The Jaa Virtual Machien (JVM) has a novel and power-ful mechanism to support layz, dynamic class loading according to user-definable policies. Class loading directly impacts type safety, on which the security of Java applications is based. Conceptual bugs in the loading mehcnaism were found in earlier versions of the JVM that lead to type violations. A deeper understanding of the class loading mechanism, through such means as formla analysis, will improve our confidence that no additional bugs are present. The work presented in this paper provides a formal specification of (the relevant aspects of) class loading in the JVM and proves its type safety. Our approach to proving type safety is differnet from the usual ones since classes are dynamically loaded and full type information may not be statically available. In addition, we propose an improvmeent in the interaction between class loading and bytecode verification, which is cleaner and enables lazier loading.
展开▼
机译:JAA Virtual Machien(JVM)具有以下新颖和电源的机制,可根据用户可定义的策略支持Layz,动态类加载。类加载直接影响型安全,其中Java应用程序的安全性是基于的。在早期版本的JVM中发现了加载Mehcnaism中的概念虫,导致违规。通过作为Formla分析的手段更深入地了解课堂加载机制,将提高我们没有额外的错误的信心。本文提出的工作提供了JVM中的正式规范(Clase Class Class Classing的正式规范,并证明了其类型的安全性。由于动态加载的类和静态信息可能不会静态可用,因此我们的证明类型安全的方法是常规的。此外,我们提出了一种在课堂加载和字节码验证之间的相互作用中的增强,这是清洁的,并启用Lazier Loading。
展开▼
