|
|
Recommended: Sing it, brah! 5 fabulous songs for developers
JW's Top 5
Featured White Papers
- Measuring Risk to Improve Java Software Quality
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
-
Graph databases are 1000x faster than relational.
Learn More!
-
Career opportunities at Harman- Careers That'll Rock Your Socks Off.
Learn More!
-
Developer-friendly Java PDF libraries by Qoppa Software
Live Demos
-
Stop blaming your app! Diagnose Java performance issues.
Free tool >
-
UrbanCode: Go From Continuous Integration to
Continuous DeliveryLearn More!
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Security and the class verifier
A look at the role played by the class verifier in the JVM's overall security model
Page 3 of 6
The bytecode streams that represent Java methods are a series of one-byte instructions, called opcodes, each of which may be followed by one or more operands. The operands supply extra data needed by the Java virtual machine to execute the opcode instruction. The activity of executing bytecodes, one opcode after another, constitutes a thread of execution inside the Java virtual machine. Each thread is awarded its own Java stack, which is made up of discrete frames. Each method invocation gets its own frame, a section of memory where it stores, among other things, local variables and intermediate results of computation. The part of the frame in which a method stores intermediate results is called the method's operand stack. An opcode and its (optional) operands may refer to the data stored on the operand stack or in the local variables of the method's frame. Thus, the virtual machine may use data on the operand stack, in the local variables, or both, in addition to any data stored as operands following an opcode when it executes the opcode.
The bytecode verifier does a great deal of checking. It checks to make sure that no matter what path of execution is taken to get to a certain opcode in the bytecode stream, the operand stack always contains the same number and types of items. It checks to make sure no local variable is accessed before it is known to contain a proper value. It checks that fields of the class are always assigned values of the proper type, and that methods of the class are always invoked with the correct number and types of arguments. The bytecode verifier also checks to make sure that each opcode is valid, that each opcode has valid operands, and that for each opcode, values of the proper type are in the local variables and on the operand stack. These are just a few of the many checks performed by the bytecode verifier, which is able, through all its checking, to verify that a stream of bytecodes is safe for the JVM to execute.
Phase two: Verification of symbolic references
Although phase one of verification likely takes place soon after the JVM loads a class file, phase two is delayed until the bytecodes contained in the class file actually are executed. Phase two verifies symbolic references. A symbolic reference is a character string that gives the name and possibly other information about the referenced item -- enough information to uniquely identify a class, field, or method. Thus, symbolic references to other classes give the full name of the class. Symbolic references to the fields of other classes give the class name, field name, and field descriptor. Symbolic references to the methods of other classes give the class name, method name, and method descriptor.
During phase two, the JVM follows the references from the class file being verified to the referenced class files, to make sure the references are correct. Because phase two has to look at other classes external to the class file being checked, phase two may require that new classes be loaded. Most JVM implementations will likely delay loading classes until they actually are used by the program.
- Feedback
More from JavaWorld
Resources
- The book The Java virtual machine Specification (http://www.aw.com/cp/lindholm-yellin.html), by Tim Lindholm and Frank Yellin (ISBN 0-201-63452-X), part of The Java Series (http://www.aw.com/cp/javaseries.html), from Addison-Wesley, is the definitive Java virtual machine reference.
- Secure Computing with JavaNow and the Future (a whitepaper)http://www.javasoft.com/marketing/collateral/security.html
- Applet Security FAQ
http://www.javasoft.com/sfaq/ - Low Level Security in Java, by Frank Yellin http://www.javasoft.com/sfaq/verifier.html
- The Java Security Home Page
http://www.javasoft.com/security/ - See the Hostile Applets Home Page
http://www.math.gatech.edu/~mladue/HostileApplets.html - The book Java SecurityHostile Applets, Holes, and Antidotes, by Dr. Gary McGraw and Ed Felton, gives a thorough analysis of security issues surrounding Java. http://www.rstcorp.com/java-security.html
- An online version of the Java Language Specification is available at http://www.javasoft.com/docs/books/jls/html/index.html
- Previous "Under The Hood" articles:
- The Lean, Mean Virtual Machine -- Gives an introduction to the Java virtual machine.
- The Java Class File Lifestyle -- Gives an overview of the Java class file, the file format into which all Java programs are compiled.
- Java's Garbage- Collected Heap -- Gives an overview of garbage collection in general and the garbage-collected heap of the Java virtual machine in particular.
- Bytecode Basics -- Introduces the bytecodes of the Java virtual machine, and discusses primitive types, conversion operations, and stack operations in particular.
- Floating Point Arithmetic -- Describes the Java virtual machine's floating-point support and the bytecodes that perform floating point operations.
- Logic and Arithmetic -- Describes the Java virtual machine's support for logical and integer arithmetic, and the related bytecodes.
- Objects and Arrays -- Describes how the Java virtual machine deals with objects and arrays, and discusses the relevant bytecodes.
- Exceptions -- Describes how the Java virtual machine deals with exceptions, and discusses the relevant bytecodes.
- Try-Finally -- Describes how the Java virtual machine implements try-finally clauses, and discusses the relevant bytecodes.
- Control Flow -- Describes how the Java virtual machine implements control flow and discusses the relevant bytecodes.
- The Architecture of Aglets -- Describes the inner workings of aglets, IBM's autonomous Java-based software agent technology.
- The Point of Aglets -- Analyzes the real-world utility of mobile agents such as aglets, IBM's autonomous Java- based software agent technology.
- Method Invocation and Return -- Describes the four ways the Java virtual machine invokes methods, including the relevant bytecodes.
- Thread Synchronization -- Shows how thread synchronization works in the Java virtual machine. Discusses the bytecodes for entering and exiting monitors.
- Java's Security Architecture -- Gives an overview of the security model built into the JVM and looks at the JVM's built-in safety features.
- Security and the Class Loader Architecture -- Describes class loaders and shows how the fit into Java's overall security model.
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2013 Infoworld, Inc. All rights reserved.