Standard fixpoint iteration for Java bytecode verification

Java bytecode verification forms the basis for Java-based Internet security and needs a rigorous description. One important aspect of bytecode verification is to check if a Java Virtual Machine (JVM) program is statically well-typed. So far, several formal specifications have been proposed to define what the static well-typedness means. This paper takes a step further and presents a chaotic fixpoint iteration, which represents a family of fixpoint computation strategies to compute a least type for each JVM program within a finite number of iteration steps. Since a transfer function in the iteration is not monotone, we choose to follow the example of a nonstandard fixpoint theorem, which requires that all transfer functions are increasing, and monotone in case the bigger element is already a fixpoint. The resulting least type is the artificial top element if and only if he JVM program is not statically well-typed. The iteration is standard and close to Sun's informal specification and most commercial bytecode verifiers.

[1]  Zhenyu Qian,et al.  A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines , 1999, Formal Syntax and Semantics of Java.

[2]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[3]  Robert O'Callahn A Simple, Comprehensive Type System for Java Bytecode Subroutines , 1999, POPL.

[4]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[5]  Stephen N. Freund,et al.  A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[6]  Mark P. Jones The Functions of Java Bytecode , 1998 .

[7]  Masami Hagiya,et al.  On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines , 1998, SAS.

[8]  Liz Sonenberg,et al.  Fixed Point Theorems and Semantics: A Folk Tale , 1982, Inf. Process. Lett..

[9]  Bernhard Steffen,et al.  Non-monotone Fixpoint Iterations to Resolve Second Order Effects , 1996, CC.

[10]  Zhenyu Qian,et al.  Toward a provably-correct implementation of the JVM bytecode verifier , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Zhenyu Qian A Formal Speci cation of JavaTM VirtualMachine Instructions for Objects , Methodsand Subroutines ? , 1997 .

[12]  Allen Goldberg,et al.  A specification of Java loading and bytecode verification , 1998, CCS '98.

[13]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[14]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  Wolfram Schulte,et al.  Modular design for the Java virtual machine architecture , 2000 .

[17]  Peter Bertelsen,et al.  Semantics of Java Byte Code , 1997 .

[18]  J. Goguen,et al.  Order-Sorted Equational Computation , 1989 .

[19]  N. S. Barnett,et al.  Private communication , 1969 .

[20]  Robert O'Callahan,et al.  A simple, comprehensive type system for Java bytecode subroutines , 1999, POPL 1999.

[21]  P. Cousot,et al.  Constructive versions of tarski's fixed point theorems , 1979 .

[22]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[23]  Stephen N. Freund,et al.  A formal framework for the Java bytecode language and verifier , 1999, OOPSLA '99.

[24]  Tobias Nipkow Verified Bytecode Verifiers , 2001, FoSSaCS.

[25]  Phillip M. Yelland,et al.  A compositional account of the Java virtual machine , 1999, POPL '99.

[26]  Zhenyu Qian Least Types for Memory Locations in Java Tm Bytecode (extended Summary) , 1999 .

[27]  Cornelia Pusch,et al.  Proving the Soundness of a Java Bytecode Verifier Specification in Isabelle/HOL , 1999, TACAS.