A formal specification of Java class loading

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A formal specification of Java class loading

Full text

Pdf (241 KB)

Source

Conference on Object Oriented Programming Systems Languages and Applications archive
Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications table of contents

Minneapolis, Minnesota, United States

Pages: 325 - 336

Year of Publication: 2000

ISBN:1-58113-200-X

Also published in ...

Authors

Zhenyu Qian	Kestrel Institute, 3260 Hillview Avenue, Palo Alto, CA
Allen Goldberg	Shoulders Corp., 800 West El Camino Real, Mountain View, CA and Kestrel Institute, 3260 Hillview Avenue, Palo Alto, CA
Alessandro Coglio	Kestrel Institute, 3260 Hillview Avenue, Palo Alto, CA

Sponsor

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 51, Citation Count: 9

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/353171.353193 What is a DOI?

ABSTRACT

The Java Virtual Machine (JVM) has a novel and powerful mechanism to support lazy, dynamic class loading according to user-definable policies. Class loading directly impacts type safety, on which the security of Java applications is based. Conceptual bugs in the loading mechanism were found in earlier versions of the JVM that lead to type violations. A deeper understanding of the class loading mechanism, through such means as formal analysis, will improve our confidence that no additional bugs are present.The work presented in this paper provides a formal specification of (the relevant aspects of) class loading in the JVM and proves its type safety. Our approach to proving type safety is different from the usual ones since classes are dynamically loaded and full type information may not be statically available. In addition, we propose an improvement in the interaction between class loading and bytecode verification, which is cleaner and enables lazier loading.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	E. Borger and W. Schulte. Modular design for the Java virtual machine architecture. ftp://ftp.di.unipi.it/pub/Papers/boerger/ jvmarch.ps, 1999.
	2	G. Bracha. A critique of 'Security and dynamic loading in Java: A formalisation'. http://java.sun.com/people/gbracha /critique-jmt.html, 1999.
	3	Luca Cardelli, Program fragments, linking, and modularization, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.266-277, January 15-17, 1997, Paris, France [doi>10.1145/263699.263735]
	4	A. Coglio and A. Goldberg. Type safety in the JVM: Some problems in JDK 1.2.2 and proposed solutions. In Proc. ECOOP Workshop on Formal Techniques for Java Programs, 2000. Long version available at http://www.kestrel.edu/java.
	5	A. Coglio, A. Goldberg, and Z. Qian. Towards a provably-correct implementation of the JVM bytecode verifier. In Proc. OOPSLA'98 Workshop Formal Underpinnings of Java, 1998.
	6	Drew Dean, The security of static typing with dynamic linking, Proceedings of the 4th ACM conference on Computer and communications security, p.18-27, April 01-04, 1997, Zurich, Switzerland [doi>10.1145/266420.266428]
	7	S. Drossopoulou. Towards an abstract model of Java dynamic linking and verification. Department of Computing, Imperial College, London, UK.
	8	Philip W. L. Fong , Robert D. Cameron, Proof linking: an architecture for modular verification of dynamically-linked mobile code, Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering, p.222-230, November 01-05, 1998, Lake Buena Vista, Florida, United States
	9	Formal Methods Program - SRI Computer Science Laboratory. The PVS specification and verification system. http://pvs.csl.sri.com/, 1999.
	10	Neal Glew , Greg Morrisett, Type-safe linking and modular assembly language, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.250-261, January 20-22, 1999, San Antonio, Texas, United States [doi>10.1145/292540.292563]
	11	Allen Goldberg, A specification of Java loading and bytecode verification, Proceedings of the 5th ACM conference on Computer and communications security, p.49-58, November 02-05, 1998, San Francisco, California, United States [doi>10.1145/288090.288104]
	12	Li Gong, Inside Java 2 platform security architecture, API design, and implementation, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	13	James Gosling , Bill Joy , Guy L. Steele, The Java Language Specification, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1996
	14	T. Jensen , D. Le Métayer , T. Thorn, Security and Dynamic Class Loading in Java: A Formalization, Proceedings of the 1998 International Conference on Computer Languages, p.4, May 14-16, 1998
	15	Sheng Liang , Gilad Bracha, Dynamic class loading in the Java virtual machine, Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.36-44, October 18-22, 1998, Vancouver, British Columbia, Canada
	16	Tim Lindholm , Frank Yellin, Java Virtual Machine Specification, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	17	Zhenyu Qian, Standard fixpoint iteration for Java bytecode verification, ACM Transactions on Programming Languages and Systems (TOPLAS), v.22 n.4, p.638-672, July 2000 [doi>10.1145/363911.363915]
	18	Zhenyu Qian, A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines, Formal Syntax and Semantics of Java, p.271-312, January 1999
	19	Z. Qian, A. Goldberg, and A. Coglio. A formal specification of JavaTM class loading. Long version. http://www.kestrel.edu/java, 2000.
	20	V. Saraswat. Java is not type-safe. Technical report, AT&T Research, 1997. http://www.research.att.com/~vj/bug.html.
	21	A. Tozawa and M. Hagiya. Careful analysis of type spoofing. In JIT'99 Java-Informations-Tage 1999, Clemens H. Cap, Hrsg., Informatik aktuell, pages 290-296. Springer Verlag, 1999.
	22	A. Tozawa and M. Hagiya. New formalization of the JVM. http://nicosia.is.s.u-tokyo.ac.jp/members /miles/papers/cl-99.ps, 1999.

CITED BY 9

	Gleb Naumovich, A conservative algorithm for computing the flow of permissions in Java programs, ACM SIGSOFT Software Engineering Notes, v.27 n.4, July 2002
	Marcel Winandy , Armin B. Cremers , Hanno Langweg , Adrian Spalka, Protecting Java component integrity against Trojan Horse programs, Integrity and internal control in information systems V, Kluwer Academic Publishers, Norwell, MA, 2003
	Sonia Fagorzi , Elena Zucca , Davide Ancona, Modeling multiple class loaders by a calculus for dynamic linking, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
	Stephen N. Freund , John C. Mitchell, A Type System for the Java Bytecode Language and Verifier, Journal of Automated Reasoning, v.30 n.3-4, p.271-321, 2003
	Philip W. L. Fong, Pluggable verification modules: an extensible protection mechanism for the JVM, ACM SIGPLAN Notices, v.39 n.10, October 2004
	Alexander Ahern , Nobuko Yoshida, Formalising Java RMI with explicit code mobility, ACM SIGPLAN Notices, v.40 n.10, October 2005
	Akihiko Tozawa , Masami Hagiya, Formalization and Analysis of Class Loading in Java, Higher-Order and Symbolic Computation, v.15 n.1, p.7-55, March 2002
	Pieter H. Hartel , Luc Moreau, Formalizing the safety of Java, the Java virtual machine, and Java card, ACM Computing Surveys (CSUR), v.33 n.4, p.517-558, December 2001
	Alexander Ahern , Nobuko Yoshida, Formalising Java RMI with explicit code mobility, Theoretical Computer Science, v.389 n.3, p.341-410, December, 2007