 Similarly, the nodes describe groups of physically adjacent instructions 7915 that have to be executed one after another -- without any possible control 7916 flow branch to another instruction but the physical successor 7917\begin_float footnote 7918\layout Standard 7919 7920More information about control flow graphs can be found in 7921\begin_inset LatexCommand \cite{DragonBook} 7922 7923\end_inset 7924 7925. 7926\end_float 7927. 7928 Figure 7929\begin_inset LatexCommand \ref{convcfg} 7930 7931\end_inset 7932 7933 shows such a control flow graph for algorithm 7934\begin_inset LatexCommand \ref{facjavabytecode} 7935 7936\end_inset 7937 7938, the implementation of the faculty function discussed earlier. 7939\layout Standard 7940 7941\begin_float fig 7942\layout Standard 7943\align center 7944 7945\begin_inset Figure size 595 368 7946file conventcfg.eps 7947width 3 100 7948flags 9 7949 7950\end_inset 7951 7952 7953\layout Caption 7954 7955 7956\begin_inset LatexCommand \label{convcfg} 7957 7958\end_inset 7959 7960A Conventional Control Flow Graph 7961\end_float 7962\layout Standard 7963 7964The JVM defines a sort of control flow orthogonal to the common execution 7965 of instructions, namely, the exception mechanism. 7966 Because every instruction could possibly throw an exception (say, a 7967\family typewriter 7968java.lang.VirtualMachineError 7969\family default 7970) during its execution, the control flow graph calculated by JustIce always 7971 uses only one instruction per node. 7972 This also reflects the original verification algorithm given by Sun Microsystem 7973s. 7974 Figure 7975\begin_inset LatexCommand \ref{justicecfg} 7976 7977\end_inset 7978 7979 shows an example for such a control flow graph. 7980\layout Standard 7981 7982\begin_float fig 7983\layout Standard 7984\align center 7985 7986\begin_inset Figure size 595 473 7987file justicecfg.eps 7988width 3 100 7989flags 9 7990 7991\end_inset 7992 7993 7994\layout Caption 7995 7996 7997\begin_inset LatexCommand \label{justicecfg} 7998 7999\end_inset 8000 8001A Control Flow Graph as Used by JustIce 8002\end_float 8003\layout Standard 8004 8005Instruction nodes are augmented with a data structure that represents the 8006 simulated operand stack and the simulated local variables array. 8007 When running the core verification algorithm, these nodes are put into 8008 a queue which is equivalent to tagging them with a 8009\emph on 8010changed 8011\emph default 8012 bit as Sun describes 8013\begin_float footnote 8014\layout Standard 8015 8016As explained later, JustIce uses a queue that allows duplicates: this is 8017 a slight semantical change. 8018\end_float 8019. 8020\layout Subsubsection 8021 8022Subroutines Revisited: Interplay With the Data Flow Analyzer 8023\layout Standard 8024 8025There is another problem concerning subroutines. 8026 Normally, when merging the type information of two simulated local variables, 8027 the common type is recorded as 8028\emph on 8029unusable 8030\emph default 8031 if the types differ. 8032 This 8033\emph on 8034unusable 8035\emph default 8036 value is then propagated to subsequent instructions to prevent read access. 8037\layout Standard 8038 8039This is not the case with the successors of the 8040\latex latex 8041 8042\backslash 8043texttt{ret} 8044\latex default 8045 instruction. 8046 These successors are physical successors of some 8047\latex latex 8048 8049\backslash 8050texttt{jsr} 8051\latex default 8052 or 8053\latex latex 8054 8055\backslash 8056texttt{jsr 8057\backslash 8058_w} 8059\latex default 8060 instructions. 8061\layout Standard 8062 8063Subroutines are said to be 8064\emph on 8065polymorphic 8066\emph default 8067 with respect to their local variables arrays. 8068 As an example, consider algorithm 8069\begin_inset LatexCommand \ref{lvpolymorphalgo} 8070 8071\end_inset 8072 8073. 8074 This algorithm shows legal JVM code. 8075 In line 11, local variable 0 may contain a value of the 8076\family typewriter 8077integer 8078\family default 8079 or the 8080\family typewriter 8081float 8082\family default 8083 type; depending on the 8084\latex latex 8085 8086\backslash 8087texttt{jsr} 8088\latex default 8089 instruction that entered the subroutine. 8090 Normally, this would cause the verifier to mark local variable 0 as 8091\emph on 8092unusable 8093\emph default 8094and propagate this information. 8095 The successors of the 8096\latex latex 8097 8098\backslash 8099texttt{ret} 8100\latex default 8101 instruction are the instructions in lines 5 and 10. 8102 However, a correct verifier does 8103\emph on 8104not 8105\emph default 8106 mark local variable 0 as 8107\emph on 8108unusable 8109\emph default 8110 for them, because the local variable 0 was not accessed or modified in 8111 the subroutine. 8112\layout Standard 8113 8114\begin_float alg 8115\layout Caption 8116 8117 8118\begin_inset LatexCommand \label{lvpolymorphalgo} 8119 8120\end_inset 8121 8122Local Variables are Polymorphic in Subroutines 8123\layout Standard 8124 8125 8126\family typewriter 81270 : iconst_0\SpecialChar ~ 8128\SpecialChar ~ 8129\SpecialChar ~ 8130; load integer constant 0 onto stack 8131\layout Standard 8132 8133 8134\family typewriter 81351 : istore 0\SpecialChar ~ 8136\SpecialChar ~ 8137\SpecialChar ~ 8138; move it into local variable 0 8139\layout Standard 8140 8141 8142\family typewriter 81432 : jsr 11\SpecialChar ~ 8144\SpecialChar ~ 8145\SpecialChar ~ 8146\SpecialChar ~ 8147\SpecialChar ~ 8148; enter subroutine 8149\layout Standard 8150 8151 8152\family typewriter 81535 : fconst 0.0\SpecialChar ~ 8154; load float constant 0.0 onto stack 8155\layout Standard 8156 8157 8158\family typewriter 81596 : fstore 0\SpecialChar ~ 8160\SpecialChar ~ 8161\SpecialChar ~ 8162; move it into local variable 0 8163\layout Standard 8164 8165 8166\family typewriter 81677 : jsr 11\SpecialChar ~ 8168\SpecialChar ~ 8169\SpecialChar ~ 8170\SpecialChar ~ 8171\SpecialChar ~ 8172; enter subroutine again 8173\layout Standard 8174 8175 8176\family typewriter 817710: return\SpecialChar ~ 8178\SpecialChar ~ 8179\SpecialChar ~ 8180\SpecialChar ~ 8181\SpecialChar ~ 8182; complete method 8183\layout Standard 8184 8185 8186\family typewriter 818711: astore 1\SpecialChar ~ 8188\SpecialChar ~ 8189\SpecialChar ~ 8190; Subroutine entry: move return address 8191\layout Standard 8192 8193 8194\family typewriter 8195\SpecialChar ~ 8196\SpecialChar ~ 8197\SpecialChar ~ 8198\SpecialChar ~ 8199\SpecialChar ~ 8200\SpecialChar ~ 8201\SpecialChar ~ 8202\SpecialChar ~ 8203\SpecialChar ~ 8204\SpecialChar ~ 8205\SpecialChar ~ 8206\SpecialChar ~ 8207\SpecialChar ~ 8208\SpecialChar ~ 8209\SpecialChar ~ 8210; into local variable 1 8211\layout Standard 8212 8213 8214\family typewriter 821512: nop\SpecialChar ~ 8216\SpecialChar ~ 8217\SpecialChar ~ 8218\SpecialChar ~ 8219\SpecialChar ~ 8220\SpecialChar ~ 8221\SpecialChar ~ 8222\SpecialChar ~ 8223; do nothing 8224\layout Standard 8225 8226 8227\family typewriter 822813: ret 1\SpecialChar ~ 8229\SpecialChar ~ 8230\SpecialChar ~ 8231\SpecialChar ~ 8232\SpecialChar ~ 8233\SpecialChar ~ 8234; return from subroutine 8235\end_float 8236\layout Standard 8237 8238Basically, only the local variables accessed in the called subroutine (and 8239 the subroutines called from there, recursively) are merged with the correspondi 8240ng successor of a 8241\latex latex 8242 8243\backslash 8244texttt{ret} 8245\latex default 8246 instruction. 8247 This means that in this special case, three sources are used to construct 8248 the merged array of local variables type information (instead of only two): 8249 the 8250\latex latex 8251 8252\backslash 8253texttt{jsr} 8254\latex default 8255/ 8256\latex latex 8257 8258\backslash 8259texttt{jsr 8260\backslash 8261_w} 8262\latex default 8263 instruction, the 8264\latex latex 8265 8266\backslash 8267texttt{ret} 8268\latex default 8269 instruction and the "old" type information of the 8270\latex latex 8271 8272\backslash 8273texttt{ret} 8274\latex default 8275 instruction's target (which is the physical successor of the 8276\latex latex 8277 8278\backslash 8279texttt{jsr} 8280\latex default 8281/ 8282\latex latex 8283 8284\backslash 8285texttt{jsr 8286\backslash 8287_w} 8288\latex default 8289instruction). 8290\layout Standard 8291 8292One possibility to deal with this situation is 8293\emph on 8294inlining 8295\emph default 8296. 8297 For instance, the verifier of the ElectricalFire JVM 8298\begin_inset LatexCommand \cite{EF} 8299 8300\end_inset 8301 8302 uses this approach: instruction nodes of subroutines are duplicated for 8303 every calling 8304\latex latex 8305 8306\backslash 8307texttt{jsr} 8308\latex default 8309 or 8310\latex latex 8311 8312\backslash 8313texttt{jsr 8314\backslash 8315_w} 8316\latex default 8317 instruction. 8318 This approach is equivalent to the one sketched by Sun (see 8319\begin_inset LatexCommand \cite{vmspec2} 8320 8321\end_inset 8322 8323, page 151). 8324 8325\layout Standard 8326 8327JustIce uses a variant of this approach: instruction nodes are augmented 8328 with sets of local variables arrays. 8329 The local variables array used for merging a 8330\latex latex 8331 8332\backslash 8333texttt{ret} 8334\latex default 8335's type information with the physical successor of some 8336\latex latex 8337 8338\backslash 8339texttt{jsr} 8340\latex default 8341/ 8342\latex latex 8343 8344\backslash 8345texttt{jsr 8346\backslash 8347_w} 8348\latex default 8349 instruction is keyed by that 8350\latex latex 8351 8352\backslash 8353texttt{jsr} 8354\latex default 8355/ 8356\latex latex 8357 8358\backslash 8359texttt{jsr 8360\backslash 8361_w} 8362\latex default 8363 instruction itself. 8364 This still implies a special merging mechanism for the 8365\latex latex 8366 8367\backslash 8368texttt{ret} 8369\latex default 8370 instruction: only the physical successor of one 8371\latex latex 8372 8373\backslash 8374texttt{jsr} 8375\latex default 8376/ 8377\latex latex 8378 8379\backslash 8380texttt{jsr 8381\backslash 8382_w} 8383\latex default 8384 instruction can be merged with the 8385\latex latex 8386 8387\backslash 8388texttt{ret} 8389\latex default 8390 at a time, because other 8391\latex latex 8392 8393\backslash 8394texttt{jsr} 8395\latex default 8396/ 8397\latex latex 8398 8399\backslash 8400texttt{jsr 8401\backslash 8402_w} 8403\latex default 8404 instructions have possibly not been symbolically executed yet and thus 8405 bear no type information at the time of merging. 8406 In this scenario, an instruction in a subroutine plays multiple roles; 8407 one for each occurence of a 8408\latex latex 8409 8410\backslash 8411texttt{jsr} 8412\latex default 8413/ 8414\latex latex 8415 8416\backslash 8417texttt{jsr 8418\backslash 8419_w} 8420\latex default 8421 that is calling the subroutine. 8422 The queue holding the instructions to symbolically execute is therefore 8423 required to allow duplicates. 8424\layout Subsubsection 8425 8426Wide Data Types 8427\layout Standard 8428 8429The types 8430\family typewriter 8431long 8432\family default 8433 and 8434\family typewriter 8435double 8436\family default 8437use two consecutive local variables if written to or read from a local variables 8438 array. 8439 Similarly, they use two operand stack slots. 8440 This makes type verification a bit more difficult because of subtle special 8441 cases. 8442 For example, when a method uses three local variables at maximum (local 8443 variables 0, 1 and 2), the code is not allowed to store a 8444\family typewriter 8445double 8446\family default 8447 value in local variable 2 (because local variable 3 would have to be occupied, 8448 too). 8449\layout Subsubsection 8450 8451Instance Initialization and Newly Created Objects 8452\layout Standard 8453 8454It would be difficult to verify that a newly created instance is initialized 8455 exactly once, given all possible paths of execution flow in a method. 8456 Fortunately (from a verifier implementor's view), Sun puts constraints 8457 on object initialization that match the behaviour of the verifier --- instead 8458 of putting sane constraints on object initialization and actually verifying 8459 them. 8460\layout Standard 8461 8462 8463\begin_inset Quotes eld 8464\end_inset 8465 8466A valid instruction sequence must not have an uninitialized object on the 8467 operand stack or in a local variable during a backwards branch [\SpecialChar \ldots{} 8468]. 8469 Otherwise, a devious piece of code might fool the verifier into thinking 8470 it had initialized a class instance when it had, in fact, initialized a 8471 class instance created in a previous pass through a loop 8472\begin_inset Quotes erd 8473\end_inset 8474 8475 ( 8476\begin_inset LatexCommand \cite{vmspec2} 8477 8478\end_inset 8479 8480, page 148). 8481\layout Section 8482 8483 8484\begin_inset LatexCommand \label{Pass4Spec} 8485 8486\end_inset 8487 8488Pass Four 8489\layout Standard 8490 8491Pass four performs 8492\begin_inset Quotes eld 8493\end_inset 8494 8495certain tests that could in principle be performed in Pass 3 8496\begin_inset Quotes erd 8497\end_inset 8498 8499 ( 8500\begin_inset LatexCommand \cite{vmspec2} 8501 8502\end_inset 8503 8504, page 142). 8505 These tests are usually delayed by JVM implementations until run-time, 8506 because they possibly trigger the loading of referenced class file definitions. 8507 This is a performance enhancement. 8508 However, 8509\begin_inset Quotes eld 8510\end_inset 8511 8512A Java virtual machine implementation is allowed to perform any or all of 8513 the Pass 4 steps as part of Pass 3 8514\begin_inset Quotes erd 8515\end_inset 8516 8517 ( 8518\begin_inset LatexCommand \cite{vmspec2} 8519 8520\end_inset 8521 8522, page 143). 8523 The tests 8524\layout Itemize 8525 8526ensure that the referenced method or field exists in the given class 8527\layout Itemize 8528 8529check that the referenced method or field has the indicated descriptor (signatur 8530e) 8531\layout Itemize 8532 8533check that the currently executing method has access to the referenced method 8534 or field. 8535\layout Standard 8536 8537JustIce has no run-time system and so the tests of pass four are performed 8538 in pass 3a. 8539\layout Standard 8540 8541There are tests that have to be performed at run-time: for example, if an 8542 object referenced by an object reference on top of the operand stack implements 8543 a certain interface or not 8544\begin_inset LatexCommand \cite{Fong2-WWW} 8545 8546\end_inset 8547 8548. 8549 These are not considered part of the pass four verification. 8550\layout Chapter 8551 8552Implementation of the Verification Passes 8553\layout Standard 8554 8555Occasionally, the behaviour of other verifier implementations was explained 8556 in section 8557\begin_inset LatexCommand \ref{SpecPasses} 8558 8559\end_inset 8560 8561 8562\emph on 8563. 8564 8565\emph default 8566This is not a mistake; the Java Virtual Machine Specification, Second Edition 8567 8568\begin_inset LatexCommand \cite{vmspec2} 8569 8570\end_inset 8571 8572 is unfortunately not detailed enough to make a clean-room implementation 8573 of the JVM verifier possible. 8574 Having a close look at the behaviour of existing verifier implementations 8575 is sometimes necessary to interpret the specification correctly. 8576 For that reason, the behaviour of these implementations is part of the 8577 specification of JustIce whereever appropriate. 8578 Still, there are some minor differences in behaviour between JustIce and 8579 the traditional JVM built-in verifiers. 8580 These differences were observed by using the traditional verifiers, not 8581 by inspecting their source code. 8582\layout Standard 8583 8584JustIce is implemented in the Java programming language 8585\begin_inset LatexCommand \cite{langspec2} 8586 8587\end_inset 8588 8589 using the Byte Code Engineering Library 8590\begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} 8591 8592\end_inset 8593 8594. 8595\layout Section 8596 8597Pass One 8598\layout Standard 8599 8600The Byte Code Engineering Library (BCEL) presents an object oriented view 8601 of the class file structure. 8602 Therefore, an integral part of that library is parsing class files. 8603 JustIce uses the BCEL, so there was nothing left to do to load a class 8604 file in. 8605 Only minor changes were made to the BCEL to make it more verbose when exception 8606al situations occur; i.e., when a garbled class file is loaded in. 8607 The BCEL uses Java's exception mechanism to signal these situations; JustIce 8608 transforms this behaviour into the behaviour expected by users of the Verificat 8609ion API (see section 8610\begin_inset LatexCommand \ref{Verification API} 8611 8612\end_inset 8613 8614). 8615\layout Subsubsection 8616 8617Comparison to Sun's Implementation 8618\layout Standard 8619 8620There does not seem to be any difference in behaviour between JustIce and 8621 the traditional verifiers. 8622 Still, this conviction is a result of black box tests so it might not be 8623 true in corner cases. 8624\layout Standard 8625 8626Unknown attributes are ignored (though JustIce records a warning message, 8627 where the traditional verifiers don't). 8628\layout Standard 8629 8630Trailing bytes at the end of the class file are ignored in both versions, 8631 contradicting the specification. 8632 This was necessary because some Java run-time environments are broken concernin 8633g the handling of .JAR archive files. 8634 The mechanism of loading class files from these archives files using the 8635 Java Platform's API is used by BCEL and probably by Sun's JVM, too. 8636 It is possible that this is the reason why Sun's verifier itself does not 8637 enforce this constraint. 8638 However, it does not really pose a threat to the integrity of any JVM known 8639 to the author. 8640 There is no entry in the 8641\family typewriter 8642ClassFile 8643\family default 8644 structure (see section 8645\begin_inset LatexCommand \ref{Classfile Structure} 8646 8647\end_inset 8648 8649) stating how long the class file is in its entirety, so a JVM implementor 8650 cannot possibly base a wrong decision on that. 8651 8652\layout Section 8653 8654 8655\begin_inset LatexCommand \label{Pass2Impl} 8656 8657\end_inset 8658 8659Pass Two 8660\layout Standard 8661 8662JustIce does perform 8663\begin_inset Quotes eld 8664\end_inset 8665 8666all verification that can be performed without looking at the bytecodes 8667\begin_inset Quotes erd 8668\end_inset 8669 8670 in pass two. 8671 For some reasons (like determining a valid ancestor hierarchy of a class), 8672 pass two of JustIce has to load referenced classes. 8673 Of course, this is done in a careful way: by pass-one-verifying them. 8674 If loading of a referenced class should fail (i.e., verification pass one 8675 fails on this class), the referencing class is rejected by JustIce's pass 8676 two. 8677 Pass two of JustIce does not pass-two-verify any referenced classes. 8678\layout Standard 8679 8680Also, JustIce's pass two emits a wealth of (warning) messages. 8681 Their target is to guide a bytecode engineer to create class files that 8682 are indistinguishable from those created by Sun's 8683\emph on 8684javac 8685\emph default 8686 compiler with no debugging output. 8687 For example, the use of 8688\family typewriter 8689LineNumberTable 8690\family default 8691 attributes (see section 8692\begin_inset LatexCommand \ref{LineNumberTableAttribute} 8693 8694\end_inset 8695 8696) is discouraged, because these atributes are only useful for debugging 8697 purposes. 8698 Still, they can be the reason for a class file to be rejected -- to be 8699 on the safe side, finished applications for the JVM should not be shipped 8700 with this debug information. 8701\layout Standard 8702 8703Most of the checks of pass two were implemented using the Visitor programming 8704 pattern 8705\begin_inset LatexCommand \cite{DesignPatterns} 8706 8707\end_inset 8708 8709 provided by the BCEL's 8710\emph on 8711de.fub.byte\SpecialChar \- 8712code.class\SpecialChar \- 8713file 8714\emph default 8715 API. 8716 This made it possible to have all the verification split into several methods 8717 without having to define artificial boundaries. 8718 For instance, a 8719\family typewriter 8720ConstantValue 8721\family default 8722 attribute is verified in a method called 8723\emph on 8724visitConstantValue(ConstantValue) 8725\emph default 8726. 8727 This is a use of the object oriented view of class files the BCEL offers. 8728\layout Subsubsection 8729 8730Comparison to Sun's Implementation 8731\layout Standard 8732 8733JustIce does not distinguish between run-time or link-time because it was 8734 not intended to implement a JVM. 8735 Therefore, the notion of 8736\emph on 8737resolving 8738\emph default 8739(see section 8740\begin_inset LatexCommand \ref{SpecPassTwo} 8741 8742\end_inset 8743 8744) is useless for JustIce. 8745 The author believes that the specification of pass two given by Sun closely 8746 reflects their implementation (or the other way around) 8747\begin_float footnote 8748\layout Standard 8749 8750The Java Virtual Machine Specification, Second Edition, began as an internal 8751 project documentation ( 8752\begin_inset LatexCommand \cite{vmspec2} 8753 8754\end_inset 8755 8756, page xiv). 8757 Unfortunately, this can still be felt sometimes. 8758\end_float 8759. 8760\layout Standard 8761 8762Sometimes, there are ambiguities in the specification. 8763 For instance, it is said that 8764\begin_inset Quotes eld 8765\end_inset 8766 8767If the constant pool of a class or interface refers to any class or interface 8768 that is not a member of a package, its 8769\family typewriter 8770ClassFile 8771\family default 8772 structure must have exactly one 8773\family typewriter 8774InnerClasses 8775\family default 8776 attribute in its 8777\family typewriter 8778attributes 8779\family default 8780 table 8781\begin_inset Quotes erd 8782\end_inset 8783 8784. 8785 A class or interface that is 8786\begin_inset Quotes eld 8787\end_inset 8788 8789not member of a package 8790\begin_inset Quotes erd 8791\end_inset 8792 8793 is better known as a 8794\emph on 8795nested class 8796\emph default 8797 or 8798\emph on 8799inner class 8800\emph default 8801 8802\begin_inset LatexCommand \cite{InnerSpec} 8803 8804\end_inset 8805 8806, but this is something specific to the Java language. 8807 The 8808\emph on 8809javac 8810\emph default 8811 compiler creates multiple, often funny-named 8812\begin_float footnote 8813\layout Standard 8814 8815For anonymous classes defined in a class 8816\emph on 8817X 8818\emph default 8819 the names are 8820\emph on 8821X$1 8822\emph default 8823, 8824\emph on 8825X$2 8826\emph default 8827 and so on. 8828 For a named inner class 8829\emph on 8830I 8831\emph default 8832 defined in class 8833\emph on 8834C 8835\emph default 8836 the name is 8837\emph on 8838C$I 8839\emph default 8840. 8841 There is, however, no guarantee for that: this is only observed behaviour 8842 of javac. 8843 Please see section 8844\begin_inset LatexCommand \ref{InnerBug} 8845 8846\end_inset 8847 8848 for an example how this behaviour can lead to unexpected problems. 8849\end_float 8850 class files that are otherwise indistinguishable from normal class files. 8851\layout Standard 8852 8853Therefore, it is generally not possible to decide if such an attribute is 8854 missing; therefore Sun's implementation does not check this constraint. 8855 JustIce, in contrast, uses its warning mechanism if the name of a referenced 8856 class or interface could be a name of an inner class created by the 8857\emph on 8858javac 8859\emph default 8860 compiler and the 8861\family typewriter 8862InnerClass 8863\family default 8864 attribute is missing. 8865\layout Standard 8866 8867The sets of accepted or rejected class files concerning pass two are equal 8868 using both Sun's implementation and JustIce, as exhaustive tests show. 8869 This can, however, not be proven because one would need to analyze Sun's 8870 source code for that (which is not intended: as already mentioned, JustIce 8871 is a clean-room implementation). 8872\layout Section 8873 8874Pass Three 8875\layout Subsection 8876 8877Pass 3a 8878\layout Standard 8879 8880One feature of the BCEL's 8881\emph on 8882de.fub.bytecode.generic 8883\emph default 8884 package is parsing code attributes of methods and transforming them into 8885 so-called 8886\family typewriter 8887Instruction\SpecialChar \- 8888List 8889\family default 8890 objects. 8891 Consequently, this feature is used to implement pass 3a; a few additional 8892 checks have been implemented where BCEL is too 8893\begin_inset Quotes eld 8894\end_inset 8895 8896trustful 8897\begin_inset Quotes erd 8898\end_inset 8899 8900 when parsing, i.e., where BCEL relies on the correctness of the class file. 8901\layout Standard 8902 8903Pass 3a consists of the checking of static constraints on instructions and 8904 static constraints on operands of these instructions. 8905 The successful creation an an 8906\family typewriter 8907Instruction\SpecialChar \- 8908List 8909\family default 8910 object already implies that the static constraints on instructions are 8911 satisfied. 8912 Similar to pass one, JustIce transforms the behaviour of BCEL's exception 8913 mechanism into the behaviour expected by users of the Verification API 8914 (see section 8915\begin_inset LatexCommand \ref{Verification API} 8916 8917\end_inset 8918 8919). 8920\layout Standard 8921 8922The 8923\emph on 8924de.fub.byte\SpecialChar \- 8925code.ge\SpecialChar \- 8926ne\SpecialChar \- 8927ric 8928\emph default 8929API provided by BCEL offers a Visitor design pattern similar to the one 8930 of the 8931\emph on 8932de.fub.byte\SpecialChar \- 8933code.class\SpecialChar \- 8934file 8935\emph default 8936 API. 8937 The tests for the static constraints on operands of instructions are implemente 8938d by using it. 8939 For example, the constraints put on the operands of any 8940\latex latex 8941 8942\backslash 8943texttt{iload} 8944\latex default 8945 instruction are verified using a 8946\emph on 8947visitILOAD(ILOAD) 8948\emph default 8949 method defined in a Visitor class. 8950 This Visitor class implements all the checks for integrity of all instruction's 8951 operands. 8952 Algorithm 8953\begin_inset LatexCommand \ref{visitILOADstaticoperands} 8954 8955\end_inset 8956 8957 shows the impementation of the 8958\emph on 8959visitILOAD(ILOAD) 8960\emph default 8961 method. 8962\begin_float alg 8963\layout Caption 8964 8965 8966\begin_inset LatexCommand \label{visitILOADstaticoperands} 8967 8968\end_inset 8969 8970visitILOAD, Visitor ensuring static constraints on operands of instructions 8971\layout Standard 8972 8973 8974\family typewriter 8975\SpecialChar \- 8976\SpecialChar ~ 8977/** Checks if the constraints of operands of the said instruction(s) are 8978 satisfied. 8979 */ 8980\newline 8981\SpecialChar \- 8982public void visitILOAD(ILOAD o){ 8983\newline 8984\SpecialChar \- 8985\SpecialChar ~ 8986\SpecialChar ~ 8987int idx = o.getIndex(); 8988\newline 8989\SpecialChar \- 8990\SpecialChar ~ 8991\SpecialChar ~ 8992if (idx < 0){ 8993\newline 8994\SpecialChar \- 8995\SpecialChar ~ 8996\SpecialChar ~ 8997\SpecialChar ~ 8998\SpecialChar ~ 8999constraintViolated(o, "Index '"+idx+"' must be non-negative."); 9000\newline 9001\SpecialChar \- 9002\SpecialChar ~ 9003\SpecialChar ~ 9004} 9005\newline 9006\SpecialChar \- 9007\SpecialChar ~ 9008\SpecialChar ~ 9009else{ 9010\newline 9011\SpecialChar \- 9012\SpecialChar ~ 9013\SpecialChar ~ 9014\SpecialChar ~ 9015\SpecialChar ~ 9016int maxminus1 = max_locals()-1; 9017\newline 9018\SpecialChar \- 9019\SpecialChar ~ 9020\SpecialChar ~ 9021\SpecialChar ~ 9022\SpecialChar ~ 9023if (idx > maxminus1){ 9024\newline 9025\SpecialChar \- 9026\SpecialChar ~ 9027\SpecialChar ~ 9028\SpecialChar ~ 9029\SpecialChar ~ 9030\SpecialChar ~ 9031\SpecialChar ~ 9032constraintViolated(o, "Index '"+idx+"' must not be greater than max_locals-1 9033 '"+maxminus1+"'."); 9034\newline 9035\SpecialChar \- 9036\SpecialChar ~ 9037\SpecialChar ~ 9038\SpecialChar ~ 9039\SpecialChar ~ 9040} 9041\newline 9042\SpecialChar \- 9043\SpecialChar ~ 9044\SpecialChar ~ 9045} 9046\newline 9047} 9048\end_float 9049\layout Standard 9050 9051JustIce does not provide any run-time, so the tests of pass four (see section 9052 9053\begin_inset LatexCommand \ref{Pass4Spec} 9054 9055\end_inset 9056 9057) are not delayed until run-time, but performed here. 9058\layout Subsubsection 9059 9060Comparison to Sun's Implementation 9061\layout Standard 9062 9063Sun does not distinguish pass 3a and pass 3b. 9064 However, Sun's verifiers also have to ensure that the static constraints 9065 on instructions are satisfied before starting data flow analysis. 9066\layout Standard 9067 9068This is obvious because a data structure has to be built before the data 9069 flow analyzer can be run; and this data structure has to be built carefully 9070\begin_float footnote 9071\layout Standard 9072 9073This actually means verifying the structural integrity of the bytecodes. 9074\end_float 9075 because passes one and two did not look at the bytecodes before. 9076\layout Standard 9077 9078JustIce does implement pass four checks in pass 3a which Sun's verifiers 9079 do not. 9080 Because JustIce provides no run-time, the outcome of a verification failure 9081 is reported instantly. 9082 Traditional JVMs are required to silently delay the actions triggered by 9083 that knowledge until run-time. 9084\layout Subsection 9085 9086Pass 3b 9087\layout Standard 9088 9089JustIce aims at implementing Sun's data flow analyzing algorithm as closely 9090 as possible. 9091 First, a control flow graph is built --- which implies analyzing a method's 9092 subroutine calling structure first. 9093\layout Standard 9094 9095After that an implementation of the core algorithm sketched by Sun Microsystems 9096 is started. 9097 Verification failure is internally signalled by the Java exception handling 9098 mechanism which is then transformed to match the Verification API (see 9099 section 9100\begin_inset LatexCommand \ref{Verification API} 9101 9102\end_inset 9103 9104). 9105\layout Subsubsection 9106 9107 9108\begin_inset LatexCommand \label{SubroutineImpl} 9109 9110\end_inset 9111 9112Subroutines 9113\layout Standard 9114 9115Subroutines are modeled as instances of the 9116\family typewriter 9117Subroutine 9118\family default 9119 interface 9120\emph on 9121. 9122 9123\emph default 9124 They provide the following methods (note that an 9125\family typewriter 9126InstructionHandle 9127\family default 9128 is the BCEL's programming handle to instruction objects and that 9129\emph on 9130X[] 9131\emph default 9132 is the common Java notation for 9133\emph on 9134array of 9135\emph default 9136 9137\emph on 9138X 9139\emph default 9140): 9141\layout Itemize 9142 9143 9144\emph on 9145boolean contains(InstructionHandle) 9146\emph default 9147 9148\newline 9149Returns true if and only if the given 9150\family typewriter 9151InstructionHandle 9152\family default 9153 refers to an instruction that is part of this subroutine, 9154\layout Itemize 9155 9156 9157\emph on 9158InstructionHandle[] getInstructions() 9159\emph default 9160 9161\newline 9162Returns all instructions that together form this subroutine, 9163\layout Itemize 9164 9165 9166\emph on 9167int[] getAccessedLocalsIndices() 9168\emph default 9169 9170\newline 9171Returns an array containing the indices of the local variable slots accessed 9172 by this subroutine (read-accessed, write-accessed or both); local variables 9173 referenced by subroutines of this subroutine are not included, 9174\layout Itemize 9175 9176 9177\emph on 9178int[] getRecursivelyAccessedLocalsIndices() 9179\emph default 9180 9181\emph on 9182 9183\newline 9184 9185\emph default 9186Returns an array containing the indices of the local variable slots accessed 9187 by this subroutine (read-accessed, write-accessed or both); local variables 9188 referenced by subroutines of this subroutine are included, 9189\layout Itemize 9190 9191 9192\emph on 9193Subroutine[] subSubs() 9194\emph default 9195 9196\emph on 9197 9198\newline 9199 9200\emph default 9201Returns the subroutines that are directly called from this subroutine, 9202\layout Itemize 9203 9204 9205\emph on 9206InstructionHandle[] getEnteringJsrInstructions() 9207\emph default 9208 9209\newline 9210Returns all the JsrInstructions that have the first instruction of this 9211 subroutine as their target, 9212\layout Itemize 9213 9214 9215\emph on 9216InstructionHandle getLeavingRET() 9217\emph default 9218 9219\newline 9220Returns the one and only RET that leaves the subroutine. 9221\layout Standard 9222 9223Together with information from a simple analysis of the possible control 9224 flow transfer of all the other instructions but 9225\latex latex 9226 9227\backslash 9228texttt{ret} 9229\latex default 9230 (see section 9231\begin_inset LatexCommand \ref{Pass3Spec} 9232 9233\end_inset 9234 9235), a control flow graph is built. 9236\layout Subsubsection 9237 9238The Control Flow Graph 9239\layout Standard 9240 9241The control flow graph is a single instance with respect to a given method 9242 to verify. 9243 It is defined by providing access to a set of contexts of instructions. 9244 These are modeled as instances of the 9245\emph on 9246 9247\family typewriter 9248\emph default 9249In\SpecialChar \- 9250struc\SpecialChar \- 9251tion\SpecialChar \- 9252Con\SpecialChar \- 9253text 9254\family default 9255 interface. 9256\layout Standard 9257 9258These instances enclose 9259\family typewriter 9260InstructionHandle 9261\family default 9262 objects (which represent an instruction in the bytecode), but they augment 9263 these objects with type information (a set of 9264\family typewriter 9265Frame 9266\family default 9267s, see below) as needed by the data flow analysis algorithm. 9268 Also, a method called 9269\emph on 9270getSuccessors() 9271\emph default 9272is provided that calculates the possible control flow successors of a given 9273 9274\family typewriter 9275In\SpecialChar \- 9276struc\SpecialChar \- 9277tion\SpecialChar \- 9278Con\SpecialChar \- 9279text 9280\family default 9281 instance. 9282\layout Standard 9283 9284The most notable method defined in the 9285\family typewriter 9286In\SpecialChar \- 9287struc\SpecialChar \- 9288tion\SpecialChar \- 9289Con\SpecialChar \- 9290text 9291\family default 9292\emph on 9293 9294\emph default 9295interface is, however, the 9296\emph on 9297execute(Frame, ArrayList, InstConstraintVisitor, ExecutionVisitor) 9298\emph default 9299 method. 9300 This method is used to symbolically execute a given instruction. 9301\layout Standard 9302 9303The 9304\family typewriter 9305ArrayList 9306\family default 9307\emph on 9308 9309\emph default 9310argument is there to record the subroutine calling chain. 9311 The properly-nested property of JustIce subroutines is exploited here: 9312 one can simply count 9313\latex latex 9314 9315\backslash 9316texttt{jsr} 9317\latex default 9318/ 9319\latex latex 9320 9321\backslash 9322texttt{jsr 9323\backslash 9324_w} 9325\latex default 9326 and 9327\latex latex 9328 9329\backslash 9330texttt{ret} 9331\latex default 9332 instructions, similar to counting opened and closed braces in mathematical 9333 expressions. 9334\layout Standard 9335 9336A 9337\family typewriter 9338Frame 9339\family default 9340 is JustIce's model of an 9341\emph on 9342execution frame 9343\emph default 9344: a local variables array model together with an operand stack model. 9345 Every 9346\emph on 9347InstructionContext 9348\emph default 9349 instance is augmented with such a frame (to be precise, a set of such frames 9350 as discussed in the specification of subroutines, see section 9351\begin_inset LatexCommand \ref{Pass3Spec} 9352 9353\end_inset 9354 9355). 9356\layout Standard 9357 9358When frames are merged, the 9359\emph on 9360execute(Frame, ArrayList, InstConstraintVisitor, ExecutionVisitor) 9361\emph default 9362method of some successor 9363\family typewriter 9364InstructionContext 9365\family default 9366 is called. 9367 The 9368\family typewriter 9369Frame 9370\family default 9371 argument represents is the current type information of the predecessing 9372 9373\family typewriter 9374InstructionContext. 9375\layout Subsubsection 9376 9377Visitors 9378\layout Standard 9379 9380As in pass 3a, the Visitor pattern of the BCEL 9381\emph on 9382de.fub.byte\SpecialChar \- 9383code.ge\SpecialChar \- 9384ne\SpecialChar \- 9385ric 9386\emph default 9387 API is also used in pass 3b. 9388 While it was used to verify the static constraints of pass three in pass 9389 3a, it is now used to verify the structural constraints. 9390\layout Standard 9391 9392Before an instruction 9393\family typewriter 9394X 9395\family default 9396 is symbolically executed, the corresponding 9397\emph on 9398visitX(X) 9399\emph default 9400 method is invoked on an 9401\family typewriter 9402InstConstraintVisitor 9403\family default 9404 instance. 9405 This instance is there to verify all the preconditions are met to safely 9406 execute the instruction 9407\family typewriter 9408X 9409\family default 9410. 9411 The 9412\family typewriter 9413InstConstraintVisitor 9414\family default 9415 class therefore holds information about the preconditions of all 212 valid 9416 Java bytecode instructions. 9417 A simplified version of this Visitor's 9418\emph on 9419visitILOAD(ILOAD) 9420\emph default 9421 method is listed in algorithm 9422\begin_inset LatexCommand \ref{visitILOADInstConstraints} 9423 9424\end_inset 9425 9426. 9427\layout Standard 9428 9429Similarly, the 9430\emph on 9431 9432\family typewriter 9433\emph default 9434ExecutionVisitor 9435\family default 9436 class contains information about the behaviour of every bytecode instruction. 9437 An instance of this class is used to model the effect of the bytecode instructi 9438ons on a 9439\emph on 9440Frame 9441\emph default 9442 instance. 9443 Algorithm 9444\begin_inset LatexCommand \ref{visitILOADExecution} 9445 9446\end_inset 9447 9448 shows the 9449\emph on 9450visitILOAD(ILOAD) 9451\emph default 9452 method of this Visitor. 9453\layout Standard 9454 9455\begin_float alg 9456\layout Caption 9457 9458 9459\begin_inset LatexCommand \label{visitILOADInstConstraints} 9460 9461\end_inset 9462 9463visitILOAD, Visitor ensuring the structural (dynamic) constraints of instruction 9464s 9465\layout Standard 9466 9467 9468\family typewriter 9469public void visitILOAD(ILOAD o){ 9470\newline 9471\SpecialChar \- 9472\SpecialChar ~ 9473\SpecialChar ~ 9474\SpecialChar ~ 9475\SpecialChar ~ 9476\SpecialChar ~ 9477int produce = o.produceStack(cpg); 9478\newline 9479\SpecialChar \- 9480\SpecialChar ~ 9481\SpecialChar ~ 9482\SpecialChar ~ 9483\SpecialChar ~ 9484\SpecialChar ~ 9485if ( produce + stack().slotsUsed() > stack().maxStack() ){ 9486\newline 9487\SpecialChar \- 9488\SpecialChar ~ 9489\SpecialChar ~ 9490\SpecialChar ~ 9491\SpecialChar ~ 9492\SpecialChar ~ 9493\SpecialChar ~ 9494\SpecialChar ~ 9495constraintViolated(o, "Cannot produce "+produce+" stack slots: only "+(stack().ma 9496xStack()-stack().slotsUsed())+" free stack slot(s) left. 9497\backslash 9498nStack: 9499\backslash 9500n"+stack()); 9501\newline 9502\SpecialChar \- 9503\SpecialChar ~ 9504\SpecialChar ~ 9505\SpecialChar ~ 9506\SpecialChar ~ 9507\SpecialChar ~ 9508} 9509\newline 9510[\SpecialChar \ldots{} 9511] 9512\newline 9513\SpecialChar \- 9514\SpecialChar ~ 9515\SpecialChar ~ 9516} 9517\end_float 9518\begin_float alg 9519\layout Caption 9520 9521 9522\begin_inset LatexCommand \label{visitILOADExecution} 9523 9524\end_inset 9525 9526visitILOAD, Visitor symbolically executing instructions 9527\layout Standard 9528 9529 9530\family typewriter 9531/** Symbolically executes the corresponding Java Virtual Machine instruction. 9532 */ 9533\newline 9534\SpecialChar \- 9535public void visitILOAD(ILOAD o){ 9536\newline 9537\SpecialChar \- 9538\SpecialChar ~ 9539\SpecialChar ~ 9540stack().push(Type.INT); 9541\newline 9542\SpecialChar \- 9543} 9544\end_float 9545\begin_float alg 9546\layout Caption 9547 9548Simplified Core Verification Algorithm of Pass 3b 9549\layout Standard 9550 9551 9552\series bold 9553\size small 9554public VerificationResult do_verify(Method m) 9555\series default 9556{ 9557\layout Standard 9558 9559 9560\size small 9561\SpecialChar \- 9562\SpecialChar ~ 9563\SpecialChar ~ 9564ControlFlowGraph cfg; 9565\layout Standard 9566 9567 9568\size small 9569\SpecialChar \- 9570\SpecialChar ~ 9571\SpecialChar ~ 9572if (m.hasCode()) 9573\layout Standard 9574 9575 9576\size small 9577\SpecialChar \- 9578\SpecialChar ~ 9579\SpecialChar ~ 9580\SpecialChar ~ 9581\SpecialChar ~ 9582cfg = new ControlFlowGraph(m) 9583\layout Standard 9584 9585 9586\size small 9587\SpecialChar \- 9588\SpecialChar ~ 9589\SpecialChar ~ 9590else 9591\layout Standard 9592 9593 9594\size small 9595\SpecialChar \- 9596\SpecialChar ~ 9597\SpecialChar ~ 9598\SpecialChar ~ 9599\SpecialChar ~ 9600return Good_VerificationResult; 9601\layout Standard 9602 9603 9604\size small 9605\SpecialChar \- 9606\SpecialChar ~ 9607\SpecialChar ~ 9608Frame f = new Frame(); 9609\shape slanted 9610// local variables and operand stack 9611\layout Standard 9612 9613 9614\size small 9615\SpecialChar \- 9616\SpecialChar ~ 9617\SpecialChar ~ 9618f.localVariables().initialize(m.signature()); 9619\shape slanted 9620// put formal param types into loc. 9621 vars 9622\layout Standard 9623 9624 9625\size small 9626\SpecialChar \- 9627\SpecialChar ~ 9628\SpecialChar ~ 9629InstConstraintVisitor icv = new InstConstraintVisitor(); 9630\layout Standard 9631 9632 9633\size small 9634\SpecialChar \- 9635\SpecialChar ~ 9636\SpecialChar ~ 9637ExecutionVisitor ev = new ExecutionVisitor(); 9638\layout Standard 9639 9640 9641\size small 9642\SpecialChar \- 9643\SpecialChar ~ 9644\SpecialChar ~ 9645try{ 9646\layout Standard 9647 9648 9649\size small 9650\SpecialChar \- 9651\SpecialChar ~ 9652\SpecialChar ~ 9653\SpecialChar ~ 9654\SpecialChar ~ 9655circulationPump(cfg, f, icv, ev); 9656\layout Standard 9657 9658 9659\size small 9660\SpecialChar \- 9661\SpecialChar ~ 9662\SpecialChar ~ 9663} 9664\layout Standard 9665 9666 9667\size small 9668\SpecialChar \- 9669\SpecialChar ~ 9670\SpecialChar ~ 9671catch(VerificationFailure){ 9672\layout Standard 9673 9674 9675\size small 9676\SpecialChar \- 9677\SpecialChar ~ 9678\SpecialChar ~ 9679\SpecialChar ~ 9680\SpecialChar ~ 9681return Bad_VerificationResult; 9682\layout Standard 9683 9684 9685\size small 9686\SpecialChar \- 9687\SpecialChar ~ 9688\SpecialChar ~ 9689} 9690\layout Standard 9691 9692 9693\size small 9694\SpecialChar \- 9695\SpecialChar ~ 9696\SpecialChar ~ 9697return Good_VerificationResult; 9698\layout Standard 9699 9700 9701\size small 9702} 9703\newline 9704 9705\layout Standard 9706 9707 9708\series bold 9709\size small 9710public void circulationPump(ControlflowGraph cfg, Frame startFrame, InstConstrai 9711ntVisitor icv, ExecutionVisitor ev) throws VerificationFailure 9712\series default 9713{ 9714\layout Standard 9715 9716 9717\size small 9718Instruction start = cfg.getFirstInstruction(); 9719\layout Standard 9720 9721 9722\shape slanted 9723\size small 9724/* 9725\layout Standard 9726 9727 9728\shape slanted 9729\size small 9730Now merge the first frame (type info) into the first instruction. 9731\layout Standard 9732 9733 9734\shape slanted 9735\size small 9736Empty list -> no instructions have been executed before. 9737\layout Standard 9738 9739 9740\shape slanted 9741\size small 9742*/ 9743\layout Standard 9744 9745 9746\size small 9747start.execute(startFrame, EmptyInstructionList, icv, ev); 9748\layout Standard 9749 9750 9751\shape slanted 9752\size small 9753/* 9754\layout Standard 9755 9756 9757\shape slanted 9758\size small 9759Q is a Queue of pairs (Instruction, InstructionList). 9760\layout Standard 9761 9762 9763\shape slanted 9764\size small 9765*/ 9766\layout Standard 9767 9768 9769\size small 9770Queue Q = EmptyQueue; 9771\layout Standard 9772 9773 9774\shape slanted 9775\size small 9776/* 9777\layout Standard 9778 9779 9780\shape slanted 9781\size small 9782Put the first instruction into the queue. 9783 This is similar to initializing a breadth first search. 9784\layout Standard 9785 9786 9787\shape slanted 9788\size small 9789*/ 9790\layout Standard 9791 9792 9793\size small 9794Q.add (start, EmptyInstructionList); 9795\layout Standard 9796 9797 9798\shape slanted 9799\size small 9800/* 9801\layout Standard 9802 9803 9804\shape slanted 9805\size small 9806The main loop 9807\layout Standard 9808 9809 9810\shape slanted 9811\size small 9812*/ 9813\layout Standard 9814 9815 9816\size small 9817while (Q.isNotEmpty()){ 9818\layout Standard 9819 9820 9821\size small 9822\SpecialChar \- 9823\SpecialChar ~ 9824\SpecialChar ~ 9825Instruction u = fst(Q.head()); 9826\layout Standard 9827 9828 9829\size small 9830\SpecialChar \- 9831\SpecialChar ~ 9832\SpecialChar ~ 9833InstructionList ec = snd(Q.head()); 9834\layout Standard 9835 9836 9837\size small 9838\SpecialChar \- 9839\SpecialChar ~ 9840\SpecialChar ~ 9841Q.removeHead(); 9842\layout Standard 9843 9844 9845\size small 9846\SpecialChar \- 9847\SpecialChar ~ 9848\SpecialChar ~ 9849InstructionList oldchain = ec; 9850\layout Standard 9851 9852 9853\size small 9854\SpecialChar \- 9855\SpecialChar ~ 9856\SpecialChar ~ 9857InstructionList newchain = ec++[u]; 9858\layout Standard 9859 9860 9861\size small 9862\SpecialChar \- 9863\SpecialChar ~ 9864\SpecialChar ~ 9865for (all successors v of u){ 9866\layout Standard 9867 9868 9869\size small 9870\SpecialChar \- 9871\SpecialChar ~ 9872\SpecialChar ~ 9873\SpecialChar ~ 9874\SpecialChar ~ 9875 9876\shape slanted 9877/* 9878\layout Standard 9879 9880 9881\shape slanted 9882\size small 9883\SpecialChar \- 9884\SpecialChar ~ 9885\SpecialChar ~ 9886\SpecialChar ~ 9887\SpecialChar ~ 9888execute returns true if type info has changed. 9889 It may throw VerificationFailures. 9890\layout Standard 9891 9892 9893\shape slanted 9894\size small 9895\SpecialChar \- 9896\SpecialChar ~ 9897\SpecialChar ~ 9898\SpecialChar ~ 9899\SpecialChar ~ 9900*/ 9901\layout Standard 9902 9903 9904\size small 9905\SpecialChar \- 9906\SpecialChar ~ 9907\SpecialChar ~ 9908\SpecialChar ~ 9909\SpecialChar ~ 9910if (v.execute(u.getOutFrame(oldchain), newchain,icv,ev)) 9911\layout Standard 9912 9913 9914\size small 9915\SpecialChar \- 9916\SpecialChar ~ 9917\SpecialChar ~ 9918\SpecialChar ~ 9919\SpecialChar ~ 9920\SpecialChar ~ 9921\SpecialChar ~ 9922Q.add((v, newchain)); 9923\layout Standard 9924 9925 9926\size small 9927\SpecialChar \- 9928\SpecialChar ~ 9929\SpecialChar ~ 9930} 9931\layout Standard 9932 9933 9934\size small 9935} 9936\end_float 9937\layout Subsubsection 9938 9939 9940\begin_inset LatexCommand \label{ComparisonSubroutines} 9941 9942\end_inset 9943 9944Comparison to Sun's Implementation 9945\layout Standard 9946 9947JustIce was originally aimed to be as compatible to Sun's implementation 9948 as possible. 9949 However, the unclear specification prevents clean room implementations 9950 (i.e., implementations whose programmers did not look into Sun's code) from 9951 perfect compatibility. 9952\layout Standard 9953 9954Fortunately, it JustIce closely matches Sun's implementation in its behaviour. 9955 As a test case, the author verified the transitive hull of the referenced 9956 class files starting with the 9957\emph on 9958de.fub.bytecode.verifier.Verifier 9959\emph default 9960 class. 9961 This set includes most of the classes of the Java 2 API supplied by Sun 9962 Microsystems, i.e., a few hundreds of apparently correct classes. 9963 A very small number of class files was rejected by JustIce because of its 9964 different specification of subroutine constraints. 9965 No other rejects were encountered. 9966\layout Standard 9967 9968Most class files that are found to be rejected by Sun's verifier implementations 9969 are rejected by JustIce, too. 9970\layout Standard 9971 9972However, there are class file rejected by Sun's verifier implementations 9973 but not by JustIce. 9974 This should not occur, but JustIce does not mimic the programming errors 9975 of Sun's verifiers so far. 9976 Please see section 9977\begin_inset LatexCommand \ref{javacRejected} 9978 9979\end_inset 9980 9981 for a discussion on a selected incompatibility issue. 9982\layout Standard 9983 9984An automated testing suite could solidify the trust in JustIce's implementation 9985 which is not implemented yet. 9986 Please see section 9987\begin_inset LatexCommand \ref{VerifierValidationSuite} 9988 9989\end_inset 9990 9991 for a discussion on that topic. 9992\layout Section 9993 9994Pass Four 9995\layout Standard 9996 9997The tests Sun's verifiers perform during run-time but which in principle 9998 could be performed in pass three 9999\emph on 10000are 10001\emph default 10002 performed in pass 3a by JustIce. 10003\layout Subsubsection 10004 10005Comparison to Sun's Implementation 10006\layout Standard 10007 10008It sems natural that Sun's verifier implements the specification by Sun. 10009 Obviously, JustIce has no run-time so JustIce has no pass four. 10010 The checks Sun performs in pass four 10011\begin_float footnote 10012\layout Standard 10013 10014Some JVMs expose implementation mistakes concerning pass four verification. 10015 See section 10016\begin_inset LatexCommand \ref{PassFourBug} 10017 10018\end_inset 10019 10020. 10021\end_float 10022 are performed in pass 3a by JustIce. 10023\layout Chapter 10024 10025 10026\begin_inset LatexCommand \label{Verification API} 10027 10028\end_inset 10029 10030The Verification API 10031\layout Section 10032 10033Introduction 10034\layout Standard 10035 10036The Application Programming Interface (API) of JustIce uses object oriented 10037 design patterns 10038\begin_inset LatexCommand \cite{DesignPatterns} 10039 10040\end_inset 10041 10042. 10043 Readers not familiar with design patterns are encouraged to read at least 10044 about the 10045\emph on 10046Visitor 10047\emph default 10048, 10049\emph on 10050Singleton 10051\emph default 10052, 10053\emph on 10054Observer 10055\emph default 10056 and 10057\emph on 10058Factory 10059\emph default 10060 patterns. 10061\layout Standard 10062 10063JustIce currently consists of four packages: 10064\emph on 10065de.fub.byte\SpecialChar \- 10066code.veri\SpecialChar \- 10067fier 10068\emph default 10069, 10070\emph on 10071de.fub. 10072 byte\SpecialChar \- 10073code.veri\SpecialChar \- 10074fier.exc 10075\emph default 10076, 10077\emph on 10078de.fub.byte\SpecialChar \- 10079code.veri\SpecialChar \- 10080fier.statics 10081\emph default 10082 and 10083\emph on 10084de.fub.byte\SpecialChar \- 10085code.veri\SpecialChar \- 10086fier. 10087 struc\SpecialChar \- 10088tu\SpecialChar \- 10089rals 10090\emph default 10091. 10092 (We shall from now on omit the preceding 10093\emph on 10094de.fub.byte\SpecialChar \- 10095code 10096\emph default 10097.) The most important of them is the 10098\emph on 10099verifier 10100\emph default 10101 package. 10102 The class 10103\family typewriter 10104VerifierFactory 10105\family default 10106 can be found here; this is the place where all verification starts. 10107 The 10108\family typewriter 10109Veri\SpecialChar \- 10110fier\SpecialChar \- 10111Fac\SpecialChar \- 10112tory 10113\family default 10114 creates 10115\family typewriter 10116Verifier 10117\family default 10118 instances; only the 10119\family typewriter 10120VerifierFactory 10121\family default 10122 can create these instances. 10123 A 10124\family typewriter 10125Verifier 10126\family default 10127 instance, in turn, has a one-to-one relationship with a class file to verify, 10128 10129\begin_inset Quotes eld 10130\end_inset 10131 10132its class 10133\begin_inset Quotes erd 10134\end_inset 10135 10136. 10137 You can instruct a 10138\family typewriter 10139Verifier 10140\family default 10141 instance to run a verification pass on its class yielding a 10142\family typewriter 10143VerificationResult 10144\family default 10145. 10146\layout Standard 10147 10148All class files are fetched from the BCEL's class file repository, i.e., the 10149 class 10150\family typewriter 10151Re\SpecialChar \- 10152po\SpecialChar \- 10153si\SpecialChar \- 10154to\SpecialChar \- 10155ry 10156\family default 10157. 10158 The class files stored there are either put there by the user or they are 10159 read from the file system. 10160 For a bytecode engineer who uses the BCEL this is convenient, because one 10161 does not have to save the dynamically created class file first in order 10162 to load it into JustIce. 10163\layout Standard 10164 10165Pass 1 and pass 2 are related to the 10166\family typewriter 10167ClassFile 10168\family default 10169 structure as such; passes 3a and 3b verify the bytecode of a method. 10170 If a class file was created using the BCEL, the BCEL user already knows 10171 how the 10172\family typewriter 10173JavaClass 10174\family default 10175 object looks like 10176\begin_float footnote 10177\layout Standard 10178 10179A 10180\family typewriter 10181JavaClass 10182\family default 10183 object represents a class file in the BCEL. 10184\end_float 10185. 10186 The number of methods is known and the order of the methods in the class 10187 file is known. 10188\layout Standard 10189 10190However, if this is not the case, one usually does not know the number of 10191 methods in a class file or the order of these methods. 10192 To carefully extract this information from an untrusted class file, one 10193 should first let a pass-2-verification run on this file. 10194 Afterwards, the information can be read from the 10195\family typewriter 10196JavaClass 10197\family default 10198 object the BCEL offers. 10199\layout Standard 10200 10201Finally, one is able to supply the 10202\begin_inset Quotes eld 10203\end_inset 10204 10205method index 10206\begin_inset Quotes erd 10207\end_inset 10208 10209 needed by verification passes 3a and 3b. 10210\layout Standard 10211 10212Basically, after pass 2 has been run successfully on a class file, one can 10213 safely use the methods in the BCEL's 10214\emph on 10215 classfile 10216\emph default 10217package 10218\emph on 10219 10220\emph default 10221on that class file. 10222 After pass 3a has been run successfully on a method, one can safely work 10223 on that method using the BCEL's 10224\emph on 10225generic 10226\emph default 10227 package. 10228 After pass 3b has been run successfully on all methods in a class file, 10229 this class file will not be rejected by other verifiers. 10230\layout Standard 10231 10232Often, the run of a verification pass implies recursively verifying other 10233 class files as well (because they are somehow referenced). 10234 Therefore, 10235\emph on 10236Verifier 10237\emph default 10238 instances for these referenced classes are created transparently. 10239 To be notified when such an event occurs, one can implement the 10240\emph on 10241VerifierFactoryObserver 10242\emph default 10243interface and let the 10244\emph on 10245VerifierFactory 10246\emph default 10247 register your implementation. 10248\layout Standard 10249 10250\begin_float fig 10251\layout Standard 10252\align center 10253 10254\begin_inset Figure size 595 863 10255file VerificationAPI.eps 10256width 3 100 10257angle 90 10258flags 1 10259 10260\end_inset 10261 10262 10263\layout Caption 10264 10265UML class diagram of the Verification API 10266\end_float 10267\layout Standard 10268 10269A Verifier creates instances of PassVerifiers. 10270 A PassVerifier instance in charge of performing some later verification 10271 pass transparently creates PassVerifier instances for the preceding passes. 10272 Therefore, users of the Verification API do not have to care about the 10273 order of verification passes; i.e., earlier passes are run always before 10274 later passes. 10275 All verification results are cached; this way an unsual order of calls 10276 to the 10277\emph on 10278doPassX() 10279\emph default 10280 methods of the 10281\emph on 10282Verifier 10283\emph default 10284 class does not even waste computing time. 10285\begin_float fig 10286\layout Standard 10287\align center 10288 10289\begin_inset Figure size 595 631 10290file V_API_SD.eps 10291width 3 100 10292height 3 75 10293flags 9 10294 10295\end_inset 10296 10297 10298\layout Caption 10299 10300Informal UML sequence diagram showing the dependency of verification pass 10301 two on verification pass one. 10302\end_float 10303\layout Section 10304 10305Some Example Code 10306\layout Standard 10307 10308The code below shows an example of how to use the API provided by JustIce. 10309 It will verify the transitive hull of all referenced class files. 10310 Normally, while verifying a class, referenced classes are recursively verified 10311 performing 10312\emph on 10313earlier 10314\emph default 10315 passes. 10316 Verifiers that are using pass 1 on their class will not load in any other 10317 classes (see section 10318\begin_inset LatexCommand \ref{SpecPasses} 10319 10320\end_inset 10321 10322). 10323 Therefore, normally the transitive hull is 10324\emph on 10325not 10326\emph default 10327 verified completely (it usually does not make sense to verify it, though 10328 -- it's done here only to give an example of what can be done). 10329\family typewriter 10330\size small 10331 10332\newline 10333 10334\newline 1033501\SpecialChar ~ 10336package de.fub.bytecode.verifier; 10337\newline 1033802\SpecialChar ~ 10339import de.fub.bytecode.verifier.*; 10340\newline 1034103\SpecialChar ~ 10342import de.fub.bytecode.classfile.*; 10343\newline 1034404\SpecialChar ~ 10345import de.fub.bytecode.*; 10346\newline 1034705\SpecialChar ~ 10348/** 10349\newline 1035006\SpecialChar ~ 10351\SpecialChar ~ 10352* This class has a main method implementing a demonstration program 10353\newline 1035407\SpecialChar ~ 10355\SpecialChar ~ 10356* of how to use the VerifierFactoryObserver. 10357 It transitively verifies 10358\newline 1035908\SpecialChar ~ 10360\SpecialChar ~ 10361* all class files encountered; this may take up a lot of time and, 10362\newline 1036309\SpecialChar ~ 10364\SpecialChar ~ 10365* more notably, memory. 10366 10367\newline 1036810\SpecialChar ~ 10369\SpecialChar ~ 10370* 10371\newline 1037211\SpecialChar ~ 10373\SpecialChar ~ 10374* @author Enver Haase 10375\newline 1037612\SpecialChar ~ 10377\SpecialChar ~ 10378*/ 10379\newline 1038013\SpecialChar ~ 10381public class TransitiveHull implements VerifierFactoryObserver{ 10382\newline 1038314\SpecialChar ~ 10384\SpecialChar ~ 10385\SpecialChar ~ 10386/** Used for indentation. 10387 */ 10388\newline 1038915\SpecialChar ~ 10390\SpecialChar ~ 10391\SpecialChar ~ 10392private int indent = 0; 10393\newline 1039416\SpecialChar ~ 10395\SpecialChar ~ 10396\SpecialChar ~ 10397/** Not publicly instantiable. 10398 */ 10399\newline 1040017\SpecialChar ~ 10401\SpecialChar ~ 10402\SpecialChar ~ 10403private TransitiveHull(){ } 10404\newline 1040518 10406\newline 1040719\SpecialChar ~ 10408\SpecialChar ~ 10409\SpecialChar ~ 10410/* Implementing VerifierFactoryObserver. 10411 */ 10412\newline 1041320\SpecialChar ~ 10414\SpecialChar ~ 10415\SpecialChar ~ 10416public void update(String classname){ 10417\newline 1041821\SpecialChar ~ 10419\SpecialChar ~ 10420\SpecialChar ~ 10421\SpecialChar ~ 10422\SpecialChar ~ 10423for (int i=0; i<indent; i++) { 10424\newline 1042522\SpecialChar ~ 10426\SpecialChar ~ 10427\SpecialChar ~ 10428\SpecialChar ~ 10429\SpecialChar ~ 10430\SpecialChar ~ 10431\SpecialChar ~ 10432System.out.print(" "); 10433\newline 1043423\SpecialChar ~ 10435\SpecialChar ~ 10436\SpecialChar ~ 10437\SpecialChar ~ 10438\SpecialChar ~ 10439} 10440\newline 1044124\SpecialChar ~ 10442\SpecialChar ~ 10443\SpecialChar ~ 10444\SpecialChar ~ 10445\SpecialChar ~ 10446System.out.println(classname); 10447\newline 1044825\SpecialChar ~ 10449\SpecialChar ~ 10450\SpecialChar ~ 10451\SpecialChar ~ 10452\SpecialChar ~ 10453indent += 1; 10454\newline 1045526\SpecialChar ~ 10456\SpecialChar ~ 10457\SpecialChar ~ 10458\SpecialChar ~ 10459\SpecialChar ~ 10460Verifier v = VerifierFactory.getVerifier(classname); 10461\newline 1046227\SpecialChar ~ 10463\SpecialChar ~ 10464\SpecialChar ~ 10465\SpecialChar ~ 10466\SpecialChar ~ 10467VerificationResult vr; 10468\newline 1046928\SpecialChar ~ 10470\SpecialChar ~ 10471\SpecialChar ~ 10472\SpecialChar ~ 10473\SpecialChar ~ 10474vr = v.doPass1(); 10475\newline 1047629\SpecialChar ~ 10477\SpecialChar ~ 10478\SpecialChar ~ 10479\SpecialChar ~ 10480\SpecialChar ~ 10481if (vr != VerificationResult.VR_OK) 10482\newline 1048330\SpecialChar ~ 10484\SpecialChar ~ 10485\SpecialChar ~ 10486\SpecialChar ~ 10487\SpecialChar ~ 10488\SpecialChar ~ 10489\SpecialChar ~ 10490System.out.println("Pass 1: 10491\backslash 10492n"+vr); 10493\newline 1049431\SpecialChar ~ 10495\SpecialChar ~ 10496\SpecialChar ~ 10497\SpecialChar ~ 10498\SpecialChar ~ 10499vr = v.doPass2(); 10500\newline 1050132\SpecialChar ~ 10502\SpecialChar ~ 10503\SpecialChar ~ 10504\SpecialChar ~ 10505\SpecialChar ~ 10506if (vr != VerificationResult.VR_OK) 10507\newline 1050833\SpecialChar ~ 10509\SpecialChar ~ 10510\SpecialChar ~ 10511\SpecialChar ~ 10512\SpecialChar ~ 10513\SpecialChar ~ 10514\SpecialChar ~ 10515System.out.println("Pass 2: 10516\backslash 10517n"+vr); 10518\newline 1051934\SpecialChar ~ 10520\SpecialChar ~ 10521\SpecialChar ~ 10522\SpecialChar ~ 10523\SpecialChar ~ 10524if (vr == VerificationResult.VR_OK){ 10525\newline 1052635\SpecialChar ~ 10527\SpecialChar ~ 10528\SpecialChar ~ 10529\SpecialChar ~ 10530\SpecialChar ~ 10531\SpecialChar ~ 10532\SpecialChar ~ 10533JavaClass jc = Repository.lookupClass(v.getClassName()); 10534\newline 1053536\SpecialChar ~ 10536\SpecialChar ~ 10537\SpecialChar ~ 10538\SpecialChar ~ 10539\SpecialChar ~ 10540\SpecialChar ~ 10541\SpecialChar ~ 10542for (int i=0; i<jc.getMethods().length; i++){ 10543\newline 1054437\SpecialChar ~ 10545\SpecialChar ~ 10546\SpecialChar ~ 10547\SpecialChar ~ 10548\SpecialChar ~ 10549\SpecialChar ~ 10550\SpecialChar ~ 10551\SpecialChar ~ 10552\SpecialChar ~ 10553vr = v.doPass3a(i); 10554\newline 1055538\SpecialChar ~ 10556\SpecialChar ~ 10557\SpecialChar ~ 10558\SpecialChar ~ 10559\SpecialChar ~ 10560\SpecialChar ~ 10561\SpecialChar ~ 10562\SpecialChar ~ 10563\SpecialChar ~ 10564if (vr != VerificationResult.VR_OK) 10565\newline 1056639\SpecialChar ~ 10567\SpecialChar ~ 10568\SpecialChar ~ 10569\SpecialChar ~ 10570\SpecialChar ~ 10571\SpecialChar ~ 10572\SpecialChar ~ 10573\SpecialChar ~ 10574\SpecialChar ~ 10575\SpecialChar ~ 10576\SpecialChar ~ 10577System.out.println(v.getClassName()+", Pass 3a, method "+ 10578\newline 10579\SpecialChar \- 10580\SpecialChar ~ 10581\SpecialChar ~ 10582\SpecialChar ~ 10583\SpecialChar ~ 10584\SpecialChar ~ 10585\SpecialChar ~ 10586\SpecialChar ~ 10587\SpecialChar ~ 10588\SpecialChar ~ 10589\SpecialChar ~ 10590\SpecialChar ~ 10591\SpecialChar ~ 10592\SpecialChar ~ 10593i+" ['"+jc.getMethods()[i]+"']: 10594\backslash 10595n"+vr); 10596\newline 1059740\SpecialChar ~ 10598\SpecialChar ~ 10599\SpecialChar ~ 10600\SpecialChar ~ 10601\SpecialChar ~ 10602\SpecialChar ~ 10603\SpecialChar ~ 10604\SpecialChar ~ 10605\SpecialChar ~ 10606vr = v.doPass3b(i); 10607\newline 1060841\SpecialChar ~ 10609\SpecialChar ~ 10610\SpecialChar ~ 10611\SpecialChar ~ 10612\SpecialChar ~ 10613\SpecialChar ~ 10614\SpecialChar ~ 10615\SpecialChar ~ 10616\SpecialChar ~ 10617if (vr != VerificationResult.VR_OK) 10618\newline 1061942\SpecialChar ~ 10620\SpecialChar ~ 10621\SpecialChar ~ 10622\SpecialChar ~ 10623\SpecialChar ~ 10624\SpecialChar ~ 10625\SpecialChar ~ 10626\SpecialChar ~ 10627\SpecialChar ~ 10628\SpecialChar ~ 10629\SpecialChar ~ 10630System.out.println(v.getClassName()+", Pass 3b, method "+ 10631\newline 10632\SpecialChar \- 10633\SpecialChar ~ 10634\SpecialChar ~ 10635\SpecialChar ~ 10636\SpecialChar ~ 10637\SpecialChar ~ 10638\SpecialChar ~ 10639\SpecialChar ~ 10640\SpecialChar ~ 10641\SpecialChar ~ 10642\SpecialChar ~ 10643\SpecialChar ~ 10644\SpecialChar ~ 10645\SpecialChar ~ 10646i+" ['"+jc.getMethods()[i]+"']: 10647\backslash 10648n"+vr); 10649\newline 1065043\SpecialChar ~ 10651\SpecialChar ~ 10652\SpecialChar ~ 10653\SpecialChar ~ 10654\SpecialChar ~ 10655\SpecialChar ~ 10656\SpecialChar ~ 10657} 10658\newline 1065944\SpecialChar ~ 10660\SpecialChar ~ 10661\SpecialChar ~ 10662\SpecialChar ~ 10663\SpecialChar ~ 10664} 10665\newline 1066645\SpecialChar ~ 10667\SpecialChar ~ 10668\SpecialChar ~ 10669\SpecialChar ~ 10670\SpecialChar ~ 10671indent -= 1; 10672\newline 1067346\SpecialChar ~ 10674\SpecialChar ~ 10675\SpecialChar ~ 10676} 10677\newline 1067847 10679\newline 1068048\SpecialChar ~ 10681\SpecialChar ~ 10682/** 10683\newline 1068449\SpecialChar ~ 10685\SpecialChar ~ 10686\SpecialChar ~ 10687* This method implements a demonstration program 10688\newline 1068950\SpecialChar ~ 10690\SpecialChar ~ 10691\SpecialChar ~ 10692* of how to use the VerifierFactoryObserver. 10693 It transitively 10694\newline 1069551\SpecialChar ~ 10696\SpecialChar ~ 10697\SpecialChar ~ 10698* verifies all class files encountered; this may take up a 10699\newline 1070052\SpecialChar ~ 10701\SpecialChar ~ 10702\SpecialChar ~ 10703* lot of time and, more notably, memory. 10704 10705\newline 1070653\SpecialChar ~ 10707\SpecialChar ~ 10708\SpecialChar ~ 10709*/ 10710\newline 1071154\SpecialChar ~ 10712\SpecialChar ~ 10713\SpecialChar ~ 10714public static void main(String[] args){ 10715\newline 1071655\SpecialChar ~ 10717\SpecialChar ~ 10718\SpecialChar ~ 10719\SpecialChar ~ 10720\SpecialChar ~ 10721if (args.length != 1){ 10722\newline 1072356\SpecialChar ~ 10724\SpecialChar ~ 10725\SpecialChar ~ 10726\SpecialChar ~ 10727\SpecialChar ~ 10728\SpecialChar ~ 10729\SpecialChar ~ 10730System.out.println("Need exactly one argument: The root class 10731\newline 10732\SpecialChar \- 10733\SpecialChar ~ 10734\SpecialChar ~ 10735\SpecialChar ~ 10736\SpecialChar ~ 10737\SpecialChar ~ 10738\SpecialChar ~ 10739\SpecialChar ~ 10740\SpecialChar ~ 10741\SpecialChar ~ 10742to verify."); 10743\newline 1074457\SpecialChar ~ 10745\SpecialChar ~ 10746\SpecialChar ~ 10747\SpecialChar ~ 10748\SpecialChar ~ 10749\SpecialChar ~ 10750\SpecialChar ~ 10751System.exit(1); 10752\newline 1075358\SpecialChar ~ 10754\SpecialChar ~ 10755\SpecialChar ~ 10756\SpecialChar ~ 10757\SpecialChar ~ 10758} 10759\newline 1076059\SpecialChar ~ 10761\SpecialChar ~ 10762\SpecialChar ~ 10763\SpecialChar ~ 10764\SpecialChar ~ 10765int dotclasspos = args[0].lastIndexOf(".class"); 10766\newline 1076760\SpecialChar ~ 10768\SpecialChar ~ 10769\SpecialChar ~ 10770\SpecialChar ~ 10771\SpecialChar ~ 10772if (dotclasspos != -1) 10773\newline 1077461\SpecialChar ~ 10775\SpecialChar ~ 10776\SpecialChar ~ 10777\SpecialChar ~ 10778\SpecialChar ~ 10779\SpecialChar ~ 10780\SpecialChar ~ 10781args[0] = args[0].substring(0,dotclasspos); args[0] = 10782\newline 10783\SpecialChar \- 10784\SpecialChar ~ 10785\SpecialChar ~ 10786\SpecialChar ~ 10787\SpecialChar ~ 10788\SpecialChar ~ 10789\SpecialChar ~ 10790\SpecialChar ~ 10791\SpecialChar ~ 10792\SpecialChar ~ 10793args[0].replace('/', '.'); 10794\newline 1079562\SpecialChar ~ 10796\SpecialChar ~ 10797\SpecialChar ~ 10798\SpecialChar ~ 10799\SpecialChar ~ 10800TransitiveHull th = new TransitiveHull(); 10801\newline 1080263\SpecialChar ~ 10803\SpecialChar ~ 10804\SpecialChar ~ 10805\SpecialChar ~ 10806\SpecialChar ~ 10807VerifierFactory.attach(th); 10808\newline 1080964\SpecialChar ~ 10810\SpecialChar ~ 10811\SpecialChar ~ 10812\SpecialChar ~ 10813\SpecialChar ~ 10814VerifierFactory.getVerifier(args[0]); // the observer is called 10815\newline 10816\SpecialChar \- 10817\SpecialChar ~ 10818\SpecialChar ~ 10819\SpecialChar ~ 10820\SpecialChar ~ 10821\SpecialChar ~ 10822\SpecialChar ~ 10823\SpecialChar ~ 10824back and does the actual trick. 10825\newline 1082665\SpecialChar ~ 10827\SpecialChar ~ 10828\SpecialChar ~ 10829\SpecialChar ~ 10830\SpecialChar ~ 10831VerifierFactory.detach(th); 10832\newline 1083366\SpecialChar ~ 10834\SpecialChar ~ 10835\SpecialChar ~ 10836} 10837\newline 1083867\SpecialChar ~ 10839} 10840\newline 10841 10842\layout Standard 10843 10844 10845\size small 10846First, an instance of the 10847\emph on 10848TransitiveHull 10849\emph default 10850 class is created in line 62. 10851 Note that this class implements the 10852\emph on 10853VerifierFactoryObserver 10854\emph default 10855 interface. 10856\layout Standard 10857 10858 10859\size small 10860A reference to the newly created instance is then passed to the 10861\emph on 10862VerifierFactory 10863\emph default 10864 in line 63 by invoking its 10865\emph on 10866attach(VerifierFactoryObserver) 10867\emph default 10868 method. 10869 After registering the new observer, the 10870\emph on 10871VerifierFactory 10872\emph default 10873 will call the instance's 10874\emph on 10875 update(String) 10876\emph default 10877 method (defined in lines 20-46) whenever a new 10878\emph on 10879Verifier 10880\emph default 10881 instance is created. 10882\layout Standard 10883 10884 10885\size small 10886To trigger the verification, a first 10887\emph on 10888Verifier 10889\emph default 10890 instance is fetched from the 10891\emph on 10892VerifierFactory 10893\emph default 10894. 10895 Because it is the very first 10896\emph on 10897Verifier 10898\emph default 10899 instance that is fetched, we know that it has to be newly created. 10900 This is done in line 64. 10901 This instance is not used in the 10902\emph on 10903main(String[]) 10904\emph default 10905 method; but its creation leads to a invocation of the 10906\emph on 10907update(String) 10908\emph default 10909 method which is defined in lines 20-46. 10910\layout Standard 10911 10912There, the name of the class to verify is printed (lines 21-25, line 45) 10913 and the four verification passes provided by JustIce are run. 10914 Note that one has to be careful not to try to verify a method that does 10915 not exist. 10916 JustIce would in this case throw an 10917\emph on 10918InvalidMethodException 10919\emph default 10920. 10921 Therefore, after successfully verifying that the structure of the class 10922 file to verify is well-formed (verification up to and including pass two, 10923 lines 26-31), the number of methods is fetched from the corresponding JavaClass 10924 object. 10925 (It is necessary to perform verification pass two on a class file to safely 10926 find out how many methods are defined in this class file.) 10927\layout Standard 10928 10929After determining the number of methods, these methods are verified performing 10930 passes 3a and 3b on them (lines 32-44). 10931\layout Standard 10932 10933By applying all verification passes on some class file 10934\emph on 10935C 10936\emph default 10937, all class files referenced by 10938\emph on 10939C 10940\emph default 10941 are found. 10942 Therefore, new 10943\emph on 10944Verifier 10945\emph default 10946 instances are created which are responsible for them. 10947 Because of that, the 10948\emph on 10949update(String) 10950\emph default 10951 method described above is called for every referenced class. 10952 This is a recursive loop; the program terminates when there is no referenced 10953 class left to be verified. 10954\layout Standard 10955 10956The example above is simple yet powerful. 10957 Admittedly, it is of limited use to verify classes provided by the JVM 10958 vendor; therefore one would not normally verify all the transitive hull 10959 of referenced class files. 10960 However, a common use is verifying all classes of a project. 10961 Inserting a new line between line 20 and 21 like 10962\layout Standard 10963 10964 10965\family typewriter 10966if (!(classname.startsWith( 10967\begin_inset Quotes eld 10968\end_inset 10969 10970de.fub.bytecode.verifier 10971\begin_inset Quotes erd 10972\end_inset 10973 10974)) return; 10975\newline 10976 10977\family default 10978would easily accomplish this goal if JustIce itself is the project to verify 10979 and all the project's class files are referenced by another class file 10980 in the project. 10981\layout Section 10982 10983 10984\begin_inset LatexCommand \label{GUI_APP} 10985 10986\end_inset 10987 10988An Application Prototype 10989\layout Standard 10990 10991The API of JustIce is used to offer bytecode engineers an opportunity to 10992 create their own application programs. 10993 However, this dimension of configurability is often not needed. 10994\layout Standard 10995 10996JustIce comes with an application prototype which provides an easy-to-use 10997 user interface. 10998 Figures 10999\begin_inset LatexCommand \ref{GUI1fig} 11000 11001\end_inset 11002 11003 and 11004\begin_inset LatexCommand \ref{GUI2fig} 11005 11006\end_inset 11007 11008 show screen shots of this prototype built on the JustIce verifier. 11009 The boxes to the right contain verification information. 11010 From the top to the bottom the boxes represent the verification passes 11011 one, two, 3a and 3b and the warning messages, respectively. 11012\layout Standard 11013 11014\begin_float fig 11015\layout Standard 11016\align center 11017 11018\begin_inset Figure size 595 757 11019file GUI1.eps 11020width 3 100 11021height 3 90 11022angle 90 11023flags 9 11024 11025\end_inset 11026 11027 11028\layout Caption 11029 11030 11031\begin_inset LatexCommand \label{GUI1fig} 11032 11033\end_inset 11034 11035Verification of the Mini.MiniParser class file. 11036 Verification is passed, but JustIce suggests to remove unnecessary (debug 11037 information) attributes. 11038\end_float 11039\begin_float fig 11040\layout Standard 11041\align center 11042 11043\begin_inset Figure size 595 757 11044file GUI2.eps 11045width 3 100 11046height 3 90 11047angle 90 11048flags 9 11049 11050\end_inset 11051 11052 11053\layout Caption 11054 11055 11056\begin_inset LatexCommand \label{GUI2fig} 11057 11058\end_inset 11059 11060Verification of the java.io.ObjectInputStream class file. 11061 Verification is not passed because of an unsatisfied constraint related 11062 to subroutines. 11063\end_float 11064\layout Chapter 11065 11066Conclusion 11067\layout Section 11068 11069What Was Achieved 11070\layout Standard 11071 11072About a third of the development time of JustIce was spent examining the 11073 various issues in connection with subroutines, i.e., issues concerning the 11074 bytecode instructions 11075\latex latex 11076 11077\backslash 11078texttt{jsr} 11079\latex default 11080, 11081\latex latex 11082 11083\backslash 11084texttt{jsr 11085\backslash 11086_w} 11087\latex default 11088 and 11089\latex latex 11090 11091\backslash 11092texttt{ret} 11093\latex default 11094. 11095 This led to a new definition of the term 11096\emph on 11097subroutine 11098\emph default 11099 (section 11100\begin_inset LatexCommand \ref{SpecSubroutines} 11101 11102\end_inset 11103 11104) 11105\begin_float footnote 11106\layout Standard 11107 11108A request for clarification of the subroutine issue, sent to the electronic 11109 mail address 11110\family typewriter 11111jvm@java.sun.com 11112\family default 11113 was not answered. 11114\end_float 11115, a new implementation of this verification area (section 11116\begin_inset LatexCommand \ref{SubroutineImpl} 11117 11118\end_inset 11119 11120) and a discussion on the arising incompatibilities (sections 11121\begin_inset LatexCommand \ref{ComparisonSubroutines} 11122 11123\end_inset 11124 11125 and 11126\begin_inset LatexCommand \ref{StaerkJreject} 11127 11128\end_inset 11129 11130). 11131\layout Standard 11132 11133Only a few different verifier implementations exist at all, and most of 11134 them are incomplete. 11135 JustIce is a complete class file verifier implementation including a bytecode 11136 verifier. 11137\layout Standard 11138 11139The development of JustIce also led to improvements of the Byte Code Engineering 11140 Library 11141\begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} 11142 11143\end_inset 11144 11145. 11146 For instance, the 11147\family typewriter 11148returnaddress 11149\family default 11150 data type was introduced there. 11151 It was modeled as a parameterized type. 11152 Also, a programming error was repaired that led to inconsistent treatment 11153 of exception handlers in the BCEL. 11154\layout Standard 11155 11156The control flow graph used by JustIce can also be used in other projects; 11157 the Verification API provides access to this data structure 11158\begin_float footnote 11159\layout Standard 11160 11161A 11162\family typewriter 11163Control\SpecialChar \- 11164Flow\SpecialChar \- 11165Graph 11166\family default 11167 instance can be created by invoking the 11168\emph on 11169Control\SpecialChar \- 11170Flow\SpecialChar \- 11171Graph(Method\SpecialChar \- 11172Gen) 11173\emph default 11174 constructor. 11175 A 11176\family typewriter 11177Method\SpecialChar \- 11178Gen 11179\family default 11180 is the BCEL's representation of a method. 11181\end_float 11182. 11183 Only because of the clarification of the subroutine issues could such a 11184 data structure be defined statically. 11185\layout Standard 11186 11187As an Open Source project, JustIce provides algorithms which may be re-used 11188 in own projects. 11189 For example, every compiler targeting the JVM has to calculate the maximum 11190 amount of stack memory used by a method. 11191 This is also done by JustIce. 11192\layout Standard 11193 11194Finally, the need for a discussion on the meaning of 11195\emph on 11196Java security 11197\emph default 11198 was identified (see section 11199\begin_inset LatexCommand \ref{LinePrincipleInfoHidingAndSecurity} 11200 11201\end_inset 11202 11203). 11204\layout Section 11205 11206What Could Not Be Achieved 11207\layout Subsection 11208 11209A Constraint Database 11210\layout Standard 11211 11212Efforts have been made to make JustIce verifier highly configurable. 11213 Unfortunately, this could not be accomplished by the author. 11214 For instance, it was planned to build a constraint database which would 11215 make it possible to turn on or off single checks during verification. 11216\layout Standard 11217 11218While this might be possible in some cases, in general the constraints of 11219 the class file verifier are highly intertwined. 11220 For instance, without a well-formed constant pool one could not run the 11221 data flow analyzer in a sane way. 11222 As another example, if a user preferred not to care about stack underflow 11223 the verification algorithm would require complicated user interaction; 11224 i.e., the user would have to decide what type to put onto the simulated operand 11225 stack just before it is read. 11226\layout Standard 11227 11228One could model the interdependencies of the various constraints and allow 11229 only groups of checks to be turned on or off together. 11230 However, the author doubts this could be done in a way that is not prone 11231 to errors and that can be validated easily. 11232\layout Standard 11233 11234This is also the reason why only one error is reported if verification fails. 11235 Trying to continue verification and find more constraint violations leads 11236 only to consequential verification errors. 11237\layout Standard 11238 11239JustIce implements caching of verification results. 11240 If a bytecode engineer works on a class file and needs to run JustIce several 11241 times against it, JustIce will cache the verification results of the recursivel 11242y referenced class files. 11243 Because of this, JustIce will be fast every subsequent time it is used 11244 to verify the class. 11245 This minimizes the impact of the above shortcomings. 11246\layout Subsection 11247 11248A Perfect Verifier 11249\layout Standard 11250 11251JustIce does not implement a perfect verifier. 11252 Some class files with code that is safe to execute are rejected. 11253 Unfortunately, there has to be some degree of uncertainty concerning which 11254 class files to reject. 11255\layout Standard 11256 11257The JVM performs 11258\emph on 11259initialization 11260\emph default 11261 of class files after loading and verifying them without error. 11262 This includes running the code in the special class initialization method 11263 called 11264\emph on 11265<clinit> 11266\emph default 11267 if it exists (see 11268\begin_inset LatexCommand \cite{vmspec2} 11269 11270\end_inset 11271 11272, page 53). 11273 For the correct operation of the JVM it is important that this method does 11274 not contain an infinite loop. 11275 Verifying if this constraint is true is similar to the Halting Problem 11276 and therefore not generally computable 11277\begin_inset LatexCommand \cite{Unknowable} 11278 11279\end_inset 11280 11281. 11282 A verifier has to omit the check and pass potentially unsafe class files. 11283\layout Standard 11284 11285For another example, consider algorithm 11286\begin_inset LatexCommand \ref{StackOverflowAlgo} 11287 11288\end_inset 11289 11290 below. 11291\layout Standard 11292 11293\begin_float alg 11294\layout Caption 11295 11296 11297\begin_inset LatexCommand \label{StackOverflowAlgo} 11298 11299\end_inset 11300 11301Rejected class 11302\layout Standard 11303 11304 11305\family typewriter 11306public static int always_true() 11307\layout Standard 11308 11309 11310\family typewriter 11311Code(max_stack = 1, max_locals = 1, code_length = 2) 11312\layout Standard 11313 11314 11315\family typewriter 113160: iconst_1\SpecialChar ~ 11317\SpecialChar ~ 11318; push constant 1 onto stack 11319\layout Standard 11320 11321 11322\family typewriter 113231: ireturn\SpecialChar ~ 11324\SpecialChar ~ 11325\SpecialChar ~ 11326; return constant 1 ( 11327\begin_inset Quotes eld 11328\end_inset 11329 11330true 11331\begin_inset Quotes erd 11332\end_inset 11333 11334) 11335\newline 11336 11337\layout Standard 11338 11339 11340\family typewriter 11341public static void good_method() 11342\layout Standard 11343 11344 11345\family typewriter 113460: invokestatic NewClass0.always_true ()I (18) 11347\layout Standard 11348 11349 11350\family typewriter 11351\SpecialChar \- 11352\SpecialChar ~ 11353\SpecialChar ~ 11354\SpecialChar ~ 11355\SpecialChar ~ 11356\SpecialChar ~ 11357\SpecialChar ~ 11358\SpecialChar ~ 11359\SpecialChar ~ 11360\SpecialChar ~ 11361\SpecialChar ~ 11362\SpecialChar ~ 11363\SpecialChar ~ 11364\SpecialChar ~ 11365\SpecialChar ~ 11366\SpecialChar ~ 11367\SpecialChar ~ 11368\SpecialChar ~ 11369\SpecialChar ~ 11370\SpecialChar ~ 11371\SpecialChar ~ 11372\SpecialChar ~ 11373; Push 11374\begin_inset Quotes eld 11375\end_inset 11376 11377true 11378\begin_inset Quotes erd 11379\end_inset 11380 11381 on stack 11382\layout Standard 11383 11384 11385\family typewriter 113863: ifne #10\SpecialChar ~ 11387\SpecialChar ~ 11388\SpecialChar ~ 11389\SpecialChar ~ 11390\SpecialChar ~ 11391\SpecialChar ~ 11392\SpecialChar ~ 11393\SpecialChar ~ 11394\SpecialChar ~ 11395\SpecialChar ~ 11396; If 11397\begin_inset Quotes eld 11398\end_inset 11399 11400true 11401\begin_inset Quotes erd 11402\end_inset 11403 11404 is on stack jump to 10 11405\layout Standard 11406 11407 11408\family typewriter 114096: pop \SpecialChar ~ 11410\SpecialChar ~ 11411\SpecialChar ~ 11412\SpecialChar ~ 11413\SpecialChar ~ 11414\SpecialChar ~ 11415\SpecialChar ~ 11416\SpecialChar ~ 11417\SpecialChar ~ 11418\SpecialChar ~ 11419\SpecialChar ~ 11420\SpecialChar ~ 11421\SpecialChar ~ 11422\SpecialChar ~ 11423; Pop a value off the stack 11424\layout Standard 11425 11426 11427\family typewriter 114287: goto #6 \SpecialChar ~ 11429\SpecialChar ~ 11430\SpecialChar ~ 11431\SpecialChar ~ 11432\SpecialChar ~ 11433\SpecialChar ~ 11434\SpecialChar ~ 11435\SpecialChar ~ 11436\SpecialChar ~ 11437\SpecialChar ~ 11438; jump to 6 11439\layout Standard 11440 11441 11442\family typewriter 1144310:return\SpecialChar ~ 11444\SpecialChar ~ 11445\SpecialChar ~ 11446\SpecialChar ~ 11447\SpecialChar ~ 11448\SpecialChar ~ 11449\SpecialChar ~ 11450\SpecialChar ~ 11451\SpecialChar ~ 11452\SpecialChar ~ 11453\SpecialChar ~ 11454\SpecialChar ~ 11455; complete method 11456\end_float 11457This code is harmless, because lines 6 and 7 can never be executed (it would 11458 underflow the operand stack in an infinite loop). 11459 A class file with this code is rejected by JustIce and other verifiers, 11460 because the endless loop seems to be a malicious threat to the integrity 11461 of the JVM. 11462\layout Standard 11463 11464We conclude that there cannot be a perfect verifier. 11465 All that could be done is reduce the degree of uncertainty. 11466 For practical purposes, i.e., to be compatible with Sun's implementation, 11467 one should not even do that. 11468\layout Standard 11469 11470There is also a simple proof showing a perfect verifier does not exist in 11471 11472\begin_inset LatexCommand \cite{JNS} 11473 11474\end_inset 11475 11476, chapter 6. 11477 It uses a diagonalization argument. 11478\layout Section 11479 11480Future Work 11481\layout Standard 11482 11483Class file verification is an integral component of Java security; and applicati 11484on programs running on the Java Virtual Machine are often used in security 11485 critical areas. 11486 Several security holes and flaws have been found both in implementations 11487 and the specification of the Java class file verifier since it was introduced. 11488\layout Standard 11489 11490Recently, the area has experienced a leap as a theoretically founded, sound 11491 and complete Java environment was defined in 11492\begin_inset LatexCommand \cite{JBook} 11493 11494\end_inset 11495 11496. 11497 Possibly Sun's engineers will use this work to improve Java and the Java 11498 verifier. 11499 JustIce will have to change to always keep close to the industry standard. 11500 11501\layout Standard 11502 11503But JustIce itself can also be improved concerning practicability, and new 11504 software can be developed on top of the Verification API. 11505\layout Subsection 11506 11507Improvements to JustIce 11508\layout Subsubsection 11509 11510Introduction of Unique Identifers for Verification Results and Warning Messages 11511\layout Standard 11512 11513Currently, warning messages and verification results are conceptually text-based. 11514 Only 11515\emph on 11516VerificationResult 11517\emph default 11518 objects include a numeric value which programs can use to decide if some 11519 class verification failed or not. 11520 A program like the prototype introduced in section 11521\begin_inset LatexCommand \ref{GUI_APP} 11522 11523\end_inset 11524 11525 can currently not hide specific messages from the user without parsing 11526 text. 11527 This limitation should be removed in the future by using unique message 11528 numbers. 11529 This would also make translation of the messages into other languages easier. 11530\layout Subsubsection 11531 11532 11533\begin_inset LatexCommand \label{NewVerificationStrategy} 11534 11535\end_inset 11536 11537A New Verification Strategy 11538\layout Standard 11539 11540The core verification algorithm cited in section 11541\begin_inset LatexCommand \ref{SunCoreAlgo} 11542 11543\end_inset 11544 11545 works by generalizing the knowledge about an object type along the inheritance 11546 hierarchy. 11547\layout Standard 11548 11549For instance, let there be an object of type 11550\family typewriter 11551java.util.Ab\SpecialChar \- 11552stract\SpecialChar \- 11553List 11554\family default 11555 on the simulated stack of some modeled instruction. 11556 Let there be a loop so that the algorithm has to visit that same instruction 11557 again, this time with an object of type 11558\family typewriter 11559java.util.Ab\SpecialChar \- 11560stract\SpecialChar \- 11561Set 11562\family default 11563 in that same stack slot. 11564 The verifier will compute the meet of the two types and record that there 11565 is some object of type 11566\family typewriter 11567java.util.Ab\SpecialChar \- 11568stract\SpecialChar \- 11569Collection 11570\family default 11571 in that stack slot. 11572\layout Standard 11573 11574Remember that the instruction will be marked with a 11575\emph on 11576changed 11577\emph default 11578 bit until no such re-typing change occurs any more (JustIce will actually 11579 put it into a queue). 11580\layout Standard 11581 11582This approach does not work very well when it comes to interface types instead 11583 of class files. 11584 For example, the meet of a 11585\family typewriter 11586java.lang.In\SpecialChar \- 11587teger 11588\family default 11589 and a 11590\family typewriter 11591java.lang.Doub\SpecialChar \- 11592le 11593\family default 11594 is a 11595\family typewriter 11596java.lang.Num\SpecialChar \- 11597ber 11598\family default 11599 because 11600\family typewriter 11601java.lang.Num\SpecialChar \- 11602ber 11603\family default 11604\emph on 11605 11606\emph default 11607is the first common super class. 11608 Both classes also implement the 11609\family typewriter 11610java.lang.Com\SpecialChar \- 11611parable 11612\family default 11613 interface, but 11614\family typewriter 11615java.lang.Num\SpecialChar \- 11616ber 11617\family default 11618 does not. 11619 This information is lost when replacing the type information. 11620 However, current verifiers do not reject the class files but make additional 11621 run-time checks necessary. 11622\layout Standard 11623 11624Fong noticed that this could be the reason for the 11625\latex latex 11626 11627\backslash 11628texttt{invoke\SpecialChar \- 11629interface} 11630\latex default 11631 opcode to be underspecified 11632\begin_inset LatexCommand \cite{Fong2-WWW} 11633 11634\end_inset 11635 11636 (also see section 11637\begin_inset LatexCommand \ref{InvokeInterfaceDescFONG} 11638 11639\end_inset 11640 11641). 11642\layout Standard 11643 11644St�rk et al. 11645 suggest the use of 11646\emph on 11647sets 11648\emph default 11649 of reference types instead ( 11650\begin_inset LatexCommand \cite{JBook} 11651 11652\end_inset 11653 11654, pages 229-231). 11655 This could also be implemented in JustIce. 11656\layout Subsubsection 11657 11658Keeping up with Specification Clarifications 11659\layout Standard 11660 11661As a clean-room implementation, JustIce depends on the clearness of the 11662 specification. 11663 Ambiguities could lead to programming errors. 11664\layout Standard 11665 11666Here we give one example: methods can be inherited in Java (for example, 11667 the method 11668\emph on 11669clone() 11670\emph default 11671is declared in the 11672\family typewriter 11673java.lang.Ob\SpecialChar \- 11674ject 11675\family default 11676 class and therefore inherited by every other class). 11677\layout Standard 11678 11679Let a class 11680\family typewriter 11681A 11682\family default 11683 be a subclass of 11684\family typewriter 11685java.lang.Ob\SpecialChar \- 11686ject 11687\family default 11688 and let class 11689\family typewriter 11690B 11691\family default 11692 be a subclass of 11693\family typewriter 11694A 11695\family default 11696. 11697 Also, let class 11698\family typewriter 11699B 11700\family default 11701 override the definition of 11702\emph on 11703clone() 11704\emph default 11705 with an own implementation. 11706\layout Standard 11707 11708If 11709\emph on 11710javac 11711\emph default 11712 compiles a Java program that invokes this method, it is either referenced 11713 as 11714\emph on 11715java.lang.Ob\SpecialChar \- 11716ject::clone() 11717\emph default 11718 or as 11719\emph on 11720B::clone() 11721\emph default 11722. 11723 However, because 11724\family typewriter 11725A 11726\family default 11727 inherits this method, the reference 11728\emph on 11729A::clone() 11730\emph default 11731 is legal, too. 11732\layout Standard 11733 11734In The Java Virtual Machine Specification, Second Edition ( 11735\begin_inset LatexCommand \cite{vmspec2} 11736 11737\end_inset 11738 11739, page 291) it is said that the reference must be a 11740\begin_inset Quotes eld 11741\end_inset 11742 11743symbolic reference to the class in which the method is to be found 11744\begin_inset Quotes erd 11745\end_inset 11746 11747. 11748 Statically, the method 11749\emph on 11750clone() 11751\emph default 11752 can of course not be found in class 11753\family typewriter 11754A 11755\family default 11756. 11757 One could therefore think the reference 11758\emph on 11759A::clone() 11760\emph default 11761 was not legal. 11762\layout Standard 11763 11764In the meanwhile, Sun's engineer Gilad Bracha clarified this issue: 11765\begin_inset Quotes eld 11766\end_inset 11767 11768Of course. 11769 This is discussed in JVMS 5.4.3.4, which describes interface method resolution. 11770 I don't see the text on page 280 as contradicting that. 11771 The symbolic reference does give an interface in which the required method 11772 can be found, albeit as an inherited member. 11773 We could try and reword it in a more precise way, to eliminate any misunderstan 11774dings. 11775\begin_inset Quotes erd 11776\end_inset 11777 11778 11779\layout Standard 11780 11781Keeping up with clarifications like this is an inevitable and on-going part 11782 of the development of JustIce. 11783\layout Subsubsection 11784 11785Keeping up with Java Extensions 11786\layout Standard 11787 11788Recently, Sun Microsystems introduced a new attribute: the 11789\family typewriter 11790StackMap 11791\family default 11792 attribute which is an attribute local to the 11793\family typewriter 11794Code 11795\family default 11796 attribute (see section 11797\emph on 11798 11799\begin_inset LatexCommand \ref{CodeAttribute} 11800 11801\end_inset 11802 11803 11804\emph default 11805). 11806 It was specified in 11807\begin_inset LatexCommand \cite{J2ME-CLDCS} 11808 11809\end_inset 11810 11811. 11812\layout Standard 11813 11814It is there to provide 11815\begin_inset Quotes eld 11816\end_inset 11817 11818limited devices 11819\begin_inset Quotes erd 11820\end_inset 11821 11822 that perform a one-pass verification with type information that would normally 11823 have to be inferred by the verifier. 11824\layout Standard 11825 11826It is not used by the verification algorithm of JustIce now: it's currently 11827 an 11828\emph on 11829unknown attribute 11830\emph default 11831 to JustIce. 11832\layout Subsubsection 11833 11834Detecting Local Variable Accesses out of Scope 11835\layout Standard 11836 11837The 11838\family typewriter 11839LocalVariableTable 11840\family default 11841 attribute is a debug information attribute. 11842 Basically, it gives debuggers information about the original (source code) 11843 name and type of a given local variable. 11844\layout Standard 11845 11846JustIce builds data structures to warn if it detects contradicting and overlappi 11847ng areas; e.g., if some local variable is anounced to carry an 11848\family typewriter 11849int 11850\family default 11851 value and a 11852\family typewriter 11853float 11854\family default 11855 value at the same time. 11856\layout Standard 11857 11858It could also be interesting to warn if a local variable is accessed for 11859 which no debug information exists. 11860 This is currently not implemented. 11861\layout Subsubsection 11862 11863Extending the Verification API 11864\layout Standard 11865 11866JustIce can easily be extended to run certain analyses related to symbolic 11867 bytecode execution. 11868\layout Standard 11869 11870This includes the computation of the maximum number of used operand stack 11871 slots in a method or the computation of unused local variables in a method. 11872\layout Standard 11873 11874These analyses are normally costly to implement 11875\begin_float footnote 11876\layout Standard 11877 11878Often, heuristics are used such as the method MethodGen.getMaxStack() in 11879 the BCEL 11880\begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} 11881 11882\end_inset 11883 11884. 11885\end_float 11886, but they are a waste product of the verifier's core algorithm. 11887\layout Subsubsection 11888 11889 11890\begin_inset LatexCommand \label{VerifierValidationSuite} 11891 11892\end_inset 11893 11894A Verifier Validation Suite 11895\layout Standard 11896 11897The Kimera project 11898\begin_inset LatexCommand \cite{Kimera-WWW} 11899 11900\end_inset 11901 11902 was the first known project to implement a stand-alone Java verifier. 11903 The people behind the project had to test the behaviour of their verifier 11904 against the behaviour of the previous implementations. 11905 Tests have been run in order to validate the Kimera verifier. 11906 These tests range from simply introducing random one-byte errors into class 11907 files and automatically running Kimera against other verifiers to elaborate 11908 research work 11909\begin_inset LatexCommand \cite{Kimera-ProdGram,Kimera-TestingJVM} 11910 11911\end_inset 11912 11913. 11914\layout Standard 11915 11916Currently, JustIce comes only with a very limited possibility of running 11917 test cases against the native verifier of the host machine's JVM. 11918 The pioneering work of the Kimera project could be used to implement a 11919 validation suite for JustIce. 11920\layout Subsection 11921 11922 11923\begin_inset LatexCommand \label{Firewall} 11924 11925\end_inset 11926 11927A Verifier Protecting an Intranet 11928\layout Standard 11929 11930Often, Java Virtual Machines are built into software used to browse the 11931 World Wide Web such as the KDE project's 11932\emph on 11933Konqueror 11934\begin_inset LatexCommand \cite{KDE} 11935 11936\end_inset 11937 11938 11939\emph default 11940 or Mozilla.org's 11941\emph on 11942Mozilla 11943\emph default 11944 11945\begin_inset LatexCommand \cite{Mozilla} 11946 11947\end_inset 11948 11949 products. 11950 Such Internet technology is also often used in corporate networks. 11951 Corporate networks based on internet technology are called 11952\emph on 11953intranets 11954\emph default 11955; these networks are normally protected from the Internet by a so-called 11956 11957\emph on 11958firewall 11959\emph default 11960 computer. 11961 11962\layout Standard 11963 11964This computer's task is to provide access to the internet only to privileged 11965 employees and --even more important-- it blocks access from unauthorized 11966 persons outside the intranet. 11967 The firewall machine is a single, bi-directional point of access. 11968\layout Standard 11969 11970However, normally web-browsing is considered harmless, so that the employees 11971 can unrestrictedly gather information, possibly visiting Java-enabled web 11972 sites. 11973 The JVMs built into the browser software run software downloaded from the 11974 World Wide Web; while the the built-in verifiers make sure that no dangerous 11975 code can be executed. 11976\layout Standard 11977 11978Let us assume someone discovered a security hole in the verifier implementation 11979 or implementations that are used on the corporate network's workstations; 11980 let us also assume a patch exists that would fix the problem. 11981 11982\layout Standard 11983 11984A system administrator would have to spent a lot of time to repair every 11985 single verifier. 11986 A cheaper solution would be a verifier built into the firewall machine; 11987 such a verifier can easily be implemented using JustIce and its Verification 11988 API. 11989\layout Subsection 11990 11991A Java Virtual Machine Implementation Using JustIce 11992\layout Standard 11993 11994The Java verifier is originally a part of the Java Virtual Machine. 11995 JustIce could also be part of a Java Virtual Machine. 11996 JustIce's class files (the program code JustIce consists of) could simply 11997 be integrated into the core Java class files. 11998 The execution engine would then run JustIce without actually verifying 11999 JustIce's class files themselves. 12000 12001\layout Standard 12002 12003For scientific purposes one could also implement a JVM in the Java programming 12004 language. 12005 Such an implementation could, for example, serve as a debugger. 12006\layout Subsection 12007 12008 12009\begin_inset LatexCommand \label{LinePrincipleInfoHidingAndSecurity} 12010 12011\end_inset 12012 12013Drawing a Clear Line Between the Principle of Information Hiding and Security 12014\layout Standard 12015 12016The principle of information hiding has been (and still is!) a practice 12017 of experienced programmers for many years. 12018 It is there to reduce programming errors. 12019\layout Standard 12020 12021In the Modula-2 programming language 12022\begin_inset LatexCommand \cite{M2} 12023 12024\end_inset 12025 12026 this is achieved by explicitely dividing the program code in definition 12027 modules and implementation modules. 12028 In older programming languages, such as in the C programming language 12029\begin_inset LatexCommand \cite{C} 12030 12031\end_inset 12032 12033, this principle is implicitely used, too. 12034 Basically this is achieved by defining interfaces that only describe what 12035 the code of a program module does. 12036 These interface 12037\begin_inset Quotes eld 12038\end_inset 12039 12040headers 12041\begin_inset Quotes erd 12042\end_inset 12043 12044 are included into user code instead of simply including the code itself. 12045 12046\layout Standard 12047 12048In object-oriented programming languages such as in Delphi 12049\begin_inset LatexCommand \cite{D3} 12050 12051\end_inset 12052 12053, C++ 12054\begin_inset LatexCommand \cite{CPP-D,CPP-E} 12055 12056\end_inset 12057 12058 or Java 12059\begin_inset LatexCommand \cite{langspec2} 12060 12061\end_inset 12062 12063, this principle is refined to what is called object encapsulation. 12064 When a class is defined, certain key words such as 12065\family typewriter 12066private 12067\family default 12068, 12069\family typewriter 12070protected 12071\family default 12072, 12073\family typewriter 12074friend 12075\family default 12076, 12077\family typewriter 12078public 12079\family default 12080, 12081\family typewriter 12082published 12083\family default 12084 set the access rules for the members 12085\begin_float footnote 12086\layout Standard 12087 12088The members of a class are its components: methods (program code) and fields 12089 (also called attributes or variables). 12090\end_float 12091 of an object of the given class. 12092\layout Standard 12093 12094Still, this refined technique does not have anything to do with security. 12095 It is only there to aid programmers create a reasonable design. 12096 If every piece of code could manipulate every data structure, one would 12097 not know where to look for a programming error in the program source code. 12098 On the other hand, if some field is private in C++, one could (with some 12099 knowledge about the compiler used) still reference and modify this field 12100 by pointer manipulation. 12101 In addition to that, a second program like a debugger could watch even 12102 the data of private fields. 12103\layout Standard 12104 12105However, when a Java program is compiled into the language of the JVM, the 12106 information about the access rights of the fields and methods is included. 12107 This is where the principle of information hiding is exploited to provide 12108 security. 12109 For example, the verifier of the JVM has to make sure private fields are 12110 never accessed from a foreign piece of code. 12111 But there are many implementations of the JVM which have security flaws 12112 such as not honouring the access rights. 12113 There are debuggers for JVM bytecodes, too. 12114\layout Standard 12115 12116When one thinks about security, one has to think of some enemy who could 12117 try to harm the computer or information stored on that computer. 12118 From a JVM user's point of view, the JVM is relatively secure. 12119 Even running untrusted code cannot do much harm. 12120 Because the security flaws in different JVM implementations differ, they 12121 are probably not exploited most times. 12122\layout Standard 12123 12124From a Java programmer's point of view, the JVM is not secure. 12125 Untrusted users can do much harm. 12126 For example, an online banking application storing important data in Java 12127 fields (such as access information to the bank's database management system) 12128 is a threat to both the bank and its customers. 12129 This information could easily be extracted by a malicious user. 12130\layout Standard 12131 12132Another problem for Java programmers is the amount of symbolical information 12133 stored in class files. 12134 Today, it is easy to de-compile a Java class file back to Java language 12135 source code 12136\begin_inset LatexCommand \cite{JODE-WWW} 12137 12138\end_inset 12139 12140. 12141 This source code can then be read and analyzed by the user. 12142 Facing this problem, the 12143\begin_inset Quotes eld 12144\end_inset 12145 12146only safe course of action is to assume that ALL Java code will at some 12147 point be decompiled 12148\begin_inset Quotes erd 12149\end_inset 12150 12151 ( 12152\begin_inset LatexCommand \cite{JNS} 12153 12154\end_inset 12155 12156, page 68). 12157\layout Standard 12158 12159We conclude that the principle of information hiding is not enough to provide 12160 a degree of security that both --users and programmers-- could accept. 12161 Programmers should not believe a good design makes a program 12162\emph on 12163secure 12164\emph default 12165. 12166 12167\layout Chapter 12168 12169Appendix 12170\layout Section 12171 12172History of JustIce 12173\layout Standard 12174 12175The author of JustIce once started to implement a class file decompiler 12176 like Jode 12177\begin_inset LatexCommand \cite{JODE-WWW} 12178 12179\end_inset 12180 12181. 12182 It soon became clear that to successfully implement it, one should exploit 12183 the 12184\begin_inset Quotes eld 12185\end_inset 12186 12187well-behaved 12188\begin_inset Quotes erd 12189\end_inset 12190 12191 property of class files (which essentially means that they pass a verifier, 12192 especially pass three) 12193\begin_inset LatexCommand \cite{Krakatoa-WWW} 12194 12195\end_inset 12196 12197. 12198 12199\layout Standard 12200 12201JustIce was then developed to understand the 12202\begin_inset Quotes eld 12203\end_inset 12204 12205well-behaved 12206\begin_inset Quotes erd 12207\end_inset 12208 12209 property of usual class files. 12210 It took much longer to complete than estimated because of the many inherent 12211 bugs and ambiguities in The Java Virtual Machine Specification, Second 12212 Edition 12213\begin_inset LatexCommand \cite{vmspec2} 12214 12215\end_inset 12216 12217. 12218\layout Standard 12219 12220Its name starts with a 12221\emph on 12222J 12223\emph default 12224 like Java does, referring to the tradition of giving Java-related software 12225 such names. 12226 The second part of the name, 12227\emph on 12228ICE 12229\emph default 12230, was inspired by a novel by William Gibson 12231\begin_inset LatexCommand \cite{Neuromancer} 12232 12233\end_inset 12234 12235. 12236 It is an acronym for 12237\emph on 12238Intrusion Countermeasures Electronics 12239\emph default 12240, something that is very much like today's firewall systems (see section 12241 12242\begin_inset LatexCommand \ref{Firewall} 12243 12244\end_inset 12245 12246). 12247 He credits the invention of 12248\emph on 12249ICE 12250\emph default 12251 to Tom Maddox. 12252 The missing three letters were inserted to create a word that makes sense; 12253 in fact, choosing the three-letter combination 12254\emph on 12255ust 12256\emph default 12257resulted in the creation of a word with a double sense via bi-capitalization. 12258\layout Standard 12259 12260JustIce was written using and extending the excellent Byte Code Engineering 12261 Library 12262\begin_inset LatexCommand \cite{BCEL-WWW,BCEL98} 12263 12264\end_inset 12265 12266 by Markus Dahm. 12267 It really helped a lot and sped up development time. 12268\layout Standard 12269 12270It was also --last but not least-- written to earn its author a German 12271\emph on 12272 Dipl.-Inform. 12273 12274\emph default 12275 degree which one may compare to a 12276\emph on 12277master 12278\emph default 12279 degree. 12280\layout Section 12281 12282Flaws and Ambiguities Encountered 12283\layout Standard 12284 12285While designing, implementing and testing JustIce, a lot of interesting 12286 flaws and ambiguities were found in the specification 12287\begin_inset LatexCommand \cite{vmspec2} 12288 12289\end_inset 12290 12291, the Java compiler 12292\emph on 12293javac 12294\emph default 12295 and the JVM 12296\emph on 12297java 12298\emph default 12299. 12300\layout Subsection 12301 12302Flaws in the Java Virtual Machine Specification 12303\layout Standard 12304 12305The Java Virtual Machine Specification, Second Edition was derived from 12306 an in-house document describing the as-is implementation of Sun's genuine 12307 Java Virtual Machine ( 12308\begin_inset LatexCommand \cite{vmspec2} 12309 12310\end_inset 12311 12312, page xiv). 12313 This sometimes leads to problems as there are still a few points left where 12314 Sun's engineers forgot to describe specification details to the public, 12315 in error assuming they would be implementation details. 12316 Another source of mistakes are ambiguities, inherent to natural languages 12317 auch as English. 12318\layout Subsubsection 12319 12320A Code Length Maximum of 65535 Bytes per Method 12321\layout Standard 12322 12323On page 152, The Java Virtual Machine Specification, Second Edition 12324\begin_inset LatexCommand \cite{vmspec2} 12325 12326\end_inset 12327 12328 says that code arrays may at most have a length of 65536 bytes because 12329 certain indices that point into the code are only 16 bits of width. 12330 Page 134 states the code must have 12331\begin_inset Quotes gld 12332\end_inset 12333 12334less than 12335\begin_inset Quotes grd 12336\end_inset 12337 12338 65536 bytes. 12339 Therefore, the limitation stated on page 152 is not helpful, but only confusing. 12340\layout Subsubsection 12341 12342Subroutines 12343\layout Standard 12344 12345The implementation of a provably correct verifier is not possible because 12346 of the ambiguities in the specification 12347\begin_inset LatexCommand \cite{vmspec2} 12348 12349\end_inset 12350 12351. 12352 To reach this goal, various efforts have been made to describe the verifier 12353 and the JVM formally 12354\begin_inset LatexCommand \cite{Qian,StataAbadi,FreundMitchell,JBook,JPaper} 12355 12356\end_inset 12357 12358. 12359 By restricting the code 12360\emph on 12361javac 12362\emph default 12363 produces or by redefining the verifier's behaviour, however, they are never 12364 one-to-one with the behaviour of the existing JVMs. 12365\layout Standard 12366 12367Sun's specification does not define the term 12368\emph on 12369subroutine 12370\emph default 12371 although it is used. 12372 Instead, it is explained what bytecode the Java 12373\emph on 12374compiler 12375\emph default 12376 generates when a 12377\family typewriter 12378finally 12379\family default 12380 clause appears in the Java 12381\emph on 12382language 12383\emph default 12384 source code -- this definitely does not belong there, because a verifier 12385 must never assume the code it verifies was created by Sun's 12386\emph on 12387javac 12388\emph default 12389 compiler. 12390\layout Standard 12391 12392Clarifying this issue could lead to an 12393\emph on 12394official 12395\emph default 12396 formal specification. 12397\layout Subsubsection 12398 12399The Specification Sometimes Satisfies the Verifier 12400\layout Standard 12401 12402 12403\begin_inset LatexCommand \label{InvokeInterfaceDescFONG} 12404 12405\end_inset 12406 12407Fong 12408\begin_inset LatexCommand \cite{Fong2-WWW} 12409 12410\end_inset 12411 12412 found in 1997 that the 12413\family typewriter 12414invokeinterface 12415\family default 12416 opcode was underspecified in the first edition of the Java Virtual Machine 12417 Specification. 12418 He managed to create a class file that did not implement a specific interface 12419 but nevertheless used 12420\family typewriter 12421invokeinterface 12422\family default 12423 to invoke a method. 12424 This class file passed the verifier (up to pass three), but the JVM found 12425 the problem during run-time (pass four). 12426 Fong concluded that the omission in the specification was done on purpose 12427 because the implementation of the data flow analyzer does not allow to 12428 check this constraint (please see section 12429\begin_inset LatexCommand \ref{NewVerificationStrategy} 12430 12431\end_inset 12432 12433 for a description of how this limitation could be overcome). 12434 However, in The Java Virtual Machine Specification, Second Edition 12435\begin_inset LatexCommand \cite{vmspec2} 12436 12437\end_inset 12438 12439, the specification of 12440\family typewriter 12441invokeinterface 12442\family default 12443 is corrected. 12444\layout Standard 12445 12446Still, there is another case where one would suspect the specification describes 12447 the behaviour of the verifier: on pages 147 and 148 of the specification 12448 12449\begin_inset LatexCommand \cite{vmspec2} 12450 12451\end_inset 12452 12453, verification of instance initialization methods and newly created objects 12454 is explained. 12455 12456\begin_inset Quotes eld 12457\end_inset 12458 12459A valid instruction sequence must not have an uninitialized object on the 12460 operand stack or in a local variable during a backwards branch, or in a 12461 local variable in code protected by an exception handler or a 12462\family typewriter 12463finally 12464\family default 12465 clause 12466\begin_inset Quotes erd 12467\end_inset 12468 12469. 12470 Note that the Java language keyword 12471\family typewriter 12472finally 12473\family default 12474 does not really belong here (Sun should speak of 12475\emph on 12476subroutines 12477\emph default 12478), but more important is that this specification is made to satisfy the 12479 verification algorithm: 12480\begin_inset Quotes eld 12481\end_inset 12482 12483Otherwise, a devious piece of code might fool the verifier 12484\begin_inset Quotes erd 12485\end_inset 12486 12487. 12488 12489\layout Subsubsection 12490 12491 12492\begin_inset LatexCommand \label{InnerBug} 12493 12494\end_inset 12495 12496The '$' Character as a Valid Part of a Java Name 12497\layout Standard 12498 12499Because the 12500\emph on 12501javac 12502\emph default 12503 compiler may create class files with a '$' character in their names as 12504 a result of Java source files defining inner classes, this character should 12505 no longer be a valid part of a Java name to avoid problems. 12506 I.e., the method invocation 12507\emph on 12508ja\SpecialChar \- 12509va.lang.Cha\SpecialChar \- 12510rac\SpecialChar \- 12511ter.is\SpecialChar \- 12512Ja\SpecialChar \- 12513va\SpecialChar \- 12514Iden\SpecialChar \- 12515tifier\SpecialChar \- 12516Part('$'); 12517\emph default 12518 should return the value 12519\family typewriter 12520false 12521\family default 12522. 12523\layout Subsection 12524 12525Flaws in the Implementation of the 12526\emph on 12527Java Platform 12528\layout Subsubsection 12529 12530 12531\begin_inset LatexCommand \label{javacRejected} 12532 12533\end_inset 12534 12535Sun's Verifier Rejects Code Produced by Sun's Compiler 12536\layout Standard 12537 12538Surprisingly, there are a number of examples in which such a thing happens. 12539\layout Paragraph 12540 12541 12542\begin_inset LatexCommand \label{StaerkJreject} 12543 12544\end_inset 12545 12546Another Problem With Subroutines 12547\layout Standard 12548 12549In 12550\begin_inset LatexCommand \cite{JPaper} 12551 12552\end_inset 12553 12554, St�rk and Schmid give a few code examples which are compiled correctly 12555 by the 12556\emph on 12557javac 12558\emph default 12559 compiler but the resulting code is rejected by the traditional verifiers. 12560 Algorithms 12561\begin_inset LatexCommand \ref{StaerkJLang} 12562 12563\end_inset 12564 12565 and 12566\begin_inset LatexCommand \ref{StaerkJByteCode} 12567 12568\end_inset 12569 12570 show one of their examples given in the Java programming language and the 12571 resulting output of the 12572\emph on 12573javac 12574\emph default 12575 compiler. 12576\begin_float alg 12577\layout Caption 12578 12579 12580\begin_inset LatexCommand \label{StaerkJLang} 12581 12582\end_inset 12583 12584St�rk and Schmid's Rejected Class, Java Language Version 12585\layout Standard 12586 12587 12588\family typewriter 12589class Test1{ 12590\newline 12591\SpecialChar \- 12592\SpecialChar ~ 12593\SpecialChar ~ 12594\SpecialChar ~ 12595\SpecialChar ~ 12596int test(boolean b){ 12597\newline 12598\SpecialChar \- 12599\SpecialChar ~ 12600\SpecialChar ~ 12601\SpecialChar ~ 12602\SpecialChar ~ 12603\SpecialChar ~ 12604\SpecialChar ~ 12605int i; 12606\newline 12607\SpecialChar \- 12608\SpecialChar ~ 12609\SpecialChar ~ 12610\SpecialChar ~ 12611\SpecialChar ~ 12612\SpecialChar ~ 12613\SpecialChar ~ 12614try{ 12615\newline 12616\SpecialChar \- 12617\SpecialChar ~ 12618\SpecialChar ~ 12619\SpecialChar ~ 12620\SpecialChar ~ 12621\SpecialChar ~ 12622\SpecialChar ~ 12623\SpecialChar ~ 12624\SpecialChar ~ 12625if (b) return 1; 12626\newline 12627\SpecialChar \- 12628\SpecialChar ~ 12629\SpecialChar ~ 12630\SpecialChar ~ 12631\SpecialChar ~ 12632\SpecialChar ~ 12633\SpecialChar ~ 12634\SpecialChar ~ 12635\SpecialChar ~ 12636i=2; 12637\newline 12638\SpecialChar \- 12639\SpecialChar ~ 12640\SpecialChar ~ 12641\SpecialChar ~ 12642\SpecialChar ~ 12643\SpecialChar ~ 12644\SpecialChar ~ 12645} 12646\newline 12647\SpecialChar \- 12648\SpecialChar ~ 12649\SpecialChar ~ 12650\SpecialChar ~ 12651\SpecialChar ~ 12652\SpecialChar ~ 12653\SpecialChar ~ 12654finally { 12655\newline 12656\SpecialChar \- 12657\SpecialChar ~ 12658\SpecialChar ~ 12659\SpecialChar ~ 12660\SpecialChar ~ 12661\SpecialChar ~ 12662\SpecialChar ~ 12663\SpecialChar ~ 12664\SpecialChar ~ 12665if (b) i = 3; 12666\newline 12667\SpecialChar \- 12668\SpecialChar ~ 12669\SpecialChar ~ 12670\SpecialChar ~ 12671\SpecialChar ~ 12672\SpecialChar ~ 12673\SpecialChar ~ 12674} 12675\newline 12676\SpecialChar \- 12677\SpecialChar ~ 12678\SpecialChar ~ 12679\SpecialChar ~ 12680\SpecialChar ~ 12681\SpecialChar ~ 12682\SpecialChar ~ 12683return i; 12684\newline 12685\SpecialChar \- 12686\SpecialChar ~ 12687\SpecialChar ~ 12688\SpecialChar ~ 12689\SpecialChar ~ 12690} 12691\newline 12692\SpecialChar ~ 12693\SpecialChar ~ 12694\SpecialChar ~ 12695} 12696\end_float 12697\layout Standard 12698 12699\begin_float alg 12700\layout Caption 12701 12702 12703\begin_inset LatexCommand \label{StaerkJByteCode} 12704 12705\end_inset 12706 12707St�rk and Schmid's Rejected Class, JVM Bytecode Version 12708\layout Standard 12709 12710 12711\family typewriter 12712int test(boolean arg1) 12713\layout Standard 12714 12715 12716\family typewriter 12717Code(max_stack = 1, max_locals = 6, code_length = 39) 12718\layout Standard 12719 12720 12721\family typewriter 127220: iload_1 12723\layout Standard 12724 12725 12726\family typewriter 127271: ifeq #11 12728\layout Standard 12729 12730 12731\family typewriter 127324: iconst_1 12733\layout Standard 12734 12735 12736\family typewriter 127375: istore_3 12738\layout Standard 12739 12740 12741\family typewriter 127426: jsr #27 12743\layout Standard 12744 12745 12746\family typewriter 127479: iload_3 12748\layout Standard 12749 12750 12751\family typewriter 1275210: ireturn 12753\layout Standard 12754 12755 12756\family typewriter 1275711: iconst_2 12758\layout Standard 12759 12760 12761\family typewriter 1276212: istore_2 12763\layout Standard 12764 12765 12766\family typewriter 1276713: jsr #27 12768\layout Standard 12769 12770 12771\family typewriter 1277216: goto #37 12773\layout Standard 12774 12775 12776\family typewriter 1277719: astore %4 12778\layout Standard 12779 12780 12781\family typewriter 1278221: jsr #27 12783\layout Standard 12784 12785 12786\family typewriter 1278724: aload %4 12788\layout Standard 12789 12790 12791\family typewriter 1279226: athrow 12793\layout Standard 12794 12795 12796\family typewriter 1279727: astore %5 12798\layout Standard 12799 12800 12801\family typewriter 1280229: iload_1 12803\layout Standard 12804 12805 12806\family typewriter 1280730: ifeq #35 12808\layout Standard 12809 12810 12811\family typewriter 1281233: iconst_3 12813\layout Standard 12814 12815 12816\family typewriter 1281734: istore_2 12818\layout Standard 12819 12820 12821\family typewriter 1282235: ret %5 12823\layout Standard 12824 12825 12826\family typewriter 1282737: iload_2 12828\layout Standard 12829 12830 12831\family typewriter 1283238: ireturn 12833\end_float 12834If one tries to run this bytecode using a JVM by IBM Corporation, the code 12835 is rejected 12836\begin_float footnote 12837\layout Standard 12838 12839It is also rejected by Sun's JVMs and the Kimera verifier 12840\begin_inset LatexCommand \cite{Kimera-WWW} 12841 12842\end_inset 12843 12844. 12845\end_float 12846: 12847\newline 12848 12849\family typewriter 12850ehaase@haneman:/home/ehaase > java Test1 12851\newline 12852\SpecialChar \- 12853\SpecialChar ~ 12854\SpecialChar ~ 12855Exception in thread "main" java.lang.VerifyError: 12856\newline 12857\SpecialChar \- 12858\SpecialChar ~ 12859\SpecialChar ~ 12860(class: Test1, method: test signature: (Z)I) 12861\newline 12862\SpecialChar \- 12863\SpecialChar ~ 12864\SpecialChar ~ 12865Localvariable 2 contains wrong type 12866\newline 12867 12868\newline 12869 12870\family default 12871In his lectures, St�rk explains that the problem lies in the polymorphic 12872 nature of JVM subroutines 12873\begin_inset LatexCommand \cite{JLectures} 12874 12875\end_inset 12876 12877. 12878 Consider algorithm 12879\begin_inset LatexCommand \ref{StaerkJByteCode} 12880 12881\end_inset 12882 12883. 12884 In line 12, an 12885\family typewriter 12886int 12887\family default 12888 is put into local variable number 2. 12889 The subroutine starting at line 27 is then called from line number 13. 12890 Note that this subroutine accesses the local variable number 2. 12891 Finally, line 16 transfers control to line 37 where the verification problem 12892 occurs. 12893 An 12894\family typewriter 12895int 12896\family default 12897 should be read from local variable number 2, but this is marked 12898\family typewriter 12899unusable 12900\family default 12901, because it was accessed in the subroutine. 12902\layout Standard 12903 12904However, the specification ( 12905\begin_inset LatexCommand \cite{vmspec2} 12906 12907\end_inset 12908 12909, page 151) states: 12910\layout Itemize 12911 12912For any local variable that [\SpecialChar \ldots{} 12913] has been accessed or modified by the subroutine, 12914 use the type of the local variable at the time of the 12915\family typewriter 12916ret 12917\family default 12918. 12919\layout Itemize 12920 12921For any other local variables, use the type of the local variable before 12922 the 12923\family typewriter 12924jsr 12925\family default 12926 instruction. 12927\layout Standard 12928 12929As one can see, in the above example local variable number 2 holds an 12930\family typewriter 12931int 12932\family default 12933 data type in both cases; there is no need to mark it 12934\family typewriter 12935unusable 12936\family default 12937. 12938 This is the reason why JustIce does not reject the above bytecode, thus 12939 being slightly incompatible with the behaviour of other verifiers. 12940\layout Paragraph 12941 12942The Maximum Method Length May Be Exceeded 12943\layout Standard 12944 12945The 12946\emph on 12947javac 12948\emph default 12949 compiler Sun included in the Java Development Kit version 1.3.0_01 does not 12950 check for the maximum method length of the 12951\family typewriter 12952code 12953\family default 12954 array in a 12955\family typewriter 12956Code 12957\family default 12958 attribute (see section 12959\begin_inset LatexCommand \ref{CodeAttribute} 12960 12961\end_inset 12962 12963). 12964 A test file containing 65000 lines like 12965\begin_inset Quotes eld 12966\end_inset 12967 12968 12969\family typewriter 12970Sys\SpecialChar \- 12971tem.out.println( 12972\begin_inset Quotes eld 12973\end_inset 12974 12975Test 12976\begin_inset Quotes erd 12977\end_inset 12978 12979); 12980\family default 12981 12982\begin_inset Quotes erd 12983\end_inset 12984 12985 was compiled, but the resulting class file was rejected by the verifier. 12986\layout Standard 12987 12988IBM Corporation's 12989\emph on 12990jikes 12991\emph default 12992 compiler does not even generate code, but it locks up while compiling the 12993 test file. 12994\layout Subsubsection 12995 12996A Compiler Issue Related to Inner Classes 12997\layout Standard 12998 12999The 13000\emph on 13001javac 13002\emph default 13003 compiler has to name class files, even those of so-called anonymous classes 13004 13005\begin_inset LatexCommand \cite{InnerSpec} 13006 13007\end_inset 13008 13009. 13010\layout Standard 13011 13012This can cause problems: an inner class 13013\emph on 13014I 13015\emph default 13016 defined in a class 13017\emph on 13018A 13019\emph default 13020 will be compiled into a class file called 13021\emph on 13022A$I.class 13023\emph default 13024. 13025 A Java class named 13026\emph on 13027A$I 13028\emph default 13029 will also be compiled into a class file named 13030\emph on 13031A$I.class 13032\emph default 13033 overwriting the former class file. 13034 Because Sun did not forbid the ' 13035\emph on 13036$ 13037\emph default 13038' character as a legal part of a Java identifier, the 13039\emph on 13040javac 13041\emph default 13042 compiler should use a more sophisticated naming scheme. 13043\layout Subsubsection 13044 13045 13046\begin_inset LatexCommand \label{PassFourBug} 13047 13048\end_inset 13049 13050Pass Four is Only Partially Implemented 13051\layout Standard 13052 13053Pass four defines run-time tests for constraints that could also be verified 13054 in pass three; it is only for performance reasons that these tests are 13055 delayed. 13056 Instead of having all the tests in one place, they are unnecessarily spread 13057 13058\begin_inset Quotes eld 13059\end_inset 13060 13061making the validation of the verification algorithm itself extremely difficult 13062\begin_inset Quotes erd 13063\end_inset 13064 13065 13066\begin_inset LatexCommand \cite{Fong-WWW} 13067 13068\end_inset 13069 13070. 13071 Risking security for better performance is often regarded as a bad decision. 13072 For instance, in the 13073\layout Standard 13074 13075 13076\family typewriter 13077java version "1.3.0_01" 13078\layout Standard 13079 13080 13081\family typewriter 13082Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_01) 13083\layout Standard 13084 13085 13086\family typewriter 13087Java HotSpot(TM) Client VM (build 1.3.0_01, mixed mode) 13088\layout Standard 13089 13090Java Virtual Machine, the pass four check for access rights was unintentionally 13091 omitted. 13092 Sadly, other vendors license Sun's code and base their own implementations 13093 on that code. 13094 Therefore, mistakes are often inherited throughout the JVM vendors. 13095 The 13096\layout Standard 13097 13098 13099\family typewriter 13100java version "1.3.0" 13101\layout Standard 13102 13103 13104\family typewriter 13105Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0) 13106\layout Standard 13107 13108 13109\family typewriter 13110Classic VM (build 1.3.0, J2RE 1.3.0 IBM build cx130-20010626 (JIT enabled: jitc)) 13111\layout Standard 13112 13113Java Virtual Machine by IBM Corporation, for example, exposes the same mistake. 13114\layout Section 13115 13116Related Work 13117\layout Subsection 13118 13119The Kimera Project 13120\layout Standard 13121 13122It is a misfortune that the Kimera 13123\begin_inset LatexCommand \cite{Kimera-WWW} 13124 13125\end_inset 13126 13127 project closed the World Wide Web presence and that the source code of 13128 the Kimera verifier was never released -- it would have been quite interesting 13129 to see how that respected verifier implementation deals with the problems 13130 arising concerning subroutine verification. 13131\layout Standard 13132 13133However, Kimera is the single other stand-alone verifier besides JustIce 13134 the author knows of. 13135 The people behind the project found important security breaches in JVM 13136 implementations of various World Wide Web browsers. 13137\layout Standard 13138 13139Also, they validated their verifier implementation and published several 13140 papers on JVM implementation verification 13141\begin_inset LatexCommand \cite{Kimera-ProdGram,Kimera-TestingJVM} 13142 13143\end_inset 13144 13145. 13146\layout Subsection 13147 13148The Verifier by St�rk, Schmid and B�rger 13149\layout Standard 13150 13151In 13152\begin_inset LatexCommand \cite{JBook} 13153 13154\end_inset 13155 13156, the authors define the Java programming language and the Java virtual 13157 machine formally using 13158\emph on 13159Abstract State Machines 13160\emph default 13161 (ASM). 13162 This also includes the verifier; its specifications have also been implemented 13163 in the functional programming language AsmGofer 13164\begin_inset LatexCommand \cite{AsmGofer} 13165 13166\end_inset 13167 13168. 13169 This implementation is included on the CD-ROM that accompanies the book. 13170\layout Standard 13171 13172The 13173\begin_inset Quotes eld 13174\end_inset 13175 13176 13177\emph on 13178JBook verifier 13179\emph default 13180 13181\begin_inset Quotes erd 13182\end_inset 13183 13184 does not implement a complete class file verifier. 13185 It currently only implements the bytecode verification. 13186 Its input files are not class files itself, but a textual representation 13187 of class files in so-called Jasmin format 13188\begin_inset LatexCommand \cite{JVM} 13189 13190\end_inset 13191 13192. 13193 Therefore, this implementation is merely of theoretical interest. 13194\layout Standard 13195 13196It does, however, implement a bytecode verifier that is founded on a 13197\emph on 13198solid 13199\emph default 13200 theory. 13201 This theory could become the standard for the interpretation of the JVM 13202 specification 13203\begin_inset LatexCommand \cite{vmspec2} 13204 13205\end_inset 13206 13207. 13208 It could even change the specification to remove its ambiguities. 13209\layout Standard 13210 13211There is also an unreleased version of this verifier implemented in the 13212 Java programming language using the BCEL. 13213 This implementation, if it should ever be released, promises a lot as it 13214 could combine usability and a solid theory. 13215\layout Section 13216 13217 13218\begin_inset LatexCommand \label{GPL} 13219 13220\end_inset 13221 13222The GNU General Public License 13223\layout Standard 13224 13225 13226\emph on 13227GNU GENERAL PUBLIC LICENSE 13228\layout Standard 13229 13230Version 2, June 1991 13231\layout Standard 13232 13233Copyright (C) 1989, 1991 Free Software Foundation, Inc. 13234\layout Standard 13235 1323659 Temple Place, Suite 330, Boston, MA 02111-1307 USA 13237\layout Standard 13238 13239Everyone is permitted to copy and distribute verbatim copies of this license 13240 document, but changing it is not allowed. 13241\layout Standard 13242 13243 13244\emph on 13245Preamble 13246\layout Standard 13247 13248The licenses for most software are designed to take away your freedom to 13249 share and change it. 13250 By contrast, the GNU General Public License is intended to guarantee your 13251 freedom to share and change free software--to make sure the software is 13252 free for all its users. 13253 This General Public License applies to most of the Free Software Foundation's 13254 software and to any other program whose authors commit to using it. 13255 (Some other Free Software Foundation software is covered by the GNU Library 13256 General Public License instead.) You can apply it to your programs, too.When 13257 we speak of free software, we are referring to freedom, not price. 13258 Our General Public Licenses are designed to make sure that you have the 13259 freedom to distribute copies of free software (and charge for this service 13260 if you wish), that you receive source code or can get it if you want it, 13261 that you can change the software or use pieces of it in new free programs; 13262 and that you know you can do these things. 13263\layout Standard 13264 13265To protect your rights, we need to make restrictions that forbid anyone 13266 to deny you these rights or to ask you to surrender the rights. 13267\layout Standard 13268 13269These restrictions translate to certain responsibilities for you if you 13270 distribute copies of the software, or if you modify it. 13271 For example, if you distribute copies of such a program, whether gratis 13272 or for a fee, you must give the recipients all the rights that you have. 13273 You must make sure that they, too, receive or can get the source code. 13274 And you must show them these terms so they know their rights. 13275\layout Standard 13276 13277We protect your rights with two steps: 13278\layout Standard 13279 13280(1) copyright the software, and 13281\layout Standard 13282 13283(2) offer you this license which gives you legal permission to copy, distribute 13284 and/or modify the software. 13285\layout Standard 13286 13287Also, for each author's protection and ours, we want to make certain that 13288 everyone understands that there is no warranty for this free software. 13289 If the software is modified by someone else and passed on, we want its 13290 recipients to know that what they have is not the original, so that any 13291 problems introduced by others will not reflect on the original authors' 13292 reputations. 13293\layout Standard 13294 13295Finally, any free program is threatened constantly by software patents. 13296 We wish to avoid the danger that redistributors of a free program will 13297 individually obtain patent licenses, in effect making the program proprietary. 13298 To prevent this, we have made it clear that any patent must be licensed 13299 for everyone's free use or not licensed at all. 13300\layout Standard 13301 13302The precise terms and conditions for copying, distribution and modification 13303 follow. 13304\layout Standard 13305 13306 13307\emph on 13308GNU GENERAL PUBLIC LICENSE 13309\layout Standard 13310 13311 13312\emph on 13313TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 13314\layout Standard 13315 133160. 13317 This License applies to any program or other work which contains a notice 13318 placed by the copyright holder saying it may be distributed under the terms 13319 of this General Public License. 13320 The "Program", below, refers to any such program or work, and a "work based 13321 on the Program" means either the Program or any derivative work under copyright 13322 law: that is to say, a work containing the Program or a portion of it, 13323 either verbatim or with modifications and/or translated into another language. 13324 (Hereinafter, translation is included without limitation in the term "modificat 13325ion".) Each licensee is addressed as "you". 13326 Activities other than copying, distribution and modification are not covered 13327 by this License; they are outside its scope. 13328 The act of running the Program is not restricted, and the output from the 13329 Program is covered only if its contents constitute a work based on the 13330 Program (independent of having been made by running the Program). 13331 Whether that is true depends on what the Program does. 13332\layout Standard 13333 133341. 13335 You may copy and distribute verbatim copies of the Program's source code 13336 as you receive it, in any medium, provided that you conspicuously and appropria 13337tely publish on each copy an appropriate copyright notice and disclaimer 13338 of warranty; keep intact all the notices that refer to this License and 13339 to the absence of any warranty; and give any other recipients of the Program 13340 a copy of this License along with the Program. 13341 You may charge a fee for the physical act of transferring a copy, and you 13342 may at your option offer warranty protection in exchange for a fee. 13343\layout Standard 13344 133452. 13346 You may modify your copy or copies of the Program or any portion of it, 13347 thus forming a work based on the Program, and copy and distribute such 13348 modifications or work under the terms of Section 1 above, provided that 13349 you also meet all of these conditions: 13350\layout Standard 13351 13352a) You must cause the modified files to carry prominent notices stating 13353 that you changed the files and the date of any change. 13354\layout Standard 13355 13356b) You must cause any work that you distribute or publish, that in whole 13357 or in part contains or is derived from the Program or any part thereof, 13358 to be licensed as a whole at no charge to all third parties under the terms 13359 of this License. 13360\layout Standard 13361 13362c) If the modified program normally reads commands interactively when run, 13363 you must cause it, when started running for such interactive use in the 13364 most ordinary way, to print or display an announcement including an appropriate 13365 copyright notice and a notice that there is no warranty (or else, saying 13366 that you provide a warranty) and that users may redistribute the program 13367 under these conditions, and telling the user how to view a copy of this 13368 License. 13369 (Exception: if the Program itself is interactive but does not normally 13370 print such an announcement, your work based on the Program is not required 13371 to print an announcement.) These requirements apply to the modified work 13372 as a whole. 13373 If identifiable sections of that work are not derived from the Program, 13374 and can be reasonably considered independent and separate works in themselves, 13375 then this License, and its terms, do not apply to those sections when you 13376 distribute them as separate works. 13377 But when you distribute the same sections as part of a whole which is a 13378 work based on the Program, the distribution of the whole must be on the 13379 terms of this License, whose permissions for other licensees extend to 13380 the entire whole, and thus to each and every part regardless of who wrote 13381 it. 13382 Thus, it is not the intent of this section to claim rights or contest your 13383 rights to work written entirely by you; rather, the intent is to exercise 13384 the right to control the distribution of derivative or collective works 13385 based on the Program. 13386 In addition, mere aggregation of another work not based on the Program 13387 with the Program (or with a work based on the Program) on a volume of a 13388 storage or distribution medium does not bring the other work under the 13389 scope of this License. 13390\layout Standard 13391 133923. 13393 You may copy and distribute the Program (or a work based on it, under Section 13394 2) in object code or executable form under the terms of Sections 1 and 13395 2 above provided that you also do one of the following: 13396\layout Standard 13397 13398a) Accompany it with the complete corresponding machine-readable source 13399 code, which must be distributed under the terms of Sections 1 and 2 above 13400 on a medium customarily used for software interchange; or, 13401\layout Standard 13402 13403b) Accompany it with a written offer, valid for at least three years, to 13404 give any third party, for a charge no more than your cost of physically 13405 performing source distribution, a complete machine-readable copy of the 13406 corresponding source code, to be distributed under the terms of Sections 13407 1 and 2 above on a medium customarily used for software interchange; or, 13408\layout Standard 13409 13410c) Accompany it with the information you received as to the offer to distribute 13411 corresponding source code. 13412 (This alternative is allowed only for noncommercial distribution and only 13413 if you received the program in object code or executable form with such 13414 an offer, in accord with Subsection b above.) The source code for a work 13415 means the preferred form of the work for making modifications to it. 13416 For an executable work, complete source code means all the source code 13417 for all modules it contains, plus any associated interface definition files, 13418 plus the scripts used to control compilation and installation of the executable. 13419 However, as a special exception, the source code distributed need not include 13420 anything that is normally distributed (in either source or binary form) 13421 with the major components (compiler, kernel, and so on) of the operating 13422 system on which the executable runs, unless that component itself accompanies 13423 the executable. 13424 If distribution of executable or object code is made by offering access 13425 to copy from a designated place, then offering equivalent access to copy 13426 the source code from the same place counts as distribution of the source 13427 code, even though third parties are not compelled to copy the source along 13428 with the object code. 13429\layout Standard 13430 134314. 13432 You may not copy, modify, sublicense, or distribute the Program except 13433 as expressly provided under this License. 13434 Any attempt otherwise to copy, modify, sublicense or distribute the Program 13435 is void, and will automatically terminate your rights under this License. 13436 However, parties who have received copies, or rights, from you under this 13437 License will not have their licenses terminated so long as such parties 13438 remain in full compliance. 13439\layout Standard 13440 134415. 13442 You are not required to accept this License, since you have not signed 13443 it. 13444 However, nothing else grants you permission to modify or distribute the 13445 Program or its derivative works. 13446 These actions are prohibited by law if you do not accept this License. 13447 Therefore, by modifying or distributing the Program (or any work based 13448 on the Program), you indicate your acceptance of this License to do so, 13449 and all its terms and conditions for copying, distributing or modifying 13450 the Program or works based on it. 13451\layout Standard 13452 134536. 13454 Each time you redistribute the Program (or any work based on the Program), 13455 the recipient automatically receives a license from the original licensor 13456 to copy, distribute or modify the Program subject to these terms and conditions. 13457 You may not impose any further restrictions on the recipients' exercise 13458 of the rights granted herein. 13459 You are not responsible for enforcing compliance by third parties to this 13460 License. 13461\layout Standard 13462 134637. 13464 If, as a consequence of a court judgment or allegation of patent infringement 13465 or for any other reason (not limited to patent issues), conditions are 13466 imposed on you (whether by court order, agreement or otherwise) that contradict 13467 the conditions of this License, they do not excuse you from the conditions 13468 of this License. 13469 If you cannot distribute so as to satisfy simultaneously your obligations 13470 under this License and any other pertinent obligations, then as a consequence 13471 you may not distribute the Program at all. 13472 For example, if a patent license would not permit royalty-free redistribution 13473 of the Program by all those who receive copies directly or indirectly through 13474 you, then the only way you could satisfy both it and this License would 13475 be to refrain entirely from distribution of the Program. 13476 If any portion of this section is held invalid or unenforceable under any 13477 particular circumstance, the balance of the section is intended to apply 13478 and the section as a whole is intended to apply in other circumstances. 13479 It is not the purpose of this section to induce you to infringe any patents 13480 or other property right claims or to contest validity of any such claims; 13481 this section has the sole purpose of protecting the integrity of the free 13482 software distribution system, which is implemented by public license practices. 13483 Many people have made generous contributions to the wide range of software 13484 distributed through that system in reliance on consistent application of 13485 that system; it is up to the author/donor to decide if he or she is willing 13486 to distribute software through any other system and a licensee cannot impose 13487 that choice. 13488 This section is intended to make thoroughly clear what is believed to be 13489 a consequence of the rest of this License. 13490\layout Standard 13491 134928. 13493 If the distribution and/or use of the Program is restricted in certain 13494 countries either by patents or by copyrighted interfaces, the original 13495 copyright holder who places the Program under this License may add an explicit 13496 geographical distribution limitation excluding those countries, so that 13497 distribution is permitted only in or among countries not thus excluded. 13498 In such case, this License incorporates the limitation as if written in 13499 the body of this License. 13500\layout Standard 13501 135029. 13503 The Free Software Foundation may publish revised and/or new versions of 13504 the General Public License from time to time. 13505 Such new versions will be similar in spirit to the present version, but 13506 may differ in detail to address new problems or concerns. 13507 Each version is given a distinguishing version number. 13508 If the Program specifies a version number of this License which applies 13509 to it and "any later version", you have the option of following the terms 13510 and conditions either of that version or of any later version published 13511 by the Free Software Foundation. 13512 If the Program does not specify a version number of this License, you may 13513 choose any version ever published by the Free Software Foundation. 13514\layout Standard 13515 1351610. 13517 If you wish to incorporate parts of the Program into other free programs 13518 whose distribution conditions are different, write to the author to ask 13519 for permission. 13520 For software which is copyrighted by the Free Software Foundation, write 13521 to the Free Software Foundation; we sometimes make exceptions for this. 13522 Our decision will be guided by the two goals of preserving the free status 13523 of all derivatives of our free software and of promoting the sharing and 13524 reuse of software generally. 13525\layout Standard 13526 13527 13528\emph on 13529NO WARRANTY 13530\layout Standard 13531 1353211. 13533 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR 13534 THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 13535 EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER 13536 PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER 13537 EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 13538 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 13539 THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH 13540 YOU. 13541 SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY 13542 SERVICING, REPAIR OR CORRECTION. 13543\layout Standard 13544 1354512. 13546 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL 13547 ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE 13548 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING 13549 ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF 13550 THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS 13551 OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR 13552 THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 13553 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY 13554 OF SUCH DAMAGES. 13555\layout Standard 13556 13557 13558\emph on 13559END OF TERMS AND CONDITIONS 13560\layout Addchap 13561 13562Glossary 13563\layout Description 13564 13565Access\SpecialChar ~ 13566modifiers In the Java programming language, the use of the keywords 13567 13568\family typewriter 13569private 13570\family default 13571, 13572\family typewriter 13573protected 13574\family default 13575, 13576\family typewriter 13577public 13578\family default 13579 (or the use of no keyword) defines the access rights for data or program 13580 code (also called visibility). 13581 This information is also used by the JVM: it is part of the class files. 13582 The most important modifier is 13583\family typewriter 13584private 13585\family default 13586 which is used to globally deny access to a field or method. 13587\layout Description 13588 13589Access\SpecialChar ~ 13590rights Access rights are granted or denied by the use of 13591\latex latex 13592 13593\backslash 13594( 13595\backslash 13596triangleright 13597\backslash 13598) 13599\latex default 13600access modifiers. 13601\layout Description 13602 13603API Applications Programming Interface. 13604 Such an interface is used to include functionality of foreign program modules 13605 (often 13606\latex latex 13607 13608\latex default 13609Java 13610\latex latex 13611 13612\backslash 13613( 13614\backslash 13615triangleright 13616\backslash 13617) 13618\latex default 13619packages) into own programs. 13620\layout Description 13621 13622Debugger A program used to investigate the behaviour of another program. 13623 Often used to find and remove programming errors, so-called bugs. 13624\layout Description 13625 13626Descriptor A symbolic description of type information. 13627 In the JVM's class files, strings in UTF-8 format 13628\begin_inset LatexCommand \cite{Unicode} 13629 13630\end_inset 13631 13632 are used to describe type information. 13633\layout Description 13634 13635Field A member of a Java object or class, also called variable or attribute. 13636\layout Description 13637 13638Method A member of a Java object or class. 13639 Methods include program code or they are abstract representatives for program 13640 code. 13641 A method can be compared to a 13642\emph on 13643function 13644\emph default 13645in programming languages like C or Pascal. 13646\layout Description 13647 13648Opcode Operation Code. 13649 This denotes an instruction in an assembly-like computer language; to some 13650 people it means its binary representation. 13651\layout Description 13652 13653Package A package is an entity used in both the Java programming language 13654 and the Java Virtual Machine definition. 13655 It is used to group classes that in the eyes of the programmer belong together. 13656 Package definitions have impact on 13657\latex latex 13658 13659\backslash 13660( 13661\backslash 13662triangleright 13663\backslash 13664) 13665\latex default 13666access rights granted to other classes. 13667\layout Description 13668 13669Signature A method has a (possibly empty) set of arguments it expects, and 13670 it has a return type (possibly the 13671\family typewriter 13672void 13673\family default 13674 type). 13675 The type information of the arguments and the return type together is called 13676 signature. 13677 A signature can be expressed in terms of a 13678\latex latex 13679 13680\backslash 13681( 13682\backslash 13683triangleright 13684\backslash 13685) 13686\latex default 13687descriptor. 13688\layout Description 13689 13690Type A field or a method argument has a type such as 13691\family typewriter 13692int 13693\family default 13694 or 13695\family typewriter 13696String 13697\family default 13698. 13699 In the JVM's context, all values are typed. 13700 Types can be expressed in terms of a 13701\latex latex 13702 13703\backslash 13704( 13705\backslash 13706triangleright 13707\backslash 13708) 13709\latex default 13710descriptor. 13711\layout Standard 13712 13713 13714\begin_inset LatexCommand \listoffigures{} 13715 13716\end_inset 13717 13718 13719\layout Standard 13720 13721 13722\latex latex 13723 13724\backslash 13725addcontentsline{toc}{chapter}{List Of Figures} 13726\layout Standard 13727 13728 13729\begin_inset LatexCommand \listofalgorithms{} 13730 13731\end_inset 13732 13733 13734\layout Standard 13735 13736 13737\latex latex 13738 13739\backslash 13740addcontentsline{toc}{chapter}{List Of Algorithms} 13741\layout Bibliography 13742\bibitem [AppMag-WWW]{AppMag-WWW} 13743 13744 13745\latex latex 13746 13747\backslash 13748addcontentsline{toc}{chapter}{Bibliography} 13749\latex default 13750AverStar's AppletMagic(tm): Ada for the Java Virtual Machine. 13751\newline 13752 13753\emph on 13754http://www.appletmagic.com 13755\layout Bibliography 13756\bibitem [AsmGofer]{AsmGofer} 13757 13758Joachim Schmid: AsmGofer. 13759\newline 13760 13761\emph on 13762http://www.tydo.org 13763\layout Bibliography 13764\bibitem [BCEL98]{BCEL98} 13765 13766Markus Dahm: Byte Code Engineering with the BCEL API. 13767 Freie Universit�t Berlin, Institut f�r Informatik. 13768 Technical Report B-17-98. 13769\layout Bibliography 13770\bibitem [BCEL-WWW]{BCEL-WWW} 13771 13772Markus Dahm: Byte Code Engineering Library. 13773\emph on 13774 13775\newline 13776http://bcel.sourceforge.net 13777\layout Bibliography 13778\bibitem [BCV-Soundness]{BCV-Soundness} 13779 13780Cornelia Pusch: Proving the Soundness of a Java Bytecode Verifier Specification 13781 in Isabelle/HOL. 13782 Technische Universit�t M�nchen, Institut f�r Informatik. 13783 13784\newline 13785 13786\emph on 13787http://www.in.tum.de/~pusch/ 13788\layout Bibliography 13789\bibitem [C]{C} 13790 13791Brian W. 13792 Kerninghan, Dennis M. 13793 Ritchie: The C Programming Language, Second Edition, ANSI C. 13794 Prentice-Hall 1998, ISBN 0131103628. 13795\layout Bibliography 13796\bibitem [CPP-D]{CPP-D} 13797 13798Bjarne Stroustrup: Die C++ Programmiersprache. 13799 Addison-Wesly-Longman, 1998, ISBN 3-8273-1296-5. 13800\layout Bibliography 13801\bibitem [CPP-E]{CPP-E} 13802 13803Bjarne Stroustrup: The C++-Programming Language, Third Edition. 13804 Addison-Wesley 1997, ISBN 0-201-88954-4. 13805\layout Bibliography 13806\bibitem [D3]{D3} 13807 13808Guido Lang, Andreas Bohne: Delphi 3.0 lernen. 13809 Addison-Wesley-Longman 1997, ISBN 3-8273-1190-x. 13810\layout Bibliography 13811\bibitem [DesignPatterns]{DesignPatterns} 13812 13813Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides: Design Patterns 13814 Elements of Reusable Object-Oriented Software. 13815 Addison-Wesley 1995, ISBN: 0201633612. 13816\layout Bibliography 13817\bibitem [DragonBook]{DragonBook} 13818 13819Alfred V. 13820 Aho, Ravi Sethi, Jeffrey D. 13821 Ullman: Compilers: Principles, Techniques, and Tools. 13822 Addison-Wesley 1985, ISBN: 0201100886. 13823\layout Bibliography 13824\bibitem [EF]{EF} 13825 13826ElectricalFire. 13827\emph on 13828 13829\newline 13830http://www.mozilla.org/projects/ef/ 13831\layout Bibliography 13832\bibitem [f2j]{f2j} 13833 13834Keith Seymour: f2j - Fortran-to-Java Compiler. 13835\newline 13836 13837\emph on 13838http://cs.utk.edu/f2j/ 13839\layout Bibliography 13840\bibitem [Fong-WWW]{Fong-WWW} 13841 13842Philip W. 13843 L. 13844 Fong: The mysterious Pass One, first draft, September 2, 1997. 13845 13846\newline 13847 13848\emph on 13849http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/ JVM/pass1/ 13850\layout Bibliography 13851\bibitem [Fong2-WWW]{Fong2-WWW} 13852 13853Philip W. 13854 L. 13855 Fong: A Flaw with the Specification of the Invokeinterface Opcode. 13856 13857\newline 13858 13859\emph on 13860http://www.cs.sfu.ca/people/GradStudents/pwfong/personal/ JVM/invokeinterface/ 13861\layout Bibliography 13862\bibitem [FreundMitchell]{FreundMitchell} 13863 13864Stephen N. 13865 Freund, John Mitchell: A Formal Framework for the Java Bytecode Language 13866 and Verifier. 13867 Department of Computer Science, Stanford University. 13868 Stanford, CA 94305-9045. 13869 Appeared in OOPSLA '99. 13870\layout Bibliography 13871\bibitem [GCC-WWW]{GCC-WWW} 13872 13873GCC, The GNU compiler collection. 13874\emph on 13875 13876\newline 13877http://gcc.gnu.org 13878\layout Bibliography 13879\bibitem [GJ-WWW]{GJ-WWW} 13880 13881GJ. 13882 A Generic Java Language Extension. 13883\newline 13884 13885\emph on 13886http://www.cis.unisa.edu.au/~pizza/gj/ 13887\layout Bibliography 13888\bibitem [InnerSpec]{InnerSpec} 13889 13890Sun Microsystems: Inner Classes Specification. 13891\newline 13892 13893\emph on 13894http://java.sun.com/products/jdk/1.1/docs/guide/ 13895\newline 13896innerclasses/spec/innerclasses.doc.html 13897\layout Bibliography 13898\bibitem [J2ME-CLDCS]{J2ME-CLDCS} 13899 13900Sun Microsystems: J2ME 13901\latex latex 13902 13903\backslash 13904texttrademark 13905\latex default 13906\SpecialChar ~ 13907 Connected Limited Device Configuration Specification. 13908\newline 13909 13910\emph on 13911http://jcp.org/aboutJava/communityprocess/final/jsr030/ 13912\layout Bibliography 13913\bibitem [JBook]{JBook} 13914 13915Robert St�rk, Joachim Schmid, Egon B�rger: Java 13916\latex latex 13917 13918\backslash 13919texttrademark\SpecialChar ~ 13920 13921\latex default 13922 and the Java 13923\latex latex 13924 13925\backslash 13926texttrademark\SpecialChar ~ 13927 13928\latex default 13929 Virtual Machine. 13930 Springer-Verlag 2001, ISBN 3-540-42088-6. 13931\newline 13932 13933\emph on 13934http://www.inf.ethz.ch/~jbook/ 13935\layout Bibliography 13936\bibitem [JPaper]{JPaper} 13937 13938Robert F. 13939 St�rk, Joachim Schmid: Java bytecode verification is not possible. 13940 ETH Z�rich, Department of Computer Science 2000. 13941\emph on 13942 13943\newline 13944http://www.inf.ethz.ch/~staerk/pdf/jbv00.pdf 13945\layout Bibliography 13946\bibitem [JLectures]{JLectures} 13947 13948Robert F. 13949 St�rk: Java and the JVM: Definition and Verification (37-474). 13950\newline 13951 13952\emph on 13953http://www.inf.ethz.ch/~jbook/eth37474/ 13954\newline 13955http://www.inf.ethz.ch/~jbook/eth37474/javaBV.pdf 13956\layout Bibliography 13957\bibitem [JNS]{JNS} 13958 13959Robert Macgregor, Dave Durbin, John Owlett, Andrew Yeomans: JAVA 13960\latex latex 13961 13962\backslash 13963texttrademark 13964\latex default 13965\SpecialChar ~ 13966 Network Security. 13967 Prentice Hall 1998, ISBN 0137615299. 13968\layout Bibliography 13969\bibitem [JODE-WWW]{JODE-WWW} 13970 13971JODE is a java package containing a decompiler and an optimizer for java. 13972\newline 13973 13974\emph on 13975http://jode.sourceforge.net 13976\layout Bibliography 13977\bibitem [JustIce]{JustIce} 13978 13979Enver Haase: JustIce. 13980 A Free Class File Verifier for Java 13981\latex latex 13982 13983\backslash 13984texttrademark 13985\latex default 13986\SpecialChar ~ 13987.Freie Universit�t Berlin, Takustra�e 9, D-14195 Berlin; September 2001. 13988\newline 13989 13990\emph on 13991http://bcel.sourceforge.net/ 13992\newline 13993http://bcel.sourceforge.net/justice 13994\layout Bibliography 13995\bibitem [JVM]{JVM} 13996 13997Jon Meyer, Troy Downing: JAVA Virtual Machine. 13998 O'Reilly 1997, ISBN 1-56592-194-1. 13999\layout Bibliography 14000\bibitem [Kaffe-WWW]{Kaffe-WWW} 14001 14002Kaffe. 14003 Kaffe is a cleanroom, open source implementation of a Java virtual machine 14004 and class libraries. 14005\emph on 14006 14007\newline 14008http://www.kaffe.org 14009\layout Bibliography 14010\bibitem [KAWA-WWW]{KAWA-WWW} 14011 14012Kawa, the Java-based Scheme system. 14013\emph on 14014 14015\newline 14016http://http://www.gnu.org/software/kawa/ 14017\layout Bibliography 14018\bibitem [KDE]{KDE} 14019 14020KDE, the K desktop environment. 14021\newline 14022 14023\emph on 14024http://www.kde.org 14025\layout Bibliography 14026\bibitem [Kimera-WWW]{Kimera-WWW} 14027 14028The Kimera Verifier. 14029 14030\emph on 14031 14032\emph default 14033 14034\newline 14035Currently off-line because of a World Wide Web presentation rework. 14036\emph on 14037 14038\newline 14039http://kimera.cs.washington.edu/verifier.html 14040\newline 14041http://www-kimera.cs.washington.edu 14042\layout Bibliography 14043\bibitem [Kimera-TestingJVM]{Kimera-TestingJVM} 14044 14045Emin G�n Sirer: Testing Java Virtual Machines. 14046 An Experience Report on Automatically Testing Java Virtual Machines. 14047 University of Washington, Dept. 14048 of Computer Science and Engineering. 14049\newline 14050 14051\emph on 14052http://kimera.cs.washington.edu 14053\layout Bibliography 14054\bibitem [Kimera-ProdGram]{Kimera-ProdGram} 14055 14056Emin G�n Sirer, Brian N. 14057 Bershad: Using Production Grammars in Software Testing. 14058 University of Washington, Department of Computer Science. 14059\newline 14060 14061\emph on 14062http://kimera.cs.washington.edu 14063\layout Bibliography 14064\bibitem [kissme-WWW]{kissme-WWW} 14065 14066kissme. 14067 A free Java Virtual Machine. 14068\emph on 14069 14070\newline 14071http://kissme.sourceforge.net 14072\layout Bibliography 14073\bibitem [Krakatoa-WWW]{Krakatoa-WWW} 14074 14075Todd A. 14076 Proebsting, Scott A. 14077 Watterson: Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). 14078 The University of Arizona, Department of Computer Science. 14079\newline 14080 14081\emph on 14082http://www.cs.arizona.edu/people/saw/papers/Krakatoa-COOTS97.ps.Z 14083\layout Bibliography 14084\bibitem [langspec2]{langspec2} 14085 14086James Gosling, Bill Joy, Guy Steele, Gilad Bracha: The Java Language Specificati 14087on, Second Edition. 14088 Addison-Wesley 2000, ISBN 0201310082. 14089\layout Bibliography 14090\bibitem [M2]{M2} 14091 14092Niklaus Wirth: Programming in Modula-2, Fourth Edition. 14093 Springer-Verlag 1988, ISBN 3-540-50150-9. 14094\layout Bibliography 14095\bibitem [Mozilla]{Mozilla} 14096 14097Mozilla.org (The Mozilla Origanization): Mozilla. 14098\newline 14099 14100\emph on 14101http://www.mozilla.org 14102\layout Bibliography 14103\bibitem [Neuromancer]{Neuromancer} 14104 14105William Gibson: Neuromancer. 14106 Ace Books 1994, ISBN 0441000681. 14107\layout Bibliography 14108\bibitem [ORP-WWW]{ORP-WWW} 14109 14110Open Runtime Platform. 14111 A Platform For Bytecode System Research. 14112\newline 14113 14114\emph on 14115http://www.intel.com/research/mrl/orp/index.htm 14116\layout Bibliography 14117\bibitem [PL4JVM]{PL4JVM} 14118 14119Robert Tolksdorf: Programming Languages for the Java Virtual Machine. 14120\newline 14121 14122\emph on 14123http://www.robert-tolksdorf.de/vmlanguages.html 14124\layout Bibliography 14125\bibitem [PMG-WWW]{PMG-WWW} 14126 14127PMG. 14128 Poor Man's Genericity for Java. 14129 14130\newline 14131 14132\emph on 14133 14134\layout Bibliography 14135\bibitem [Qian]{Qian} 14136 14137Zhenyu Qian: A Formal Specification of Java 14138\latex latex 14139 14140\backslash 14141texttrademark 14142\latex default 14143\SpecialChar ~ 14144 Virtual Machine Instructions for Objects, Methods and Subroutines. 14145 Bremen Institute for Safe Systems (BISS), FB3 Informatik, Universit�t Bremen, 14146 D-28334 Bremen, Germany. 14147\layout Bibliography 14148\bibitem [SableVM-WWW]{SableVM-WWW} 14149 14150SableVM. 14151 A Bytecode Interpreter. 14152\emph on 14153 14154\newline 14155http://www.sablevm.org 14156\layout Bibliography 14157\bibitem [StataAbadi]{StataAbadi} 14158 14159Raymie Stata and Martin Abadi: A Type System for Java Bytecode Subroutines. 14160 In: ACM Transactions on Programming Languages and Systems, Vol. 14161 21, No. 14162 1, January 1999, Pages 90-137. 14163\layout Bibliography 14164\bibitem [Unknowable]{Unknowable} 14165 14166G.J. 14167 Chaitin: The Unknowable. 14168 Springer-Verlag 1999, ISBN 981-4021-72-5. 14169\newline 14170 14171\emph on 14172http://www.umcs.maine.edu/~chaitin/unknowable/ 14173\layout Bibliography 14174\bibitem [Unicode]{Unicode} 14175 14176The Unicode Consortium: The Unicode Standard, Version 2.0. 14177 Niso Press 1996, ISBN 0-201-48345-9. 14178\newline 14179 14180\emph on 14181http://www.unicode.org 14182\layout Bibliography 14183\bibitem [Yellin-WWW]{Yellin-WWW} 14184 14185Frank Yellin: Low Level Security in Java. 14186\emph on 14187 14188\newline 14189http://java.sun.com/sfaq/verifier.html 14190\layout Bibliography 14191\bibitem [VMSPEC2]{vmspec2} 14192 14193Tim Lindholm, Frank Yellin: The Java 14194\latex latex 14195 14196\backslash 14197texttrademark\SpecialChar ~ 14198 14199\latex default 14200 Virtual Machine Specification, Second Edition. 14201 Addison-Wesley 1999, ISBN 0-201-43294-4. 14202\the_end 14203