-
Softw., Pract. Exper. 01/2009; 39:923-946.
-
ACM Trans. Program. Lang. Syst. 01/2008; 30.
-
TACO. 01/2007; 4.
-
Software Engineering 2007, Fachtagung des GI-Fachbereichs Softwaretechnik, 27.-30.3.2007 in Hamburg; 01/2007
-
IJES. 01/2007; 3:17-30.
-
[show abstract]
[hide abstract]
ABSTRACT: We present a just-in-time compiler for a Java VM that is small enough
to fit on resource-constrained devices, yet is surprisingly effective.
Our system dynamically identifies traces of frequently executed bytecode
instructions (which may span several basic blocks across several
methods) and compiles them via Static Single Assignment (SSA) construction.
Our novel use of SSA form in this context allows to hoist instructions
across trace side-exits without necessitating expensive compensation
code in off-trace paths. The overall memory consumption (code and
data) of our system is only 150 kBytes, yet benchmarks show a speedup
that in some cases rivals heavy-weight just-in-time compilers.
New York, NY, USA; 01/2006
-
ACM Comput. Surv. 01/2005; 37:195-237.
-
Sci. Comput. Program. 01/2005; 57:275-294.
-
Electr. Notes Theor. Comput. Sci. 01/2005; 131:27-38.
-
Electr. Notes Theor. Comput. Sci. 01/2005; 141:85-102.
-
01/2004;
-
[show abstract]
[hide abstract]
ABSTRACT: The safety of the Java Virtual Machine is founded on bytecode verification. Although verification complexity appears to roughly correlate with program size in the average case, its worst-case behavior is quadratic. This can be exploited for denial-of-service attacks using relatively short programs (applets or agents) specifically crafted to keep the receiving virtual machine's verifier busy for an inordinate amount of time.
01/2004;
-
Proceedings of the New Security Paradigms Workshop 2004, September 20-23, 2004, Nova Scotia, Canada; 01/2004
-
ECOOP 2004 - Object-Oriented Programming, 18th European Conference, Oslo, Norway, June 14-18, 2004, Proceedings; 01/2004
-
Proceedings of the 3rd Virtual Machine Research and Technology Symposium, May 6-7, 2004, San Jose, CA, USA; 01/2004
-
[show abstract]
[hide abstract]
ABSTRACT: We are in the midst of a paradigm shift toward component-oriented software development, and significant progress has been made in understanding and harnessing this new paradigm. Somewhat strangely then, the new paradigm does not currently extend all the way down to how the components themselves are constructed. While we have composition architectures and languages that describe how systems are put together out of such atomic program parts, the parts themselves are still constructed based on a previous paradigm, object-oriented programming. We argue that this represents a mismatch that is holding back compositional software design: many of the assumptions that underly object-oriented systems simply do not apply in the open and dynamic contexts of component software environments. What, then, would a programming language look like that supported component-oriented programming at the smallest granularity? Our project to develop such a language, Lagoona, tries to provide an answer to this question. This paper motivates the new key concepts behind Lagoona and briefly describes their realization (using Lagoona itself as the implementation language) in the context of Microsoft's .NET environment.
12/2003;
-
Michael Franz,
Wolfram Amme,
Matthew Beers,
Niall Dalton,
Peter H. Fröhlich,
Vivek Haldar,
Andreas Hartmann,
Peter S. Housel,
Fermín Reig,
Jeffery von Ronne,
Christian H. Stork,
Sergiy Zhenochin
[show abstract]
[hide abstract]
ABSTRACT: Mobile programs can potentially be malicious. To protect itself, a host that receives such mobile programs from an untrusted party or via an untrusted network connection will want some kind of guarantee that the mobile code is not about to cause any damage. The traditional solution to this problem has been verification, by which the receiving host examines the mobile program to discover all its actions even before starting execution. Unfortunately, aside from consuming computing resources in itself, verification inhibits traditional compiler optimizations, making such verifiable mobile code much less efficient than native code. We have found an alternative solution by identifying a class of mobile-code representations in which malicious programs can simply not be encoded to begin with. In such an encoding, verification turns into an integral part of the decoding routine. Moreover, support for high-quality just-in-time code generation can be provided. We present two such encodings, one based on highly effective compression of abstract syntax trees, and another based on a reference-safe and type-safe variant of Static Single Assignment form.
Foundations of Intrusion Tolerant Systems. 12/2003;
-
[show abstract]
[hide abstract]
ABSTRACT: Modern and likely future architectures require compilers to perform extensive restructuring of programs during optimization. We have been building a system in which JVM bytecode is compiled off-line into an alternative, enhanced mobile-code format. This alternative format is still fully target-machine independent but can be more easily verified and compiled into native code. In particular, our approach permits shifting of analyses and optimizations to the code producer that, because of the necessity to perform bytecode verification, could only occur on the code consumer if JVM bytecode were used. Our approach naturally encompasses irreducible control flow, which can result from the use of bytecode optimizers, obfuscators and compilers for source languages other than Java. Our techniques are applicable beyond JVM bytecode.
12/2003;
-
[show abstract]
[hide abstract]
ABSTRACT: Java Bytecode Verification was so far mostly approached from a correctness perspective. Security vulnerabilities have been found repeatedly and were corrected shortly thereafter. However, correctness is not the only potential point of failure in the verifier idea. In this paper we construct Java code, which is correct, but requires an excessive amount of time to prove safety. In contrast to previous flaws in the bytecode verifier, the enabling property for this exploit lies in the verification algorithm itself and not in the implementation and is thus not easily fixable. We explain how this architectural weakness could be exploited for denial-of-service attacks on JVM-based services and devices.
12/2003;
-
[show abstract]
[hide abstract]
ABSTRACT: Optimizing compilers, including those in virtual machines, commonly utilize Static Single Assignment Form as their intermediate representation, but interpreters typically implement stack-oriented virtual machines. This paper introduces an easily interpreted variant of Static Single Assignment Form. Each instruction of this Interpretable Static Single Assignment Form, including the Phi Instruction, has self-contained operational semantics facilitating efficient interpretation. Even the array manipulation instructions possess directly-executable single-assignment semantics. In addition, this paper describes the construction of a prototype virtual machine realizing Interpretable Static Single Assignment Form and reports on its performance. CONTENTS i Contents 1
12/2003;
