Establishing structural testing criteria for Java bytecode

This paper describes intra‐method control‐flow and data‐flow testing criteria for the Java bytecode language. Six testing criteria are considered for the generation of testing requirements: four control‐flow and two data‐flow based. The main reason to work at a lower level is that, even when there is no source code, structural testing requirements can still be derived and used to assess the quality of a given test set. It can be used, for instance, to perform structural testing on third‐party Java components. In addition, the bytecode can be seen as an intermediate language, so the analysis performed at this level can be mapped back to the original high‐level language that generated the bytecode. To support the application of the testing criteria, we have implemented a tool named JaBUTi (Java Bytecode Understanding and Testing). JaBUTi is used to illustrate the application of the ideas developed in this paper. Copyright © 2006 John Wiley & Sons, Ltd.     

Reverse-engineering 1-n associations from Java bytecode using alias analysis

1-n associations are design language constructs that represent one-to-many structural invariants for objects. To implement 1-n associations, container classes, such as Vector in Java, are frequently used as programming language constructs. Many of the current CASE tools fail to reverse-engineer 1-n associations that have been implemented via containers because sophisticated analyses are required to infer the type of elements collected in containers. This paper presents a new approach to reverse-engineering 1-n associations from Java bytecode based on alias analysis. In our approach, 1-n associations are inferred by examining the abstract heap structure that is constructed by applying an alias analysis on inter-variable relationships extracted from assignments and method invocations of containers. Our approach handles container alias problem that has been neglected by previous techniques by approximating the relationships between containers and elements at the object level rather than analyzing only the bytecode. Our prototype implementation was used with a suite of well-known Java programs. Most of the 1-n associations were successfully reverse-engineered from hundreds of class files in less than 1 minute.     

An empirical study of Java bytecode programs

We present a study of the static structure of real Java bytecode programs. A total of 1132 Java jar‐files were collected from the Internet and analyzed. In addition to simple counts (number of methods per class, number of bytecode instructions per method, etc.), structural metrics such as the complexity of control‐flow and inheritance graphs were computed. We believe this study will be valuable in the design of future programming languages and virtual machine instruction sets, as well as in the efficient implementation of compilers and other language processors. Copyright © 2006 John Wiley & Sons, Ltd.     

PicoJava: a direct execution engine for Java bytecode

Key to the central promise inherent in Java technology-“write once, run anywhere”-is the fact that Java programs run on the Java virtual machine, insulating them from any contact with the underlying hardware. Consequently, Java programs must execute indirectly through a translation layer built into the Java virtual machine. Translation essentially converts Java virtual machine instructions (called bytecodes) into corresponding machine-specific binary instructions. Bytecode is a single image of a program that will execute identically (in principle) on any system equipped with a JVM. The first step toward the development of a new class of Java processors was the creation of the bytecode execution engine itself, called the picoJava core. PicoJava directly executes Java bytecode instructions and provides hardware support for other essential functions of the JVM. Executing bytecode instructions in hardware eliminates the need for dynamic translation, thus extending the useful range of Java bytecode programs to embedded environments. By the end of 1998, Java processors like Sun's microJava 701 should be available for evaluation from several licensees of the picoJava core technology     

Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis

Symbolic PathFinder (SPF) is a software analysis tool that combines symbolic execution with model checking for automated test case generation and error detection in Java bytecode programs. In SPF, programs are executed on symbolic inputs representing multiple concrete inputs and the values of program variables are represented by expressions over those symbolic inputs. Constraints over these expressions are generated from the analysis of different paths through the program. The constraints are solved with off-the-shelf solvers to determine path feasibility and to generate test inputs. Model checking is used to explore different symbolic program executions, to systematically handle aliasing in the input data structures, and to analyze the multithreading present in the code. SPF incorporates techniques for handling input data structures, strings, and native calls to external libraries, as well as for solving complex mathematical constraints. We describe the tool and its application at NASA, in academia, and in industry.     

Compiling lazy functional programs to Java bytecode

The Java Virtual Machine (JVM) was designed as the target for Java compilers, but there is no reason why it cannot be used as the target for other languages. We describe the implementation of a compiler which translates a lazy, weakly‐typed functional program into Java class files. We compare the performance of our compiler to the only other known compiler from a lazy functional language to the JVM. The results are broadly similar, suggesting that to get a significant performance speed‐up using this compilation paradigm will come only from increasing the performance of the JVM, rather than enhancing the compiler itself. Copyright © 1999 John Wiley & Sons, Ltd.     

Improving the official specification of Java bytecode verification

Bytecode verification is the main mechanism to ensure type safety in the Java Virtual Machine. Inadequacies in its official specification may lead to incorrect implementations where security can be broken and/or certain legal programs are rejected. This paper provides a comprehensive analysis of the specification, along with concrete suggestions for improvement. Copyright © 2003 John Wiley & Sons, Ltd.     

Checking secure information flow in Java bytecode by code transformation and standard bytecode verification

A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type‐level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information flow in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright © 2004 John Wiley & Sons, Ltd.     

基于缓存策略的Java卡字节码校验

作为一种不可靠的可下载Java程序， Java卡的字节码校验是安全的嵌入式系统所不可缺少的一个部分。由于Java卡本身的空间和运算器的限制，传统的字节码校验并不可取。采用非易失性存储器作为主存， RAM中的一部分空间作为缓存器，并且给出一种相应的Cache调度策略算法，尝试实现一种在卡上的Java卡的字节码校验算法，并且证明了该算法具有较好的可移植性和实现性。     

基于数据流的Java字节码分析

本文基于数据流框架理论,提出了如何将数据流分析方法应用于JAVA字节码中,通过建立数据流与半格、数据流和函数调用图的关系,从而对类型信息进行分析.实验表明该数据流分析方法能够对文件中的类型信息进行较精确的分析.     

一种可检测Java程序盗版的动态胎记技术

针对Java程序易盗版的特点,提出了一种新的动态软件胎记技术。首先将Java程序进行转换得到其字节码集合U,然后利用动态程序切片技术得到U在特定输入I下的子集S,最后采用k-gram胎记提取算法得到S的一个特征值序列作为软件胎记。实验分析显示这种胎记能很好地抵抗各种程序变换攻击,具有很强的置信性和鲁棒性,并能有效地检测程序盗版行为。     

Decompilation of Java bytecode to Prolog by partial evaluation

Reasoning about Java bytecode (JBC) is complicated due to its unstructured control-flow, the use of three-address code combined with the use of an operand stack, etc. Therefore, many static analyzers and model checkers for JBC first convert the code into a higher-level representation. In contrast to traditional decompilation, such representation is often not Java source, but rather some intermediate language which is a good input for the subsequent phases of the tool. Interpretive decompilation consists in partially evaluating an interpreter for the compiled language (in this case JBC) written in a high-level language with respect to the code to be decompiled. There have been proofs-of-concept that interpretive decompilation is feasible, but there remain important open issues when it comes to decompile a real language such as JBC. This paper presents, to the best of our knowledge, the first modular scheme to enable interpretive decompilation of a realistic programming language to a high-level representation, namely of JBC to Prolog. We introduce two notions of optimality which together require that decompilation does not generate code more than once for each program point. We demonstrate the impact of our modular approach and optimality issues on a series of realistic benchmarks. Decompilation times and decompiled program sizes are linear with the size of the input bytecode program. This demonstrates empirically the scalability of modular decompilation of JBC by partial evaluation.     

Visualizing trace of Java collection APIs by dynamic bytecode instrumentation

Object-oriented languages are widely used in software development to help the developer in using dynamic data structures which evolve during program execution. However, the task of program comprehension and performance analysis necessitates the understanding of data structures used in a program. Particularly, in understanding which application programming interface (API) objects are used during runtime of a program. The objective of this work is to give a compact view of the complete program code information at a single glance and to provide the user with an interactive environment to explore details of a given program. This work presents a novel interactive visualization tool for collection framework usage, in a Java program, based on hierarchical treemap. A given program is instrumented during execution time and data recorded into a log file. The log file is then converted to extensible markup language (XML)-based tree format which proceeds to the visualization component. The visualization provides a global view to the usage of collection API objects at different locations during program execution. We conduct an empirical study to evaluate the impact of the proposed visualization in program comprehension. The experimental group (having the proposed tool support), on average, completes the tasks in 45% less time as compared to the control group (not provided with the proposed tool). Results show that the proposed tool enables to comprehend more information with less effort and time. We have also evaluated the performance of the proposed tool using 20 benchmark software tools. The proposed tool is anticipated to help the developer in understanding Java programs and assist in program comprehension and maintenance by identifying APIs usage and their patterns.     

Using abstract interpretation to add type checking for interfaces in Java bytecode verification

Java interface types support multiple inheritance. Because of this, the standard bytecode verifier ignores them, since it is not able to model the class hierarchy as a lattice. Thus, type checks on interfaces are performed at run time. We propose a verification methodology that removes the need for run-time checks. The methodology consists of: (1) an augmented verifier that is very similar to the standard one, but is also able to check for interface types in most cases; (2) for all other cases, a set of additional simpler verifiers, each one specialized for a single interface type. We obtain these verifiers in a systematic way by using abstract interpretation techniques. Finally, we describe an implementation of the methodology and evaluate it on a large set of benchmarks.     

Cost analysis of object-oriented bytecode programs

Cost analysis statically approximates the cost of programs in terms of their input data size. This paper presents, to the best of our knowledge, the first approach to the automatic cost analysis of object-oriented bytecode programs. In languages such as Java and C#, analyzing bytecode has a much wider application area than analyzing source code since the latter is often not available. Cost analysis in this context has to consider, among others, dynamic dispatch, jumps, the operand stack, and the heap. Our method takes a bytecode program and a cost model specifying the resource of interest, and generates cost relations which approximate the execution cost of the program with respect to such resource. We report on COSTA, an implementation for Java bytecode which can obtain upper bounds on cost for a large class of programs and complexity classes. Our basic techniques can be directly applied to infer cost relations for other object-oriented imperative languages, not necessarily in bytecode form.     

Provably correct control flow graphs from Java bytecode programs with exceptions

We present an algorithm for extracting control flow graphs from Java bytecode that captures normal as well as exceptional control flow. We prove its correctness, in the sense that the behaviour of the extracted control flow graph is a sound over-approximation of the behaviour of the original program. This makes control flow graphs suitable for performing various static analyses, such as model checking of temporal safety properties. Analysing exceptional control flow for Java bytecode is difficult because of the stack-based nature of the language. We therefore develop the extraction in two stages. In the first, we abstract away from the complications arising from exceptional flows, and relativize the extraction on an oracle that is able to look into the stack and predict the exceptions that can be raised at each instruction. This idealized algorithm provides a specification for concrete extraction algorithms, which have to provide a suitable implementation for the oracle. We prove correctness of the idealized algorithm by means of behavioural simulation. In the second stage, we develop a concrete extraction algorithm that consists of two phases. In the first phase, the program is transformed into a BIR program, a stack-less intermediate representation of Java bytecode, from which the control flow graph is extracted in the second phase. We use this intermediate format because it provides the information needed to implement the oracle, and since it gives rise to more compact graphs. We show that the behaviour of the control flow graph extracted via the intermediate representation is a sound over-approximation of the behaviour of the graph extracted by the direct, idealized algorithm, and thus of the original program. The concrete extraction algorithm is implemented as the ConFlEx tool. A number of test cases are performed to evaluate the efficiency of the algorithm.     

JBInsTrace: A tracer of Java and JRE classes at basic-block granularity by dynamically instrumenting bytecode

Understanding what happens during the runtime of a Java program is difficult. Tracking runtime flow can bring valuable information for program understanding and behavior analysis. Polymorphism, thread concurrency or even simple facts like the number of method invocations and the number of executed bytecodes are valuable information to track, but are difficult to compute outside the Java Virtual Machine (JVM) on running programs. In this paper, we present JBInsTrace, a new tool that instruments and traces Java bytecode. It produces static information about source code and a very fine grained trace of Java software execution, combining them to allow detailed analysis of the runtime. Our tool differs from others because it does not only trace program classes but also JRE classes, and does so at basic block level, without altering the JVM and without statically modifying class files. We explain JBInsTrace design, focused towards efficiency, which results in reasonable performance penalty.     

Polymorphic bytecode instrumentation

Bytecode instrumentation is a widely used technique to implement aspect weaving and dynamic analyses in virtual machines such as the Java virtual machine. Aspect weavers and other instrumentations are usually developed independently and combining them often requires significant engineering effort, if at all possible. In this article, we present polymorphic bytecode instrumentation(PBI), a simple but effective technique that allows dynamic dispatch amongst several, possibly independent instrumentations. PBI enables complete bytecode coverage, that is, any method with a bytecode representation can be instrumented. We illustrate further benefits of PBI with three case studies. First, we describe how PBI can be used to implement a comprehensive profiler of inter‐procedural and intra‐procedural control flow. Second, we provide an implementation of execution levels for AspectJ, which avoids infinite regression and unwanted interference between aspects. Third, we present a framework for adaptive dynamic analysis, where the analysis to be performed can be changed at runtime by the user. We assess the overhead introduced by PBI and provide thorough performance evaluations of PBI in all three case studies. We show that pure Java profilers like JP2 can, thanks to PBI, produce accurate execution profiles by covering all code, including the core Java libraries. We then demonstrate that PBI‐based execution levels are much faster than control flow pointcuts to avoid interference between aspects and that their efficient integration in a practical aspect language is possible. Finally, we report that PBI enables adaptive dynamic analysis tools that are more reactive to user inputs than existing tools that rely on dynamic aspect‐oriented programming with runtime weaving. These experiments position PBI as a widely applicable and practical approach for combining bytecode instrumentations. © 2015 The Authors. Software: Practice and Experience Published by John Wiley & Sons Ltd.     

Relational bytecode correlations

We present a calculus for tracking equality relationships between values through pairs of bytecode programs. The calculus may serve as a certification mechanism for non-interference, a well-known program property in the field of language-based security, and code transformations. Contrary to previous type systems for non-interference, no restrictions are imposed on the control flow structure of programs. Objects, static and virtual methods are included, and heap-local reasoning is supported by frame rules. In combination with polyvariance, the latter enable the modular verification of programs over heap-allocated data structures, which we illustrate by verifying and comparing different implementations of list copying. The material is based on a complete formalisation in Isabelle/HOL.