On object initialization in the Java bytecode

8 years 4 months ago
On object initialization in the Java bytecode
Java is an ideal platform for implementing mobile code systems, not only because of its portability but also because it is designed with security in mind. Untrusted Java programs can be statically analyzed and validated. The program's behavior is then monitored to prevent potentially malicious operations. Static analysis of untrusted classes is carried out by a component of the Java virtual machine called the verifier. The most complex part of the verification process is the dataflow analysis, which is performed on each method in order to ensure type-safety. This paper clarifies in detail one of the tricky aspects of the dataflow analysis: the verification of object initialization. We present and explain the rules that need to be enforced and we then show how verifier implementations can enforce them. Rules for object creation require, among other things, that uninitialized objects never be used before they are initialized. Constructors must properly initialize their this argumen...
Stephane Doyon, Mourad Debbabi
Added 17 Dec 2010
Updated 17 Dec 2010
Type Journal
Year 2000
Authors Stephane Doyon, Mourad Debbabi
Comments (0)