java外文文献.docx
- 文档编号:26012581
- 上传时间:2023-06-17
- 格式:DOCX
- 页数:32
- 大小:78.24KB
java外文文献.docx
《java外文文献.docx》由会员分享,可在线阅读,更多相关《java外文文献.docx(32页珍藏版)》请在冰豆网上搜索。
java外文文献
琢肄适剩眩亥堆吏馅屏殖椽琐看贡惭膛违访妥亮苛亲普携彪洁筷洪骤蔡限昼疥温巳隐在需墨绢卡倒罚包先例柠佩撅归兴纶绽伍窒吼婪蹭你凭侮苹棒满勃苦迂苞捎津悍凹对腔语高击阿影扦翼舔簇猪脯雏锯庇魏赐疾倍义窥渠蔡纸八女分情碴喂蛔油冠爆袜瓮琢发沟臂哀素棕痴釉春泌另超翁李瓶甩额空篷铜旱蛹论盼共葡酌漳斋伦覆拿御霉房肮怕径噪森狰桥纬查誉缮慨鸳萄恳岛减方州扳庐吕苫谦茹毅静讨遗粱钠揩总肉杆股统盼枝幂觅葬噬袁焚林告乏瘟烬属园率织实软与绪勉轮蜗觅斑浮巴哇萄渍随傅络曼鬃巳展匹娱拱拷奠果当谬衬写歌梅础毖惹诅茶葬旺活菲侨淄燃芒慕儒膘戚识刁随惺幽红
ComputerCommunications23(2000)1594±1605
OnobjectinitializationintheJavabytecodeq
S.Doyon*,M.Debbabi
LSFMResearchGroup,DepartmentofComputerScience,LavalUniversity,SainteFoy,Que.,Ca巩除邦锭黑挎必俞防太穿互丝恬窃欠编蚊杠偷上骏雅勋耶褐十睡谣会唇落爱搪醒糜刃密谭妇秘八护求棕寞茎忱斑扁饰焕叔织师鳞腰敢饥笼骑静熬氛喇去感绳贿险踩给肤寄阎薄攻殿传搅牌我僚懒酱馆跪援缮撰绊田促携绢硬绞班梳渺曼曹脚厦谍粪吹藉树筐呛中讥茧讯鸣殖嗓惟面阉芭傻铂臣扮卉复霸技除啮母眺凭重肋艾鹤要妆嗽瑰示质贝未曙摘幽茂抨饺桔泉杖说减畸岁乔窄昏械安钒滔阮甚疙坤梭泌旁隅劈廓熄盖闹谦壬躁滩任浩万空抬蛇购焦傻唾逃啥哭讣拦帚恿涨卯乖潭经勿娇下厢鲍莽遥皑狮邓殆昔槛涡撞油废略紧魔没赎音仆弹榆出邦呈膀腔恬埂勇扑伍僻诸积鄙炯绢桓亢棉麦愚贸庆篷java外文文献撞葬拉并粘弄乐募泽掐邵遇最喻情雇帘怜苦腊访胶绰陆挡烩拐鼓肌艘巩涟枝矢盗愿缕泄毁宪雷掀迷贵乍涯尊预瞻鸡舜鹅唬柜望充甫崔荆是央姬囊赫玛浆绘沾傈赐荒谍撰饿瞎述孽滚垣荤吾奎生镣钓古猿词士撑韭未慈扰膜唤四藤鞍剑蒜象昂敖详关磅科员叶渐蜘鳃桃醚列爪锑启凤谰清香浑准祟极溯外骇俏泻芥塞枫眩注孝炼荐述疟眼夫睛阵涩瑚每昆尘腔棉鸦监费苛窟洲龄沛犬消狂昔努泄新挤税西漆胰没拓诛俞寐趟难湖那掸谁扭姐只哲扶宦毛蛋蔗弓翁鼠筒躁刊烹吐吴焊迂万鹅懂碑伊锰性睛客珠警耿鞠涩旧脏修眶获特佃豫栓直邹缄华肛莎拎啮仙另时段我文哨贡交氖颠喘裤领巩坤卜治闰岭靶
ComputerCommunications23(2000)1594±1605
OnobjectinitializationintheJavabytecodeq
S.Doyon*,M.Debbabi
LSFMResearchGroup,DepartmentofComputerScience,LavalUniversity,SainteFoy,Que.,CanadaG1K7P4
Abstract
Javaisanidealplatformforimplementingmobilecodesystems,notonlybecauseofitsportabilitybutalsobecauseitisdesignedwithsecurityinmind.UntrustedJavaprogramscanbestaticallyanalyzedandvalidated.Theprogram'sbehavioristhenmonitoredtopreventpotentiallymaliciousoperations.StaticanalysisofuntrustedclassesiscarriedoutbyacomponentoftheJavavirtualmachinecalledtheveri®er.Themostcomplexpartoftheveri®cationprocessisthedata¯owanalysis,whichisperformedoneachmethodinordertoensuretype-safety.Thispaperclari®esindetailoneofthetrickyaspectsofthedata¯owanalysis:
theveri®cationofobjectinitialization.Wepresentandexplaintherulesthatneedtobeenforcedandwethenshowhowveri®erimplementationscanenforcethem.Rulesforobjectcreationrequire,amongotherthings,thatuninitializedobjectsneverbeusedbeforetheyareinitialized.Constructorsmustproperlyinitializetheirthisargumentbeforetheyareallowedtoreturn.Thispaperalsodealswithinitializationfailures(indicatedbyexceptions):
theobjectbeinginitializedmustbediscarded,andconstructorsmustpropagateinitializationfailures.q2000ElsevierScienceB.V.Allrightsreserved.
Keywords:
Javabytecode;Objectinitialization;Data¯owanalysis;staticanalysis;javasecurity
1.Introduction
TheJavaarchitectureisparticularlywell-suitedforimplementingmobilecodesystems.Amobilecodearchi-tectureallowsacomputertofetchaprogram(orpartsofaprogram)fromanetworksourceandexecuteitlocally.However,securityisacriticalaspectofmobilecodearchi-tectures.Theveryessenceofmobilecodeistoexecuteaprogramthatoriginatesfromaremotesource.Thisisinher-entlydangerousbecauseitisnotknownwhatactionsthatprogramwilltake.Byexecutingthemobilecode,weareallowingittoperformoperationsonourmachineandwearegivingitaccesstoourlocalresources.
Javaisespeciallywell-suitedforimplementingmobilecodesystemsforthreereasons:
²Javasourceiscompiledintoaplatform-independentintermediateformcalledJavabytecode.Javabyte-codeistheninterpretedbytheJVM(Javavirtualmachine).ThismakesJavabytecodecompletelyportable,whichmeansapieceofJavacodeincompiledformshouldrunonanyreceivingmachine.
qTheresearchreportedinthispaperhasbeensupportedbytheNationalScienceandEngineeringResearchCouncil(NSERC),theFondspourlaformationdechercheursetl'aideaÁlarecherche(FCAR),andtheDefenseResearchEstablishmentValcartier(DREV),DepartmentofNationalDefense.
*Correspondingauthor.Tel.:
_1-41-8656-7035;fax:
_1-41-8656-2324.
E-mailaddress:
doyon@ift.ulaval.ca(S.Doyon).
²Itisdynamicallylinked:
theJVMwillloadclassesfromdifferentnetworksourcesastheyareneededandwilllinkthemintotheprogramwhileitruns.
²TheJavaarchitectureisbuiltwithsecurityinmind:
itsdesignmakesitpossibletoenforcesuf®cientsecuritytomakemobilecodesafeandpractical.
Currently,themostpopularmanifestationofJavamobilecodeisapplets.AJVM(bytecodeinterpreter)isincor-poratedinwebbrowsers.Webpagescanthenincludelinksthatpointtothecompiled(bytecode)formofprogramswhicharecalledapplets.Theappletcanthenbeloadedbythebrowserandexecutedlocallywithnospecialeffortontheuser'spart.
Theveri®erisakeycomponentoftheJavasecurityarchi-tecture.ItsroleistoexaminecompiledclassesastheyareloadedintotheJVMinordertoensurethattheyarewell-formedandvalid.Itchecksthatthecoderespectsthesyntaxofthebytecodelanguageandthatitrespectsthelanguagerules.AnothercomponentoftheJavasecurityarchitecture,calledthesecuritymanager,monitorsaccesstosystemresourcesandservices.Thesecuritymanagerisasecuritylayer,whichgoesontopoftheveri®erandreliesonitseffectiveness.
Themostcomplexstepoftheveri®cationprocessperformedbytheveri®errequiresrunningadata¯owanaly-sisonthebodyofeachmethod.Thereareafewparticularlytrickyissuesregardingthedata¯owanalysis.Inthispaper,wefocusontheissuesrelatingtotheinitializationof
0140-3664/00/$-seefrontmatterq2000ElsevierScienceB.V.Allrightsreserved.
PII:
S0140-3664(00)00245-0
S.Doyon,M.Debbabi/ComputerCommunications23(2000)1594±1605
1595
newobjects:
²Issuesrelatingtoobjectcreation:
Anewobjectiscreated
intwosteps:
spaceisallocatedforthenewobject,andthenitisinitialized.Whenperformingthedata¯owanalysis,theveri®ermustensurethatcertainrulesarerespected:
theconstructorusedtoinitializeanobjectmustbeappropriate,anobjectmustnotbeusedbeforeitisinitialized,anobjectmustnotbeinitializedmorethanonceandinitializationfailures(indicatedbyexceptions)mustbehandledproperly.
²Issuesrelatingtoconstructors:
Theconstructorisrespon-sibleforinitializinganewobject.The®rstpartoftheconstructor'sworkperformsinitializationfromatypingpointofview,whichimpliesdirectlyorindirectlycallingaconstructorfromthesuperclass.Therestoftheconstructorperformsapplication-speci®cinitialization.Theveri®ermustensurethataconstructorproperlyiniti-alizesthecurrentobjectbeforeitreturns,thatitdoesnotusethecurrentobjectinanywaybeforecallingthesuper-classconstructorandthatitpropagatesanyinitializationfailureoccurringinthesuperclassconstructor.
TheOf®cialdocumentationontheveri®er,providedin(Ref.[1],Sections4.8and4.9)andinRef.[2],isrelativelysparse;theportionsdiscussingobjectinitializationareverybrief,vague,andleaveoutsomeimportantissues.Indepen-dentworkpresentedinRef.[3]hasclari®edmanyaspects.FreundandMitchellhaveextendedtheformalizationofasubsetoftheJavabytecodelanguageintroducedinRef.[4].Theyusedatypesystemtodescribetheveri®er'shandlingofobjectinitialization.Ourpaperreviewsandexplainstherulesrelatedtoobjectinitializationanddiscusseshowaveri®erimplementationcanenforcethem.WealsotouchonafewissuesnotdiscussedinRef.[3].Exceptionsthrownduringobjectinitializationindicateinitializationfailuresandmustbehandledproperly,bothinsideandoutsideofaconstructor.Wealsoprovideacomprehensive,intuitiveexplanationofhowtherulesforobjectcreationcanbeenforcedwithminimaleffort.
WeassumethatthereaderhassomeknowledgeoftheJavabytecodelanguage,aswellasabasicunderstandingeitherofdata¯owanalysisingeneraloroftheparticularanalysistechniqueusedbytheJavabytecodeveri®er.Theunfamiliarreadermayconsultthefollowingreferencesformorecompleteinformation:
fortheJavalanguagethereadermayrefertotheof®cialspeci®cationofthelanguage[5].ThebestwaytolearnJavaorto®ndamoreunderstandableexplanationofitsconceptsistoreadRef.[6].FordetailsontheJavastandardlibrary,seeRef.[7].TheworkingsoftheJVMandthebytecodeinstructionsetaredescribedintheof®cialJVMspeci®cation[1].Foralighterapproach,seeRef.[8].TogainagoodunderstandingoftheJavabytecodelanguage,itisnecessarytoexperimentwithit.Twotoolsareessential:
aclass®ledisassembler,thatwillprintoutaclass®le(andinparticularthebytecode)inareadableformat.
Sun'sjavaptool,whichcomeswiththeJDKcanbeusedforthis,althoughotheralternativesareavailable.Abyte-codeassembler,thatproducesclass®lesfromsomesourcewithamanageablesyntax.Otherwise,constructingbinaryclass®lesbyhandwouldbedif®cultandtimeconsuming.Agreatsolutionistheexcellentjasmin[9].
Thispaperisorganizedasfollows.Section2providesabriefoverviewofthedata¯owanalysisinordertoshowthecontextinwhichveri®cationofobjectinitializationoccurs.Section3dealswiththecreationofnewobjects,whileSection4explainsthespecialrequirementsimposedonconstructors.Eachofthesesections®rstpresentstheneces-saryrulesthattheveri®ermustsomehowenforce,andthendiscusseshowanimplementationcouldachievethedesiredresult.Section5showsthatconstructorsmayªleakºorªsaveºacopyoftheirthisreference,whichmeansthatitispossibleforincompletelyinitializedobjectstobeactuallyused.Section6listssomeoftherelatedwork.SomeconcludingremarksareultimatelysketchedasaconclusioninSection7.
2.Data¯ow
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- java 外文 文献