WWW:Beyond the Basics

14 Java Security

14.4 Java Security Features

14.4.4 Bytecode Verification

Eventhough the compiler performs thorough type checking, there is still the possibility of attack via the use of a hostile compiler. The browsers that download the class files do not know if the bytecodes were produced by a trustworthy Java compiler. So all class files brought in across the network are subjected to verification. The verifier ensures that the class file have the correct format. The bytecodes are verified using a simple theorem prover which establishes a set of "structural constraints" on the bytecodes. The following are some checks that are made:

The bytecode verifier enhances the performance of the interpreter. Runtime checks that would otherwise have to be performed for each interpreted instruction can be eliminated. The interpreter assumes that these checks have been already made. [Yellin]

The bytecode is in linear form, so type checking requires global dataflow analysis similar to the back end of an optimizing compiler; this analysis is complicated further by the existence of exceptions and exception handlers. The verifier must show that all possible execution paths have the same virtual machine configuration - a much more complicated problem and prone to error. The present type verifier cannot be proved correct, because it does not have a formal description.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved

Vijay Sureshkumar <vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996